From b89e2f35dfe3b2ea4392b8dfb7990eca09de3fb1 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Fri, 15 Oct 2021 16:03:44 +0200 Subject: [PATCH] build: add ulimit support Signed-off-by: CrazyMax --- build/build.go | 10 ++++++++++ build/utils.go | 13 +++++++++++++ commands/build.go | 17 +++++++++++++---- docs/reference/buildx_build.md | 16 ++++++++++++++++ go.mod | 1 + vendor/modules.txt | 1 + 6 files changed, 54 insertions(+), 4 deletions(-) diff --git a/build/build.go b/build/build.go index 21d6662a..81c66c4d 100644 --- a/build/build.go +++ b/build/build.go @@ -20,6 +20,7 @@ import ( "github.com/docker/buildx/util/imagetools" "github.com/docker/buildx/util/progress" clitypes "github.com/docker/cli/cli/config/types" + "github.com/docker/cli/opts" "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" dockerclient "github.com/docker/docker/client" @@ -56,6 +57,7 @@ type Options struct { ImageIDFile string ExtraHosts []string NetworkMode string + Ulimits *opts.UlimitOpt NoCache bool Target string @@ -554,6 +556,14 @@ func toSolveOpt(ctx context.Context, d driver.Driver, multiDriver bool, opt Opti } so.FrontendAttrs["add-hosts"] = extraHosts + // setup ulimits + ulimits, err := toBuildkitUlimits(opt.Ulimits) + if err != nil { + return nil, nil, err + } else if len(ulimits) > 0 { + so.FrontendAttrs["ulimit"] = ulimits + } + return &so, releaseF, nil } diff --git a/build/utils.go b/build/utils.go index 72376a07..80a97655 100644 --- a/build/utils.go +++ b/build/utils.go @@ -7,6 +7,7 @@ import ( "os" "strings" + "github.com/docker/cli/opts" "github.com/pkg/errors" ) @@ -53,3 +54,15 @@ func toBuildkitExtraHosts(inp []string) (string, error) { } return strings.Join(hosts, ","), nil } + +// toBuildkitUlimits converts ulimits from docker type=soft:hard format to buildkit's csv format +func toBuildkitUlimits(inp *opts.UlimitOpt) (string, error) { + if inp == nil || len(inp.GetList()) == 0 { + return "", nil + } + ulimits := make([]string, 0, len(inp.GetList())) + for _, ulimit := range inp.GetList() { + ulimits = append(ulimits, ulimit.String()) + } + return strings.Join(ulimits, ","), nil +} diff --git a/commands/build.go b/commands/build.go index c8716d7d..38f060ac 100644 --- a/commands/build.go +++ b/commands/build.go @@ -15,7 +15,9 @@ import ( "github.com/docker/buildx/util/tracing" "github.com/docker/cli/cli" "github.com/docker/cli/cli/command" + "github.com/docker/cli/opts" "github.com/docker/docker/pkg/ioutils" + "github.com/docker/go-units" "github.com/moby/buildkit/client" "github.com/moby/buildkit/session/auth/authprovider" "github.com/moby/buildkit/util/appcontext" @@ -45,6 +47,7 @@ type buildOptions struct { extraHosts []string networkMode string quiet bool + ulimits *opts.UlimitOpt // unimplemented squash bool @@ -53,7 +56,6 @@ type buildOptions struct { // hidden // untrusted bool - // ulimits *opts.UlimitOpt // memory opts.MemBytes // memorySwap opts.MemSwapBytes // shmSize opts.MemBytes @@ -125,6 +127,7 @@ func runBuild(dockerCli command.Cli, in buildOptions) (err error) { ImageIDFile: in.imageIDFile, ExtraHosts: in.extraHosts, NetworkMode: in.networkMode, + Ulimits: in.ulimits, } platforms, err := platformutil.Parse(in.platforms) @@ -260,8 +263,15 @@ func buildTargets(ctx context.Context, dockerCli command.Cli, opts map[string]bu return resp[defaultTargetName].ExporterResponse["containerimage.digest"], err } +func newBuildOptions() buildOptions { + ulimits := make(map[string]*units.Ulimit) + return buildOptions{ + ulimits: opts.NewUlimitOpt(&ulimits), + } +} + func buildCmd(dockerCli command.Cli, rootOpts *rootOptions) *cobra.Command { - var options buildOptions + options := newBuildOptions() cmd := &cobra.Command{ Use: "build [OPTIONS] PATH | URL | -", @@ -303,6 +313,7 @@ func buildCmd(dockerCli command.Cli, rootOpts *rootOptions) *cobra.Command { flags.StringSliceVar(&options.extraHosts, "add-host", []string{}, "Add a custom host-to-IP mapping (format: `host:ip`)") flags.SetAnnotation("add-host", "docs.external.url", []string{"https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host"}) flags.StringVar(&options.imageIDFile, "iidfile", "", "Write the image ID to the file") + flags.Var(options.ulimits, "ulimit", "Ulimit options") // not implemented flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer") @@ -313,8 +324,6 @@ func buildCmd(dockerCli command.Cli, rootOpts *rootOptions) *cobra.Command { var ignoreSlice []string var ignoreBool bool var ignoreInt int64 - flags.StringVar(&ignore, "ulimit", "", "Ulimit options") - flags.MarkHidden("ulimit") flags.StringSliceVar(&ignoreSlice, "security-opt", []string{}, "Security options") flags.MarkHidden("security-opt") flags.BoolVar(&ignoreBool, "compress", false, "Compress the build context using gzip") diff --git a/docs/reference/buildx_build.md b/docs/reference/buildx_build.md index db031332..c8242f9e 100644 --- a/docs/reference/buildx_build.md +++ b/docs/reference/buildx_build.md @@ -38,6 +38,7 @@ Start a build | `--ssh stringArray` | SSH agent socket or keys to expose to the build (format: `default\|[=\|[,]]`) | | [`-t`](https://docs.docker.com/engine/reference/commandline/build/#tag-an-image--t), [`--tag stringArray`](https://docs.docker.com/engine/reference/commandline/build/#tag-an-image--t) | Name and optionally a tag (format: `name:tag`) | | [`--target string`](https://docs.docker.com/engine/reference/commandline/build/#specifying-target-build-stage---target) | Set the target build stage to build. | +| [`--ulimit ulimit`](#ulimit) | Ulimit options | @@ -317,3 +318,18 @@ with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](buildx_cre $ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure' $ docker buildx build --allow security.insecure . ``` + +### Set ulimits (--ulimit) + +`--ulimit` is specified with a soft and hard limit as such: +`=[:]`, for example: + +```console +$ docker buildx build --ulimit nofile=1024:1024 . +``` + +> **Note** +> +> If you do not provide a `hard limit`, the `soft limit` is used +> for both values. If no `ulimits` are set, they are inherited from +> the default `ulimits` set on the daemon. diff --git a/go.mod b/go.mod index c9111d5b..24a40be6 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/docker/distribution v2.7.1+incompatible github.com/docker/docker v20.10.7+incompatible github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect + github.com/docker/go-units v0.4.0 github.com/docker/libtrust v0.0.0-20150526203908-9cbd2a1374f4 // indirect github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484 // indirect github.com/fvbommel/sortorder v1.0.1 // indirect diff --git a/vendor/modules.txt b/vendor/modules.txt index ee11dd47..49a33630 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -168,6 +168,7 @@ github.com/docker/go-connections/tlsconfig # github.com/docker/go-metrics v0.0.1 github.com/docker/go-metrics # github.com/docker/go-units v0.4.0 +## explicit github.com/docker/go-units # github.com/docker/libtrust v0.0.0-20150526203908-9cbd2a1374f4 ## explicit