Browse code
builder entitlements configutation added.
buildkit supports entitlements like network-host and security-insecure.
this patch aims to make it configurable through daemon.json file.
by default network-host is enabled & secuirty-insecure is disabled.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
Kunal Kushwaha authored on 2019/04/26 15:04:34Showing 2 changed files
| ... | ... |
@@ -195,10 +195,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
|
| 195 | 195 |
ResolveCacheExporterFuncs: map[string]remotecache.ResolveCacheExporterFunc{
|
| 196 | 196 |
"inline": inlineremotecache.ResolveCacheExporterFunc(), |
| 197 | 197 |
}, |
| 198 |
- Entitlements: []string{
|
|
| 199 |
- string(entitlements.EntitlementNetworkHost), |
|
| 200 |
- // string(entitlements.EntitlementSecurityInsecure), |
|
| 201 |
- }, |
|
| 198 |
+ Entitlements: getEntitlements(opt.BuilderConfig), |
|
| 202 | 199 |
}) |
| 203 | 200 |
} |
| 204 | 201 |
|
| ... | ... |
@@ -254,3 +251,15 @@ func parsePlatforms(platformsStr []string) ([]specs.Platform, error) {
|
| 254 | 254 |
} |
| 255 | 255 |
return out, nil |
| 256 | 256 |
} |
| 257 |
+ |
|
| 258 |
+func getEntitlements(conf config.BuilderConfig) []string {
|
|
| 259 |
+ var ents []string |
|
| 260 |
+ // Incase of no config settings, NetworkHost should be enabled & SecurityInsecure must be disabled. |
|
| 261 |
+ if conf.Entitlements.NetworkHost == nil || *conf.Entitlements.NetworkHost {
|
|
| 262 |
+ ents = append(ents, string(entitlements.EntitlementNetworkHost)) |
|
| 263 |
+ } |
|
| 264 |
+ if conf.Entitlements.SecurityInsecure != nil && *conf.Entitlements.SecurityInsecure {
|
|
| 265 |
+ ents = append(ents, string(entitlements.EntitlementSecurityInsecure)) |
|
| 266 |
+ } |
|
| 267 |
+ return ents |
|
| 268 |
+} |
| ... | ... |
@@ -16,7 +16,14 @@ type BuilderGCConfig struct {
|
| 16 | 16 |
DefaultKeepStorage string `json:",omitempty"` |
| 17 | 17 |
} |
| 18 | 18 |
|
| 19 |
+// BuilderEntitlements contains settings to enable/disable entitlements |
|
| 20 |
+type BuilderEntitlements struct {
|
|
| 21 |
+ NetworkHost *bool `json:"network-host,omitempty"` |
|
| 22 |
+ SecurityInsecure *bool `json:"security-insecure,omitempty"` |
|
| 23 |
+} |
|
| 24 |
+ |
|
| 19 | 25 |
// BuilderConfig contains config for the builder |
| 20 | 26 |
type BuilderConfig struct {
|
| 21 |
- GC BuilderGCConfig `json:",omitempty"` |
|
| 27 |
+ GC BuilderGCConfig `json:",omitempty"` |
|
| 28 |
+ Entitlements BuilderEntitlements `json:",omitempty"` |
|
| 22 | 29 |
} |