Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support --secret build flag #3028

Open
superlevure opened this issue Feb 26, 2024 · 3 comments
Open

Support --secret build flag #3028

superlevure opened this issue Feb 26, 2024 · 3 comments
Labels
kind/enhancement New feature or request kind/feature-request priority/p1 Basic need feature compatibility with docker build. we should be working on this next.

Comments

@superlevure
Copy link

superlevure commented Feb 26, 2024
edited
Loading

Thanks for the workaround info, but it would preferable if Kaniko supported the same --secret flags as Buildx so that we could use the same Dockerfile in both CI (Kaniko) and local testing/dev work (Docker). Would it make sense to open a new feature request for that?

(As it stands, I have to use docker-in-docker instead since my software engineer coworkers depend locally built with Docker Desktop/Docker Compose-built images for most of development.)

Originally posted by @nickv2002 in #489 (comment)

Hi, I'm opening this feature request to support the --secret build flag in kaniko. The workaround suggested in the original thread implies that we can't use the same Dockerfile for local builds using Buildx and CI builds using kaniko.

Thank you for considering this feature!
@QuanZhang-William QuanZhang-William added kind/enhancement New feature or request kind/feature-request priority/p1 Basic need feature compatibility with docker build. we should be working on this next. labels Mar 15, 2024
@FranciscoKloganB
Copy link

Upvoting.

@pandorazboxx
Copy link

This was such a bummer to find out after I spent a while figuring out how to get secrets to work in my docker build/buildx command. I went to finally add it to my CI pipeline, where we use Kaniko. :(

@raider444
Copy link

upvoting

stefreak added a commit to garden-io/garden that referenced this issue Jul 16, 2024
@stefreak
feat(container): first-class BuildKit secrets support
5a8fded 
First-class BuildKit secrets support for BuildKit in-cluster building,
Garden Cloud Builder and building locally.

Kaniko is not supported due to lack of support (See also
GoogleContainerTools/kaniko#3028)
This was referenced Jul 16, 2024
Merged
Closed
stefreak added a commit to garden-io/garden that referenced this issue Jul 16, 2024
@stefreak
feat(container): first-class BuildKit secrets support
19f2056 
First-class BuildKit secrets support for BuildKit in-cluster building,
Garden Cloud Builder and building locally.

Kaniko is not supported due to lack of support (See also
GoogleContainerTools/kaniko#3028)
github-merge-queue bot pushed a commit to garden-io/garden that referenced this issue Jul 18, 2024
@stefreak
feat(container): first-class BuildKit secrets support (#6294)
c2ad332 
* feat(container): first-class BuildKit secrets support

First-class BuildKit secrets support for BuildKit in-cluster building,
Garden Cloud Builder and building locally.

Kaniko is not supported due to lack of support (See also
GoogleContainerTools/kaniko#3028)

* Update core/src/plugins/container/config.ts

* improvement: protect leaking secrets in logs

* improvement: update docs

* test: extensive test coverage for secret values and maybeSecret

Co-authored-by: Vova <vova@garden.io>

* fix: fixes after manual testing

Co-authored-by: Vova <vova@garden.io>

* fix: format

* improvement: undo unnecessary change

* fix: framework test

* improvement: remove unnecessary maybeSecret

---------

Co-authored-by: Vova <vova@garden.io>
github-merge-queue bot pushed a commit to garden-io/garden that referenced this issue Jul 18, 2024
@stefreak
feat(container): first-class BuildKit secrets support (#6294)
9e1ac29 
* feat(container): first-class BuildKit secrets support

First-class BuildKit secrets support for BuildKit in-cluster building,
Garden Cloud Builder and building locally.

Kaniko is not supported due to lack of support (See also
GoogleContainerTools/kaniko#3028)

* Update core/src/plugins/container/config.ts

* improvement: protect leaking secrets in logs

* improvement: update docs

* test: extensive test coverage for secret values and maybeSecret

Co-authored-by: Vova <vova@garden.io>

* fix: fixes after manual testing

Co-authored-by: Vova <vova@garden.io>

* fix: format

* improvement: undo unnecessary change

* fix: framework test

* improvement: remove unnecessary maybeSecret

* improvement: clearer doc strings and minor changes

---------

Co-authored-by: Vova <vova@garden.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement New feature or request kind/feature-request priority/p1 Basic need feature compatibility with docker build. we should be working on this next.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@raider444 @FranciscoKloganB @QuanZhang-William @superlevure @pandorazboxx