Support BuildKit on Pipelines

Issue #17590 open
Samantha Hughes
created an issue

A significant update for people who build docker containers pulling from resources secured by ssh (for example a private bitbucket repo).

It supports --ssh which acts as an ssh agent socket forwarder, giving access to whatever the host can access without having to do things like pass in an ssh key, mount it or other insecure workarounds.

https://github.com/docker/docker-ce/releases/tag/v18.09.0

Official response

  • Raul Gomis staff

    Hi all,

    We recently upgraded to docker 18.09. Unfortunately, we don't support BuildKit yet as our Docker AuthZ plugin is blocking some of the required endpoints that it needs to run. We will need to perform a security assessment to identify potential security issues before enabling it.

    We'll keep this issue open to track interest in this for the future. Please vote and add your use cases if you are interested.

    Regards,
    Raul

Comments (9)

  1. Raul Gomis staff

    Hi @Samantha Hughes,

    Thanks for reaching out and for the suggestion. We might upgrade docker to 18.09 anytime soon, but unfortunately, I don't think you will be able to benefit from the ssh agent socket forwarder as it relies on BuildKit which is something we don't support yet.

    Given our current priorities however, this is unlikely to be something that we do anytime soon. I'll open this issue to gauge the interest of other users on this functionality.

    Regards,
    Raul

  2. Samantha Hughes reporter

    I believe 18.09 also enables BuildKit by default? So people building things could just use the --buildkit flag if they want to use it. Unless it's something you're disabling it somehow.

  3. John Fricker

    I want this if it enables BuildKit because I need to be able to mount the pipelines NuGet cache into my container image build (where my application is compiled). Adding "volumes" to docker-compose doesn't achieve this for the build step.

  4. Raul Gomis staff

    Hi all,

    We recently upgraded to docker 18.09. Unfortunately, we don't support BuildKit yet as our Docker AuthZ plugin is blocking some of the required endpoints that it needs to run. We will need to perform a security assessment to identify potential security issues before enabling it.

    We'll keep this issue open to track interest in this for the future. Please vote and add your use cases if you are interested.

    Regards,
    Raul

  5. Ciprian Tarta

    Hi, any news on this?
    We're using multistage builds and without buildkit we can't run lets say the last stage of the build w/o running all previous stages.

    Would much appreciate this feature.

  6. Log in to comment