Support '--ssh' option in 'docker build'

[h-michael]

This is a feature addition related to issue #2273.

Related: #2273
Merge after: #4659

Description
This is PR for the addition of a feature that allows us to use the docker build --ssh option.

Docker document link

Should I make sure to check the useBuildkit option?

[h-michael]

I'll update this PR after merging #4731.

[tejal29]

@h-michael Can you please update this PR? #4731 is now merged.

[h-michael]

@tejal29 Sorry for late replying. I'll work this week.

[gemscoder]

@h-michael Thank you for working on this. Do you happen to have approximate ETA? We would very much like this feature. We are happy to contribute if you need help.

[MarlonGamez]

Hey @h-michael! Sorry to bother, but I just want to check and see if you still have the free time to work on this. If not, I think someone on the skaffold team could take it over and push it through :)

[gemscoder]

@MarlonGamez do you foresee 'ssh' feature to be implemented similarly to 'secret'? I am wondering if it is possible to add 'args' sections (similar to 'jib') so that all docker build options can be passed in.

[h-michael]

@MarlonGamez I will make time this weekend. I'll let you know if I can't.

[MarlonGamez]

@gemscoder yes, I think it would be implemented similarly, with it's own section in the config. If you'd like to pass additional args to docker build, we have a buildArgs section that you can specify in your config for docker artifacts. https://skaffold.dev/docs/references/yaml/#build-artifacts-docker-buildArgs

Is that what you're looking for? :)

[gemscoder]

@marlon-gamez Thank you for your reply. Yes I know about buildargs. I actually meant to ask about other docker build options. I see you already have a lot of them addressed, i.e. secret, build-arg,no-cache and others but not all of them. For example, I would like to use '--squash' so I thought it might a good idea to have 'other-options' section for any additional options users might want to pass to docker. Not a big deal. Just asking...

[codecov]

Codecov Report

Merging #4660 (165e612) into master (d54c930) will increase coverage by 0.00%.
The diff coverage is 66.66%.

@@           Coverage Diff           @@
##           master    #4660   +/-   ##
=======================================
  Coverage   72.18%   72.18%           
=======================================
  Files         365      365           
  Lines       12859    12862    +3     
=======================================
+ Hits         9282     9285    +3     
  Misses       2886     2886           
  Partials      691      691           

Impacted Files	Coverage Δ
pkg/skaffold/schema/latest/config.go	100.00% <ø> (ø)
pkg/skaffold/docker/image.go	79.53% <50.00%> (+0.19%)	⬆️
pkg/skaffold/build/gcb/docker.go	87.87% <100.00%> (ø)
pkg/skaffold/deploy/kpt/kpt.go	75.26% <0.00%> (+0.08%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d54c930...165e612. Read the comment docs.

[h-michael]

This code is ad hoc and not very good, but I think it's out of the scope of this PR to refactor these and the only options that BuildKit needs, for now, are "secret" and "ssh" so I'll leave that for this PR I'll leave it.

[h-michael]

I was wondering what to do here. "--ssh" option can have only one argument "default", "<id>[=<socket>]" or "<key>[,<key>]".
It would be nice if we could used a type representation like a union type, but the JSON schema(and Golang) doesn't support such a type, so I decided to just make it string type.

[briandealwis]

SGTM — I think we could use a yaml oneOf annotation, but this will do for now.

[h-michael]

Travis CI failed. It seems that a Travis CI issue.
https://travis-ci.com/github/GoogleContainerTools/skaffold/jobs/440128346

[briandealwis]

Thanks for the revised PR! I suggested two tiny tweaks.

[briandealwis]

Suggested change

	description: "buildkit feature of secret not supported in GCB",
	description: "buildkit `secret` option not supported in GCB",

[briandealwis]

Suggested change

	description: "buildkit feature of ssh not supported in GCB",
	description: "buildkit `ssh` option not supported in GCB",

[briandealwis]

SGTM — I think we could use a yaml oneOf annotation, but this will do for now.

[nkubala]

For example, I would like to use '--squash' so I thought it might a good idea to have 'other-options' section for any additional options users might want to pass to docker. Not a big deal. Just asking...

@gemscoder the issue is that we pass args to docker generically using the --build-arg flag, so it wasn't possible to pass these through build args since they would end up in arg strings that look like:

docker build --build-arg --secret id=myscret

which fails (since that isn't a valid build arg).

we could maybe consider making these truly generic args that get passed verbatim to docker, but it seemed easier to just natively support these two since they're pretty special case. if you'd like to submit a PR or a quick design proposal for other-options contributions are of course welcome :)

[h-michael]

@briandealwis Thank you for your review.

SGTM — I think we could use a yaml oneOf annotation, but this will do for now.

Oh, I forgot specifications such as "oneof", "anyof and "allof".
But I thought it would be better to keep things the way they are.
For example, if we were to use oneof, would it be the following yaml?

- ssh: default

- ssh:
  - id: <id>
  - socket: <socket>

- ssh:
  - <key1>
  ...
  - <keyn>

The part where "default" is specified is a string type, but only "default" can be specified in the first place, so it seems a bit strange to me that it's a schema.
What do you think?

[MarlonGamez]

@h-michael i think that yaml you mocked up is pretty much what @briandealwis was thinking.

I agree with you that we should keep it how it is for now. Maybe we can revisit it in the future if users find that just having an open ended string field is a bad experience.

[MarlonGamez]

LGTM 👍🏼 Thanks so much for taking the time to work on this :)

[AdemUstaReminiz]

Hello guys, I would like to use this feature, but it seems to not be available in the current release (1.17).

Any ideas on when it will be available ?

[h-michael]

@ADBalici I don't know Skaffold release cycle.
But you can build yourself.
https://github.com/GoogleContainerTools/skaffold/blob/master/DEVELOPMENT.md#building-skaffold

[ADBalici]

wrong mention 👍

[MarlonGamez]

hey @AdemUstaReminiz, this feature should be present in v1.17.1, which just released recently :) To access it you will need to set both useDockerCLI: true and useBuildkit: true in build.local if your skaffold config