Commit Graph

7942 Commits

Author SHA1 Message Date
Sebastiaan van Stijn df7adf4aa3
Merge pull request #3434 from howardjohn/json/unmarshal-pointer
Fix incorrect pointer inputs to `json.Unmarshal`
2022-02-25 12:06:10 +01:00
Sebastiaan van Stijn cb65bd4de8
Merge pull request #3436 from ndeloof/public_RunExec
publish RunExec for use by docker/compose
2022-02-25 11:43:13 +01:00
Sebastiaan van Stijn 1c5256d8e1
Merge pull request #3442 from thaJeztah/drop_kube_cleanup_test
update/remove various tests and options related to kubernetes support
2022-02-25 11:15:14 +01:00
Sebastiaan van Stijn ec8a3169ac
Merge pull request #3435 from crazy-max/buildkit-enabled-check
bring back and expose BuildKitEnabled func
2022-02-25 11:14:27 +01:00
CrazyMax e7a8748b93
build: use legacy builder for wcow if not opt-in with a builder component
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-24 17:57:56 +01:00
CrazyMax e38e6c51ff
bring back and expose BuildKitEnabled func
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-24 17:57:56 +01:00
Sebastiaan van Stijn ee9d17caec
cli/context: update package documentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 17:53:21 +01:00
Sebastiaan van Stijn 242857dd81
update/remove various tests and options related to kubernetes support
Remove various tests and utilities related to testing kubernetes support

Also removing the Kubernetes and DefaultStackOrchestrator from CreateOptions
and UpdateOptions, instead updating the flags to not be bound to a variable.

This might break some consumers of those options, but given that they've become
non-functional, that's probably ok (otherwise they may ignore the deprecation
warning and end up with non-functional code).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 17:53:18 +01:00
Sebastiaan van Stijn 7ccee6d603
remove unused KubernetesEnabled() test-utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 17:53:05 +01:00
Sebastiaan van Stijn 60283c617d
Merge pull request #3440 from thaJeztah/drop_kube_follow_up
update docs, and remove some unused code related to "compose on kubernetes" deprecation
2022-02-24 17:52:37 +01:00
Sebastiaan van Stijn 531810bb1b
Merge pull request #3437 from ndeloof/cli-plugin-standalone
introduce plugin.RunningStandalone utility func
2022-02-24 17:50:49 +01:00
Nicolas De Loof 2d268392d1
publish RunExec for use by docker/compose
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-24 16:31:24 +01:00
Sebastiaan van Stijn 467e650d4c
formatter: mark KubernetesEndpoint templating option as deprecated
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 13:36:01 +01:00
Sebastiaan van Stijn 6ea2767289
config: mark stackOrchestrator option as deprecated
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 13:35:03 +01:00
Sebastiaan van Stijn b7d0f5c667
docs: add more details to stack kubernetes deprecation
Explicitly mention flags and environment variables that were removed, to
make the deprecation more discoverable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:28:38 +01:00
Sebastiaan van Stijn 6dcfbe6627
docs: update list of supported filters for stack services
Remove mentions of which options are supported by Kubernetes.

Note that there's some filters remaining that were marked as "not supported
by swarm": those filters need to be checked if this is accurate (and if so,
those filters must be removed).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:28:36 +01:00
Sebastiaan van Stijn 039018b6d3
docs: remove deprecated orchestrator flags
Removes the flags that have been deprecated or removed;

- --default-stack-orchestrator
- --kubernetes
- --kubeconfig
- --namespace
- --orchestrator

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:28:29 +01:00
Sebastiaan van Stijn 869370a3fe
docs: remove mention of DOCKER_STACK_ORCHESTRATOR env-var
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:20 +01:00
Sebastiaan van Stijn 16ece9bb82
system/version: remove dead-code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:18 +01:00
Sebastiaan van Stijn 1924bc9f0f
stack/swarm: remove unneeded getStackServiceFilter()
It was now an alias for getStackFilter, so no longer needed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:15 +01:00
Sebastiaan van Stijn cff010c61f
context export: remove docker context export --kubeconfig options
Removes the --kubeconfig flag, and the corresponding ExportOptions.Kubeconfig,
as well as special handling for kubeconfig export, as it's no longer used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:09 +01:00
Sebastiaan van Stijn aa75635eea
Merge pull request #3139 from ndeloof/drop_kubernetes_support
Drop support for (archived) Compose-on-Kubernetes
2022-02-24 10:38:59 +01:00
Nicolas De Loof 013a74f002
document kubernetes feature as "removed" in 21.xx
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-24 10:24:30 +01:00
Nicolas De Loof d9a2a555d5
introduce plugin.RunningStandalone as utility func for a plugin to know it is run standalone
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-23 10:20:23 +01:00
John Howard ee97fe95bc Fix incorrect pointer inputs to `json.Unmarshal`
See https://github.com/howardjohn/go-unmarshal-double-pointer for more
info on why this is not safe and how this is detected.

Signed-off-by: John Howard <howardjohn@google.com>
2022-02-22 13:08:37 -08:00
Nicolas De Loof 193ede9b12
remove obsolete mutli-orchestrator support
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 15:28:12 +01:00
Nicolas De Loof 1d48749c1c warn user kubernetes is deprecated and options won't be stored in context
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
Sebastiaan van Stijn a7778806a0
cli/compose/schema: make version optional, default to "latest"
The compose spec (https://compose-spec.io) defines the version to be optional,
and implementations of the spec to check for supported attributes instead.

While this change does not switch the `docker stack` implementation to use the
compose-spec, it makes it function more similar. Previously, omitting a version
number would either produce an error (as the field was required), or switched
the handling to assume it was version 1.0 (which is deprecated).

With this change, compose files without a version number will be handled as
the latest version supported by `docker stack` (currently 3.10). This allows
users that work with docker-compose or docker compose (v2) to deploy their
compose file, without having to re-add a version number. Fields that are
not supported by stackes (schema 3.10) will still produce an error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:04 +01:00
Sebastiaan van Stijn a9fd697737
cli/compose: add schema 3.10 (no changes with 3.9 yet)
Adding a copy of the 3.9 schema, with only the version-string changed.
This makes it easier to find changes since 3.9, which are added after
this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:02 +01:00
Sebastiaan van Stijn d44eca129f
cli/compose/schema: Validate(): normalize version before validating
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:00 +01:00
Sebastiaan van Stijn cf8c4bab64
Merge pull request #3411 from thaJeztah/no_glog
vendor: compose-on-kubernetes v0.5.0 to remove use of github.com/golang/glog
2022-02-14 18:24:24 +01:00
Sebastiaan van Stijn a3c1314968
vendor: compose-on-kubernetes v0.5.0 to remove use of github.com/golang/glog
glog has the same issue as k8s.io/klog, and is calling `user.Current()`
inside an `init()`; see 466fbb6507

Calling `user.Current()` on Windows can result in remove connections being
made to get the user's information, which can be a heavy call. See https://github.com/docker/cli/issues/2420

glog was only used in a single location in compose-on-kubernetes, so we may as
well remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 14:54:51 +01:00
Iain Samuel McLean Elder 8b408372f9 Describe privileged mode in terms of capabilities
I didn't see where in the page that `--privileged` mode adds all capabilities.

I think this page once did contain that information. I got it from a Stack Overflow answer that seems to have copied from an earlier version of this same document.

> Full container capabilities (--privileged)
>
> The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.

https://stackoverflow.com/a/36441605/111424
Signed-off-by: Iain Samuel McLean Elder <iain@isme.es>
2022-02-08 14:58:25 +01:00
Sebastiaan van Stijn c780f7c4ab
Merge pull request #3314 from crazy-max/buildx-default
Set buildx as default builder
2022-02-03 21:20:07 +01:00
CrazyMax 16edf8bffb
builder: conditional warning for wcow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 19:15:58 +01:00
Sebastiaan van Stijn e39da95a7e
Merge pull request #3225 from LeoSko/patch-1
Update dockerd.md - simple typo
2022-02-03 16:11:49 +01:00
Sebastiaan van Stijn fd2274692f
Update deprecation docs
- expand a bit on what's happening
- clarify start of deprecation of the classic builder
- show examples of error and warning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-03 10:38:06 +01:00
Sebastiaan van Stijn bce65f0edc
builder: simplify error generation, and rephrase error/warning
With this change:

    echo 'FROM busybox' | DOCKER_BUILDKIT=1 docker build -
    ERROR: BuildKit is enabled but the buildx component is missing or broken.
           Install the buildx component to build images with BuildKit:
           https://docs.docker.com/go/buildx/

    echo 'FROM busybox' | docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                Install the buildx component to build images with BuildKit:
                https://docs.docker.com/go/buildx/

    Sending build context to Docker daemon  2.048kB
    ...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-03 10:38:05 +01:00
CrazyMax 4d8e45782b
builder: fallback to legacy
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
Leonid Skorospelov 0ca2d25ba8 Update dockerd.md
Simple typo

Signed-off-by: Leonid Skorospelov <leosko94@gmail.com>
2022-02-02 22:43:31 +02:00
Sebastiaan van Stijn 36f6017afa
Merge pull request #3414 from patel-zeel/patch-1
Correct device syntax to --gpus
2022-01-31 12:16:40 +01:00
Zeel B Patel 2d6ebd1e3e Correct device syntax to --gpus
Signed-off-by: Zeel B Patel <patel_zeel@iitgn.ac.in>
2022-01-30 14:14:42 +05:30
Sebastiaan van Stijn 5bb88dc3c4
Merge pull request #3412 from thaJeztah/fix_vendor
Some fixes for "make vendor"
2022-01-28 17:40:36 +01:00
Sebastiaan van Stijn 0d5b24b019
Dockerfile.vendor: use GOPROXY=direct
While the module proxy can speed up vendoring, it may cause issues when
(temporarily) vendoring from a fork, because the proxy may not have the
module yet on first try, which causes vendoring to fail:

    vendor.mod:95:2: replace github.com/thaJeztah/compose-on-kubernetes:
    version "0b59cf047b3b0199048fe13fdcd21b0cb46549f2" invalid:
    Get "0b59cf047b.info": read tcp 172.17.0.2:60290->172.217.168.209:443: read: connection reset by peer

Using `GOPROXY=direct` to fetch sources directly from upstream (GitHub) instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-28 11:40:33 +01:00
Sebastiaan van Stijn 5c4a395c52
scripts/vendor: run go mod tidy when vendoring
There was some debate about this, and wether or not tidy should be run
when vendoring, but without this, validation failed after running
`make vendor`, and manually doing a `go mod tidy` is complicated
(due to the `vendor.mod`, and because the cache is not inside the
build-cache, not on the host).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-28 11:35:36 +01:00
Justin Cormack 2b0e74c207
Merge pull request #3220 from thaJeztah/remove_encrypted_tls_support
Remove support for encrypted TLS private keys
2022-01-27 18:05:32 +00:00
Sebastiaan van Stijn 08a1ccc60a
Remove support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

This feature allowed using an encrypted private key with a supplied password,
but did not provide additional security as the encryption is known to be broken,
and the key is sitting next to the password in the filesystem. Users are recommended
to decrypt the private key, and store it un-encrypted to continue using it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-27 14:26:32 +01:00
Sebastiaan van Stijn 48cbe0bfa1
Merge pull request #3264 from coryb/fix-data-race
fix innocuous data-race when config.Load called in parallel
2022-01-27 10:26:56 +01:00