I recently hit #969 while trying to cache pip (Python package manager) installs over subsequent container builds in Gitlab CI.
In an ideal world, kaniko would support the docker --mount=type=bind/cache/secret commands (various issues open about this), but I understand that this is probably a major development effort.
I successfully work around the missing --mount=type=secret by writing build secrets into files inside /kaniko.
Unfortunately, this does not work for caches, since AFAIU it would involve copying the full cache folder to /kaniko at the start of the build and copying back the updated cache folder to its original location at end.
I wonder:
would it be a smaller effort to enable symlinks from folders (e.g. /cache) in kaniko-project/executor container into /kaniko so that the build process could essentially access and modify them?
If yes, this might also be used to work around the missing --mount=type=bind #1568.
I have no idea how the internals of the /kaniko folder sharing mechanism work, but if it's not copied but only "mounted", maybe it could be a short-term solution?
Edit:
On second thought, it's probably the other way round: supporting the mounting of arbitrary host container folders into the build process as suggested in #1568 would solve this problem as well. Going to upvote the other one and close this one, because I guess "symlinks" to the outside of the build container exactly correspond to a bind-mount functionality.
I recently hit #969 while trying to cache
pip(Python package manager) installs over subsequent container builds in Gitlab CI. In an ideal world, kaniko would support the docker--mount=type=bind/cache/secretcommands (various issues open about this), but I understand that this is probably a major development effort.I successfully work around the missing
--mount=type=secretby writing build secrets into files inside/kaniko. Unfortunately, this does not work for caches, since AFAIU it would involve copying the full cache folder to/kanikoat the start of the build and copying back the updated cache folder to its original location at end.I wonder: would it be a smaller effort to enable symlinks from folders (e.g.
/cache) inkaniko-project/executorcontainer into/kanikoso that the build process could essentially access and modify them? If yes, this might also be used to work around the missing--mount=type=bind#1568. I have no idea how the internals of the/kanikofolder sharing mechanism work, but if it's not copied but only "mounted", maybe it could be a short-term solution?Edit: On second thought, it's probably the other way round: supporting the mounting of arbitrary host container folders into the build process as suggested in #1568 would solve this problem as well. Going to upvote the other one and close this one, because I guess "symlinks" to the outside of the build container exactly correspond to a bind-mount functionality.