New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerTools.streamLayeredImage: resolve duplicate env vars #117603
dockerTools.streamLayeredImage: resolve duplicate env vars #117603
Conversation
@GrahamcOfBorg test docker-tools |
Could you add a test case? |
I briefly touched upon that in the PR description, but I don't think a test case is doable here. This behavior is only triggered when running images on Kubernetes and not Docker, so I don't see how the NixOS Docker-based tests can help here. Here's what happens when you load an image with duplicate
I don't know if the OCI image spec is clear on how duplicate As we already have tests checking that env var inheritance works as intended, I think it is enough to confirm that this patch did not break them. What do you think? |
You could untar the image and look at the config json, to confirm that it only has the expected entries, so no duplicates.
Which is exactly why we need to grow the test suite when we discover new requirements like this. |
2bcbe48
to
3b6cb99
Compare
For images running on Kubernetes, there is no guarantee on how duplicate environment variables in the image config will be handled. This seems to be different from Docker, where the last environment variable value is consistently selected. The current code for `streamLayeredImage` was exploiting that assumption to easily propagate environment variables from the base image, leaving duplicates unchecked. It should rather resolve these duplicates to ensure consistent behavior on Docker and Kubernetes.
3b6cb99
to
b3f6828
Compare
I added a test that does that.
Agreed - I wasn't sure if we wanted this test suite to also cover non-Docker requirements but glad that's the ambition. |
Thank you! |
Motivation for this change
For images running on Kubernetes, there is no guarantee on how duplicate
environment variables in the image config will be handled. This seems
to be different from Docker, where the last environment variable value
is consistently selected.
The current code for
streamLayeredImage
was exploiting that assumptionto easily propagate environment variables from the base image, leaving
duplicates unchecked. It should rather resolve these duplicates to
ensure consistent behavior on Docker and Kubernetes.
Current tests for base image environment propagation should keep passing.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)