Use docker buildx 0.8.x --no-cache-filter to avoid using cached amazonlinux image #1221
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wongma7 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/assign @torredil |
|
@wongma7: GitHub didn't allow me to assign the following users: torredil. Note that only kubernetes-sigs members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
cc @gtxu |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
Is this a bug fix or adding new feature? /feature
What is this PR about? / Why do we need it?
When building image, always run
yum update -yand avoid using whatever amazonlinux image/layer is in the cache because it might be outdated.--no-cache-filter requires buildx 0.8.x which just came out in March https://github.com/docker/buildx/releases/tag/v0.8.0
there is another flag --no-cache that is available in earlier versions but I DON'T want to use that because it means that the windows layers don't get cached and those take a LONG time to build.
We need to build new images frequently to keep up with CVEs in amazonlinux image. At least until we switch to a "minimal" image that has less surface area for CVEs.
What testing is done?
make imageworks and yum update -y is always run, it's not cached.