Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: wcow: option to run builds in hyperv isolation #5753

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

wip: wcow: option to run builds in hyperv isolation #5753

wants to merge 1 commit into from

Conversation

profnandaa
Copy link
Collaborator

@profnandaa profnandaa commented Feb 18, 2025
edited
Loading

Add an option to run builds in hyper-v isolation mode for Windows images.

WIP Checklist:

  • Test with basic image runs (works ok)
  • Test with bind and cache mounts (works ok)
  • Test with CNI capability (this will not work, needs to be documentated)
  • Discuss which flags to use to expose this, --isolated like in ctr?

Fixes #5682

Basic Test

FROM mcr.microsoft.com/windows/nanoserver:ltsc2022

ENV BUILDKIT_HYPERV_ISOLATED=1

RUN ping -n 30 localhost >nul

When the build is at the RUN stage, on a different terminal, try to run:

> Get-Process ping

# should get this error, since ping is not running on the host
# it's hyper-v isolated:
# Get-Process: Cannot find a process with the name "ping"...

Now try to build the same image with ENV BUILDKIT_HYPERV_ISOLATED=0 or without the env variable,
should get something like:

> Get-Process ping

 NPM(K)    PM(M)      WS(M)     CPU(s)      Id  SI ProcessName
 ------    -----      -----     ------      --  -- -----------
      6     0.93       4.21       0.00   25220  32 PING

@profnandaa
wip: wcow: option to run builds in hyperv isolation
50f83ab 
Add an option to run builds in hyper-v isolation mode
for Windows images.

WIP Checklist:

- [x] Test with basic image runs
- [ ] Test with bind and cache mounts
- [ ] Test with CNI capability (this will not work,
	needs documentation)
- [ ] Discuss which flags to use to expose this,
	`--isolated` like in `ctr`?

Fixes moby#5682

Signed-off-by: Anthony Nandaa <[email protected]>
@profnandaa profnandaa mentioned this pull request Feb 18, 2025
Open
@riverar
Copy link

riverar commented Feb 18, 2025

Looks like this boiled down to adding a flag, nice.

I can't generate binaries on my dev machine to test this (happy to try it if you supply some or have a friendlier Windows dev workflow).

Agree with your suggestion that we add a --isolated to match ctr but am not strongly attached to it. It should be Dockerfile agnostic, however.

@profnandaa
Copy link
Collaborator Author

@riverar -- you can get the binaries from the test-os/build stage "Upload Artifacts" here - https://github.com/moby/buildkit/actions/runs/13385668839/artifacts/2607353633

@riverar
Copy link

riverar commented Feb 21, 2025

@profnandaa No issues so far, works as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/executor area/windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

WCOW: buildkitd can't spin up Hyper-V isolated containers for RUN commands
2 participants
@profnandaa @riverar