Skip to content

Files

Latest commit

zkoopmansgvisor-bot
zkoopmans
and
gvisor-bot
Fix broken cuda tests
Mar 7, 2025
4ce00d2 · Mar 7, 2025

History

History

images

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
agent
agent
May 11, 2022
arm-qemu
arm-qemu
Jan 8, 2021
basic
basic
Feb 12, 2025
benchmarks
benchmarks
Jan 28, 2025
certs
certs
Aug 22, 2024
default
default
Feb 3, 2025
gpu
gpu
Mar 7, 2025
iptables
iptables
Dec 6, 2024
jekyll
jekyll
Oct 8, 2020
packetdrill
packetdrill
Aug 27, 2024
runtimes
runtimes
Feb 3, 2025
syzkaller
syzkaller
Sep 14, 2023
tpu
tpu
Nov 22, 2024
BUILD
BUILD
Mar 2, 2023
README.md
README.md
Nov 8, 2024
defs.bzl
defs.bzl
Oct 23, 2020

README.md

Container Images

This directory contains all images used by tests.

Note that all these images must be pushed to the testing project hosted on [Google Container Registry][gcr]. This will happen automatically as part of continuous integration. This will speed up loading as images will not need to be built from scratch for each test run.

Image tooling is accessible via make, specifically via tools/images.mk.

Why make?

Make is used because it can bootstrap the default image, which contains bazel and all other parts of the toolchain.

Listing images

To list all images, use make list-all-images from the top-level directory.

Loading and referencing images

To build a specific image, use make load-<image> from the top-level directory. This will ensure that an image gvisor.dev/images/<image>:latest is available.

Images should always be referred to via the gvisor.dev/images canonical path. This tag exists only locally, but serves to decouple tests from the underlying image infrastructure.

The continuous integration system can either take fine-grained dependencies on single images via individual load targets, or pull all images via a single load-all-test-images invocation.

Adding new images

To add a new image, create a new directory under images containing a Dockerfile and any other files that the image requires. You may choose to add to an existing subdirectory if applicable, or create a new one.

All images will be tagged and memoized using a hash of the directory contents. As a result, every image should be made completely reproducible if possible. This means using fixed tags and fixed versions whenever feasible.

Note that images should also be made architecture-independent if possible. The build scripts will handle loading the appropriate architecture onto the machine and tagging it with the single canonical tag.

Add a load-<image> dependency in the Makefile if the image is required for a particular set of tests. This target will pull the tag from the image repository if available.

Building and pushing images

All images can be built manually by running build-<image> and pushed using push-<image>. Note that you can also use push-all-images. Note that pushing will require appropriate permissions in the project.

The continuous integration system can either take fine-grained dependencies on individual push targets, or ensure all images are up-to-date with a single push-all-images invocation.

Multi-Arch images

By default, the image is built for host architecture. Cross-building can be achieved by specifying ARCH variable to make. For example:

$ make ARCH=aarch64 rebuild-default