diff --git a/docs/reference/ko_apply.md b/docs/reference/ko_apply.md index c1b35039d6..7a9c03d195 100644 --- a/docs/reference/ko_apply.md +++ b/docs/reference/ko_apply.md @@ -45,28 +45,28 @@ ko apply -f FILENAME [flags] ### Options ``` - --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). - -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). - --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. - -f, --filename strings Filename, directory, or URL to files to use to create the resource - -h, --help help for apply - --image-label strings Which labels (key=value) to add to the image. - --image-refs string Path to file where a list of the published image references will be written. - --insecure-registry Whether to skip TLS verification on the registry - -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) - -L, --local Load into images to local docker daemon. - --oci-layout-path string Path to save the OCI image layout of the built images - --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* - --posix-capabilities strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER - -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. - --push Push images to KO_DOCKER_REPO (default true) - -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. - --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") - --sbom-dir string Path to file where the SBOM will be written. - -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) - --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. - -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) - --tarball string File to save images tarballs + --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). + -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). + --cap-add strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER + --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. + -f, --filename strings Filename, directory, or URL to files to use to create the resource + -h, --help help for apply + --image-label strings Which labels (key=value) to add to the image. + --image-refs string Path to file where a list of the published image references will be written. + --insecure-registry Whether to skip TLS verification on the registry + -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) + -L, --local Load into images to local docker daemon. + --oci-layout-path string Path to save the OCI image layout of the built images + --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* + -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. + --push Push images to KO_DOCKER_REPO (default true) + -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. + --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") + --sbom-dir string Path to file where the SBOM will be written. + -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) + --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. + -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) + --tarball string File to save images tarballs ``` ### Options inherited from parent commands diff --git a/docs/reference/ko_build.md b/docs/reference/ko_build.md index a825240f03..7b89c22844 100644 --- a/docs/reference/ko_build.md +++ b/docs/reference/ko_build.md @@ -42,25 +42,25 @@ ko build IMPORTPATH... [flags] ### Options ``` - --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). - -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). - --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. - -h, --help help for build - --image-label strings Which labels (key=value) to add to the image. - --image-refs string Path to file where a list of the published image references will be written. - --insecure-registry Whether to skip TLS verification on the registry - -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) - -L, --local Load into images to local docker daemon. - --oci-layout-path string Path to save the OCI image layout of the built images - --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* - --posix-capabilities strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER - -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. - --push Push images to KO_DOCKER_REPO (default true) - --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") - --sbom-dir string Path to file where the SBOM will be written. - --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. - -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) - --tarball string File to save images tarballs + --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). + -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). + --cap-add strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER + --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. + -h, --help help for build + --image-label strings Which labels (key=value) to add to the image. + --image-refs string Path to file where a list of the published image references will be written. + --insecure-registry Whether to skip TLS verification on the registry + -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) + -L, --local Load into images to local docker daemon. + --oci-layout-path string Path to save the OCI image layout of the built images + --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* + -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. + --push Push images to KO_DOCKER_REPO (default true) + --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") + --sbom-dir string Path to file where the SBOM will be written. + --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. + -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) + --tarball string File to save images tarballs ``` ### Options inherited from parent commands diff --git a/docs/reference/ko_create.md b/docs/reference/ko_create.md index 1ab4b4c184..8f4fa3f0a7 100644 --- a/docs/reference/ko_create.md +++ b/docs/reference/ko_create.md @@ -45,28 +45,28 @@ ko create -f FILENAME [flags] ### Options ``` - --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). - -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). - --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. - -f, --filename strings Filename, directory, or URL to files to use to create the resource - -h, --help help for create - --image-label strings Which labels (key=value) to add to the image. - --image-refs string Path to file where a list of the published image references will be written. - --insecure-registry Whether to skip TLS verification on the registry - -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) - -L, --local Load into images to local docker daemon. - --oci-layout-path string Path to save the OCI image layout of the built images - --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* - --posix-capabilities strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER - -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. - --push Push images to KO_DOCKER_REPO (default true) - -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. - --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") - --sbom-dir string Path to file where the SBOM will be written. - -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) - --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. - -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) - --tarball string File to save images tarballs + --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). + -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). + --cap-add strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER + --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. + -f, --filename strings Filename, directory, or URL to files to use to create the resource + -h, --help help for create + --image-label strings Which labels (key=value) to add to the image. + --image-refs string Path to file where a list of the published image references will be written. + --insecure-registry Whether to skip TLS verification on the registry + -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) + -L, --local Load into images to local docker daemon. + --oci-layout-path string Path to save the OCI image layout of the built images + --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* + -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. + --push Push images to KO_DOCKER_REPO (default true) + -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. + --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") + --sbom-dir string Path to file where the SBOM will be written. + -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) + --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. + -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) + --tarball string File to save images tarballs ``` ### Options inherited from parent commands diff --git a/docs/reference/ko_resolve.md b/docs/reference/ko_resolve.md index a04dea76fe..0ec455b85a 100644 --- a/docs/reference/ko_resolve.md +++ b/docs/reference/ko_resolve.md @@ -38,28 +38,28 @@ ko resolve -f FILENAME [flags] ### Options ``` - --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). - -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). - --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. - -f, --filename strings Filename, directory, or URL to files to use to create the resource - -h, --help help for resolve - --image-label strings Which labels (key=value) to add to the image. - --image-refs string Path to file where a list of the published image references will be written. - --insecure-registry Whether to skip TLS verification on the registry - -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) - -L, --local Load into images to local docker daemon. - --oci-layout-path string Path to save the OCI image layout of the built images - --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* - --posix-capabilities strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER - -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. - --push Push images to KO_DOCKER_REPO (default true) - -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. - --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") - --sbom-dir string Path to file where the SBOM will be written. - -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) - --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. - -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) - --tarball string File to save images tarballs + --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). + -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). + --cap-add strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER + --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. + -f, --filename strings Filename, directory, or URL to files to use to create the resource + -h, --help help for resolve + --image-label strings Which labels (key=value) to add to the image. + --image-refs string Path to file where a list of the published image references will be written. + --insecure-registry Whether to skip TLS verification on the registry + -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) + -L, --local Load into images to local docker daemon. + --oci-layout-path string Path to save the OCI image layout of the built images + --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* + -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. + --push Push images to KO_DOCKER_REPO (default true) + -R, --recursive Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. + --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") + --sbom-dir string Path to file where the SBOM will be written. + -l, --selector string Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) + --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. + -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) + --tarball string File to save images tarballs ``` ### Options inherited from parent commands diff --git a/docs/reference/ko_run.md b/docs/reference/ko_run.md index ef3085e908..cdae948587 100644 --- a/docs/reference/ko_run.md +++ b/docs/reference/ko_run.md @@ -30,25 +30,25 @@ ko run IMPORTPATH [flags] ### Options ``` - --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). - -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). - --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. - -h, --help help for run - --image-label strings Which labels (key=value) to add to the image. - --image-refs string Path to file where a list of the published image references will be written. - --insecure-registry Whether to skip TLS verification on the registry - -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) - -L, --local Load into images to local docker daemon. - --oci-layout-path string Path to save the OCI image layout of the built images - --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* - --posix-capabilities strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER - -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. - --push Push images to KO_DOCKER_REPO (default true) - --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") - --sbom-dir string Path to file where the SBOM will be written. - --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. - -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) - --tarball string File to save images tarballs + --bare Whether to just use KO_DOCKER_REPO without additional context (may not work properly with --tags). + -B, --base-import-paths Whether to use the base path without MD5 hash after KO_DOCKER_REPO (may not work properly with --tags). + --cap-add strings Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER + --disable-optimizations Disable optimizations when building Go code. Useful when you want to interactively debug the created container. + -h, --help help for run + --image-label strings Which labels (key=value) to add to the image. + --image-refs string Path to file where a list of the published image references will be written. + --insecure-registry Whether to skip TLS verification on the registry + -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) + -L, --local Load into images to local docker daemon. + --oci-layout-path string Path to save the OCI image layout of the built images + --platform strings Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]* + -P, --preserve-import-paths Whether to preserve the full import path after KO_DOCKER_REPO. + --push Push images to KO_DOCKER_REPO (default true) + --sbom string The SBOM media type to use (none will disable SBOM synthesis and upload, also supports: spdx, cyclonedx, go.version-m). (default "spdx") + --sbom-dir string Path to file where the SBOM will be written. + --tag-only Include tags but not digests in resolved image references. Useful when digests are not preserved when images are repopulated. + -t, --tags strings Which tags to use for the produced image instead of the default 'latest' tag (may not work properly with --base-import-paths or --bare). (default [latest]) + --tarball string File to save images tarballs ``` ### Options inherited from parent commands diff --git a/integration_test.sh b/integration_test.sh index ea151ad372..492397a4db 100755 --- a/integration_test.sh +++ b/integration_test.sh @@ -112,7 +112,7 @@ done popd || exit 1 echo "9. Auto inside the module without vendoring & run with requesteed capabilities should output TEST" -RESULT="$(GO111MODULE=auto GOFLAGS="" ./ko build --posix-capabilities CAP_IPC_LOCK --local github.com/go-training/helloworld | grep "$FILTER" | xargs -I% docker run --cap-add CAP_IPC_LOCK %)" +RESULT="$(GO111MODULE=auto GOFLAGS="" ./ko build --cap-add CAP_IPC_LOCK --local github.com/go-training/helloworld | grep "$FILTER" | xargs -I% docker run --cap-add CAP_IPC_LOCK %)" if [[ "$RESULT" != *"TEST"* ]]; then echo "Test FAILED. Saw $RESULT" && exit 1 else @@ -120,7 +120,7 @@ else fi echo "10. Auto inside the module without vendoring & run with too little capabilities should fail" -(GO111MODULE=auto GOFLAGS="" ./ko build --posix-capabilities CAP_CHOWN --local github.com/go-training/helloworld | grep "$FILTER" | xargs -I% docker run --cap-drop CAP_CHOWN %) && exit 1 +(GO111MODULE=auto GOFLAGS="" ./ko build --cap-add CAP_CHOWN --local github.com/go-training/helloworld | grep "$FILTER" | xargs -I% docker run --cap-drop CAP_CHOWN %) && exit 1 echo "Test PASSED" popd || exit 1 diff --git a/pkg/commands/options/build.go b/pkg/commands/options/build.go index 6006bbffaf..32817b068f 100644 --- a/pkg/commands/options/build.go +++ b/pkg/commands/options/build.go @@ -85,7 +85,7 @@ func AddBuildOptions(cmd *cobra.Command, bo *BuildOptions) { "Which platform to use when pulling a multi-platform base. Format: all | [/[/]][,platform]*") cmd.Flags().StringSliceVar(&bo.Labels, "image-label", []string{}, "Which labels (key=value) to add to the image.") - cmd.Flags().StringSliceVar(&bo.POSIXCapabilities, "posix-capabilities", []string{}, + cmd.Flags().StringSliceVar(&bo.POSIXCapabilities, "cap-add", []string{}, "Which POSIX capabilities to set on the binary. Eg. CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER") bo.Trimpath = true }