Build image with ko (kubernetes-sigs#2955)

* Build image with ko

* Downgrade to ko v0.11.2

* Use eks-distro-minimal-base-nonroot as base image

* Specify ko build options

.ko.yaml

@@ -0,0 +1,13 @@
+defaultBaseImage: public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2022-07-27-1658910674.2
+builds:
+- env:
+  - CGO_ENABLED=0
+  flags:
+  - -mod=readonly
+  ldflags:
+  - -s
+  - -w
+  - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.GitVersion={{.Env.GIT_VERSION}}
+  - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.GitCommit={{.Env.GIT_COMMIT}}
+  - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.BuildDate={{.Env.BUILD_DATE}}
+

Makefile

@@ -3,6 +3,10 @@ MAKEFILE_PATH = $(dir $(realpath -s $(firstword $(MAKEFILE_LIST))))
 
 # Image URL to use all building/pushing image targets
 IMG ?= public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6
+IMG_PLATFORM ?= linux/amd64,linux/arm64
+# ECR doesn't appear to support SPDX SBOM
+IMG_SBOM ?= none
+
 
 CRD_OPTIONS ?= "crd:crdVersions=v1"
 
@@ -75,13 +79,16 @@ aws-sdk-model-override:
 		./scripts/aws_sdk_model_override/cleanup.sh ; \
 	fi
 
+.PHONY: docker-push
+docker-push: aws-load-balancer-controller-push
 
-# Push the docker image
-docker-push:
-	docker buildx build . --target bin \
-        		--tag $(IMG) \
-        		--push \
-        		--platform linux/amd64,linux/arm64
+.PHONY: aws-load-balancer-controller-push
+aws-load-balancer-controller-push: ko
+	KO_DOCKER_REPO=$(firstword $(subst :, ,${IMG})) \
+    GIT_VERSION=$(shell git describe --tags --dirty --always) \
+    GIT_COMMIT=$(shell git rev-parse HEAD)  \
+    BUILD_DATE=$(shell date +%Y-%m-%dT%H:%M:%S%z) \
+    ko build --tags $(word 2,$(subst :, ,${IMG})) --platform=${IMG_PLATFORM} --bare --sbom ${IMG_SBOM} .
 
 # find or download controller-gen
 # download controller-gen if necessary
@@ -134,6 +141,10 @@ else
 KUSTOMIZE=$(shell which kustomize)
 endif
 
+.PHONY: ko
+ko:
+	hack/install-ko.sh
+
 # preview docs
 docs-preview: docs-dependencies
 	pipenv run mkdocs serve

hack/install-ko.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if ! command -v ko &> /dev/null; then
+  cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
+  go install github.com/google/ko@v0.11.2
+fi

helm/aws-load-balancer-controller/templates/deployment.yaml

@@ -153,8 +153,6 @@ spec:
           value: "{{ $value }}"
         {{- end }}
         {{- end }}
-        command:
-        - /controller
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

scripts/ci_e2e_test.sh

@@ -72,21 +72,7 @@ build_push_controller_image() {
   fi
 
   echo "build and push docker image ${CONTROLLER_IMAGE_NAME}"
-  DOCKER_CLI_EXPERIMENTAL=enabled docker buildx create --use
-  DOCKER_CLI_EXPERIMENTAL=enabled docker buildx inspect --bootstrap
-
-  # TODO: the first buildx build sometimes fails on new created builder instance.
-  #  figure out why and remove this retry.
-  n=0
-  until [ "$n" -ge 2 ]; do
-    DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build . --target bin \
-      --tag "${CONTROLLER_IMAGE_NAME}" \
-      --push \
-      --progress plain \
-      --platform linux/amd64 && break
-    n=$((n + 1))
-    sleep 2
-  done
+  make docker-push IMG=${CONTROLLER_IMAGE_NAME} IMG_PLATFORM=linux/amd64
 
   if [[ $? -ne 0 ]]; then
     echo "unable to build and push docker image" >&2