cert-manager
images in quay.io
are multi-arch images for a number of linux
architectures.
The individual container bundles for each architecture are built using Bazel
functionality in cert-manager repository.
Docker manifest list is then created using cmrel
and the arch-specific container bundles and the manifest list pushed to quay.io
.
Therefore the multi_arch..
-named rules in this repository don't refer to 'multi-arch' in a sense of creating multi-arch images (i.e manifest lists) and the functionality related to pushing images is mostly unused.
By default, cert-manager binaries are built statically linked, with cgo disabled. Binaries are packaged in a static distroless base image. Unless you're making changes to cert-manager itself, this default is probably exactly what you want.
In some scenarios - such as if you need to link against a different TLS library - you might want to enable cgo and use a dynamic distroless base image. Example command to build cert-manager images for linux/amd64 with cgo enabled and dynamic linking:
bazel run \
--stamp \
--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64_cgo \
--define image_type=dynamic \
//build:server-images
Bazel has a concept of stamping which allows embedding additional information into binaries and ensuring that those binaries get rebuilt when the information changes.
The additional information has to come from Bazel's stable workspace variables, see https://docs.bazel.build/versions/master/user-manual.html#workspace_status.
Stamping can be used with rules that have the stamp
attribute such as go_image
.
To enable stamping on a particular rule and build, we set stamp = True
on the rule and pass --stamp
to the bazel build
command.
We use stamping to tag images with a name of a Docker registry and a version and ensure that if a different registry or version is specified, the image will be re-bundled.These image stamping values come from STABLE_DOCKER_REGISTRY
, STABLE_DOCKER_TAG
stable workspace variables declared in ./hack/build/print-workspace-status.sh.
This script will be run before every Bazel build as specified in our in .bazelrc file.