Skip to content

Latest commit

 

History

History
 
 

build

README.md

Images

How the images are built

cert-manager images in quay.io are multi-arch images for a number of linux architectures. The individual container bundles for each architecture are built using Bazel functionality in cert-manager repository. Docker manifest list is then created using cmrel and the arch-specific container bundles and the manifest list pushed to quay.io. Therefore the multi_arch..-named rules in this repository don't refer to 'multi-arch' in a sense of creating multi-arch images (i.e manifest lists) and the functionality related to pushing images is mostly unused.

Base image types

By default, cert-manager binaries are built statically linked, with cgo disabled. Binaries are packaged in a static distroless base image. Unless you're making changes to cert-manager itself, this default is probably exactly what you want.

In some scenarios - such as if you need to link against a different TLS library - you might want to enable cgo and use a dynamic distroless base image. Example command to build cert-manager images for linux/amd64 with cgo enabled and dynamic linking:

bazel run \
		--stamp \
		--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64_cgo \
		--define image_type=dynamic \
		//build:server-images

Stamping

Bazel has a concept of stamping which allows embedding additional information into binaries and ensuring that those binaries get rebuilt when the information changes. The additional information has to come from Bazel's stable workspace variables, see https://docs.bazel.build/versions/master/user-manual.html#workspace_status. Stamping can be used with rules that have the stamp attribute such as go_image. To enable stamping on a particular rule and build, we set stamp = True on the rule and pass --stamp to the bazel build command.

We use stamping to tag images with a name of a Docker registry and a version and ensure that if a different registry or version is specified, the image will be re-bundled.These image stamping values come from STABLE_DOCKER_REGISTRY, STABLE_DOCKER_TAG stable workspace variables declared in ./hack/build/print-workspace-status.sh. This script will be run before every Bazel build as specified in our in .bazelrc file.