From caa71409b8e30afa10f83d129325b219bc6ab4ce Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Mon, 2 Jan 2023 16:50:17 -0800 Subject: [PATCH] Build image with ko --- Dockerfile | 35 ------------------- Makefile | 19 ++++++---- hack/install-ko.sh | 24 +++++++++++++ .../templates/deployment.yaml | 2 -- scripts/ci_e2e_test.sh | 16 +-------- 5 files changed, 38 insertions(+), 58 deletions(-) delete mode 100644 Dockerfile create mode 100755 hack/install-ko.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 9de02e082..000000000 --- a/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -# syntax=docker/dockerfile:experimental - -FROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/golang:1.19.3 AS base -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN --mount=type=bind,target=. \ - GOPROXY=direct go mod download - -FROM base AS build -ARG TARGETOS -ARG TARGETARCH -ENV VERSION_PKG=sigs.k8s.io/aws-load-balancer-controller/pkg/version -RUN --mount=type=bind,target=. \ - --mount=type=cache,target=/root/.cache/go-build \ - GIT_VERSION=$(git describe --tags --dirty --always) && \ - GIT_COMMIT=$(git rev-parse HEAD) && \ - BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) && \ - GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on \ - CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2" \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now" \ - go build -buildmode=pie -tags 'osusergo,netgo,static_build' -ldflags="-s -w -linkmode=external -extldflags '-static-pie' -X ${VERSION_PKG}.GitVersion=${GIT_VERSION} -X ${VERSION_PKG}.GitCommit=${GIT_COMMIT} -X ${VERSION_PKG}.BuildDate=${BUILD_DATE}" -mod=readonly -a -o /out/controller main.go - -FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2022-07-27-1658910674.2 as bin-unix - -COPY --from=build /out/controller /controller -ENTRYPOINT ["/controller"] - -FROM bin-unix AS bin-linux -FROM bin-unix AS bin-darwin - -FROM bin-${TARGETOS} as bin diff --git a/Makefile b/Makefile index 5f376c2c7..ec24196fb 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,10 @@ MAKEFILE_PATH = $(dir $(realpath -s $(firstword $(MAKEFILE_LIST)))) # Image URL to use all building/pushing image targets IMG ?= public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 +IMG_PLATFORM ?= linux/amd64,linux/arm64 +# ECR doesn't appear to support SPDX SBOM +IMG_SBOM ?= none + CRD_OPTIONS ?= "crd:crdVersions=v1" @@ -74,13 +78,12 @@ aws-sdk-model-override: ./scripts/aws_sdk_model_override/cleanup.sh ; \ fi +.PHONY: docker-push +docker-push: aws-load-balancer-controller-push -# Push the docker image -docker-push: - docker buildx build . --target bin \ - --tag $(IMG) \ - --push \ - --platform linux/amd64,linux/arm64 +.PHONY: aws-load-balancer-controller-push +aws-load-balancer-controller-push: ko + KO_DOCKER_REPO=$(firstword $(subst :, ,${IMG})) ko build --tags $(word 2,$(subst :, ,${IMG})) --platform=${IMG_PLATFORM} --bare --sbom ${IMG_SBOM} . # find or download controller-gen # download controller-gen if necessary @@ -115,6 +118,10 @@ else KUSTOMIZE=$(shell which kustomize) endif +.PHONY: ko +ko: + hack/install-ko.sh + # preview docs docs-preview: docs-dependencies pipenv run mkdocs serve diff --git a/hack/install-ko.sh b/hack/install-ko.sh new file mode 100755 index 000000000..d5a04c11e --- /dev/null +++ b/hack/install-ko.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +if ! command -v ko &> /dev/null; then + cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1 + go install github.com/google/ko@v0.12.0 +fi diff --git a/helm/aws-load-balancer-controller/templates/deployment.yaml b/helm/aws-load-balancer-controller/templates/deployment.yaml index 445574f38..386faa2d2 100644 --- a/helm/aws-load-balancer-controller/templates/deployment.yaml +++ b/helm/aws-load-balancer-controller/templates/deployment.yaml @@ -153,8 +153,6 @@ spec: value: "{{ $value }}" {{- end }} {{- end }} - command: - - /controller securityContext: {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/scripts/ci_e2e_test.sh b/scripts/ci_e2e_test.sh index 15c7da7d0..3c4ed5d26 100755 --- a/scripts/ci_e2e_test.sh +++ b/scripts/ci_e2e_test.sh @@ -72,21 +72,7 @@ build_push_controller_image() { fi echo "build and push docker image ${CONTROLLER_IMAGE_NAME}" - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx create --use - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx inspect --bootstrap - - # TODO: the first buildx build sometimes fails on new created builder instance. - # figure out why and remove this retry. - n=0 - until [ "$n" -ge 2 ]; do - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build . --target bin \ - --tag "${CONTROLLER_IMAGE_NAME}" \ - --push \ - --progress plain \ - --platform linux/amd64 && break - n=$((n + 1)) - sleep 2 - done + make docker-push IMG=${CONTROLLER_IMAGE_NAME} IMG_PLATFORM=linux/amd64 if [[ $? -ne 0 ]]; then echo "unable to build and push docker image" >&2