From caa71409b8e30afa10f83d129325b219bc6ab4ce Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Mon, 2 Jan 2023 16:50:17 -0800 Subject: [PATCH 1/4] Build image with ko --- Dockerfile | 35 ------------------- Makefile | 19 ++++++---- hack/install-ko.sh | 24 +++++++++++++ .../templates/deployment.yaml | 2 -- scripts/ci_e2e_test.sh | 16 +-------- 5 files changed, 38 insertions(+), 58 deletions(-) delete mode 100644 Dockerfile create mode 100755 hack/install-ko.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 9de02e082..000000000 --- a/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -# syntax=docker/dockerfile:experimental - -FROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/golang:1.19.3 AS base -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN --mount=type=bind,target=. \ - GOPROXY=direct go mod download - -FROM base AS build -ARG TARGETOS -ARG TARGETARCH -ENV VERSION_PKG=sigs.k8s.io/aws-load-balancer-controller/pkg/version -RUN --mount=type=bind,target=. \ - --mount=type=cache,target=/root/.cache/go-build \ - GIT_VERSION=$(git describe --tags --dirty --always) && \ - GIT_COMMIT=$(git rev-parse HEAD) && \ - BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) && \ - GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on \ - CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2" \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now" \ - go build -buildmode=pie -tags 'osusergo,netgo,static_build' -ldflags="-s -w -linkmode=external -extldflags '-static-pie' -X ${VERSION_PKG}.GitVersion=${GIT_VERSION} -X ${VERSION_PKG}.GitCommit=${GIT_COMMIT} -X ${VERSION_PKG}.BuildDate=${BUILD_DATE}" -mod=readonly -a -o /out/controller main.go - -FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2022-07-27-1658910674.2 as bin-unix - -COPY --from=build /out/controller /controller -ENTRYPOINT ["/controller"] - -FROM bin-unix AS bin-linux -FROM bin-unix AS bin-darwin - -FROM bin-${TARGETOS} as bin diff --git a/Makefile b/Makefile index 5f376c2c7..ec24196fb 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,10 @@ MAKEFILE_PATH = $(dir $(realpath -s $(firstword $(MAKEFILE_LIST)))) # Image URL to use all building/pushing image targets IMG ?= public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 +IMG_PLATFORM ?= linux/amd64,linux/arm64 +# ECR doesn't appear to support SPDX SBOM +IMG_SBOM ?= none + CRD_OPTIONS ?= "crd:crdVersions=v1" @@ -74,13 +78,12 @@ aws-sdk-model-override: ./scripts/aws_sdk_model_override/cleanup.sh ; \ fi +.PHONY: docker-push +docker-push: aws-load-balancer-controller-push -# Push the docker image -docker-push: - docker buildx build . --target bin \ - --tag $(IMG) \ - --push \ - --platform linux/amd64,linux/arm64 +.PHONY: aws-load-balancer-controller-push +aws-load-balancer-controller-push: ko + KO_DOCKER_REPO=$(firstword $(subst :, ,${IMG})) ko build --tags $(word 2,$(subst :, ,${IMG})) --platform=${IMG_PLATFORM} --bare --sbom ${IMG_SBOM} . # find or download controller-gen # download controller-gen if necessary @@ -115,6 +118,10 @@ else KUSTOMIZE=$(shell which kustomize) endif +.PHONY: ko +ko: + hack/install-ko.sh + # preview docs docs-preview: docs-dependencies pipenv run mkdocs serve diff --git a/hack/install-ko.sh b/hack/install-ko.sh new file mode 100755 index 000000000..d5a04c11e --- /dev/null +++ b/hack/install-ko.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +if ! command -v ko &> /dev/null; then + cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1 + go install github.com/google/ko@v0.12.0 +fi diff --git a/helm/aws-load-balancer-controller/templates/deployment.yaml b/helm/aws-load-balancer-controller/templates/deployment.yaml index 445574f38..386faa2d2 100644 --- a/helm/aws-load-balancer-controller/templates/deployment.yaml +++ b/helm/aws-load-balancer-controller/templates/deployment.yaml @@ -153,8 +153,6 @@ spec: value: "{{ $value }}" {{- end }} {{- end }} - command: - - /controller securityContext: {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/scripts/ci_e2e_test.sh b/scripts/ci_e2e_test.sh index 15c7da7d0..3c4ed5d26 100755 --- a/scripts/ci_e2e_test.sh +++ b/scripts/ci_e2e_test.sh @@ -72,21 +72,7 @@ build_push_controller_image() { fi echo "build and push docker image ${CONTROLLER_IMAGE_NAME}" - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx create --use - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx inspect --bootstrap - - # TODO: the first buildx build sometimes fails on new created builder instance. - # figure out why and remove this retry. - n=0 - until [ "$n" -ge 2 ]; do - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build . --target bin \ - --tag "${CONTROLLER_IMAGE_NAME}" \ - --push \ - --progress plain \ - --platform linux/amd64 && break - n=$((n + 1)) - sleep 2 - done + make docker-push IMG=${CONTROLLER_IMAGE_NAME} IMG_PLATFORM=linux/amd64 if [[ $? -ne 0 ]]; then echo "unable to build and push docker image" >&2 From 0ad697e582ba2aa7c547633f184395c6b629a978 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Fri, 20 Jan 2023 12:43:17 -0800 Subject: [PATCH 2/4] Downgrade to ko v0.11.2 --- hack/install-ko.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/install-ko.sh b/hack/install-ko.sh index d5a04c11e..82a806262 100755 --- a/hack/install-ko.sh +++ b/hack/install-ko.sh @@ -20,5 +20,5 @@ set -o pipefail if ! command -v ko &> /dev/null; then cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1 - go install github.com/google/ko@v0.12.0 + go install github.com/google/ko@v0.11.2 fi From 824effa150c83a1a56fef3364260a0de3046ba8c Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Sat, 21 Jan 2023 13:16:18 -0800 Subject: [PATCH 3/4] Use eks-distro-minimal-base-nonroot as base image --- .ko.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .ko.yaml diff --git a/.ko.yaml b/.ko.yaml new file mode 100644 index 000000000..596e2fbd5 --- /dev/null +++ b/.ko.yaml @@ -0,0 +1 @@ +defaultBaseImage: public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2022-07-27-1658910674.2 From 28b7f84b5a708fde9ee12dbddb03a5f7902efe85 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Sat, 21 Jan 2023 14:43:54 -0800 Subject: [PATCH 4/4] Specify ko build options --- .ko.yaml | 12 ++++++++++++ Makefile | 6 +++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.ko.yaml b/.ko.yaml index 596e2fbd5..ca3fa6cb2 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -1 +1,13 @@ defaultBaseImage: public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2022-07-27-1658910674.2 +builds: +- env: + - CGO_ENABLED=0 + flags: + - -mod=readonly + ldflags: + - -s + - -w + - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.GitVersion={{.Env.GIT_VERSION}} + - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.GitCommit={{.Env.GIT_COMMIT}} + - -X sigs.k8s.io/aws-load-balancer-controller/pkg/version.BuildDate={{.Env.BUILD_DATE}} + diff --git a/Makefile b/Makefile index ec24196fb..1431acad6 100644 --- a/Makefile +++ b/Makefile @@ -83,7 +83,11 @@ docker-push: aws-load-balancer-controller-push .PHONY: aws-load-balancer-controller-push aws-load-balancer-controller-push: ko - KO_DOCKER_REPO=$(firstword $(subst :, ,${IMG})) ko build --tags $(word 2,$(subst :, ,${IMG})) --platform=${IMG_PLATFORM} --bare --sbom ${IMG_SBOM} . + KO_DOCKER_REPO=$(firstword $(subst :, ,${IMG})) \ + GIT_VERSION=$(shell git describe --tags --dirty --always) \ + GIT_COMMIT=$(shell git rev-parse HEAD) \ + BUILD_DATE=$(shell date +%Y-%m-%dT%H:%M:%S%z) \ + ko build --tags $(word 2,$(subst :, ,${IMG})) --platform=${IMG_PLATFORM} --bare --sbom ${IMG_SBOM} . # find or download controller-gen # download controller-gen if necessary