Mutli-arch support (#1531)

* initial commit * remove bazel jobs * fix arch * more fixes after testing and code review comments * fix build platform * add individual cloudbuild.yaml as its taking 45 mins for a cloud build trigger * add buildx plugin * add more debugging * update busybox version to fix CVE-2018-1000500 * fix * lint + more debug * fix * fix * fix * remove images from cloudbiuld * move CI job back to docker * one more fix * lets see * bring it back * move CI job back to docker * remove aerg from top * live restart config * remove live restore as minikube setup failed * add --force-systemd * add --force-systemd and docker driver none * change the --run flag * docker info and some logs removed * fix docker command * upgrade version for buildx to 0.5.1 * remove docker service from travis.yml and add systemd cgroup config * move the docker config up * move them back to docker build * fix * fix all dockerfiles * fix warmer * fix * rm bazel jobs * add more logs * fix debug Co-authored-by: ankitm123 <ankitmohapatra123@gmail.com>
2021-01-25 17:49:19 -08:00 · 2021-01-25 17:49:19 -08:00 · ffd35dbe12
parent 24fd3b2ab0
commit ffd35dbe12
19 changed files with 283 additions and 440 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -1,56 +0,0 @@
-name: Publish image
-
-on:
-  release:
-    types: [released]
-
-jobs:
-  build:
-    env:
-      IMAGE_NAME: gcr.io/kaniko-project/executor
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get latest release tag      
-        uses: oprypin/find-latest-tag@v1
-        with:
-          repository: GoogleContainerTools/kaniko  # The repository to scan.
-          releases-only: true  # We know that all relevant tags have a GitHub release for them.
-        id: kaniko  
-
-      - name: Clone source code
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ steps.kaniko.outputs.tag }}
-      
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-        with:
-          platforms: all
-  
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          version: latest
-
-      - name: Available platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
-
-      - name: Setup gcloud CLI 
-        uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
-        with:
-          service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }}
-          project_id: kaniko-project
-          export_default_credentials: true
-        
-      - name: Build and push image
-        run: |
-          gcloud auth configure-docker -q
-          IMAGE_VERSION="$(git describe --tags --abbrev=0)"
-          SHORT_SHA1=$(git rev-parse --short HEAD)
-          PLATFORMS="linux/amd64,linux/ppc64le,linux/arm64"
-          echo "Building and pushing version ${IMAGE_VERSION} of image ${IMAGE_NAME}"
-          docker buildx build --platform "${PLATFORMS}" -t "${IMAGE_NAME}:${IMAGE_VERSION}" -t "${IMAGE_NAME}:latest" -f ./deploy/Dockerfile \
-            --push .
-    
--- a/.travis.yml
+++ b/.travis.yml
@ -37,27 +37,3 @@ jobs:
      script:
        - make integration-test-misc

-    - name: bazel amd64
-      arch: amd64
-      env: CPU=k8
-      before_install: &before_install_multiarch
-        - export PATH=$PATH:$HOME/bin && mkdir -p $HOME/bin
-        - eval $(go env)
-        # install bazelisk as bazel to install the appropriate bazel version
-        - wget https://github.com/bazelbuild/bazelisk/releases/download/v1.6.1/bazelisk-linux-${GOARCH} && chmod +x bazelisk-linux-${GOARCH} && mv bazelisk-linux-${GOARCH} $HOME/bin/bazel
-      script: &script_multiarch
-        # Generate BUILD.bazel files (we do not check them in)
-        - bazel run //:gazelle
-        - bazel build --cpu=${CPU} --curses=no //integration:all
-        # Build all targets tagged with our architecture:
-        - bazel build --cpu=${CPU} --curses=no $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
-        # Run all tests not tagged as "manual":
-        - bazel test  --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 //integration:all
-        # Run all tests tagged with our architecture:
-        - bazel test  --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
-
-    - name: bazel arm64
-      arch: arm64
-      env: CPU=aarch64
-      before_install: *before_install_multiarch
-      script: *script_multiarch
--- a/4
+++ b/4
@ -1,4 +0,0 @@
-load("@bazel_gazelle//:def.bzl", "gazelle")
-
-# gazelle:prefix github.com/GoogleContainerTools/kaniko
-gazelle(name = "gazelle")
--- a/53
+++ b/53
@ -1,53 +0,0 @@
-workspace(name = "kaniko")
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-http_archive(
-    name = "io_bazel_rules_go",
-    sha256 = "b725e6497741d7fc2d55fcc29a276627d10e43fa5d0bb692692890ae30d98d00",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz",
-    ],
-)
-
-http_archive(
-    name = "bazel_gazelle",
-    sha256 = "b85f48fa105c4403326e9525ad2b2cc437babaa6e15a3fc0b1dbab0ab064bc7c",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz",
-    ],
-)
-
-load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
-
-go_rules_dependencies()
-
-go_register_toolchains()
-
-gazelle_dependencies()
-
-# Docker rules.
-http_archive(
-    name = "io_bazel_rules_docker",
-    sha256 = "cf53839c398e464b10ec2fbeb11aedb446f078c28e3b4ce372461bb105ef435c",
-    strip_prefix = "rules_docker-f8478e57ab7457e403fda474f06ac0bb120d92a7",
-    urls = ["https://github.com/bazelbuild/rules_docker/archive/f8478e57ab7457e403fda474f06ac0bb120d92a7.tar.gz"],
-)
-
-load(
-    "@io_bazel_rules_docker//repositories:repositories.bzl",
-    container_repositories = "repositories",
-)
-
-container_repositories()
-
-load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
-
-container_deps()
-
-load("@io_bazel_rules_docker//repositories:pip_repositories.bzl", "pip_deps")
-
-pip_deps()
--- a/cmd/executor/BUILD
+++ b/cmd/executor/BUILD
@ -1,61 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-load("@io_bazel_rules_docker//container:container.bzl", "container_image")
-
-go_library(
-    name = "executor_lib",
-    srcs = ["main.go"],
-    importpath = "github.com/GoogleContainerTools/kaniko/cmd/executor",
-    visibility = ["//visibility:private"],
-    deps = ["//cmd/executor/cmd"],
-)
-
-go_binary(
-    name = "executor",
-    embed = [":executor_lib"],
-    pure = "on",
-    visibility = ["//visibility:public"],
-)
-
-ARCHITECTURES = [
-    "amd64",
-    "arm64",
-    "s390x",
-]
-
-[
-    go_binary(
-        name = "executor_" + arch,
-        embed = [":executor_lib"],
-        goarch = arch,
-        goos = "linux",
-        pure = "on",
-        visibility = ["//visibility:public"],
-    )
-    for arch in ARCHITECTURES
-]
-
-[
-    container_image(
-        name = "image_" + arch,
-        architecture = arch,
-        base = "//files:image",
-        directory = "/kaniko",
-        entrypoint = ["/kaniko/executor_" + arch],
-        env = {
-            "HOME": "/root",
-            "USER": "root",
-            "PATH": "/usr/local/bin:/kaniko",
-            "SSL_CERT_DIR": "/kaniko/ssl/certs",
-            "DOCKER_CONFIG": "/kaniko/.docker/",
-        },
-        files = [
-            ":executor_" + arch,
-        ],
-        symlinks = {
-            "/kaniko/executor": "/kaniko/executor_" + arch,
-        },
-        visibility = ["//visibility:public"],
-        workdir = "/workspace",
-    )
-    for arch in ARCHITECTURES
-]
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@ -17,7 +17,6 @@
 FROM golang:1.14
 ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
-
 RUN echo $GOARCH > /goarch

 #This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
@ -25,6 +24,7 @@ ARG TARGETPLATFORM

 #Capture ARCH has write to /goarch
 RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"

 # Get GCR credential helper
 RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
@ -33,13 +33,13 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
  git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
  cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr            && \
  make deps OUT_DIR=/usr/local/bin                                           && \
-  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go  
+  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go

 # Get Amazon ECR credential helper
 RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
  make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper

-# ACR docker credential helper
+# Azure docker credential helper
 COPY ./acr.patch /
 RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
  cd /go/src/github.com/Azure                                             && \
@ -48,8 +48,8 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
  git checkout a79b541f3ee761f6cc4511863ed41fb038c19464                   && \
  git apply < /acr.patch                                                  && \
  make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
-  
-#ACR docker env credential helper
+
+# ACR docker env credential helper
 RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)   && \
  cd /go/src/github.com/chrismellard                                              && \
  git clone https://github.com/chrismellard/docker-credential-acr-env             && \
@ -60,7 +60,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)
 RUN mkdir -p /kaniko/.docker

 COPY . .
-RUN make GOARCH=$(cat /goarch.txt) 
+RUN make GOARCH=$(cat /goarch)

 FROM scratch
 COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@ -17,32 +17,60 @@
 # Stage 0: Build the executor binary and get credential helpers
 FROM golang:1.14
 ARG GOARCH=amd64
+RUN echo $GOARCH > /goarch
+
+#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
+ARG TARGETPLATFORM
+
+#Capture ARCH has write to /goarch
+RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"
+RUN cat /goarch
+
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
+
 # Get GCR credential helper
-ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz
+RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
+  (mkdir -p /go/src/github.com/GoogleCloudPlatform || true)                  && \
+  cd /go/src/github.com/GoogleCloudPlatform                                  && \
+  git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
+  cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr            && \
+  make deps OUT_DIR=/usr/local/bin                                           && \
+  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
+
 # Get Amazon ECR credential helper
-RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
-RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
+RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
+  make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
+
 # ACR docker credential helper
-ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
-# ACR docker env credential helper
-ADD https://github.com/chrismellard/docker-credential-acr-env/releases/download/0.6.0/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz
+COPY ./acr.patch /
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
+  cd /go/src/github.com/Azure                                             && \
+  git clone https://github.com/Azure/acr-docker-credential-helper         && \
+  cd /go/src/github.com/Azure/acr-docker-credential-helper                && \
+  git checkout a79b541f3ee761f6cc4511863ed41fb038c19464                   && \
+  git apply < /acr.patch                                                  && \
+  make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
+
+#ACR docker env credential helper
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)   && \
+  cd /go/src/github.com/chrismellard                                              && \
+  git clone https://github.com/chrismellard/docker-credential-acr-env             && \
+  cd  docker-credential-acr-env                                                   && \
+  make build && cp -f ./build/docker-credential-acr-env /usr/local/bin

 # Add .docker config dir
 RUN mkdir -p /kaniko/.docker

 COPY . .
-RUN make GOARCH=${GOARCH} && make out/warmer
+RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch.txt) out/warmer

 FROM scratch
 COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
+COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
 COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
+COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
-COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
 COPY --from=amd64/busybox:1.32.0 /bin /busybox

 # Declare /busybox as a volume to get it automatically in the path to ignore
--- a/deploy/Dockerfile_slim
+++ b/deploy/Dockerfile_slim
@ -0,0 +1,42 @@
+# Copyright 2020 Google, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Builds the static Go image to execute in a Kubernetes job
+FROM golang:1.14 as build_env
+ARG GOARCH=amd64
+RUN echo $GOARCH > /goarch
+
+#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
+ARG TARGETPLATFORM
+
+#Capture ARCH has write to /goarch
+RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)"
+
+WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
+COPY . .
+
+RUN make GOARCH=$(cat /goarch)
+
+FROM scratch
+COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
+COPY files/nsswitch.conf /etc/nsswitch.conf
+COPY files/ca-certificates.crt /kaniko/ssl/certs/
+ENV HOME /root
+ENV USER root
+ENV PATH /usr/local/bin:/kaniko
+ENV SSL_CERT_DIR=/kaniko/ssl/certs
+
+ENTRYPOINT ["/kaniko/executor"]
+
--- a/deploy/Dockerfile_warmer
+++ b/deploy/Dockerfile_warmer
@ -17,25 +17,55 @@
 FROM golang:1.14
 ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
+RUN echo $GOARCH > /goarch
+
+#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
+ARG TARGETPLATFORM
+
+#Capture ARCH has write to /goarch
+RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)"
+
 # Get GCR credential helper
-ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
+RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
+  (mkdir -p /go/src/github.com/GoogleCloudPlatform || true)                  && \
+  cd /go/src/github.com/GoogleCloudPlatform                                  && \
+  git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
+  cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr            && \
+  make deps OUT_DIR=/usr/local/bin                                           && \
+  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
+
 # Get Amazon ECR credential helper
-RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
-RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
-# ACR docker credential helper
-ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
+RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
+  make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
+
+# Azure docker credential helper
+COPY ./acr.patch /
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
+  cd /go/src/github.com/Azure                                             && \
+  git clone https://github.com/Azure/acr-docker-credential-helper         && \
+  cd /go/src/github.com/Azure/acr-docker-credential-helper                && \
+  git checkout a79b541f3ee761f6cc4511863ed41fb038c19464                   && \
+  git apply < /acr.patch                                                  && \
+  make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
+
+# ACR docker env credential helper
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)   && \
+  cd /go/src/github.com/chrismellard                                              && \
+  git clone https://github.com/chrismellard/docker-credential-acr-env             && \
+  cd  docker-credential-acr-env                                                   && \
+  make build && cp -f ./build/docker-credential-acr-env /usr/local/bin
+
 # Add .docker config dir
 RUN mkdir -p /kaniko/.docker

 COPY . .
-RUN make GOARCH=${GOARCH} out/warmer
+RUN  make GOARCH=$(cat /goarch) out/warmer

 FROM scratch
 COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
 COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
+COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
 COPY files/ca-certificates.crt /kaniko/ssl/certs/
 COPY --from=0 /kaniko/.docker /kaniko/.docker
--- a/deploy/cloudbuild-debug-release.yaml
+++ b/deploy/cloudbuild-debug-release.yaml
@ -0,0 +1,24 @@
+timeout: 1800s
+
+steps:
+# Set up builder for muti-arch builds.
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+  id: 'initialize-qemu'
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+  id: 'create-builder'
+
+# Build kaniko:debug
+- name: "gcr.io/cloud-builders/docker"
+  args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-debug",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug", "--push", "."]
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _EXECUTOR_IMAGE_NAME: executor
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild-debug.yaml
+++ b/deploy/cloudbuild-debug.yaml
@ -0,0 +1,25 @@
+timeout: 1800s
+
+steps:
+  # Set up builder for muti-arch builds.
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+    id: 'initialize-qemu'
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+    id: 'create-builder'
+
+  # Then, we want to build kaniko:debug
+  - name: "gcr.io/cloud-builders/docker"
+    args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug",
+           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA-debug",
+           "--push", "."]
+
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _EXECUTOR_IMAGE_NAME: executor
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild-executor-release.yaml
+++ b/deploy/cloudbuild-executor-release.yaml
@ -0,0 +1,30 @@
+timeout: 1800s
+
+steps:
+# Set up builder for muti-arch builds.
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+  id: 'initialize-qemu'
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+  id: 'create-builder'
+
+# First, build kaniko
+- name: "gcr.io/cloud-builders/docker"
+  args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest", "--push", "."]
+
+# Finally executor:slim image
+- name: "gcr.io/cloud-builders/docker"
+  args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-slim",
+         "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim", "--push", "."]
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _EXECUTOR_IMAGE_NAME: executor
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild-executor.yaml
+++ b/deploy/cloudbuild-executor.yaml
@ -0,0 +1,28 @@
+timeout: 1800s
+
+steps:
+  # Set up builder for muti-arch builds.
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+    id: 'initialize-qemu'
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+    id: 'create-builder'
+
+#  # First, build kaniko
+#  - name: "gcr.io/cloud-builders/docker"
+#    args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile",
+#           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA", "--push", "." ]
+
+  # Finally executor:slim image
+  - name: "gcr.io/cloud-builders/docker"
+    args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim",
+           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA-slim", "--push", "."]
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _EXECUTOR_IMAGE_NAME: executor
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild-release.yaml
+++ b/deploy/cloudbuild-release.yaml
@ -1,110 +0,0 @@
-# This cloudbuild is run on the creation of new tags, which should signify releases.
-timeout: 1800s
-
-steps:
-
-  # First, build kaniko
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile",
-           "-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."]
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME", 
-           "gcr.io/kaniko-project/executor:latest"]
-  # Then, we want to build kaniko:debug
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile_debug",
-           "-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."]
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", 
-           "gcr.io/kaniko-project/executor:$TAG_NAME-debug"]
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", 
-           "gcr.io/kaniko-project/executor:debug"]       
-  # Then, we want to build the cache warmer
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile_warmer",
-           "-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."]
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME", 
-           "gcr.io/kaniko-project/warmer:latest"]
-
-
-  # Build each of the multi-arch images with Bazel and load them into the Docker daemon.
-  - name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      bazel run //:gazelle
-      bazel run --host_force_python=PY2 //cmd/executor:image_amd64
-      bazel run --host_force_python=PY2 //cmd/executor:image_arm64
-      bazel run --host_force_python=PY2 //cmd/executor:image_s390x
-
-  # Publish the individual container images
-  - name: docker
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      docker tag bazel/cmd/executor:image_amd64     gcr.io/kaniko-project/executor:amd64
-      docker tag bazel/cmd/executor:image_amd64     gcr.io/kaniko-project/executor:amd64-$TAG_NAME
-      docker tag bazel/cmd/executor:image_arm64     gcr.io/kaniko-project/executor:arm64
-      docker tag bazel/cmd/executor:image_arm64     gcr.io/kaniko-project/executor:arm64-$TAG_NAME
-      docker tag bazel/cmd/executor:image_arm64     gcr.io/kaniko-project/executor:s390x
-      docker tag bazel/cmd/executor:image_arm64     gcr.io/kaniko-project/executor:s390x-$TAG_NAME
-
-      docker push gcr.io/kaniko-project/executor:amd64
-      docker push gcr.io/kaniko-project/executor:amd64-$TAG_NAME
-      docker push gcr.io/kaniko-project/executor:arm64
-      docker push gcr.io/kaniko-project/executor:arm64-$TAG_NAME
-      docker push gcr.io/kaniko-project/executor:s390x
-      docker push gcr.io/kaniko-project/executor:s390x-$TAG_NAME
-
-  # Enable "manifest list" support in docker, and publish one covering the per-architecture
-  # images published above.
-  - name: docker
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      # Publish manifest lists second, after all of the binary material
-      # has been uploaded, so that it is fast.  We want fast because enabling
-      # the experimental features in docker changes ~/.docker/config.json, which
-      # GCB periodically tramples.
-      #
-      # Enable support for 'docker manifest create'
-      # https://docs.docker.com/engine/reference/commandline/manifest_create/
-      sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json
-
-      docker manifest create gcr.io/kaniko-project/executor:multi-arch \
-         gcr.io/kaniko-project/executor:amd64 \
-         gcr.io/kaniko-project/executor:arm64 \
-         gcr.io/kaniko-project/executor:s390x
-      docker manifest push gcr.io/kaniko-project/executor:multi-arch
-
-      docker manifest create gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME \
-         gcr.io/kaniko-project/executor:amd64-$TAG_NAME \
-         gcr.io/kaniko-project/executor:arm64-$TAG_NAME \
-         gcr.io/kaniko-project/executor:s390x-$TAG_NAME
-      docker manifest push gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME
-
-
-images: ["gcr.io/kaniko-project/executor:$TAG_NAME",
-         "gcr.io/kaniko-project/executor:latest",
-         "gcr.io/kaniko-project/executor:debug-$TAG_NAME",
-         "gcr.io/kaniko-project/executor:debug",
-         "gcr.io/kaniko-project/warmer:$TAG_NAME",
-         "gcr.io/kaniko-project/warmer:latest",
-         "gcr.io/kaniko-project/executor:$TAG_NAME-debug"]
--- a/deploy/cloudbuild-warmer-release.yaml
+++ b/deploy/cloudbuild-warmer-release.yaml
@ -0,0 +1,24 @@
+timeout: 1800s
+
+steps:
+# Set up builder for muti-arch builds.
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+  id: 'initialize-qemu'
+- name: 'gcr.io/cloud-builders/docker'
+  args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+  id: 'create-builder'
+
+# Build the cache warmer
+- name: "gcr.io/cloud-builders/docker"
+  args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer",
+         "-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:$TAG_NAME",
+         "-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:latest", "--push", "."]
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _WARMER_IMAGE_NAME: warmer
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild-warmer.yaml
+++ b/deploy/cloudbuild-warmer.yaml
@ -0,0 +1,23 @@
+timeout: 1800s
+
+steps:
+  # Set up builder for muti-arch builds.
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+    id: 'initialize-qemu'
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
+    id: 'create-builder'
+
+  # Build the cache warmer
+  - name: "gcr.io/cloud-builders/docker"
+    args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer",
+           "-t", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:$COMMIT_SHA", "--push", "."]
+
+options:
+  env:
+  - 'DOCKER_CLI_EXPERIMENTAL=enabled'
+
+substitutions:
+  _WARMER_IMAGE_NAME: warmer
+  _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'
--- a/deploy/cloudbuild.yaml
+++ b/deploy/cloudbuild.yaml
@ -1,88 +0,0 @@
-timeout: 1800s
-
-steps:
-
-  # First, build kaniko
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile",
-           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}", "."]
-  # Then, we want to build kaniko:debug
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile_debug",
-           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}", "."]
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile_debug",
-           "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}-debug", "."]
-  # Then, we want to build the cache warmer
-  - name: "gcr.io/cloud-builders/docker"
-    args: ["build", "-f", "deploy/Dockerfile_warmer",
-           "-t", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}", "."]
-
-
-  # Build each of the multi-arch images with Bazel and load them into the Docker daemon.
-  - name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      bazel run //:gazelle
-      bazel run --host_force_python=PY2 //cmd/executor:image_amd64
-      bazel run --host_force_python=PY2 //cmd/executor:image_arm64
-      bazel run --host_force_python=PY2 //cmd/executor:image_s390x
-
-  # Publish the individual container images
-  - name: docker
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      docker tag bazel/cmd/executor:image_amd64     gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA}
-      docker tag bazel/cmd/executor:image_arm64     gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA}
-      docker tag bazel/cmd/executor:image_s390x     gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
-
-      docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA}
-      docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA}
-      docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
-
-  # Enable "manifest list" support in docker, and publish one covering the per-architecture
-  # images published above.
-  - name: docker
-    entrypoint: sh
-    args:
-    - -c
-    - |
-      #!/bin/sh
-      set -o errexit
-      set -o xtrace
-
-      # Publish manifest lists second, after all of the binary material
-      # has been uploaded, so that it is fast.  We want fast because enabling
-      # the experimental features in docker changes ~/.docker/config.json, which
-      # GCB periodically tramples.
-      #
-      # Enable support for 'docker manifest create'
-      # https://docs.docker.com/engine/reference/commandline/manifest_create/
-      sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json
-
-      docker manifest create gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA} \
-         gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA} \
-         gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA} \
-         gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
-      docker manifest push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA}
-
-
-images: ["gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}",
-         "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}",
-         "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}"]
-
-substitutions:
-  _EXECUTOR_IMAGE_NAME: executor
-  _WARMER_IMAGE_NAME: warmer
--- a/files/BUILD
+++ b/files/BUILD
@ -1,16 +0,0 @@
-load("@io_bazel_rules_docker//container:container.bzl", "container_image")
-
-container_image(
-    name = "nsswitch",
-    directory = "etc",
-    files = [":nsswitch.conf"],
-    visibility = ["//visibility:private"],
-)
-
-container_image(
-    name = "image",
-    base = ":nsswitch",
-    directory = "kaniko/ssl/certs",
-    files = [":ca-certificates.crt"],
-    visibility = ["//visibility:public"],
-)
--- a/scripts/minikube-setup.sh
+++ b/scripts/minikube-setup.sh
@ -33,8 +33,9 @@ sudo mv minikube /usr/local/bin/

 sudo apt-get update
 sudo apt-get install -y liblz4-tool
+cat /proc/cpuinfo

-sudo minikube start --vm-driver=none
+sudo minikube start --vm-driver=none --force
 sudo minikube status
 sudo chown -R $USER $HOME/.kube $HOME/.minikube
 kubectl cluster-info