public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Mutli-arch support (#1531) 

* initial commit

* remove bazel jobs

* fix arch

* more fixes after testing and code review comments

* fix build platform

* add individual cloudbuild.yaml as its taking 45 mins for a cloud build trigger

* add buildx plugin

* add more debugging

* update busybox version to fix CVE-2018-1000500

* fix

* lint + more debug

* fix

* fix

* fix

* remove images from cloudbiuld

* move CI job back to docker

* one more fix

* lets see

* bring it back

* move CI job back to docker

* remove aerg from top

* live restart config

* remove live restore as minikube setup failed

* add --force-systemd

* add --force-systemd and docker driver none

* change the --run flag

* docker info and some logs removed

* fix docker command

* upgrade version for buildx to 0.5.1

* remove docker service from travis.yml and add systemd cgroup config

* move the docker config up

* move them back to docker build

* fix

* fix all dockerfiles

* fix warmer

* fix

* rm bazel jobs

* add more logs

* fix debug

Co-authored-by: ankitm123 <ankitmohapatra123@gmail.com>
This commit is contained in:
Tejal Desai 2021-01-25 17:49:19 -08:00 committed by GitHub
parent 24fd3b2ab0
commit ffd35dbe12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 283 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
.github/workflows/release.yaml vendored
View File

@ -1,56 +0,0 @@
name: Publish image
on:
release:
types: [released]
jobs:
build:
env:
IMAGE_NAME: gcr.io/kaniko-project/executor
runs-on: ubuntu-latest
steps:
- name: Get latest release tag
uses: oprypin/find-latest-tag@v1
with:
repository: GoogleContainerTools/kaniko # The repository to scan.
releases-only: true # We know that all relevant tags have a GitHub release for them.
id: kaniko
- name: Clone source code
uses: actions/checkout@v2
with:
ref: ${{ steps.kaniko.outputs.tag }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
version: latest
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Setup gcloud CLI
uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
with:
service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }}
project_id: kaniko-project
export_default_credentials: true
- name: Build and push image
run: |
gcloud auth configure-docker -q
IMAGE_VERSION="$(git describe --tags --abbrev=0)"
SHORT_SHA1=$(git rev-parse --short HEAD)
PLATFORMS="linux/amd64,linux/ppc64le,linux/arm64"
echo "Building and pushing version ${IMAGE_VERSION} of image ${IMAGE_NAME}"
docker buildx build --platform "${PLATFORMS}" -t "${IMAGE_NAME}:${IMAGE_VERSION}" -t "${IMAGE_NAME}:latest" -f ./deploy/Dockerfile \
--push .

24
.travis.yml
View File

@ -37,27 +37,3 @@ jobs:
script: script:
- make integration-test-misc - make integration-test-misc
- name: bazel amd64
arch: amd64
env: CPU=k8
before_install: &before_install_multiarch
- export PATH=$PATH:$HOME/bin && mkdir -p $HOME/bin
- eval $(go env)
# install bazelisk as bazel to install the appropriate bazel version
- wget https://github.com/bazelbuild/bazelisk/releases/download/v1.6.1/bazelisk-linux-${GOARCH} && chmod +x bazelisk-linux-${GOARCH} && mv bazelisk-linux-${GOARCH} $HOME/bin/bazel
script: &script_multiarch
# Generate BUILD.bazel files (we do not check them in)
- bazel run //:gazelle
- bazel build --cpu=${CPU} --curses=no //integration:all
# Build all targets tagged with our architecture:
- bazel build --cpu=${CPU} --curses=no $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
# Run all tests not tagged as "manual":
- bazel test --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 //integration:all
# Run all tests tagged with our architecture:
- bazel test --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
- name: bazel arm64
arch: arm64
env: CPU=aarch64
before_install: *before_install_multiarch
script: *script_multiarch

4
BUILD
View File

@ -1,4 +0,0 @@
load("@bazel_gazelle//:def.bzl", "gazelle")
# gazelle:prefix github.com/GoogleContainerTools/kaniko
gazelle(name = "gazelle")

53
WORKSPACE
View File

@ -1,53 +0,0 @@
workspace(name = "kaniko")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "io_bazel_rules_go",
sha256 = "b725e6497741d7fc2d55fcc29a276627d10e43fa5d0bb692692890ae30d98d00",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz",
"https://github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz",
],
)
http_archive(
name = "bazel_gazelle",
sha256 = "b85f48fa105c4403326e9525ad2b2cc437babaa6e15a3fc0b1dbab0ab064bc7c",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz",
],
)
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
go_rules_dependencies()
go_register_toolchains()
gazelle_dependencies()
# Docker rules.
http_archive(
name = "io_bazel_rules_docker",
sha256 = "cf53839c398e464b10ec2fbeb11aedb446f078c28e3b4ce372461bb105ef435c",
strip_prefix = "rules_docker-f8478e57ab7457e403fda474f06ac0bb120d92a7",
urls = ["https://github.com/bazelbuild/rules_docker/archive/f8478e57ab7457e403fda474f06ac0bb120d92a7.tar.gz"],
)
load(
"@io_bazel_rules_docker//repositories:repositories.bzl",
container_repositories = "repositories",
)
container_repositories()
load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
container_deps()
load("@io_bazel_rules_docker//repositories:pip_repositories.bzl", "pip_deps")
pip_deps()

61
cmd/executor/BUILD
View File

@ -1,61 +0,0 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
go_library(
name = "executor_lib",
srcs = ["main.go"],
importpath = "github.com/GoogleContainerTools/kaniko/cmd/executor",
visibility = ["//visibility:private"],
deps = ["//cmd/executor/cmd"],
)
go_binary(
name = "executor",
embed = [":executor_lib"],
pure = "on",
visibility = ["//visibility:public"],
)
ARCHITECTURES = [
"amd64",
"arm64",
"s390x",
]
[
go_binary(
name = "executor_" + arch,
embed = [":executor_lib"],
goarch = arch,
goos = "linux",
pure = "on",
visibility = ["//visibility:public"],
)
for arch in ARCHITECTURES
]
[
container_image(
name = "image_" + arch,
architecture = arch,
base = "//files:image",
directory = "/kaniko",
entrypoint = ["/kaniko/executor_" + arch],
env = {
"HOME": "/root",
"USER": "root",
"PATH": "/usr/local/bin:/kaniko",
"SSL_CERT_DIR": "/kaniko/ssl/certs",
"DOCKER_CONFIG": "/kaniko/.docker/",
},
files = [
":executor_" + arch,
],
symlinks = {
"/kaniko/executor": "/kaniko/executor_" + arch,
},
visibility = ["//visibility:public"],
workdir = "/workspace",
)
for arch in ARCHITECTURES
]

8
deploy/Dockerfile
View File

@ -17,7 +17,6 @@
FROM golang:1.14 FROM golang:1.14
ARG GOARCH=amd64 ARG GOARCH=amd64
WORKDIR /go/src/github.com/GoogleContainerTools/kaniko WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
RUN echo $GOARCH > /goarch RUN echo $GOARCH > /goarch
#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. #This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
@ -25,6 +24,7 @@ ARG TARGETPLATFORM
#Capture ARCH has write to /goarch #Capture ARCH has write to /goarch
RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"
# Get GCR credential helper # Get GCR credential helper
RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
@ -39,7 +39,7 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
# ACR docker credential helper # Azure docker credential helper
COPY ./acr.patch / COPY ./acr.patch /
RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \
cd /go/src/github.com/Azure && \ cd /go/src/github.com/Azure && \
@ -49,7 +49,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \
git apply < /acr.patch && \ git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
#ACR docker env credential helper # ACR docker env credential helper
RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \ cd /go/src/github.com/chrismellard && \
git clone https://github.com/chrismellard/docker-credential-acr-env && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \
@ -60,7 +60,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)
RUN mkdir -p /kaniko/.docker RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=$(cat /goarch.txt) RUN make GOARCH=$(cat /goarch)
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor

52
deploy/Dockerfile_debug
View File

@ -17,32 +17,60 @@
# Stage 0: Build the executor binary and get credential helpers # Stage 0: Build the executor binary and get credential helpers
FROM golang:1.14 FROM golang:1.14
ARG GOARCH=amd64 ARG GOARCH=amd64
RUN echo $GOARCH > /goarch
#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
ARG TARGETPLATFORM
#Capture ARCH has write to /goarch
RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"
RUN cat /goarch
WORKDIR /go/src/github.com/GoogleContainerTools/kaniko WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
# Get GCR credential helper # Get GCR credential helper
ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \
cd /go/src/github.com/GoogleCloudPlatform && \
git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \
make deps OUT_DIR=/usr/local/bin && \
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
# Get Amazon ECR credential helper # Get Amazon ECR credential helper
RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64 make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
# ACR docker credential helper # ACR docker credential helper
ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin COPY ./acr.patch /
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \
# ACR docker env credential helper cd /go/src/github.com/Azure && \
ADD https://github.com/chrismellard/docker-credential-acr-env/releases/download/0.6.0/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz /usr/local/bin/ git clone https://github.com/Azure/acr-docker-credential-helper && \
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz cd /go/src/github.com/Azure/acr-docker-credential-helper && \
git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \
git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
#ACR docker env credential helper
RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \
git clone https://github.com/chrismellard/docker-credential-acr-env && \
cd docker-credential-acr-env && \
make build && cp -f ./build/docker-credential-acr-env /usr/local/bin
# Add .docker config dir # Add .docker config dir
RUN mkdir -p /kaniko/.docker RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=${GOARCH} && make out/warmer RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch.txt) out/warmer
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=amd64/busybox:1.32.0 /bin /busybox COPY --from=amd64/busybox:1.32.0 /bin /busybox
# Declare /busybox as a volume to get it automatically in the path to ignore # Declare /busybox as a volume to get it automatically in the path to ignore

42
deploy/Dockerfile_slim Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2020 Google, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Builds the static Go image to execute in a Kubernetes job
FROM golang:1.14 as build_env
ARG GOARCH=amd64
RUN echo $GOARCH > /goarch
#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
ARG TARGETPLATFORM
#Capture ARCH has write to /goarch
RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)"
WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
COPY . .
RUN make GOARCH=$(cat /goarch)
FROM scratch
COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf
COPY files/ca-certificates.crt /kaniko/ssl/certs/
ENV HOME /root
ENV USER root
ENV PATH /usr/local/bin:/kaniko
ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENTRYPOINT ["/kaniko/executor"]

48
deploy/Dockerfile_warmer
View File

@ -17,25 +17,55 @@
FROM golang:1.14 FROM golang:1.14
ARG GOARCH=amd64 ARG GOARCH=amd64
WORKDIR /go/src/github.com/GoogleContainerTools/kaniko WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
RUN echo $GOARCH > /goarch
#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
ARG TARGETPLATFORM
#Capture ARCH has write to /goarch
RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)"
# Get GCR credential helper # Get GCR credential helper
ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \
cd /go/src/github.com/GoogleCloudPlatform && \
git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \
make deps OUT_DIR=/usr/local/bin && \
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
# Get Amazon ECR credential helper # Get Amazon ECR credential helper
RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64 make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
# ACR docker credential helper
ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin # Azure docker credential helper
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz COPY ./acr.patch /
RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \
cd /go/src/github.com/Azure && \
git clone https://github.com/Azure/acr-docker-credential-helper && \
cd /go/src/github.com/Azure/acr-docker-credential-helper && \
git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \
git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
# ACR docker env credential helper
RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \
git clone https://github.com/chrismellard/docker-credential-acr-env && \
cd docker-credential-acr-env && \
make build && cp -f ./build/docker-credential-acr-env /usr/local/bin
# Add .docker config dir # Add .docker config dir
RUN mkdir -p /kaniko/.docker RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=${GOARCH} out/warmer RUN make GOARCH=$(cat /goarch) out/warmer
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY files/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker

24
deploy/cloudbuild-debug-release.yaml Normal file
View File

@ -0,0 +1,24 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# Build kaniko:debug
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug", "--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_EXECUTOR_IMAGE_NAME: executor
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

25
deploy/cloudbuild-debug.yaml Normal file
View File

@ -0,0 +1,25 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# Then, we want to build kaniko:debug
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA-debug",
"--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_EXECUTOR_IMAGE_NAME: executor
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

30
deploy/cloudbuild-executor-release.yaml Normal file
View File

@ -0,0 +1,30 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# First, build kaniko
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest", "--push", "."]
# Finally executor:slim image
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-slim",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim", "--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_EXECUTOR_IMAGE_NAME: executor
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

28
deploy/cloudbuild-executor.yaml Normal file
View File

@ -0,0 +1,28 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# # First, build kaniko
# - name: "gcr.io/cloud-builders/docker"
# args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile",
# "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA", "--push", "." ]
# Finally executor:slim image
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA-slim", "--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_EXECUTOR_IMAGE_NAME: executor
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

110
deploy/cloudbuild-release.yaml
View File

@ -1,110 +0,0 @@
# This cloudbuild is run on the creation of new tags, which should signify releases.
timeout: 1800s
steps:
# First, build kaniko
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile",
"-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME",
"gcr.io/kaniko-project/executor:latest"]
# Then, we want to build kaniko:debug
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME",
"gcr.io/kaniko-project/executor:$TAG_NAME-debug"]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME",
"gcr.io/kaniko-project/executor:debug"]
# Then, we want to build the cache warmer
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile_warmer",
"-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME",
"gcr.io/kaniko-project/warmer:latest"]
# Build each of the multi-arch images with Bazel and load them into the Docker daemon.
- name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
bazel run //:gazelle
bazel run --host_force_python=PY2 //cmd/executor:image_amd64
bazel run --host_force_python=PY2 //cmd/executor:image_arm64
bazel run --host_force_python=PY2 //cmd/executor:image_s390x
# Publish the individual container images
- name: docker
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
docker tag bazel/cmd/executor:image_amd64 gcr.io/kaniko-project/executor:amd64
docker tag bazel/cmd/executor:image_amd64 gcr.io/kaniko-project/executor:amd64-$TAG_NAME
docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:arm64
docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:arm64-$TAG_NAME
docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:s390x
docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:s390x-$TAG_NAME
docker push gcr.io/kaniko-project/executor:amd64
docker push gcr.io/kaniko-project/executor:amd64-$TAG_NAME
docker push gcr.io/kaniko-project/executor:arm64
docker push gcr.io/kaniko-project/executor:arm64-$TAG_NAME
docker push gcr.io/kaniko-project/executor:s390x
docker push gcr.io/kaniko-project/executor:s390x-$TAG_NAME
# Enable "manifest list" support in docker, and publish one covering the per-architecture
# images published above.
- name: docker
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
# Publish manifest lists second, after all of the binary material
# has been uploaded, so that it is fast. We want fast because enabling
# the experimental features in docker changes ~/.docker/config.json, which
# GCB periodically tramples.
#
# Enable support for 'docker manifest create'
# https://docs.docker.com/engine/reference/commandline/manifest_create/
sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json
docker manifest create gcr.io/kaniko-project/executor:multi-arch \
gcr.io/kaniko-project/executor:amd64 \
gcr.io/kaniko-project/executor:arm64 \
gcr.io/kaniko-project/executor:s390x
docker manifest push gcr.io/kaniko-project/executor:multi-arch
docker manifest create gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME \
gcr.io/kaniko-project/executor:amd64-$TAG_NAME \
gcr.io/kaniko-project/executor:arm64-$TAG_NAME \
gcr.io/kaniko-project/executor:s390x-$TAG_NAME
docker manifest push gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME
images: ["gcr.io/kaniko-project/executor:$TAG_NAME",
"gcr.io/kaniko-project/executor:latest",
"gcr.io/kaniko-project/executor:debug-$TAG_NAME",
"gcr.io/kaniko-project/executor:debug",
"gcr.io/kaniko-project/warmer:$TAG_NAME",
"gcr.io/kaniko-project/warmer:latest",
"gcr.io/kaniko-project/executor:$TAG_NAME-debug"]

24
deploy/cloudbuild-warmer-release.yaml Normal file
View File

@ -0,0 +1,24 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# Build the cache warmer
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer",
"-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:$TAG_NAME",
"-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:latest", "--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_WARMER_IMAGE_NAME: warmer
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

23
deploy/cloudbuild-warmer.yaml Normal file
View File

@ -0,0 +1,23 @@
timeout: 1800s
steps:
# Set up builder for muti-arch builds.
- name: 'gcr.io/cloud-builders/docker'
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
# Build the cache warmer
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer",
"-t", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:$COMMIT_SHA", "--push", "."]
options:
env:
- 'DOCKER_CLI_EXPERIMENTAL=enabled'
substitutions:
_WARMER_IMAGE_NAME: warmer
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

88
deploy/cloudbuild.yaml
View File

@ -1,88 +0,0 @@
timeout: 1800s
steps:
# First, build kaniko
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}", "."]
# Then, we want to build kaniko:debug
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}-debug", "."]
# Then, we want to build the cache warmer
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "deploy/Dockerfile_warmer",
"-t", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}", "."]
# Build each of the multi-arch images with Bazel and load them into the Docker daemon.
- name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
bazel run //:gazelle
bazel run --host_force_python=PY2 //cmd/executor:image_amd64
bazel run --host_force_python=PY2 //cmd/executor:image_arm64
bazel run --host_force_python=PY2 //cmd/executor:image_s390x
# Publish the individual container images
- name: docker
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
docker tag bazel/cmd/executor:image_amd64 gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA}
docker tag bazel/cmd/executor:image_arm64 gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA}
docker tag bazel/cmd/executor:image_s390x gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA}
docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA}
docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
# Enable "manifest list" support in docker, and publish one covering the per-architecture
# images published above.
- name: docker
entrypoint: sh
args:
- -c
- |
#!/bin/sh
set -o errexit
set -o xtrace
# Publish manifest lists second, after all of the binary material
# has been uploaded, so that it is fast. We want fast because enabling
# the experimental features in docker changes ~/.docker/config.json, which
# GCB periodically tramples.
#
# Enable support for 'docker manifest create'
# https://docs.docker.com/engine/reference/commandline/manifest_create/
sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json
docker manifest create gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA} \
gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA} \
gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA} \
gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA}
docker manifest push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA}
images: ["gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}",
"gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}"]
substitutions:
_EXECUTOR_IMAGE_NAME: executor
_WARMER_IMAGE_NAME: warmer

16
files/BUILD
View File

@ -1,16 +0,0 @@
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
container_image(
name = "nsswitch",
directory = "etc",
files = [":nsswitch.conf"],
visibility = ["//visibility:private"],
)
container_image(
name = "image",
base = ":nsswitch",
directory = "kaniko/ssl/certs",
files = [":ca-certificates.crt"],
visibility = ["//visibility:public"],
)

3
scripts/minikube-setup.sh
View File

@ -33,8 +33,9 @@ sudo mv minikube /usr/local/bin/
sudo apt-get update sudo apt-get update
sudo apt-get install -y liblz4-tool sudo apt-get install -y liblz4-tool
cat /proc/cpuinfo
sudo minikube start --vm-driver=none sudo minikube start --vm-driver=none --force
sudo minikube status sudo minikube status
sudo chown -R $USER $HOME/.kube $HOME/.minikube sudo chown -R $USER $HOME/.kube $HOME/.minikube
kubectl cluster-info kubectl cluster-info