Skip to content

Commit

Permalink
more fixes after testing and code review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
tejal29 committed Dec 22, 2020
1 parent bc02ceb commit 69914af
Show file tree
Hide file tree
Showing 7 changed files with 140 additions and 98 deletions.
27 changes: 16 additions & 11 deletions deploy/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# Builds the static Go image to execute in a Kubernetes job
# Get the BUILDPLATFORM ARG
FROM alpine
ARG BUILDPLATFORM

# Builds the static Go image to execute in a Kubernetes job
FROM --platform=$BUILDPLATFORM golang:1.14
ARG BUILDPLATFORM
FROM --platform=${BUILDPLATFORM} golang:1.14
ARG TARGETPLATFORM
ARG TARGETARCH

#Capture all the args
RUN echo "I am running on $BUILDPLATFORM building for $TARGETPLATFORM with $TARGETARCH"
WORKDIR /go/src/github.com/GoogleContainerTools/kaniko

# Get GCR credential helper
Expand All @@ -27,7 +33,7 @@ RUN GOARCH=${TARGETARCH} && CGO_ENABLED=0 && \
git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \
make deps OUT_DIR=/usr/local/bin && \
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go

# Get Amazon ECR credential helper
RUN GOARCH=${TARGETARCH} && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
Expand All @@ -42,7 +48,7 @@ RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/Azure || true) && \
git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \
git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux

#ACR docker env credential helper
RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \
Expand All @@ -57,12 +63,13 @@ COPY . .
RUN make GOARCH=${TARGETARCH}

FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=1 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY --from=1 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=1 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=1 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=1 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY files/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY --from=1 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER root
Expand All @@ -72,6 +79,4 @@ ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
WORKDIR /workspace
RUN ["docker-credential-gcr", "config", "--token-source=env"]

ENTRYPOINT ["/kaniko/executor"]

66 changes: 46 additions & 20 deletions deploy/Dockerfile_debug
Original file line number Diff line number Diff line change
Expand Up @@ -12,48 +12,74 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# Builds the static Go image to execute in a Kubernetes job
# Get the BUILDPLATFORM ARG
FROM alpine
ARG BUILDPLATFORM

# Stage 0: Build the executor binary and get credential helpers
# Builds the static Go image to execute in a Kubernetes job
FROM --platform=$BUILDPLATFORM golang:1.14
ARG BUILDPLATFORM
FROM --platform=${BUILDPLATFORM} golang:1.14
ARG TARGETPLATFORM
ARG TARGETARCH

#Capture all the args
RUN echo "I am running on $BUILDPLATFORM building for $TARGETPLATFORM with $TARGETARCH"

WORKDIR /go/src/github.com/GoogleContainerTools/kaniko

# Get GCR credential helper
ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz
RUN GOARCH=${TARGETARCH} && CGO_ENABLED=0 && \
(mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \
cd /go/src/github.com/GoogleCloudPlatform && \
git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \
make deps OUT_DIR=/usr/local/bin && \
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go

# Get Amazon ECR credential helper
RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
RUN GOARCH=${TARGETARCH} && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper

# ACR docker credential helper
ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
# ACR docker env credential helper
ADD https://github.com/chrismellard/docker-credential-acr-env/releases/download/0.6.0/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz /usr/local/bin/
RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz
COPY ./acr.patch /
RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/Azure || true) && \
cd /go/src/github.com/Azure && \
git clone https://github.com/Azure/acr-docker-credential-helper && \
cd /go/src/github.com/Azure/acr-docker-credential-helper && \
git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \
git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux

#ACR docker env credential helper
RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \
git clone https://github.com/chrismellard/docker-credential-acr-env && \
cd docker-credential-acr-env && \
make build && cp -f ./build/docker-credential-acr-env /usr/local/bin


# Add .docker config dir
RUN mkdir -p /kaniko/.docker

COPY . .
RUN make GOARCH=${TARGETARCH} && make out/warmer
RUN make GOARCH=${TARGETARCH} && make GOARCH=${TARGETARCH} out/warmer

FROM --platform=$TARGETPLATFORM busybox:1.31.1 as busybox-arch
ARG $TARGETPLATFORM

FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=amd64/busybox:1.31.1 /bin /busybox
COPY --from=1 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
COPY --from=1 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=1 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=1 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=1 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=busybox-arch /bin /busybox

# Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox

COPY files/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY --from=1 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER /root
Expand Down
12 changes: 10 additions & 2 deletions deploy/Dockerfile_slim
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# Builds the static Go image to execute in a Kubernetes job
# Get the BUILDPLATFORM ARG
FROM alpine
ARG BUILDPLATFORM

# Builds the static Go image to execute in a Kubernetes job
FROM --platform=$BUILDPLATFORM golang:1.14
ARG BUILDPLATFORM
FROM --platform=${BUILDPLATFORM} golang:1.14
ARG TARGETPLATFORM
ARG TARGETARCH

#Capture all the args
RUN echo "I am running on $BUILDPLATFORM building for $TARGETPLATFORM with $TARGETARCH"

WORKDIR /go/src/github.com/GoogleContainerTools/kaniko

COPY . .
RUN make GOARCH=${TARGETARCH}

FROM scratch
COPY --from=1 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER root
Expand Down
54 changes: 42 additions & 12 deletions deploy/Dockerfile_warmer
Original file line number Diff line number Diff line change
Expand Up @@ -12,36 +12,66 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# Get the BUILDPLATFORM ARG
FROM alpine
ARG BUILDPLATFORM

# Builds the static Go image to execute in a Kubernetes job
FROM --platform=$BUILDPLATFORM golang:1.14
ARG BUILDPLATFORM
FROM --platform=${BUILDPLATFORM} golang:1.14
ARG TARGETPLATFORM
ARG TARGETARCH

#Capture all the args
RUN echo "I am running on $BUILDPLATFORM building for $TARGETPLATFORM with $TARGETARCH"

WORKDIR /go/src/github.com/GoogleContainerTools/kaniko

# Get GCR credential helper
ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
RUN GOARCH=${TARGETARCH} && CGO_ENABLED=0 && \
(mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \
cd /go/src/github.com/GoogleCloudPlatform && \
git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \
make deps OUT_DIR=/usr/local/bin && \
go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go

# Get Amazon ECR credential helper
RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
RUN GOARCH=${TARGETARCH} && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper

# ACR docker credential helper
ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
COPY ./acr.patch /
RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/Azure || true) && \
cd /go/src/github.com/Azure && \
git clone https://github.com/Azure/acr-docker-credential-helper && \
cd /go/src/github.com/Azure/acr-docker-credential-helper && \
git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \
git apply < /acr.patch && \
make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux

#ACR docker env credential helper
RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/chrismellard || true) && \
cd /go/src/github.com/chrismellard && \
git clone https://github.com/chrismellard/docker-credential-acr-env && \
cd docker-credential-acr-env && \
make build && cp -f ./build/docker-credential-acr-env /usr/local/bin


# Add .docker config dir
RUN mkdir -p /kaniko/.docker

COPY . .
RUN make GOARCH=${TARGETARCH} out/warmer

FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=1 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
COPY --from=1 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=1 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=1 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
COPY --from=1 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY files/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY --from=1 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER /root
Expand Down
38 changes: 14 additions & 24 deletions deploy/cloudbuild-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,53 +6,43 @@ steps:
args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
id: 'initialize-qemu'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'create', '--name', 'mybuilder']
args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}']
id: 'create-builder'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'use', 'mybuilder']
id: 'select-builder'
- name: 'gcr.io/cloud-builders/docker'
args: ['buildx', 'inspect', '--bootstrap']
id: 'show-target-build-platforms'

# First, build kaniko
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile",
"-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME",
"gcr.io/kaniko-project/executor:latest"]
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest", "--push", "."]
waitFor: ['initialize-qemu', 'create-builder']

# Then, we want to build kaniko:debug
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug",
"-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME",
"gcr.io/kaniko-project/executor:debug"]
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-debug",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug", "--push", "."]
waitFor: ['initialize-qemu', 'create-builder']

# Then, we want to build the cache warmer
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer",
"-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME",
"gcr.io/kaniko-project/warmer:latest"]
"-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:$TAG_NAME",
"-t", "gcr.io/$PROJECT_ID/{_WARMER_IMAGE_NAME}:latest", "--push", "."]
waitFor: ['initialize-qemu', 'create-builder']

# Finally executor:slim image
- name: "gcr.io/cloud-builders/docker"
args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim",
"-t", "gcr.io/kaniko-project/executor:$TAG_NAME-slim", "."]
- name: "gcr.io/cloud-builders/docker"
args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME-slim",
"gcr.io/kaniko-project/executor:slim"]
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$TAG_NAME-slim",
"-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim", "--push", "."]
waitFor: ['initialize-qemu', 'create-builder']


images: ["gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${TAG_NAME}",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${TAG_NAME}-slim",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${TAG_NAME}",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${TAG_NAME}-debug",
"gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug",
"gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:latest",
"gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${TAG_NAME}"]
Expand Down
Loading

0 comments on commit 69914af

Please sign in to comment.