diff --git a/Makefile b/Makefile index 8c889f8369..6164c1e6e3 100644 --- a/Makefile +++ b/Makefile @@ -95,10 +95,12 @@ k8s-executor-build-push: images: docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile . docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug . + docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:slim -f deploy/Dockerfile_slim . docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer . .PHONY: push push: docker push $(REGISTRY)/executor:latest docker push $(REGISTRY)/executor:debug + docker push $(REGISTRY)/executor:slim docker push $(REGISTRY)/warmer:latest diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 8021977f9b..9a92ad6dae 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -12,47 +12,30 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job +FROM golang:1.17 +WORKDIR /src -FROM golang:1.15 -ARG GOARCH=amd64 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH -RUN echo $GOARCH > /goarch - -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go - +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# ACR docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) +RUN make GOARCH=$TARGETARCH # Generate latest ca-certificates @@ -64,10 +47,10 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor +COPY --from=0 /src/out/executor /kaniko/executor COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf @@ -79,4 +62,4 @@ ENV DOCKER_CONFIG /kaniko/.docker/ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json WORKDIR /workspace -ENTRYPOINT ["/kaniko/executor"] \ No newline at end of file +ENTRYPOINT ["/kaniko/executor"] diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 64833c79a5..6c9ffe3be0 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -12,50 +12,31 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job +FROM golang:1.17 +WORKDIR /src -# Stage 0: Build the executor binary and get credential helpers -FROM golang:1.14 -ARG GOARCH=amd64 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko -RUN echo $GOARCH > /goarch - -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)" -RUN cat /goarch +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go - +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# Azure docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch) out/warmer +RUN make GOARCH=$TARGETARCH +RUN make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates @@ -67,11 +48,11 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer +COPY --from=0 /src/out/executor /kaniko/executor +COPY --from=0 /src/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=busybox:1.32.0 /bin /busybox # Declare /busybox as a volume to get it automatically in the path to ignore VOLUME /busybox diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim index 2c6af095cf..07ece82ee7 100644 --- a/deploy/Dockerfile_slim +++ b/deploy/Dockerfile_slim @@ -13,21 +13,15 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.15 as build_env -ARG GOARCH=amd64 -RUN echo $GOARCH > /goarch +FROM golang:1.17 -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)" - -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +WORKDIR /src COPY . . -RUN make GOARCH=$(cat /goarch) +RUN make GOARCH=$TARGETARCH # Generate latest ca-certificates @@ -39,7 +33,7 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor +COPY --from=0 /src/out/executor /kaniko/executor COPY files/nsswitch.conf /etc/nsswitch.conf COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ ENV HOME /root diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index acb22fb2ed..6e8c0ee1bc 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -12,47 +12,30 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job +FROM golang:1.17 +WORKDIR /src -FROM golang:1.15 -ARG GOARCH=amd64 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko -RUN echo $GOARCH > /goarch +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)" +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go - +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# ACR docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) out/warmer +RUN make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates @@ -64,10 +47,10 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer +COPY --from=0 /src/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf