Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Remove 3rd party dependencies: dockerfile registry arg (#2126) 

* allow args in Dockerfiles, change pull references

* add new Dockerfile for OBP, adjust template

remove debugging code
This commit is contained in:
Caden Marchese 2022-06-24 14:40:13 -04:00 коммит произвёл GitHub
Родитель f8a1bc45e5
Коммит 6544bcd2c5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
12 изменённых файлов: 64 добавлений и 22 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.pipelines/onebranch/templates/template-buildrp-builddocker.yml
Просмотреть файл

@ -3,7 +3,7 @@ steps:
displayName: Build Multi Stage Dockerfile displayName: Build Multi Stage Dockerfile
inputs: inputs:
repositoryName: aro-rp repositoryName: aro-rp
dockerFileRelPath: ./Dockerfile.aro-multistage dockerFileRelPath: ./Dockerfile.aro-multistage-onebranch
dockerFileContextPath: ./ dockerFileContextPath: ./
registry: cdpxlinux.azurecr.io registry: cdpxlinux.azurecr.io
saveImageToPath: aro-rp.tar saveImageToPath: aro-rp.tar

3
Dockerfile.aro
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi8/ubi-minimal ARG REGISTRY
FROM ${REGISTRY}/ubi8/ubi-minimal
RUN microdnf update && microdnf clean all RUN microdnf update && microdnf clean all
COPY aro e2e.test /usr/local/bin/ COPY aro e2e.test /usr/local/bin/
ENTRYPOINT ["aro"] ENTRYPOINT ["aro"]

5
Dockerfile.aro-multistage
Просмотреть файл

@ -4,7 +4,8 @@
# Currently the docker version on our RHEL7 VMSS uses a version which # Currently the docker version on our RHEL7 VMSS uses a version which
# does not support multi-stage builds. This is a temporary stop-gap # does not support multi-stage builds. This is a temporary stop-gap
# until we get podman working without issue # until we get podman working without issue
FROM registry.access.redhat.com/ubi8/go-toolset:1.17.7 AS builder ARG REGISTRY
FROM ${REGISTRY}/ubi8/go-toolset:1.17.7 AS builder
ENV GOOS=linux \ ENV GOOS=linux \
GOPATH=/go/ GOPATH=/go/
WORKDIR ${GOPATH}/src/github.com/Azure/ARO-RP WORKDIR ${GOPATH}/src/github.com/Azure/ARO-RP
@ -13,7 +14,7 @@ RUN yum update -y
COPY . ${GOPATH}/src/github.com/Azure/ARO-RP/ COPY . ${GOPATH}/src/github.com/Azure/ARO-RP/
RUN make aro && make e2e.test RUN make aro && make e2e.test
FROM registry.access.redhat.com/ubi7/ubi-minimal FROM ${REGISTRY}/ubi7/ubi-minimal
RUN microdnf update && microdnf clean all RUN microdnf update && microdnf clean all
COPY --from=builder /go/src/github.com/Azure/ARO-RP/aro /go/src/github.com/Azure/ARO-RP/e2e.test /usr/local/bin/ COPY --from=builder /go/src/github.com/Azure/ARO-RP/aro /go/src/github.com/Azure/ARO-RP/e2e.test /usr/local/bin/
ENTRYPOINT ["aro"] ENTRYPOINT ["aro"]

22
Dockerfile.aro-multistage-onebranch Normal file
Просмотреть файл

@ -0,0 +1,22 @@
# Uses a multi-stage container build to build the RP in OneBranch.
#
# TODO:
# OneBranch pipelines currently pull from CDPx which is deprecated. As a temporary fix before
# we migrate to a new solution, this multistage dockerfile uses the same image in both steps to avoid
# needing to pull images that aren't hosted in CDPx.
FROM cdpxlinux.azurecr.io/user/aro/ubi8-gotoolset-1.17.7-13:20220526 AS builder
ENV GOOS=linux \
GOPATH=/go/
WORKDIR ${GOPATH}/src/github.com/Azure/ARO-RP
USER root
RUN yum update -y
COPY . ${GOPATH}/src/github.com/Azure/ARO-RP/
RUN make aro && make e2e.test
FROM cdpxlinux.azurecr.io/user/aro/ubi8-gotoolset-1.17.7-13:20220526
USER root
RUN yum -y update && yum -y clean all
COPY --from=builder /go/src/github.com/Azure/ARO-RP/aro /go/src/github.com/Azure/ARO-RP/e2e.test /usr/local/bin/
ENTRYPOINT ["aro"]
EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp
USER 1000

3
Dockerfile.autorest
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi8/nodejs-14 ARG REGISTRY
FROM ${REGISTRY}/ubi8/nodejs-14
LABEL MAINTAINER="aos-azure" LABEL MAINTAINER="aos-azure"

3
Dockerfile.fluentbit
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi7/ubi-minimal ARG REGISTRY
FROM ${REGISTRY}/ubi7/ubi-minimal
ARG VERSION ARG VERSION
RUN echo -e '[td-agent-bit]\nname=td-agent-bit\nbaseurl=https://packages.fluentbit.io/centos/7/$basearch' >/etc/yum.repos.d/td-agent-bit.repo && \ RUN echo -e '[td-agent-bit]\nname=td-agent-bit\nbaseurl=https://packages.fluentbit.io/centos/7/$basearch' >/etc/yum.repos.d/td-agent-bit.repo && \
rpm --import https://packages.fluentbit.io/fluentbit.key && \ rpm --import https://packages.fluentbit.io/fluentbit.key && \

5
Dockerfile.muo
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi8/go-toolset:1.16.12 AS builder ARG REGISTRY
FROM ${REGISTRY}/ubi8/go-toolset:1.16.12 AS builder
ARG MUOVERSION ARG MUOVERSION
ENV DOWNLOAD_URL=https://github.com/openshift/managed-upgrade-operator/archive/${MUOVERSION}.tar.gz ENV DOWNLOAD_URL=https://github.com/openshift/managed-upgrade-operator/archive/${MUOVERSION}.tar.gz
ENV GOOS=linux \ ENV GOOS=linux \
@ -12,7 +13,7 @@ RUN curl -Lq $DOWNLOAD_URL | tar -xz --strip-components=1
RUN go build -gcflags="all=-trimpath=/go/" -asmflags="all=-trimpath=/go/" -tags mandate_fips -o build/_output/bin/managed-upgrade-operator ./cmd/manager RUN go build -gcflags="all=-trimpath=/go/" -asmflags="all=-trimpath=/go/" -tags mandate_fips -o build/_output/bin/managed-upgrade-operator ./cmd/manager
#### Runtime container #### Runtime container
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest FROM ${REGISTRY}/ubi8/ubi-minimal:latest
ENV USER_UID=1001 \ ENV USER_UID=1001 \
USER_NAME=managed-upgrade-operator USER_NAME=managed-upgrade-operator

3
Dockerfile.portal_lint
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi8/nodejs-14 ARG REGISTRY
FROM ${REGISTRY}/ubi8/nodejs-14
WORKDIR /data WORKDIR /data
USER root USER root

3
Dockerfile.proxy
Просмотреть файл

@ -1,4 +1,5 @@
FROM registry.access.redhat.com/ubi8/ubi-minimal ARG REGISTRY
FROM ${REGISTRY}/ubi8/ubi-minimal
RUN microdnf update && microdnf clean all RUN microdnf update && microdnf clean all
COPY proxy /usr/local/bin COPY proxy /usr/local/bin
ENTRYPOINT ["proxy"] ENTRYPOINT ["proxy"]

29
Makefile
Просмотреть файл

@ -20,6 +20,17 @@ else
VERSION = $(TAG) VERSION = $(TAG)
endif endif
# default to registry.access.redhat.com for build images on local builds and CI builds without $RP_IMAGE_ACR set.
ifeq ($(RP_IMAGE_ACR),arointsvc)
REGISTRY = arointsvc.azurecr.io
else ifeq ($(RP_IMAGE_ACR),arosvc)
REGISTRY = arosvc.azurecr.io
else ifeq ($(RP_IMAGE_ACR),)
REGISTRY = registry.access.redhat.com
else
REGISTRY = $(RP_IMAGE_ACR)
endif
ARO_IMAGE ?= $(ARO_IMAGE_BASE):$(VERSION) ARO_IMAGE ?= $(ARO_IMAGE_BASE):$(VERSION)
build-all: build-all:
@ -64,23 +75,21 @@ generate:
go generate ./... go generate ./...
image-aro: aro e2e.test image-aro: aro e2e.test
docker pull registry.access.redhat.com/ubi8/ubi-minimal docker pull $(REGISTRY)/ubi8/ubi-minimal
docker build --network=host --no-cache -f Dockerfile.aro -t $(ARO_IMAGE) . docker build --network=host --no-cache -f Dockerfile.aro -t $(ARO_IMAGE) --build-arg REGISTRY=$(REGISTRY) .
image-aro-multistage: image-aro-multistage:
docker build --network=host --no-cache -f Dockerfile.aro-multistage -t $(ARO_IMAGE) . docker build --network=host --no-cache -f Dockerfile.aro-multistage -t $(ARO_IMAGE) --build-arg REGISTRY=$(REGISTRY) .
image-autorest: image-autorest:
docker build --network=host --no-cache --build-arg AUTOREST_VERSION="${AUTOREST_VERSION}" \ docker build --network=host --no-cache --build-arg AUTOREST_VERSION="${AUTOREST_VERSION}" --build-arg REGISTRY=$(REGISTRY) -f Dockerfile.autorest -t ${AUTOREST_IMAGE} .
-f Dockerfile.autorest -t ${AUTOREST_IMAGE} .
image-fluentbit: image-fluentbit:
docker build --network=host --no-cache --build-arg VERSION=$(FLUENTBIT_VERSION) \ docker build --network=host --no-cache --build-arg VERSION=$(FLUENTBIT_VERSION) --build-arg REGISTRY=$(REGISTRY) -f Dockerfile.fluentbit -t $(FLUENTBIT_IMAGE) .
-f Dockerfile.fluentbit -t $(FLUENTBIT_IMAGE) .
image-proxy: proxy image-proxy: proxy
docker pull registry.access.redhat.com/ubi8/ubi-minimal docker pull $(REGISTRY)/ubi8/ubi-minimal
docker build --no-cache -f Dockerfile.proxy -t ${RP_IMAGE_ACR}.azurecr.io/proxy:latest . docker build --no-cache -f Dockerfile.proxy -t $(REGISTRY)/proxy:latest --build-arg REGISTRY=$(REGISTRY) .
publish-image-aro: image-aro publish-image-aro: image-aro
docker push $(ARO_IMAGE) docker push $(ARO_IMAGE)
@ -175,7 +184,7 @@ lint-go:
hack/lint-go.sh hack/lint-go.sh
lint-admin-portal: lint-admin-portal:
docker build -f Dockerfile.portal_lint . -t linter docker build --build-arg REGISTRY=$(REGISTRY) -f Dockerfile.portal_lint . -t linter
docker run -it --rm localhost/linter ./src --ext .ts docker run -it --rm localhost/linter ./src --ext .ts
test-python: pyenv az test-python: pyenv az

2
docs/admin-portal.md
Просмотреть файл

@ -21,6 +21,8 @@ You will require Node.js and `npm`. These instructions were tested with the vers
1. Run `make build-portal` from the main directory. This will install the dependencies and kick off the Webpack build, placing the results in `portal/v2/build/`. 1. Run `make build-portal` from the main directory. This will install the dependencies and kick off the Webpack build, placing the results in `portal/v2/build/`.
> __NOTE:__ Due to security compliance requirements, the `make build-portal` target pulls from `arointsvc.azurecr.io`. You can either authenticate to this registry using `az acr login --name arointsvc` to pull the image, or modify the $RP_IMAGE_ACR environment variable to point the builds at `registry.access.redhat.com` instead.
1. Run `make generate`. This will regenerate the golang file containing the portal content to be served. 1. Run `make generate`. This will regenerate the golang file containing the portal content to be served.
1. Commit the results of `build-portal` and `generate`. 1. Commit the results of `build-portal` and `generate`.

6
docs/deploy-full-rp-service-in-dev.md
Просмотреть файл

@ -58,8 +58,10 @@
1. Push the ARO and Fluentbit images to your ACR 1. Push the ARO and Fluentbit images to your ACR
__NOTE:__ If running this step from a VM separate from your workstation, ensure the commit tag used to build the image matches the commit tag where `make deploy` is run. > If running this step from a VM separate from your workstation, ensure the commit tag used to build the image matches the commit tag where `make deploy` is run.
> Due to security compliance requirements, `make publish-image-*` targets pull from `arointsvc.azurecr.io`. You can either authenticate to this registry using `az acr login --name arointsvc` to pull the image, or modify the $RP_IMAGE_ACR environment variable locally to point to `registry.access.redhat.com` instead.
```bash ```bash
make publish-image-aro-multistage make publish-image-aro-multistage
make publish-image-fluentbit make publish-image-fluentbit