feat: add arm64 build (#950)
* feat: add arm64 build * update to buster-v1.5.0 for arch config fix
This commit is contained in:
Anish Ramasekar
GitHub
Родитель
e48acb0a8b
Коммит
1d49a0035b
|
|
@ -25,5 +25,5 @@ steps:
|
|||
echo "Image version: ${IMAGE_VERSION}"
|
||||
|
||||
az acr login -n $(REGISTRY_NAME)
|
||||
make images push
|
||||
make docker-buildx-builder images
|
||||
displayName: "Build and push MIC, NMI and identity-validator images"
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ steps:
|
|||
- script: |
|
||||
export REGISTRY="e2e"
|
||||
export IMAGE_VERSION="test"
|
||||
export OUTPUT_TYPE="docker"
|
||||
export BUILD_PLATFORMS="linux/amd64"
|
||||
make images
|
||||
|
||||
wget https://github.com/aquasecurity/trivy/releases/download/v0.11.0/trivy_0.11.0_Linux-64bit.tar.gz
|
||||
|
|
|
|||
17
Dockerfile
17
Dockerfile
|
|
@ -1,13 +1,24 @@
|
|||
ARG BUILDPLATFORM="linux/amd64"
|
||||
ARG BUILDERIMAGE="golang:1.15-alpine"
|
||||
ARG BASEIMAGE=gcr.io/distroless/static:nonroot
|
||||
|
||||
FROM golang:1.15 AS builder
|
||||
FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
|
||||
WORKDIR /go/src/github.com/Azure/aad-pod-identity
|
||||
ADD . .
|
||||
RUN go mod download
|
||||
ARG IMAGE_VERSION
|
||||
RUN make build
|
||||
RUN apk add make && \
|
||||
export GOOS=$TARGETOS && \
|
||||
export GOARCH=$TARGETARCH && \
|
||||
export GOARM=$(echo ${TARGETPLATFORM} | cut -d / -f3 | tr -d 'v') && \
|
||||
make build
|
||||
|
||||
FROM k8s.gcr.io/build-image/debian-iptables:buster-v1.4.0 AS nmi
|
||||
FROM k8s.gcr.io/build-image/debian-iptables:buster-v1.5.0 AS nmi
|
||||
RUN clean-install ca-certificates
|
||||
COPY --from=builder /go/src/github.com/Azure/aad-pod-identity/bin/aad-pod-identity/nmi /bin/
|
||||
RUN useradd -u 10001 nonroot
|
||||
|
|
|
|||
43
Makefile
43
Makefile
|
|
@ -48,7 +48,11 @@ TOOLS_DIR := $(abspath ./.tools)
|
|||
|
||||
# docker env var
|
||||
DOCKER_BUILDKIT = 1
|
||||
export DOCKER_BUILDKIT
|
||||
DOCKER_CLI_EXPERIMENTAL = enabled
|
||||
export DOCKER_BUILDKIT DOCKER_CLI_EXPERIMENTAL
|
||||
BUILD_PLATFORMS ?= linux/amd64,linux/arm64,linux/arm/v7
|
||||
# Output type of docker buildx build
|
||||
OUTPUT_TYPE ?= registry
|
||||
|
||||
$(TOOLS_DIR)/golangci-lint: $(TOOLS_MOD_DIR)/go.mod $(TOOLS_MOD_DIR)/go.sum $(TOOLS_MOD_DIR)/tools.go
|
||||
cd $(TOOLS_MOD_DIR) && \
|
||||
|
|
@ -106,7 +110,7 @@ build-demo: clean-demo
|
|||
PKG_NAME=github.com/Azure/$(PROJECT_NAME)/cmd/$(DEMO_BINARY_NAME) ${MAKE} bin/$(PROJECT_NAME)/$(DEMO_BINARY_NAME)
|
||||
|
||||
bin/%:
|
||||
GOOS=$(GOOS) GOARCH=amd64 go build $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
|
||||
GOOS=$(GOOS) go build $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
|
||||
|
||||
.PHONY: build-identity-validator
|
||||
build-identity-validator: clean-identity-validator
|
||||
|
|
@ -122,33 +126,48 @@ precommit: build unit-test lint
|
|||
deepcopy-gen:
|
||||
deepcopy-gen -i ./pkg/apis/aadpodidentity/v1/ -o . -O aadpodidentity_deepcopy_generated -p aadpodidentity
|
||||
|
||||
.PHONY: docker-buildx-builder
|
||||
docker-buildx-builder:
|
||||
docker run --rm --privileged docker/binfmt:820fdd95a9972a5308930a2bdfb8573dd4447ad3
|
||||
if ! docker buildx ls | grep -q container-builder; then \
|
||||
DOCKER_CLI_EXPERIMENTAL=enabled docker buildx create --name container-builder --use; \
|
||||
fi
|
||||
|
||||
.PHONY: image-nmi
|
||||
image-nmi:
|
||||
docker build \
|
||||
docker buildx build \
|
||||
--target nmi \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
--platform "$(BUILD_PLATFORMS)" \
|
||||
--output=type=$(OUTPUT_TYPE) \
|
||||
-t $(REGISTRY)/$(NMI_IMAGE) .
|
||||
|
||||
.PHONY: image-mic
|
||||
image-mic:
|
||||
docker build \
|
||||
docker buildx build \
|
||||
--target mic \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
--platform "$(BUILD_PLATFORMS)" \
|
||||
--output=type=$(OUTPUT_TYPE) \
|
||||
-t "$(REGISTRY)/$(MIC_IMAGE)" .
|
||||
|
||||
.PHONY: image-demo
|
||||
image-demo:
|
||||
docker build \
|
||||
--target demo \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
-t "$(REGISTRY)/$(DEMO_IMAGE)" .
|
||||
docker buildx build \
|
||||
--target demo \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
--platform "$(BUILD_PLATFORMS)" \
|
||||
--output=type=$(OUTPUT_TYPE) \
|
||||
-t "$(REGISTRY)/$(DEMO_IMAGE)" .
|
||||
|
||||
.PHONY: image-identity-validator
|
||||
image-identity-validator:
|
||||
docker build \
|
||||
--target identityvalidator \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
-t "$(REGISTRY)/$(IDENTITY_VALIDATOR_IMAGE)" .
|
||||
docker buildx build \
|
||||
--target identityvalidator \
|
||||
--build-arg IMAGE_VERSION=$(IMAGE_VERSION) \
|
||||
--platform "$(BUILD_PLATFORMS)" \
|
||||
--output=type=$(OUTPUT_TYPE) \
|
||||
-t "$(REGISTRY)/$(IDENTITY_VALIDATOR_IMAGE)" .
|
||||
|
||||
.PHONY: images
|
||||
images: image-nmi image-mic image-demo image-identity-validator
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче