Merge pull request #48 from nilekhc/nilekh/f/image-build

feat: adds multi arch image build

Makefile

@@ -50,7 +50,7 @@ TRIVY := trivy
 
 # Image URL to use all building/pushing image targets
 REGISTRY ?= docker.io
-IMAGE_NAME ?= secrets-store-sync-controller
+IMAGE_NAME ?= controller
 IMAGE_TAG ?= $(REGISTRY)/$(IMAGE_NAME):$(VERSION)
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)

config/manager/manager.yaml

@@ -64,7 +64,7 @@ spec:
  - mountPath: "/provider"
  name: providervol
  - name: manager
- image: secrets-store-sync-controller:v0.0.1 # replace this with your acr image, the pre-alpha version of the controller is available at aramase/secrets-sync-controller:v0.0.1
+ image: controller:v0.0.1 # replace this with your acr image, the pre-alpha version of the controller is available at aramase/secrets-sync-controller:v0.0.1
  ports:
  - name: metrics
  containerPort: 8085

docker/Makefile

@@ -0,0 +1,26 @@
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+REGISTRY?=docker.io
+IMAGE_NAME=controller
+IMAGE_VERSION?=v0.0.1
+BUILD_TIMESTAMP := $(shell date +%Y-%m-%d-%H:%M)
+BUILD_COMMIT := $(shell git rev-parse --short HEAD)
+IMAGE_TAG=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)
+PLATFORMS=linux/amd64,linux/arm64
+export
+
+.PHONY: build-and-push
+build-and-push:
+ bash -x ./build.sh build_and_push

docker/build.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+TASK=$1
+
+LDFLAGS="-X sigs.k8s.io/secrets-store-sync-controller/pkg/version.BuildVersion=${IMAGE_VERSION} \
+ -X sigs.k8s.io/secrets-store-sync-controller/pkg/version.Vcs=${BUILD_COMMIT} \
+ -X sigs.k8s.io/secrets-store-sync-controller/pkg/version.BuildTime=${BUILD_TIMESTAMP} -extldflags '-static'"
+
+# This function will build and push the image for all the architectures supported via PLATFORMS var.
+build_and_push() {
+ # Enable execution of multi-architecture containers
+ docker buildx create --name img-builder --use --bootstrap
+ # List builder instances
+ docker buildx ls
+ trap "docker buildx ls && docker buildx rm img-builder" EXIT
+
+ echo "Building image for platforms ${PLATFORMS}..."
+ docker buildx build --no-cache --pull --push \
+ --platform "${PLATFORMS}" \
+ -t "${IMAGE_TAG}" \
+ --build-arg LDFLAGS="${LDFLAGS}" \
+ -f "Dockerfile" ..
+}
+
+shift
+eval "${TASK}"

docker/cloudbuild.yaml

@@ -0,0 +1,35 @@
+# See https://cloud.google.com/cloud-build/docs/build-config
+
+# this must be specified in seconds. If omitted, defaults to 600s (10 mins)
+timeout: 600s
+# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
+# or any new substitutions added in the future.
+options:
+ substitution_option: ALLOW_LOOSE
+ # this is the machine type used for kubernetes releases.
+ # See https://cloud.google.com/build/docs/speeding-up-builds#using_custom_virtual_machine_sizes
+ # job builds a multi-arch docker image for amd64,arm64
+ machineType: 'N1_HIGHCPU_8'
+steps:
+ - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36'
+ entrypoint: bash
+ dir: ./docker
+ env:
+ - TAG=$_GIT_TAG
+ - BASE_REF=$_PULL_BASE_REF
+ - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/secrets-store-sync
+ # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx
+ # setting the home to /root explicitly to make docker buildx work
+ - HOME=/root
+ args:
+ - -c
+ - |
+ gcloud auth configure-docker \
+ && make manifest
+substitutions:
+ # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
+ # can be used as a substitution
+ _GIT_TAG: '12345'
+ # _PULL_BASE_REF will contain the ref that was pushed to to trigger this build -
+ # a branch like 'main' or 'release-0.2', or a tag like 'v0.2'.
+ _PULL_BASE_REF: 'main'

manifest_staging/charts/secrets-store-sync-controller/values.yaml

@@ -25,7 +25,7 @@ validatingAdmissionPolicies:
  - "kubernetes.io/service-account-token"
 
 image:
- repository: secrets-store-sync-controller # e.g. my-registry.example.com/my-repo
+ repository: controller # e.g. my-registry.example.com/my-repo
  pullPolicy: IfNotPresent
  tag: "v0.0.1"