diff --git a/Makefile b/Makefile index 1b50e42..22c2ede 100644 --- a/Makefile +++ b/Makefile @@ -50,7 +50,7 @@ TRIVY := trivy # Image URL to use all building/pushing image targets REGISTRY ?= docker.io -IMAGE_NAME ?= secrets-store-sync-controller +IMAGE_NAME ?= controller IMAGE_TAG ?= $(REGISTRY)/$(IMAGE_NAME):$(VERSION) # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 73884f9..d7580c4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -64,7 +64,7 @@ spec: - mountPath: "/provider" name: providervol - name: manager - image: secrets-store-sync-controller:v0.0.1 # replace this with your acr image, the pre-alpha version of the controller is available at aramase/secrets-sync-controller:v0.0.1 + image: controller:v0.0.1 # replace this with your acr image, the pre-alpha version of the controller is available at aramase/secrets-sync-controller:v0.0.1 ports: - name: metrics containerPort: 8085 diff --git a/docker/Makefile b/docker/Makefile new file mode 100644 index 0000000..a4441c3 --- /dev/null +++ b/docker/Makefile @@ -0,0 +1,26 @@ +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +REGISTRY?=docker.io +IMAGE_NAME=controller +IMAGE_VERSION?=v0.0.1 +BUILD_TIMESTAMP := $(shell date +%Y-%m-%d-%H:%M) +BUILD_COMMIT := $(shell git rev-parse --short HEAD) +IMAGE_TAG=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION) +PLATFORMS=linux/amd64,linux/arm64 +export + +.PHONY: build-and-push +build-and-push: + bash -x ./build.sh build_and_push diff --git a/docker/build.sh b/docker/build.sh new file mode 100755 index 0000000..718bf3f --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +TASK=$1 + +LDFLAGS="-X sigs.k8s.io/secrets-store-sync-controller/pkg/version.BuildVersion=${IMAGE_VERSION} \ + -X sigs.k8s.io/secrets-store-sync-controller/pkg/version.Vcs=${BUILD_COMMIT} \ + -X sigs.k8s.io/secrets-store-sync-controller/pkg/version.BuildTime=${BUILD_TIMESTAMP} -extldflags '-static'" + +# This function will build and push the image for all the architectures supported via PLATFORMS var. +build_and_push() { + # Enable execution of multi-architecture containers + docker buildx create --name img-builder --use --bootstrap + # List builder instances + docker buildx ls + trap "docker buildx ls && docker buildx rm img-builder" EXIT + + echo "Building image for platforms ${PLATFORMS}..." + docker buildx build --no-cache --pull --push \ + --platform "${PLATFORMS}" \ + -t "${IMAGE_TAG}" \ + --build-arg LDFLAGS="${LDFLAGS}" \ + -f "Dockerfile" .. +} + +shift +eval "${TASK}" diff --git a/docker/cloudbuild.yaml b/docker/cloudbuild.yaml new file mode 100644 index 0000000..9f5b713 --- /dev/null +++ b/docker/cloudbuild.yaml @@ -0,0 +1,35 @@ +# See https://cloud.google.com/cloud-build/docs/build-config + +# this must be specified in seconds. If omitted, defaults to 600s (10 mins) +timeout: 600s +# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF, +# or any new substitutions added in the future. +options: + substitution_option: ALLOW_LOOSE + # this is the machine type used for kubernetes releases. + # See https://cloud.google.com/build/docs/speeding-up-builds#using_custom_virtual_machine_sizes + # job builds a multi-arch docker image for amd64,arm64 + machineType: 'N1_HIGHCPU_8' +steps: + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36' + entrypoint: bash + dir: ./docker + env: + - TAG=$_GIT_TAG + - BASE_REF=$_PULL_BASE_REF + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/secrets-store-sync + # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx + # setting the home to /root explicitly to make docker buildx work + - HOME=/root + args: + - -c + - | + gcloud auth configure-docker \ + && make manifest +substitutions: + # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and + # can be used as a substitution + _GIT_TAG: '12345' + # _PULL_BASE_REF will contain the ref that was pushed to to trigger this build - + # a branch like 'main' or 'release-0.2', or a tag like 'v0.2'. + _PULL_BASE_REF: 'main' diff --git a/manifest_staging/charts/secrets-store-sync-controller/values.yaml b/manifest_staging/charts/secrets-store-sync-controller/values.yaml index 3338c26..c737185 100644 --- a/manifest_staging/charts/secrets-store-sync-controller/values.yaml +++ b/manifest_staging/charts/secrets-store-sync-controller/values.yaml @@ -25,7 +25,7 @@ validatingAdmissionPolicies: - "kubernetes.io/service-account-token" image: - repository: secrets-store-sync-controller # e.g. my-registry.example.com/my-repo + repository: controller # e.g. my-registry.example.com/my-repo pullPolicy: IfNotPresent tag: "v0.0.1"