Fix multi-platform run. (#12)

* Updated Bazel: 6.4.0. => 6.5.0 * Building multi-platform images for services. * Updated Tilt: 0.33.1 => 0.33.12 * Define platform-specific Tilt dependency. * Updated rules_oci: 1.4.0 => 1.7.5 * Updated @distroless_base image. * Simplified wrapper.sh.
ekhabarov · Apr 1, 2024 · 0e16467 · 0e16467
1 parent 45c615d
commit 0e16467
Show file tree

Hide file tree

Showing 14 changed files with 176 additions and 98 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -1,6 +1,5 @@
 # Limit resources for build
 build --local_ram_resources=HOST_RAM*.5 --local_cpu_resources=8
-build --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64
 
 # Show us information about failures.
 build --verbose_failures

diff --git a/.bazelversion b/.bazelversion
@@ -1 +1 @@
-6.4.0
+6.5.0
diff --git a/Tiltfile b/Tiltfile
@@ -29,6 +29,6 @@ for api in apis:
     print(ports)
 
   k8s_yaml(bazel_run('//{name}:yaml'.format(name=name)))
-  bazel_build('bazel/{name}'.format(name=name), '//{name}:image'.format(name=name))
+  bazel_build('bazel/%s' % name, '//{name}:tarball'.format(name=name))
   k8s_resource(workload=name, port_forwards=ports)
 
diff --git a/WORKSPACE b/WORKSPACE
@@ -76,40 +76,43 @@ load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
 
 ############## TILT
 
-TILT_VERSION = "0.33.1"
-
-TILT_ARCH = "x86_64"
+TILT_VERSION = "0.33.12"
 
 TILT_URL = "https://github.com/windmilleng/tilt/releases/download/v{VER}/tilt.{VER}.{OS}.{ARCH}.tar.gz"
 
-http_archive(
-    name = "tilt_linux_x86_64",
+_tilt_sha = {
+    "linux_arm64": "584bb4a288bf19666356a26e178b6c9ec0e9cd18863e38eca64ff96bb33019ef",
+    "linux_x86_64": "a8ba6f489d4b0145c7c4447195b0ee7de191bffeebd61c2887d34fe3dc173ac1",
+    "mac_arm64": "29c916a79ef3c83bbd5525d8b000d1bb2aa738523ad7dd2c65f9f09f4abbe83e",
+    "mac_x86_64": "f7db4f1318be278f7b6c1efff5d2483642a6eb3f2fa86f6e99757664703b2fdb",
+}
+
+[http_archive(
+    name = "tilt_{os}_{arch}".format(
+        arch = arch,
+        os = os if os == "linux" else "darwin",
+    ),
     build_file_content = "exports_files(['tilt'])",
-    sha256 = "34ea609c7933084781cdd88a20b5e8b42c41d164460ba59cb8ea612ed106847d",
+    sha256 = _tilt_sha["%s_%s" % (os, arch)],
     urls = [TILT_URL.format(
-        ARCH = TILT_ARCH,
-        OS = "linux",
+        ARCH = arch,
+        OS = os,
         VER = TILT_VERSION,
     )],
-)
-
-http_archive(
-    name = "tilt_darwin_x86_64",
-    build_file_content = "exports_files(['tilt'])",
-    sha256 = "b5ef9875ef4027ce8e750ccac86eb0e768e5e7c15647e02a1641466f2b501a0e",
-    urls = [TILT_URL.format(
-        ARCH = TILT_ARCH,
-        OS = "mac",
-        VER = TILT_VERSION,
-    )],
-)
+) for arch in [
+    "x86_64",
+    "arm64",
+] for os in [
+    "linux",
+    "mac",
+]]
 
 ### OCI ###
 http_archive(
     name = "rules_oci",
-    sha256 = "21a7d14f6ddfcb8ca7c5fc9ffa667c937ce4622c7d2b3e17aea1ffbc90c96bed",
-    strip_prefix = "rules_oci-1.4.0",
-    url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.4.0/rules_oci-v1.4.0.tar.gz",
+    sha256 = "56d5499025d67a6b86b2e6ebae5232c72104ae682b5a21287770bd3bf0661abf",
+    strip_prefix = "rules_oci-1.7.5",
+    url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.7.5/rules_oci-v1.7.5.tar.gz",
 )
 
 load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
@@ -127,11 +130,11 @@ load("@rules_oci//oci:pull.bzl", "oci_pull")
 
 oci_pull(
     name = "distroless_base",
-    digest = "sha256:ccaef5ee2f1850270d453fdf700a5392534f8d1a8ca2acda391fbb6a06b81c86",  #multi-arch
+    digest = "sha256:280852156756ea3f39f9e774a30346f2e756244e1f432aea3061c4ac85d90a66",  #multi-arch
     image = "gcr.io/distroless/base",
     platforms = [
         "linux/amd64",
-        "linux/arm64",
+        "linux/arm64/v8",
     ],
 )
 
@@ -147,6 +150,7 @@ oci_pull(
 )
 
 ### PKG
+# TODO(ekhabarov): replace with bazel-lib/tar
 http_archive(
     name = "rules_pkg",
     sha256 = "8f9ee2dc10c1ae514ee599a8b42ed99fa262b757058f65ad3c384289ff70c4b8",

diff --git a/authz/BUILD b/authz/BUILD
@@ -1,8 +1,9 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@rules_ytt//:defs.bzl", "ytt")
 load("@rules_pkg//:pkg.bzl", "pkg_tar")
-load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push", "oci_tarball")
+load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_push", "oci_tarball")
 load("//:stamp.bzl", "stamp")
+load("//:platforms.bzl", "ARCH", "OS")
 
 go_library(
     name = "authz_lib",
@@ -13,31 +14,63 @@ go_library(
         "//authz/server",
         "@com_github_envoyproxy_go_control_plane//envoy/service/auth/v3:auth",
         "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//reflection",
     ],
 )
 
-go_binary(
-    name = "authz",
-    embed = [":authz_lib"],
-    visibility = ["//visibility:public"],
-)
-
-pkg_tar(
-    name = "tar",
-    srcs = [":authz"],
-)
+[[
+    go_binary(
+        name = "authz_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        ),
+        embed = [":authz_lib"],
+        goarch = arch,
+        goos = os,
+        visibility = ["//visibility:public"],
+    ),
+    pkg_tar(
+        name = "tar_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        ),
+        srcs = [":authz_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        )],
+    ),
+    oci_image(
+        name = "image_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        ),
+        base = "@distroless_base",
+        entrypoint = ["/authz_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        )],
+        tars = [":tar_{os}_{arch}".format(
+            arch = arch,
+            os = os,
+        )],
+    ),
+] for arch in ARCH for os in OS]
 
-oci_image(
+oci_image_index(
     name = "image",
-    base = "@distroless_base",
-    entrypoint = ["/authz"],
-    tars = [":tar"],
+    images = [
+        ":image_linux_arm64",
+        ":image_linux_amd64",
+    ],
 )
 
 oci_tarball(
     name = "tarball",
-    image = ":image",
-    repo_tags = ["authz:latest"],
+    image = select({
+        "@platforms//cpu:arm64": ":image_linux_arm64",
+        "@platforms//cpu:x86_64": ":image_linux_amd64",
+    }),
+    repo_tags = ["bazel/authz:latest"],
 )
 
 stamp(
@@ -57,6 +90,11 @@ ytt(
         ":values.yaml",
         "//k8s:defaults.yaml",
         "//k8s/base:service.yaml",
-        ":image.digest",
     ],
 )
+
+go_binary(
+    name = "authz",
+    embed = [":authz_lib"],
+    visibility = ["//visibility:public"],
+)
diff --git a/authz/main.go b/authz/main.go
@@ -6,11 +6,13 @@ import (
 	"github.com/ekhabarov/bazel-k8s-envoy/authz/server"
 	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/reflection"
 )
 
 func main() {
 	s := grpc.NewServer()
 	auth.RegisterAuthorizationServer(s, &server.Server{})
+	reflection.Register(s)
 
 	lis, err := net.Listen("tcp", ":5000")
 	if err != nil {

diff --git a/bazel.Tiltfile b/bazel.Tiltfile
@@ -1,9 +1,10 @@
 arch = "amd64"
 
-if k8s_context().endswith("@pi"):
-  arch = "arm"
+#  if k8s_context().endswith("@pi"):
+#    arch = "arm"
 
-BAZEL_RUN_CMD = "bazel run --platforms=@io_bazel_rules_go//go/toolchain:linux_{arch} %s -- --norun".format(arch=arch)
+#  BAZEL_RUN_CMD = "bazel run --platforms=@io_bazel_rules_go//go/toolchain:linux_{arch} %s -- --norun".format(arch=arch)
+BAZEL_RUN_CMD = "bazel run %s".format(arch=arch)
 
 # build dependencies: what dependencies does Bazel need to execute this target?
 BAZEL_SOURCES_CMD = """
@@ -76,5 +77,5 @@ def bazel_build(image, target):
     ref = image,
     command = BAZEL_RUN_CMD % target,
     deps = source_deps_files,
-    tag="tarball"
+    tag="latest"
   )
diff --git a/envoy/BUILD b/envoy/BUILD
@@ -22,7 +22,7 @@ oci_image(
 oci_tarball(
     name = "tarball",
     image = ":image",
-    repo_tags = ["envoy:latest"],
+    repo_tags = ["bazel/envoy:latest"],
 )
 
 stamp(
@@ -40,10 +40,10 @@ ytt(
     name = "yaml",
     srcs = [
         ":command.yaml",
+        ":image.digest",
         ":ports.yaml",
         ":values.yaml",
         "//k8s:defaults.yaml",
         "//k8s/base:service.yaml",
-        ":image.digest",
     ],
 )
diff --git a/k8s/BUILD b/k8s/BUILD
@@ -5,10 +5,10 @@ exports_files([
 ])
 
 ytt(
-  name = "ns",
-  srcs = [
-    ":defaults.yaml",
-    ":values.yaml",
-    "//k8s/base:namespace.yaml",
-  ]
+    name = "ns",
+    srcs = [
+        ":defaults.yaml",
+        ":values.yaml",
+        "//k8s/base:namespace.yaml",
+    ],
 )
diff --git a/k8s/base/service.yaml b/k8s/base/service.yaml
@@ -19,7 +19,8 @@ spec:
     spec:
       containers:
       - name: #@ data.values.app_name
-        image: #@ "bazel/{}@{}".format(data.values.app_name, data.read("image.json.sha256").strip())
+        #! image: #@ "bazel/{}@{}".format(data.values.app_name, data.read("image.json.sha256").strip())
+        image: #@ "bazel/{}:latest".format(data.values.app_name)
         ports:
         - containerPort: 5000
         resources:

diff --git a/platforms.bzl b/platforms.bzl
@@ -0,0 +1,3 @@
+ARCH = ["arm64", "amd64"]
+OS = ["linux"]
+