From dfd8064d089d946fce847ab835a333d1609f0968 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Wed, 2 Feb 2022 17:26:46 -0800 Subject: [PATCH 01/12] docker: use multi-stage build Signed-off-by: Lizan Zhou --- .azure-pipelines/pipelines.yml | 6 +-- ci/Dockerfile-envoy | 79 ++++++++++++++++++++++++++++++---- ci/Dockerfile-envoy-alpine | 15 ------- ci/Dockerfile-envoy-distroless | 11 ----- ci/Dockerfile-envoy-google-vrp | 26 ----------- ci/do_ci.sh | 23 +++++----- ci/docker_ci.sh | 54 ++++++----------------- 7 files changed, 96 insertions(+), 118 deletions(-) delete mode 100644 ci/Dockerfile-envoy-alpine delete mode 100644 ci/Dockerfile-envoy-distroless delete mode 100644 ci/Dockerfile-envoy-google-vrp diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 93eb69a2c30ea..66d10f85d6a9a 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -422,8 +422,7 @@ stages: inputs: buildType: current artifactName: "docker" - itemPattern: "docker/envoy-docker-images.tar.xz" - downloadType: single + itemPattern: "docker/envoy?(-alpine).tar" targetPath: $(Build.StagingDirectory) - bash: ./ci/do_ci.sh verify_examples env: @@ -438,8 +437,7 @@ stages: inputs: buildType: current artifactName: "docker" - itemPattern: "docker/envoy-docker-images.tar.xz" - downloadType: single + itemPattern: "docker/envoy?(-alpine).tar" targetPath: $(Build.StagingDirectory) - bash: ./ci/do_ci.sh verify_build_examples env: diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy index ac3cd3e74c12c..59280920b93a2 100644 --- a/ci/Dockerfile-envoy +++ b/ci/Dockerfile-envoy @@ -1,9 +1,19 @@ ARG BUILD_OS=ubuntu ARG BUILD_TAG=18.04 -# Final stage -FROM $BUILD_OS:$BUILD_TAG + +FROM scratch as binary + ARG TARGETPLATFORM +ARG ENVOY_BINARY=envoy +ARG ENVOY_BINARY_SUFFIX=_stripped +ADD ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release${ENVOY_BINARY_SUFFIX}/* /usr/local/bin/ +ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml +COPY --chown=root:root ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec /usr/local/bin/ +COPY ci/docker-entrypoint.sh / + + +FROM ${BUILD_OS}:${BUILD_TAG} as envoy RUN apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y ca-certificates \ @@ -13,16 +23,69 @@ RUN apt-get update && apt-get upgrade -y \ RUN mkdir -p /etc/envoy -ARG ENVOY_BINARY=envoy -ARG ENVOY_BINARY_SUFFIX=_stripped -ADD ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release${ENVOY_BINARY_SUFFIX}/* /usr/local/bin/ -ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml +COPY --from=binary /usr/local/bin/* /usr/local/bin/ +COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml +COPY --from=binary /docker-entrypoint.sh / -ADD ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec /usr/local/bin/ -RUN chown root:root /usr/local/bin/su-exec && adduser --group --system envoy +RUN adduser --group --system envoy + +EXPOSE 10000 + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] + + +FROM gcr.io/distroless/base-debian11:nonroot as envoy-distroless + +COPY --from=binary /usr/local/bin/* /usr/local/bin/ +COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml + +EXPOSE 10000 + +ENTRYPOINT ["/usr/local/bin/envoy"] +CMD ["-c", "/etc/envoy/envoy.yaml"] + + +# TODO(https://github.com/envoyproxy/envoy/issues/19781): Deprecate and remove this image +FROM frolvlad/alpine-glibc:alpine-3.14_glibc-2.33 AS envoy-alpine + +RUN mkdir -p /etc/envoy + +COPY --from=binary /usr/local/bin/envoy /usr/local/bin/ +COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml + +RUN apk add --no-cache shadow su-exec \ + && addgroup -S envoy && adduser --no-create-home -S envoy -G envoy EXPOSE 10000 COPY ci/docker-entrypoint.sh / ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] + + +FROM envoy AS envoy-google-vrp + +RUN apt-get update \ + && apt-get upgrade -y \ + && apt-get install -y libc++1 supervisor gdb strace tshark \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /tmp/* /var/tmp/* \ + && rm -rf /var/lib/apt/lists/* + +ADD configs/google-vrp/envoy-edge.yaml /etc/envoy/envoy-edge.yaml +ADD configs/google-vrp/envoy-origin.yaml /etc/envoy/envoy-origin.yaml +ADD configs/google-vrp/launch_envoy.sh /usr/local/bin/launch_envoy.sh +ADD configs/google-vrp/supervisor.conf /etc/supervisor.conf +ADD test/config/integration/certs/serverkey.pem /etc/envoy/certs/serverkey.pem +ADD test/config/integration/certs/servercert.pem /etc/envoy/certs/servercert.pem +# ADD %local envoy bin% /usr/local/bin/envoy +RUN chmod 777 /var/log/supervisor +RUN chmod a+r /etc/supervisor.conf /etc/envoy/* /etc/envoy/certs/* +RUN chmod a+rx /usr/local/bin/launch_envoy.sh + +EXPOSE 10000 +EXPOSE 10001 + +CMD ["supervisord", "-c", "/etc/supervisor.conf"] diff --git a/ci/Dockerfile-envoy-alpine b/ci/Dockerfile-envoy-alpine deleted file mode 100644 index ae0e57cdb9e96..0000000000000 --- a/ci/Dockerfile-envoy-alpine +++ /dev/null @@ -1,15 +0,0 @@ -FROM frolvlad/alpine-glibc:alpine-3.14_glibc-2.33 -RUN mkdir -p /etc/envoy - -ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml -RUN apk add --no-cache shadow su-exec \ - && addgroup -S envoy && adduser --no-create-home -S envoy -G envoy - -ARG ENVOY_BINARY_SUFFIX=_stripped -ADD linux/amd64/build_envoy_release${ENVOY_BINARY_SUFFIX}/* /usr/local/bin/ - -EXPOSE 10000 - -COPY ci/docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] diff --git a/ci/Dockerfile-envoy-distroless b/ci/Dockerfile-envoy-distroless deleted file mode 100644 index 40c2257e5b4bb..0000000000000 --- a/ci/Dockerfile-envoy-distroless +++ /dev/null @@ -1,11 +0,0 @@ -FROM gcr.io/distroless/base-debian11:nonroot - -ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml - -ARG ENVOY_BINARY_SUFFIX=_stripped -ADD linux/amd64/build_envoy_release${ENVOY_BINARY_SUFFIX}/* /usr/local/bin/ - -EXPOSE 10000 - -ENTRYPOINT ["envoy"] -CMD ["-c", "/etc/envoy/envoy.yaml"] diff --git a/ci/Dockerfile-envoy-google-vrp b/ci/Dockerfile-envoy-google-vrp deleted file mode 100644 index abc84f1269aba..0000000000000 --- a/ci/Dockerfile-envoy-google-vrp +++ /dev/null @@ -1,26 +0,0 @@ -ARG ENVOY_VRP_BASE_IMAGE -FROM $ENVOY_VRP_BASE_IMAGE - -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y libc++1 supervisor gdb strace tshark \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /tmp/* /var/tmp/* \ - && rm -rf /var/lib/apt/lists/* - -ADD configs/google-vrp/envoy-edge.yaml /etc/envoy/envoy-edge.yaml -ADD configs/google-vrp/envoy-origin.yaml /etc/envoy/envoy-origin.yaml -ADD configs/google-vrp/launch_envoy.sh /usr/local/bin/launch_envoy.sh -ADD configs/google-vrp/supervisor.conf /etc/supervisor.conf -ADD test/config/integration/certs/serverkey.pem /etc/envoy/certs/serverkey.pem -ADD test/config/integration/certs/servercert.pem /etc/envoy/certs/servercert.pem -# ADD %local envoy bin% /usr/local/bin/envoy -RUN chmod 777 /var/log/supervisor -RUN chmod a+r /etc/supervisor.conf /etc/envoy/* /etc/envoy/certs/* -RUN chmod a+rx /usr/local/bin/launch_envoy.sh - -EXPOSE 10000 -EXPOSE 10001 - -CMD ["supervisord", "-c", "/etc/supervisor.conf"] diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 463f40642fe82..351ac0e314818 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -158,18 +158,17 @@ function run_process_test_result() { function run_ci_verify () { echo "verify examples..." - docker load < "$ENVOY_DOCKER_BUILD_DIR/docker/envoy-docker-images.tar.xz" - _images=$(docker image list --format "{{.Repository}}") - while read -r line; do images+=("$line"); done \ - <<< "$_images" - _tags=$(docker image list --format "{{.Tag}}") - while read -r line; do tags+=("$line"); done \ - <<< "$_tags" - for i in "${!images[@]}"; do - if [[ "${images[i]}" =~ "envoy" ]]; then - docker tag "${images[$i]}:${tags[$i]}" "${images[$i]}:latest" - fi - done + OCI_TEMP_DIR="${ENVOY_DOCKER_BUILD_DIR}/image" + mkdir -p "${OCI_TEMP_DIR}" + + tar xvf docker/envoy.tar -C "${OCI_TEMP_DIR}" + skopeo copy "oci:$OCI_TEMP_DIR" "docker-daemon:envoyproxy/envoy-dev:latest" + rm -rf "${OCI_TEMP_DIR}/*" + + tar xvf docker/envoy-alpine.tar -C "${OCI_TEMP_DIR}" + skopeo copy "oci:$OCI_TEMP_DIR" "docker-daemon:envoyproxy/envoy-alpine-dev:latest" + rm -rf "${OCI_TEMP_DIR}" + docker images sudo apt-get update -y sudo apt-get install -y -qq --no-install-recommends expect redis-tools diff --git a/ci/docker_ci.sh b/ci/docker_ci.sh index 77cef1e83ecf0..e810bdd3612d9 100755 --- a/ci/docker_ci.sh +++ b/ci/docker_ci.sh @@ -36,13 +36,13 @@ build_platforms() { build_args() { TYPE=$1 - FILE_SUFFIX="${TYPE/-debug/}" - FILE_SUFFIX="${FILE_SUFFIX/-contrib/}" - FILE_SUFFIX="${FILE_SUFFIX/-ltsc2022/}" - printf ' -f ci/Dockerfile-envoy%s' "${FILE_SUFFIX}" if [[ "${TYPE}" == *-windows* ]]; then - printf ' --build-arg BUILD_OS=%s --build-arg BUILD_TAG=%s' "${WINDOWS_IMAGE_BASE}" "${WINDOWS_IMAGE_TAG}" + printf ' -f ci/Dockerfile-envoy-windows --build-arg BUILD_OS=%s --build-arg BUILD_TAG=%s' "${WINDOWS_IMAGE_BASE}" "${WINDOWS_IMAGE_TAG}" + else + TARGET="${TYPE/-debug/}" + TARGET="${TARGET/-contrib/}" + printf ' -f ci/Dockerfile-envoy --target %s' "envoy${TARGET}" fi if [[ "${TYPE}" == *-contrib* ]]; then @@ -60,11 +60,7 @@ use_builder() { # BuildKit is not available for Windows images, skip this if ! is_windows; then TYPE=$1 - if [[ "${TYPE}" == "-google-vrp" ]]; then - docker buildx use default - else - docker buildx use multi-builder - fi + docker buildx use multi-builder fi } @@ -80,21 +76,11 @@ build_images() { read -ra args <<< "$_args" PLATFORM="$(build_platforms "${TYPE}")" - docker "${BUILD_COMMAND[@]}" --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" . + if ! is_windows && ! [[ "${TYPE}" =~ debug ]]; then + args+=("-o" "type=oci,dest=${ENVOY_DOCKER_IMAGE_DIRECTORY}/envoy${TYPE}.tar") + fi - PLATFORM="$(build_platforms "${TYPE}" | tr ',' ' ')" - for ARCH in ${PLATFORM}; do - if [[ "${ARCH}" == "linux/amd64" ]] || [[ "${ARCH}" == "windows/amd64" ]]; then - IMAGE_TAG="${BUILD_TAG}" - else - IMAGE_TAG="${BUILD_TAG}-${ARCH/linux\//}" - fi - - # docker buildx load cannot have multiple platform, load individually - if ! is_windows; then - docker "${BUILD_COMMAND[@]}" --platform "${ARCH}" "${args[@]}" -t "${IMAGE_TAG}" . --load - fi - done + docker "${BUILD_COMMAND[@]}" --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" . } push_images() { @@ -127,7 +113,7 @@ fi # This prefix is altered for the private security images on setec builds. DOCKER_IMAGE_PREFIX="${DOCKER_IMAGE_PREFIX:-envoyproxy/envoy}" - +mkdir -p "${ENVOY_DOCKER_IMAGE_DIRECTORY}" if is_windows; then BUILD_TYPES=("-${WINDOWS_BUILD_TYPE}") @@ -139,7 +125,7 @@ else # Configure docker-buildx tools BUILD_COMMAND=("buildx" "build") - config_env + #config_env # VRP base image is only for Linux amd64 VRP_BASE_IMAGE="${DOCKER_IMAGE_PREFIX}${IMAGE_POSTFIX}:${IMAGE_NAME}" @@ -150,24 +136,8 @@ fi for BUILD_TYPE in "${BUILD_TYPES[@]}"; do image_tag="${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${IMAGE_NAME}" build_images "${BUILD_TYPE}" "$image_tag" - - if ! is_windows; then - if [[ "$BUILD_TYPE" == "" || "$BUILD_TYPE" == "-contrib" || "$BUILD_TYPE" == "-alpine" || "$BUILD_TYPE" == "-distroless" ]]; then - # verify_examples expects the base and alpine images, and for them to be named `-dev` - dev_image="envoyproxy/envoy${BUILD_TYPE}-dev:latest" - docker tag "$image_tag" "$dev_image" - IMAGES_TO_SAVE+=("$dev_image") - fi - fi done -mkdir -p "${ENVOY_DOCKER_IMAGE_DIRECTORY}" -if [[ ${#IMAGES_TO_SAVE[@]} -ne 0 ]]; then - ENVOY_DOCKER_TAR="${ENVOY_DOCKER_IMAGE_DIRECTORY}/envoy-docker-images.tar.xz" - echo "Saving built images to ${ENVOY_DOCKER_TAR}: ${IMAGES_TO_SAVE[*]}" - docker save "${IMAGES_TO_SAVE[@]}" | xz -T0 -2 >"${ENVOY_DOCKER_TAR}" -fi - # Only push images for main builds, release branch builds, and tag builds. if [[ "${AZP_BRANCH}" != "${MAIN_BRANCH}" ]] && ! [[ "${AZP_BRANCH}" =~ ${RELEASE_BRANCH_REGEX} ]] && From 8742bde2caf3b056d6ac8c046f989e75525311d1 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Wed, 2 Feb 2022 17:44:17 -0800 Subject: [PATCH 02/12] fix format Signed-off-by: Lizan Zhou --- ci/do_ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 351ac0e314818..b67469b25066e 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -160,7 +160,7 @@ function run_ci_verify () { echo "verify examples..." OCI_TEMP_DIR="${ENVOY_DOCKER_BUILD_DIR}/image" mkdir -p "${OCI_TEMP_DIR}" - + tar xvf docker/envoy.tar -C "${OCI_TEMP_DIR}" skopeo copy "oci:$OCI_TEMP_DIR" "docker-daemon:envoyproxy/envoy-dev:latest" rm -rf "${OCI_TEMP_DIR}/*" From 7b5ebfd562004f1a88af03a1f0738e38ea759ce1 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Wed, 2 Feb 2022 21:14:11 -0800 Subject: [PATCH 03/12] fix format Signed-off-by: Lizan Zhou --- ci/do_ci.sh | 8 ++++---- ci/docker_ci.sh | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index b67469b25066e..f237adae2f1a1 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -162,12 +162,12 @@ function run_ci_verify () { mkdir -p "${OCI_TEMP_DIR}" tar xvf docker/envoy.tar -C "${OCI_TEMP_DIR}" - skopeo copy "oci:$OCI_TEMP_DIR" "docker-daemon:envoyproxy/envoy-dev:latest" - rm -rf "${OCI_TEMP_DIR}/*" + skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-dev:latest" + rm -rf "${OCI_TEMP_DIR:?}/*" tar xvf docker/envoy-alpine.tar -C "${OCI_TEMP_DIR}" - skopeo copy "oci:$OCI_TEMP_DIR" "docker-daemon:envoyproxy/envoy-alpine-dev:latest" - rm -rf "${OCI_TEMP_DIR}" + skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-alpine-dev:latest" + rm -rf "${OCI_TEMP_DIR:?}" docker images sudo apt-get update -y diff --git a/ci/docker_ci.sh b/ci/docker_ci.sh index e810bdd3612d9..e7a26f6587471 100755 --- a/ci/docker_ci.sh +++ b/ci/docker_ci.sh @@ -64,8 +64,6 @@ use_builder() { fi } -IMAGES_TO_SAVE=() - build_images() { local _args args=() TYPE=$1 From c7e48120879ab71b2e8e6399a21c508dde1a16d5 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Wed, 2 Feb 2022 22:03:32 -0800 Subject: [PATCH 04/12] fix Signed-off-by: Lizan Zhou --- ci/docker_ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/docker_ci.sh b/ci/docker_ci.sh index e7a26f6587471..6ab7f489c4151 100755 --- a/ci/docker_ci.sh +++ b/ci/docker_ci.sh @@ -123,7 +123,7 @@ else # Configure docker-buildx tools BUILD_COMMAND=("buildx" "build") - #config_env + config_env # VRP base image is only for Linux amd64 VRP_BASE_IMAGE="${DOCKER_IMAGE_PREFIX}${IMAGE_POSTFIX}:${IMAGE_NAME}" From f90901093f14e966d9d862dca88ff268c81e0aff Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Wed, 2 Feb 2022 23:19:44 -0800 Subject: [PATCH 05/12] fix Signed-off-by: Lizan Zhou --- ci/do_ci.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index f237adae2f1a1..d4cba98467cdf 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -161,11 +161,11 @@ function run_ci_verify () { OCI_TEMP_DIR="${ENVOY_DOCKER_BUILD_DIR}/image" mkdir -p "${OCI_TEMP_DIR}" - tar xvf docker/envoy.tar -C "${OCI_TEMP_DIR}" + tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/envoy.tar" -C "${OCI_TEMP_DIR}" skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-dev:latest" rm -rf "${OCI_TEMP_DIR:?}/*" - tar xvf docker/envoy-alpine.tar -C "${OCI_TEMP_DIR}" + tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/envoy-alpine.tar" -C "${OCI_TEMP_DIR}" skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-alpine-dev:latest" rm -rf "${OCI_TEMP_DIR:?}" From cc8cef7f2a530787902f6a1d36041346d5c1716f Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 01:21:52 -0800 Subject: [PATCH 06/12] fix Signed-off-by: Lizan Zhou --- .azure-pipelines/pipelines.yml | 4 ++-- ci/do_ci.sh | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml index 66d10f85d6a9a..f708d04123c0d 100644 --- a/.azure-pipelines/pipelines.yml +++ b/.azure-pipelines/pipelines.yml @@ -422,7 +422,7 @@ stages: inputs: buildType: current artifactName: "docker" - itemPattern: "docker/envoy?(-alpine).tar" + itemPattern: "docker/envoy*.tar" targetPath: $(Build.StagingDirectory) - bash: ./ci/do_ci.sh verify_examples env: @@ -437,7 +437,7 @@ stages: inputs: buildType: current artifactName: "docker" - itemPattern: "docker/envoy?(-alpine).tar" + itemPattern: "docker/envoy*.tar" targetPath: $(Build.StagingDirectory) - bash: ./ci/do_ci.sh verify_build_examples env: diff --git a/ci/do_ci.sh b/ci/do_ci.sh index d4cba98467cdf..33d8f57005e02 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -161,12 +161,14 @@ function run_ci_verify () { OCI_TEMP_DIR="${ENVOY_DOCKER_BUILD_DIR}/image" mkdir -p "${OCI_TEMP_DIR}" - tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/envoy.tar" -C "${OCI_TEMP_DIR}" - skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-dev:latest" - rm -rf "${OCI_TEMP_DIR:?}/*" + IMAGES=("envoy" "envoy-alpine" "envoy-contrib" "envoy-google-vrp") + + for IMAGE in "${IMAGES[@]}" do + tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/${IMAGE}.tar" -C "${OCI_TEMP_DIR}" + skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-${IMAGE}-dev:latest" + rm -rf "${OCI_TEMP_DIR:?}/*" + done - tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/envoy-alpine.tar" -C "${OCI_TEMP_DIR}" - skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-alpine-dev:latest" rm -rf "${OCI_TEMP_DIR:?}" docker images From ca42289364b73c92f119d8591464a46c4eb2f4ec Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 10:08:38 -0800 Subject: [PATCH 07/12] :facepalm: Signed-off-by: Lizan Zhou --- ci/do_ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 33d8f57005e02..afe4646df5464 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -163,7 +163,7 @@ function run_ci_verify () { IMAGES=("envoy" "envoy-alpine" "envoy-contrib" "envoy-google-vrp") - for IMAGE in "${IMAGES[@]}" do + for IMAGE in "${IMAGES[@]}"; do tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/${IMAGE}.tar" -C "${OCI_TEMP_DIR}" skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-${IMAGE}-dev:latest" rm -rf "${OCI_TEMP_DIR:?}/*" From d11044c53901a752fb41de3f5706e8d394d52ca0 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 19:02:33 -0800 Subject: [PATCH 08/12] fix VRP script Signed-off-by: Lizan Zhou --- ci/Dockerfile-envoy | 7 ++++--- ci/do_ci.sh | 4 ++-- ci/docker_rebuild_google-vrp.sh | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy index 59280920b93a2..9a1aa65e398a7 100644 --- a/ci/Dockerfile-envoy +++ b/ci/Dockerfile-envoy @@ -1,8 +1,9 @@ ARG BUILD_OS=ubuntu ARG BUILD_TAG=18.04 +ARG ENVOY_VRP_BASE_IMAGE=envoy -FROM scratch as binary +FROM scratch AS binary ARG TARGETPLATFORM ARG ENVOY_BINARY=envoy @@ -13,7 +14,7 @@ COPY --chown=root:root ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec / COPY ci/docker-entrypoint.sh / -FROM ${BUILD_OS}:${BUILD_TAG} as envoy +FROM ${BUILD_OS}:${BUILD_TAG} AS envoy RUN apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y ca-certificates \ @@ -64,7 +65,7 @@ ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] -FROM envoy AS envoy-google-vrp +FROM ${ENVOY_VRP_BASE_IMAGE} AS envoy-google-vrp RUN apt-get update \ && apt-get upgrade -y \ diff --git a/ci/do_ci.sh b/ci/do_ci.sh index afe4646df5464..0e0d712cdbd78 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -161,11 +161,11 @@ function run_ci_verify () { OCI_TEMP_DIR="${ENVOY_DOCKER_BUILD_DIR}/image" mkdir -p "${OCI_TEMP_DIR}" - IMAGES=("envoy" "envoy-alpine" "envoy-contrib" "envoy-google-vrp") + IMAGES=("envoy" "envoy-contrib" "envoy-google-vrp") for IMAGE in "${IMAGES[@]}"; do tar xvf "${ENVOY_DOCKER_BUILD_DIR}/docker/${IMAGE}.tar" -C "${OCI_TEMP_DIR}" - skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/envoy-${IMAGE}-dev:latest" + skopeo copy "oci:${OCI_TEMP_DIR}" "docker-daemon:envoyproxy/${IMAGE}-dev:latest" rm -rf "${OCI_TEMP_DIR:?}/*" done diff --git a/ci/docker_rebuild_google-vrp.sh b/ci/docker_rebuild_google-vrp.sh index b05f79a7bfc1a..6d9ceca6e80cc 100755 --- a/ci/docker_rebuild_google-vrp.sh +++ b/ci/docker_rebuild_google-vrp.sh @@ -25,8 +25,8 @@ BASE_DOCKER_IMAGE="envoyproxy/envoy-dev:latest" BUILD_DIR="$(mktemp -d)" declare -r BUILD_DIR -cp ci/Dockerfile-envoy-google-vrp "${BUILD_DIR}" -declare -r DOCKER_BUILD_FILE="${BUILD_DIR}"/Dockerfile-envoy-google-vrp +cp ci/Dockerfile-envoy "${BUILD_DIR}" +declare -r DOCKER_BUILD_FILE="${BUILD_DIR}"/Dockerfile-envoy # If we have a local Envoy binary, use a variant of the build environment that supports it. if [[ -n "$1" ]]; then From 4355225311eb60c2671f5f51debf91ec9dff07c3 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 19:06:44 -0800 Subject: [PATCH 09/12] tweak Signed-off-by: Lizan Zhou --- ci/Dockerfile-envoy | 4 ++++ ci/docker_rebuild_google-vrp.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy index 9a1aa65e398a7..53de0eea386cd 100644 --- a/ci/Dockerfile-envoy +++ b/ci/Dockerfile-envoy @@ -90,3 +90,7 @@ EXPOSE 10000 EXPOSE 10001 CMD ["supervisord", "-c", "/etc/supervisor.conf"] + + +# Make envoy image as last stage so it is built by default +FROM envoy diff --git a/ci/docker_rebuild_google-vrp.sh b/ci/docker_rebuild_google-vrp.sh index 6d9ceca6e80cc..faba57723ca7a 100755 --- a/ci/docker_rebuild_google-vrp.sh +++ b/ci/docker_rebuild_google-vrp.sh @@ -43,7 +43,7 @@ fi cat "${DOCKER_BUILD_FILE}" -docker build -t "envoy-google-vrp:local" --build-arg "ENVOY_VRP_BASE_IMAGE=${BASE_DOCKER_IMAGE}" -f "${DOCKER_BUILD_FILE}" . +docker build -t "envoy-google-vrp:local" --target envoy-google-vrp --build-arg "ENVOY_VRP_BASE_IMAGE=${BASE_DOCKER_IMAGE}" -f "${DOCKER_BUILD_FILE}" . if [[ -n "$1" ]]; then rm -rf "${LOCAL_ENVOY_DIR}" From 77f68a419b34b522431cf74bcaafb795bb572020 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 20:05:24 -0800 Subject: [PATCH 10/12] cleanup Signed-off-by: Lizan Zhou --- ci/docker_ci.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ci/docker_ci.sh b/ci/docker_ci.sh index 6ab7f489c4151..0a2b2b70cc98c 100755 --- a/ci/docker_ci.sh +++ b/ci/docker_ci.sh @@ -51,8 +51,6 @@ build_args() { if [[ "${TYPE}" == *-debug ]]; then printf ' --build-arg ENVOY_BINARY_SUFFIX=' - elif [[ "${TYPE}" == "-google-vrp" ]]; then - printf ' --build-arg ENVOY_VRP_BASE_IMAGE=%s' "${VRP_BASE_IMAGE}" fi } @@ -124,9 +122,6 @@ else # Configure docker-buildx tools BUILD_COMMAND=("buildx" "build") config_env - - # VRP base image is only for Linux amd64 - VRP_BASE_IMAGE="${DOCKER_IMAGE_PREFIX}${IMAGE_POSTFIX}:${IMAGE_NAME}" fi # Test the docker build in all cases, but use a local tag that we will overwrite before push in the From 65f59724841c5af54213403d669a2d7d76a65d59 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Thu, 3 Feb 2022 23:03:58 -0800 Subject: [PATCH 11/12] use buildkit Signed-off-by: Lizan Zhou --- ci/docker_rebuild_google-vrp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/docker_rebuild_google-vrp.sh b/ci/docker_rebuild_google-vrp.sh index faba57723ca7a..8359121050161 100755 --- a/ci/docker_rebuild_google-vrp.sh +++ b/ci/docker_rebuild_google-vrp.sh @@ -43,7 +43,7 @@ fi cat "${DOCKER_BUILD_FILE}" -docker build -t "envoy-google-vrp:local" --target envoy-google-vrp --build-arg "ENVOY_VRP_BASE_IMAGE=${BASE_DOCKER_IMAGE}" -f "${DOCKER_BUILD_FILE}" . +DOCKER_BUILDKIT=1 docker build -t "envoy-google-vrp:local" --target envoy-google-vrp --build-arg "ENVOY_VRP_BASE_IMAGE=${BASE_DOCKER_IMAGE}" -f "${DOCKER_BUILD_FILE}" . if [[ -n "$1" ]]; then rm -rf "${LOCAL_ENVOY_DIR}" From d911391096420889cfaceb5aa6dafe1acf045ef2 Mon Sep 17 00:00:00 2001 From: Lizan Zhou Date: Fri, 4 Feb 2022 10:40:53 -0800 Subject: [PATCH 12/12] style Signed-off-by: Lizan Zhou --- ci/Dockerfile-envoy | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy index 53de0eea386cd..945907766c26a 100644 --- a/ci/Dockerfile-envoy +++ b/ci/Dockerfile-envoy @@ -14,6 +14,7 @@ COPY --chown=root:root ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec / COPY ci/docker-entrypoint.sh / +# STAGE: envoy FROM ${BUILD_OS}:${BUILD_TAG} AS envoy RUN apt-get update && apt-get upgrade -y \ @@ -36,7 +37,8 @@ ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] -FROM gcr.io/distroless/base-debian11:nonroot as envoy-distroless +# STAGE: envoy-distroless +FROM gcr.io/distroless/base-debian11:nonroot AS envoy-distroless COPY --from=binary /usr/local/bin/* /usr/local/bin/ COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml @@ -47,6 +49,7 @@ ENTRYPOINT ["/usr/local/bin/envoy"] CMD ["-c", "/etc/envoy/envoy.yaml"] +# STAGE: envoy-alpine # TODO(https://github.com/envoyproxy/envoy/issues/19781): Deprecate and remove this image FROM frolvlad/alpine-glibc:alpine-3.14_glibc-2.33 AS envoy-alpine @@ -65,6 +68,7 @@ ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] +# STAGE: envoy-google-vrp FROM ${ENVOY_VRP_BASE_IMAGE} AS envoy-google-vrp RUN apt-get update \