From f7d71d3bcab4b335e9dbb243b5df27a922669470 Mon Sep 17 00:00:00 2001 From: Hugo Hervieux Date: Thu, 6 Oct 2022 11:20:51 -0400 Subject: [PATCH 1/3] Use Teleport's standard buildbox This comit edits the teleport-operator container image build process to rely on Teleport's standard buildbox. This will make sure we are using a single go version at all time. This also removed unused environement variables from `operator/Makefile`. --- operator/Dockerfile | 11 ++++++----- operator/Makefile | 43 +++---------------------------------------- 2 files changed, 9 insertions(+), 45 deletions(-) diff --git a/operator/Dockerfile b/operator/Dockerfile index b909f4d19491f..aee7c371af1bf 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,7 +1,8 @@ -# Build the manager binary -FROM golang:1.18 as builder +ARG BUILDBOX_VERSION +FROM public.ecr.aws/gravitational/teleport-buildbox:${BUILDBOX_VERSION} as builder + +WORKDIR /go/src/github.com/gravitational/teleport -WORKDIR /workspace # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum @@ -22,10 +23,10 @@ COPY operator/main.go operator/main.go COPY operator/namespace.go operator/namespace.go # Build -RUN GOOS=linux GOARCH=amd64 go build -a -o teleport-operator github.com/gravitational/teleport/operator +RUN GOOS=linux GOARCH=amd64 go build -a -o build/teleport-operator github.com/gravitational/teleport/operator FROM gcr.io/distroless/cc WORKDIR / -COPY --from=builder /workspace/teleport-operator . +COPY --from=builder /go/src/github.com/gravitational/teleport/build/teleport-operator . ENTRYPOINT ["/teleport-operator"] diff --git a/operator/Makefile b/operator/Makefile index 7192fc7299f5a..ec96c9dd8f9f7 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -5,49 +5,12 @@ # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) VERSION ?= 0.0.1 -# CHANNELS define the bundle channels used in the bundle. -# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") -# To re-generate a bundle for other specific channels without changing the standard setup, you can: -# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) -# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") -ifneq ($(origin CHANNELS), undefined) -BUNDLE_CHANNELS := --channels=$(CHANNELS) -endif - -# DEFAULT_CHANNEL defines the default channel used in the bundle. -# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") -# To re-generate a bundle for any other default channel without changing the default setup, you can: -# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) -# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") -ifneq ($(origin DEFAULT_CHANNEL), undefined) -BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) -endif -BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) - -# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. -# This variable is used to construct full image tags for bundle and catalog images. -# -# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both -# teleport.dev/operator-bundle:$VERSION and teleport.dev/operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= teleport.dev/operator - -# BUNDLE_IMG defines the image:tag used for the bundle. -# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) -BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - -# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command -BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - -# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests -# You can enable this value if you would like to use SHA Based Digests -# To enable set flag to true -USE_IMAGE_DIGESTS ?= false -ifeq ($(USE_IMAGE_DIGESTS), true) - BUNDLE_GEN_FLAGS += --use-image-digests -endif +# Buildbox image version, can be built by running `make -C build.assets` +BUILDBOX_VERSION ?= teleport11 # Image URL to use all building/pushing image targets IMG ?= teleport-operator:latest + # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.23 From 547976c07b2e8e256e4b1ae1b2bbd2a103f4cf14 Mon Sep 17 00:00:00 2001 From: Hugo Hervieux Date: Thu, 6 Oct 2022 12:30:06 -0400 Subject: [PATCH 2/3] Extract BUILDBOX variables out of build.assets/Makefile --- build.assets/Makefile | 10 ++-------- build.assets/images.mk | 11 +++++++++++ docker/Dockerfile | 5 ++--- docker/Makefile | 5 ++++- operator/Dockerfile | 4 ++-- operator/Makefile | 8 ++++---- 6 files changed, 25 insertions(+), 18 deletions(-) create mode 100644 build.assets/images.mk diff --git a/build.assets/Makefile b/build.assets/Makefile index 32efa1d3e2ce2..7b824476946fb 100644 --- a/build.assets/Makefile +++ b/build.assets/Makefile @@ -21,7 +21,6 @@ TEST_KUBE ?= OS ?= linux ARCH ?= amd64 -BUILDBOX_VERSION ?= teleport11 GOLANG_VERSION ?= go1.19.1 @@ -47,13 +46,8 @@ PROTOC_VER ?= 3.20.1 # Keep in sync with api/proto/buf.yaml (and buf.lock). GOGO_PROTO_TAG ?= v1.3.2 -BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:$(BUILDBOX_VERSION) -BUILDBOX_FIPS=public.ecr.aws/gravitational/teleport-buildbox-fips:$(BUILDBOX_VERSION) -BUILDBOX_CENTOS7=public.ecr.aws/gravitational/teleport-buildbox-centos7:$(BUILDBOX_VERSION) -BUILDBOX_CENTOS7_FIPS=public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$(BUILDBOX_VERSION) -BUILDBOX_ARM=public.ecr.aws/gravitational/teleport-buildbox-arm:$(BUILDBOX_VERSION) -BUILDBOX_ARM_FIPS=public.ecr.aws/gravitational/teleport-buildbox-arm-fips:$(BUILDBOX_VERSION) -BUILDBOX_TELETERM=public.ecr.aws/gravitational/teleport-buildbox-teleterm:$(BUILDBOX_VERSION) +# BUILDBOX_VERSION, BUILDBOX and BUILDBOX_variant variables are included +include images.mk # These variables are used to dynamically change the name of the buildbox Docker image used by the 'release' # target. The other solution was to remove the 'buildbox' dependency from the 'release' target, but this would diff --git a/build.assets/images.mk b/build.assets/images.mk new file mode 100644 index 0000000000000..ce4aa917de2e9 --- /dev/null +++ b/build.assets/images.mk @@ -0,0 +1,11 @@ +# Those variables are extracted from build.assets/Makefile so they can be imported +# by other Makefiles +BUILDBOX_VERSION ?= teleport11 + +BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:$(BUILDBOX_VERSION) +BUILDBOX_FIPS=public.ecr.aws/gravitational/teleport-buildbox-fips:$(BUILDBOX_VERSION) +BUILDBOX_CENTOS7=public.ecr.aws/gravitational/teleport-buildbox-centos7:$(BUILDBOX_VERSION) +BUILDBOX_CENTOS7_FIPS=public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$(BUILDBOX_VERSION) +BUILDBOX_ARM=public.ecr.aws/gravitational/teleport-buildbox-arm:$(BUILDBOX_VERSION) +BUILDBOX_ARM_FIPS=public.ecr.aws/gravitational/teleport-buildbox-arm-fips:$(BUILDBOX_VERSION) +BUILDBOX_TELETERM=public.ecr.aws/gravitational/teleport-buildbox-teleterm:$(BUILDBOX_VERSION) diff --git a/docker/Dockerfile b/docker/Dockerfile index a26cb17cd2684..b6524587f1b27 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,6 +1,5 @@ -# The base image (buildbox:latest) is built by running `make -C build.assets` -# from the base repo directory $GOPATH/gravitational.com/teleport -FROM public.ecr.aws/gravitational/teleport-buildbox:teleport11 +ARG BUILDBOX +FROM $BUILDBOX # DEBUG=1 is needed for the Web UI to be loaded from static assets instead # of the binary diff --git a/docker/Makefile b/docker/Makefile index 573b8a1baa399..90d17575765fc 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -5,6 +5,9 @@ PRO_LICENSE ?= ../e/fixtures/license-pro.pem # whether to look for enterprise or pro license MODE ?= enterprise +# include BUILDBOX_VERSION, BUILDBOX and BUILDBOX_variant variables +include ../build.assets/images.mk + # # Default target starts two Teleport clusters # @@ -82,7 +85,7 @@ check-license: .PHONY: build build: - docker build -t teleport:latest . + docker build --build-arg BUILDBOX=$(BUILDBOX) -t teleport:latest . .PHONY: clean clean: diff --git a/operator/Dockerfile b/operator/Dockerfile index aee7c371af1bf..ca3b23491c598 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,5 +1,5 @@ -ARG BUILDBOX_VERSION -FROM public.ecr.aws/gravitational/teleport-buildbox:${BUILDBOX_VERSION} as builder +ARG BUILDBOX +FROM $BUILDBOX as builder WORKDIR /go/src/github.com/gravitational/teleport diff --git a/operator/Makefile b/operator/Makefile index ec96c9dd8f9f7..23dc4b6a1ac8a 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -5,9 +5,6 @@ # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) VERSION ?= 0.0.1 -# Buildbox image version, can be built by running `make -C build.assets` -BUILDBOX_VERSION ?= teleport11 - # Image URL to use all building/pushing image targets IMG ?= teleport-operator:latest @@ -20,6 +17,9 @@ ENVTEST_K8S_VERSION = 1.23 SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +# include BUILDBOX_VERSION, BUILDBOX and BUILDBOX_variant variables +include ../build.assets/images.mk + .PHONY: all all: build @@ -103,7 +103,7 @@ run: manifests generate fmt vet ## Run a controller from your host. .PHONY: docker-build docker-build: ## Build docker image with the manager. - docker build -t ${IMG} .. -f ./Dockerfile + docker build --build-arg BUILDBOX=$(BUILDBOX) -t ${IMG} .. -f ./Dockerfile .PHONY: docker-push docker-push: ## Push docker image with the manager. From 80f2887c70511247dbd7c285ec69f9098794e7b5 Mon Sep 17 00:00:00 2001 From: Hugo Hervieux Date: Tue, 11 Oct 2022 09:49:31 -0400 Subject: [PATCH 3/3] Put `teleport-operator` bin out of the Teleport source volume --- operator/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/Dockerfile b/operator/Dockerfile index ca3b23491c598..85bf3f14e93e9 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -23,10 +23,10 @@ COPY operator/main.go operator/main.go COPY operator/namespace.go operator/namespace.go # Build -RUN GOOS=linux GOARCH=amd64 go build -a -o build/teleport-operator github.com/gravitational/teleport/operator +RUN GOOS=linux GOARCH=amd64 go build -a -o /go/bin/teleport-operator github.com/gravitational/teleport/operator FROM gcr.io/distroless/cc WORKDIR / -COPY --from=builder /go/src/github.com/gravitational/teleport/build/teleport-operator . +COPY --from=builder /go/bin/teleport-operator . ENTRYPOINT ["/teleport-operator"]