✨ Able to build provider docker without Makefile and Dockerfile modifications #330
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dmvolod The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @dmvolod. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/M
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
There was a problem hiding this comment.
This lgtm overall, thanks! Just one comment below.
What's your specific goal with this PR? This seems like a nice addition of flexibility, I'm just curious what doesn't work in your case with the default image (and whether we should make any of that the default).
|
|
||
| DOCKERFILE_CONTAINER_IMAGE ?= docker.io/docker/dockerfile:1.4 | ||
| DEPLOYMENT_BASE_IMAGE ?= gcr.io/distroless/static | ||
| DEPLOYMENT_BASE_IMAGE_TAG ?= nonroot-${ARCH} |
There was a problem hiding this comment.
This changes the default base image from the latest tag to nonroot-amd64 (for example). Was latest default a root user image? Just making sure this doesn't have unexpected consequences.
There was a problem hiding this comment.
Yes, seems to Makefile and Dockerfile configurations had different image settings. Please have a look at the docker build log from the latest main branch below. Docker pulls gcr.io/distroless/static:latest image in Makefile, but docker builds image based on gcr.io/distroless/static:nonroot-amd64 in Dockerfile and I aligned these configurations. But I we need to use gcr.io/distroless/static:latest without $ARCH parameter in tag for image build, please let me know.
21:15 $ make docker-build
docker pull docker.io/docker/dockerfile:1.4
1.4: Pulling from docker/dockerfile
1328b32c40fc: Already exists
Digest: sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc
Status: Downloaded newer image for docker/dockerfile:1.4
docker.io/docker/dockerfile:1.4
docker pull docker.io/library/golang:1.22.9
1.22.9: Pulling from library/golang
Digest: sha256:89ba45d0421d0a4404249abb3fee78fbc98b01b0bd0bf478d3db9ac35af54495
Status: Downloaded newer image for golang:1.22.9
docker.io/library/golang:1.22.9
docker pull gcr.io/distroless/static:latest
latest: Pulling from distroless/static
Digest: sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58
Status: Downloaded newer image for gcr.io/distroless/static:latest
gcr.io/distroless/static:latest
DOCKER_BUILDKIT=1 docker build --build-arg builder_image=docker.io/library/golang:1.22.9 --build-arg goproxy=direct --build-arg ARCH=amd64 --build-arg ldflags="-X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.buildDate=2024-12-30T18:15:54Z' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitCommit=0cdbb319d3668cbef96e85f6dd24ca5b31f0c65b' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitTreeState=clean' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitMajor=0' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitMinor=2' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitVersion=v0.2.6-41-0cdbb319d3668c' -X 'sigs.k8s.io/cluster-api-addon-provider-helm/version.gitReleaseCommit=8c307b2fded1e8d9ab996cc3c3dc379942f0f3fb'" . -t localhost:5000/cluster-api-helm-controller-amd64:dev
[+] Building 77.5s (15/17) docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.61kB 0.0s
=> resolve image config for docker-image://docker.io/docker/dockerfile:1.4 0.0s
=> CACHED docker-image://docker.io/docker/dockerfile:1.4 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 228B 0.0s
=> [internal] load metadata for gcr.io/distroless/static:nonroot-amd64 0.0s
=> [internal] load metadata for docker.io/library/golang:1.22.9 0.0s
=> [builder 1/8] FROM docker.io/library/golang:1.22.9 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 287.99kB 0.0s
=> [stage-1 1/3] FROM gcr.io/distroless/static:nonroot-amd64 0.0s
=> CACHED [builder 2/8] WORKDIR /workspace 0.0s
=> [builder 3/8] COPY go.mod go.mod 0.1s
=> [builder 4/8] COPY go.sum go.sum 0.2s
=> [builder 5/8] RUN --mount=type=cache,target=/go/pkg/mod go mod downloadThere was a problem hiding this comment.
Was
latestdefault arootuser image? Just making sure this doesn't have unexpected consequences.
Seems to after #322 fix root image is not needed anymore and provider should work inside the non-privileged container environment without root image.
Thanks for the response. This PR can't help the community that builds the provider image based on public and fixed image registries right now, but it can help those like us who build it in a private environment and with a private image registry. Right now, we need to make changes to the Dockerfile and Makefile every time to build the image in our CI environment and need to rebase for each new commit in upstream registry. Perhaps in the future it will be possible to more flexibly configure the assembly of CI image in the community, without changing their sources each time or changing them only in the Makefile. |
k8s-ci-robot
added
the
lgtm
What this PR does / why we need it:
This fix allows to customize docker build with Makefile parameters
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #329