From bc976b866eb152c5a20254a3d354f62fb6badb3c Mon Sep 17 00:00:00 2001 From: Snehal Amrutkar Date: Tue, 10 Oct 2023 21:40:47 +0530 Subject: [PATCH 1/5] Set up spectro release process --- cluster-autoscaler/Dockerfile.amd64 | 9 ++++++--- cluster-autoscaler/go.mod | 2 +- cluster-autoscaler/go.sum | 23 +++++++++++++++++++++++ 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/cluster-autoscaler/Dockerfile.amd64 b/cluster-autoscaler/Dockerfile.amd64 index 39d53029e8f4..8667f9c27ef0 100644 --- a/cluster-autoscaler/Dockerfile.amd64 +++ b/cluster-autoscaler/Dockerfile.amd64 @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:1.19-alpine as builder +FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:1.21-alpine as builder ARG TARGETOS ARG TARGETARCH ARG CRYPTO_LIB @@ -14,10 +14,13 @@ RUN mkdir -p bin RUN if [ ${CRYPTO_LIB} ]; \ then \ - CGO_ENABLED=1 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod=readonly -ldflags "-linkmode=external -extldflags=-static" -a -o bin/cluster-autoscaler ;\ + GOARCH=${ARCH} go-build-fips.sh -a -o bin/cluster-autoscaler main.go ;\ else \ - CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod=readonly -a -o bin/cluster-autoscaler ;\ + GOARCH=${ARCH} go-build-static.sh -a -o bin/cluster-autoscaler main.go ;\ fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh bin/cluster-autoscaler; fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh bin/cluster-autoscaler; fi +RUN scan-govulncheck.sh bin/cluster-autoscaler FROM --platform=$TARGETPLATFORM gcr.io/distroless/static:nonroot-amd64 COPY --from=builder /workspace/bin/cluster-autoscaler . diff --git a/cluster-autoscaler/go.mod b/cluster-autoscaler/go.mod index f92e30464f38..5c3b6dd4e92a 100644 --- a/cluster-autoscaler/go.mod +++ b/cluster-autoscaler/go.mod @@ -1,6 +1,6 @@ module k8s.io/autoscaler/cluster-autoscaler -go 1.19 +go 1.21 require ( cloud.google.com/go v0.97.0 diff --git a/cluster-autoscaler/go.sum b/cluster-autoscaler/go.sum index 78f682e7ead6..b6a8bd142cb0 100644 --- a/cluster-autoscaler/go.sum +++ b/cluster-autoscaler/go.sum @@ -113,9 +113,11 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/auth0/go-jwt-middleware v1.0.1 h1:/fsQ4vRr4zod1wKReUH+0A3ySRjGiT9G34kypO/EKwI= +github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.40.27 h1:8fWW0CpmBZ8WWduNwl4vE9t07nMYFrhAsUHjPj81qUM= github.com/aws/aws-sdk-go v1.40.27/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= @@ -131,6 +133,7 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -197,6 +200,7 @@ github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= @@ -209,6 +213,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful/v3 v3.5.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -317,6 +322,7 @@ github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cadvisor v0.45.0 h1:bXQze1sd8srZiQwiQ19Qaq/AoMIZS8YceBXrIaEvkX0= github.com/google/cadvisor v0.45.0/go.mod h1:vsMT3Uv2XjQ8M7WUtKARV74mU/HN64C4XtM1bJhUKcU= github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= @@ -369,11 +375,13 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0 github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= +github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= @@ -385,6 +393,7 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T github.com/heketi/heketi v10.3.0+incompatible h1:X4DBFPzcyWZWhia32d94UhDECQJHH0M5kpRb1gxxUHk= github.com/heketi/heketi v10.3.0+incompatible/go.mod h1:bB9ly3RchcQqsQ9CpyaQwvva7RS5ytVoSoholZQON6o= github.com/heketi/tests v0.0.0-20151005000721-f3775cbcefd6 h1:oJ/NLadJn5HoxvonA6VxG31lg0d6XOURNA09BTtM4fY= +github.com/heketi/tests v0.0.0-20151005000721-f3775cbcefd6/go.mod h1:xGMAM8JLi7UkZt1i4FQeQy0R2T8GLUwQhOP5M1gBhy4= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= @@ -397,6 +406,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= +github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -432,6 +442,7 @@ github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wn github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lpabon/godbc v0.1.1 h1:ilqjArN1UOENJJdM34I2YHKmF/B0gGq4VLoSGy9iAao= +github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -480,7 +491,9 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= @@ -550,10 +563,12 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= +github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= @@ -581,10 +596,12 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtse github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA= +github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= +github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= @@ -602,16 +619,21 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= +go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc= go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.4 h1:Dcx3/MYyfKcPNLpR4VVQUP5KgYrBeJtktBwEKkw08Ao= +go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU= go.etcd.io/etcd/client/v3 v3.5.4 h1:p83BUL3tAYS0OT/r0qglgc3M1JjhM0diV8DSWAhVXv4= go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= go.etcd.io/etcd/pkg/v3 v3.5.4 h1:V5Dvl7S39ZDwjkKqJG2BfXgxZ3QREqqKifWQgIw5IM0= +go.etcd.io/etcd/pkg/v3 v3.5.4/go.mod h1:OI+TtO+Aa3nhQSppMbwE4ld3uF1/fqqwbpfndbbrEe0= go.etcd.io/etcd/raft/v3 v3.5.4 h1:YGrnAgRfgXloBNuqa+oBI/aRZMcK/1GS6trJePJ/Gqc= +go.etcd.io/etcd/raft/v3 v3.5.4/go.mod h1:SCuunjYvZFC0fBX0vxMSPjuZmpcSk+XaAcMrD6Do03w= go.etcd.io/etcd/server/v3 v3.5.4 h1:CMAZd0g8Bn5NRhynW6pKhc4FRg41/0QYy3d7aNm9874= +go.etcd.io/etcd/server/v3 v3.5.4/go.mod h1:S5/YTU15KxymM5l3T6b09sNOHPXqGYIZStpuuGbb65c= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -653,6 +675,7 @@ go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= From fd01e5790497d32fd6266b8fd1bc7d8d9dc2bebb Mon Sep 17 00:00:00 2001 From: Snehal Amrutkar Date: Wed, 11 Oct 2023 11:55:56 +0530 Subject: [PATCH 2/5] Dockerfile changes --- .github/workflows/spectro-release.yaml | 1 + cluster-autoscaler/Dockerfile | 28 +++++++++++++++ cluster-autoscaler/Dockerfile.amd64 | 6 ++-- cluster-autoscaler/Makefile | 47 +++++++++++++++++++++++++- 4 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 cluster-autoscaler/Dockerfile diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml index 7f724620f3f6..414195e09ea0 100644 --- a/.github/workflows/spectro-release.yaml +++ b/.github/workflows/spectro-release.yaml @@ -43,6 +43,7 @@ jobs: env: REGISTRY: gcr.io/spectro-images-public/release/autoscaler/cluster-autoscaler run: | + cd cluster-autoscaler make docker-build-all make docker-push-all - diff --git a/cluster-autoscaler/Dockerfile b/cluster-autoscaler/Dockerfile new file mode 100644 index 000000000000..d289aa49c2f8 --- /dev/null +++ b/cluster-autoscaler/Dockerfile @@ -0,0 +1,28 @@ +FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:1.21-alpine as builder +ARG TARGETOS +ARG TARGETARCH +ARG CRYPTO_LIB +ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto} + +WORKDIR /workspace + +COPY . . + +RUN apk -U add coreutils gcc musl-dev + +RUN mkdir -p bin + +RUN if [ ${CRYPTO_LIB} ]; \ + then \ + GOARCH=${ARCH} go-build-fips.sh -a -o bin/cluster-autoscaler -mod=readonly main.go ;\ + else \ + GOARCH=${ARCH} go-build-static.sh -a -o bin/cluster-autoscaler -mod=readonly main.go ;\ + fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh bin/cluster-autoscaler; fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh bin/cluster-autoscaler; fi +RUN scan-govulncheck.sh bin/cluster-autoscaler + +FROM --platform=$TARGETPLATFORM gcr.io/distroless/static:nonroot-amd64 +WORKDIR / +COPY --from=builder /workspace/bin/cluster-autoscaler . +CMD ["/cluster-autoscaler"] \ No newline at end of file diff --git a/cluster-autoscaler/Dockerfile.amd64 b/cluster-autoscaler/Dockerfile.amd64 index 8667f9c27ef0..d289aa49c2f8 100644 --- a/cluster-autoscaler/Dockerfile.amd64 +++ b/cluster-autoscaler/Dockerfile.amd64 @@ -14,15 +14,15 @@ RUN mkdir -p bin RUN if [ ${CRYPTO_LIB} ]; \ then \ - GOARCH=${ARCH} go-build-fips.sh -a -o bin/cluster-autoscaler main.go ;\ + GOARCH=${ARCH} go-build-fips.sh -a -o bin/cluster-autoscaler -mod=readonly main.go ;\ else \ - GOARCH=${ARCH} go-build-static.sh -a -o bin/cluster-autoscaler main.go ;\ + GOARCH=${ARCH} go-build-static.sh -a -o bin/cluster-autoscaler -mod=readonly main.go ;\ fi RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh bin/cluster-autoscaler; fi RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh bin/cluster-autoscaler; fi RUN scan-govulncheck.sh bin/cluster-autoscaler FROM --platform=$TARGETPLATFORM gcr.io/distroless/static:nonroot-amd64 -COPY --from=builder /workspace/bin/cluster-autoscaler . WORKDIR / +COPY --from=builder /workspace/bin/cluster-autoscaler . CMD ["/cluster-autoscaler"] \ No newline at end of file diff --git a/cluster-autoscaler/Makefile b/cluster-autoscaler/Makefile index 541a705751a6..0a552e3a0c41 100644 --- a/cluster-autoscaler/Makefile +++ b/cluster-autoscaler/Makefile @@ -7,7 +7,7 @@ LDFLAGS?=-s ENVVAR=CGO_ENABLED=0 GOOS?=linux GOARCH?=$(shell go env GOARCH) -REGISTRY?=staging-k8s.gcr.io +#REGISTRY?=staging-k8s.gcr.io DOCKER_NETWORK?=default ifdef BUILD_TAGS TAGS_FLAG=--tags ${BUILD_TAGS} @@ -44,6 +44,29 @@ IMG_TAG ?= "latest" IMG_SERVICE_URL ?= ${IMG_PATH}/ CAS_IMG ?= ${IMG_SERVICE_URL}cluster-autoscaler:${IMG_TAG} +BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION} +RELEASE_LOC := release +ifeq ($(FIPS_ENABLE),yes) + RELEASE_LOC := release-fips +endif + +ALL_ARCH = amd64 arm64 +REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/${RELEASE_LOC} +# main controller +CORE_IMAGE_NAME ?= cluster-autoscaler +CORE_CONTROLLER_IMG ?= $(REGISTRY)/$(CORE_IMAGE_NAME) + +.PHONY: docker-build-all ## Build all the architecture docker images +docker-build-all: $(addprefix docker-build-,$(ALL_ARCH)) + +docker-build-%: ## Build docker images for a given ARCH + $(MAKE) ARCH=$* docker-build + +.PHONY: docker-build +docker-build: ## Build the docker image for cluster autoscaler + docker buildx build --load --platform linux/${ARCH} ${BUILD_ARGS} --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG) + @echo $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG) + docker: docker buildx build --platform ${TARGETARCH} --push . -t ${CAS_IMG} --build-arg CRYPTO_LIB=${FIPS_ENABLE} -f Dockerfile.amd64 @@ -74,6 +97,28 @@ else endif @echo "Image ${TAG}${FOR_PROVIDER}-$* completed" +.PHONY: docker-push +docker-push: ## Push the docker image + docker push $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG) + +.PHONY: docker-push-all ## Push all the architecture docker images +docker-push-all: $(addprefix docker-push-,$(ALL_ARCH)) + $(MAKE) docker-push-core-manifest + +docker-push-%: ## Docker push + $(MAKE) ARCH=$* docker-push + +.PHONY: docker-push-core-manifest +docker-push-core-manifest: ## Push the fat manifest docker image. + ## Minimum docker version 18.06.0 is required for creating and pushing manifest images. + $(MAKE) docker-push-manifest CONTROLLER_IMG=$(CORE_CONTROLLER_IMG) MANIFEST_FILE=$(CORE_MANIFEST_FILE) + +.PHONY: docker-push-manifest +docker-push-manifest: ## Push the manifest image + docker manifest create --amend $(CONTROLLER_IMG):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(CONTROLLER_IMG)\-&:$(TAG)~g") + @for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${CONTROLLER_IMG}:${TAG} ${CONTROLLER_IMG}-$${arch}:${TAG}; done + docker manifest push --purge ${CONTROLLER_IMG}:${TAG} + push-image: push-image-arch-$(GOARCH) push-image-arch-%: From a3bbd19c208029ab53e8c751ef91f811db238a1e Mon Sep 17 00:00:00 2001 From: Snehal Amrutkar Date: Wed, 11 Oct 2023 19:21:00 +0530 Subject: [PATCH 3/5] Update spectro-release.yaml --- .github/workflows/spectro-release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml index 414195e09ea0..30ef2f420cd3 100644 --- a/.github/workflows/spectro-release.yaml +++ b/.github/workflows/spectro-release.yaml @@ -52,6 +52,7 @@ jobs: FIPS_ENABLE: yes REGISTRY: gcr.io/spectro-images-public/release-fips/autoscaler/cluster-autoscaler run: | + cd cluster-autoscaler make docker-build-all make docker-push-all - @@ -66,4 +67,4 @@ jobs: body: | Release version v${{ github.event.inputs.release_version }}-spectro draft: false - prerelease: false \ No newline at end of file + prerelease: false From a8cd74d6e8ba7c45faa86a036edf4c1ce68fe5dc Mon Sep 17 00:00:00 2001 From: Snehal Amrutkar Date: Wed, 11 Oct 2023 19:25:41 +0530 Subject: [PATCH 4/5] Update Makefile --- cluster-autoscaler/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cluster-autoscaler/Makefile b/cluster-autoscaler/Makefile index 0a552e3a0c41..01198e2eeaf9 100644 --- a/cluster-autoscaler/Makefile +++ b/cluster-autoscaler/Makefile @@ -1,7 +1,8 @@ ALL_ARCH = amd64 arm64 all: $(addprefix build-arch-,$(ALL_ARCH)) -TAG?=dev +SPECTRO_VERSION ?= 4.1.0-dev +TAG ?= v0.4.0-spectro-${SPECTRO_VERSION} FLAGS= LDFLAGS?=-s ENVVAR=CGO_ENABLED=0 @@ -164,4 +165,4 @@ container-arch-%: build-in-docker-arch-% make-image-arch-% test-in-docker: clean docker-builder docker run ${RM_FLAG} -v `pwd`:/cluster-autoscaler/:Z autoscaling-builder:latest bash -c 'cd /cluster-autoscaler && go test -race ./... ${TAGS_FLAG}' -.PHONY: all docker build test-unit clean format execute-release dev-release docker-builder build-in-docker release generate push-image push-manifest \ No newline at end of file +.PHONY: all docker build test-unit clean format execute-release dev-release docker-builder build-in-docker release generate push-image push-manifest From 362834577bc6884e99d617372aeb8515e96649b6 Mon Sep 17 00:00:00 2001 From: Snehal Amrutkar Date: Wed, 11 Oct 2023 19:29:17 +0530 Subject: [PATCH 5/5] Update Makefile --- cluster-autoscaler/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-autoscaler/Makefile b/cluster-autoscaler/Makefile index 01198e2eeaf9..bdd0cf5489b0 100644 --- a/cluster-autoscaler/Makefile +++ b/cluster-autoscaler/Makefile @@ -2,7 +2,7 @@ ALL_ARCH = amd64 arm64 all: $(addprefix build-arch-,$(ALL_ARCH)) SPECTRO_VERSION ?= 4.1.0-dev -TAG ?= v0.4.0-spectro-${SPECTRO_VERSION} +TAG ?= v1.25.0-spectro-${SPECTRO_VERSION} FLAGS= LDFLAGS?=-s ENVVAR=CGO_ENABLED=0