-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate a static binary by disabling cgo #18
Generate a static binary by disabling cgo #18
Conversation
As part of the Go 1.20 release it seems like the default for `CGO_ENABLED` is no longer carried over from the tools. This leads to linking issues on systems that use different versions of glibc from what the base image uses. See golang/go#58550 for more details. This change should fix cosmonic-labs#16
Use `scratch` as a base image since we're generating a static binary anyway. Also be more explicity about the platform and target OS during the build.
✅ Deploy Preview for netreap canceled.
|
This also fixes Netreap on Rocky Linux 9 and I presume all other RHEL-9 based distros. |
DRAFT With the release of Nomad 1.6 it's possible to get the network address of the allocation from Nomad. The change to enable this is only in the client library and does not require updating the Nomad server. The IP was sent back by older Nomad versions, it just wasn't available in the client. This enables refactoring the endpoint reconcilliation to make use of the IP address to identify the endpoint within Cilium. There is no longer a dependency on Consul for policies. Additional, endpoints are now labelled with the task group and task information as services can be created at those levels.
Remove unused flags from the readme and command line and refactor the code to allow for testing.
Refactor endpoint handling and reconcilliation.
It looks like #21 supersedes this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This only needs a few small changes related to the Dockerfile, but other than that it looks good to go to me!
Thanks a ton for the contribution and helping us remove the dependency on Consul!
FROM golang:1.20 as builder | ||
WORKDIR /netreap | ||
COPY . /netreap | ||
FROM --platform=${BUILDPLATFORM} golang:1.20.5 as builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need the --platform
argument since buildx takes care of that for you, at least in CI
ENTRYPOINT ["/usr/bin/netreap"] | ||
ARG TARGETOS | ||
ARG TARGETARCH | ||
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags "-s -w -X 'main.Version=$VERSION'" -o /netreap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You really don't need this if you're using buildx since the build happens in the correct platform image
ARG TARGETOS | ||
ARG TARGETARCH | ||
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags "-s -w -X 'main.Version=$VERSION'" -o /netreap | ||
FROM scratch AS bin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to stick with the distroless image since it comes with cacerts pre-installed. If you want to stick with a static build without CGO, you can switch to use gcr.io/distroless/static
instead
Ugh, realized I left review comments here instead of on #21. I'll copy them over to that one |
Argh, sorry, looks like I stuffed up the branches for the PR. Let me close this one in favor of #21 |
As part of the Go 1.20 release it seems like the default for
CGO_ENABLED
is no longer carried over from the tools. This leads to linking issues on systems that use different versions of glibc from what the base image uses. See golang/go#58550 for more details.This change should fix #16