-
Notifications
You must be signed in to change notification settings - Fork 617
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* [1.26.4] 1.26.4 release * update kubernetes/kubernetes to 1.26.9 in go.mod * .: bump golang.org/x/net to v0.17.0 Bumping golang.org/x/net in light of CVE-2023-39325 and CVE-2023-44487. * Update k3s and test image to ubuntu 22 (#2108) * use ubuntu focal * update k3s used in tests * update default version * tests: Remove support for preinstalled images This never worked and the image in question is no longer available. Signed-off-by: Stephen Finucane <[email protected]> * Fix tests * Use dl.k8s.io instead of hardcoded GCS URIs (#2240) The `storage.googleapis.com/kubernetes-release` URL is a hard coded path to a GCS bucket location. To allow redirecting and spreading the load across multiple hosting locations, the `dl.k8s.io` URL has been introduced. Signed-off-by: Sean McGinnis <[email protected]> * Add Dockerfile --------- Signed-off-by: Stephen Finucane <[email protected]> Signed-off-by: Sean McGinnis <[email protected]> Co-authored-by: Jesse Haka <[email protected]> Co-authored-by: Stephen Finucane <[email protected]> Co-authored-by: Sean McGinnis <[email protected]>
- Loading branch information
1 parent
b32e73a
commit 56feeb1
Showing
32 changed files
with
371 additions
and
286 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,202 @@ | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
################################################################################ | ||
## BUILD ARGS ## | ||
################################################################################ | ||
# This build arg allows the specification of a custom Golang image. | ||
ARG GOLANG_IMAGE=golang:1.20.3 | ||
|
||
# The distroless image on which the CPI manager image is built. | ||
# | ||
# Please do not use "latest". Explicit tags should be used to provide | ||
# deterministic builds. Follow what kubernetes uses to build | ||
# kube-controller-manager, for example for 1.27.x: | ||
# https://github.com/kubernetes/kubernetes/blob/release-1.27/build/common.sh#L99 | ||
ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.3.1-go1.20.3-bullseye.0 | ||
|
||
# We use Alpine as the source for default CA certificates and some output | ||
# images | ||
ARG ALPINE_IMAGE=alpine:3.17.3 | ||
|
||
# cinder-csi-plugin uses Debian as a base image | ||
ARG DEBIAN_IMAGE=registry.k8s.io/build-image/debian-base:bullseye-v1.4.3 | ||
|
||
################################################################################ | ||
## BUILD STAGE ## | ||
################################################################################ | ||
|
||
# Build an image containing a common ca-certificates used by all target images | ||
# regardless of how they are built. We arbitrarily take ca-certificates from | ||
# the amd64 Alpine image. | ||
FROM --platform=linux/amd64 ${ALPINE_IMAGE} as certs | ||
RUN apk add --no-cache ca-certificates | ||
|
||
|
||
# Build all command targets. We build all command targets in a single build | ||
# stage for efficiency. Target images copy their binary from this image. | ||
# We use go's native cross compilation for multi-arch in this stage, so the | ||
# builder itself is always amd64 | ||
FROM --platform=linux/amd64 ${GOLANG_IMAGE} as builder | ||
|
||
ARG GOPROXY=https://goproxy.io,direct | ||
ARG TARGETOS | ||
ARG TARGETARCH | ||
ARG VERSION | ||
|
||
WORKDIR /build | ||
COPY Makefile go.mod go.sum ./ | ||
COPY cmd/ cmd/ | ||
COPY pkg/ pkg/ | ||
RUN make build GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOPROXY=${GOPROXY} VERSION=${VERSION} | ||
|
||
|
||
################################################################################ | ||
## TARGET IMAGES ## | ||
################################################################################ | ||
|
||
## | ||
## openstack-cloud-controller-manager | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as openstack-cloud-controller-manager | ||
|
||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
COPY --from=builder /build/openstack-cloud-controller-manager /bin/openstack-cloud-controller-manager | ||
|
||
LABEL name="openstack-cloud-controller-manager" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="OpenStack cloud controller manager" \ | ||
distribution-scope="public" \ | ||
summary="OpenStack cloud controller manager" \ | ||
help="none" | ||
|
||
CMD [ "/bin/openstack-cloud-controller-manager" ] | ||
|
||
## | ||
## barbican-kms-plugin | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as barbican-kms-plugin | ||
# barbican-kms-plugin uses ALPINE instead of distroless because its entrypoint | ||
# uses a shell for environment substitution. If there are no other uses this | ||
# could be replaced by callers passing arguments explicitly. | ||
|
||
COPY --from=builder /build/barbican-kms-plugin /bin/barbican-kms-plugin | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="barbican-kms-plugin" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="Barbican kms plugin" \ | ||
distribution-scope="public" \ | ||
summary="Barbican kms plugin" \ | ||
help="none" | ||
|
||
CMD ["sh", "-c", "/bin/barbican-kms-plugin --socketpath ${socketpath} --cloud-config ${cloudconfig}"] | ||
|
||
## | ||
## cinder-csi-plugin | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${DEBIAN_IMAGE} as cinder-csi-plugin | ||
|
||
# Install e4fsprogs for format | ||
RUN clean-install btrfs-progs e2fsprogs mount udev xfsprogs | ||
|
||
COPY --from=builder /build/cinder-csi-plugin /bin/cinder-csi-plugin | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="cinder-csi-plugin" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="Cinder CSI Plugin" \ | ||
distribution-scope="public" \ | ||
summary="Cinder CSI Plugin" \ | ||
help="none" | ||
|
||
CMD ["/bin/cinder-csi-plugin"] | ||
|
||
## | ||
## k8s-keystone-auth | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as k8s-keystone-auth | ||
|
||
COPY --from=builder /build/k8s-keystone-auth /bin/k8s-keystone-auth | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="k8s-keystone-auth" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="K8s Keystone Auth" \ | ||
distribution-scope="public" \ | ||
summary="K8s Keystone Auth" \ | ||
help="none" | ||
|
||
EXPOSE 8443 | ||
|
||
CMD ["/bin/k8s-keystone-auth"] | ||
|
||
## | ||
## magnum-auto-healer | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as magnum-auto-healer | ||
|
||
COPY --from=builder /build/magnum-auto-healer /bin/magnum-auto-healer | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="magnum-auto-healer" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="Magnum auto healer" \ | ||
distribution-scope="public" \ | ||
summary="Magnum auto healer" \ | ||
help="none" | ||
|
||
CMD ["/bin/magnum-auto-healer"] | ||
|
||
## | ||
## manila-csi-plugin | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as manila-csi-plugin | ||
# manila-csi-plugin uses ALPINE because it pulls in jq and curl | ||
|
||
RUN apk add --no-cache jq curl | ||
|
||
COPY --from=builder /build/manila-csi-plugin /bin/manila-csi-plugin | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="manila-csi-plugin" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="Manila CSI Plugin" \ | ||
distribution-scope="public" \ | ||
summary="Manila CSI Plugin" \ | ||
help="none" | ||
|
||
ENTRYPOINT ["/bin/manila-csi-plugin"] | ||
|
||
## | ||
## octavia-ingress-controller | ||
## | ||
FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as octavia-ingress-controller | ||
|
||
COPY --from=builder /build/octavia-ingress-controller /bin/octavia-ingress-controller | ||
COPY --from=certs /etc/ssl/certs /etc/ssl/certs | ||
|
||
LABEL name="octavia-ingress-controller" \ | ||
license="Apache Version 2.0" \ | ||
maintainers="Kubernetes Authors" \ | ||
description="Octavia ingress controller" \ | ||
distribution-scope="public" \ | ||
summary="Octavia ingress controller" \ | ||
help="none" | ||
|
||
CMD ["/bin/octavia-ingress-controller"] |
Oops, something went wrong.