From bdb1c4917d525852b77a59f586ecd3025b8b2750 Mon Sep 17 00:00:00 2001 From: hurricane1988 Date: Wed, 20 Nov 2024 20:51:05 +0800 Subject: [PATCH] Upgrade golang.org/x/net from v0.7.0 to v0.31.0, and google.golang.org/protobuf from v1.28.1 to v1.35.2; update the buildx build just use one Dockerfile --- Dockerfile | 16 ++++-------- Dockerfile_multiarch | 47 ----------------------------------- Makefile | 21 ++++++++++++---- go.mod | 10 ++++---- go.sum | 20 +++++++-------- pkg/trafficrouting/manager.go | 8 +++--- 6 files changed, 40 insertions(+), 82 deletions(-) delete mode 100644 Dockerfile_multiarch diff --git a/Dockerfile b/Dockerfile index 9476d506..d7e4ab1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,19 @@ # Build the manager binary FROM golang:1.19-alpine3.17 AS builder +ADD . /workspace/ WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY pkg/ pkg/ - # Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -installsuffix cgo -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details + FROM gcr.io/distroless/static:nonroot + WORKDIR / -COPY --from=builder /workspace/manager . +COPY --from=builder /workspace/manager /manager COPY lua_configuration /lua_configuration USER 65532:65532 diff --git a/Dockerfile_multiarch b/Dockerfile_multiarch deleted file mode 100644 index fd200488..00000000 --- a/Dockerfile_multiarch +++ /dev/null @@ -1,47 +0,0 @@ -# Build the manager binary -ARG BASE_IMAGE=alpine -ARG BASE_IMAGE_VERION=3.17 -FROM --platform=$BUILDPLATFORM golang:1.19-alpine3.17 as builder - -WORKDIR /workspace - -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY pkg/ pkg/ - -# Build -ARG TARGETOS -ARG TARGETARCH -RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go - -ARG BASE_IMAGE -ARG BASE_IMAGE_VERION -FROM ${BASE_IMAGE}:${BASE_IMAGE_VERION} - -RUN set -eux; \ - apk --no-cache --update upgrade && \ - apk --no-cache add ca-certificates && \ - apk --no-cache add tzdata && \ - rm -rf /var/cache/apk/* && \ - update-ca-certificates && \ - echo "only include root and nobody user" && \ - echo -e "root:x:0:0:root:/root:/bin/ash\nnobody:x:65534:65534:nobody:/:/sbin/nologin" | tee /etc/passwd && \ - echo -e "root:x:0:root\nnobody:x:65534:" | tee /etc/group && \ - rm -rf /usr/local/sbin/* && \ - rm -rf /usr/local/bin/* && \ - rm -rf /usr/sbin/* && \ - rm -rf /usr/bin/* && \ - rm -rf /sbin/* && \ - rm -rf /bin/* - -WORKDIR / -COPY --from=builder /workspace/manager . -COPY lua_configuration /lua_configuration -USER 65534 - -ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index f7f488db..ae2c8df9 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,15 @@ # Image URL to use all building/pushing image targets IMG ?= controller:latest + # Platforms to build the image for PLATFORMS ?= linux/amd64,linux/arm64 +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +CONTAINER_TOOL ?= docker + # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) GOBIN=$(shell go env GOPATH)/bin @@ -65,14 +71,19 @@ run: manifests generate fmt vet ## Run a controller from your host. go run ./main.go docker-build: ## Build docker image with the manager. - docker build -t ${IMG} . + $(CONTAINER_TOOL) build -t ${IMG} . docker-push: ## Push docker image with the manager. - docker push ${IMG} + $(CONTAINER_TOOL) push ${IMG} + +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image of the manager for cross-platform support. + - $(CONTAINER_TOOL) buildx create --name project-v3-builder + $(CONTAINER_TOOL) buildx use project-v3-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . + - $(CONTAINER_TOOL) buildx rm project-v3-builder + -# Build and push the multiarchitecture docker images and manifest. -docker-multiarch: - docker buildx build -f ./Dockerfile_multiarch --pull --no-cache --platform=$(PLATFORMS) --push . -t $(IMG) ##@ Deployment install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. diff --git a/go.mod b/go.mod index 604c4996..821adf41 100644 --- a/go.mod +++ b/go.mod @@ -64,14 +64,14 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.24.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/net v0.31.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 109dcbe1..a99b56e5 100644 --- a/go.sum +++ b/go.sum @@ -374,8 +374,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -439,12 +439,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -452,8 +452,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -587,8 +587,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pkg/trafficrouting/manager.go b/pkg/trafficrouting/manager.go index 243c5999..dbb7f1cd 100644 --- a/pkg/trafficrouting/manager.go +++ b/pkg/trafficrouting/manager.go @@ -110,7 +110,7 @@ func (m *Manager) DoTrafficRouting(c *TrafficRoutingContext) (bool, error) { return true, nil } - //fetch stable service + // fetch stable service stableService := &corev1.Service{} err := m.Get(context.TODO(), client.ObjectKey{Namespace: c.Namespace, Name: trafficRouting.Service}, stableService) if err != nil { @@ -248,7 +248,7 @@ func (m *Manager) RouteAllTrafficToNewVersion(c *TrafficRoutingContext) (bool, e // route all traffic to new version c.Strategy.Matches = nil c.Strategy.Traffic = utilpointer.StringPtr("100%") - //NOTE - This return value "verified" has the opposite semantics with "modified" + // NOTE - This return value "verified" has the opposite semantics with "modified" verified, err := trController.EnsureRoutes(context.TODO(), &c.Strategy) if !verified { c.LastUpdateTime = &metav1.Time{Time: time.Now()} @@ -259,7 +259,7 @@ func (m *Manager) RouteAllTrafficToNewVersion(c *TrafficRoutingContext) (bool, e return retry, err } -// returns: +// RestoreGateway returns: // - if error is not nil, usually we need to retry later. Only if error is nil, we consider the bool. // - The bool value indicates whether retry is needed. If true, it usually means // gateway resources have been updated and we need to wait for `graceSeconds`. @@ -381,7 +381,7 @@ func newNetworkProvider(c client.Client, con *TrafficRoutingContext, sService, c StableService: sService, TrafficConf: trafficRouting.CustomNetworkRefs, OwnerRef: con.OwnerRef, - //only set for CustomController, never work for Ingress and Gateway + // only set for CustomController, never work for Ingress and Gateway DisableGenerateCanaryService: con.DisableGenerateCanaryService, }) if innerErr != nil {