From a6a71c4071e251862a69ce58728d0bbde018c3d6 Mon Sep 17 00:00:00 2001 From: Carlos Eduardo Arango Gutierrez Date: Thu, 19 Aug 2021 16:34:12 -0500 Subject: [PATCH 1/2] Add minimal image Signed-off-by: Carlos Eduardo Arango Gutierrez --- Dockerfile | 16 ++++++++++++---- Makefile | 21 ++++++++++++++++++--- scripts/test-infra/build-image.sh | 2 +- scripts/test-infra/push-image.sh | 4 ++-- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2765c9de..910c58c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ ARG BASE_IMAGE_FULL +ARG BASE_IMAGE_MINIMAL # Build the manager biinary FROM golang:1.16.7-buster as builder @@ -15,14 +16,21 @@ COPY . . RUN make build # Create production image for running the operator -FROM ${BASE_IMAGE_FULL} +FROM ${BASE_IMAGE_FULL} as full COPY --from=builder /workspace/node-feature-discovery-operator / - -RUN mkdir -p /opt/nfd -COPY build/assets /opt/nfd +COPY --from=builder /workspace/build/assets /opt/nfd RUN useradd nfd-operator USER nfd-operator ENTRYPOINT ["/node-feature-discovery-operator"] LABEL io.k8s.display-name="node-feature-discovery-operator" + +# Create a minimal image for running the operator +FROM ${BASE_IMAGE_MINIMAL} as minimal +COPY --from=builder /workspace/node-feature-discovery-operator / +COPY --from=builder /workspace/build/assets /opt/nfd + +ENTRYPOINT ["/node-feature-discovery-operator"] +LABEL io.k8s.display-name="node-feature-discovery-operator" + diff --git a/Makefile b/Makefile index 0229ed97..22dc597e 100644 --- a/Makefile +++ b/Makefile @@ -65,6 +65,7 @@ IMAGE_REPO ?= $(IMAGE_REGISTRY)/$(IMAGE_NAME) IMAGE_TAG ?= $(IMAGE_REPO):$(IMAGE_TAG_NAME) IMAGE_EXTRA_TAGS := $(foreach tag,$(IMAGE_EXTRA_TAG_NAMES),$(IMAGE_REPO):$(tag)) BASE_IMAGE_FULL ?= debian:buster-slim +BASE_IMAGE_MINIMAL ?= gcr.io/distroless/base IMAGE_TAG_RBAC_PROXY ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 @@ -161,18 +162,32 @@ clean-labels: generate: controller-gen $(CONTROLLER_GEN) object:headerFile="utils/boilerplate.go.txt" paths="./..." -# Build the docker image +# Build the container image image: $(IMAGE_BUILD_CMD) -t $(IMAGE_TAG) \ + --target full \ --build-arg BASE_IMAGE_FULL=$(BASE_IMAGE_FULL) \ + --build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL) \ $(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)) \ $(IMAGE_BUILD_EXTRA_OPTS) ./ -# Push the docker image -push: +image-minimal: + $(IMAGE_BUILD_CMD) -t $(IMAGE_TAG)-minimal \ + --target minimal \ + --build-arg BASE_IMAGE_FULL=$(BASE_IMAGE_FULL) \ + --build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL) \ + $(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-minimal) \ + $(IMAGE_BUILD_EXTRA_OPTS) ./ + +# Push the container image +push: $(IMAGE_PUSH_CMD) $(IMAGE_TAG) for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; done +push-minimal: + $(IMAGE_PUSH_CMD) $(IMAGE_TAG)-minimal + for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; done + site-build: @mkdir -p docs/vendor/bundle $(SITE_BUILD_CMD) sh -c '/usr/local/bin/bundle install && "$$BUNDLE_BIN/jekyll" build $(JEKYLL_OPTS)' diff --git a/scripts/test-infra/build-image.sh b/scripts/test-infra/build-image.sh index 88381a13..32657c38 100755 --- a/scripts/test-infra/build-image.sh +++ b/scripts/test-infra/build-image.sh @@ -1,3 +1,3 @@ #!/bin/bash -e -make image +make image image-minimal diff --git a/scripts/test-infra/push-image.sh b/scripts/test-infra/push-image.sh index adefba64..554d5453 100755 --- a/scripts/test-infra/push-image.sh +++ b/scripts/test-infra/push-image.sh @@ -5,5 +5,5 @@ # container image tag VERSION_OVERRIDE=${_GIT_TAG+VERSION=${_GIT_TAG:10}} -make image $VERSION_OVERRIDE -make push $VERSION_OVERRIDE +make image image-minimal $VERSION_OVERRIDE +make push push-minimal $VERSION_OVERRIDE From 50bf542b599ef4bd3b7ef4d14eb7046978c4d20f Mon Sep 17 00:00:00 2001 From: Carlos Eduardo Arango Gutierrez Date: Thu, 19 Aug 2021 16:34:24 -0500 Subject: [PATCH 2/2] Document minimal image Signed-off-by: Carlos Eduardo Arango Gutierrez --- docs/advanced/developer-guide.md | 14 ++++++++++++++ docs/get-started/quick-start.md | 27 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/docs/advanced/developer-guide.md b/docs/advanced/developer-guide.md index 38270988..d4b05be5 100644 --- a/docs/advanced/developer-guide.md +++ b/docs/advanced/developer-guide.md @@ -30,6 +30,13 @@ IMAGE_REGISTRY= make image ``` +Or for the `minimal` variant + +```bash +IMAGE_REGISTRY= +make image-minimal +``` + #### Push the container image ```bash @@ -37,6 +44,13 @@ IMAGE_REGISTRY= make push ``` +Or for the `minimal` variant + +```bash +IMAGE_REGISTRY= +make push-minimal +``` + Alternatively, instead of specifying variables on the command line, you can edit the Makefile to permanently change parameter defaults like name of the image or namespace where the operator is deployed. diff --git a/docs/get-started/quick-start.md b/docs/get-started/quick-start.md index 2af0179c..bc6d62ac 100644 --- a/docs/get-started/quick-start.md +++ b/docs/get-started/quick-start.md @@ -4,6 +4,12 @@ layout: default sort: 2 --- +# Requirements + +1. Linux (x86_64/Arm64/Arm) +1. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) + (properly set up and configured to work with your Kubernetes cluster) + # Quick start Get the source code @@ -25,6 +31,27 @@ Create a NodeFeatureDiscovery instance kubectl apply -f config/samples/nfd.kubernetes.io_v1_nodefeaturediscovery.yaml ``` +## Image variants + +Node-Feautre-Discovery-Operator currently offers two variants +of the container image. The "full" variant is currently +deployed by default. + +### Full + +This image is based on +[debian:buster-slim](https://hub.docker.com/_/debian) and contains a full Linux +system for doing live debugging and diagnosis of the operator. + +### Minimal + +This is a minimal image based on +[gcr.io/distroless/base](https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md) +and only supports running statically linked binaries. + +The container image tag has suffix `-minimal` +(e.g. `{{ site.container_image }}-minimal`) + ## Verify The Operator will deploy NFD based on the information