add arm64 support (#16)

rancher · May 24, 2023 · bb603ea · bb603ea
1 parent e740ede
commit bb603ea
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 22 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -10,15 +10,15 @@ platform:
 steps:
 - name: build
   pull: always
-  image: rancher/hardened-build-base:v1.20.3b1
+  image: rancher/hardened-build-base:v1.20.4b11
   commands:
   - make DRONE_TAG=${DRONE_TAG}
   volumes:
   - name: docker
     path: /var/run/docker.sock
 
 - name: publish
-  image: rancher/hardened-build-base:v1.20.3b1
+  image: rancher/hardened-build-base:v1.20.4b11
   commands:
   - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
   - make DRONE_TAG=${DRONE_TAG} image-push
@@ -35,7 +35,56 @@ steps:
     - tag
 
 - name: scan
-  image: rancher/hardened-build-base:v1.20.3b1
+  image: rancher/hardened-build-base:v1.20.4b11
+  commands:
+  - make DRONE_TAG=${DRONE_TAG} image-scan
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+
+---
+kind: pipeline
+type: docker
+name: linux-arm64
+
+platform:
+  os: linux
+  arch: arm64
+
+steps:
+- name: build
+  pull: always
+  image: rancher/hardened-build-base:v1.20.4b11
+  commands:
+  - make DRONE_TAG=${DRONE_TAG}
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+
+- name: publish
+  image: rancher/hardened-build-base:v1.20.4b11
+  commands:
+  - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+  - make DRONE_TAG=${DRONE_TAG} image-push
+  environment:
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+    DOCKER_USERNAME:
+      from_secret: docker_username
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  when:
+    event:
+    - tag
+
+- name: scan
+  image: rancher/hardened-build-base:v1.20.4b11
   commands:
   - make DRONE_TAG=${DRONE_TAG} image-scan
   volumes:
@@ -61,7 +110,7 @@ node:
 steps:
 - name: build
   pull: always
-  image: rancher/hardened-build-base:v1.20.3b1
+  image: rancher/hardened-build-base:v1.20.4b11
   failure: ignore
   commands:
   - make DRONE_TAG=${DRONE_TAG}
@@ -70,7 +119,7 @@ steps:
     path: /var/run/docker.sock
 
 - name: publish
-  image: rancher/hardened-build-base:v1.20.3b1
+  image: rancher/hardened-build-base:v1.20.4b11
   failure: ignore
   commands:
   - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD

diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,22 @@
-ARG BCI_IMAGE=registry.suse.com/bci/bci-base:latest
-ARG GO_IMAGE=rancher/hardened-build-base:v1.20.3b1
+ARG BCI_IMAGE=registry.suse.com/bci/bci-base
+ARG GO_IMAGE=rancher/hardened-build-base:v1.20.4b11
 # We need iptables and ip6tables. We will get them from the hardened kubernetes image
-ARG KUBERNETES=rancher/hardened-kubernetes:v1.26.3-rke2r1-build20230317
+ARG KUBERNETES=rancher/hardened-kubernetes:v1.27.2-rke2r1-build20230518
 
 ARG TAG="1.22.20"
 ARG ARCH="amd64"
 FROM ${BCI_IMAGE} as bci
 FROM ${KUBERNETES} as kubernetes
-FROM ${GO_IMAGE} as base-builder
-# setup required packages
-RUN set -x \
- && apk --no-cache add \
+FROM ${GO_IMAGE} as base
+
+RUN set -x && \
+    apk --no-cache add \
     file \
     gcc \
     git \
     make
 
-# setup the dnsNodeCache build
-FROM base-builder as dnsNodeCache-builder
+FROM base as builder
 ARG SRC=github.com/kubernetes/dns
 ARG PKG=github.com/kubernetes/dns
 RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG}
@@ -30,14 +29,14 @@ RUN git checkout tags/${TAG} -b ${TAG}
 RUN GOARCH=${ARCH} GO_LDFLAGS="-linkmode=external -X ${PKG}/pkg/version.VERSION=${TAG}" \
     go-build-static.sh -gcflags=-trimpath=${GOPATH}/src -o . ./...
 RUN go-assert-static.sh node-cache
-RUN if [ "${ARCH}" != "s390x" ]; then \
-      go-assert-boring.sh node-cache; \
+RUN if [ "${ARCH}" = "amd64" ]; then \
+        go-assert-boring.sh node-cache; \
     fi
 RUN install -s node-cache /usr/local/bin
 
-FROM bci as dnsNodeCache
+FROM bci
 RUN zypper install -y netcat which
-COPY --from=dnsNodeCache-builder /usr/local/bin/node-cache /node-cache
+COPY --from=builder /usr/local/bin/node-cache /node-cache
 COPY --from=kubernetes /usr/sbin/ip* /usr/sbin/
 COPY --from=kubernetes /usr/sbin/xtables* /usr/sbin/
 ENTRYPOINT ["/node-cache"]
diff --git a/Makefile b/Makefile
@@ -1,7 +1,13 @@
 SEVERITIES = HIGH,CRITICAL
 
-ifeq ($(ARCH),)
-ARCH=$(shell go env GOARCH)
+UNAME_M = $(shell uname -m)
+ARCH=
+ifeq ($(UNAME_M), x86_64)
+	ARCH=amd64
+else ifeq ($(UNAME_M), aarch64)
+	ARCH=arm64
+else 
+	ARCH=$(UNAME_M)
 endif
 
 BUILD_META=-build$(shell date +%Y%m%d)
@@ -11,11 +17,11 @@ SRC ?= github.com/kubernetes/dns
 TAG ?= 1.22.20$(BUILD_META)
 
 ifneq ($(DRONE_TAG),)
-TAG := $(DRONE_TAG)
+	TAG := $(DRONE_TAG)
 endif
 
 ifeq (,$(filter %$(BUILD_META),$(TAG)))
-$(error TAG needs to end with build metadata: $(BUILD_META))
+	$(error TAG needs to end with build metadata: $(BUILD_META))
 endif
 
 .PHONY: image-build

diff --git a/manifest.tmpl b/manifest.tmpl
@@ -5,6 +5,11 @@ manifests:
     platform:
       architecture: amd64
       os: linux
+  -
+    image: rancher/hardened-dns-node-cache:{{build.tag}}-arm64
+    platform:
+      architecture: arm64
+      os: linux
   -
     image: rancher/hardened-dns-node-cache:{{build.tag}}-s390x
     platform: