From bb603ea648f1c73e6cdfee3e2caa4862115653dd Mon Sep 17 00:00:00 2001 From: Brian Downs Date: Wed, 24 May 2023 12:35:07 -0400 Subject: [PATCH] add arm64 support (#16) --- .drone.yml | 59 ++++++++++++++++++++++++++++++++++++++++++++++----- Dockerfile | 25 +++++++++++----------- Makefile | 14 ++++++++---- manifest.tmpl | 5 +++++ 4 files changed, 81 insertions(+), 22 deletions(-) diff --git a/.drone.yml b/.drone.yml index d3a692e..a9539ca 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,7 +10,7 @@ platform: steps: - name: build pull: always - image: rancher/hardened-build-base:v1.20.3b1 + image: rancher/hardened-build-base:v1.20.4b11 commands: - make DRONE_TAG=${DRONE_TAG} volumes: @@ -18,7 +18,7 @@ steps: path: /var/run/docker.sock - name: publish - image: rancher/hardened-build-base:v1.20.3b1 + image: rancher/hardened-build-base:v1.20.4b11 commands: - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - make DRONE_TAG=${DRONE_TAG} image-push @@ -35,7 +35,56 @@ steps: - tag - name: scan - image: rancher/hardened-build-base:v1.20.3b1 + image: rancher/hardened-build-base:v1.20.4b11 + commands: + - make DRONE_TAG=${DRONE_TAG} image-scan + volumes: + - name: docker + path: /var/run/docker.sock + +volumes: +- name: docker + host: + path: /var/run/docker.sock + +--- +kind: pipeline +type: docker +name: linux-arm64 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + pull: always + image: rancher/hardened-build-base:v1.20.4b11 + commands: + - make DRONE_TAG=${DRONE_TAG} + volumes: + - name: docker + path: /var/run/docker.sock + +- name: publish + image: rancher/hardened-build-base:v1.20.4b11 + commands: + - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + - make DRONE_TAG=${DRONE_TAG} image-push + environment: + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USERNAME: + from_secret: docker_username + volumes: + - name: docker + path: /var/run/docker.sock + when: + event: + - tag + +- name: scan + image: rancher/hardened-build-base:v1.20.4b11 commands: - make DRONE_TAG=${DRONE_TAG} image-scan volumes: @@ -61,7 +110,7 @@ node: steps: - name: build pull: always - image: rancher/hardened-build-base:v1.20.3b1 + image: rancher/hardened-build-base:v1.20.4b11 failure: ignore commands: - make DRONE_TAG=${DRONE_TAG} @@ -70,7 +119,7 @@ steps: path: /var/run/docker.sock - name: publish - image: rancher/hardened-build-base:v1.20.3b1 + image: rancher/hardened-build-base:v1.20.4b11 failure: ignore commands: - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD diff --git a/Dockerfile b/Dockerfile index c261695..180a134 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,22 @@ -ARG BCI_IMAGE=registry.suse.com/bci/bci-base:latest -ARG GO_IMAGE=rancher/hardened-build-base:v1.20.3b1 +ARG BCI_IMAGE=registry.suse.com/bci/bci-base +ARG GO_IMAGE=rancher/hardened-build-base:v1.20.4b11 # We need iptables and ip6tables. We will get them from the hardened kubernetes image -ARG KUBERNETES=rancher/hardened-kubernetes:v1.26.3-rke2r1-build20230317 +ARG KUBERNETES=rancher/hardened-kubernetes:v1.27.2-rke2r1-build20230518 ARG TAG="1.22.20" ARG ARCH="amd64" FROM ${BCI_IMAGE} as bci FROM ${KUBERNETES} as kubernetes -FROM ${GO_IMAGE} as base-builder -# setup required packages -RUN set -x \ - && apk --no-cache add \ +FROM ${GO_IMAGE} as base + +RUN set -x && \ + apk --no-cache add \ file \ gcc \ git \ make -# setup the dnsNodeCache build -FROM base-builder as dnsNodeCache-builder +FROM base as builder ARG SRC=github.com/kubernetes/dns ARG PKG=github.com/kubernetes/dns RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG} @@ -30,14 +29,14 @@ RUN git checkout tags/${TAG} -b ${TAG} RUN GOARCH=${ARCH} GO_LDFLAGS="-linkmode=external -X ${PKG}/pkg/version.VERSION=${TAG}" \ go-build-static.sh -gcflags=-trimpath=${GOPATH}/src -o . ./... RUN go-assert-static.sh node-cache -RUN if [ "${ARCH}" != "s390x" ]; then \ - go-assert-boring.sh node-cache; \ +RUN if [ "${ARCH}" = "amd64" ]; then \ + go-assert-boring.sh node-cache; \ fi RUN install -s node-cache /usr/local/bin -FROM bci as dnsNodeCache +FROM bci RUN zypper install -y netcat which -COPY --from=dnsNodeCache-builder /usr/local/bin/node-cache /node-cache +COPY --from=builder /usr/local/bin/node-cache /node-cache COPY --from=kubernetes /usr/sbin/ip* /usr/sbin/ COPY --from=kubernetes /usr/sbin/xtables* /usr/sbin/ ENTRYPOINT ["/node-cache"] diff --git a/Makefile b/Makefile index ed076e8..96c1502 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,13 @@ SEVERITIES = HIGH,CRITICAL -ifeq ($(ARCH),) -ARCH=$(shell go env GOARCH) +UNAME_M = $(shell uname -m) +ARCH= +ifeq ($(UNAME_M), x86_64) + ARCH=amd64 +else ifeq ($(UNAME_M), aarch64) + ARCH=arm64 +else + ARCH=$(UNAME_M) endif BUILD_META=-build$(shell date +%Y%m%d) @@ -11,11 +17,11 @@ SRC ?= github.com/kubernetes/dns TAG ?= 1.22.20$(BUILD_META) ifneq ($(DRONE_TAG),) -TAG := $(DRONE_TAG) + TAG := $(DRONE_TAG) endif ifeq (,$(filter %$(BUILD_META),$(TAG))) -$(error TAG needs to end with build metadata: $(BUILD_META)) + $(error TAG needs to end with build metadata: $(BUILD_META)) endif .PHONY: image-build diff --git a/manifest.tmpl b/manifest.tmpl index 6e1a873..73a055b 100644 --- a/manifest.tmpl +++ b/manifest.tmpl @@ -5,6 +5,11 @@ manifests: platform: architecture: amd64 os: linux + - + image: rancher/hardened-dns-node-cache:{{build.tag}}-arm64 + platform: + architecture: arm64 + os: linux - image: rancher/hardened-dns-node-cache:{{build.tag}}-s390x platform: