Skip to content

Commit

Permalink
add multus thick plugin build
Browse files Browse the repository at this point in the history
  • Loading branch information
thomasferrandiz committed Aug 28, 2024
1 parent c14c38f commit 3e38e76
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 7 deletions.
28 changes: 28 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,26 @@ jobs:
id: get-TAG
run: |
echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
- name: Build container image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: rancher/hardened-multus-cni:${{ env.TAG }}-amd64
file: Dockerfile
target: multus-cni
build-args: |
TAG=${{ env.TAG }}
- name: Build thick plugin image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: rancher/hardened-multus-thick:${{ env.TAG }}-amd64
file: Dockerfile
target: multus-thick
build-args: |
TAG=${{ env.TAG }}
Expand All @@ -40,6 +53,7 @@ jobs:
severity: 'CRITICAL,HIGH'
format: 'sarif'
output: 'trivy-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
Expand Down Expand Up @@ -69,6 +83,20 @@ jobs:
push: false
tags: rancher/hardened-multus-cni:${{ env.TAG }}-arm64
file: Dockerfile
target: multus-cni
outputs: type=docker
platforms: linux/arm64
build-args: |
TAG=${{ env.TAG }}
- name: Build thick plugin image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: rancher/hardened-multus-thick:${{ env.TAG }}-arm64
file: Dockerfile
target: multus-thick
outputs: type=docker
platforms: linux/arm64
build-args: |
Expand Down
21 changes: 15 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
ARG GO_IMAGE=rancher/hardened-build-base:v1.21.11b3

# Image that provides cross compilation tooling.
FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 as xx
FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 AS xx

FROM --platform=$BUILDPLATFORM ${GO_IMAGE} as base-builder
FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS base-builder
# copy xx scripts to your build stage
COPY --from=xx / /
RUN apk add file make git clang lld patch
Expand All @@ -12,7 +12,7 @@ RUN set -x && \
xx-apk --no-cache add musl-dev gcc lld

# Build the multus project
FROM base-builder as multus-builder
FROM base-builder AS multus-builder
ARG TAG=v4.1.0
ARG SRC=github.com/k8snetworkplumbingwg/multus-cni
ARG PKG=github.com/k8snetworkplumbingwg/multus-cni
Expand All @@ -28,21 +28,30 @@ RUN xx-go --wrap && \
./hack/build-go.sh
RUN xx-verify --static bin/thin_entrypoint bin/multus

FROM ${GO_IMAGE} as strip_binary
FROM ${GO_IMAGE} AS strip_binary
#strip needs to run on TARGETPLATFORM, not BUILDPLATFORM
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/thin_entrypoint /thin_entrypoint
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/multus /multus
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/kubeconfig_generator /kubeconfig_generator
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/cert-approver /cert-approver
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/install_multus /install_multus
RUN strip /thin_entrypoint /multus /kubeconfig_generator /cert-approver /install_multus
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/multus-daemon /multus-daemon
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/bin/multus-shim /multus-shim
RUN strip /thin_entrypoint /multus /kubeconfig_generator /cert-approver /install_multus /multus-daemon /multus-shim

# Create the multus image
FROM scratch as multus-cni
FROM scratch AS multus-cni
COPY --from=strip_binary /multus /usr/src/multus-cni/bin/multus
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/LICENSE /usr/src/multus-cni/LICENSE
COPY --from=strip_binary /thin_entrypoint /
COPY --from=strip_binary /kubeconfig_generator /
COPY --from=strip_binary /cert-approver /
COPY --from=strip_binary /install_multus /
ENTRYPOINT ["/thin_entrypoint"]

# Create the thick plugin image
FROM scratch AS multus-thick
COPY --from=multus-builder /go/src/github.com/k8snetworkplumbingwg/multus-cni/LICENSE /usr/src/multus-cni/LICENSE
COPY --from=strip_binary /multus-daemon /usr/src/multus-cni/bin/multus-daemon
COPY --from=strip_binary /multus-shim /usr/src/multus-cni/bin/multus-shim
ENTRYPOINT [ "/usr/src/multus-cni/bin/multus-daemon" ]
15 changes: 14 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ ifeq (,$(filter %$(BUILD_META),$(TAG)))
$(error TAG $(TAG) needs to end with build metadata: $(BUILD_META))
endif

.PHONY: image-build
.PHONY: image-build-thin
image-build:
docker buildx build \
--platform=$(ARCH) \
Expand All @@ -37,6 +37,19 @@ image-build:
--load \
.

.PHONY: image-build-thick
image-build-thick:
docker buildx build \
--platform=$(ARCH) \
--build-arg PKG=$(PKG) \
--build-arg SRC=$(SRC) \
--build-arg TAG=$(TAG:$(BUILD_META)=) \
--target multus-thick \
--tag $(ORG)/hardened-multus-thick:$(TAG) \
--tag $(ORG)/hardened-multus-thick:$(TAG)-$(ARCH) \
--load \
.

.PHONY: image-push
image-push:
docker push $(ORG)/hardened-multus-cni:$(TAG)-$(ARCH)
Expand Down

0 comments on commit 3e38e76

Please sign in to comment.