chore: rework build, move to ghcr.io, build for arm64/amd64

Dockerfile/Makefile reworked to support cross-compilation, multi-arch
builds. Using Talos base tools image.

Signed-off-by: Andrey Smirnov <[email protected]>

.drone.yml

@@ -7,10 +7,7 @@ steps:
   - name: setup-ci
     image: autonomy/build-container:latest
     commands:
-      - git fetch --tags
-      - apk add coreutils
-      - docker buildx create --driver docker-container --platform linux/amd64 --buildkitd-flags "--allow-insecure-entitlement security.insecure" --name local --use unix:///var/outer-run/docker.sock
-      - docker buildx inspect --bootstrap
+      - setup-ci
     privileged: true
     volumes:
       - name: docker-socket
@@ -23,6 +20,8 @@ steps:
   - name: build-pull-request
     image: autonomy/build-container:latest
     pull: always
+    environment:
+      PLATFORM: linux/amd64,linux/arm64
     commands:
       - make
     when:
@@ -41,12 +40,13 @@ steps:
     image: autonomy/build-container:latest
     pull: always
     environment:
-      DOCKER_USERNAME:
-        from_secret: docker_username
-      DOCKER_PASSWORD:
-        from_secret: docker_password
+      GHCR_USERNAME:
+        from_secret: ghcr_username
+      GHCR_PASSWORD:
+        from_secret: ghcr_token
+      PLATFORM: linux/amd64,linux/arm64
     commands:
-      - docker login --username "$${DOCKER_USERNAME}" --password "$${DOCKER_PASSWORD}"
+      - docker login --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" ghcr.io
       - make PUSH=true
     when:
       event:
@@ -127,3 +127,8 @@ trigger:
 
 depends_on:
   - default
+---
+kind: signature
+hmac: e3d18401c2205988061491de11ad06b3336a5a0f6df49787832683e472b8d427
+
+...

Dockerfile

@@ -1,39 +1,57 @@
-# syntax = docker/dockerfile-upstream:1.1.4-experimental
+# syntax = docker/dockerfile-upstream:1.2.0-labs
 
-FROM golang:1.15 AS build
+# Meta args applied to stage base names.
+
+ARG TOOLS
+ARG PKGS
+
+# Resolve package images using ${PKGS} to be used later in COPY --from=.
+
+FROM ghcr.io/talos-systems/ca-certificates:${PKGS} AS pkg-ca-certificates
+FROM ghcr.io/talos-systems/fhs:${PKGS} AS pkg-fhs
+
+# The base target provides the base for running various tasks against the source
+# code
+
+FROM --platform=${BUILDPLATFORM} ${TOOLS} AS build
+SHELL ["/toolchain/bin/bash", "-c"]
+ENV PATH /toolchain/bin:/toolchain/go/bin:/go/bin
+RUN ["/toolchain/bin/mkdir", "/bin", "/tmp"]
+RUN ["/toolchain/bin/ln", "-svf", "/toolchain/bin/bash", "/bin/sh"]
+RUN ["/toolchain/bin/ln", "-svf", "/toolchain/etc/ssl", "/etc/ssl"]
 ENV GO111MODULE on
 ENV GOPROXY https://proxy.golang.org
 ENV CGO_ENABLED 0
-WORKDIR /tmp
-RUN go get sigs.k8s.io/controller-tools/cmd/[email protected]
+ENV GOCACHE /.cache/go-build
+ENV GOMODCACHE /.cache/mod
+RUN --mount=type=cache,target=/.cache go install sigs.k8s.io/controller-tools/cmd/[email protected]
+RUN --mount=type=cache,target=/.cache go install k8s.io/code-generator/cmd/[email protected]
 WORKDIR /src
 COPY ./go.mod ./
 COPY ./go.sum ./
-RUN go mod download
-RUN go mod verify
+RUN --mount=type=cache,target=/.cache go mod download
+RUN --mount=type=cache,target=/.cache go mod verify
 COPY ./ ./
-RUN go list -mod=readonly all >/dev/null
-RUN ! go mod tidy -v 2>&1 | grep .
+RUN --mount=type=cache,target=/.cache go list -mod=readonly all >/dev/null
+RUN --mount=type=cache,target=/.cache ! go mod tidy -v 2>&1 | grep .
 
 FROM build AS manifests-build
 ARG NAME
-RUN controller-gen crd:crdVersions=v1 paths="./api/..." output:crd:dir=config/crd/bases output:webhook:dir=config/webhook webhook
-RUN controller-gen rbac:roleName=manager-role paths="./controllers/..." output:rbac:dir=config/rbac
+RUN --mount=type=cache,target=/.cache controller-gen crd:crdVersions=v1 paths="./api/..." output:crd:dir=config/crd/bases output:webhook:dir=config/webhook webhook
+RUN --mount=type=cache,target=/.cache controller-gen rbac:roleName=manager-role paths="./controllers/..." output:rbac:dir=config/rbac
 FROM scratch AS manifests
 COPY --from=manifests-build /src/config/crd /config/crd
 COPY --from=manifests-build /src/config/rbac /config/rbac
 
 FROM build AS generate-build
-RUN controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
+RUN --mount=type=cache,target=/.cache controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
+
 FROM scratch AS generate
 COPY --from=generate-build /src/api /api
 
-FROM k8s.gcr.io/hyperkube:v1.17.0 AS release-build
-RUN apt update -y \
-  && apt install -y curl \
-  && curl -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.5.4/kustomize_v3.5.4_linux_amd64.tar.gz \
-  && tar -xf kustomize_v3.5.4_linux_amd64.tar.gz -C /usr/local/bin \
-  && rm kustomize_v3.5.4_linux_amd64.tar.gz
+FROM --platform=${BUILDPLATFORM} alpine:3.13 AS release-build
+ADD https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.1.0/kustomize_v4.1.0_linux_amd64.tar.gz .
+RUN  tar -xf kustomize_v4.1.0_linux_amd64.tar.gz -C /usr/local/bin && rm kustomize_v4.1.0_linux_amd64.tar.gz
 COPY ./config ./config
 ARG REGISTRY_AND_USERNAME
 ARG NAME
@@ -49,11 +67,13 @@ COPY --from=release-build /control-plane-components.yaml /control-plane-componen
 COPY --from=release-build /metadata.yaml /metadata.yaml
 
 FROM build AS binary
-RUN --mount=type=cache,target=/root/.cache/go-build GOOS=linux go build -ldflags "-s -w" -o /manager
+ARG TARGETARCH
+RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=${TARGETARCH} go build -ldflags "-s -w" -o /manager
 RUN chmod +x /manager
 
 FROM scratch AS container
-COPY --from=docker.io/autonomy/ca-certificates:v0.1.0 / /
-COPY --from=docker.io/autonomy/fhs:v0.1.0 / /
+COPY --from=pkg-ca-certificates / /
+COPY --from=pkg-fhs / /
 COPY --from=binary /manager /manager
+LABEL org.opencontainers.image.source https://github.com/talos-systems/cluster-api-control-plane-provider-talos
 ENTRYPOINT [ "/manager" ]

Makefile

@@ -1,5 +1,5 @@
-REGISTRY ?= docker.io
-USERNAME ?= autonomy
+REGISTRY ?= ghcr.io
+USERNAME ?= talos-systems
 SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
 TAG ?= $(shell git describe --tag --always --dirty)
 BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
@@ -8,6 +8,9 @@ NAME := cluster-api-control-plane-talos-controller
 
 ARTIFACTS := _out
 
+TOOLS ?= ghcr.io/talos-systems/tools:v0.5.0
+PKGS ?= v0.5.0
+
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64
 PROGRESS ?= auto
@@ -18,6 +21,8 @@ COMMON_ARGS += --platform=$(PLATFORM)
 COMMON_ARGS += --build-arg=REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME)
 COMMON_ARGS += --build-arg=NAME=$(NAME)
 COMMON_ARGS += --build-arg=TAG=$(TAG)
+COMMON_ARGS += --build-arg=PKGS=$(PKGS)
+COMMON_ARGS += --build-arg=TOOLS=$(TOOLS)
 
 all: manifests container
 
@@ -63,19 +68,19 @@ init: ## Initialize the project.
 
 .PHONY: generate
 generate: ## Generate source code.
-	@$(MAKE) local-$@ DEST=./
+	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
 
 .PHONY: container
 container: generate ## Build the container image.
 	@$(MAKE) docker-$@ TARGET_ARGS="--push=$(PUSH)"
 
 .PHONY: manifests
 manifests: ## Generate manifests (e.g. CRD, RBAC, etc.).
-	@$(MAKE) local-$@ DEST=./
+	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
 
 .PHONY: release
 release: manifests container ## Create the release YAML. The build result will be ouput to the specified local destination.
-	@$(MAKE) local-$@ DEST=./$(ARTIFACTS)
+	@$(MAKE) local-$@ DEST=./$(ARTIFACTS) PLATFORM=linux/amd64
 
 .PHONY: deploy
 deploy: manifests ## Deploy to a cluster. This is for testing purposes only.

config/crd/bases/controlplane.cluster.x-k8s.io_taloscontrolplanes.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.8
+    controller-gen.kubebuilder.io/version: v0.5.0
   creationTimestamp: null
   name: taloscontrolplanes.controlplane.cluster.x-k8s.io
 spec:
@@ -25,13 +25,11 @@ spec:
       jsonPath: .status.ready
       name: Ready
       type: boolean
-    - description: This denotes whether or not the control plane has the uploaded
-        talos-config configmap
+    - description: This denotes whether or not the control plane has the uploaded talos-config configmap
       jsonPath: .status.initialized
       name: Initialized
       type: boolean
-    - description: Total number of non-terminated machines targeted by this control
-        plane
+    - description: Total number of non-terminated machines targeted by this control plane
       jsonPath: .status.replicas
       name: Replicas
       type: integer
@@ -49,23 +47,18 @@ spec:
         description: TalosControlPlane is the Schema for the taloscontrolplanes API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
           spec:
             description: TalosControlPlaneSpec defines the desired state of TalosControlPlane
             properties:
               controlPlaneConfig:
-                description: ControlPlaneConfig is a two TalosConfigSpecs to use for
-                  initializing and joining machines to the control plane.
+                description: ControlPlaneConfig is a two TalosConfigSpecs to use for initializing and joining machines to the control plane.
                 properties:
                   controlplane:
                     description: TalosConfigSpec defines the desired state of TalosConfig
@@ -124,24 +117,13 @@ spec:
                 - init
                 type: object
               infrastructureTemplate:
-                description: InfrastructureTemplate is a required reference to a custom
-                  resource offered by an infrastructure provider.
+                description: InfrastructureTemplate is a required reference to a custom resource offered by an infrastructure provider.
                 properties:
                   apiVersion:
                     description: API version of the referent.
                     type: string
                   fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
+                    description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
                     type: string
                   kind:
                     description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
@@ -153,17 +135,14 @@ spec:
                     description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
                     type: string
                   resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                     type: string
                   uid:
                     description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                     type: string
                 type: object
               replicas:
-                description: Number of desired machines. Defaults to 1. When stacked
-                  etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
-                  This is a pointer to distinguish between explicit zero and not specified.
+                description: Number of desired machines. Defaults to 1. When stacked etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). This is a pointer to distinguish between explicit zero and not specified.
                 format: int32
                 type: integer
               version:
@@ -180,45 +159,30 @@ spec:
             description: TalosControlPlaneStatus defines the observed state of TalosControlPlane
             properties:
               failureMessage:
-                description: ErrorMessage indicates that there is a terminal problem
-                  reconciling the state, and will be set to a descriptive error message.
+                description: ErrorMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message.
                 type: string
               failureReason:
-                description: FailureReason indicates that there is a terminal problem
-                  reconciling the state, and will be set to a token value suitable
-                  for programmatic interpretation.
+                description: FailureReason indicates that there is a terminal problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.
                 type: string
               initialized:
-                description: Initialized denotes whether or not the control plane
-                  has the uploaded talos-config configmap.
+                description: Initialized denotes whether or not the control plane has the uploaded talos-config configmap.
                 type: boolean
               ready:
-                description: Ready denotes that the TalosControlPlane API Server is
-                  ready to receive requests.
+                description: Ready denotes that the TalosControlPlane API Server is ready to receive requests.
                 type: boolean
               readyReplicas:
-                description: Total number of fully running and ready control plane
-                  machines.
+                description: Total number of fully running and ready control plane machines.
                 format: int32
                 type: integer
               replicas:
-                description: Total number of non-terminated machines targeted by this
-                  control plane (their labels match the selector).
+                description: Total number of non-terminated machines targeted by this control plane (their labels match the selector).
                 format: int32
                 type: integer
               selector:
-                description: 'Selector is the label selector in string format to avoid
-                  introspection by clients, and is used to provide the CRD-based integration
-                  for the scale subresource and additional integrations for things
-                  like kubectl describe.. The string will be in the same format as
-                  the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                description: 'Selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
                 type: string
               unavailableReplicas:
-                description: Total number of unavailable machines targeted by this
-                  control plane. This is the total number of machines that are still
-                  required for the deployment to have 100% available capacity. They
-                  may either be machines that are running but not yet ready or machines
-                  that still have not been created.
+                description: Total number of unavailable machines targeted by this control plane. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet ready or machines that still have not been created.
                 format: int32
                 type: integer
             type: object

go.mod

@@ -1,6 +1,6 @@
 module github.com/talos-systems/cluster-api-control-plane-provider-talos
 
-go 1.13
+go 1.16
 
 require (
 	cloud.google.com/go v0.47.0 // indirect