From d3a5e8a7462ae9db4a031a7dd867b48686f5349e Mon Sep 17 00:00:00 2001 From: fengshunli <1171313930@qq.com> Date: Mon, 10 Jul 2023 12:23:33 +0800 Subject: [PATCH] feat: add higress base image Signed-off-by: fengshunli <1171313930@qq.com> --- .github/workflows/build-image-and-push.yaml | 14 ++++----- Makefile.core.mk | 14 +++++++-- docker/Dockerfile.base | 34 +++++++++++++++++++++ docker/docker.mk | 2 +- 4 files changed, 54 insertions(+), 10 deletions(-) create mode 100644 docker/Dockerfile.base diff --git a/.github/workflows/build-image-and-push.yaml b/.github/workflows/build-image-and-push.yaml index d0f2d0585a..ab1e2ca38a 100644 --- a/.github/workflows/build-image-and-push.yaml +++ b/.github/workflows/build-image-and-push.yaml @@ -67,13 +67,13 @@ jobs: - name: Build Docker Image and Push run: | GOPROXY="https://proxy.golang.org,direct" make docker-build - BUILT_IMAGE="higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/higress" - readarray -t IMAGES <<< "${{ steps.docker-meta.outputs.tags }}" - for image in ${IMAGES[@]}; do - echo "Image: $image" - docker tag $BUILT_IMAGE:$GITHUB_SHA $image - docker push $image - done +# BUILT_IMAGE="higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/higress" +# readarray -t IMAGES <<< "${{ steps.docker-meta.outputs.tags }}" +# for image in ${IMAGES[@]}; do +# echo "Image: $image" +# docker tag $BUILT_IMAGE:$GITHUB_SHA $image +# docker push $image +# done build-pilot-image: runs-on: ubuntu-latest diff --git a/Makefile.core.mk b/Makefile.core.mk index 221c677436..005a7a42e5 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -65,7 +65,8 @@ build: prebuild $(OUT) .PHONY: build-linux build-linux: prebuild $(OUT) - GOPROXY=$(GOPROXY) GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh $(OUT_LINUX)/ $(HIGRESS_BINARIES) + GOPROXY=$(GOPROXY) GOOS=linux GOARCH=amd64 LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh ./out/linux_amd64/ $(HIGRESS_BINARIES) + GOPROXY=$(GOPROXY) GOOS=linux GOARCH=arm64 LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh ./out/linux_arm64/ $(HIGRESS_BINARIES) .PHONY: build-hgctl build-hgctl: $(OUT) @@ -112,7 +113,16 @@ endif # for now docker is limited to Linux compiles - why ? include docker/docker.mk -docker-build: docker.higress ## Build and push docker images to registry defined by $HUB and $TAG +docker-build: docker-buildx-builder docker.higress ## Build and push docker images to registry defined by $HUB and $TAG + +docker-buildx-builder: + if ! docker buildx ls | grep -q container-builder; then\ + docker buildx create --name container-builder --use;\ + fi + + +docker-build-base: + docker buildx build --no-cache --platform linux/amd64,linux/arm64 -t ${HUB}/base:${BASE_VERSION} -f docker/Dockerfile.base . --push export PARENT_GIT_TAG:=$(shell cat VERSION) export PARENT_GIT_REVISION:=$(TAG) diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base new file mode 100644 index 0000000000..4fd2a0fd2c --- /dev/null +++ b/docker/Dockerfile.base @@ -0,0 +1,34 @@ +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND=noninteractive + +# Do not add more stuff to this list that isn't small or critically useful. +# If you occasionally need something on the container do +# sudo apt-get update && apt-get whichever + +# hadolint ignore=DL3005,DL3008 +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + ca-certificates \ + curl \ + iptables \ + iproute2 \ + iputils-ping \ + knot-dnsutils \ + netcat \ + tcpdump \ + conntrack \ + bsdmainutils \ + net-tools \ + lsof \ + sudo \ + && update-ca-certificates \ + && apt-get upgrade -y \ + && apt-get clean \ + && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \ + && update-alternatives --set iptables /usr/sbin/iptables-legacy \ + && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy + +# Sudoers used to allow tcpdump and other debug utilities. +RUN useradd -m --uid 1337 istio-proxy && \ + echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers \ No newline at end of file diff --git a/docker/docker.mk b/docker/docker.mk index 662f87b791..ef44f8de4e 100644 --- a/docker/docker.mk +++ b/docker/docker.mk @@ -28,4 +28,4 @@ DOCKER_ALL_VARIANTS ?= debug distroless # This can be done with DOCKER_BUILD_VARIANTS="default debug" as well, but at the expense of building twice vs building once and tagging twice INCLUDE_UNTAGGED_DEFAULT ?= false DEFAULT_DISTRIBUTION=debug -HIGRESS_DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(HIGRESS_DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./docker/docker-copy.sh $^ $(HIGRESS_DOCKER_BUILD_TOP)/$@ && cd $(HIGRESS_DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker build $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . ); ) +HIGRESS_DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(HIGRESS_DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./docker/docker-copy.sh $^ $(HIGRESS_DOCKER_BUILD_TOP)/$@ && cd $(HIGRESS_DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker buildx build --no-cache --platform linux/amd64,linux/arm64 $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . --push ); )