From d74cf7849a2874623de917e32c86822c88e40663 Mon Sep 17 00:00:00 2001 From: fengshunli <1171313930@qq.com> Date: Mon, 10 Jul 2023 12:23:33 +0800 Subject: [PATCH] feat: add higress base image Signed-off-by: fengshunli <1171313930@qq.com> --- Makefile.core.mk | 11 +++++++++++ docker/Dockerfile.base | 34 ++++++++++++++++++++++++++++++++++ docker/docker.mk | 7 +++++++ 3 files changed, 52 insertions(+) create mode 100644 docker/Dockerfile.base diff --git a/Makefile.core.mk b/Makefile.core.mk index 221c677436..2d920ecd5e 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -24,6 +24,8 @@ RELEASE_LDFLAGS='$(GO_LDFLAGS) -extldflags -static -s -w' export OUT:=$(TARGET_OUT) export OUT_LINUX:=$(TARGET_OUT_LINUX) +BUILDX_PLATFORM ?= + # If tag not explicitly set in users' .istiorc.mk or command line, default to the git sha. TAG ?= $(shell git rev-parse --verify HEAD) ifeq ($(TAG),) @@ -65,7 +67,13 @@ build: prebuild $(OUT) .PHONY: build-linux build-linux: prebuild $(OUT) +ifeq ($(BUILDX_PLATFORM), true) + GOPROXY=$(GOPROXY) GOOS=linux GOARCH=amd64 LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh ./out/linux_amd64/ $(HIGRESS_BINARIES) + GOPROXY=$(GOPROXY) GOOS=linux GOARCH=arm64 LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh ./out/linux_arm64/ $(HIGRESS_BINARIES) +else GOPROXY=$(GOPROXY) GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) tools/hack/gobuild.sh $(OUT_LINUX)/ $(HIGRESS_BINARIES) +endif + .PHONY: build-hgctl build-hgctl: $(OUT) @@ -114,6 +122,9 @@ include docker/docker.mk docker-build: docker.higress ## Build and push docker images to registry defined by $HUB and $TAG +docker-build-base: + docker buildx build --no-cache --platform linux/amd64,linux/arm64 -t ${HUB}/base:${BASE_VERSION} -f docker/Dockerfile.base . --push + export PARENT_GIT_TAG:=$(shell cat VERSION) export PARENT_GIT_REVISION:=$(TAG) diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base new file mode 100644 index 0000000000..4fd2a0fd2c --- /dev/null +++ b/docker/Dockerfile.base @@ -0,0 +1,34 @@ +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND=noninteractive + +# Do not add more stuff to this list that isn't small or critically useful. +# If you occasionally need something on the container do +# sudo apt-get update && apt-get whichever + +# hadolint ignore=DL3005,DL3008 +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + ca-certificates \ + curl \ + iptables \ + iproute2 \ + iputils-ping \ + knot-dnsutils \ + netcat \ + tcpdump \ + conntrack \ + bsdmainutils \ + net-tools \ + lsof \ + sudo \ + && update-ca-certificates \ + && apt-get upgrade -y \ + && apt-get clean \ + && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \ + && update-alternatives --set iptables /usr/sbin/iptables-legacy \ + && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy + +# Sudoers used to allow tcpdump and other debug utilities. +RUN useradd -m --uid 1337 istio-proxy && \ + echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers \ No newline at end of file diff --git a/docker/docker.mk b/docker/docker.mk index 662f87b791..aeb869d63c 100644 --- a/docker/docker.mk +++ b/docker/docker.mk @@ -28,4 +28,11 @@ DOCKER_ALL_VARIANTS ?= debug distroless # This can be done with DOCKER_BUILD_VARIANTS="default debug" as well, but at the expense of building twice vs building once and tagging twice INCLUDE_UNTAGGED_DEFAULT ?= false DEFAULT_DISTRIBUTION=debug +ifeq ($(BUILDX_PLATFORM), true) +ifeq (docker buildx ls | grep -q container-builder,) + docker buildx create --name container-builder --use; +endif +HIGRESS_DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(HIGRESS_DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./docker/docker-copy.sh $^ $(HIGRESS_DOCKER_BUILD_TOP)/$@ && cd $(HIGRESS_DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker buildx build --no-cache --platform linux/amd64,linux/arm64 $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . --push ); ) +else HIGRESS_DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(HIGRESS_DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./docker/docker-copy.sh $^ $(HIGRESS_DOCKER_BUILD_TOP)/$@ && cd $(HIGRESS_DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker build $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . ); ) +endif \ No newline at end of file