mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

chore: remove docker support (#5324)

Browse source 
* chore: remove docker support

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* update docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-11-14 16:34:46 +01:00 committed by GitHub
parent 5f7b2d11af
commit 511eb797e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 2 additions and 345 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
DEVELOPMENT.md
View file

@ -10,11 +10,8 @@ It contains instructions to build, run, and test Kyverno.
- [Building kyverno locally](#building-kyverno-locally)
- [Building cli locally](#building-cli-locally)
- [Building local images](#building-local-images)
- [Building local images with docker](#building-local-images-with-docker)
- [Building local images with ko](#building-local-images-with-ko)
- [Switching between docker and ko](#switching-between-docker-and-ko)
- [Pushing images](#pushing-images)
- [Pushing images with docker](#pushing-images-with-docker)
- [Pushing images with ko](#pushing-images-with-ko)
- [Deploying a local build](#deploying-a-local-build)
- [Create a local cluster](#create-a-local-cluster)
@ -93,20 +90,7 @@ The binary should be created at `./cmd/cli/kubectl-kyverno/kubectl-kyverno`.
In the same spirit as [building local binaries](#building-local-binaries), you can build local docker images instead of local binaries.
Currently, we are supporting two build systems:
- [Building local images with docker](#building-local-images-with-docker)
- [Building local images with ko](#building-local-images-with-ko)
> **Note**: We started with `docker` and are progressively moving to `ko`.
As the `ko` based build system matures, we will deprecate and remove `docker` based builds.
Choosing between `docker` and `ko` boils down to a prefix when invoking `make` targets.
For example:
- `make docker-build-kyverno` creates a docker image using the `docker` build system
- `make ko-build-kyverno` creates a docker image using the `ko` build system
It is also possible to [switch between docker and ko](#switching-between-docker-and-ko) build systems easily.
`ko` is used to build images, please refer to [Building local images with ko](#building-local-images-with-ko).
### Image tags
@ -117,39 +101,6 @@ git remote add upstream https://github.com/kyverno/kyverno
git fetch upstream --tags
```
### Building local images with docker
When building local images with docker you can specify the registry used to create the image names by setting the `REGISTRY` environment variable (default value is `ghcr.io`).
> **Note**: You can build all local images at once by running `make docker-build-all`.
#### Building kyvernopre image locally
To build `kyvernopre` image on your local system, run:
```console
make docker-build-kyvernopre
```
The resulting image should be available locally, named `ghcr.io/kyverno/kyvernopre` (by default, if `REGISTRY` environment variable was not set).
#### Building kyverno image locally
To build `kyverno` image on your local system, run:
```console
make docker-build-kyverno
```
The resulting image should be available locally, named `ghcr.io/kyverno/kyverno` (by default, if `REGISTRY` environment variable was not set).
#### Building cli image locally
To build `cli` image on your local system, run:
```console
make docker-build-cli
```
The resulting image should be available locally, named `ghcr.io/kyverno/kyverno-cli` (by default, if `REGISTRY` environment variable was not set).
### Building local images with ko
When building local images with ko you can't specify the registry used to create the image names. It will always be `ko.local`.
@ -183,90 +134,16 @@ make ko-build-cli
The resulting image should be available locally, named `ko.local/github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno`.
### Switching between docker and ko
The sections above cover building images with `docker` or `ko` by prefixing build commands (`docker-build-*` or `ko-build-*`).
You can achieve the same results by setting the `BUILD_WITH` environment variable, and invoke a generic `image-build-*` target:
```console
# build kyverno image with ko
BUILD_WITH=ko make image-build-kyverno
# build kyverno image with docker
BUILD_WITH=docker make image-build-kyverno
```
Depending on the `BUILD_WITH` environment variable (default value is `ko`), the resulting images will be the same as noted in sections
[building local images with docker](#building-local-images-with-docker) and [building local images with ko](#building-local-images-with-ko).
## Pushing images
Pushing images is very similar to [building local images](#building-local-images), except that built images will be published on a remote image registry.
Currently, we are supporting two build systems:
- [Pushing images with docker](#pushing-images-with-docker)
- [Pushing images with ko](#pushing-images-with-ko)
> **Note**: We started with `docker` and are progressively moving to `ko`.
As the `ko` based build system matures, we will deprecate and remove `docker` based builds.
`ko` is used to build and publish images, please refer to [Pushing images with ko](#pushing-images-with-ko).
When pushing images you can specify the registry you want to publish images to by setting the `REGISTRY` environment variable (default value is `ghcr.io`).
<!-- TODO: explain the way images are tagged. -->
### Pushing images with docker
Authenticating to the remote registry is not done automatically in the `Makefile`.
You need to be authenticated before invoking targets responsible for pushing images.
> **Note**: You can push all images at once by running `make docker-publish-all` or `make docker-publish-all-dev`.
#### Pushing kyvernopre image
To push `kyvernopre` image on a remote registry, run:
```console
# push stable image
make docker-publish-kyvernopre
```
or
```console
# push dev image
make docker-publish-kyvernopre-dev
```
The resulting image should be available remotely, named `ghcr.io/kyverno/kyvernopre` (by default, if `REGISTRY` environment variable was not set).
#### Pushing kyverno image
To push `kyverno` image on a remote registry, run:
```console
# push stable image
make docker-publish-kyverno
```
or
```console
# push dev image
make docker-publish-kyverno-dev
```
The resulting image should be available remotely, named `ghcr.io/kyverno/kyverno` (by default, if `REGISTRY` environment variable was not set).
#### Pushing cli image
To push `cli` image on a remote registry, run:
```console
# push stable image
make docker-publish-cli
```
or
```console
# push dev image
make docker-publish-cli-dev
```
The resulting image should be available remotely, named `ghcr.io/kyverno/kyverno-cli` (by default, if `REGISTRY` environment variable was not set).
### Pushing images with ko
Authenticating to the remote registry is done automatically in the `Makefile` with `ko login`.
@ -362,13 +239,6 @@ make kind-load-all
You can override the KinD cluster name by setting the `KIND_NAME` environment variable (default value is `kind`).
In any case, you can choose the build system (`docker` or `ko`) by setting the `BUILD_WITH` environment variable:
> **Note**: See [switching between docker and ko](#switching-between-docker-and-ko).
```console
# build kyvernopre and kyverno images and load them in KinD cluster (with docker)
BUILD_WITH=docker make kind-load-all
```
### Deploy with helm
To build local images, load them on a local KinD cluster, and deploy helm charts, run:
@ -391,13 +261,6 @@ This will build local images, load built images in every node of the KinD cluste
You can override the KinD cluster name by setting the `KIND_NAME` environment variable (default value is `kind`).
In any case, you can choose the build system (`docker` or `ko`) by setting the `BUILD_WITH` environment variable:
> **Note**: See [switching between docker and ko](#switching-between-docker-and-ko).
```console
# build images, load them in KinD cluster and deploy helm charts (with docker)
BUILD_WITH=docker make kind-deploy-all
```
## Code generation
We are using code generation tools to create the following portions of code:

91
Makefile
View file

@ -271,97 +271,6 @@ ko-publish-all: ko-publish-kyvernopre ko-publish-kyverno ko-publish-cli ## Build
.PHONY: ko-publish-all-dev
ko-publish-all-dev: ko-publish-kyvernopre-dev ko-publish-kyverno-dev ko-publish-cli-dev ## Build and publish all dev images (with ko)
##################
# UTILS (DOCKER) #
##################
.PHONY: docker-get-kyvernopre-digest
docker-get-kyvernopre-digest: ## Get kyvernopre image digest (with docker)
@docker buildx imagetools inspect --raw $(REPO_KYVERNOPRE):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
.PHONY: docker-get-kyvernopre-digest-dev
docker-get-kyvernopre-digest-dev: ## Get kyvernopre dev image digest (with docker)
@docker buildx imagetools inspect --raw $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
.PHONY: docker-get-kyverno-digest
docker-get-kyverno-digest: ## Get kyverno image digest (with docker)
@docker buildx imagetools inspect --raw $(REPO_KYVERNO):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
.PHONY: docker-get-kyverno-digest-dev
docker-get-kyverno-digest-dev: ## Get kyverno dev image digest (with docker)
@docker buildx imagetools inspect --raw $(REPO_KYVERNO):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //'
.PHONY: docker-buildx-builder
docker-buildx-builder:
if ! docker buildx ls | grep -q kyverno; then\
docker buildx create --name kyverno --use;\
fi
##################
# BUILD (DOCKER) #
##################
DOCKER_KYVERNOPRE_IMAGE := $(REPO_KYVERNOPRE)
DOCKER_KYVERNO_IMAGE := $(REPO_KYVERNO)
.PHONY: docker-build-kyvernopre
docker-build-kyvernopre: docker-buildx-builder ## Build kyvernopre local image (with docker)
@echo Build kyvernopre local image with docker... >&2
@docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-build-kyverno
docker-build-kyverno: docker-buildx-builder ## Build kyverno local image (with docker)
@echo Build kyverno local image with docker... >&2
@docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_KYVERNO):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-build-cli
docker-build-cli: docker-buildx-builder ## Build cli local image (with docker)
@echo Build cli local image with docker... >&2
@docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_CLI):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-build-all
docker-build-all: docker-build-kyvernopre docker-build-kyverno docker-build-cli ## Build all local images (with docker)
####################
# PUBLISH (DOCKER) #
####################
.PHONY: docker-publish-kyvernopre
docker-publish-kyvernopre: docker-buildx-builder ## Build and publish kyvernopre image (with docker)
@docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
.PHONY: docker-publish-kyvernopre-dev
docker-publish-kyvernopre-dev: docker-buildx-builder ## Build and publish kyvernopre dev image (with docker)
@docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \
--tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_KYVERNOPRE):latest \
. --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-publish-kyverno
docker-publish-kyverno: docker-buildx-builder ## Build and publish kyverno image (with docker)
@docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_KYVERNO):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
.PHONY: docker-publish-kyverno-dev
docker-publish-kyverno-dev: docker-buildx-builder ## Build and publish kyverno dev image (with docker)
@docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \
--tag $(REPO_KYVERNO):$(IMAGE_TAG_DEV) --tag $(REPO_KYVERNO):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_KYVERNO):latest \
. --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-publish-cli
docker-publish-cli: docker-buildx-builder ## Build and publish cli image (with docker)
@docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_CLI):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
.PHONY: docker-publish-cli-dev
docker-publish-cli-dev: docker-buildx-builder ## Build and publish cli dev image (with docker)
@docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \
--tag $(REPO_CLI):$(IMAGE_TAG_DEV) --tag $(REPO_CLI):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_CLI):latest \
. --build-arg LD_FLAGS=$(LD_FLAGS_DEV)
.PHONY: docker-publish-all
docker-publish-all: docker-publish-kyvernopre docker-publish-kyverno docker-publish-cli ## Build and publish all images (with docker)
.PHONY: docker-publish-all-dev
docker-publish-all-dev: docker-publish-kyvernopre-dev docker-publish-kyverno-dev docker-publish-cli-dev ## Build and publish all dev images (with docker)
#################
# BUILD (IMAGE) #
#################

34
cmd/cli/kubectl-kyverno/Dockerfile
View file

@ -1,34 +0,0 @@
# Multi-stage docker build
# Build stage
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/cli/kubectl-kyverno/
# Packaging stage
FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyverno /
ENTRYPOINT ["/kyverno"]

35
cmd/initContainer/Dockerfile
View file

@ -1,35 +0,0 @@
# Multi-stage docker build
# Build stage
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyvernopre -ldflags="${LD_FLAGS}" -v ./cmd/initContainer/
# Packaging stage
FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyvernopre /
ENTRYPOINT ["/kyvernopre"]

4
cmd/initContainer/localDockerfile
View file

@ -1,4 +0,0 @@
FROM scratch
ADD kyvernopre /kyvernopre
USER 10001
ENTRYPOINT ["/kyvernopre"]

37
cmd/kyverno/Dockerfile
View file

@ -1,37 +0,0 @@
FROM --platform=${BUILDPLATFORM} golang:alpine@sha256:e4dcdac3ed37d8c2b3b8bcef2909573b2ad9c2ab53ba53c608909e8b89ccee36 AS certs
LABEL maintainer="Kyverno"
RUN apk add --no-cache ca-certificates
FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base
WORKDIR /src
LABEL maintainer="Kyverno"
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx
FROM base AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
COPY --from=xx / /
RUN --mount=type=bind,target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/kyverno/
# Packaging stage
FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b
LABEL maintainer="Kyverno"
COPY --from=builder /output/kyverno /
ENTRYPOINT ["/kyverno"]

5
cmd/kyverno/localDockerfile
View file

@ -1,5 +0,0 @@
FROM golang:alpine@sha256:e4dcdac3ed37d8c2b3b8bcef2909573b2ad9c2ab53ba53c608909e8b89ccee36
ADD kyverno /kyverno
RUN apk add --no-cache ca-certificates
USER 10001
ENTRYPOINT ["/kyverno"]