diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 216c13bc6a..d2f211450b 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -10,11 +10,8 @@ It contains instructions to build, run, and test Kyverno. - [Building kyverno locally](#building-kyverno-locally) - [Building cli locally](#building-cli-locally) - [Building local images](#building-local-images) - - [Building local images with docker](#building-local-images-with-docker) - [Building local images with ko](#building-local-images-with-ko) - - [Switching between docker and ko](#switching-between-docker-and-ko) - [Pushing images](#pushing-images) - - [Pushing images with docker](#pushing-images-with-docker) - [Pushing images with ko](#pushing-images-with-ko) - [Deploying a local build](#deploying-a-local-build) - [Create a local cluster](#create-a-local-cluster) @@ -93,20 +90,7 @@ The binary should be created at `./cmd/cli/kubectl-kyverno/kubectl-kyverno`. In the same spirit as [building local binaries](#building-local-binaries), you can build local docker images instead of local binaries. -Currently, we are supporting two build systems: -- [Building local images with docker](#building-local-images-with-docker) -- [Building local images with ko](#building-local-images-with-ko) - -> **Note**: We started with `docker` and are progressively moving to `ko`. - -As the `ko` based build system matures, we will deprecate and remove `docker` based builds. - -Choosing between `docker` and `ko` boils down to a prefix when invoking `make` targets. -For example: -- `make docker-build-kyverno` creates a docker image using the `docker` build system -- `make ko-build-kyverno` creates a docker image using the `ko` build system - -It is also possible to [switch between docker and ko](#switching-between-docker-and-ko) build systems easily. +`ko` is used to build images, please refer to [Building local images with ko](#building-local-images-with-ko). ### Image tags @@ -117,39 +101,6 @@ git remote add upstream https://github.com/kyverno/kyverno git fetch upstream --tags ``` -### Building local images with docker - -When building local images with docker you can specify the registry used to create the image names by setting the `REGISTRY` environment variable (default value is `ghcr.io`). - -> **Note**: You can build all local images at once by running `make docker-build-all`. - -#### Building kyvernopre image locally - -To build `kyvernopre` image on your local system, run: -```console -make docker-build-kyvernopre -``` - -The resulting image should be available locally, named `ghcr.io/kyverno/kyvernopre` (by default, if `REGISTRY` environment variable was not set). - -#### Building kyverno image locally - -To build `kyverno` image on your local system, run: -```console -make docker-build-kyverno -``` - -The resulting image should be available locally, named `ghcr.io/kyverno/kyverno` (by default, if `REGISTRY` environment variable was not set). - -#### Building cli image locally - -To build `cli` image on your local system, run: -```console -make docker-build-cli -``` - -The resulting image should be available locally, named `ghcr.io/kyverno/kyverno-cli` (by default, if `REGISTRY` environment variable was not set). - ### Building local images with ko When building local images with ko you can't specify the registry used to create the image names. It will always be `ko.local`. @@ -183,90 +134,16 @@ make ko-build-cli The resulting image should be available locally, named `ko.local/github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno`. -### Switching between docker and ko - -The sections above cover building images with `docker` or `ko` by prefixing build commands (`docker-build-*` or `ko-build-*`). - -You can achieve the same results by setting the `BUILD_WITH` environment variable, and invoke a generic `image-build-*` target: -```console -# build kyverno image with ko -BUILD_WITH=ko make image-build-kyverno -# build kyverno image with docker -BUILD_WITH=docker make image-build-kyverno -``` - -Depending on the `BUILD_WITH` environment variable (default value is `ko`), the resulting images will be the same as noted in sections -[building local images with docker](#building-local-images-with-docker) and [building local images with ko](#building-local-images-with-ko). - ## Pushing images Pushing images is very similar to [building local images](#building-local-images), except that built images will be published on a remote image registry. -Currently, we are supporting two build systems: -- [Pushing images with docker](#pushing-images-with-docker) -- [Pushing images with ko](#pushing-images-with-ko) - -> **Note**: We started with `docker` and are progressively moving to `ko`. - -As the `ko` based build system matures, we will deprecate and remove `docker` based builds. +`ko` is used to build and publish images, please refer to [Pushing images with ko](#pushing-images-with-ko). When pushing images you can specify the registry you want to publish images to by setting the `REGISTRY` environment variable (default value is `ghcr.io`). -### Pushing images with docker - -Authenticating to the remote registry is not done automatically in the `Makefile`. - -You need to be authenticated before invoking targets responsible for pushing images. - -> **Note**: You can push all images at once by running `make docker-publish-all` or `make docker-publish-all-dev`. - -#### Pushing kyvernopre image - -To push `kyvernopre` image on a remote registry, run: -```console -# push stable image -make docker-publish-kyvernopre -``` -or -```console -# push dev image -make docker-publish-kyvernopre-dev -``` - -The resulting image should be available remotely, named `ghcr.io/kyverno/kyvernopre` (by default, if `REGISTRY` environment variable was not set). - -#### Pushing kyverno image - -To push `kyverno` image on a remote registry, run: -```console -# push stable image -make docker-publish-kyverno -``` -or -```console -# push dev image -make docker-publish-kyverno-dev -``` - -The resulting image should be available remotely, named `ghcr.io/kyverno/kyverno` (by default, if `REGISTRY` environment variable was not set). - -#### Pushing cli image - -To push `cli` image on a remote registry, run: -```console -# push stable image -make docker-publish-cli -``` -or -```console -# push dev image -make docker-publish-cli-dev -``` - -The resulting image should be available remotely, named `ghcr.io/kyverno/kyverno-cli` (by default, if `REGISTRY` environment variable was not set). - ### Pushing images with ko Authenticating to the remote registry is done automatically in the `Makefile` with `ko login`. @@ -362,13 +239,6 @@ make kind-load-all You can override the KinD cluster name by setting the `KIND_NAME` environment variable (default value is `kind`). -In any case, you can choose the build system (`docker` or `ko`) by setting the `BUILD_WITH` environment variable: -> **Note**: See [switching between docker and ko](#switching-between-docker-and-ko). -```console -# build kyvernopre and kyverno images and load them in KinD cluster (with docker) -BUILD_WITH=docker make kind-load-all -``` - ### Deploy with helm To build local images, load them on a local KinD cluster, and deploy helm charts, run: @@ -391,13 +261,6 @@ This will build local images, load built images in every node of the KinD cluste You can override the KinD cluster name by setting the `KIND_NAME` environment variable (default value is `kind`). -In any case, you can choose the build system (`docker` or `ko`) by setting the `BUILD_WITH` environment variable: -> **Note**: See [switching between docker and ko](#switching-between-docker-and-ko). -```console -# build images, load them in KinD cluster and deploy helm charts (with docker) -BUILD_WITH=docker make kind-deploy-all -``` - ## Code generation We are using code generation tools to create the following portions of code: diff --git a/Makefile b/Makefile index 56f6a1a131..646fb0f385 100644 --- a/Makefile +++ b/Makefile @@ -271,97 +271,6 @@ ko-publish-all: ko-publish-kyvernopre ko-publish-kyverno ko-publish-cli ## Build .PHONY: ko-publish-all-dev ko-publish-all-dev: ko-publish-kyvernopre-dev ko-publish-kyverno-dev ko-publish-cli-dev ## Build and publish all dev images (with ko) -################## -# UTILS (DOCKER) # -################## - -.PHONY: docker-get-kyvernopre-digest -docker-get-kyvernopre-digest: ## Get kyvernopre image digest (with docker) - @docker buildx imagetools inspect --raw $(REPO_KYVERNOPRE):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //' - -.PHONY: docker-get-kyvernopre-digest-dev -docker-get-kyvernopre-digest-dev: ## Get kyvernopre dev image digest (with docker) - @docker buildx imagetools inspect --raw $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //' - -.PHONY: docker-get-kyverno-digest -docker-get-kyverno-digest: ## Get kyverno image digest (with docker) - @docker buildx imagetools inspect --raw $(REPO_KYVERNO):$(IMAGE_TAG) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //' - -.PHONY: docker-get-kyverno-digest-dev -docker-get-kyverno-digest-dev: ## Get kyverno dev image digest (with docker) - @docker buildx imagetools inspect --raw $(REPO_KYVERNO):$(IMAGE_TAG_DEV) | perl -pe 'chomp if eof' | openssl dgst -sha256 | sed 's/^.* //' - -.PHONY: docker-buildx-builder -docker-buildx-builder: - if ! docker buildx ls | grep -q kyverno; then\ - docker buildx create --name kyverno --use;\ - fi - -################## -# BUILD (DOCKER) # -################## - -DOCKER_KYVERNOPRE_IMAGE := $(REPO_KYVERNOPRE) -DOCKER_KYVERNO_IMAGE := $(REPO_KYVERNO) - -.PHONY: docker-build-kyvernopre -docker-build-kyvernopre: docker-buildx-builder ## Build kyvernopre local image (with docker) - @echo Build kyvernopre local image with docker... >&2 - @docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-build-kyverno -docker-build-kyverno: docker-buildx-builder ## Build kyverno local image (with docker) - @echo Build kyverno local image with docker... >&2 - @docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_KYVERNO):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-build-cli -docker-build-cli: docker-buildx-builder ## Build cli local image (with docker) - @echo Build cli local image with docker... >&2 - @docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --load --platform $(LOCAL_PLATFORM) --tag $(REPO_CLI):$(IMAGE_TAG_DEV) . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-build-all -docker-build-all: docker-build-kyvernopre docker-build-kyverno docker-build-cli ## Build all local images (with docker) - -#################### -# PUBLISH (DOCKER) # -#################### - -.PHONY: docker-publish-kyvernopre -docker-publish-kyvernopre: docker-buildx-builder ## Build and publish kyvernopre image (with docker) - @docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS) - -.PHONY: docker-publish-kyvernopre-dev -docker-publish-kyvernopre-dev: docker-buildx-builder ## Build and publish kyvernopre dev image (with docker) - @docker buildx build --file $(KYVERNOPRE_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \ - --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_DEV) --tag $(REPO_KYVERNOPRE):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_KYVERNOPRE):latest \ - . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-publish-kyverno -docker-publish-kyverno: docker-buildx-builder ## Build and publish kyverno image (with docker) - @docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_KYVERNO):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS) - -.PHONY: docker-publish-kyverno-dev -docker-publish-kyverno-dev: docker-buildx-builder ## Build and publish kyverno dev image (with docker) - @docker buildx build --file $(KYVERNO_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \ - --tag $(REPO_KYVERNO):$(IMAGE_TAG_DEV) --tag $(REPO_KYVERNO):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_KYVERNO):latest \ - . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-publish-cli -docker-publish-cli: docker-buildx-builder ## Build and publish cli image (with docker) - @docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) --tag $(REPO_CLI):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS) - -.PHONY: docker-publish-cli-dev -docker-publish-cli-dev: docker-buildx-builder ## Build and publish cli dev image (with docker) - @docker buildx build --file $(CLI_DIR)/Dockerfile --progress plain --push --platform $(PLATFORMS) \ - --tag $(REPO_CLI):$(IMAGE_TAG_DEV) --tag $(REPO_CLI):$(IMAGE_TAG_LATEST_DEV)-latest --tag $(REPO_CLI):latest \ - . --build-arg LD_FLAGS=$(LD_FLAGS_DEV) - -.PHONY: docker-publish-all -docker-publish-all: docker-publish-kyvernopre docker-publish-kyverno docker-publish-cli ## Build and publish all images (with docker) - -.PHONY: docker-publish-all-dev -docker-publish-all-dev: docker-publish-kyvernopre-dev docker-publish-kyverno-dev docker-publish-cli-dev ## Build and publish all dev images (with docker) - ################# # BUILD (IMAGE) # ################# diff --git a/cmd/cli/kubectl-kyverno/Dockerfile b/cmd/cli/kubectl-kyverno/Dockerfile deleted file mode 100644 index 66c375c4c8..0000000000 --- a/cmd/cli/kubectl-kyverno/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# Multi-stage docker build -# Build stage -FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base -WORKDIR /src -LABEL maintainer="Kyverno" - -COPY go.* . - -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download - -FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx - -FROM base AS builder - -# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed -ARG LD_FLAGS -ARG TARGETPLATFORM - -COPY --from=xx / / - -RUN --mount=type=bind,target=. \ - --mount=type=cache,target=/root/.cache/go-build \ - --mount=type=cache,target=/go/pkg/mod \ - CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/cli/kubectl-kyverno/ - -# Packaging stage -FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b - -LABEL maintainer="Kyverno" - -COPY --from=builder /output/kyverno / - -ENTRYPOINT ["/kyverno"] diff --git a/cmd/initContainer/Dockerfile b/cmd/initContainer/Dockerfile deleted file mode 100644 index 431f88d5cf..0000000000 --- a/cmd/initContainer/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -# Multi-stage docker build -# Build stage -FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base -WORKDIR /src -LABEL maintainer="Kyverno" - -COPY go.* . - -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download - -FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx - -FROM base AS builder - -# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed -ARG LD_FLAGS -ARG TARGETPLATFORM - -COPY --from=xx / / - -RUN --mount=type=bind,target=. \ - --mount=type=cache,target=/root/.cache/go-build \ - --mount=type=cache,target=/go/pkg/mod \ - CGO_ENABLED=0 xx-go build -o /output/kyvernopre -ldflags="${LD_FLAGS}" -v ./cmd/initContainer/ - -# Packaging stage -FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b - -LABEL maintainer="Kyverno" - -COPY --from=builder /output/kyvernopre / - - -ENTRYPOINT ["/kyvernopre"] diff --git a/cmd/initContainer/localDockerfile b/cmd/initContainer/localDockerfile deleted file mode 100644 index 166b114831..0000000000 --- a/cmd/initContainer/localDockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM scratch -ADD kyvernopre /kyvernopre -USER 10001 -ENTRYPOINT ["/kyvernopre"] diff --git a/cmd/kyverno/Dockerfile b/cmd/kyverno/Dockerfile deleted file mode 100644 index 893c5936c3..0000000000 --- a/cmd/kyverno/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM --platform=${BUILDPLATFORM} golang:alpine@sha256:e4dcdac3ed37d8c2b3b8bcef2909573b2ad9c2ab53ba53c608909e8b89ccee36 AS certs - -LABEL maintainer="Kyverno" - -RUN apk add --no-cache ca-certificates - -FROM --platform=${BUILDPLATFORM} golang@sha256:5540a6a6b3b612c382accc545b3f6702de21e77b15d89ad947116c94b5f42993 AS base -WORKDIR /src -LABEL maintainer="Kyverno" - -COPY go.* . - -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download - -FROM --platform=${BUILDPLATFORM} tonistiigi/xx:1.1.1@sha256:23ca08d120366b31d1d7fad29283181f063b0b43879e1f93c045ca5b548868e9 AS xx - -FROM base AS builder - -# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed -ARG LD_FLAGS -ARG TARGETPLATFORM - -COPY --from=xx / / - -RUN --mount=type=bind,target=. \ - --mount=type=cache,target=/root/.cache/go-build \ - --mount=type=cache,target=/go/pkg/mod \ - CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/kyverno/ - -# Packaging stage -FROM ghcr.io/distroless/static@sha256:a9650a15060275287ebf4530b34020b8d998bd2de9aea00d113c332d8c41eb0b - -LABEL maintainer="Kyverno" -COPY --from=builder /output/kyverno / - -ENTRYPOINT ["/kyverno"] diff --git a/cmd/kyverno/localDockerfile b/cmd/kyverno/localDockerfile deleted file mode 100644 index 8072a38fc4..0000000000 --- a/cmd/kyverno/localDockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM golang:alpine@sha256:e4dcdac3ed37d8c2b3b8bcef2909573b2ad9c2ab53ba53c608909e8b89ccee36 -ADD kyverno /kyverno -RUN apk add --no-cache ca-certificates -USER 10001 -ENTRYPOINT ["/kyverno"]