Added scripts for build edge-proxy and iotedged images (#1212)

Refactored build pipeline to support edge-proxy and iotedged images build
* Added an edge-proxy image based on traefik:alpine
* Changed startup script to pick up auth token for pod service account for in kubernetes
the auth token will be added to every outgoing request to iotedged api to be validated against kubernetes API to provide authentication in kubernetes mode
* Added an iotedged image

builds/checkin/edgelet.yaml

@@ -54,6 +54,33 @@ jobs:
         displayName: armv7-unknown-linux-gnueabihf test
         workingDirectory: $(Build.SourcesDirectory)/edgelet
 
+  ################################################################################
+  - job: linux_arm64v8
+    ################################################################################
+    displayName: Linux arm64v8
+    pool:
+      vmImage: 'ubuntu-16.04'
+    variables:
+      IOTEDGE_HOMEDIR: /tmp
+    steps:
+      - bash: 'echo "##vso[task.setvariable variable=PATH;]$HOME/.cargo/bin:$PATH"'
+        displayName: Modify path
+      - bash: |
+          BASE_VERSION=`cat $BUILD_SOURCESDIRECTORY/edgelet/version.txt`
+          VERSION="$BASE_VERSION$BUILD_BUILDNUMBER"
+          echo "##vso[task.setvariable variable=VERSION;]$VERSION"
+        displayName: Set Version
+      - script: edgelet/build/linux/install.sh
+        displayName: Install Rust
+      - script: 'cargo install --git https://github.com/arsing/cross.git --branch set-path'
+        displayName: 'Install cross (fork with docker fix)'
+      - script: 'cross build --target aarch64-unknown-linux-gnu'
+        displayName: aarch64-unknown-linux-gnu build
+        workingDirectory: $(Build.SourcesDirectory)/edgelet
+      - script: 'cross test --target aarch64-unknown-linux-gnu'
+        displayName: aarch64-unknown-linux-gnu test
+        workingDirectory: $(Build.SourcesDirectory)/edgelet
+
 ################################################################################
   - job: windows_amd64
 ################################################################################

builds/misc/images.yaml

@@ -35,91 +35,111 @@ jobs:
         name: build
         displayName: Build ($(Build.Configuration))
 
-      - script: scripts/linux/buildDiagnostics.sh $(Build.Configuration)
-        displayName: Build iotedge-diagnostics
+      - script: scripts/linux/buildEdgelet.sh -i azureiotedge-iotedged -n microsoft -P iotedged -c $(Build.Configuration) -t aarch64
+        displayName: Build - Edge Security Daemon - aarch64
+
+      - script: scripts/linux/buildEdgelet.sh -i azureiotedge-diagnostics -n microsoft -P iotedge-diagnostics -c $(Build.Configuration) -t aarch64
+        displayName: Build - Edge Diagnostics - aarch64
+
+      - script: scripts/linux/buildEdgeProxy.sh -i azureiotedge-proxy -n microsoft -P edge-proxy -t aarch64
+        displayName: Build - Edge Proxy - aarch64
 
       - task: PublishBuildArtifacts@1
         displayName: 'Publish Artifacts'
         inputs:
           PathtoPublish: '$(Build.BinariesDirectory)/publish'
           ArtifactName: 'core-linux'
 
-     # azureiotedge-diagnostics - Not Using Template for ARM64 because we have 2 different .NET Core.
+      # Edge Security Daemon - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image azureiotedge-diagnostics - aarch64
-        inputs: 
-           filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-diagnostics -n microsoft -P azureiotedge-diagnostics --target-arch aarch64
+        displayName: Build Image - Edge Security Daemon - aarch64
+        inputs:
+          filePath: scripts/linux/buildImage.sh
+          arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-iotedged -n microsoft -P azureiotedge-iotedged --target-arch aarch64
+
+      # Edge Diagnostics - Not Using Template for ARM64 because we have 2 different .NET Core.
+      - task: Bash@3
+        displayName: Build Image - Edge Diagnostics - aarch64
+        inputs:
+          filePath: scripts/linux/buildImage.sh
+          arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-diagnostics -n microsoft -P azureiotedge-diagnostics --target-arch aarch64
+
+      # Edge Proxy - Not Using Template for ARM64 because we have 2 different .NET Core.
+      - task: Bash@3
+        displayName: Build Image - Edge Proxy - aarch64
+        inputs:
+          filePath: scripts/linux/buildImage.sh
+          arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-proxy -n microsoft -P azureiotedge-proxy --target-arch aarch64
 
-    # Edge Agent - Not Using Template for ARM64 because we have 2 different .NET Core.
+      # Edge Agent - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Edge Agent Image - aarch64
-        inputs: 
+        displayName: Build Image - Edge Agent - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
            arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-agent -n microsoft -P Microsoft.Azure.Devices.Edge.Agent.Service --target-arch aarch64
 
      # Edge Hub - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Edge Hub Image - aarch64
-        inputs: 
+        displayName: Build Image - Edge Hub - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
            arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-hub -n microsoft -P Microsoft.Azure.Devices.Edge.Hub.Service --target-arch aarch64
 
      # Simulated Temperature Sensor - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Temperature Sensor - aarch64
-        inputs: 
+        displayName: Build Image - Temperature Sensor - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-simulated-temperature-sensor -n microsoft -P SimulatedTemperatureSensor --target-arch aarch64     
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-simulated-temperature-sensor -n microsoft -P SimulatedTemperatureSensor --target-arch aarch64
 
       # Temperature Filter - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Temperature Filter - aarch64
-        inputs: 
+        displayName: Build Image - Temperature Filter - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-temperature-filter -n microsoft -P TemperatureFilter --target-arch aarch64     
-           
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-temperature-filter -n microsoft -P TemperatureFilter --target-arch aarch64
+
       # Load Gen - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Load Gen - aarch64
-        inputs: 
+        displayName: Build Image - Load Gen - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-load-gen -n microsoft -P load-gen --target-arch aarch64     
-           
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-load-gen -n microsoft -P load-gen --target-arch aarch64
+
       # Messages Analyzer - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Messages Analyzer - aarch64
-        inputs: 
+        displayName: Build Image - Messages Analyzer - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-analyzer -n microsoft -P MessagesAnalyzer --target-arch aarch64     
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-analyzer -n microsoft -P MessagesAnalyzer --target-arch aarch64
 
-      # Functions Sample - Not Using Template for ARM64 because we have 2 different .NET Core.//TODO: Enable this once Functions supports arm64v8. Right now they are not ready. 
+      # Functions Sample - Not Using Template for ARM64 because we have 2 different .NET Core.//TODO: Enable this once Functions supports arm64v8. Right now they are not ready.
       #- task: Bash@3
-      #  displayName: Build Image Functions Sample - aarch64
-      #  inputs: 
+      #  displayName: Build Image - Functions Sample - aarch64
+      #  inputs:
       #     filePath: scripts/linux/buildImage.sh
-      #     arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-functions-filter -n azureiotedge -P EdgeHubTriggerCSharp --target-arch aarch64     
+      #     arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-functions-filter -n azureiotedge -P EdgeHubTriggerCSharp --target-arch aarch64
 
       # Direct Method Sender - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Direct Method Sender - aarch64
-        inputs: 
+        displayName: Build Image - Direct Method Sender - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-sender -n microsoft -P DirectMethodSender --target-arch aarch64           
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-sender -n microsoft -P DirectMethodSender --target-arch aarch64
 
       # Direct Method Receiver - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Direct Method Receiver - aarch64
-        inputs: 
+        displayName: Build Image - Direct Method Receiver - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-receiver -n microsoft -P DirectMethodReceiver --target-arch aarch64           
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-receiver -n microsoft -P DirectMethodReceiver --target-arch aarch64
 
       # Direct Method Cloud Sender - Not Using Template for ARM64 because we have 2 different .NET Core.
       - task: Bash@3
-        displayName: Build Image Direct Method Cloud Sender - aarch64
-        inputs: 
+        displayName: Build Image - Direct Method Cloud Sender - aarch64
+        inputs:
            filePath: scripts/linux/buildImage.sh
-           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-cloud-sender -n microsoft -P DirectMethodCloudSender --target-arch aarch64           
+           arguments: -r $(registry.address) -u $(registry.user) -p $(registry.password) -i azureiotedge-direct-method-cloud-sender -n microsoft -P DirectMethodCloudSender --target-arch aarch64
 
 
 ################################################################################
@@ -151,8 +171,28 @@ jobs:
         name: build
         displayName: Build ($(Build.Configuration))
 
-      - script: scripts/linux/buildDiagnostics.sh $(Build.Configuration)
-        displayName: Build iotedge-diagnostics
+      - template: templates/build-edgelet-linux.yaml
+        parameters:
+          filePath: scripts/linux/buildEdgelet.sh
+          name: Edge Security Daemon
+          imageName: azureiotedge-iotedged
+          project: iotedged
+          configuration: $(Build.Configuration)
+
+      - template: templates/build-edgelet-linux.yaml
+        parameters:
+          filePath: scripts/linux/buildEdgelet.sh
+          name: Edge Diagnostics
+          imageName: azureiotedge-diagnostics
+          project: iotedge-diagnostics
+          configuration: $(Build.Configuration)
+
+      - template: templates/build-edgelet-linux.yaml
+        parameters:
+          filePath: scripts/linux/buildEdgeProxy.sh
+          name: Edge Proxy
+          imageName: azureiotedge-proxy
+          project: edge-proxy
 
       - script: scripts/linux/createArtifactInfo.sh --output-folder '$(Build.BinariesDirectory)/publish' --build-number $(Build.BuildNumber)
         displayName: 'Create Artifact Info File'
@@ -163,13 +203,27 @@ jobs:
           PathtoPublish: '$(Build.BinariesDirectory)/publish'
           ArtifactName: 'core-linux'
 
-      # azureiotedge-diagnostics
+      # Edge Security Daemon
       - template: templates/image-linux.yaml
         parameters:
-          name: azureiotedge-diagnostics
+          name: Edge Security Daemon
+          imageName: azureiotedge-iotedged
+          project: azureiotedge-iotedged
+
+      # Edge Diagnostics
+      - template: templates/image-linux.yaml
+        parameters:
+          name: Edge Diagnostics
           imageName: azureiotedge-diagnostics
           project: azureiotedge-diagnostics
 
+      # Edge Proxy
+      - template: templates/image-linux.yaml
+        parameters:
+          name: Edge Proxy
+          imageName: azureiotedge-proxy
+          project: azureiotedge-proxy
+
       # Edge Agent
       - template: templates/image-linux.yaml
         parameters:
@@ -375,5 +429,9 @@ jobs:
       displayName: 'Publish Edge Hub Manifest'
     - script: scripts/linux/buildManifest.sh -r $(registry.address) -u $(registry.user) -p $(registry.password) -v $(Build.BuildNumber) -t $(System.DefaultWorkingDirectory)/edge-modules/SimulatedTemperatureSensor/docker/manifest.yaml.template -n microsoft --tags "$(tags)"
       displayName: 'Publish Temperature Sensor Manifest'
+    - script: scripts/linux/buildManifest.sh -r $(registry.address) -u $(registry.user) -p $(registry.password) -v $(Build.BuildNumber) -t $(System.DefaultWorkingDirectory)/edgelet/iotedged/docker/manifest.yaml.template -n microsoft --tags "$(tags)"
+      displayName: 'Publish azureiotedge-iotedged Manifest'
     - script: scripts/linux/buildManifest.sh -r $(registry.address) -u $(registry.user) -p $(registry.password) -v $(Build.BuildNumber) -t $(System.DefaultWorkingDirectory)/edgelet/iotedge-diagnostics/docker/manifest.yaml.template -n microsoft --tags "$(tags)"
       displayName: 'Publish azureiotedge-diagnostics Manifest'
+    - script: scripts/linux/buildManifest.sh -r $(registry.address) -u $(registry.user) -p $(registry.password) -v $(Build.BuildNumber) -t $(System.DefaultWorkingDirectory)/edge-proxy/docker/manifest.yaml.template -n microsoft --tags "$(tags)"
+      displayName: 'Publish azureiotedge-proxy Manifest'

builds/misc/templates/build-edgelet-linux.yaml

@@ -0,0 +1,19 @@
+parameters:
+  name: ''
+  imageName: ''
+  namespace: 'microsoft'
+  project: ''
+  configuration: 'release'
+  filePath: ''
+
+steps:
+  - task: Bash@3
+    displayName: Build - ${{ parameters.name }} - amd64
+    inputs:
+      filePath: ${{ parameters.filePath }}
+      arguments: -i ${{ parameters.imageName }} -n ${{ parameters.namespace }} -P ${{ parameters.project }} -c ${{ parameters.configuration }}
+  - task: Bash@3
+    displayName: Build - ${{ parameters.name }} - arm32
+    inputs:
+      filePath: ${{ parameters.filePath }}
+      arguments: -i ${{ parameters.imageName }} -n ${{ parameters.namespace }} -P ${{ parameters.project }} -c ${{ parameters.configuration }} --target-arch armv7l

edge-proxy/README.md

@@ -0,0 +1,3 @@
+# Edge Proxy
+
+This project contains a proxy server for edge modules that runs in kubernetes environment.

edge-proxy/docker/linux/amd64/Dockerfile

@@ -0,0 +1,3 @@
+FROM traefik:v1.7.11-alpine
+COPY ./docker/linux/amd64/run.sh /
+CMD ["/run.sh"]

edge-proxy/docker/linux/arm32v7/Dockerfile

@@ -0,0 +1,3 @@
+FROM arm32v6/traefik:v1.7.11-alpine
+COPY ./docker/linux/arm32v7/run.sh /
+CMD ["/run.sh"]

edge-proxy/docker/linux/arm64v8/Dockerfile

@@ -0,0 +1,3 @@
+FROM arm64v8/traefik:v1.7.11-alpine
+COPY ./docker/linux/arm64v8/run.sh /
+CMD ["/run.sh"]

edge-proxy/docker/manifest.yaml.template

@@ -0,0 +1,18 @@
+image: __REGISTRY__/__NAMESPACE__/azureiotedge-proxy:__VERSION__
+tags: __TAGS__
+manifests:
+  -
+    image: __REGISTRY__/__NAMESPACE__/azureiotedge-proxy:__VERSION__-linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: __REGISTRY__/__NAMESPACE__/azureiotedge-proxy:__VERSION__-linux-arm32v7
+    platform:
+      architecture: arm
+      os: linux
+  -
+    image: __REGISTRY__/__NAMESPACE__/azureiotedge-proxy:__VERSION__-linux-arm64v8
+    platform:
+      architecture: arm64
+      os: linux      

edge-proxy/src/run.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+# read service account token from filesystem
+file="/var/run/secrets/kubernetes.io/serviceaccount/token"
+if [ -e "$file" ]
+then
+    token=$(cat "$file")
+else
+    echo "Could not find file $file"
+    exit 1
+fi
+
+config_src="/etc/traefik/traefik.toml"
+if [ ! -e "$config_src" ]
+then
+    echo "Could not find config ${config_src}"
+    exit 1
+fi
+
+# move traefik config to a new place to allow modification
+config_dst="/traefik.toml"
+cp "$config_src" "$config_dst"
+
+# find TOKEN placeholders and replace them with a token value
+if [ -n "$token" ]
+then
+    sed -i -e "s/__TOKEN__/$token/g" "$config_dst"
+fi
+
+# call traefik entry point script with a new config
+/entrypoint.sh -c /traefik.toml

edgelet/Cross.toml

@@ -5,8 +5,14 @@ passthrough = [
     "IOTEDGE_HOMEDIR",
 ]
 
+[target.x86_64-unknown-linux-gnu]
+image = "azureiotedge/debian-build:9.5-1"
+
 [target.armv7-unknown-linux-gnueabihf]
-image = "azureiotedge/gcc-linaro-7.2.1-2017.11-x86_64_arm-linux-gnueabihf:0.2"
+image = "azureiotedge/gcc-linaro-7.3.1-2018.05-x86_64_arm-linux-gnueabihf:debian_9.5-1"
+
+[target.aarch64-unknown-linux-gnu]
+image = "azureiotedge/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu:debian_9.5-1"
 
 [target.armv7-unknown-linux-musleabihf]
 # Built from rust-embedded/cross#718a19cd68fb09428532d1317515fe7303692b47 with `./build-docker-image.sh armv7-unknown-linux-musleabihf`

edgelet/iotedged/docker/linux/amd64/Dockerfile

@@ -0,0 +1,14 @@
+FROM debian:9-slim
+
+RUN apt-get update && apt-get install -y \
+  libssl1.0.2 \
+  ca-certificates \
+  && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+ADD ./docker/linux/amd64/libiothsm.so* /app/
+ADD ./docker/linux/amd64/iotedged /app
+
+ENV LD_LIBRARY_PATH /app
+
+CMD ["/app/iotedged"]

edgelet/iotedged/docker/linux/arm32v7/Dockerfile

@@ -0,0 +1,9 @@
+FROM azureiotedge/azureiotedge-iotedged-base:1.0-arm32v7
+
+WORKDIR /app
+ADD ./docker/linux/arm32v7/libiothsm.so* /app/
+ADD ./docker/linux/arm32v7/iotedged /app
+
+ENV LD_LIBRARY_PATH /app
+
+CMD ["/app/iotedged"]

edgelet/iotedged/docker/linux/arm32v7/base/Dockerfile

@@ -0,0 +1,6 @@
+FROM arm32v7/debian:9-slim
+
+RUN apt-get update && apt-get install -y \
+  libssl1.0.2 \
+  ca-certificates \
+  && rm -rf /var/lib/apt/lists/*