From 5e39cd95cb3a1fe83f961e348be4834d1d4a81fb Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Mon, 5 Aug 2024 09:00:12 -0400 Subject: [PATCH] Add downstream container files and update the konflux pipeline Signed-off-by: Mohamed Mahmoud --- .tekton/bpfman-agent-pull-request.yaml | 2 +- .tekton/bpfman-agent-push.yaml | 2 +- .tekton/bpfman-operator-pull-request.yaml | 2 +- .tekton/bpfman-operator-push.yaml | 2 +- Containerfile.bpfman-agent.openshift | 42 +++++++++++++++++++++++ Containerfile.bpfman-operator.openshift | 39 +++++++++++++++++++++ 6 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 Containerfile.bpfman-agent.openshift create mode 100644 Containerfile.bpfman-operator.openshift diff --git a/.tekton/bpfman-agent-pull-request.yaml b/.tekton/bpfman-agent-pull-request.yaml index e6b1684ef..6674102c5 100644 --- a/.tekton/bpfman-agent-pull-request.yaml +++ b/.tekton/bpfman-agent-pull-request.yaml @@ -27,7 +27,7 @@ spec: - name: image-expires-after value: 5d - name: dockerfile - value: Containerfile.bpfman-agent + value: Containerfile.bpfman-agent.openshift pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/bpfman-agent-push.yaml b/.tekton/bpfman-agent-push.yaml index 7df07362f..26a7d1912 100644 --- a/.tekton/bpfman-agent-push.yaml +++ b/.tekton/bpfman-agent-push.yaml @@ -24,7 +24,7 @@ spec: - name: output-image value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-agent:{{revision}} - name: dockerfile - value: Containerfile.bpfman-agent + value: Containerfile.bpfman-agent.openshift pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/bpfman-operator-pull-request.yaml b/.tekton/bpfman-operator-pull-request.yaml index 51ff16930..77850b5d8 100644 --- a/.tekton/bpfman-operator-pull-request.yaml +++ b/.tekton/bpfman-operator-pull-request.yaml @@ -27,7 +27,7 @@ spec: - name: image-expires-after value: 5d - name: dockerfile - value: Containerfile.bpfman-operator + value: Containerfile.bpfman-operator.openshift pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/bpfman-operator-push.yaml b/.tekton/bpfman-operator-push.yaml index 3173a55fe..f85b32b9e 100644 --- a/.tekton/bpfman-operator-push.yaml +++ b/.tekton/bpfman-operator-push.yaml @@ -24,7 +24,7 @@ spec: - name: output-image value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-operator:{{revision}} - name: dockerfile - value: Containerfile.bpfman-operator + value: Containerfile.bpfman-operator.openshift pipelineSpec: finally: - name: show-sbom diff --git a/Containerfile.bpfman-agent.openshift b/Containerfile.bpfman-agent.openshift new file mode 100644 index 000000000..36a3a6581 --- /dev/null +++ b/Containerfile.bpfman-agent.openshift @@ -0,0 +1,42 @@ +# Build the manager binary +ARG BUILDPLATFORM=linux/amd64 + +FROM --platform=$BUILDPLATFORM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9 AS bpfman-agent-build + +# The following ARGs are set internally by docker/build-push-action in github actions +ARG TARGETOS +ARG TARGETARCH +ARG TARGETPLATFORM + +RUN echo "TARGETOS=${TARGETOS} TARGETARCH=${TARGETARCH} BUILDPLATFORM=${BUILDPLATFORM} TARGETPLATFORM=${TARGETPLATFORM}" + +WORKDIR /usr/src/bpfman-operator + +# Copy everything except what's excluded by the .dockerignore file. +COPY . . + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -o bpfman-agent ./cmd/bpfman-agent/main.go + +FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4 +ARG DNF_CMD="microdnf" + +ARG TARGETARCH +ARG TARGETPLATFORM + +WORKDIR / +COPY --from=bpfman-agent-build /usr/src/bpfman-operator/bpfman-agent . + +# Install crictl +RUN ${DNF_CMD} -y install wget tar gzip ca-certificates +ARG VERSION="v1.28.0" +RUN wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${VERSION}/crictl-${VERSION}-linux-${TARGETARCH}.tar.gz +RUN tar zxvf crictl-${VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin +RUN rm -f crictl-${VERSION}-linux-${TARGETARCH}.tar.gz +RUN ${DNF_CMD} -y clean all + +ENTRYPOINT ["/bpfman-agent"] diff --git a/Containerfile.bpfman-operator.openshift b/Containerfile.bpfman-operator.openshift new file mode 100644 index 000000000..fcc9a25fd --- /dev/null +++ b/Containerfile.bpfman-operator.openshift @@ -0,0 +1,39 @@ +# Build the manager binary +ARG BUILDPLATFORM=linux/amd64 + +FROM --platform=$BUILDPLATFORM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9 AS bpfman-operator-build + +ARG BUILDPLATFORM + +# The following ARGs are set internally by docker/build-push-action in github actions +ARG TARGETOS +ARG TARGETARCH +ARG TARGETPLATFORM + +RUN echo "TARGETOS=${TARGETOS} TARGETARCH=${TARGETARCH} BUILDPLATFORM=${BUILDPLATFORM} TARGETPLATFORM=${TARGETPLATFORM}" + +WORKDIR /usr/src/bpfman-operator + +# Copy everything except what's excluded by the .dockerignore file. +COPY . . + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -o bpfman-operator ./cmd/bpfman-operator/main.go + +FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4 + +# The following ARGs are set internally by docker or podman on multiarch builds +ARG TARGETPLATFORM + +WORKDIR / +COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/daemonset.yaml ./config/bpfman-deployment/daemonset.yaml +COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/csidriverinfo.yaml ./config/bpfman-deployment/csidriverinfo.yaml +COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/openshift/restricted-scc.yaml ./config/openshift/restricted-scc.yaml +COPY --from=bpfman-operator-build /usr/src/bpfman-operator/bpfman-operator . +USER 65532:65532 + +ENTRYPOINT ["/bpfman-operator"]