From 2cbf954116abaf505ddd1a36028fd613dbed1565 Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 21:59:17 +0000 Subject: [PATCH 1/8] test run --- kubernetes/linux/Dockerfile.multiarch | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index fd0330d5d..e805f5ca1 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -1,4 +1,8 @@ -FROM --platform=$BUILDPLATFORM golang:1.15.14 AS builder +# Default base images. If you update them don't forgot to update variables in our build pipelines +ARG GOLANG_BASE_IMAGE=golang:1.15.14 +ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 + +FROM --platform=$BUILDPLATFORM ${GOLANG_BASE_IMAGE} AS builder ARG TARGETOS TARGETARCH RUN /usr/bin/apt-get update && /usr/bin/apt-get install git g++ make pkg-config libssl-dev libpam0g-dev rpm librpm-dev uuid-dev libkrb5-dev python sudo gcc-aarch64-linux-gnu -y @@ -7,7 +11,7 @@ COPY source /src/source RUN cd /src/build/linux && make arch=${TARGETARCH} -FROM ubuntu:18.04 AS base_image +FROM ${UBUNTU_BASE_IMAGE} AS base_image ARG TARGETOS TARGETARCH MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ From 3f5d566035c52cd5f5142bf05a6910b1feba271f Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 22:03:15 +0000 Subject: [PATCH 2/8] use pipeline vars --- .pipelines/azure_pipeline_dev.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pipelines/azure_pipeline_dev.yaml b/.pipelines/azure_pipeline_dev.yaml index 9147501ba..49a696794 100644 --- a/.pipelines/azure_pipeline_dev.yaml +++ b/.pipelines/azure_pipeline_dev.yaml @@ -115,14 +115,14 @@ jobs: az acr login -n ${{ variables.containerRegistry }} if [ "$(Build.Reason)" != "PullRequest" ]; then - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --push . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --push . docker pull ${{ variables.repoImageName }}:$(linuxImagetag) else - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) . # load the multi-arch image to run tests - docker buildx build --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --load . + docker buildx build --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --load . fi curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin @@ -135,14 +135,14 @@ jobs: condition: eq(variables.IS_PR, true) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: 'golang:1.15.14, ubuntu:18.04' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE)' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generation Task' condition: eq(variables.IS_PR, false) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: 'golang:1.15.14, ubuntu:18.04, ${{ variables.repoImageName }}:$(linuxImagetag)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE), ${{ variables.repoImageName }}:$(linuxImagetag)' - task: PublishBuildArtifacts@1 inputs: From 1483db02f5584ca7b8c618dda51a432bad4b35b4 Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 22:33:37 +0000 Subject: [PATCH 3/8] test changes --- kubernetes/linux/Dockerfile.multiarch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index e805f5ca1..8c013b149 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -1,6 +1,6 @@ # Default base images. If you update them don't forgot to update variables in our build pipelines -ARG GOLANG_BASE_IMAGE=golang:1.15.14 -ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 +ARG GOLANG_BASE_IMAGE +ARG UBUNTU_BASE_IMAGE FROM --platform=$BUILDPLATFORM ${GOLANG_BASE_IMAGE} AS builder ARG TARGETOS TARGETARCH @@ -42,8 +42,8 @@ RUN chmod 775 $tmpdir/*.sh; sync; $tmpdir/setup.sh ${TARGETARCH} # Do vulnerability scan in a seperate stage to avoid adding layer FROM base_image AS vulnscan -COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy COPY .trivyignore .trivyignore +RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.28.1 RUN trivy rootfs --ignore-unfixed --no-progress --severity HIGH,CRITICAL,MEDIUM --skip-files "/usr/local/bin/trivy" / RUN trivy rootfs --ignore-unfixed --no-progress --severity HIGH,CRITICAL,MEDIUM /usr/lib RUN trivy rootfs --exit-code 1 --ignore-unfixed --no-progress --severity HIGH,CRITICAL,MEDIUM --skip-files "/usr/local/bin/trivy" / > /dev/null 2>&1 && trivy rootfs --exit-code 1 --ignore-unfixed --no-progress --severity HIGH,CRITICAL,MEDIUM /usr/lib > /dev/null 2>&1 From 22baf4094b9d2e179d8518ac7a75bfb7214da800 Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 22:44:24 +0000 Subject: [PATCH 4/8] use arg based image creation --- kubernetes/linux/Dockerfile | 3 ++- kubernetes/linux/Dockerfile.multiarch | 4 ++-- test/e2e/src/core/Dockerfile | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 6f68f664e..9badf973f 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:18.04 +ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 +FROM ${UBUNTU_BASE_IMAGE} MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ com.microsoft.product="Azure Monitor for containers" diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index 8c013b149..b7bb5e203 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -1,6 +1,6 @@ # Default base images. If you update them don't forgot to update variables in our build pipelines -ARG GOLANG_BASE_IMAGE -ARG UBUNTU_BASE_IMAGE +ARG GOLANG_BASE_IMAGE=golang:1.18.3 +ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 FROM --platform=$BUILDPLATFORM ${GOLANG_BASE_IMAGE} AS builder ARG TARGETOS TARGETARCH diff --git a/test/e2e/src/core/Dockerfile b/test/e2e/src/core/Dockerfile index 52bcd7cf8..1958a87d9 100644 --- a/test/e2e/src/core/Dockerfile +++ b/test/e2e/src/core/Dockerfile @@ -1,4 +1,5 @@ -FROM python:3.6 +ARG PYTHON_BASE_IMAGE=python:3.6 +FROM ${PYTHON_BASE_IMAGE} RUN pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pytest pytest-xdist filelock requests kubernetes adal msrestazure From ac827b5a67da76f92c3485f7b9d1bad7686d456d Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 23:05:26 +0000 Subject: [PATCH 5/8] update --- .trivyignore | 2 +- test/e2e/src/core/Dockerfile | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.trivyignore b/.trivyignore index f8c029116..56ac504d5 100644 --- a/.trivyignore +++ b/.trivyignore @@ -16,4 +16,4 @@ CVE-2021-31799 CVE-2021-28965 #dpkg vulnerability in ubuntu -CVE-2022-1664 \ No newline at end of file +CVE-2022-1304 \ No newline at end of file diff --git a/test/e2e/src/core/Dockerfile b/test/e2e/src/core/Dockerfile index 1958a87d9..4197a5b22 100644 --- a/test/e2e/src/core/Dockerfile +++ b/test/e2e/src/core/Dockerfile @@ -12,14 +12,14 @@ RUN apt-get update && apt-get -y upgrade && \ CLI_REPO=$(lsb_release -cs) && \ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ > /etc/apt/sources.list.d/azure-cli.list && \ + curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \ apt-get update && \ - apt-get install -y azure-cli && \ + apt-get install -y azure-cli kubectl && \ rm -rf /var/lib/apt/lists/* RUN python3 -m pip install junit_xml -COPY --from=lachlanevenson/k8s-kubectl:v1.20.5 /usr/local/bin/kubectl /usr/local/bin/kubectl - COPY ./core/e2e_tests.sh / COPY ./core/setup_failure_handler.py / COPY ./core/pytest.ini /e2etests/ From 126b4730fbc21a3d7f186c66155b691f712f4a88 Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Fri, 10 Jun 2022 23:11:32 +0000 Subject: [PATCH 6/8] update golang everywhere --- .../build/linux/install-build-pre-requisites.sh | 16 ++++++++-------- .../windows/install-build-pre-requisites.ps1 | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/scripts/build/linux/install-build-pre-requisites.sh b/scripts/build/linux/install-build-pre-requisites.sh index b85e54fc4..88f9fbef9 100644 --- a/scripts/build/linux/install-build-pre-requisites.sh +++ b/scripts/build/linux/install-build-pre-requisites.sh @@ -8,17 +8,17 @@ TEMP_DIR=temp-$RANDOM install_go_lang() { export goVersion="$(echo $(go version))" - if [[ $goVersion == *go1.15.14* ]] ; then - echo "found existing installation of go version 1.15.14 so skipping the installation of go" + if [[ $goVersion == *go1.18.3* ]] ; then + echo "found existing installation of go version 1.18.3 so skipping the installation of go" else - echo "installing go 1.15.14 version ..." - sudo curl -O https://dl.google.com/go/go1.15.14.linux-amd64.tar.gz - sudo tar -xvf go1.15.14.linux-amd64.tar.gz + echo "installing go 1.18.3 version ..." + sudo curl -O https://dl.google.com/go/go1.18.3.linux-amd64.tar.gz + sudo tar -xvf go1.18.3.linux-amd64.tar.gz sudo mv -f go /usr/local echo "set file permission for go bin" sudo chmod 744 /usr/local/go/bin - echo "installation of go 1.15.14 completed." - echo "installation of go 1.15.14 completed." + echo "installation of go 1.18.3 completed." + echo "installation of go 1.18.3 completed." fi } @@ -173,4 +173,4 @@ sudo rm -rf $TEMP_DIR # set go env vars install_go_env_vars -echo "installing build pre-requisites python, go 1.15.14, dotnet, powershell, build dependencies and docker completed" +echo "installing build pre-requisites python, go 1.18.3, dotnet, powershell, build dependencies and docker completed" diff --git a/scripts/build/windows/install-build-pre-requisites.ps1 b/scripts/build/windows/install-build-pre-requisites.ps1 index 235f6ace9..1ceeda353 100644 --- a/scripts/build/windows/install-build-pre-requisites.ps1 +++ b/scripts/build/windows/install-build-pre-requisites.ps1 @@ -13,8 +13,8 @@ function Install-Go { exit 1 } - $url = "https://go.dev/dl/go1.15.14.windows-amd64.msi" - $output = Join-Path -Path $tempGo -ChildPath "go1.15.14.windows-amd64.msi" + $url = "https://go.dev/dl/go1.18.3.windows-amd64.msi" + $output = Join-Path -Path $tempGo -ChildPath "go1.18.3.windows-amd64.msi" Write-Host("downloading go msi into directory path : " + $output + " ...") Invoke-WebRequest -Uri $url -OutFile $output -ErrorAction Stop Write-Host("downloading of go msi into directory path : " + $output + " completed") @@ -137,7 +137,7 @@ function Install-Docker() { # https://stackoverflow.com/questions/28682642/powershell-why-is-using-invoke-webrequest-much-slower-than-a-browser-download $ProgressPreference = 'SilentlyContinue' -Write-Host "Install GO 1.15.14 version" +Write-Host "Install GO 1.18.3 version" Install-Go Write-Host "Install Build dependencies" Build-Dependencies From 7cf2af36a6ea678686fd191d44da593c06219caa Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Wed, 15 Jun 2022 20:19:38 +0000 Subject: [PATCH 7/8] additional changes to build --- .pipelines/azure_pipeline_prod.yaml | 10 +-- README.md | 39 ++++----- kubernetes/linux/Dockerfile | 2 +- kubernetes/linux/Dockerfile.multiarch | 6 +- .../build-and-publish-docker-image.sh | 80 +++++++------------ test/e2e/src/core/Dockerfile | 3 +- 6 files changed, 62 insertions(+), 78 deletions(-) diff --git a/.pipelines/azure_pipeline_prod.yaml b/.pipelines/azure_pipeline_prod.yaml index 5e22bdd3b..d0df5c262 100644 --- a/.pipelines/azure_pipeline_prod.yaml +++ b/.pipelines/azure_pipeline_prod.yaml @@ -119,14 +119,14 @@ jobs: az acr login -n ${{ variables.containerRegistry }} if [ "$(Build.Reason)" != "PullRequest" ]; then - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --push . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --push . docker pull ${{ variables.repoImageNameLinux }}:$(linuxImagetag) else - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) . # load the multi-arch image to run tests - docker buildx build --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --load . + docker buildx build --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --load . fi curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin @@ -138,14 +138,14 @@ jobs: condition: eq(variables.IS_PR, true) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: 'golang:1.15.14, ubuntu:18.04' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE)' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generation Task' condition: eq(variables.IS_PR, false) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: 'golang:1.15.14, ubuntu:18.04, ${{ variables.repoImageNameLinux }}:$(linuxImagetag)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE), ${{ variables.repoImageNameLinux }}:$(linuxImagetag)' - task: PublishBuildArtifacts@1 inputs: diff --git a/README.md b/README.md index 6e51d256b..22331e8ee 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Feel free to contact engineering team owners in case you have any questions abou ## Common - [Visual Studio Code](https://code.visualstudio.com/) for authoring -- [Go lang](https://golang.org/) for building go code. Go lang version 1.15.14 (both Linux & Windows) +- [Go lang](https://golang.org/) for building go code. Go lang version 1.18.3 (both Linux & Windows) > Note: If you are using WSL2, make sure you have cloned the code onto ubuntu not onto windows @@ -121,7 +121,7 @@ We recommend using [Visual Studio Code](https://code.visualstudio.com/) for auth ### Install Pre-requisites -1. Install go1.15.14, dotnet, powershell, docker and build dependencies to build go code for both Linux and Windows platforms +1. Install go1.18.3, dotnet, powershell, docker and build dependencies to build go code for both Linux and Windows platforms ``` bash ~/Docker-Provider/scripts/build/linux/install-build-pre-requisites.sh ``` @@ -143,31 +143,34 @@ bash ~/Docker-Provider/scripts/build/linux/install-build-pre-requisites.sh > Note: If you are using WSL2, ensure `Docker for windows` running with Linux containers mode on your windows machine to build Linux agent image successfully +> Note: format of the imagetag will be `ci`. possible values for release are test, dev, preview, dogfood, prod etc. Please use MCR urls while building internally. + +Preferred Way: You can build and push images for multiple architectures. This is powered by docker buildx +Directly use the docker buildx commands (the MCR images can be found in our internal wiki to be used as arguments) +``` +# multiple platforms +cd ~/Docker-Provider +docker buildx build --platform linux/arm64/v8,linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . + +# single platform +cd ~/Docker-Provider +docker buildx build --platform linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . +``` + +Using the build and publish script + ``` cd ~/Docker-Provider/kubernetes/linux/dockerbuild sudo docker login # if you want to publish the image to acr then login to acr via `docker login ` # build provider, docker image and publish to docker image -bash build-and-publish-docker-image.sh --image /: +bash build-and-publish-docker-image.sh --image /: --ubuntu --golang ``` -> Note: format of the imagetag will be `ci`. possible values for release are test, dev, preview, dogfood, prod etc. -You can also build and push images for multiple architectures. This is powered by docker buildx ``` cd ~/Docker-Provider/kubernetes/linux/dockerbuild sudo docker login # if you want to publish the image to acr then login to acr via `docker login ` # build and publish using docker buildx -bash build-and-publish-docker-image.sh --image /: --multiarch -``` - -or directly use the docker buildx commands -``` -# multiple platforms -cd ~/Docker-Provider -docker buildx build --platform linux/arm64/v8,linux/amd64 -t /: --build-arg IMAGE_TAG= -f kubernetes/linux/Dockerfile.multiarch --push . - -# single platform -cd ~/Docker-Provider -docker buildx build --platform linux/amd64 -t /: --build-arg IMAGE_TAG= -f kubernetes/linux/Dockerfile.multiarch --push . +bash build-and-publish-docker-image.sh --image /: --ubuntu --golang --multiarch ``` If you prefer to build docker provider shell bundle and image separately, then you can follow below instructions @@ -182,7 +185,7 @@ make ``` cd ~/Docker-Provider/kubernetes/linux/ -docker build -t /: --build-arg IMAGE_TAG= . +docker build -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= . docker push /: ``` ## Windows Agent diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 9badf973f..f7acde31d 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -1,4 +1,4 @@ -ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 +ARG UBUNTU_BASE_IMAGE= FROM ${UBUNTU_BASE_IMAGE} MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index b7bb5e203..da74824b1 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -1,6 +1,6 @@ -# Default base images. If you update them don't forgot to update variables in our build pipelines -ARG GOLANG_BASE_IMAGE=golang:1.18.3 -ARG UBUNTU_BASE_IMAGE=ubuntu:18.04 +# Default base images. If you update them don't forgot to update variables in our build pipelines. Default values can be found in internal wiki. External can use ubuntu 18.04 and golang 1.18.3 +ARG GOLANG_BASE_IMAGE= +ARG UBUNTU_BASE_IMAGE= FROM --platform=$BUILDPLATFORM ${GOLANG_BASE_IMAGE} AS builder ARG TARGETOS TARGETARCH diff --git a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh index 638236507..f25ba1ef5 100755 --- a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh +++ b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh @@ -13,8 +13,8 @@ usage() local basename=`basename $0` echo echo "Build and publish docker image:" - echo "$basename --image " - echo "$basename --image --multiarch" + echo "$basename --image --ubuntu --golang " + echo "$basename --image --ubuntu --golang --multiarch" } parse_args() @@ -32,6 +32,8 @@ for arg in "$@"; do case "$arg" in "--image") set -- "$@" "-i" ;; "--multiarch") set -- "$@" "-m" ;; + "--ubuntu") set -- "$@" "-u" ;; + "--golang") set -- "$@" "-g" ;; "--"*) usage ;; *) set -- "$@" "$arg" esac @@ -39,7 +41,7 @@ done local OPTIND opt -while getopts 'hi:m' opt; do +while getopts 'hi:u:g:m' opt; do case "$opt" in h) usage @@ -54,7 +56,12 @@ while getopts 'hi:m' opt; do multi=1 echo "using multiarch dockerfile" ;; - + u) + ubuntu_base_image=$OPTARG + ;; + g) + golang_base_image=$OPTARG + ;; ?) usage exit 1 @@ -69,6 +76,16 @@ while getopts 'hi:m' opt; do exit 1 fi + if [ -z "$ubuntu_base_image" ]; then + echo "-e invalid ubuntu image url. please try with valid values from internal wiki. do not use 3P entries" + exit 1 + fi + + if [ -z "$golang_base_image" ]; then + echo "-e invalid golang image url. please try with valid values from internal wiki. do not use 3P entries" + exit 1 + fi + # extract image tag imageTag=$(echo ${image} | sed "s/.*://") @@ -89,39 +106,6 @@ fi } -build_docker_provider() -{ - echo "building docker provider shell bundle" - cd $buildDir - echo "trigger make to build docker build provider shell bundle" - make - echo "building docker provider shell bundle completed" -} - -login_to_docker() -{ - echo "login to docker with provided creds" - # sudo docker login --username=$dockerUser - sudo docker login - echo "login to docker with provided creds completed" -} - -build_docker_image() -{ - echo "build docker image: $image and image tage is $imageTag" - cd $baseDir/kubernetes/linux - sudo docker build -t $image --build-arg IMAGE_TAG=$imageTag . - - echo "build docker image completed" -} - -publish_docker_image() -{ - echo "publishing docker image: $image" - sudo docker push $image - echo "publishing docker image: $image done." -} - # parse and validate args parse_args $@ @@ -138,22 +122,18 @@ echo "source code base directory: $baseDir" echo "build directory for docker provider: $buildDir" echo "docker file directory: $dockerFileDir" +echo "build docker image: $image and image tage is $imageTag" + if [ -n "$multi" ] && [ "$multi" -eq "1" ]; then echo "building multiarch" cd $baseDir - docker buildx build --platform linux/arm64/v8,linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag -f $linuxDir/Dockerfile.multiarch --push . - exit 0 + docker buildx build --platform linux/arm64/v8,linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg UBUNTU_BASE_IMAGE="$ubuntu_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . +else + echo "building amd64" + cd $baseDir + docker buildx build --platform linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg UBUNTU_BASE_IMAGE="$ubuntu_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . fi -# build docker provider shell bundle -build_docker_provider - -# build docker image -build_docker_image - -# publish docker image -publish_docker_image - -cd $currentDir - +echo "build and push docker image completed" +cd $currentDir \ No newline at end of file diff --git a/test/e2e/src/core/Dockerfile b/test/e2e/src/core/Dockerfile index 4197a5b22..ba73e74f7 100644 --- a/test/e2e/src/core/Dockerfile +++ b/test/e2e/src/core/Dockerfile @@ -1,4 +1,5 @@ -ARG PYTHON_BASE_IMAGE=python:3.6 +# default value can be found in internal wiki. External can use python 3.6 base image +ARG PYTHON_BASE_IMAGE= FROM ${PYTHON_BASE_IMAGE} RUN pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pytest pytest-xdist filelock requests kubernetes adal msrestazure From f7a60457ff2ffd74277d06e175a4e8d80bc095f7 Mon Sep 17 00:00:00 2001 From: Amol Agrawal Date: Mon, 27 Jun 2022 16:00:29 +0000 Subject: [PATCH 8/8] address PR comments --- .pipelines/azure_pipeline_dev.yaml | 10 +++++----- .pipelines/azure_pipeline_prod.yaml | 10 +++++----- README.md | 6 +++--- kubernetes/linux/Dockerfile | 4 ++-- kubernetes/linux/Dockerfile.multiarch | 4 ++-- .../dockerbuild/build-and-publish-docker-image.sh | 8 ++++---- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.pipelines/azure_pipeline_dev.yaml b/.pipelines/azure_pipeline_dev.yaml index 49a696794..eed3bdc57 100644 --- a/.pipelines/azure_pipeline_dev.yaml +++ b/.pipelines/azure_pipeline_dev.yaml @@ -115,14 +115,14 @@ jobs: az acr login -n ${{ variables.containerRegistry }} if [ "$(Build.Reason)" != "PullRequest" ]; then - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --push . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) --push . docker pull ${{ variables.repoImageName }}:$(linuxImagetag) else - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) . # load the multi-arch image to run tests - docker buildx build --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --load . + docker buildx build --tag ${{ variables.repoImageName }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg IMAGE_TAG=$(linuxImagetag) --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) --load . fi curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin @@ -135,14 +135,14 @@ jobs: condition: eq(variables.IS_PR, true) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(CI_BASE_IMAGE)' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generation Task' condition: eq(variables.IS_PR, false) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE), ${{ variables.repoImageName }}:$(linuxImagetag)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(CI_BASE_IMAGE), ${{ variables.repoImageName }}:$(linuxImagetag)' - task: PublishBuildArtifacts@1 inputs: diff --git a/.pipelines/azure_pipeline_prod.yaml b/.pipelines/azure_pipeline_prod.yaml index d0df5c262..74650914e 100644 --- a/.pipelines/azure_pipeline_prod.yaml +++ b/.pipelines/azure_pipeline_prod.yaml @@ -119,14 +119,14 @@ jobs: az acr login -n ${{ variables.containerRegistry }} if [ "$(Build.Reason)" != "PullRequest" ]; then - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --push . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) --push . docker pull ${{ variables.repoImageNameLinux }}:$(linuxImagetag) else - docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) . + docker buildx build --platform linux/amd64,linux/arm64 --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) . # load the multi-arch image to run tests - docker buildx build --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) --load . + docker buildx build --tag ${{ variables.repoImageNameLinux }}:$(linuxImagetag) -f kubernetes/linux/Dockerfile.multiarch --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --build-arg GOLANG_BASE_IMAGE=$(GOLANG_BASE_IMAGE) --build-arg CI_BASE_IMAGE=$(CI_BASE_IMAGE) --load . fi curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin @@ -138,14 +138,14 @@ jobs: condition: eq(variables.IS_PR, true) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(CI_BASE_IMAGE)' - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: 'Generation Task' condition: eq(variables.IS_PR, false) inputs: BuildDropPath: '$(Build.ArtifactStagingDirectory)/linux' - DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(UBUNTU_BASE_IMAGE), ${{ variables.repoImageNameLinux }}:$(linuxImagetag)' + DockerImagesToScan: '$(GOLANG_BASE_IMAGE), $(CI_BASE_IMAGE), ${{ variables.repoImageNameLinux }}:$(linuxImagetag)' - task: PublishBuildArtifacts@1 inputs: diff --git a/README.md b/README.md index 22331e8ee..60ed39901 100644 --- a/README.md +++ b/README.md @@ -150,11 +150,11 @@ Directly use the docker buildx commands (the MCR images can be found in our inte ``` # multiple platforms cd ~/Docker-Provider -docker buildx build --platform linux/arm64/v8,linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . +docker buildx build --platform linux/arm64/v8,linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg CI_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . # single platform cd ~/Docker-Provider -docker buildx build --platform linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . +docker buildx build --platform linux/amd64 -t /: --build-arg IMAGE_TAG= --build-arg CI_BASE_IMAGE= --build-arg GOLANG_BASE_IMAGE= -f kubernetes/linux/Dockerfile.multiarch --push . ``` Using the build and publish script @@ -185,7 +185,7 @@ make ``` cd ~/Docker-Provider/kubernetes/linux/ -docker build -t /: --build-arg IMAGE_TAG= --build-arg UBUNTU_BASE_IMAGE= . +docker build -t /: --build-arg IMAGE_TAG= --build-arg CI_BASE_IMAGE= . docker push /: ``` ## Windows Agent diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index f7acde31d..a2e77d78e 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -1,5 +1,5 @@ -ARG UBUNTU_BASE_IMAGE= -FROM ${UBUNTU_BASE_IMAGE} +ARG CI_BASE_IMAGE= +FROM ${CI_BASE_IMAGE} MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ com.microsoft.product="Azure Monitor for containers" diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch index da74824b1..74b01be7b 100644 --- a/kubernetes/linux/Dockerfile.multiarch +++ b/kubernetes/linux/Dockerfile.multiarch @@ -1,6 +1,6 @@ # Default base images. If you update them don't forgot to update variables in our build pipelines. Default values can be found in internal wiki. External can use ubuntu 18.04 and golang 1.18.3 ARG GOLANG_BASE_IMAGE= -ARG UBUNTU_BASE_IMAGE= +ARG CI_BASE_IMAGE= FROM --platform=$BUILDPLATFORM ${GOLANG_BASE_IMAGE} AS builder ARG TARGETOS TARGETARCH @@ -11,7 +11,7 @@ COPY source /src/source RUN cd /src/build/linux && make arch=${TARGETARCH} -FROM ${UBUNTU_BASE_IMAGE} AS base_image +FROM ${CI_BASE_IMAGE} AS base_image ARG TARGETOS TARGETARCH MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ diff --git a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh index f25ba1ef5..40ce83cd4 100755 --- a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh +++ b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh @@ -57,7 +57,7 @@ while getopts 'hi:u:g:m' opt; do echo "using multiarch dockerfile" ;; u) - ubuntu_base_image=$OPTARG + ci_base_image=$OPTARG ;; g) golang_base_image=$OPTARG @@ -76,7 +76,7 @@ while getopts 'hi:u:g:m' opt; do exit 1 fi - if [ -z "$ubuntu_base_image" ]; then + if [ -z "$ci_base_image" ]; then echo "-e invalid ubuntu image url. please try with valid values from internal wiki. do not use 3P entries" exit 1 fi @@ -127,11 +127,11 @@ echo "build docker image: $image and image tage is $imageTag" if [ -n "$multi" ] && [ "$multi" -eq "1" ]; then echo "building multiarch" cd $baseDir - docker buildx build --platform linux/arm64/v8,linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg UBUNTU_BASE_IMAGE="$ubuntu_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . + docker buildx build --platform linux/arm64/v8,linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg CI_BASE_IMAGE="$ci_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . else echo "building amd64" cd $baseDir - docker buildx build --platform linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg UBUNTU_BASE_IMAGE="$ubuntu_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . + docker buildx build --platform linux/amd64 -t $image --build-arg IMAGE_TAG=$imageTag --build-arg CI_BASE_IMAGE="$ci_base_image" --build-arg GOLANG_BASE_IMAGE="$golang_base_image" -f $linuxDir/Dockerfile.multiarch --push . fi echo "build and push docker image completed"