github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-25 12:17:52 +00:00
Code Issues Projects Releases Wiki Activity

Switch core master base images from debian to distroless

Browse Source 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Yuwen Ma
2019-05-02 10:12:38 -07:00
committed by Davanum Srinivas
parent ba3bf32300
commit 1aa67fc525
12 changed files with 90 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
build/BUILD
View File

@@ -31,7 +31,7 @@ filegroup(
# in build/common.sh.
DOCKERIZED_BINARIES = {
"kube-apiserver": {
"base": "@debian-base-{ARCH}//image",
"base": "@go-runner-linux-{ARCH}//image",
"target": "//cmd/kube-apiserver:kube-apiserver",
},
"kube-controller-manager": {
@@ -39,7 +39,7 @@ DOCKERIZED_BINARIES = {
"target": "//cmd/kube-controller-manager:kube-controller-manager",
},
"kube-scheduler": {
"base": "@debian-base-{ARCH}//image",
"base": "@go-runner-linux-{ARCH}//image",
"target": "//cmd/kube-scheduler:kube-scheduler",
},
"kube-proxy": {

5
build/common.sh
View File

@@ -96,12 +96,13 @@ kube::build::get_docker_wrapped_binaries() {
local arch=$1
local debian_base_version=v2.1.0
local debian_iptables_version=v12.1.0
local go_runner_version=v0.1.1
### If you change any of these lists, please also update DOCKERIZED_BINARIES
### in build/BUILD. And kube::golang::server_image_targets
local targets=(
"kube-apiserver,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
"kube-apiserver,${KUBE_BASE_IMAGE_REGISTRY}/go-runner:${go_runner_version}"
"kube-controller-manager,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
"kube-scheduler,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
"kube-scheduler,${KUBE_BASE_IMAGE_REGISTRY}/go-runner:${go_runner_version}"
"kube-proxy,${KUBE_BASE_IMAGE_REGISTRY}/debian-iptables-${arch}:${debian_iptables_version}"
)

14
build/dependencies.yaml
View File

@@ -117,6 +117,20 @@ dependencies:
- path: build/workspace.bzl
match: tag =
- name: "k8s.gcr.io/go-runner"
version: 0.1.1
refPaths:
- path: build/go-runner/Makefile
match: TAG \?=
- name: "k8s.gcr.io/go-runner: dependents"
version: 0.1.1
refPaths:
- path: build/common.sh
match: go_runner_version=
- path: build/workspace.bzl
match: tag =
- name: "k8s.gcr.io/pause"
version: 3.3
refPaths:

27
build/workspace.bzl
View File

@@ -50,7 +50,7 @@ _ETCD_TARBALL_ARCH_SHA256 = {
def release_dependencies():
cni_tarballs()
cri_tarballs()
debian_image_dependencies()
image_dependencies()
etcd_tarballs()
def cni_tarballs():
@@ -99,14 +99,37 @@ _DEBIAN_IPTABLES_DIGEST = {
"s390x": "sha256:1b91a2788750552913377bf1bc99a095544dfb523d80a55674003c974c8e0905",
}
# Use skopeo to find these values: https://github.com/containers/skopeo
#
# Example
# Manifest: skopeo inspect docker://gcr.io/k8s-staging-build-image/go-runner:v0.1.1
# Arches: skopeo inspect --raw docker://gcr.io/k8s-staging-build-image/go-runner:v0.1.1
_GO_RUNNER_DIGEST = {
"manifest": "sha256:4892faa2de0533bc1af72b9b233936f21a9e7362063345d170de1a8f464f2ad8",
"amd64": "sha256:821e48a96d46aa53d2f7f5ef9d9093ed69979957a0a7092d1c09c44d81028a9d",
"arm": "sha256:2cc042179887b6baa0792e156b53f4cb94181b1a99153790402bd8e517e8cf56",
"arm64": "sha256:00ca7f34275349330a5d8ddffd15e2980fe5b2cbdd410f063f4e7617e0e71c29",
"ppc64le": "sha256:3e25e0d0e9d17033f3e86d4af5787c7fc5f1173e174d77eebdc14df1a06f1c99",
"s390x": "sha256:3e34e290cd35a90285991a575e2e79fddfb161c66f13bc5662a1cc0a4ade32e0",
}
def _digest(d, arch):
if arch not in d:
print("WARNING: %s not found in %r" % (arch, d))
return d["manifest"]
return d[arch]
def debian_image_dependencies():
def image_dependencies():
for arch in SERVER_PLATFORMS["linux"]:
container_pull(
name = "go-runner-linux-" + arch,
architecture = arch,
digest = _digest(_GO_RUNNER_DIGEST, arch),
registry = "us.gcr.io/k8s-artifacts-prod/build-image",
repository = "go-runner",
tag = "v0.1.1", # ignored, but kept here for documentation
)
container_pull(
name = "debian-base-" + arch,
architecture = arch,