From b2106033b9c7ef75cccf7e9e16dfa860ebd09815 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Fri, 21 Aug 2020 14:19:52 -0400 Subject: [PATCH 1/2] build: Migrate go-runner image building to k/release Signed-off-by: Stephen Augustus --- build/BUILD | 1 - build/dependencies.yaml | 6 -- build/go-runner/BUILD | 29 -------- build/go-runner/Dockerfile | 45 ------------ build/go-runner/Makefile | 71 ------------------- build/go-runner/OWNERS | 6 -- build/go-runner/README.md | 30 -------- build/go-runner/cloudbuild.yaml | 22 ------ build/go-runner/go-runner.go | 122 -------------------------------- build/go-runner/go.mod | 5 -- build/go-runner/go.sum | 2 - 11 files changed, 339 deletions(-) delete mode 100644 build/go-runner/BUILD delete mode 100644 build/go-runner/Dockerfile delete mode 100644 build/go-runner/Makefile delete mode 100644 build/go-runner/OWNERS delete mode 100644 build/go-runner/README.md delete mode 100644 build/go-runner/cloudbuild.yaml delete mode 100644 build/go-runner/go-runner.go delete mode 100644 build/go-runner/go.mod delete mode 100644 build/go-runner/go.sum diff --git a/build/BUILD b/build/BUILD index e4d15e0db7f..20793e1f7b9 100644 --- a/build/BUILD +++ b/build/BUILD @@ -20,7 +20,6 @@ filegroup( name = "all-srcs", srcs = [ ":package-srcs", - "//build/go-runner:all-srcs", "//build/release-tars:all-srcs", "//build/visible_to:all-srcs", ], diff --git a/build/dependencies.yaml b/build/dependencies.yaml index f91d8ae302d..5ba2faab209 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -143,12 +143,6 @@ dependencies: - path: test/utils/image/manifest.go match: configs\[DebianIptables\] = Config{buildImageRegistry, "debian-iptables", "v\d+\.\d+.\d+"} - - name: "k8s.gcr.io/go-runner" - version: 0.1.1 - refPaths: - - path: build/go-runner/Makefile - match: TAG \?= - - name: "k8s.gcr.io/go-runner: dependents" version: 0.1.1 refPaths: diff --git a/build/go-runner/BUILD b/build/go-runner/BUILD deleted file mode 100644 index 1a3f5dc40bd..00000000000 --- a/build/go-runner/BUILD +++ /dev/null @@ -1,29 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") - -go_library( - name = "go_default_library", - srcs = ["go-runner.go"], - importpath = "k8s.io/kubernetes/build/go-runner", - visibility = ["//visibility:private"], - deps = ["//vendor/github.com/pkg/errors:go_default_library"], -) - -go_binary( - name = "go-runner", - embed = [":go_default_library"], - visibility = ["//visibility:public"], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], - visibility = ["//visibility:public"], -) diff --git a/build/go-runner/Dockerfile b/build/go-runner/Dockerfile deleted file mode 100644 index a9ad0ef3cd4..00000000000 --- a/build/go-runner/Dockerfile +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Build the manager binary -FROM golang:1.13 as builder -WORKDIR /workspace - -# Run this with docker build --build_arg goproxy=$(go env GOPROXY) to override the goproxy -ARG goproxy=https://proxy.golang.org -# Run this with docker build --build_arg package=./controlplane/kubeadm or --build_arg package=./bootstrap/kubeadm -ENV GOPROXY=$goproxy - -# Copy the sources -COPY ./ ./ - -# Cache the go build -RUN go build . - -# Build -ARG package=. -ARG ARCH - -# Do not force rebuild of up-to-date packages (do not use -a) -RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ - go build -ldflags '-s -w -buildid= -extldflags "-static"' \ - -o go-runner ${package} - -# Production image -FROM gcr.io/distroless/static:latest -LABEL maintainers="Kubernetes Authors" -LABEL description="go based runner for distroless scenarios" -WORKDIR / -COPY --from=builder /workspace/go-runner . -ENTRYPOINT ["/go-runner"] diff --git a/build/go-runner/Makefile b/build/go-runner/Makefile deleted file mode 100644 index 1d3a85ea458..00000000000 --- a/build/go-runner/Makefile +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# set default shell -SHELL=/bin/bash -o pipefail - -TAG ?= v0.1.1 -REGISTRY ?= k8s.gcr.io - -IMGNAME = go-runner -IMAGE = $(REGISTRY)/$(IMGNAME) - -PLATFORMS = linux/amd64 linux/arm64 linux/arm linux/ppc64le linux/s390x - -HOST_GOOS ?= $(shell go env GOOS) -HOST_GOARCH ?= $(shell go env GOARCH) -GO_BUILD ?= go build - -.PHONY: all build clean - -.PHONY: all -all: build - -.PHONY: build -build: - $(GO_BUILD) - -.PHONY: clean -clean: - rm go-runner - -.PHONY: container -container: init-docker-buildx - # https://github.com/docker/buildx/issues/59 - $(foreach PLATFORM,$(PLATFORMS), \ - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \ - --load \ - --progress plain \ - --platform $(PLATFORM) \ - --tag $(IMAGE)-$(PLATFORM):$(TAG) .;) - -.PHONY: push -push: container - $(foreach PLATFORM,$(PLATFORMS), \ - docker push $(IMAGE)-$(PLATFORM):$(TAG);) - -.PHONY: manifest -manifest: push - docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(PLATFORMS) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g") - @for arch in $(PLATFORMS); do docker manifest annotate --arch "$${arch##*/}" ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done - docker manifest push --purge $(IMAGE):$(TAG) - -.PHONY: init-docker-buildx -init-docker-buildx: -ifneq ($(shell docker buildx 2>&1 >/dev/null; echo $?),) - $(error "buildx not vailable. Docker 19.03 or higher is required") -endif - docker run --rm --privileged linuxkit/binfmt:4ea3b9b0938cbd19834c096aa31ff475cc75d281 - docker buildx create --name multiarch-go-runner --use || true - docker buildx inspect --bootstrap diff --git a/build/go-runner/OWNERS b/build/go-runner/OWNERS deleted file mode 100644 index 8760e69dd46..00000000000 --- a/build/go-runner/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - build-image-approvers -reviewers: - - build-image-reviewers diff --git a/build/go-runner/README.md b/build/go-runner/README.md deleted file mode 100644 index 0073d6f5267..00000000000 --- a/build/go-runner/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# Kubernetes go-runner image - -The Kubernetes go-runner image wraps the gcr.io/distroless/static image and provides a go based -binary that can run commands and wrap stdout/stderr etc. - -Why do we need this? Some of our images like kube-apiserver currently use bash for collecting -logs, so we are not able to switch to distroless images directly for these images. The klog's -`--log-file` was supposed to fix this problem, but we ran into trouble in scalability CI jobs -around log rotation and picked this option instead. we essentially publish a multi-arch -manifest with support for various platforms. This can be used as a base for other kubernetes -components. - -For example instead of running kube-apiserver like this: -```bash -"/bin/sh", - "-c", - "exec /usr/local/bin/kube-apiserver {{params}} --allow-privileged={{pillar['allow_privileged']}} 1>>/var/log/kube-apiserver.log 2>&1" -``` - -we would use go-runner like so: -```bash -"/go-runner", "--log-file=/var/log/kube-apiserver.log", "--also-stdout=false", "--redirect-stderr=true", - "/usr/local/bin/kube-apiserver", - "--allow-privileged={{pillar['allow_privileged']}}", - {{params}} -``` - -The go-runner would then ensure that we run the `/usr/local/bin/kube-apiserver` with the -specified parameters and redirect stdout ONLY to the log file specified and ensure anything -logged to stderr also ends up in the log file. diff --git a/build/go-runner/cloudbuild.yaml b/build/go-runner/cloudbuild.yaml deleted file mode 100644 index 088cd12ded9..00000000000 --- a/build/go-runner/cloudbuild.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# See https://github.com/kubernetes/test-infra/blob/master/config/jobs/image-pushing/README.md for more details on image pushing process - -# this must be specified in seconds. If omitted, defaults to 600s (10 mins) -timeout: 1200s -# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF, -# or any new substitutions added in the future. -options: - substitution_option: ALLOW_LOOSE - machineType: 'N1_HIGHCPU_8' -steps: - - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20200422-b25d964' - entrypoint: 'bash' - dir: ./build/go-runner - env: - - DOCKER_CLI_EXPERIMENTAL=enabled - - REGISTRY=gcr.io/$PROJECT_ID - - HOME=/root - args: - - '-c' - - | - gcloud auth configure-docker \ - && make manifest diff --git a/build/go-runner/go-runner.go b/build/go-runner/go-runner.go deleted file mode 100644 index feb141201c1..00000000000 --- a/build/go-runner/go-runner.go +++ /dev/null @@ -1,122 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "fmt" - "io" - "log" - "os" - "os/exec" - "os/signal" - "strings" - "syscall" - - "github.com/pkg/errors" -) - -var ( - logFilePath = flag.String("log-file", "", "If non-empty, save stdout to this file") - alsoToStdOut = flag.Bool("also-stdout", false, "useful with log-file, log to standard output as well as the log file") - redirectStderr = flag.Bool("redirect-stderr", true, "treat stderr same as stdout") -) - -func main() { - flag.Parse() - - if err := configureAndRun(); err != nil { - log.Fatal(err) - } -} - -func configureAndRun() error { - var ( - outputStream io.Writer = os.Stdout - errStream io.Writer = os.Stderr - ) - - args := flag.Args() - if len(args) == 0 { - return errors.Errorf("not enough arguments to run") - } - - if logFilePath != nil && *logFilePath != "" { - logFile, err := os.OpenFile(*logFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) - if err != nil { - return errors.Wrapf(err, "failed to create log file %v", *logFilePath) - } - if *alsoToStdOut { - outputStream = io.MultiWriter(os.Stdout, logFile) - } else { - outputStream = logFile - } - } - - if *redirectStderr { - errStream = outputStream - } - - exe := args[0] - var exeArgs []string - if len(args) > 1 { - exeArgs = args[1:] - } - cmd := exec.Command(exe, exeArgs...) - cmd.Stdout = outputStream - cmd.Stderr = errStream - - log.Printf("Running command:\n%v", cmdInfo(cmd)) - err := cmd.Start() - if err != nil { - return errors.Wrap(err, "starting command") - } - - // Handle signals and shutdown process gracefully. - go setupSigHandler(cmd.Process) - return errors.Wrap(cmd.Wait(), "running command") -} - -// cmdInfo generates a useful look at what the command is for printing/debug. -func cmdInfo(cmd *exec.Cmd) string { - return fmt.Sprintf( - `Command env: (log-file=%v, also-stdout=%v, redirect-stderr=%v) -Run from directory: %v -Executable path: %v -Args (comma-delimited): %v`, *logFilePath, *alsoToStdOut, *redirectStderr, - cmd.Dir, cmd.Path, strings.Join(cmd.Args, ","), - ) -} - -// setupSigHandler will forward any termination signals to the process -func setupSigHandler(process *os.Process) { - // terminationSignals are signals that cause the program to exit in the - // supported platforms (linux, darwin, windows). - terminationSignals := []os.Signal{syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT} - - c := make(chan os.Signal, 1) - signal.Notify(c, terminationSignals...) - - // Block until a signal is received. - log.Println("Now listening for interrupts") - s := <-c - log.Printf("Got signal: %v. Sending down to process (PID: %v)", s, process.Pid) - if err := process.Signal(s); err != nil { - log.Fatalf("Failed to signal process: %v", err) - } - log.Printf("Signalled process %v successfully.", process.Pid) -} diff --git a/build/go-runner/go.mod b/build/go-runner/go.mod deleted file mode 100644 index e5929a4e6f9..00000000000 --- a/build/go-runner/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module k8s.io/kubernetes/build/go-runner - -go 1.15 - -require github.com/pkg/errors v0.9.1 diff --git a/build/go-runner/go.sum b/build/go-runner/go.sum deleted file mode 100644 index 7c401c3f58b..00000000000 --- a/build/go-runner/go.sum +++ /dev/null @@ -1,2 +0,0 @@ -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= From fee5b2245f7f0758a63f8663f2089e974bb257e0 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Fri, 21 Aug 2020 14:41:40 -0400 Subject: [PATCH 2/2] build: Update to go-runner:buster-v2.0.0 Signed-off-by: Stephen Augustus --- build/common.sh | 2 +- build/dependencies.yaml | 2 +- build/workspace.bzl | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/build/common.sh b/build/common.sh index 32abc2ae4df..fe33256f04b 100755 --- a/build/common.sh +++ b/build/common.sh @@ -96,7 +96,7 @@ kube::build::get_docker_wrapped_binaries() { local arch=$1 local debian_base_version=v2.1.3 local debian_iptables_version=v12.1.2 - local go_runner_version=v0.1.1 + local go_runner_version=buster-v2.0.0 ### If you change any of these lists, please also update DOCKERIZED_BINARIES ### in build/BUILD. And kube::golang::server_image_targets local targets=( diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 5ba2faab209..868ba8d01b4 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -144,7 +144,7 @@ dependencies: match: configs\[DebianIptables\] = Config{buildImageRegistry, "debian-iptables", "v\d+\.\d+.\d+"} - name: "k8s.gcr.io/go-runner: dependents" - version: 0.1.1 + version: buster-v2.0.0 refPaths: - path: build/common.sh match: go_runner_version= diff --git a/build/workspace.bzl b/build/workspace.bzl index 15677d7b14e..c865c329bb1 100644 --- a/build/workspace.bzl +++ b/build/workspace.bzl @@ -102,15 +102,15 @@ _DEBIAN_IPTABLES_DIGEST = { # Use skopeo to find these values: https://github.com/containers/skopeo # # Example -# Manifest: skopeo inspect docker://gcr.io/k8s-staging-build-image/go-runner:v0.1.1 -# Arches: skopeo inspect --raw docker://gcr.io/k8s-staging-build-image/go-runner:v0.1.1 +# Manifest: skopeo inspect docker://gcr.io/k8s-staging-build-image/go-runner:buster-v2.0.0 +# Arches: skopeo inspect --raw docker://gcr.io/k8s-staging-build-image/go-runner:buster-v2.0.0 _GO_RUNNER_DIGEST = { - "manifest": "sha256:4892faa2de0533bc1af72b9b233936f21a9e7362063345d170de1a8f464f2ad8", - "amd64": "sha256:821e48a96d46aa53d2f7f5ef9d9093ed69979957a0a7092d1c09c44d81028a9d", - "arm": "sha256:2cc042179887b6baa0792e156b53f4cb94181b1a99153790402bd8e517e8cf56", - "arm64": "sha256:00ca7f34275349330a5d8ddffd15e2980fe5b2cbdd410f063f4e7617e0e71c29", - "ppc64le": "sha256:3e25e0d0e9d17033f3e86d4af5787c7fc5f1173e174d77eebdc14df1a06f1c99", - "s390x": "sha256:3e34e290cd35a90285991a575e2e79fddfb161c66f13bc5662a1cc0a4ade32e0", + "manifest": "sha256:ff6e2f3683e7d284674ed18341fc898060204e8c43c9b477e13c6f7faf3e66d4", + "amd64": "sha256:140404aed601b95a2a0a1aeac0608a0fdbd5fc339a8ea6b2ee4a63c7e1f56415", + "arm": "sha256:5d4e8c77bc472610e7e46bbd2b83e167e243434b8287ba2ffe6b09aba9f08ecc", + "arm64": "sha256:62429a05973522064480deb44134e3ca355ee89c7781f3fc3ee9072f17de0085", + "ppc64le": "sha256:05c8575486ccea90c35e8d8ba28c84aee57a03d58329b1354cf7193c372d2de2", + "s390x": "sha256:e886ab4557e60293081f2e47a5b52e84bd3d60290a0f46fb99fac6eec35479ec", } def _digest(d, arch): @@ -127,7 +127,7 @@ def image_dependencies(): digest = _digest(_GO_RUNNER_DIGEST, arch), registry = "k8s.gcr.io/build-image", repository = "go-runner", - tag = "v0.1.1", # ignored, but kept here for documentation + tag = "buster-v2.0.0", # ignored, but kept here for documentation ) container_pull(