diff --git a/build/lib/release.sh b/build/lib/release.sh index 58383cede7a..36d534a81b3 100644 --- a/build/lib/release.sh +++ b/build/lib/release.sh @@ -218,6 +218,12 @@ function kube::release::package_node_tarballs() { function kube::release::build_server_images() { # Clean out any old images rm -rf "${RELEASE_IMAGES}" + + export DOCKER_CLI_EXPERIMENTAL=enabled + docker run --rm --privileged multiarch/qemu-user-static:5.2.0-2 --reset -p yes + docker buildx rm kube-server-image-builder || true + docker buildx create --use --name=kube-server-image-builder + local platform for platform in "${KUBE_SERVER_PLATFORMS[@]}"; do local platform_tag @@ -239,6 +245,8 @@ function kube::release::build_server_images() { kube::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}" done + + docker buildx rm kube-server-image-builder } # Package up all of the server binaries @@ -364,9 +372,14 @@ function kube::release::create_docker_images_for_server() { local base_image=${wrappable##*,} local binary_file_path="${binary_dir}/${binary_name}" local docker_build_path="${binary_file_path}.dockerbuild" - local docker_file_path="${KUBE_ROOT}/build/server-image/Dockerfile" local docker_image_tag="${docker_registry}/${binary_name}-${arch}:${docker_tag}" + local docker_file_path="${KUBE_ROOT}/build/server-image/Dockerfile" + # If this binary has its own Dockerfile use that else use the generic Dockerfile. + if [[ -f "${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile" ]]; then + docker_file_path="${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile" + fi + kube::log::status "Starting docker build for image: ${binary_name}-${arch}" ( rm -rf "${docker_build_path}" @@ -402,7 +415,7 @@ function kube::release::create_docker_images_for_server() { kube::log::status "Deleting docker image ${docker_image_tag}" "${DOCKER[@]}" rmi "${docker_image_tag}" &>/dev/null || true - ) & + ) done if [[ "${KUBE_BUILD_CONFORMANCE}" =~ [yY] ]]; then diff --git a/build/server-image/kube-apiserver/Dockerfile b/build/server-image/kube-apiserver/Dockerfile new file mode 100644 index 00000000000..2762a04c737 --- /dev/null +++ b/build/server-image/kube-apiserver/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2021 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file create the kube-apiserver image. +ARG BASEIMAGE + +FROM k8s.gcr.io/build-image/setcap:buster-v1.4.0 +ARG BINARY +COPY ${BINARY} /${BINARY} +# We apply cap_net_bind_service so that kube-apiserver can be run as +# non-root and still listen on port less than 1024 +RUN setcap cap_net_bind_service=+ep /${BINARY} + +FROM ${BASEIMAGE} +ARG BINARY +COPY --from=0 /${BINARY} /usr/local/bin/${BINARY}