diff --git a/Dockerfile b/Dockerfile index 146ff555e..f983cf602 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN npm run build-ent ### Base builder image for native builds architecture FROM golang:1.16-alpine AS builder-native-base ENV CGO_ENABLED=1 GOOS=linux -RUN apk add libpcap-dev g++ +RUN apk add libpcap-dev g++ perl-utils ### Intermediate builder image for x86-64 to x86-64 native builds @@ -77,6 +77,13 @@ RUN go build -ldflags="-extldflags=-static -s -w \ -X 'mizuserver/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}' \ -X 'mizuserver/pkg/version.SemVer=${SEM_VER}'" -o mizuagent . +# Download Basenine executable, verify the sha1sum +ADD https://github.com/up9inc/basenine/releases/download/v0.4.13/basenine_linux_${GOARCH} ./basenine_linux_${GOARCH} +ADD https://github.com/up9inc/basenine/releases/download/v0.4.13/basenine_linux_${GOARCH}.sha256 ./basenine_linux_${GOARCH}.sha256 +RUN shasum -a 256 -c basenine_linux_${GOARCH}.sha256 +RUN chmod +x ./basenine_linux_${GOARCH} +RUN mv ./basenine_linux_${GOARCH} ./basenine + ### The shipped image ARG TARGETARCH=amd64 @@ -85,10 +92,12 @@ FROM ${TARGETARCH}/busybox:latest # gin-gonic runs in debug mode without this ENV GIN_MODE=release +WORKDIR /app/data/ WORKDIR /app # Copy binary and config files from /build to root folder of scratch container. COPY --from=builder ["/app/agent-build/mizuagent", "."] +COPY --from=builder ["/app/agent-build/basenine", "/usr/local/bin/basenine"] COPY --from=front-end ["/app/ui-build/build", "site"] COPY --from=front-end ["/app/ui-build/build-ent", "site-standalone"] diff --git a/cli/cmd/installRunner.go b/cli/cmd/installRunner.go index dd5d78321..d2cd51384 100644 --- a/cli/cmd/installRunner.go +++ b/cli/cmd/installRunner.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "github.com/creasty/defaults" "github.com/up9inc/mizu/cli/config" "github.com/up9inc/mizu/cli/errormessage" @@ -41,7 +42,7 @@ func runMizuInstall() { if err = resources.CreateInstallMizuResources(ctx, kubernetesProvider, serializedValidationRules, serializedContract, serializedMizuConfig, config.Config.IsNsRestrictedMode(), - config.Config.MizuResourcesNamespace, config.Config.AgentImage, config.Config.BasenineImage, + config.Config.MizuResourcesNamespace, config.Config.AgentImage, config.Config.KratosImage, config.Config.KetoImage, nil, defaultMaxEntriesDBSizeBytes, defaultResources, config.Config.ImagePullPolicy(), config.Config.LogLevel(), false); err != nil { diff --git a/cli/cmd/tapRunner.go b/cli/cmd/tapRunner.go index 6c104a6ff..e8edc2af8 100644 --- a/cli/cmd/tapRunner.go +++ b/cli/cmd/tapRunner.go @@ -124,7 +124,7 @@ func RunMizuTap() { } logger.Log.Infof("Waiting for Mizu Agent to start...") - if state.mizuServiceAccountExists, err = resources.CreateTapMizuResources(ctx, kubernetesProvider, serializedValidationRules, serializedContract, serializedMizuConfig, config.Config.IsNsRestrictedMode(), config.Config.MizuResourcesNamespace, config.Config.AgentImage, config.Config.BasenineImage, getSyncEntriesConfig(), config.Config.Tap.MaxEntriesDBSizeBytes(), config.Config.Tap.ApiServerResources, config.Config.ImagePullPolicy(), config.Config.LogLevel()); err != nil { + if state.mizuServiceAccountExists, err = resources.CreateTapMizuResources(ctx, kubernetesProvider, serializedValidationRules, serializedContract, serializedMizuConfig, config.Config.IsNsRestrictedMode(), config.Config.MizuResourcesNamespace, config.Config.AgentImage, getSyncEntriesConfig(), config.Config.Tap.MaxEntriesDBSizeBytes(), config.Config.Tap.ApiServerResources, config.Config.ImagePullPolicy(), config.Config.LogLevel()); err != nil { var statusError *k8serrors.StatusError if errors.As(err, &statusError) { if statusError.ErrStatus.Reason == metav1.StatusReasonAlreadyExists { diff --git a/cli/config/configStruct.go b/cli/config/configStruct.go index 5dc955491..ecfba8c89 100644 --- a/cli/config/configStruct.go +++ b/cli/config/configStruct.go @@ -28,7 +28,6 @@ type ConfigStruct struct { Auth configStructs.AuthConfig `yaml:"auth"` Config configStructs.ConfigConfig `yaml:"config,omitempty"` AgentImage string `yaml:"agent-image,omitempty" readonly:""` - BasenineImage string `yaml:"basenine-image,omitempty" readonly:""` KratosImage string `yaml:"kratos-image,omitempty" readonly:""` KetoImage string `yaml:"keto-image,omitempty" readonly:""` ImagePullPolicyStr string `yaml:"image-pull-policy" default:"Always"` @@ -52,7 +51,6 @@ func (config *ConfigStruct) validate() error { } func (config *ConfigStruct) SetDefaults() { - config.BasenineImage = fmt.Sprintf("%s:%s", shared.BasenineImageRepo, shared.BasenineImageTag) config.KratosImage = shared.KratosImageDefault config.KetoImage = shared.KetoImageDefault config.AgentImage = fmt.Sprintf("%s:%s", shared.MizuAgentImageRepo, mizu.SemVer) diff --git a/cli/resources/createResources.go b/cli/resources/createResources.go index c494e8905..c6958197d 100644 --- a/cli/resources/createResources.go +++ b/cli/resources/createResources.go @@ -15,7 +15,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" ) -func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, basenineImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level) (bool, error) { +func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level) (bool, error) { if !isNsRestrictedMode { if err := createMizuNamespace(ctx, kubernetesProvider, mizuResourcesNamespace); err != nil { return false, err @@ -42,7 +42,6 @@ func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes. Namespace: mizuResourcesNamespace, PodName: kubernetes.ApiServerPodName, PodImage: agentImage, - BasenineImage: basenineImage, KratosImage: "", KetoImage: "", ServiceAccountName: serviceAccountName, @@ -68,7 +67,7 @@ func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes. return mizuServiceAccountExists, nil } -func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, basenineImage string, kratosImage string, ketoImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, noPersistentVolumeClaim bool) error { +func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, kratosImage string, ketoImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, noPersistentVolumeClaim bool) error { if err := createMizuNamespace(ctx, kubernetesProvider, mizuResourcesNamespace); err != nil { return err } @@ -98,7 +97,6 @@ func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kuberne Namespace: mizuResourcesNamespace, PodName: kubernetes.ApiServerPodName, PodImage: agentImage, - BasenineImage: basenineImage, KratosImage: kratosImage, KetoImage: ketoImage, ServiceAccountName: serviceAccountName, diff --git a/shared/consts.go b/shared/consts.go index 1be44ed56..9ba2ae199 100644 --- a/shared/consts.go +++ b/shared/consts.go @@ -17,8 +17,6 @@ const ( MizuAgentImageRepo = "docker.io/up9inc/mizu" BasenineHost = "127.0.0.1" BaseninePort = "9099" - BasenineImageRepo = "docker.io/up9inc/basenine" - BasenineImageTag = "v0.4.13" KratosImageDefault = "gcr.io/up9-docker-hub/mizu-kratos/stable:0.0.0" KetoImageDefault = "gcr.io/up9-docker-hub/mizu-keto/stable:0.0.0" ) diff --git a/shared/kubernetes/provider.go b/shared/kubernetes/provider.go index b84f683b6..081899759 100644 --- a/shared/kubernetes/provider.go +++ b/shared/kubernetes/provider.go @@ -169,7 +169,6 @@ type ApiServerOptions struct { Namespace string PodName string PodImage string - BasenineImage string KratosImage string KetoImage string ServiceAccountName string @@ -275,7 +274,7 @@ func (provider *Provider) GetMizuApiServerPodObject(opts *ApiServerOptions, moun }, { Name: "basenine", - Image: opts.BasenineImage, + Image: opts.PodImage, ImagePullPolicy: opts.ImagePullPolicy, VolumeMounts: volumeMounts, ReadinessProbe: &core.Probe{ @@ -299,7 +298,7 @@ func (provider *Provider) GetMizuApiServerPodObject(opts *ApiServerOptions, moun "memory": memRequests, }, }, - Command: []string{"/basenine"}, + Command: []string{"basenine"}, Args: []string{"-addr", "0.0.0.0", "-port", shared.BaseninePort, "-persistent"}, WorkingDir: shared.DataDirPath, },