From 56bca0f7e3ddd7cd0678d4621cb7929551a854a8 Mon Sep 17 00:00:00 2001 From: Jason Tang Date: Tue, 4 Oct 2022 15:22:01 -0400 Subject: [PATCH 1/2] Use bundled packages and update CI for publishing Signed-off-by: Jason Tang --- .github/workflows/ci.yml | 12 ++++++-- Makefile | 25 ++++++++++++++-- build | 2 +- .../provider-kubernetes-controller/Dockerfile | 10 ------- .../provider-kubernetes-controller/Makefile | 25 ---------------- cluster/images/provider-kubernetes/Dockerfile | 10 +++++-- cluster/images/provider-kubernetes/Makefile | 30 +++++++++++-------- package/crossplane.yaml | 18 +++++++---- 8 files changed, 71 insertions(+), 61 deletions(-) delete mode 100644 cluster/images/provider-kubernetes-controller/Dockerfile delete mode 100644 cluster/images/provider-kubernetes-controller/Makefile diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49b88a07..5cfee3fe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,7 @@ env: # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. DOCKER_USR: ${{ secrets.DOCKER_USR }} + XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} AWS_USR: ${{ secrets.AWS_USR }} jobs: @@ -237,9 +238,6 @@ jobs: # builds by default. Specifying --load does so. BUILD_ARGS: "--load" - #- name: Run E2E Tests - # run: make e2e USE_HELM3=true - publish-artifacts: runs-on: ubuntu-20.04 needs: detect-noop @@ -311,6 +309,14 @@ jobs: username: ${{ secrets.DOCKER_USR }} password: ${{ secrets.DOCKER_PSW }} + - name: Login to Upbound + uses: docker/login-action@v1 + if: env.XPKG_ACCESS_ID != '' + with: + registry: xpkg.upbound.io + username: ${{ secrets.XPKG_ACCESS_ID }} + password: ${{ secrets.XPKG_TOKEN }} + - name: Publish Artifacts to S3 and Docker Hub run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} if: env.AWS_USR != '' && env.DOCKER_USR != '' diff --git a/Makefile b/Makefile index 5a92adf1..98a6f3f2 100644 --- a/Makefile +++ b/Makefile @@ -35,16 +35,30 @@ GO111MODULE = on # ==================================================================================== # Setup Kubernetes tools KIND_VERSION = v0.11.1 +UP_VERSION = v0.13.0 +UP_CHANNEL = stable USE_HELM3 = true -include build/makelib/k8s_tools.mk # ==================================================================================== # Setup Images -DOCKER_REGISTRY = crossplane -IMAGES = provider-kubernetes provider-kubernetes-controller --include build/makelib/image.mk +IMAGES = provider-kubernetes +-include build/makelib/imagelight.mk +# ==================================================================================== +# Setup XPKG + +XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib index.docker.io/crossplane-contrib +# NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are +# inferred. +XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/crossplane-contrib +XPKGS = provider-kubernetes +-include build/makelib/xpkg.mk + +# NOTE(hasheddan): we force image building to happen prior to xpkg build so that +# we ensure image is present in daemon. +xpkg.build.provider-kubernetes: do.build.images # ==================================================================================== # Setup Local Dev -include build/makelib/local.mk @@ -86,6 +100,11 @@ submodules: @git submodule sync @git submodule update --init --recursive +# NOTE(hasheddan): we must ensure up is installed in tool cache prior to build +# as including the k8s_tools machinery prior to the xpkg machinery sets UP to +# point to tool cache. +build.init: $(UP) + # This is for running out-of-cluster locally, and is for convenience. Running # this make target will print out the command which was used. For more control, # try running the binary directly with different arguments. diff --git a/build b/build index 744c50e5..e29c9fce 160000 --- a/build +++ b/build @@ -1 +1 @@ -Subproject commit 744c50e58e0b0566a0d9407e3c5f4df0a8fa2965 +Subproject commit e29c9fcea7c84e0702689ac4ebf24650f573299f diff --git a/cluster/images/provider-kubernetes-controller/Dockerfile b/cluster/images/provider-kubernetes-controller/Dockerfile deleted file mode 100644 index bdebd1b6..00000000 --- a/cluster/images/provider-kubernetes-controller/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM BASEIMAGE -RUN apk --no-cache add ca-certificates bash - -ADD provider /usr/local/bin/crossplane-kubernetes-provider - -ENV XDG_CACHE_HOME /tmp - -EXPOSE 8080 -USER 1001 -ENTRYPOINT ["crossplane-kubernetes-provider"] \ No newline at end of file diff --git a/cluster/images/provider-kubernetes-controller/Makefile b/cluster/images/provider-kubernetes-controller/Makefile deleted file mode 100644 index 5164aebd..00000000 --- a/cluster/images/provider-kubernetes-controller/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# ==================================================================================== -# Setup Project - -PLATFORMS := linux_amd64 linux_arm64 -include ../../../build/makelib/common.mk - -# ==================================================================================== -# Options -IMAGE = $(BUILD_REGISTRY)/provider-kubernetes-controller-$(ARCH) -include ../../../build/makelib/image.mk - -# ==================================================================================== -# Targets - -img.build: - @$(INFO) docker build $(IMAGE) - @cp Dockerfile $(IMAGE_TEMP_DIR) || $(FAIL) - @cp $(OUTPUT_DIR)/bin/$(OS)_$(ARCH)/provider $(IMAGE_TEMP_DIR) || $(FAIL) - @cd $(IMAGE_TEMP_DIR) && $(SED_CMD) 's|BASEIMAGE|$(OSBASEIMAGE)|g' Dockerfile || $(FAIL) - @docker build $(BUILD_ARGS) \ - --build-arg ARCH=$(ARCH) \ - --build-arg TINI_VERSION=$(TINI_VERSION) \ - -t $(IMAGE) \ - $(IMAGE_TEMP_DIR) || $(FAIL) - @$(OK) docker build $(IMAGE) \ No newline at end of file diff --git a/cluster/images/provider-kubernetes/Dockerfile b/cluster/images/provider-kubernetes/Dockerfile index 2a19a968..98d67e6c 100644 --- a/cluster/images/provider-kubernetes/Dockerfile +++ b/cluster/images/provider-kubernetes/Dockerfile @@ -1,3 +1,9 @@ -FROM BASEIMAGE +FROM gcr.io/distroless/static@sha256:1f580b0a1922c3e54ae15b0758b5747b260bd99d39d40c2edb3e7f6e2452298b -COPY package.yaml . \ No newline at end of file +ARG TARGETOS +ARG TARGETARCH + +ADD bin/$TARGETOS\_$TARGETARCH/provider /usr/local/bin/crossplane-kubernetes-provider + +USER 65532 +ENTRYPOINT ["crossplane-kubernetes-provider"] \ No newline at end of file diff --git a/cluster/images/provider-kubernetes/Makefile b/cluster/images/provider-kubernetes/Makefile index e1cf70f1..ad9b4c29 100644 --- a/cluster/images/provider-kubernetes/Makefile +++ b/cluster/images/provider-kubernetes/Makefile @@ -1,28 +1,34 @@ # ==================================================================================== # Setup Project -PLATFORMS := linux_amd64 linux_arm64 include ../../../build/makelib/common.mk # ==================================================================================== # Options -IMAGE = $(BUILD_REGISTRY)/provider-kubernetes-$(ARCH) -OSBASEIMAGE = scratch -include ../../../build/makelib/image.mk +include ../../../build/makelib/imagelight.mk # ==================================================================================== # Targets img.build: @$(INFO) docker build $(IMAGE) + @$(MAKE) BUILD_ARGS="--load" img.build.shared + @$(OK) docker build $(IMAGE) + +img.publish: + @$(INFO) Skipping image publish for $(IMAGE) + @echo Publish is deferred to xpkg machinery + @$(OK) Image publish skipped for $(IMAGE) + +img.build.shared: @cp Dockerfile $(IMAGE_TEMP_DIR) || $(FAIL) - @cp -R ../../../package $(IMAGE_TEMP_DIR) || $(FAIL) - @cd $(IMAGE_TEMP_DIR) && $(SED_CMD) 's|BASEIMAGE|$(OSBASEIMAGE)|g' Dockerfile || $(FAIL) - @cd $(IMAGE_TEMP_DIR) && $(SED_CMD) 's|VERSION|$(VERSION)|g' package/crossplane.yaml || $(FAIL) - @cd $(IMAGE_TEMP_DIR) && find package -type f -name '*.yaml' -exec cat {} >> 'package.yaml' \; -exec printf '\n---\n' \; || $(FAIL) - @docker build $(BUILD_ARGS) \ - --build-arg ARCH=$(ARCH) \ - --build-arg TINI_VERSION=$(TINI_VERSION) \ + @cp -r $(OUTPUT_DIR)/bin/ $(IMAGE_TEMP_DIR)/bin || $(FAIL) + @docker buildx build $(BUILD_ARGS) \ + --platform $(IMAGE_PLATFORMS) \ -t $(IMAGE) \ $(IMAGE_TEMP_DIR) || $(FAIL) - @$(OK) docker build $(IMAGE) \ No newline at end of file + +img.promote: + @$(INFO) Skipping image promotion from $(FROM_IMAGE) to $(TO_IMAGE) + @echo Promote is deferred to xpkg machinery + @$(OK) Image promotion skipped for $(FROM_IMAGE) to $(TO_IMAGE) diff --git a/package/crossplane.yaml b/package/crossplane.yaml index de66a506..c9f11140 100644 --- a/package/crossplane.yaml +++ b/package/crossplane.yaml @@ -1,10 +1,18 @@ -apiVersion: meta.pkg.crossplane.io/v1alpha1 +apiVersion: meta.pkg.crossplane.io/v1 kind: Provider metadata: name: provider-kubernetes annotations: - descriptionShort: | + meta.crossplane.io/maintainer: Crossplane Maintainers + meta.crossplane.io/source: github.com/crossplane-contrib/provider-kubernetes + meta.crossplane.io/license: Apache-2.0 + meta.crossplane.io/description: | The Crossplane Kubernetes provider enables management of Kubernetes Objects. -spec: - controller: - image: crossplane/provider-kubernetes-controller:VERSION \ No newline at end of file + meta.crossplane.io/readme: | + `provider-kubernetes` is a Crossplane Provider that enables deployment and management + of arbitrary Kubernetes objects on clusters typically provisioned by Crossplane: + + - A `Provider` resource type that only points to a credentials `Secret`. + - An `Object` resource type that is to manage Kubernetes Objects. + - A managed resource controller that reconciles `Object` typed resources and manages + arbitrary Kubernetes Objects. From 7b26f63377b0c1f15f6001ef850f74a2b4a6ad31 Mon Sep 17 00:00:00 2001 From: Jason Tang Date: Tue, 4 Oct 2022 20:40:25 -0400 Subject: [PATCH 2/2] Update secrets for GitHub actions Signed-off-by: Jason Tang --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/promote.yml | 10 +++++----- Makefile | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5cfee3fe..9c0e5c96 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ env: # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. - DOCKER_USR: ${{ secrets.DOCKER_USR }} + CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} AWS_USR: ${{ secrets.AWS_USR }} @@ -304,10 +304,10 @@ jobs: - name: Login to Docker uses: docker/login-action@v1 - if: env.DOCKER_USR != '' + if: env.CONTRIB_DOCKER_USR != '' with: - username: ${{ secrets.DOCKER_USR }} - password: ${{ secrets.DOCKER_PSW }} + username: ${{ secrets.CONTRIB_DOCKER_USR }} + password: ${{ secrets.CONTRIB_DOCKER_PSW }} - name: Login to Upbound uses: docker/login-action@v1 @@ -319,14 +319,14 @@ jobs: - name: Publish Artifacts to S3 and Docker Hub run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} - if: env.AWS_USR != '' && env.DOCKER_USR != '' + if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Promote Artifacts in S3 and Docker Hub - if: github.ref == 'refs/heads/main' && env.AWS_USR != '' && env.DOCKER_USR != '' + if: github.ref == 'refs/heads/main' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' run: make -j2 promote env: BRANCH_NAME: main diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index abd5acff..a1e10b3b 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -15,7 +15,7 @@ env: # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. - DOCKER_USR: ${{ secrets.DOCKER_USR }} + CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} AWS_USR: ${{ secrets.AWS_USR }} jobs: @@ -33,13 +33,13 @@ jobs: - name: Login to Docker uses: docker/login-action@v1 - if: env.DOCKER_USR != '' + if: env.CONTRIB_DOCKER_USR != '' with: - username: ${{ secrets.DOCKER_USR }} - password: ${{ secrets.DOCKER_PSW }} + username: ${{ secrets.CONTRIB_DOCKER_USR }} + password: ${{ secrets.CONTRIB_DOCKER_PSW }} - name: Promote Artifacts in S3 and Docker Hub - if: env.AWS_USR != '' && env.DOCKER_USR != '' + if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/} env: VERSION: ${{ github.event.inputs.version }} diff --git a/Makefile b/Makefile index 98a6f3f2..3374dd08 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ IMAGES = provider-kubernetes # ==================================================================================== # Setup XPKG -XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib index.docker.io/crossplane-contrib +XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib index.docker.io/crossplanecontrib # NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are # inferred. XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/crossplane-contrib