From 00125cbdef362c34365bc27e324dfb3c0ab31db0 Mon Sep 17 00:00:00 2001 From: Alexander Hughes Date: Tue, 12 Jan 2021 13:06:41 -0500 Subject: [PATCH] Add image build jobs The images built from ViNO code are not currently stored in a public registry, this change adds Zuul jobs to push the controller and nodelabeler images to Quay.io where they can be consumed by the community. Signed-off-by: Alexander Hughes Change-Id: I19d7b9954a20af07cb6ffd1f1e8f17f3ed6e754c --- Dockerfile | 4 +- Makefile | 24 ++++++--- README.md | 2 +- nodelabeler/Dockerfile | 2 +- playbooks/airship-vino-build-images.yaml | 16 ++++++ playbooks/airship-vino-publish-images.yaml | 16 ++++++ playbooks/test-vino.yaml | 2 +- roles/vino-build-images/tasks/main.yaml | 43 +++++++++++++++ roles/vino-publish-images/tasks/main.yaml | 61 ++++++++++++++++++++++ tools/deployment/deploy-vino.sh | 2 +- zuul.d/jobs.yaml | 37 ++++++++++++- zuul.d/projects.yaml | 24 ++++++++- zuul.d/secrets.yaml | 37 +++++++++++++ 13 files changed, 255 insertions(+), 15 deletions(-) create mode 100644 playbooks/airship-vino-build-images.yaml create mode 100644 playbooks/airship-vino-publish-images.yaml create mode 100644 roles/vino-build-images/tasks/main.yaml create mode 100644 roles/vino-publish-images/tasks/main.yaml diff --git a/Dockerfile b/Dockerfile index 1e0f53a..1ad6c18 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,8 +13,8 @@ RUN go mod download # Copy the go source COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ +COPY api api/ +COPY controllers controllers/ # Build diff --git a/Makefile b/Makefile index 03a9abd..2c3cf4e 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,7 @@ # Image URL to use all building/pushing image targets # IMG ?= controller:latest -IMG ?= quay.io/airshipit/vino +CONTROLLER_IMG ?= quay.io/airshipit/vino +NODE_LABELER_IMG ?= quay.io/airshipit/nodelabeler # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true" @@ -64,14 +65,23 @@ vet: generate: controller-gen $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." -# Build the docker image +# Build the controller docker image # If DOCKER_PROXY_FLAGS values are empty, we are fine with that -docker-build: - docker build ${DOCKER_PROXY_FLAGS} . -t ${IMG} +docker-build-controller: + docker build ${DOCKER_PROXY_FLAGS} . -t ${CONTROLLER_IMG} -# Push the docker image -docker-push: - docker push ${IMG} +# Build the nodelabeler docker image +# If DOCKER_PROXY_FLAGS values are empty, we are fine with that +docker-build-nodelabeler: + docker build -f nodelabeler/Dockerfile . ${DOCKER_PROXY_FLAGS} -t ${NODE_LABELER_IMG} + +# Push the controller docker image +docker-push-controller: + docker push ${CONTROLLER_IMG} + +# Push the node_labeler docker image +docker-push-node-labeler: + docker push ${NODE_LABELER_IMG} # find or download controller-gen # download controller-gen if necessary diff --git a/README.md b/README.md index d57f385..9613471 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ Once your cluster is up and running, you'll need to build the ViNO image to use, operator on your cluster: ``` -# make docker-build +# make docker-build-controller # make deploy ``` diff --git a/nodelabeler/Dockerfile b/nodelabeler/Dockerfile index 6c05845..628a731 100644 --- a/nodelabeler/Dockerfile +++ b/nodelabeler/Dockerfile @@ -1,4 +1,4 @@ -# Default base images for builder and release images, can be overriden during build +# Default base images for builder and release images, can be overridden during build ARG BUILDER_IMAGE=gcr.io/gcp-runtimes/go1-builder:1.13 ARG RELEASE_IMAGE=scratch diff --git a/playbooks/airship-vino-build-images.yaml b/playbooks/airship-vino-build-images.yaml new file mode 100644 index 0000000..5e68522 --- /dev/null +++ b/playbooks/airship-vino-build-images.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: all + become: yes + roles: + - vino-build-images \ No newline at end of file diff --git a/playbooks/airship-vino-publish-images.yaml b/playbooks/airship-vino-publish-images.yaml new file mode 100644 index 0000000..e67e1a6 --- /dev/null +++ b/playbooks/airship-vino-publish-images.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: all + become: yes + roles: + - vino-publish-images \ No newline at end of file diff --git a/playbooks/test-vino.yaml b/playbooks/test-vino.yaml index 1dc2ba2..b8a6238 100644 --- a/playbooks/test-vino.yaml +++ b/playbooks/test-vino.yaml @@ -66,4 +66,4 @@ - name: Build Docker image make: chdir: "{{ zuul.project.src_dir }}" - target: docker-build \ No newline at end of file + target: docker-build-controller \ No newline at end of file diff --git a/roles/vino-build-images/tasks/main.yaml b/roles/vino-build-images/tasks/main.yaml new file mode 100644 index 0000000..597a602 --- /dev/null +++ b/roles/vino-build-images/tasks/main.yaml @@ -0,0 +1,43 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Run ensure-docker + include_role: + name: ensure-docker + +- name: Buid vino controller image + make: + chdir: "{{ zuul.project.src_dir }}" + target: docker-build-controller + params: + PROXY: "{{ proxy.http }}" + NO_PROXY: "{{ proxy.noproxy }}" + USE_PROXY: "{{ proxy.enabled | lower }}" + +- name: Verify controller image exists + shell: docker image inspect quay.io/airshipit/vino + args: + chdir: "{{ zuul.project.src_dir }}" + +- name: Buid vino nodelabeler image + make: + chdir: "{{ zuul.project.src_dir }}" + target: docker-build-nodelabeler + params: + PROXY: "{{ proxy.http }}" + NO_PROXY: "{{ proxy.noproxy }}" + USE_PROXY: "{{ proxy.enabled | lower }}" + +- name: Verify nodelabeler image exists + shell: docker image inspect quay.io/airshipit/nodelabeler + args: + chdir: "{{ zuul.project.src_dir }}" \ No newline at end of file diff --git a/roles/vino-publish-images/tasks/main.yaml b/roles/vino-publish-images/tasks/main.yaml new file mode 100644 index 0000000..c19d129 --- /dev/null +++ b/roles/vino-publish-images/tasks/main.yaml @@ -0,0 +1,61 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Run ensure-docker + include_role: + name: ensure-docker + +- name: Install python3-docker and python3-requests Modules + package: + name: + - python3-docker + - python3-requests + state: present + +- name: Push Images + block: + - name: Build images + include_role: + name: vino-build-images + + - name: List Docker Images + shell: docker image ls + + - name: Login to Image Registry + docker_login: + username: "{{ airship_vino_airshipit_quay_secret.username }}" + password: "{{ airship_vino_airshipit_quay_secret.password }}" + registry_url: "{{ image_repo }}" + + - name: Push Image with Latest Tag + make: + chdir: "{{ zuul.project.src_dir }}" + params: + DOCKER_IMAGE_TAG: latest + PUBLISH: "true" + PROXY: "{{ proxy.http }}" + NO_PROXY: "{{ proxy.noproxy }}" + USE_PROXY: "{{ proxy.enabled | lower }}" + DOCKER_REGISTRY: "{{ image_repo }}" + target: images + + - name: Push Image with Commit Tag + make: + chdir: "{{ zuul.project.src_dir }}" + params: + DOCKER_IMAGE_TAG: "{{ zuul.newrev }}" + PUBLISH: "true" + PROXY: "{{ proxy.http }}" + NO_PROXY: "{{ proxy.noproxy }}" + USE_PROXY: "{{ proxy.enabled | lower }}" + DOCKER_REGISTRY: "{{ image_repo }}" + target: images diff --git a/tools/deployment/deploy-vino.sh b/tools/deployment/deploy-vino.sh index a5dd7b5..10c2f6e 100755 --- a/tools/deployment/deploy-vino.sh +++ b/tools/deployment/deploy-vino.sh @@ -2,7 +2,7 @@ set -xe sudo snap install kustomize && sudo snap install go --classic -make docker-build +make docker-build-controller make deploy kubectl get po -A #Wait for vino controller manager Pod. diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index f249622..c44b37e 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -1,3 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + - job: name: airship-vino-upload-git-mirror parent: upload-git-mirror @@ -8,13 +20,36 @@ - name: git_mirror_credentials secret: airship_vino_airshipit_github_secret pass-to-parent: true + - job: name: airship-deploy-vino run: playbooks/integration-test.yaml description: Deploys kubernetes and vino timeout: 9600 + - job: name: airship-vino-test-suite description: Install kube-builder and tests make functionality. run: playbooks/test-vino.yaml - timeout: 9600 \ No newline at end of file + timeout: 9600 + +- job: + name: airship-vino-build-images + run: playbooks/airship-vino-build-images.yaml + irrelevant-files: &noncodefiles + - ^certs/.*$ + - ^docs/.*$ + - ^.*\.md$ + - ^\.github/.*$ + +- job: + name: airship-vino-publish-images + parent: airship-vino-build-images + post-run: playbooks/airship-vino-publish-images.yaml + irrelevant-files: *noncodefiles + secrets: + - name: airship_vino_airshipit_quay_secret + secret: airship_vino_airshipit_quay_secret + pass-to-parent: true + vars: + image: quay.io/airshipit/vino diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 2001d46..b29b572 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -1,14 +1,36 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + - project: + vars: + proxy: + enabled: false + http: "" + https: "" + noproxy: "" + image_repo: quay.io check: jobs: - airship-deploy-vino - airship-vino-test-suite + - airship-vino-build-images gate: jobs: - airship-deploy-vino - airship-vino-test-suite + - airship-vino-build-images post: jobs: - airship-vino-upload-git-mirror - airship-deploy-vino - - airship-vino-test-suite \ No newline at end of file + - airship-vino-test-suite + - airship-vino-publish-images diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index 2889e36..48cbc26 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -1,3 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + - secret: name: airship_vino_airshipit_github_secret data: @@ -45,3 +57,28 @@ DK1FwrUBmFikF5ThEfjAQsmZGQBLB78nB5FcLCyLQQaKemYnLqgxQHya2nmMBKmhYoF58 Oqm1FFeUq7LuZq6Xh9KCW2eAeJtLOZxV33rhhL2vEudkN0C185AF0MfxAEo5NgIvPTxWP TpPOlwUtH6DHi+VoT4fI4Qqc5AdFTRvXF1vQkokfbQos5GrtuN4zD5YwCQf1QM= +- secret: + name: airship_vino_airshipit_quay_secret + data: + username: !encrypted/pkcs1-oaep + - Nd5HDZKf0qbf32drzleXH6KwcOghdRcALiING5D7IWzI30D+uRHq4ew2SfCEhYFhyBGbM + yIPmeOfqLmbp+ql0W6rIbSgaApDt6o9WSbQZZNsRf7WvbKt/563YecX0Za1EWEOeJbLUb + hGx43IedOQAjuoQrSEnEJG2euUXsLyVSL/wQJOYzkzu4k3sOq2eLxYrmZIWNMWLf8gihK + 1ni0LhAiG+cpWfDpcnVC8o8tboVU3jQUPEzE9H8Nb/2nKDtgL2W71yzwp5nCajsUR2ZES + UkUQLIZarY/9YTd8KshsXrCvSNwGfrEeEv4RXnmSzrcqVghTazVSYhwDzUFY8tA9HbU+v + PjQ9DxjdVPS41f+m8LK6o3egDIYVugymCPZSQfdZXOuekSGRLfpZouwijicVKrm6Dx3tu + ZxRO0Ney0rpQi0yUx1LExD7yU8I7DxSQ56CvCqH6Ifv/1SOd+lz/k3/YWlPoBKJ84O0kS + vPslPWiymVle5+xHnTekdbQ++TzgMucsWQq/Ion4wHU3tE38zFRxaxw+LFFV3YmF/Ovsj + JPKX/kBUH4wmcAA9vjVd7/03kzlgcVd/I6kehZHRaeseBSYDpbQqc6ip+UjRGaBpBItMO + tiW07lAWfWhIv52DAfcKR0W/ppJatmh6Fo2Rw3RGAi3nd8mwuqGjo0/7yA6PW8= + password: !encrypted/pkcs1-oaep + - U4V/LXQ62Ezw88aCh+CYMr19sJujLlwvP4M/t6afPV2I4Hxhhzt2qQ3bPyj1wetbVwybk + wTpAHFZXcHwn9FMy0+ivm/Rj+28g974X4Yvpyq8BLwAPHrgRA7NMTW8ur4V4MxRDZiOuI + 5mk2mXeXXDSSVmblwjxHh5MX35ZgErtQSELXxi02Ohnhyjz/agwlJX3dPWkdbGu7eCHz/ + EB7NoXvWmvSw6/Ml/pq6JadocvML8jcl3Jz4bvsgN6LCq+Ajnco4UNQGS5b+B3gjKp6gB + 6upqrHTUMQfn2y64NTZMlPgTYoC7ROo+xGbDhOud2Zyi4gZzWhqY+nKJgIEEEQ8Bsdzzs + eF0sR5VEWJI/zcYIBJpyHj0eN7b5xMLKEp08yo05CMAxphLQn538FdFI2NIbrnVrKIw2M + HvJr9qKY/9kJ8qeH1Ot5dGc1+PmBc4+KIkitI2HrSFQQrlOSIcxAF0inKnCt1s2zoHVy4 + c8JlsjcXXGgtMM2smYHMwCy2srv9RSXo8o+ylviJBQ0OrvZ79TQB6tU0jmN7OwPKBxjew + iOJ8EEiAN817s7HMXy6cHiRoUeMZggFJskjVCJYcMBRrcygA42WtxwtZ2GFI4Sz90cN7v + 3P/ACytELmzO6xOCczduzTEHBvl7RbTlBp3j2lTmQ+d4P/dCLoPnAUqJzaOm2A= \ No newline at end of file