diff --git a/build/BUILD.bazel b/build/BUILD.bazel index 0229fa576..596606bfc 100644 --- a/build/BUILD.bazel +++ b/build/BUILD.bazel @@ -20,8 +20,10 @@ DOCKERIZED_BINARIES = { }, } -# Allows passing --define image_type=dynamic custom flag to Bazel command. -# Used to allow optionally build with the dynamic base image. +# Allows passing --define image_type=dynamic custom flag to Bazel command. Used +# to allow optionally build with the dynamic base image. This would only be used +# by alternative/experimental cert-manager builds that, for example, need to +# create dynamically linked binaries due to linking to a C library. config_setting( name = "dynamic_image", values = { @@ -88,10 +90,10 @@ grep ^STABLE_BUILD_SCM_REVISION bazel-out/stable-status.txt \ stamp = 1, ) -# Building this rule will result in invocation of multi_arch_container rule because -# the srcs list contains Bazel labels that correspond to the output of the -# native.genrule in multi_arch_container definiton. # This rule will produce tarballs and docker tags for all server images. +# Building this rule will result in invocation of the multi_arch_container rule +# because the srcs list contains Bazel labels that correspond to the output of +# the native.genrule in multi_arch_container definiton. release_filegroup( name = "server-artifacts", srcs = [":%s.tar" % binary for binary in DOCKERIZED_BINARIES.keys()] + diff --git a/build/images.bzl b/build/images.bzl index b1b2e9bff..a0341d451 100644 --- a/build/images.bzl +++ b/build/images.bzl @@ -25,6 +25,12 @@ def define_base_images(): repository = "distroless/static", digest = "sha256:a7752b29b18bb106938caefd8dcce8a94199022cbd06ea42268b968f35e837a8", ) + # Use 'dynamic' distroless image for modified cert-manager deployments that + # are dynamically linked. (This is not the default and you probably don't + # need this.) + # To get the latest-amd64 digest for gcr.io/distroless/base, + # assuming that $GOPATH/bin is in your $PATH, run: + # go get github.com/genuinetools/reg && reg digest gcr.io/distroless/base:latest-amd64 container_pull( name = "dynamic_base", registry = "gcr.io",