Merge pull request #5655 from wallrj/images-push

Experimental make targets for pushing images to a Docker registry and redeploying cert-manager
2022-12-21 13:12:56 +00:00 · 2022-12-21 13:12:56 +00:00 · 9a68a86ac6
commit 9a68a86ac6
parent a7671cf205 755fec1170
3 changed files with 89 additions and 0 deletions
--- a/1
+++ b/1
@ -71,6 +71,7 @@ include make/licenses.mk
 include make/e2e-setup.mk
 include make/scan.mk
 include make/legacy.mk
+include make/ko.mk
 include make/help.mk

 .PHONY: clean
--- a/make/ko.mk
+++ b/make/ko.mk
@ -0,0 +1,68 @@
+## Experimental tools for building and deploying cert-manager using ko to build and push Docker images.
+##
+## Examples:
+##
+##  # Build and Push all images to an OCI registry
+##  make ko-images-push KO_REGISTRY=<my-oci-registry>
+##
+##  # Build and Push images to an OCI registry and deploy cert-manager to the current cluster in KUBECONFIG
+##  make ko-deploy-certmanager KO_REGISTRY=<my-oci-registry>
+##
+## @category Experimental/ko
+
+## (required) The OCI registry prefix to which images will be pushed by ko.
+## @category Experimental/ko
+KO_REGISTRY ?= $(error "KO_REGISTRY is a required environment variable")
+
+## (optional) The SBOM media type to use (none will disable SBOM synthesis and
+## upload, also supports: spdx, cyclonedx, go.version-m).
+## @category Experimental/ko
+KO_SBOM ?= none
+
+## (optional) Which platforms to include in the multi-arch image.
+## Format: all | <os>[/<arch>[/<variant>]][,platform]*
+## @category Experimental/ko
+KO_PLATFORM ?= linux/amd64
+
+## (optional) Which cert-manager images to build.
+## @category Experimental/ko
+KO_BINS ?= controller acmesolver cainjector webhook ctl
+
+export KOCACHE = $(BINDIR)/scratch/ko/cache
+
+KO_IMAGE_REFS = $(foreach bin,$(KO_BINS),_bin/scratch/ko/$(bin).yaml)
+$(KO_IMAGE_REFS): _bin/scratch/ko/%.yaml: FORCE | $(NEEDS_KO) $(NEEDS_YQ)
+	@mkdir -p $(dir $@)
+	@$(eval export KO_DOCKER_REPO=$(KO_REGISTRY)/cert-manager-$*)
+	$(KO) build ./cmd/$* \
+		--bare \
+		--sbom=$(KO_SBOM) \
+		--platform=$(KO_PLATFORM) \
+		--tags=$(RELEASE_VERSION) \
+		| $(YQ) 'capture("(?P<ref>(?P<repository>[^:]+):(?P<tag>[^@]+)@(?P<digest>.*))")' > $@
+
+.PHONY: ko-images-push
+## Build and push docker images to an OCI registry using ko.
+## @category Experimental/ko
+ko-images-push: $(KO_IMAGE_REFS)
+
+.PHONY: ko-deploy-cert-manager
+## Deploy cert-manager after pushing docker images to an OCI registry using ko.
+## @category Experimental/ko
+ko-deploy-certmanager: $(BINDIR)/cert-manager.tgz $(KO_IMAGE_REFS)
+	@$(eval ACME_HTTP01_SOLVER_IMAGE = $(shell $(YQ) '.repository + "@" + .digest' $(BINDIR)/scratch/ko/acmesolver.yaml))
+	$(HELM) upgrade cert-manager $< \
+		--install \
+		--create-namespace \
+		--wait \
+		--namespace cert-manager \
+		--set image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/controller.yaml)" \
+		--set image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/controller.yaml)" \
+		--set cainjector.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/cainjector.yaml)" \
+		--set cainjector.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/cainjector.yaml)" \
+		--set webhook.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/webhook.yaml)" \
+		--set webhook.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/webhook.yaml)" \
+		--set startupapicheck.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/ctl.yaml)" \
+		--set startupapicheck.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/ctl.yaml)" \
+		--set installCRDs=true \
+		--set "extraArgs={--acme-http01-solver-image=$(ACME_HTTP01_SOLVER_IMAGE)}" \
--- a/make/tools.mk
+++ b/make/tools.mk
@ -27,6 +27,7 @@ TOOLS += ytt=v0.43.0
 TOOLS += yq=v4.27.5
 TOOLS += crane=v0.11.0
 TOOLS += ginkgo=$(shell awk '/ginkgo\/v2/ {print $$2}' go.mod)
+TOOLS += ko=v0.12.0

 # Version of Gateway API install bundle https://gateway-api.sigs.k8s.io/v1alpha2/guides/#installing-gateway-api
 GATEWAY_API_VERSION=v0.5.1
@ -329,6 +330,25 @@ $(BINDIR)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(BINDIR)/downloaded/tools
 	./hack/util/checkhash.sh $@ $(YQ_$*_SHA256SUM)
 	chmod +x $@

+######
+# ko #
+######
+
+KO_linux_amd64_SHA256SUM=05aa77182fa7c55386bd2a210fd41298542726f33bbfc9c549add3a66f7b90ad
+KO_darwin_amd64_SHA256SUM=8679d0d74fc75f24e044649c6a961dad0a3ef03bedbdece35e2f3f29eb7876af
+KO_darwin_arm64_SHA256SUM=cfef98db8ad0e1edaa483fa5c6af89eb573a8434abd372b510b89005575de702
+
+$(BINDIR)/downloaded/tools/ko@$(KO_VERSION)_%: | $(BINDIR)/downloaded/tools
+	$(eval OS_AND_ARCH := $(subst darwin,Darwin,$*))
+	$(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH)))
+	$(eval OS_AND_ARCH := $(subst amd64,x86_64,$(OS_AND_ARCH)))
+
+	$(CURL) https://github.com/ko-build/ko/releases/download/$(KO_VERSION)/ko_$(patsubst v%,%,$(KO_VERSION))_$(OS_AND_ARCH).tar.gz -o $@.tar.gz
+	./hack/util/checkhash.sh $@.tar.gz $(KO_$*_SHA256SUM)
+	tar xfO $@.tar.gz ko > $@
+	chmod +x $@
+	rm $@.tar.gz
+
 #####################
 # k8s codegen tools #
 #####################