diff --git a/Makefile b/Makefile index 80b6eb68d..f356c3506 100644 --- a/Makefile +++ b/Makefile @@ -71,6 +71,7 @@ include make/licenses.mk include make/e2e-setup.mk include make/scan.mk include make/legacy.mk +include make/ko.mk include make/help.mk .PHONY: clean diff --git a/make/ko.mk b/make/ko.mk new file mode 100644 index 000000000..b6d48537e --- /dev/null +++ b/make/ko.mk @@ -0,0 +1,68 @@ +## Experimental tools for building and deploying cert-manager using ko to build and push Docker images. +## +## Examples: +## +## # Build and Push all images to an OCI registry +## make ko-images-push KO_REGISTRY= +## +## # Build and Push images to an OCI registry and deploy cert-manager to the current cluster in KUBECONFIG +## make ko-deploy-certmanager KO_REGISTRY= +## +## @category Experimental/ko + +## (required) The OCI registry prefix to which images will be pushed by ko. +## @category Experimental/ko +KO_REGISTRY ?= $(error "KO_REGISTRY is a required environment variable") + +## (optional) The SBOM media type to use (none will disable SBOM synthesis and +## upload, also supports: spdx, cyclonedx, go.version-m). +## @category Experimental/ko +KO_SBOM ?= none + +## (optional) Which platforms to include in the multi-arch image. +## Format: all | [/[/]][,platform]* +## @category Experimental/ko +KO_PLATFORM ?= linux/amd64 + +## (optional) Which cert-manager images to build. +## @category Experimental/ko +KO_BINS ?= controller acmesolver cainjector webhook ctl + +export KOCACHE = $(BINDIR)/scratch/ko/cache + +KO_IMAGE_REFS = $(foreach bin,$(KO_BINS),_bin/scratch/ko/$(bin).yaml) +$(KO_IMAGE_REFS): _bin/scratch/ko/%.yaml: FORCE | $(NEEDS_KO) $(NEEDS_YQ) + @mkdir -p $(dir $@) + @$(eval export KO_DOCKER_REPO=$(KO_REGISTRY)/cert-manager-$*) + $(KO) build ./cmd/$* \ + --bare \ + --sbom=$(KO_SBOM) \ + --platform=$(KO_PLATFORM) \ + --tags=$(RELEASE_VERSION) \ + | $(YQ) 'capture("(?P(?P[^:]+):(?P[^@]+)@(?P.*))")' > $@ + +.PHONY: ko-images-push +## Build and push docker images to an OCI registry using ko. +## @category Experimental/ko +ko-images-push: $(KO_IMAGE_REFS) + +.PHONY: ko-deploy-cert-manager +## Deploy cert-manager after pushing docker images to an OCI registry using ko. +## @category Experimental/ko +ko-deploy-certmanager: $(BINDIR)/cert-manager.tgz $(KO_IMAGE_REFS) + @$(eval ACME_HTTP01_SOLVER_IMAGE = $(shell $(YQ) '.repository + "@" + .digest' $(BINDIR)/scratch/ko/acmesolver.yaml)) + $(HELM) upgrade cert-manager $< \ + --install \ + --create-namespace \ + --wait \ + --namespace cert-manager \ + --set image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/controller.yaml)" \ + --set image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/controller.yaml)" \ + --set cainjector.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/cainjector.yaml)" \ + --set cainjector.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/cainjector.yaml)" \ + --set webhook.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/webhook.yaml)" \ + --set webhook.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/webhook.yaml)" \ + --set startupapicheck.image.repository="$(shell $(YQ) .repository $(BINDIR)/scratch/ko/ctl.yaml)" \ + --set startupapicheck.image.digest="$(shell $(YQ) .digest $(BINDIR)/scratch/ko/ctl.yaml)" \ + --set installCRDs=true \ + --set "extraArgs={--acme-http01-solver-image=$(ACME_HTTP01_SOLVER_IMAGE)}" \ diff --git a/make/tools.mk b/make/tools.mk index 95613d70c..e74372980 100644 --- a/make/tools.mk +++ b/make/tools.mk @@ -27,6 +27,7 @@ TOOLS += ytt=v0.43.0 TOOLS += yq=v4.27.5 TOOLS += crane=v0.11.0 TOOLS += ginkgo=$(shell awk '/ginkgo\/v2/ {print $$2}' go.mod) +TOOLS += ko=v0.12.0 # Version of Gateway API install bundle https://gateway-api.sigs.k8s.io/v1alpha2/guides/#installing-gateway-api GATEWAY_API_VERSION=v0.5.1 @@ -329,6 +330,25 @@ $(BINDIR)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(BINDIR)/downloaded/tools ./hack/util/checkhash.sh $@ $(YQ_$*_SHA256SUM) chmod +x $@ +###### +# ko # +###### + +KO_linux_amd64_SHA256SUM=05aa77182fa7c55386bd2a210fd41298542726f33bbfc9c549add3a66f7b90ad +KO_darwin_amd64_SHA256SUM=8679d0d74fc75f24e044649c6a961dad0a3ef03bedbdece35e2f3f29eb7876af +KO_darwin_arm64_SHA256SUM=cfef98db8ad0e1edaa483fa5c6af89eb573a8434abd372b510b89005575de702 + +$(BINDIR)/downloaded/tools/ko@$(KO_VERSION)_%: | $(BINDIR)/downloaded/tools + $(eval OS_AND_ARCH := $(subst darwin,Darwin,$*)) + $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) + $(eval OS_AND_ARCH := $(subst amd64,x86_64,$(OS_AND_ARCH))) + + $(CURL) https://github.com/ko-build/ko/releases/download/$(KO_VERSION)/ko_$(patsubst v%,%,$(KO_VERSION))_$(OS_AND_ARCH).tar.gz -o $@.tar.gz + ./hack/util/checkhash.sh $@.tar.gz $(KO_$*_SHA256SUM) + tar xfO $@.tar.gz ko > $@ + chmod +x $@ + rm $@.tar.gz + ##################### # k8s codegen tools # #####################