From c09dbb07e4c4e6aa7b39eb8e738c4e33f7ad201b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Valais?= Date: Mon, 21 Feb 2022 15:28:13 +0100 Subject: [PATCH] make: speed up 'docker build' with separate dir contexts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, we had one .dockerignore that would do its best to only have the binaries and licenses copied into the Docker (or nerdctl, or buildah). Unfortunately, that meant it had to copy all of bin/server and bin/cmctl, which could become quite large (I measured 1.6 GB). Instead of relying on a single .dockerignore file, we copy the licenses and binaries into a "scratch context" directory. The downside is that all the binaries are in two different places (bin/server and bin/scratch/containers). Note that we can't use symlinks because Docker won't dereference them. Signed-off-by: Maƫl Valais --- .dockerignore | 7 --- hack/containers/Containerfile.acmesolver | 11 ++--- hack/containers/Containerfile.cainjector | 11 ++--- hack/containers/Containerfile.controller | 11 ++--- hack/containers/Containerfile.ctl | 11 ++--- hack/containers/Containerfile.webhook | 11 ++--- make/containers.mk | 58 +++++++++++++----------- 7 files changed, 46 insertions(+), 74 deletions(-) delete mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index f99145275..000000000 --- a/.dockerignore +++ /dev/null @@ -1,7 +0,0 @@ -bin/* -bazel* - -!bin/server/** -!bin/cmctl/cmctl-linux-* -!bin/scratch/cert-manager.license -!bin/scratch/cert-manager.licenses_notice diff --git a/hack/containers/Containerfile.acmesolver b/hack/containers/Containerfile.acmesolver index b47878a1f..8928d472d 100644 --- a/hack/containers/Containerfile.acmesolver +++ b/hack/containers/Containerfile.acmesolver @@ -4,14 +4,9 @@ FROM $BASE_IMAGE USER 1000 -ARG BINARY_PATH -ARG LICENSE_PATH -ARG LICENSES_PATH - -COPY $BINARY_PATH /app/cmd/acmesolver/acmesolver - -COPY $LICENSE_PATH /licenses/LICENSE -COPY $LICENSES_PATH /licenses/LICENSES +COPY acmesolver /app/cmd/acmesolver/acmesolver +COPY cert-manager.license /licenses/LICENSE +COPY cert-manager.licenses_notice /licenses/LICENSES ENTRYPOINT ["/app/cmd/acmesolver/acmesolver"] diff --git a/hack/containers/Containerfile.cainjector b/hack/containers/Containerfile.cainjector index 114cced31..f077db9c4 100644 --- a/hack/containers/Containerfile.cainjector +++ b/hack/containers/Containerfile.cainjector @@ -4,14 +4,9 @@ FROM $BASE_IMAGE USER 1000 -ARG BINARY_PATH -ARG LICENSE_PATH -ARG LICENSES_PATH - -COPY $BINARY_PATH /app/cmd/cainjector/cainjector - -COPY $LICENSE_PATH /licenses/LICENSE -COPY $LICENSES_PATH /licenses/LICENSES +COPY cainjector /app/cmd/cainjector/cainjector +COPY cert-manager.license /licenses/LICENSE +COPY cert-manager.licenses_notice /licenses/LICENSES ENTRYPOINT ["/app/cmd/cainjector/cainjector"] diff --git a/hack/containers/Containerfile.controller b/hack/containers/Containerfile.controller index 5b4e662c0..8dec5249d 100644 --- a/hack/containers/Containerfile.controller +++ b/hack/containers/Containerfile.controller @@ -4,14 +4,9 @@ FROM $BASE_IMAGE USER 1000 -ARG BINARY_PATH -ARG LICENSE_PATH -ARG LICENSES_PATH - -COPY $BINARY_PATH /app/cmd/controller/controller - -COPY $LICENSE_PATH /licenses/LICENSE -COPY $LICENSES_PATH /licenses/LICENSES +COPY controller /app/cmd/controller/controller +COPY cert-manager.license /licenses/LICENSE +COPY cert-manager.licenses_notice /licenses/LICENSES ENTRYPOINT ["/app/cmd/controller/controller"] diff --git a/hack/containers/Containerfile.ctl b/hack/containers/Containerfile.ctl index 8ff3afec6..f5bfe5400 100644 --- a/hack/containers/Containerfile.ctl +++ b/hack/containers/Containerfile.ctl @@ -4,14 +4,9 @@ FROM $BASE_IMAGE USER 1000 -ARG BINARY_PATH -ARG LICENSE_PATH -ARG LICENSES_PATH - -COPY $BINARY_PATH /app/cmd/ctl/ctl - -COPY $LICENSE_PATH /licenses/LICENSE -COPY $LICENSES_PATH /licenses/LICENSES +COPY ctl /app/cmd/ctl/ctl +COPY cert-manager.license /licenses/LICENSE +COPY cert-manager.licenses_notice /licenses/LICENSES ENTRYPOINT ["/app/cmd/ctl/ctl"] diff --git a/hack/containers/Containerfile.webhook b/hack/containers/Containerfile.webhook index c7b5a99e6..c97a77142 100644 --- a/hack/containers/Containerfile.webhook +++ b/hack/containers/Containerfile.webhook @@ -4,14 +4,9 @@ FROM $BASE_IMAGE USER 1000 -ARG BINARY_PATH -ARG LICENSE_PATH -ARG LICENSES_PATH - -COPY $BINARY_PATH /app/cmd/webhook/webhook - -COPY $LICENSE_PATH /licenses/LICENSE -COPY $LICENSES_PATH /licenses/LICENSES +COPY webhook /app/cmd/webhook/webhook +COPY cert-manager.license /licenses/LICENSE +COPY cert-manager.licenses_notice /licenses/LICENSES ENTRYPOINT ["/app/cmd/webhook/webhook"] diff --git a/make/containers.mk b/make/containers.mk index 11ffd014f..ba4362920 100644 --- a/make/containers.mk +++ b/make/containers.mk @@ -40,79 +40,83 @@ all-containers: cert-manager-controller-linux cert-manager-webhook-linux cert-ma .PHONY: cert-manager-controller-linux cert-manager-controller-linux: bin/containers/cert-manager-controller-linux-amd64.tar.gz bin/containers/cert-manager-controller-linux-arm64.tar.gz bin/containers/cert-manager-controller-linux-s390x.tar.gz bin/containers/cert-manager-controller-linux-ppc64le.tar.gz bin/containers/cert-manager-controller-linux-arm.tar.gz -bin/containers/cert-manager-controller-linux-amd64.tar.gz bin/containers/cert-manager-controller-linux-arm64.tar.gz bin/containers/cert-manager-controller-linux-s390x.tar.gz bin/containers/cert-manager-controller-linux-ppc64le.tar.gz bin/containers/cert-manager-controller-linux-arm.tar.gz: bin/containers/cert-manager-controller-linux-%.tar.gz: bin/server/controller-linux-% hack/containers/Containerfile.controller bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers +bin/containers/cert-manager-controller-linux-amd64.tar.gz bin/containers/cert-manager-controller-linux-arm64.tar.gz bin/containers/cert-manager-controller-linux-s390x.tar.gz bin/containers/cert-manager-controller-linux-ppc64le.tar.gz bin/containers/cert-manager-controller-linux-arm.tar.gz: bin/containers/cert-manager-controller-linux-%.tar.gz: bin/server/controller-linux-% hack/containers/Containerfile.controller bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers bin/scratch/containers/cert-manager-controller-linux-% $(eval TAG := cert-manager-controller-$*:$(RELEASE_VERSION)) - $(eval BASE := $(BASE_IMAGE_$(notdir $<))) + $(eval BASE := BASE_IMAGE_$(notdir $<)) + $(eval CONTEXT_DIR := bin/scratch/containers/$(notdir $(@:%.tar.gz=%))) + @cp $< $(CONTEXT_DIR)/controller + @cp bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice $(CONTEXT_DIR) $(CTR) build --quiet \ -f hack/containers/Containerfile.controller \ - --build-arg BASE_IMAGE=$(BASE) \ - --build-arg BINARY_PATH=$< \ - --build-arg LICENSE_PATH=bin/scratch/cert-manager.license \ - --build-arg LICENSES_PATH=bin/scratch/cert-manager.licenses_notice \ + --build-arg BASE_IMAGE=$($(BASE)) \ -t $(TAG) \ - . + $(CONTEXT_DIR) $(CTR) save $(TAG) | gzip > $@ .PHONY: cert-manager-webhook-linux cert-manager-webhook-linux: bin/containers/cert-manager-webhook-linux-amd64.tar.gz bin/containers/cert-manager-webhook-linux-arm64.tar.gz bin/containers/cert-manager-webhook-linux-s390x.tar.gz bin/containers/cert-manager-webhook-linux-ppc64le.tar.gz bin/containers/cert-manager-webhook-linux-arm.tar.gz -bin/containers/cert-manager-webhook-linux-amd64.tar.gz bin/containers/cert-manager-webhook-linux-arm64.tar.gz bin/containers/cert-manager-webhook-linux-s390x.tar.gz bin/containers/cert-manager-webhook-linux-ppc64le.tar.gz bin/containers/cert-manager-webhook-linux-arm.tar.gz: bin/containers/cert-manager-webhook-linux-%.tar.gz: bin/server/webhook-linux-% hack/containers/Containerfile.webhook bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers +bin/containers/cert-manager-webhook-linux-amd64.tar.gz bin/containers/cert-manager-webhook-linux-arm64.tar.gz bin/containers/cert-manager-webhook-linux-s390x.tar.gz bin/containers/cert-manager-webhook-linux-ppc64le.tar.gz bin/containers/cert-manager-webhook-linux-arm.tar.gz: bin/containers/cert-manager-webhook-linux-%.tar.gz: bin/server/webhook-linux-% hack/containers/Containerfile.webhook bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers bin/scratch/containers/cert-manager-webhook-linux-% $(eval TAG := cert-manager-webhook-$*:$(RELEASE_VERSION)) $(eval BASE := BASE_IMAGE_$(notdir $<)) + $(eval CONTEXT_DIR := bin/scratch/containers/$(notdir $(@:%.tar.gz=%))) + @cp $< $(CONTEXT_DIR)/webhook + @cp bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice $(CONTEXT_DIR) $(CTR) build --quiet \ -f hack/containers/Containerfile.webhook \ --build-arg BASE_IMAGE=$($(BASE)) \ - --build-arg BINARY_PATH=$< \ - --build-arg LICENSE_PATH=bin/scratch/cert-manager.license \ - --build-arg LICENSES_PATH=bin/scratch/cert-manager.licenses_notice \ -t $(TAG) \ - . + $(CONTEXT_DIR) $(CTR) save $(TAG) | gzip > $@ .PHONY: cert-manager-cainjector-linux cert-manager-cainjector-linux: bin/containers/cert-manager-cainjector-linux-amd64.tar.gz bin/containers/cert-manager-cainjector-linux-arm64.tar.gz bin/containers/cert-manager-cainjector-linux-s390x.tar.gz bin/containers/cert-manager-cainjector-linux-ppc64le.tar.gz bin/containers/cert-manager-cainjector-linux-arm.tar.gz -bin/containers/cert-manager-cainjector-linux-amd64.tar.gz bin/containers/cert-manager-cainjector-linux-arm64.tar.gz bin/containers/cert-manager-cainjector-linux-s390x.tar.gz bin/containers/cert-manager-cainjector-linux-ppc64le.tar.gz bin/containers/cert-manager-cainjector-linux-arm.tar.gz: bin/containers/cert-manager-cainjector-linux-%.tar.gz: bin/server/cainjector-linux-% hack/containers/Containerfile.cainjector bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers +bin/containers/cert-manager-cainjector-linux-amd64.tar.gz bin/containers/cert-manager-cainjector-linux-arm64.tar.gz bin/containers/cert-manager-cainjector-linux-s390x.tar.gz bin/containers/cert-manager-cainjector-linux-ppc64le.tar.gz bin/containers/cert-manager-cainjector-linux-arm.tar.gz: bin/containers/cert-manager-cainjector-linux-%.tar.gz: bin/server/cainjector-linux-% hack/containers/Containerfile.cainjector bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers bin/scratch/containers/cert-manager-cainjector-linux-% $(eval TAG := cert-manager-cainjector-$*:$(RELEASE_VERSION)) $(eval BASE := BASE_IMAGE_$(notdir $<)) + $(eval CONTEXT_DIR := bin/scratch/containers/$(notdir $(@:%.tar.gz=%))) + @cp $< $(CONTEXT_DIR)/cainjector + @cp bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice $(CONTEXT_DIR) $(CTR) build --quiet \ -f hack/containers/Containerfile.cainjector \ --build-arg BASE_IMAGE=$($(BASE)) \ - --build-arg BINARY_PATH=$< \ - --build-arg LICENSE_PATH=bin/scratch/cert-manager.license \ - --build-arg LICENSES_PATH=bin/scratch/cert-manager.licenses_notice \ -t $(TAG) \ - . + $(CONTEXT_DIR) $(CTR) save $(TAG) | gzip > $@ .PHONY: cert-manager-acmesolver-linux cert-manager-acmesolver-linux: bin/containers/cert-manager-acmesolver-linux-amd64.tar.gz bin/containers/cert-manager-acmesolver-linux-arm64.tar.gz bin/containers/cert-manager-acmesolver-linux-s390x.tar.gz bin/containers/cert-manager-acmesolver-linux-ppc64le.tar.gz bin/containers/cert-manager-acmesolver-linux-arm.tar.gz -bin/containers/cert-manager-acmesolver-linux-amd64.tar.gz bin/containers/cert-manager-acmesolver-linux-arm64.tar.gz bin/containers/cert-manager-acmesolver-linux-s390x.tar.gz bin/containers/cert-manager-acmesolver-linux-ppc64le.tar.gz bin/containers/cert-manager-acmesolver-linux-arm.tar.gz: bin/containers/cert-manager-acmesolver-linux-%.tar.gz: bin/server/acmesolver-linux-% hack/containers/Containerfile.acmesolver bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers +bin/containers/cert-manager-acmesolver-linux-amd64.tar.gz bin/containers/cert-manager-acmesolver-linux-arm64.tar.gz bin/containers/cert-manager-acmesolver-linux-s390x.tar.gz bin/containers/cert-manager-acmesolver-linux-ppc64le.tar.gz bin/containers/cert-manager-acmesolver-linux-arm.tar.gz: bin/containers/cert-manager-acmesolver-linux-%.tar.gz: bin/server/acmesolver-linux-% hack/containers/Containerfile.acmesolver bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers bin/scratch/containers/cert-manager-acmesolver-linux-% $(eval TAG := cert-manager-acmesolver-$*:$(RELEASE_VERSION)) $(eval BASE := BASE_IMAGE_$(notdir $<)) + $(eval CONTEXT_DIR := bin/scratch/containers/$(notdir $(@:%.tar.gz=%))) + @cp $< $(CONTEXT_DIR)/acmesolver + @cp bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice $(CONTEXT_DIR) $(CTR) build --quiet \ -f hack/containers/Containerfile.acmesolver \ --build-arg BASE_IMAGE=$($(BASE)) \ - --build-arg BINARY_PATH=$< \ - --build-arg LICENSE_PATH=bin/scratch/cert-manager.license \ - --build-arg LICENSES_PATH=bin/scratch/cert-manager.licenses_notice \ -t $(TAG) \ - . + $(CONTEXT_DIR) $(CTR) save $(TAG) | gzip > $@ .PHONY: cert-manager-ctl-linux cert-manager-ctl-linux: bin/containers/cert-manager-ctl-linux-amd64.tar.gz bin/containers/cert-manager-ctl-linux-arm64.tar.gz bin/containers/cert-manager-ctl-linux-s390x.tar.gz bin/containers/cert-manager-ctl-linux-ppc64le.tar.gz bin/containers/cert-manager-ctl-linux-arm.tar.gz -bin/containers/cert-manager-ctl-linux-amd64.tar.gz bin/containers/cert-manager-ctl-linux-arm64.tar.gz bin/containers/cert-manager-ctl-linux-s390x.tar.gz bin/containers/cert-manager-ctl-linux-ppc64le.tar.gz bin/containers/cert-manager-ctl-linux-arm.tar.gz: bin/containers/cert-manager-ctl-linux-%.tar.gz: bin/cmctl/cmctl-linux-% hack/containers/Containerfile.ctl bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers +bin/containers/cert-manager-ctl-linux-amd64.tar.gz bin/containers/cert-manager-ctl-linux-arm64.tar.gz bin/containers/cert-manager-ctl-linux-s390x.tar.gz bin/containers/cert-manager-ctl-linux-ppc64le.tar.gz bin/containers/cert-manager-ctl-linux-arm.tar.gz: bin/containers/cert-manager-ctl-linux-%.tar.gz: bin/cmctl/cmctl-linux-% hack/containers/Containerfile.ctl bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice bin/release-version | bin/containers bin/scratch/containers/cert-manager-ctl-linux-% $(eval TAG := cert-manager-ctl-$*:$(RELEASE_VERSION)) $(eval BASE := BASE_IMAGE_$(notdir $<)) + $(eval CONTEXT_DIR := bin/scratch/containers/$(notdir $(@:%.tar.gz=%))) + @cp $< $(CONTEXT_DIR)/ctl + @cp bin/scratch/cert-manager.license bin/scratch/cert-manager.licenses_notice $(CONTEXT_DIR) $(CTR) build --quiet \ -f hack/containers/Containerfile.ctl \ --build-arg BASE_IMAGE=$($(BASE)) \ - --build-arg BINARY_PATH=$< \ - --build-arg LICENSE_PATH=bin/scratch/cert-manager.license \ - --build-arg LICENSES_PATH=bin/scratch/cert-manager.licenses_notice \ -t $(TAG) \ - . + $(CONTEXT_DIR) $(CTR) save $(TAG) | gzip > $@ + + +$(foreach arch,amd64 arm64 s390x ppc64le arm,$(foreach bin,controller acmesolver cainjector webhook ctl, bin/scratch/containers/cert-manager-$(bin)-linux-$(arch))): + @mkdir -p $@