Merge pull request #2708 from munnerz/fix-image-uid
Fix issue causing docker images to use UID 0 (root)
This commit is contained in:
jetstack-bot
GitHub
commit
e328cfd5aa
10
BUILD.bazel
10
BUILD.bazel
@ -25,16 +25,18 @@ genrule(
|
||||
container_bundle(
|
||||
name = "images",
|
||||
images = {
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//cmd/controller:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//cmd/acmesolver:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//cmd/webhook:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//cmd/cainjector:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//build:controller",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//build:acmesolver",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//build:webhook",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//build:cainjector",
|
||||
},
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
docker_push(
|
||||
name = "images.push",
|
||||
bundle = ":images",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
|
||||
@ -44,6 +44,7 @@ DOCKERIZED_BINARIES = {
|
||||
"/usr/local/bin/" + binary: "/usr/bin/" + binary,
|
||||
},
|
||||
tags = ["manual"],
|
||||
user = "1000",
|
||||
visibility = ["//visibility:private"],
|
||||
) for binary, meta in DOCKERIZED_BINARIES.items()]
|
||||
|
||||
|
||||
@ -1,20 +1,6 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("//hack/build:docker.bzl", "covered_image", "image")
|
||||
load("//build:version.bzl", "version_x_defs")
|
||||
|
||||
image(
|
||||
name = "image",
|
||||
binary = ":acmesolver",
|
||||
component = "acmesolver",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
covered_image(
|
||||
name = "image.covered",
|
||||
component = "acmesolver",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["main.go"],
|
||||
|
||||
@ -1,20 +1,6 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("//hack/build:docker.bzl", "covered_image", "image")
|
||||
load("//build:version.bzl", "version_x_defs")
|
||||
|
||||
image(
|
||||
name = "image",
|
||||
binary = ":cainjector",
|
||||
component = "cainjector",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
covered_image(
|
||||
name = "image.covered",
|
||||
component = "cainjector",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
|
||||
@ -1,20 +1,6 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("//hack/build:docker.bzl", "covered_image", "image")
|
||||
load("//build:version.bzl", "version_x_defs")
|
||||
|
||||
image(
|
||||
name = "image",
|
||||
binary = ":controller",
|
||||
component = "controller",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
covered_image(
|
||||
name = "image.covered",
|
||||
component = "controller",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
|
||||
@ -1,20 +1,6 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
load("//hack/build:docker.bzl", "covered_image", "image")
|
||||
load("//build:version.bzl", "version_x_defs")
|
||||
|
||||
image(
|
||||
name = "image",
|
||||
binary = ":webhook",
|
||||
component = "webhook",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
covered_image(
|
||||
name = "image.covered",
|
||||
component = "webhook",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["main.go"],
|
||||
|
||||
@ -3,10 +3,10 @@ load("@io_bazel_rules_docker//container:bundle.bzl", "container_bundle")
|
||||
container_bundle(
|
||||
name = "bundle",
|
||||
images = {
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//cmd/controller:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//cmd/acmesolver:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//cmd/webhook:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//cmd/cainjector:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//build:controller",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//build:acmesolver",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//build:webhook",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//build:cainjector",
|
||||
},
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
@ -16,6 +16,7 @@ go_image(
|
||||
name = "image",
|
||||
base = "@static_base//image",
|
||||
binary = ":app",
|
||||
tags = ["manual"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ go_image(
|
||||
name = "image",
|
||||
base = "@static_base//image",
|
||||
binary = ":sample",
|
||||
tags = ["manual"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
|
||||
@ -17,38 +17,6 @@ load("@io_bazel_rules_docker//container:bundle.bzl", "container_bundle")
|
||||
load("@io_bazel_rules_docker//go:image.bzl", "go_image")
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_test")
|
||||
|
||||
def image(
|
||||
name,
|
||||
component,
|
||||
binary,
|
||||
user = "1000",
|
||||
stamp = True,
|
||||
testonly = False,
|
||||
**kwargs):
|
||||
|
||||
go_image(
|
||||
name = "%s.app" % name,
|
||||
base = "@static_base//image",
|
||||
binary = binary,
|
||||
testonly = testonly,
|
||||
)
|
||||
|
||||
container_image(
|
||||
name = name,
|
||||
base = "%s.app" % name,
|
||||
user = user,
|
||||
stamp = stamp,
|
||||
testonly = testonly,
|
||||
**kwargs)
|
||||
|
||||
container_bundle(
|
||||
name = name + ".export",
|
||||
images = {
|
||||
component + ":{STABLE_APP_GIT_COMMIT}": ":" + name,
|
||||
},
|
||||
testonly = testonly,
|
||||
)
|
||||
|
||||
def covered_image(name, component, **kwargs):
|
||||
native.genrule(
|
||||
name = "%s.covered-testfile" % name,
|
||||
@ -84,9 +52,23 @@ EOF
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
image(
|
||||
name = name,
|
||||
go_image(
|
||||
name = "%s.covered-image" % name,
|
||||
base = "@static_base//image",
|
||||
binary = "%s.covered-app" % name,
|
||||
testonly = True,
|
||||
component = component,
|
||||
)
|
||||
|
||||
container_image(
|
||||
name = name,
|
||||
base = "%s.covered-image" % name,
|
||||
testonly = True,
|
||||
**kwargs)
|
||||
|
||||
container_bundle(
|
||||
name = name + ".export",
|
||||
images = {
|
||||
component + ":{STABLE_APP_GIT_COMMIT}": ":" + name,
|
||||
},
|
||||
testonly = True,
|
||||
)
|
||||
|
||||
@ -11,10 +11,10 @@ container_bundle(
|
||||
"vault:bazel": "@com_hashicorp_vault//image",
|
||||
"sample-webhook:bazel": "//test/e2e/framework/addon/samplewebhook/sample:image",
|
||||
"gcr.io/kubernetes-helm/tiller:bazel": "@io_gcr_helm_tiller//image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//cmd/controller:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//cmd/acmesolver:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//cmd/webhook:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//cmd/cainjector:image",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-controller:{STABLE_DOCKER_TAG}": "//build:controller",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-acmesolver:{STABLE_DOCKER_TAG}": "//build:acmesolver",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-webhook:{STABLE_DOCKER_TAG}": "//build:webhook",
|
||||
"{STABLE_DOCKER_REGISTRY}/cert-manager-cainjector:{STABLE_DOCKER_TAG}": "//build:cainjector",
|
||||
},
|
||||
tags = ["manual"],
|
||||
)
|
||||
@ -73,7 +73,6 @@ filegroup(
|
||||
srcs = [
|
||||
":package-srcs",
|
||||
"//test/e2e/bin/cloudflare-clean:all-srcs",
|
||||
"//test/e2e/charts:all-srcs",
|
||||
"//test/e2e/framework:all-srcs",
|
||||
"//test/e2e/suite:all-srcs",
|
||||
"//test/e2e/util:all-srcs",
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
load("@io_bazel_rules_docker//container:bundle.bzl", "container_bundle")
|
||||
|
||||
container_bundle(
|
||||
name = "images",
|
||||
images = {
|
||||
# A set of images to bundle up into a single tarball.
|
||||
"pebble:bazel": "//test/e2e/charts/pebble:image",
|
||||
"quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1": "@io_kubernetes_ingress-nginx//image",
|
||||
"k8s.gcr.io/defaultbackend-amd64:bazel": "@io_gcr_k8s_defaultbackend//image",
|
||||
"vault:bazel": "@com_hashicorp_vault//image",
|
||||
"gcr.io/kubernetes-helm/tiller:bazel": "@io_gcr_helm_tiller//image",
|
||||
},
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
Loading…
Reference in New Issue
Block a user