Note that darwin/arm64 has to be special cased currently because of a
lack of official support for that platform in upstream etcd and
kube-apiserver. We instead install the amd64 versions, which is what
we did for bazel.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This slightly modifies our existing helm chart verification script to
accept the location of a tarball containing the chart we're verifying.
That in turn allows us to more generally use the script for both
validating the chart we build using make and the chart we build using
bazel.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
when on temp target, the object being verified will still be written and
so a second invocation of `make tools` will succeed and install an
unverified version
For more information see attached issue
Fixes#4678
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
Includes targets for:
- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries
Upgrades from the bazel flow include that:
- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
bundle was 1.4MB in size alone)
Changes from the bazel flow include:
- containers no longer have a symlink to the binary at an unusual
path, but instead just have the binary at a more predictable path
(e.g. /app/cmd/webhook/webhook instead of
/app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
