-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathDockerfile.amd64
132 lines (107 loc) · 5.4 KB
/
Dockerfile.amd64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
FROM golang:1.19.6 as builder
ENV ARCH=amd64
ENV OS=linux
WORKDIR /go/src/github.com/alibaba/hybridnet
COPY go.mod ./go.mod
COPY go.sum ./go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
COPY . /go/src/github.com/alibaba/hybridnet
RUN export GOCACHE=/tmp && \
export GO111MODULE=on && \
export GOARCH=${ARCH} && \
export CGO_ENABLED=0 && \
export GOOS=${OS} && \
export COMMIT_ID=`git rev-parse --short HEAD 2>/dev/null` && \
go build -o dist/images/hybridnet -ldflags "-w -s" -v ./cmd/cni && \
go build -ldflags "-w -s -X \"main.gitCommit=`echo $COMMIT_ID`\" " -o dist/images/hybridnet-daemon -v ./cmd/daemon && \
go build -ldflags "-X \"main.gitCommit=`echo $COMMIT_ID`\" " -o dist/images/hybridnet-manager -v ./cmd/manager && \
go build -ldflags "-X \"main.gitCommit=`echo $COMMIT_ID`\" " -o dist/images/hybridnet-webhook -v ./cmd/webhook && \
echo $COMMIT_ID > ./COMMIT_ID
RUN cd /go/src/github.com/alibaba/hybridnet/dist/secrets && \
sh generate-tls-certificates.sh
FROM calico/go-build:v0.57 as calico-builder
ARG GOPROXY
ENV GOPROXY $GOPROXY
ENV FELIX_GIT_BRANCH=v3.20.2
ENV FELIX_GIT_COMMIT=ab06c3940caa8ac201f85c1313b2d72d724409d2
ENV TYPHA_GIT_BRANCH=v3.20.2
ENV TYPHA_GIT_COMMIT=26445b9965931d0ca5cae355149435716c9883d4
ENV ARCH=amd64
ENV OS=linux
RUN mkdir -p /go/src/github.com/projectcalico/
RUN cd /go/src/github.com/projectcalico/ && \
git clone -b ${FELIX_GIT_BRANCH} --depth 1 https://github.com/projectcalico/felix.git && \
cd felix && [ "`git rev-parse HEAD`" = "${FELIX_GIT_COMMIT}" ]
COPY policy/felix /hybridnet_patch
RUN cd /go/src/github.com/projectcalico/felix && git apply /hybridnet_patch/*.patch
RUN cd /go/src/github.com/projectcalico/felix && \
export GOCACHE=/tmp && \
export GO111MODULE=on && \
export GOARCH=${ARCH} && \
export CGO_ENABLED=0 && \
export GOOS=${OS} && \
go build -v -o bin/calico-felix -v -ldflags \
"-X github.com/projectcalico/felix/buildinfo.GitVersion=${FELIX_GIT_BRANCH} \
-X github.com/projectcalico/felix/buildinfo.BuildDate=$(date -u +'%FT%T%z') \
-X github.com/projectcalico/felix/buildinfo.GitRevision=${FELIX_GIT_COMMIT} \
-B 0x${FELIX_GIT_COMMIT}" "github.com/projectcalico/felix/cmd/calico-felix" && \
chmod +x /go/src/github.com/projectcalico/felix/bin/calico-felix
RUN cd /go/src/github.com/projectcalico/ && \
git clone -b ${TYPHA_GIT_BRANCH} --depth 1 https://github.com/projectcalico/typha.git && \
cd typha && [ "`git rev-parse HEAD`" = "${TYPHA_GIT_COMMIT}" ]
RUN cd /go/src/github.com/projectcalico/typha && \
export GOCACHE=/tmp && \
export GO111MODULE=on && \
export GOARCH=${ARCH} && \
export CGO_ENABLED=0 && \
export GOOS=${OS} && \
go build -v -o bin/calico-typha -v -ldflags \
"-X github.com/projectcalico/typha/pkg/buildinfo.GitVersion=${TYPHA_GIT_COMMIT} \
-X github.com/projectcalico/typha/pkg/buildinfo.BuildDate=$(date -u +'%FT%T%z') \
-X github.com/projectcalico/typha/pkg/buildinfo.GitRevision=${TYPHA_GIT_COMMIT} \
-B 0x${TYPHA_GIT_COMMIT}" "github.com/projectcalico/typha/cmd/calico-typha" && \
chmod +x /go/src/github.com/projectcalico/typha/bin/calico-typha
FROM alpine:3.14
# replace apk source url
RUN sed -i s@/dl-cdn.alpinelinux.org/@/mirrors.aliyun.com/@g /etc/apk/repositories && \
chmod +x /bin/*
RUN apk update
RUN apk add --no-cache --allow-untrusted \
bash \
iptables \
ip6tables \
iproute2 \
iproute2-tc \
ipset \
conntrack-tools \
curl \
perl \
tar
ENV CNI_VERSION=v0.9.1
RUN mkdir -p cni-plugins/ && \
curl -SL https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz \
| tar -xz -C cni-plugins/
RUN mkdir -p gobgp/ && \
curl -SL https://github.com/osrg/gobgp/releases/download/v3.11.0/gobgp_3.11.0_linux_amd64.tar.gz \
| tar -xz -C gobgp/ && \
cp gobgp/gobgp /usr/bin/ && \
rm -rf gobgp/
COPY dist/images/start-daemon.sh /hybridnet/start-daemon.sh
COPY dist/images/install-cni.sh /hybridnet/install-cni.sh
COPY dist/images/00-hybridnet.conflist /hybridnet/00-hybridnet.conflist
COPY dist/images/iptables-wrapper-installer.sh /
RUN /iptables-wrapper-installer.sh --no-sanity-check
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/images/hybridnet /hybridnet/hybridnet
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/images/hybridnet-daemon /hybridnet/hybridnet-daemon
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/images/hybridnet-manager /hybridnet/hybridnet-manager
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/images/hybridnet-webhook /hybridnet/hybridnet-webhook
COPY --from=builder /go/src/github.com/alibaba/hybridnet/COMMIT_ID /hybridnet/COMMIT_ID
COPY --from=calico-builder /go/src/github.com/projectcalico/felix/bin/calico-felix /hybridnet/calico-felix
COPY --from=calico-builder /go/src/github.com/projectcalico/typha/bin/calico-typha /hybridnet/calico-typha
COPY policy/policyinit.sh /hybridnet/
COPY policy/uninstall-policy.sh /hybridnet/
RUN mkdir -p /tmp/k8s-webhook-server/serving-certs
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/secrets/tls.crt /tmp/k8s-webhook-server/serving-certs/tls.crt
COPY --from=builder /go/src/github.com/alibaba/hybridnet/dist/secrets/tls.key /tmp/k8s-webhook-server/serving-certs/tls.key