feat: add arm64 support for images

Signed-off-by: Anish Ramasekar <[email protected]>

Author: aramase

.pipelines/templates/e2e-kind-template.yml

@@ -1,6 +1,6 @@
 jobs:
   - job: e2e_tests
-    timeoutInMinutes: 10
+    timeoutInMinutes: 15
     cancelTimeoutInMinutes: 5
     workspace:
       clean: all

.pipelines/templates/scan-images-template.yml

@@ -2,7 +2,9 @@ steps:
   - script: |
       export REGISTRY="e2e"
       export IMAGE_VERSION="test"
-      make build-image
+      export OUTPUT_TYPE="type=docker"
+      make docker-build
+
       wget https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
       tar zxvf trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
 

.pipelines/templates/unit-tests-template.yml

@@ -32,6 +32,6 @@ jobs:
           sudo ./_output/kubernetes-kms --keyvault-name $KV_NAME --key-name $KV_KEY --key-version $KV_KEY_VERSION --listen-addr "unix:///opt/azurekms.sock" > /dev/null &
           echo Waiting 2 seconds for the server to start
           sleep 2
-          make integration-test
+          sudo make integration-test
         displayName: Run integration tests
       - template: scan-images-template.yml

Dockerfile

@@ -1,6 +1,24 @@
-ARG BASEIMAGE="gcr.io/distroless/static:nonroot-amd64"
-FROM $BASEIMAGE
+FROM golang:1.17 as builder
 
-COPY ./_output/kubernetes-kms /bin/
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
 
-ENTRYPOINT [ "/bin/kubernetes-kms" ]
+# Copy the go source
+COPY cmd/server/main.go main.go
+COPY pkg/ pkg/
+
+ARG GOARCH
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/kubernetes-kms/pkg/version.BuildVersion=latest}" -o _output/kubernetes-kms main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM --platform=${TARGETPLATFORM:-linux/amd64} gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/_output/kubernetes-kms .
+
+ENTRYPOINT [ "/kubernetes-kms" ]

Makefile

@@ -18,6 +18,7 @@ BUILD_DATE_VAR := $(REPO_PATH)/pkg/version.BuildDate
 BUILD_DATE := $$(date +%Y-%m-%d-%H:%M)
 GIT_VAR := $(REPO_PATH)/pkg/version.GitCommit
 GIT_HASH := $$(git rev-parse --short HEAD)
+LDFLAGS ?= "-X $(BUILD_DATE_VAR)=$(BUILD_DATE) -X $(BUILD_VERSION_VAR)=$(IMAGE_VERSION) -X $(GIT_VAR)=$(GIT_HASH)"
 
 GO_FILES=$(shell go list ./... | grep -v /test/e2e)
 TOOLS_MOD_DIR := ./tools
@@ -30,9 +31,11 @@ export DOCKER_BUILDKIT
 # Testing var
 KIND_VERSION ?= 0.11.0
 KUBERNETES_VERSION ?= v1.21.1
-BATS_VERSION ?= 1.2.1
+BATS_VERSION ?= 1.4.1
 
-GO_BUILD_OPTIONS := --tags "netgo osusergo"  -ldflags "-s -X $(BUILD_VERSION_VAR)=$(IMAGE_VERSION) -X $(GIT_VAR)=$(GIT_HASH) -X $(BUILD_DATE_VAR)=$(BUILD_DATE) -extldflags '-static'"
+## --------------------------------------
+## Linting
+## --------------------------------------
 
 $(TOOLS_DIR)/golangci-lint: $(TOOLS_MOD_DIR)/go.mod $(TOOLS_MOD_DIR)/go.sum $(TOOLS_MOD_DIR)/tools.go
 	cd $(TOOLS_MOD_DIR) && \
@@ -42,41 +45,70 @@ $(TOOLS_DIR)/golangci-lint: $(TOOLS_MOD_DIR)/go.mod $(TOOLS_MOD_DIR)/go.sum $(TO
 lint: $(TOOLS_DIR)/golangci-lint
 	$(TOOLS_DIR)/golangci-lint run --timeout=5m -v
 
-.PHONY: build
-build:
-	$Q GOOS=linux CGO_ENABLED=0 go build $(GO_BUILD_OPTIONS) -o _output/kubernetes-kms ./cmd/server/
-
-.PHONY: build-darwin
-build-darwin:
-	$Q GOOS=darwin CGO_ENABLED=0 go build $(GO_BUILD_OPTIONS) -o _output/kubernetes-kms ./cmd/server/
-
-build-image: clean build
-	$Q docker build -t $(IMAGE_TAG) .
+## --------------------------------------
+## Images
+## --------------------------------------
 
-push-image: build-image
-	$Q docker push $(IMAGE_TAG)
+ALL_LINUX_ARCH ?= amd64 arm64
+# Output type of docker buildx build
+OUTPUT_TYPE ?= type=registry
 
-.PHONY: clean unit-test integration-test
+BUILDX_BUILDER_NAME ?= img-builder
+QEMU_VERSION ?= 5.2.0-2
+# The architecture of the image
+ARCH ?= amd64
 
-clean:
-	$Q rm -rf _output/
+.PHONY: build
+build:
+	go build -a -ldflags $(LDFLAGS) -o _output/kubernetes-kms ./cmd/server/
+
+.PHONY: docker-build
+docker-build:
+	@if ! docker buildx ls | grep $(BUILDX_BUILDER_NAME); then \
+		docker run --rm --privileged multiarch/qemu-user-static:$(QEMU_VERSION) --reset -p yes; \
+		docker buildx create \
+			--name $(BUILDX_BUILDER_NAME) \
+			--use; \
+		docker buildx inspect $(BUILDX_BUILDER_NAME) --bootstrap; \
+	fi
+	docker buildx build \
+		--build-arg GOARCH=$(ARCH) \
+		--build-arg LDFLAGS=$(LDFLAGS) \
+		--no-cache \
+		--platform="linux/$(ARCH)" \
+		--output=$(OUTPUT_TYPE) \
+		-t $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)-linux-$(ARCH)  . \
+		--progress=plain; \
+	@if [ "$(ARCH)" = "amd64" ] && [ "$(OUTPUT_TYPE)" = "type=docker" ]; then \
+		docker tag $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)-linux-$(ARCH) $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION); \
+	fi
+
+.PHONY: docker-build-all
+docker-build-all:
+	@for ARCH in $(ALL_LINUX_ARCH); do \
+		$(MAKE) ARCH=$(ARCH) docker-build; \
+	done
+
+.PHONY: docker-push-manifest
+docker-push-manifest:
+	docker manifest create --amend $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION) $(foreach arch,$(ALL_LINUX_ARCH),$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)-linux-$(arch)); \
+	for arch in $(ALL_LINUX_ARCH); do \
+		docker manifest annotate --os linux --arch $${arch} $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION) $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)-linux-$${arch}; \
+	done; \
+	docker manifest push --purge $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION); \
 
-authors:
-	$Q git log --all --format='%aN <%cE>' | sort -u  | sed -n '/github/!p' > GITAUTHORS
-	$Q cat AUTHORS GITAUTHORS  | sort -u > NEWAUTHORS
-	$Q mv NEWAUTHORS AUTHORS
-	$Q rm -f NEWAUTHORS
-	$Q rm -f GITAUTHORS
+## --------------------------------------
+## Testing
+## --------------------------------------
 
+.PHONY: integration-test
 integration-test:
-	$Q sudo GOPATH=$(GOPATH) go test -v -count=1 -failfast github.com/Azure/kubernetes-kms/tests/client
+	go test -v -count=1 -failfast github.com/Azure/kubernetes-kms/tests/client
 
+.PHONY: unit-test
 unit-test:
 	go test -race -v -count=1 -failfast `go list ./... | grep -v client`
 
-.PHONY: mod
-mod:
-	@go mod tidy
 
 ## --------------------------------------
 ## E2E Testing

scripts/setup-local-registry.sh

@@ -17,10 +17,12 @@ fi
 export REGISTRY=localhost:${REGISTRY_PORT}
 export IMAGE_NAME=keyvault
 export IMAGE_VERSION=e2e-$(git rev-parse --short HEAD)
+export OUTPUT_TYPE=type=docker
 
 # push build image to local registry
-echo "Pushing image to local registry"
-make push-image
+echo "Build and push image to local registry"
+make docker-build
+docker push "${REGISTRY}/${IMAGE_NAME}:${IMAGE_VERSION}"
 
 # generate manifest for local
 make e2e-generate-manifests