Skip to content
This repository has been archived by the owner on May 13, 2024. It is now read-only.

Commit

Permalink
feat: use nonroot distroless as base image for ingress-pipy (#189)
Browse files Browse the repository at this point in the history 
* feat: use distroless base-debian11 as base image for ingress-pipy

Signed-off-by: Lin Yang <reaver@flomesh.io>

* fix: change owner of pipy

Signed-off-by: Lin Yang <reaver@flomesh.io>

* fix: use shell directive

Signed-off-by: Lin Yang <reaver@flomesh.io>

* fix: chown

Signed-off-by: Lin Yang <reaver@flomesh.io>

* feat: build pipy binary

Signed-off-by: Lin Yang <reaver@flomesh.io>

* feat: build pipy nonroot image manually

Signed-off-by: Lin Yang <reaver@flomesh.io>

* fix: add workflow name

Signed-off-by: Lin Yang <reaver@flomesh.io>

* feat: build ingress-pipy nonroot

Signed-off-by: Lin Yang <reaver@flomesh.io>

* fix: builder name

Signed-off-by: Lin Yang <reaver@flomesh.io>

Signed-off-by: Lin Yang <reaver@flomesh.io>
  • Loading branch information
@reaver-flomesh
reaver-flomesh committed Jan 1, 2023
1 parent 0fafbd0 commit 0ab51c4
Show file tree
Hide file tree
Showing 9 changed files with 201 additions and 118 deletions.
47 changes: 47 additions & 0 deletions .github/workflows/build-pipy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: build-pipy-nonroot-image

on:
workflow_dispatch:
inputs:
tag:
description: 'pipy release tag'
required: true
type: string

jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2.1.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2.2.1

- name: Login to DockerHub
uses: docker/login-action@v2.1.0
with:
username: ${{ secrets.FLOMESH_DOCKERHUB_USERNAME }}
password: ${{ secrets.FLOMESH_DOCKERHUB_PASSWORD }}

- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v4.1.1
with:
images: flomesh/pipy
tags: |
type=raw,${{ inputs.tags }}-nonroot
- name: Build and Push
uses: docker/build-push-action@v3.2.0
with:
context: .
file: ./dockerfiles/pipy/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
DISTROLESS_TAG=nonroot
PIPY_VERSION=${{ inputs.tags }}
8 changes: 4 additions & 4 deletions VERSION
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
APP_VERSION=0.2.0-alpha.17
HELM_CHART_VERSION=0.2.0-alpha.17
K8S_VERSION=1.24.3
ENVTEST_K8S_VERSION=1.24
APP_VERSION=0.2.0-alpha.18
HELM_CHART_VERSION=0.2.0-alpha.18
K8S_VERSION=1.25.5
ENVTEST_K8S_VERSION=1.25
4 changes: 2 additions & 2 deletions charts/fsm/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0-alpha.17
version: 0.2.0-alpha.18

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.2.0-alpha.17"
appVersion: "0.2.0-alpha.18"

keywords:
- kubernetes
Expand Down
4 changes: 2 additions & 2 deletions charts/namespaced-ingress/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0-alpha.17
version: 0.2.0-alpha.18

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.2.0-alpha.17"
appVersion: "0.2.0-alpha.18"

dependencies:
- name: tpls
Expand Down
106 changes: 53 additions & 53 deletions deploy/fsm-dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm
namespace: flomesh
---
Expand All @@ -25,8 +25,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-leader-election-role
namespace: flomesh
rules:
Expand Down Expand Up @@ -58,8 +58,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-mesh-config-role
namespace: flomesh
rules:
Expand All @@ -79,8 +79,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-role
rules:
- apiGroups:
Expand Down Expand Up @@ -293,8 +293,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-leader-election-rolebinding
namespace: flomesh
roleRef:
Expand All @@ -312,8 +312,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down Expand Up @@ -1443,8 +1443,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-crds-resources
namespace: flomesh
---
Expand All @@ -1468,8 +1468,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-manager-config
namespace: flomesh
---
Expand Down Expand Up @@ -1500,8 +1500,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-manifests-config
namespace: flomesh
---
Expand All @@ -1514,7 +1514,7 @@ data:
"images": {
"repository": "flomesh",
"pipyImage": "pipy:0.70.0-46",
"proxyInitImage": "fsm-proxy-init:0.2.0-alpha.17-dev",
"proxyInitImage": "fsm-proxy-init:0.2.0-alpha.18-dev",
"klipperLbImage": "mirrored-klipper-lb:v0.3.5"
},
Expand Down Expand Up @@ -1572,8 +1572,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-mesh-config
namespace: flomesh
---
Expand All @@ -1586,8 +1586,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-repo-init-scripts
namespace: flomesh
---
Expand All @@ -1599,8 +1599,8 @@ metadata:
app.kubernetes.io/instance: fsm-ingress-pipy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-ingress-pipy-controller
namespace: flomesh
spec:
Expand All @@ -1624,8 +1624,8 @@ metadata:
app.kubernetes.io/instance: fsm-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-manager
namespace: flomesh
spec:
Expand All @@ -1647,8 +1647,8 @@ metadata:
app.kubernetes.io/instance: fsm-repo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-repo-service
namespace: flomesh
spec:
Expand All @@ -1670,8 +1670,8 @@ metadata:
app.kubernetes.io/instance: fsm-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-webhook-service
namespace: flomesh
spec:
Expand All @@ -1693,8 +1693,8 @@ metadata:
app.kubernetes.io/instance: fsm-ingress-pipy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-ingress-pipy
namespace: flomesh
spec:
Expand All @@ -1717,9 +1717,9 @@ spec:
app.kubernetes.io/instance: fsm-ingress-pipy
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
app.kubernetes.io/version: 0.2.0-alpha.18-dev
flomesh.io/app: fsm-ingress-pipy
helm.sh/chart: fsm-0.2.0-alpha.17
helm.sh/chart: fsm-0.2.0-alpha.18
ingress.flomesh.io/namespaced: "false"
spec:
affinity:
Expand Down Expand Up @@ -1761,7 +1761,7 @@ spec:
fieldPath: metadata.namespace
- name: FSM_NAMESPACE
value: flomesh
image: flomesh/fsm-ingress-pipy:0.2.0-alpha.17-dev
image: flomesh/fsm-ingress-pipy:0.2.0-alpha.18-dev
imagePullPolicy: Always
livenessProbe:
initialDelaySeconds: 5
Expand Down Expand Up @@ -1821,8 +1821,8 @@ metadata:
app.kubernetes.io/instance: fsm-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-manager
namespace: flomesh
spec:
Expand All @@ -1839,9 +1839,9 @@ spec:
app.kubernetes.io/instance: fsm-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
app.kubernetes.io/version: 0.2.0-alpha.18-dev
flomesh.io/app: fsm-manager
helm.sh/chart: fsm-0.2.0-alpha.17
helm.sh/chart: fsm-0.2.0-alpha.18
spec:
affinity:
nodeAffinity:
Expand Down Expand Up @@ -1885,7 +1885,7 @@ spec:
fieldPath: metadata.namespace
- name: FSM_NAMESPACE
value: flomesh
image: flomesh/fsm-manager:0.2.0-alpha.17-dev
image: flomesh/fsm-manager:0.2.0-alpha.18-dev
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -1993,8 +1993,8 @@ metadata:
app.kubernetes.io/instance: fsm-repo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: fsm-repo
namespace: flomesh
spec:
Expand All @@ -2011,9 +2011,9 @@ spec:
app.kubernetes.io/instance: fsm-repo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
app.kubernetes.io/version: 0.2.0-alpha.18-dev
flomesh.io/app: fsm-repo
helm.sh/chart: fsm-0.2.0-alpha.17
helm.sh/chart: fsm-0.2.0-alpha.18
spec:
affinity:
nodeAffinity:
Expand Down Expand Up @@ -2101,8 +2101,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: pipy-repo
namespace: flomesh
spec:
Expand All @@ -2127,8 +2127,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: pipy
spec:
controller: flomesh.io/ingress-pipy
Expand All @@ -2140,8 +2140,8 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: flomesh-mutating-webhook-configuration
webhooks: []
---
Expand All @@ -2152,7 +2152,7 @@ metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fsm
app.kubernetes.io/version: 0.2.0-alpha.17-dev
helm.sh/chart: fsm-0.2.0-alpha.17
app.kubernetes.io/version: 0.2.0-alpha.18-dev
helm.sh/chart: fsm-0.2.0-alpha.18
name: flomesh-validating-webhook-configuration
webhooks: []
Loading

0 comments on commit 0ab51c4

Please sign in to comment.