chore: update the way the LTS images are built (#8953) (#8958)

* chore: update the way the LTS images are built * Add the --build-arg and remove the Artifact Registry copy.
GoogleContainerTools · Jul 19, 2023 · 92efa99 · 92efa99
1 parent d5a7cff
commit 92efa99
Show file tree

Hide file tree

Showing 4 changed files with 109 additions and 220 deletions.
diff --git a/deploy/cloudbuild-lts.yaml b/deploy/cloudbuild-lts.yaml
diff --git a/deploy/cloudbuild-release-lts.yaml b/deploy/cloudbuild-release-lts.yaml
@@ -6,53 +6,16 @@ steps:
   - name: 'gcr.io/cloud-builders/docker'
     args:
     - 'build'
+    - '--build-arg'
+    - 'SKAFFOLD_VERSION=$TAG_NAME'
     - '-t'
-    - 'gcr.io/$PROJECT_ID/build_deps:latest-lts'
-    - '--cache-from'
-    - 'gcr.io/k8s-skaffold/build_deps:latest-lts'
-    - '-f'
-    - 'deploy/skaffold/Dockerfile.deps.lts'
-    - '.'
-
-# Grab secret credentials from gcp bucket
-  - name: gcr.io/cloud-builders/gcloud
-    entrypoint: 'bash'
-    args: ['deploy/setup-secret.sh','-p', $PROJECT_ID]
-
-# Build and tag skaffold builder
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-    - 'build'
-    - '--cache-from'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
+    - 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
     - '-t'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
+    - 'gcr.io/$PROJECT_ID/skaffold:$_SCANNING_MARKER-lts'
     - '-f'
-    - 'deploy/skaffold/Dockerfile'
+    - 'deploy/skaffold/Dockerfile.lts'
     - '.'
 
-# Build and tag distroless-skaffold image for scanning
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-      - 'build'
-      - '--build-arg'
-      - 'PROJECT_ID=$PROJECT_ID'
-      - '-t'
-      - 'us-east1-docker.pkg.dev/$PROJECT_ID/scanning/skaffold:$TAG_NAME-lts'
-      - '-f'
-      - 'deploy/skaffold/Dockerfile.skaffold'
-      - '.'
-
-# Do the go build & push the results to GCS
-  - name: 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
-    args:
-    - 'make'
-    - 'release-lts'
-    - 'VERSION=$TAG_NAME'
-    - 'SCANNING_MARKER=$_SCANNING_MARKER'
-    - 'RELEASE_BUCKET=$_RELEASE_BUCKET'
-    - 'GCP_PROJECT=$PROJECT_ID'
-
 # Check that skaffold is in the image
   - name: 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
     args:
@@ -62,7 +25,6 @@ steps:
 images:
 - 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
 - 'gcr.io/$PROJECT_ID/skaffold:$_SCANNING_MARKER-lts'
-- 'us-east1-docker.pkg.dev/$PROJECT_ID/scanning/skaffold:$TAG_NAME-lts'
 
 options:
   machineType: 'N1_HIGHCPU_8'

diff --git a/deploy/skaffold/Dockerfile.deps.lts b/deploy/skaffold/Dockerfile.deps.lts
diff --git a/deploy/skaffold/Dockerfile.lts b/deploy/skaffold/Dockerfile.lts
@@ -12,15 +12,107 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This base image is built using docker from cache every single time as build step.
-FROM gcr.io/k8s-skaffold/build_deps:latest-lts as build
-WORKDIR /skaffold
-
-FROM build as builder
-ARG VERSION
-COPY . .
-RUN make clean out/skaffold VERSION=$VERSION && mv out/skaffold /usr/bin/skaffold && rm -rf secrets $SECRET
-
-FROM build as release
-COPY --from=builder /usr/bin/skaffold /usr/bin/skaffold
-RUN skaffold credits -d /THIRD_PARTY_NOTICES
+ARG ARCH=amd64
+ARG SKAFFOLD_VERSION
+
+# Download skaffold
+FROM alpine:3.10 as download-skaffold
+ARG ARCH
+ARG SKAFFOLD_VERSION
+ENV SKAFFOLD_URL https://storage.googleapis.com/skaffold/releases/${SKAFFOLD_VERSION}/skaffold-linux-${ARCH}
+RUN wget -O skaffold "${SKAFFOLD_URL}"
+RUN chmod +x skaffold
+
+# Download kubectl
+FROM alpine:3.10 as download-kubectl
+ARG ARCH
+# https://cloud.google.com/sdk/docs/release-notes
+ENV KUBECTL_VERSION v1.27.2
+ENV KUBECTL_URL https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl
+# SHAs at gs://kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/
+COPY deploy/skaffold/digests/kubectl.${ARCH}.sha512 .
+RUN wget -O kubectl "${KUBECTL_URL}" && sha512sum -c kubectl.${ARCH}.sha512
+RUN chmod +x kubectl
+
+# Download helm (see https://github.com/helm/helm/releases/latest)
+FROM alpine:3.10 as download-helm
+ARG ARCH
+RUN echo arch=$ARCH
+ENV HELM_VERSION v3.12.0
+ENV HELM_URL https://storage.googleapis.com/skaffold/deps/helm/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz
+COPY deploy/skaffold/digests/helm.${ARCH}.sha256 .
+RUN wget -O helm.tar.gz "${HELM_URL}" && sha256sum -c helm.${ARCH}.sha256
+RUN tar -xvf helm.tar.gz --strip-components 1
+
+# Download kustomize
+FROM alpine:3.10 as download-kustomize
+ARG ARCH
+ENV KUSTOMIZE_VERSION 5.0.3
+ENV KUSTOMIZE_URL https://storage.googleapis.com/skaffold/deps/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
+COPY deploy/skaffold/digests/kustomize.${ARCH}.sha256 .
+RUN wget -O kustomize.tar.gz "${KUSTOMIZE_URL}" && sha256sum -c kustomize.${ARCH}.sha256
+RUN tar -xvf kustomize.tar.gz
+
+# Download kpt
+FROM alpine:3.10 as download-kpt
+ARG ARCH
+ENV KPT_VERSION 1.0.0-beta.33
+ENV KPT_URL https://storage.googleapis.com/skaffold/deps/kpt/v${KPT_VERSION}/kpt_linux_amd64
+COPY deploy/skaffold/digests/kpt.${ARCH}.sha256 .
+RUN wget -O kpt "${KPT_URL}" && sha256sum -c kpt.${ARCH}.sha256
+RUN chmod +x kpt
+
+# Download gcloud
+FROM alpine:3.10 as download-gcloud
+ARG ARCH
+ENV GCLOUD_VERSION 432.0.0
+ENV GCLOUD_URL https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GCLOUD_VERSION}-linux-GCLOUDARCH.tar.gz
+# SHAs listed at https://cloud.google.com/sdk/docs/downloads-versioned-archives
+COPY deploy/skaffold/digests/gcloud.${ARCH}.sha256 .
+RUN \
+    GCLOUDARCH=$(case "${ARCH}" in amd64) echo x86_64;; *) echo ${ARCH};; esac); \
+    wget -O gcloud.tar.gz $(echo "${GCLOUD_URL}" | sed "s/GCLOUDARCH/${GCLOUDARCH}/g") && \
+    sha256sum -c gcloud.${ARCH}.sha256
+RUN tar -zxf gcloud.tar.gz
+
+
+FROM ubuntu:20.04 as runtime_deps
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends --no-install-suggests -y \
+    git python unzip && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=download-skaffold skaffold /usr/local/bin/
+COPY --from=download-kubectl kubectl /usr/local/bin/
+COPY --from=download-helm helm /usr/local/bin/
+COPY --from=download-kustomize kustomize /usr/local/bin/
+COPY --from=download-kpt kpt /usr/local/bin/
+COPY --from=download-gcloud google-cloud-sdk/ /google-cloud-sdk/
+
+# Finish installation of gcloud
+RUN /google-cloud-sdk/install.sh \
+    --usage-reporting=false \
+    --bash-completion=false \
+    --disable-installation-options
+ENV PATH=$PATH:/google-cloud-sdk/bin
+RUN gcloud auth configure-docker && gcloud components install --quiet \
+    gke-gcloud-auth-plugin \
+    alpha \
+    beta \
+    cloud-run-proxy \
+    log-streaming
+
+FROM runtime_deps
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
+    curl \
+    build-essential \
+    python-setuptools \
+    lsb-release \
+    openjdk-17-jdk \
+    software-properties-common \
+    jq \
+    docker.io \
+    apt-transport-https && \
+    rm -rf /var/lib/apt/lists/*