Merge pull request #85 from bottlerocket-os/build-with-sdk

build: add Dockerfile for controller, build with bottlerocket-sdk
bottlerocket-os · Aug 24, 2021 · a84e9b8 · a84e9b8
2 parents 9b37635 + 834f37d
commit a84e9b8
Show file tree

Hide file tree

Showing 8 changed files with 235 additions and 198 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile.sdk_openssl b/Dockerfile.sdk_openssl
@@ -0,0 +1,29 @@
+ARG ARCH
+FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build
+ARG ARCH
+ARG OPENSSL_VERSION=1.1.1k
+ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+USER root
+
+# Build openssl using musl toolchain for openssl-sys crate
+RUN dnf install -y perl
+RUN mkdir /musl && \
+    echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \
+    ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \
+    ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \
+    ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux
+
+RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+    echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \
+    tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \
+    cd openssl-${OPENSSL_VERSION} && \
+    ./Configure no-shared no-async -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \
+    env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \
+    make -j && \
+    make install && \
+    cd .. && rm -rf openssl-${OPENSSL_VERSION}
+
+# We need these environment variables set for building the `openssl-sys` crate
+ENV PKG_CONFIG_ALLOW_CROSS=1
+ENV OPENSSL_STATIC=true
+ENV OPENSSL_DIR=/musl
diff --git a/Makefile b/Makefile
@@ -1,8 +1,25 @@
-.PHONY: example-test-agent-container
+.PHONY: sdk-openssl example-test-agent-image controller-image images
 
-# Build a container image for daemon and tools.
-example-test-agent-container:
-	docker build \
-		--network=host \
-		--tag 'example_test_agent' \
+ARCH=$(shell uname -m)
+
+images: controller-image
+
+# Augment the bottlerocket-sdk image with openssl built with the musl toolchain
+sdk-openssl:
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "bottlerocket-sdk-openssl-$(ARCH)" \
+		-f Dockerfile.sdk_openssl .
+
+# Build the container image for the example test-agent program
+example-test-agent-image: sdk-openssl
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "example-testsys-agent" \
 		-f test-agent/examples/example_test_agent/Dockerfile .
+
+controller-image: sdk-openssl
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "testsys-controller" \
+		-f controller/Dockerfile .
diff --git a/client/Cargo.toml b/client/Cargo.toml
@@ -7,7 +7,7 @@ publish = false
 [dependencies]
 # k8s-openapi must match the version required by kube and enable a k8s version feature
 k8s-openapi = { version = "0.13.0", default-features = false, features = ["v1_20"] }
-kube = { version = "0.59.0", default-features = false, features = ["client", "derive", "rustls-tls"] }
+kube = { version = "0.59.0", default-features = true, features = [ "derive"] }
 log = "0.4"
 schemars = "0.8"
 serde = { version = "1", features = [ "derive" ] }

diff --git a/controller/Cargo.toml b/controller/Cargo.toml
@@ -9,7 +9,7 @@ env_logger = "0.9"
 futures = "0.3"
 # k8s-openapi must match the version required by kube and enable a k8s version feature
 k8s-openapi = { version = "0.13.0", default-features = false, features = ["v1_20"] }
-kube = { version = "0.59.0", default-features = false, features = ["client", "derive", "rustls-tls"] }
+kube = { version = "0.59.0", default-features = true, features = [ "derive"] }
 kube-runtime = "0.59.0"
 log = "0.4"
 schemars = "0.8"

diff --git a/controller/Dockerfile b/controller/Dockerfile
@@ -0,0 +1,16 @@
+ARG ARCH
+FROM bottlerocket-sdk-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
+ADD ./ /src/
+WORKDIR /src/controller
+RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/controller/bin/controller ./
+
+ENTRYPOINT ["./controller"]
diff --git a/test-agent/examples/example_test_agent/Dockerfile b/test-agent/examples/example_test_agent/Dockerfile
@@ -1,7 +1,16 @@
-# TODO Use Bottlerocket SDK
-FROM rust:1.53.0
-WORKDIR /src
+ARG ARCH
+FROM bottlerocket-sdk-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
 ADD ./ /src/
 WORKDIR /src/test-agent
-RUN cargo install --path . --example example_test_agent --root ./
-ENTRYPOINT ["/src/test-agent/bin/example_test_agent"]
+RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/test-agent/bin/example_test_agent ./
+
+ENTRYPOINT ["./example_test_agent"]
diff --git a/yamlgen/Cargo.toml b/yamlgen/Cargo.toml
@@ -6,5 +6,5 @@ publish = false
 
 [build-dependencies]
 client = { path = "../client" }
-kube = { version = "0.59.0", default-features = false, features = ["client", "rustls-tls"] }
+kube = { version = "0.59.0", default-features = true, features = [ "derive"] }
 serde_yaml = "0.8"