Merge pull request #283 from sjberman/rhel-base

RHEL base image for OpenShift
F5Networks · Aug 23, 2017 · e0d3ccc · e0d3ccc
2 parents 7c7dcc0 + 36f0a35
commit e0d3ccc
Show file tree

Hide file tree

Showing 11 changed files with 188 additions and 11 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -24,6 +24,7 @@ script:
   - export IMG_TAG="${BASE_PUSH_TARGET}:${TRAVIS_COMMIT}"
   - export BUILD_IMG_TAG="${BASE_PUSH_TARGET}-devel:${TRAVIS_COMMIT}"
   - export CLEAN_BUILD=true
+  - export BASE_OS=alpine
   - ./build-tools/build-devel-image.sh
   - ./build-tools/run-in-docker.sh make verify
   - ./build-tools/build-debug-artifacts.sh

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,39 @@
+#!/usr/bin/env groovy
+
+pipeline {
+  agent {
+    label "rhel7"
+  }
+  stages {
+    stage("build") {
+      steps {
+        sh '''#!/usr/bin/env bash
+          export BASE_OS=rhel7
+          export GIT_COMMIT=$(git rev-parse HEAD)
+          export GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+          DOCKER_NAMESPACE="docker-registry.pdbld.f5net.com/velcro"
+          BASE_PUSH_TARGET="$DOCKER_NAMESPACE/k8s-bigip-ctlr"
+          export IMG_TAG="${BASE_PUSH_TARGET}:${GIT_COMMIT}-$BASE_OS"
+          export BUILD_IMG_TAG="${BASE_PUSH_TARGET}-devel:${GIT_COMMIT}-$BASE_OS"
+          export CLEAN_BUILD=true
+          build-tools/build-devel-image.sh
+          build-tools/run-in-docker.sh make verify
+          build-tools/build-debug-artifacts.sh
+          build-tools/build-release-artifacts.sh
+          build-tools/build-release-images.sh
+          docker tag "$IMG_TAG" "$BASE_PUSH_TARGET:devel-$GIT_BRANCH-$BASE_OS"
+          docker tag "$IMG_TAG" "$BASE_PUSH_TARGET:devel-$GIT_BRANCH-n-$BUILD_NUMBER-id-$BUILD_ID-$BASE_OS"
+          docker push "$IMG_TAG"
+          docker push "$BASE_PUSH_TARGET:devel-$GIT_BRANCH-$BASE_OS"
+          docker push "$BASE_PUSH_TARGET:devel-$GIT_BRANCH-n-$BUILD_NUMBER-id-$BUILD_ID-$BASE_OS"
+        '''
+      }
+    }
+  }
+  post {
+    always {
+      // cleanup workspace
+      dir("${env.WORKSPACE}") { deleteDir() }
+    }
+  }
+}
diff --git a/Makefile b/Makefile
@@ -7,6 +7,9 @@ GOBIN    = $(GOPATH)/bin/$(GOOS)-$(GOARCH)
 
 GO_BUILD_FLAGS=-v
 
+# Allow users to pass in BASE_OS build options (alpine or rhel7)
+BASE_OS ?= alpine
+
 
 all: local-build
 
@@ -63,13 +66,13 @@ check-gopath:
 	fi
 
 pre-build:
-	git -C $(CURDIR) status
-	git -C $(CURDIR) describe --all --long
+	git status
+	git describe --all --long
 
 prod-build: pre-build
 	@echo "Building with minimal instrumentation..."
-	$(CURDIR)/build-tools/build-release-artifacts.sh
-	$(CURDIR)/build-tools/build-release-images.sh
+	BASE_OS=$(BASE_OS) $(CURDIR)/build-tools/build-release-artifacts.sh
+	BASE_OS=$(BASE_OS) $(CURDIR)/build-tools/build-release-images.sh
 
 dbg-build: pre-build
 	@echo "Building with race detection instrumentation..."
@@ -84,7 +87,7 @@ fmt:
 	$(CURDIR)/build-tools/fmt.sh
 
 devel-image:
-	./build-tools/build-devel-image.sh
+	BASE_OS=$(BASE_OS) ./build-tools/build-devel-image.sh
 
 #
 # Docs

diff --git a/README.md b/README.md
@@ -45,7 +45,13 @@ git clone https://github.com/f5networks/k8s-bigip-ctlr.git
 cd  k8s-bigip-ctlr
 
 # Use docker to build the release artifacts, into a local "_docker_workspace" directory, then put into docker iamges
+# Alpine image
 make prod
+
+OR
+
+# RHEL7 image
+make prod BASE_OS=rhel7
 ```
 
 

diff --git a/build-tools/Dockerfile.builder → build-tools/Dockerfile.alpine.builder b/build-tools/Dockerfile.builder → build-tools/Dockerfile.alpine.builder
diff --git a/build-tools/Dockerfile.runtime → build-tools/Dockerfile.alpine.runtime b/build-tools/Dockerfile.runtime → build-tools/Dockerfile.alpine.runtime
@@ -14,9 +14,9 @@ RUN apk --no-cache --update add --virtual pip-install-deps git && \
     pip install -r /tmp/k8s-runtime-requirements.txt && \
     apk del pip-install-deps
 
-COPY k8s-bigip-ctlr $APPPATH/bin
-COPY python/ $APPPATH/python
 COPY bigip-virtual-server_v*.json $APPPATH/vendor/src/f5/schemas/
+COPY python/ $APPPATH/python
+COPY k8s-bigip-ctlr $APPPATH/bin
 
 USER ctlr
 

diff --git a/build-tools/Dockerfile.rhel7.builder b/build-tools/Dockerfile.rhel7.builder
@@ -0,0 +1,69 @@
+FROM registry.access.redhat.com/rhel7
+
+# GOLANG install steps
+
+ENV GOLANG_VERSION 1.7.5
+ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz
+ENV GOLANG_SRC_SHA256 4e834513a2079f8cbbd357502cccaac9507fd00a1efe672375798858ff291815
+
+RUN REPOLIST=rhel-7-server-rpms,rhel-7-server-optional-rpms,rhel-server-rhscl-7-rpms && \
+	yum -y update-minimal --disablerepo "*" --enablerepo rhel-7-server-rpms --setopt=tsflags=nodocs \
+	  --security --sec-severity=Important --sec-severity=Critical && \
+	yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
+	  gcc openssl golang git make wget python27 && \
+# Add epel repo for dpkg install
+	curl -o epel-release-latest-7.noarch.rpm -SL https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
+            --retry 9 --retry-max-time 0 -C - && \
+	rpm -ivh epel-release-latest-7.noarch.rpm && rm epel-release-latest-7.noarch.rpm && \
+	yum -y install --disablerepo "*" --enablerepo epel --setopt=tsflags=nodocs dpkg && \
+	export GOROOT_BOOTSTRAP="$(go env GOROOT)" && \
+	wget -q "$GOLANG_SRC_URL" -O golang.tar.gz && \
+	echo "$GOLANG_SRC_SHA256  golang.tar.gz" | sha256sum -c - && \
+	tar -C /usr/local -xzf golang.tar.gz && \
+	rm golang.tar.gz && \
+	cd /usr/local/go/src && \
+	./make.bash && \
+	yum -y erase golang && \
+	yum clean all
+
+ENV GOPATH /go
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+
+RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
+WORKDIR $GOPATH
+
+# install gosu
+# https://github.com/tianon/gosu/blob/master/INSTALL.md#from-centos
+ENV GOSU_VERSION 1.10
+RUN set -ex && \
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
+	wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \
+	wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \
+# verify the signature
+	export GNUPGHOME="$(mktemp -d)" && \
+	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
+	gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu && \
+	rm -r "$GNUPGHOME" /tmp/gosu.asc && \
+	chmod +x /usr/bin/gosu && \
+# verify that the binary works
+	gosu nobody true
+
+# Controller install steps
+COPY entrypoint.builder.sh /entrypoint.sh
+COPY k8s-build-requirements.txt /tmp/k8s-build-requirements.txt
+COPY k8s-runtime-requirements.txt /tmp/k8s-runtime-requirements.txt
+COPY requirements.docs.txt /tmp/requirements.docs.txt
+
+RUN source scl_source enable python27 && \
+	pip install --no-cache-dir --upgrade pip && \
+	pip install --no-cache-dir setuptools flake8 && \
+	pip install --no-cache-dir -r /tmp/k8s-build-requirements.txt && \
+	pip install --no-cache-dir -r /tmp/k8s-runtime-requirements.txt && \
+	pip install --no-cache-dir -r /tmp/requirements.docs.txt && \
+	go get github.com/wadey/gocovmerge && \
+	go get golang.org/x/tools/cmd/cover && \
+	go get github.com/mattn/goveralls && \
+	chmod 755 /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "/bin/bash" ]
diff --git a/build-tools/Dockerfile.rhel7.runtime b/build-tools/Dockerfile.rhel7.runtime
@@ -0,0 +1,49 @@
+FROM registry.access.redhat.com/rhel-atomic
+
+LABEL name="f5networks/k8s-bigip-ctlr" \
+      vendor="F5 Networks" \
+      # version - should be passed in via docker build
+      url="http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/" \
+      summary="F5 BIG-IP Controller for Kubernetes" \
+      run='docker run --name ${NAME} ${IMAGE} /app/bin/k8s-bigip-ctlr' \
+      io.k8s.description="Manages F5 BIG-IP from Kubernetes" \
+      io.k8s.display-name="F5 BIG-IP Controller for Kubernetes" \
+      io.openshift.expose-services="" \
+      io.openshift.tags="f5,f5networks,bigip,openshift,router"
+
+ENV APPPATH /app
+
+RUN mkdir -p "$APPPATH/bin" \
+ && chmod -R 755 "$APPPATH"
+
+WORKDIR $APPPATH
+
+COPY k8s-runtime-requirements.txt /tmp/k8s-runtime-requirements.txt
+
+RUN microdnf --enablerepo=rhel-7-server-rpms --enablerepo=rhel-7-server-optional-rpms \
+      --enablerepo=rhel-server-rhscl-7-rpms install --nodocs python27-python-pip git && \
+    source scl_source enable python27 && \
+    pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r /tmp/k8s-runtime-requirements.txt && \
+    python -m pip uninstall -y pip setuptools && \
+    microdnf remove git fipscheck fipscheck-lib groff-base \
+      less libedit libgnome-keyring openssh openssh-clients perl perl-Carp perl-Encode \
+      perl-Error perl-Exporter perl-File-Path perl-File-Temp perl-Filter perl-Getopt-Long \
+      perl-Git perl-HTTP-Tiny perl-PathTools perl-Pod-Escapes perl-Pod-Perldoc perl-Pod-Simple \
+      perl-Pod-Usage perl-Scalar-List-Utils perl-Socket perl-Storable perl-TermReadKey \
+      perl-Text-ParseWords perl-Time-HiRes perl-Time-Local perl-constant perl-libs perl-macros \
+      perl-parent perl-podlators perl-threads perl-threads-shared rsync && \
+    microdnf clean all
+
+COPY bigip-virtual-server_v*.json $APPPATH/vendor/src/f5/schemas/
+COPY python/ $APPPATH/python
+COPY k8s-bigip-ctlr $APPPATH/bin/k8s-bigip-ctlr.real
+
+# entrypoint to enable scl python at runtime
+RUN echo $'#!/bin/sh\n\
+	  source scl_source enable python27\n\
+	  exec $APPPATH/bin/k8s-bigip-ctlr.real "$@"' > $APPPATH/bin/k8s-bigip-ctlr && \
+    chmod +x $APPPATH/bin/k8s-bigip-ctlr
+
+# Run the run application in the projects bin directory.
+CMD [ "/app/bin/k8s-bigip-ctlr" ]
diff --git a/build-tools/build-devel-image.sh b/build-tools/build-devel-image.sh
@@ -19,7 +19,7 @@ CURDIR="$(dirname $BASH_SOURCE)"
 
 
 WKDIR=$(mktemp -d docker-build.XXXX)
-cp $CURDIR/Dockerfile.builder $WKDIR
+cp $CURDIR/Dockerfile.$BASE_OS.builder $WKDIR/Dockerfile.builder
 cp $CURDIR/entrypoint.builder.sh $WKDIR
 cp $CURDIR/../python/k8s-*-requirements.txt $WKDIR/
 cp $CURDIR/../requirements.docs.txt $WKDIR

diff --git a/build-tools/build-release-images.sh b/build-tools/build-release-images.sh
@@ -12,7 +12,7 @@ CURDIR="$(dirname $BASH_SOURCE)"
 
 # Setup a temp docker build context dir
 WKDIR=$(mktemp -d docker-build.XXXX)
-cp $CURDIR/Dockerfile.runtime $WKDIR
+cp $CURDIR/Dockerfile.$BASE_OS.runtime $WKDIR/Dockerfile.runtime
 
 # Hard code the platform dir here
 cp $CURDIR/../_docker_workspace/out/$RELEASE_PLATFORM/bin/* $WKDIR/
@@ -24,6 +24,8 @@ cp schemas/bigip-virtual-server_v*.json $WKDIR/
 echo "Docker build context:"
 ls -la $WKDIR
 
+## TODO: add versioning labels to build command (major, minor, commit sha, etc.)
+
 docker build --force-rm ${NO_CACHE_ARGS} \
   -t $IMG_TAG \
   -f $WKDIR/Dockerfile.runtime \

diff --git a/build-tools/entrypoint.builder.sh b/build-tools/entrypoint.builder.sh
@@ -7,7 +7,15 @@
 USER_ID=${LOCAL_USER_ID:-9001}
 
 echo "Starting with UID : $USER_ID"
-adduser -D -s /bin/bash -u $USER_ID user
 export HOME=/home/user
 
-exec /sbin/su-exec user "$@"
+if [ -x /sbin/su-exec ]; then
+    adduser -D -s /bin/bash -u $USER_ID user
+    su_binary=/sbin/su-exec
+else
+    adduser -s /bin/bash -u $USER_ID user
+    su_binary=gosu
+    source scl_source enable python27
+fi
+
+exec $su_binary user "$@"