add cross arch build feature

Signed-off-by: Achref ben saad <achref@accuknox.com>
kubearmor · Nov 9, 2022 · 3af0dc5 · 3af0dc5
1 parent 1a6fbf4
commit 3af0dc5
Show file tree

Hide file tree

Showing 8 changed files with 200 additions and 11 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,2 +1,3 @@
 # These object files are compiled at runtime in init container
 **/BPF/*.o
+Dockerfile
diff --git a/.github/workflows/ci-latest-release.yml b/.github/workflows/ci-latest-release.yml
@@ -10,15 +10,19 @@ on:
       - "tests/**"
       - "protobuf/**"
       - ".github/workflows/ci-latest-release.yml"
+      - "!STABLE-RELEASE"
 
   create:
     branches:
       - "v*"
 
+env:
+  PLATFORM: linux/amd64,linux/arm64/v8
+
 jobs:
   build:
     name: Create KubeArmor latest release
-    if: github.repository == 'kubearmor/kubearmor'
+    #if: github.repository == 'kubearmor/kubearmor'
     runs-on: ubuntu-20.04
     timeout-minutes: 20
     steps:
@@ -68,6 +72,14 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_AUTHTOK }}
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
       - name: Push KubeArmor images to Docker
         run: ./KubeArmor/build/push_kubearmor.sh ${{ steps.vars.outputs.tag }}
 
@@ -101,6 +113,14 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_AUTHTOK }}
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
       - name: Push the stable version of KubeArmor to Docker Hub
         if: steps.match.outputs.tag == 'true'
         run: ./KubeArmor/build/push_kubearmor.sh stable
diff --git a/.github/workflows/ci-push-controllers.yml b/.github/workflows/ci-push-controllers.yml
@@ -0,0 +1,133 @@
+name: ci-test-controllers
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "pkg/**"
+
+env:
+  PLATFORM: linux/amd64,linux/arm64/v8
+
+jobs:
+  check:
+    name: Check what controllers were updated
+    if: github.repository == 'kubearmor/kubearmor'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 5
+    outputs:
+      annotation: ${{ steps.filter.outputs.annotation }}
+      hostpolicy: ${{ steps.filter.outputs.hostpolicy }}
+      policy: ${{ steps.filter.outputs.policy }}
+    steps:
+    - uses: actions/checkout@v3
+    - uses: dorny/paths-filter@v2
+      id: filter
+      with:
+        filters: |
+          annotation:
+            - 'pkg/KubeArmorAnnotation/**'
+          hostpolicy:
+            - 'pkg/KubeArmorHostPolicy/**'
+          policy:
+            - 'pkg/KubeArmorPolicy/**'
+
+  annotation-controller-release:
+    name: Build annotation controller
+    needs: check
+    defaults:
+      run:
+        working-directory: ./pkg/KubeArmorAnnotation
+    if: needs.check.outputs.annotation == 'true'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: v1.18
+
+      - uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_AUTHTOK }}
+
+      - name: Build & Push annotation controller
+        run: PLATFORM=$PLATFORM make docker-buildx TAG=latest
+
+  hostpolicy-controller-release:
+    name: Build hostpolicy controller
+    needs: check
+    defaults:
+      run:
+        working-directory: ./pkg/KubeArmorHostPolicy
+    if: needs.check.outputs.hostpolicy == 'true'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: v1.18
+
+      - uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_AUTHTOK }}
+
+      - name: Build & Push hostpolicy controller
+        run: PLATFORM=$PLATFORM make docker-buildx TAG=latest
+
+  policy-controller-release:
+    name: Build policy controller
+    needs: check
+    defaults:
+      run:
+        working-directory: ./pkg/KubeArmorPolicy
+    if: needs.check.outputs.policy == 'true'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: v1.18
+
+      - uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_AUTHTOK }}
+
+      - name: Build & Push policy controller
+        run: PLATFORM=$PLATFORM make docker-buildx TAG=latest
diff --git a/.github/workflows/ci-stable-release.yml b/.github/workflows/ci-stable-release.yml
@@ -7,6 +7,9 @@ on:
       - "STABLE-RELEASE"
       - ".github/workflows/ci-stable-release.yml"
 
+env:
+  PLATFORM: linux/amd64,linux/arm64/v8
+
 jobs:
   push-stable-version:
     name: Create KubeArmor stable release
@@ -20,19 +23,19 @@ jobs:
         with:
           go-version: v1.18
 
-      - name: Pull a specific version of KubeArmor from Docker Hub
-        run: |
-          value=`cat STABLE-RELEASE`
-          docker pull docker.io/kubearmor/kubearmor:$value
-          docker pull docker.io/kubearmor/kubearmor-init:latest
-          docker image tag kubearmor/kubearmor:$value kubearmor/kubearmor:stable
-          docker image tag kubearmor/kubearmor-init:latest kubearmor/kubearmor-init:stable
-
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_AUTHTOK }}
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: $PLATFORM
+
       - name: Push the stable version of KubeArmor to Docker Hub
         run: ./KubeArmor/build/push_kubearmor.sh stable
diff --git a/KubeArmor/build/push_kubearmor.sh b/KubeArmor/build/push_kubearmor.sh
@@ -4,23 +4,46 @@
 
 [[ "$REPO" == "" ]] && REPO="kubearmor/kubearmor"
 
+[[ "$PLATFORMS" == "" ]] && PLATFORMS="linux/amd64"
+
 VERSION=latest
 
 # check version
 if [ ! -z $1 ]; then
     VERSION="$1"
 fi
 
+realpath() {
+    CURR=$PWD
+
+    cd "$(dirname "$0")"
+    LINK=$(readlink "$(basename "$0")")
+
+    while [ "$LINK" ]; do
+        cd "$(dirname "$LINK")"
+        LINK=$(readlink "$(basename "$1")")
+    done
+
+    REALPATH="$PWD/$(basename "$1")"
+    echo "$REALPATH"
+
+    cd $CURR
+}
+
+ARMOR_HOME=`dirname $(realpath "$0")`/..
+cd $ARMOR_HOME/build
+pwd
+
 # push $REPO
 echo "[INFO] Pushing $REPO:$VERSION"
-docker push $REPO:$VERSION
+cd $ARMOR_HOME/..; docker buildx build --platform $PLATFORMS -t $REPO:$VERSION --push .
 
 [[ $? -ne 0 ]] && echo "[FAILED] Failed to push $REPO:$VERSION" && exit 1
 echo "[PASSED] Pushed $REPO:$VERSION"
 
 # push $REPO-init
 echo "[INFO] Pushing $REPO-init:$VERSION"
-docker push $REPO-init:$VERSION
+cd $ARMOR_HOME/..; docker buildx build --platform $PLATFORMS -t $REPO-init:$VERSION --push .
 
 [[ $? -ne 0 ]] && echo "[FAILED] Failed to push $REPO-init:$VERSION" && exit 1
 echo "[PASSED] Pushed $REPO-init:$VERSION"

diff --git a/pkg/KubeArmorAnnotation/Makefile b/pkg/KubeArmorAnnotation/Makefile
@@ -72,6 +72,9 @@ run: manifests generate fmt vet ## Run a controller from your host.
 docker-build: build ## Build docker image with the manager.
 	docker build -t ${IMG}:${TAG} -t ${IMG}:latest .
 
+docker-buildx: build ## Build docker image with the manager multiple archs.
+	docker buildx build --platform ${PLATFORMS} --push -t ${IMG}:${TAG} -t ${IMG}:latest .
+
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}:${TAG}
 	docker push ${IMG}:latest

diff --git a/pkg/KubeArmorHostPolicy/Makefile b/pkg/KubeArmorHostPolicy/Makefile
@@ -75,6 +75,9 @@ generate: controller-gen
 docker-build:
 	docker build -t ${IMG}:${TAG} -t ${IMG}:latest .
 
+docker-buildx: build ## Build docker image with the manager multiple archs.
+	docker buildx build --platform ${PLATFORMS} --push -t ${IMG}:${TAG} -t ${IMG}:latest .
+
 # Push the docker image
 docker-push:
 	docker push ${IMG}:${TAG}

diff --git a/pkg/KubeArmorPolicy/Makefile b/pkg/KubeArmorPolicy/Makefile
@@ -75,6 +75,9 @@ generate: controller-gen
 docker-build:
 	docker build -t ${IMG}:${TAG} -t ${IMG}:latest .
 
+docker-buildx: build ## Build docker image with the manager multiple archs.
+	docker buildx build --platform ${PLATFORMS} --push -t ${IMG}:${TAG} -t ${IMG}:latest .
+
 # Push the docker image
 docker-push:
 	docker push ${IMG}:${TAG}