Use ko to build container image (#19)

`ko` is a tool that can build and deploy k8s resources that reference go paths which are build and transparently substituted into the resulting resources. ko works by finding `ko://` references in the k8s yaml that point at a go compile target, the built binary is placed into the base image and pushed to an image registry specified by the KO_DOCKER_REPO env var. A digested reference to the pushed image is substituted into the yaml replacing the `ko://...` reference. https://github.com/google/ko In this case, we can replace direct dependencies on the kubectl and docker CLIs and the Docker daemon. ko also makes it much easier to produce multi-platform/architecture images for which there is a compatible base image (gcr.io/distroless/static:nonroot by default) and can be cross compiled by go. Signed-off-by: Scott Andrews <andrewssc@vmware.com>
servicebinding · Aug 19, 2021 · ad1357d · ad1357d
1 parent 6489910
commit ad1357d
Show file tree

Hide file tree

Showing 8 changed files with 717 additions and 50 deletions.
diff --git a/Dockerfile b/Dockerfile
diff --git a/Makefile b/Makefile
@@ -1,9 +1,4 @@
 
-# Image URL to use all building/pushing image targets
-IMG ?= controller:latest
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
-
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
@@ -13,6 +8,7 @@ endif
 
 CONTROLLER_GEN ?= go run -modfile hack/controller-gen/go.mod sigs.k8s.io/controller-tools/cmd/controller-gen
 GINKGO ?= go run -modfile hack/ginkgo/go.mod github.com/onsi/ginkgo/ginkgo
+KO ?= go run -modfile hack/ko/go.mod github.com/google/ko
 KUSTOMIZE ?= go run -modfile hack/kustomize/go.mod sigs.k8s.io/kustomize/kustomize/v3
 
 # Setting SHELL to bash allows bash commands to be executed by recipes.
@@ -42,7 +38,7 @@ help: ## Display this help.
 ##@ Development
 
 manifests: ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) crd rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 generate: ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
@@ -67,23 +63,16 @@ build: generate fmt vet ## Build manager binary.
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
-docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} .
-
-docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
-
 ##@ Deployment
 
 install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+	$(KUSTOMIZE) build config/crd | $(KO) apply -f -
 
 uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+	$(KUSTOMIZE) build config/crd | $(KO) delete -f -
 
 deploy: manifests ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/default | $(KO) apply -f -
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/default | kubectl delete -f -
+	$(KUSTOMIZE) build config/default | $(KO) delete -f -
diff --git a/config/crd/bases/service.binding_clusterapplicationresourcemappings.yaml b/config/crd/bases/service.binding_clusterapplicationresourcemappings.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.6.2
   creationTimestamp: null
   name: clusterapplicationresourcemappings.service.binding
 spec:

diff --git a/config/crd/bases/service.binding_servicebindings.yaml b/config/crd/bases/service.binding_servicebindings.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.6.2
   creationTimestamp: null
   name: servicebindings.service.binding
 spec:

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -25,11 +25,9 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-      - command:
-        - /manager
-        args:
+      - args:
         - --leader-elect
-        image: controller:latest
+        image: ko://github.com/k8s-service-bindings/implementation
         name: manager
         securityContext:
           allowPrivilegeEscalation: false

diff --git a/hack/ko/go.mod b/hack/ko/go.mod
@@ -0,0 +1,5 @@
+module github.com/k8s-service-bindings/implementation/hack/ko
+
+go 1.16
+
+require github.com/google/ko v0.8.3