Build ubi image (#6)

tamalsaha · web-flow · commit 17bc65aaf490 · 2025-11-24T14:04:33.000+06:00
Signed-off-by: Tamal Saha &lt;tamal@appscode.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -70,3 +70,5 @@ jobs:
           make release RELEASE=${{ matrix.k8s }}
           cd ../nonroot
           make release RELEASE=${{ matrix.k8s }}
+          cd ../ubi
+          make release RELEASE=${{ matrix.k8s }}
diff --git a/ubi/Dockerfile b/ubi/Dockerfile
@@ -0,0 +1,32 @@
+FROM alpine
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG VERSION
+
+RUN set -x \
+	&& apk add --update ca-certificates curl zip bzip2
+
+RUN set -x \
+	&& curl -LO https://github.com/moparisthebest/static-curl/archive/refs/heads/master.zip \
+	&& unzip master.zip \
+	&& cd static-curl-master \
+	&& ARCH=${TARGETARCH} ./build.sh
+
+RUN set -x \
+	&& curl -LO "https://dl.k8s.io/release/$VERSION/bin/${TARGETOS}/${TARGETARCH}/kubectl" \
+	&& chmod +x kubectl
+
+
+
+FROM registry.access.redhat.com/ubi10/ubi-minimal
+
+LABEL org.opencontainers.image.source https://github.com/appscodelabs/kubectl-docker
+
+ARG TARGETARCH
+
+COPY --from=0 /tmp/release/curl-$TARGETARCH /usr/bin/curl
+COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=0 /kubectl /usr/bin/kubectl
+
+USER 65534
diff --git a/ubi/Makefile b/ubi/Makefile
@@ -0,0 +1,62 @@
+SHELL=/bin/bash -o pipefail
+
+REGISTRY   ?= appscode
+BIN        := kubectl-nonroot
+IMAGE      := $(REGISTRY)/$(BIN)
+RELEASE    ?= 1.20
+VERSION    ?= $(shell curl -fsSL https://dl.k8s.io/release/stable-$(RELEASE).txt)-ubi
+SRC_REG    ?=
+
+DOCKER_PLATFORMS := linux/amd64 linux/arm64
+PLATFORM         ?= $(firstword $(DOCKER_PLATFORMS))
+TAG              = $(VERSION)_$(subst /,_,$(PLATFORM))
+
+container-%:
+	@$(MAKE) container \
+	    --no-print-directory \
+	    PLATFORM=$(subst _,/,$*)
+
+push-%:
+	@$(MAKE) push \
+	    --no-print-directory \
+	    PLATFORM=$(subst _,/,$*)
+
+all-container: $(addprefix container-, $(subst /,_,$(DOCKER_PLATFORMS)))
+
+all-push: $(addprefix push-, $(subst /,_,$(DOCKER_PLATFORMS)))
+
+ifeq (,$(SRC_REG))
+container:
+	@echo "container: $(IMAGE):$(TAG)"
+	@docker buildx build --platform $(PLATFORM) --build-arg VERSION=$(VERSION) --load --pull -t $(IMAGE):$(TAG) -f Dockerfile .
+	@echo
+else
+container:
+	@echo "container: $(IMAGE):$(TAG)"
+	@docker tag $(SRC_REG)/$(BIN):$(TAG) $(IMAGE):$(TAG)
+	@echo
+endif
+
+push: container
+	@docker push $(IMAGE):$(TAG)
+	@echo "pushed: $(IMAGE):$(TAG)"
+	@echo
+
+.PHONY: manifest-version
+manifest-version:
+	docker manifest create -a $(IMAGE):$(VERSION) $(foreach PLATFORM,$(DOCKER_PLATFORMS),$(IMAGE):$(VERSION)_$(subst /,_,$(PLATFORM)))
+	docker manifest push $(IMAGE):$(VERSION)
+
+.PHONY: manifest-release
+manifest-release:
+	docker manifest create -a $(IMAGE):v$(RELEASE)-ubi $(foreach PLATFORM,$(DOCKER_PLATFORMS),$(IMAGE):$(VERSION)_$(subst /,_,$(PLATFORM)))
+	docker manifest push $(IMAGE):v$(RELEASE)-ubi
+	docker manifest create -a $(IMAGE):$(RELEASE)-ubi $(foreach PLATFORM,$(DOCKER_PLATFORMS),$(IMAGE):$(VERSION)_$(subst /,_,$(PLATFORM)))
+	docker manifest push $(IMAGE):$(RELEASE)-ubi
+
+.PHONY: docker-manifest
+docker-manifest: manifest-version manifest-release
+
+.PHONY: release
+release:
+	@$(MAKE) all-push docker-manifest --no-print-directory
