Enable multi-arch build

stefanprodan · stefanprodan · commit 38b4eb2fe957 · 2020-10-22T17:30:58.000+03:00
Signed-off-by: Stefan Prodan &lt;stefan.prodan@gmail.com&gt;
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -20,9 +20,9 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-
     - name: Set up Go
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
       with:
-        go-version: 1.14.x
+        go-version: 1.15.x
     - name: Set up kubebuilder
       # TODO replace with ../pkg/.. when that's merged
       uses: fluxcd/pkg/actions/kubebuilder@v0.0.4
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,4 @@
-# Build the manager binary
-FROM golang:1.14 as builder
+FROM golang:1.15-alpine as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -16,13 +15,22 @@ COPY pkg/ pkg/
 COPY controllers/ controllers/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+RUN CGO_ENABLED=0 go build -a -o image-automation-controller main.go
 
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
-WORKDIR /
-COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+FROM alpine:3.12
 
-ENTRYPOINT ["/manager"]
+LABEL org.opencontainers.image.source="https://github.com/fluxcd/image-automation-controller"
+
+RUN apk add --no-cache ca-certificates tini
+
+COPY --from=builder /workspace/image-automation-controller /usr/local/bin/
+
+# Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries.
+# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
+RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
+
+RUN addgroup -S controller && adduser -S -g controller controller
+
+USER controller
+
+ENTRYPOINT [ "/sbin/tini", "--", "image-automation-controller" ]
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,7 +1,7 @@
-resources:
-- manager.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+resources:
+- manager.yaml
 images:
 - name: controller
   newName: fluxcd/image-automation-controller
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   name: image-automation-controller
   labels:
-    control-plane: controller-manager
+    control-plane: controller
 spec:
   selector:
     matchLabels:
@@ -13,19 +13,38 @@ spec:
     metadata:
       labels:
         app: image-automation-controller
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8080"
     spec:
+      terminationGracePeriodSeconds: 10
       containers:
-      - command:
-        - /manager
+      - name: manager
+        image: fluxcd/image-automation-controller
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+        ports:
+          - containerPort: 8080
+            name: http-prom
+        env:
+          - name: RUNTIME_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
         args:
         - --enable-leader-election
-        image: fluxcd/image-automation-controller
-        name: manager
         resources:
           limits:
-            cpu: 100m
-            memory: 30Mi
+            cpu: 1000m
+            memory: 1Gi
           requests:
             cpu: 100m
-            memory: 20Mi
-      terminationGracePeriodSeconds: 10
+            memory: 64Mi
+        volumeMounts:
+          - name: temp
+            mountPath: /tmp
+      volumes:
+        - name: temp
+          emptyDir: {}
