From beaad3bab23ece2f9d5cf2dc93c8e91c3a6c295a Mon Sep 17 00:00:00 2001
From: Huang Huang <mozillazg101@gmail.com>
Date: Mon, 8 Nov 2021 20:06:44 +0800
Subject: [PATCH] Support arm64 architecture (#1036)
* Support arm64 architecture
* remove .github/workflows/test_docker.yml
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
---
.github/workflows/publish.yml | 4 +++-
Dockerfile | 5 ++---
makefile | 29 +++++++++--------------------
3 files changed, 14 insertions(+), 24 deletions(-)
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 49133c3..10abab8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -52,9 +52,11 @@ jobs:
uses: docker/build-push-action@v2
with:
context: .
- platforms: linux/amd64
+ platforms: linux/amd64,linux/arm64
builder: ${{ steps.buildx.outputs.name }}
push: true
+ build-args: |
+ KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
tags: |
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
diff --git a/Dockerfile b/Dockerfile
index abae2c3..5bbcc83 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,13 @@
FROM golang:1.17.2 AS build
WORKDIR /go/src/github.com/aquasecurity/kube-bench/
+COPY makefile makefile
COPY go.mod go.sum ./
COPY main.go .
COPY check/ check/
COPY cmd/ cmd/
COPY internal/ internal/
ARG KUBEBENCH_VERSION
-ARG GOOS=linux
-ARG GOARCH=amd64
-RUN GO111MODULE=on CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w" -o /go/bin/kube-bench
+RUN make build && cp kube-bench /go/bin/kube-bench
FROM alpine:3.14.2 AS run
WORKDIR /opt/kube-bench/
diff --git a/makefile b/makefile
index 4949fc9..5945e1a 100644
--- a/makefile
+++ b/makefile
@@ -7,7 +7,8 @@ IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
GOOS ?= linux
BUILD_OS := linux
uname := $(shell uname -s)
-ARCHS ?= amd64 arm64
+BUILDX_PLATFORM ?= linux/amd64,linux/arm64,linux/arm
+DOCKER_ORGS ?= aquasec public.ecr.aws/aquasecurity
GOARCH ?= $@
ifneq ($(findstring Microsoft,$(shell uname -r)),)
@@ -25,29 +26,17 @@ KIND_IMAGE ?= kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618
# build a multi-arch image and push to Docker hub
.PHONY: docker
-docker: publish manifests
-
-# build and push an arch-specific image
-.PHONY: $(ARCHS) manifests publish
-publish: $(ARCHS)
-$(ARCHS):
- @echo "Building Docker image for $@"
- docker build -t ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION} \
- --build-arg GOOS=$(GOOS) --build-arg GOARCH=$(GOARCH) ./
- @echo "Push $@ Docker image to ${DOCKER_ORG}/${BINARY}"
- docker push ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}
- docker manifest create --amend "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}"
- docker manifest annotate "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}" --os=$(GOOS) --arch=$(GOARCH)
-
-# push the multi-arch manifest
-manifests:
- @echo "Push manifest for ${DOCKER_ORG}/${BINARY}:${VERSION}"
- docker manifest push "${DOCKER_ORG}/${BINARY}:${VERSION}"
+docker:
+ set -xe; \
+ for org in $(DOCKER_ORGS); do \
+ docker buildx build --tag $${org}/kube-bench:${VERSION} \
+ --platform $(BUILDX_PLATFORM) --push . ; \
+ done
build: $(BINARY)
$(BINARY): $(SOURCES)
- GOOS=$(GOOS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
+ GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
# builds the current dev docker version
build-docker:
--
GitLab