From 656664e300f0def44ba256937be1101e5abe697e Mon Sep 17 00:00:00 2001 From: Yusuke Kato Date: Thu, 8 Aug 2024 09:30:47 +0900 Subject: [PATCH] refactor docker and change buildkit-syft-scanner reference to ghcr.io (#2577) Signed-off-by: kpango --- .gitfiles | 67 +------------------ .github/workflows/_docker-image.yaml | 7 +- Makefile | 10 +-- Makefile.d/docker.mk | 3 +- dockers/agent/core/agent/Dockerfile | 21 ++---- dockers/agent/core/faiss/Dockerfile | 19 ++---- dockers/agent/core/ngt/Dockerfile | 19 ++---- dockers/agent/sidecar/Dockerfile | 19 ++---- dockers/binfmt/Dockerfile | 3 +- dockers/buildbase/Dockerfile | 3 +- dockers/buildkit/Dockerfile | 3 +- dockers/buildkit/syft/scanner/Dockerfile | 1 + dockers/ci/base/Dockerfile | 11 +-- dockers/dev/Dockerfile | 13 ++-- dockers/discoverer/k8s/Dockerfile | 19 ++---- dockers/gateway/filter/Dockerfile | 19 ++---- dockers/gateway/lb/Dockerfile | 19 ++---- dockers/gateway/mirror/Dockerfile | 19 ++---- dockers/index/job/correction/Dockerfile | 19 ++---- dockers/index/job/creation/Dockerfile | 19 ++---- .../index/job/readreplica/rotate/Dockerfile | 19 ++---- dockers/index/job/save/Dockerfile | 19 ++---- dockers/index/operator/Dockerfile | 19 ++---- dockers/manager/index/Dockerfile | 19 ++---- dockers/operator/helm/Dockerfile | 19 ++---- dockers/tools/benchmark/job/Dockerfile | 19 ++---- dockers/tools/benchmark/operator/Dockerfile | 19 ++---- dockers/tools/cli/loadtest/Dockerfile | 19 ++---- go.mod | 10 +-- go.sum | 8 +-- hack/docker/gen/main.go | 62 ++++++++++++----- k8s/discoverer/deployment.yaml | 2 +- k8s/gateway/gateway/lb/deployment.yaml | 2 +- k8s/index/operator/configmap.yaml | 2 +- k8s/index/operator/deployment.yaml | 2 +- k8s/manager/index/deployment.yaml | 2 +- rust/Cargo.lock | 8 +-- versions/JAEGER_OPERATOR_VERSION | 2 +- 38 files changed, 182 insertions(+), 383 deletions(-) diff --git a/.gitfiles b/.gitfiles index 31f0ea50da..64f792a39c 100644 --- a/.gitfiles +++ b/.gitfiles @@ -85,6 +85,7 @@ .github/workflows/dockers-binfmt-image.yaml .github/workflows/dockers-buildbase-image.yml .github/workflows/dockers-buildkit-image.yaml +.github/workflows/dockers-buildkit-syft-scanner-image.yaml .github/workflows/dockers-ci-container-image.yml .github/workflows/dockers-dev-container-image.yml .github/workflows/dockers-discoverer-k8s-image.yml @@ -292,17 +293,11 @@ assets/test/templates/common/call.tmpl assets/test/templates/common/fill.tmpl assets/test/templates/common/function.tmpl assets/test/templates/common/header.tmpl -assets/test/templates/common/inline.tmpl -assets/test/templates/common/inputs.tmpl -assets/test/templates/common/message.tmpl assets/test/templates/common/results.tmpl assets/test/templates/option/call.tmpl assets/test/templates/option/fill.tmpl assets/test/templates/option/function.tmpl assets/test/templates/option/header.tmpl -assets/test/templates/option/inline.tmpl -assets/test/templates/option/inputs.tmpl -assets/test/templates/option/message.tmpl assets/test/templates/option/results.tmpl buf.gen.yaml buf.work.yaml @@ -516,7 +511,6 @@ cmd/tools/cli/loadtest/main_test.go cmd/tools/cli/loadtest/sample.yaml cmd/tools/cli/vdctl/main.go cmd/tools/cli/vdctl/main_test.go -design/.gitkeep design/Vald Architecture Assets.drawio design/Vald Architecture Dataflow.drawio design/Vald Architecture Overview.drawio @@ -531,6 +525,7 @@ dockers/agent/sidecar/README.md dockers/binfmt/Dockerfile dockers/buildbase/Dockerfile dockers/buildkit/Dockerfile +dockers/buildkit/syft/scanner/Dockerfile dockers/ci/base/Dockerfile dockers/ci/base/README.md dockers/dev/Dockerfile @@ -1403,29 +1398,16 @@ internal/worker/worker.go internal/worker/worker_option.go internal/worker/worker_option_test.go internal/worker/worker_test.go -k8s/agent/clusterrole.yaml -k8s/agent/clusterrolebinding.yaml -k8s/agent/daemonset.yaml -k8s/agent/deployment.yaml -k8s/agent/faiss/configmap.yaml -k8s/agent/hpa.yaml -k8s/agent/networkpolicy.yaml k8s/agent/ngt/configmap.yaml k8s/agent/pdb.yaml k8s/agent/priorityclass.yaml -k8s/agent/serviceaccount.yaml -k8s/agent/sidecar/configmap.yaml -k8s/agent/sidecar/svc.yaml k8s/agent/statefulset.yaml k8s/agent/svc.yaml k8s/debug/kind/config.yaml k8s/discoverer/clusterrole.yaml k8s/discoverer/clusterrolebinding.yaml k8s/discoverer/configmap.yaml -k8s/discoverer/daemonset.yaml k8s/discoverer/deployment.yaml -k8s/discoverer/hpa.yaml -k8s/discoverer/networkpolicy.yaml k8s/discoverer/pdb.yaml k8s/discoverer/priorityclass.yaml k8s/discoverer/serviceaccount.yaml @@ -1433,55 +1415,24 @@ k8s/discoverer/svc.yaml k8s/external/minio/deployment.yaml k8s/external/minio/mb-job.yaml k8s/external/minio/svc.yaml -k8s/gateway/gateway/filter/configmap.yaml -k8s/gateway/gateway/filter/daemonset.yaml -k8s/gateway/gateway/filter/deployment.yaml -k8s/gateway/gateway/filter/hpa.yaml -k8s/gateway/gateway/filter/networkpolicy.yaml -k8s/gateway/gateway/filter/pdb.yaml -k8s/gateway/gateway/filter/priorityclass.yaml -k8s/gateway/gateway/filter/svc.yaml k8s/gateway/gateway/ing.yaml k8s/gateway/gateway/lb/configmap.yaml -k8s/gateway/gateway/lb/daemonset.yaml k8s/gateway/gateway/lb/deployment.yaml k8s/gateway/gateway/lb/hpa.yaml -k8s/gateway/gateway/lb/networkpolicy.yaml k8s/gateway/gateway/lb/pdb.yaml k8s/gateway/gateway/lb/priorityclass.yaml k8s/gateway/gateway/lb/svc.yaml -k8s/gateway/gateway/mirror/clusterrole.yaml -k8s/gateway/gateway/mirror/clusterrolebinding.yaml -k8s/gateway/gateway/mirror/configmap.yaml -k8s/gateway/gateway/mirror/daemonset.yaml -k8s/gateway/gateway/mirror/deployment.yaml -k8s/gateway/gateway/mirror/hpa.yaml -k8s/gateway/gateway/mirror/networkpolicy.yaml -k8s/gateway/gateway/mirror/pdb.yaml -k8s/gateway/gateway/mirror/priorityclass.yaml -k8s/gateway/gateway/mirror/serviceaccount.yaml -k8s/gateway/gateway/mirror/svc.yaml k8s/index/job/correction/configmap.yaml k8s/index/job/correction/cronjob.yaml -k8s/index/job/correction/networkpolicy.yaml k8s/index/job/creation/configmap.yaml k8s/index/job/creation/cronjob.yaml -k8s/index/job/creation/networkpolicy.yaml -k8s/index/job/readreplica/rotate/clusterrole.yaml -k8s/index/job/readreplica/rotate/clusterrolebinding.yaml -k8s/index/job/readreplica/rotate/configmap.yaml -k8s/index/job/readreplica/rotate/networkpolicy.yaml -k8s/index/job/readreplica/rotate/serviceaccount.yaml k8s/index/job/save/configmap.yaml k8s/index/job/save/cronjob.yaml -k8s/index/job/save/networkpolicy.yaml k8s/index/operator/configmap.yaml k8s/index/operator/deployment.yaml k8s/index/operator/priorityclass.yaml k8s/manager/index/configmap.yaml -k8s/manager/index/daemonset.yaml k8s/manager/index/deployment.yaml -k8s/manager/index/networkpolicy.yaml k8s/manager/index/pdb.yaml k8s/manager/index/priorityclass.yaml k8s/manager/index/svc.yaml @@ -1540,12 +1491,6 @@ k8s/operator/helm/operator.yaml k8s/operator/helm/serviceaccount.yaml k8s/operator/helm/svc.yaml k8s/readreplica/configmap.yaml -k8s/readreplica/deployment.yaml -k8s/readreplica/hpa.yaml -k8s/readreplica/networkpolicy.yaml -k8s/readreplica/pvc.yaml -k8s/readreplica/snapshot.yaml -k8s/readreplica/svc.yaml k8s/tools/benchmark/job/clusterrole.yaml k8s/tools/benchmark/job/clusterrolebinding.yaml k8s/tools/benchmark/job/serviceaccount.yaml @@ -1960,29 +1905,21 @@ rust/libs/ngt-rs/src/lib.rs rust/libs/ngt/Cargo.toml rust/libs/ngt/src/lib.rs rust/libs/proto/Cargo.toml -rust/libs/proto/src/core.v1.rs rust/libs/proto/src/core.v1.tonic.rs -rust/libs/proto/src/discoverer.v1.rs rust/libs/proto/src/discoverer.v1.tonic.rs -rust/libs/proto/src/filter.egress.v1.rs rust/libs/proto/src/filter.egress.v1.tonic.rs -rust/libs/proto/src/filter.ingress.v1.rs rust/libs/proto/src/filter.ingress.v1.tonic.rs rust/libs/proto/src/lib.rs -rust/libs/proto/src/mirror.v1.rs rust/libs/proto/src/mirror.v1.tonic.rs rust/libs/proto/src/payload.v1.rs rust/libs/proto/src/rpc.v1.rs -rust/libs/proto/src/sidecar.v1.rs rust/libs/proto/src/sidecar.v1.tonic.rs -rust/libs/proto/src/vald.v1.rs rust/libs/proto/src/vald.v1.tonic.rs rust/rust-toolchain rust/rust-toolchain.toml tests/chaos/chart/.helmignore tests/chaos/chart/Chart.yaml tests/chaos/chart/README.md -tests/chaos/chart/templates/NOTES.txt tests/chaos/chart/templates/_helpers.tpl tests/chaos/chart/templates/network/bandwidth.yaml tests/chaos/chart/templates/network/partition.yaml diff --git a/.github/workflows/_docker-image.yaml b/.github/workflows/_docker-image.yaml index 34878caec9..bd0d46088b 100644 --- a/.github/workflows/_docker-image.yaml +++ b/.github/workflows/_docker-image.yaml @@ -48,8 +48,9 @@ jobs: (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'push' && - startsWith( github.ref, 'refs/heads/release/v')) || - startsWith( github.ref, 'refs/tags/') + startsWith(github.ref, 'refs/heads/release/v')) || + startsWith(github.ref, 'refs/tags/') || + (github.event_name == 'schedule') }} steps: - name: Get ref @@ -80,7 +81,7 @@ jobs: driver-opts: | image=ghcr.io/vdaas/vald/vald-buildkit:nightly network=host - buildkitd-flags: "--debug --oci-worker-gc=false" + buildkitd-flags: "--debug --oci-worker-gc=false --oci-worker-snapshotter=stargz" - name: Login to DockerHub uses: docker/login-action@v3 with: diff --git a/Makefile b/Makefile index 77a9a98316..4a5e001f71 100644 --- a/Makefile +++ b/Makefile @@ -24,15 +24,15 @@ TAG ?= latest CRORG ?= $(ORG) GHCRORG = ghcr.io/$(REPO) AGENT_IMAGE = $(NAME)-agent -AGENT_NGT_IMAGE = $(NAME)-agent-ngt -AGENT_FAISS_IMAGE = $(NAME)-agent-faiss -AGENT_SIDECAR_IMAGE = $(NAME)-agent-sidecar +AGENT_NGT_IMAGE = $(AGENT_IMAGE)-ngt +AGENT_FAISS_IMAGE = $(AGENT_IMAGE)-faiss +AGENT_SIDECAR_IMAGE = $(AGENT_IMAGE)-sidecar BENCHMARK_JOB_IMAGE = $(NAME)-benchmark-job BENCHMARK_OPERATOR_IMAGE = $(NAME)-benchmark-operator BINFMT_IMAGE = $(NAME)-binfmt BUILDBASE_IMAGE = $(NAME)-buildbase BUILDKIT_IMAGE = $(NAME)-buildkit -BUILDKIT_SYFT_SCANNER_IMAGE = $(NAME)-buildkit-syft-scanner +BUILDKIT_SYFT_SCANNER_IMAGE = $(BUILDKIT_IMAGE)-syft-scanner CI_CONTAINER_IMAGE = $(NAME)-ci-container DEV_CONTAINER_IMAGE = $(NAME)-dev-container DISCOVERER_IMAGE = $(NAME)-discoverer-k8s @@ -49,6 +49,8 @@ MIRROR_GATEWAY_IMAGE = $(NAME)-mirror-gateway READREPLICA_ROTATE_IMAGE = $(NAME)-readreplica-rotate MAINTAINER = "$(ORG).org $(NAME) team <$(NAME)@$(ORG).org>" +DEFAULT_BUILDKIT_SYFT_SCANNER_IMAGE = $(GHCRORG)/$(BUILDKIT_SYFT_SCANNER_IMAGE):nightly + VERSION ?= $(eval VERSION := $(shell cat versions/VALD_VERSION))$(VERSION) NGT_REPO = github.com/yahoojapan/NGT diff --git a/Makefile.d/docker.mk b/Makefile.d/docker.mk index f9179ba659..858bd69e72 100644 --- a/Makefile.d/docker.mk +++ b/Makefile.d/docker.mk @@ -68,7 +68,7 @@ ifeq ($(REMOTE),true) --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg RUST_VERSION=$(RUST_VERSION) \ --build-arg MAINTAINER=$(MAINTAINER) \ - --attest type=sbom,generator=docker/buildkit-syft-scanner:edge \ + --attest type=sbom,generator=$(DEFAULT_BUILDKIT_SYFT_SCANNER_IMAGE) \ --provenance=mode=max \ -t $(CRORG)/$(IMAGE):$(TAG) \ -t $(GHCRORG)/$(IMAGE):$(TAG) \ @@ -229,6 +229,7 @@ docker/name/buildkit-syft-scanner: docker/build/buildkit-syft-scanner: @make DOCKERFILE="$(ROOTDIR)/dockers/buildkit/syft/scanner/Dockerfile" \ IMAGE=$(BUILDKIT_SYFT_SCANNER_IMAGE) \ + DEFAULT_BUILDKIT_SYFT_SCANNER_IMAGE="docker/buildkit-syft-scanner:edge" \ docker/build/image .PHONY: docker/name/ci-container diff --git a/dockers/agent/core/agent/Dockerfile b/dockers/agent/core/agent/Dockerfile index f6ab236dfa..f3195dde42 100644 --- a/dockers/agent/core/agent/Dockerfile +++ b/dockers/agent/core/agent/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -43,10 +39,9 @@ ENV REPO=vald ENV RUST_HOME=/usr/loacl/lib/rust ENV TZ=Etc/UTC ENV USER=root -ENV RUSTUP_HOME=${RUST_HOME}/rustup ENV CARGO_HOME=${RUST_HOME}/cargo +ENV RUSTUP_HOME=${RUST_HOME}/rustup ENV PATH=${CARGO_HOME}/bin:${RUSTUP_HOME}/bin:/usr/local/bin:${PATH} - WORKDIR ${HOME}/rust/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -92,12 +87,8 @@ RUN --mount=type=bind,target=.,rw \ && rm -rf rust/target # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/cc-debian12:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=agent - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/agent /usr/bin/agent # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/agent"] +ENTRYPOINT ["/usr/bin/agent"] \ No newline at end of file diff --git a/dockers/agent/core/faiss/Dockerfile b/dockers/agent/core/faiss/Dockerfile index c0802886bd..463e13494b 100644 --- a/dockers/agent/core/faiss/Dockerfile +++ b/dockers/agent/core/faiss/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -93,13 +88,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=faiss - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/faiss /usr/bin/faiss COPY cmd/agent/core/faiss/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/faiss"] +ENTRYPOINT ["/usr/bin/faiss"] \ No newline at end of file diff --git a/dockers/agent/core/ngt/Dockerfile b/dockers/agent/core/ngt/Dockerfile index 9d527114f5..cf0bbcdce2 100644 --- a/dockers/agent/core/ngt/Dockerfile +++ b/dockers/agent/core/ngt/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -92,13 +87,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=ngt - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/ngt /usr/bin/ngt COPY cmd/agent/core/ngt/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/ngt"] +ENTRYPOINT ["/usr/bin/ngt"] \ No newline at end of file diff --git a/dockers/agent/sidecar/Dockerfile b/dockers/agent/sidecar/Dockerfile index dce33212cb..2b06e565fd 100644 --- a/dockers/agent/sidecar/Dockerfile +++ b/dockers/agent/sidecar/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,12 +78,8 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=sidecar - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/sidecar /usr/bin/sidecar # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/sidecar"] +ENTRYPOINT ["/usr/bin/sidecar"] \ No newline at end of file diff --git a/dockers/binfmt/Dockerfile b/dockers/binfmt/Dockerfile index a90651f9c2..47284d17e2 100644 --- a/dockers/binfmt/Dockerfile +++ b/dockers/binfmt/Dockerfile @@ -15,4 +15,5 @@ # limitations under the License. # -FROM tonistiigi/binfmt:master AS builder +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go +FROM tonistiigi/binfmt:master AS builder \ No newline at end of file diff --git a/dockers/buildbase/Dockerfile b/dockers/buildbase/Dockerfile index 9be2e4b20b..6457b01457 100644 --- a/dockers/buildbase/Dockerfile +++ b/dockers/buildbase/Dockerfile @@ -15,4 +15,5 @@ # limitations under the License. # -FROM ubuntu:devel AS builder +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go +FROM ubuntu:devel AS builder \ No newline at end of file diff --git a/dockers/buildkit/Dockerfile b/dockers/buildkit/Dockerfile index 68079890a0..9dd722ea25 100644 --- a/dockers/buildkit/Dockerfile +++ b/dockers/buildkit/Dockerfile @@ -15,4 +15,5 @@ # limitations under the License. # -FROM moby/buildkit:master AS builder +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go +FROM moby/buildkit:master AS builder \ No newline at end of file diff --git a/dockers/buildkit/syft/scanner/Dockerfile b/dockers/buildkit/syft/scanner/Dockerfile index c729fa7298..4a23207c47 100644 --- a/dockers/buildkit/syft/scanner/Dockerfile +++ b/dockers/buildkit/syft/scanner/Dockerfile @@ -15,4 +15,5 @@ # limitations under the License. # +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go FROM docker/buildkit-syft-scanner:edge AS scanner diff --git a/dockers/ci/base/Dockerfile b/dockers/ci/base/Dockerfile index 0377c37a8f..09fccb1e35 100644 --- a/dockers/ci/base/Dockerfile +++ b/dockers/ci/base/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -51,7 +47,6 @@ ENV USER=root ENV RUSTUP_HOME=${RUST_HOME}/rustup ENV CARGO_HOME=${RUST_HOME}/cargo ENV PATH=${CARGO_HOME}/bin:${GOPATH}/bin:${GOROOT}/bin:${RUSTUP_HOME}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -128,4 +123,4 @@ RUN --mount=type=bind,target=.,rw \ && rm -rf ${GOPATH}/src/github.com/${ORG}/${REPO}/* # skipcq: DOK-DL3002 USER root:root -ENTRYPOINT ["/bin/bash"] +ENTRYPOINT ["/bin/bash"] \ No newline at end of file diff --git a/dockers/dev/Dockerfile b/dockers/dev/Dockerfile index 64f94085bb..502f386e97 100644 --- a/dockers/dev/Dockerfile +++ b/dockers/dev/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM mcr.microsoft.com/devcontainers/base:ubuntu22.04 -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -48,10 +44,9 @@ ENV REPO=vald ENV RUST_HOME=/usr/loacl/lib/rust ENV TZ=Etc/UTC ENV USER=root -ENV RUSTUP_HOME=${RUST_HOME}/rustup ENV CARGO_HOME=${RUST_HOME}/cargo +ENV RUSTUP_HOME=${RUST_HOME}/rustup ENV PATH=${CARGO_HOME}/bin:${GOPATH}/bin:${GOROOT}/bin:${RUSTUP_HOME}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -147,4 +142,4 @@ RUN --mount=type=bind,target=.,rw \ && make faiss/install \ && rm -rf ${GOPATH}/src/github.com/${ORG}/${REPO}/* # skipcq: DOK-DL3002 -USER root:root +USER root:root \ No newline at end of file diff --git a/dockers/discoverer/k8s/Dockerfile b/dockers/discoverer/k8s/Dockerfile index c299a75482..19e5953ee2 100644 --- a/dockers/discoverer/k8s/Dockerfile +++ b/dockers/discoverer/k8s/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=discoverer - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/discoverer /usr/bin/discoverer COPY cmd/discoverer/k8s/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/discoverer"] +ENTRYPOINT ["/usr/bin/discoverer"] \ No newline at end of file diff --git a/dockers/gateway/filter/Dockerfile b/dockers/gateway/filter/Dockerfile index 0f654a91fb..b523b5e5b8 100644 --- a/dockers/gateway/filter/Dockerfile +++ b/dockers/gateway/filter/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=filter - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/filter /usr/bin/filter COPY cmd/gateway/filter/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/filter"] +ENTRYPOINT ["/usr/bin/filter"] \ No newline at end of file diff --git a/dockers/gateway/lb/Dockerfile b/dockers/gateway/lb/Dockerfile index ef4e7f948b..2f8c91768b 100644 --- a/dockers/gateway/lb/Dockerfile +++ b/dockers/gateway/lb/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=lb - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/lb /usr/bin/lb COPY cmd/gateway/lb/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/lb"] +ENTRYPOINT ["/usr/bin/lb"] \ No newline at end of file diff --git a/dockers/gateway/mirror/Dockerfile b/dockers/gateway/mirror/Dockerfile index 0fab8b0ae8..9b97231c74 100644 --- a/dockers/gateway/mirror/Dockerfile +++ b/dockers/gateway/mirror/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=mirror - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/mirror /usr/bin/mirror COPY cmd/gateway/mirror/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/mirror"] +ENTRYPOINT ["/usr/bin/mirror"] \ No newline at end of file diff --git a/dockers/index/job/correction/Dockerfile b/dockers/index/job/correction/Dockerfile index e7722176c1..01e3818c56 100644 --- a/dockers/index/job/correction/Dockerfile +++ b/dockers/index/job/correction/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=index-correction - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/index-correction /usr/bin/index-correction COPY cmd/index/job/correction/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/index-correction"] +ENTRYPOINT ["/usr/bin/index-correction"] \ No newline at end of file diff --git a/dockers/index/job/creation/Dockerfile b/dockers/index/job/creation/Dockerfile index e9edc205da..d656b3ad22 100644 --- a/dockers/index/job/creation/Dockerfile +++ b/dockers/index/job/creation/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=index-creation - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/index-creation /usr/bin/index-creation COPY cmd/index/job/creation/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/index-creation"] +ENTRYPOINT ["/usr/bin/index-creation"] \ No newline at end of file diff --git a/dockers/index/job/readreplica/rotate/Dockerfile b/dockers/index/job/readreplica/rotate/Dockerfile index c529c6c2f9..bdb0ec7664 100644 --- a/dockers/index/job/readreplica/rotate/Dockerfile +++ b/dockers/index/job/readreplica/rotate/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=readreplica-rotate - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/readreplica-rotate /usr/bin/readreplica-rotate COPY cmd/index/job/readreplica/rotate/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/readreplica-rotate"] +ENTRYPOINT ["/usr/bin/readreplica-rotate"] \ No newline at end of file diff --git a/dockers/index/job/save/Dockerfile b/dockers/index/job/save/Dockerfile index 0f85ffd49d..fdd674abd4 100644 --- a/dockers/index/job/save/Dockerfile +++ b/dockers/index/job/save/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=index-save - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/index-save /usr/bin/index-save COPY cmd/index/job/save/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/index-save"] +ENTRYPOINT ["/usr/bin/index-save"] \ No newline at end of file diff --git a/dockers/index/operator/Dockerfile b/dockers/index/operator/Dockerfile index 401709102b..23e9aae514 100644 --- a/dockers/index/operator/Dockerfile +++ b/dockers/index/operator/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=index-operator - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/index-operator /usr/bin/index-operator COPY cmd/index/operator/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/index-operator"] +ENTRYPOINT ["/usr/bin/index-operator"] \ No newline at end of file diff --git a/dockers/manager/index/Dockerfile b/dockers/manager/index/Dockerfile index 6511753f3d..edecb98a6c 100644 --- a/dockers/manager/index/Dockerfile +++ b/dockers/manager/index/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=index - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/index /usr/bin/index COPY cmd/manager/index/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/index"] +ENTRYPOINT ["/usr/bin/index"] \ No newline at end of file diff --git a/dockers/operator/helm/Dockerfile b/dockers/operator/helm/Dockerfile index f7aa160840..db24094790 100644 --- a/dockers/operator/helm/Dockerfile +++ b/dockers/operator/helm/Dockerfile @@ -15,20 +15,16 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 ARG OPERATOR_SDK_VERSION=latest # skipcq: DOK-DL3026,DOK-DL3007 FROM quay.io/operator-framework/helm-operator:${OPERATOR_SDK_VERSION} AS operator # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -49,7 +45,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} COPY --from=operator /usr/local/bin/${APP_NAME} /usr/bin/${APP_NAME} SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -102,15 +97,11 @@ RUN --mount=type=bind,target=.,rw \ && upx "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=helm-operator - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/helm-operator /usr/bin/helm-operator COPY --from=builder /opt/helm/watches.yaml /opt/helm/watches.yaml COPY --from=builder /opt/helm/charts/vald /opt/helm/charts/vald COPY --from=builder /opt/helm/charts/vald-helm-operator /opt/helm/charts/vald-helm-operator # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/helm-operator", "run", "--watches-file=/opt/helm/watches.yaml"] +ENTRYPOINT ["/usr/bin/helm-operator", "run", "--watches-file=/opt/helm/watches.yaml"] \ No newline at end of file diff --git a/dockers/tools/benchmark/job/Dockerfile b/dockers/tools/benchmark/job/Dockerfile index 0f07796cae..65da31d468 100644 --- a/dockers/tools/benchmark/job/Dockerfile +++ b/dockers/tools/benchmark/job/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -91,13 +86,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=job - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/job /usr/bin/job COPY cmd/tools/benchmark/job/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/job"] +ENTRYPOINT ["/usr/bin/job"] \ No newline at end of file diff --git a/dockers/tools/benchmark/operator/Dockerfile b/dockers/tools/benchmark/operator/Dockerfile index 6268951b66..283773b11e 100644 --- a/dockers/tools/benchmark/operator/Dockerfile +++ b/dockers/tools/benchmark/operator/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -83,13 +78,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=operator - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/operator /usr/bin/operator COPY cmd/tools/benchmark/operator/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/operator"] +ENTRYPOINT ["/usr/bin/operator"] \ No newline at end of file diff --git a/dockers/tools/cli/loadtest/Dockerfile b/dockers/tools/cli/loadtest/Dockerfile index 7f330682a3..ffbea81b05 100644 --- a/dockers/tools/cli/loadtest/Dockerfile +++ b/dockers/tools/cli/loadtest/Dockerfile @@ -15,17 +15,13 @@ # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go - +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go ARG UPX_OPTIONS=-9 # skipcq: DOK-DL3026,DOK-DL3007 FROM ghcr.io/vdaas/vald/vald-buildbase:nightly AS builder -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - +LABEL maintainer="vdaas.org vald team " # skipcq: DOK-DL3002 USER root:root - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION @@ -46,7 +42,6 @@ ENV REPO=vald ENV TZ=Etc/UTC ENV USER=root ENV PATH=${GOPATH}/bin:${GOROOT}/bin:/usr/local/bin:${PATH} - WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} SHELL ["/bin/bash", "-o", "pipefail", "-c"] #skipcq: DOK-W1001, DOK-SC2046, DOK-SC2086, DOK-DL3008 @@ -91,13 +86,9 @@ RUN --mount=type=bind,target=.,rw \ && mv "cmd/${PKG}/${APP_NAME}" "/usr/bin/${APP_NAME}" # skipcq: DOK-DL3026,DOK-DL3007 FROM gcr.io/distroless/static:nonroot -ARG MAINTAINER="vdaas.org vald team " -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME=loadtest - -COPY --from=builder /usr/bin/${APP_NAME} /usr/bin/${APP_NAME} +LABEL maintainer="vdaas.org vald team " +COPY --from=builder /usr/bin/loadtest /usr/bin/loadtest COPY cmd/tools/cli/loadtest/sample.yaml /etc/server/config.yaml # skipcq: DOK-DL3002 USER nonroot:nonroot -ENTRYPOINT ["/usr/bin/loadtest"] +ENTRYPOINT ["/usr/bin/loadtest"] \ No newline at end of file diff --git a/go.mod b/go.mod index 2db586b22a..333ed08f29 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ replace ( git.sr.ht/~sbinet/gg => git.sr.ht/~sbinet/gg v0.5.0 github.com/Azure/azure-amqp-common-go/v3 => github.com/Azure/azure-amqp-common-go/v3 v3.2.3 github.com/Azure/azure-sdk-for-go => github.com/Azure/azure-sdk-for-go v68.0.0+incompatible - github.com/Azure/azure-sdk-for-go/sdk/azcore => github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore => github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity => github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/Azure/azure-sdk-for-go/sdk/internal => github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 github.com/Azure/go-amqp => github.com/Azure/go-amqp v1.0.5 @@ -225,7 +225,7 @@ replace ( github.com/niemeyer/pretty => github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e github.com/nxadm/tail => github.com/nxadm/tail v1.4.11 github.com/onsi/ginkgo => github.com/onsi/ginkgo v1.16.5 - github.com/onsi/ginkgo/v2 => github.com/onsi/ginkgo/v2 v2.19.1 + github.com/onsi/ginkgo/v2 => github.com/onsi/ginkgo/v2 v2.20.0 github.com/onsi/gomega => github.com/onsi/gomega v1.34.1 github.com/peterbourgon/diskv => github.com/peterbourgon/diskv v2.0.1+incompatible github.com/phpdave11/gofpdf => github.com/phpdave11/gofpdf v1.4.2 @@ -314,7 +314,7 @@ replace ( gonum.org/v1/gonum => gonum.org/v1/gonum v0.15.0 gonum.org/v1/hdf5 => gonum.org/v1/hdf5 v0.0.0-20210714002203-8c5d23bc6946 gonum.org/v1/plot => gonum.org/v1/plot v0.14.0 - google.golang.org/api => google.golang.org/api v0.190.0 + google.golang.org/api => google.golang.org/api v0.191.0 google.golang.org/appengine => google.golang.org/appengine v1.6.8 google.golang.org/genproto => google.golang.org/genproto v0.0.0-20240805194559-2c9e96a0b5d4 google.golang.org/genproto/googleapis/api => google.golang.org/genproto/googleapis/api v0.0.0-20240805194559-2c9e96a0b5d4 @@ -397,11 +397,11 @@ require ( go.uber.org/zap v1.27.0 gocloud.dev v0.0.0-00010101000000-000000000000 golang.org/x/net v0.28.0 - golang.org/x/oauth2 v0.21.0 + golang.org/x/oauth2 v0.22.0 golang.org/x/sync v0.8.0 golang.org/x/sys v0.23.0 golang.org/x/text v0.17.0 - golang.org/x/time v0.5.0 + golang.org/x/time v0.6.0 golang.org/x/tools v0.24.0 gonum.org/v1/hdf5 v0.0.0-00010101000000-000000000000 gonum.org/v1/plot v0.14.0 diff --git a/go.sum b/go.sum index d0de794fc3..106b02efec 100644 --- a/go.sum +++ b/go.sum @@ -551,8 +551,8 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= -github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= +github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= +github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= @@ -725,8 +725,8 @@ gonum.org/v1/hdf5 v0.0.0-20210714002203-8c5d23bc6946 h1:vJpL69PeUullhJyKtTjHjENE gonum.org/v1/hdf5 v0.0.0-20210714002203-8c5d23bc6946/go.mod h1:BQUWDHIAygjdt1HnUPQ0eWqLN2n5FwJycrpYUVUOx2I= gonum.org/v1/plot v0.14.0 h1:+LBDVFYwFe4LHhdP8coW6296MBEY4nQ+Y4vuUpJopcE= gonum.org/v1/plot v0.14.0/go.mod h1:MLdR9424SJed+5VqC6MsouEpig9pZX2VZ57H9ko2bXU= -google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= -google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= +google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= +google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20240805194559-2c9e96a0b5d4 h1:g+rQ3aqOyXK/0qwnC5TGUXnyIeipstP5SsniB9uPJ2c= google.golang.org/genproto v0.0.0-20240805194559-2c9e96a0b5d4/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc= diff --git a/hack/docker/gen/main.go b/hack/docker/gen/main.go index e50d87c7c2..7750270efc 100644 --- a/hack/docker/gen/main.go +++ b/hack/docker/gen/main.go @@ -54,8 +54,11 @@ var tmpl = fmt.Sprintf(`# syntax = docker/dockerfile:latest # limitations under the License. # -# DO_NOT_EDIT this Dockerfile is generated by hack/docker/gen/main.go +# DO_NOT_EDIT this Dockerfile is generated by https://github.com/vdaas/vald/blob/main/hack/docker/gen/main.go +{{- if .AliasImage }} +FROM {{.BuilderImage}}:{{.BuilderTag}} AS {{.BuildStageName}} +{{- else}} ARG UPX_OPTIONS=-9 {{- range $key, $value := .Arguments }} @@ -66,22 +69,17 @@ ARG {{$key}}={{$value}} FROM {{$image}} {{- end}} # skipcq: DOK-DL3026,DOK-DL3007 -FROM {{.BuilderImage}}:{{.BuilderTag}}{{if and (not (eq (ContainerName .ContainerType) "%s")) (not (eq (ContainerName .ContainerType) "%s"))}} AS builder {{- end}} -ARG MAINTAINER="{{.Maintainer}}" -LABEL maintainer="${MAINTAINER}" - +FROM {{.BuilderImage}}:{{.BuilderTag}}{{if and (not (eq (ContainerName .ContainerType) "%s")) (not (eq (ContainerName .ContainerType) "%s"))}} AS {{.BuildStageName}} {{- end}} +LABEL maintainer="{{.Maintainer}}" # skipcq: DOK-DL3002 USER {{.BuildUser}} - ARG TARGETARCH ARG TARGETOS ARG GO_VERSION ARG RUST_VERSION - {{- range $keyValue := .EnvironmentsSlice }} ENV {{$keyValue}} {{- end}} - WORKDIR {{.RootDir}}/${ORG}/${REPO} {{- range $files := .ExtraCopies }} COPY {{$files}} @@ -125,16 +123,11 @@ RUN {{RunMounts .RunMounts}}\ && apt-get autoclean -y \ && apt-get autoremove -y \ && {{RunCommands .RunCommands}} - {{- if and (not (eq (ContainerName .ContainerType) "%s")) (not (eq (ContainerName .ContainerType) "%s"))}} # skipcq: DOK-DL3026,DOK-DL3007 FROM {{.RuntimeImage}}:{{.RuntimeTag}} -ARG MAINTAINER="{{.Maintainer}}" -LABEL maintainer="${MAINTAINER}" - -ENV APP_NAME={{.AppName}} - -COPY --from=builder {{.BinDir}}/${APP_NAME} {{.BinDir}}/${APP_NAME} +LABEL maintainer="{{.Maintainer}}" +COPY --from=builder {{.BinDir}}/{{.AppName}} {{.BinDir}}/{{.AppName}} {{- if .ConfigExists }} COPY cmd/{{.PackageDir}}/sample.yaml /etc/server/config.yaml {{- end}} @@ -144,11 +137,11 @@ COPY --from=builder {{$file}} {{$file}} {{- end}} # skipcq: DOK-DL3002 USER {{.RuntimeUser}} - {{- if .Entrypoints}} ENTRYPOINT [{{Entrypoint .Entrypoints}}] {{- else if and (not (eq (ContainerName .ContainerType) "%s")) (not (eq (ContainerName .ContainerType) "%s"))}} ENTRYPOINT ["{{.BinDir}}/{{.AppName}}"] +{{- end}} {{- end}}`, DevContainer.String(), CIContainer.String(), DevContainer.String(), DevContainer.String(), @@ -195,6 +188,7 @@ var docker = template.Must(template.New("Dockerfile").Funcs(template.FuncMap{ }).Parse(tmpl)) type Data struct { + AliasImage bool ConfigExists bool Year int ContainerType ContainerType @@ -203,6 +197,7 @@ type Data struct { BuildUser string BuilderImage string BuilderTag string + BuildStageName string Maintainer string PackageDir string RootDir string @@ -236,6 +231,7 @@ const ( defaultRuntimeTag = "nonroot" defaultRuntimeUser = "nonroot:nonroot" defaultBuildUser = "root:root" + defaultBuildStageName = "builder" maintainerKey = "MAINTAINER" minimumArgumentLength = 2 ubuntuVersion = "22.04" @@ -669,6 +665,35 @@ func main() { ngtPreprocess, faissPreprocess)...), }, + "vald-buildbase": { + AppName: "buildbase", + AliasImage: true, + PackageDir: "buildbase", + BuilderImage: "ubuntu", + BuilderTag: "devel", + }, + "vald-buildkit": { + AppName: "buildkit", + AliasImage: true, + PackageDir: "buildkit", + BuilderImage: "moby/buildkit", + BuilderTag: "master", + }, + "vald-binfmt": { + AppName: "binfmt", + AliasImage: true, + PackageDir: "binfmt", + BuilderImage: "tonistiigi/binfmt", + BuilderTag: "master", + }, + "vald-buildkit-syft-scanner": { + AppName: "scanner", + AliasImage: true, + PackageDir: "buildkit/syft/scanner", + BuilderImage: "docker/buildkit-syft-scanner", + BuilderTag: "edge", + BuildStageName: "scanner", + }, } { name := n data := d @@ -694,11 +719,12 @@ func main() { if data.RuntimeUser == "" { data.RuntimeUser = defaultRuntimeUser } - if data.BuildUser == "" { data.BuildUser = defaultBuildUser } - + if data.BuildStageName == "" { + data.BuildStageName = defaultBuildStageName + } if data.Environments != nil { data.Environments = appendM(data.Environments, defaultEnvironments) } else { diff --git a/k8s/discoverer/deployment.yaml b/k8s/discoverer/deployment.yaml index d14a6b9bdc..d90fce6ddc 100644 --- a/k8s/discoverer/deployment.yaml +++ b/k8s/discoverer/deployment.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/instance: release-name app.kubernetes.io/component: discoverer annotations: - checksum/configmap: 907c35fdcb537ed8572fe186653ff813cb0f8af4428efaa9cd40ad84b1311101 + checksum/configmap: 2ca8f5721cdc6f8582f3701cf8ed2a34de7732052bd54bce90880889025d50d1 profefe.com/enable: "true" profefe.com/port: "6060" profefe.com/service: vald-discoverer diff --git a/k8s/gateway/gateway/lb/deployment.yaml b/k8s/gateway/gateway/lb/deployment.yaml index a6217c029e..185431d1de 100644 --- a/k8s/gateway/gateway/lb/deployment.yaml +++ b/k8s/gateway/gateway/lb/deployment.yaml @@ -45,7 +45,7 @@ spec: app.kubernetes.io/instance: release-name app.kubernetes.io/component: gateway-lb annotations: - checksum/configmap: 92b60d09b5e957c16d7a665138f8ddd8765c38d47df0740b05e55871ddd20cf4 + checksum/configmap: 39f04e0b0c8ba58e4abaa66146b382efd4c3b9349019967d926267ecafed7b37 profefe.com/enable: "true" profefe.com/port: "6060" profefe.com/service: vald-lb-gateway diff --git a/k8s/index/operator/configmap.yaml b/k8s/index/operator/configmap.yaml index 2643183955..97fe02f30b 100644 --- a/k8s/index/operator/configmap.yaml +++ b/k8s/index/operator/configmap.yaml @@ -25,4 +25,4 @@ metadata: app.kubernetes.io/version: v1.7.13 app.kubernetes.io/component: index-operator data: - config.yaml: "---\nversion: v0.0.0\ntime_zone: UTC\nlogging:\n format: raw\n level: debug\n logger: glg\nserver_config:\n servers:\n - name: grpc\n host: 0.0.0.0\n port: 8081\n grpc:\n bidirectional_stream_concurrency: 20\n connection_timeout: \"\"\n enable_admin: true\n enable_reflection: true\n header_table_size: 0\n initial_conn_window_size: 2097152\n initial_window_size: 1048576\n interceptors:\n - RecoverInterceptor\n keepalive:\n max_conn_age: \"\"\n max_conn_age_grace: \"\"\n max_conn_idle: \"\"\n min_time: 10m\n permit_without_stream: false\n time: 3h\n timeout: 60s\n max_header_list_size: 0\n max_receive_message_size: 0\n max_send_message_size: 0\n read_buffer_size: 0\n write_buffer_size: 0\n mode: GRPC\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: false\n tcp_no_delay: false\n tcp_quick_ack: false\n socket_path: \"\"\n health_check_servers:\n - name: liveness\n host: 0.0.0.0\n port: 3000\n http:\n handler_timeout: \"\"\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: \"\"\n read_header_timeout: \"\"\n read_timeout: \"\"\n shutdown_duration: 5s\n write_timeout: \"\"\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: true\n tcp_no_delay: true\n tcp_quick_ack: true\n socket_path: \"\"\n - name: readiness\n host: 0.0.0.0\n port: 3001\n http:\n handler_timeout: \"\"\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: \"\"\n read_header_timeout: \"\"\n read_timeout: \"\"\n shutdown_duration: 0s\n write_timeout: \"\"\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: true\n tcp_no_delay: true\n tcp_quick_ack: true\n socket_path: \"\"\n metrics_servers:\n - name: pprof\n host: 0.0.0.0\n port: 6060\n http:\n handler_timeout: 5s\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: 2s\n read_header_timeout: 1s\n read_timeout: 1s\n shutdown_duration: 5s\n write_timeout: 1m\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: true\n tcp_defer_accept: false\n tcp_fast_open: false\n tcp_no_delay: false\n tcp_quick_ack: false\n socket_path: \"\"\n startup_strategy:\n - liveness\n - pprof\n - grpc\n - readiness\n shutdown_strategy:\n - readiness\n - grpc\n - pprof\n - liveness\n full_shutdown_duration: 600s\n tls:\n ca: /path/to/ca\n cert: /path/to/cert\n enabled: false\n insecure_skip_verify: false\n key: /path/to/key\nobservability:\n enabled: false\n otlp:\n collector_endpoint: \"\"\n trace_batch_timeout: \"1s\"\n trace_export_timeout: \"1m\"\n trace_max_export_batch_size: 1024\n trace_max_queue_size: 256\n metrics_export_interval: \"1s\"\n metrics_export_timeout: \"1m\"\n attribute:\n namespace: \"_MY_POD_NAMESPACE_\"\n pod_name: \"_MY_POD_NAME_\"\n node_name: \"_MY_NODE_NAME_\"\n service_name: \"vald-index-operator\"\n metrics:\n enable_cgo: true\n enable_goroutine: true\n enable_memory: true\n enable_version_info: true\n version_info_labels:\n - vald_version\n - server_name\n - git_commit\n - build_time\n - go_version\n - go_os\n - go_arch\n - algorithm_info\n trace:\n enabled: false\noperator:\n namespace: _MY_POD_NAMESPACE_\n agent_name: vald-agent\n agent_namespace: \n rotator_name: vald-readreplica-rotate\n target_read_replica_id_annotations_key: vald.vdaas.org/target-read-replica-id\n rotation_job_concurrency: 2\n read_replica_enabled: false\n read_replica_label_key: vald-readreplica-id\n job_templates:\n rotate:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-readreplica-rotate\n labels:\n app: vald-readreplica-rotate\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-readreplica-rotate\n app.kubernetes.io/version: v1.7.12\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-readreplica-rotate\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-readreplica-rotate\n app.kubernetes.io/version: v1.7.12\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-readreplica-rotate\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n containers:\n - name: vald-readreplica-rotate\n image: \"vdaas/vald-readreplica-rotate:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-readreplica-rotate-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n runAsGroup: 65532\n runAsNonRoot: true\n runAsUser: 65532\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: TARGET_READREPLICA_ID_RELEASE_NAME_DEFAULT_VALD\n valueFrom:\n fieldRef:\n fieldPath: metadata.annotations['vald.vdaas.org/target-read-replica-id']\n securityContext:\n fsGroup: 65532\n fsGroupChangePolicy: OnRootMismatch\n runAsGroup: 65532\n runAsNonRoot: true\n runAsUser: 65532\n restartPolicy: OnFailure\n volumes:\n - name: vald-readreplica-rotate-config\n configMap:\n defaultMode: 420\n name: vald-readreplica-rotate-config\n serviceAccountName: vald-readreplica-rotate\n creation:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-creation\n labels:\n app: vald-index-creation\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-creation\n app.kubernetes.io/version: v1.7.12\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-creation\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-creation\n app.kubernetes.io/version: v1.7.12\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-creation\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-creation\n image: \"vdaas/vald-index-creation:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-creation-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-creation-config\n configMap:\n defaultMode: 420\n name: vald-index-creation-config\n save:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-save\n labels:\n app: vald-index-save\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-save\n app.kubernetes.io/version: v1.7.12\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-save\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-save\n app.kubernetes.io/version: v1.7.12\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-save\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-save\n image: \"vdaas/vald-index-save:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-save-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-save-config\n configMap:\n defaultMode: 420\n name: vald-index-save-config\n correction:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-correction\n labels:\n app: vald-index-correction\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-correction\n app.kubernetes.io/version: v1.7.12\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-correction\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.12\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-correction\n app.kubernetes.io/version: v1.7.12\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-correction\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-correction\n image: \"vdaas/vald-index-correction:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-correction-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-correction-config\n configMap:\n defaultMode: 420\n name: vald-index-correction-config\n" + config.yaml: "---\nversion: v0.0.0\ntime_zone: UTC\nlogging:\n format: raw\n level: debug\n logger: glg\nserver_config:\n servers:\n - name: grpc\n host: 0.0.0.0\n port: 8081\n grpc:\n bidirectional_stream_concurrency: 20\n connection_timeout: \"\"\n enable_admin: true\n enable_reflection: true\n header_table_size: 0\n initial_conn_window_size: 2097152\n initial_window_size: 1048576\n interceptors:\n - RecoverInterceptor\n keepalive:\n max_conn_age: \"\"\n max_conn_age_grace: \"\"\n max_conn_idle: \"\"\n min_time: 10m\n permit_without_stream: false\n time: 3h\n timeout: 60s\n max_header_list_size: 0\n max_receive_message_size: 0\n max_send_message_size: 0\n read_buffer_size: 0\n write_buffer_size: 0\n mode: GRPC\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: false\n tcp_no_delay: false\n tcp_quick_ack: false\n socket_path: \"\"\n health_check_servers:\n - name: liveness\n host: 0.0.0.0\n port: 3000\n http:\n handler_timeout: \"\"\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: \"\"\n read_header_timeout: \"\"\n read_timeout: \"\"\n shutdown_duration: 5s\n write_timeout: \"\"\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: true\n tcp_no_delay: true\n tcp_quick_ack: true\n socket_path: \"\"\n - name: readiness\n host: 0.0.0.0\n port: 3001\n http:\n handler_timeout: \"\"\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: \"\"\n read_header_timeout: \"\"\n read_timeout: \"\"\n shutdown_duration: 0s\n write_timeout: \"\"\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: false\n tcp_defer_accept: false\n tcp_fast_open: true\n tcp_no_delay: true\n tcp_quick_ack: true\n socket_path: \"\"\n metrics_servers:\n - name: pprof\n host: 0.0.0.0\n port: 6060\n http:\n handler_timeout: 5s\n http2:\n enabled: false\n handler_limit: 0\n max_concurrent_streams: 0\n max_decoder_header_table_size: 4096\n max_encoder_header_table_size: 4096\n max_read_frame_size: 0\n max_upload_buffer_per_connection: 0\n max_upload_buffer_per_stream: 0\n permit_prohibited_cipher_suites: true\n idle_timeout: 2s\n read_header_timeout: 1s\n read_timeout: 1s\n shutdown_duration: 5s\n write_timeout: 1m\n mode: REST\n network: tcp\n probe_wait_time: 3s\n restart: true\n socket_option:\n ip_recover_destination_addr: false\n ip_transparent: false\n reuse_addr: true\n reuse_port: true\n tcp_cork: true\n tcp_defer_accept: false\n tcp_fast_open: false\n tcp_no_delay: false\n tcp_quick_ack: false\n socket_path: \"\"\n startup_strategy:\n - liveness\n - pprof\n - grpc\n - readiness\n shutdown_strategy:\n - readiness\n - grpc\n - pprof\n - liveness\n full_shutdown_duration: 600s\n tls:\n ca: /path/to/ca\n cert: /path/to/cert\n enabled: false\n insecure_skip_verify: false\n key: /path/to/key\nobservability:\n enabled: false\n otlp:\n collector_endpoint: \"\"\n trace_batch_timeout: \"1s\"\n trace_export_timeout: \"1m\"\n trace_max_export_batch_size: 1024\n trace_max_queue_size: 256\n metrics_export_interval: \"1s\"\n metrics_export_timeout: \"1m\"\n attribute:\n namespace: \"_MY_POD_NAMESPACE_\"\n pod_name: \"_MY_POD_NAME_\"\n node_name: \"_MY_NODE_NAME_\"\n service_name: \"vald-index-operator\"\n metrics:\n enable_cgo: true\n enable_goroutine: true\n enable_memory: true\n enable_version_info: true\n version_info_labels:\n - vald_version\n - server_name\n - git_commit\n - build_time\n - go_version\n - go_os\n - go_arch\n - algorithm_info\n trace:\n enabled: false\noperator:\n namespace: _MY_POD_NAMESPACE_\n agent_name: vald-agent\n agent_namespace: \n rotator_name: vald-readreplica-rotate\n target_read_replica_id_annotations_key: vald.vdaas.org/target-read-replica-id\n rotation_job_concurrency: 2\n read_replica_enabled: false\n read_replica_label_key: vald-readreplica-id\n job_templates:\n rotate:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-readreplica-rotate\n labels:\n app: vald-readreplica-rotate\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-readreplica-rotate\n app.kubernetes.io/version: v1.7.13\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-readreplica-rotate\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-readreplica-rotate\n app.kubernetes.io/version: v1.7.13\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-readreplica-rotate\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n containers:\n - name: vald-readreplica-rotate\n image: \"vdaas/vald-readreplica-rotate:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-readreplica-rotate-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n runAsGroup: 65532\n runAsNonRoot: true\n runAsUser: 65532\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: TARGET_READREPLICA_ID_RELEASE_NAME_DEFAULT_VALD\n valueFrom:\n fieldRef:\n fieldPath: metadata.annotations['vald.vdaas.org/target-read-replica-id']\n securityContext:\n fsGroup: 65532\n fsGroupChangePolicy: OnRootMismatch\n runAsGroup: 65532\n runAsNonRoot: true\n runAsUser: 65532\n restartPolicy: OnFailure\n volumes:\n - name: vald-readreplica-rotate-config\n configMap:\n defaultMode: 420\n name: vald-readreplica-rotate-config\n serviceAccountName: vald-readreplica-rotate\n creation:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-creation\n labels:\n app: vald-index-creation\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-creation\n app.kubernetes.io/version: v1.7.13\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-creation\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-creation\n app.kubernetes.io/version: v1.7.13\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-creation\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-creation\n image: \"vdaas/vald-index-creation:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-creation-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-creation-config\n configMap:\n defaultMode: 420\n name: vald-index-creation-config\n save:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-save\n labels:\n app: vald-index-save\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-save\n app.kubernetes.io/version: v1.7.13\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-save\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-save\n app.kubernetes.io/version: v1.7.13\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-save\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-save\n image: \"vdaas/vald-index-save:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-save-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-save-config\n configMap:\n defaultMode: 420\n name: vald-index-save-config\n correction:\n apiVersion: batch/v1\n kind: Job\n metadata:\n name: vald-index-correction\n labels:\n app: vald-index-correction\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-correction\n app.kubernetes.io/version: v1.7.13\n spec:\n ttlSecondsAfterFinished: 86400\n template:\n metadata:\n labels:\n app: vald-index-correction\n app.kubernetes.io/name: vald\n helm.sh/chart: vald-v1.7.13\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/instance: release-name\n app.kubernetes.io/component: vald-index-correction\n app.kubernetes.io/version: v1.7.13\n annotations:\n pyroscope.io/scrape: \"true\"\n pyroscope.io/application-name: vald-index-correction\n pyroscope.io/profile-cpu-enabled: \"true\"\n pyroscope.io/profile-mem-enabled: \"true\"\n pyroscope.io/port: \"6060\"\n spec:\n initContainers:\n - name: wait-for-agent\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-agent.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for agent to be ready...\"\n sleep 2;\n done\n - name: wait-for-discoverer\n image: busybox:stable\n command:\n - /bin/sh\n - -e\n - -c\n - |\n until [ \"$(wget --server-response --spider --quiet http://vald-discoverer.default.svc.cluster.local:3001/readiness 2>&1 | awk 'NR==1{print $2}')\" == \"200\" ]; do\n echo \"waiting for discoverer to be ready...\"\n sleep 2;\n done\n containers:\n - name: vald-index-correction\n image: \"vdaas/vald-index-correction:nightly\"\n imagePullPolicy: Always\n volumeMounts:\n - name: vald-index-correction-config\n mountPath: /etc/server/\n livenessProbe:\n failureThreshold: 2\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n readinessProbe:\n failureThreshold: 2\n httpGet:\n path: /readiness\n port: readiness\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 2\n startupProbe:\n failureThreshold: 30\n httpGet:\n path: /liveness\n port: liveness\n scheme: HTTP\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 2\n ports:\n - name: liveness\n protocol: TCP\n containerPort: 3000\n - name: readiness\n protocol: TCP\n containerPort: 3001\n - name: grpc\n protocol: TCP\n containerPort: 8081\n - name: pprof\n protocol: TCP\n containerPort: 6060\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n restartPolicy: OnFailure\n volumes:\n - name: vald-index-correction-config\n configMap:\n defaultMode: 420\n name: vald-index-correction-config\n" diff --git a/k8s/index/operator/deployment.yaml b/k8s/index/operator/deployment.yaml index d6c02d3ac2..ccd69b7125 100644 --- a/k8s/index/operator/deployment.yaml +++ b/k8s/index/operator/deployment.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/instance: release-name app.kubernetes.io/component: operator annotations: - checksum/configmap: eae6b3eac702f445f9b5a0d1495af9917479303b103f986c10b5b3db9d749086 + checksum/configmap: c9c0a97792fa0594fb6ae3946f4d7294a9e2fbc782b48b82272db25754ddc5ff pyroscope.io/scrape: "true" pyroscope.io/application-name: vald-index-operator pyroscope.io/profile-cpu-enabled: "true" diff --git a/k8s/manager/index/deployment.yaml b/k8s/manager/index/deployment.yaml index 1caef441d3..a56659a1c4 100644 --- a/k8s/manager/index/deployment.yaml +++ b/k8s/manager/index/deployment.yaml @@ -46,7 +46,7 @@ spec: app.kubernetes.io/instance: release-name app.kubernetes.io/component: manager-index annotations: - checksum/configmap: 749ebf7ce611dafee119650baad5ea66a08b3b5df9858d4bce9a94ef86851e9c + checksum/configmap: 876907cfbfbcab80cd72c01874d8651958d9dfe9e5a8e3474ecb3afd2e62dbda profefe.com/enable: "true" profefe.com/port: "6060" profefe.com/service: vald-manager-index diff --git a/rust/Cargo.lock b/rust/Cargo.lock index e9f1917e8d..c9e69d71a6 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -175,9 +175,9 @@ checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" [[package]] name = "cc" -version = "1.1.7" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26a5c3fd7bfa1ce3897a3a3501d362b2d87b7f2583ebcb4a949ec25911025cbc" +checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" [[package]] name = "cfg-if" @@ -592,9 +592,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.2" +version = "0.36.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" +checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" dependencies = [ "memchr", ] diff --git a/versions/JAEGER_OPERATOR_VERSION b/versions/JAEGER_OPERATOR_VERSION index c2576f1624..5f46e11eed 100644 --- a/versions/JAEGER_OPERATOR_VERSION +++ b/versions/JAEGER_OPERATOR_VERSION @@ -1 +1 @@ -2.55.0 +2.56.0