diff --git a/build/BUILD b/build/BUILD index d8dec66d8d..3ac15d0705 100644 --- a/build/BUILD +++ b/build/BUILD @@ -2,7 +2,7 @@ package(default_visibility = ["//visibility:public"]) load("@io_k8s_repo_infra//defs:build.bzl", "release_filegroup") load(":code_generation_test.bzl", "code_generation_test_suite") -load(":container.bzl", "multi_arch_container") +load(":container.bzl", "multi_arch_container", "multi_arch_container_push") load(":platforms.bzl", "SERVER_PLATFORMS", "for_platforms") code_generation_test_suite( @@ -69,7 +69,12 @@ DOCKERIZED_BINARIES = { for_server = ["//build/debs:%s-{ARCH}.deb" % binary], only_os = "linux", )), - docker_tags = ["k8s.gcr.io/%s:{{STABLE_DOCKER_TAG}}" % binary], + # Since the multi_arch_container macro replaces the {ARCH} format string, + # we need to escape the stamping vars. + # Also see comment above about why the push tags use ARCH while the + # non-push tags do not. + docker_push_tags = ["{{STABLE_DOCKER_PUSH_REGISTRY}}/%s-{ARCH}:{{STABLE_DOCKER_TAG}}" % binary], + docker_tags = ["{{STABLE_DOCKER_REGISTRY}}/%s:{{STABLE_DOCKER_TAG}}" % binary], stamp = True, symlinks = { # Some cluster startup scripts expect to find the binaries in /usr/local/bin, @@ -80,6 +85,17 @@ DOCKERIZED_BINARIES = { visibility = ["//visibility:private"], ) for binary, meta in DOCKERIZED_BINARIES.items()] +# Also roll up all images into a single bundle to push with one target. +multi_arch_container_push( + name = "server-images", + architectures = SERVER_PLATFORMS["linux"], + docker_tags_images = { + "{{STABLE_DOCKER_PUSH_REGISTRY}}/%s-{ARCH}:{{STABLE_DOCKER_TAG}}" % binary: "%s-internal" % binary + for binary in DOCKERIZED_BINARIES.keys() + }, + tags = ["manual"], +) + [genrule( name = binary + "_docker_tag", srcs = [meta["target"]], diff --git a/build/container.bzl b/build/container.bzl index a11e14ffb1..445f1ee9c6 100644 --- a/build/container.bzl +++ b/build/container.bzl @@ -13,12 +13,16 @@ # limitations under the License. load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image") +load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push") load("//build:platforms.bzl", "go_platform_constraint") # multi_arch_container produces a private internal container_image, multiple # arch-specific tagged container_bundles (named NAME-ARCH) and aliases # from NAME and NAME.tar to the appropriately NAME-ARCH container_bundle target # for the currently-configured architecture. +# Additionally, if docker_push_tags is provided, uses multi_arch_container_push +# to create container_bundles named push-NAME-ARCH with the provided push tags, +# along with a push-NAME docker_push target. # Args: # name: name used for the alias; the internal container_image and # container_bundles are based on this name @@ -29,7 +33,10 @@ load("//build:platforms.bzl", "go_platform_constraint") # docker_tags: list of docker tags to apply to the image. The format string # {ARCH} will be replaced with the configured GOARCH; any stamping variables # should be escaped, e.g. {{STABLE_MY_VAR}}. -# tags: will be applied to all rules +# docker_push_tags: list of docker tags to apply to the image for pushing. +# The format string {ARCH} will be replaced with the configured GOARCH; +# any stamping variables should be escaped, e.g. {{STABLE_MY_VAR}}. +# tags: will be applied to all targets # visiblity: will be applied only to the container_bundles; the internal # container_image is private # All other args will be applied to the internal container_image. @@ -38,6 +45,7 @@ def multi_arch_container( architectures, base, docker_tags, + docker_push_tags = None, tags = None, visibility = None, **kwargs): @@ -70,3 +78,45 @@ def multi_arch_container( for arch in architectures }), ) + + if docker_push_tags: + multi_arch_container_push( + name = name, + architectures = architectures, + docker_tags_images = {docker_push_tag: ":%s-internal" % name for docker_push_tag in docker_push_tags}, + tags = tags, + ) + +# multi_arch_container_push creates container_bundles named push-NAME-ARCH for +# the provided architectures, populating them with the images directory. +# It additionally creates a push-NAME docker_push rule which can be run to +# push the images to a Docker repository. +# Args: +# name: name used for targets created by this macro; the internal +# container_bundles are based on this name +# architectures: list of architectures (in GOARCH naming parlance) to +# configure +# docker_tags_images: dictionary mapping docker tag to the corresponding +# container_image target. The format string {ARCH} will be replaced +# in tags with the configured GOARCH; any stamping variables should be +# escaped, e.g. {{STABLE_MY_VAR}}. +# tags: applied to container_bundle targets +def multi_arch_container_push( + name, + architectures, + docker_tags_images, + tags = None): + for arch in architectures: + container_bundle( + name = "push-%s-%s" % (name, arch), + images = {tag.format(ARCH = arch): image for tag, image in docker_tags_images.items()}, + tags = tags, + visibility = ["//visibility:private"], + ) + docker_push( + name = "push-%s" % name, + bundle = select({ + go_platform_constraint(os = "linux", arch = arch): "push-%s-%s" % (name, arch) + for arch in architectures + }), + ) diff --git a/build/root/BUILD.root b/build/root/BUILD.root index 057769f684..3469dfab6d 100644 --- a/build/root/BUILD.root +++ b/build/root/BUILD.root @@ -32,8 +32,10 @@ filegroup( visibility = ["//visibility:private"], ) -# TODO: also add container_push rules, -# and don't forget about the conformance and hyperkube images +# TODO: collect all relevant docker_push targets into one target that can be run: +# //build:push-server-images +# //cluster/images/conformance:push-conformance +# //cluster/images/hyperkube:push-hyperkube gcs_upload( name = "push-build", data = [ diff --git a/cluster/images/conformance/BUILD b/cluster/images/conformance/BUILD index 3f4fa46342..14fd8f9859 100644 --- a/cluster/images/conformance/BUILD +++ b/cluster/images/conformance/BUILD @@ -28,9 +28,10 @@ multi_arch_container( "-c", "/run_e2e.sh", ], - # {ARCH} is replaced by the macro, but STABLE_DOCKER_TAG is replaced by the - # build stamping, so we need to escape it - docker_tags = ["k8s.gcr.io/conformance-{ARCH}:{{STABLE_DOCKER_TAG}}"], + # {ARCH} is replaced by the macro, but STABLE_ vars are replaced by the + # build stamping, so we need to escape them + docker_push_tags = ["{{STABLE_DOCKER_PUSH_REGISTRY}}/conformance-{ARCH}:{{STABLE_DOCKER_TAG}}"], + docker_tags = ["{{STABLE_DOCKER_REGISTRY}}/conformance-{ARCH}:{{STABLE_DOCKER_TAG}}"], env = { "E2E_FOCUS": "\[Conformance\]", "E2E_SKIP": "", diff --git a/cluster/images/hyperkube/BUILD b/cluster/images/hyperkube/BUILD index f0e376edb0..cc2653bf9d 100644 --- a/cluster/images/hyperkube/BUILD +++ b/cluster/images/hyperkube/BUILD @@ -5,9 +5,10 @@ multi_arch_container( name = "hyperkube", architectures = SERVER_PLATFORMS["linux"], base = "@debian-hyperkube-base-{ARCH}//image", - # {ARCH} is replaced by the macro, but STABLE_DOCKER_TAG is replaced by the - # build stamping, so we need to escape it - docker_tags = ["k8s.gcr.io/hyperkube-{ARCH}:{{STABLE_DOCKER_TAG}}"], + # {ARCH} is replaced by the macro, but STABLE_ vars are replaced by the + # build stamping, so we need to escape them + docker_push_tags = ["{{STABLE_DOCKER_PUSH_REGISTRY}}/hyperkube-{ARCH}:{{STABLE_DOCKER_TAG}}"], + docker_tags = ["{{STABLE_DOCKER_REGISTRY}}/hyperkube-{ARCH}:{{STABLE_DOCKER_TAG}}"], files = [ "//cmd/hyperkube", ], diff --git a/hack/print-workspace-status.sh b/hack/print-workspace-status.sh index 1d334f88a1..fb1d8a5bb9 100755 --- a/hack/print-workspace-status.sh +++ b/hack/print-workspace-status.sh @@ -38,6 +38,8 @@ STABLE_BUILD_SCM_REVISION ${KUBE_GIT_VERSION-} STABLE_BUILD_MAJOR_VERSION ${KUBE_GIT_MAJOR-} STABLE_BUILD_MINOR_VERSION ${KUBE_GIT_MINOR-} STABLE_DOCKER_TAG ${KUBE_GIT_VERSION/+/_} +STABLE_DOCKER_REGISTRY ${KUBE_DOCKER_REGISTRY:-k8s.gcr.io} +STABLE_DOCKER_PUSH_REGISTRY ${KUBE_DOCKER_PUSH_REGISTRY:-${KUBE_DOCKER_REGISTRY:-staging-k8s.gcr.io}} gitCommit ${KUBE_GIT_COMMIT-} gitTreeState ${KUBE_GIT_TREE_STATE-} gitVersion ${KUBE_GIT_VERSION-}