Comments (7)
@andig I created https://github.com/ldez/seihon, then if you want to test it 😉
from traefik-certs-dumper.
Hello, the 2 arch are available as binaries: https://github.com/ldez/traefik-certs-dumper/releases/tag/v2.2.0
Multi-arch images on the Docker Hub is a little bit complex to create.
To build the image you have to get the code inside in the same directory.
from traefik-certs-dumper.
yes I am using binaries for now
To build the image you have to get the code inside in the same directory
oh yes, apologies, will try again with clone
from traefik-certs-dumper.
As discussed on slack with @ldez I've whipped up a strawman for building multiarch images and bundling inside a manifest. It basically builds and pushes images for all platforms and in a second step bundles and publishes a manifest.
I've tested this on OSX but- since the runtime image is only COPYied
into and does not use RUN
- this build process should work on any platform without need to qemu
cross-build support. Thanks to golang's cross-compiling capability the builder image does not need to be platform specific.
Currently the script uses jq
as external dependency which could be replaced by docker run realguess/jq jq
. Docker is available as travis service
, too.
build-docker.sh
#!/bin/bash
set -e
# base docker image tag
TAG="andig/traefik-certs-dumper"
# only linux for now
OS=linux
# target platforms
declare -a PLATFORMS=( "amd64" "arm64" "arm.v6" )
# images from Dockerfile
RUNTIME_IMAGE=$(grep "FROM alpine" < Dockerfile | sed "s/FROM //")
# platform-specific docker file
DOCKER_TEMP=/tmp/Dockerfile.temp
# cache the docker manifest
function manifest () {
local IMAGE=$1
local MANIFEST_FILE=/tmp/manifest.$IMAGE.json
if [ ! -f "$MANIFEST_FILE" ]; then
docker pull "$IMAGE"
docker manifest inspect "$IMAGE" > "$MANIFEST_FILE"
fi
}
# get platform image hash from docker manifest
function hash () {
local IMAGE=$1
local MANIFEST_FILE=/tmp/manifest.$IMAGE.json
local ARCHITECTURE="$2"
local VARIANT="$3"
local HASH
if [ -z "$VARIANT" ]; then
HASH=$(jq -r ".manifests[] | select(.platform.architecture == \"$ARCHITECTURE\") | .digest" < "$MANIFEST_FILE")
else
HASH=$(jq -r ".manifests[] | select(.platform.architecture == \"$ARCHITECTURE\" and .platform.variant == \"$VARIANT\") | .digest" < "$MANIFEST_FILE")
fi
echo "$HASH"
}
# get manifests
manifest "$RUNTIME_IMAGE"
# main
for platform in "${PLATFORMS[@]}"; do
# split architecture.version
IFS='.' read -ra p <<< "$platform"
# add xargs to trim whitespace
RUNTIME_HASH=$(hash "$RUNTIME_IMAGE" "${p[0]}" "${p[1]}")
# target architecture
GOARCH=${p[0]}
# create temp Dockerfile for target architecture and build
sed "s/RUN make/RUN GOARCH=$GOARCH make/" Dockerfile | sed "s/$RUNTIME_IMAGE/$RUNTIME_IMAGE@$RUNTIME_HASH/" > "$DOCKER_TEMP"
docker build -t "$TAG:latest-$platform" -f $DOCKER_TEMP .
rm "$DOCKER_TEMP"
done
# push images
for platform in "${PLATFORMS[@]}"; do
docker push "$TAG:latest-$platform"
done
# create manifest
TAG_LIST=$(printf "$TAG:latest-%s " "${PLATFORMS[@]}")
# shellcheck disable=SC2086
docker manifest create --amend "$TAG:latest" $TAG_LIST
for platform in "${PLATFORMS[@]}"; do
# split architecture.version
IFS='.' read -ra p <<< "$platform"
ARCHITECTURE=${p[0]}
VARIANT=${p[1]}
# docker and go architectures don't match
if [ "arm" == "$ARCHITECTURE" ] && [ ! -z "$VARIANT" ]; then
VARIANT=$ARCHITECTURE$VARIANT
fi
if [ -z "$VARIANT" ]; then
docker manifest annotate "$TAG:latest" "$TAG:latest-$platform" --os "$OS" --arch "$ARCHITECTURE"
else
docker manifest annotate "$TAG:latest" "$TAG:latest-$platform" --os "$OS" --arch "$ARCHITECTURE" --variant "$VARIANT"
fi
done
docker manifest push "$TAG:latest"
The result is available as andig/traefik-certs-dumper:latest
for demo purposes. This is intentionally not a PR as I didn't know how to integrate it with the goreleaser
.
I imagine one would run build-docker.sh
inside travis after_sucess
like this:
.travis.yml
env:
global:
- PATH=/home/travis/gopath/bin:$PATH
# docker credentials
- secure: "MMDlT1..."
- secure: "aFjBMVNpdv..."
- COMMIT=${TRAVIS_COMMIT::8}
after_success:
- docker login -u $DOCKER_USER -p $DOCKER_PASS
- export REPO=andig/gravo
- docker pull $REPO:latest
- |
if [ "$TRAVIS_BRANCH" == "master" ]; then
./build-docker.sh
fi
docker credentials are added to travis using the travis cli or through travis ui.
from traefik-certs-dumper.
@ldez I've simplified the build script some and added a PR for reference.
Getting rid of the sed
magic required adding docker ARG
s which is why I've added the Dockerfile
in addition to the build script. Also added arm architecture variants to the build
Hopefully you'll find it useful.
from traefik-certs-dumper.
The version v2.3.4 now support multi-arch Docker image:
- arm v6
- arm v7
- arm v8 (arm64)
- 386
- amd64
from traefik-certs-dumper.
I love the go-based publisher. Do you think there would be additional value in publishing that as its own repo or even multi-arch docker image? Something like go-multiarch-publisher? Would be happy to test drive a separate component.
from traefik-certs-dumper.
Related Issues (20)
- Dependabot wasn't able to update github.com/containous/traefik/v2
- filename of wildcard certificates with single quotes with docker HOT 8
- Dependabot can't parse your go.mod
- csr? HOT 1
- Nothing happens when I run this via docker-compose
- After dump of certificates is there anyway to have script change either owner (chown) and/or mode (chmod)? HOT 4
- Example fails, when you have more than one certresolver configured HOT 4
- Change clean behaviour HOT 4
- Add support for other certificate file standards HOT 10
- output folders empty
- Empty directories after running file command HOT 1
- acme.json unexpected EOF HOT 4
- Exporting sans wildcard cert into a file name, replacing star (*). HOT 3
- Docker issue with certain flags HOT 24
- Crypto Go :we are a research group to help developers build secure applications.
- make domain name as crt-name and key-name HOT 5
- I'm having difficulty converting the entrypoint compose for docker run ( GUI of unraid) HOT 7
- Add jq during build of the docker image
- Unknown Operand HOT 1
- Possible to export a subdomain from a wildcard domain? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-certs-dumper.