Comments (7)
ldez
commented on May 21, 2024
1
@andig I created https://github.com/ldez/seihon, then if you want to test it 😉
from traefik-certs-dumper.
ldez
commented on May 21, 2024
Hello, the 2 arch are available as binaries: https://github.com/ldez/traefik-certs-dumper/releases/tag/v2.2.0
Multi-arch images on the Docker Hub is a little bit complex to create.
To build the image you have to get the code inside in the same directory.
from traefik-certs-dumper.
kamilmirza
commented on May 21, 2024
yes I am using binaries for now
To build the image you have to get the code inside in the same directory
oh yes, apologies, will try again with clone
from traefik-certs-dumper.
andig
commented on May 21, 2024
As discussed on slack with @ldez I've whipped up a strawman for building multiarch images and bundling inside a manifest. It basically builds and pushes images for all platforms and in a second step bundles and publishes a manifest.
I've tested this on OSX but- since the runtime image is only COPYied into and does not use RUN- this build process should work on any platform without need to qemu cross-build support. Thanks to golang's cross-compiling capability the builder image does not need to be platform specific.
Currently the script uses jq as external dependency which could be replaced by docker run realguess/jq jq. Docker is available as travis service, too.
build-docker.sh
#!/bin/bash
set -e
# base docker image tag
TAG="andig/traefik-certs-dumper"
# only linux for now
OS=linux
# target platforms
declare -a PLATFORMS=( "amd64" "arm64" "arm.v6" )
# images from Dockerfile
RUNTIME_IMAGE=$(grep "FROM alpine" < Dockerfile | sed "s/FROM //")
# platform-specific docker file
DOCKER_TEMP=/tmp/Dockerfile.temp
# cache the docker manifest
function manifest () {
local IMAGE=$1
local MANIFEST_FILE=/tmp/manifest.$IMAGE.json
if [ ! -f "$MANIFEST_FILE" ]; then
docker pull "$IMAGE"
docker manifest inspect "$IMAGE" > "$MANIFEST_FILE"
fi
}
# get platform image hash from docker manifest
function hash () {
local IMAGE=$1
local MANIFEST_FILE=/tmp/manifest.$IMAGE.json
local ARCHITECTURE="$2"
local VARIANT="$3"
local HASH
if [ -z "$VARIANT" ]; then
HASH=$(jq -r ".manifests[] | select(.platform.architecture == \"$ARCHITECTURE\") | .digest" < "$MANIFEST_FILE")
else
HASH=$(jq -r ".manifests[] | select(.platform.architecture == \"$ARCHITECTURE\" and .platform.variant == \"$VARIANT\") | .digest" < "$MANIFEST_FILE")
fi
echo "$HASH"
}
# get manifests
manifest "$RUNTIME_IMAGE"
# main
for platform in "${PLATFORMS[@]}"; do
# split architecture.version
IFS='.' read -ra p <<< "$platform"
# add xargs to trim whitespace
RUNTIME_HASH=$(hash "$RUNTIME_IMAGE" "${p[0]}" "${p[1]}")
# target architecture
GOARCH=${p[0]}
# create temp Dockerfile for target architecture and build
sed "s/RUN make/RUN GOARCH=$GOARCH make/" Dockerfile | sed "s/$RUNTIME_IMAGE/$RUNTIME_IMAGE@$RUNTIME_HASH/" > "$DOCKER_TEMP"
docker build -t "$TAG:latest-$platform" -f $DOCKER_TEMP .
rm "$DOCKER_TEMP"
done
# push images
for platform in "${PLATFORMS[@]}"; do
docker push "$TAG:latest-$platform"
done
# create manifest
TAG_LIST=$(printf "$TAG:latest-%s " "${PLATFORMS[@]}")
# shellcheck disable=SC2086
docker manifest create --amend "$TAG:latest" $TAG_LIST
for platform in "${PLATFORMS[@]}"; do
# split architecture.version
IFS='.' read -ra p <<< "$platform"
ARCHITECTURE=${p[0]}
VARIANT=${p[1]}
# docker and go architectures don't match
if [ "arm" == "$ARCHITECTURE" ] && [ ! -z "$VARIANT" ]; then
VARIANT=$ARCHITECTURE$VARIANT
fi
if [ -z "$VARIANT" ]; then
docker manifest annotate "$TAG:latest" "$TAG:latest-$platform" --os "$OS" --arch "$ARCHITECTURE"
else
docker manifest annotate "$TAG:latest" "$TAG:latest-$platform" --os "$OS" --arch "$ARCHITECTURE" --variant "$VARIANT"
fi
done
docker manifest push "$TAG:latest"The result is available as andig/traefik-certs-dumper:latest for demo purposes. This is intentionally not a PR as I didn't know how to integrate it with the goreleaser.
I imagine one would run build-docker.sh inside travis after_sucess like this:
.travis.yml
env:
global:
- PATH=/home/travis/gopath/bin:$PATH
# docker credentials
- secure: "MMDlT1..."
- secure: "aFjBMVNpdv..."
- COMMIT=${TRAVIS_COMMIT::8}
after_success:
- docker login -u $DOCKER_USER -p $DOCKER_PASS
- export REPO=andig/gravo
- docker pull $REPO:latest
- |
if [ "$TRAVIS_BRANCH" == "master" ]; then
./build-docker.sh
fi
docker credentials are added to travis using the travis cli or through travis ui.
from traefik-certs-dumper.
andig
commented on May 21, 2024
@ldez I've simplified the build script some and added a PR for reference.
Getting rid of the sed magic required adding docker ARGs which is why I've added the Dockerfile in addition to the build script. Also added arm architecture variants to the build
Hopefully you'll find it useful.
from traefik-certs-dumper.
ldez
commented on May 21, 2024
The version v2.3.4 now support multi-arch Docker image:
- arm v6
- arm v7
- arm v8 (arm64)
- 386
- amd64
from traefik-certs-dumper.
andig
commented on May 21, 2024
I love the go-based publisher. Do you think there would be additional value in publishing that as its own repo or even multi-arch docker image? Something like go-multiarch-publisher? Would be happy to test drive a separate component.
from traefik-certs-dumper.
Related Issues (20)
- Dependabot wasn't able to update github.com/containous/traefik/v2
- filename of wildcard certificates with single quotes with docker HOT 8
- Dependabot can't parse your go.mod
- csr? HOT 1
- Nothing happens when I run this via docker-compose
- After dump of certificates is there anyway to have script change either owner (chown) and/or mode (chmod)? HOT 4
- Example fails, when you have more than one certresolver configured HOT 4
- Change clean behaviour HOT 4
- Add support for other certificate file standards HOT 10
- output folders empty
- Empty directories after running file command HOT 1
- acme.json unexpected EOF HOT 4
- Exporting sans wildcard cert into a file name, replacing star (*). HOT 3
- Docker issue with certain flags HOT 24
- Crypto Go :we are a research group to help developers build secure applications.
- make domain name as crt-name and key-name HOT 5
- I'm having difficulty converting the entrypoint compose for docker run ( GUI of unraid) HOT 7
- Add jq during build of the docker image
- Unknown Operand HOT 1
- Possible to export a subdomain from a wildcard domain? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-certs-dumper.