Images produced by "make -f make/Makefile all-containers" are created with UID=0 #4853
Description
I noticed some discrepancies between the Bazel and make versions of the images and Helm chart this morning:
- Images are built with
UIDset to 0 instead of 1000 - Image names do not match the current scheme (
---bazel,+++make): - The Helm chart is missing the CRD files
Images are built with UID set to 0 instead of 1000
- "User": "1000",
+ "User": "0",Whole diff:
@@ -1,38 +1,47 @@
[
{
"RepoTags": [
- "quay.io/jetstack/cert-manager-controller:v1.7.0-beta.0.100-ad4264b6ecd487"
+ "cert-manager-webhook-amd64:v1.7.0-beta.0-100-gad4264b6e",
+ "cert-manager-webhook-amd64:v1.7.0-beta.0-98-g2f4f8aea5"
],
"RepoDigests": [],
- "Parent": "",
"Comment": "",
- "Created": "2022-02-14T13:10:46Z",
- "Container": "",
+ "Created": "2022-02-14T11:35:48.421042798Z",
+ "Container": "232464eb4ef8d6b162f035daeaaf33d5ecf8b66297bb60d61fbe47a2a257df8c",
"ContainerConfig": {
- "Hostname": "",
+ "Hostname": "232464eb4ef8",
"Domainname": "",
- "User": "",
+ "User": "0",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
- "Env": null,
- "Cmd": null,
- "Image": "",
+ "Env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
+ ],
+ "Cmd": [
+ "/bin/sh",
+ "-c",
+ "#(nop) ",
+ "ENTRYPOINT [\"/app/cmd/webhook/webhook\"]"
+ ],
"Volumes": null,
- "WorkingDir": "",
- "Entrypoint": null,
+ "WorkingDir": "/",
+ "Entrypoint": [
+ "/app/cmd/webhook/webhook"
+ ],
"OnBuild": null,
- "Labels": null
+ "Labels": {}
},
- "DockerVersion": "",
- "Author": "Bazel",
+ "DockerVersion": "20.10.12",
+ "Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
- "User": "1000",
+ "User": "0",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
@@ -44,19 +53,18 @@
"SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
],
"Cmd": null,
- "Image": "",
"Volumes": null,
- "WorkingDir": "/app/cmd/controller/controller.runfiles/com_github_jetstack_cert_manager",
+ "WorkingDir": "/",
"Entrypoint": [
- "/app/cmd/controller/controller"
+ "/app/cmd/webhook/webhook"
],
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
- "Size": 65963042,
- "VirtualSize": 65963042,
+ "Size": 45170049,
+ "VirtualSize": 45170049,
"GraphDriver": {
"Data": {
},To reproduce:
git checkout ad4264b6ecd487
bazel run --ui_event_filters=-info --noshow_progress --stamp=true --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 "//devel/addon/certmanager:bundle"
make -f make/Makefile bin/containers/cert-manager-controller-linux-amd64.tar.gz
docker import bin/containers/cert-manager-controller-linux-amd64.tar.gz
diff -u <(docker inspect quay.io/jetstack/cert-manager-controller:v1.7.0-beta.0.100-ad4264b6ecd487 | grep -vi '\(Time\|sha256\|/var/lib\)' -) <(docker inspect cert-manager-webhook-amd64:v1.7.0-beta.0-100-gad4264b6e | grep -vi '\(Time\|sha256\|/var/lib\)' -) | pbcopyImage names do not match the current scheme (---bazel, +++make):
-quay.io/jetstack/cert-manager-controller:v1.7.0-beta.0.100-ad4264b6ecd487
+cert-manager-webhook-amd64:v1.7.0-beta.0-100-gad4264b6eTo reproduce:
# Before (using bazel)
$ git checkout ad4264b6ecd487
$ bazel run --ui_event_filters=-info --noshow_progress --stamp=true --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 "//devel/addon/certmanager:bundle"
Tagging 07c0d5f7ea418d2f1eb2d228ca7780eb4ee55407c1d809dd4c53f1b93ca0eeee as quay.io/jetstack/cert-manager-controller:v1.7.0-beta.0.100-ad4264b6ecd487
# After (using make)
$ git checkout ad4264b6ecd487
$ make -f make/Makefile bin/containers/cert-manager-controller-linux-amd64.tar.gz
$ tar xfO bin/containers/cert-manager-controller-linux-amd64.tar.gz manifest.json | jq '.[0].RepoTags[0]' -r
cert-manager-controller-amd64:v1.7.0-beta.0.100-ad4264b6ecd487The Helm chart is missing the CRD files
@@ -8,7 +8,6 @@
cert-manager/templates/cainjector-psp.yaml
cert-manager/templates/cainjector-rbac.yaml
cert-manager/templates/cainjector-serviceaccount.yaml
-cert-manager/templates/crds.yaml
cert-manager/templates/deployment.yaml
cert-manager/templates/psp-clusterrole.yaml
cert-manager/templates/psp-clusterrolebinding.yamlReproduce:
git checkout ad4264b6e
make -f make/Makefile bin/cert-manager-$(shell git describe --tags).tgz
make -f make/Makefile bin/containers/cert-manager-controller-linux-amd64.tar.gz
tar tf bin/cert-manager-v1.7.0-beta.0-100-gad4264b6e.tgz
bazel build //deploy/charts/cert-manager --ui_event_filters=-info --noshow_progress
diff -u <(tar tf bazel-bin/deploy/charts/cert-manager/cert-manager.tgz) <(tar tf bin/cert-manager-v1.7.0-beta.0-100-gad4264b6e.tgz)The target crds.yaml does not seem to exist yet:
$ make -f make/Makefile bin/helm/cert-manager/templates/crds.yaml
make: *** No rule to make target 'bin/helm/cert-manager/templates/crds.yaml'. Stop.