Remove multi target build

Dockerfile

@@ -1,31 +1,14 @@
 FROM registry.ci.openshift.org/openshift/release:golang-1.20 AS build
 
-ENV GOFLAGS="-mod=mod"
-
 RUN mkdir /rds_ca
 ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /rds_ca/aws-rds-ca-global-bundle.pem
 
 RUN mkdir /src
 WORKDIR /src
-RUN CGO_ENABLED=0 go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest
-COPY go.*  ./
-RUN go mod download
 COPY . ./
 
-FROM build as build-debug
-RUN GOARGS="-gcflags 'all=-N -l'" make binary
-
-FROM build as build-standard
 RUN make binary
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as debug
-COPY --from=build-debug /go/bin/dlv /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
-COPY --from=build-debug /src /src
-COPY --from=build /rds_ca /usr/local/share/ca-certificates
-EXPOSE 8000
-WORKDIR /
-ENTRYPOINT [ "/usr/local/bin/dlv" , "--listen=:40000", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/usr/local/bin/fleet-manager", "serve"]
-
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as standard
 
 RUN microdnf install shadow-utils
@@ -34,8 +17,9 @@ RUN useradd -u 1001 unprivilegeduser
 # Switch to non-root user
 USER unprivilegeduser
 
-COPY --chown=unprivilegeduser --from=build-standard /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
+COPY --chown=unprivilegeduser --from=build /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
 COPY --chown=unprivilegeduser --from=build /rds_ca /usr/local/share/ca-certificates
+
 EXPOSE 8000
 WORKDIR /
 ENTRYPOINT ["/usr/local/bin/fleet-manager", "serve"]

Dockerfile.hybrid → Dockerfile.local

@@ -1,12 +1,26 @@
+# This dockerfile is used for local builds to support architectures like arm64.
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
 
+RUN microdnf install shadow-utils
+
+RUN useradd -u 1001 unprivilegeduser
+# Switch to non-root user
+
+RUN mkdir /rds_ca
 ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/aws-rds-ca-global-bundle.pem
 
 COPY \
     fleet-manager \
     fleetshard-sync \
     /usr/local/bin/
 
+RUN chown unprivilegeduser /usr/local/bin/fleet-manager
+RUN chown unprivilegeduser /usr/local/bin/fleetshard-sync
+RUN chown unprivilegeduser /rds_ca
+RUN chown unprivilegeduser /usr/local/share/ca-certificates
+
+USER unprivilegeduser
+
 EXPOSE 8000
 
 ENTRYPOINT ["/usr/local/bin/fleet-manager", "serve"]

Makefile

@@ -31,15 +31,9 @@ GINKGO_FLAGS ?= -v
 # cluster will not pull the new image from the internal registry:
 version:=$(shell date +%s)
 
-ifeq ($(DEBUG_IMAGE),true)
-IMAGE_NAME = fleet-manager-dbg
-PROBE_IMAGE_NAME = probe-dbg
-IMAGE_TARGET = debug
-else
 IMAGE_NAME = fleet-manager
 PROBE_IMAGE_NAME = probe
 IMAGE_TARGET = standard
-endif
 
 SHORT_IMAGE_REF = "$(IMAGE_NAME):$(image_tag)"
 PROBE_SHORT_IMAGE_REF = "$(PROBE_IMAGE_NAME):$(image_tag)"
@@ -210,8 +204,8 @@ help:
 	@echo "make generate                    generate go and openapi modules"
 	@echo "make openapi/generate            generate openapi modules"
 	@echo "make openapi/validate            validate openapi schema"
-	@echo "make image/build                 build image (hybrid fast build, respecting IGNORE_REPOSITORY_DIRTINESS)"
-	@echo "make image/build/multi-target    build image (containerized, respecting DEBUG_IMAGE and IGNORE_REPOSITORY_DIRTINESS) for local deployment"
+	@echo "make image/build                 build fleet-manager and fleetshard-sync container image"
+	@echo "make image/build/local           build fleet-manager and fleetshard-sync binaries locally, this image supports arm64"
 	@echo "make image/push                  push image"
 	@echo "make setup/git/hooks             setup git hooks"
 	@echo "make secrets/touch               touch all required secret files"
@@ -511,37 +505,29 @@ docker/login/internal:
 	$(DOCKER) login -u kubeadmin --password-stdin <<< $(shell oc whoami -t) $(shell oc get route default-route -n openshift-image-registry -o jsonpath="{.spec.host}")
 .PHONY: docker/login/internal
 
-# Build the image in a hybrid fashion, i.e. building binaries directly on the host leveraging
-# Go's cross-compilation capabilities and then copying these binaries into a new Docker image.
-image/build: GOOS=linux
-image/build: IMAGE_REF ?= "$(external_image_registry)/$(image_repository):$(image_tag)"
-image/build: fleet-manager fleetshard-sync
-	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) build -t $(IMAGE_REF) -f Dockerfile.hybrid .
-	$(DOCKER) tag $(IMAGE_REF) $(SHORT_IMAGE_REF)
-ifeq ("$(CLUSTER_TYPE)","kind")
-	kind load docker-image $(SHORT_IMAGE_REF)
-endif
-.PHONY: image/build
-
 # Build the image using by specifying a specific image target within the Dockerfile.
-image/build/multi-target: image/build/multi-target/fleet-manager image/build/multi-target/probe
-.PHONY: image/build/multi-target
-
-image/build/multi-target/fleet-manager: GOOS=linux
-image/build/multi-target/fleet-manager: IMAGE_REF="$(external_image_registry)/$(image_repository):$(image_tag)"
-image/build/multi-target/fleet-manager:
-	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) build --target $(IMAGE_TARGET) -t $(IMAGE_REF) .
+image/build: GOOS=linux
+image/build: DOCKERFILE="Dockerfile"
+image/build: IMAGE_REF="$(external_image_registry)/$(image_repository):$(image_tag)"
+image/build:
+	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) build -t $(IMAGE_REF) -f $(DOCKERFILE) .
 	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) tag $(IMAGE_REF) $(SHORT_IMAGE_REF)
 	@echo "New image tag: $(SHORT_IMAGE_REF). You might want to"
 	@echo "export FLEET_MANAGER_IMAGE=$(SHORT_IMAGE_REF)"
-.PHONY: image/build/multi-target/fleet-manager
+.PHONY: image/build
 
-image/build/multi-target/probe: GOOS=linux
-image/build/multi-target/probe: IMAGE_REF="$(external_image_registry)/$(probe_image_repository):$(image_tag)"
-image/build/multi-target/probe:
-	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) build --target $(IMAGE_TARGET) -t $(IMAGE_REF) -f probe/Dockerfile .
+# Builds the binaries locally and copies them into the image. This build is compatible with arm64.
+image/build/local: DOCKERFILE="Dockerfile.local"
+image/build/local:
+	GOARCH=$(GOARCH) GOOS=$(GOOS) $(MAKE) binary
+	$(MAKE) image/build DOCKERFILE=$(DOCKERFILE)
+
+image/build/probe: GOOS=linux
+image/build/probe: IMAGE_REF="$(external_image_registry)/$(probe_image_repository):$(image_tag)"
+image/build/probe:
+	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) build -t $(IMAGE_REF) -f probe/Dockerfile .
 	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) tag $(IMAGE_REF) $(PROBE_SHORT_IMAGE_REF)
-.PHONY: image/build/multi-target/probe
+.PHONY: image/build/probe
 
 image/build/fleet-manager-tools: GOOS=linux
 image/build/fleet-manager-tools: IMAGE_REF="$(external_image_registry)/rhacs-eng/fleet-manager-tools:$(image_tag)"
@@ -557,29 +543,20 @@ image/push/fleet-manager-tools: image/build/fleet-manager-tools
 	@echo "Image fleet-manager tools was pushed as $(IMAGE_REF)."
 .PHONY: image/push/fleet-manager-tools
 
-# build binary and image and tag image for local deployment
-image/build/local: GOOS=linux
-image/build/local: IMAGE_REF="$(external_image_registry)/$(image_repository):$(image_tag)"
-image/build/local: image/build
-	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) tag $(IMAGE_REF) $(SHORT_IMAGE_REF)
-	@echo "New image tag: $(SHORT_IMAGE_REF). You might want to"
-	@echo "export FLEET_MANAGER_IMAGE=$(SHORT_IMAGE_REF)"
-.PHONY: image/build/local
-
 # Build and push the image
 image/push: image/push/fleet-manager image/push/probe
 .PHONY: image/push
 
 image/push/fleet-manager: IMAGE_REF="$(external_image_registry)/$(image_repository):$(image_tag)"
-image/push/fleet-manager: image/build/multi-target/fleet-manager
+image/push/fleet-manager: image/build
 	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) push $(IMAGE_REF)
 	@echo
 	@echo "Image was pushed as $(IMAGE_REF). You might want to"
 	@echo "export FLEET_MANAGER_IMAGE=$(IMAGE_REF)"
 .PHONY: image/push/fleet-manager
 
 image/push/probe: IMAGE_REF="$(external_image_registry)/$(probe_image_repository):$(image_tag)"
-image/push/probe: image/build/multi-target/probe
+image/push/probe: image/build/probe
 	DOCKER_CONFIG=${DOCKER_CONFIG} $(DOCKER) push $(IMAGE_REF)
 	@echo
 	@echo "Image was pushed as $(IMAGE_REF)."
@@ -592,23 +569,8 @@ image/push/internal: docker/login/internal
 	$(DOCKER) push "$(shell oc get route default-route -n openshift-image-registry -o jsonpath="{.spec.host}")/$(probe_image_repository):$(IMAGE_TAG)"
 .PHONY: image/push/internal
 
-# build and push the image to an OpenShift cluster's internal registry
-# namespace used in the image repository must exist on the cluster before running this command. Run `make deploy/project` to create the namespace if not available.
-image/build/push/internal: image/push/internal
-.PHONY: image/build/push/internal
-
-# Build the binary and test image
-image/build/test: binary
-	$(DOCKER) build -t "$(test_image)" -f Dockerfile.integration.test .
-.PHONY: image/build/test
-
-# Run the test container
-test/run: image/build/test
-	$(DOCKER) run -u $(shell id -u) --net=host -p 9876:9876 -i "$(test_image)"
-.PHONY: test/run
-
 # Run the probe based e2e test in container
-test/e2e/probe/run: image/build/multi-target/probe
+test/e2e/probe/run: image/build/probe
 test/e2e/probe/run: IMAGE_REF="$(external_image_registry)/$(probe_image_repository):$(image_tag)"
 test/e2e/probe/run:
 	$(DOCKER) run \
@@ -901,10 +863,12 @@ deploy/bootstrap:
 # Deploy local images fast for development
 deploy/dev-fast: image/build deploy/dev-fast/fleet-manager deploy/dev-fast/fleetshard-sync
 
+deploy/dev-fast/fleet-manager: GOOS=linux
 deploy/dev-fast/fleet-manager: image/build
 	kubectl -n $(ACSMS_NAMESPACE) set image deploy/fleet-manager fleet-manager=$(SHORT_IMAGE_REF) db-migrate=$(SHORT_IMAGE_REF)
 	kubectl -n $(ACSMS_NAMESPACE) delete pod -l application=fleet-manager
 
+deploy/dev-fast/fleetshard-sync: GOOS=linux
 deploy/dev-fast/fleetshard-sync: image/build
 	kubectl -n $(ACSMS_NAMESPACE) set image deploy/fleetshard-sync fleetshard-sync=$(SHORT_IMAGE_REF)
 	kubectl -n $(ACSMS_NAMESPACE) delete pod -l application=fleetshard-sync

dev/env/defaults/00-defaults.env

@@ -22,7 +22,6 @@ export ENABLE_FM_PORT_FORWARDING_DEFAULT="false"
 export OPENSHIFT_MARKETPLACE_DEFAULT="false"
 export INSTALL_OPERATOR_DEFAULT="true"
 export INSTALL_OPENSHIFT_ROUTER_DEFAULT="true"
-export DEBUG_PODS_DEFAULT="false"
 
 export DATABASE_HOST_DEFAULT="db"
 export DATABASE_PORT_DEFAULT="5432"

dev/env/scripts/docker.sh

@@ -56,21 +56,8 @@ ensure_fleet_manager_image_exists() {
             if [[ "$image_available" != "true" || "$FLEET_MANAGER_IMAGE" =~ dirty$ ]]; then
                 # Attempt to build this image.
                 if [[ "$FLEET_MANAGER_IMAGE" == "$(make -s -C "${GITROOT}" full-image-tag)" ]]; then
-                    # Looks like we can build this tag from the current state of the repository.
-                    if [[ "$DEBUG_PODS" == "true" ]]; then
-                        log "Building image with debugging support..."
-                        make -C "${GITROOT}" image/build/multi-target
-                    else
-                        # We *could* also use image/build/multi-target, because that
-                        # target also supports building of standard (i.e. non-debug) images.
-                        # But until there is a reliable and portable caching mechanism for dockerized
-                        # Go projects, this would be regression in terms of build performance.
-                        # Hence we don't use the image/build/multi-target target here, but the
-                        # older `image/build/local` target, which uses a hybrid building
-                        # approach and is much faster.
                         log "Building standard image..."
                         make -C "${GITROOT}" image/build/local
-                    fi
                 else
                     die "Cannot find image '${FLEET_MANAGER_IMAGE}' and don't know how to build it"
                 fi

dev/env/scripts/lib.sh

@@ -137,18 +137,12 @@ init() {
     export CENTRAL_DOMAIN_NAME=${CENTRAL_DOMAIN_NAME:-$CENTRAL_DOMAIN_NAME_DEFAULT}
     export FLEET_MANAGER_IMAGE=${FLEET_MANAGER_IMAGE:-$FLEET_MANAGER_IMAGE_DEFAULT}
     export IGNORE_REPOSITORY_DIRTINESS=${IGNORE_REPOSITORY_DIRTINESS:-$IGNORE_REPOSITORY_DIRTINESS_DEFAULT}
-    export DEBUG_PODS=${DEBUG_PODS:-$DEBUG_PODS_DEFAULT}
     export RHACS_TARGETED_OPERATOR_UPGRADES=${RHACS_TARGETED_OPERATOR_UPGRADES:-$RHACS_TARGETED_OPERATOR_UPGRADES_DEFAULT}
     export RHACS_STANDALONE_MODE=${RHACS_STANDALONE_MODE:-$RHACS_STANDALONE_MODE_DEFAULT}
 
     local fleet_manager_command="/usr/local/bin/fleet-manager serve --force-leader --api-server-bindaddress=0.0.0.0:8000 --health-check-server-bindaddress=0.0.0.0:8083 --kubeconfig=/secrets/kubeconfig --enable-central-external-certificate=$ENABLE_CENTRAL_EXTERNAL_CERTIFICATE --central-domain-name='$CENTRAL_DOMAIN_NAME'"
     FLEET_MANAGER_CONTAINER_COMMAND_DEFAULT="${fleet_manager_command} || { sleep 120; false; }"
     FLEETSHARD_SYNC_CONTAINER_COMMAND_DEFAULT="/usr/local/bin/fleetshard-sync"
-    if [[ "$DEBUG_PODS" == "true" ]]; then
-        FLEET_MANAGER_CONTAINER_COMMAND_DEFAULT="/usr/local/bin/dlv --listen=:40000 --headless=true --api-version=2 --continue --accept-multiclient exec -- ${fleet_manager_command}"
-        FLEETSHARD_SYNC_CONTAINER_COMMAND_DEFAULT="/usr/local/bin/dlv --listen=:40000 --headless=true --api-version=2 --continue --accept-multiclient exec /usr/local/bin/fleetshard-sync"
-        export DEBUG_IMAGE="true" # Propagate to the Makefile
-    fi
     export FLEET_MANAGER_CONTAINER_COMMAND=${FLEET_MANAGER_CONTAINER_COMMAND:-$FLEET_MANAGER_CONTAINER_COMMAND_DEFAULT}
     export FLEETSHARD_SYNC_CONTAINER_COMMAND=${FLEETSHARD_SYNC_CONTAINER_COMMAND:-$FLEETSHARD_SYNC_CONTAINER_COMMAND_DEFAULT}
 

dev/env/scripts/up.sh

@@ -41,7 +41,6 @@ Inheriting ImagePullSecrets for Quay.io: ${INHERIT_IMAGEPULLSECRETS}
 Installing RHACS Operator: ${INSTALL_OPERATOR}
 Enable External Config: ${ENABLE_EXTERNAL_CONFIG}
 AWS Auth Helper: ${AWS_AUTH_HELPER:-none}
-Debugging Mode: ${DEBUG_PODS}
 
 EOF
 

probe/Dockerfile

@@ -9,19 +9,8 @@ COPY go.*  ./
 RUN go mod download
 COPY . ./
 
-FROM build as build-debug
-RUN GOARGS="-gcflags 'all=-N -l'" make probe
-
-FROM build as build-standard
 RUN make probe
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as debug
-COPY --from=build-debug /go/bin/dlv /src/probe/bin /stackrox/
-COPY --from=build-debug /src /src
-EXPOSE 7070
-ENTRYPOINT [ "/stackrox/dlv" , "--listen=:40000", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/stackrox/probe"]
-CMD ["start"]
-
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as standard
 
 RUN microdnf install shadow-utils
@@ -30,7 +19,7 @@ RUN useradd -u 1001 unprivilegeduser
 # Switch to non-root user
 USER unprivilegeduser
 
-COPY --from=build-standard /src/probe/bin /stackrox/
+COPY --from=build /src/probe/bin /stackrox/
 EXPOSE 7070
 ENTRYPOINT ["/stackrox/probe"]
 CMD ["start"]