config-sync is a gitops controller made by Google as part of Anthos. There's an open source variant available at GoogleContainerTools/kpt-config-sync.
So I tried installing it. First problem: the images are only linux/amd64, but my server is arm64. Well the source is there, I'll build it myself... except the build process hardcodes amd64 and pulls in amd64 prebuilt binaries. Hacking around that isn't too hard, see appendix.
Next up is the issue of images that aren't part of the repo.
Namely gcr.io/config-management-release/git-sync:v3.6.9-gke.1__linux_amd64
and gcr.io/config-management-release/resource-group-controller:v1.0.16.
git-sync turns out to be a repackaged kubernetes/git-sync
which has arm64 images we can pull directly.
I was stuck on resource-group-controller for a few weeks before I realized it was
GoogleContainerTools/kpt-resource-group.
Now just to strip out some unused things like
otel collectors, helm and oci sync, amd gce askpass,
and the thing finally works
(a RootSync can take code and apply it to a cluster).
Further experiments with using it to come later.
build with make build-images
1diff --git a/Makefile.build b/Makefile.build
2index 11e91123..73ad37dd 100644
3--- a/Makefile.build
4+++ b/Makefile.build
5@@ -56,55 +56,69 @@ build-junit-report-cli: pull-buildenv buildenv-dirs
6
7 # Build Config Sync docker images
8 .PHONY: build-images
9-build-images: install-helm install-kustomize
10+build-images:
11 @echo "+++ Building the Reconciler image: $(RECONCILER_TAG)"
12 @docker buildx build $(DOCKER_BUILD_QUIET) \
13+ --platform linux/arm64 \
14 --target $(RECONCILER_IMAGE) \
15 -t $(RECONCILER_TAG) \
16 -f build/all/Dockerfile \
17 --build-arg VERSION=${VERSION} \
18+ --load \
19 .
20 @echo "+++ Building the Reconciler Manager image: $(RECONCILER_MANAGER_TAG)"
21 @docker buildx build $(DOCKER_BUILD_QUIET) \
22+ --platform linux/arm64 \
23 --target $(RECONCILER_MANAGER_IMAGE) \
24 -t $(RECONCILER_MANAGER_TAG) \
25 -f build/all/Dockerfile \
26 --build-arg VERSION=${VERSION} \
27+ --load \
28 .
29 @echo "+++ Building the Admission Webhook image: $(ADMISSION_WEBHOOK_TAG)"
30 @docker buildx build $(DOCKER_BUILD_QUIET) \
31+ --platform linux/arm64 \
32 --target $(ADMISSION_WEBHOOK_IMAGE) \
33 -t $(ADMISSION_WEBHOOK_TAG) \
34 -f build/all/Dockerfile \
35 --build-arg VERSION=${VERSION} \
36+ --load \
37 .
38 @echo "+++ Building the Hydration Controller image: $(HYDRATION_CONTROLLER_TAG)"
39 @docker buildx build $(DOCKER_BUILD_QUIET) \
40+ --platform linux/arm64 \
41 --target $(HYDRATION_CONTROLLER_IMAGE) \
42 -t $(HYDRATION_CONTROLLER_TAG) \
43 -f build/all/Dockerfile \
44 --build-arg VERSION=${VERSION} \
45+ --load \
46 .
47 @echo "+++ Building the Hydration Controller image with shell: $(HYDRATION_CONTROLLER_WITH_SHELL_TAG)"
48 @docker buildx build $(DOCKER_BUILD_QUIET) \
49+ --platform linux/arm64 \
50 --target $(HYDRATION_CONTROLLER_WITH_SHELL_IMAGE) \
51 -t $(HYDRATION_CONTROLLER_WITH_SHELL_TAG) \
52 -f build/all/Dockerfile \
53 --build-arg VERSION=${VERSION} \
54+ --load \
55 .
56 @echo "+++ Building the OCI-sync image: $(OCI_SYNC_TAG)"
57 @docker buildx build $(DOCKER_BUILD_QUIET) \
58+ --platform linux/arm64 \
59 --target $(OCI_SYNC_IMAGE) \
60 -t $(OCI_SYNC_TAG) \
61 -f build/all/Dockerfile \
62 --build-arg VERSION=${VERSION} \
63+ --load \
64 .
65 @echo "+++ Building the Helm-sync image: $(HELM_SYNC_TAG)"
66 @docker buildx build $(DOCKER_BUILD_QUIET) \
67+ --platform linux/arm64 \
68 --target $(HELM_SYNC_IMAGE) \
69 -t $(HELM_SYNC_TAG) \
70 -f build/all/Dockerfile \
71 --build-arg VERSION=${VERSION} \
72+ --load \
73 .
74 @echo "+++ Building the Askpass image: $(ASKPASS_TAG)"
75 @docker buildx build $(DOCKER_BUILD_QUIET) \
76@@ -115,10 +129,12 @@ build-images: install-helm install-kustomize
77 .
78 @echo "+++ Building the Nomos image: $(NOMOS_TAG)"
79 @docker buildx build $(DOCKER_BUILD_QUIET) \
80+ --platform linux/arm64 \
81 --target $(NOMOS_IMAGE) \
82 -t $(NOMOS_TAG) \
83 -f build/all/Dockerfile \
84 --build-arg VERSION=${VERSION} \
85+ --load \
86 .
87
88 # Deprecated alias of build-images. Remove this once unused.
89diff --git a/Makefile.oss.prow b/Makefile.oss.prow
90index 91b19fc2..b39ba7fa 100644
91--- a/Makefile.oss.prow
92+++ b/Makefile.oss.prow
93@@ -124,4 +124,4 @@ set-up-workload-identity-test:
94
95 .PHONY: push-test-helm-charts-to-ar
96 push-test-helm-charts-to-ar: install-helm
97- GCP_PROJECT=$(GCP_PROJECT) ./scripts/push-test-helm-charts-to-ar.sh
98\ No newline at end of file
99+ GCP_PROJECT=$(GCP_PROJECT) ./scripts/push-test-helm-charts-to-ar.sh
100diff --git a/build/all/Dockerfile b/build/all/Dockerfile
101index d112d1a0..56388ad3 100644
102--- a/build/all/Dockerfile
103+++ b/build/all/Dockerfile
104@@ -13,7 +13,7 @@
105 # limitations under the License.
106
107 # Build all Config Sync go binaries
108-FROM golang:1.20.8 as bins
109+FROM golang:1.21.1 as bins
110
111 WORKDIR /workspace
112
113@@ -23,7 +23,9 @@ COPY . .
114 ARG VERSION
115
116 # Build all our stuff.
117-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on \
118+RUN --mount=type=cache,target=/root/.cache/go-build \
119+ --mount=type=cache,target=/go/pkg/mod \
120+ CGO_ENABLED=0 GOOS=linux GO111MODULE=on \
121 go install \
122 -mod=vendor \
123 -ldflags "-X kpt.dev/configsync/pkg/version.VERSION=${VERSION}" \
124@@ -56,9 +58,7 @@ FROM gcr.io/distroless/static:nonroot as hydration-controller
125 WORKDIR /
126 COPY --from=bins /go/bin/hydration-controller .
127 COPY --from=bins /workspace/.output/third_party/helm/helm /usr/local/bin/helm
128-COPY --from=bins /workspace/.output/third_party/helm/NOTICES /third_party/helm/NOTICES
129 COPY --from=bins /workspace/.output/third_party/kustomize/kustomize /usr/local/bin/kustomize
130-COPY --from=bins /workspace/.output/third_party/kustomize/NOTICES /third_party/kustomize/NOTICES
131 COPY --from=bins /workspace/LICENSE LICENSE
132 COPY --from=bins /workspace/LICENSES.txt LICENSES.txt
133 USER nonroot:nonroot
134@@ -82,7 +82,6 @@ ENV HOME=/tmp
135 WORKDIR /
136 COPY --from=bins /go/bin/helm-sync .
137 COPY --from=bins /workspace/.output/third_party/helm/helm /usr/local/bin/helm
138-COPY --from=bins /workspace/.output/third_party/helm/NOTICES /third_party/helm/NOTICES
139 COPY --from=bins /workspace/LICENSE LICENSE
140 COPY --from=bins /workspace/LICENSES.txt LICENSES.txt
141 USER nonroot:nonroot
142@@ -94,9 +93,7 @@ WORKDIR /
143 USER root
144 COPY --from=bins /go/bin/hydration-controller .
145 COPY --from=bins /workspace/.output/third_party/helm/helm /usr/local/bin/helm
146-COPY --from=bins /workspace/.output/third_party/helm/NOTICES /third_party/helm/NOTICES
147 COPY --from=bins /workspace/.output/third_party/kustomize/kustomize /usr/local/bin/kustomize
148-COPY --from=bins /workspace/.output/third_party/kustomize/NOTICES /third_party/kustomize/NOTICES
149 COPY --from=bins /workspace/LICENSE LICENSE
150 COPY --from=bins /workspace/LICENSES.txt LICENSES.txt
151 RUN apt-get update && apt-get install -y git
152@@ -153,9 +150,7 @@ RUN mkdir -p /opt/nomos/bin
153 WORKDIR /opt/nomos/bin
154 COPY --from=bins /go/bin/nomos nomos
155 COPY --from=bins /workspace/.output/third_party/helm/helm /usr/local/bin/helm
156-COPY --from=bins /workspace/.output/third_party/helm/NOTICES /third_party/helm/NOTICES
157 COPY --from=bins /workspace/.output/third_party/kustomize/kustomize /usr/local/bin/kustomize
158-COPY --from=bins /workspace/.output/third_party/kustomize/NOTICES /third_party/kustomize/NOTICES
159 COPY --from=bins /workspace/LICENSE LICENSE
160 COPY --from=bins /workspace/LICENSES.txt LICENSES.txt
161