This document explains how to build your own binaries or container images for digester.
Before you proceed, clone the Git repository and install the following tools:
-
Build the binary:
go build . -
Build a container image and load it into your local Docker daemon:
export GOROOT=$(go env GOROOT) ko publish --base-import-paths --local .
-
Build a container image and publish it to Container Registry:
export GOROOT=$(go env GOROOT) export KO_DOCKER_REPO=gcr.io/$(gcloud config get-value core/project) ko publish --base-import-paths .
The base image is gcr.io/distroless/static:nonroot. If you want to use a
different base image, change the value of the defaultBaseImage field in the
file .ko.yaml. For instance, if you want to use a base image that
contains credential helpers for a number of container registries, you can use a
base image from the gcr.io/kaniko-project/executor repository.
-
Set environment variables for
ko:export GOROOT=$(go env GOROOT) export KO_DOCKER_REPO=gcr.io/$(gcloud config get-value core/project)
-
Build and publish the webhook container image, and set the image name (with digest) in the webhook Deployment manifest:
IMAGE=$(ko publish --base-import-paths .) kpt cfg set manifests/ image $IMAGE
-
(optional) If you use a Google Kubernetes Engine (GKE) cluster with Workload Identity, and either Container Registry or Artifact Registry, annotate the digester Kubernetes service account:
kpt cfg annotate manifests/ \ --kind ServiceAccount \ --name digester-admin \ --namespace digester-system \ --kv "iam.gke.io/gcp-service-account=$GSA"This annotation informs GKE that the Kubernetes service account
digester-adminin the namespacedigester-systemcan impersonate the Google service account$GSA. -
Deploy the webhook:
kpt live apply manifests/ --reconcile-timeout=3m --output=table