diff --git a/.circleci/config.yml b/.circleci/config.yml index d0c4f0df4..91f584545 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -109,8 +109,7 @@ jobs: docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} && export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") && IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} && - ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} && - docker push ${IMAGE_NAME_CANDIDATE} + ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} name: Build image - run: command: | diff --git a/.circleci/config/jobs/@jobs.yml b/.circleci/config/jobs/@jobs.yml index e5318d8cc..7dd4276e3 100644 --- a/.circleci/config/jobs/@jobs.yml +++ b/.circleci/config/jobs/@jobs.yml @@ -11,8 +11,7 @@ build_image: docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} && export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") && IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} && - ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} && - docker push ${IMAGE_NAME_CANDIDATE} + ./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} - run: name: Notify Slack on failure command: | diff --git a/Dockerfile b/Dockerfile index 3f3abe9fe..85322e6bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ ENV NODE_ENV production RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash - RUN yum install -y nodejs -RUN curl -L -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 +RUN if [ "$(uname -m)" = "x86_64" ]; then curl -L -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 ; else curl -L -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_arm64 ; fi RUN chmod 755 /usr/bin/dumb-init RUN groupadd -g 10001 snyk diff --git a/scripts/docker/build-image.sh b/scripts/docker/build-image.sh index 0816eb1ae..a12588989 100755 --- a/scripts/docker/build-image.sh +++ b/scripts/docker/build-image.sh @@ -8,4 +8,9 @@ LOCAL_DISCARDABLE_IMAGE=snyk/kubernetes-monitor:local # should happen on merging to `staging` NAME_AND_TAG=${1:-$LOCAL_DISCARDABLE_IMAGE} -docker build -t ${NAME_AND_TAG} . +mkdir -vp ~/.docker/cli-plugins/ +curl --silent -L --output ~/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.6.3/buildx-v0.6.3.linux-amd64 +chmod a+x ~/.docker/cli-plugins/docker-buildx +docker run -it --rm --privileged tonistiigi/binfmt --install all +docker buildx create --use --name mybuilder +docker buildx build --platform linux/amd64,linux/arm64 -t ${NAME_AND_TAG} --push . diff --git a/snyk-monitor-deployment.yaml b/snyk-monitor-deployment.yaml index aa93f4723..a438706f8 100644 --- a/snyk-monitor-deployment.yaml +++ b/snyk-monitor-deployment.yaml @@ -18,6 +18,21 @@ spec: labels: app.kubernetes.io/name: snyk-monitor spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 + - key: "beta.kubernetes.io/arch" + operator: In + values: + - amd64 + - arm64 containers: - image: snyk/kubernetes-monitor:IMAGE_TAG_OVERRIDE_WHEN_PUBLISHING imagePullPolicy: Always diff --git a/snyk-monitor/templates/deployment.yaml b/snyk-monitor/templates/deployment.yaml index 1678614f0..7fc02381c 100644 --- a/snyk-monitor/templates/deployment.yaml +++ b/snyk-monitor/templates/deployment.yaml @@ -38,10 +38,14 @@ spec: - matchExpressions: - key: "kubernetes.io/arch" operator: In - values: ["amd64"] + values: + - amd64 + - arm64 - key: "beta.kubernetes.io/arch" operator: In - values: ["amd64"] + values: + - amd64 + - arm64 serviceAccountName: {{ include "snyk-monitor.name" . }} restartPolicy: Always initContainers: