K8s1.14

.gitignore

@@ -16,7 +16,7 @@ bin
 *.out
 
 # Manager image patch file
-overlays/dev/manager_image_patch.yaml
+config/overlays/dev/manager_image_patch.yaml
 
 # Kubernetes Generated files - skip generated files, except for vendored files
 

.travis.yml

@@ -2,7 +2,7 @@ sudo: required
 language: go
 go_import_path: github.com/open-policy-agent/gatekeeper
 go:
-- "1.12.x"
+- "1.13.x"
 
 services:
 - docker
@@ -18,7 +18,7 @@ jobs:
       - make patch-image IMG=gatekeeper-e2e:latest USE_LOCAL_IMG=true
       - make deploy 
       - make test-e2e
-      - echo -e '\n\n======= manager logs =======\n\n' && kubectl logs -n gatekeeper-system gatekeeper-controller-manager-0 manager
+      - echo -e '\n\n======= manager logs =======\n\n' && kubectl logs -n gatekeeper-system -l control-plane=controller-manager
       deploy:
         - provider: script
           skip_cleanup: true

Dockerfile

@@ -1,25 +1,22 @@
 # Build the manager binary
-FROM golang:1.12.9 as builder
+FROM golang:1.13.3 as builder
 
 # Copy in the go src
 WORKDIR /go/src/github.com/open-policy-agent/gatekeeper
 COPY pkg/    pkg/
-COPY cmd/    cmd/
 COPY vendor/ vendor/
+COPY main.go main.go
+COPY api/ api/
+COPY go.mod .
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager github.com/open-policy-agent/gatekeeper/cmd/manager
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o manager main.go
 
-# Copy the controller-manager into a thin image
-FROM ubuntu:latest
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot 
+WORKDIR /
+COPY --from=builder /go/src/github.com/open-policy-agent/gatekeeper/manager .
+USER nonroot:nonroot
 
-# Update image and add a non-root user
-RUN apt update && apt upgrade -y \
-    && useradd -rm -u 1000 -U manager
-
-WORKDIR /home/manager/
-COPY --chown=manager:manager --from=builder /go/src/github.com/open-policy-agent/gatekeeper/manager .
-
-USER 1000
-
-ENTRYPOINT ["./manager"]
+ENTRYPOINT ["/manager"]

Dockerfile_ci

@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update &&\
-    apt upgrade -y &&\
-    useradd -rm -u 1000 -U manager
-
-WORKDIR /home/manager/
-COPY --chown=manager:manager bin/manager .
-
-USER 1000
-
-ENTRYPOINT ["./manager"]
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY bin/manager .
+USER nonroot:nonroot
+
+ENTRYPOINT ["/manager"]