build.md

Build

This document explains how to build your own binaries or container images for digester.

Before you proceed, clone the Git repository and install the following tools:

• Go distribution v1.17 or later
• kustomize v3.7.0 or later
• Skaffold v1.37.2 or later

Building binaries and container images

• Build the binary:

  go build -o digester .

• Build a container image and load it into your local Docker daemon:

  skaffold build --cache-artifacts=false --push=false

• Build a container image and push it to Container Registry:

  skaffold build --push --default-repo gcr.io/$(gcloud config get core/project)

The base image is gcr.io/distroless/static:nonroot. If you want to use a different base image, change the value of the defaultBaseImage field in the file .ko.yaml. For instance, if you want to use a base image that contains credential helpers for a number of container registries, you can use a base image from the gcr.io/kaniko-project/executor repository.

Building and deploying the webhook

1. (optional) If you use a Google Kubernetes Engine (GKE) cluster with Workload Identity, and either Container Registry or Artifact Registry, annotate the digester Kubernetes service account:

   kustomize cfg annotate manifests \
       --kind ServiceAccount \
       --name digester-admin \
       --namespace digester-system \
       --kv "iam.gke.io/gcp-service-account=$GSA"

   This annotation informs GKE that the Kubernetes service account digester-admin in the namespace digester-system can impersonate the Google service account $GSA.

2. Build and push the webhook container image, and deploy to your Kubernetes cluster:

   skaffold run --push --default-repo gcr.io/$(gcloud config get core/project)