最近要修复istio的一些bug,要制作镜像升级系统,列下过程。
一、编译
make build GOPROXY=https:斜杠mirrors.aliyun.com/goproxy/GOPROXY默认https:斜杠proxy.golang.org,direct,会被墙,可以使用国内代理
TARGET_OUT=/work/out/linux_amd64 bin/build_ztunnel.sh
GOOS=linux GOARCH=amd64 LDFLAGS='-extldflags -static -s -w' common/scripts/gobuild.sh /work/out/linux_amd64/ ./istioctl/cmd/istioctl ./pilot/cmd/pilot-discovery ./pkg/test/echo/cmd/client ./pkg/test/echo/cmd/server ./samples/extauthz/cmd/extauthz ./operator/cmd/operator ./tools/bug-report
real 0m4.539s
user 0m19.151s
sys 0m5.771s
GOOS=linux GOARCH=amd64 LDFLAGS='-extldflags -static -s -w' common/scripts/gobuild.sh /work/out/linux_amd64/ -tags=agent ./pilot/cmd/pilot-agent
real 0m2.424s
user 0m2.786s
sys 0m1.031s有些依赖包找不到,可以换个代理单独下载
/go/pkg/mod/google.golang.org/api@v0.132.0/internal/cba.go:43:2: zip: not a valid zip file
"github.com/google/s2a-go"GOPROXY='https:斜杠goproxy.io,direct' go get github.com/google/s2a-go二、打包
make docker.proxyv2 GOPROXY=https:斜杠mirrors.aliyun.com/goproxy/DOCKER_TARGETS=docker.proxyv2 ./tools/docker
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2
real 0m3.563s
user 0m4.102s
sys 0m1.752s
2023-11-20T11:58:43.856491Z info Args: Push: false
Save: false
NoClobber: false
NoCache: false
Targets: [proxyv2]
Variants: [default]
Architectures: [linux/amd64]
BaseVersion: master-2023-07-20T20-50-43
BaseImageRegistry: gcr.io/istio-release
ProxyVersion: 3ac8014570d7f4187fb277d25bce010fa6f7b22b
ZtunnelVersion: 6692071f9f3b357d4862b9bdc615673ccd63c782
IstioVersion: 1.19-dev
Tags: [latest]
Hubs: [localhost:5000]
Builder: docker
2023-11-20T11:58:43.857104Z info building for architectures: [linux/amd64]
2023-11-20T11:58:43.857356Z info Running make for linux/amd64: pilot-agent init
2023-11-20T11:58:43.857465Z info env: [TARGET_OS=linux TARGET_ARCH=amd64 TARGET_OUT=/work/out/linux_amd64 TARGET_OUT_LINUX=/work/out/linux_amd64]
GOOS=linux GOARCH=amd64 LDFLAGS='-extldflags -static -s -w' common/scripts/gobuild.sh /work/out/linux_amd64/ -tags="agent" ./pilot/cmd/pilot-agent
real 0m2.516s
user 0m2.848s
sys 0m1.318s
TARGET_OUT=/work/out/linux_amd64 bin/build_ztunnel.sh
2023-11-20T11:58:46.782243Z info Running command: tools/docker-copy.sh pilot/docker/Dockerfile.proxyv2 tools/packaging/common/envoy_bootstrap.json tools/packaging/common/gcp_envoy_bootstrap.json /work/out/linux_amd64/release/envoy /work/out/linux_amd64/pilot-agent /work/out/linux_amd64/dockerx_build/build.docker.proxyv2
2023-11-20T11:58:47.265980Z info make complete runtime=3.408619505s
2023-11-20T11:58:47.266276Z info Running command: docker buildx bake -f /work/out/linux_amd64/dockerx_build/docker-bake.json all
[+] Building 30.5s (3/3) FINISHED docker-container:container-builder
=> [internal] load build definition from Dockerfile.proxyv2 0.0s
=> => transferring dockerfile: 1.82kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> ERROR [internal] load metadata for gcr.io/istio-release/base:master-2023-07-20T20-50-43 30.0s
------
> [internal] load metadata for gcr.io/istio-release/base:master-2023-07-20T20-50-43:
------
Dockerfile.proxyv2:9
--------------------
7 |
8 | # The following section is used as base image if BASE_DISTRIBUTION=debug
9 | >>> FROM ${ISTIO_BASE_REGISTRY}/base:${BASE_VERSION} as debug
10 |
11 | # The following section is used as base image if BASE_DISTRIBUTION=distroless
--------------------
ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: gcr.io/istio-release/base:master-2023-07-20T20-50-43: failed to do request: Head "https:斜杠gcr.io/v2/istio-release/base/manifests/master-2023-07-20T20-50-43": dial tcp 64.233.188.82:443: i/o timeout
2023-11-20T11:59:18.057909Z info build complete runtime=34.201716054s
Error: exit status 1
make[1]: *** [tools/istio-docker.mk:64: docker.proxyv2] Error 255
make: *** [docker.proxyv2] Error 2默认的gcr.io是国外的image仓库,国内访问不了,可以改用gcr.lank8s.cn代替,另外指定image名和版本
make docker.proxyv2 HUB=myimage TAG=1.19.0 ISTIO_BASE_REGISTRY=gcr.lank8s.cn/istio-release GOPROXY=https:斜杠mirrors.aliyun.com/goproxy/2023-11-20T12:04:47.591825Z info Args: Push: false
Save: false
NoClobber: false
NoCache: false
Targets: [proxyv2]
Variants: [default]
Architectures: [linux/amd64]
BaseVersion: master-2023-07-20T20-50-43
BaseImageRegistry: gcr.lank8s.cn/istio-release
ProxyVersion: 3ac8014570d7f4187fb277d25bce010fa6f7b22b
ZtunnelVersion: 6692071f9f3b357d4862b9bdc615673ccd63c782
IstioVersion: 1.19-dev
Tags: [1.19.0]
Hubs: [myimage]
Builder: docker
......
2023-11-20T12:04:59.313330Z info images complete runtime=7.227859743s
2023-11-20T12:04:59.313471Z info build complete runtime=11.72186984s另一个镜像类似方法
make docker.pilot HUB=myimage TAG=1.19.0 ISTIO_BASE_REGISTRY=gcr.lank8s.cn/istio-release GOPROXY=https:斜杠mirrors.aliyun.com/goproxy/三、上传
本地仓库已生成上面编译的image
REPOSITORY TAG IMAGE ID CREATED SIZE
myimage/pilot 1.19.0 07a5aa4e27cd 9 seconds ago 179MB
myimage/proxyv2 1.19.0 48e1f76b268e 2 minutes ago 251MB上传到远程仓库,替换安装yaml的image地址,重新apply
kubectl apply -f istio.yaml......
configmap/istio-sidecar-injector configured
deployment.apps/istio-ingressgateway configured
deployment.apps/istiod configured
......
poddisruptionbudget.policy/istio-ingressgateway configured
poddisruptionbudget.policy/istiod configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured
validatingwebhookconfiguration.admissionregistration.k8s.io/istio-validator-istio-system configured
