Merge pull request #1205 from wilsonehusin/distroless

Use distroless images

Author: Vladimir Vivien

Dockerfile

@@ -18,4 +18,4 @@ CMD1
 
 ADD BINARY /sonobuoy
 WORKDIR /
-CMD /sonobuoy aggregator --no-exit -v 3 --logtostderr
+CMD ["/sonobuoy", "aggregator", "--no-exit", "-v", "3", "--logtostderr"]

Makefile

@@ -48,15 +48,15 @@ VERBOSE_FLAG = -v
 endif
 BUILDMNT = /go/src/$(GOTARGET)
 BUILD_IMAGE ?= golang:1.15-buster
-AMD_IMAGE ?= debian:buster-slim
+AMD_IMAGE ?= gcr.io/distroless/static-debian10:latest
 ARM_IMAGE ?= arm64v8/ubuntu:16.04
 WIN_IMAGE ?= mcr.microsoft.com/windows/servercore:1809
 
 TESTARGS ?= $(VERBOSE_FLAG) -timeout 60s
 COVERARGS ?= -coverprofile=coverage.txt -covermode=atomic
 TEST_PKGS ?= $(GOTARGET)/cmd/... $(GOTARGET)/pkg/...
-TEST_CMD = go test $(TESTARGS)
-TEST = GODEBUG=x509ignoreCN=0 $(TEST_CMD) $(COVERARGS) $(TEST_PKGS)
+TEST_CMD = GODEBUG=x509ignoreCN=0 go test $(TESTARGS)
+TEST = $(TEST_CMD) $(COVERARGS) $(TEST_PKGS)
 
 INT_TEST_PKGS ?= $(GOTARGET)/test/integration/...
 INT_TEST= $(TEST_CMD) $(INT_TEST_PKGS) -tags=integration

cmd/sonobuoy/app/root.go

@@ -57,6 +57,7 @@ func NewSonobuoyCommand() *cobra.Command {
 	cmds.AddCommand(NewCmdRun())
 	cmds.AddCommand(NewCmdImages())
 	cmds.AddCommand(NewCmdResults())
+	cmds.AddCommand(NewCmdSplat())
 
 	klog.InitFlags(nil)
 	cmds.PersistentFlags().AddGoFlagSet(flag.CommandLine)

cmd/sonobuoy/app/splat.go

@@ -0,0 +1,109 @@
+/*
+Copyright 2021 VMware Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package app
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/vmware-tanzu/sonobuoy/pkg/errlog"
+
+	"github.com/spf13/cobra"
+)
+
+func NewCmdSplat() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "splat AGGREGATOR_RESULTS_PATH",
+		Short: "Reads all tarballs in the specified directory and prints the content to STDOUT (for internal use)",
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := runSplat(args[0]); err != nil {
+				errlog.LogError(err)
+				os.Exit(1)
+			}
+		},
+		Hidden: true,
+		Args:   cobra.ExactArgs(1),
+	}
+	return cmd
+}
+
+func runSplat(dirPath string) error {
+	sonobuoyResults, err := filepath.Glob(filepath.Join(dirPath, "*.tar.gz"))
+	if err != nil {
+		return err
+	}
+
+	if err = loadResults(os.Stdout, sonobuoyResults); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func loadResults(w *os.File, filenames []string) error {
+	gzipWriter := gzip.NewWriter(w)
+	defer gzipWriter.Close()
+
+	tarWriter := tar.NewWriter(gzipWriter)
+	defer tarWriter.Close()
+
+	for _, filename := range filenames {
+		if err := addFileToTarball(tarWriter, filename); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func addFileToTarball(tarWriter *tar.Writer, filename string) error {
+	file, err := os.Open(filename)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	infoHeader, err := file.Stat()
+	if err != nil {
+		return err
+	}
+
+	// archive path of content as basename instead of full path
+	// so un-archiving will result in the working directory, not AGGREGATOR_RESULTS_PATH
+	header, err := tar.FileInfoHeader(infoHeader, infoHeader.Name())
+	if err != nil {
+		return err
+	}
+
+	if err = tarWriter.WriteHeader(header); err != nil {
+		return err
+	}
+
+	fileContent, err := ioutil.ReadAll(file)
+	if err != nil {
+		return err
+	}
+
+	if _, err := tarWriter.Write(fileContent); err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/client/retrieve.go

@@ -18,6 +18,7 @@ package client
 
 import (
 	"archive/tar"
+	"compress/gzip"
 	"context"
 	"fmt"
 	"io"
@@ -44,10 +45,9 @@ const (
 
 var (
 	linuxTarCommand = []string{
-		"/usr/bin/env",
-		"bash",
-		"-c",
-		fmt.Sprintf("tar cf - %s/*.tar.gz", config.AggregatorResultsPath),
+		"/sonobuoy",
+		"splat",
+		config.AggregatorResultsPath,
 	}
 
 	winTarCommand = []string{
@@ -158,8 +158,14 @@ func isPodRunningOnWindowsNode(client kubernetes.Interface, ns, podName string)
 func UntarAll(reader io.Reader, destFile, prefix string) (filenames []string, returnErr error) {
 	entrySeq := -1
 	filenames = []string{}
-	// TODO: use compression here?
-	tarReader := tar.NewReader(reader)
+	// Adding compression per `splat` subcommand implementation
+	gzReader, err := gzip.NewReader(reader)
+	if err != nil {
+		returnErr = err
+		return
+	}
+	defer gzReader.Close()
+	tarReader := tar.NewReader(gzReader)
 
 	// Ensure the reader gets drained. Tar on some platforms doesn't
 	// seem to consume the end-of-archive marker (long string of 0s).

test/integration/testImage/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.14-stretch AS base
+FROM golang:1.15-buster AS base
 WORKDIR /src
 
 # Handle the go modules first to take advantage of Docker cache.
@@ -22,10 +22,10 @@ RUN go mod download
 
 # Get the rest of the files and build.
 COPY src .
-RUN go build -o /go/bin/testImage ./...
+RUN CGO_ENABLED=0 go build -o /go/bin/testImage ./...
 
-FROM debian:stretch-slim
-MAINTAINER John Schnake "[email protected]"
-COPY --from=base /go/bin/testImage /bin/testImage
+FROM gcr.io/distroless/static-debian10:latest
+WORKDIR /
+COPY --from=base /go/bin/testImage /testImage
 COPY resources /resources
-CMD [ "testImage" ]
+CMD [ "/testImage" ]

test/integration/testImage/yaml/ds-junit-passing-tar.yaml

@@ -8,7 +8,7 @@ spec:
   - /resources/hello-world.txt
   - /resources/junit-multi-suite-single-failure.xml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/ds-manual.yaml

@@ -11,7 +11,7 @@ spec:
   - /resources/manual-results-1.yaml
   - /resources/manual-results-2.yaml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/ds-raw-passing-tar.yaml

@@ -8,7 +8,7 @@ spec:
   - /resources/hello-world.txt
   - /resources/junit-multi-suite-single-failure.xml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/job-junit-passing-singlefile.yaml

@@ -7,7 +7,7 @@ spec:
   - single-file
   - /resources/junit-passing-tests.xml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/job-manual.yaml

@@ -11,7 +11,7 @@ spec:
   - /resources/manual-results-1.yaml
   - /resources/manual-results-2.yaml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/job-raw-singlefile.yaml

@@ -7,7 +7,7 @@ spec:
   - single-file
   - /resources/hello-world.txt
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}

test/integration/testImage/yaml/manual-with-arbitrary-details.yaml

@@ -9,7 +9,7 @@ spec:
   - single-file
   - /resources/manual-results-with-arbitrary-details.yaml
   command:
-  - testImage
+  - /testImage
   image: sonobuoy/testimage:v0.1
   name: plugin
   resources: {}