[MediaWiki-commits] [Gerrit] operations...production-images[master]: Create an envoy docker image.

Wed, 20 Dec 2017 03:22:54 -0800 

Giuseppe Lavagetto has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/396021 )

Change subject: Create an envoy docker image.
......................................................................


Create an envoy docker image.

There is no convenient way to reuse the dockerfile that envoproxy offers in
our current build system and with our currently supported distros (the
official image uses ubuntu xenial). So we merge together the script that
is used to generate the "build image" and the steps used to run it and
actually build the software.

Change-Id: I4107dab6ca361ed20a8e0daaac02644eb28d74a9
---
A images/envoy/Dockerfile.build.template
A images/envoy/Dockerfile.template
A images/envoy/changelog
A images/envoy/control
A images/envoy/entrypoint.sh
A images/envoy/envoy-basic-config.yaml
A images/envoy/envoy_build.sh
7 files changed, 128 insertions(+), 0 deletions(-)

Approvals:
  Giuseppe Lavagetto: Verified; Looks good to me, approved



diff --git a/images/envoy/Dockerfile.build.template 
b/images/envoy/Dockerfile.build.template
new file mode 100644
index 0000000..e1439e9
--- /dev/null
+++ b/images/envoy/Dockerfile.build.template
@@ -0,0 +1,5 @@
+FROM {{ seed_image }}
+
+COPY envoy_build.sh /bin/envoy_build
+# This build is too strange and convoluted to be properly written down in a 
dockerfile. meh.
+RUN /bin/envoy_build
diff --git a/images/envoy/Dockerfile.template b/images/envoy/Dockerfile.template
new file mode 100644
index 0000000..0f8a712
--- /dev/null
+++ b/images/envoy/Dockerfile.template
@@ -0,0 +1,7 @@
+FROM {{ seed_image }}
+
+COPY build/envoy.binary /usr/bin/envoy
+COPY entrypoint.sh /bin/entrypoint
+COPY envoy-basic-config.yaml /etc/envoy.yaml.tpl
+RUN {{ "gettext-base" | apt_install }}
+CMD ["/bin/entypoint"]
diff --git a/images/envoy/changelog b/images/envoy/changelog
new file mode 100644
index 0000000..9b192f9
--- /dev/null
+++ b/images/envoy/changelog
@@ -0,0 +1,5 @@
+envoy (0.0.1) wikimedia; urgency=medium
+
+  * First version of a basic local envoy proxy
+
+ -- Giuseppe Lavagetto <glavage...@wikimedia.org>  Mon, 18 Dec 2017 17:47:14 
+0100
diff --git a/images/envoy/control b/images/envoy/control
new file mode 100644
index 0000000..19c4eac
--- /dev/null
+++ b/images/envoy/control
@@ -0,0 +1,3 @@
+Package: envoy
+Description: Basic envoy proxy container
+Maintainer: Giuseppe Lavagetto <j...@wikimedia.org>
diff --git a/images/envoy/entrypoint.sh b/images/envoy/entrypoint.sh
new file mode 100755
index 0000000..87a0a89
--- /dev/null
+++ b/images/envoy/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /etc && envsubst < /etc/envoy.yaml.tpl > /etc/envoy.yaml
+/usr/bin/envoy -c /etc/envoy.yaml --service-cluster "$SERVICE_NAME" 
--v2-config-only
diff --git a/images/envoy/envoy-basic-config.yaml 
b/images/envoy/envoy-basic-config.yaml
new file mode 100644
index 0000000..3c9c869
--- /dev/null
+++ b/images/envoy/envoy-basic-config.yaml
@@ -0,0 +1,34 @@
+admin:
+  access_log_path: /tmp/admin_access.log
+  address:
+    socket_address: { address: 127.0.0.1, port_value: 9090 }
+
+static_resources:
+  listeners:
+  - name: listener_0
+    address:
+      socket_address: { address: 127.0.0.1, port_value: 8080 }
+    filter_chains:
+    - filters:
+      - name: envoy.http_connection_manager
+        config:
+          stat_prefix: $SERVICE_NAME
+          codec_type: AUTO
+          route_config:
+            name: local_route
+            virtual_hosts:
+            - name: backend
+              domains: ["*"]
+              routes:
+              - match: { prefix: "/" }
+                route: { cluster: local_service }
+          http_filters:
+          - name: envoy.router
+  clusters:
+  - name: local_service
+    connect_timeout: 0.25s
+    http_protocol_options:
+      allow_absolute_url: false
+    type: STATIC
+    lb_policy: ROUND_ROBIN
+    hosts: [{ socket_address: { address: 127.0.0.1, port_value: $SERVICE_PORT 
}}]
diff --git a/images/envoy/envoy_build.sh b/images/envoy/envoy_build.sh
new file mode 100755
index 0000000..f152299
--- /dev/null
+++ b/images/envoy/envoy_build.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+set -e
+# This is mostly extracted from envoy's own build system, just organized in a 
single script
+# to adapt to our build process.
+
+export DEBIAN_FRONTEND=noninteractive
+# Envoy build within a container image build process.
+# This is aimed at reducing to the bare minimum the amount of indirection.
+apt-get update
+apt-get install -y --no-install-recommends ca-certificates git gnupg2
+(git clone https://github.com/envoyproxy/envoy.git /source && cd source \
+     && git checkout v1.5.0)
+apt-get install --no-install-recommends -y wget software-properties-common 
make cmake python python-pip \
+        bc libtool automake zip time golang g++ gdb strace patch rsync
+
+mkdir /build
+# Copy files where we expect them to be
+(cd /source/ci/build_container && \
+     cp ./build_and_install_deps.sh ./recipe_wrapper.sh ./Makefile /  &&\
+     mkdir /bazel-prebuilt && cp /source/WORKSPACE /bazel-prebuilt/ && \
+     cp -ax /source/bazel /bazel-prebuilt && \
+     mkdir /build_recipes && cp ./build_recipes/*.sh /build_recipes/ )
+
+
+# Install clang
+wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+echo 'deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-5.0 main' > 
/etc/apt/sources.list.d/llvm.list
+apt-get update && apt-get install -y clang-5.0 clang-format-5.0
+# Bazel and related dependencies.
+apt-get install --no-install-recommends -y openjdk-8-jdk-headless curl
+echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" 
| tee /etc/apt/sources.list.d/bazel.list
+curl https://bazel.build/bazel-release.pub.gpg | apt-key add -
+apt-get update
+apt-get install -y bazel
+rm -rf /var/lib/apt/lists/*
+
+# virtualenv
+pip install virtualenv
+
+# buildifier
+export GOPATH=/usr/lib/go
+go get github.com/bazelbuild/buildifier/buildifier
+
+# GCC for everything.
+export CC=gcc
+export CXX=g++
+export THIRDPARTY_DEPS=/tmp
+export THIRDPARTY_SRC=/thirdparty
+DEPS=$(python <(cat /bazel-prebuilt/bazel/target_recipes.bzl; \
+                echo "print ' '.join(\"${THIRDPARTY_DEPS}/%s.dep\" % r for r 
in set(TARGET_RECIPES.values()))"))
+# TODO(htuch): We build twice as a workaround for 
https://github.com/google/protobuf/issues/3322.
+# Fix this. This will be gone real soon now.
+export THIRDPARTY_BUILD=/thirdparty_build
+export CPPFLAGS="-DNDEBUG"
+echo "Building opt deps ${DEPS}"
+/build_and_install_deps.sh ${DEPS}
+
+echo "Building Bazel-managed deps (//bazel/external:all_external)"
+mkdir /bazel-prebuilt-root /bazel-prebuilt-output
+BAZEL_OPTIONS="--output_user_root=/bazel-prebuilt-root 
--output_base=/bazel-prebuilt-output"
+cd /bazel-prebuilt
+for BAZEL_MODE in opt dbg fastbuild; do
+    bazel ${BAZEL_OPTIONS} build -c "${BAZEL_MODE}" 
//bazel/external:all_external
+done
+# Allow access by non-root for building.
+chmod -R a+rX /bazel-prebuilt-root /bazel-prebuilt-output
+cd /source
+./ci/do_ci.sh bazel.release.server_only
+
+# Now let's extract the envoy binary from the build, and cleanup the build 
workspace
+mv /build/envoy/source/exe/envoy /build/envoy.binary && rm -rf /build/envoy

-- 
To view, visit https://gerrit.wikimedia.org/r/396021
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4107dab6ca361ed20a8e0daaac02644eb28d74a9
Gerrit-PatchSet: 5
Gerrit-Project: operations/docker-images/production-images
Gerrit-Branch: master
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to