From da213717fea8845037deabf7e1337f46cfa7ff04 Mon Sep 17 00:00:00 2001
From: Gabriel Bernal <gbernal@redhat.com>
Date: Mon, 23 Dec 2024 12:37:38 +0100
Subject: [PATCH] use the distroless image for development with a cluster (#41)

Signed-off-by: Gabriel Bernal <gbernal@redhat.com>
---
 .dockerignore                                 |  1 +
 Dockerfile                                    |  4 +--
 Dockerfile.dev                                | 35 -------------------
 Makefile                                      |  4 +--
 README.md                                     | 12 ++-----
 config/default/manager_auth_proxy_patch.yaml  |  2 +-
 config/manager/manager.yaml                   |  6 ++--
 distroless-debug.Dockerfile                   |  4 +--
 main.go                                       |  2 +-
 .../generate-goreleaser/.goreleaser.base.yaml |  2 +-
 10 files changed, 16 insertions(+), 56 deletions(-)
 delete mode 100644 Dockerfile.dev

diff --git a/.dockerignore b/.dockerignore
index 0f04682..432d960 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,5 @@
 # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 # Ignore build and test binaries.
 bin/
+!bin/manager
 testbin/
diff --git a/Dockerfile b/Dockerfile
index 5ac6697..07ff50f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,9 +7,9 @@ LABEL maintainer="The Perses Authors <perses-team@googlegroups.com>"
 
 USER nobody
 
-COPY --chown=nobody:nobody operator                      /bin/operator
+COPY --chown=nobody:nobody bin/manager                   /bin/manager
 COPY --chown=nobody:nobody LICENSE                       /LICENSE
 COPY --from=build-env --chown=nobody:nobody              /etc/mime.types /etc/mime.types
 
 EXPOSE     8080
-ENTRYPOINT [ "/bin/operator" ]
+ENTRYPOINT [ "/bin/manager" ]
diff --git a/Dockerfile.dev b/Dockerfile.dev
deleted file mode 100644
index bd217d3..0000000
--- a/Dockerfile.dev
+++ /dev/null
@@ -1,35 +0,0 @@
-# Build the manager binary
-FROM golang:1.23 as builder
-ARG TARGETOS
-ARG TARGETARCH
-
-WORKDIR /workspace
-# Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Copy the go source
-COPY main.go main.go
-COPY api/ api/
-COPY controllers/ controllers/
-COPY internal/ internal/
-
-# Build
-# the GOARCH has not a default value to allow the binary be built according to the host where the command
-# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
-# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
-# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go
-
-FROM gcr.io/distroless/static:nonroot
-WORKDIR /
-
-COPY --from=builder /workspace/manager .
-COPY --chown=nobody:nobody LICENSE /LICENSE
-
-USER 65532:65532
-
-ENTRYPOINT ["/manager"]
diff --git a/Makefile b/Makefile
index 82ce838..4f2d571 100644
--- a/Makefile
+++ b/Makefile
@@ -150,8 +150,8 @@ run: manifests generate fmt vet ## Run a controller from your host.
 # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: image-build
-image-build: test ## Build docker image with the manager.
-	${CONTAINER_RUNTIME} build -f Dockerfile.dev -t ${IMG} .
+image-build: build test ## Build docker image with the manager.
+	${CONTAINER_RUNTIME} build -f Dockerfile -t ${IMG} .
 
 .PHONY: image-push
 image-push: ## Push docker image with the manager.
diff --git a/README.md b/README.md
index 162ff1f..78bd1a9 100644
--- a/README.md
+++ b/README.md
@@ -20,19 +20,13 @@ make install
 kubectl apply -k config/samples
 ```
 
-3. Build and push your image to the location specified by `IMG`:
+3. Usint the the location specified by `IMG`, build and push the image to the registry, then deploy the controller to the cluster:
 
 ```sh
-make image-build image-push IMG=<some-registry>/perses-operator:tag
+IMG=<some-registry>/perses-operator:tag make image-build image-push deploy
 ```
 
-4. Deploy the controller to the cluster with the image specified by `IMG`:
-
-```sh
-make deploy IMG=<some-registry>/perses-operator:tag
-```
-
-6. Access the Perses UI at `http://localhost:8080`
+5. Access the Perses UI at `http://localhost:8080` by port-forwarding the service:
 
 ```sh
 kubectl port-forward svc/perses-sample 8080:8080
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index b751266..24d2228 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -51,5 +51,5 @@ spec:
       - name: manager
         args:
         - "--health-probe-bind-address=:8081"
-        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--metrics-bind-address=127.0.0.1:8082"
         - "--leader-elect"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 79a5874..1938bc5 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -58,10 +58,10 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
+        runAsGroup: 65532
+        runAsUser: 65532
       containers:
-      - command:
-        - /manager
-        args:
+      - args:
         - --leader-elect
         image: controller:latest
         imagePullPolicy: Always
diff --git a/distroless-debug.Dockerfile b/distroless-debug.Dockerfile
index 9620086..bfd170b 100644
--- a/distroless-debug.Dockerfile
+++ b/distroless-debug.Dockerfile
@@ -7,9 +7,9 @@ LABEL maintainer="The Perses Authors <perses-team@googlegroups.com>"
 
 USER nobody
 
-COPY --chown=nobody:nobody operator                      /bin/operator
+COPY --chown=nobody:nobody bin/manager                   /bin/manager
 COPY --chown=nobody:nobody LICENSE                       /LICENSE
 COPY --from=build-env --chown=nobody:nobody              /etc/mime.types /etc/mime.types
 
 EXPOSE     8080
-ENTRYPOINT [ "/bin/operator" ]
+ENTRYPOINT [ "/bin/manager" ]
diff --git a/main.go b/main.go
index 53de9b0..715c617 100644
--- a/main.go
+++ b/main.go
@@ -62,7 +62,7 @@ func main() {
 	var enableHTTP2 bool
 	var persesServerURL string
 
-	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
+	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8082", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
diff --git a/scripts/generate-goreleaser/.goreleaser.base.yaml b/scripts/generate-goreleaser/.goreleaser.base.yaml
index 32b8130..7c26dc1 100644
--- a/scripts/generate-goreleaser/.goreleaser.base.yaml
+++ b/scripts/generate-goreleaser/.goreleaser.base.yaml
@@ -2,7 +2,7 @@ version: 2
 builds:
   - id: "operator"
     main: ./main.go
-    binary: "operator"
+    binary: "/bin/manager"
     goos:
       - linux
       - windows