From e36556c389ec86e345b78850514bc7d146253423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Tue, 28 May 2024 18:13:31 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=8C=89=E8=A6=81=E6=B1=82=E7=A7=BB?= =?UTF-8?q?=E9=99=A4=E9=87=8D=E5=A4=8D=E6=9E=84=E5=BB=BA=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/jms-build-test.yml | 29 ++++- Dockerfile | 31 +++-- Dockerfile-ee | 168 +++++++-------------------- entrypoint.sh | 37 +++--- 4 files changed, 98 insertions(+), 167 deletions(-) diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml index 1a292812..6e8efc57 100644 --- a/.github/workflows/jms-build-test.yml +++ b/.github/workflows/jms-build-test.yml @@ -1,36 +1,51 @@ name: "Run Build Test" on: push: - branches: - - pr@* - - repr@* + paths: + - 'Dockerfile' + - 'Dockerfile*' + - 'Dockerfile-*' + - 'go.mod' + - 'go.sum' jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - name: Prepare Mirror run: | sed -i 's@registry.npmmirror.com@registry.yarnpkg.com@g' ui/yarn.lock + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build CE Image uses: docker/build-push-action@v5 with: context: . - push: false + push: true file: Dockerfile - tags: jumpserver/koko-ce:test + tags: ghcr.io/jumpserver/koko:v4-lite platforms: linux/amd64 build-args: | + VERSION=v4 GOPROXY=direct APT_MIRROR=http://deb.debian.org NPM_REGISTRY=https://registry.yarnpkg.com + outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max + + - name: Prepare EE Image + run: | + sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee - name: Build EE Image uses: docker/build-push-action@v5 @@ -41,8 +56,10 @@ jobs: tags: jumpserver/koko-ee:test platforms: linux/amd64 build-args: | + VERSION=v4 GOPROXY=direct APT_MIRROR=http://deb.debian.org NPM_REGISTRY=https://registry.yarnpkg.com + outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index fc2bba1b..2684092d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,11 +11,11 @@ RUN set -ex \ WORKDIR /opt/koko/ui ADD ui/package.json ui/yarn.lock . -RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ +RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked \ yarn install ADD ui . -RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ +RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked \ yarn build FROM golang:1.22-bullseye as stage-build @@ -30,6 +30,7 @@ ARG HELM_VERSION=v3.14.3 ARG KUBECTL_VERSION=v1.29.3 ARG CHECK_VERSION=v1.0.2 ARG USQL_VERSION=v0.0.1 +ARG WISP_VERSION=v0.1.20 RUN set -ex \ && mkdir -p /opt/koko/bin \ && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ @@ -40,9 +41,11 @@ RUN set -ex \ && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \ && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ + && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ \ && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ && wget https://github.com/jumpserver-dev/usql/releases/download/${USQL_VERSION}/usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ + && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ \ && chmod 755 /opt/koko/bin/* \ && chown root:root /opt/koko/bin/* \ && rm -f *.tar.gz @@ -89,10 +92,12 @@ ARG DEPENDENCIES=" \ ca-certificates" ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \ - sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ @@ -109,7 +114,15 @@ COPY --from=stage-build /opt/koko/bin /usr/local/bin COPY --from=stage-build /opt/koko/release . COPY --from=stage-build /opt/koko/koko . -ENV LANG=zh_CN.UTF-8 +ARG VERSION +ENV VERSION=${VERSION} + +VOLUME /opt/koko/data + +ENTRYPOINT ["./entrypoint.sh"] + +EXPOSE 2222 + +STOPSIGNAL SIGQUIT -EXPOSE 2222 5000 -CMD ["./entrypoint.sh"] +CMD [ "./koko" ] \ No newline at end of file diff --git a/Dockerfile-ee b/Dockerfile-ee index 886f8c6e..9feb25df 100644 --- a/Dockerfile-ee +++ b/Dockerfile-ee @@ -1,148 +1,45 @@ -FROM redis:6.2-bullseye as redis - -FROM node:16.20-bullseye-slim as ui-build -ARG TARGETARCH -ARG NPM_REGISTRY="https://registry.npmmirror.com" -ENV NPM_REGISTY=$NPM_REGISTRY - -RUN set -ex \ - && npm config set registry ${NPM_REGISTRY} \ - && yarn config set registry ${NPM_REGISTRY} - -WORKDIR /opt/koko/ui -ADD ui/package.json ui/yarn.lock . -RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ - yarn install - -ADD ui . -RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ - yarn build - -FROM golang:1.22-bullseye as stage-build -LABEL stage=stage-build -ARG TARGETARCH - -WORKDIR /opt/koko -ARG HELM_VERSION=v3.12.2 -ARG DOWNLOAD_URL=https://download.jumpserver.org - -RUN set -ex \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt/koko -ARG HELM_VERSION=v3.14.3 -ARG KUBECTL_VERSION=v1.29.3 -ARG CHECK_VERSION=v1.0.2 -RUN set -ex \ - && mkdir -p /opt/koko/bin /opt/clickhouse \ - && LATEST_VERSION=$(curl -s https://packages.clickhouse.com/tgz/stable/ | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort -V -r | head -n 1) \ - && PKG="clickhouse-common-static" \ - && wget "https://packages.clickhouse.com/tgz/stable/$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" \ - && tar -xf "$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" --strip-components=1 -C /opt/clickhouse \ - && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ - && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \ - && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \ - && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \ - && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \ - && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ - && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ - && mv /opt/clickhouse/usr/bin/clickhouse /usr/local/bin/clickhouse-client \ - && chmod 755 /opt/koko/bin/* \ - && chown root:root /opt/koko/bin/* \ - && rm -f *.tar.gz *.tgz \ - && rm -rf /opt/clickhouse - -ADD go.mod go.sum . - -ARG GOPROXY=https://goproxy.io -ENV CGO_ENABLED=0 -ENV GO111MODULE=on -ENV GOOS=linux - -RUN --mount=type=cache,target=/root/.cache \ - --mount=type=cache,target=/go/pkg/mod \ - go mod download -x - -COPY . . - -COPY --from=ui-build /opt/koko/ui/dist ui/dist - ARG VERSION -ENV VERSION=$VERSION - -RUN --mount=type=cache,target=/root/.cache \ - --mount=type=cache,target=/go/pkg/mod \ - set +x \ - && make build -s \ - && set -x && ls -al . \ - && mv /opt/koko/build/koko-linux-${TARGETARCH} /opt/koko/koko \ - && mv /opt/koko/build/helm-linux-${TARGETARCH} /opt/koko/bin/helm \ - && mv /opt/koko/build/kubectl-linux-${TARGETARCH} /opt/koko/bin/kubectl -RUN mkdir /opt/koko/release \ - && mv /opt/koko/locale /opt/koko/release \ - && mv /opt/koko/config_example.yml /opt/koko/release \ - && mv /opt/koko/entrypoint.sh /opt/koko/release \ - && mv /opt/koko/utils/init-kubectl.sh /opt/koko/release \ - && chmod 755 /opt/koko/release/entrypoint.sh /opt/koko/release/init-kubectl.sh - -FROM debian:bullseye-slim +FROM debian:bullseye-slim as stage-build ARG TARGETARCH ARG DEPENDENCIES=" \ - bash-completion \ ca-certificates \ curl \ - git \ - git-lfs \ - iputils-ping \ - jq \ - less \ - locales \ - openssh-client \ - freetds-bin \ - mariadb-client \ - postgresql-client \ - telnet \ - unzip \ - vim \ - wget \ - xz-utils" + wget" ARG APT_MIRROR=http://mirrors.ustc.edu.cn - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \ - sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash + +WORKDIR /opt/koko ARG MONGOSH_VERSION=1.10.3 RUN set -ex \ + && mkdir -p /opt/koko/bin /opt/koko/lib \ && \ case "${TARGETARCH}" in \ amd64) \ wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /opt/koko/bin/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /opt/koko/lib/ \ && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ ;; \ arm64) \ wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /opt/koko/bin/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /opt/koko/lib/ \ && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ ;; \ *) \ @@ -150,16 +47,29 @@ RUN set -ex \ ;; \ esac -COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli - -WORKDIR /opt/koko/ +FROM registry.fit2cloud.com/jumpserver/koko:${VERSION}-lite +ARG TARGETARCH -COPY --from=stage-build /opt/koko/.kubectl_aliases /opt/kubectl-aliases/.kubectl_aliases -COPY --from=stage-build /opt/koko/bin /usr/local/bin -COPY --from=stage-build /opt/koko/release . -COPY --from=stage-build /opt/koko/koko . +ARG DEPENDENCIES=" \ + bash-completion \ + curl \ + git \ + git-lfs \ + iputils-ping \ + jq \ + less \ + openssh-client \ + telnet \ + unzip \ + vim \ + wget \ + xz-utils" -ENV LANG=zh_CN.UTF-8 +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} -EXPOSE 2222 5000 -CMD ["./entrypoint.sh"] +COPY --from=stage-build /opt/koko/bin /usr/local/bin +COPY --from=stage-build /opt/koko/lib /usr/local/lib \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index d6b45522..19bd74f9 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,29 +1,20 @@ #!/bin/sh # -until /usr/local/bin/check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 -done +if [ -n "$CORE_HOST" ]; then + until check ${CORE_HOST}/api/health/; do + echo "wait for jms_core ${CORE_HOST} ready" + sleep 2 + done +fi -# 限制所有可执行目录的权限 -chmod -R 700 /usr/local/sbin/* && chmod -R 700 /usr/local/bin/* && chmod -R 700 /usr/bin/* -chmod -R 700 /usr/sbin/* && chmod -R 700 /sbin/* && chmod -R 700 /bin/* +export WORK_DIR=/opt/koko +export COMPONENT_NAME=koko +export WISP_TRACE_PROCESS=1 +export EXECUTE_PROGRAM=/opt/koko/koko -function init_jms_k8s_user(){ - echo `getent passwd | grep 'jms_k8s_user' || useradd -M -U -d /nonexistent jms_k8s_user` > /dev/null 2>&1 - echo `getent passwd | grep 'jms_k8s_user' | grep '/nonexistent' || usermod -d /nonexistent jms_k8s_user` > /dev/null 2>&1 - echo `getent group | grep 'jms_k8s_user' || groupadd jms_k8s_user` > /dev/null 2>&1 -} -init_jms_k8s_user +if [ ! "$LOG_LEVEL" ]; then + export LOG_LEVEL=ERROR +fi -# 放开部分需要的可执行权限 -chmod 755 `which mysql` `which psql` `which mongosh` `which tsql` `which redis` `which clickhouse-client` -chmod 755 `which kubectl` `which rawkubectl` `which helm` `which rawhelm` - -# k8s 集群连接需要的命令 -chown :jms_k8s_user `which jq` `which less` `which vim` `which ls` `which bash` `which grep` -chmod 750 `which jq` `which less` `which vim` `which ls` `which bash` `which grep` - -cd /opt/koko -./koko \ No newline at end of file +exec "$@" \ No newline at end of file