Homebrew build kube-scheduler when building kube-scheduler container image#152
Homebrew build kube-scheduler when building kube-scheduler container image#152
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request modifies the kube-scheduler Dockerfile to build kube-scheduler from source instead of using the official pre-built image from registry.k8s.io. The change introduces a multi-stage build that clones the Kubernetes repository, compiles kube-scheduler, and packages it into a minimal runtime image.
Changes:
- Replaced direct use of pre-built kube-scheduler image (v1.33.1) with a custom multi-stage build
- Added builder stage using golang:1.25.7 to compile kube-scheduler from Kubernetes v1.35.0 source
- Added final stage using go-runner base image to package the compiled binary
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RUN git clone --branch v1.35.0 --depth 1 https://github.com/kubernetes/kubernetes.git kubernetes | ||
|
|
||
| WORKDIR /go/kubernetes | ||
|
|
||
| RUN GOTOOLCHAIN=go1.25.7 KUBE_BUILD_PLATFORMS=linux/${TARGETARCH} \ | ||
| make WHAT=cmd/kube-scheduler |
There was a problem hiding this comment.
Building kube-scheduler from source significantly increases build time and complexity compared to using the official pre-built image. The build process now requires cloning the entire Kubernetes repository and compiling kube-scheduler, which can take several minutes and increases the Docker layer size. Consider documenting the reason for this change (e.g., need for custom patches, specific version requirements, or security considerations) either in comments within the Dockerfile or in related documentation.
| FROM registry.k8s.io/kube-scheduler:v1.33.1 | ||
| FROM golang:1.25.7 AS builder | ||
|
|
||
| ARG TARGETOS |
There was a problem hiding this comment.
The TARGETOS and TARGETARCH build arguments are declared but TARGETOS is never used in the build process. The KUBE_BUILD_PLATFORMS variable on line 15 uses TARGETARCH but not TARGETOS. While Docker will not fail because of unused arguments, consider removing TARGETOS if it's not needed, or verify if it should be used in the build command for consistency.
| ARG TARGETOS |
|
|
||
| WORKDIR /go | ||
|
|
||
| RUN git clone --branch v1.35.0 --depth 1 https://github.com/kubernetes/kubernetes.git kubernetes |
There was a problem hiding this comment.
The git clone command uses --depth 1 which is good for reducing clone size, but consider adding explicit verification of the cloned repository (e.g., git verify-tag or checksum verification) to ensure the integrity of the Kubernetes source code being built. This is especially important when building security-critical components like kube-scheduler from source.
| RUN git clone --branch v1.35.0 --depth 1 https://github.com/kubernetes/kubernetes.git kubernetes | |
| RUN git clone --branch v1.35.0 --depth 1 https://github.com/kubernetes/kubernetes.git kubernetes \ | |
| && git -C kubernetes fsck --full |
Homebrew build kube-scheduler when building kube-scheduler container image