- This upgrade introduces a new component named `danm_webhook`.
- Previously statically templated DANM CRDs now also come form the repo
in build time.
- TenantConfig is generated based on the input in userconfig.
- Flannel DanmNet replaced with TenantNetwork
Change-Id: Ifcc4a026af05326449070f73048393dee3f4e59e
Depends-On: I7ea6fbc44396f3fe19f151a9d4912143d1a6969c
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
--- /dev/null
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+%define COMPONENT danm-webhook
+%define RPM_NAME caas-%{COMPONENT}
+%define RPM_MAJOR_VERSION 4.0.0
+%define RPM_MINOR_VERSION 0
+%define DANM_VERSION v%{RPM_MAJOR_VERSION}
+%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
+
+Name: %{RPM_NAME}
+Version: %{RPM_MAJOR_VERSION}
+Release: %{RPM_MINOR_VERSION}%{?dist}
+Summary: Containers as a Service svcwatcher component
+License: %{_platform_license} and BSD 3-Clause License
+URL: https://github.com/nokia/danm
+BuildArch: x86_64
+Vendor: %{_platform_vendor} and Nokia
+Source0: %{name}-%{version}.tar.gz
+
+Requires: docker-ce >= 18.09.2, rsync
+BuildRequires: docker-ce-cli >= 18.09.2, xz
+
+%description
+This RPM contains the DANM project's webhook sub-component for CaaS subsystem.
+
+%prep
+%autosetup
+
+%build
+docker build \
+ --network=host \
+ --no-cache \
+ --force-rm \
+ --build-arg HTTP_PROXY="${http_proxy}" \
+ --build-arg HTTPS_PROXY="${https_proxy}" \
+ --build-arg NO_PROXY="${no_proxy}" \
+ --build-arg http_proxy="${http_proxy}" \
+ --build-arg https_proxy="${https_proxy}" \
+ --build-arg no_proxy="${no_proxy}" \
+ --build-arg DANM_WEBHOOK_VERSION="%{DANM_VERSION}" \
+ --tag %{COMPONENT}:%{IMAGE_TAG} \
+ %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build/%{COMPONENT}/
+
+mkdir -p %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/
+
+docker save %{COMPONENT}:%{IMAGE_TAG} | xz -z -T2 > %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar
+
+docker rmi -f %{COMPONENT}:%{IMAGE_TAG}
+
+%install
+mkdir -p %{buildroot}/%{_caas_container_tar_path}/
+rsync -av %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/
+
+%files
+%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar
+
+%preun
+
+%post
+
+%postun
+
+%clean
+rm -rf ${buildroot}
%define COMPONENT danm
%define RPM_NAME caas-%{COMPONENT}
-%define RPM_MAJOR_VERSION 3.3.0
-%define RPM_MINOR_VERSION 4
+%define RPM_MAJOR_VERSION 4.0.0
+%define RPM_MINOR_VERSION 0
%define DANM_VERSION v%{RPM_MAJOR_VERSION}
%define CNI_VERSION 0.7.0
%define go_version 1.12.1
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
%define binary_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/binary-save
%define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build
+%define build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/build
%define built_binaries_dir /binary-save
Name: %{RPM_NAME}
docker rm -f ${builder_container}
docker rmi cni-builder:%{IMAGE_TAG}
+# Collect DANM CRDs
+git clone https://github.com/nokia/danm.git %{build_dir}/danm
+cd %{build_dir}/danm
+git checkout %{DANM_VERSION}
+
%install
mkdir -p %{buildroot}/etc/cni/net.d/
rsync -av cni-config/00-danm.conf %{buildroot}/etc/cni/net.d/00-danm.conf
# SRIOV
install -D -m 0755 %{binary_build_dir}/sriov/sriov %{buildroot}/opt/cni/bin/sriov
+mkdir -p %{buildroot}/%{_caas_danm_crd_path}
+rsync -av %{build_dir}/danm/integration/crds/production/ %{buildroot}/%{_caas_danm_crd_path}
+
+
%files
# CONFIG
/etc/cni/net.d/00-danm.conf
/etc/cni/net.d/flannel.conf
# CNI binaries
/opt/cni/bin
+# DANM CRDs
+/%{_caas_danm_crd_path}
%preun
%define COMPONENT flannel
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 0.11.0
-%define RPM_MINOR_VERSION 4
+%define RPM_MINOR_VERSION 5
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
Name: %{RPM_NAME}
%define COMPONENT netwatcher
%define RPM_NAME caas-%{COMPONENT}
-%define RPM_MAJOR_VERSION 3.3.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MAJOR_VERSION 4.0.0
+%define RPM_MINOR_VERSION 0
%define DANM_VERSION v%{RPM_MAJOR_VERSION}
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
%define COMPONENT svcwatcher
%define RPM_NAME caas-%{COMPONENT}
-%define RPM_MAJOR_VERSION 3.3.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MAJOR_VERSION 4.0.0
+%define RPM_MINOR_VERSION 0
%define DANM_VERSION v%{RPM_MAJOR_VERSION}
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
--- /dev/null
+---
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+caas_provider_network_profiles: "{{ network_profiles | filter_network_profiles_by_type('provider_network_interfaces', 'caas') }}"
+caas_sriov_network_profiles: "{{ network_profiles | filter_network_profiles_by_type('sriov_provider_networks', 'caas') }}"
+
+attached_caas_provider_network_profiles: "{{ hosts[hostname]['network_profiles'] | intersect(caas_provider_network_profiles.keys()) }}"
+attached_caas_sriov_network_profiles: "{{ hosts[hostname]['network_profiles'] | intersect(caas_sriov_network_profiles.keys()) }}"
+all_attached_caas_provider_network_profiles: "{{ attached_caas_provider_network_profiles | union(attached_caas_sriov_network_profiles) }}"
--- /dev/null
+---
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: template DANM tenant configs
+ template:
+ src: "danm_tenant_config.yaml.j2"
+ dest: "{{ caas.manifests_directory }}/danm-tenant-config.yaml"
+
+- name: create DANM tenant configs
+ kubectl:
+ manifest: "{{ caas.manifests_directory }}/danm-tenant-config.yaml"
+ state: present
---
# Copyright 2019 Nokia
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-- name: copy DANM CRD templates to infra template directory
- template:
- src: "{{ item }}"
- dest: "{{ caas.manifests_directory }}/{{ item }}"
- with_items:
- - danmep_crd_schema.yaml
- - danmnet_crd_schema.yaml
-
-- name: create DanmEp CRD API in K8s
+- name: create Danm CRD APIs in K8s
kubectl:
- manifest: "{{ caas.manifests_directory }}/danmep_crd_schema.yaml"
+ manifest: "{{ item }}"
state: present
+ with_fileglob: "{{ caas.danm_crd_dir }}/*"
-- name: wait and check DanmEp API availability
- shell: "kubectl get crd --all-namespaces | grep danmeps | wc -l"
- register: ep_result
- until: ep_result.stdout == "1"
- retries: 60
- delay: 6
+- name: get CRD names
+ set_fact:
+ crd_name: "{{ lookup('file', item) | from_yaml | json_query('spec.names.plural') }}"
+ with_fileglob: "{{ caas.danm_crd_dir }}/*"
+ register: created_crds
-- name: create DanmNet CRD API in K8s
- kubectl:
- manifest: "{{ caas.manifests_directory }}/danmnet_crd_schema.yaml"
- state: present
-
-- name: wait and check DanmNet API availability
- shell: "kubectl get crd --all-namespaces | grep danmnets | wc -l"
- register: net_result
- until: net_result.stdout == "1"
+- name: wait and check Danm CRD availability
+ shell: "kubectl api-resources | grep {{ item.ansible_facts.crd_name }} | wc -l"
+ register: crd_result
+ until: crd_result.stdout == "1"
retries: 60
delay: 6
+ with_items: "{{ created_crds.results }}"
+
+- name: create tenant config
+ include_tasks: danm-tenant-configs.yaml
--- /dev/null
+#jinja2: lstrip_blocks: True
+{#
+Copyright 2019 Nokia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+#}
+{%- macro make_host_devices(devices, provider_network) %}
+ {% for device in devices %}
+- name: {{ device }}
+ {{ make_vni_config(provider_network) | indent(2) }}
+ {% endfor %}
+{% endmacro -%}
+
+{%- macro make_vni_config(provider_network) %}
+ {% set vlan_ranges = provider_network.get('vlan_ranges', '') %}
+ {% set vxlan_ranges = provider_network.get('vxlan_ranges', '') %}
+ {% if vlan_ranges %}
+vniType: vlan
+vniRange: {{ vlan_ranges | replace(':', '-') }}
+ {% elif vxlan_ranges %}
+vniType: vxlan
+vniRange: {{ vxlan_ranges | replace(':', '-') }}
+ {% endif %}
+{% endmacro -%}
+
+---
+apiVersion: danm.k8s.io/v1
+kind: TenantConfig
+metadata:
+ name: danm-tenant-config
+hostDevices:
+{% if all_attached_caas_provider_network_profiles %}
+ {% for profile_name in all_attached_caas_provider_network_profiles %}
+ {% set profile = network_profiles[profile_name] %}
+ {% set caas_provider_networks = profile.get('provider_network_interfaces', {}) | filter_provider_networks_by_type('caas') %}
+ {% set caas_sriov_provider_networks = profile.get('sriov_provider_networks', {}) | filter_provider_networks_by_type('caas') %}
+ {% for tenant_network in caas.get(tenant_networks, []) %}
+ {% if tenant_network in caas_provider_networks | get_provider_networks %}
+ {{ make_host_devices(caas_provider_networks.keys(), networking['provider_networks'][tenant_network]) | indent(2) -}}
+ {% elif tenant_network in caas_sriov_provider_networks %}
+ {% set sriov_interaces = caas_sriov_provider_networks | extract_sriov_provider_network_interfaces %}
+ {% set sriov_device_pools = sriov_interaces | map('regex_replace', '(.*)', 'nokia.k8s.io/sriov_\\1') | list %}
+ {{ make_host_devices(sriov_device_pools, networking['provider_networks'][tenant_network]) | indent(2) -}}
+ {% endif %}
+ {% endfor %}
+ {% endfor %}
+{%- else %}
+ []
+{% endif %}
+networkIds:
+ flannel: flannel
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- name: danmeps.danm.k8s.io
-spec:
- scope: Namespaced
- group: danm.k8s.io
- version: v1
- names:
- kind: DanmEp
- plural: danmeps
- singular: danmep
- shortNames:
- - de
- - dep
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- name: danmnets.danm.k8s.io
-spec:
- scope: Namespaced
- group: danm.k8s.io
- version: v1
- names:
- kind: DanmNet
- plural: danmnets
- singular: danmnet
- shortNames:
- - dn
- - dnet
- validation:
- openAPIV3Schema:
- properties:
- spec:
- required:
- - NetworkID
- properties:
- NetworkID:
- type: string
- NetworkType:
- type: string
- Options:
- properties:
- cidr:
- type: string
- pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$'
- allocation_pool:
- properties:
- start:
- type: string
- pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
- end:
- type: string
- pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
- container_prefix:
- type: string
- host_device:
- type: string
- device_pool:
- type: string
- vxlan:
- type: integer
- format: int32
- minimum: 1
- maximum: 16777214
- vlan:
- type: integer
- format: int32
- minimum: 1
- maximum: 4094
- rt_tables:
- type: integer
- format: int32
- net6:
- type: string
- pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
- routes:
- type: object
- additionalProperties:
- routes6:
- type: object
- additionalProperties:
---
# Copyright 2019 Nokia
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
manifest: "{{ caas.manifests_directory }}/flannel-ds.yaml"
state: present
-- name: template DanmNet file for Flannel network for kube-system namespace
+- name: template default TenantNetwork for kube-system namespace
template:
- src: flannel_dnet.yaml
- dest: "{{ caas.manifests_directory }}/flannel-danm_net_kube_system_ns.yaml"
+ src: flannel_tnet.yaml.j2
+ dest: "{{ caas.manifests_directory }}/flannel-tnet_kube_system_ns.yaml"
-- name: wait for DanmNet to be available
- command: "kubectl api-resources"
- register: kube_api_resources
- until: kube_api_resources.stdout | search('danmnets')
- retries: 10
- delay: 1
-
-- name: create Flannel DanmNet within kube-system namespace
+- name: create TenantNetwork within kube-system namespace
kubectl:
- manifest: "{{ caas.manifests_directory }}/flannel-danm_net_kube_system_ns.yaml"
+ manifest: "{{ caas.manifests_directory }}/flannel-tnet_kube_system_ns.yaml"
state: present
priorityClassName: "system-node-critical"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
- # TODO: figure out why flannel needs to run with root to modify network settings on the host
- # Some setcap calls might be missing on its binary?
+ # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
#securityContext:
# runAsUser: {{ caas.uid.flannel }}
tolerations:
#}
---
apiVersion: danm.k8s.io/v1
-kind: DanmNet
+kind: TenantNetwork
metadata:
name: {{ caas.danmnet_default_name }}
namespace: {{ caas.danmnet_default_namespace }}
{
"name": "meta_cni",
"type": "danm",
- "kubeconfig": "/etc/kubernetes/kubeconfig/danmc.yml"
+ "kubeconfig": "/etc/kubernetes/kubeconfig/danmc.yml",
+ "cniDir": "/etc/cni/net.d"
}
--- /dev/null
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.9
+MAINTAINER Levente Kale <levente.kale@nokia.com>
+
+ARG DANM_WEBHOOK_VERSION
+
+ENV GOPATH /go
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+ENV GOOS=linux
+ARG code_generator_version="kubernetes-1.13.4"
+
+WORKDIR /
+
+RUN mkdir -p $GOPATH/bin \
+&& mkdir -p $GOPATH/src
+
+RUN apk add --no-cache libcap iputils
+
+RUN apk add --no-cache --virtual .tools ca-certificates gcc musl-dev go glide git tar curl \
+&& mkdir -p $GOPATH/src/github.com/nokia/danm \
+&& git clone https://github.com/nokia/danm.git $GOPATH/src/github.com/nokia/danm \
+&& cd $GOPATH/src/github.com/nokia/danm \
+&& git fetch --tags \
+&& git checkout ${DANM_WEBHOOK_VERSION} \
+&& glide install --strip-vendor \
+&& go get -d github.com/vishvananda/netlink \
+&& go get github.com/containernetworking/plugins/pkg/ns \
+&& go get github.com/golang/groupcache/lru \
+&& rm -rf $GOPATH/src/k8s.io/code-generator \
+&& git clone -b ${code_generator_version} --depth 1 https://github.com/kubernetes/code-generator.git $GOPATH/src/k8s.io/code-generator \
+&& go install k8s.io/code-generator/cmd/deepcopy-gen \
+&& go install k8s.io/code-generator/cmd/client-gen \
+&& go install k8s.io/code-generator/cmd/lister-gen \
+&& go install k8s.io/code-generator/cmd/informer-gen \
+&& deepcopy-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 -O zz_generated.deepcopy --bounding-dirs github.com/nokia/danm/crd/apis \
+&& client-gen --alsologtostderr --clientset-name versioned --input-base "" --input github.com/nokia/danm/crd/apis/danm/v1 --clientset-path github.com/nokia/danm/crd/client/clientset \
+&& lister-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --output-package github.com/nokia/danm/crd/client/listers \
+&& informer-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --versioned-clientset-package github.com/nokia/danm/crd/client/clientset/versioned --listers-package github.com/nokia/danm/crd/client/listers --output-package github.com/nokia/danm/crd/client/informers \
+&& go install -a -ldflags '-extldflags "-static"' github.com/nokia/danm/cmd/webhook \
+&& cp $GOPATH/bin/webhook /usr/local/bin/webhook \
+&& rm -rf $GOPATH/src \
+&& rm -rf $GOPATH/bin \
+&& apk del .tools \
+&& rm -rf /var/cache/apk/* \
+&& rm -rf /var/lib/apt/lists/* \
+&& rm -rf /tmp/* \
+&& rm -rf ~/.glide
+
+RUN adduser -u 147 -D -H -s /sbin/nologin danm \
+&& chown root:danm /usr/local/bin/webhook \
+&& chmod 750 /usr/local/bin/webhook
+
+USER danm
+
+ENTRYPOINT ["/usr/local/bin/webhook"]