Add Pot and Kubernetes platform support and refactor config/SSL handl…

Dockerfile

@@ -1,3 +1,59 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS builder
+
+# upgrade first to avoid fixable vulnerabilities
+# do this in builder as well as in buildee, so builder does not have different pkg versions from buildee image
+RUN microdnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+ && microdnf clean all -y
+
+RUN microdnf -y --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install \
+    rpm-build \
+    gcc gcc-c++ make cmake pkgconfig \
+    cyrus-sasl-devel openssl-devel libuuid-devel \
+    python3-devel python3-pip python3-wheel \
+    libnghttp2-devel \
+    wget tar patch findutils git \
+    libtool \
+ && microdnf clean all -y
+
+WORKDIR /build
+# Clone skupper-router so repo contents are in /build (not /build/skupper-router)
+RUN git clone --depth 1 --branch main https://github.com/skupperproject/skupper-router.git .
+ENV PROTON_VERSION=main
+ENV PROTON_SOURCE_URL=${PROTON_SOURCE_URL:-https://github.com/apache/qpid-proton/archive/${PROTON_VERSION}.tar.gz}
+ENV LWS_VERSION=v4.3.3
+ENV LIBUNWIND_VERSION=v1.8.1
+ENV LWS_SOURCE_URL=${LWS_SOURCE_URL:-https://github.com/warmcat/libwebsockets/archive/refs/tags/${LWS_VERSION}.tar.gz}
+ENV LIBUNWIND_SOURCE_URL=${LIBUNWIND_SOURCE_URL:-https://github.com/libunwind/libunwind/archive/refs/tags/${LIBUNWIND_VERSION}.tar.gz}
+ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
+
+ARG VERSION=0.0.0
+ENV VERSION=$VERSION
+ARG TARGETARCH
+ENV PLATFORM=$TARGETARCH
+RUN .github/scripts/compile.sh
+RUN mkdir -p /image && if [ "$PLATFORM" = "amd64" ]; then tar zxpf /qpid-proton-image.tar.gz -C /image && tar zxpf /skupper-router-image.tar.gz -C /image && tar zxpf /libwebsockets-image.tar.gz -C /image && tar zxpf /libunwind-image.tar.gz -C /image; fi
+RUN if [ "$PLATFORM" = "arm64" ]; then tar zxpf /qpid-proton-image.tar.gz -C /image && tar zxpf /skupper-router-image.tar.gz -C /image && tar zxpf /libwebsockets-image.tar.gz -C /image; fi
+RUN if [ "$PLATFORM" = "s390x" ]; then tar zxpf /qpid-proton-image.tar.gz -C /image && tar zxpf /skupper-router-image.tar.gz -C /image && tar zxpf /libwebsockets-image.tar.gz -C /image; fi
+RUN if [ "$PLATFORM" = "ppc64le" ]; then tar zxpf /qpid-proton-image.tar.gz -C /image && tar zxpf /skupper-router-image.tar.gz -C /image && tar zxpf /libwebsockets-image.tar.gz -C /image; fi
+
+RUN mkdir /image/licenses && cp ./LICENSE /image/licenses
+
+FROM registry.access.redhat.com/ubi9/ubi:latest AS packager
+
+RUN dnf -y --setopt=install_weak_deps=0 --nodocs \
+    --installroot /output install \
+    coreutils-single \
+    cyrus-sasl-lib cyrus-sasl-plain openssl \
+    python3 \
+    libnghttp2 \
+    hostname iputils \
+    shadow-utils \
+ && chroot /output useradd --uid 10000 runner \
+ && dnf -y --installroot /output remove shadow-utils \
+ && dnf clean all --installroot /output
+RUN [ -d /usr/share/buildinfo ] && cp -a /usr/share/buildinfo /output/usr/share/buildinfo ||:
+RUN [ -d /root/buildinfo ] && cp -a /root/buildinfo /output/root/buildinfo ||:
+
 FROM golang:1.23-alpine AS go-builder
 
 ARG TARGETOS
@@ -6,15 +62,33 @@ ARG TARGETARCH
 RUN mkdir -p /go/src/github.com/datasance/router
 WORKDIR /go/src/github.com/datasance/router
 COPY . /go/src/github.com/datasance/router
-RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o bin/router
+RUN go fmt ./...
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -trimpath  -ldflags="-s -w" -o bin/router .
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS tz
 RUN microdnf install -y tzdata && microdnf reinstall -y tzdata
 
-FROM quay.io/skupper/skupper-router:main
+FROM scratch
+
+COPY --from=packager /output /
+COPY --from=packager /etc/yum.repos.d /etc/yum.repos.d
+
+USER 10000
+
+COPY --from=builder /image /
+
+WORKDIR /home/skrouterd/bin
+COPY ./scripts/* /home/skrouterd/bin/
+
+ARG version=latest
+ENV VERSION=${version}
+ENV QDROUTERD_HOME=/home/skrouterd
+
 COPY LICENSE /licenses/LICENSE
 COPY --from=go-builder /go/src/github.com/datasance/router/bin/router /home/skrouterd/bin/router
-# COPY scripts/launch.sh /home/skrouterd/bin/launch.sh
+
 COPY --from=tz /usr/share/zoneinfo /usr/share/zoneinfo
 
-CMD ["/home/skrouterd/bin/router"]
+# Env: SKUPPER_PLATFORM=pot|kubernetes (default pot), QDROUTERD_CONF (default /tmp/skrouterd.json),
+# SSL_PROFILE_PATH (default /etc/skupper-router-certs). In K8s mode operator mounts config at QDROUTERD_CONF.
+CMD ["/home/skrouterd/bin/router"]

Dockerfile-dev

@@ -1,79 +1,23 @@
-
-FROM registry.access.redhat.com/ubi9/ubi-minimal:latest as builder
-
-
-RUN microdnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
- && microdnf clean all -y
-
-RUN microdnf -y --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install \
-    rpm-build \
-    gcc gcc-c++ make cmake pkgconfig \
-    cyrus-sasl-devel openssl-devel libuuid-devel \
-    python3-devel python3-pip \
-    libnghttp2-devel \
-    wget tar patch findutils git \
-    libtool \
- && microdnf clean all -y
-
-RUN git clone https://github.com/skupperproject/skupper-router.git --branch=2.6.x
-WORKDIR /skupper-router
-ENV PROTON_VERSION=0.39.0
-ENV PROTON_SOURCE_URL=${PROTON_SOURCE_URL:-https://github.com/apache/qpid-proton/archive/${PROTON_VERSION}.tar.gz}
-ENV LWS_VERSION=v4.3.3
-ENV LIBUNWIND_VERSION=v1.6.2
-ENV LWS_SOURCE_URL=${LWS_SOURCE_URL:-https://github.com/warmcat/libwebsockets/archive/refs/tags/${LWS_VERSION}.tar.gz}
-ENV LIBUNWIND_SOURCE_URL=${LIBUNWIND_SOURCE_URL:-https://github.com/libunwind/libunwind/archive/refs/tags/${LIBUNWIND_VERSION}.tar.gz}
-ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
-
-ARG VERSION=2.6.0
-ARG PLATFORM=amd64
-ENV PLATFORM=$PLATFORM
-RUN .github/scripts/compile.sh
-RUN if [ "$PLATFORM" = "amd64" ]; then tar zxpf /qpid-proton-image.tar.gz --one-top-level=/image && tar zxpf /skupper-router-image.tar.gz --one-top-level=/image && tar zxpf /libwebsockets-image.tar.gz --one-top-level=/image && tar zxpf /libunwind-image.tar.gz --one-top-level=/image; fi
-RUN if [ "$PLATFORM" = "arm64" ]; then tar zxpf /qpid-proton-image.tar.gz --one-top-level=/image && tar zxpf /skupper-router-image.tar.gz --one-top-level=/image && tar zxpf /libwebsockets-image.tar.gz --one-top-level=/image; fi
-
-
-FROM golang:1.20.14-alpine AS go-builder
+FROM golang:1.23-alpine AS go-builder
 
 ARG TARGETOS
 ARG TARGETARCH
 
 RUN mkdir -p /go/src/github.com/datasance/router
 WORKDIR /go/src/github.com/datasance/router
 COPY . /go/src/github.com/datasance/router
-RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o bin/router
-
-
-FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
-
-# upgrade first to avoid fixable vulnerabilities
-RUN microdnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
- && microdnf clean all -y
-
-RUN microdnf -y --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install \
-    glibc \
-    cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl-gssapi openssl \
-    python3 \
-    libnghttp2 \
-    gettext hostname iputils \
-    shadow-utils \
- && microdnf clean all
-
-RUN useradd --uid 10000 runner
-USER 10000
-
-WORKDIR /
-COPY --from=builder /image /
-
-WORKDIR /home/skrouterd/etc
-WORKDIR /home/skrouterd/bin
-COPY ./scripts/* /home/skrouterd/bin/
+RUN go fmt ./...
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -trimpath  -ldflags="-s -w" -o bin/router .
 
-ARG version=latest
-ENV VERSION=${version}
-ENV QDROUTERD_HOME=/home/skrouterd
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS tz
+RUN microdnf install -y tzdata && microdnf reinstall -y tzdata
 
+FROM quay.io/skupper/skupper-router:main
+COPY LICENSE /licenses/LICENSE
 COPY --from=go-builder /go/src/github.com/datasance/router/bin/router /home/skrouterd/bin/router
-COPY scripts/launch.sh /home/skrouterd/bin/launch.sh
+# COPY scripts/launch.sh /home/skrouterd/bin/launch.sh
+COPY --from=tz /usr/share/zoneinfo /usr/share/zoneinfo
 
-CMD ["/home/skrouterd/bin/router"]
+# Env: SKUPPER_PLATFORM=pot|kubernetes (default pot), QDROUTERD_CONF (default /tmp/skrouterd.json),
+# SSL_PROFILE_PATH (default /etc/skupper-router-certs). In K8s mode operator mounts config at QDROUTERD_CONF.
+CMD ["/home/skrouterd/bin/router"]

README.md

@@ -1,3 +1,13 @@
 # iofog-router
 
-Builds an image of the Apache Qpid Dispatch Router designed for use with Eclipse ioFog
+Builds an image of the Apache Qpid Dispatch Router designed for use with Eclipse ioFog and Datasance Pot. The router can run in **Pot** mode (config from iofog agent) or **Kubernetes** mode (config from a volume-mounted file at `QDROUTERD_CONF`).
+
+## Environment variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `SKUPPER_PLATFORM` | `pot` | Mode: `pot` (config from iofog SDK) or `kubernetes` (config from file at `QDROUTERD_CONF`). |
+| `QDROUTERD_CONF` | `/tmp/skrouterd.json` | Path to the router JSON config file. In Kubernetes mode the operator must volume-mount the router ConfigMap at this path. |
+| `SSL_PROFILE_PATH` | `/etc/skupper-router-certs` | Directory under which SSL profile certs reside (e.g. `SSL_PROFILE_PATH/<profile-name>/ca.crt`, `tls.crt`, `tls.key`). Certs are mounted here in both K8s and Pot. |
+
+In Kubernetes mode the router does not use the Kubernetes API; the operator is responsible for mounting the router config at `QDROUTERD_CONF`. Config file changes are watched and applied to the running router via qdr (same as Pot mode).

go.mod

@@ -5,11 +5,11 @@ go 1.23.0
 toolchain go1.24.3
 
 require (
-	github.com/datasance/iofog-go-sdk/v3 v3.5.2
+	github.com/datasance/iofog-go-sdk/v3 v3.6.0
+	github.com/fsnotify/fsnotify v1.7.0
 	github.com/interconnectedcloud/go-amqp v0.12.6-0.20200506124159-f51e540008b5
 	gotest.tools/v3 v3.5.2
-	k8s.io/api v0.32.0
-	k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
 )
 
 require (
@@ -21,24 +21,9 @@ require (
 	github.com/eapache/channels v1.1.0 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/fortytw2/leaktest v1.3.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	k8s.io/apimachinery v0.32.0 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
-	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
 )