Setup docker buildx for all-in-one #2325
Conversation
|
Does this build images for all architectures |
|
Could you please enable the multi arch build on travis and if possible reuse the existing make targets? Ideally we should not require dependency on buildx when building a single arch locally. |
|
but now in travis, need to run tests after building. this why after testings, we could use and now, in your scripts, will tag for mutil versions. |
|
@pavolloffay i updated need docker 19.03, so have to update to no idea why the crossdock failed. |
Codecov Report
@@ Coverage Diff @@
## master #2325 +/- ##
=======================================
Coverage 95.07% 95.07%
=======================================
Files 209 209
Lines 9364 9364
=======================================
Hits 8903 8903
Misses 385 385
Partials 76 76 Continue to review full report at Codecov.
|
morlay
force-pushed
the
master
branch
4 times, most recently
from
f001655 to
148b831
Compare
|
@morlay could you please open a separate PR with change from trusty to bionic? |
|
@pavolloffay sure |
| REPO=${1} | ||
| CMD_ROOT=${1} | ||
|
|
||
| unset major minor patch |
There was a problem hiding this comment.
why has been this copied from upload-to-docker.sh? Could we just keep it there?
There was a problem hiding this comment.
with docker buildx, we could not use docker tag directly.
docker tag just tag local image for local arch, when we push images with that tags, it will break the oci image with multi arch.
so here for creating multi flags of tag (-t all-in-one:latest -t all-in-one:1.18.1) for buildx
There was a problem hiding this comment.
ok, but there's a lot being copied here, and would have to be repeated for other Docker images.
Can we not either parameterize upload-to-docker.sh or refactor to avoid repetition?
There was a problem hiding this comment.
I am fine to go with this and see how it works and refactor other images in a second PR
|
@jaegertracing/jaeger-maintainers any objections on merging this? We could the multiarch build for only the all-in-one initially. |
| } | ||
|
|
||
| make build-all-in-one GOOS=linux GOARCH=$GOARCH | ||
| GOOS=linux GOARCH=amd64 make build-all-in-one | ||
| GOOS=linux GOARCH=arm64 make build-all-in-one |
There was a problem hiding this comment.
nit: these vars are Make vars, not env vars, they can go on the right side.
| bash ./scripts/travis/upload-to-docker.sh | ||
|
|
||
| REPO=${1} | ||
| CMD_ROOT=${1} |
There was a problem hiding this comment.
Sorry. CMD_ROOT should be $2. fixed it.
|
anything need i to do next? |
|
@pavolloffay is there any chance to get this merged in? I'd like to be able to use the |
|
@davidsbond source here. https://github.com/querycap/istio/tree/master/build/jaegertracing |
|
|
||
| ### Developing guidelines | ||
|
|
||
| #### Building OCI Images for multiple arch (linux/arm64, linux/amd64) |
There was a problem hiding this comment.
This section needs some better formatting and grammar check (@objectiser?), but I'm fine in having this done by someone else or in a future PR.
cmd/all-in-one/Dockerfile
Outdated
| FROM alpine:3.12 AS cert | ||
| RUN apk add --update --no-cache ca-certificates | ||
|
|
||
| FROM scratch AS base-image-release |
There was a problem hiding this comment.
Are we changing back the base image back to scratch ?
There was a problem hiding this comment.
Good catch! No, we shouldn't change it back to scratch.
There was a problem hiding this comment.
i asked.
Why we need to change to alpine for the release image
There was a problem hiding this comment.
Sure.
got info from #2116.
I have put it back.
jpkrohling
dismissed
their stale review
Dismissing the approval, as the base image shouldn't be changed
|
|
||
| FROM $base_image AS release | ||
| ARG TARGETARCH=amd64 | ||
| FROM golang:1.15-alpine AS base-image-debug |
There was a problem hiding this comment.
I see you're using golang:1.15-alpine as base image for debug, but it will still have delve missing. I feel like we reverted back changes to this Dockerfile from my PR.
There was a problem hiding this comment.
This PR here should not revert that PR.
There was a problem hiding this comment.
Sure. i added it.
We could setup multi arch build for base images next
| ENTRYPOINT ["/go/bin/dlv", "exec", "/go/bin/all-in-one-linux", "--headless", "--listen=:12345", "--api-version=2", "--accept-multiclient", "--log", "--"] | ||
| CMD ["--sampling.strategies-file=/etc/jaeger/sampling_strategies.json"] | ||
|
|
||
| FROM ${TARGET} |
There was a problem hiding this comment.
I have zero knowledge of docker buildx, curious what is the meaning of having FROM at the end of Dockerfile ?
There was a problem hiding this comment.
It is not new of buildx.
FROM could be a stage name.
if TARGET = release, that means FROM release
if TARGET = debug, that means FROM debug
i learn this from istio Dockerfiles, which is used to switch default and distroless
Signed-off-by: Morlay <[email protected]>
There was a problem hiding this comment.
@Ashmita152, could you please review and test this as well? We should have no regressions when compared to your previous work.
| it could be executed for local publish `all-in-one` images via: | ||
|
|
||
| ```shell | ||
| TRAVIS_SECURE_ENV_VARS=true NAMESPACE=$(whoami) BRANCH=master ./scripts/travis/build-all-in-one-image.sh |
There was a problem hiding this comment.
Why is this TRAVIS_SECURE_ENV_VARS=true needed? Isn't there a make target that could be used instead of the Travis script?
There was a problem hiding this comment.
I don't want to change too much in this pr.
We could refactor this in future
|
Sure I will give it a try today. |
|
Hi @morlay looks great overall. I've left some minor comments. Would it be possible for you to share the travis run link where you tested your branch. |
| --tag $repo:latest cmd/all-in-one \ | ||
| --build-arg base_image=localhost/baseimg:1.0.0-alpine-3.12 \ | ||
| --build-arg debug_image=localhost/debugimg:1.0.0-golang-1.15-alpine \ | ||
| --build-arg TARGETARCH=$GOARCH |
There was a problem hiding this comment.
@morlay I noticed all occurrences of TARGETARCH is removed from this script but I don't see the place it is passed as argument to Dockerfile from this script. TARGETARCH is being used in all-in-one's Dockerfile to decide which binary to copy inside container. Is this some arg which buildx populates internally by default ?
There was a problem hiding this comment.
TARGETARCH and other platform args will be passed by buildx
https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
| @@ -7,6 +7,9 @@ BRANCH=${BRANCH:?'missing BRANCH env var'} | |||
| # be overrided by passing architecture value to the script: | |||
| # `GOARCH=<target arch> ./scripts/travis/build-all-in-one-image.sh`. | |||
| GOARCH=${GOARCH:-$(go env GOARCH)} | |||
| # local run with `TRAVIS_SECURE_ENV_VARS=true NAMESPACE=$(whoami) BRANCH=master ./scripts/travis/build-all-in-one-image.sh` | |||
| NAMESPACE=${NAMESPACE:-jaegertracing} | |||
| ARCHS="amd64 arm64 s390x" | |||
There was a problem hiding this comment.
Does travis support building images for s390x architecture ? Doesn't that means it will require base image of this architecture for alpine too ?
There was a problem hiding this comment.
Yes. We could build base images by buildx in next step. now i have to put base images stages to all-in-one Dockerfile.
image golang and image alpine both support s390x too.
so the base images of jaeger could support s390x easier.
the magic is tonistiigi/binfmt who installs qemu
|
|
||
| # enabled qemu if needed | ||
| if [[ ! $(docker buildx inspect default | grep Platforms) == *arm64* ]]; then | ||
| docker run --privileged --rm tonistiigi/binfmt --install all |
There was a problem hiding this comment.
I noticed you're using tonistiigi/binfmt image. I guess this is because it has images for all architecture which we need. Can we use append the tag too tonistiigi/binfmt:<tag> Right now it is pulling latest tag and the owner updating the latest image may break Jaeger travis CI.
There was a problem hiding this comment.
tonistiigi/binfmt is not provide the images we need for architecture.
it just install qemu as simulator for target arch, which let us could run arm64 binary on amd64 host. (but it is a very slow way, and we don't use this for compiling)
the images alpine:3.12, you could see the arch list in docker hub.
This means docker hub store each image for each arch.
we could pull the target arch image to local using --platform
docker pull --platform=linux/arm64 alpine:3.12
docker pull --platform=linux/amd64 alpine:3.12
docker pull --platform=linux/s390x alpine:3.12
With buildx, the FROM alpine:3.12 in Dockerfile, will pull all images of target archs.
And in RUN apt add git, apt (arm64 binary) need to execute on matched arch (arm64) host.
This why we need qemu. with qemu we could run apt (arm64 binary) on amd64 host.
And we don't need the tag. it is a official tool in buildx doc. when this tool is stable, i think it will merge back to docker's namespace.
There was a problem hiding this comment.
I mean you are using tonistiigi/binfmt instead of official image linuxkit/binfmt Is there any particular reason for that ?
There was a problem hiding this comment.
no special reason, just it is on README of buildx Which is widely used by github actions https://github.com/docker/setup-qemu-action.
https://github.com/docker/buildx#building-multi-platform-images
There was a problem hiding this comment.
May be the version of qemu.
tonistiigi/binfmt with [email protected]
linuxkit/binfmt with [email protected]
And linuxkit/binfmt not provide OCI images for multi arch. it could not be used on a non-amd64 host.
There was a problem hiding this comment.
Ahh I see, thank you @morlay that answers my question.
|
@Ashmita152 i tested on local by (need to setup buildx) TRAVIS_SECURE_ENV_VARS=true NAMESPACE=$(whoami) BRANCH=v1.20.0 ./scripts/travis/build-all-in-one-image.sh |
|
I tested the all-in-one's Dockerfile changes locally, it worked for me like charm. Thank you @morlay for answering all my questions. I am not sure what will be the right way to test travis part. |
|
|
|
@yurishkuro, would you like to take a look? The only point that I had was about the usage of travis-specific env vars for local building/publishing, but if @morlay promises to work on that on a follow-up PR, I'm OK with that. |
|
ping @yurishkuro |
|
It seems to be that there are a lot of changes to the Dockerfiles that revert the previous changes for debug images. |
|
@yurishkuro it is not revert. Just added stages of base images to support multi arch for We could to do next for support multi arch for all component images.
This pr is since July. before debug images created. If you couldn't like those changes. We could close this pr. |
|
It most definitely reverts a bunch of stuff. I realize it is unfortunate that the two PRs overlapped in time, but the debug images PR did a lot of refactoring on the images to DRY them, and those changes are being reverted here (for example, all the copying of cert files, which is currently done only once in the base images). I think we need to rethink how buildx should work with the new refactored setup, simply merging this old PR on top is probably not going to work. |
|
I was thinking to pick work on multi-arch images for base images after this PR gets merged. I can pick it before if you think that will help. |
|
if we want to setup from base images, and for all components images Stages could be Stage 0 - switch docker build to docker buildx build
Base images not need to publish docker.io. Stage 1 - Dockerfile enhancement
We could close this pr, and re open 2 or more prs to got final goals |
Which problem is this PR solving?
Short description of the changes
@pavolloffay
have to change upload-to-docker, need to discuss.