Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create debug docker images for jaeger backends #2545

Merged
merged 8 commits into from
Oct 20, 2020
Merged

Create debug docker images for jaeger backends #2545

merged 8 commits into from
Oct 20, 2020

Conversation

Ashmita152
Copy link
Contributor

Signed-off-by: Ashmita Bohara [email protected]

Which problem is this PR solving?

Tackles #2493

Short description of the changes

As part of this PR, we are creating separate images for jaeger backend components.

@Ashmita152 Ashmita152 requested a review from a team as a code owner October 9, 2020 00:45
@Ashmita152 Ashmita152 requested a review from pavolloffay October 9, 2020 00:45
@codecov
Copy link

codecov bot commented Oct 9, 2020

Codecov Report

Merging #2545 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2545      +/-   ##
==========================================
- Coverage   95.33%   95.32%   -0.02%     
==========================================
  Files         208      208              
  Lines        9281     9281              
==========================================
- Hits         8848     8847       -1     
  Misses        355      355              
- Partials       78       79       +1     
Impacted Files Coverage Δ
cmd/query/app/server.go 88.52% <0.00%> (-1.64%) ⬇️
plugin/storage/integration/integration.go 77.90% <0.00%> (+0.55%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3d99871...3d95017. Read the comment docs.

Copy link
Member

@yurishkuro yurishkuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR.

I would strongly prefer having a single Dockerfile for each binary, not copy-pasting content across two files. For example, you are already missing ARG USER_UID=10001 directive that's in master.

For example, would the following work?

# default build
FROM alpine:latest as certs
RUN apk add --update --no-cache ca-certificates
COPY ./scripts/fake-dlv /go/bin/dlv

# debug build
FROM golang:1.15.2-alpine as debug
...

# for debug builds, these vars should be replaced with BASEIMAGE=BUILDIMAGE=debug
ARG BASEIMAGE=scratch
ARG BUILDIMAGE=certs

FROM $BASEIMAGE
COPY --from=$BUILDIMAGE /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=$BUILDIMAGE /go/bin/dlv /go/bin/dlv
...

@Ashmita152
Copy link
Contributor Author

Hi @yurishkuro

Thank you for the review. It definitely makes sense to generate two images out of a single Dockerfile. Let me work on it and update the PR.

Makefile Outdated
@@ -328,13 +328,19 @@ docker-images-jaeger-backend:
docker build -t $(DOCKER_NAMESPACE)/jaeger-opentelemetry-agent:${DOCKER_TAG} -f ${OTEL_COLLECTOR_DIR}/cmd/agent/Dockerfile cmd/opentelemetry/cmd/agent --build-arg TARGETARCH=$(GOARCH)
docker build -t $(DOCKER_NAMESPACE)/jaeger-opentelemetry-ingester:${DOCKER_TAG} -f ${OTEL_COLLECTOR_DIR}/cmd/ingester/Dockerfile cmd/opentelemetry/cmd/ingester --build-arg TARGETARCH=$(GOARCH)

.PHONY: docker-images-jaeger-backend-debug
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this target should just delegate to docker-images-jaeger-backend with some extra variables

@Ashmita152
Copy link
Contributor Author

I have another question related to this debug image:

  • Do we need any other debugging tool as part of this image other than delve ?

Makefile Outdated
.PHONY: docker-images-tracegen
docker-images-tracegen:
docker build -t $(DOCKER_NAMESPACE)/jaeger-tracegen:${DOCKER_TAG} cmd/tracegen/ --build-arg TARGETARCH=$(GOARCH)
@echo "Finished building jaeger-tracegen =============="

.PHONY: docker-images-only
docker-images-only: docker-images-cassandra docker-images-elastic docker-images-jaeger-backend docker-images-tracegen
docker-images-only: docker-images-cassandra docker-images-elastic docker-images-jaeger-backend docker-images-jaeger-backend-debug docker-images-tracegen
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The long line is getting difficult to grok. Is there a way to break the dependency targets into multiple lines, something like:

a: \
  b \
  c \
  d

?

@yurishkuro
Copy link
Member

Do we need any other debugging tool as part of this image other than delve ?

I think the biggest ask was not so much the debug tools, but just any tools, because when we build from scratch we don't even get a shell for minimal troubleshooting.

@jpkrohling
Copy link
Contributor

I think the biggest ask was not so much the debug tools, but just any tools, because when we build from scratch we don't even get a shell for minimal troubleshooting.

True. For the debug images, I would even base it on something else. Note that the CMD instruction should also be custom for the debug image.

@Ashmita152
Copy link
Contributor Author

Ashmita152 commented Oct 9, 2020

Few more questions I have related to this:

  1. Let's say a user face an issue in production. Having separate image for debugging means asking user to deploy that debug image in production separately. In case of systems like k8s, we can't have just one pod of different image, that means we need to deploy this debug image in every pod. Do you think this is the right approach. Somehow I am not convinced with this approach. I would better provide a mechanism to attach a sidecar debug container.

  2. Is there any particular reason why we are using scratch as the base image instead of let's say alpine (which has minimal shell) ?

@jpkrohling
Copy link
Contributor

We talked before about changing the base image (#2116), and to be honest, I forgot to add it to my queue. I guess it's on yours now :-)

That said, for this specific issue here, users would need to deploy a different image anyway, as the process has to be started with dlv as the CMD.

Still about your first point: while I agree that people should be able to enter the container when they face an issue, I don't think it's unreasonable to ask them to deploy a debug image if problems can't be easily detected (#2452 comes to my mind). They can create a second deployment with this special image, and change the fronting service to direct part of the traffic to it: if there are 10 matching pods, one of them being from the debug deployment, then only 10% of the traffic will reach the debug image.

@Ashmita152
Copy link
Contributor Author

Ashmita152 commented Oct 10, 2020

Thank you for answering my questions earlier. This PR is ready for review again. I have updated the PR with:

I have one followup question:

While trying out delve I found that delve suggest to compile with optimisations disabled for golang binaries (https://github.com/go-delve/delve/blob/master/Documentation/usage/dlv_exec.md) Would you suggest for jaeger components binaries used in debug images ?

@Ashmita152
Copy link
Contributor Author

I noticed @jpkrohling comment in the github issue about disabling optimizations, hence updated the PR accordingly.

Copy link
Contributor

@jpkrohling jpkrohling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's looking good! I need to try it out myself, but I have a couple of comments:

  1. looks like it's missing the all-in-one image?
  2. can we somehow have a base image for our components? Or a script that generates the Dockerfile? Most of it seems to be the same plumbing code, and maintaining is probably becoming harder.
  3. perhaps as a follow-up PR, but we need to publish the images as well. Take a look at the Travis configuration and look for DOCKER=true: that's how/where we are building the images and pushing to the Docker Hub.
  4. documentation, which would belong to jaegertracing/documentation

Makefile Show resolved Hide resolved
@Ashmita152
Copy link
Contributor Author

Hi @jpkrohling

Thank you for giving detailed feedback earlier. I have updated the branch with the changes for second point in the review.

  1. can we somehow have a base image for our components? Or a script that generates the Dockerfile? Most of it seems to be the same plumbing code, and maintaining is probably becoming harder.

Can I ask for a review again please. I will work on rest three feedbacks once we're convinced with the dockerfiles layout changes since those three will depend on it.

Copy link
Contributor

@jpkrohling jpkrohling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm really excited about this change, and I think we are almost at a working state.

Makefile Outdated Show resolved Hide resolved
cmd/agent/Dockerfile Outdated Show resolved Hide resolved
@jpkrohling
Copy link
Contributor

jpkrohling commented Oct 13, 2020

To recap, this PR is still missing:

  • apply the same to the all-in-one binary/container image
  • documentation

cmd/query/Dockerfile Outdated Show resolved Hide resolved
@Ashmita152
Copy link
Contributor Author

I am still working on the documentation part.

@Ashmita152
Copy link
Contributor Author

Hello @jpkrohling

I have raised a PR in documentation repo. I wasn't sure about what to document so most likely I am missing something. Thank you.

@jpkrohling
Copy link
Contributor

I'll do a final check next Monday, but looks good to me! If anyone else wants to try this out before that, it would be awesome.

jpkrohling
jpkrohling previously approved these changes Oct 19, 2020
Copy link
Contributor

@jpkrohling jpkrohling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I tested the collector image before and just tested the all-in-one and it looks good!

- Use alpine as the base image for jaeger backends

Signed-off-by: Ashmita Bohara <[email protected]>
@mergify mergify bot dismissed jpkrohling’s stale review October 20, 2020 09:28

Pull request has been modified.

@Ashmita152
Copy link
Contributor Author

Resolved the merge conflict due to another PR merge in Makefile.

@jpkrohling jpkrohling merged commit 9f954fe into jaegertracing:master Oct 20, 2020
@jpkrohling
Copy link
Contributor

Thanks for your contribution!

@Ashmita152 Ashmita152 deleted the debug-images branch October 20, 2020 12:17
@@ -67,7 +67,7 @@ script:
- export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
- if [ "$TESTS" == true ]; then make test-ci ; else echo 'skipping tests'; fi
- if [ "$PROTO_GEN_TEST" == true ]; then make proto && git diff --name-status --exit-code ; else echo 'skipping protoc validation'; fi
- if [ "$ALL_IN_ONE" == true ]; then bash ./scripts/travis/build-all-in-one-image.sh ; else echo 'skipping all_in_one'; fi
- if [ "$ALL_IN_ONE" == true ]; then make create-baseimg-debugimg && bash ./scripts/travis/build-all-in-one-image.sh ; else echo 'skipping all_in_one'; fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the extra step make create-baseimg-debugimg needed here but not in DOCKER step in L73?
Also, why not call it from ./scripts/travis/build-all-in-one-image.sh?

Copy link
Contributor Author

@Ashmita152 Ashmita152 Oct 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the extra step make create-baseimg-debugimg needed here but not in DOCKER step in L73?

My understanding is that script calls: make docker -> make docker-images-only -> make docker-images-jaeger-backend-debug which has dependencies on create-baseimg and create-debugimg.

Also, why not call it from ./scripts/travis/build-all-in-one-image.sh?

We can do it if you think that is the better place.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably be done after #2325, as it touches this code as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if need to support multi arch for other components.

base images need to published with multi arch too.
or just upgrade Dockerfile like https://github.com/morlay/jaeger/blob/master/cmd/all-in-one/Dockerfile

@yurishkuro yurishkuro mentioned this pull request Oct 22, 2020

FROM scratch
FROM $base_image AS release
ARG TARGETARCH=amd64
ARG USER_UID=10001
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Ashmita152 was there a reason for TARGETARCH and USER_UID args to be repeated in each target, instead of being defined at the top of the file?

If not, probably another opportunity to clean up / DRY the docker files.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I will clean that today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants