-
Notifications
You must be signed in to change notification settings - Fork 159
Issues in building knative on Power PC, ppc64le architecture #514
Comments
This is probably my fault because I haven't finished adding proper manifest list support to The container images are built using You can try overriding the base image to use something that works with There may be another issue here where we build the go binaries. It looks like we don't yet hardcode I'd like to eventually fix this by adding proper manifest list support to ko: https://github.com/google/go-containerregistry/issues/333 We might be able to fix this use case with a smaller change in the meantime. Let me know if any of that helps or if I can help with unblocking anything. |
Thanks @jonjohnsonjr for all your suggestions. This really helps with the understanding. I will try making the changes, as per your suggestions and see how it goes, will keep you posted. |
Update - I was able to build all the docker images for ppc64le locally, after overriding the base image on .ko.yaml in build and serving to use the equivalent ppc64le image (again built locally). I had to additionally update the baseImageOverrides section to use the correct ppc64le image for creds-init and git-init (after pushing it to a local registry). I have the following ppc64le images now Next, I am planning to follow the instructions here after updating the release.yaml file locally in an attempt to install knative. I already have the istio pods deployed and up and running... |
I was trying to push the ko.local/github.com/knative/* images using docker push to a local registry using docker push, however that is failing with error like open /var/lib/docker/devicemapper/mnt/07eec79cee35a5ee0b0b9509d626e699db8afb26ab7e6ac934fa810825c16193/rootfs/var/run/ko/HEAD: no such file or directory Checking on this... Next I updated the release.yaml file to use local images, and could apply it, however not all the pods are coming up correctly, debugging the issues (could be some differences in the docker images) ... |
For some context, that file is a symlink that points to the current git commit so that it can be used in logs (I think?). For example: https://github.com/knative/build/blob/master/cmd/controller/kodata/HEAD Was added here: knative/pkg#158 If you're building these images outside of a git repo, I could imagine that failing, but it might also be a platform difference? Not sure if that helps... maybe a clue towards fixing it :) |
I am building the images from the git repo, so that does not seem to be the problem, tried using tag v0.2.0 that does not have the changes for HEAD, however got LICENSE related error with that. Finally, could get this (build and push the images to the local registry) to work on another Power system , so looks like it is not a difference in the platform either, rather something else in the environment, right now, not sure what it could be, at this stage. Docker version is also not an issue as it works with the same version on Intel as well. Setting up remote registry to host the image on the system it works, to attempt to move ahead with the deployment .. |
@jonjohnsonjr some progress on this today - after setting up remote registry, pushing the knative build/serving docker images there, updating release.yaml in accordance and applying it. this is what we have kubectl get pods --namespace knative-serving kubectl get pods --namespace knative-build kubectl get pods --namespace knative-monitoring Checking on kube-state-metrics, could be due to differences in images for addon-resizer on Intel vs Power |
Just to clarify -- is the target cluster you're trying to deploy to also PowerPC? Looks like we're failing to pull this: https://github.com/knative/serving/blob/114ee46c575df605fd38a94f2fe1c32107f30b2d/third_party/config/monitoring/metrics/prometheus/kubernetes/kube-state-metrics.yaml#L154-L155 Indeed it is amd64: Under Interestingly, that claims to be amd64 as well:
That might not matter, but I believe it's a bug in whatever is producing these images 🤦♂️. If you don't care about monitoring I think you can just skip it. cc @mdemirhan any context for where the monitoring yaml comes from? We probably want to be using a newer tag (2.1) and figure out how to make that tag point to a manifest list to support more platforms. The author doesn't seem to work at google anymore, so it's going to be a bit of a challenge to figure out what produces these images :/
|
Thanks for checking and providing your comments and feedback!! Yes, the target cluster is PowerPC as well and since most of the images that were being referenced from release.yaml were not having multiarch manifest, I have had to replace those with (equivalent) multiarch images that are hosted here https://cloud.docker.com/u/ibmcom/repository/docker/ibmcom. For addon-resizer, I was using https://hub.docker.com/r/googlecontainer/addon-resizer-ppc64le/ when we got the above error. This is a ppc64le image. Debugged today and found this in the logs kubectl logs kube-state-metrics-595f76d67d-tj6g4 addon-resizer -n knative-monitoring In release.yaml, commented line:7470 kubectl get pods -n knative-monitoring So everything seems to be up and running ... However, running into issues in testing the sample app, debugging those, currently. |
Continue to debug the issues in deploying the same hello world app. It seems to apply correctly, however the service is not coming up kubectl logs controller-66f94dbf98-s9jsx controller -n knative-serving shows errors like these, {"level":"warn","ts":"2019-01-14T09:29:58.742Z","logger":"controller.service-controller","caller":"service/service.go:148","msg":"Failed to update service status{error 25 0 services.serving.knative.dev "helloworld-go" is forbidden: User "system:serviceaccount:knative-serving:controller" cannot update services.serving.knative.dev/status in the namespace "default"}","knative.dev/controller":"service-controller","knative.dev/key":"default/helloworld-go"} @jonjohnsonjr any pointers / feedback / inputs on this? looks like I am missing something in the configuration? |
cc @tcnghia might have a better answer I believe that's because the knative serving controller needs cluster-admin permissions to create resource in other namespaces? It looks like you're missing this. I think this command would fix it:
|
thanks @jonjohnsonjr tried the above, however looks like this was already applied on the system (perhaps while applying release.yaml). Got the below error ... Still debugging... |
@seth-priya can you please check if the Also, the role binding exists, but does it grant If you can share |
Hi @tcnghia , I am working with @seth-priya on building knative on ppc64le. As per your response, the knative-serving-admin role has similar content to this https://github.com/knative/serving/blob/master/config/200-clusterrole.yaml Please find the output of |
@jonjohnsonjr and @tcnghia We moved on to release-0.3 and deployed only the knative-serving component. We could see all 4 pods running. Tried deploying the sample app but we are facing RevisionFailed issue. Do you have any pointers?
|
That could be an issue with how we're resolving tags to digests... If you add "gcr.io" to the configmap here: https://github.com/knative/serving/blob/06fae8be6da29137fd55b44557572566ef69f975/config/config-controller.yaml#L30 Does that fix things? |
@jonjohnsonjr issue is that we are using locally built Power images, pushed to a local registry, so not sure if that will help? do we have any workaround for that? |
Is your network configured to allow pulling from |
@jonjohnsonjr pulling image from Do we need to add Also, we have moved to building knative eventing and sources, and facing similar ImagePull issues with eventing code samples. Debugging further. |
@jonjohnsonjr I was able to run the knative eventing sample, by trying to pull the image by sha rather than the tag. Now we have pods under all 5 namespaces running using locally built |
Hi @jonjohnsonjr now that we are able to complete the deployment and at least basic validation of all the components on Power, was wondering if you or someone from the community would be able to help in pushing multi-arch docker images for knative and its sample apps to gcr.io, that would work on Power? Please let me know your thoughts and suggestions on how best to take this forward. Thank you for all your support and help thus far!! |
This works on ICP 3.1.1 on Power as per https://github.com/knative/docs/blob/master/install/Knative-with-ICP.md, only significant changes required were due to use of locally built images for knative components .. @jonjohnsonjr any thoughts / feedback on the earlier comment? |
This is on my plate but I haven't found time to get to it yet. If anyone is interested in helping, I made an issue here: https://github.com/google/go-containerregistry/issues/333 I want this to happen automatically in ko if you set the base image to a manifest list. That requires adding manifest list support to google/go-containerregistry and then consuming that support for Sorry for not responding sooner; things have been a bit busy 😅 |
@seth-priya does the images support multi-arch? |
@clyang82 - no not at this point, as indicated by @jonjohnsonjr this would need work on the ko side. We have based the deployment on ppc64le specific images as of now. |
@seth-priya Thanks for your answer. That means @jonjohnsonjr is working on that. right? |
I'm slowly working on this as part of some other work. We need to add support for pulling and pushing manifest lists to go-containerregistry for a variety of reasons, and once that lands it'll be ~easy to update |
@jonjohnsonjr I see that you are doing some work to support multiarch images here. We have some bandwidth available and can contribute in this aspect. I would like to know how much more work is pending and when can we expect power/multi-arch support in ko and subsequently in knative? Let me know if I can help in anything. |
@junawaneshivani I'd like to refactor that implementation to what I described in the PR. I filed an issue upstream to make that easier: google/go-containerregistry#474 -- I'll need to fix that before landing the change in After refactoring and merging ko-build/ko#38, we'll need a multi-platform base image to use for releases. Right now we're using gcr.io/distroless/static as the base, which is amd64/linux specific (at least in the config file[1]). We could turn that into a manifest list with an entry for each platform we care about. We could try to contribute that upstream to distroless, or maintain our own image and push that somewhere. Once we have an appropriate base image, we would just need to update the release script to point to a separate release config via We currently only test on amd64/linux. I'm not sure if/how we'd test other architectures and operation systems. [1]:
|
Hi @jonjohnsonjr , will work on validating the PR against power. Thank you for your efforts in providing multi-arch support. 😄 |
Hi @jonjohnsonjr , one of my colleague Lysanne, has successfully validated your PR changes against power for ko. Are there any other outstanding issues in adding POWER suppot for knative, other than the PR getting merged? |
I am trying to build knative on ppc64le and wanted to understand the general requirements for building it (along with all dependent images) from scratch.
I have been referring to the DEVELOPMENT.md and could build the base (build-base) image
ko.local/github.com/knative/build/build-base
for ppc64le, however looks like some of the other required images like git-init and creds-init are either not being built locally (i.e. are pulled from gcr.io) or are being used using incorrect base images, as they are still showing amd64 as architecture (in docker image inspect).
I could not find any Dockerfiles in the repo that could be directly used to build the other images (apart from build base) and am trying to use
./hack/release.sh --nopublish --skip-tests --notag-release
to get the images.
Is there another way to force all the images under build and serving to be built locally? Is there some setting/configuration that I might be missing?
Any guidance on this would be of great help, thanks in advance!
The text was updated successfully, but these errors were encountered: