build multiarch bootstrap image

Signed-off-by: Howard Zhang <[email protected]>

github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml

@@ -62,7 +62,7 @@ postsubmits:
                 memory: "1Gi"
               limits:
                 memory: "1Gi"
-    - name: publish-bootstrap-image
+    - name: publish-multiarch-bootstrap-image
       always_run: false
       run_if_changed: "images/.*"
       annotations:
@@ -84,16 +84,16 @@ postsubmits:
               - |
                 cat "$QUAY_PASSWORD" | docker login --username $(cat "$QUAY_USER") --password-stdin=true quay.io
                 cd images
-                ./publish_image.sh bootstrap quay.io kubevirtci
+                ./publish_multiarch_image.sh bootstrap quay.io kubevirtci
                 ./publish_image.sh golang quay.io kubevirtci
             # docker-in-docker needs privileged mode
             securityContext:
               privileged: true
             resources:
               requests:
-                memory: "1Gi"
+                memory: "8Gi"
               limits:
-                memory: "1Gi"
+                memory: "8Gi"
     - name: publish-kubekins-e2e-image
       always_run: false
       run_if_changed: "images/kubekins-e2e/.*"

github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-presubmits.yaml

@@ -87,7 +87,7 @@ presubmits:
               memory: "1Gi"
             limits:
               memory: "1Gi"
-  - name: build-bootstrap-image
+  - name: build-multiarch-bootstrap-image
     always_run: false
     run_if_changed: "images/.*"
     decorate: true
@@ -104,16 +104,16 @@ presubmits:
             - "/usr/local/bin/runner.sh"
             - "/bin/bash"
             - "-ce"
-            - "cd images && ./publish_image.sh -b bootstrap quay.io kubevirtci"
+            - "cd images && ./publish_multiarch_image.sh -b bootstrap quay.io kubevirtci"
             - "cd images && ./publish_image.sh -b golang quay.io kubevirtci"
           # docker-in-docker needs privileged mode
           securityContext:
             privileged: true
           resources:
             requests:
-              memory: "1Gi"
+              memory: "8Gi"
             limits:
-              memory: "1Gi"
+              memory: "8Gi"
   - name: build-kubekins-e2e-image
     always_run: false
     run_if_changed: "images/kubekins-e2e/.*"

images/bootstrap/BASEIMAGE

@@ -0,0 +1 @@
+(["amd64"]="fedora:32" ["arm64"]="arm64v8/fedora:32")

images/bootstrap/Dockerfile → images/bootstrap/Dockerfile.amd64

@@ -14,7 +14,8 @@
 # limitations under the License.
 
 # Includes basic workspace setup, with gcloud and a bootstrap runner
-FROM fedora:32
+ARG BASEIMAGE
+FROM ${BASEIMAGE}
 
 WORKDIR /workspace
 RUN mkdir -p /workspace
@@ -92,7 +93,8 @@ RUN mkdir /docker-graph
 
 
 # Cache the most commonly used bazel versions in the container
-RUN  curl -Lo ./bazelisk https://github.com/bazelbuild/bazelisk/releases/download/v1.7.4/bazelisk-linux-amd64 && \
+ARG ARCH
+RUN  curl -Lo ./bazelisk https://github.com/bazelbuild/bazelisk/releases/download/v1.7.4/bazelisk-linux-${ARCH} && \
      chmod +x ./bazelisk && mv ./bazelisk /usr/local/bin/bazelisk && \
      cd /usr/local/bin && ln -s bazelisk bazel
 

images/bootstrap/Dockerfile.arm64

@@ -0,0 +1,116 @@
+# Copyright 2017 The Kubernetes Authors.
+# Copyright 2021 The KubeVirt Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Includes basic workspace setup, with gcloud and a bootstrap runner
+ARG BASEIMAGE
+FROM ${BASEIMAGE}
+
+WORKDIR /workspace
+RUN mkdir -p /workspace
+ENV WORKSPACE=/workspace \
+    TERM=xterm
+
+# add env we can debug with the image name:tag
+ARG IMAGE_ARG
+ENV IMAGE=${IMAGE_ARG}
+
+# Install packages
+RUN dnf install -y dnf-plugins-core && \
+  dnf -y install \
+    cpio \
+    findutils \
+    gcc \
+    gcc-c++ \
+    git \
+    glibc-devel \
+    glibc-static \
+    java-11-openjdk-devel \
+    jq \
+    libstdc++-static \
+    libvirt-devel \
+    make \
+    mercurial \
+    patch \
+    protobuf-compiler \
+    python3-devel \
+    python-unversioned-command \
+    redhat-rpm-config \
+    rsync \
+    rsync-daemon \
+    sudo \
+    wget \
+    gettext \
+    iproute &&\
+  dnf -y clean all
+
+# Install gcloud
+ENV PATH=/google-cloud-sdk/bin:/workspace:${PATH} \
+    CLOUDSDK_CORE_DISABLE_PROMPTS=1
+
+RUN wget -q https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz && \
+    tar xzf google-cloud-sdk.tar.gz -C / && \
+    rm google-cloud-sdk.tar.gz && \
+    /google-cloud-sdk/install.sh \
+        --disable-installation-options \
+        --bash-completion=false \
+        --path-update=false \
+        --usage-reporting=false && \
+    gcloud components install alpha beta && \
+    gcloud info | tee /workspace/gcloud-info.txt
+
+
+#
+# BEGIN: DOCKER IN DOCKER SETUP
+#
+# Install packages
+
+RUN dnf install -y \
+        kmod \
+        procps-ng \
+        moby-engine && \
+    dnf -y clean all
+
+# Create directory for docker storage location
+# NOTE this should be mounted and persisted as a volume ideally (!)
+# We will make a fallback one now just in case
+RUN mkdir /docker-graph
+
+#
+# END: DOCKER IN DOCKER SETUP
+#
+
+
+# Cache the most commonly used bazel versions in the container
+ARG ARCH
+RUN  curl -Lo ./bazelisk https://github.com/bazelbuild/bazelisk/releases/download/v1.7.4/bazelisk-linux-${ARCH} && \
+     chmod +x ./bazelisk && mv ./bazelisk /usr/local/bin/bazelisk && \
+     cd /usr/local/bin && ln -s bazelisk bazel
+
+# Cache the most commonly used bazel versions inside the image
+# and remove resulting cache directories to save a few hundred MB
+RUN USE_BAZEL_VERSION=3.4.1 bazel version && \
+  USE_BAZEL_VERSION=4.0.0 bazel version && \
+  rm -rf /root/.cache/bazel
+
+# create mixin directories
+RUN mkdir -p /etc/setup.mixin.d/ && mkdir -p /etc/teardown.mixin.d/
+
+# note the runner is also responsible for making docker in docker function if
+# env DOCKER_IN_DOCKER_ENABLED is set and similarly responsible for generating
+# .bazelrc files if bazel remote caching is enabled
+COPY ["entrypoint.sh", "runner.sh", "create_bazel_cache_rcs.sh", \
+        "/usr/local/bin/"]
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

images/golang/Dockerfile

@@ -1,4 +1,4 @@
-FROM bootstrap
+FROM bootstrap-amd64
 
 ENV GIMME_GO_VERSION=1.15.8
 

images/publish_multiarch_image.sh

@@ -0,0 +1,117 @@
+#!/bin/bash -xe
+archs=(amd64 arm64)
+
+main() {
+    local build_only
+    while getopts "bh" opt; do
+        case "$opt" in
+            b)
+                build_only=true
+                ;;
+            h)
+                help
+                exit 0
+                ;;
+            *)
+                echo "Invalid argument: $opt"
+                help
+                exit 1
+        esac
+    done
+    shift $((OPTIND-1))
+    local build_target="${1:?}"
+    local registry="${2:?}"
+    local registry_org="${3:?}"
+    local full_image_name image_tag
+
+    image_tag="$(get_image_tag)"
+    full_image_name="$(
+        get_full_image_name \
+            "$registry" \
+            "$registry_org" \
+            "${build_target##*/}" \
+            "$image_tag"
+    )"
+
+    (
+        cd "$build_target"
+
+        build_image "$build_target" "$full_image_name" "$baseimage"
+    )
+    [[ $build_only ]] && return
+    publish_image "$full_image_name"
+    publish_manifest "$full_image_name"
+}
+
+help() {
+    cat <<EOF
+    Usage:
+        ./publish_image.sh [OPTIONS] BUILD_TARGET REGISTRY REGISTRY_ORG
+
+    Build and publish infra images.
+
+    OPTIONS
+        -h  Show this help message and exit.
+        -b  Only build the image and exit. Do not publish the built image.
+EOF
+}
+
+get_image_tag() {
+    local current_commit today
+    current_commit="$(git rev-parse HEAD)"
+    today="$(date +%Y%m%d)"
+    echo "v${today}-${current_commit:0:7}"
+}
+
+get_base_image() {
+    local architecture="${1:?}"
+    declare -A archimage="$(cat BASEIMAGE)"
+    echo ${archimage[$architecture]}
+}
+
+build_image() {
+    local build_target="${1:?}"
+    local image_name="${2:?}"
+    # add qemu-user-static
+    docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+    # build multi-arch images
+    for arch in ${archs[*]};do
+        # get baseimage
+        local baseimage=$(get_base_image ${arch})
+        if [ -f "Dockerfile" ]; then
+            docker build --build-arg ARCH=${arch} --build-arg  BASEIMAGE=${baseimage} --build-arg IMAGE_ARG=${build_target} . -t "${image_name}-${arch}" -t "${build_target}-${arch}"
+	else
+            docker build --build-arg ARCH=${arch} --build-arg  BASEIMAGE=${baseimage} --build-arg IMAGE_ARG=${build_target} -f Dockerfile.${arch} -t "${image_name}-${arch}" -t "${build_target}-${arch}" .
+	fi
+    done
+}
+
+publish_image() {
+    local full_image_name="${1:?}"
+    for arch in ${archs[*]};do
+        docker push "${full_image_name}-${arch}"
+    done
+}
+
+publish_manifest() {
+    export DOCKER_CLI_EXPERIMENTAL="enabled"
+    local amend
+    local full_image_name="${1:?}"
+    amend=""
+    for arch in ${archs[*]};do
+        amend+=" --amend ${full_image_name}-${arch}"
+    done
+    docker manifest create ${full_image_name} ${amend}
+    docker manifest push --purge ${full_image_name}
+}
+
+get_full_image_name() {
+    local registry="${1:?}"
+    local registry_org="${2:?}"
+    local image_name="${3:?}"
+    local tag="${4:?}"
+
+    echo "${registry}/${registry_org}/${image_name}:${tag}"
+}
+
+main "$@"