NETOBSERV-1618: use mutli arch base image for oc tool #12
Conversation
msherif1234
changed the title
|
@msherif1234: This pull request references NETOBSERV-1618 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/hold |
Dockerfile
Outdated
| @@ -1,5 +1,4 @@ | |||
| FROM quay.io/openshift/origin-must-gather:4.12.0 as builder | |||
|
|
|||
| FROM registry.ci.openshift.org/ocp/4.16:cli as builder | |||
There was a problem hiding this comment.
Hi @msherif1234 , I'm from the multiarch OCP team and i'm reaching as @memodi wanted to disable some test cases while you are working on doing this enablement.
This image is not multiarch either.
The alternatives for you are:
- use
cli-artifacts, copy from /usr/share and keep the one binary you actually need:
FROM registry.ci.openshift.org/ocp/4.16:cli-artifacts as builder
FROM runtime
COPY --from=builder /usr/share/openshift /tmp/openshift
RUN mv "/tmp/openshift/linux_$(uname -m | sed 's/aarch64/arm64/;s/x86_64/amd64/')/oc" /usr/bin/oc && rm -rf /tmp/openshift.
├── LICENSE
├── linux_amd64
│ ├── oc
│ ├── oc.rhel8
│ └── oc.rhel9
├── linux_arm64
│ ├── oc
│ ├── oc.rhel8
│ └── oc.rhel9
├── linux_ppc64le
│ ├── oc
│ ├── oc.rhel8
│ └── oc.rhel9
├── linux_s390x
│ └── oc
├── mac
│ └── oc
├── mac_arm64
│ └── oc
└── windows
└── oc.exe
NOTE: the above binaries are cross-built on amd64 hosts (they are statically linked binaries missing some features depending on dynamically linked libraries iirc).
- Do not use a first stage, but download the cli from mirror.openshift.org similar to https://github.com/openshift-qe/baremetal-qe-infra/blob/master/images/prow-image/Dockerfile#L16C1-L22C1:
RUN set -x; \
OC_TAR_URL="https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/latest/openshift-client-linux.tar.gz" && \
curl -L -q -o /tmp/oc.tar.gz "$OC_TAR_URL" && \
tar -C /usr/bin/ -xvf /tmp/oc.tar.gz oc && \
ln -sf /usr/bin/oc /usr/bin/kubectl && \
rm -f /tmp/oc.tar.gz- Use the cli image from the multiarch payload as a base. For example,
quay.io/openshift-release-dev/ocp-release:4.15.12-multi
The cli image is:
└ $ oc adm release info --image-for=cli quay.io/openshift-release-dev/ocp-release:4.15.12-multi
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...# image-for=cli quay.io/openshift-release-dev/ocp-release:4.15.12-multi
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:... as builder
FROM runtime
COPY --from=builder /usr/bin/oc /usr/bin/ocThere was a problem hiding this comment.
Also, you'll need to setup your github action or makefile to run the multiarch build: https://docs.docker.com/build/ci/github-actions/multi-platform/
There was a problem hiding this comment.
Hi @aleskandro
I tried the first option but its not working when I try to collect MG
I see the following errors
[must-gather-bkdlg] POD 2024-05-06T16:51:35.500707795Z /usr/bin/oc: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by /usr/bin/oc)
[must-gather-bkdlg] POD 2024-05-06T16:51:35.500738588Z /usr/bin/oc: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/oc)
[must-gather-bkdlg] POD 2024-05-06T16:51:35.500758901Z /usr/bin/oc: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /usr/bin/oc)There was a problem hiding this comment.
2nd option seems to work on x86 will check on another arch
There was a problem hiding this comment.
@msherif1234 depending on the base image of the runtime stage image, you can need to use oc.rhel8.
I said rhel8 as I see cs8. It is going to be EOL soon, why don't you bump to cs9?
Signed-off-by: Mohamed Mahmoud <[email protected]>
msherif1234
force-pushed
the
update-base-image
branch
from
57e66e7
to
566b7a1
Compare
|
New changes are detected. LGTM label has been removed. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -34,12 +42,13 @@ endif | |||
|
|
|||
| .PHONY: image-build | |||
| image-build: check-image-env ## Build NetObserv collection image. | |||
| $(OCI_BIN) build --build-arg BUILD_VERSION="${BUILD_VERSION}" -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}:${IMAGE_TAG} . | |||
| trap 'exit' INT; \ | |||
| $(foreach target,$(MULTIARCH_TARGETS),$(call build_target,$(target))) | |||
There was a problem hiding this comment.
does docker buildx now allow building for one architecture at time and composing the final manifest-list image? The last time I used it, it was only capable of building and pushing together via docker buildx build --push --platforms linux/arm64,linux/amd64,....
There was a problem hiding this comment.
we been using this pattern on all netobserv repo
Makefile
Outdated
| # build a single arch target provided as argument | ||
| define build_target | ||
| echo 'building image for arch $(1)'; \ | ||
| DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}-$(1):${IMAGE_TAG} -f Dockerfile .; |
There was a problem hiding this comment.
| DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}-$(1):${IMAGE_TAG} -f Dockerfile .; | |
| DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --platform "$(1)" --output plain -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}-$(1):${IMAGE_TAG} -f Dockerfile .; |
Assuming that https://github.com/netobserv/must-gather/pull/12/files#r1591397362 can really work.
There was a problem hiding this comment.
IMHO, in your case it should be enough to:
| DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}-$(1):${IMAGE_TAG} -f Dockerfile .; | |
| DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --push --load --platform "$(MULTIARCH_TARGETS)" --output plain -t ${IMAGE_REGISTRY}/${MUST_GATHER_IMAGE}-$(1):${IMAGE_TAG} -f Dockerfile .; |
It will build and push at the same time, which I also dislike, but for this case should be enough.
There was a problem hiding this comment.
it seems is no s390x support
rror: creating build container: choosing an image from manifest list docker://quay.io/centos/centos:stream8: no image found in image index for architecture s390x, variant "", OS linux
msherif1234
force-pushed
the
update-base-image
branch
from
6ff28ec
to
1a24c41
Compare
Signed-off-by: Mohamed Mahmoud <[email protected]>
msherif1234
force-pushed
the
update-base-image
branch
from
1a24c41
to
ef9f6b6
Compare
Release note: