-
Notifications
You must be signed in to change notification settings - Fork 136
Add logic to generate bazel + gcloud container using rules_docker #193
Conversation
@smukherj1 We have a bazel_docker_gcloud container using rules_docker here https://github.com/bazelbuild/bazel-toolchains/blob/master/container/ubuntu16_04/builders/bazel_docker_gcloud/BUILD You could reuse or modify (if needed) the layer targets in the bazel_toolchains repo, and then refer to those targets in this repo? |
This seems kind of ridiculously complicated compared to the Dockerfile... |
Hi Erick,
We're working towards making use of rules_docker for this kind of use case provide significant benefits w/o it being so hard. The use case here for Prow CI is perfect for what we want our users to be able to do: make it so that its possible to build an image that composes existing images (in this case bazel+gcloud) using only rules_docker. We're not there yet though (and this PR will likely need to go through lots of changes before we merge it). We can sync up if you want to know more about our plans, but consider this PR work in progress (and obviously please help us with any feedback you consider relevant!) |
images/gcloud-bazel/BUILD.bazel
Outdated
|
||
load("@io_bazel_rules_docker//container:image.bzl", "container_image") | ||
load("@io_bazel_rules_docker//container:layer.bzl", "container_layer") | ||
#load("@base_images_docker//package_managers:bootstrap_image.bzl", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove code that are commented out
Right now we use the same image for each run. Why rebuild the image?
Agree with this generally and am a big proponent of rules_docker generally over in the kubernetes space. The bazel layer looks like a great change. How about changing the Dockerfile to be The gcloud part of this change doesn't look so good right now. Instead of the functional image we have today, we'll wind up publishing an image that does not have gcloud installed, requiring the user to run Why don't we continue to use the |
@fejta @nlopezgi Trying to see if I can use container_run_and_commit from @base_images_docker/utils:run.bzl to produce a container that is actually usable. In addition to that, I like the idea of updating the "FROM" in the Dockerfile to the bazel image as you suggested and remove bazel from the list of packages being installed. Unfortunately, container_run_and_commit currently has a bug that I'm looking into fixing |
Sweet, thanks for all the work here. Despite my comments about what isn't working well yet I love all the work you and your team are doing with this repo ❤️ |
For the container produced using rules_docker, use run_and_commit to run the post install steps
Dockerfile changes LGTM. If you want to push that image and send me the new tag I'll update https://github.com/kubernetes/test-infra/blob/master/config/jobs/bazelbuild/rules_k8s/rules_k8s_config.yaml to make sure it still works. |
Thanks for the review @fejta. Unfortunately, I don't have write permissions to the gcr.io/rules_k8s repo. I'm working on creating mdb groups for our team to have access to it. Would you like me to set that up first or should I upload the image to a different repo I do have access to for the tests? |
BTW are we familiar with kaniko? Allows creating images without docker but still using a Dockerfile: https://github.com/GoogleContainerTools/kaniko |
@fejta Yes our team is also looking into kaniko and gVisor. As for testing, I just uploaded a new container built using the Dockerfile as gcr.io/rules-k8s/gcloud-bazel:latest. Could you please try it out? |
a) Did you use |
@fejta No I did not use make push. I will address Nick's comments and upload a new commit and use make push to trigger the GCB run as well as submit the other PR |
images/gcloud-bazel/BUILD.bazel
Outdated
# Pod spec: https://github.com/kubernetes/test-infra/blob/master/config/jobs/bazelbuild/rules_k8s/rules_k8s_config.yaml | ||
container_push( | ||
name="image-push", | ||
image=":image_commit.tar", | ||
name="gcloud-push", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gcloud_push for consistency
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit, but looks good overall
You can probably exclude the failing targets from running on mac (//images/gcloud-bazel:gcloud_install, //images/gcloud-bazel:gcloud-push) in the .bazelci/presubmit-yaml file; the travis error does look like an issue you need to solve |
Submitted kubernetes/test-infra#9841 to update the CI pod spec. I think the pull-rules test here is failing because I'm using a new attribute in the http_file rule. Hopefully the new image won't have this issue |
543b3b3
to
05b0294
Compare
05b0294
to
dc06c9c
Compare
@fejta I think the latest prow failure might be due to an updated kubernetes version that deprecates some command. Specifically the error is in the hellogrpc e2e tests Not sure where exactly this kubectl command is located |
I believe kubectl command comes from your workstation. It is called from scripts like this: https://github.com/bazelbuild/rules_k8s/blob/master/k8s/apply.sh.tpl |
Installing gcloud should also install kubectl, so that's probably where we're getting it. |
Maybe the issue is here? rules_k8s/examples/hellogrpc/e2e-test.sh Lines 26 to 29 in 590f3b4
Aka should be |
Let me work on that, will send you PR |
arguably kubectl should probably be declared in a toolchain, since that would let you explicitly pin to versions, but that's an issue for another PR. |
@ixdy a toolchain rule for k8s is coming soon |
/retest |
1 similar comment
/retest |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fejta, nlopezgi, xingao267 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
For now only added logic to create the container. I haven't uploaded it to GCR because I don't have permissions to access gcr.io/rules-k8s.
The container built by this logic doesn't fully work because gcloud installation has some post processing steps after the extraction of the downloaded tarball. I tried to use bootstrap_image_macro from base_images_docker but ran into some issues. I commented out the call and I explain my issue in comments above the invocation of bootstrap_image_macro. The installation cleanup commands in bootstrap_image_macro show what's needed to fully install gcloud and kubectl in this container.
If this container looks acceptable, the next steps will be to upload this container to GCR and change the prow job definition to use this container. At the same time, the e2e_test.sh will need to be changed to run the post installation steps before running any tests