cilium, docker: switch to {clang,llvm}-10.0 and externalize build deps #11308
Conversation
|
Commit 6d95a92 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
|
Please set the appropriate release note label. |
maintainer-s-little-helper
bot
added
dont-merge/needs-sign-off
|
Please set the appropriate release note label. |
borkmann
added
the
release-note/misc
borkmann
added
area/docker
Lets not generate unnecessary layers in the docker image since they all add up space. Noticed via dive. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
(still need to wait for quay's llvm build before ci testing) |
Move both into a single layer instead of two to avoid bloating the cilium runtime image size. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
They have been moved to https://github.com/cilium/packaging/ repo. I would have much rather liked that we ship them as well under Cilium's contrib/packaging/docker/ to have everything in one place but this would be hitting a Github limitation seen on quay.io where it cannot link the build trigger with an error "Cannot active build trigger [...] The "push" event cannot have more than 20 hooks". Anyway, from quay.io side we have 3 new scratch images with the built binaries as follows: - quay.io/cilium/cilium-llvm:yyyy-mm-dd containing: /bin/clang /bin/llc - quay.io/cilium/cilium-bpftool:yyyy-mm-dd containing: /bin/bpftool - quay.io/cilium/cilium-iproute2:yyyy-mm-dd containing: /bin/tc /bin/ip This also updates LLVM to the official 10.0 release. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This allows to consolidate all COPY to /bin to use the temporary tools image as source and therefore reduces Docker layers. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Move runtime over to 2020-05-05 for pulling in all base image changes. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
There is no need to keep its symbols around. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
| make \ | ||
| pkg-config \ | ||
| python \ | ||
| rsync \ | ||
| unzip \ | ||
| wget \ |
There was a problem hiding this comment.
Could we replace wget with curl where it's needed and get rid of it?
There was a problem hiding this comment.
Makes sense, the rsync/unzip/curl/wget/zip combo is not quite clear to me yet where it's needed, I'll see to reduce it further.
| CLANG ?= clang | ||
| LLC ?= llc |
There was a problem hiding this comment.
Suggestion:
| CLANG ?= clang | |
| LLC ?= llc | |
| CLANG ?= clang$LLVM_VERSION | |
| LLC ?= llc$LLVM_VERSION |
(Personal preference: When I have to append a version number for clang, I usually have to append it for llc as well. Then I can run LLVM_VERSION=-11 make instead of CLANG=clang-11 LLC=llc-11 make.)
There was a problem hiding this comment.
I'm not changing that part, but your suggestion makes sense. I think others like init.sh and the golang loader would be needed as well. Alternatively, one could mount a docker volume to /bin/llc and /bin/clang in the cilium runtime image to test different versions.
And then don't install {clang,llvm}-7, iproute2 and ca-certificates
as not needed given runtime image has them as base as well. This also
ensures we don't need to update dependencies twice and we always use
the very same underlying tooling when building e.g. BPF programs.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Dust off things we do not need for building the Cilium image. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Move builder over to 2020-05-05 for pulling in all base image changes. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
test-me-please |
maintainer-s-little-helper
bot
added
the
ready-to-merge
Needs #11199 to be merged first.Still wip, I'll also merge #10675 into here.