Docker: Multi-arch & cross-compile build with docker buildx #14208
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
jrajahalme
added
the
release-note/misc
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
2 times, most recently
from
9ce16d4
to
e358e9c
Compare
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
from
e358e9c
to
83cd1de
Compare
|
Tests passed with test builds of runtime and builder, now removed the last commit to not impose un-official builds. |
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
from
a1e865c
to
9c803c1
Compare
|
test-me-please |
|
retest-gke |
|
retest-4.9 |
There was a problem hiding this comment.
FWIW I've been running DOCKER_BUILDKIT=1 for a while now and it seems to work well enough for me (though it can hide legitimate useful build output and I haven't figured out how to ensure it doesn't hide that on demand yet..)
I also tested this PR in its current state with buildkit enabled (but not buildx) for both of the make dev-docker-image and make microk8s targets, and there doesn't seem to be any kind of regression.
But then I also noticed that this PR changes the Dockerfile.builder but those changes are not being consumed by the main docker image build yet because there's no change to the main dockerfile to use a newer version of the builder image that would be generated by these code changes. So I think we need to generate images based on these latest changes and then add another change on top to integrate the use of those new builder images into the main dockerfiles.
Couple of other minor nits below.
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
from
9c803c1
to
6fb3b1f
Compare
|
Rebased and addressed review comments. |
|
test-me-please |
These changes allow multi-arch builds for the builder and runtime. After this PR is merged we should make a decision to build the builder and runtime for both arm64 and amd64. I can't say if that can be easily automated yet, though, so it needs to be a separate discussion. |
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
from
6fb3b1f
to
e08f9f7
Compare
|
test-me-please |
|
retest-gke |
Apply go caching to RUN..go in addition to RUN..make Docker commands. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Add support for Docker BuildX multi-arch builds for arm64 and amd64 to
Cilium runtime, builder, and release images. Add Go cross-compilation
support to release images to make the arm64 builds faster on
amd64 hosts.
If both DOCKER_BUILDKIT=1 and DOCKER_BUILDX=1 are defined, the
makefiles create a cross-compilation builder instance ('cross') and
switch buildx to use it.
Images depend on each other, so the images normally should be built in
a specific order:
0. Export variables
$ export DOCKER_BUILDKIT=1
$ export DOCKER_BUILDX=1
$ export DOCKER_REGISTRY=docker.io
$ export DOCKER_DEV_ACCOUNT=your-account
1. Runtime
$ make docker-image-runtime
$ docker buildx imagetools inspect ${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}/cilium-runtime:2021-01-25
Update the runtime image reference in Dockerfile and Dockerfile.builder.
2. Builder
$ make docker-image-builder
$ docker buildx imagetools inspect ${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}/cilium-builder:2021-01-25
Update the main Cilium Dockerfile with the new builder reference.
3. Hubble
Hubble builds via buildx QEMU integration, unless you have an ARM machine added to your buildx builder.
- Check out hubble master branch (github.com/cilium/hubble)
$ export IMAGE_REPOSITORY=${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}/hubble
$ CONTAINER_ENGINE="docker buildx" DOCKER_FLAGS="--push --platform=linux/arm64,linux/amd64" make image
$ docker buildx imagetools inspect ${IMAGE_REPOSITORY}:latest
Update the main Cilium Dockerfile with the new Hubble reference.
4. Cilium release images
Cilium Dockerfiles are modified for cross-compilation based on the multi-arch support in the Cilium builder image:
$ make docker-images-all
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
force-pushed
the
pr/jrajahalme/cilium-multi-arch
branch
from
e08f9f7
to
48440cb
Compare
|
test-me-please |
|
retest-gke |
2 similar comments
|
retest-gke |
|
retest-gke |
Docker buildkit sometimes fails to actually pull images referenced on FROM lines. We mitigate for this by pre-pulling all images before docker build. A recent change to allow for multi-arch image builds caused cilium-builder image to not be pre-pulled due to additional filtering of Dockerfiles. Fix this by scanning the FROM lines from the original dockerfiles instead of the generated ones. Fixes: cilium#14208 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Docker buildkit sometimes fails to actually pull images referenced on FROM lines. We mitigate for this by pre-pulling all images before docker build. A recent change to allow for multi-arch image builds caused cilium-builder image to not be pre-pulled due to additional filtering of Dockerfiles. Fix this by scanning the FROM lines from the original dockerfiles instead of the generated ones. Fixes: #14208 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Docker buildkit sometimes fails to actually pull images referenced on FROM lines. We mitigate for this by pre-pulling all images before docker build. A recent change to allow for multi-arch image builds caused cilium-builder image to not be pre-pulled due to additional filtering of Dockerfiles. Fix this by scanning the FROM lines from the original dockerfiles instead of the generated ones. Fixes: cilium#14208 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Note that this PR adds functionality that currently already exists in
images/to the main Dockerfiles.
Add support for Docker BuildX multi-arch builds for arm64 and amd64 to
Cilium runtime, builder, and release images. Add Go cross-compilation
support to Cilium release images to make the arm64 builds faster on
amd64 hosts.
If both DOCKER_BUILDKIT=1 and DOCKER_BUILDX=1 are defined, the
makefiles create a cross-compilation builder instance ('cross') and
switch buildx to use it.
Images depend on each other, so the images normally should be built in
a specific order.
$ export DOCKER_BUILDKIT=1
$ export DOCKER_BUILDX=1
$ export DOCKER_REGISTRY=docker.io
$ export DOCKER_DEV_ACCOUNT=your-account
$ make docker-image-runtime
$ docker buildx imagetools inspect ${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}/cilium-runtime:2020-11-30
Then update the runtime image references in other Dockerfiles
$ make docker-image-builder
$ docker buildx imagetools inspect ${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}/cilium-builder:2020-12-01
Update the main Cilium Dockerfile with the new builder reference
Hubble builds via buildx QEMU integration, unless you have an ARM machine added to your buildx builder.
$ export IMAGE_REPOSITORY=${DOCKER_REGISTRY}/${DOCKER_DEV_ACCOUNT}
$ IMAGE_TAG=v0.7.1x CONTAINER_ENGINE="docker buildx" DOCKER_FLAGS="--push --platform=linux/arm64,linux/amd64" make image
$ docker buildx imagetools inspect ${IMAGE_REPOSITORY}/hubble:v0.7.1x
Update the main Cilium Dockerfile with the new Hubble reference
Cilium Dockerfiles are modified for cross-compilation based on the multi-arch support in the Cilium builder image:
$ make docker-images-all