-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update the policy-controller release build process (#6672)
We can't use the typical multiarch docker build with the proxy: qemu-hosted arm64/arm builds take 45+ minutes before failing due to missing tooling--specifically `protoc`. (While there is a `protoc` binary available for arm64, there are no binaries available for 32-bit arm hosts). To fix this, this change updates the release process to cross-build the policy-controller on an amd64 host to the target architecture. We separate the policy-controller's dockerfiles as `amd64.dockerfile`, `arm64.dockerfile`, and `arm.dockerfile`. Then, in CI we build and push each of these images individually (in parallel, via a build matrix). Once all of these are complete, we use the `docker manifest` CLI tools to unify these images into a single multi-arch manifest. This cross-building approach requires that we move from using `native-tls` to `rustls`, as we cannot build against the platform- appropriate native TLS libraries. The policy-controller is now feature- flagged to use `rustls` by default, though it may be necessary to use `native-tls` in local development, as `rustls` cannot validate TLS connections that target IP addresses. The policy-controller has also been updated to pull in `tracing-log` for compatibility with crates that do not use `tracing` natively. This was helpful while debugging connectivity issue with the Kubernetes cluster. The `bin/docker-build-policy-controller` helper script now *only* builds the amd64 variant of the policy controller. It fails when asked to build multiarch images.
- Loading branch information
Showing
9 changed files
with
344 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.