Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the policy-controller release build process #6672

Merged
merged 23 commits into from
Aug 13, 2021
Merged

Update the policy-controller release build process #6672

merged 23 commits into from
Aug 13, 2021

Commits on Aug 11, 2021

  1. policy-controller: Update kube, k8s-openapi dependencies 

    kube v0.59 depends on k8s-openapi v0.13, which includes breaking
changes.

This change updates these dependencies and modifies our code to account
for these changes.

Furthermore, we now use the k8s-openapi feature `v1_16` so that we use
an API version that is compatible with Linkerd's minimum support
kubernetes version.

Closes #6657 #6658 #6659
    @olix0r
    olix0r committed Aug 11, 2021
    Configuration menu
    Copy the full SHA
    422ef7a View commit details
    Browse the repository at this point in the history

  2. fixup tests

    @olix0r
    olix0r committed Aug 11, 2021
    Configuration menu
    Copy the full SHA
    5c28f0e View commit details
    Browse the repository at this point in the history

Commits on Aug 12, 2021

  1. release: Use a temporary file-system for docker builds 

    The policy-controller fails to build on arm32 due to a file system
error. crazy-max/ghaction-docker-buildx#172 describes a workaround:
create a smaller temporary filesystem for docker builds.

This change employs this workaround to unblock releasing linkerd.
    @olix0r
    olix0r committed Aug 12, 2021
    Configuration menu
    Copy the full SHA
    6f3f486 View commit details
    Browse the repository at this point in the history

  2. only use fs hack with the policy controller

    @olix0r
    olix0r committed Aug 12, 2021
    Configuration menu
    Copy the full SHA
    04df5bc View commit details
    Browse the repository at this point in the history

  3. restore dockerfile caching

    @olix0r
    olix0r committed Aug 12, 2021
    Configuration menu
    Copy the full SHA
    b13e516 View commit details
    Browse the repository at this point in the history

  4. better step name

    @olix0r
    olix0r committed Aug 12, 2021
    Configuration menu
    Copy the full SHA
    fcafc31 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2021

  1. well, just wait for effing ever instead

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    ed8bb52 View commit details
    Browse the repository at this point in the history

  2. try cross-building and packaging a multiarch manifest

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    7dab63c View commit details
    Browse the repository at this point in the history

  3. debug

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    4357884 View commit details
    Browse the repository at this point in the history

  4. Use buildx

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    163503b View commit details
    Browse the repository at this point in the history

  5. fix dependencies

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    8c61485 View commit details
    Browse the repository at this point in the history

  6. split manifest steps

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    4682194 View commit details
    Browse the repository at this point in the history

  7. fixup manifest-create

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    86f297a View commit details
    Browse the repository at this point in the history

  8. fixup docker-build-policy-controller

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    59ba51a View commit details
    Browse the repository at this point in the history

  9. fixup cargo deny for rustls

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    a96a88e View commit details
    Browse the repository at this point in the history

  10. enable log compatibility

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    fb7ba71 View commit details
    Browse the repository at this point in the history

  11. Merge branch 'ver/update-kube' into ver/dockerfs

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    c8a2d91 View commit details
    Browse the repository at this point in the history

  12. fixup tls dep

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    3c76905 View commit details
    Browse the repository at this point in the history

  13. Remove this branch from the release workflow

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    97deb73 View commit details
    Browse the repository at this point in the history

  14. Merge branch 'main' into ver/dockerfs

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    a4156dc View commit details
    Browse the repository at this point in the history

  15. Update the policy-controller release build process 

    We can't use the typical multiarch docker build with the proxy:
qemu-hosted arm64/arm builds take 45+ minutes before failing due to
missing tooling--specifically `protoc`. (While there is a `protoc`
binary available for arm64, there are no binaries available for 32-bit
arm hosts).

To fix this, this change updates the release process to cross-build the
policy-controller on an amd64 host to the target architecture. We
separate the policy-controller's dockerfiles as `amd64.dockerfile`,
`arm64.dockerfile`, and `arm.dockerfile`. Then, in CI we build and push
each of these images individually (in parallel, via a build matrix).
Once all of these are complete, we use the `docker manifest` CLI tools
to unify these images into a single multi-arch manifest.

This cross-building approach requires that we move from using
`native-tls` to `rustls`, as we cannot build against the platform-
appropriate native TLS libraries. The policy-controller is now feature-
flagged to use `rustls` by default, though it may be necessary to use
`native-tls` in local development, as `rustls` cannot validate TLS
connections that target IP addresses.

The policy-controller has also been updated to pull in `tracing-log` for
compatibility crates that do not use `tracing` natively. This was
helpful while debugging connectivity issue with the Kubernetes cluster.

The `bin/docker-build-policy-controller` helper script now *only* builds
the amd64 variant of the policy controller. It fails when asked to build
multiarch images.
    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    6d41aff View commit details
    Browse the repository at this point in the history

  16. integration_tests needs to depend on policy_controller_manifest

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    22d4e5e View commit details
    Browse the repository at this point in the history

  17. Windows CLI tests don't depend on the policy controller

    @olix0r
    olix0r committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    3f83a1c View commit details
    Browse the repository at this point in the history