New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate files in dockerfiles #219
generate files in dockerfiles #219
Conversation
Skipping CI for Draft Pull Request. |
/test all |
/test ci-index-sandboxed-containers-operator-bundle |
1 similar comment
/test ci-index-sandboxed-containers-operator-bundle |
bundle.Dockerfile
Outdated
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | ||
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | ||
LABEL operators.operatorframework.io.bundle.package.v1=sandboxed-containers-operator | ||
LABEL operators.operatorframework.io.bundle.channels.v1=alpha |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be stable-1.3?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, except for two small nits
Dockerfile
Outdated
COPY go.sum go.sum | ||
# cache deps before building and copying source so that we don't need to re-download as much | ||
# and so that source changes don't invalidate our downloaded layer | ||
COPY ./ ./ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about this change. I'm afraid it will greatly and unnecessarily increase the size of the resulting layer which might not be an issue on build machines but can be an impediment for development in my experience. I know that even without this change, when I worked on this Dockerfile it accumulated over a hundred of gigs in layer cache during just a couple of hour of work so I had to purge periodically, with the obvious bad effects on the next build time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is more efficient than doing multiple COPY to most of the dirs. Fewer commands in a dockerfile is generally a good thing. I find I have to purge docker caches/images a lot when I do any dockerfile development
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could also add .dockerignore file to limit what is copied.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd really like to make sure here that the dev cycle is not made worse unnecessarily. As is, I believe this change is practically guaranteed to cause that as the COPY ./ ./
command will create a big layer that's going to be invalidated, rebuilt and re-cached every single time since it contains the sources that are changing because they're being worked on.
You're right that fewer commands is a good thing but that's precisely for the reason of avoiding creation of unnecessary layers (the cost of the COPY commands in terms of execution time tends to be negligible and dominated by other commands in the Dockerfile by several orders of magnitude). Also, notice how the COPY commands in the original version are ordered so that things that rarely change go first - this makes sure that after an initial build these COPY commands aren't actually performed at all on subsequent builds and a cached layer is used instead.
It's true that we can achieve the same with .dockerignore
although I suspect that in this case that would be more tedious than just copying only what's needed. But I don't mind either way.
Thanks @cpmeadors and kudos for figuring this out! I left a bunch of comments but also overall, I'd like to make sure that the efficiency of the originals (esp. in case of |
config/manager/kustomization.yaml
Outdated
@@ -12,5 +12,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 | |||
kind: Kustomization | |||
images: | |||
- name: controller | |||
newName: controller | |||
newTag: latest | |||
newName: openshift-sandboxed-containers-operator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change came from running:
IMAGE_TAG_BASE=registry-proxy.engineering.redhat.com/rh-osbs/ IMG=openshift-sandboxed-containers-operator make bundle
which runs:
cd config/manager &&
I can't quite get my head around if this should be a permanent change or if it even matters because it get substituted anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it matters much as it is being overwritten typically when you run make IMG=xxx deploy. Maybe setting it to quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator:latest would make sense as the default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. this is again controlled by VARS in the makefile. According to the operator-sdk docs and makefile comments, we should set IMAGE_TAG_BASE to repo+imagename and then set IMG ?=
This should represent our default operator repo, image name, and image version. The question is what should that be. I feel like it should be the production build. If you need a local build, you should set the IMG as mentioned in our docs. Does this logic make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea is that if you do a make docker-build or bundle-build with no options you would get the production version.
…custome dockerfile, updated IMAGE_TAG_BASE and IMG defaults
Makefile
Outdated
@@ -231,3 +233,31 @@ catalog-build: opm ## Build a catalog image. | |||
.PHONY: catalog-push | |||
catalog-push: ## Push a catalog image. | |||
$(MAKE) docker-push IMG=$(CATALOG_IMG) | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this chunk should go away when you rebase against master
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this chunk should go away when you rebase against master
Yes but there is more to it. See below.
.dockerignore
Outdated
config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml | ||
config/rbac/role.yaml | ||
config/webhook/manifests.yaml | ||
bundle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a terminating newline for a smoother cat
experience ?
.gitignore
Outdated
@@ -85,5 +85,4 @@ config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml | |||
config/rbac/role.yaml | |||
config/webhook/manifests.yaml | |||
# make bundle files | |||
bundle.Dockerfile | |||
bundle/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing newline since commit 846b467. Maybe fix this as well while here ?
Thanks, but why do we now have 21 commits? If this is not a target branch mess up I think this needs some clean-up and squashing. |
I think bundle.Dockerfile can be removed as the Makefile is now using bundle-custom.Dockerfile. And then the bundle-clean target also needs to remove bundle-custom.Dockerfile |
Dockerfile
Outdated
COPY config config/ | ||
COPY controllers controllers/ | ||
COPY go.mod go.mod | ||
COPY go.sum go.sum |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These layers need to be sorted from less frequently changed to more frequently changed, please check out my earlier explanations or, even better, review Dockerfile best practices.
Are you comfortable handling the dockerfiles optimisations, or would you prefer that I do it subsequently if necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Will move go.mod and go.sum above api in all docker files
Agreed. This PR should also be rebased on current main since #221 got merged.
AFAICS
Just for my understanding : we're deliberately ignoring the generated EDIT: also, since we're now carrying this Dockerfile, how are we supposed to make it evolve in the future ? And the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see comments
bundle-custom.Dockerfile
Outdated
# Copy files to locations specified by labels. | ||
COPY --from=builder /workspace/bundle/manifests /manifests/ | ||
COPY --from=builder /workspace/bundle/metadata /metadata/ | ||
COPY --from=builder /workspace/bundle/tests/scorecard /tests/scorecard/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trailing newline here also please.
That's true, and until that's added I think I can explain at least some of the rationale (I haven't realised that the original The generated I believe/assume that's the reason for
Yes, you're right, now I understand, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks @cpmeadors !
@cpmeadors: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks!
These changes add multistage docker files for both the operator and the operator bundle images. The builder stage uses the make targets to generate the necessary files to build the two images. This should fix the Prow CI image build issues and it should allow the copy of the bundle files in the midstream repo to be removed. Ultimately it means the same process is being use to build the images no matter what is building them. Original patch by Cameron Meadors <cmeadors@redhat.com> Backported by Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Backport #219 "generate files in dockerfiles"
These changes add multistage docker files for both the operator and the operator bundle images. The builder stage uses the make targets to generate the necessary files to build the two images. This should fix the Prow CI image build issues and it should allow the copy of the bundle files in the midstream repo to be removed. Ultimately it means the same process is being use to build the images no matter what is building them.
Outstanding issues are the need for "go mod vendor" and the hard coding of the VERSION for the bundle.