generate files in dockerfiles #219
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
/test all |
|
/test ci-index-sandboxed-containers-operator-bundle |
1 similar comment
|
/test ci-index-sandboxed-containers-operator-bundle |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
bundle.Dockerfile
Outdated
| LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | ||
| LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | ||
| LABEL operators.operatorframework.io.bundle.package.v1=sandboxed-containers-operator | ||
| LABEL operators.operatorframework.io.bundle.channels.v1=alpha |
Dockerfile
Outdated
| COPY go.sum go.sum | ||
| # cache deps before building and copying source so that we don't need to re-download as much | ||
| # and so that source changes don't invalidate our downloaded layer | ||
| COPY ./ ./ |
There was a problem hiding this comment.
I'm not sure about this change. I'm afraid it will greatly and unnecessarily increase the size of the resulting layer which might not be an issue on build machines but can be an impediment for development in my experience. I know that even without this change, when I worked on this Dockerfile it accumulated over a hundred of gigs in layer cache during just a couple of hour of work so I had to purge periodically, with the obvious bad effects on the next build time.
There was a problem hiding this comment.
I think this is more efficient than doing multiple COPY to most of the dirs. Fewer commands in a dockerfile is generally a good thing. I find I have to purge docker caches/images a lot when I do any dockerfile development
There was a problem hiding this comment.
we could also add .dockerignore file to limit what is copied.
There was a problem hiding this comment.
I'd really like to make sure here that the dev cycle is not made worse unnecessarily. As is, I believe this change is practically guaranteed to cause that as the COPY ./ ./ command will create a big layer that's going to be invalidated, rebuilt and re-cached every single time since it contains the sources that are changing because they're being worked on.
You're right that fewer commands is a good thing but that's precisely for the reason of avoiding creation of unnecessary layers (the cost of the COPY commands in terms of execution time tends to be negligible and dominated by other commands in the Dockerfile by several orders of magnitude). Also, notice how the COPY commands in the original version are ordered so that things that rarely change go first - this makes sure that after an initial build these COPY commands aren't actually performed at all on subsequent builds and a cached layer is used instead.
It's true that we can achieve the same with .dockerignore although I suspect that in this case that would be more tedious than just copying only what's needed. But I don't mind either way.
|
Thanks @cpmeadors and kudos for figuring this out! I left a bunch of comments but also overall, I'd like to make sure that the efficiency of the originals (esp. in case of |
config/manager/kustomization.yaml
Outdated
| @@ -12,5 +12,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 | |||
| kind: Kustomization | |||
| images: | |||
| - name: controller | |||
| newName: controller | |||
| newTag: latest | |||
| newName: openshift-sandboxed-containers-operator | |||
There was a problem hiding this comment.
This change came from running:
IMAGE_TAG_BASE=registry-proxy.engineering.redhat.com/rh-osbs/ IMG=openshift-sandboxed-containers-operator make bundle
which runs:
cd config/manager &&
I can't quite get my head around if this should be a permanent change or if it even matters because it get substituted anyway.
There was a problem hiding this comment.
I don't think it matters much as it is being overwritten typically when you run make IMG=xxx deploy. Maybe setting it to quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator:latest would make sense as the default?
There was a problem hiding this comment.
OK. this is again controlled by VARS in the makefile. According to the operator-sdk docs and makefile comments, we should set IMAGE_TAG_BASE to repo+imagename and then set IMG ?=
This should represent our default operator repo, image name, and image version. The question is what should that be. I feel like it should be the production build. If you need a local build, you should set the IMG as mentioned in our docs. Does this logic make sense?
There was a problem hiding this comment.
The idea is that if you do a make docker-build or bundle-build with no options you would get the production version.
…custome dockerfile, updated IMAGE_TAG_BASE and IMG defaults
Makefile
Outdated
| @@ -231,3 +233,31 @@ catalog-build: opm ## Build a catalog image. | |||
| .PHONY: catalog-push | |||
| catalog-push: ## Push a catalog image. | |||
| $(MAKE) docker-push IMG=$(CATALOG_IMG) | |||
|
|
|||
There was a problem hiding this comment.
this chunk should go away when you rebase against master
There was a problem hiding this comment.
this chunk should go away when you rebase against master
Yes but there is more to it. See below.
.dockerignore
Outdated
| config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml | ||
| config/rbac/role.yaml | ||
| config/webhook/manifests.yaml | ||
| bundle |
There was a problem hiding this comment.
Maybe add a terminating newline for a smoother cat experience ?
.gitignore
Outdated
| @@ -85,5 +85,4 @@ config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml | |||
| config/rbac/role.yaml | |||
| config/webhook/manifests.yaml | |||
| # make bundle files | |||
| bundle.Dockerfile | |||
| bundle/ | |||
There was a problem hiding this comment.
Missing newline since commit 846b467. Maybe fix this as well while here ?
|
Thanks, but why do we now have 21 commits? If this is not a target branch mess up I think this needs some clean-up and squashing. |
|
I think bundle.Dockerfile can be removed as the Makefile is now using bundle-custom.Dockerfile. And then the bundle-clean target also needs to remove bundle-custom.Dockerfile |
Dockerfile
Outdated
| COPY config config/ | ||
| COPY controllers controllers/ | ||
| COPY go.mod go.mod | ||
| COPY go.sum go.sum |
There was a problem hiding this comment.
These layers need to be sorted from less frequently changed to more frequently changed, please check out my earlier explanations or, even better, review Dockerfile best practices.
Are you comfortable handling the dockerfiles optimisations, or would you prefer that I do it subsequently if necessary?
There was a problem hiding this comment.
Agreed. Will move go.mod and go.sum above api in all docker files
Agreed. This PR should also be rebased on current main since #221 got merged.
AFAICS Just for my understanding : we're deliberately ignoring the generated EDIT: also, since we're now carrying this Dockerfile, how are we supposed to make it evolve in the future ? And the |
bundle-custom.Dockerfile
Outdated
| # Copy files to locations specified by labels. | ||
| COPY --from=builder /workspace/bundle/manifests /manifests/ | ||
| COPY --from=builder /workspace/bundle/metadata /metadata/ | ||
| COPY --from=builder /workspace/bundle/tests/scorecard /tests/scorecard/ |
There was a problem hiding this comment.
Trailing newline here also please.
That's true, and until that's added I think I can explain at least some of the rationale (I haven't realised that the original The generated I believe/assume that's the reason for
Yes, you're right, now I understand, |
|
@cpmeadors: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
These changes add multistage docker files for both the operator and the operator bundle images. The builder stage uses the make targets to generate the necessary files to build the two images. This should fix the Prow CI image build issues and it should allow the copy of the bundle files in the midstream repo to be removed. Ultimately it means the same process is being use to build the images no matter what is building them. Original patch by Cameron Meadors <cmeadors@redhat.com> Backported by Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Backport #219 "generate files in dockerfiles"
These changes add multistage docker files for both the operator and the operator bundle images. The builder stage uses the make targets to generate the necessary files to build the two images. This should fix the Prow CI image build issues and it should allow the copy of the bundle files in the midstream repo to be removed. Ultimately it means the same process is being use to build the images no matter what is building them.
Outstanding issues are the need for "go mod vendor" and the hard coding of the VERSION for the bundle.