Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use ubi-minimal for amd64 image #362

Merged
merged 4 commits into from Oct 30, 2019
Merged

Use ubi-minimal for amd64 image #362

merged 4 commits into from Oct 30, 2019

Conversation

@lmm
Copy link
Member

lmm commented Oct 28, 2019

Description

This PR updates the amd64 Dockerfile to use registry.access.redhat.com/ubi8/ubi-minimal:latest as the base image.

Some notes:

  • Part of the complexity of the updated dockerfile has to do with the rebuilding of the iptables rpm. This is needed because the iptables packages in current ubi, rhel8, and CentOS repos have stripped out the legacy xtables-based iptables binaries.
  • runit is not available in ubi, rhel8 or CentOS repos hence building from source
  • conntrack-tools is not available in the ubi repo so for consistency and maybe better compatibility, we're using CentOS packages exclusively.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Calico component images are now using ubi for the base image
@lmm lmm force-pushed the lmm:lmm-ubi-image branch 5 times, most recently from 5c89e7a to 97dec98 Oct 28, 2019
@lmm lmm changed the title WIP: Use ubi-minimal for amd64 image Use ubi-minimal for amd64 image Oct 30, 2019
@lmm lmm force-pushed the lmm:lmm-ubi-image branch from 97dec98 to 0498565 Oct 30, 2019
@lmm lmm mentioned this pull request Oct 30, 2019
0 of 3 tasks complete
Copy link
Member

neiljerram left a comment

Great work; just a few minor queries. Please can you make changes (if any) as further commits, so that I can easily review the changes without re-reviewing the whole thing?

LABEL maintainer "Casey Davenport <casey@tigera.io>"
# Use this build stage to build iptables rpm and runit binaries.
# We need to rebuild the iptables rpm because the prepackaged rpm does not have legacy iptables binaries.
# We need to build runit because there aren't any rpms for it in our repos.

This comment has been minimized.

Copy link
@neiljerram

neiljerram Oct 30, 2019

Member

nit: can you clarify what "our repos" means?

Dockerfile.amd64 Show resolved Hide resolved
ARG GIT_VERSION=unknown
ARG ARCH=x86_64
ARG IPTABLES_VER=1.8.2-9
ARG RUNIT_VER=2.1.2

This comment has been minimized.

Copy link
@neiljerram

neiljerram Oct 30, 2019

Member

nit: these are already defined above; do we need them again here?

COPY centos.repo /etc/yum.repos.d/

# Install everything but conntrack, making sure that we're using only CentOS repos.
# We're using CentOS for all our packages for consistency and probably better compatibility.

This comment has been minimized.

Copy link
@neiljerram

neiljerram Oct 30, 2019

Member

What do you mean by "probably better compatibility" here?

This comment has been minimized.

Copy link
@lmm

lmm Oct 30, 2019

Author Member

I wanted to convey that there is less chance of package dependency issues if all of our packages were from a single source (CentOS) rather than a mix of CentOS and ubi. I'll reword

Makefile Show resolved Hide resolved
Copy link
Member

neiljerram left a comment

LGTM, thanks @lmm !

@lmm lmm merged commit 8fab4b6 into projectcalico:master Oct 30, 2019
3 checks passed
3 checks passed
ci/semaphoreci/pr: Run k8s-tests The build passed on Semaphore 2.0.
Details
license/cla Contributor License Agreement is signed.
Details
semaphoreci The build passed on Semaphore.
Details
@lmm lmm added this to the Calico v3.11.0 milestone Dec 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.