Enable multi-arch build for cilium-cli image #2782
Conversation
|
Commits 42d8aa8, ed8ea68 do not match "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
ed8ea68 to
0b948bf
Compare
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
0b948bf to
e06aa0d
Compare
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
e06aa0d to
2bf1e74
Compare
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
2bf1e74 to
ed22c94
Compare
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
ed22c94 to
8b4242d
Compare
There was a problem hiding this comment.
@michi-covalent @tklauser with the merge of cilium-cli into cilium/cilium it's becoming confusing to where contributors can submit their changes for cilium-cli.
| # when bumping to a new version analyze the new version for security issues | ||
| # then use crane to lookup the digest of that version so we are immutable | ||
| # crane digest tonistiigi/xx:1.5.0 | ||
| FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx |
There was a problem hiding this comment.
Is this really necessary? It shouldn't be since we cross compile cilium without tonistiigi/xx as an example.
There was a problem hiding this comment.
This is required within Docker, to compile with CGO_ENABLED=0. Don't recall the exact reason, I think it was related to alpine based builds (muslc, vs glibc).
I also use some buildx features that allow caching and parallel builds for all the supported platforms to have a speedy and optimized build.
I contributed similar to the Spire project couple of years ago.
There was a problem hiding this comment.
In essence the tool does following and is basically a small little wrapper.
https://github.com/tonistiigi/xx?tab=readme-ov-file#go--cgo
It wraps the go command by setting some variables accordingly based on the buildx args.
Saves a lot of plumbing.
There was a problem hiding this comment.
re-requested review from andre. let's see what he says 🙏
There was a problem hiding this comment.
We can still use the caches without using this dependency. Personally, I would prefer to not have any wrappers on official builds.
There was a problem hiding this comment.
this isn't related to the caching only. It is also to set the go flags accordingly for crosscompile based on the TARGETPLATFORM and TARGETARCH which is a buildx feature.
It is used here https://github.com/cilium/cilium-cli/pull/2782/files#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557R19
Without that we would have to do all the plumbing for that in the RUN statement. I'm not a fan of reinventing the wheel :)
Yes, now I'm confused 😕 Should I create such PR on the cilium repo? Maybe this repo has to be archived? Let me know how to proceed. |
sorry for the delay, we build release artifacts from this repo. assuming we want to build this docker image for each release tag, this is the right repo for this pull request. @marcofranssen let's limit this pull request to Dockerfile changes only. once it gets approved & merged, i'll make necessary changes to github workflows. |
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
8b4242d to
1a22c85
Compare
|
Commit b9d0135 does not match "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
b9d0135 to
553f2d9
Compare
|
Commit 553f2d9 does not match "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
553f2d9 to
f996cce
Compare
|
Commit 553f2d9 does not match "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
|
Rebased once more and signed off the one commit I forgot about. |
|
reminder for @tklauser and myself: set up |
|
ping @cilium/ci-structure for review 🚀🙏 edit: never mind, i requested to update this PR to only modify Dockerfile 👍 #2782 (comment) |
|
|
||
| # cilium-cli-ci is based on ubuntu with cloud CLIs | ||
| FROM ubuntu:24.04@sha256:99c35190e22d294cdace2783ac55effc69d32896daaa265f0bbedbcde4fbe3e5 AS cilium-cli-ci | ||
| ENTRYPOINT [] | ||
| LABEL maintainer="[email protected]" | ||
| WORKDIR /root/app | ||
| COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium | ||
| COPY --link --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium | ||
|
|
||
| # Install cloud CLIs. Based on these instructions: |
There was a problem hiding this comment.
What I meant was that it will not work for arm64 because of the binary downloaded on line 53. The build will work but the resulting image will not work for arm64.
|
What should I do to get this merged? I adjusted the workflow to use a separate GH environment for the release image? Went trough the open conversations but not sure how to progress now. I feel all required changes are in. |
There are still two open questions from @aanm which AFAICT haven't been addressed or answered: |
In a previous PR I contributed this was also already the question. It seems that is something to be figured out within the cilium repo owners. In my previous PR it was decided to continue using this repo until a decision is made. Would be great if we can unblock this PR and move forward and figure out the other part in a follow-up. |
I feel one was already answered, but gave it another shot with different wording. The other one seems to be unrelated to this PR. It was already a discussion on a previous PR and there it was decided to not hold back community contribution while the cilium team figures it out internally on how and when to make that change. |
|
This pull request has been automatically marked as stale because it |
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
marcofranssen
force-pushed
the
cilium-cli-image
branch
from
f996cce to
fad6b10
Compare
|
Rebased once again to resolve conflicts. I feel all questions have been answered. What else is required? |
This PR builds on top of #2842
It also includes the cilium-cli target to the build using multi-arch.
In the PR we levarage some buildx features like --cache and --link to improve the speed of builds for multi-arch.
Resolves #2780