Adding multiarch image support

[bahetiamit]

This PR tries to address #1462 by adding multi architecture support to kaniko image.

Description
It uses github actions & buildx & QEMU to build and publish multi-arch kaniko executor image. This adds the flexibility & makes it easy to add support for other architectures. Few dependencies in image are now built from source as binaries are not readily available.

Github workflow is created to execute on a new version release. Once a new github release is done, this workflow automatically kicks in and publishes the image.

Validations
I was able to publish images to my docker hub repo - https://hub.docker.com/repository/docker/bahetiamit/executor/tags?page=1 as I don't have access to gcr.io. Github workflow in action for this - https://github.com/bahetiamit/kaniko/runs/1330719714?check_suite_focus=true

I have made the changes to workflow for gcr.io by referring to https://medium.com/mistergreen-engineering/uploading-a-docker-image-to-gcr-using-github-actions-92e1cdf14811. Someone needs to test this. Also this workflow needs a repository secret GCR_DEVOPS_SERVICE_ACCOUNT_KEY to be able to push the images to gcr.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes unit tests
• Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

• The code flow looks good.
• Unit tests and or integration tests added.

[google-cla]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[google-cla]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[tejal29]

@bahetiamit can you please sign the cla?

[bahetiamit]

@tejal29 I have initiated corporate CLA request and soon will sign this PR.

[bahetiamit]

@googlebot I signed it!

[tejal29]

Thanks a lot @bahetiamit. Not an github workflow expert. Will give it a try!

[bahetiamit]

@tejal29 Did you get a chance to look at this?

[tejal29]

@tejal29 Reminder, get to this on Friday morning

[tejal29]

Thank you so much for this PR and sorry for the delay.

Can you make the same changes to deploy/Dockerfile_debug and deploy/Dockerfile_warmer.

Also, i am more comfortable with gcloud flow.
Can you make the changes to cloudbuild.yaml, cloudbuild_release.yaml ?

https://github.com/GoogleContainerTools/kaniko/pull/1521/files#diff-6547f8c009c546989c6d4d936f8eecddf7815e8a40e1924e9a67fec8b24d7132

[tejal29]

Was this added by mistake?

[bahetiamit]

This patch is required as https://github.com/Azure/acr-docker-credential-helper is hard coded to build for amd64.

[tejal29]

@bahetiamit ping. would you able to pick this up?

Thanks

[bahetiamit]

@bahetiamit ping. would you able to pick this up?

Thanks

Sure. I will work on this.

[darewreck54]

@tejal29 This might be a dumb question, but if you are installing docker why even use kaniko at this point? Also if you are running kaniko in a k8, running docker in docker will require root access which will be a security risk no?

[tejal29]

@darewreck54, we need docker to build an image to run the test.
Maybe its time to dogfood kaniko it self.