Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate go-build base to UBI #490

Merged
merged 20 commits into from
Nov 21, 2023
Merged

Conversation

hjiawei
Copy link
Collaborator

@hjiawei hjiawei commented Oct 10, 2023

This change migrates go-build base image from Debian to UBI. It also unifies multiarch Dockerfiles into one for better maintainability. 32 bit linux/arm platform is dropped because Kubernetes also dropped it since v1.27.

@hjiawei hjiawei force-pushed the migrate-ubi branch 16 times, most recently from c569592 to 02570a4 Compare October 16, 2023 19:15
@hjiawei hjiawei requested review from fasaxc and rene-dekker October 24, 2023 01:35
@hjiawei hjiawei marked this pull request as ready for review October 24, 2023 01:36
@hjiawei
Copy link
Collaborator Author

hjiawei commented Oct 24, 2023

The amd64 build failure is due to llc program name difference. The OSS build and UT/FV results are at https://tigera.semaphoreci.com/workflows/99700d3e-dc1b-485c-8143-6b45cab2a519?pipeline_id=132370eb-41db-4381-b2b7-aa7325d71f28.

@hjiawei
Copy link
Collaborator Author

hjiawei commented Oct 24, 2023

Validated by projectcalico/calico#8103.

Copy link
Member

@fasaxc fasaxc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a lot of good cleanup; so nice to have one dockerfile for all platforms :-)

Can we track down the person who added arm7 and send them a note; I know I'd be bummed to see my contribution rowed back.

# https://github.com/golang/go/issues/14739#issuecomment-324767697
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
# https://www.google.com/linuxrepositories/
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to check SHA and signature? Won't the signature do that implicitly?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gpg --verify failed with "Can't check signature: No public key" error without these keys.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My question was about the separate SHA sum check. Do we need to do both?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. You are right. The double-check seems to be redundant.

Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
push-manifest:
# Docker login to hub.docker.com required before running this target as we are using $(HOME)/.docker/config.json holds the docker login credentials
docker run -t --entrypoint /bin/sh -v $(HOME)/.docker/config.json:/root/.docker/config.json $(ARCHIMAGE) -c "/usr/bin/manifest-tool push from-args --platforms $(call join_platforms,$(ARCHES)) --template $(DEFAULTIMAGE)-ARCHVARIANT --target $(DEFAULTIMAGE)"
docker manifest create $(DEFAULTIMAGE) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably this is just a nice cleanup now that manifest tool has been merged into docker itself?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the manifest command is merged into docker cli around 2017 and major projects switched to use that.

@hjiawei
Copy link
Collaborator Author

hjiawei commented Nov 14, 2023

@aalaesar We plan to drop arm 32bit arm support in future Calico releases. This is due to the dropped 32bit arm support from Kubernetes vendor and unsupported 32bit arm architecture from Red Hat UBI base. I believe arm64 (v8+) is more common from major cloud providers and many edge devices are (start) migrating to arm64 for better performance. As you are the original contributor for this port, do you have any concerns or suggestions for us?

Comment on lines +1 to +3
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub fingerprints are taken from GitHub's SSH key fingerprints.

@aalaesar
Copy link
Contributor

@aalaesar We plan to drop arm 32bit arm support in future Calico releases. This is due to the dropped 32bit arm support from Kubernetes vendor and unsupported 32bit arm architecture from Red Hat UBI base. I believe arm64 (v8+) is more common from major cloud providers and many edge devices are (start) migrating to arm64 for better performance. As you are the original contributor for this port, do you have any concerns or suggestions for us?

Hello there !
As of today, it make sense to drop it. So no concern. 😄
If you think I can be of any help regarding this subject, let me know.

Regards

Copy link
Contributor

@Behnam-Shobiri Behnam-Shobiri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much @hjiawei. This is great.
I approved from my side; please wait for dev team to approve as well.

@hjiawei hjiawei requested a review from fasaxc November 19, 2023 22:59
Copy link
Collaborator

@rene-dekker rene-dekker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants