Need arm64 images on dockerhub

[sokoow]

Description

I am using arm64 kube and need to have docker images for that architecture built/exposed please.

Use Case

My use case is that I use EKS clusters on Graviton

Acceptance Criteria

An image with arch linux/arm64 is present on dockerhub

Thanks for looking into that! :D

[smangels]

We need the ARM images as well. I've pushed a PR for fixing the Dockerfiles. We have a working bake.hcl file that could be used to automate the multiarch build if someone is interested.

[smangels]

yes, that would be nice to have, I've managed to merge some code that prepares for a multiarch Docker build already. But one has to write the pipeline code as well. Proposal - we could collaborate and work on a branch together. But I guess that we have to test that in a fork (being able to own the pipeline settings) so that we could run introduced CI code as frequent as possible. Once done the code could easily be proposed as PR.
Any comments?

[smangels]

Is there any interest in this from Aquasecurity? It seems like an obvious choice running an ARM cluster in cloud environments . There are often much more cost effective.

[edjshelton]

+1

This would be great for us. Other Aqua tools like trivy-operator have multi-arch images so it makes sense to be consistent across the Aqua stack.

We're also exclusively using AWS Graviton instances on EKS.

[smangels]

I will have a look into trivy+operator and how it is deployed and maybe we can apply the same setup to Aquasec/Postee as well. I personally would like to get rid of maintaining an ARM64 build for Postee all the time.

[smangels]

We could make use of docker buildx bake to achieve that in a reusable well-structured manner. https://docs.docker.com/build/bake/reference/

See the example below.

variable "DOCKER_POSTEE_VERSION" {
    # consumed from CI environment
}

variable "DOCKER_ECR_REPO" {
    # consumed from CI environment
}

variable "DOCKER_TARGET_ENV" {
   # consumed from CI environment
}

variable "DOCKER_TEAM" {
    # consumed from CI environment
}

variable "DOCKER_VCS_URL" {
    # consumed from CI environment
}

variable "CI_COMMIT_SHA" {
    # consumed from GITLAB environment
}

function "short-hash" {
    params = [ hash ]
    result = length(regexall("[0-9a-fA-F]{7,40}", hash)) > 0 ? substr(hash, 0, 7) : "invalid"
}

group "default" {
    targets = [ "postee", "postee-ui" ]
}

target "postee-base" {
    platforms = ["linux/arm64"]
    labels = {
        "com.aquasec.release": "${DOCKER_POSTEE_VERSION}",
        "com.aquasec.responsible-team": "${DOCKER_TEAM}",
        "com.aquasec.vcs.gitlab.url": "${DOCKER_VCS_URL}"
        "com.aquasec.vcs.commit.sha": "${short-hash(CI_COMMIT_SHA)}"
    }
}

target "postee" {
    inherits = ["postee-base"]
    dockerfile = "Dockerfile"
    tags = ["${DOCKER_ECR_REPO}/${target.postee.name}:${DOCKER_TARGET_ENV}-${short-hash(CI_COMMIT_SHA)}"]
}

target "postee-ui" {
    inherits = ["postee-base"]
    dockerfile = "Dockerfile.ui"
    tags = ["${DOCKER_ECR_REPO}/${target.postee-ui.name}:${DOCKER_TARGET_ENV}-${short-hash(CI_COMMIT_SHA)}"]
}

We are running the following command to build and push it to our ECR@AWS based repositories.

push:
	CI_COMMIT_SHA=${CI_COMMIT_SHA} \
	DOCKER_POSTEE_VERSION=v2.14.0 \
	docker buildx bake -f ./docker-bake.arm64.hcl --push