Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal for build multi arch images #159

Closed
wants to merge 6 commits into from
Closed
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Workgroup is a virtual team of aggregating the efforts of all the interested par
|[Scanning](./workgroups/wg-scanning/README.md)|The obejct of workgroup is centralizing and focusing efforts on supporting the ability of Harbor users to choose which container image scanner they want to use with Harbor directly|(Zach Hill@Anchore [zhill](https://github.com/zhill))|Daniel Pacak@Aqua Security ([danielpacak](https://github.com/danielpacak)) / Steven Zou@VMware ([steven-zou](https://github.com/steven-zou))|Liz Rice@Aqua Security ([lizrice](https://github.com/lizrice)), Daniel Pacak@Aqua Security ([danielpacak](https://github.com/danielpacak)), Steven Zou@VMware ([steven-zou](https://github.com/steven-zou))|
|[P2P Distribution](https://github.com/goharbor/community/tree/master/workgroups/wg-p2p)|The objective of this working group is to aggregate efforts to discuss, design and finally deliver suitable P2P image distribution solutions for Harbor.|Fanjian Kong@Qihoo ([kofj](https://github.com/kofj))| Steven Zou@VMware ([steven-zou](https://github.com/steven-zou)) |[5 Members](https://github.com/goharbor/community/tree/master/workgroups/wg-p2p#members)|
|[Operator](./workgroups/wg-operator/README.md)|Aggregate the efforts from all the interested parties to discuss, design and finally deliver suitable Operator solutions for Harbor|Steven Zou@VMware ([steven-zou](https://github.com/steven-zou))| - | [14 Members](https://github.com/goharbor/community/blob/master/workgroups/wg-operator/README.md#members)|Steven Zou@VMware ([steven-zou](https://github.com/steven-zou))| - |[5 members](https://github.com/goharbor/community/tree/master/workgroups/wg-p2p#members)|
|[Multi Architecture](https://github.com/goharbor/community/tree/master/workgroups/wg-multiarch)|The purpose of this working group is to enable Harbor to support multiple architectures, such as x86 arm.|ZhiPeng Yu@Alauda ([yuzp1996](https://github.com/yuzp1996))| Steven Zou@VMware ([steven-zou](https://github.com/steven-zou)) |[8 Members](https://github.com/goharbor/community/tree/master/workgroups/wg-multiarch#members)|
|[Multi Architecture](https://github.com/goharbor/community/tree/master/workgroups/wg-multiarch)|The purpose of this working group is to enable Harbor to support multiple architectures, such as x86 arm.|ZhiPeng Yu@Alauda ([yuzp1996](https://github.com/yuzp1996))| Steven Zou@VMware ([steven-zou](https://github.com/steven-zou)) |[13 Members](https://github.com/goharbor/community/tree/master/workgroups/wg-multiarch#members)|
|[Performance](https://github.com/goharbor/community/tree/master/workgroups/wg-performance)|The purpose of this work group is to improve the performance and scalability of harbor in the use case of large data volumes.|ChenYu Zhang@Alauda ([chlins](https://github.com/chlins))| Steven Zou@VMware ([steven-zou](https://github.com/steven-zou))/ Daniel Morinigo@Alauda ([danielfbm](https://github.com/danielfbm)) |[11 Members](https://github.com/goharbor/community/tree/master/workgroups/wg-performance#members)|

## Structure
Expand Down
177 changes: 177 additions & 0 deletions proposals/new/multi-arch.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
# Proposal: `Harbor Build Supports Multiple Architectures`

Author: `Zhipeng Yu / yuzp1996` and `bo zhu / Jeremy-boo`

Discussion: `none`

## Background

At present, more and more companies need harbor to support multi-architecture construction. Some of the more mainstream ones are x86 and arm64 architectures. This proposal is to provide a solution for generating multi-architecture mirroring.

## Plan

When Habor releases version 2.3, support for arm64 Harbor image construction can be released at the same time

Harbor version 2.3 is tentatively scheduled to be released in mid-June 2021, so we must complete the development and testing of Harbor's multi-architecture construction before the end of May.

## Architecture Maturity Model

In order to provider a **short-term** and **long-term** process to introduce and iterate a new architecture into Harbor ecosystem a maturity model is proposed below

### Overview

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a table describing an overview of the maturity model? For example:

Level Description Goals Challenges
Dev Introduce a new architecture into the ecosystem as independent repo and images - Build the upstrea's master branch code
- Introduce development practices
- Build platform and code
- Upstream changes trigger downstream build
Test Uses Harbor's standard testing procedures to test the new architectures version - Validate the new architecture's artifacts making sure it conforms to Harbor's standard test suite
- Ensure upstream master code have at least a daily build and test
- Infrastructure to deploy and run tests
Alpha Release Onboard architecture first release together with Harbor's release - Make sure release candidates and other release builds on upstream can execute successfully on downstream
- Run release tests in the new architecture
- Sync with Harbor release timing
Integration Integrate new architecture within Upstream code. PS: only available for Mainstream architectures - Enable upstream to integrate build methods
- Enable master build and PR build checks
- Add build process on upstream without affecting contributors and maintainers experience
- Active maintainance on upstream
Beta Release First architecture release after integration - Enable official upstream release with new architecture
- Offer official multi-architecture tag for users
- Make sure release time and processes will not be affected by new architecture
GA release After the first beta release any other releases will be considered GA for the new architecture - Offline installer integration - Offline code changes
- Offiline installer build process and architecture

#### Glossary

Upstream: github repository go-harbor/harbor

Downstream: github repository like harbor-arm harbor-loongson and so on.

Short-term: We can provide support for different architectures in different Harbor sub-projects.
For example, in harbor-arm, we can maintain the construction logic of arm64 mirroring and other related information

Long-term: Harbor-arm keeps the synchronization update with goharbor/harbor. When goharbor/harbor updates a version, harbor-arm follows the update and then pushes the mirror image to the mirror warehouse to provide users with multi-architecture support.

#### Jobs For Upstream

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upstream changes?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes


1. Increase the environment variable GOARCH, the default is amd64, which can be overridden by specifying a specific value during execution, like arm64 and so on.

2. When executing make compile to generate binary files, it can generate binary files of different architectures according to the environment variable GOARCH

3. Upstream version update and downstream synchronization issues.

Scheme selection:

1. Change the upstream github action workflow and add an action: After the upstream master branch merges with pr, a message is sent to notify the downstream that a build update needs to be performed.

2. The downstream actively pulls the version through timed tasks, and judges whether it needs to be built and updated by comparing with its own version (currently the downstream adopts this kind of plan to update and build).

#### Jobs For Downstream

1. Add a github action, responsible for building and testing related matters (in theory, it is consistent with the upstream github action process, just modify specific environment variables and dependent parameters, such as building an arm64 image through docker buildx).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there any considerations, as to what upstream should be careful with, in order not to break the down stream workflows?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is nothing that upstream to care about because it is an empty file and should be overwritten by the downstream repository. Downstream will care about the content of this file.

In the upstream repository just need call this shell file before executing the compilation and build tasks in the makefile to ensure that this shell can be executed.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that the focus of the question here is not regarding the script, but regarding any general changes in the core project, for example:

  • Adding or removing components
  • Changing base images
  • Changing Dockerfile in general
  • Other environmental dependency changes
    ?

2. Add a file named adapter.sh, which is mainly responsible for covering the basic parameters and dependency related matters that need to build a multi-arch mirroring.

3. Add a Makefile (which can be called when performing github actions) to achieve, such as overwriting adapter.sh or other functions.

4. Add Dockerfile if necessary

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jobs for downstream

This whole section (besides Risk) can be moved and merged into the Dev section?

Copy link

@Jeremy-boo Jeremy-boo Apr 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I will modify it


#### Risk
Upstream modifications may affect downstream construction

1. Upstream changed the Dockerfile.

2. Upstream changed the build dependency package.

3. There are other situations...

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other few things to consider:

  • Changes in architecture: Removing or adding new components?
  • Any compatibility braking changes


### Dev

This comment was marked as outdated.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

readme in upstream can link to there

#### Requisites
The new architecture uses a dedicated repository to maintain all the necessary files and scripts to build Harbor in its target architecture.

It should be able to build Harbor's master branch and push the resulting docker images to Harbor's org in `DockerHub` using the target architecture as suffix: `goharbor/harbor-core-arm64`

#### Suggested Implementation

**Repository structure:**

- `Makefile`: Maintain its own list of commands to be used during the build process

- `.github`: Maintain project workflow

- `make`: Maintain scripts required for the project construction phase

- `src`: Pull goharbor/harbor's master branch code logic, if necessary

- `VERSION`: harbor-arm version number

- `README.md`: harbor-arm readme

- `CHANGELOG.md`: harbor-arm changelog


**Block Item:**
- 1. confirm harbor-arm image address.

- 2. goharbor/harbor Developer guide.

- 3. Harbor upgrade and pg compatibility issues.

- 4. Can it be merged into the master branch in version 2.3? About goharbor/harbor increase the GOARCH parameter to support multi-architecture mirror construction pr.

- 5. Harbor upgrade pg incompatibility problem.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev possible blocking Item:

    1. Confirm Docker image repository address and credentials inside Goharbor's DockerHub org
    1. Harbor components compatibility issues. Postgres database compatbiility when changing version making an upgrade rollout impossible
    1. Possible necessary upstream Makefile changes
    1. Build process for new architecture



### Test

#### Requisites

It is necessary to develop an arm image test plan and an arm architecture test machine to determine whether the built harbor-arm image can run normally on the arm machine.

#### Suggested Implementation

We hope to be able to use the goharbor/harbor official test plan for test verification, provided that the official can provide a multi-architecture unified test plan.

However, there are currently the following issues that need to be resolved

1. During testing, docker-compose will be used to deploy Harbor and test, but it seems that docker-compose [only provides x86 binary files](https://github.com/docker/compose/releases), and we need to compile other versions by ourselves. We can try to install docker-compose with pip

2. Images of different architectures may not be able to run using the runner provided by github action. [Self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners) should be used to ensure that images of different architectures can run tests.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

block issue

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, Travis has support for a few alternative architectures, but the product quality/reliability has seen a steady decline since their acquisition.

We might be able to use the binfmt-based user-mode QEMU emulation support for testing, but it has traditionally struggled with supporting Go binaries, so might not be sufficient for real testing.

Alternatively, now that Harbor is part of the CNCF sandbox, we might be able to convince them to sponsor something like an Amazon A1 instance for a self-hosted arm64 runner.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your advice.

We may solve this problem through the third comment you mentioned.


**Block Item:**
- 1. Images of different architectures may not be able to run using the runner provided by github action. [Self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners) should be used to ensure that images of different architectures can run tests.

- 2. Can harbor officials provide official test solutions and support different architecture modes?

- 3. arm test machine problem.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test possible blocking items:

    1. Harbor standard conformance testing in the new architecture
    1. Infrastructure for the new architecture: (add CNCF code repo link)
    1. Executing deployment and testing automatically either daily or with each upstream master commit



### Alpha release

#### Requisites

Requires upstream goharbor/harbor to support GOARCH parameters to build harbor binary files and downstream harbor-arm to replace GOARCH parameters to build harbor-arm images and push them to Harbor's org in `DockerHub`.

#### Suggested Implementation

- 1. harbor-arm repo executes local build tasks regularly, pulls goharbor/harbor's master branch code, if there is an update, executes local build logic to update the image version.


- 2. After the successful build, the harbor-arm repo will update the documents such as `changelog.md` and `readme.md`.



### Beta release

#### Requisites

After the harbor-arm architecture image has been running stably for a period of time (for example, 2 months), the harbor-arm can consider upgrading the image to the beta version based on the modified version

#### Suggested Implementation

...

### Ultimate goal

The harbor-arm sub-project is accompanied by the iteration of the goharbor/harbor, and finally hopes to be able to support the support of harbor multi-architecture image in the goharbor/harbor project, thus discarding the harbor-arm sub-project.

### Related Implementation

There are already some PRs and repository that have implemented this function, we can make full use of these contents

Changes provided by this [PR](https://github.com/goharbor/harbor/pull/13788) can build amd64 and arm64 image simultaneously

This repository https://github.com/querycap/harbor have created arm64 and amd64 image successfully


## Development Iteration

After several iterations, we need to ensure that the content in adapter.sh and github actions files in downstream repository is as small as possible,After each iteration, more code can be extracted and merge to upstream。

After the adapter.sh and github actions files of the downstream code disappear, we can no longer maintain the downstream repository.


## Notify Users

We provide repository addresses that support other architectures in goharbor/harbor release notes. Users can directly find repository addresses of different architectures according to the link.

4 changes: 3 additions & 1 deletion workgroups/wg-multiarch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ The purpose of this working group is to enable Harbor to support multiple archit

- ChenYu Zhang @Alauda ([chlins](https://github.com/chlins))

- Daniel @Alauda ([danielfbm](https://github.com/danielfbm))
- Daniel Filipe Bruehmueller Morinigo @Alauda ([danielfbm](https://github.com/danielfbm))

- JingTao Cheng @Alauda ([jtcheng](https://github.com/chengjingtao))

- ZhiPeng Yu @Alauda ([yuzp1996](https://github.com/yuzp1996))

- Bo Zhu @Alauda ([Jeremy-boo](https://github.com/Jeremy-boo))

- WenLong Zhang@Loongson ([zhangwenlong8911](https://github.com/zhangwenlong8911))

- JingYun Hua@Loongson ([huajingyun01](https://github.com/huajingyun01))
Expand Down