-
Notifications
You must be signed in to change notification settings - Fork 222
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TEP-0020: Add s390x architecture support
This TEP proposes the way to add s390x architectures support in Tekton. Signed-off-by: Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>
- Loading branch information
Showing
2 changed files
with
134 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| --- | ||
| title: s390x-support | ||
| authors: | ||
| - "@barthy1" | ||
| creation-date: 2020-09-21 | ||
| last-updated: 2020-09-21 | ||
| status: proposed | ||
| --- | ||
|
|
||
| # TEP-0020: s390x architecture support | ||
|
|
||
| <!-- toc --> | ||
| - [Summary](#summary) | ||
| - [Motivation](#motivation) | ||
| - [Goals](#goals) | ||
| - [Non-Goals](#non-goals) | ||
| - [Proposal](#proposal) | ||
| - [Design Details](#design-details) | ||
| - [Diagram for pipeline build and test with s390x hardware](#diagram-for-pipeline-build-and-test-with-s390x-hardware) | ||
| - [Risks and Mitigations](#risks-and-mitigations) | ||
| - [Test Plan](#test-plan) | ||
| - [References](#references) | ||
| <!-- /toc --> | ||
|
|
||
| ## Summary | ||
|
|
||
| This TEP proposes extension of the dogfooding part of CI/CD system to be able to | ||
| test, build and release Tekton parts (pipeline, triggers, operator, dashboard, | ||
| cli) for `s390x` hardware architecture. It is based on the idea to support | ||
| non-amd64 architectures, proposed in [TEP 19](https://github.com/tektoncd/community/pull/211). | ||
|
|
||
| ## Motivation | ||
|
|
||
| s390x is a processor architecture for IBM Z and LinuxOne, s390x builds are | ||
| available for many open source products and solutions. Tekton is a great | ||
| framework to build, test, and deploy the solutions, but to be able to do that for | ||
| s390x, it is necessary to have s390x release of Tekton itself. | ||
|
|
||
| ### Goals | ||
|
|
||
| - Describe setup to get access to s390x native hardware. | ||
| - Describe flow to build and test Tekton artifacts for s390x architecture | ||
| (based on "other architectures support" [TEP 19](https://github.com/tektoncd/community/pull/211)). | ||
|
|
||
| ### Non-Goals | ||
|
|
||
| - Specific hardware requirements and k8s cluster maintaining are not covered | ||
| by this TEP. | ||
| - Missing container images(available for amd64 only) to run e2e s390x tests are | ||
| not covered by this TEP and will be fixed separately. | ||
|
|
||
| ## Proposal | ||
|
|
||
| Extend current Tekton CI/CD system to run Tekton tests and builds for s390x | ||
| architecture. As a result Tekton artifacts (container images and yaml files) | ||
| will be tested and released for s390x in the same way as it is done for amd64. | ||
|
|
||
| The details of other architecture setup proposal are described in TEP 19. | ||
|
|
||
| Main points, applied to s390x architecture support proposal: | ||
|
|
||
| amd64 Tekton cluster will take responsibilities: | ||
| - to initiate all actions. | ||
| - to show results/logs in the UI. | ||
| - to keep all secrets and interact with storages, registries, external systems, | ||
| etc. | ||
| - to interact with google cloud (google sdk is available only for amd64). | ||
|
|
||
| s390x cluster will: | ||
| - operate on native s390x hardware. | ||
| - build s390x container images. | ||
| - run the tests. | ||
| All steps are packed as Tekton tasks. | ||
|
|
||
| ### Design details | ||
|
|
||
| The Tekton code itself is buildable for s390x. The main part of proposed updates | ||
| are required to get access to s390x hardware to run arch specific tasks. s390x | ||
| hardware is provided by IBM and not publicly available at the moment. Also | ||
| there is no cloud provider at this moment to get k8s s390x cluster. To run s390x | ||
| specific Tekton tasks, IBM will provide Z(s390x) hardware(large baremetal server) | ||
| in a yellow zone, which means restricted access, limited ports open, etc. The | ||
| connection between dogfooding amd64 community cluster and s390x hardware will be | ||
| set up via [sshd-bastion](https://github.com/openshift/release/tree/master/core-services/sshd-bastion). | ||
| The idea here is to have a bastion host, running on amd64 cluster and script on | ||
| s390x side to connect to this service via SSH and set up a tunnel so that | ||
| others connections between clusters can be transparently proxied. After tunnel | ||
| is done, all the interaction between amd64 main cluster and s390x hardware will | ||
| be done inside the tunnel. | ||
| Practically it means that special k8s service(s) should be installed and | ||
| configured on the amd64 cluster side, example for tunnel between OCP and | ||
| Z hardware is available [here](https://github.com/openshift/release/blob/master/core-services/sshd-bastion/z/deployment.yaml#L5-L121) | ||
| (OCP is just example and the same setup is doable with vanilla k8s cluster). | ||
| From the s390x hardware side, a special [script](https://github.com/multi-arch/ocp-remote-ci/blob/master/libvirt/tunnel/tunnel.sh) | ||
| should be running. | ||
| As soon as both pieces are connected to each other, the dogfooding(k8s + Tekton) | ||
| cluster can interact with Z hardware using ports, specified in the sshd-bastion | ||
| and tunnel script. Ports are configurable and usually they are 22 (ssh), | ||
| 6443 (k8s), 443(https). | ||
|
|
||
| Because there is no k8s s390x provider available now, it is required to do k8s | ||
| cluster installation on provided s390x hardware. It can be done via [kubespray](https://github.com/kubernetes-sigs/kubespray) | ||
| and not part of this TEP. | ||
|
|
||
| With s390x hardware can be provided: | ||
| - several k8s s390x preinstalled cluster or | ||
| - Tekton task to install new k8s s390x cluster via ssh tunneling connection to | ||
| s390x hardware. | ||
|
|
||
| #### Diagram for pipeline build and test with s390x hardware | ||
|
|
||
| Sequence diagram for tekton pipeline repo with: | ||
| - k8s Z cluster installation -> new pipeline build -> build installation -> build e2e test -> clean up | ||
|  | ||
|
|
||
| ### Risks and Mitigations | ||
|
|
||
| 1. s390x specific errors can exist if Tekton code works with low-level memory | ||
| allocation in a little-endian scheme, as s390x is the only architecture left | ||
| with big-endian memory allocation. However at this moment such problems are not | ||
| identified for Tekton. | ||
| 2. Usually developers test the new code locally only for amd64, so failing tests | ||
| for s390x with new code are initially expected. | ||
|
|
||
| ## Test Plan | ||
|
|
||
| Existing unit and e2e tests will be executed on s390x architecture. | ||
|
|
||
| ## References | ||
|
|
||
| - PR for [non-amd64 architectures support in Tekton](https://github.com/tektoncd/community/pull/211) | ||
| - Issue [tektoncd/plumbing#495](https://github.com/tektoncd/plumbing/issues/495) | ||
| - Issue [tektoncd/pipeline#856](https://github.com/tektoncd/pipeline/issues/856) | ||
| - Issue [tektoncd/pipeline#3064](https://github.com/tektoncd/pipeline/issues/3064) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.