Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added suport for building multi-arch images #3314

Closed
wants to merge 9 commits into from

Conversation

AverageMarcus
Copy link
Contributor

@AverageMarcus AverageMarcus commented Oct 1, 2020

Changes

Partial work towards #856
Adds support for building images for other architectures.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Includes docs (if user facing)
  • Commit messages follow commit message best practices
  • Release notes block has been filled in or deleted (only if no user facing changes)

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

@tekton-robot tekton-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Oct 1, 2020
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Oct 1, 2020

CLA Check
The committers are authorized under a signed CLA.

@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Oct 1, 2020
@tekton-robot
Copy link
Collaborator

Hi @AverageMarcus. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Oct 1, 2020
@@ -150,11 +150,11 @@ spec:
OUTPUT_BUCKET_RELEASE_DIR="/workspace/output/bucket/previous/$(inputs.params.versionTag)"

# Publish images and create release.yaml
ko resolve --preserve-import-paths -t $(inputs.params.versionTag) -f /workspace/go/src/github.com/tektoncd/pipeline/config/ > $OUTPUT_BUCKET_RELEASE_DIR/release.yaml
ko resolve --platform=all --preserve-import-paths -t $(inputs.params.versionTag) -f /workspace/go/src/github.com/tektoncd/pipeline/config/ > $OUTPUT_BUCKET_RELEASE_DIR/release.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this to work we'll need to make sure the ko image we use is updated with a recent enough ko (> version 0.6.0).

That's configured here, in the plumbing repo: https://github.com/tektoncd/plumbing/blob/master/tekton/images/ko/Dockerfile#L18

And after we make that change we'll need to rebuild and publish the image, so it can be used here.

Do you want to make the plumbing change? If not, I can to unblock you.

@imjasonh
Copy link
Member

imjasonh commented Oct 1, 2020

We might also want to change the Makefile:

resolve: | $(KO) ; $(info $(M) ko resolve -f config/) @ ## Resolve config to the current cluster

And test/e2e-common.sh:

ko resolve -f config/ \

And DEVELOPMENT.md:
https://github.com/tektoncd/pipeline/blob/5005e818919a819f27d9418cb4b37250b27ff5ef/DEVELOPMENT.md#install-in-custom-namespace

@AverageMarcus
Copy link
Contributor Author

I've been speaking with @barthy1 on Slack and there needs to be changes made to the base images first for this to work. I'm going to see what I can do with those too. Hopefully I can get the E2E running against my ARM cluster but will leave this PR in draft until I have an update :)

@AverageMarcus
Copy link
Contributor Author

@imjasonh Regarding updating the Makefile - I wasn't sure about this. I'd estimate that in most instances when people are running these task they're only interested in targeting a single architecture (usually the one it's running on but not always) and building the multi-arch images can drastically slow things down. I wonder if introducing an env var to control the target architecture would be better?

@imjasonh
Copy link
Member

imjasonh commented Oct 1, 2020

@imjasonh Regarding updating the Makefile - I wasn't sure about this. I'd estimate that in most instances when people are running these task they're only interested in targeting a single architecture (usually the one it's running on but not always) and building the multi-arch images can drastically slow things down. I wonder if introducing an env var to control the target architecture would be better?

Yeah that's fair, let's skip that one.

@AverageMarcus
Copy link
Contributor Author

Update: It turns out distroless/static:nonroot only supports Amd64 and Arm64 so those are the only two architectures that can currently be built.
I haven't currently got an Arm64 cluster set up so can't confirm if adding Arm64 support to Tekton would work or not right now.
I'm looking in to what it would take for distroless to support more architectures but I'm even more out of my depth when it comes to bazel 😆

@imjasonh
Copy link
Member

imjasonh commented Oct 1, 2020

Update: It turns out distroless/static:nonroot only supports Amd64 and Arm64 so those are the only two architectures that can currently be built.
I haven't currently got an Arm64 cluster set up so can't confirm if adding Arm64 support to Tekton would work or not right now.
I'm looking in to what it would take for distroless to support more architectures but I'm even more out of my depth when it comes to bazel 😆

Yeah, I'd warn against going too deep on distroless if you can avoid it for now. 😆

The discussion in tektoncd/community#211 is (I think) settling on a distinction between "available architectures" (arm64 and amd64, with s390x coming soon with changes in distroless 🤞 ), and "supported architectures" (currently just amd64, with s390x coming soon, see tektoncd/community#212) with automated tests on clusters with those architectures.

This change makes it so we can make arm64 images "available", but I don't think we need to block anything on having it be "supported", since that's a bigger commitment.

This PR is still blocked on the ko image change in plumbing, and a rebuild/release of that image AFAIK.

cc @barthy1

@barthy1
Copy link
Member

barthy1 commented Oct 2, 2020

This PR is still blocked on the ko image change in plumbing, and a rebuild/release of that image AFAIK.

yep, working on that one. Latest ko release with multi-arch support also requires ko://prefix in image names, so checking the main Tekton parts which use dogfooding ko image, that they have the required prefix in the code.

@tekton-robot tekton-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Oct 2, 2020
@AverageMarcus
Copy link
Contributor Author

I've just tested this change on an Arm64 server and can confirm the image builds and deploys correctly.

@imjasonh
Copy link
Member

Distroless added s390x recently, and the ko image has been updated to 0.6.0, is there anything else we need to finish this work?

@imjasonh
Copy link
Member

/kind feature

@tekton-robot tekton-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 17, 2020
@barthy1
Copy link
Member

barthy1 commented Oct 17, 2020

@imjasonh we also need to build gcr.io/tekton-nightly/github.com/tektoncd/pipeline/build-base:latest in multi-arch format to get pipeline multi-arch builds - https://github.com/tektoncd/pipeline/blob/master/.ko.yaml#L5.
I've created 2 PRs - tektoncd/plumbing#603 (most of reviewers do not approve of using Github actions) and #3402 (using dind) - waiting for review and verification with dogfooding cluster.

@imjasonh
Copy link
Member

That base image should only be necessary if using git-init or creds-init.

We can still merge this PR to get multiarch support for controller components and the entrypoint binary in the meantime. When build-base gets multiarch we'll pick that up automatically with this PR.

@barthy1
Copy link
Member

barthy1 commented Oct 17, 2020

I agree with you that merging this PR can provid already some Tekton components for multi-arch usage, which is great.
However from my point of view having some images in multi-arch format and others amd64 only can confuse the final users of the build. May be we need to document what is ma available and what is not?

@imjasonh imjasonh added this to the Pipelines v0.18 milestone Oct 19, 2020
@imjasonh
Copy link
Member

I agree with you that merging this PR can provid already some Tekton components for multi-arch usage, which is great.
However from my point of view having some images in multi-arch format and others amd64 only can confuse the final users of the build. May be we need to document what is ma available and what is not?

Yeah that's a good point. While we have partial multi-arch support, we could simply not document multi-arch support, and expect users to continue to assume/require amd64, since that's all that's worked historically.

We don't currently make any mention of CPU architecture support anywhere afaik, so maybe the first step is deciding where to document that, then adding to that, "...and some arm64 and s390x support, work in progress, you might see weird failures 😄 "

@vdemeester
Copy link
Member

/lgtm cancel

@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Oct 21, 2020
@vdemeester
Copy link
Member

For some reason, prow doesn't pick up that the branch has conflict… and it blocks the merge queue 😓
@AverageMarcus can you rebase against master ?

@vdemeester
Copy link
Member

(wait.. and now the message from GitHub saying it needs a rebase is gone.. what is happening 🙀 )

@afrittoli
Copy link
Member

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 23, 2020
@afrittoli
Copy link
Member

/lgtm cancel

@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Oct 23, 2020
@afrittoli afrittoli closed this Oct 23, 2020
@afrittoli afrittoli reopened this Oct 23, 2020
@afrittoli
Copy link
Member

It does need a rebase, it conflicts with alpha -> beta changes, so -t $(inputs.params.versionTag) should be -t $(params.versionTag)

imjasonh and others added 8 commits October 23, 2020 15:45
This avoids JSON marshaling the same object every time a PipelineRun is
cancelled, and marshals the object once at startup. If for some reason
marshaling that object fails (which it should never do), the controller
will exit and restart.

Failure to marshal this object should only be caused by a bug in our
code, since the object isn't derived from anything related to user
requests. If we have a bug in our cancel patch generation, we'd rather
find out by having the controller crashloop than find out by having
PipelineRuns be uncancellable, which might be harder to detect.
We've just added support for optional workspaces but I forgot to include
an example showing how to use them as part of a When Expression.

This commit adds a PipelineRun example YAML showing use of a
workspaces.<name>.bound variable in a when expression.

I've also updated pipelines.md to mention that you
can use a when expression to evaluate whether an optional workspace was
bound or not and to provide a short example snippet of using the bound
variables in a when expression.
This extracts the migration to v1beta1 part from tektoncd#2897. Release tasks
and pipelines from the `tekton/` folder are migrated to use v1beta1 APIs.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Introducing PipelineRunFacts as a combination of PipelineRunState, DAG
Graph, and finally Graph. This simplifies function definitions without having
to pass graphs to PipelineRunState attributes.
…re not configurable when launching the Tekton controller. This meant that Tekton deployments could not be tuned to the environments it was deployed in.

This commit makes DefaultThreadsPerController, QPS, and Burst configurable via flags. This helps tune a deployment depending on expected concurrency in production.
A while ago we added Script block support to Sidecars but forgot
to perform variable replacement on them. We perform variable replacement
on pretty much every other important field in a Sidecar so we should
probably also do it in Scripts.

This commit applies variables used in Sidecar Script blocks and adds
a few tests for it (copied from the existing step_replacements func).
The taskrun controller now emits a warning event if the affinity
specified by pod template will be overwritten with affinity assistant.
Closes tektoncd#2678
Prior to this commit the volumes that were generated for workspace bindings
did not have names that matched the values injected through
workspaces.<name>.volume variables. This occurred because we called
the GetVolumes workspace function twice during TaskRun Pod initialization and
each execution generated different random names.

This commit updates the TaskRun reconciler to generate the random volume
names only once and then pass those generated volumes to the two functions
that need them. Additionally the function generating those volumes is renamed
to make clear that volume creation is its purpose. A e2e test is added to
ensure that the workspace volume and variable value matches.
@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 23, 2020
@tekton-robot
Copy link
Collaborator

@AverageMarcus: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 23, 2020
@tekton-robot
Copy link
Collaborator

@AverageMarcus: The following tests failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-tekton-pipeline-build-tests 88f0506 link /test pull-tekton-pipeline-build-tests
pull-tekton-pipeline-unit-tests 88f0506 link /test tekton-pipeline-unit-tests
pull-tekton-pipeline-go-coverage 88f0506 link /test pull-tekton-pipeline-go-coverage
pull-tekton-pipeline-integration-tests 88f0506 link /test pull-tekton-pipeline-integration-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@AverageMarcus
Copy link
Contributor Author

I somehow managed to make a mess of the rebase it seems. Not quite sure what went wrong but I think I'll just open a new PR with the correct changes.

@AverageMarcus
Copy link
Contributor Author

Please see: #3451

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants