postee icon indicating copy to clipboard operation
postee copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Need arm64 images on dockerhub

Open sokoow opened this issue 1 year ago • 6 comments

Description

I am using arm64 kube and need to have docker images for that architecture built/exposed please.

Use Case

My use case is that I use EKS clusters on Graviton

Acceptance Criteria

An image with arch linux/arm64 is present on dockerhub

Thanks for looking into that! :D

sokoow avatar Mar 23 '23 12:03 sokoow

We need the ARM images as well. I've pushed a PR for fixing the Dockerfiles. We have a working bake.hcl file that could be used to automate the multiarch build if someone is interested.

smangels avatar Apr 26 '23 08:04 smangels

yes, that would be nice to have, I've managed to merge some code that prepares for a multiarch Docker build already. But one has to write the pipeline code as well. Proposal - we could collaborate and work on a branch together. But I guess that we have to test that in a fork (being able to own the pipeline settings) so that we could run introduced CI code as frequent as possible. Once done the code could easily be proposed as PR. Any comments?

smangels avatar Aug 28 '23 06:08 smangels

Is there any interest in this from Aquasecurity? It seems like an obvious choice running an ARM cluster in cloud environments . There are often much more cost effective.

smangels avatar Aug 28 '23 06:08 smangels

+1

This would be great for us. Other Aqua tools like trivy-operator have multi-arch images so it makes sense to be consistent across the Aqua stack.

We're also exclusively using AWS Graviton instances on EKS.

edjshelton avatar Sep 04 '23 09:09 edjshelton

I will have a look into trivy+operator and how it is deployed and maybe we can apply the same setup to Aquasec/Postee as well. I personally would like to get rid of maintaining an ARM64 build for Postee all the time.

smangels avatar Nov 03 '23 12:11 smangels

We could make use of docker buildx bake to achieve that in a reusable well-structured manner. https://docs.docker.com/build/bake/reference/

See the example below.

variable "DOCKER_POSTEE_VERSION" {
    # consumed from CI environment
}

variable "DOCKER_ECR_REPO" {
    # consumed from CI environment
}

variable "DOCKER_TARGET_ENV" {
   # consumed from CI environment
}

variable "DOCKER_TEAM" {
    # consumed from CI environment
}

variable "DOCKER_VCS_URL" {
    # consumed from CI environment
}

variable "CI_COMMIT_SHA" {
    # consumed from GITLAB environment
}

function "short-hash" {
    params = [ hash ]
    result = length(regexall("[0-9a-fA-F]{7,40}", hash)) > 0 ? substr(hash, 0, 7) : "invalid"
}

group "default" {
    targets = [ "postee", "postee-ui" ]
}

target "postee-base" {
    platforms = ["linux/arm64"]
    labels = {
        "com.aquasec.release": "${DOCKER_POSTEE_VERSION}",
        "com.aquasec.responsible-team": "${DOCKER_TEAM}",
        "com.aquasec.vcs.gitlab.url": "${DOCKER_VCS_URL}"
        "com.aquasec.vcs.commit.sha": "${short-hash(CI_COMMIT_SHA)}"
    }
}

target "postee" {
    inherits = ["postee-base"]
    dockerfile = "Dockerfile"
    tags = ["${DOCKER_ECR_REPO}/${target.postee.name}:${DOCKER_TARGET_ENV}-${short-hash(CI_COMMIT_SHA)}"]
}

target "postee-ui" {
    inherits = ["postee-base"]
    dockerfile = "Dockerfile.ui"
    tags = ["${DOCKER_ECR_REPO}/${target.postee-ui.name}:${DOCKER_TARGET_ENV}-${short-hash(CI_COMMIT_SHA)}"]
}

We are running the following command to build and push it to our ECR@AWS based repositories.

push:
	CI_COMMIT_SHA=${CI_COMMIT_SHA} \
	DOCKER_POSTEE_VERSION=v2.14.0 \
	docker buildx bake -f ./docker-bake.arm64.hcl --push

smangels avatar Nov 03 '23 12:11 smangels