teleport icon indicating copy to clipboard operation
teleport copied to clipboard

Published 20 hours ago verified publisher icon gravitational

Added multiarch Teleport container images

Open fheinecke opened this issue 2 years ago • 5 comments

The primary purpose of this PR is to add multiarch Teleport container images. This includes amd64, arm, and arm64 images under the $MAJOR_VERSION tag on each release.

Due to the complexity of how we handle building and publishing container images this PR includes a number of other changes:

  • Removed old/unneeded Makefile targets that pertain to building images.
  • Reduced the number of Dockerfiles that are involved with building images from four to one consistent, unified file.
  • Added multiarch support for Teleport lab, along with Teleport lab for enterprise/fips.
  • Moved all CI/CD related image building logic into dronegen and the new "unified" Dockerfile. Previously this logic was spread across two repos, two makefiles, a few dozen makefile targets, four Dockerfiles, Dronegen, and lots of manual entries in .drone.yml
  • Updated makefiles to use the new Dockerfile
  • Refactored several Dronegen functions that are now used in multiple pipelines
  • Refactored several makefile targets to support local archive building, deb building, and image building from source

Regarding multiarch container builds the following features have been added:

  • Separate arch-specific images/tags for each major version
  • Image manifest for each major version that "points" to each arch-specific image
  • Publishing to all three container repos (ECR staging, ECR production, Quay)
  • Highly parallelized/efficient container image pipelines that properly build a DAG for step dependencies, executing as many as possible at once
  • All images will continue to be rebuilt/update daily to ensure the latest upstream packages are installed, across the latest three major Teleport versions
  • Wrote dronegen so that it should be very easy to add/remove Dockerfiles (such as the Teleport k8s operator), ISAs, and container repositories

This PR still needs some testing however I'm opening it up now to get some code review in the meantime.

fheinecke avatar Aug 13 '22 00:08 fheinecke

@fheinecke - this PR is large and will require admin approval to merge. Consider breaking it up into a series smaller changes.

github-actions[bot] avatar Aug 13 '22 00:08 github-actions[bot]

@logand22 Added you as reviewer for this PR because you've been making changes to how our container images are published.

russjones avatar Aug 13 '22 15:08 russjones

@fheinecke, Are the updates in webassets and e submodules required?

tigrato avatar Aug 15 '22 14:08 tigrato

@fheinecke, Are the updates in webassets and e submodules required?

@tigrato There is a minor change required that can be merged after this PR (https://github.com/gravitational/teleport.e/compare/master...fred/arm-container-images, PR pending)

fheinecke avatar Aug 15 '22 15:08 fheinecke

@tcsc @logand22 Can you guys re-review this?

r0mant avatar Sep 16 '22 19:09 r0mant

Since this is such a large PR, I'd like to see some type of passing test before finishing the review. From what I tested locally there are some broken parts of the local image building process.

100% agree - I'll be opening the first of several split PRs based upon this one in a few minutes.

fheinecke avatar Sep 23 '22 17:09 fheinecke

Closing in favor of https://github.com/gravitational/teleport/pull/16688 which is a smaller subset of this PR.

fheinecke avatar Sep 23 '22 19:09 fheinecke