Multi-arch support for gcr.io/kubebuilder/kube-rbac-proxy instead of produce the same image for different architectures

[camilamacedo86]

trafficstars

What do you want to happen?

Currently, the image gcr.io/kubebuilder/kube-rbac-proxy used in the default scaffold does not support the architectures:

• linux/arm64
• linux/ppc64le
• linux/s390x
• drawin/arm64

See:

 docker inspect manifest gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
[
    {
        "Id": "sha256:29589495df8d994d4b8b7a59053569a43fb35c001fdf151984b225cbf4718d32",
        "RepoTags": [
            "gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0"
        ],
        "RepoDigests": [
            "gcr.io/kubebuilder/kube-rbac-proxy@sha256:0df4ae70e3bd0feffcec8f5cdb428f4abe666b667af991269ec5cb0bbda65869"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-08-10T14:10:51.141141441Z",
        "Container": "ffefea70863dd95755ebb2c7f999ca01091d3ac014982f98d50b9dfae8d4d386",
        "ContainerConfig": {
            "Hostname": "ffefea70863d",
            "Domainname": "",
            "User": "65532:65532",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "ENTRYPOINT [\"/usr/local/bin/kube-rbac-proxy\"]"
            ],
            "Image": "sha256:038e408a8b6cd8b8f34876592b8c51687850daaabded9f3e6030875a3c57b240",
            "Volumes": null,
            "WorkingDir": "/home/nonroot",
            "Entrypoint": [
                "/usr/local/bin/kube-rbac-proxy"
            ],
            "OnBuild": null,
            "Labels": {}
        },
        "DockerVersion": "20.10.7+azure",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "65532:65532",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
            ],
            "Cmd": null,
            "Image": "sha256:038e408a8b6cd8b8f34876592b8c51687850daaabded9f3e6030875a3c57b240",
            "Volumes": null,
            "WorkingDir": "/home/nonroot",
            "Entrypoint": [
                "/usr/local/bin/kube-rbac-proxy"
            ],
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 46556979,
        "VirtualSize": 46556979,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/73d4231cae03c00a3591b9b9d22ff82eede2127de3da57f7126e89baae2fbc1c/diff",
                "MergedDir": "/var/lib/docker/overlay2/b58dc8f834aed6a82587ba84a485aef991de0f3d9c9a03b094c5fa8fd5abb3a1/merged",
                "UpperDir": "/var/lib/docker/overlay2/b58dc8f834aed6a82587ba84a485aef991de0f3d9c9a03b094c5fa8fd5abb3a1/diff",
                "WorkDir": "/var/lib/docker/overlay2/b58dc8f834aed6a82587ba84a485aef991de0f3d9c9a03b094c5fa8fd5abb3a1/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:07363fa8421000ad294c2881d17b0535aabdd17ced2a874eb354a9d8514d3d59",
                "sha256:403053629724661b3dd0ed60f9647e1dccf12223d54e278a36bd65f455ddba55"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

In this way, I'd like to raise this ticket for we began to produce this image supporting all architecture defined above for the same image instead of creating many images for each case.

The change shows required to be done in:

Why? What is the motivation and use case?

I am an Operator author, I would like to scaffold projects which can be supported and work on clusters with different architectures so that I do not need to produce one project for each architecture.

Possible Solution

Change the script https://github.com/kubernetes-sigs/kubebuilder/blob/kube-rbac-proxy-releases/build/build.sh to use https://docs.docker.com/engine/reference/commandline/buildx_build/ and build one image that can work in the default architectures described above.

[asmacdo]

@camilamacedo86 thanks for helping me out, I'd love to give this one a try.

[camilamacedo86]

Thank you @asmacdo a lot /assign @asmacdo

The changes need to be done against this branch : https://github.com/kubernetes-sigs/kubebuilder/tree/kube-rbac-proxy-releases

We can the script with the args: https://github.com/kubernetes-sigs/kubebuilder/blob/kube-rbac-proxy-releases/build/cloudbuild_kube-rbac-proxy.yaml#L23

And the script to build the image is here: https://github.com/kubernetes-sigs/kubebuilder/blob/kube-rbac-proxy-releases/build/build.sh

[camilamacedo86]

I checked this one and I could validate that the default image provides support for all platforms. See: https://console.cloud.google.com/gcr/images/kubebuilder/global/kube-rbac-proxy@sha256:d99a8d144816b951a67648c12c0b988936ccd25cf3754f3cd85ab8c01592248f/details?tab=manifest

Therefore, we can close this one.