autocert icon indicating copy to clipboard operation
autocert copied to clipboard

Published 20 hours ago verified publisher icon smallstep

This does not run on RPI (aarm64)

Open blmhemu opened this issue 5 years ago • 16 comments

What would you like to be added

Support for aarm64

default pod/autocert-step-certificates-0 0/1 CrashLoopBackOff 6 9m13s default pod/autocert-854c8956dd-mp7j5 0/1 Running 6 9m13s default pod/autocert-lg46f 0/1 Error 0 9m13s default pod/autocert-wgrqd 0/1 Error 0 7m40s default pod/autocert-l6crm 0/1 Error 0 6m32s default pod/autocert-mtz2z 0/1 Error 0 5m52s

Looks like one or two containers might be running but others are failing.

blmhemu avatar Aug 19 '20 10:08 blmhemu

Issue could be related to Dockerfile using step-cli:0.14.2, which doesn't support arm64: https://github.com/smallstep/autocert/blob/ef4f27c7015af9e34894a2ee22ab629feb404ee2/bootstrapper/Dockerfile#L1

Try rebuilding it with FROM smallstep/step-cli:0.15.0

fastlorenzo avatar Aug 21 '20 23:08 fastlorenzo

Thanks @fastlorenzo! Going to close this, but please reopen if you're still finding an issue.

dopey avatar Aug 24 '20 16:08 dopey

I'm seeing this on rpi4:

Linux pi01.pico 5.4.0-1015-raspi #15-Ubuntu SMP Fri Jul 10 05:34:24 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux
ubuntu@pi01:~$ sudo docker run -it --rm smallstep/autocert-controller:0.12.2
standard_init_linux.go:211: exec user process caused "exec format error"

It looks like there are not arm64 images on dockerhub: https://hub.docker.com/r/smallstep/autocert-controller/tags

gclawes avatar Aug 30 '20 19:08 gclawes

FYI, I've built and published docker images that support ARM on docker hub: https://hub.docker.com/r/fastlorenzo/autocert-controller

fastlorenzo avatar Aug 30 '20 20:08 fastlorenzo

@fastlorenzo @gclawes Sounds like we need aarm64 (& others) builds of auto-cert, not just certificates. I'll go ahead and re-open this one.

Hopefully it's not too difficult to port over the buildx stuff that we've got doing this in certificates.

dopey avatar Sep 01 '20 17:09 dopey

@dopey I've actually rebuilt all docker images with arm support:

  • https://hub.docker.com/r/fastlorenzo/autocert-init
  • https://hub.docker.com/r/fastlorenzo/autocert-controller
  • https://hub.docker.com/r/fastlorenzo/autocert-bootstrapper
  • https://hub.docker.com/r/fastlorenzo/autocert-renewer
  • https://hub.docker.com/r/fastlorenzo/step-ca-bootstrap

fastlorenzo avatar Sep 01 '20 17:09 fastlorenzo

FYI I did it with GitHub workflow leveraging buildx: https://www.github.com/fastlorenzo/autocert/tree/master/.github%2Fworkflows

fastlorenzo avatar Sep 01 '20 17:09 fastlorenzo

@fastlorenzo wow, thanks for creating those workflows, we don't have yet experience with GitHub workflows, but we might integrate them in autocert.

maraino avatar Sep 01 '20 20:09 maraino

Awesome, looking forward to have arm support in official docker builds :)

fastlorenzo avatar Sep 01 '20 22:09 fastlorenzo

Update all Dockerfiles to most recent cli version. Hopefully that's the fix.

dopey avatar Nov 24 '20 18:11 dopey

https://github.com/smallstep/autocert/blob/master/controller/Dockerfile https://github.com/smallstep/autocert/blob/master/bootstrapper/Dockerfile https://github.com/smallstep/autocert/blob/master/renewer/Dockerfile https://github.com/smallstep/autocert/blob/master/init/Dockerfile

dopey avatar Nov 24 '20 18:11 dopey

https://github.com/smallstep/autocert/blob/master/init/Dockerfile#L14

dopey avatar Nov 24 '20 19:11 dopey

Hey @blmhemu our thinking is that most of the issue is the v0.14.2 of cli hardcoded in a number of different files that I listed above. We're wondering if changing that to v0.15.3 and also updating the autocert/init dockerfile to use the correct linux distro (amd64, arm, etc.).

If anyone has an arm kubernetes cluster and can test if this would work, we'd be very appreciative.

dopey avatar Nov 24 '20 23:11 dopey

I've got an RPI cluster I can test with.

gclawes avatar Nov 26 '20 03:11 gclawes

I can confirm that I was able to deploy autocert and issue certs successfully using @fastlorenzo images on a k3s arm64 cluster. (I'm using odroid instead of rpi, but still arm)

My values.yml file looks like this:

step-certificates:
  image:
    tag: 0.15.4

autocert:
  image:
    repository: fastlorenzo/autocert-controller
    tag: latest

bootstrapper:
  image:
    repository: fastlorenzo/autocert-bootstrapper
    tag: latest

renewer:
  image:
    repository: registry.tiagoposse.com/autocert-renewer
    tag: latest

tiagoposse avatar Jan 22 '21 09:01 tiagoposse

Considering using step-cli 0.15.0 fixes support for ARM64, any chance of releasing new images for release 0.13.0 with arm support?

tiagoposse avatar Feb 10 '21 09:02 tiagoposse

cr.step.sm/smallstep/autocert-controller:0.16.0 is only available for amd, even though it is using [email protected]: https://github.com/smallstep/autocert/blob/v0.16.0/controller/Dockerfile#L12

satdeveloping avatar Feb 26 '23 17:02 satdeveloping

Hey @satdeveloping I've uploaded linux/arm64 docker images for the autocert packages to our dockerhub. Can you let me know if this works for you -- https://hub.docker.com/layers/smallstep/autocert-controller/0.17.2-rc1/images/sha256-a190f278ca025effb8e5ca21bd4714ede3ccc607bec90f15f54518e00c3b1636?context=repo.

dopey avatar Mar 09 '23 20:03 dopey

@dopey sorry for the delay. Yes, 0.17.2-rc1 works on arm64

satdeveloping avatar Jun 08 '23 11:06 satdeveloping

@dopey Is this going to land in a stable release anytime soon?

satdeveloping avatar Nov 08 '23 12:11 satdeveloping