vouch-proxy icon indicating copy to clipboard operation
vouch-proxy copied to clipboard
verified publisher icon vouch

support multi-arch (linux/amd64 and linux/arm64) containers

Open ellisonch opened this issue 1 year ago • 3 comments

Describe the problem Right now, you seem to have separate images for different architectures (and also the arm images only live on dockerhub?) This makes things annoying to use in multi-arch setups, because things have to be coded different to use different architectures, and, it makes things annoying for you because you wind up having to tag everything based on the architecture.

Instead, Docker containers can be built to support multiple architectures in the same image. Basically, they combine multiple images into one image, and the client only uses the image of the appropriate architecture. This is how your base docker image (currently golang 1.23) works, e.g.,

$ docker manifest inspect golang:1.23
{
   "manifests": [
      {
         ...
         "digest": "sha256:0ace92a91fb174f5ec759b39ce66ba365237b1b5ee8b35ff311e46659f05ef68",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         ...
         "digest": "sha256:25b386fbca07c70451d8f6c8fc617d5a2a4fbc7872708b52bc49f322298ff935",
         "platform": {
            "architecture": "arm",
            "os": "linux",
            "variant": "v7"
         }
      },
      {
         ...
         "digest": "sha256:f2438f09939b6bce3d97a82d49d74af16fffcbd114d417c5f02240c44a61ea24",
         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }
      },
...

So you wouldn't have to deal with having to tag vouch-proxy:latest-arm or vouch-proxy:latest-amd (and all the thousand version variants) separately; you'd just have e.g., vouch-proxy:latest, and it would be a multi-arch image.

Additional context In your build process, it's basically as simple as using

docker buildx create --use --name multiarch
docker buildx build --push --platform=linux/arm64,linux/amd64 ...

or as many different platforms as (say) the base image supports.

Edit: Interestingly, it seems your ARM image actually IS a multi-arch image that supports armv7 and armv8. Why not keep combining architectures together? :)

ellisonch avatar Dec 11 '24 19:12 ellisonch

@ellisonch Interesting! I'm not opposed to supporting an additional image such as vouch-proxy:latest-mulit-arch but in the spirit of "not changing userspace" or expected behavior I'd prefer to add a new image and keep the others as-is.

PR welcome

bnfinet avatar Dec 11 '24 20:12 bnfinet

@bnfinet I am unsure I understand the concern around the image: adding multi architecture images with the same image tag should/would leave the x86 based image in place and transparently support migration between x86 and arm. The arm, and x86 images would be published separately and made available on an image manifest. The docker client will resolve the tag to the correct architecture.

punkle avatar Apr 09 '25 11:04 punkle

I would favor the initial approach I took #593, however here is the option you have proposed #594

Im happy with either approach.

punkle avatar Apr 09 '25 12:04 punkle

Okay, I'm convinced. I'll merge #593

Thanks as always for your support of VP @punkle . Sorry it's taken me so long to review this.

bnfinet avatar Jul 23 '25 21:07 bnfinet