Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable envoy images build on Arm CI environments #11813

Merged
merged 7 commits into from
Jul 30, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions .azure-pipelines/pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,8 @@ jobs:
condition: always()

- job: docker
displayName: "Linux-x64 docker"
dependsOn: ["release"]
displayName: "Linux multi-arch docker"
dependsOn: ["release","release_arm64"]
condition: and(succeeded(), eq(variables['PostSubmit'], 'true'), ne(variables['Build.Reason'], 'PullRequest'))
pool:
vmImage: "ubuntu-18.04"
Expand All @@ -135,10 +135,17 @@ jobs:
itemPattern: "bazel.release/envoy_binary.tar.gz"
downloadType: single
targetPath: $(Build.StagingDirectory)

- task: DownloadBuildArtifacts@0
inputs:
buildType: current
artifactName: "bazel.release.arm64"
itemPattern: "bazel.release.arm64/envoy_binary.tar.gz"
downloadType: single
targetPath: $(Build.StagingDirectory)
- bash: |
set -e
tar zxf $(Build.StagingDirectory)/bazel.release/envoy_binary.tar.gz
mkdir -p linux/amd64 && tar zxf $(Build.StagingDirectory)/bazel.release/envoy_binary.tar.gz -C ./linux/amd64
mkdir -p linux/arm64 && tar zxf $(Build.StagingDirectory)/bazel.release.arm64/envoy_binary.tar.gz -C ./linux/arm64
ci/docker_ci.sh
workingDirectory: $(Build.SourcesDirectory)
env:
Expand Down
5 changes: 2 additions & 3 deletions ci/Dockerfile-envoy
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
ARG BUILD_FROM=ubuntu:18.04


# Build stage
FROM $BUILD_FROM as build

Expand All @@ -17,7 +16,7 @@ RUN apt-get update \

# Final stage
FROM $BUILD_FROM

ARG TARGETPLATFORM
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y ca-certificates \
Expand All @@ -31,7 +30,7 @@ RUN adduser --group --system envoy

RUN mkdir -p /etc/envoy

ADD build_release_stripped/envoy /usr/local/bin/envoy
ADD ${TARGETPLATFORM}/build_release_stripped/envoy /usr/local/bin/envoy
ADD configs/google_com_proxy.v2.yaml /etc/envoy/envoy.yaml

EXPOSE 10000
Expand Down
4 changes: 2 additions & 2 deletions ci/Dockerfile-envoy-alpine
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM frolvlad/alpine-glibc:alpine-3.12_glibc-2.31

RUN mkdir -p /etc/envoy

ADD build_release_stripped/envoy /usr/local/bin/envoy
ADD linux/amd64/build_release_stripped/envoy /usr/local/bin/envoy

ADD configs/google_com_proxy.v2.yaml /etc/envoy/envoy.yaml
RUN apk add --no-cache shadow su-exec \
&& addgroup -S envoy && adduser --no-create-home -S envoy -G envoy
Expand Down
3 changes: 1 addition & 2 deletions ci/Dockerfile-envoy-alpine-debug
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
FROM frolvlad/alpine-glibc:alpine-3.12_glibc-2.31

RUN mkdir -p /etc/envoy

ADD build_release/envoy /usr/local/bin/envoy
ADD linux/amd64/build_release/envoy /usr/local/bin/envoy
ADD configs/google_com_proxy.v2.yaml /etc/envoy/envoy.yaml
RUN apk add --no-cache shadow su-exec \
&& addgroup -S envoy && adduser --no-create-home -S envoy -G envoy
Expand Down
56 changes: 47 additions & 9 deletions ci/docker_ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,59 @@
# CI logs.
set -e

# Setting environments for buildx tools
config_env(){
# Qemu configurations
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

# Remove older build instance
docker buildx rm multi-builder | true
docker buildx create --use --name multi-builder --platform linux/arm64,linux/amd64
}

build_images(){
TYPE=$1
BUILD_TAG=$2

# Only build/push envoyproxy/envoy multi-arch images since others still do not support.
if [ -z "${TYPE}" ]; then
docker buildx build --platform linux/arm64 -f ci/Dockerfile-envoy"${TYPE}" -t ${BUILD_TAG} .
# Export envoyproxy/envoy amd64 image which will be used for building envoyproxy/envoy-google-vrp
docker buildx build --platform linux/amd64 -f ci/Dockerfile-envoy"${TYPE}" -o type=docker -t ${BUILD_TAG} .
elif [ "${TYPE}" == "-google-vrp" ]; then
# The envoyproxy/envoy-google-vrp is based on envoyproxy/envoy image. So it is built from cache envoyproxy/envoy:local
docker build -f ci/Dockerfile-envoy"${TYPE}" --cache-from "${DOCKER_IMAGE_PREFIX}:local" -t ${BUILD_TAG} .
else
docker build -f ci/Dockerfile-envoy"${TYPE}" -t ${BUILD_TAG} .
fi
}

push_images(){
TYPE=$1
BUILD_TAG=$2

if [ -z "${TYPE}" ]; then
# Only push envoyproxy/envoy multi-arch images since others still do not support.
docker buildx build --platform linux/arm64,linux/amd64 --push -f ci/Dockerfile-envoy"${TYPE}" -t ${BUILD_TAG} .
else
docker tag "${DOCKER_IMAGE_PREFIX}${TYPE}:local" ${BUILD_TAG}
docker push ${BUILD_TAG}
fi
}

# This prefix is altered for the private security images on setec builds.
DOCKER_IMAGE_PREFIX="${DOCKER_IMAGE_PREFIX:-envoyproxy/envoy}"

# "-google-vrp" must come afer "" to ensure we rebuild the local base image dependency.
BUILD_TYPES=("" "-alpine" "-alpine-debug" "-google-vrp")

# Configure docker-buildx tools
config_env

# Test the docker build in all cases, but use a local tag that we will overwrite before push in the
# cases where we do push.
for BUILD_TYPE in "${BUILD_TYPES[@]}"; do
docker build -f ci/Dockerfile-envoy"${BUILD_TYPE}" -t "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}:local" .
build_images "${BUILD_TYPE}" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}:local"
done

MASTER_BRANCH="refs/heads/master"
Expand Down Expand Up @@ -42,21 +85,16 @@ fi
docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD"

for BUILD_TYPE in "${BUILD_TYPES[@]}"; do
docker tag "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}:local" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${IMAGE_NAME}"
docker push "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${IMAGE_NAME}"
push_images "${BUILD_TYPE}" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${IMAGE_NAME}"

# Only push latest on master builds.
if [[ "${AZP_BRANCH}" == "${MASTER_BRANCH}" ]]; then
docker tag "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}:local" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:latest"
docker push "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:latest"
push_images "${BUILD_TYPE}" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:latest"
fi

# Push vX.Y-latest to tag the latest image in a release line
if [[ "${AZP_BRANCH}" =~ ${RELEASE_TAG_REGEX} ]]; then
RELEASE_LINE=$(echo "$IMAGE_NAME" | sed -E 's/(v[0-9]+\.[0-9]+)\.[0-9]+/\1-latest/')
docker tag "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}:local" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${RELEASE_LINE}"
docker push "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${RELEASE_LINE}"
push_images "${BUILD_TYPE}" "${DOCKER_IMAGE_PREFIX}${BUILD_TYPE}${IMAGE_POSTFIX}:${RELEASE_LINE}"
fi
done


1 change: 1 addition & 0 deletions docs/root/version_history/current.rst
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ New Features
------------

* access log: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% <config_access_log_format_response_flags>` as a response flag.
* build: enable building envoy arm64 images by buildx tool in x86 CI platform.
* dynamic_forward_proxy: added :ref:`use_tcp_for_dns_lookups<envoy_v3_api_field_extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig.use_tcp_for_dns_lookups>` option to use TCP for DNS lookups in order to match the DNS options for :ref:`Clusters<envoy_v3_api_msg_config.cluster.v3.Cluster>`.
* ext_authz filter: added support for emitting dynamic metadata for both :ref:`HTTP <config_http_filters_ext_authz_dynamic_metadata>` and :ref:`network <config_network_filters_ext_authz_dynamic_metadata>` filters.
* grpc-json: support specifying `response_body` field in for `google.api.HttpBody` message.
Expand Down