Migrate go-build base to UBI #490
Conversation
hjiawei
force-pushed
the
migrate-ubi
branch
16 times, most recently
from
c569592
to
02570a4
Compare
|
The amd64 build failure is due to |
|
Validated by projectcalico/calico#8103. |
This change is for amd64 for now.
k8s dropped 32 bit linux/arm support from v1.27+ [1]. [1] kubernetes/kubernetes#115742
| # https://github.com/golang/go/issues/14739#issuecomment-324767697 | ||
| GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ | ||
| # https://www.google.com/linuxrepositories/ | ||
| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \ |
There was a problem hiding this comment.
Do we need to check SHA and signature? Won't the signature do that implicitly?
There was a problem hiding this comment.
gpg --verify failed with "Can't check signature: No public key" error without these keys.
There was a problem hiding this comment.
My question was about the separate SHA sum check. Do we need to do both?
There was a problem hiding this comment.
I see. You are right. The double-check seems to be redundant.
| push-manifest: | ||
| # Docker login to hub.docker.com required before running this target as we are using $(HOME)/.docker/config.json holds the docker login credentials | ||
| docker run -t --entrypoint /bin/sh -v $(HOME)/.docker/config.json:/root/.docker/config.json $(ARCHIMAGE) -c "/usr/bin/manifest-tool push from-args --platforms $(call join_platforms,$(ARCHES)) --template $(DEFAULTIMAGE)-ARCHVARIANT --target $(DEFAULTIMAGE)" | ||
| docker manifest create $(DEFAULTIMAGE) \ |
There was a problem hiding this comment.
Presumably this is just a nice cleanup now that manifest tool has been merged into docker itself?
There was a problem hiding this comment.
Looks like the manifest command is merged into docker cli around 2017 and major projects switched to use that.
Co-authored-by: Shaun Crampton <[email protected]>
|
@aalaesar We plan to drop arm 32bit arm support in future Calico releases. This is due to the dropped 32bit arm support from Kubernetes vendor and unsupported 32bit arm architecture from Red Hat UBI base. I believe arm64 (v8+) is more common from major cloud providers and many edge devices are (start) migrating to arm64 for better performance. As you are the original contributor for this port, do you have any concerns or suggestions for us? |
| github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= | ||
| github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl | ||
| github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= |
There was a problem hiding this comment.
GitHub fingerprints are taken from GitHub's SSH key fingerprints.
Hello there ! Regards |
There was a problem hiding this comment.
Thank you very much @hjiawei. This is great.
I approved from my side; please wait for dev team to approve as well.
This change migrates go-build base image from Debian to UBI. It also unifies multiarch Dockerfiles into one for better maintainability. 32 bit linux/arm platform is dropped because Kubernetes also dropped it since v1.27.