New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup k8s cluster for aarch64 for PROW #3413
Comments
Is it possible that instead of creating one prowjob which spins up a pod to build arm64 and amd64 images, we instead create two prowjobs, one for arm64 and one for amd64 which build locally? Then we join the images using I think that will facilitate testing better as well, since then we can build+test on the same pod. Its also a lot more secure (no need to have huge permission of pod create) and portable (no dependency on Kubernetes - today we just use Kubernetes as a dump pod scheduler, the jobs could easily be ran in any other environment) |
Yes, it could be, but project like tools, proxy may need to changes a lot to bump the new workflow. |
@howardjohn could you help @AWSjswinney to setup an env for arm64 builds. I understand your points. |
I think each project is different: istio/proxy: we don't use docker at all, its all bazel. Pretty much need different machines here I think |
Yes. We could just setup a cluster for arm64 only. Once this PR merge istio/istio#33763. (hope it could be before release-1.11) I start to setup a CI in github-actions with self-hosted arm64 runner.
When cluster for arm64 ready, istio could offical release multi-arch images. |
Blocked by kubernetes/test-infra#24783 |
The 'red' step is we need todo. graph LR
classDef todo fill:#ffb3b3,stroke:#000;
classDef repo fill:#ffb808,stroke:#000;
object-storage[(object storage)]
subgraph prow-arm64
image-build-tools-proxy-arm64(build-tools-proxy:arm64):::todo
-.->build-envoy-arm64((build envoy arm64)):::todo
end
subgraph prow-amd64
image-build-tools-proxy-amd64(build-tools-proxy:amd64)
-.->build-envoy-amd64((build envoy amd64))
image-build-tools-amd64(build-tools:amd64)
-.->build-istio-images((build istio images))
-->istio-images(istio/*:*)
end
istio-build-tools:::repo
-->|clone & build image| image-build-tools-amd64 & image-build-tools-proxy-amd64 & image-build-tools-proxy-arm64
istio-proxy:::repo
-->|clone| build-envoy-amd64 & build-envoy-arm64
build-envoy-amd64 --> |envoy-amd64| object-storage
build-envoy-arm64 --> |envoy-arm64| object-storage
object-storage -->|download envoy-*| build-istio-images
istio:::repo
-->|clone| build-istio-images
|
This is done now .Thanks everyone! |
We could switch docker buildx builder driver from
docker-container
tokubernetes
Once we an aarch64 node (at least 12cpu) Prow k8s cluster, we could upgrade some prow.yaml
Example for
containers-test_tools
https://prow.istio.io/prowjob?prowjob=8db095b7-dac8-11eb-ac46-e64a9a7495cbFirst important step for all, should add a nodeSelector to make sure old jobs work well
Then we could create container-builder
The service-account for job should have full access of Deployments and Pods in namespace
buildkit
(or other namespace)(could the service-account mounted have those permission? @howardjohn )
If not easy to add a aarch64 host in Google Cloud, could setup multi-arch container-builder in other environment, then link the remote one by
KUBECONFIG
Then we could have a multi-arch builder
When we use
docker buildx build --platform=linux/amd64,linux/arm64
we could build for each archs at same time.
In this way, could easy to work well with current CI workflow.
The text was updated successfully, but these errors were encountered: