Skip to content

Support both arm64 and amd64 architectures

Nick Ilieskou requested to merge support/arm64 into main

What does this MR do?

  • Removes future builds which are not being used
  • Builds image for both arm64 and amd64 using the respective runners.
  • When we make a release we push the following images:
    • vx.y.z-arm64: This is an actual image build for arm64
    • vx.y.z-amd64: This is an actual image build for amd64
    • vx.y.z: This is just a reference (manfiest). The size will be 0 bytes. The user will use this path to download the image. Depending on what machine he is in the correct arch will be chosen

Further info

I tested the release process using registry.gitlab.com/gitlab-org/security-products/analyzers/trivy-k8s-wrapper/exp and running the release job. Be aware that I haven't tested the last part of the release job where we push the image to registry.gitlab.com/gitlab-org/security-products/trivy-k8s-wrapper.

Below you can see the manifest that I was able to create.

docker manifest inspect registry.gitlab.com/gitlab-org/security-products/analyzers/trivy-k8s-wrapper/exp:0.2.13
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1580,
         "digest": "sha256:92ac63186e873f46d8c1133efeadbe0befb21ec615f02c2d39e0c4ad1e301a05",
         "platform": {
            "architecture": "amd64",  <-----------------------------------------------------------------
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1580,
         "digest": "sha256:a5d5b793405878ff8937a42e560a702dc74992a819b4afcd6685da111b696f73",
         "platform": {
            "architecture": "arm64",<-----------------------------------------------------------------
            "os": "linux"
         }
      }
   ]
}

When we look at the images it should look like this: image

Notice the 0 bytes in the actual version. The same is done in the gitlab-agent releases for fips: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/container_registry/3516669

Testing

I tested the release job by enabling the release job on a MR pipeline. I pushed the release on the trivy-k8s-wrapper/exp instead of trivy-k8s-wrapper to avoid polluting our container registry. You can see the logs of the release job here.

Why are we doing this?

So that OCS can run on arm64 clusters

What are the relevant issue numbers?

gitlab-org/gitlab#442804 (closed)

Edited by Nick Ilieskou

Merge request reports