This is the part 2 of the work to move our published container images
to new base images. The initcontainers will be based on
distroless/static and the VPU plugin is based on Debian.
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
All but one (VPU) of the published container images can be built with
static binaries which allows us to use distroless/static as the
base image. Moreover, when combined with stripping the plugin binaries,
we can get both build time and image size savings.
This is the part 1 (out of 2) of the rework. Part 2 will finish the
change by making some adjustments to VPU plugin image and moving the
FPGA/SGX/GPU initcontainers to distroless/static too.
Partial: #516
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
This reverts commit 6c02ff51fc.
crun fails to build the images [1] but when setting BUILDAH_RUNTIME
to runc the workaround is no longer needed.
[1] https://github.com/containers/podman/issues/9378
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
buildah 1.19.4 and its dependencies when installed from the
libcontainers OBS repo, defaulted to crun and that made the
image builds to fail.
By forcing buildah to use runc instead, everything works OK.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This adds an nfd-hook for the gpu-plugin, which will create labels
for the GPUs that can then be used for POD deployment purposes or
creation of GPU extended resources which allow then finer grained
GPU resource management.
The nfd-hook will install to the host system when the
intel-gpu-initcontainer is run. It is added into the plugin deployment
yaml.
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
Also, fix intel-vpu-plugin.Dockerfile build to get CI
passing. Clear Linux changed the license file names and
we had the name 'COPYING' hard coded which made install to fail.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Users had no options to specify extra builder arguments to $BUILDER.
With this patch it's possible, e.g., to build QAT plugin with kernel
mode support:
make intel-qat-plugin EXTRA_BUILD_ARGS="--build-arg TAGS_KERNELDRV=kernel
Fixes: #234
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
swupd os-install fails (clearlinux/swupd-client/issues/1369) if
"--bundles=os-core" is used. It was confirmed that os-core is
always installed first regardless of what other --bundles are
specified.
To get the builds working, we move to rely on that implicit os-core
install.
Fixes: #330
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit adds a script that is (primarily) used in Dockerfiles
to install runtime Go dependencies' LICENSE/NOTICE files into the
image and modifies the Dockerfiles to use the script.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The SRCREV tag becomes a RepoTag we end up having those tags in the
registry too.
To keep the registry clean, drop SRCREV tags.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
In preparations to get some of the images to hub.docker.com/intel,
start using intel/ prefix.
Moreover, set the Makefile variables so that the images built
by make [images|demos] can easily be pushed to any registry/org
by 'docker push' (e.g., by Jenkins).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- used ENTRYPOINT instead of CMD in plugin and admission webhook
Dockerfiles to avoid duplicating commands in the pod yamls
- fixed path to deploy.sh script in fpga initcontainer Dockerfile
- Migrate to OPAE 1.3.2
- Build all the tools from the source
- ignore files in workspace
- minimal fpga_tool utility to check gbs/aocx file parsing and flashing
- implemented kernel IOCTL based flashing of bitstreams
- add PCI and sysfs functions
Added alternative builder for project images: buildah
https://github.com/containers/buildah
Considering that some of our plugins use CRI-O runtime it could be
a good idea to get rid of docker as a builder. It should allow us
not to run docker daemon at all, even for build purposes.
Kubernetes also goes this way encouraging users to switch to CRI
runtimes (CRI-O and containerd), so having non-docker builds supported
looks good from this perspective too.
