The Toybox images had two issues:
1. Distroless does not support /bin -> /usr/bin so we needed to
create it manually to get /bin/bash for Toybox. However, with this
Openshift image validation complains that we are touching the "base"
image.
2. We could not use buildkit since it fails with /bin symlink
copied over /bin directory from Distroless.
The simple fix is just to move away from all /bin/sh and /bin/bash
and use "/usr/bin/env bash" to resolve the path instead. This allows
to keep /bin untouched.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Our *.Dockefile's allow builders to specify FINAL_BASE base image
to which static binaries are copied for the final image.
Initcontainers install toybox with a minimum set of "coreutils"
needed but with some final base images the minimum set can be
even smaller since they may already have /bin/sh, ls etc. installed.
Make initcontainers to have base image specific toybox-config.
For now, "static" for distroles/static and "ubi8-micro" for
UBI base image configs are created.
At the same time, move the toybox build to "usrmerge" based
setup where everything is installed to /usr/bin and /bin is
a symlink to /usr/bin. buildkit does not seem to like it so
disable buildkit usage for now.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
buildah 1.19.4 and its dependencies when installed from the
libcontainers OBS repo, defaulted to crun and that made the
image builds to fail.
By forcing buildah to use runc instead, everything works OK.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Users had no options to specify extra builder arguments to $BUILDER.
With this patch it's possible, e.g., to build QAT plugin with kernel
mode support:
make intel-qat-plugin EXTRA_BUILD_ARGS="--build-arg TAGS_KERNELDRV=kernel
Fixes: #234
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The SRCREV tag becomes a RepoTag we end up having those tags in the
registry too.
To keep the registry clean, drop SRCREV tags.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
In preparations to get some of the images to hub.docker.com/intel,
start using intel/ prefix.
Moreover, set the Makefile variables so that the images built
by make [images|demos] can easily be pushed to any registry/org
by 'docker push' (e.g., by Jenkins).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Added alternative builder for project images: buildah
https://github.com/containers/buildah
Considering that some of our plugins use CRI-O runtime it could be
a good idea to get rid of docker as a builder. It should allow us
not to run docker daemon at all, even for build purposes.
Kubernetes also goes this way encouraging users to switch to CRI
runtimes (CRI-O and containerd), so having non-docker builds supported
looks good from this perspective too.
