chore: Support multi-arch containers build

[kahirokunn]

I have tried to start several controllers of aws-controllers-k8s on an ARM EC2 on AWS, but I get the following error.

exec ./bin/controller: exec format error

To determine the binary format in the Dockerfile, we decided to use TARGETARCH instead of go_arch to facilitate multi-platform build.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[ack-prow]

Hi @kahirokunn. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[acornett21]

If ACK is going to support multi-arch, I feel like it should support the following

PLATFORMS=linux
ARCHITECTURES=amd64 arm64 ppc64le s390x

Also, this would not be the only change to support this (possibly the release jobs/templates might need to change? I'm unsure?)

But at a mimium, if we change this, we should also claim support also update the CSV template to whatever arch's the core maintainers decide to support.

Sample of what that would look like:

labels:
   operatorframework.io/arch.s390x: supported
   operatorframework.io/os.zos: supported
   operatorframework.io/os.linux: supported
   operatorframework.io/arch.amd64: supported
   operatorframework.io/os.linux: supported
   operatorframework.io/arch.ppc64le: supported
   operatorframework.io/os.linux: supported
   operatorframework.io/arch.arm64: supported

File needing updating is here. This would be for metadate.labels field.

[kahirokunn]

If I do them would you please incorporate the PR?

[acornett21]

@kahirokunn I'm not a maintainer of ACK, I'm just a contributor.

[kahirokunn]

@acornett21 I have responded to all the suggestions you have given me. Are they as intended?

[kahirokunn]

@a-hilaly Hi!
I am an AWS and ARM64 lover.
Could you please review this one as well?

[a-hilaly]

Thank you @kahirokunn !

I have few comments in line

/ok-to-test

[a-hilaly]

Not familiar of operatorframework, why are these needed?

[kahirokunn]

@a-hilaly I am not sure either, but they asked me to put it on, so I did.
I don't think this means anything. Do you want me to remove it?
#461 (review)

[kahirokunn]

I don't think it makes sense, so I will remove it.

[acornett21]

I asked for this, since if ACK is going to distribute a multi-arch image, in order for ACK to be available on architectures other then amd64, this enables the operator to be listed on those clusters.

[acornett21]

I see in another comment, that power/s390x aren't supported by the eks container image that ACK uses, for now we should just have

operatorframework.io/os.linux: supported
operatorframework.io/arch.amd64: supported
operatorframework.io/os.linux: supported
operatorframework.io/arch.arm64: supported

[kahirokunn]

I have tested it and it works without it, because the container image supports manifest lists!

[acornett21]

@kahirokunn This has nothing to do with the container. This is needed for distribution of the operator bundles to OLM once released. These annotations instruct the catalog-operator in a cluster what operators can be installed for what architectures. If we leave off these annotations, then the operator will not be able to be installed on any ARM OLM distribution.

[kahirokunn]

@acornett21
I think it is backward compatible since it is not annotated from the beginning.
I have never used OperatorFramework at all, so I don't know how to test it or anything.
Could you please open a PR for OperatorFramework yourself?
Thank you 🙏

[acornett21]

@kahirokunn Please do not resolve this, this is needed like mentioned. Please include this in this PR.

[kahirokunn]

@a-hilaly
I put it in because it was requested, but does it seem to be a problem?

https://access.redhat.com/documentation/ja-jp/openshift_container_platform/4.5/html/operators/olm-enabling-operator-for-multi-arch_osdk-generating-csvs

[a-hilaly]

@a-hilaly Hi!
I am an AWS and ARM64 lover.
Could you please review this one as well?

Happy to help bringing more utilities that will help you build ARM images, let's just make sure that it's done in a way that it's not breaking other system

[kahirokunn]

I have built it with the arm64 platform added and actually run it in an EKS environment and it works very well.

https://quay.io/repository/kahirokunn/s3-controller/manifest/sha256:7cd95f143a79be3640ee0a87f0ef9c857b27bbf279e186e68e128ce39a6159b3

[kahirokunn]

@acornett21 If you create a PR for eks-distro-build-tooling, we will also support the additional platform you specify at that time. Thx 🙏

└─> docker manifest inspect public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-08-24-1692903666.2023
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.oci.image.index.v1+json",
   "manifests": [
      {
         "mediaType": "application/vnd.oci.image.manifest.v1+json",
         "size": 506,
         "digest": "sha256:4ea92dc0efd4cc177ee9e2b2a38ccf6f95deb470725db2160e6103bb6dacebf0",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.oci.image.manifest.v1+json",
         "size": 506,
         "digest": "sha256:ae3b415d4e334c88e12cb6f4d5416f68d04b993ec0e55ddce474a793a479be4d",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

[kahirokunn]

@a-hilaly Do you know why the error occurs? 😢

ERROR: image: "aws-controllers-k8s:s3-v1.0.5-1-g5a93f26-dirty" not present locally
make: *** [Makefile:26: kind-test] Error 1
wrapper.sh] [TEST] Test Command exit code: 2
wrapper.sh] [CLEANUP] Cleaning up after Docker in Docker ...

[a-hilaly]

@a-hilaly Do you know why the error occurs? 😢
ERROR: image: "aws-controllers-k8s:s3-v1.0.5-1-g5a93f26-dirty" not present locally
make: *** [Makefile:26: kind-test] Error 1
wrapper.sh] [TEST] Test Command exit code: 2
wrapper.sh] [CLEANUP] Cleaning up after Docker in Docker ...

@kahirokunn not very sure but i suspect docker buildx is adding a suffix to the image tag, and our systems are not configured predict those prefixes.
IMO we should also want to change this script so that it's building and pushing the images right https://github.com/aws-controllers-k8s/test-infra/blob/main/cd/scripts/release-controller.sh#L139

[kahirokunn]

Now I know why.
It seems that docker is not able to save the image of Multi Platform.
Therefore, when you build a multi platform image, you have to push it immediately with the -push option.

docker buildx build --platform linux/arm64,linux/amd64 -t "kahirokunn/grpc-ping-go" . --load
[+] Building 0.0s (0/0) docker-container:strange_pascal
ERROR: docker exporter does not currently support exporting manifest lists

[kahirokunn]

@a-hilaly aws-controllers-k8s/test-infra#383
You were pushing with test-infra, I created a PR.
I think this is all that is needed to complete the MULTI ARCH support.

[a-hilaly]

/test all

[kahirokunn]

/retest

[kahirokunn]

@a-hilaly Hello! What do I need to do to advance this PR?

[a-hilaly]

Thank you @kahirokunn !! One last thing.. and we can merge it

[a-hilaly]

/retest

[a-hilaly]

/lgtm

[a-hilaly]

/lgtm cancel

[a-hilaly]

/lgtm

[ack-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, kahirokunn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [a-hilaly]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[a-hilaly]

/retest