Mutli-arch support (#1531)

* initial commit

* remove bazel jobs

* fix arch

* more fixes after testing and code review comments

* fix build platform

* add individual cloudbuild.yaml as its taking 45 mins for a cloud build trigger

* add buildx plugin

* add more debugging

* update busybox version to fix CVE-2018-1000500

* fix

* lint + more debug

* fix

* fix

* fix

* remove images from cloudbiuld

* move CI job back to docker

* one more fix

* lets see

* bring it back

* move CI job back to docker

* remove aerg from top

* live restart config

* remove live restore as minikube setup failed

* add --force-systemd

* add --force-systemd and docker driver none

* change the --run flag

* docker info and some logs removed

* fix docker command

* upgrade version for buildx to 0.5.1

* remove docker service from travis.yml and add systemd cgroup config

* move the docker config up

* move them back to docker build

* fix

* fix all dockerfiles

* fix warmer

* fix

* rm bazel jobs

* add more logs

* fix debug

Co-authored-by: ankitm123 <ankitmohapatra123@gmail.com>

.travis.yml

@@ -37,27 +37,3 @@ jobs:
       script:
         - make integration-test-misc
 
-    - name: bazel amd64
-      arch: amd64
-      env: CPU=k8
-      before_install: &before_install_multiarch
-        - export PATH=$PATH:$HOME/bin && mkdir -p $HOME/bin
-        - eval $(go env)
-        # install bazelisk as bazel to install the appropriate bazel version
-        - wget https://github.com/bazelbuild/bazelisk/releases/download/v1.6.1/bazelisk-linux-${GOARCH} && chmod +x bazelisk-linux-${GOARCH} && mv bazelisk-linux-${GOARCH} $HOME/bin/bazel
-      script: &script_multiarch
-        # Generate BUILD.bazel files (we do not check them in)
-        - bazel run //:gazelle
-        - bazel build --cpu=${CPU} --curses=no //integration:all
-        # Build all targets tagged with our architecture:
-        - bazel build --cpu=${CPU} --curses=no $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
-        # Run all tests not tagged as "manual":
-        - bazel test  --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 //integration:all
-        # Run all tests tagged with our architecture:
-        - bazel test  --cpu=${CPU} --curses=no --test_output=errors --test_timeout=900 $(bazel query 'attr("tags", "'${GOARCH}'", "//...")')
-
-    - name: bazel arm64
-      arch: arm64
-      env: CPU=aarch64
-      before_install: *before_install_multiarch
-      script: *script_multiarch

deploy/Dockerfile

@@ -17,14 +17,14 @@
 FROM golang:1.14
 ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
-
 RUN echo $GOARCH > /goarch
 
 #This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
 ARG TARGETPLATFORM
 
 #Capture ARCH has write to /goarch
 RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"
 
 # Get GCR credential helper
 RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
@@ -33,13 +33,13 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
   git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
   cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr            && \
   make deps OUT_DIR=/usr/local/bin                                           && \
-  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go  
+  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
 
 # Get Amazon ECR credential helper
 RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
   make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
 
-# ACR docker credential helper
+# Azure docker credential helper
 COPY ./acr.patch /
 RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
   cd /go/src/github.com/Azure                                             && \
@@ -48,8 +48,8 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
   git checkout a79b541f3ee761f6cc4511863ed41fb038c19464                   && \
   git apply < /acr.patch                                                  && \
   make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
-  
-#ACR docker env credential helper
+
+# ACR docker env credential helper
 RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)   && \
   cd /go/src/github.com/chrismellard                                              && \
   git clone https://github.com/chrismellard/docker-credential-acr-env             && \
@@ -60,7 +60,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)
 RUN mkdir -p /kaniko/.docker
 
 COPY . .
-RUN make GOARCH=$(cat /goarch.txt) 
+RUN make GOARCH=$(cat /goarch)
 
 FROM scratch
 COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor

deploy/Dockerfile_debug

@@ -17,32 +17,60 @@
 # Stage 0: Build the executor binary and get credential helpers
 FROM golang:1.14
 ARG GOARCH=amd64
+RUN echo $GOARCH > /goarch
+
+#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
+ARG TARGETPLATFORM
+
+#Capture ARCH has write to /goarch
+RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)"
+RUN cat /goarch
+
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
+
 # Get GCR credential helper
-ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz
+RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \
+  (mkdir -p /go/src/github.com/GoogleCloudPlatform || true)                  && \
+  cd /go/src/github.com/GoogleCloudPlatform                                  && \
+  git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \
+  cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr            && \
+  make deps OUT_DIR=/usr/local/bin                                           && \
+  go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go
+
 # Get Amazon ECR credential helper
-RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
-RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
+RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \
+  make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper
+
 # ACR docker credential helper
-ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
-# ACR docker env credential helper
-ADD https://github.com/chrismellard/docker-credential-acr-env/releases/download/0.6.0/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz
+COPY ./acr.patch /
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true)  && \
+  cd /go/src/github.com/Azure                                             && \
+  git clone https://github.com/Azure/acr-docker-credential-helper         && \
+  cd /go/src/github.com/Azure/acr-docker-credential-helper                && \
+  git checkout a79b541f3ee761f6cc4511863ed41fb038c19464                   && \
+  git apply < /acr.patch                                                  && \
+  make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux
+
+#ACR docker env credential helper
+RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true)   && \
+  cd /go/src/github.com/chrismellard                                              && \
+  git clone https://github.com/chrismellard/docker-credential-acr-env             && \
+  cd  docker-credential-acr-env                                                   && \
+  make build && cp -f ./build/docker-credential-acr-env /usr/local/bin
 
 # Add .docker config dir
 RUN mkdir -p /kaniko/.docker
 
 COPY . .
-RUN make GOARCH=${GOARCH} && make out/warmer
+RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch.txt) out/warmer
 
 FROM scratch
 COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
+COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
 COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
+COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
-COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
 COPY --from=amd64/busybox:1.32.0 /bin /busybox
 
 # Declare /busybox as a volume to get it automatically in the path to ignore

deploy/Dockerfile_slim

@@ -0,0 +1,42 @@
+# Copyright 2020 Google, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Builds the static Go image to execute in a Kubernetes job
+FROM golang:1.14 as build_env
+ARG GOARCH=amd64
+RUN echo $GOARCH > /goarch
+
+#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc.
+ARG TARGETPLATFORM
+
+#Capture ARCH has write to /goarch
+RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM |  awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH"
+RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)"
+
+WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
+COPY . .
+
+RUN make GOARCH=$(cat /goarch)
+
+FROM scratch
+COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
+COPY files/nsswitch.conf /etc/nsswitch.conf
+COPY files/ca-certificates.crt /kaniko/ssl/certs/
+ENV HOME /root
+ENV USER root
+ENV PATH /usr/local/bin:/kaniko
+ENV SSL_CERT_DIR=/kaniko/ssl/certs
+
+ENTRYPOINT ["/kaniko/executor"]
+