use buildx to build multi arch image (#487)

2026-06-09 20:57:32 +08:00 · 2023-08-16 10:37:05 +08:00
parent c3789416d6
commit 6861a78bb1
7 changed files with 175 additions and 136 deletions
--- a/istio/1.12/patches/istio/20230811-hack-multi-arch.patch
+++ b/istio/1.12/patches/istio/20230811-hack-multi-arch.patch
@@ -1,91 +0,0 @@
-diff -Naur istio/pilot/docker/Dockerfile.pilot istio-new/pilot/docker/Dockerfile.pilot
--- istio/pilot/docker/Dockerfile.pilot	2023-08-11 18:01:44.000000000 +0800
-+++ istio-new/pilot/docker/Dockerfile.pilot	2023-08-11 17:50:02.000000000 +0800
-@@ -6,8 +6,10 @@
- 
- ARG HUB
- 
-+ARG TARGETARCH
-+
- # The following section is used as base image if BASE_DISTRIBUTION=debug
-FROM ${HUB:-gcr.io/istio-release}/base:${BASE_VERSION} as debug
-+FROM ${HUB:-gcr.io/istio-release}/base:${BASE_VERSION}-${TARGETARCH} as debug
- 
- # The following section is used as base image if BASE_DISTRIBUTION=distroless
- # FROM gcr.io/istio-release/distroless:${BASE_VERSION} as distroless
-@@ -16,7 +18,6 @@
- # hadolint ignore=DL3006
- FROM ${BASE_DISTRIBUTION:-debug}
- 
-ARG TARGETARCH
- COPY ${TARGETARCH:-amd64}/pilot-discovery /usr/local/bin/pilot-discovery
- 
- # Copy templates for bootstrap generation.
-diff -Naur istio/pilot/docker/Dockerfile.proxyv2 istio-new/pilot/docker/Dockerfile.proxyv2
--- istio/pilot/docker/Dockerfile.proxyv2	2023-08-11 18:01:43.000000000 +0800
-+++ istio-new/pilot/docker/Dockerfile.proxyv2	2023-08-11 17:57:08.000000000 +0800
-@@ -6,8 +6,10 @@
- 
- ARG HUB
- 
-+ARG TARGETARCH
-+
- # The following section is used as base image if BASE_DISTRIBUTION=debug
-FROM ${HUB:-gcr.io/istio-release}/base:${BASE_VERSION} as debug
-+FROM ${HUB:-gcr.io/istio-release}/base:${BASE_VERSION}-${TARGETARCH} as debug
- 
- # The following section is used as base image if BASE_DISTRIBUTION=distroless
- # This image is a custom built debian11 distroless image with multiarchitecture support.
-@@ -25,13 +27,13 @@
- ARG proxy_version
- ARG istio_version
- ARG SIDECAR=envoy
-+ARG TARGETARCH
- 
- # Copy Envoy bootstrap templates used by pilot-agent
- COPY envoy_bootstrap.json /var/lib/istio/envoy/envoy_bootstrap_tmpl.json
- COPY gcp_envoy_bootstrap.json /var/lib/istio/envoy/gcp_envoy_bootstrap_tmpl.json
- 
- # Install Envoy.
-ARG TARGETARCH
- COPY ${TARGETARCH:-amd64}/${SIDECAR} /usr/local/bin/${SIDECAR}
- 
- # Environment variable indicating the exact proxy sha - for debugging or version-specific configs 
-@@ -39,7 +41,6 @@
- # Environment variable indicating the exact build, for debugging
- ENV ISTIO_META_ISTIO_VERSION $istio_version
- 
-ARG TARGETARCH
- COPY ${TARGETARCH:-amd64}/pilot-agent /usr/local/bin/pilot-agent
- 
- # COPY stats-filter.wasm /etc/istio/extensions/stats-filter.wasm
-diff -Naur istio/tools/istio-docker.mk istio-new/tools/istio-docker.mk
--- istio/tools/istio-docker.mk	2023-08-11 18:01:44.000000000 +0800
-+++ istio-new/tools/istio-docker.mk	2023-08-11 17:50:02.000000000 +0800
-@@ -85,7 +85,7 @@
- 
- # Default proxy image.
- docker.proxyv2: BUILD_PRE=&& chmod 644 envoy_bootstrap.json gcp_envoy_bootstrap.json
-docker.proxyv2: BUILD_ARGS=--build-arg proxy_version=istio-proxy:${PROXY_REPO_SHA} --build-arg istio_version=${VERSION} --build-arg BASE_VERSION=${BASE_VERSION} --build-arg SIDECAR=${SIDECAR} --build-arg HUB=${HUB}
-+docker.proxyv2: BUILD_ARGS=--build-arg proxy_version=istio-proxy:${PROXY_REPO_SHA} --build-arg istio_version=${VERSION} --build-arg BASE_VERSION=${BASE_VERSION} --build-arg SIDECAR=${SIDECAR} --build-arg HUB=${HUB} --build-arg TARGETARCH=${TARGET_ARCH}
- docker.proxyv2: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/envoy_bootstrap.json
- docker.proxyv2: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/gcp_envoy_bootstrap.json
- docker.proxyv2: $(ISTIO_ENVOY_LINUX_RELEASE_DIR)/${SIDECAR}
-@@ -98,7 +98,7 @@
- 	$(DOCKER_RULE)
- 
- docker.pilot: BUILD_PRE=&& chmod 644 envoy_bootstrap.json gcp_envoy_bootstrap.json
-docker.pilot: BUILD_ARGS=--build-arg BASE_VERSION=${BASE_VERSION} --build-arg HUB=${HUB}
-+docker.pilot: BUILD_ARGS=--build-arg BASE_VERSION=${BASE_VERSION} --build-arg HUB=${HUB} --build-arg TARGETARCH=${TARGET_ARCH}
- docker.pilot: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/envoy_bootstrap.json
- docker.pilot: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/gcp_envoy_bootstrap.json
- docker.pilot: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/higress-pilot-start.sh
-@@ -324,7 +324,7 @@
- # This can be done with DOCKER_BUILD_VARIANTS="default debug" as well, but at the expense of building twice vs building once and tagging twice
- INCLUDE_UNTAGGED_DEFAULT ?= false
- DEFAULT_DISTRIBUTION=debug
-DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./tools/docker-copy.sh $^ $(DOCKER_BUILD_TOP)/$@ && cd $(DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker build $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . ); )
-+DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./tools/docker-copy.sh $^ $(DOCKER_BUILD_TOP)/$@ && cd $(DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker build $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT))-$(TARGET_ARCH) -f Dockerfile$(suffix $@) . ); )
- RENAME_TEMPLATE ?= mkdir -p $(DOCKER_BUILD_TOP)/$@ && cp $(ECHO_DOCKER)/$(VM_OS_DOCKERFILE_TEMPLATE) $(DOCKER_BUILD_TOP)/$@/Dockerfile$(suffix $@)
- 
- # This target will package all docker images used in test and release, without re-building
--- a/istio/1.12/patches/istio/20230815-multi-arch.patch
+++ b/istio/1.12/patches/istio/20230815-multi-arch.patch
@@ -0,0 +1,124 @@
+diff -Naur istio/bin/init.sh istio-new/bin/init.sh
+--- istio/bin/init.sh	2023-08-15 21:01:53.601636573 +0800
+++ istio-new/bin/init.sh	2023-08-15 21:04:56.144783484 +0800
+@@ -151,7 +151,8 @@
+ # download_envoy_if_necessary "${ISTIO_ENVOY_LINUX_RELEASE_URL}" "$ISTIO_ENVOY_LINUX_RELEASE_PATH" "${SIDECAR}"
+ # download_envoy_if_necessary "${ISTIO_ENVOY_CENTOS_RELEASE_URL}" "$ISTIO_ENVOY_CENTOS_LINUX_RELEASE_PATH" "${SIDECAR}-centos"
+ 
+-untar_envoy_if_necessary "${ENVOY_TAR_PATH}" "$ISTIO_ENVOY_LINUX_RELEASE_PATH" "${SIDECAR}"
+untar_envoy_if_necessary "${ENVOY_TAR_DIR}/envoy-arm64.tar.gz" "$ISTIO_ENVOY_LINUX_ARM64_RELEASE_PATH" "${SIDECAR}"
+untar_envoy_if_necessary "${ENVOY_TAR_DIR}/envoy-amd64.tar.gz" "$ISTIO_ENVOY_LINUX_AMD64_RELEASE_PATH" "${SIDECAR}"
+ 
+ if [[ "$GOOS_LOCAL" == "darwin" ]]; then
+   # Download and extract the Envoy macOS release binary
+diff -Naur istio/common/scripts/run.sh istio-new/common/scripts/run.sh
+--- istio/common/scripts/run.sh	2023-08-15 21:01:53.601636573 +0800
+++ istio-new/common/scripts/run.sh	2023-08-15 17:37:57.754600731 +0800
+@@ -36,7 +36,7 @@
+ 
+ HUB="${HUB:-istio}"
+ MOUNT_SOURCE="${MOUNT_SOURCE:-${PWD}}"
+-ENVOY_TAR_PATH="${ENVOY_TAR_PATH:-/home/package/envoy.tar.gz}"
+ENVOY_TAR_DIR="${ENVOY_TAR_DIR:-/home/package}"
+ MOUNT_DEST="${MOUNT_DEST:-/work}"
+ MOUNT_ROOT_SOURCE="${MOUNT_ROOT_SOURCE:-`cd $MOUNT_SOURCE/..;pwd`}"
+ MOUNT_PACKAGE_SOURCE="${MOUNT_PACKAGE_SOURCE:-`cd $MOUNT_SOURCE/../package;pwd`}"
+@@ -61,7 +61,7 @@
+     -e TZ="${TIMEZONE:-$TZ}" \
+     -e GOPROXY="${GOPROXY}" \
+     -e HUB="${HUB}" \
+-    -e ENVOY_TAR_PATH="${ENVOY_TAR_PATH}" \
+    -e ENVOY_TAR_DIR="${ENVOY_TAR_DIR}" \
+     --mount "type=bind,source=${MOUNT_PACKAGE_SOURCE},destination=/home/package" \
+     --mount "type=bind,source=${MOUNT_SOURCE},destination=/work" \
+     --mount "type=bind,source=${MOUNT_ROOT_SOURCE}/..,destination=/parent" \
+diff -Naur istio/common/scripts/setup_env.sh istio-new/common/scripts/setup_env.sh
+--- istio/common/scripts/setup_env.sh	2023-08-15 21:01:53.601636573 +0800
+++ istio-new/common/scripts/setup_env.sh	2023-08-15 20:15:23.292391629 +0800
+@@ -81,6 +81,9 @@
+ export TARGET_OUT="${TARGET_OUT:-$(pwd)/out/${TARGET_OS}_${TARGET_ARCH}}"
+ export TARGET_OUT_LINUX="${TARGET_OUT_LINUX:-$(pwd)/out/linux_${TARGET_ARCH}}"
+ 
+export ARM64_OUT_LINUX=/work/out/linux_arm64
+export AMD64_OUT_LINUX=/work/out/linux_amd64
+
+ export CONTAINER_TARGET_OUT="${CONTAINER_TARGET_OUT:-/work/out/${TARGET_OS}_${TARGET_ARCH}}"
+ export CONTAINER_TARGET_OUT_LINUX="${CONTAINER_TARGET_OUT_LINUX:-/work/out/linux_${TARGET_ARCH}}"
+ 
+diff -Naur istio/Makefile.core.mk istio-new/Makefile.core.mk
+--- istio/Makefile.core.mk	2023-08-15 21:01:53.601636573 +0800
+++ istio-new/Makefile.core.mk	2023-08-15 20:03:25.384280274 +0800
+@@ -150,6 +150,11 @@
+ export ISTIO_ENVOY_CENTOS_LINUX_RELEASE_NAME ?= envoy-centos-${ISTIO_ENVOY_LINUX_VERSION}
+ export ISTIO_ENVOY_CENTOS_LINUX_RELEASE_PATH ?= ${ISTIO_ENVOY_LINUX_RELEASE_DIR}/${ISTIO_ENVOY_CENTOS_LINUX_RELEASE_NAME}
+ 
+export ISTIO_ENVOY_LINUX_ARM64_RELEASE_DIR ?= ${ARM64_OUT_LINUX}/release
+export ISTIO_ENVOY_LINUX_ARM64_RELEASE_PATH ?= ${ISTIO_ENVOY_LINUX_ARM64_RELEASE_DIR}/${ISTIO_ENVOY_LINUX_RELEASE_NAME}
+export ISTIO_ENVOY_LINUX_AMD64_RELEASE_DIR ?= ${AMD64_OUT_LINUX}/release
+export ISTIO_ENVOY_LINUX_AMD64_RELEASE_PATH ?= ${ISTIO_ENVOY_LINUX_AMD64_RELEASE_DIR}/${ISTIO_ENVOY_LINUX_RELEASE_NAME}
+
+ # Envoy macOS vars.
+ # TODO Change url when official envoy release for macOS is available
+ export ISTIO_ENVOY_MACOS_VERSION ?= 1.0.2
+@@ -240,6 +245,8 @@
+ ${ISTIO_ENVOY_LINUX_DEBUG_PATH}: init
+ ${ISTIO_ENVOY_LINUX_RELEASE_PATH}: init
+ ${ISTIO_ENVOY_MACOS_RELEASE_PATH}: init
+${ISTIO_ENVOY_LINUX_ARM64_RELEASE_PATH}: init
+${ISTIO_ENVOY_LINUX_AMD64_RELEASE_PATH}: init
+ 
+ # Pull dependencies, based on the checked in Gopkg.lock file.
+ # Developers must manually run `dep ensure` if adding new deps
+@@ -312,8 +319,8 @@
+ # various platform images.
+ .PHONY: build-linux
+ build-linux: depend
+-	GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) common/scripts/gobuild.sh $(ISTIO_OUT_LINUX)/ $(STANDARD_BINARIES)
+-	GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) common/scripts/gobuild.sh $(ISTIO_OUT_LINUX)/ -tags=agent $(AGENT_BINARIES)
+	GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) GOBUILDFLAGS='-buildvcs=false' common/scripts/gobuild.sh $(ISTIO_OUT_LINUX)/ $(STANDARD_BINARIES)
+	GOOS=linux GOARCH=$(GOARCH_LOCAL) LDFLAGS=$(RELEASE_LDFLAGS) GOBUILDFLAGS='-buildvcs=false' common/scripts/gobuild.sh $(ISTIO_OUT_LINUX)/ -tags=agent $(AGENT_BINARIES)
+ 
+ # Create targets for ISTIO_OUT_LINUX/binary
+ # There are two use cases here:
+diff -Naur istio/tools/istio-docker.mk istio-new/tools/istio-docker.mk
+--- istio/tools/istio-docker.mk	2023-08-15 21:01:53.621637356 +0800
+++ istio-new/tools/istio-docker.mk	2023-08-15 20:02:11.881402098 +0800
+@@ -77,6 +77,14 @@
+ ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/envoy_bootstrap.json: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_PATH}
+ 	cp ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_PATH} ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/envoy_bootstrap.json
+ 
+${ISTIO_ENVOY_LINUX_ARM64_RELEASE_DIR}/${SIDECAR}: ${ISTIO_ENVOY_LINUX_ARM64_RELEASE_PATH}
+	mkdir -p $(DOCKER_BUILD_TOP)/proxyv2
+	cp ${ISTIO_ENVOY_LINUX_ARM64_RELEASE_PATH} ${ISTIO_ENVOY_LINUX_ARM64_RELEASE_DIR}/${SIDECAR}
+
+${ISTIO_ENVOY_LINUX_AMD64_RELEASE_DIR}/${SIDECAR}: ${ISTIO_ENVOY_LINUX_AMD64_RELEASE_PATH}
+	mkdir -p $(DOCKER_BUILD_TOP)/proxyv2
+	cp ${ISTIO_ENVOY_LINUX_AMD64_RELEASE_PATH} ${ISTIO_ENVOY_LINUX_AMD64_RELEASE_DIR}/${SIDECAR}
+
+ # rule for wasm extensions.
+ $(ISTIO_ENVOY_LINUX_RELEASE_DIR)/stats-filter.wasm: init
+ $(ISTIO_ENVOY_LINUX_RELEASE_DIR)/stats-filter.compiled.wasm: init
+@@ -88,7 +96,8 @@
+ docker.proxyv2: BUILD_ARGS=--build-arg proxy_version=istio-proxy:${PROXY_REPO_SHA} --build-arg istio_version=${VERSION} --build-arg BASE_VERSION=${BASE_VERSION} --build-arg SIDECAR=${SIDECAR} --build-arg HUB=${HUB}
+ docker.proxyv2: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/envoy_bootstrap.json
+ docker.proxyv2: ${ISTIO_ENVOY_BOOTSTRAP_CONFIG_DIR}/gcp_envoy_bootstrap.json
+-docker.proxyv2: $(ISTIO_ENVOY_LINUX_RELEASE_DIR)/${SIDECAR}
+docker.proxyv2: ${ISTIO_ENVOY_LINUX_ARM64_RELEASE_DIR}/${SIDECAR}
+docker.proxyv2: ${ISTIO_ENVOY_LINUX_AMD64_RELEASE_DIR}/${SIDECAR}
+ docker.proxyv2: $(ISTIO_OUT_LINUX)/pilot-agent
+ docker.proxyv2: pilot/docker/Dockerfile.proxyv2
+ # docker.proxyv2: $(ISTIO_ENVOY_LINUX_RELEASE_DIR)/stats-filter.wasm
+@@ -324,7 +333,13 @@
+ # This can be done with DOCKER_BUILD_VARIANTS="default debug" as well, but at the expense of building twice vs building once and tagging twice
+ INCLUDE_UNTAGGED_DEFAULT ?= false
+ DEFAULT_DISTRIBUTION=debug
+
+
+ifeq ($(BUILDX_PLATFORM), true)
+DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./tools/docker-copy.sh $^ $(DOCKER_BUILD_TOP)/$@ && cd $(DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker buildx create --use && docker buildx build --no-cache --platform linux/amd64,linux/arm64 $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . --push  ); )
+else
+ DOCKER_RULE ?= $(foreach VARIANT,$(DOCKER_BUILD_VARIANTS), time (mkdir -p $(DOCKER_BUILD_TOP)/$@ && TARGET_ARCH=$(TARGET_ARCH) ./tools/docker-copy.sh $^ $(DOCKER_BUILD_TOP)/$@ && cd $(DOCKER_BUILD_TOP)/$@ $(BUILD_PRE) && docker build $(BUILD_ARGS) --build-arg BASE_DISTRIBUTION=$(call normalize-tag,$(VARIANT)) -t $(HUB)/$(subst docker.,,$@):$(TAG)$(call variant-tag,$(VARIANT)) -f Dockerfile$(suffix $@) . ); )
+endif
+ RENAME_TEMPLATE ?= mkdir -p $(DOCKER_BUILD_TOP)/$@ && cp $(ECHO_DOCKER)/$(VM_OS_DOCKERFILE_TEMPLATE) $(DOCKER_BUILD_TOP)/$@/Dockerfile$(suffix $@)
+ 
+ # This target will package all docker images used in test and release, without re-building