Merge pull request #587 from mkumatag/multi-arch-image

Multi arch nginx-slim docker image

images/nginx-slim/Dockerfile

@@ -13,7 +13,9 @@
 # limitations under the License.
 
 
-FROM gcr.io/google_containers/ubuntu-slim:0.8
+FROM BASEIMAGE
+
+CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
 
 COPY build.sh /tmp
 

images/nginx-slim/Makefile

@@ -1,14 +1,76 @@
+# Copyright 2017 The Kubernetes Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 all: push
 
 # 0.0.0 shouldn't clobber any released builds
-TAG = 0.15
-PREFIX = gcr.io/google_containers/nginx-slim
+TAG = 0.16
+REGISTRY = gcr.io/google_containers
+ARCH ?= $(shell go env GOARCH)
+QEMUVERSION=v2.7.0
+
+IMGNAME = nginx-slim
+IMAGE = $(REGISTRY)/$(IMGNAME)
+MULTI_ARCH_IMG = $(IMAGE)-$(ARCH)
+
+# Set default base image dynamically for each arch
+BASEIMAGE?=gcr.io/google_containers/ubuntu-slim-$(ARCH):0.9
+
+ifeq ($(ARCH),arm)
+        QEMUARCH=arm
+endif
+#ifeq ($(ARCH),arm64)
+#        QEMUARCH=aarch64
+#endif
+ifeq ($(ARCH),ppc64le)
+	QEMUARCH=ppc64le
+endif
+#ifeq ($(ARCH),s390x)
+#        QEMUARCH=s390x
+#endif
+
+
+TEMP_DIR := $(shell mktemp -d)
 
 container:
-	docker build --pull -t $(PREFIX):$(TAG) .
+	cp ./* $(TEMP_DIR)
+	cd $(TEMP_DIR) && sed -i 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile
+	cd $(TEMP_DIR) && sed -i "s|ARCH|$(QEMUARCH)|g" Dockerfile
+
+ifeq ($(ARCH),amd64)
+	# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
+	cd $(TEMP_DIR) && sed -i "/CROSS_BUILD_/d" Dockerfile
+else
+	# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
+	# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
+	docker run --rm --privileged multiarch/qemu-user-static:register --reset
+	curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
+	cd $(TEMP_DIR) && sed -i "s/CROSS_BUILD_//g" Dockerfile
+endif
+
+	docker build -t $(MULTI_ARCH_IMG):$(TAG) $(TEMP_DIR)
+
+ifeq ($(ARCH), amd64)
+	# This is for to maintain the backward compatibility
+	docker tag $(MULTI_ARCH_IMG):$(TAG) $(IMAGE):$(TAG)
+endif
 
 push: container
-	gcloud docker -- push $(PREFIX):$(TAG)
+	gcloud docker -- push $(MULTI_ARCH_IMG):$(TAG)
+ifeq ($(ARCH), amd64)
+	gcloud docker -- push $(IMAGE):$(TAG)
+endif
 
 clean:
 	docker rmi -f $(PREFIX):$(TAG) || true

images/nginx-slim/build.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Copyright 2015 The Kubernetes Authors.
 #
@@ -32,6 +32,8 @@ export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b
 
 export BUILD_PATH=/tmp/build
 
+ARCH=$(uname -p)
+
 get_src()
 {
   hash="$1"
@@ -47,6 +49,12 @@ get_src()
 mkdir "$BUILD_PATH"
 cd "$BUILD_PATH"
 
+if [[ ${ARCH} == "ppc64le" ]]; then
+  apt-get update && apt-get install --no-install-recommends -y software-properties-common && \
+    add-apt-repository -y ppa:ibmpackages/luajit
+  apt-get update && apt-get install --no-install-recommends -y lua5.1 lua5.1-dev
+fi
+
 # install required packages to build
 apt-get update && apt-get install --no-install-recommends -y \
   bash \
@@ -120,19 +128,7 @@ cd "$BUILD_PATH/nginx-$NGINX_VERSION"
 echo "Applying tls nginx patches..."
 patch -p1 < $BUILD_PATH/nginx__dynamic_tls_records.patch
 
-./configure \
-  --prefix=/usr/share/nginx \
-  --conf-path=/etc/nginx/nginx.conf \
-  --http-log-path=/var/log/nginx/access.log \
-  --error-log-path=/var/log/nginx/error.log \
-  --lock-path=/var/lock/nginx.lock \
-  --pid-path=/run/nginx.pid \
-  --http-client-body-temp-path=/var/lib/nginx/body \
-  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
-  --http-proxy-temp-path=/var/lib/nginx/proxy \
-  --http-scgi-temp-path=/var/lib/nginx/scgi \
-  --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
-  --with-debug \
+WITH_FLAGS="--with-debug \
   --with-pcre-jit \
   --with-http_ssl_module \
   --with-http_stub_status_module \
@@ -147,14 +143,37 @@ patch -p1 < $BUILD_PATH/nginx__dynamic_tls_records.patch
   --with-stream \
   --with-stream_ssl_module \
   --with-stream_ssl_preread_module \
-  --with-threads \
-  --with-file-aio \
+  --with-threads"
+
+if [[ ${ARCH} != "armv7l" || ${ARCH} != "aarch64" ]]; then
+  WITH_FLAGS+=" --with-file-aio"
+fi
+
+CC_OPT='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4'
+
+if [[ ${ARCH} == "x86_64" ]]; then
+  CC_OPT+=' -m64 -mtune=generic'
+fi
+
+./configure \
+  --prefix=/usr/share/nginx \
+  --conf-path=/etc/nginx/nginx.conf \
+  --http-log-path=/var/log/nginx/access.log \
+  --error-log-path=/var/log/nginx/error.log \
+  --lock-path=/var/lock/nginx.lock \
+  --pid-path=/run/nginx.pid \
+  --http-client-body-temp-path=/var/lib/nginx/body \
+  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
+  --http-proxy-temp-path=/var/lib/nginx/proxy \
+  --http-scgi-temp-path=/var/lib/nginx/scgi \
+  --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
+  ${WITH_FLAGS} \
   --without-mail_pop3_module \
   --without-mail_smtp_module \
   --without-mail_imap_module \
   --without-http_uwsgi_module \
   --without-http_scgi_module \
-  --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
+  --with-cc-opt="${CC_OPT}" \
   --add-module="$BUILD_PATH/ngx_devel_kit-$NDK_VERSION" \
   --add-module="$BUILD_PATH/set-misc-nginx-module-$SETMISC_VERSION" \
   --add-module="$BUILD_PATH/nginx-module-vts-$VTS_VERSION" \
@@ -169,7 +188,13 @@ patch -p1 < $BUILD_PATH/nginx__dynamic_tls_records.patch
 
 echo "Installing CJSON module"
 cd "$BUILD_PATH/lua-cjson-$LUA_CJSON_VERSION"
-make LUA_INCLUDE_DIR=/usr/include/luajit-2.0 && make install
+
+if [[ ${ARCH} == "ppc64le" ]];then
+  LUA_DIR=/usr/include/luajit-2.1
+else
+  LUA_DIR=/usr/include/luajit-2.0
+fi
+make LUA_INCLUDE_DIR=${LUA_DIR} && make install
 
 echo "Installing lua-resty-http module"
 # copy lua module
@@ -195,6 +220,10 @@ apt-mark unmarkauto \
   geoip-bin \
   openssl
 
+if [[ ${ARCH} == "ppc64le" ]]; then
+  apt-mark unmarkauto liblua5.1-0
+fi
+
 apt-get remove -y --purge \
   build-essential \
   gcc-5 \

images/ubuntu-slim/.gitignore

@@ -0,0 +1 @@
+rootfs.tar

images/ubuntu-slim/Dockerfile.build

@@ -1,7 +1,9 @@
-FROM ubuntu:16.04
+FROM BASEIMAGE
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
+
 COPY excludes /etc/dpkg/dpkg.cfg.d/excludes
 
 RUN apt-get update \

images/ubuntu-slim/Makefile

@@ -1,22 +1,93 @@
+# Copyright 2017 The Kubernetes Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 all: push
 
-TAG ?= 0.8
-PREFIX ?= gcr.io/google-containers/ubuntu-slim
+TAG ?= 0.9
+REGISTRY = gcr.io/google_containers
+ARCH ?= $(shell go env GOARCH)
+QEMUVERSION=v2.7.0
+
+IMGNAME = ubuntu-slim
+IMAGE = $(REGISTRY)/$(IMGNAME)
+MULTI_ARCH_IMG = $(IMAGE)-$(ARCH)
+
 BUILD_IMAGE ?= ubuntu-build
 TAR_FILE ?= rootfs.tar
 PUSH_TOOL ?= gcloud
 
+# Set default base image dynamically for each arch
+ifeq ($(ARCH),amd64)
+	BASEIMAGE?=ubuntu:16.04
+endif
+ifeq ($(ARCH),arm)
+	BASEIMAGE?=armhf/ubuntu:16.04
+	QEMUARCH=arm
+endif
+ifeq ($(ARCH),arm64)
+	BASEIMAGE?=aarch64/ubuntu:16.04
+	QEMUARCH=aarch64
+endif
+ifeq ($(ARCH),ppc64le)
+	BASEIMAGE?=ppc64le/ubuntu:16.04
+	QEMUARCH=ppc64le
+endif
+
+#ifeq ($(ARCH),s390x)
+#	BASEIMAGE?=s390x/ubuntu:16.04
+#	QEMUARCH=s390x
+#endif
+
+
+TEMP_DIR := $(shell mktemp -d)
+
 container: clean
-	docker build --pull -t $(BUILD_IMAGE) -f Dockerfile.build .
+	cp ./* $(TEMP_DIR)
+	cd $(TEMP_DIR) && sed -i 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile.build
+	cd $(TEMP_DIR) && sed -i "s|ARCH|$(QEMUARCH)|g" Dockerfile.build
+
+ifeq ($(ARCH),amd64)
+	# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
+	cd $(TEMP_DIR) && sed -i "/CROSS_BUILD_/d" Dockerfile.build
+else
+	# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
+	# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
+	docker run --rm --privileged multiarch/qemu-user-static:register --reset
+	curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
+	cd $(TEMP_DIR) && sed -i "s/CROSS_BUILD_//g" Dockerfile.build
+endif
+
+	docker build --pull -t $(BUILD_IMAGE) -f $(TEMP_DIR)/Dockerfile.build $(TEMP_DIR)
 	docker create --name $(BUILD_IMAGE) $(BUILD_IMAGE)
 	docker export $(BUILD_IMAGE) > $(TAR_FILE)
-	docker build --pull -t $(PREFIX):$(TAG) .
+	cp rootfs.tar $(TEMP_DIR)
+	docker build --pull -t $(MULTI_ARCH_IMG):$(TAG) $(TEMP_DIR)
+
+ifeq ($(ARCH), amd64)
+	# This is for to maintain the backward compatibility
+	docker tag $(MULTI_ARCH_IMG):$(TAG) $(IMAGE):$(TAG)
+endif
 
 push: container
-	$(PUSH_TOOL) docker -- push $(PREFIX):$(TAG)
+	$(PUSH_TOOL) docker -- push $(MULTI_ARCH_IMG):$(TAG)
+
+ifeq ($(ARCH),amd64)
+	$(PUSH_TOOL) docker -- push $(IMAGE):$(TAG)
+endif
 
 clean:
-	docker rmi -f $(PREFIX):$(TAG) || true
+	docker rmi -f $(IMAGE):$(TAG) || true
 	docker rmi -f $(BUILD_IMAGE)   || true
 	docker rm  -f $(BUILD_IMAGE)   || true
 	rm -f $(TAR_FILE)