new(docker,scripts): port all docker images to be multiarch ready by FedeDP · Pull Request #1990 · falcosecurity/falco

FedeDP · 2022-05-04T14:42:26Z

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If contributing rules or changes to rules, please make sure to also uncomment one of the following line:

/kind rule-update

/kind rule-create

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area rules

/area tests

/area proposals

What this PR does / why we need it:

New dockerfiles are multiplatform ready: they can be pushed with docker buildx for various architectures.
Moreover, updated falco-driver-loader to support multiple architectures.

Which issue(s) this PR fixes:

Fixes #1813
Fixes #1589

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

They can be pushed with `docker buildx` for various architectures. Moreover, updated falco-driver-loader to support multiple architectures. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

FedeDP · 2022-05-04T14:43:15Z

docker/tester/Dockerfile


-ADD https://github.com/fullstorydev/grpcurl/releases/download/v1.6.0/grpcurl_1.6.0_linux_x86_64.tar.gz /
+RUN if [ "$TARGETARCH" = "amd64" ] ; then curl -L -o grpcurl.tar.gz \
+    https://github.com/fullstorydev/grpcurl/releases/download/v1.8.6/grpcurl_1.8.6_linux_x86_64.tar.gz; \


grpcurl was bumped to 1.8.6 because 1.6.0 was not released for arm64.
Therefore, bumped it to the latest version.

FedeDP · 2022-05-04T14:45:26Z

docker/tester/root/runners/deb.Dockerfile


-ADD falco-${FALCO_VERSION}-x86_64.deb /
-RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb
+ADD falco-${FALCO_VERSION}-*.deb /


Since ADD does not support any conditional (based on TARGETARCH), we just add any package (same is being done for rpm and binary packages), and then only install the right one for our architecture in the RUN command.
It should not really matter because docker/tester/root/usr/bin/entrypoint will only copy correct architecture one into runner-rootfs.

…uild multiplatform images. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

FedeDP · 2022-05-06T08:25:50Z

.circleci/config.yml

  "publish/docker-dev":
    docker:
-      - image: docker:stable
+      - image: cimg/base:stable


Switched to cimg/base:stable as it already provides docker buildx command for us, when a 20.10.x version of docker is requested.

FedeDP · 2022-05-06T13:40:33Z

scripts/falco-driver-loader

-	URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g)
+	if [ "${ARCH}" == "x86_64" ]; then
+		# x86_64 still uses root
+		URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g)


We will leave x86_64 drivers in their root folder, where they are now, to retain backward compatibility.
New archs will instead go below $arch subfolder.

…ti arch. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

FedeDP · 2022-05-13T09:36:31Z

I just ported publish-rpm and publish-deb scripts to be multiarch.
They must be now called once with list of deb files (one for each supported arch).

Publish-rpm was locally tested, while publish-deb was tested on same docker image used by circleCI: docker.io/debian:stable, to double check the added script dependency (dpkg).

Of course, in both test, i disabled aws s3/cloudfron download and sync.

Publish-deb was the harder one; basically, i fixed the publsih-deb script and then tested adding the new local repo to apt sources, and double checked that apt could actually update and install from the repo.
The repo tree must be equal to https://download.falco.org/?prefix=packages/deb/.

root@60afe6470047:/tmp/falco-deb# ls
dists  stable

ls dists/stable/
Release  Release.gpg  main

root@60afe6470047:/tmp/falco-deb# cat dists/stable/Release
Architectures: amd64,arm64
Codename: stable
Components: main
Date: Fri, 13 May 2022 09:21:52 +0000
Label: Falco
Origin: Falco
Suite: stable
MD5Sum:
5825c4e96c8acfb055ba545635c63b36              140 Release
affb84c8f074475175ae46ba9b158af7             1205 main/binary-amd64/Packages
bebf147595828eb82fadc8f7bdea68d7              824 main/binary-amd64/Packages.bz2
077fde40e75311196557166ce81d4fa3              783 main/binary-amd64/Packages.gz
0fd7b90883437a343949b9c71063e6de             1206 main/binary-arm64/Packages
d4d22eb0f42c88615118eb49e1777fd4              820 main/binary-arm64/Packages.bz2
0e8adb1fb50a24c5ee5b2abefcc43328              784 main/binary-arm64/Packages.gz
[more...]

root@60afe6470047:/tmp/falco-deb# cat dists/stable/main/binary-arm64/Packages
Package: geoip-bin
Architecture: arm64
Version: 1.6.12-8
[more...]

root@60afe6470047:/tmp/falco-deb# cat dists/stable/main/binary-amd64/Packages
Package: geoip-bin
Architecture: amd64
Version: 1.6.12-8
[more...]

root@60afe6470047:/tmp/falco-deb# ls stable/
geoip-bin_1.6.12-8_amd64.deb  geoip-bin_1.6.12-8_amd64.deb.asc  geoip-bin_1.6.12-8_arm64.deb  geoip-bin_1.6.12-8_arm64.deb.asc

root@60afe6470047:/tmp/falco-deb# apt-cache showpkg geoip-bin
Package: geoip-bin
Versions:
1.6.12-8 (/var/lib/apt/lists/_tmp_falco-deb_dists_stable_main_binary-amd64_Packages.lz4)

leogr

This is spectacular, I just need to find some time to test it deeply.

Thank you! 🤗

leogr · 2022-05-23T08:14:13Z

I think we don't have enough time to test this. Moving to the next milestone.
/milestone 0.33.0

jasondellaluce · 2022-06-06T13:26:10Z

@FedeDP, should we link this to #1813 with Fixes# if that's gonna be closed once this will get merged?

FedeDP · 2022-06-06T14:41:20Z

You are right jason! Thanks!

jasondellaluce · 2022-06-06T14:50:21Z

This one too I think! #1589

jasondellaluce

/approve

This is a big change, but since we just released Falco 0.32 I think this is the right time to test it! Great work Fede!

poiana · 2022-06-07T08:01:56Z

LGTM label has been added.

Details

Git tree hash: 518aa4f397f3917a81a9be1675bf1f27c06e936d

poiana · 2022-06-07T08:01:57Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, jasondellaluce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [jasondellaluce]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

new(docker,scripts): port all docker images to be multiarch ready.

a534e16

They can be pushed with `docker buildx` for various architectures. Moreover, updated falco-driver-loader to support multiple architectures. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

poiana added do-not-merge/work-in-progress kind/feature release-note-none dco-signoff: yes area/build labels May 4, 2022

poiana requested review from leodido and leogr May 4, 2022 14:42

poiana added the size/L label May 4, 2022

FedeDP commented May 4, 2022

View reviewed changes

FedeDP changed the title ~~wip: new(docker,scripts): port all docker images to be multiarch ready~~ new(docker,scripts): port all docker images to be multiarch ready May 6, 2022

poiana added size/XL and removed do-not-merge/work-in-progress size/L labels May 6, 2022

update(build): updated circle ci to properly use docker buildx to b…

e79706b

…uild multiplatform images. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

FedeDP force-pushed the new/arm64_docker_images branch from f05490e to e79706b Compare May 6, 2022 08:22

FedeDP commented May 6, 2022

View reviewed changes

This was referenced May 9, 2022

Cut 0.32.0 Release #1993

Closed

Circle CI build job for ARM64 #1997

Merged

update(scripts): ported publish-deb and publish-rpm scripts to be mul…

80096cf

…ti arch. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

leogr reviewed May 13, 2022

View reviewed changes

poiana added this to the 0.33.0 milestone May 23, 2022

jasondellaluce mentioned this pull request Jun 6, 2022

Support arm64 architecture in dockerhub #1589

Closed

jasondellaluce approved these changes Jun 7, 2022

View reviewed changes

poiana assigned jasondellaluce Jun 7, 2022

poiana added the lgtm label Jun 7, 2022

poiana added the approved label Jun 7, 2022

leogr approved these changes Jun 7, 2022

View reviewed changes

poiana assigned leogr Jun 7, 2022

poiana merged commit 3f29660 into falcosecurity:master Jun 7, 2022

FedeDP deleted the new/arm64_docker_images branch June 7, 2022 09:06

jasondellaluce modified the milestones: 0.33.0, 0.32.1 Jun 17, 2022

perk-sumo mentioned this pull request Jan 9, 2023

docs: falco supports arm64 🎉 SumoLogic/sumologic-kubernetes-collection#2768

Merged

clubanderson mentioned this pull request Mar 11, 2026

🌱 falco: Support arm64 architecture in dockerhub kubestellar/console-kb#551

Closed

Conversation

FedeDP commented May 4, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

FedeDP May 4, 2022

Choose a reason for hiding this comment

Uh oh!

FedeDP May 4, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

FedeDP May 6, 2022

Choose a reason for hiding this comment

Uh oh!

FedeDP May 6, 2022

Choose a reason for hiding this comment

Uh oh!

FedeDP commented May 13, 2022

Uh oh!

leogr left a comment

Choose a reason for hiding this comment

Uh oh!

leogr commented May 23, 2022

Uh oh!

jasondellaluce commented Jun 6, 2022

Uh oh!

FedeDP commented Jun 6, 2022

Uh oh!

jasondellaluce commented Jun 6, 2022

Uh oh!

jasondellaluce left a comment

Choose a reason for hiding this comment

Uh oh!

poiana commented Jun 7, 2022

Uh oh!

poiana commented Jun 7, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

FedeDP commented May 4, 2022 •

edited

Loading

FedeDP May 4, 2022 •

edited

Loading