Fix docker buildx image builds

It seems that we broke the qemu initialization for applying multi-architecture builds via docker buildx. We now use the latest `multiarch/qemu-user-static` image to initialize docker buildx and register a new builder which should support all required architectures. This means that we also can remove the vendored `register.sh` script from this repository because it is not being used any more. Beside that change, we also have to `--load` the images built via `docker buildx`, otherwise they will remain within the local build cache and will not being populated into the image store. Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
kubernetes · Jan 25, 2021 · bf8646d · bf8646d
1 parent 77cec6b
commit bf8646d
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 430 deletions.
diff --git a/hack/verify-shellcheck.sh b/hack/verify-shellcheck.sh
@@ -31,8 +31,6 @@ SHELLCHECK_IMAGE="koalaman/shellcheck-alpine:v0.7.1"
 # - ./_* - No need to lint output directories.
 # - ./.git/* - Ignore anything in the git object store.
 # - ./vendor* - Vendored code should be fixed upstream instead.
-# - ./third_party/*, but re-include ./third_party/forked/*  - only code we
-#    forked should be linted and fixed.
 all_shell_scripts=()
 while IFS=$'\n' read -r script;
   do git check-ignore -q "$script" || all_shell_scripts+=("$script");

diff --git a/images/build/debian-base/Makefile b/images/build/debian-base/Makefile
@@ -27,7 +27,7 @@ ARCH ?= amd64
 ALL_ARCH = amd64 arm arm64 ppc64le s390x
 
 TEMP_DIR:=$(shell mktemp -d)
-QEMUVERSION=v5.2.0-2
+QEMUVERSION=5.2.0-2
 
 SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
 
@@ -82,23 +82,31 @@ ifeq ($(ARCH),amd64)
 	# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
 	sed "/CROSS_BUILD_/d" $(TEMP_DIR)/$(CONFIG)/Dockerfile.build > $(TEMP_DIR)/$(CONFIG)/Dockerfile.build.tmp
 else
-	# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
 	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	$(SUDO) ../../../third_party/multiarch/qemu-user-static/register/register.sh --reset
-	curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)/$(CONFIG)
+	docker run --rm --privileged multiarch/qemu-user-static:$(QEMUVERSION) --reset -p yes
+	docker buildx version
+	docker buildx create --use
+	docker buildx inspect --bootstrap
+
+	curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/v$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)/$(CONFIG)
 	# Ensure we don't get surprised by umask settings
 	chmod 0755 $(TEMP_DIR)/$(CONFIG)/qemu-$(QEMUARCH)-static
+
+	# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
 	sed "s/CROSS_BUILD_//g" $(TEMP_DIR)/$(CONFIG)/Dockerfile.build > $(TEMP_DIR)/$(CONFIG)/Dockerfile.build.tmp
 endif
 	mv $(TEMP_DIR)/$(CONFIG)/Dockerfile.build.tmp $(TEMP_DIR)/$(CONFIG)/Dockerfile.build
 
 	docker buildx build \
-		--pull -t $(BUILD_IMAGE) \
+		--pull \
+		--load \
 		--platform linux/$(ARCH) \
+		-t $(BUILD_IMAGE) \
 		-f $(TEMP_DIR)/$(CONFIG)/Dockerfile.build $(TEMP_DIR)/$(CONFIG)
 	docker create --name $(BUILD_IMAGE) $(BUILD_IMAGE)
 	docker export $(BUILD_IMAGE) > $(TEMP_DIR)/$(CONFIG)/$(TAR_FILE)
 	docker buildx build \
+		--load \
 		--platform linux/$(ARCH) \
 		-t $(IMAGE)-$(ARCH):$(IMAGE_VERSION) \
 		-t $(IMAGE)-$(ARCH):$(TAG)-$(CONFIG) \

diff --git a/images/build/debian-hyperkube-base/Makefile b/images/build/debian-hyperkube-base/Makefile
@@ -30,6 +30,8 @@ CNI_VERSION?=v0.8.7
 TEMP_DIR:=$(shell mktemp -d)
 CNI_TARBALL=cni-plugins-linux-$(ARCH)-$(CNI_VERSION).tgz
 
+QEMUVERSION=5.2.0-2
+
 # This option is for running docker manifest command
 export DOCKER_CLI_EXPERIMENTAL := enabled
 
@@ -72,10 +74,17 @@ build: cni-tars/$(CNI_TARBALL)
 
 ifneq ($(ARCH),amd64)
 	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	$(SUDO) ../../../third_party/multiarch/qemu-user-static/register/register.sh --reset
+	docker run --rm --privileged multiarch/qemu-user-static:$(QEMUVERSION) --reset -p yes
+	docker buildx version
+	docker buildx create --use
+	docker buildx inspect --bootstrap
 endif
 	docker buildx build \
-		--pull --platform linux/$(ARCH) -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
+		--pull \
+		--load \
+		--platform linux/$(ARCH) \
+		-t $(IMAGE)-$(ARCH):$(TAG) \
+		$(TEMP_DIR)
 	rm -rf $(TEMP_DIR)
 
 push: build

diff --git a/images/build/debian-iptables/Makefile b/images/build/debian-iptables/Makefile
@@ -31,6 +31,7 @@ BASEIMAGE?=$(BASE_REGISTRY)/debian-base-$(ARCH):$(DEBIAN_BASE_VERSION)
 
 # Build args
 IPTABLES_VERSION ?= 1.8.5
+QEMUVERSION=5.2.0-2
 
 # This option is for running docker manifest command
 export DOCKER_CLI_EXPERIMENTAL := enabled
@@ -43,10 +44,14 @@ build:
 
 ifneq ($(ARCH),amd64)
 	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	$(SUDO) ../../../third_party/multiarch/qemu-user-static/register/register.sh --reset
+	docker run --rm --privileged multiarch/qemu-user-static:$(QEMUVERSION) --reset -p yes
+	docker buildx version
+	docker buildx create --use
+	docker buildx inspect --bootstrap
 endif
 	docker buildx build \
 		--pull \
+		--load \
 		--platform linux/$(ARCH) \
 		-t $(IMAGE)-$(ARCH):$(IMAGE_VERSION) \
 		-t $(IMAGE)-$(ARCH):$(TAG)-$(CONFIG) \

diff --git a/third_party/multiarch/qemu-user-static/LICENSE b/third_party/multiarch/qemu-user-static/LICENSE
diff --git a/third_party/multiarch/qemu-user-static/README.kubernetes b/third_party/multiarch/qemu-user-static/README.kubernetes