Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Install crictl from RPM #125

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

WIP: Install crictl from RPM #125

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 7 additions & 10 deletions Containerfile.bpfman-agent.openshift
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
# Build the manager binary
ARG BUILDPLATFORM=linux/amd64

FROM --platform=$BUILDPLATFORM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9 AS bpfman-agent-build

# The following ARGs are set internally by docker/build-push-action in github actions
Expand All @@ -22,7 +20,7 @@ COPY . .
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -o bpfman-agent ./cmd/bpfman-agent/main.go

FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227
FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi:9.4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know how much bigger this is than the ubi-minimal?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

% podman images| grep ubi9
registry.access.redhat.com/ubi9/ubi          9.4         f1b92832563d  12 days ago  221 MB
registry.access.redhat.com/ubi9/ubi          latest      f1b92832563d  12 days ago  221 MB
registry.access.redhat.com/ubi9/ubi-minimal  latest      16f404cd0c33  12 days ago  101 MB

Double-checking with image inspect, I see:

% podman image inspect ubi9/ubi | grep \"Size\":
          "Size": 220828778,

% podman image inspect ubi9/ubi-minimal | grep \"Size\":
          "Size": 100927499,

so the minimal image is ~half the size.

If we want to persist with the minimal then we could install subscription-manager in the minimal image ala:

[root@bb47957e72f1 /]# microdnf install -y /usr/bin/find /usr/bin/xargs 

[root@bb47957e72f1 /]# microdnf install -y /usr/bin/subscription-manager

Note: I installed find and xargs as prerequisites because, when installing only subscription-manager, I noticed the following messages at the end of the installation:

[root@bb47957e72f1 /]# microdnf install -y /usr/bin/subscription-manager
...
Installing: python3-subscription-manager-rhsm;1.29.40-1.el9;x86_64;ubi-9-baseos-rpms
Installing: subscription-manager;1.29.40-1.el9;x86_64;ubi-9-baseos-rpms
Created symlink /etc/systemd/system/multi-user.target.wants/rhsmcertd.service → /usr/lib/systemd/system/rhsmcertd.service.
/var/tmp/rpm-tmp.fJ9M2l: line 17: find: command not found
/var/tmp/rpm-tmp.fJ9M2l: line 17: xargs: command not found

Once subscription-manager is installed we can enable the repo:

[root@bb47957e72f1 /]# subscription-manager register --user [email protected]
Registering to: subscription.rhsm.redhat.com:443/subscription
Password:
The system has been registered with ID: 79308da8-d8b6-4595-b15f-b71e6209f0e7
The registered system name is: bb47957e72f1

[root@bb47957e72f1 /]# subscription-manager repos --enable=rhocp-4.16-for-rhel-9-x86_64-rpms
Repository 'rhocp-4.16-for-rhel-9-x86_64-rpms' is enabled for this system.

[root@bb47957e72f1 /]# microdnf install -y cri-tools
Downloading metadata...
Downloading metadata...
Downloading metadata...
Package                                                                                     Repository                          Size
Installing:
 cri-tools-1.29.0-4.el9.x86_64                                                              rhocp-4.16-for-rhel-9-x86_        9.9 MB
Transaction Summary:
 Installing:        1 packages
 Reinstalling:      0 packages
 Upgrading:         0 packages
 Obsoleting:        0 packages
 Removing:          0 packages
 Downgrading:       0 packages
Downloading packages...
Running transaction test...
Installing: cri-tools;1.29.0-4.el9;x86_64;rhocp-4.16-for-rhel-9-x86_64-rpms
Complete.

ARG DNF_CMD="microdnf"

ARG TARGETARCH
Expand All @@ -31,13 +29,12 @@ ARG TARGETPLATFORM
WORKDIR /
COPY --from=bpfman-agent-build /usr/src/bpfman-operator/bpfman-agent .

# Install crictl
RUN ${DNF_CMD} -y install wget tar gzip ca-certificates
ARG VERSION="v1.31.0"
RUN wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${VERSION}/crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
RUN tar zxvf crictl-${VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin
RUN rm -f crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
RUN ${DNF_CMD} -y clean all
RUN ls -lR /etc/pki

RUN subscription-manager repos --enable=rhocp-4_DOT_17-for-rhel-9-x86_64-rpms

RUN ${DNF_CMD} -y install wget tar gzip ca-certificates cri-tools && \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I installed wget, tar and gzip so I could unpack the crictl-*-tar.gz, so we wouldn't need them if we're doing an RPM install of crictl. I think you added ca-certificates -- possibly so you could remove --no-check-certificate. Do we still need it?

Copy link
Contributor Author

@frobware frobware Sep 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re: ca-certificates. No, it shouldn’t be needed once we're just installing cri-tools vi dnf. In fact, I believe we can remove all of these ancillary packages. The PR’s initial goal was primarily to see how the addition of the subscription-manager repository would pan out.

${DNF_CMD} -y clean all

LABEL name="bpfman/bpfman-agent" \
com.redhat.component="bpfman-agent" \
Expand Down
Loading