search

fluent / fluentd-kubernetes-daemonset

Fluentd daemonset for Kubernetes and it Docker image
Apache License 2.0
1.27k stars 981 forks source link

github: try to build and push for hub.docker.com #1496

Closed kenhys closed 3 months ago

kenhys commented 3 months ago

In the previous versions, we use "Docker Build Cloud". It is useful by kicking via Web UI to trigger pre-defined build pipeline.

Instead, there are limitation of pre-defined build pipelines. The max number of build pipelines is limited.

Thus, we can not maintain all of target images - some target or architecture such as syslog, s3/arm64 are missing.

And more, it means that we can't maintain v1.16 stable branch and v1.17 at the same time. Therefore we need to use alternative way - GitHub Actions.

To setup actions, set Repository secrets:

DOCKER_HUB_ORGS: fluent DOCKER_HUB_USERNAME: someone's account DOCKER_HUB_ACCESS_TOKEN: someone's access token

With using GitHub Actions, the following image can be published again:

main branch is aimed to build v1.17 for a while (#1495 )

kenhys commented 3 months ago

skip trigger on pull_request.

kenhys commented 3 months ago

It seems no manifest available from image yet.

kenhys commented 3 months ago

For example, it is a bit different from:

cat v1.16.5-debian-azureblob-amd64-1.0.fluent.buildx.inspect.txt
Name:      docker.io/fluent/fluentd-kubernetes-daemonset:v1.16.5-debian-azureblob-amd64-1.0
MediaType: application/vnd.docker.distribution.manifest.v2+json
Digest:    sha256:07d4d24fe69ce8b54a8a34aa5f0dba162c10a155435fc136fa48c854a286c98e
cat v1.16.5-debian-azureblob-amd64-1.0.kenhys.buildx.inspect.txt
Name:      docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-azureblob-amd64-1.0
MediaType: application/vnd.oci.image.index.v1+json
Digest:    sha256:a298c228081c1701ac1e3206344142c4a128295bbdc4d4799681b2ac476b0a01

Manifests: 
  Name:        docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-azureblob-amd64-1.0@sha256:fd6707054995ed28222bfbe2bc824c8bfe4a229bdb80bd1f5b3c8b2efc4873cc
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    linux/amd64

  Name:        docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-azureblob-amd64-1.0@sha256:b057cad58d2b7f50d8ab4415ecda909fe66a22fa3416e6e8f0f9859c06cc5d10
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    unknown/unknown
  Annotations: 
    vnd.docker.reference.digest: sha256:fd6707054995ed28222bfbe2bc824c8bfe4a229bdb80bd1f5b3c8b2efc4873cc
    vnd.docker.reference.type:   attestation-manifest
kenhys commented 3 months ago

See https://github.com/docker/buildx/issues/1964

kenhys commented 3 months ago

arm64 image was changed to manifest.v2 (expected)

image

kenhys commented 3 months ago

It seems that --output oci-mediatypes=false does not work for amd64. :thinking:

kenhys commented 3 months ago

provenance: should be disable for amd64.

kenhys commented 3 months ago

Now both of amd64 and arm64 was changed to mediaType: manifest.v2+json.

kenhys commented 3 months ago

Checked diff of manifest. Most of diff are size: or digest. I guess it was caused with difference of Docker Hub Build pipeline environment or GitHub Actions.

e.g.

 cat v1.16-debian-kafka-2.fluent.manifest.json via docker manifest inspect fluent/fluentd-kubernetes-daemonset:v1.16-debian-kafka-2.
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 4694,
         "digest": "sha256:fde6c5b00d94c29a36bcbb6ae18dc8863054c025356dd719e36a5e949816eb2d",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 5528,
         "digest": "sha256:69c810c12fdd58ca1df9db591aba85a32e511c5b800fcae2368afe198061977d",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

cat v1.16-debian-kafka-2.kenhys.manifest.json via docker manifest inspect kenhys/fluentd-kubernetes-daemonset:v1.16-debian-kafka-2.
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 4409,
         "digest": "sha256:66cd1c19ca0e0ab1d67be6e056a21512b4d585105864b17b09af267d4e69eb60",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 5186,
         "digest": "sha256:9442d4a06df34de4072b95761c43303200959ed5dc41c5bbbd177533b1482a47",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}
kenhys commented 3 months ago

The result of buildx inspect.

cat v1.16.5-debian-kafka-1.0.fluent.buildx.inspect.txt via docker buildx imagetools inspect fluent/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0

Name:      docker.io/fluent/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:018bf2926fda7a392ea78a7bdf7a001144738b7d1b1eb6fd6128432a9bf932a7

Manifests: 
  Name:      docker.io/fluent/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0@sha256:fde6c5b00d94c29a36bcbb6ae18dc8863054c025356dd719e36a5e949816eb2d
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/fluent/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0@sha256:69c810c12fdd58ca1df9db591aba85a32e511c5b800fcae2368afe198061977d
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64

cat v1.16.5-debian-kafka-1.0.kenhys.buildx.inspect.txt via docker buildx imagetools inspect kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0

Name:      docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:5e9456b0d2f97962b7f331df96516305ee32b848fc325712e7dab304e5340910

Manifests: 
  Name:      docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0@sha256:66cd1c19ca0e0ab1d67be6e056a21512b4d585105864b17b09af267d4e69eb60
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/kenhys/fluentd-kubernetes-daemonset:v1.16.5-debian-kafka-1.0@sha256:9442d4a06df34de4072b95761c43303200959ed5dc41c5bbbd177533b1482a47
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64
kenhys commented 3 months ago

Migration plan

After that backport this PR into v1.16 branch. do the same thing.

kenhys commented 3 months ago

This PR was checked on https://hub.docker.com/repository/docker/kenhys/fluentd-kubernetes-daemonset/.

kenhys commented 3 months ago

Added branches and tags limitation.

kenhys commented 3 months ago

split job and minimum target works: https://github.com/kenhys/fluentd-kubernetes-daemonset/actions/runs/9642374731

kenhys commented 3 months ago

check with more target images again.

kenhys commented 3 months ago

Worked well.

image

kenhys commented 3 months ago

Revert debug for on push: limitation as normal now.

kenhys commented 3 months ago

cache improvement is out of scope in this PR for now.

kenhys commented 3 months ago

Introducing define-matrix seems good way! thanks.