search

guilhem / freeipa-issuer

A cert-manager external issuer for FreeIPA
Apache License 2.0
31 stars 14 forks source link

Support aarch64 multi-arch manifests #9

Open anthr76 opened 3 years ago

anthr76 commented 3 years ago

I would like to use and test this project though it would be great if I can install it on my multi-arch cluster. In order to do that it looks like the controller and kube-rbac-proxy needs to be multi-arch. It seems as though the current image mafiests for kube-rbac-proxy started building separate builds for architecture in 0.8.x and this image is only building for amd64.

skopeo --override-arch aarch64 inspect docker://gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0-arm64
{
    "Name": "gcr.io/kubebuilder/kube-rbac-proxy",
    "Digest": "sha256:5a9f8e2f60fc4d02e364fa0192c01c79e8fac7e0c6a01cbc5b17152d6f21deae",
    "RepoTags": [
        "v0.4.0",
        "v0.4.1",
        "v0.5.0",
        "v0.8.0",
        "v0.8.0-amd64",
        "v0.8.0-arm64",
        "v0.8.0-ppc64le",
        "v0.8.0-s390x"
    ],
    "Created": "2020-11-04T16:22:18.100348695Z",
    "DockerVersion": "18.06.0-ce",
    "Labels": null,
    "Architecture": "amd64",
    "Os": "linux",
    "Layers": [
        "sha256:5c7fe08dec514a5105d43dfcae1a5a45be002bcd3251dd178ced702aecfb7531",
        "sha256:9d443775309fe30cb1c2b25750352e70004cf26baaf32c81daff7f5a05375845"
    ],
    "Env": [
        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
        "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
    ]
}

Looks like we'd need to swap the kube-rbac-proxy image and build this image for multi-arch. Would any help be wanted? A helm chart would be great..

guilhem commented 3 years ago

@anthr76 kube-rbac-proxy is an optional package (it comes from kubebuilder init) I may comment: https://github.com/guilhem/freeipa-issuer/blob/b68a4fc1578a8324d8963cb353466710fbd340cc/config/default/kustomization.yaml#L17

and patch that add rbac proxy: https://github.com/guilhem/freeipa-issuer/blob/b68a4fc1578a8324d8963cb353466710fbd340cc/config/default/kustomization.yaml#L31

guilhem commented 3 years ago

you can do your own "base" by only including manager and crd kustomization folder. FAR more simple than an helm chart ;)

guilhem commented 3 years ago

Issue related: https://github.com/kubernetes-sigs/kubebuilder/issues/966#issuecomment-804027885