search

thomseddon / traefik-forward-auth

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
MIT License
2.08k stars 396 forks source link

RPi4 - unsupported platform #157

Open shockwaver opened 3 years ago

shockwaver commented 3 years ago

Hello! I am attempting to run this image on an rpi4 (arm64) but it appears that none of the containers are compiled for arm64 despite the tags suggesting such. Attempting to run in swarm mode gives: "no suitable node (2 nodes not available for new tasks; scheduling constraints not satisfied on 2 nodes; unsupported platform on 1 node)"

Running with docker compose gives

Creating traefik-swarm_oauth_1 ... done
Attaching to traefik-swarm_oauth_1
oauth_1          | standard_init_linux.go:211: exec user process caused "exec format error"
traefik-swarm_oauth_1 exited with code 1

Looking at the docker hub it appears the arch for all tags is amd64.

SuperSandro2000 commented 3 years ago

Looking at the docker hub it appears the arch for all tags is amd64.

Thats is because they are all build on amd64 but go cross compiled to arm64.

shockwaver commented 3 years ago

Thats is because they are all build on amd64 but go cross compiled to arm64.

I'm fairly new to Docker so I may be wrong - but when I've cross compiled to amd64 and arm64 on my own images both arch tags show up.

It's possible that's not the issue though - but I'm unsure of what it is.

thomseddon commented 3 years ago

Hey - could you confirm what tag you are using?

shockwaver commented 3 years ago

I was using :2.1-arm64

Beanow commented 3 years ago

This is the same issue as mine: https://github.com/thomseddon/traefik-forward-auth/issues/38#issuecomment-674572439

When using docker in swarm mode, the manifest is used to figure out where it can deploy. Since the manifest says x86 even for the -arm64 tags, it won't deploy on an ARM node.

If you directly run the container (like docker run or non-swarm compose) it should run on ARM. But as a stack deploy it won't work. Currently running the fork https://hub.docker.com/r/npawelek/traefik-forward-auth by @npawelek which has a multi-arch manifest.

Beanow commented 3 years ago

As I understand, Docker Hubs CI is the limiting factor. I'd gently suggest not to have high expectations, or any expectations, of Docker Hub and consider another CI.

Docker Hub seems to constantly lag years behind. It took 4 years to add 2FA (https://github.com/docker/hub-feedback/issues/358). The concept of a deploy token still doesn't exist afaik.

Same thing going on with their build system. Their official blog doesn't mention multi-arch on DH builds: https://www.docker.com/blog/tag/multi-architecture/ Their official images use some consultancy's Jenkins :eyes:: https://doi-janky.infosiftr.net/job/multiarch/view/images/view/traefik/ Clearly they've not decided to eat their own dogfood since adding multi-arch for official images in 2017. No wonder it tastes bad.

thomseddon commented 3 years ago

Agreed - I'm planning to switch to building via github actions and pushing to docker hub (and also making images available via the github registry)

dbaker-rh commented 3 years ago

It's a bit of a hack, but this is how I got my rPi 4 online with a multi-arch image, hosted at docker hub:

# prepare to build
git clone https://github.com/thomseddon/traefik-forward-auth
cd traefik-forward-auth
git checkout v2.2.0

# build two images
podman build -f ./Dockerfile -t traefik-forward-auth:2.2.0-amd64
podman build --arch=arm64 -f ./Dockerfile.arm64 -t traefik-forward-auth:2.2.0-arm64

# create multi-arch manifest and push
podman manifest create tfa:2.2.0 --all traefik-forward-auth:2.2.0-amd64 traefik-forward-auth:2.2.0-arm64
podman manifest push --all tfa:2.2.0 docker://docker.io/dbakerrh/traefik-forward-auth:2.2.0

It's not perfect. Specifically, the docker hub tags page is missing details, but the image is operable

whizzzkid commented 3 years ago

@thomseddon for me thomseddon/traefik-forward-auth:2-arm seems to work on Pi4, and redirects to google's auth page but then redirects back to the login page on successful login looking at: https://github.com/thomseddon/traefik-forward-auth/issues/92 I am not sure what I'm doing wrong

randm-ch commented 3 years ago

Thanks @dbaker-rh glad you already deployed it to DH. @thomseddon The ARM images do work on RPi4. But when deploying via Docker Swarm they will not start, because it thinks that it's an "unsupported plattform", even though everything's fine when deploying them manually. For the release process, using docker build --platform=arm{64} ... should work - see for example https://github.com/ulm0/gitlab/blob/master/ci/build