The case for multi-arch images [ed: ARM is no more]

fox · October 16, 2023, 1:33pm

do you guys need prebuilt arm images? i have to use docker buildx with actual arm emulator :sadpepe: containers instead of kaniko to make them. i wonder if there’s enough rpi or w/e users out there to actually bother.

i mean it was somewhat fun to figure out how to make those, but in the end kaniko is just better in every way imaginable and i’d rather not deal with buildx at all.

note: i don’t have an arm device i could use to build those images natively.

i run prebuilt arm images off docker hub and i don’t want to make my own
i run prebuilt arm images but i’m fine if i need to make my own
i run arm but i make my own images
i use amd64

0 voters

Jeff · October 16, 2023, 3:47pm

I run the prebuilt arm docker images in an arm based cloud instance. It is certainly easier for me to have you build them, but by no means a deal breaker. I built the arm docker images for a few weeks before you started offering the prebuilt ones, and I recall it was easy enough to manage.

Was it as simple as doing build instead of pull?

fox · October 16, 2023, 5:17pm

manually? something like this, i guess, should work:

cd tt-rss/.docker/app &&
    docker build -t registry.example.com/ttrss-fpm-whatever:latest .

disconn3ct · October 16, 2023, 8:36pm

What about offloading the whole build to one of the SaaS hosts? You can use a GitHub or GitLab workflow for free without rehoming the source, and they both offer container registries too.
At the end of the day, nobody should have to do CI/CD for free. Especially CI/CD infrastructure management. That’s just… mean.

fox · October 17, 2023, 6:52am

i’d rather not take this outside, besides i dunno where i could use armv7 & arm64 gitlab runners for free. i’m definitely not paying for it (even if i could, given the you know what).

ditching buildx means i can ditch dedicated gitlab runners and run all my CI needs on k3s which would simplify things a lot.

fox · October 17, 2023, 8:15am

github.com/GoogleContainerTools/kaniko

[Feature] Support multi context builds

opened 04:39PM - 04 Sep 23 UTC

Neirda24

kind/feature-request priority/p2 area/context

Hi. **Actual behavior** Kaniko does not seem to support either multiple buil…d contexts nor named ones. **Expected behavior** See this article https://www.docker.com/blog/dockerfiles-now-support-multiple-build-contexts/ that allows syntax such as `COPY --from=some_context` where `some_context` is set during `docker build` **To Reproduce** Run kaniko **Additional Information** ```Dockerfile FROM scratch COPY . . COPY --from=my_context . /other-directory ``` ```bash $ docker build --build-context my_context=/some/directory /some/other/directory ``` **Triage Notes for the Maintainers**  | **Description** | **Yes/No** | |----------------|---------------| | Please check if this a new feature you are proposing | <ul><li>- [x] </li></ul>| | Please check if the build works in docker but not in kaniko | <ul><li>- [x] </li></ul>| | Please check if this error is seen when you use `--cache` flag | <ul><li>- [ ] </li></ul>| | Please check if your dockerfile is a multistage dockerfile | <ul><li>- [ ] </li></ul>|

oh well

not a deal breaker but still

fox · October 19, 2023, 6:19am

well i’m not seeing a particularly strong response here so i’m switching to kaniko and ditching buildx runners.

Q: how to build images manually
A:

cd tt-rss

docker build -t ttrss-fpm-app . -f .docker/app/Dockerfile
docker build -t ttrss-nginx -f .docker/web-nginx/Dockerfile

e: ~~looks like i screwed up a bit so this is coming a bit later, reverting to buildx~~

e2: fixed

Jeff · October 19, 2023, 3:00pm

This wasn’t too hard to get going. A few notes/bugs, though.

As written, the Dockerfiles are trying to pull alpine images from registry.fakecake.org, so an easy fix to remove that reference, but I couldn’t use them as they were.

Next, the line you have

is missing a .
docker build -t ttrss-nginx . -f .docker/web-nginx/Dockerfile

I found it easier to integrate the build into my docker-compose.yml file. In the old version of the file I had

  app:
    image: cthulhoo/ttrss-fpm-pgsql-static

Which I changed to

  app:
    image: cthulhoo/ttrss-fpm-pgsql-static
    build: 
      dockerfile: .docker/app/Dockerfile
      context: ./tt-rss

I think, if I understand correctly (and I might not), that if the registry.fakecake.org reference were changed in the official repository, then I could change the path in context: to be https://git.tt-rss.org/fox/tt-rss.git instead of having to manually do a git clone or pull and edit the Dockerfiles.

So, putting it together for other people reading, this is how I modified using my old arm64 setup based on the pre-built images to one using my own built images.

Go to the directory where your TT-RSS docker-compose.yml lives
Do a git clone https://git.tt-rss.org/fox/tt-rss.git
The Dockerfile in tt-rss/.docker/app and tt-rss/.docker/web-nginx need to be edited
1. In each, find the line that is similar to FROM registry.fakecake.org/docker.io/alpine:3.18
2. Change it to FROM alpine:3.18 or whatever the name of the image originally was
Modify your docker-compose.yml to include the build: lines as detailed above

Below is my docker-compose.yml file as an example. It almost certainly is not a drop-in replacement for what you already have.

docker-compose.yml

version: '3'

networks:
  default:
    external:
      name: rss

services:
  db:
    image: postgres:12-alpine
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${TTRSS_DB_USER}
      - POSTGRES_PASSWORD=${TTRSS_DB_PASS}
      - POSTGRES_DB=${TTRSS_DB_NAME}
    volumes:
      - db:/var/lib/postgresql/data
    labels:
      com.centurylinklabs.watchtower.enable: "false"

  app:
    image: cthulhoo/ttrss-fpm-pgsql-static
    build: 
      dockerfile: .docker/app/Dockerfile
      context: ./tt-rss
    restart: unless-stopped
    env_file:
      - .env
    volumes:
      - app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
      - db
    labels:
      com.centurylinklabs.watchtower.enable: "false"

  backups:
    image: cthulhoo/ttrss-fpm-pgsql-static
    build: 
      dockerfile: .docker/app/Dockerfile
      context: ./tt-rss
    restart: unless-stopped
    env_file:
      - .env
    volumes:
      - backups:/backups
      - app:/var/www/html
    depends_on:
      - db
    command: /opt/tt-rss/dcron.sh -f
    labels:
      com.centurylinklabs.watchtower.enable: "false"

  updater:
    image: cthulhoo/ttrss-fpm-pgsql-static
    build: 
      dockerfile: .docker/app/Dockerfile
      context: ./tt-rss
    restart: unless-stopped
    env_file:
      - .env
    volumes:
      - app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
      - app
    command: /opt/tt-rss/updater.sh
    labels:
      com.centurylinklabs.watchtower.enable: "false"

  web-nginx:
    image: cthulhoo/ttrss-web-nginx
    build: 
      dockerfile: .docker/web-nginx/Dockerfile
      context: ./tt-rss
    restart: unless-stopped
    ports:
      - ${HTTP_PORT}:80
    volumes:
      - app:/var/www/html:ro
    depends_on:
      - app
    labels:
      com.centurylinklabs.watchtower.enable: "false"

volumes:
  db:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: /usr/local/etc/tt-rss/db
  app:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: /usr/local/etc/tt-rss/app
  backups:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: /usr/local/etc/tt-rss/backup

fox · October 19, 2023, 3:13pm

i need to either stop doing this with public containers or figure out a way to make this configurable, i guess a build arg would work.

fox · October 19, 2023, 3:18pm

https://gitlab.tt-rss.org/tt-rss/tt-rss/-/commit/45a9ff0c88cbd33892ff16ab837e9059937d656e

I could change the path in context: to be https://git.tt-rss.org/fox/tt-rss.git instead of having to manually do a git clone or pull and edit the Dockerfile s.

that’s cool, i didn’t know you could do that.

disconn3ct · October 20, 2023, 3:48pm

Ugh my face has been on fire for a week, excuse the delay. Or don’t.

i’d rather not take this outside, besides i dunno where i could use armv7 & arm64 gitlab runners for free.

You can build and host multiarch containers free on GitHub with Qemu. Here’s a bad example (no judgement, its mostly C&P from the docs but it works) harbor-container-webhook/.github/workflows/container.yaml at main · disconn3ct/harbor-container-webhook · GitHub generates Package harbor-container-webhook/harbor-container-webhook · GitHub

fox · October 20, 2023, 3:50pm

oh github actions.

if someone wants to bother with all that for their ARM brethren, they have my blessing. i don’t give enough of a fuck, sorry.

Jeff · October 21, 2023, 7:39pm

The latest update to the Dockerfiles fixed the issue.

It seems to work now. I updated my docker-compose.yml file to have

image: cthulhoo/ttrss-fpm-pgsql-static
    build: 
      dockerfile: .docker/app/Dockerfile
      context: https://git.tt-rss.org/fox/tt-rss.git

and then ran docker-compose build and it all just worked. It pulled down the app and web-nginx, but not the whole repository. If the Dockerfile had an ADD ../../foo.conf or something in it, then it would probably break.

In conclusion, obviously it is easier if you do the work of building the arm images, but this is barely any effort for me to manage. Additionally, the same thing should work if somebody wants to run tt-rss on powerpc or something.

fox · October 21, 2023, 9:49pm

very nice. i’ll make a FAQ entry linking to this post.

fox · October 21, 2023, 9:57pm

https://gitlab.tt-rss.org/tt-rss/ttrss-docker-compose/-/commit/0ce9a561580c538de0e3050e295b51a10d2c5e8d

i think this also functionally deprecates no-image setup in master branch and maybe even this separate docker script repo entirely. i could move docker-compose.yml & .env to main tt-rss repo (or repo wiki?) and archive this whole thing. its basically just two files now.

fox · October 21, 2023, 10:15pm

i’ll dump the compose in the wiki here: https://gitlab.tt-rss.org/tt-rss/tt-rss/-/wikis/InstallationNotes (which would sync to tt-rss.org/wiki) and link it on the home page.

i hope this would simplify things for people, rather than dealing with a separate repo what with multiple branches and stuff, they would have all the information right there in front of them.