Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multi-Architecture Container Images: Why Bother, and How To

Lisa Seelye
October 24, 2019
Programming
0
120

Multi-Architecture Container Images: Why Bother, and How To

All of us, from the hobbyist to the enterprise solutions architects we are faced with downloading software from the Internet and making it work. The first hurdle is getting the new software to run on our computer and that's where we run into so much trouble.

Too often, containers are produced with just a single CPU architecture in mind. As non-traditional architectures become more common, this "make it work" problem gets harder. But there's a way to continue to make it work with our beloved containers.

Sit in and learn more about how container registries know which container to give you, and what a container even is, how to build container images which support multiple CPU architectures, and why it all even matters.

Lisa Seelye

October 24, 2019
Tweet

More Decks by Lisa Seelye

See All by Lisa Seelye
SLO Creation and You: Or, How We Learned to Stop Worrying and Love the Queue Length
thedoh
0
130
SLOs and You, or: How We Learned to Stop Worrying and Love the Queue Length
thedoh
0
130
Starting Over: Designing a new server environment from scratch using lessons of old environments
thedoh
0
30

Other Decks in Programming

See All in Programming
オンボーディングのために 私はプロダクト考古学者になりました!
akitotsukahara
3
220
読みやすいコードの書き方 第 2 回 / Code readability: Session 2 (ver. 2, Ja)
munetoshi
0
170
Make Regexp#match much faster
makenowjust
1
320
Code readability: Session 1 (ver. 2, En)
munetoshi
0
120
M5Unifiedの紹介
lovyan03
0
2.1k
The future vision of Ruby Parser
yui_knk
3
3.1k
Evolving a microservice architecture: how to right-size your services
cer
PRO
0
600
Java 20, 21, オブジェクト指向からデータ指向へ / Java20, 21, Object Oriented to Data Oriented
kishida
10
6.6k
The Adventure of RedAmber - A data frame library in Ruby
heronshoes
0
190
From Cloud-Native Java and Quarkus 3 with Love @ DevoxxUK 2023 London
hpgrahsl
0
150
Devoxx UK - Java Life is Short
kdubois
0
170
サイト信頼性を高める前に開発チームからの信頼性を高めよう
syossan27
8
2k

Featured

See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
54
4.5k
What's in a price? How to price your products and services
michaelherold
234
10k
Infographics Made Easy
chrislema
236
17k
The Art of Programming - Codeland 2020
erikaheidi
37
11k
The Pragmatic Product Professional
lauravandoore
22
3.8k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
217
21k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
23
1.8k
Building Flexible Design Systems
yeseniaperezcruz
315
35k
Building an army of robots
kneath
300
41k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
33
2k

Transcript

  1. #LISA19 @thedoh
    IMAGINE

    View Slide

  2. #LISA19 @thedoh
    THE NEXT LEVEL

    View Slide

  3. #LISA19 @thedoh
    LET DOWN

    View Slide

  4. MULTI-ARCH CONTAINER IMAGES
    WHY BOTHER, AND HOW TO
    #LISA19 @thedoh

    View Slide

  5. #LISA19 @thedoh
    ABOUT ME
    Lisa Seelye thedoh
    Sr. SRE at Red Hat
    Cat enthusiast
    Alternate arch enthusiast
    Sysadmin & Sw. Eng background

    View Slide

  6. #LISA19 @thedoh
    THE GROUND RULES
    DOCKER, DOCKER
    DOCKER, DOCKER

    View Slide

  7. #LISA19 @thedoh
    WHAT LEVEL ARE WE
    ON?
    LOW LEVEL

    View Slide

  8. CONTAINER IMAGES
    LET'S HAVE A LOOK
    #LISA19 @thedoh

    View Slide

  9. #LISA19 @thedoh
    DO YOU THINK THIS?
    CONTAINER SHIPS

    SHIPPING CONTAINERS

    View Slide

  10. #LISA19 @thedoh
    BUT, WHAT IF IT'S ALL A LIE?

    View Slide

  11. #LISA19 @thedoh
    THIS IS YOUR IMAGE
    saved with go-containerregistry pkg/v1/tarball
    $ tar xvf image.tar

    x sha256:4fd1e92090d4d5128fac6b023f9067456ef...

    x 43ef5679e440ba5060f276db0a83af9588ee9ec650....tar.gz

    x 1b8349f9c8bdb67c8167d2ec1234d8dc94deee42bc....tar.gz

    x manifest.json

    $

    View Slide

  12. #LISA19 @thedoh
    IS THIS CONTAINER THING A GIANT SCAM? I MEAN, TARBALLS?? REALLY?!
    INSIDE THE IMAGE TARBALL
    ▸ JSON Config file (sha256:somehash)
    ▸ Layer tarballs (yaddayadda.tar.gz)
    ▸ JSON manifest file (manifest.json)

    View Slide

  13. #LISA19 @thedoh
    BUT LISA, HOW DO I
    GET AN IMAGE??

    View Slide

  14. #LISA19 @thedoh
    WE HAVE TO GO DEEPER

    View Slide

  15. #LISA19 @thedoh
    YEAH, BUT JUST GIVE ME ONE
    DOCKER PULL THEDOH/LISA19
    ▸ No Manifest List
    ▸ Widely used
    ▸ Gives you the requested image, no
    questions asked
    ▸ Manifest list
    ▸ Not as widely used
    ▸ Gives you layers appropriate for your
    platform (sometimes)

    View Slide

  16. #LISA19 @thedoh
    RUNNING ON AMD64
    THEDOH/LISA19:AMD64-19.08.1

    View Slide

  17. #LISA19 @thedoh
    SAD TIMES ON ARM64
    THEDOH/LISA19:AMD64-19.08.1

    View Slide

  18. ALTERNATE ARCHITECTURE EXPERIENCE
    REAL WORLD EXPERIENCES
    #LISA19 @thedoh

    View Slide

  19. #LISA19 @thedoh
    INSTALLING STUFF INTO ARM64 KUBERNETES
    SOFTWARE ATTEMPTED
    ▸ Kubernetes Dashboard
    ▸ Velero and Helm (v2)
    ▸ Tekton Pipelines & Kaniko

    View Slide

  20. #LISA19 @thedoh
    Searching for Velero install docs

    View Slide

  21. #LISA19 @thedoh
    Found the docs!

    View Slide

  22. #LISA19 @thedoh
    More docs! We are close

    View Slide

  23. #LISA19 @thedoh
    ARM64!! We're supported!! Yay!!

    View Slide

  24. #LISA19 @thedoh
    Gooooooooo!!!!

    View Slide

  25. #LISA19 @thedoh
    IT WORKED!!!!

    View Slide

  26. #LISA19 @thedoh
    Not so fast

    View Slide

  27. #LISA19 @thedoh
    EXEC FORMAT ERROR
    WHAT THE HECK DOES THAT
    MEAN?

    View Slide

  28. #LISA19 @thedoh
    WHY DOES THIS WEIRD ALTERNATE ARCH STUFF MATTER?
    IT'S ABOUT POSITIVE USER EXPERIENCE
    ▸ Kubernetes Dashboard docs pointed me to an
    amd64 image
    ▸ Velero and Helm (v2) both have ARM64
    installers, but give amd64 images
    ▸ Other tools and libraries make assumptions
    about the environment

    View Slide

  29. #LISA19 @thedoh
    DOCS AND CULTURE
    SAY ONE THING WHILE
    IMAGES SAY ANOTHER

    View Slide

  30. IMAGE MANIFEST LIST
    GIVE ME A LIST TO PICK FROM, OK?
    #LISA19 @thedoh

    View Slide

  31. #LISA19 @thedoh
    INSIDE AN IMAGE MANIFEST
    ARM64 AMD64

    View Slide

  32. #LISA19 @thedoh
    MANIFEST LISTS

    View Slide

  33. #LISA19 @thedoh
    MANIFEST LISTS + IMAGE MANIFEST

    View Slide

  34. #LISA19 @thedoh
    LISTS ARE THE FUTURE
    WITH MANIFEST LISTS
    ▸ Reference multiple arches with one logical
    image name
    ▸ Image registry gives you the right layer files
    based on requested platform
    ▸ Requesting an unlisted arch fails at pull-time*,
    not runtime

    View Slide

  35. BUT HOW?
    MANIFEST LISTS, COOL, COOL...
    #LISA19 @thedoh

    View Slide

  36. #LISA19 @thedoh
    BUILDING MANIFEST LISTS
    ...BY HAND

    View Slide

  37. #LISA19 @thedoh
    BUILDING MANIFEST LISTS
    WITH MAKE

    View Slide

  38. #LISA19 @thedoh
    WHY BOTHER?

    View Slide

  39. #LISA19 @thedoh
    MAKEFILES AREN'T REASON ENOUGH?
    BENEFITS OF MANIFEST LISTS
    ▸ Seamlessly support multiple architectures
    ▸ Simplifies docs, which people don't like
    writing anyways
    ▸ ARM64 is coming. Amazon has EC2 instances;
    which vendor will make the next move?
    ▸ Maybe shift to an inclusive mindset when
    coding

    View Slide

  40. #LISA19 @thedoh
    I HAVE A CONFESSION
    THIS TALK IS ABOUT
    SOFTWARE
    DEVELOPMENT
    PHILOSOPHY, TOO.

    View Slide

  41. #LISA19 @thedoh
    THE REAL INTENT, PART TWO
    THE IDEA APPLIES TO SOFTWARE ENGINEERING
    ▸ Opinionated software libraries have their
    opinions carried forward
    ▸ Single architecture assumptions aren't portable
    ▸ Examples include:
    ▸ go-containerregistry
    ▸ kaniko, because it uses go-containerregistry

    View Slide

  42. #LISA19 @thedoh
    github.com/google/go-containerregistry pkg/v1/remote/index.go (6991786)

    View Slide

  43. #LISA19 @thedoh
    BRIEF INTERLUDE
    WHAT IS KANIKO?
    ▸ Software that uses go-containerregistry to pull
    images to build new images
    ▸ Builds container images in Kubernetes, without
    Docker socket
    ✴ Why? The Docker socket =~ root
    ▸ Scratches the "let's do everything in
    Kubernetes" itch
    ▸ github.com/GoogleContainerTools/kaniko

    View Slide

  44. #LISA19 @thedoh
    KUBERNETES CI/CD PIPELINE
    TEKTON PIPELINES
    ▸ Open source Kubernetes native CI/CD Platform
    ▸ Can use kaniko to build container images
    ▸ Also only amd64 images
    ▸ github.com/tektoncd/pipeline
    Photo: Corinne Alstrom-Sonne

    View Slide

  45. #LISA19 @thedoh
    KUBERNETES CI/CD PIPELINE
    PORTING TEKTON PIPELINES TO ARM64
    ▸ Depends on google/ko to build
    ✴ But google/ko depends on go-
    containerregistry
    ▸ Building fails in the build system, not software
    code
    ▸ Welcome to dependency hell :(

    View Slide

  46. #LISA19 @thedoh
    CREATE & DISTRIBUTE

    View Slide

  47. #LISA19 @thedoh
    ACTIONS FOR US ALL
    UNDERSTAND THE CULTURE AND GOALS
    TILT TOWARDS CROSS-PLATFORM

    View Slide

  48. #LISA19 @thedoh
    THE END
    Code & Makefiles
    github.com/lisa/lisa19-containers
    Slides & Image Credits
    lisa.dev/conferences#lisa19
    MULTI-ARCHITECTURE CONTAINER IMAGES:

    WHY BOTHER, AND HOW TO

    View Slide