Skip to content

Commit

Permalink
Dockerfile: build both RHEL7 and RHEL8 shims
Browse files Browse the repository at this point in the history 
Since the shim (ovn-k8s-cni-overlay) gets copied to the host OS
and executed in the host mount namespace by CRIO/Multus it needs
to be runtime compatible with the host OS. Running a RHEL8-built
shim on a RHEL7 system doesn't work due to different shared library
dependencies between the two OS versions.

This wasn't a problem before because CGO_ENABLED=0 which essentially
statically linked everything into the binary. But since we actually
need CGO_ENABLED=1 (which ART forces on "official" builds anyway)
to ensure we use OpenSSL's crypto for FIPS compliance, we run into
the OS version problem with our binaries since they are really
always built with CGO_ENABLED=1 anyway.

So... build two separate versions of ovn-kubernetes in different
layers, and copy the RHEL7 shim into a special location where our
container startup scripts can find it.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
(cherry picked from commit 932ef31)
(cherry picked from commit 20f8d23)
  • Loading branch information
@jcaamano
jcaamano committed Jul 24, 2023
1 parent 41d32ea commit 37a5ded
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,18 @@
# are built in this Dockerfile and included in the image (instead of the rpm)
#

# Build RHEL-8 binaries
FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.15-openshift-4.7 AS builder

WORKDIR /go/src/github.com/openshift/ovn-kubernetes
COPY . .
RUN cd go-controller; CGO_ENABLED=1 make
RUN cd go-controller; CGO_ENABLED=1 make windows

# build the binaries
RUN cd go-controller; CGO_ENABLED=0 make
RUN cd go-controller; CGO_ENABLED=0 make windows
# Build RHEL-7 binaries
FROM registry.ci.openshift.org/ocp/builder:rhel-7-golang-1.15-openshift-4.7 AS rhel7
WORKDIR /go/src/github.com/openshift/ovn-kubernetes
COPY . .
RUN cd go-controller; CGO_ENABLED=1 make

FROM registry.ci.openshift.org/ocp/4.7:cli AS cli

Expand Down Expand Up @@ -62,6 +66,12 @@ COPY --from=builder /go/src/github.com/openshift/ovn-kubernetes/go-controller/_o
COPY --from=builder /go/src/github.com/openshift/ovn-kubernetes/go-controller/_output/go/bin/ovndbchecker /usr/bin/
COPY --from=builder /go/src/github.com/openshift/ovn-kubernetes/go-controller/_output/go/bin/ovnkube-trace /usr/bin/

# Copy RHEL-8 and RHEL-7 shim binaries where the CNO's ovnkube-node container startup script can find them
RUN mkdir -p /usr/libexec/cni/rhel8
COPY --from=builder /go/src/github.com/openshift/ovn-kubernetes/go-controller/_output/go/bin/ovn-k8s-cni-overlay /usr/libexec/cni/rhel8/
RUN mkdir -p /usr/libexec/cni/rhel7
COPY --from=rhel7 /go/src/github.com/openshift/ovn-kubernetes/go-controller/_output/go/bin/ovn-k8s-cni-overlay /usr/libexec/cni/rhel7/

COPY --from=cli /usr/bin/oc /usr/bin/
RUN ln -s /usr/bin/oc /usr/bin/kubectl
RUN stat /usr/bin/oc
Expand Down

0 comments on commit 37a5ded

Please sign in to comment.