build: refactor the container build for multi-arch ppc64le

prb112 · prb112 · commit 7b28c492b7be · 2025-03-18T16:07:16.000-04:00
Signed-off-by: Paul Bastide &lt;pbastide@us.ibm.com&gt;
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -78,7 +78,7 @@ jobs:
         with:
           context: .
           platforms: linux/ppc64le
-          file: Dockerfile
+          file: build/Containerfile-build
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
diff --git a/.gitignore b/.gitignore
@@ -2,8 +2,8 @@
 !/.gitignore
 
 #binaries
-bin
-power-dra-kubeletplugin
+bin/*
+**/power-dra-kubeletplugin*
 
 !*.go
 !go.sum
diff --git a/Dockerfile b/Dockerfile
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ include $(CURDIR)/versions.mk
 # Go Targets
 
 build: fmt vet
-	GOOS=linux GOARCH=$(ARCH) go build -o bin/power-dra-driver cmd/power-dra-driver/main.go
+	GOOS=linux GOARCH=$(ARCH) go build -o bin/power-dra-kubeletplugin cmd/power-dra-kubeletplugin/*.go
 
 controller-gen: ## Download controller-gen locally if necessary.
 ifeq (, $(shell which controller-gen))
@@ -80,3 +80,9 @@ image-build: image-build
 image-push:
 	$(info push Container image...)
 	$(CONTAINER_RUNTIME) push $(REGISTRY)/$(REPOSITORY):$(TAG)
+
+.PHONY: image-ci
+image-ci: build
+	$(CONTAINER_RUNTIME) buildx build \
+		-t $(REGISTRY)/$(REPOSITORY):$(TAG) \
+		--platform linux/$(ARCH) -f build/Containerfile-build .
diff --git a/api/powervs-openshift-ipi.cis.ibm.net/resource/gpu/v1alpha1/validate.go b/api/powervs-openshift-ipi.cis.ibm.net/resource/gpu/v1alpha1/validate.go
@@ -40,7 +40,7 @@ func (d TimeSliceInterval) Validate() error {
 
 // Validate ensures that TimeSlicingConfig has a valid set of values.
 func (c *TimeSlicingConfig) Validate() error {
-        return c.Interval.Validate()
+	return c.Interval.Validate()
 }
 
 // Validate ensures that SpacePartitioningConfig has a valid set of values.
@@ -67,8 +67,8 @@ func (s *GpuSharing) Validate() error {
 
 // Validate ensures that GpuConfig has a valid set of values.
 func (c *GpuConfig) Validate() error {
-        if c.Sharing == nil {
-                return fmt.Errorf("no sharing strategy set")
-        }
-        return c.Sharing.Validate()
+	if c.Sharing == nil {
+		return fmt.Errorf("no sharing strategy set")
+	}
+	return c.Sharing.Validate()
 }
diff --git a/build/Containerfile b/build/Containerfile
@@ -0,0 +1,63 @@
+FROM registry.access.redhat.com/ubi9/ubi:9.4 as builder
+USER root
+WORKDIR /workspace
+
+# From https://github.com/openshift/oc-mirror/blob/main/Dockerfile#L8C1-L20C2
+# DNF Package Install List
+ARG DNF_LIST="\
+  jq \
+  tar \
+  gcc \
+  make \
+  git \
+  gpgme-devel \
+  libassuan-devel \
+  wget \
+  pigz \
+  procps-ng \
+  util-linux \
+"
+
+RUN set -ex \
+     && ARCH=$(arch | sed 's|x86_64|amd64|g' | sed 's|aarch64|arm64|g')         \
+     && dnf install -y --nodocs --setopt=install_weak_deps=false ${DNF_LIST}    \
+     && dnf clean all -y                                                        \
+     && GO_VERSION=go1.23.4                                                     \
+     && curl -sL https://golang.org/dl/${GO_VERSION}.linux-${ARCH}.tar.gz       \
+        | tar xzvf - --directory /usr/local/                                    \
+     && /usr/local/go/bin/go version                                            \
+     && ln -f /usr/local/go/bin/go /usr/bin/go
+
+# Link gcc to /usr/bin/s390x-linux-gnu-gcc as go requires it on s390x
+RUN [ "$(arch)" == "s390x" ]                                                    \
+     && ln /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc                            \
+     || echo "Not running on s390x, skip linking gcc binary"
+
+ENV GOROOT=/usr/local/go
+ENV PATH="/root/platform/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin/$GOROOT/bin"
+
+COPY . .
+
+RUN ARCH=$(arch | sed 's|x86_64|amd64|g' | sed 's|aarch64|arm64|g') \
+        CGO_ENABLED=1 \
+        CGO_CFLAGS=-I/usr/include \
+        CGO_LDFLAGS="-L/lib64" GOOS=linux \
+        go build ${BUILD_FLAGS} -tags strictfipsruntime -a -o bin/power-dra-kubeletplugin ./cmd/power-dra-kubeletplugin
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+LABEL io.k8s.display-name="IBM Power DRA Driver"
+LABEL name="IBM Power DRA Driver"
+LABEL vendor="IBM"
+LABEL version="1.0.0"
+LABEL release="N/A"
+LABEL summary="Automate the management and monitoring of addition of specific devices to a Pod."
+LABEL description="Automate the management and monitoring of addition of specific devices to a Pod."
+
+RUN microdnf -y update && microdnf install util-linux -y && microdnf clean all
+WORKDIR /
+
+COPY ./build/entrypoint.sh /
+COPY --from=builder /workspace/bin/power-dra-kubeletplugin /opt/power-dra/bin/
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/build/Containerfile-build b/build/Containerfile-build
@@ -0,0 +1,17 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+LABEL io.k8s.display-name="IBM Power DRA Driver"
+LABEL name="IBM Power DRA Driver"
+LABEL vendor="IBM"
+LABEL version="1.0.0"
+LABEL release="N/A"
+LABEL summary="Automate the management and monitoring of addition of specific devices to a Pod."
+LABEL description="Automate the management and monitoring of addition of specific devices to a Pod."
+
+RUN microdnf -y update && microdnf install util-linux findutils -y && microdnf clean all
+WORKDIR /
+
+COPY ./build/entrypoint.sh /
+COPY bin/* /opt/power-dra/bin/
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/build/entrypoint.sh b/build/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+set -e
+exec /opt/power-dra/bin/power-dra-kubeletplugin $@
diff --git a/deployments/helm/power-dra-driver/templates/kubeletplugin.yaml b/deployments/helm/power-dra-driver/templates/kubeletplugin.yaml
@@ -55,6 +55,10 @@ spec:
         # Simulated number of devices the driver will to have.
         - name: NUM_DEVICES
           value: "8"
+        - name: GRPC_GO_LOG_VERBOSITY_LEVEL
+          value: "99"
+        - name: GRPC_GO_LOG_SEVERITY_LEVEL
+          value: "info"
         volumeMounts:
         - name: plugins-registry
           mountPath: /var/lib/kubelet/plugins_registry
diff --git a/deployments/helm/power-dra-driver/values.yaml b/deployments/helm/power-dra-driver/values.yaml
@@ -59,4 +59,16 @@ kubeletPlugin:
     plugin:
       securityContext:
         privileged: true
+        capabilities:
+          add:
+            - CAP_SYS_ADMIN
+            - CAP_FOWNER
+            - NET_ADMIN
+            - SYS_ADMIN
+          drop:
+            - ALL
+        runAsUser: 0
+        runAsNonRoot: false
+        readOnlyRootFilesystem: false
+        allowPrivilegeEscalation: true
       resources: {}
diff --git a/vendor/k8s.io/dynamic-resource-allocation/kubeletplugin/draplugin.go b/vendor/k8s.io/dynamic-resource-allocation/kubeletplugin/draplugin.go

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +#!/bin/sh
++
 +set -e
 +exec /opt/power-dra/bin/power-dra-kubeletplugin $@