Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi-arch images for stackrox/scanner #5964

Open
anup-kodlekere opened this issue May 9, 2023 · 3 comments
Open

Multi-arch images for stackrox/scanner #5964

anup-kodlekere opened this issue May 9, 2023 · 3 comments
Assignees
@robbycochran @RTann
Labels
area/ci area/scanner

Comments

@anup-kodlekere
Copy link

Hi folks! I'm creating this issue thread to discuss the relevant topics wrt the process of building scanner images.
Creating this here because stackrox/scanner does not have an Issues or Discussions tab.

As part of a broader effort, we've been trying to enable multi-arch image building so that we can run ACS jobs on Power.
So far, we've successfully built the collector-builder and collector-slim image and we're currently working on the images under stackrox tree (main, central-db, webhookserver), the PR for which is on the way. Once merged, the scanner set of images (scanner-slim, scanner-db-slim) is what we'll be looking at, but here's the deal:

As it stands today, IIUC, the scanner images are built using OpenShift-CI. This is different from the other two repos i.e collector and stackrox, both of which employ GitHub Actions to build the upstream images and as I understand, it is not straightforward to build multi-arch images on OpenShift-CI. We are aware that there are plans to move the scanner CI workflows from OpenShift-CI to Actions, however we wanted to discuss more on this.

  • There is a Power cluster available today to run jobs using OpenShift-CI, however since the stackrox images aren't multi-arched yet - we can't run any stackrox jobs. My question here is, is it possible, at all, to utilize this cluster to build the scanner images once we have the prerequisite images multi-arched? If so, what kind of efforts would we be looking at?

  • Follow up question, if we do build the ppc64le images for scanner using OpenShift-CI, how would one go about creating the multi-arch manifest?

  • Or instead of going through all that, is it better to just wait for the move to GitHub Actions?

Looking for some insight here from the stackrox/scanner team. Thanks!
@anup-kodlekere
Copy link
Author

anup-kodlekere commented May 9, 2023
edited

FYI, @ghatwala @pratham-m @gavin-stackrox @robbycochran @janani66

@anup-kodlekere
Copy link
Author

Hi folks! So with the upcoming merge between scanner and clair, power team wanted to get some doubts cleared.

  • Will the CI for new image be migrated to GHA or will that remain in Openshift-CI as well?
  • What, if any, are the differences between scanner and clair?
  • Will we need to port both the images to Power (and Z)? Or with this merge is the old image unnecessary?

cc: @robbycochran @janani66 @ghatwala

@Wang-W-e-i
Copy link

+1
@anup-kodlekere , when you say linux/s390x, wouldn't it require PostgreSQL installation refactoring?

Although PostgreSQL build farm has references to almost every possible architecture, RPM packages don't exist for either linux/ppc64le, or linux/s390x on EL-9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robbycochran robbycochran

@RTann RTann

Labels
area/ci area/scanner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@robbycochran @RTann @Wang-W-e-i @anup-kodlekere