OKD-40: Unify OKD and OCP Dockerfiles #1058
Conversation
|
Thank you for the PR, Justin. I probably shouldn't be doing reviews Friday evening, so only a few initial thoughts.
I'll try to do a more thorough review next week. PTO Monday. Thank you. |
|
/test okd-scos-images |
There was a problem hiding this comment.
Thank you for the changes. podman build --squash-all helps a lot with reducing the resulting images sizes.
Only a couple of nits/questions left from my side. There is quite a lot of duplication in the if/else clauses in dockerfile_install_support.sh, but we/I can clean this up after the fact. Thank you for the PR.
/approve
Almost looks good to me.
|
/lgtm cancel |
|
/approve |
openshift-ci
bot
added
approved
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jmencak, jupierce The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| set -o xtrace | ||
|
|
||
| source /etc/os-release | ||
| if [[ "${ID}" == "centos" ]]; then |
There was a problem hiding this comment.
Maybe this should be centos OR fedora, in case we bring back OKD/FCOS builds
There was a problem hiding this comment.
actually, nevermind, this wouldn't work, as OKD/FCOS payload images would still be using the centos base image for components.
Maybe this should instead make use of the ARG TAGS=ocp, which would be overriden in the OKD builds with TAGS=scos for OKD/SCOS and TAGS=fcos for OKD/FCOS.
Prashanth684
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@jupierce: This pull request references OKD-40 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
As this is one of the last images we need to get OKD building again and the changes should be a no-op to OCP. |
openshift-ci
bot
added
the
acknowledge-critical-fixes-only
|
Thank you for the changes, Justin. I thought we could get rid of the second "RUN" completely in both Dockerfiles, i.e. moving: too. But I don't think this is a blocker but we can clean this up later on. So |
|
@jupierce: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build cluster-node-tuning-operator-container-v4.17.0-202405151441.p0.gf7fcf8c.assembly.stream.el9 for distgit cluster-node-tuning-operator. |
Add readOnlyRootFilesystem to the NTO operand's container securityContext. Other changes: * Container image build cleanup after openshift#1058 * Remove obsolete Dockerfile.rhel8 * Rename operand to ocp-tuned and use /run/ocp-tuned as home directory
In line with the "Principle of least privilege", add readOnlyRootFilesystem to the NTO operand's container securityContext. Other changes: * Container image build cleanup after openshift#1058 * Remove obsolete Dockerfile.rhel8 * Rename operand to ocp-tuned and use /run/ocp-tuned as home directory
In line with the "Principle of least privilege", add readOnlyRootFilesystem to the NTO operand's container securityContext. Other changes: * Container image build cleanup after openshift#1058 * Remove obsolete Dockerfile.rhel8 * Rename operand to ocp-tuned and use /run/ocp-tuned as home directory
In line with the "Principle of least privilege", add readOnlyRootFilesystem to the NTO operand's container securityContext. Other changes: * Container image build cleanup after openshift#1058 * Remove obsolete Dockerfile.rhel8 * Rename operand to ocp-tuned and use /run/ocp-tuned as home directory
In line with the "Principle of least privilege", add readOnlyRootFilesystem to the NTO operand's container securityContext. Other changes: * Container image build cleanup after openshift#1058 * Remove obsolete Dockerfile.rhel8 * Rename operand to ocp-tuned and use /run/ocp-tuned as home directory
* Remove Dockerfile.rhel8 * Cleanup duplication after #1058 * Rename openshift-tuned to ocp-tuned --------- Co-authored-by: Jiri Mencak <[email protected]>
In order to support build OKD images on SCOS, the OKD team needs either (a) the same dockerfile to build successfully on CentOS and RHEL or (b) a separate file that builds on CentoS with the same number of layers as used by the OCP Dockerfile built by ART.
This approach unifies the NTO Dockerfile.rhel9 to support model (a).
The Dockerfile.rhel9 OKD image size is ~495MiB vs a 453MB Dockerfile build.