This project provides tools to create OpenShift releases by pruning multiarch manifest lists to specific architectures, excluding dummy images for certain components.
Note on terminology: This is NOT the same as "sparse manifests".
For a component such as aws-cloud-controller-manager, the initial image within image-references is a manifest list that contains the amd64 and arm64 images, plus dummy images (pod) for ppc64le and s390x.
With sparse manifests, we would expect the registry (quay.io in this instance) to accept the POST of the manifest list containing 4 manifests, when only the amd64 and arm64 images were previously pushed to the registry.
At the time of writing, quay.io produces an error in such a case, complaining that the digests corresponding to the ppc64le or s390x manifests are not found within the registry.
In this project, we take a different approach: dummy images aren't added to the aws-cloud-controller-manager manifest list in the first place. The manifest list for this image only contains the arm64 and amd64 images. The goal is to test if clusters can install on architectures like ppc64le with a release containing such pruned images (incomplete from the ppc64le perspective).
The tools in this repository allow you to:
- Save a multiarch OpenShift release image to disk
- Extract and analyze the image-references file
- Filter for specific components (e.g., AWS-related)
- Reconstruct manifest lists with only specific architectures (amd64, arm64)
- Push filtered images to a custom registry
- Create a new release image with the modified references
- Test the pruned release on different architectures
ocCLI toolskopeojqpodmanordocker- Go 1.21+ (for building the manifest-filter tool)
.
├── scripts/ # Bash scripts for each step
├── cmd/ # Go binaries
│ └── manifest-filter/ # Tool to filter manifest lists by architecture
├── work/ # Working directory for intermediate files
└── README.md # This file
make build./scripts/create-pruned-release.sh \
quay.io/openshift-release-dev/ocp-release-nightly@sha256:a322e402ed7f31877ee1dfc2d2f989265ad10a32f4384a305a67806c6e9a1017 \
quay.io/skhoury/ocp-v4.0-art-dev \
4.20 \
quay.io/skhoury/ocp-release:4.20-pruned-aws \
"$TOKEN"Each step can be run individually for debugging:
# Step 1: Save release image
./scripts/01-save-release.sh <release-image>
# Step 2: Extract image-references
./scripts/02-extract-references.sh <release-image>
# Step 3: Filter AWS components
./scripts/03-filter-aws-components.sh
# Step 4: Process and push images
./scripts/04-process-images.sh <target-registry> <tag-prefix>
# Step 5: Create new release
./scripts/05-create-release.sh <target-registry>- Save Release: Uses
oc adm release extractto save the release image locally - Extract References: Pulls the image-references file from the release image
- Filter Components: Uses
jqto find AWS-related components - Reconstruct Manifests: Go tool filters manifest lists to only include amd64 and arm64
- Push Images: Pushes filtered images to target registry
- Update References: Replaces image references with new digests
- Create Release: Uses
oc adm release newto build the pruned release
Testing a pruned release on a Power cluster to verify it works with reduced architecture support.