Add multi-arch Docker build and docker-compose stack

Introduce a multi-stage Alpine Dockerfile that cross-compiles via buildx ($BUILDPLATFORM -> $TARGETARCH) so a single invocation produces both linux/amd64 and linux/arm64 images without a qemu-emulated builder. `make docker` loads the native-arch image locally for smoke tests; `make docker-push` publishes a multi-arch manifest. Ship a docker-compose.yaml with opt-in profiles for maglevd/frontend and a .env.example template so operators can mirror /etc/default/vpp-maglev muscle memory into containers.
2026-04-15 18:07:07 +02:00
parent bc6ccaa844
commit 6a48c12449
6 changed files with 291 additions and 24 deletions
--- a/README.md
+++ b/README.md
@@ -114,13 +114,43 @@ deployments.

 ## Docker

-```sh
-docker build -t maglevd .
-docker run --cap-add NET_RAW \
-  -v /etc/vpp-maglev:/etc/vpp-maglev maglevd
+A single multi-stage Alpine `Dockerfile` produces two images, driven
+from `docker-compose.yaml` at the repo root:

-# With netns-scoped health checks (maglev.yaml sets healthchecker.netns):
-docker run --cap-add NET_RAW --cap-add SYS_ADMIN \
-  -v /etc/vpp-maglev:/etc/vpp-maglev \
-  -v /var/run/netns:/var/run/netns maglevd
+- `git.ipng.ch/ipng/vpp-maglevd:latest` — the health-checker daemon.
+- `git.ipng.ch/ipng/vpp-maglevd-frontend:latest` — the read-only web
+  dashboard.
+
+Both services are **opt-in** via Docker Compose profiles, so the same
+stack file works for operators who want the daemon only, the frontend
+only (IPng's own deployment), or both on one host. Copy the example
+env file, choose which services to run, and start the stack:
+
+```sh
+cp .env.example .env
+$EDITOR .env                       # set COMPOSE_PROFILES and any overrides
+docker compose up -d               # starts whichever profiles are active
 ```
+
+Valid `COMPOSE_PROFILES` values are `maglevd`, `frontend`, or both
+comma-separated. Leaving it empty starts nothing. The daemon
+container runs with all capabilities granted (`cap_add: ALL`) so ICMP
+probes and `netns`-scoped probes both work without re-plumbing the
+container; the frontend runs with no extra privileges. The `MAGLEV_*`
+variables in `.env.example` mirror `/etc/default/vpp-maglev` on a
+Debian install, so muscle memory carries over between the two
+deployment modes.
+
+Build or push the images:
+
+```sh
+make docker        # buildx --load, native arch only (local smoke test)
+make docker-push   # buildx --push linux/amd64,linux/arm64 multi-arch manifest
+```
+
+`make docker` loads a single-arch image into the local daemon so you
+can run it immediately; `make docker-push` produces a true multi-arch
+manifest and pushes it to `git.ipng.ch/ipng/...`. Both use `docker
+buildx`, and the Dockerfile cross-compiles from the host's
+`$BUILDPLATFORM` to each `$TARGETARCH` via `make build-<arch>`, so no
+qemu-emulated builder is involved.