A recent episode of the “Ampere Developer Impact” features a discussion about a pilot project between the CNCF (Cloud Native Computing Foundation) and Ampere Computing, facilitated by Equinix Metal and powered by Actuated.
The pilot provides CNCF projects hosted on GitHub with access to arm64 GitHub Runners hosted on Equinix Metal, running on Ampere servers. The goal is to make it easier for these projects to leverage arm64 architecture for their CI (Continuous Integration) and testing processes.
A key challenge addressed by this pilot is the difficulty and security concerns associated with using self-hosted arm64 runners on GitHub. Alex Ellis, the founder and CEO of OpenFaaS (the company behind Actuated), explained that GitHub documentation advises against using self-hosted runners for open-source projects due to security risks.
Actuated solves this by using microvMs, which are isolated and have their own Docker instance, existing only for the lifetime of a build and then being destroyed. This approach enhances security compared to traditional self-hosted runners.
From a performance standpoint, the microvM approach on Ampere hardware has shown promising results, with some users experiencing a two to three times improvement in build times compared to other architectures. Ed Merky, the Developer Partner Manager at Equinix, highlighted that the pilot also provides better observability into instance needs, allowing for right-sizing of workloads.
Chris Aniszczyk, the CTO of the Linux Foundation and one of the CNCF’s founders, emphasized that the CNCF has always been at the forefront of adopting new technologies and architectures. He noted the increasing availability and the performance and price advantages of arm in the cloud. He also pointed out that the pilot improves the developer experience by simplifying the process of running arm64 builds.
Dave Neary from Ampere highlighted the case of the etcd project, where using Actuated allowed them to remove 60 lines of complex instructions for arm64 builds with just a single line change.
The pilot initially involved eight CNCF projects, with seven actively participating at the time of the discussion. These projects span various technology areas, including:
- etcd – a key-value store at the heart of Kubernetes
- Fluent Bit – gathers and analyzes logs, traces, and metrics from Kubernetes applications
- Containerd – an OCI compliant container runtime
- Falco – a cloud native security tool that enables the detection of abnormal behaviour and security policy violations
- Cilium – an eBPF-powered cloud native project for networking, observability, and security
- Tetragon – a security and observability project from the same team that created the Cilium project
- ebpf go library – a library in Go to read, modify, and load eBPF programs into the Linux kernel
- CRI-O (cryo) – an OCI-based inplementation of the Kubernetes Container Runtime Interface
- Argo CD – A GitOps Continuous Deployment tool that manages application lifecycles based on changes to application manifests in a Git repository
- OpenTelemetry – An observability framework providing a common lexicography for logs, traces, and metrics for the Kubernetes ecosystem, and a common interface for observability platforms
The benefits for these projects include new or improved arm64 support, faster build times, and more comprehensive testing. For instance, some projects previously relied on slow emulation or daily builds for arm64 but now can run full integration tests on every commit using the Ampere-powered runners. Falco Security is also looking to consolidate their testing infrastructure and reduce costs by using this solution.
All participants expressed excitement about the collaboration and the potential for expanding arm64 support within the CNCF ecosystem. The high core density of Ampere processors was also noted as a significant advantage for cloud-native development and increasing resource efficiency. The success of this pilot is seen as a win-win situation, providing faster, more secure, and potentially cheaper arm64 resources for CNCF projects.
We invite you to watch the full Developer Impact video: Arm64-Native Builds For CNCF Projects On GitHub Running On Ampere CPUs on Ampere’s You Tube Developer Playlist. For more information about developing on Ampere hardware, visit the Developer Center. To collaborate with others on arm64 projects and find answers to your questions, join Ampere’s Developer Community.
More info:
