diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 5b040e5326..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - labels: - - "area/dependency" - - "release-note-none" - - "ok-to-test" - open-pull-requests-limit: 10 diff --git a/images/Makefile.common.in b/images/Makefile.common.in index f3ff3b44d8..56dd70f076 100644 --- a/images/Makefile.common.in +++ b/images/Makefile.common.in @@ -17,7 +17,7 @@ # get image name from directory we're building IMAGE_NAME=$(notdir $(CURDIR)) # docker image registry, default to upstream -REGISTRY?=gcr.io/k8s-staging-kind +REGISTRY?=ghcr.io/verrazzano # for appending build-meta like "_containerd-v1.7.1" TAG_SUFFIX?= # tag based on date-sha @@ -31,18 +31,21 @@ GO_VERSION=$(shell cat $(CURDIR)/../../.go-version | head -n1) export DOCKER_CLI_EXPERIMENTAL=enabled # build with buildx -PLATFORMS?=linux/amd64,linux/arm64 +PLATFORMS?=linux/amd64,linux/arm6 OUTPUT?= PROGRESS=auto EXTRA_BUILD_OPT?= -build: ensure-buildx - docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) . +#build: ensure-buildx +# docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) . +build: + docker build $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) . # push the cross built image -push: OUTPUT=--push +#push: OUTPUT=--push push: build + docker push ${IMAGE} -# quick can be used to do a build that will be imported into the local docker +# quick can be used to do a build that will be imported into the local docker # for sanity checking before doing a cross build push # cross builds cannot be imported locally at the moment # https://github.com/docker/buildx/issues/59 diff --git a/images/base/Dockerfile b/images/base/Dockerfile index eb3f95ade2..ce712d395e 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -17,26 +17,25 @@ # For systemd + docker configuration used below, see the following references: # https://systemd.io/CONTAINER_INTERFACE/ -# start from debian slim, this image is reasonably small as a starting point -# for a kubernetes node image, it doesn't contain much (anything?) we don't need -# this stage will install basic files and packages -ARG BASE_IMAGE=debian:bullseye-slim +# start from ubuntu, this image is reasonably small as a starting point +# for a kubernetes node image, it doesn't contain much we don't need +ARG BASE_IMAGE=quay.io/cybozu/ubuntu:20.04 FROM $BASE_IMAGE as base # copy in static files # all scripts are 0755 (rwx r-x r-x) -COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ -COPY --chmod=0755 files/kind/bin/* /kind/bin/ +COPY files/usr/local/bin/* /usr/local/bin/ +COPY files/kind/bin/* /kind/bin/ # all non-scripts are 0644 (rw- r-- r--) -COPY --chmod=0644 files/kind/* /kind/ -COPY --chmod=0644 files/LICENSES/* /LICENSES/* -COPY --chmod=0644 files/etc/* /etc/ -COPY --chmod=0644 files/etc/containerd/* /etc/containerd/ -COPY --chmod=0644 files/etc/default/* /etc/default/ -COPY --chmod=0644 files/etc/sysctl.d/* /etc/sysctl.d/ -COPY --chmod=0644 files/etc/systemd/system/* /etc/systemd/system/ -COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/system/kubelet.service.d/ +COPY files/kind/* /kind/ +COPY files/LICENSES/* /LICENSES/* +COPY files/etc/* /etc/ +COPY files/etc/containerd/* /etc/containerd/ +COPY files/etc/default/* /etc/default/ +COPY files/etc/sysctl.d/* /etc/sysctl.d/ +COPY files/etc/systemd/system/* /etc/systemd/system/ +COPY files/etc/systemd/system/kubelet.service.d/* /etc/systemd/system/kubelet.service.d/ # Install dependencies, first from apt, then from release tarballs. # NOTE: we use one RUN to minimize layers. @@ -98,16 +97,19 @@ RUN echo "Ensuring /etc/kubernetes/manifests" \ # This is also why we start again FROM the same base image but a different # platform and only the files needed for building # We will copy the built binaries from later stages to the final stage(s) -FROM --platform=$BUILDPLATFORM $BASE_IMAGE as go-build -COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ -COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/ -COPY --chmod=0755 scripts/target-cc /usr/local/bin/ +FROM $BASE_IMAGE as go-build +COPY files/usr/local/bin/* /usr/local/bin/ +RUN chmod 0755 /usr/local/bin/* +COPY scripts/third_party/gimme/gimme /usr/local/bin/ +RUN chmod 0755 /usr/local/bin/gimme +COPY scripts/target-cc /usr/local/bin/ +RUN chmod 0755 /usr/local/bin/target-cc # tools needed at build-time only # first ensure we can install packages for both architectures -RUN dpkg --add-architecture arm64 && dpkg --add-architecture amd64 \ +RUN dpkg --add-architecture amd64 \ && clean-install bash ca-certificates curl git make pkg-config \ - crossbuild-essential-amd64 crossbuild-essential-arm64 \ - libseccomp-dev:amd64 libseccomp-dev:arm64 + crossbuild-essential-amd64\ + libseccomp-dev:amd64 # set by makefile to .go-version ARG GO_VERSION RUN eval "$(gimme "${GO_VERSION}")" \ @@ -116,7 +118,8 @@ RUN eval "$(gimme "${GO_VERSION}")" \ # stage for building containerd FROM go-build as build-containerd -ARG TARGETARCH GO_VERSION +ARG TARGETARCH +ARG GO_VERSION ARG CONTAINERD_VERSION="v1.7.1" ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd" # we don't build with optional snapshotters, we never select any of these @@ -133,7 +136,8 @@ RUN git clone --filter=tree:0 "${CONTAINERD_CLONE_URL}" /containerd \ # stage for building runc FROM go-build as build-runc -ARG TARGETARCH GO_VERSION +ARG TARGETARCH +ARG GO_VERSION ARG RUNC_VERSION="v1.1.7" ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc" RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \ @@ -146,7 +150,8 @@ RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \ # stage for building crictl FROM go-build as build-crictl -ARG TARGETARCH GO_VERSION +ARG TARGETARCH +ARG GO_VERSION ARG CRI_TOOLS_CLONE_URL="https://github.com/kubernetes-sigs/cri-tools" ARG CRICTL_VERSION="v1.27.0" RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \ @@ -159,7 +164,8 @@ RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \ # stage for building cni-plugins FROM go-build as build-cni -ARG TARGETARCH GO_VERSION +ARG TARGETARCH +ARG GO_VERSION ARG CNI_PLUGINS_VERSION="v1.3.0" ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins" RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \ @@ -179,7 +185,8 @@ RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \ # stage for building containerd-fuse-overlayfs FROM go-build as build-fuse-overlayfs -ARG TARGETARCH GO_VERSION +ARG TARGETARCH +ARG GO_VERSION ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v1.0.5" ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter" RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \ diff --git a/images/base/Makefile b/images/base/Makefile index 52b21e8746..ce17b062c9 100644 --- a/images/base/Makefile +++ b/images/base/Makefile @@ -11,5 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +export EXTRA_BUILD_OPT=--build-arg=TARGETARCH=amd64 include $(CURDIR)/../Makefile.common.in diff --git a/images/haproxy/Dockerfile b/images/haproxy/Dockerfile index 77c205d88d..9581f5f7c0 100644 --- a/images/haproxy/Dockerfile +++ b/images/haproxy/Dockerfile @@ -32,7 +32,8 @@ RUN apt update && \ procps bash # copy in script for staging distro provided binary to distroless -COPY --chmod=0755 stage-binary-and-deps.sh /usr/local/bin/ +COPY stage-binary-and-deps.sh /usr/local/bin/ +RUN chmod 0775 /usr/local/bin/stage-binary-and-deps.sh # stage everything for copying into the final image # NOTE: kind currently also uses "mkdir" and "cp" to write files within the container diff --git a/images/kindnetd/Dockerfile b/images/kindnetd/Dockerfile index 1a51b1952c..aeb1850c4d 100644 --- a/images/kindnetd/Dockerfile +++ b/images/kindnetd/Dockerfile @@ -13,27 +13,26 @@ # limitations under the License. # first stage build kindnetd binary -# NOTE: the actual go version will be overridden -FROM --platform=$BUILDPLATFORM golang:latest +# NOTE: tentatively follow upstream kubernetes go version based on k8s in go.mod +FROM ghcr.io/oracle/oraclelinux:8-slim WORKDIR /go/src -COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/ +COPY scripts/third_party/gimme/gimme /usr/local/bin/ +RUN chmod 0755 /usr/local/bin/gimme # make deps fetching cacheable COPY go.mod go.sum ./ -# set by makefile to .go-version -ARG GO_VERSION -RUN eval "$(gimme "${GO_VERSION}")" \ - && go mod download \ - && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest +RUN microdnf -y upgrade && \ + microdnf -y module enable go-toolset:ol8 && \ + microdnf -y install go-toolset && \ + go mod download # build COPY . . -ARG TARGETARCH -RUN eval "$(gimme "${GO_VERSION}")" \ - && CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o ./kindnetd ./cmd/kindnetd \ - && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/kindnetd +RUN CGO_ENABLED=0 go build -o ./kindnetd ./cmd/kindnetd # build real kindnetd image FROM registry.k8s.io/build-image/distroless-iptables:v0.2.3 COPY --from=0 --chown=root:root ./go/src/kindnetd /bin/kindnetd -COPY --from=0 /_LICENSES/* /LICENSES/ -COPY --chmod=0644 files/LICENSES/* /LICENSES/* +# TBD: files not found? +#COPY --from=0 /_LICENSES/* /LICENSES/ +COPY files/LICENSES/* /LICENSES/* +RUN chmod 0644 /LICENSES/* CMD ["/bin/kindnetd"] diff --git a/images/local-path-helper/Dockerfile b/images/local-path-helper/Dockerfile index 1bb8845435..9722a5e9f6 100644 --- a/images/local-path-helper/Dockerfile +++ b/images/local-path-helper/Dockerfile @@ -29,7 +29,8 @@ RUN apt update && apt install -y --no-install-recommends bash RUN ln -sf /bin/bash /bin/sh # copy in script for staging distro provided binary to distroless -COPY --chmod=0755 stage-binary-and-deps.sh /usr/local/bin/ +COPY stage-binary-and-deps.sh /usr/local/bin/ +RUN chmod 0775 /usr/local/bin/stage-binary-and-deps.sh # local-path-provisioner needs these things for the helper pod # TODO: we could probably coerce local-path-provisioner to use a small binary diff --git a/images/local-path-provisioner/Dockerfile b/images/local-path-provisioner/Dockerfile index 410b495620..632965e9bd 100644 --- a/images/local-path-provisioner/Dockerfile +++ b/images/local-path-provisioner/Dockerfile @@ -12,23 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -# NOTE the actual go version will be overridden -FROM --platform=$BUILDPLATFORM golang:latest -COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/ -RUN git clone --filter=tree:0 https://github.com/rancher/local-path-provisioner +FROM ghcr.io/oracle/oraclelinux:8-slim ARG VERSION -# set by makefile to .go-version -ARG TARGETARCH GO_VERSION -RUN eval "$(gimme "${GO_VERSION}")" \ - && cd local-path-provisioner \ - && git fetch && git checkout "${VERSION}" \ - && GOARCH=$TARGETARCH scripts/build \ - && mv bin/local-path-provisioner /usr/local/bin/local-path-provisioner \ +RUN microdnf -y upgrade && \ + microdnf -y module enable go-toolset:ol8 && \ + microdnf -y install go-toolset && \ + microdnf install git && \ + git clone https://github.com/rancher/local-path-provisioner && \ + cd local-path-provisioner && \ + git fetch && git checkout "${VERSION}" && \ + scripts/build && \ + mv bin/local-path-provisioner /usr/local/bin/local-path-provisioner \ && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest \ && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES . -FROM gcr.io/distroless/base-debian11 +FROM ghcr.io/oracle/oraclelinux:8-slim COPY --from=0 /usr/local/bin/local-path-provisioner /usr/local/bin/local-path-provisioner COPY --from=0 /_LICENSES/* /LICENSES/ -COPY --chmod=0644 files/LICENSES/* /LICENSES/* +COPY files/LICENSES/* /LICENSES/* +RUN chmod 0644 /LICENSES/* ENTRYPOINT /usr/local/bin/local-path-provisioner diff --git a/pkg/build/nodeimage/buildcontext.go b/pkg/build/nodeimage/buildcontext.go index fed540dcf0..1b5fdf137e 100644 --- a/pkg/build/nodeimage/buildcontext.go +++ b/pkg/build/nodeimage/buildcontext.go @@ -321,7 +321,8 @@ func (c *buildContext) createBuildContainer() (id string, err error) { // the container should hang forever, so we can exec in it "--entrypoint=sleep", "--name=" + id, - "--platform=" + dockerBuildOsAndArch(c.arch), + // avoid experimental feature error + // "--platform=" + dockerBuildOsAndArch(c.arch), "--security-opt", "seccomp=unconfined", // ignore seccomp }, []string{ diff --git a/pkg/build/nodeimage/const_cni.go b/pkg/build/nodeimage/const_cni.go index 6d616d081e..4b08c4b685 100644 --- a/pkg/build/nodeimage/const_cni.go +++ b/pkg/build/nodeimage/const_cni.go @@ -20,7 +20,7 @@ package nodeimage The default CNI manifest and images are our own tiny kindnet */ -const kindnetdImage = "docker.io/kindest/kindnetd:v20230511-dc714da8" +const kindnetdImage = "ghcr.io/verrazzano/kind-kindnetd:20230216193743-4b302893" var defaultCNIImages = []string{kindnetdImage} diff --git a/pkg/build/nodeimage/const_storage.go b/pkg/build/nodeimage/const_storage.go index dbd36954d7..37683d5a4f 100644 --- a/pkg/build/nodeimage/const_storage.go +++ b/pkg/build/nodeimage/const_storage.go @@ -25,8 +25,8 @@ NOTE: we have customized it in the following ways: - install as the default storage class */ -const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v20230511-dc714da8" -const storageHelperImage = "docker.io/kindest/local-path-helper:v20230510-486859a6" +const storageProvisionerImage = "ghcr.io/verrazzano/kind-local-path-provisioner:20230216193743-4b302893" +const storageHelperImage = "ghcr.io/verrazzano/kind-local-path-helper:20230216193743-4b302893" // image we need to preload var defaultStorageImages = []string{storageProvisionerImage, storageHelperImage} diff --git a/pkg/cluster/internal/loadbalancer/const.go b/pkg/cluster/internal/loadbalancer/const.go index 3600b338bd..a737df90c8 100644 --- a/pkg/cluster/internal/loadbalancer/const.go +++ b/pkg/cluster/internal/loadbalancer/const.go @@ -17,7 +17,7 @@ limitations under the License. package loadbalancer // Image defines the loadbalancer image:tag -const Image = "docker.io/kindest/haproxy:v20230606-42a2262b" +const Image = "ghcr.io/verrazzano/kind-haproxy:20230216193743-4b302893" // ConfigPath defines the path to the config file in the image const ConfigPath = "/usr/local/etc/haproxy/haproxy.cfg"