verrazzano · agv426 · Dec 19, 2023 · Dec 20, 2023 · Dec 20, 2023 · Dec 20, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/images/Makefile.common.in b/images/Makefile.common.in
@@ -17,7 +17,7 @@
 # get image name from directory we're building
 IMAGE_NAME=$(notdir $(CURDIR))
 # docker image registry, default to upstream
-REGISTRY?=gcr.io/k8s-staging-kind
+REGISTRY?=ghcr.io/verrazzano
 # for appending build-meta like "_containerd-v1.7.1"
 TAG_SUFFIX?=
 # tag based on date-sha
@@ -31,18 +31,21 @@ GO_VERSION=$(shell cat $(CURDIR)/../../.go-version | head -n1)
 export DOCKER_CLI_EXPERIMENTAL=enabled
 
 # build with buildx
-PLATFORMS?=linux/amd64,linux/arm64
+PLATFORMS?=linux/amd64,linux/arm6
 OUTPUT?=
 PROGRESS=auto
 EXTRA_BUILD_OPT?=
-build: ensure-buildx
-	docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) .
+#build: ensure-buildx
+#	docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) .
+build:
+	docker build $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) .
 
 # push the cross built image
-push: OUTPUT=--push
+#push: OUTPUT=--push
 push: build
+	docker push ${IMAGE}
 
-# quick can be used to do a build that will be imported into the local docker 
+# quick can be used to do a build that will be imported into the local docker
 # for sanity checking before doing a cross build push
 # cross builds cannot be imported locally at the moment
 # https://github.com/docker/buildx/issues/59

diff --git a/images/base/Dockerfile b/images/base/Dockerfile
@@ -17,26 +17,25 @@
 # For systemd + docker configuration used below, see the following references:
 # https://systemd.io/CONTAINER_INTERFACE/
 
-# start from debian slim, this image is reasonably small as a starting point
-# for a kubernetes node image, it doesn't contain much (anything?) we don't need
-# this stage will install basic files and packages
-ARG BASE_IMAGE=debian:bullseye-slim
+# start from ubuntu, this image is reasonably small as a starting point
+# for a kubernetes node image, it doesn't contain much we don't need
+ARG BASE_IMAGE=quay.io/cybozu/ubuntu:20.04
 FROM $BASE_IMAGE as base
 
 # copy in static files
 # all scripts are 0755 (rwx r-x r-x)
-COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/
-COPY --chmod=0755 files/kind/bin/* /kind/bin/
+COPY files/usr/local/bin/* /usr/local/bin/
+COPY files/kind/bin/* /kind/bin/
 
 # all non-scripts are 0644 (rw- r-- r--)
-COPY --chmod=0644 files/kind/* /kind/
-COPY --chmod=0644 files/LICENSES/* /LICENSES/*
-COPY --chmod=0644 files/etc/* /etc/
-COPY --chmod=0644 files/etc/containerd/* /etc/containerd/
-COPY --chmod=0644 files/etc/default/* /etc/default/
-COPY --chmod=0644 files/etc/sysctl.d/* /etc/sysctl.d/
-COPY --chmod=0644 files/etc/systemd/system/* /etc/systemd/system/
-COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/system/kubelet.service.d/
+COPY files/kind/* /kind/
+COPY files/LICENSES/* /LICENSES/*
+COPY files/etc/* /etc/
+COPY files/etc/containerd/* /etc/containerd/
+COPY files/etc/default/* /etc/default/
+COPY files/etc/sysctl.d/* /etc/sysctl.d/
+COPY files/etc/systemd/system/* /etc/systemd/system/
+COPY files/etc/systemd/system/kubelet.service.d/* /etc/systemd/system/kubelet.service.d/
 
 # Install dependencies, first from apt, then from release tarballs.
 # NOTE: we use one RUN to minimize layers.
@@ -98,16 +97,19 @@ RUN echo "Ensuring /etc/kubernetes/manifests" \
 # This is also why we start again FROM the same base image but a different
 # platform and only the files needed for building
 # We will copy the built binaries from later stages to the final stage(s)
-FROM --platform=$BUILDPLATFORM $BASE_IMAGE as go-build
-COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/
-COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/
-COPY --chmod=0755 scripts/target-cc /usr/local/bin/
+FROM $BASE_IMAGE as go-build
+COPY files/usr/local/bin/* /usr/local/bin/
+RUN chmod 0755 /usr/local/bin/*
+COPY scripts/third_party/gimme/gimme /usr/local/bin/
+RUN chmod 0755 /usr/local/bin/gimme
+COPY scripts/target-cc /usr/local/bin/
+RUN chmod 0755 /usr/local/bin/target-cc
 # tools needed at build-time only
 # first ensure we can install packages for both architectures
-RUN dpkg --add-architecture arm64 && dpkg --add-architecture amd64 \
+RUN  dpkg --add-architecture amd64 \
     && clean-install bash ca-certificates curl git make pkg-config \
-    crossbuild-essential-amd64 crossbuild-essential-arm64 \
-    libseccomp-dev:amd64 libseccomp-dev:arm64
+    crossbuild-essential-amd64\
+    libseccomp-dev:amd64
 # set by makefile to .go-version
 ARG GO_VERSION
 RUN eval "$(gimme "${GO_VERSION}")" \
@@ -116,7 +118,8 @@ RUN eval "$(gimme "${GO_VERSION}")" \
 
 # stage for building containerd
 FROM go-build as build-containerd
-ARG TARGETARCH GO_VERSION
+ARG TARGETARCH
+ARG GO_VERSION
 ARG CONTAINERD_VERSION="v1.7.1"
 ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd"
 # we don't build with optional snapshotters, we never select any of these
@@ -133,7 +136,8 @@ RUN git clone --filter=tree:0 "${CONTAINERD_CLONE_URL}" /containerd \
 
 # stage for building runc
 FROM go-build as build-runc
-ARG TARGETARCH GO_VERSION
+ARG TARGETARCH
+ARG GO_VERSION
 ARG RUNC_VERSION="v1.1.7"
 ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc"
 RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \
@@ -146,7 +150,8 @@ RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \
 
 # stage for building crictl
 FROM go-build as build-crictl
-ARG TARGETARCH GO_VERSION
+ARG TARGETARCH
+ARG GO_VERSION
 ARG CRI_TOOLS_CLONE_URL="https://github.com/kubernetes-sigs/cri-tools"
 ARG CRICTL_VERSION="v1.27.0"
 RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \
@@ -159,7 +164,8 @@ RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \
 
 # stage for building cni-plugins
 FROM go-build as build-cni
-ARG TARGETARCH GO_VERSION
+ARG TARGETARCH
+ARG GO_VERSION
 ARG CNI_PLUGINS_VERSION="v1.3.0"
 ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins"
 RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \
@@ -179,7 +185,8 @@ RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \
 
 # stage for building containerd-fuse-overlayfs
 FROM go-build as build-fuse-overlayfs
-ARG TARGETARCH GO_VERSION
+ARG TARGETARCH
+ARG GO_VERSION
 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v1.0.5"
 ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter"
 RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \

diff --git a/images/base/Makefile b/images/base/Makefile
@@ -11,5 +11,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+export EXTRA_BUILD_OPT=--build-arg=TARGETARCH=amd64
 include $(CURDIR)/../Makefile.common.in
diff --git a/images/haproxy/Dockerfile b/images/haproxy/Dockerfile
@@ -32,7 +32,8 @@ RUN apt update && \
       procps bash
 
 # copy in script for staging distro provided binary to distroless
-COPY --chmod=0755 stage-binary-and-deps.sh /usr/local/bin/
+COPY stage-binary-and-deps.sh /usr/local/bin/
+RUN chmod 0775 /usr/local/bin/stage-binary-and-deps.sh
 
 # stage everything for copying into the final image
 # NOTE: kind currently also uses "mkdir" and "cp" to write files within the container

diff --git a/images/kindnetd/Dockerfile b/images/kindnetd/Dockerfile
@@ -13,27 +13,26 @@
 # limitations under the License.
 
 # first stage build kindnetd binary
-# NOTE: the actual go version will be overridden
-FROM --platform=$BUILDPLATFORM golang:latest
+# NOTE: tentatively follow upstream kubernetes go version based on k8s in go.mod
+FROM ghcr.io/oracle/oraclelinux:8-slim
 WORKDIR /go/src
-COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/
+COPY scripts/third_party/gimme/gimme /usr/local/bin/
+RUN chmod 0755 /usr/local/bin/gimme
 # make deps fetching cacheable
 COPY go.mod go.sum ./
-# set by makefile to .go-version
-ARG GO_VERSION
-RUN eval "$(gimme "${GO_VERSION}")" \
-    && go mod download \
-    && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest
+RUN microdnf -y upgrade && \
+    microdnf -y module enable go-toolset:ol8 && \
+    microdnf -y install go-toolset && \
+    go mod download
 # build
 COPY . .
-ARG TARGETARCH
-RUN eval "$(gimme "${GO_VERSION}")" \
-    && CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o ./kindnetd ./cmd/kindnetd \
-    && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/kindnetd
+RUN CGO_ENABLED=0 go build -o ./kindnetd ./cmd/kindnetd
 
 # build real kindnetd image
 FROM registry.k8s.io/build-image/distroless-iptables:v0.2.3
 COPY --from=0 --chown=root:root ./go/src/kindnetd /bin/kindnetd
-COPY --from=0 /_LICENSES/* /LICENSES/
-COPY --chmod=0644 files/LICENSES/* /LICENSES/*
+# TBD: files not found?
+#COPY --from=0 /_LICENSES/* /LICENSES/
+COPY files/LICENSES/* /LICENSES/*
+RUN chmod 0644 /LICENSES/*
 CMD ["/bin/kindnetd"]
diff --git a/images/local-path-helper/Dockerfile b/images/local-path-helper/Dockerfile
@@ -29,7 +29,8 @@ RUN apt update && apt install -y --no-install-recommends bash
 RUN ln -sf /bin/bash /bin/sh
 
 # copy in script for staging distro provided binary to distroless
-COPY --chmod=0755 stage-binary-and-deps.sh /usr/local/bin/
+COPY stage-binary-and-deps.sh /usr/local/bin/
+RUN chmod 0775 /usr/local/bin/stage-binary-and-deps.sh
 
 # local-path-provisioner needs these things for the helper pod
 # TODO: we could probably coerce local-path-provisioner to use a small binary

diff --git a/images/local-path-provisioner/Dockerfile b/images/local-path-provisioner/Dockerfile
@@ -12,23 +12,23 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# NOTE the actual go version will be overridden
-FROM --platform=$BUILDPLATFORM golang:latest
-COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/
-RUN git clone --filter=tree:0 https://github.com/rancher/local-path-provisioner
+FROM ghcr.io/oracle/oraclelinux:8-slim
 ARG VERSION
-# set by makefile to .go-version
-ARG TARGETARCH GO_VERSION
-RUN eval "$(gimme "${GO_VERSION}")" \
-    && cd local-path-provisioner \
-    && git fetch && git checkout "${VERSION}" \
-    && GOARCH=$TARGETARCH scripts/build \
-    && mv bin/local-path-provisioner /usr/local/bin/local-path-provisioner \
+RUN microdnf -y upgrade && \
+    microdnf -y module enable go-toolset:ol8 && \
+    microdnf -y install go-toolset && \
+    microdnf install git && \
+    git clone https://github.com/rancher/local-path-provisioner && \
+    cd local-path-provisioner && \
+    git fetch && git checkout "${VERSION}" && \
+    scripts/build && \
+    mv bin/local-path-provisioner /usr/local/bin/local-path-provisioner \
     && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest \
     && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES .
 
-FROM gcr.io/distroless/base-debian11
+FROM ghcr.io/oracle/oraclelinux:8-slim
 COPY --from=0 /usr/local/bin/local-path-provisioner /usr/local/bin/local-path-provisioner
 COPY --from=0 /_LICENSES/* /LICENSES/
-COPY --chmod=0644 files/LICENSES/* /LICENSES/*
+COPY files/LICENSES/* /LICENSES/*
+RUN chmod 0644 /LICENSES/*
 ENTRYPOINT /usr/local/bin/local-path-provisioner
diff --git a/pkg/build/nodeimage/buildcontext.go b/pkg/build/nodeimage/buildcontext.go
@@ -321,7 +321,8 @@ func (c *buildContext) createBuildContainer() (id string, err error) {
 			// the container should hang forever, so we can exec in it
 			"--entrypoint=sleep",
 			"--name=" + id,
-			"--platform=" + dockerBuildOsAndArch(c.arch),
+			// avoid experimental feature error
+			// "--platform=" + dockerBuildOsAndArch(c.arch),
 			"--security-opt", "seccomp=unconfined", // ignore seccomp
 		},
 		[]string{

diff --git a/pkg/build/nodeimage/const_cni.go b/pkg/build/nodeimage/const_cni.go
@@ -20,7 +20,7 @@ package nodeimage
 The default CNI manifest and images are our own tiny kindnet
 */
 
-const kindnetdImage = "docker.io/kindest/kindnetd:v20230511-dc714da8"
+const kindnetdImage = "ghcr.io/verrazzano/kind-kindnetd:20230216193743-4b302893"
 
 var defaultCNIImages = []string{kindnetdImage}
 

diff --git a/pkg/build/nodeimage/const_storage.go b/pkg/build/nodeimage/const_storage.go
@@ -25,8 +25,8 @@ NOTE: we have customized it in the following ways:
 - install as the default storage class
 */
 
-const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v20230511-dc714da8"
-const storageHelperImage = "docker.io/kindest/local-path-helper:v20230510-486859a6"
+const storageProvisionerImage = "ghcr.io/verrazzano/kind-local-path-provisioner:20230216193743-4b302893"
+const storageHelperImage = "ghcr.io/verrazzano/kind-local-path-helper:20230216193743-4b302893"
 
 // image we need to preload
 var defaultStorageImages = []string{storageProvisionerImage, storageHelperImage}

diff --git a/pkg/cluster/internal/loadbalancer/const.go b/pkg/cluster/internal/loadbalancer/const.go
@@ -17,7 +17,7 @@ limitations under the License.
 package loadbalancer
 
 // Image defines the loadbalancer image:tag
-const Image = "docker.io/kindest/haproxy:v20230606-42a2262b"
+const Image = "ghcr.io/verrazzano/kind-haproxy:20230216193743-4b302893"
 
 // ConfigPath defines the path to the config file in the image
 const ConfigPath = "/usr/local/etc/haproxy/haproxy.cfg"