From b98a3e50eee05f0e8c4b0a00471d807c0426f2eb Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Sat, 7 Oct 2023 23:48:20 +0530 Subject: [PATCH 01/19] updated kubeadm version to v4.1.0-alpha2 (#66) --- Earthfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index d43a122..8b57469 100644 --- a/Earthfile +++ b/Earthfile @@ -18,7 +18,7 @@ ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION ARG K3S_PROVIDER_VERSION=v2.3.2 -ARG KUBEADM_PROVIDER_VERSION=v2.3.3 +ARG KUBEADM_PROVIDER_VERSION=v4.1.0-alpha2 ARG RKE2_PROVIDER_VERSION=v2.3.3 ARG FIPS_ENABLED=false ARG HTTP_PROXY From fff7a34e30c294a5cac73bae07161ef97f53070f Mon Sep 17 00:00:00 2001 From: Santhosh Date: Sun, 8 Oct 2023 22:23:24 -0700 Subject: [PATCH 02/19] PE-2558: use fips image for rke2 if fips_enabled is true (#67) --- Earthfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index 8b57469..5d45dfd 100644 --- a/Earthfile +++ b/Earthfile @@ -165,7 +165,7 @@ provider-image: SAVE IMAGE --push $IMAGE_PATH stylus-image: - IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] + IF [ "$FIPS_ENABLED" = "true" ] ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION ELSE ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-linux-$ARCH:$PE_VERSION From 47bfce100d0136686861ce20218cbc45858583c1 Mon Sep 17 00:00:00 2001 From: lakshmenroy <96564200+lakshmenroy@users.noreply.github.com> Date: Mon, 9 Oct 2023 21:06:37 +0530 Subject: [PATCH 03/19] PAC-396 / PAC-397 /PAC-782 - Upgrade PXK-E, K3s and rke2 Packs to latest (#65) --- Earthfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index 5d45dfd..32f4b92 100644 --- a/Earthfile +++ b/Earthfile @@ -10,7 +10,7 @@ ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG ARCH ARG PE_VERSION=v4.0.4 -ARG SPECTRO_LUET_VERSION=v1.1.4 +ARG SPECTRO_LUET_VERSION=v1.1.5 ARG KAIROS_VERSION=v2.3.2 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 @@ -66,6 +66,9 @@ build-provider-images: BUILD +provider-image --K8S_VERSION=1.25.2 BUILD +provider-image --K8S_VERSION=1.26.4 BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.25.13 + BUILD +provider-image --K8S_VERSION=1.26.8 + BUILD +provider-image --K8S_VERSION=1.27.5 build-provider-images-fips: From 2d65d1e63db0167e0c56d3ce9bdc67bb10ba3503 Mon Sep 17 00:00:00 2001 From: Tyler Gillson Date: Mon, 9 Oct 2023 22:58:44 -0600 Subject: [PATCH 04/19] Update README.md (#64) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5b083a..c1e18f0 100644 --- a/README.md +++ b/README.md @@ -192,7 +192,7 @@ ttl.sh/ubuntu k3s-1.25.2-v3.4.3-demo_linux_amd6 Earthly is a multi-architecture build tool. In this example we are building images for AMD64 hardware which is reflected by the tags above. In the future we will support ARM64 builds and those tags will be included. We only need to push the image tag that DOES NOT have the architecture reference i.e `linux_amd64` in the above example. -11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created imgages. +11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created images. ```shell docker push ttl.sh/ubuntu:k3s-1.25.2-v3.4.3-demo && \ From 0ec2f6a2f333bb7a81921e771766cbeefb7ef550 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Sat, 14 Oct 2023 15:50:52 +0530 Subject: [PATCH 05/19] disable swap for kubeadm/kubeadm-fips (#71) * disable swap for kubeadm/kubeadm-fips * copied apparmor_parser to /usr/local/bin --- Earthfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Earthfile b/Earthfile index 32f4b92..d645144 100644 --- a/Earthfile +++ b/Earthfile @@ -137,6 +137,7 @@ provider-image: ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] + RUN swapoff -a ARG BASE_K8S_VERSION=$K8S_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] ARG K8S_DISTRIBUTION_TAG=$K3S_FLAVOR_TAG @@ -274,6 +275,7 @@ base-image: RUN zypper install -y apparmor-parser apparmor-profiles RUN zypper cc && \ zypper clean + RUN cp /sbin/apparmor_parser /usr/local/bin/apparmor_parser END IF [ "$ARCH" = "arm64" ] From 44ec6429aae4b07dd79c722850640ae82daed6f2 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Mon, 16 Oct 2023 23:28:14 -0700 Subject: [PATCH 06/19] PE-2796 fix build opensuse image in proxy env (#72) * add proxy cert in opensuse base image * disable analytics * add cert in base-alpine * update * update --- .gitignore | 2 ++ Earthfile | 20 +++++++++++++++++--- earthly.sh | 11 ++++++----- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 43eb6cf..8291286 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ config.yaml content-*/* *.arg .idea + +.DS_Store \ No newline at end of file diff --git a/Earthfile b/Earthfile index d645144..1259501 100644 --- a/Earthfile +++ b/Earthfile @@ -90,11 +90,18 @@ build-provider-images-fips: BUILD +provider-image --K8S_VERSION=1.27.2 END -download-etcdctl: +base-alpine: FROM alpine ARG TARGETOS ARG TARGETARCH + IF [ ! -z $PROXY_CERT_PATH ] + COPY sc.crt /etc/ssl/certs + RUN update-ca-certificates + END RUN apk add curl + +download-etcdctl: + FROM +base-alpine RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ chmod +x etcdctl SAVE ARTIFACT etcdctl @@ -226,13 +233,14 @@ base-image: END IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$ARCH" = "amd64" ] - RUN apt update && \ - apt install --no-install-recommends zstd vim -y # Add proxy certificate if present IF [ ! -z $PROXY_CERT_PATH ] COPY sc.crt /etc/ssl/certs RUN update-ca-certificates END + + RUN apt update && \ + apt install --no-install-recommends zstd vim -y IF [ "$UPDATE_KERNEL" = "false" ] RUN if dpkg -l linux-image-generic-hwe-20.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-20.04; fi && \ if dpkg -l linux-image-generic-hwe-22.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-22.04; fi && \ @@ -253,6 +261,12 @@ base-image: # IF OS Type is Opensuse ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$ARCH" = "amd64" ] + # Add proxy certificate if present + IF [ ! -z $PROXY_CERT_PATH ] + COPY sc.crt /usr/share/pki/trust/anchors + RUN update-ca-certificates + END + IF [ "$UPDATE_KERNEL" = "false" ] RUN zypper al kernel-de* END diff --git a/earthly.sh b/earthly.sh index 84650b7..f0c9471 100755 --- a/earthly.sh +++ b/earthly.sh @@ -4,23 +4,24 @@ function build_with_proxy() { export HTTPS_PROXY=$HTTPS_PROXY gitconfig=$(envsubst <.gitconfig.template | base64 | tr -d '\n') # cleanup any previous earthly-buildkitd - if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then + if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi # start earthly buildkitd - docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION + docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config "-v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } +global_config="{disable_analytics: true}" PE_VERSION=$(git describe --abbrev=0 --tags) EARTHLY_VERSION=v0.7.4 source .arg @@ -50,7 +51,7 @@ if [ $? -ne 0 ]; then fi # Cleanup builder helper images. docker rmi gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION -if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then +if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi docker rmi gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION From 8861c59b5fc5539b11e4429c72868397ef28cacc Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 08:21:12 -0700 Subject: [PATCH 07/19] fix typo (#74) --- earthly.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/earthly.sh b/earthly.sh index f0c9471..883d29d 100755 --- a/earthly.sh +++ b/earthly.sh @@ -18,7 +18,7 @@ function build_with_proxy() { function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config "-v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } global_config="{disable_analytics: true}" From 6209156e8c2c4d6df76c133f0ed7ffef476fc4f3 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 17 Oct 2023 10:12:04 -0700 Subject: [PATCH 08/19] add targetarch (#76) --- Earthfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Earthfile b/Earthfile index 1259501..41e335a 100644 --- a/Earthfile +++ b/Earthfile @@ -102,6 +102,8 @@ base-alpine: download-etcdctl: FROM +base-alpine + ARG TARGETOS + ARG TARGETARCH RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ chmod +x etcdctl SAVE ARTIFACT etcdctl From 8cab0fd717a923a55a67e256abb9ac3449218f4a Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Wed, 18 Oct 2023 10:18:59 -0700 Subject: [PATCH 09/19] PE-2796 add proxy cert in dockerfile (#78) * add proxy cert in dockerfile * update * update * update * update * update * update * update * add verbose * update * update * update * update * update * remove debug lines --- Dockerfile | 21 ++++++++++++++++++--- Earthfile | 6 +++++- earthly.sh | 3 +++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 202473c..fa166d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,31 @@ ARG BASE FROM $BASE +ARG OS_DISTRIBUTION +ARG PROXY_CERT_PATH +ARG HTTP_PROXY +ARG HTTPS_PROXY +ARG NO_PROXY + +COPY sc.crt /tmp/sc.crt +RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ + cp /tmp/sc.crt /etc/ssl/certs && \ + update-ca-certificates; \ + fi +RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ + cp /tmp/sc.crt /usr/share/pki/trust/anchors && \ + update-ca-certificates; \ + fi + ###########################Add any other image customizations here ####################### #### Examples #### ### To install the nginx package for Ubuntu ### -#RUN apt-get update && apt-get install nginx -y - +# RUN apt-get update && apt-get install nginx -y ### or ### To install the nginx package for opensuse ### -#RUN zypper refresh && zypper install nginx -y +RUN zypper refresh && zypper install nginx -y diff --git a/Earthfile b/Earthfile index 41e335a..fddfd03 100644 --- a/Earthfile +++ b/Earthfile @@ -23,8 +23,10 @@ ARG RKE2_PROVIDER_VERSION=v2.3.3 ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY +ARG NO_PROXY ARG http_proxy=${HTTP_PROXY} ARG https_proxy=${HTTPS_PROXY} +ARG no_proxy=${NO_PROXY} ARG PROXY_CERT_PATH ARG UPDATE_KERNEL=false @@ -205,7 +207,9 @@ kairos-provider-image: # base build image used to create the base image for all other image types base-image: - FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE . + FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE --build-arg PROXY_CERT_PATH=$PROXY_CERT_PATH \ + --build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \ + --build-arg NO_PROXY=$NO_PROXY . # IF $IS_JETSON # COPY mount.yaml /system/oem/mount.yaml diff --git a/earthly.sh b/earthly.sh index 883d29d..ae61db3 100755 --- a/earthly.sh +++ b/earthly.sh @@ -1,4 +1,7 @@ #!/bin/bash +# Uncomment the line below to enable debug mode +# set -x + function build_with_proxy() { export HTTP_PROXY=$HTTP_PROXY export HTTPS_PROXY=$HTTPS_PROXY From 75f0252bdc30810cb878619a333f3b25c9c2f18f Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Wed, 18 Oct 2023 10:20:39 -0700 Subject: [PATCH 10/19] remove debug lines (#80) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fa166d9..696a210 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,4 +28,4 @@ RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != " ### To install the nginx package for opensuse ### -RUN zypper refresh && zypper install nginx -y +# RUN zypper refresh && zypper install nginx -y From da91d45e118c65dfd58244bc2b2a079b1999ffd4 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Wed, 18 Oct 2023 14:45:32 -0700 Subject: [PATCH 11/19] copy apparmor to /usr/bin and update provider/pe versions (#81) * Update ubuntu-fips kernel for fips * move etcdctl to /usr/bin (#59) (#61) (cherry picked from commit 96372c7ec02cef74ef01f39ab959865e85915e65) Co-authored-by: Nianyu Shen * PE-2558: use fips image for rke2 if fips_enabled is true (#67) (#68) (cherry picked from commit fff7a34e30c294a5cac73bae07161ef97f53070f) Co-authored-by: Santhosh * add support for sles os_distribution (#69) * Release 4.0.6 * update provider versions * update to ghcr * update k3s version * Update provider versions * Update kubeadm and luet repo versions * copied apparmor_parser to /usr/local/bin * disable swap for kubeadm/kubeadm-fips * remove swapoff * copy apparmor to /usr/bin * Update Earthfile v410-alpha6 kubeadm * update pe version --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Nianyu Shen Co-authored-by: vipsharm Co-authored-by: Piyush Kumar --- Earthfile | 25 ++++++++++++------------- README.md | 4 ++-- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/Earthfile b/Earthfile index fddfd03..524eeb2 100644 --- a/Earthfile +++ b/Earthfile @@ -9,17 +9,17 @@ ARG IMAGE_REPO=$OS_DISTRIBUTION ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG ARCH -ARG PE_VERSION=v4.0.4 -ARG SPECTRO_LUET_VERSION=v1.1.5 +ARG PE_VERSION=v4.1.0-alpha9 +ARG SPECTRO_LUET_VERSION=v1.1.9 ARG KAIROS_VERSION=v2.3.2 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION -ARG K3S_PROVIDER_VERSION=v2.3.2 -ARG KUBEADM_PROVIDER_VERSION=v4.1.0-alpha2 -ARG RKE2_PROVIDER_VERSION=v2.3.3 +ARG K3S_PROVIDER_VERSION=v4.1.0-alpha3 +ARG KUBEADM_PROVIDER_VERSION=v4.1.0-alpha6 +ARG RKE2_PROVIDER_VERSION=v4.1.0-alpha2 ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY @@ -40,7 +40,7 @@ ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$BASE_IMAGE" = "" ] ARG BASE_IMAGE_NAME=core-$OS_DISTRIBUTION ARG BASE_IMAGE_TAG=core-$OS_DISTRIBUTION:$KAIROS_VERSION ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG -ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ] +ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ] || [ "$OS_DISTRIBUTION" = "sles" ] # Check for default value for rhel ARG BASE_IMAGE END @@ -148,7 +148,6 @@ provider-image: ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - RUN swapoff -a ARG BASE_K8S_VERSION=$K8S_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] ARG K8S_DISTRIBUTION_TAG=$K3S_FLAVOR_TAG @@ -192,15 +191,15 @@ stylus-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* @@ -295,7 +294,7 @@ base-image: RUN zypper install -y apparmor-parser apparmor-profiles RUN zypper cc && \ zypper clean - RUN cp /sbin/apparmor_parser /usr/local/bin/apparmor_parser + RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser END IF [ "$ARCH" = "arm64" ] diff --git a/README.md b/README.md index c1e18f0..3d0c36d 100644 --- a/README.md +++ b/README.md @@ -114,9 +114,9 @@ Skip this step if your base image is ubuntu or opensuse-leap. If you are buildin |------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------| | CUSTOM_TAG | Environment name for provider image tagging. The default value is `demo`. | String | `demo` | | IMAGE_REGISTRY | Image registry name that will store the image artifacts. The default value points to the *ttl.sh* image registry, an anonymous and ephemeral Docker image registry where images live for a maximum of 24 hours by default. If you wish to make the images exist longer than 24 hours, you can use any other image registry to suit your needs. | String | `ttl.sh` | -| OS_DISTRIBUTION | OS distribution of your choice. For example, it can be `ubuntu` or `opensuse-leap`. | String | `ubuntu` | +| OS_DISTRIBUTION | OS distribution of your choice. For example, it can be `ubuntu`, `opensuse-leap`, `rhel` or `sles` | String | `ubuntu` | | IMAGE_REPO | Image repository name in your chosen registry. | String | `$OS_DISTRIBUTION` | -| OS_VERSION | OS version. For Ubuntu, the possible values are `20`, and `22`. Whereas for openSUSE Leap, the possible value is `15.4`. This example uses `22` for Ubuntu. | String | `22` | +| OS_VERSION | OS version. For Ubuntu, the possible values are `20`, and `22`. Whereas for openSUSE Leap, the possible value is `15.4`. For sles, possible values are `5.4`. This example uses `22` for Ubuntu. | String | `22` | | K8S_DISTRIBUTION | Kubernetes distribution name. It can be one of these: `k3s`, `rke2`, `kubeadm`, or `kubeadm-fips`. | String | `k3s` | | ISO_NAME | Name of the Edge installer ISO image. In this example, the name is *palette-edge-installer*. | String | `palette-edge-installer`| | ARCH | Type of platform to use for the build. Used for Cross Platform Build (arm64 to amd64 as example). | string | `amd64` | From c65a739b4d8189ce846c68bfbedc5996828e3f19 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Thu, 19 Oct 2023 02:38:34 -0700 Subject: [PATCH 12/19] version update to v4.1.0 (#83) * provider version update to v4.1.0 * provider uri update to v4.1.0 --- Earthfile | 18 +++++++++--------- README.md | 2 ++ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Earthfile b/Earthfile index 524eeb2..3a20123 100644 --- a/Earthfile +++ b/Earthfile @@ -9,7 +9,7 @@ ARG IMAGE_REPO=$OS_DISTRIBUTION ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG ARCH -ARG PE_VERSION=v4.1.0-alpha9 +ARG PE_VERSION=v4.1.0 ARG SPECTRO_LUET_VERSION=v1.1.9 ARG KAIROS_VERSION=v2.3.2 ARG K3S_FLAVOR_TAG=k3s1 @@ -17,9 +17,9 @@ ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION -ARG K3S_PROVIDER_VERSION=v4.1.0-alpha3 -ARG KUBEADM_PROVIDER_VERSION=v4.1.0-alpha6 -ARG RKE2_PROVIDER_VERSION=v4.1.0-alpha2 +ARG K3S_PROVIDER_VERSION=v4.1.0 +ARG KUBEADM_PROVIDER_VERSION=v4.1.0 +ARG RKE2_PROVIDER_VERSION=v4.1.0 ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY @@ -191,15 +191,15 @@ stylus-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=ghcr.io/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=cr.io/spectro-dev-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* diff --git a/README.md b/README.md index 3d0c36d..2472e42 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,8 @@ v3.3.3 v3.4.0 v3.4.1 v3.4.3 + +v4.1.0 ``` 4. Checkout the desired tag From 9e01b731bc65340f3db147a7e47c4d0e6984c47b Mon Sep 17 00:00:00 2001 From: Santhosh Date: Thu, 19 Oct 2023 03:04:22 -0700 Subject: [PATCH 13/19] fix typo for gcr (#84) --- Earthfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index 3a20123..9f76c50 100644 --- a/Earthfile +++ b/Earthfile @@ -199,7 +199,7 @@ kairos-provider-image: ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=cr.io/spectro-dev-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* From 4ef461571bd2648cb6f0bf5ae963fee50c3f4dc1 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Thu, 19 Oct 2023 21:41:51 -0700 Subject: [PATCH 14/19] Update provider-k3s cluster version to v4.1.1 (#85) --- Earthfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index 9f76c50..b5cebe8 100644 --- a/Earthfile +++ b/Earthfile @@ -17,7 +17,7 @@ ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION -ARG K3S_PROVIDER_VERSION=v4.1.0 +ARG K3S_PROVIDER_VERSION=v4.1.1 ARG KUBEADM_PROVIDER_VERSION=v4.1.0 ARG RKE2_PROVIDER_VERSION=v4.1.0 ARG FIPS_ENABLED=false From f3db568d31f316288717a1bdb025d0ac294b6ff0 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Thu, 19 Oct 2023 21:43:00 -0700 Subject: [PATCH 15/19] Update Dockerfile (#86) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 696a210..9e1655a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ ARG HTTP_PROXY ARG HTTPS_PROXY ARG NO_PROXY -COPY sc.crt /tmp/sc.crt +COPY sc.cr[t] /tmp/sc.crt RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \ cp /tmp/sc.crt /etc/ssl/certs && \ update-ca-certificates; \ From b77e20d4ac32d375a48231f750e0cecbb8f17367 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Fri, 20 Oct 2023 15:19:31 -0700 Subject: [PATCH 16/19] Update rke2 and k3s provider versions (#87) --- Earthfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index b5cebe8..e444947 100644 --- a/Earthfile +++ b/Earthfile @@ -17,9 +17,9 @@ ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION -ARG K3S_PROVIDER_VERSION=v4.1.1 +ARG K3S_PROVIDER_VERSION=v4.1.2 ARG KUBEADM_PROVIDER_VERSION=v4.1.0 -ARG RKE2_PROVIDER_VERSION=v4.1.0 +ARG RKE2_PROVIDER_VERSION=v4.1.1 ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY From 4c6ac702603b31258f2c23d1e5282cb1f87dccb6 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Sun, 22 Oct 2023 00:18:38 -0700 Subject: [PATCH 17/19] switch to public images for the 4.1 release (#88) * switch to public images for the 4.1 release * pe_version update to v4.1.2 --- Earthfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Earthfile b/Earthfile index e444947..80031e4 100644 --- a/Earthfile +++ b/Earthfile @@ -9,7 +9,7 @@ ARG IMAGE_REPO=$OS_DISTRIBUTION ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG ARCH -ARG PE_VERSION=v4.1.0 +ARG PE_VERSION=v4.1.2 ARG SPECTRO_LUET_VERSION=v1.1.9 ARG KAIROS_VERSION=v2.3.2 ARG K3S_FLAVOR_TAG=k3s1 @@ -180,9 +180,9 @@ provider-image: stylus-image: IF [ "$FIPS_ENABLED" = "true" ] - ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION ELSE - ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-linux-$ARCH:$PE_VERSION END FROM $STYLUS_BASE SAVE ARTIFACT ./* @@ -191,15 +191,15 @@ stylus-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* From 4187d9872fb32f64bee75a063ac3dc0cc4d23da3 Mon Sep 17 00:00:00 2001 From: Tyler Gillson Date: Thu, 26 Oct 2023 18:13:26 -0400 Subject: [PATCH 18/19] install ping for two node Signed-off-by: Tyler Gillson --- Earthfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index 06f957c..576a6dc 100644 --- a/Earthfile +++ b/Earthfile @@ -259,7 +259,7 @@ base-image: apt clean IF $TWO_NODE - RUN apt install -y sqlite3 + RUN apt install -y sqlite3 iputils-ping END # IF OS Type is Opensuse @@ -279,7 +279,7 @@ base-image: # zypper purge-kernels && \ IF $TWO_NODE - RUN zypper install -y sqlite3 + RUN zypper install -y sqlite3 iputils END RUN zypper install -y zstd vim RUN zypper cc && \ From 95f4faef6f1fc9a4fcca56096c5df6352eb12051 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Fri, 27 Oct 2023 07:11:16 +0530 Subject: [PATCH 19/19] kairos bump 2.4.1 (#89) --- Earthfile | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/Earthfile b/Earthfile index 80031e4..6cefa27 100644 --- a/Earthfile +++ b/Earthfile @@ -11,7 +11,7 @@ ARG CUSTOM_TAG ARG ARCH ARG PE_VERSION=v4.1.2 ARG SPECTRO_LUET_VERSION=v1.1.9 -ARG KAIROS_VERSION=v2.3.2 +ARG KAIROS_VERSION=v2.4.1 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos @@ -53,7 +53,7 @@ build-all-images: IF $FIPS_ENABLED BUILD +build-provider-images-fips ELSE - BUILD +build-provider-images + BUILD +build-provider-images END IF [ "$ARCH" = "arm64" ] BUILD --platform=linux/arm64 +iso-image @@ -64,22 +64,22 @@ build-all-images: END build-provider-images: - BUILD +provider-image --K8S_VERSION=1.24.6 - BUILD +provider-image --K8S_VERSION=1.25.2 - BUILD +provider-image --K8S_VERSION=1.26.4 - BUILD +provider-image --K8S_VERSION=1.27.2 - BUILD +provider-image --K8S_VERSION=1.25.13 - BUILD +provider-image --K8S_VERSION=1.26.8 - BUILD +provider-image --K8S_VERSION=1.27.5 + BUILD +provider-image --K8S_VERSION=1.24.6 + BUILD +provider-image --K8S_VERSION=1.25.2 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.25.13 + BUILD +provider-image --K8S_VERSION=1.26.8 + BUILD +provider-image --K8S_VERSION=1.27.5 build-provider-images-fips: - IF $FIPS_ENABLED && [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] + IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] BUILD +provider-image --K8S_VERSION=1.24.13 BUILD +provider-image --K8S_VERSION=1.25.9 BUILD +provider-image --K8S_VERSION=1.26.4 BUILD +provider-image --K8S_VERSION=1.27.2 - ELSE IF $FIPS_ENABLED && [ "$K8S_DISTRIBUTION" = "rke2" ] + ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] BUILD +provider-image --K8S_VERSION=1.24.6 BUILD +provider-image --K8S_VERSION=1.25.2 BUILD +provider-image --K8S_VERSION=1.25.0 @@ -158,8 +158,8 @@ provider-image: END COPY --platform=linux/${ARCH} +kairos-provider-image/ / - COPY +stylus-image/etc/elemental/config.yaml /etc/elemental/config.yaml COPY +stylus-image/etc/kairos/branding /etc/kairos/branding + COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] RUN luet install -y container-runtime/containerd END @@ -179,15 +179,15 @@ provider-image: SAVE IMAGE --push $IMAGE_PATH stylus-image: - IF [ "$FIPS_ENABLED" = "true" ] + IF [ "$FIPS_ENABLED" = "true" ] ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION - ELSE + ELSE ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-linux-$ARCH:$PE_VERSION - END + END FROM $STYLUS_BASE SAVE ARTIFACT ./* SAVE ARTIFACT /etc/kairos/branding - SAVE ARTIFACT /etc/elemental/config.yaml + SAVE ARTIFACT /oem/stylus_config.yaml kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] @@ -210,9 +210,6 @@ base-image: --build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \ --build-arg NO_PROXY=$NO_PROXY . -# IF $IS_JETSON -# COPY mount.yaml /system/oem/mount.yaml -# END IF [ "$IS_JETSON" = "true" ] COPY mount.yaml /system/oem/mount.yaml END @@ -305,7 +302,7 @@ base-image: luet repo update END - DO +OSRELEASE --OS_VERSION=$KAIROS_VERSION + DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION RUN rm -rf /var/cache/* && \ journalctl --vacuum-size=1K && \ @@ -330,8 +327,7 @@ iso-image: && chmod 444 /etc/machine-id SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG - -OSRELEASE: +OS_RELEASE: COMMAND ARG OS_ID=${OS_DISTRIBUTION} ARG OS_VERSION