From cd2aaeda2a07d2605634cc381b1bb3d68fe562a6 Mon Sep 17 00:00:00 2001 From: SinghWang Date: Thu, 23 Feb 2023 17:07:40 +0800 Subject: [PATCH 1/3] kata-deploy: Switch to using an ubuntu image Let's make sure we use a multi-arch image for building kata-deploy. A few changes were also added in order to get systemd working inside the kata-deploy image, due to the switch from CentOS to Ubuntu. Fixes: #6358 Signed-off-by: SinghWang --- tools/packaging/kata-deploy/Dockerfile | 27 +++++++++---------- .../kata-cleanup/base/kata-cleanup.yaml | 10 +++---- .../kata-deploy/base/kata-deploy.yaml | 10 +++---- 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/tools/packaging/kata-deploy/Dockerfile b/tools/packaging/kata-deploy/Dockerfile index 1302a3e6d0..ee5519cd8a 100644 --- a/tools/packaging/kata-deploy/Dockerfile +++ b/tools/packaging/kata-deploy/Dockerfile @@ -3,28 +3,27 @@ # SPDX-License-Identifier: Apache-2.0 # Specify alternative base image, e.g. clefos for s390x -ARG BASE_IMAGE_NAME=registry.centos.org/centos -ARG BASE_IMAGE_TAG=7 +ARG BASE_IMAGE_NAME=ubuntu +ARG BASE_IMAGE_TAG=20.04 FROM $BASE_IMAGE_NAME:$BASE_IMAGE_TAG +ENV DEBIAN_FRONTEND=noninteractive ARG KATA_ARTIFACTS=./kata-static.tar.xz ARG DESTINATION=/opt/kata-artifacts COPY ${KATA_ARTIFACTS} ${WORKDIR} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN \ -yum -y update && \ -yum -y install xz && \ -yum clean all && \ +apt-get update && \ +apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl xz-utils systemd && \ +mkdir -p /etc/apt/keyrings/ && \ +curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg && \ +echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \ +apt-get update && \ +apt-get install -y --no-install-recommends kubectl && \ +apt-get clean && rm -rf /var/lib/apt/lists/ && \ mkdir -p ${DESTINATION} && \ tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION} -# hadolint will deny echo -e, heredocs don't work in Dockerfiles, shell substitution doesn't work with $'...' -RUN \ -echo "[kubernetes]" >> /etc/yum.repos.d/kubernetes.repo && \ -echo "name=Kubernetes" >> /etc/yum.repos.d/kubernetes.repo && \ -echo "baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$(uname -m)" >> /etc/yum.repos.d/kubernetes.repo && \ -echo "gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" >> /etc/yum.repos.d/kubernetes.repo && \ -yum -y install kubectl && \ -yum clean all - COPY scripts ${DESTINATION}/scripts diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml index 851e958a4c..095876b732 100644 --- a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml +++ b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml @@ -27,19 +27,19 @@ spec: fieldRef: fieldPath: spec.nodeName securityContext: - privileged: false + privileged: true volumeMounts: - name: dbus - mountPath: /var/run/dbus + mountPath: /var/run/dbus/system_bus_socket - name: systemd - mountPath: /run/systemd + mountPath: /run/systemd/system volumes: - name: dbus hostPath: - path: /var/run/dbus + path: /var/run/dbus/system_bus_socket - name: systemd hostPath: - path: /run/systemd + path: /run/systemd/system updateStrategy: rollingUpdate: maxUnavailable: 1 diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml index a03a56b84e..97e98ee741 100644 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml +++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml @@ -29,7 +29,7 @@ spec: fieldRef: fieldPath: spec.nodeName securityContext: - privileged: false + privileged: true volumeMounts: - name: crio-conf mountPath: /etc/crio/ @@ -38,9 +38,9 @@ spec: - name: kata-artifacts mountPath: /opt/kata/ - name: dbus - mountPath: /var/run/dbus + mountPath: /var/run/dbus/system_bus_socket - name: systemd - mountPath: /run/systemd + mountPath: /run/systemd/system - name: local-bin mountPath: /usr/local/bin/ volumes: @@ -56,10 +56,10 @@ spec: type: DirectoryOrCreate - name: dbus hostPath: - path: /var/run/dbus + path: /var/run/dbus/system_bus_socket - name: systemd hostPath: - path: /run/systemd + path: /run/systemd/system - name: local-bin hostPath: path: /usr/local/bin/ From 76b4591e2b0929024144f9afbcd29bd248f80f75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 6 Mar 2023 11:07:33 +0100 Subject: [PATCH 2/3] tools: Adjust the build-and-upload-payload.sh script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that we've switched the base container image to using Ubuntu instead of CentOS, we don't need any kind of extra logic to correctly build the image for different architectures, as Ubuntu is a multi-arch image that supports all the architectures we're targetting. Signed-off-by: Fabiano FidĂȘncio --- .../kata-deploy-build-and-upload-payload.sh | 36 ++----------------- 1 file changed, 2 insertions(+), 34 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh index ffb835eb9e..c4ff1abf59 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh @@ -18,23 +18,7 @@ pushd ${KATA_DEPLOY_DIR} IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-$(uname -m)" echo "Building the image" -case $(uname -m) in - aarch64) - docker build \ - --build-arg BASE_IMAGE_NAME=cdocker.io/library/centos \ - --build-arg BASE_IMAGE_TAG=7 \ - --tag ${IMAGE_TAG} . - ;; - s390x) - docker build \ - --build-arg BASE_IMAGE_NAME=docker.io/library/clefos \ - --build-arg BASE_IMAGE_TAG=7 \ - --tag ${IMAGE_TAG} . - ;; - *) - docker build --tag ${IMAGE_TAG} . - ;; -esac +docker build --tag ${IMAGE_TAG} . echo "Pushing the image to quay.io" docker push ${IMAGE_TAG} @@ -44,23 +28,7 @@ if [ -n "${TAG}" ]; then echo "Building the ${ADDITIONAL_TAG} image" - case $(uname -m) in - aarch64) - docker build \ - --build-arg BASE_IMAGE_NAME=docker.io/library/centos \ - --build-arg BASE_IMAGE_TAG=7 \ - --tag ${ADDITIONAL_TAG} . - ;; - s390x) - docker build \ - --build-arg BASE_IMAGE_NAME=docker.io/library/clefos \ - --build-arg BASE_IMAGE_TAG=7 \ - --tag ${ADDITIONAL_TAG} . - ;; - *) - docker build --tag ${ADDITIONAL_TAG} . - ;; - esac + docker build --tag ${ADDITIONAL_TAG} . echo "Pushing the image ${ADDITIONAL_TAG} to quay.io" docker push ${ADDITIONAL_TAG} From dbae281924b3327755af1ecd0023b792097212ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 6 Mar 2023 11:30:27 +0100 Subject: [PATCH 3/3] workflows: Properly set the kata-tarball architecture MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's make sure the kata-tarball architecture upload / downloaded / used is exactly the same one that we need as part of the architecture we're using to generate the image. Signed-off-by: Fabiano FidĂȘncio --- .github/workflows/payload-after-push-amd64.yaml | 8 ++++---- .github/workflows/payload-after-push-arm64.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/payload-after-push-amd64.yaml b/.github/workflows/payload-after-push-amd64.yaml index 88497ca458..2b4814b84a 100644 --- a/.github/workflows/payload-after-push-amd64.yaml +++ b/.github/workflows/payload-after-push-amd64.yaml @@ -45,7 +45,7 @@ jobs: - name: store-artifact ${{ matrix.asset }} uses: actions/upload-artifact@v3 with: - name: kata-artifacts + name: kata-artifacts-amd64 path: kata-build/kata-static-${{ matrix.asset }}.tar.xz retention-days: 1 if-no-files-found: error @@ -58,7 +58,7 @@ jobs: - name: get-artifacts uses: actions/download-artifact@v3 with: - name: kata-artifacts + name: kata-artifacts-amd64 path: kata-artifacts - name: merge-artifacts run: | @@ -66,7 +66,7 @@ jobs: - name: store-artifacts uses: actions/upload-artifact@v3 with: - name: kata-static-tarball + name: kata-static-tarball-amd64 path: kata-static.tar.xz retention-days: 1 if-no-files-found: error @@ -86,7 +86,7 @@ jobs: - name: get-kata-tarball uses: actions/download-artifact@v3 with: - name: kata-static-tarball + name: kata-static-tarball-amd64 - name: build-and-push-kata-payload id: build-and-push-kata-payload diff --git a/.github/workflows/payload-after-push-arm64.yaml b/.github/workflows/payload-after-push-arm64.yaml index 56faeb10e5..c7315bab01 100644 --- a/.github/workflows/payload-after-push-arm64.yaml +++ b/.github/workflows/payload-after-push-arm64.yaml @@ -49,7 +49,7 @@ jobs: - name: store-artifact ${{ matrix.asset }} uses: actions/upload-artifact@v3 with: - name: kata-artifacts + name: kata-artifacts-arm64 path: kata-build/kata-static-${{ matrix.asset }}.tar.xz retention-days: 1 if-no-files-found: error @@ -66,7 +66,7 @@ jobs: - name: get-artifacts uses: actions/download-artifact@v3 with: - name: kata-artifacts + name: kata-artifacts-arm64 path: kata-artifacts - name: merge-artifacts run: | @@ -74,7 +74,7 @@ jobs: - name: store-artifacts uses: actions/upload-artifact@v3 with: - name: kata-static-tarball + name: kata-static-tarball-arm64 path: kata-static.tar.xz retention-days: 1 if-no-files-found: error @@ -98,7 +98,7 @@ jobs: - name: get-kata-tarball uses: actions/download-artifact@v3 with: - name: kata-static-tarball + name: kata-static-tarball-arm64 - name: build-and-push-kata-payload id: build-and-push-kata-payload