diff --git a/.github/workflows/build-kubectl-image.yaml b/.github/workflows/build-kubectl-image.yaml new file mode 100644 index 0000000000..123979700f --- /dev/null +++ b/.github/workflows/build-kubectl-image.yaml @@ -0,0 +1,68 @@ +name: Build kubectl multi-arch image + +on: + schedule: + # Run every Sunday at 00:00 UTC + - cron: '0 0 * * 0' + workflow_dispatch: + # Allow manual triggering + push: + branches: + - main + paths: + - 'tools/packaging/kubectl/Dockerfile' + - '.github/workflows/build-kubectl-image.yaml' + +permissions: {} + +env: + REGISTRY: quay.io + IMAGE_NAME: kata-containers/kubectl + +jobs: + build-and-push: + name: Build and push multi-arch image + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Login to Quay.io + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ vars.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Generate image metadata + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest + type=raw,value={{date 'YYYYMMDD'}} + type=sha,prefix= + + - name: Build and push multi-arch image + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + with: + context: tools/packaging/kubectl/ + file: tools/packaging/kubectl/Dockerfile + platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/tools/packaging/kubectl/Dockerfile b/tools/packaging/kubectl/Dockerfile new file mode 100644 index 0000000000..b404c067e3 --- /dev/null +++ b/tools/packaging/kubectl/Dockerfile @@ -0,0 +1,29 @@ +# Copyright (c) 2026 Kata Contributors +# +# SPDX-License-Identifier: Apache-2.0 + +# Alpine-based image with kubectl for multi-arch support +# Used for kata-deploy verification jobs and other kubectl operations + +ARG ALPINE_VERSION=3.23 +FROM alpine:${ALPINE_VERSION} + +# Install bash, curl, and download kubectl +# hadolint ignore=DL3018 +RUN apk add --no-cache bash curl ca-certificates && \ + ARCH=$(uname -m) && \ + case "${ARCH}" in \ + x86_64) KUBECTL_ARCH=amd64 ;; \ + aarch64) KUBECTL_ARCH=arm64 ;; \ + ppc64le) KUBECTL_ARCH=ppc64le ;; \ + s390x) KUBECTL_ARCH=s390x ;; \ + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \ + esac && \ + KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) && \ + curl -fL --progress-bar -o /usr/local/bin/kubectl \ + "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${KUBECTL_ARCH}/kubectl" && \ + chmod +x /usr/local/bin/kubectl && \ + kubectl version --client + +# Default to bash shell +CMD ["/bin/bash"]