From 53751021314f4c3967a501f9bc6411ed31f20e7f Mon Sep 17 00:00:00 2001 From: Mark Rossetti Date: Fri, 3 Jun 2022 12:57:20 -0700 Subject: [PATCH] Updating base container image for pause image on Windows Signed-off-by: Mark Rossetti --- build/dependencies.yaml | 2 +- build/pause/CHANGELOG.md | 5 +++++ build/pause/Dockerfile_windows | 5 ----- build/pause/Makefile | 16 +++++++++++----- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 27c32416ac5..f61a080695b 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -146,7 +146,7 @@ dependencies: match: __default_go_runner_version= - name: "registry.k8s.io/pause" - version: 3.7 + version: 3.8 refPaths: - path: build/pause/Makefile match: TAG\s*\?= diff --git a/build/pause/CHANGELOG.md b/build/pause/CHANGELOG.md index 0d172df4db6..d2379031693 100644 --- a/build/pause/CHANGELOG.md +++ b/build/pause/CHANGELOG.md @@ -1,3 +1,8 @@ +# 3.8 + +* Updating base image for Windows container images from nanoserver to `mcr.microsoft.com/oss/kubernetes/windows-pause-image-base` which gets built on a Windows machine. +This addresses [Cannot modify registry keys during Windows pause image build process #109161](https://github.com/kubernetes/kubernetes/issues/109161) + # 3.7 * Unsupported Windows Semi-Annual container images removed (OS Versions removed: 1903, 1909, 2004) . ([#107056](https://github.com/kubernetes/kubernetes/pull/107056), [@jsturtevant](https://github.com/jsturtevant/)) diff --git a/build/pause/Dockerfile_windows b/build/pause/Dockerfile_windows index 9a0ebca596a..81b6ddd58b6 100644 --- a/build/pause/Dockerfile_windows +++ b/build/pause/Dockerfile_windows @@ -18,11 +18,6 @@ ARG ARCH ADD bin/pause-windows-${ARCH}.exe /pause.exe ADD bin/wincat-windows-amd64 /Windows/System32/wincat.exe -# NOTE(claudiub): We're replacing the diagtrack.dll as a means to disable the -# DiagTrack service (it cannot run without this DLL). We do not need this -# service in the pause image and there's no reason for it to have any CPU usage. -ADD windows/pause.c /Windows/System32/diagtrack.dll - # NOTE(claudiub): docker buildx sets the PATH env variable to a Linux-like PATH, # which is not desirable. See: https://github.com/moby/buildkit/issues/1560 # TODO(claudiub): remove this once the issue has been resolved. diff --git a/build/pause/Makefile b/build/pause/Makefile index feb3ad1fbc0..256a9fd194d 100644 --- a/build/pause/Makefile +++ b/build/pause/Makefile @@ -17,7 +17,7 @@ REGISTRY ?= staging-k8s.gcr.io IMAGE = $(REGISTRY)/pause -TAG ?= 3.7 +TAG ?= 3.8 REV = $(shell git describe --contains --always --match='v*') # Architectures supported: amd64, arm, arm64, ppc64le and s390x @@ -68,7 +68,8 @@ TRIPLE.linux-ppc64le := powerpc64le-linux-gnu TRIPLE.linux-s390x := s390x-linux-gnu TRIPLE := ${TRIPLE.${OS}-${ARCH}} BASE.linux := scratch -BASE.windows := mcr.microsoft.com/windows/nanoserver +# Source for windows pause image base is located at https://github.com/microsoft/windows-pause-image-base +BASE.windows := mcr.microsoft.com/oss/kubernetes/windows-pause-image-base:v0.2 BASE := ${BASE.${OS}} # If you want to build AND push all containers, see the 'all-push' rule. @@ -77,16 +78,21 @@ all: all-container-docker # NOTE(claudiub): A non-default builder instance is needed in order to build Windows images. all-push: all-container-registry push-manifest +push-manifest: SHELL:=/bin/bash push-manifest: docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_OS_ARCH) | sed -e "s~[^ ]*~$(IMAGE):$(TAG)\-&~g") set -x; for arch in $(ALL_ARCH.linux); do docker manifest annotate --os linux --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}:${TAG}-linux-$${arch}; done # For Windows images, we also need to include the "os.version" in the manifest list, so the Windows node can pull the proper image it needs. # we use awk to also trim the quotes around the OS version string. set -x; \ + # tagToKernelVersionMap maps the container images tags for different Windows Server releases (ex: ltsc2022 for Windows Server 2022) + # to the kernel version for that OS release (ex: 20348 for Windows Server 2022). This is needed to fetch the servicing revision from the + # pause base image manifest (which containers an entry for each Windows Server version) so we can add the approrite 'os.version' + # field to the pause image manifest. + declare -A tagToKernelVersionMap=( ['1809']='17763' ['20H2']='19042' ['ltsc2022']='20348' );\ for arch in $(ALL_ARCH.windows); do \ for osversion in ${ALL_OSVERSIONS.windows}; do \ - BASEIMAGE=${BASE.windows}:$${osversion}; \ - full_version=`docker manifest inspect ${BASE.windows}:$${osversion} | grep "os.version" | head -n 1 | awk -F\" '{print $$4}'` || true; \ + full_version=`docker manifest inspect ${BASE.windows} | grep "10.0.$${tagToKernelVersionMap[$$osversion]}" | head -n 1 | awk -F\" '{print $$4}'` || true; \ docker manifest annotate --os windows --arch $${arch} --os-version $${full_version} ${IMAGE}:${TAG} ${IMAGE}:${TAG}-windows-$${arch}-$${osversion}; \ done; \ done @@ -122,7 +128,7 @@ container: .container-${OS}-$(ARCH) .container-windows-$(ARCH): $(foreach binary, ${BIN}, bin/${binary}-${OS}-${ARCH}) docker buildx build --pull --output=type=${OUTPUT_TYPE} --platform ${OS}/$(ARCH) \ - -t $(IMAGE):$(TAG)-${OS}-$(ARCH)-${OSVERSION} --build-arg BASE=${BASE}:${OSVERSION} --build-arg ARCH=$(ARCH) -f Dockerfile_windows . + -t $(IMAGE):$(TAG)-${OS}-$(ARCH)-${OSVERSION} --build-arg BASE=${BASE}-windows-${OSVERSION}-${ARCH} --build-arg ARCH=$(ARCH) -f Dockerfile_windows . touch $@ # Useful for testing, not automatically included in container image