diff --git a/build/common.sh b/build/common.sh index 3a610ac3944..51ecf0aa252 100755 --- a/build/common.sh +++ b/build/common.sh @@ -107,21 +107,23 @@ readonly KUBE_APISERVER_BASE_IMAGE="${KUBE_APISERVER_BASE_IMAGE:-$KUBE_GORUNNER_ readonly KUBE_CONTROLLER_MANAGER_BASE_IMAGE="${KUBE_CONTROLLER_MANAGER_BASE_IMAGE:-$KUBE_GORUNNER_IMAGE}" readonly KUBE_SCHEDULER_BASE_IMAGE="${KUBE_SCHEDULER_BASE_IMAGE:-$KUBE_GORUNNER_IMAGE}" readonly KUBE_PROXY_BASE_IMAGE="${KUBE_PROXY_BASE_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/distroless-iptables:$__default_distroless_iptables_version}" +readonly KUBE_PROXY_WINDOWS_BASE_IMAGE="${KUBE_PROXY_WINDOWS_BASE_IMAGE:-mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0}" readonly KUBECTL_BASE_IMAGE="${KUBECTL_BASE_IMAGE:-$KUBE_GORUNNER_IMAGE}" # This is the image used in a multi-stage build to apply capabilities to Docker-wrapped binaries. readonly KUBE_BUILD_SETCAP_IMAGE="${KUBE_BUILD_SETCAP_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/setcap:$__default_setcap_version}" -# Get the set of master binaries that run in Docker (on Linux) +# Get the set of master binaries that run in Docker (on Linux), or as Host Process Containers (on Windows). # Entry format is ",". -# Binaries are placed in /usr/local/bin inside the image. +# Binaries are placed in /usr/local/bin inside the image (Linux), or C:\hpc (Windows). # `make` users can override any or all of the base images using the associated # environment variables. # -# $1 - server architecture +# $1 - OS name - the targets returned will be based on the OS name given. kube::build::get_docker_wrapped_binaries() { ### If you change any of these lists, please also update DOCKERIZED_BINARIES ### in build/BUILD. And kube::golang::server_image_targets + local os_name="${1:-}" local targets=( "kube-apiserver,${KUBE_APISERVER_BASE_IMAGE}" "kube-controller-manager,${KUBE_CONTROLLER_MANAGER_BASE_IMAGE}" @@ -129,6 +131,11 @@ kube::build::get_docker_wrapped_binaries() { "kube-proxy,${KUBE_PROXY_BASE_IMAGE}" "kubectl,${KUBECTL_BASE_IMAGE}" ) + if [[ "${os_name}" = "windows" ]]; then + targets=( + "kube-proxy.exe,${KUBE_PROXY_WINDOWS_BASE_IMAGE}" + ) + fi echo "${targets[@]}" } diff --git a/build/lib/release.sh b/build/lib/release.sh index 34b226c27ee..65ac7f1d353 100644 --- a/build/lib/release.sh +++ b/build/lib/release.sh @@ -29,6 +29,7 @@ readonly RELEASE_TARS="${LOCAL_OUTPUT_ROOT}/release-tars" readonly RELEASE_IMAGES="${LOCAL_OUTPUT_ROOT}/release-images" KUBE_BUILD_CONFORMANCE=${KUBE_BUILD_CONFORMANCE:-n} +KUBE_BUILD_WINDOWS=${KUBE_BUILD_WINDOWS:-n} KUBE_BUILD_PULL_LATEST_IMAGES=${KUBE_BUILD_PULL_LATEST_IMAGES:-y} # --------------------------------------------------------------------------- @@ -146,7 +147,7 @@ function kube::release::package_node_tarballs() { "${release_stage}/node/bin/" # TODO: Docker images here - # kube::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}" + # kube::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}" "${os}" # Include the client binaries here too as they are useful debugging tools. local client_bins=("${KUBE_CLIENT_BINARIES[@]}") @@ -174,14 +175,24 @@ function kube::release::package_node_tarballs() { # Package up all of the server binaries in docker images function kube::release::build_server_images() { kube::util::ensure-docker-buildx + docker buildx create --name img-builder --use || true + docker buildx inspect --bootstrap + kube::util::trap_add 'docker buildx rm' EXIT + + platforms=("${KUBE_SERVER_PLATFORMS[@]}") + if [[ "${KUBE_BUILD_WINDOWS}" =~ [yY] ]]; then + platforms=("${KUBE_SERVER_PLATFORMS[@]}" "windows/amd64") + fi # Clean out any old images rm -rf "${RELEASE_IMAGES}" local platform - for platform in "${KUBE_SERVER_PLATFORMS[@]}"; do + for platform in "${platforms[@]}"; do local platform_tag + local os local arch platform_tag=${platform/\//-} # Replace a "/" for a "-" + os=$(dirname "${platform}") arch=$(basename "${platform}") kube::log::status "Building images: $platform_tag" @@ -192,11 +203,16 @@ function kube::release::build_server_images() { # This fancy expression will expand to prepend a path # (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the - # KUBE_SERVER_IMAGE_BINARIES array. - cp "${KUBE_SERVER_IMAGE_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \ - "${release_stage}/server/bin/" + # KUBE_SERVER_LINUX_IMAGE_BINARIES / KUBE_SERVER_WINDOWS_IMAGE_BINARIES array. + if [[ "${os}" = "windows" ]]; then + cp "${KUBE_SERVER_WINDOWS_IMAGE_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \ + "${release_stage}/server/bin/" + else + cp "${KUBE_SERVER_LINUX_IMAGE_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \ + "${release_stage}/server/bin/" + fi - kube::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}" + kube::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}" "${os}" done } @@ -285,16 +301,19 @@ function kube::release::build_conformance_image() { # Args: # $1 - binary_dir, the directory to save the tared images to. # $2 - arch, architecture for which we are building docker images. +# $3 - os, the OS for which we are building docker images. function kube::release::create_docker_images_for_server() { # Create a sub-shell so that we don't pollute the outer environment ( local binary_dir + local os local arch local binaries local images_dir binary_dir="$1" arch="$2" - binaries=$(kube::build::get_docker_wrapped_binaries) + os="${3:-linux}" + binaries=$(kube::build::get_docker_wrapped_binaries "${os}") images_dir="${RELEASE_IMAGES}/${arch}" mkdir -p "${images_dir}" @@ -320,51 +339,65 @@ function kube::release::create_docker_images_for_server() { for wrappable in $binaries; do - local binary_name=${wrappable%%,*} + # The full binary name might have a file extension (.exe). + local full_binary_name=${wrappable%%,*} + local binary_name=${full_binary_name%%.*} local base_image=${wrappable##*,} - local binary_file_path="${binary_dir}/${binary_name}" + local binary_file_path="${binary_dir}/${full_binary_name}" + local tar_path="${binary_dir}/${full_binary_name}.tar" local docker_build_path="${binary_file_path}.dockerbuild" local docker_image_tag="${docker_registry}/${binary_name}-${arch}:${docker_tag}" local docker_file_path="${KUBE_ROOT}/build/server-image/Dockerfile" # If this binary has its own Dockerfile use that else use the generic Dockerfile. - if [[ -f "${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile" ]]; then + if [[ "${os}" = "windows" && -f "${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile_windows" ]]; then + docker_file_path="${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile_windows" + elif [[ -f "${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile" ]]; then docker_file_path="${KUBE_ROOT}/build/server-image/${binary_name}/Dockerfile" fi - kube::log::status "Starting docker build for image: ${binary_name}-${arch}" + kube::log::status "Starting docker build for image: ${binary_name}-${os}-${arch}" ( rm -rf "${docker_build_path}" mkdir -p "${docker_build_path}" - ln "${binary_file_path}" "${docker_build_path}/${binary_name}" + ln "${binary_file_path}" "${docker_build_path}/${full_binary_name}" + + # If we are building an official/alpha/beta release we want to keep + # docker images and tag them appropriately. + local additional_tag=() + local release_docker_image_tag="${KUBE_DOCKER_REGISTRY-$docker_registry}/${binary_name}-${arch}:${KUBE_DOCKER_IMAGE_TAG-$docker_tag}" + + # append the OS name only for Windows images into the image name. + if [[ "${os}" = "windows" ]]; then + docker_image_tag="${docker_registry}/${binary_name}-${os}-${arch}:${docker_tag}" + release_docker_image_tag="${KUBE_DOCKER_REGISTRY-$docker_registry}/${binary_name}-${os}-${arch}:${KUBE_DOCKER_IMAGE_TAG-$docker_tag}" + fi + + if [[ "${release_docker_image_tag}" != "${docker_image_tag}" ]]; then + kube::log::status "Adding additional tag ${release_docker_image_tag} for docker image ${docker_image_tag}" + "${DOCKER[@]}" rmi "${release_docker_image_tag}" 2>/dev/null || true + additional_tag=("-t" "${release_docker_image_tag}") + fi local build_log="${docker_build_path}/build.log" if ! DOCKER_CLI_EXPERIMENTAL=enabled "${DOCKER[@]}" buildx build \ -f "${docker_file_path}" \ - --platform linux/"${arch}" \ - --load ${docker_build_opts:+"${docker_build_opts}"} \ - -t "${docker_image_tag}" \ + --platform "${os}/${arch}" \ + --output type=docker,dest="${tar_path}" \ + ${docker_build_opts:+"${docker_build_opts}"} \ + -t "${docker_image_tag}" "${additional_tag[@]}" \ --build-arg BASEIMAGE="${base_image}" \ --build-arg SETCAP_IMAGE="${KUBE_BUILD_SETCAP_IMAGE}" \ - --build-arg BINARY="${binary_name}" \ + --build-arg BINARY="${full_binary_name}" \ "${docker_build_path}" >"${build_log}" 2>&1; then cat "${build_log}" exit 1 fi rm "${build_log}" - # If we are building an official/alpha/beta release we want to keep - # docker images and tag them appropriately. - local -r release_docker_image_tag="${KUBE_DOCKER_REGISTRY-$docker_registry}/${binary_name}-${arch}:${KUBE_DOCKER_IMAGE_TAG-$docker_tag}" - if [[ "${release_docker_image_tag}" != "${docker_image_tag}" ]]; then - kube::log::status "Tagging docker image ${docker_image_tag} as ${release_docker_image_tag}" - "${DOCKER[@]}" rmi "${release_docker_image_tag}" 2>/dev/null || true - "${DOCKER[@]}" tag "${docker_image_tag}" "${release_docker_image_tag}" 2>/dev/null - fi - "${DOCKER[@]}" save -o "${binary_file_path}.tar" "${docker_image_tag}" "${release_docker_image_tag}" echo "${docker_tag}" > "${binary_file_path}.docker_tag" rm -rf "${docker_build_path}" - ln "${binary_file_path}.tar" "${images_dir}/" + ln "${tar_path}" "${images_dir}/" kube::log::status "Deleting docker image ${docker_image_tag}" "${DOCKER[@]}" rmi "${docker_image_tag}" &>/dev/null || true diff --git a/build/release-images.sh b/build/release-images.sh index afaecb1864b..4956914862f 100755 --- a/build/release-images.sh +++ b/build/release-images.sh @@ -39,6 +39,10 @@ kube::build::verify_prereqs kube::build::build_image kube::build::run_build_command make all WHAT="${CMD_TARGETS}" KUBE_BUILD_PLATFORMS="${KUBE_SERVER_PLATFORMS[*]}" DBG="${DBG:-}" +if [[ "${KUBE_BUILD_WINDOWS}" =~ [yY] ]]; then + kube::build::run_build_command make all WHAT="cmd/kube-proxy" KUBE_BUILD_PLATFORMS="windows/amd64" +fi + kube::build::copy_output kube::release::build_server_images diff --git a/build/root/Makefile b/build/root/Makefile index af5239b3f7d..6d73e5a26de 100644 --- a/build/root/Makefile +++ b/build/root/Makefile @@ -389,6 +389,7 @@ define RELEASE_IMAGES_HELP_INFO # Args: # KUBE_BUILD_CONFORMANCE: Whether to build conformance testing image as well. Set to 'n' to skip. # DBG: If set to "1", build with optimizations disabled for easier debugging. Any other value is ignored. +# KUBE_BUILD_WINDOWS: Whether to build images for Windows as well. Set to 'y' to enable. # # Example: # make release-images @@ -438,6 +439,7 @@ define QUICK_RELEASE_IMAGES_HELP_INFO # KUBE_FASTBUILD: Whether to cross-compile for other architectures. Set to 'false' to do so. # KUBE_BUILD_CONFORMANCE: Whether to build conformance testing image as well. Set to 'y' to do so. # DBG: If set to "1", build with optimizations disabled for easier debugging. Any other value is ignored. +# KUBE_BUILD_WINDOWS: Whether to build images for Windows as well. Set to 'y' to enable. # # Example: # make quick-release-images diff --git a/build/server-image/kube-proxy/Dockerfile_windows b/build/server-image/kube-proxy/Dockerfile_windows new file mode 100644 index 00000000000..62271613871 --- /dev/null +++ b/build/server-image/kube-proxy/Dockerfile_windows @@ -0,0 +1,28 @@ +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Dockerfile used for the server images. + +# Note that the image doesn't really matter for Windows Host Process containers +# # the files in the image are copied to C:\hpc (containerd 1.7+) on the host +# # but the file system is the Host, NOT the container +ARG BASEIMAGE +ARG BINARY + +FROM $BASEIMAGE + +ENV PATH="C:\Windows\system32;C:\Windows;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;" +COPY ${BINARY} /kube-proxy/${BINARY} + +ENTRYPOINT ["c:/hpc/kube-proxy/kube-proxy.exe"] diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh index 1a65f82154b..d7def1a627d 100755 --- a/hack/lib/golang.sh +++ b/hack/lib/golang.sh @@ -101,7 +101,8 @@ kube::golang::server_image_targets() { IFS=" " read -ra KUBE_SERVER_IMAGE_TARGETS <<< "$(kube::golang::server_image_targets)" readonly KUBE_SERVER_IMAGE_TARGETS -readonly KUBE_SERVER_IMAGE_BINARIES=("${KUBE_SERVER_IMAGE_TARGETS[@]##*/}") +readonly KUBE_SERVER_LINUX_IMAGE_BINARIES=("${KUBE_SERVER_IMAGE_TARGETS[@]##*/}") +readonly KUBE_SERVER_WINDOWS_IMAGE_BINARIES=("kube-proxy.exe") # The set of conformance targets we build docker image for kube::golang::conformance_image_targets() {