mirror of
https://github.com/kairos-io/osbuilder.git
synced 2025-09-02 07:46:24 +00:00
push image to registry
This commit is contained in:
Lukasz Zajaczkowski
@@ -19,11 +19,10 @@ package controllers
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
osbuilder "github.com/kairos-io/osbuilder/api/v1alpha2"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
osbuilder "github.com/kairos-io/osbuilder/api/v1alpha2"
|
||||
)
|
||||
|
||||
func unpackContainer(id, containerImage, pullImage string) corev1.Container {
|
||||
@@ -50,105 +49,13 @@ func unpackContainer(id, containerImage, pullImage string) corev1.Container {
|
||||
}
|
||||
|
||||
func unpackFileContainer(id, pullImage, name string) corev1.Container {
|
||||
//var rootID int64 = 0
|
||||
|
||||
return corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: fmt.Sprintf("pull-image-%s", id),
|
||||
Image: "gcr.io/go-containerregistry/crane:latest",
|
||||
Command: []string{"crane"},
|
||||
Args: []string{"--platform=linux/arm64", "pull", pullImage, fmt.Sprintf("/rootfs/oem/%s.tar", name)},
|
||||
//SecurityContext: &corev1.SecurityContext{
|
||||
// RunAsUser: &rootID,
|
||||
// RunAsGroup: &rootID,
|
||||
//},
|
||||
Args: []string{"--platform=linux/arm64", "pull", pullImage, fmt.Sprintf("/rootfs/%s.tar", name)},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs/oem",
|
||||
SubPath: "rootfs/oem",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func pushImageName(artifact *osbuilder.OSArtifact) string {
|
||||
pushName := artifact.Spec.ImageName
|
||||
if pushName != "" {
|
||||
return pushName
|
||||
}
|
||||
return artifact.Name
|
||||
}
|
||||
|
||||
func createImageContainer(containerImage string, artifact *osbuilder.OSArtifact) corev1.Container {
|
||||
imageName := pushImageName(artifact)
|
||||
|
||||
return corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "create-image",
|
||||
Image: containerImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
fmt.Sprintf(
|
||||
"tar -czvpf test.tar -C /rootfs . && luet util pack %[1]s test.tar %[2]s.tar && chmod +r %[2]s.tar && mv %[2]s.tar /artifacts",
|
||||
imageName,
|
||||
artifact.Name,
|
||||
),
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/artifacts",
|
||||
SubPath: "artifacts",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func osReleaseContainer(containerImage string) corev1.Container {
|
||||
return corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "os-release",
|
||||
Image: containerImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
"cp -rfv /etc/os-release /rootfs/etc/os-release",
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "config",
|
||||
MountPath: "/etc/os-release",
|
||||
SubPath: "os-release",
|
||||
},
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func kairosReleaseContainer(containerImage string) corev1.Container {
|
||||
return corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "kairos-release",
|
||||
Image: containerImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
"cp -rfv /etc/kairos-release /rootfs/etc/kairos-release",
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "config",
|
||||
MountPath: "/etc/kairos-release",
|
||||
SubPath: "kairos-release",
|
||||
},
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
@@ -159,8 +66,12 @@ func kairosReleaseContainer(containerImage string) corev1.Container {
|
||||
}
|
||||
|
||||
func (r *OSArtifactReconciler) newArtifactPVC(artifact *osbuilder.OSArtifact) *corev1.PersistentVolumeClaim {
|
||||
if artifact.Spec.Volume == nil {
|
||||
artifact.Spec.Volume = &corev1.PersistentVolumeClaimSpec{
|
||||
pvc := &corev1.PersistentVolumeClaim{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: artifact.Name + "-artifacts",
|
||||
Namespace: artifact.Namespace,
|
||||
},
|
||||
Spec: corev1.PersistentVolumeClaimSpec{
|
||||
AccessModes: []corev1.PersistentVolumeAccessMode{
|
||||
corev1.ReadWriteOnce,
|
||||
},
|
||||
@@ -169,15 +80,7 @@ func (r *OSArtifactReconciler) newArtifactPVC(artifact *osbuilder.OSArtifact) *c
|
||||
"storage": resource.MustParse(r.PVCStorage),
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
pvc := &corev1.PersistentVolumeClaim{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: artifact.Name + "-artifacts",
|
||||
Namespace: artifact.Namespace,
|
||||
},
|
||||
Spec: *artifact.Spec.Volume,
|
||||
}
|
||||
|
||||
return pvc
|
||||
@@ -202,14 +105,6 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
},
|
||||
}
|
||||
|
||||
if artifact.Spec.GRUBConfig != "" {
|
||||
volumeMounts = append(volumeMounts, corev1.VolumeMount{
|
||||
Name: "config",
|
||||
MountPath: "/iso/iso-overlay/boot/grub2/grub.cfg",
|
||||
SubPath: "grub.cfg",
|
||||
})
|
||||
}
|
||||
|
||||
cloudImgCmd := fmt.Sprintf(
|
||||
"/raw-images.sh /rootfs /artifacts/%s.raw",
|
||||
artifact.Name,
|
||||
@@ -225,16 +120,10 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
cloudImgCmd += " /iso/iso-overlay/cloud_config.yaml"
|
||||
}
|
||||
|
||||
if artifact.Spec.CloudConfigRef != nil || artifact.Spec.GRUBConfig != "" {
|
||||
cmd = fmt.Sprintf(
|
||||
"auroraboot --debug build-iso --name %s --date=false --overlay-iso /iso/iso-overlay --output /artifacts dir:/rootfs",
|
||||
artifact.Name,
|
||||
)
|
||||
}
|
||||
if artifact.Spec.Model != nil {
|
||||
cmd = fmt.Sprintf("/build-arm-image.sh --model %s --directory %s --recovery-partition-size 5120 --state-parition-size 6144 --size 16384 --images-size 4096 /artifacts/%s.iso", *artifact.Spec.Model, "/rootfs", artifact.Name)
|
||||
if artifact.Spec.CloudConfigRef != nil {
|
||||
cmd = fmt.Sprintf("/build-arm-image.sh --model %s --config /iso/iso-overlay/cloud_config.yaml --directory %s --recovery-partition-size 5120 --state-partition-size 6144 --size 16384 --images-size 4096 /artifacts/%s.iso", *artifact.Spec.Model, "/rootfs", artifact.Name)
|
||||
cmd = fmt.Sprintf("/build-arm-image.sh --model %s --config /iso/iso-overlay/cloud_config.yaml --directory %s /artifacts/%s.iso", *artifact.Spec.Model, "/rootfs", artifact.Name)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -250,78 +139,6 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
VolumeMounts: volumeMounts,
|
||||
}
|
||||
|
||||
buildCloudImageContainer := corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
SecurityContext: &corev1.SecurityContext{Privileged: ptr(true)},
|
||||
Name: "build-cloud-image",
|
||||
Image: r.ToolImage,
|
||||
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
cloudImgCmd,
|
||||
},
|
||||
VolumeMounts: volumeMounts,
|
||||
}
|
||||
|
||||
if artifact.Spec.DiskSize != "" {
|
||||
buildCloudImageContainer.Env = []corev1.EnvVar{{
|
||||
Name: "EXTEND",
|
||||
Value: artifact.Spec.DiskSize,
|
||||
}}
|
||||
}
|
||||
|
||||
extractNetboot := corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
SecurityContext: &corev1.SecurityContext{Privileged: ptr(true)},
|
||||
Name: "build-netboot",
|
||||
Image: r.ToolImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Env: []corev1.EnvVar{{
|
||||
Name: "URL",
|
||||
Value: artifact.Spec.NetbootURL,
|
||||
}},
|
||||
Args: []string{
|
||||
fmt.Sprintf(
|
||||
"/netboot.sh /artifacts/%s.iso /artifacts/%s",
|
||||
artifact.Name,
|
||||
artifact.Name,
|
||||
),
|
||||
},
|
||||
VolumeMounts: volumeMounts,
|
||||
}
|
||||
|
||||
buildAzureCloudImageContainer := corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
SecurityContext: &corev1.SecurityContext{Privileged: ptr(true)},
|
||||
Name: "build-azure-cloud-image",
|
||||
Image: r.ToolImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
fmt.Sprintf(
|
||||
"/azure.sh /artifacts/%s.raw /artifacts/%s.vhd",
|
||||
artifact.Name,
|
||||
artifact.Name,
|
||||
),
|
||||
},
|
||||
VolumeMounts: volumeMounts,
|
||||
}
|
||||
|
||||
buildGCECloudImageContainer := corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
SecurityContext: &corev1.SecurityContext{Privileged: ptr(true)},
|
||||
Name: "build-gce-cloud-image",
|
||||
Image: r.ToolImage,
|
||||
Command: []string{"/bin/bash", "-cxe"},
|
||||
Args: []string{
|
||||
fmt.Sprintf(
|
||||
"/gce.sh /artifacts/%s.raw /artifacts/%s.gce.raw",
|
||||
artifact.Name,
|
||||
artifact.Name,
|
||||
),
|
||||
},
|
||||
VolumeMounts: volumeMounts,
|
||||
}
|
||||
|
||||
podSpec := corev1.PodSpec{
|
||||
AutomountServiceAccountToken: ptr(false),
|
||||
RestartPolicy: corev1.RestartPolicyNever,
|
||||
@@ -348,17 +165,6 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
},
|
||||
}
|
||||
|
||||
if artifact.Spec.BaseImageDockerfile != nil {
|
||||
podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
|
||||
Name: "dockerfile",
|
||||
VolumeSource: corev1.VolumeSource{
|
||||
Secret: &corev1.SecretVolumeSource{
|
||||
SecretName: artifact.Spec.BaseImageDockerfile.Name,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if artifact.Spec.CloudConfigRef != nil {
|
||||
podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
|
||||
Name: "cloudconfig",
|
||||
@@ -371,83 +177,13 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
})
|
||||
}
|
||||
|
||||
podSpec.ImagePullSecrets = append(podSpec.ImagePullSecrets, artifact.Spec.ImagePullSecrets...)
|
||||
|
||||
podSpec.InitContainers = []corev1.Container{}
|
||||
// Base image can be:
|
||||
// - built from a dockerfile and converted to a kairos one
|
||||
// - built by converting an existing image to a kairos one
|
||||
// - a prebuilt kairos image
|
||||
|
||||
if artifact.Spec.BaseImageDockerfile != nil {
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, baseImageBuildContainers()...)
|
||||
} else if artifact.Spec.BaseImageName != "" { // Existing base image - non kairos
|
||||
podSpec.InitContainers = append(podSpec.InitContainers,
|
||||
unpackContainer("baseimage-non-kairos", r.ToolImage, artifact.Spec.BaseImageName))
|
||||
} else { // Existing Kairos base image
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, unpackContainer("baseimage", r.ToolImage, artifact.Spec.ImageName))
|
||||
}
|
||||
|
||||
// If base image was a non kairos one, either one we built with kaniko or prebuilt,
|
||||
// convert it to a Kairos one, in a best effort manner.
|
||||
if artifact.Spec.BaseImageDockerfile != nil || artifact.Spec.BaseImageName != "" {
|
||||
podSpec.InitContainers = append(podSpec.InitContainers,
|
||||
corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "convert-to-kairos",
|
||||
Image: "busybox",
|
||||
Command: []string{"/bin/echo"},
|
||||
Args: []string{"TODO"},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
for i, bundle := range artifact.Spec.Bundles {
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, unpackContainer(fmt.Sprint(i), r.ToolImage, bundle))
|
||||
}
|
||||
|
||||
if artifact.Spec.OSRelease != "" {
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, osReleaseContainer(r.ToolImage))
|
||||
}
|
||||
if artifact.Spec.KairosRelease != "" {
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, kairosReleaseContainer(r.ToolImage))
|
||||
}
|
||||
|
||||
if artifact.Spec.ISO || artifact.Spec.Netboot {
|
||||
podSpec.Containers = append(podSpec.Containers, buildIsoContainer)
|
||||
}
|
||||
|
||||
if artifact.Spec.Netboot {
|
||||
podSpec.Containers = append(podSpec.Containers, extractNetboot)
|
||||
}
|
||||
|
||||
if artifact.Spec.CloudImage {
|
||||
podSpec.Containers = append(podSpec.Containers, buildCloudImageContainer)
|
||||
}
|
||||
|
||||
if artifact.Spec.AzureImage {
|
||||
podSpec.Containers = append(podSpec.Containers, buildAzureCloudImageContainer)
|
||||
}
|
||||
|
||||
if artifact.Spec.GCEImage {
|
||||
podSpec.Containers = append(podSpec.Containers, buildGCECloudImageContainer)
|
||||
}
|
||||
|
||||
podSpec.Containers = append(podSpec.Containers, createImageContainer(r.ToolImage, artifact))
|
||||
|
||||
if artifact.Spec.ISO && artifact.Spec.Model != nil {
|
||||
podSpec.InitContainers = []corev1.Container{}
|
||||
|
||||
podSpec.InitContainers = append(podSpec.InitContainers, corev1.Container{
|
||||
Name: "create-directories",
|
||||
Image: "busybox",
|
||||
Command: []string{"sh", "-c", "mkdir -p /mnt/pv/artifacts && mkdir -p /mnt/pv/rootfs/oem && chown -R 65532:65532 /mnt/pv/artifacts && chown -R 65532:65532 /mnt/pv/rootfs && chown -R 65532:65532 /mnt/pv/rootfs/oem"},
|
||||
Command: []string{"sh", "-c", "mkdir -p /mnt/pv/artifacts && chown -R 65532:65532 /mnt/pv/artifacts && mkdir -p /mnt/pv/rootfs && chown -R 65532:65532 /mnt/pv/rootfs"},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
@@ -482,62 +218,3 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
||||
func ptr[T any](val T) *T {
|
||||
return &val
|
||||
}
|
||||
|
||||
func baseImageBuildContainers() []corev1.Container {
|
||||
return []corev1.Container{
|
||||
corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "kaniko-build",
|
||||
Image: "gcr.io/kaniko-project/executor:latest",
|
||||
Args: []string{
|
||||
"--dockerfile", "dockerfile/Dockerfile",
|
||||
"--context", "dir://workspace",
|
||||
"--destination", "whatever", // We don't push, but it needs this
|
||||
"--tar-path", "/rootfs/image.tar",
|
||||
"--no-push",
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
{
|
||||
Name: "dockerfile",
|
||||
MountPath: "/workspace/dockerfile",
|
||||
},
|
||||
},
|
||||
},
|
||||
corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "image-extractor",
|
||||
Image: "quay.io/luet/base",
|
||||
Args: []string{
|
||||
"util", "unpack", "--local", "file:////rootfs/image.tar", "/rootfs",
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
},
|
||||
},
|
||||
corev1.Container{
|
||||
ImagePullPolicy: corev1.PullAlways,
|
||||
Name: "cleanup",
|
||||
Image: "busybox",
|
||||
Command: []string{"/bin/rm"},
|
||||
Args: []string{
|
||||
"/rootfs/image.tar",
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "artifacts",
|
||||
MountPath: "/rootfs",
|
||||
SubPath: "rootfs",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user