Skip to content

Commit

Permalink
Merge branch 'main' into two-node
Browse files Browse the repository at this point in the history
  • Loading branch information
TylerGillson authored Oct 30, 2023
2 parents 4187d98 + 95f4fae commit 54ef5b6
Show file tree
Hide file tree
Showing 5 changed files with 85 additions and 42 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ config.yaml
content-*/*
*.arg
.idea

.DS_Store
21 changes: 18 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,19 +1,34 @@
ARG BASE
FROM $BASE

ARG OS_DISTRIBUTION
ARG PROXY_CERT_PATH
ARG HTTP_PROXY
ARG HTTPS_PROXY
ARG NO_PROXY

COPY sc.cr[t] /tmp/sc.crt
RUN if [ "${OS_DISTRIBUTION}" = "ubuntu" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \
cp /tmp/sc.crt /etc/ssl/certs && \
update-ca-certificates; \
fi
RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != "" ]; then \
cp /tmp/sc.crt /usr/share/pki/trust/anchors && \
update-ca-certificates; \
fi

###########################Add any other image customizations here #######################

#### Examples ####

### To install the nginx package for Ubuntu ###

#RUN apt-get update && apt-get install nginx -y

# RUN apt-get update && apt-get install nginx -y
### or

### To install the nginx package for opensuse ###

#RUN zypper refresh && zypper install nginx -y
# RUN zypper refresh && zypper install nginx -y

# Add custom health check for two-node liveness

Expand Down
82 changes: 51 additions & 31 deletions Earthfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,24 @@ ARG IMAGE_REPO=$OS_DISTRIBUTION
ARG K8S_DISTRIBUTION
ARG CUSTOM_TAG
ARG ARCH
ARG PE_VERSION=v4.0.4
ARG SPECTRO_LUET_VERSION=v1.1.4
ARG KAIROS_VERSION=v2.3.2
ARG PE_VERSION=v4.1.2
ARG SPECTRO_LUET_VERSION=v1.1.9
ARG KAIROS_VERSION=v2.4.1
ARG K3S_FLAVOR_TAG=k3s1
ARG RKE2_FLAVOR_TAG=rke2r1
ARG BASE_IMAGE_URL=quay.io/kairos
ARG OSBUILDER_VERSION=v0.7.11
ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION
ARG K3S_PROVIDER_VERSION=v2.3.2
ARG KUBEADM_PROVIDER_VERSION=v2.3.3
ARG RKE2_PROVIDER_VERSION=v2.3.3
ARG K3S_PROVIDER_VERSION=v4.1.2
ARG KUBEADM_PROVIDER_VERSION=v4.1.0
ARG RKE2_PROVIDER_VERSION=v4.1.1
ARG FIPS_ENABLED=false
ARG HTTP_PROXY
ARG HTTPS_PROXY
ARG NO_PROXY
ARG http_proxy=${HTTP_PROXY}
ARG https_proxy=${HTTPS_PROXY}
ARG no_proxy=${NO_PROXY}
ARG PROXY_CERT_PATH
ARG UPDATE_KERNEL=false
ARG TWO_NODE=false
Expand All @@ -40,7 +42,7 @@ ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$BASE_IMAGE" = "" ]
ARG BASE_IMAGE_NAME=core-$OS_DISTRIBUTION
ARG BASE_IMAGE_TAG=core-$OS_DISTRIBUTION:$KAIROS_VERSION
ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG
ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ]
ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ] || [ "$OS_DISTRIBUTION" = "sles" ]
# Check for default value for rhel
ARG BASE_IMAGE
END
Expand All @@ -53,7 +55,7 @@ build-all-images:
IF $FIPS_ENABLED
BUILD +build-provider-images-fips
ELSE
BUILD +build-provider-images
BUILD +build-provider-images
END
IF [ "$ARCH" = "arm64" ]
BUILD --platform=linux/arm64 +iso-image
Expand All @@ -64,19 +66,22 @@ build-all-images:
END

build-provider-images:
BUILD +provider-image --K8S_VERSION=1.24.6
BUILD +provider-image --K8S_VERSION=1.25.2
BUILD +provider-image --K8S_VERSION=1.26.4
BUILD +provider-image --K8S_VERSION=1.27.2
BUILD +provider-image --K8S_VERSION=1.24.6
BUILD +provider-image --K8S_VERSION=1.25.2
BUILD +provider-image --K8S_VERSION=1.26.4
BUILD +provider-image --K8S_VERSION=1.27.2
BUILD +provider-image --K8S_VERSION=1.25.13
BUILD +provider-image --K8S_VERSION=1.26.8
BUILD +provider-image --K8S_VERSION=1.27.5


build-provider-images-fips:
IF $FIPS_ENABLED && [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ]
IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ]
BUILD +provider-image --K8S_VERSION=1.24.13
BUILD +provider-image --K8S_VERSION=1.25.9
BUILD +provider-image --K8S_VERSION=1.26.4
BUILD +provider-image --K8S_VERSION=1.27.2
ELSE IF $FIPS_ENABLED && [ "$K8S_DISTRIBUTION" = "rke2" ]
ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ]
BUILD +provider-image --K8S_VERSION=1.24.6
BUILD +provider-image --K8S_VERSION=1.25.2
BUILD +provider-image --K8S_VERSION=1.25.0
Expand All @@ -89,11 +94,20 @@ build-provider-images-fips:
BUILD +provider-image --K8S_VERSION=1.27.2
END

download-etcdctl:
base-alpine:
FROM alpine
ARG TARGETOS
ARG TARGETARCH
IF [ ! -z $PROXY_CERT_PATH ]
COPY sc.crt /etc/ssl/certs
RUN update-ca-certificates
END
RUN apk add curl

download-etcdctl:
FROM +base-alpine
ARG TARGETOS
ARG TARGETARCH
RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \
chmod +x etcdctl
SAVE ARTIFACT etcdctl
Expand Down Expand Up @@ -146,8 +160,8 @@ provider-image:
END

COPY --platform=linux/${ARCH} +kairos-provider-image/ /
COPY +stylus-image/etc/elemental/config.yaml /etc/elemental/config.yaml
COPY +stylus-image/etc/kairos/branding /etc/kairos/branding
COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml
IF [ "$K8S_DISTRIBUTION" = "kubeadm" ]
RUN luet install -y container-runtime/containerd
END
Expand All @@ -167,15 +181,15 @@ provider-image:
SAVE IMAGE --push $IMAGE_PATH

stylus-image:
IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ]
ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION
ELSE
ARG STYLUS_BASE=gcr.io/spectro-dev-public/stylus-framework-linux-$ARCH:$PE_VERSION
END
IF [ "$FIPS_ENABLED" = "true" ]
ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION
ELSE
ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-linux-$ARCH:$PE_VERSION
END
FROM $STYLUS_BASE
SAVE ARTIFACT ./*
SAVE ARTIFACT /etc/kairos/branding
SAVE ARTIFACT /etc/elemental/config.yaml
SAVE ARTIFACT /oem/stylus_config.yaml

kairos-provider-image:
IF [ "$K8S_DISTRIBUTION" = "kubeadm" ]
Expand All @@ -194,11 +208,10 @@ kairos-provider-image:

# base build image used to create the base image for all other image types
base-image:
FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE .
FROM DOCKERFILE --build-arg BASE=$BASE_IMAGE --build-arg PROXY_CERT_PATH=$PROXY_CERT_PATH \
--build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \
--build-arg NO_PROXY=$NO_PROXY .

# IF $IS_JETSON
# COPY mount.yaml /system/oem/mount.yaml
# END
IF [ "$IS_JETSON" = "true" ]
COPY mount.yaml /system/oem/mount.yaml
END
Expand Down Expand Up @@ -233,13 +246,14 @@ base-image:
END

IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$ARCH" = "amd64" ]
RUN apt update && \
apt install --no-install-recommends zstd vim -y
# Add proxy certificate if present
IF [ ! -z $PROXY_CERT_PATH ]
COPY sc.crt /etc/ssl/certs
RUN update-ca-certificates
END

RUN apt update && \
apt install --no-install-recommends zstd vim -y
IF [ "$UPDATE_KERNEL" = "false" ]
RUN if dpkg -l linux-image-generic-hwe-20.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-20.04; fi && \
if dpkg -l linux-image-generic-hwe-22.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-22.04; fi && \
Expand All @@ -264,6 +278,12 @@ base-image:

# IF OS Type is Opensuse
ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$ARCH" = "amd64" ]
# Add proxy certificate if present
IF [ ! -z $PROXY_CERT_PATH ]
COPY sc.crt /usr/share/pki/trust/anchors
RUN update-ca-certificates
END

IF [ "$UPDATE_KERNEL" = "false" ]
RUN zypper al kernel-de*
END
Expand All @@ -290,6 +310,7 @@ base-image:
RUN zypper install -y apparmor-parser apparmor-profiles
RUN zypper cc && \
zypper clean
RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser
END

IF [ "$ARCH" = "arm64" ]
Expand All @@ -300,7 +321,7 @@ base-image:
luet repo update
END

DO +OSRELEASE --OS_VERSION=$KAIROS_VERSION
DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION

RUN rm -rf /var/cache/* && \
journalctl --vacuum-size=1K && \
Expand All @@ -325,8 +346,7 @@ iso-image:
&& chmod 444 /etc/machine-id
SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG


OSRELEASE:
OS_RELEASE:
COMMAND
ARG OS_ID=${OS_DISTRIBUTION}
ARG OS_VERSION
Expand Down
8 changes: 5 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,8 @@ v3.3.3
v3.4.0
v3.4.1
v3.4.3

v4.1.0
```

4. Checkout the desired tag
Expand Down Expand Up @@ -114,9 +116,9 @@ Skip this step if your base image is ubuntu or opensuse-leap. If you are buildin
|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------|
| CUSTOM_TAG | Environment name for provider image tagging. The default value is `demo`. | String | `demo` |
| IMAGE_REGISTRY | Image registry name that will store the image artifacts. The default value points to the *ttl.sh* image registry, an anonymous and ephemeral Docker image registry where images live for a maximum of 24 hours by default. If you wish to make the images exist longer than 24 hours, you can use any other image registry to suit your needs. | String | `ttl.sh` |
| OS_DISTRIBUTION | OS distribution of your choice. For example, it can be `ubuntu` or `opensuse-leap`. | String | `ubuntu` |
| OS_DISTRIBUTION | OS distribution of your choice. For example, it can be `ubuntu`, `opensuse-leap`, `rhel` or `sles` | String | `ubuntu` |
| IMAGE_REPO | Image repository name in your chosen registry. | String | `$OS_DISTRIBUTION` |
| OS_VERSION | OS version. For Ubuntu, the possible values are `20`, and `22`. Whereas for openSUSE Leap, the possible value is `15.4`. This example uses `22` for Ubuntu. | String | `22` |
| OS_VERSION | OS version. For Ubuntu, the possible values are `20`, and `22`. Whereas for openSUSE Leap, the possible value is `15.4`. For sles, possible values are `5.4`. This example uses `22` for Ubuntu. | String | `22` |
| K8S_DISTRIBUTION | Kubernetes distribution name. It can be one of these: `k3s`, `rke2`, `kubeadm`, or `kubeadm-fips`. | String | `k3s` |
| ISO_NAME | Name of the Edge installer ISO image. In this example, the name is *palette-edge-installer*. | String | `palette-edge-installer`|
| ARCH | Type of platform to use for the build. Used for Cross Platform Build (arm64 to amd64 as example). | string | `amd64` |
Expand Down Expand Up @@ -192,7 +194,7 @@ ttl.sh/ubuntu k3s-1.25.2-v3.4.3-demo_linux_amd6

Earthly is a multi-architecture build tool. In this example we are building images for AMD64 hardware which is reflected by the tags above. In the future we will support ARM64 builds and those tags will be included. We only need to push the image tag that DOES NOT have the architecture reference i.e `linux_amd64` in the above example.

11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created imgages.
11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created images.

```shell
docker push ttl.sh/ubuntu:k3s-1.25.2-v3.4.3-demo && \
Expand Down
14 changes: 9 additions & 5 deletions earthly.sh
Original file line number Diff line number Diff line change
@@ -1,26 +1,30 @@
#!/bin/bash
# Uncomment the line below to enable debug mode
# set -x

function build_with_proxy() {
export HTTP_PROXY=$HTTP_PROXY
export HTTPS_PROXY=$HTTPS_PROXY
gitconfig=$(envsubst <.gitconfig.template | base64 | tr -d '\n')
# cleanup any previous earthly-buildkitd
if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then
if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then
docker stop earthly-buildkitd
fi
# start earthly buildkitd
docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION
docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION
# Update the CA certificates in the container
docker exec -it earthly-buildkitd update-ca-certificates

# Run Earthly in Docker to create artifacts Variables are passed from the .arg file
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
}

function build_without_proxy() {
# Run Earthly in Docker to create artifacts Variables are passed from the .arg file
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
}

global_config="{disable_analytics: true}"
PE_VERSION=$(git describe --abbrev=0 --tags)
EARTHLY_VERSION=v0.7.4
source .arg
Expand Down Expand Up @@ -50,7 +54,7 @@ if [ $? -ne 0 ]; then
fi
# Cleanup builder helper images.
docker rmi gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION
if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then
if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then
docker stop earthly-buildkitd
fi
docker rmi gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION
Expand Down

0 comments on commit 54ef5b6

Please sign in to comment.