From e078cd7208d35084318e15857876b0bbc453e001 Mon Sep 17 00:00:00 2001 From: Vadim Zharov Date: Mon, 18 Nov 2024 12:21:09 -0600 Subject: [PATCH] Creating v4.5.8 branch to use with multi CAs (#312) * Adjustments to make 4.5.5 work with multiple CAs * base alpine image and arg file example added --------- Co-authored-by: Vadim Zharov --- .arg.m | 25 +++++++++++++++++++++++++ Earthfile | 6 +++++- alpine-builder-image/Dockerfile | 4 ++++ earthly-entrypoint.sh | 4 ++-- earthly.sh | 6 +++--- 5 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 .arg.m create mode 100644 alpine-builder-image/Dockerfile diff --git a/.arg.m b/.arg.m new file mode 100644 index 0000000..91ba90d --- /dev/null +++ b/.arg.m @@ -0,0 +1,25 @@ +BASE_IMAGE=registry.spectrocloud.dev/kairos-rhel9:9.4-6 +SPECTRO_LUET_REPO=us-docker.spectrocloud.dev/palette-images/edge +SPECTRO_PUB_REPO=us-docker.spectrocloud.dev/palette-images +ALPINE_IMG=registry.spectrocloud.dev/alpine:3.20 +SPECTRO_THIRD_PARTY_IMAGE=gcr.spectrocloud.dev/spectro-images-public/builders/spectro-third-party + +HTTPS_PROXY=http://infra-proxy.spectrocloud.dev +HTTP_PROXY=http://infra-proxy.spectrocloud.dev +NO_PROXY="*.spectrocloud.dev" +PROXY_CERT_PATH=/root/ca-cert/ +OSBUILDER_VERSION=v0.300.3 +OSBUILDER_IMAGE=quay.spectrocloud.dev/kairos/osbuilder-tools:$OSBUILDER_VERSION + +CUSTOM_TAG=rhel9-4 +IMAGE_REGISTRY=registry.spectrocloud.dev +OS_DISTRIBUTION=rhel +IMAGE_REPO=kairos +OS_VERSION=9 +K8S_DISTRIBUTION=kubeadm +ISO_NAME=palette-edge-installer +ARCH=amd64 +UPDATE_KERNEL=false +CLUSTERCONFIG=spc.tgz +CIS_HARDENING=false +EDGE_CUSTOM_CONFIG=.edge-custom-config.yaml diff --git a/Earthfile b/Earthfile index 3fa7b9e..70e905e 100644 --- a/Earthfile +++ b/Earthfile @@ -34,6 +34,7 @@ ARG RKE2_PROVIDER_VERSION=v4.5.0 ARG NODEADM_PROVIDER_VERSION=v4.5.0 # Variables used in the builds. Update for ADVANCED use cases only. Modify in .arg file or via CLI arguments. +ARG SPECTRO_THIRD_PARTY_IMAGE=$SPECTRO_THIRD_PARTY_IMAGE ARG OS_DISTRIBUTION ARG OS_VERSION ARG K8S_VERSION @@ -230,7 +231,7 @@ kairos-agent: install-k8s: FROM --platform=linux/${ARCH} $ALPINE_IMG - DO +BASE_ALPINE +# DO +BASE_ALPINE COPY (+third-party/luet --binary=luet) /usr/bin/luet IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] || [ "$K8S_DISTRIBUTION" = "nodeadm" ] @@ -856,8 +857,11 @@ OS_RELEASE: download-third-party: ARG TARGETPLATFORM + ARG SPECTRO_THIRD_PARTY_IMAGE_PATH=${SPECTRO_THIRD_PARTY_IMAGE} ARG binary + FROM --platform=$TARGETPLATFORM ${SPECTRO_THIRD_PARTY_IMAGE} + ARG TARGETARCH SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary} ${binary} SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary}.version ${binary}.version diff --git a/alpine-builder-image/Dockerfile b/alpine-builder-image/Dockerfile new file mode 100644 index 0000000..0028de6 --- /dev/null +++ b/alpine-builder-image/Dockerfile @@ -0,0 +1,4 @@ +FROM us-docker.pkg.dev/palette-images/edge/canvos/alpine:3.20 +COPY certs/ca1.crt /usr/local/share/ca-certificates/ +COPY certs/ca2.crt /usr/local/share/ca-certificates/ +RUN update-ca-certificates diff --git a/earthly-entrypoint.sh b/earthly-entrypoint.sh index 96412c2..54c2dc9 100755 --- a/earthly-entrypoint.sh +++ b/earthly-entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/sh # uncomment the line below to enable debug mode set -ex -cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt -update-ca-certificates +#cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt +#update-ca-certificates # reference: https://github.com/earthly/earthly/blob/main/earthly-entrypoint.sh EARTHLY_DEBUG=${EARTHLY_DEBUG:-false} diff --git a/earthly.sh b/earthly.sh index ee9f415..833ab82 100755 --- a/earthly.sh +++ b/earthly.sh @@ -25,13 +25,13 @@ function build_with_proxy() { -e NO_PROXY=$NO_PROXY \ -e no_proxy=$NO_PROXY \ -e EARTHLY_GIT_CONFIG=$gitconfig \ - -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" \ + -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates:ro" \ -v earthly-tmp:/tmp/earthly:rw \ -p 8372:8372 \ $SPECTRO_PUB_REPO/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates - + docker exec -it earthly-buildkitd cat /etc/ssl/certs/ca-certificates.crt > ca-certificates-bundle.crt # Run Earthly in Docker to create artifacts Variables are passed from the .arg file docker run --privileged \ -v ~/.docker/config.json:/root/.docker/config.json \ @@ -47,7 +47,7 @@ function build_with_proxy() { -e NO_PROXY=$NO_PROXY \ -e no_proxy=$NO_PROXY \ -v "$(pwd)":/workspace \ - -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" \ + -v ${PWD}/ca-certificates-bundle.crt:/etc/ssl/certs/ca-certificates.crt \ --entrypoint /workspace/earthly-entrypoint.sh \ $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" }