Creating v4.5.8 branch to use with multi CAs

.arg.m

@@ -0,0 +1,25 @@
+BASE_IMAGE=registry.spectrocloud.dev/kairos-rhel9:9.4-6
+SPECTRO_LUET_REPO=us-docker.spectrocloud.dev/palette-images/edge
+SPECTRO_PUB_REPO=us-docker.spectrocloud.dev/palette-images
+ALPINE_IMG=registry.spectrocloud.dev/alpine:3.20
+SPECTRO_THIRD_PARTY_IMAGE=gcr.spectrocloud.dev/spectro-images-public/builders/spectro-third-party
+
+HTTPS_PROXY=http://infra-proxy.spectrocloud.dev
+HTTP_PROXY=http://infra-proxy.spectrocloud.dev
+NO_PROXY="*.spectrocloud.dev"
+PROXY_CERT_PATH=/root/ca-cert/
+OSBUILDER_VERSION=v0.300.3
+OSBUILDER_IMAGE=quay.spectrocloud.dev/kairos/osbuilder-tools:$OSBUILDER_VERSION
+
+CUSTOM_TAG=rhel9-4
+IMAGE_REGISTRY=registry.spectrocloud.dev
+OS_DISTRIBUTION=rhel
+IMAGE_REPO=kairos
+OS_VERSION=9
+K8S_DISTRIBUTION=kubeadm
+ISO_NAME=palette-edge-installer
+ARCH=amd64
+UPDATE_KERNEL=false
+CLUSTERCONFIG=spc.tgz
+CIS_HARDENING=false
+EDGE_CUSTOM_CONFIG=.edge-custom-config.yaml

Earthfile

@@ -34,6 +34,7 @@ ARG RKE2_PROVIDER_VERSION=v4.5.0
 ARG NODEADM_PROVIDER_VERSION=v4.5.0
 
 # Variables used in the builds. Update for ADVANCED use cases only. Modify in .arg file or via CLI arguments.
+ARG SPECTRO_THIRD_PARTY_IMAGE=$SPECTRO_THIRD_PARTY_IMAGE
 ARG OS_DISTRIBUTION
 ARG OS_VERSION
 ARG K8S_VERSION
@@ -230,7 +231,7 @@ kairos-agent:
 
 install-k8s:
     FROM --platform=linux/${ARCH} $ALPINE_IMG
-    DO +BASE_ALPINE
+#    DO +BASE_ALPINE
     COPY (+third-party/luet --binary=luet) /usr/bin/luet
 
     IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] || [ "$K8S_DISTRIBUTION" = "nodeadm" ]
@@ -856,8 +857,11 @@ OS_RELEASE:
 
 download-third-party:
     ARG TARGETPLATFORM
+    ARG SPECTRO_THIRD_PARTY_IMAGE_PATH=${SPECTRO_THIRD_PARTY_IMAGE}
     ARG binary
+
     FROM --platform=$TARGETPLATFORM ${SPECTRO_THIRD_PARTY_IMAGE}
+
     ARG TARGETARCH
     SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary} ${binary}
     SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary}.version ${binary}.version

alpine-builder-image/Dockerfile

@@ -0,0 +1,4 @@
+FROM us-docker.pkg.dev/palette-images/edge/canvos/alpine:3.20
+COPY certs/ca1.crt /usr/local/share/ca-certificates/
+COPY certs/ca2.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates

earthly-entrypoint.sh

@@ -1,8 +1,8 @@
 #!/bin/sh
 # uncomment the line below to enable debug mode
 set -ex
-cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt
-update-ca-certificates
+#cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt
+#update-ca-certificates
 
 # reference: https://github.com/earthly/earthly/blob/main/earthly-entrypoint.sh
 EARTHLY_DEBUG=${EARTHLY_DEBUG:-false}

earthly.sh

@@ -25,13 +25,13 @@ function build_with_proxy() {
         -e NO_PROXY=$NO_PROXY \
         -e no_proxy=$NO_PROXY \
         -e EARTHLY_GIT_CONFIG=$gitconfig \
-        -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" \
+        -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates:ro" \
         -v earthly-tmp:/tmp/earthly:rw \
         -p 8372:8372 \
         $SPECTRO_PUB_REPO/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION
     # Update the CA certificates in the container
     docker exec -it earthly-buildkitd update-ca-certificates
-
+    docker exec -it earthly-buildkitd cat /etc/ssl/certs/ca-certificates.crt > ca-certificates-bundle.crt
     # Run Earthly in Docker to create artifacts  Variables are passed from the .arg file
     docker run --privileged \
         -v ~/.docker/config.json:/root/.docker/config.json \
@@ -47,7 +47,7 @@ function build_with_proxy() {
         -e NO_PROXY=$NO_PROXY \
         -e no_proxy=$NO_PROXY \
         -v "$(pwd)":/workspace \
-        -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" \
+        -v ${PWD}/ca-certificates-bundle.crt:/etc/ssl/certs/ca-certificates.crt \
         --entrypoint /workspace/earthly-entrypoint.sh \
         $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
 }