podvm: support use different pause image when build podvm image

- update podvm-image dockerfiles so that we can use a different pause image Put a docker auth file to the `src/cloud-api-adaptor/podvm/` folder and run ``` export PAUSE_REPO=docker://my.auth.repo/pause-image export PAUSE_VERSION=latest export PAUSE_BIN=/usr/bin/pod export AUTHFILE=auth.json make podvm-builder podvm-binaries podvm-image ``` Signed-off-by: Da Li Liu <[email protected]>
confidential-containers · Aug 4, 2024 · c940242 · c940242
1 parent e18ef16
commit c940242
Show file tree

Hide file tree

Showing 8 changed files with 57 additions and 5 deletions.
diff --git a/src/cloud-api-adaptor/Makefile b/src/cloud-api-adaptor/Makefile
@@ -186,6 +186,10 @@ podvm-binaries:
 	--build-arg PODVM_DISTRO=$(PODVM_DISTRO) \
 	--build-arg ARCH=$(ARCH) \
 	--build-arg ATTESTER=$(ATTESTER) \
+	--build-arg PAUSE_REPO=$(PAUSE_REPO) \
+	--build-arg PAUSE_VERSION=$(PAUSE_VERSION) \
+	--build-arg PAUSE_BIN=$(PAUSE_BIN) \
+	$(if $(AUTHFILE),--build-arg AUTHFILE=$(AUTHFILE),) \
 	$(if $(DEFAULT_AGENT_POLICY_FILE),--build-arg DEFAULT_AGENT_POLICY_FILE=$(DEFAULT_AGENT_POLICY_FILE),) \
 	$(DOCKER_OPTS) .
 	rm -rf .git
@@ -208,5 +212,9 @@ endif
 	--build-arg IMAGE_URL=$(IMAGE_URL) \
 	--build-arg IMAGE_CHECKSUM=$(IMAGE_CHECKSUM) \
 	--build-arg SE_BOOT=$(SE_BOOT) \
+	--build-arg PAUSE_REPO=$(PAUSE_REPO) \
+	--build-arg PAUSE_VERSION=$(PAUSE_VERSION) \
+	--build-arg PAUSE_BIN=$(PAUSE_BIN) \
+	$(if $(AUTHFILE),--build-arg AUTHFILE=$(AUTHFILE),) \
 	$(DOCKER_OPTS) .
 	rm -rf .git
diff --git a/src/cloud-api-adaptor/Makefile.defaults b/src/cloud-api-adaptor/Makefile.defaults
@@ -1,7 +1,7 @@
 ROOT_PATH := $(abspath $(dir $(lastword $(MAKEFILE_LIST))))
 VERSIONS_SRC := $(ROOT_PATH)/versions.yaml
 YQ_COMMAND ?= $(ROOT_PATH)/hack/yq-shim.sh
-
+PAUSE_BIN ?= pause
 # As we need `yq` to be installed to fetch the values from versions.yaml
 # these values are hardcoded here, all other versions/references should be
 # stored in versions.yaml

diff --git a/src/cloud-api-adaptor/podvm-mkosi/Makefile b/src/cloud-api-adaptor/podvm-mkosi/Makefile
@@ -53,6 +53,10 @@ endif
 	docker buildx build \
 		--build-arg BUILDER_IMG=$(BUILDER) \
 		--build-arg ATTESTER=$(ATTESTER) \
+		--build-arg PAUSE_REPO=$(PAUSE_REPO) \
+		--build-arg PAUSE_VERSION=$(PAUSE_VERSION) \
+		--build-arg PAUSE_BIN=$(PAUSE_BIN) \
+		$(if $(AUTHFILE),--build-arg AUTHFILE=$(AUTHFILE),) \
 		$(if $(DEFAULT_AGENT_POLICY_FILE),--build-arg DEFAULT_AGENT_POLICY_FILE=$(DEFAULT_AGENT_POLICY_FILE),) \
 		-o type=local,dest="./resources/binaries-tree" \
 		-f ../podvm/Dockerfile.podvm_binaries.fedora ../../

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm b/src/cloud-api-adaptor/podvm/Dockerfile.podvm
@@ -19,7 +19,15 @@ ARG UEFI=false
 
 # If not provided, uses system architecture
 ARG ARCH
-
+ARG AUTHFILE
+ARG PAUSE_REPO
+ARG PAUSE_VERSION
+ARG PAUSE_BIN
+
+ENV AUTHFILE=${AUTHFILE}
+ENV PAUSE_REPO=${PAUSE_REPO}
+ENV PAUSE_VERSION=${PAUSE_VERSION}
+ENV PAUSE_BIN=${PAUSE_BIN}
 ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV ARCH=${ARCH}

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm.rhel b/src/cloud-api-adaptor/podvm/Dockerfile.podvm.rhel
@@ -18,7 +18,15 @@ ARG UEFI=false
 ARG ARCH
 ARG CAA_SRC=""
 ARG CAA_SRC_REF=""
+ARG AUTHFILE
+ARG PAUSE_REPO
+ARG PAUSE_VERSION
+ARG PAUSE_BIN
 
+ENV AUTHFILE=${AUTHFILE}
+ENV PAUSE_REPO=${PAUSE_REPO}
+ENV PAUSE_VERSION=${PAUSE_VERSION}
+ENV PAUSE_BIN=${PAUSE_BIN}
 ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV ARCH=${ARCH}

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries b/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries
@@ -20,7 +20,15 @@ ARG ARCH
 #This is the name of the policy file under
 #files/etc/kata-opa
 ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
-
+ARG AUTHFILE
+ARG PAUSE_REPO
+ARG PAUSE_VERSION
+ARG PAUSE_BIN
+
+ENV AUTHFILE=${AUTHFILE}
+ENV PAUSE_REPO=${PAUSE_REPO}
+ENV PAUSE_VERSION=${PAUSE_VERSION}
+ENV PAUSE_BIN=${PAUSE_BIN}
 ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV GUEST_COMPONENTS_VERSION=${GUEST_COMPONENTS_VERSION}

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora b/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora
@@ -20,7 +20,15 @@ ARG ARCH
 #This is the name of the policy file under
 #files/etc/kata-opa
 ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
-
+ARG AUTHFILE
+ARG PAUSE_REPO
+ARG PAUSE_VERSION
+ARG PAUSE_BIN
+
+ENV AUTHFILE=${AUTHFILE}
+ENV PAUSE_REPO=${PAUSE_REPO}
+ENV PAUSE_VERSION=${PAUSE_VERSION}
+ENV PAUSE_BIN=${PAUSE_BIN}
 ENV CLOUD_PROVIDER=${CLOUD_PROVIDER}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV GUEST_COMPONENTS_VERSION=${GUEST_COMPONENTS_VERSION}

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.rhel b/src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.rhel
@@ -17,7 +17,15 @@ ARG ARCH
 #This is the name of the policy file under
 #files/etc/kata-opa
 ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
-
+ARG AUTHFILE
+ARG PAUSE_REPO
+ARG PAUSE_VERSION
+ARG PAUSE_BIN
+
+ENV AUTHFILE=${AUTHFILE}
+ENV PAUSE_REPO=${PAUSE_REPO}
+ENV PAUSE_VERSION=${PAUSE_VERSION}
+ENV PAUSE_BIN=${PAUSE_BIN}
 ENV PODVM_DISTRO=${PODVM_DISTRO}
 ENV ATTESTER=${ATTESTER}
 ENV ARCH=${ARCH}