From b4d0ad8ad71290ccc3f58869cc1e50a1145dbbea Mon Sep 17 00:00:00 2001
From: Jacob Blain Christen <jacob@rancher.com>
Date: Thu, 20 Aug 2020 04:27:45 -0700
Subject: [PATCH] build/ci: fix it (#209)

Did some refactoring so that the correct version is passed into the
kubernetes build, among other things.
---
 .drone.yml                                | 37 ++++++++++---
 BUILDING.md                               |  4 +-
 Dockerfile                                | 55 +++++++++++++++----
 Dockerfile.k8s                            | 23 --------
 Makefile                                  | 66 ++++++++++++-----------
 pkg/images/images.go                      |  2 +-
 scripts/airgap-images.sh                  | 12 -----
 scripts/build                             | 42 +++------------
 scripts/build-binary                      | 38 +++++++++++++
 scripts/{download-charts => build-charts} |  2 +-
 scripts/build-debug                       |  5 --
 scripts/build-image-kubernetes            | 20 +++++++
 scripts/build-image-runtime               | 20 +++++++
 scripts/build-images                      | 23 ++++++++
 scripts/clean                             |  2 +-
 scripts/clean-cache                       |  2 +-
 scripts/dev-peer                          |  5 +-
 scripts/dev-peer-enter                    |  4 +-
 scripts/dev-shell                         | 10 ++--
 scripts/dev-shell-build                   | 13 ++---
 scripts/dev-shell-enter                   |  6 +--
 scripts/dispatch                          |  5 +-
 scripts/image                             | 16 ------
 scripts/image-manifest                    | 13 -----
 scripts/image-publish                     | 10 ----
 scripts/k8s-image                         | 26 ---------
 scripts/k8s-image-publish                 | 11 ----
 scripts/package                           | 12 +++--
 scripts/package-airgap                    |  9 ----
 scripts/package-binary                    |  8 +++
 scripts/package-bundle                    |  6 +--
 scripts/package-images                    | 11 ++++
 scripts/publish-image-kubernetes          |  8 +++
 scripts/publish-image-runtime             |  8 +++
 scripts/publish-manifest-kubernetes       | 13 +++++
 scripts/publish-manifest-runtime          | 13 +++++
 scripts/remote-debug                      |  9 ++--
 scripts/remote-debug-exit                 |  5 +-
 scripts/run                               |  5 +-
 scripts/scan-image-kubernetes             | 16 ++++++
 scripts/validate                          |  6 +--
 scripts/version.sh                        | 10 ++--
 42 files changed, 345 insertions(+), 266 deletions(-)
 delete mode 100644 Dockerfile.k8s
 delete mode 100755 scripts/airgap-images.sh
 create mode 100755 scripts/build-binary
 rename scripts/{download-charts => build-charts} (97%)
 delete mode 100755 scripts/build-debug
 create mode 100755 scripts/build-image-kubernetes
 create mode 100755 scripts/build-image-runtime
 create mode 100755 scripts/build-images
 delete mode 100755 scripts/image
 delete mode 100755 scripts/image-manifest
 delete mode 100755 scripts/image-publish
 delete mode 100755 scripts/k8s-image
 delete mode 100755 scripts/k8s-image-publish
 delete mode 100755 scripts/package-airgap
 create mode 100755 scripts/package-binary
 create mode 100755 scripts/package-images
 create mode 100755 scripts/publish-image-kubernetes
 create mode 100755 scripts/publish-image-runtime
 create mode 100755 scripts/publish-manifest-kubernetes
 create mode 100755 scripts/publish-manifest-runtime
 create mode 100755 scripts/scan-image-kubernetes

diff --git a/.drone.yml b/.drone.yml
index 9093b95b31..53c72e13cd 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -36,13 +36,13 @@ steps:
     event:
     - tag
 
-- name: docker-k8s-build
+- name: build-image-kubernetes
   image: rancher/build-base:v1.14.2
   volumes:
   - name: docker
     path: /var/run/docker.sock
   commands:
-  - DRONE_TAG=${DRONE_TAG} BUILD_K8S_IMAGE=true make k8s-image
+  - DRONE_TAG=${DRONE_TAG} BUILD_K8S_IMAGE=true make build-image-kubernetes
   environment:
     DOCKER_USERNAME:
       from_secret: docker_username
@@ -52,14 +52,14 @@ steps:
     instance:
     - drone-pr.rancher.io
 
-- name: docker-k8s-publish
+- name: publish-image-kubernetes
   image: rancher/build-base:v1.14.2
   volumes:
     - name: docker
       path: /var/run/docker.sock
   commands:
     - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
-    - DRONE_TAG=${DRONE_TAG} BUILD_K8S_IMAGE=true make k8s-image-publish
+    - DRONE_TAG=${DRONE_TAG} make publish-image-kubernetes
   environment:
     DOCKER_USERNAME:
       from_secret: docker_username
@@ -74,7 +74,7 @@ steps:
     event:
     - tag
 
-- name: docker-publish
+- name: publish-image-runtime
   image: rancher/build-base:v1.14.2
   volumes:
     - name: docker
@@ -86,7 +86,7 @@ steps:
       from_secret: docker_password
   commands:
     - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
-    - DRONE_TAG=${DRONE_TAG} make image-publish
+    - DRONE_TAG=${DRONE_TAG} make publish-image-runtime
   when:
     instance:
     - drone-publish.rancher.io
@@ -110,7 +110,7 @@ platform:
   arch: amd64
 
 steps:
-- name: manifest
+- name: manifest-runtime
   image: rancher/build-base:v1.14.2
   volumes:
     - name: docker
@@ -122,7 +122,28 @@ steps:
       from_secret: docker_password
   commands:
     - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
-    - DRONE_TAG=${DRONE_TAG} make image-manifest
+    - DRONE_TAG=${DRONE_TAG} make publish-manifest-runtime
+  when:
+    instance:
+    - drone-publish.rancher.io
+    ref:
+    - refs/head/master
+    - refs/tags/*
+    event:
+    - tag
+- name: manifest-kubernetes
+  image: rancher/build-base:v1.14.2
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  environment:
+    DOCKER_USERNAME:
+      from_secret: docker_username
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  commands:
+  - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+  - DRONE_TAG=${DRONE_TAG} make publish-manifest-kubernetes
   when:
     instance:
     - drone-publish.rancher.io
diff --git a/BUILDING.md b/BUILDING.md
index b123ec64e4..0f8765f5dc 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -40,8 +40,8 @@ has been bind-mounted into the container ready to be imported into containerd on
 To run the built artifact(s) locally or on a remote host:
 - install prerequisites mentioned above
 - copy `./bin/rke2` to the path on your host
-- copy `./build/images/rke2-runtime-image-$(go env GOARCH).tar` to `/var/lib/rancher/rke2/agent/images/` on your host
-- if testing airgap, also copy `./build/images/airgap.tar` to `/var/lib/rancher/rke2/agent/images/` on your host
+- copy `./build/images/rke2-runtime.tar` to `/var/lib/rancher/rke2/agent/images/` on your host
+- if testing airgap, also copy `./build/images/rke2-airgap.tar` to `/var/lib/rancher/rke2/agent/images/` on your host
 - run rke2 server: `rke2 server --token=test`
 
 ### kubectl
diff --git a/Dockerfile b/Dockerfile
index 34db94322c..b058ec4a40 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,30 @@
 ARG KUBERNETES_VERSION=dev
 # Build environment
 FROM rancher/build-base:v1.14.2 AS build
-# Yep nothing special here yet
-
+RUN set -x \
+ && export DEBIAN_FRONTEND=noninteractive \
+ && apt-get -y update \
+ && apt-get -y install \
+    libseccomp-dev \
+    rsync
 # Shell used for debugging
 FROM build AS shell
-RUN apt-get update && \
-    apt-get install -y iptables socat vim bash-completion less psmisc libseccomp-dev sudo
+RUN set -x \
+ && export DEBIAN_FRONTEND=noninteractive \
+ && apt-get -y update \
+ && apt-get -y install \
+    bash \
+    bash-completion \
+    git \
+    iptables \
+    less \
+    libseccomp2 \
+    psmisc \
+    rsync \
+    seccomp \
+    socat \
+    sudo \
+    vim
 RUN cp -f /etc/skel/.bashrc /etc/skel/.profile /root/ && \
     echo 'alias abort="echo -e '\''q\ny\n'\'' | ./bin/dlv connect :2345"' >> /root/.bashrc
 ENV PATH=/var/lib/rancher/rke2/bin:$PATH
@@ -18,7 +36,7 @@ VOLUME /var/lib/rancher/k3s
 # Dapper/Drone/CI environment
 FROM build AS dapper
 
-ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION
+ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT
 ENV DAPPER_OUTPUT ./dist ./bin ./build
 ENV DAPPER_DOCKER_SOCKET true
 ENV DAPPER_TARGET dapper
@@ -27,19 +45,30 @@ RUN curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh
 WORKDIR /source
 # End Dapper stuff
 
+FROM build AS build-k8s
+ARG KUBERNETES_VERSION
+ARG TAG
+WORKDIR /
+RUN git clone -b ${KUBERNETES_VERSION} --depth=1 https://github.com/kubernetes/kubernetes.git
+WORKDIR /kubernetes
+RUN make KUBE_GIT_VERSION=${TAG} WHAT='cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-proxy cmd/kube-scheduler cmd/kubeadm cmd/kubectl cmd/kubelet vendor/k8s.io/apiextensions-apiserver'
+
+FROM registry.access.redhat.com/ubi7/ubi-minimal:latest AS kubernetes
+RUN microdnf update -y           && \
+    microdnf install -y iptables && \
+    rm -rf /var/cache/yum
+COPY --from=build-k8s \
+    /kubernetes/_output/bin/ \
+    /usr/local/bin/
+
 # rke-runtime image
 # This image includes any host level programs that we might need. All binaries
 # must be placed in bin/ of the file image and subdirectories of bin/ will be flattened during installation.
 # This means bin/foo/bar will become bin/bar when rke2 installs this to the host
-FROM rancher/kubernetes:${KUBERNETES_VERSION} AS k8s
 FROM rancher/k3s:v1.18.4-k3s1 AS k3s
 FROM rancher/containerd:v1.3.6-k3s2 AS containerd 
 
-FROM scratch AS release
-COPY --from=k8s \
-    /usr/local/bin/kubectl \
-    /usr/local/bin/kubelet \
-    /bin/
+FROM scratch AS runtime
 COPY --from=k3s \
     /bin/socat \
     /bin/runc \
@@ -51,4 +80,8 @@ COPY --from=containerd \
     /usr/local/bin/ctr \
     /usr/local/bin/containerd-shim-runc-v1 \
     /bin/
+COPY --from=kubernetes \
+    /usr/local/bin/kubectl \
+    /usr/local/bin/kubelet \
+    /bin/
 COPY ./build/static/charts /charts
diff --git a/Dockerfile.k8s b/Dockerfile.k8s
deleted file mode 100644
index dcd71caae7..0000000000
--- a/Dockerfile.k8s
+++ /dev/null
@@ -1,23 +0,0 @@
-ARG UBI_IMAGE=registry.access.redhat.com/ubi7/ubi-minimal:latest
-ARG GO_IMAGE=rancher/build-base:v1.14.2
-
-FROM ${UBI_IMAGE} as ubi
-
-FROM ${GO_IMAGE} as builder
-ARG TAG=""
-ARG KUBERNETES_VERSION=""
-
-RUN apt update     && \
-    apt upgrade -y && \
-    apt install -y ca-certificates git bash rsync
-
-RUN git clone -b ${KUBERNETES_VERSION} --depth=1 https://github.com/kubernetes/kubernetes.git && \
-    cd /go/kubernetes   && \
-    KUBE_GIT_VERSION=${KUBERNETES_VERSION} make all
-
-FROM ubi
-RUN microdnf update -y           && \
-    microdnf install -y iptables && \
-    rm -rf /var/cache/yum
-
-COPY --from=builder /go/kubernetes/_output/bin /usr/local/bin
diff --git a/Makefile b/Makefile
index a77b493c31..bc7f2b5810 100644
--- a/Makefile
+++ b/Makefile
@@ -23,24 +23,29 @@ dapper-ci: .ci                           ## Used by Drone CI, does the same as "
 build:                                   ## Build using host go tools
 	./scripts/build
 
-.PHONY: build-airgap
-build-airgap: | build image k8s-image build/images/airgap.tar	## Build all images for an airgapped installation
-
 .PHONY: build-debug
 build-debug:                             ## Debug build using host go tools
-	./scripts/build-debug
+	GODEBUG=y ./scripts/build
+
+.PHONY: build-images
+build-images:                             ## Build all images and image tarballs (including airgap)
+	./scripts/build-images
 
-.PHONY: image
-image: download-charts					## Build final docker image for push
-	./scripts/image
+.PHONY: build-image-kubernetes
+build-image-kubernetes:                               ## Build the kubernetes image
+	./scripts/build-image-kubernetes
 
-.PHONY: k8s-image
-k8s-image:                               ## Build final docker image for kubernetes
-	./scripts/k8s-image
+.PHONY: build-image-runtime
+build-image-runtime: build-charts					## Build the runtime image
+	./scripts/build-image-runtime
 
-.PHONY: image-publish
-image-publish: image
-	./scripts/image-publish
+.PHONY: publish-image-kubernetes
+publish-image-kubernetes: build-image-kubernetes
+	./scripts/publish-image-kubernetes
+
+.PHONY: publish-image-runtime
+publish-image-runtime: build-image-runtime
+	./scripts/publish-image-runtime
 
 .PHONY: validate
 validate:                                ## Run go fmt/vet
@@ -59,12 +64,9 @@ remote-debug-exit:              		 ## Kill dlv started with make remote-debug
 	./scripts/remote-debug-exit
 
 .PHONY: dev-shell-build
-dev-shell-build: build-airgap
+dev-shell-build: build
 	./scripts/dev-shell-build
 
-build/images/airgap.tar:
-	./scripts/airgap-images.sh
-
 .PHONY: clean-cache
 clean-cache:                             ## Clean up docker base caches used for development
 	./scripts/clean-cache
@@ -74,7 +76,7 @@ clean:                                   ## Clean up workspace
 	./scripts/clean
 
 .PHONY: dev-shell
-dev-shell: k8s-image download-charts image dev-shell-build              ## Launch a development shell to run test builds
+dev-shell: dev-shell-build              ## Launch a development shell to run test builds
 	./scripts/dev-shell
 
 .PHONY: dev-shell-enter
@@ -89,32 +91,32 @@ dev-peer: dev-shell-build              ## Launch a server peer to run test build
 dev-peer-enter:                         ## Enter the peer shell on another terminal
 	./scripts/dev-peer-enter
 
-.PHONY: k8s-image-publish
-k8s-image-publish: k8s-image
-	./scripts/k8s-image-publish
+.PHONY: publish-manifest-runtime
+publish-manifest-runtime: build-image-runtime					## Create and push the rke2-runtime manifest
+	./scripts/publish-manifest-runtime
 
-.PHONY: image-manifest
-image-manifest:							## mainfest rke2-runtime image
-	./scripts/image-manifest
+.PHONY: publish-manifest-kubernetes
+publish-manifest-kubernetes: build-image-kubernetes						## Create and push the kubernetes manifest
+	./scripts/publish-manifest-kubernetes
 
 .PHONY: dispatch
 dispatch:								## Send dispatch event to rke2-upgrade repo
 	./scripts/dispatch
 
-.PHONY: download-charts
-download-charts: 						## Download packaged helm charts
-	./scripts/download-charts
+.PHONY: build-charts
+build-charts: 						## Download packaged helm charts
+	./scripts/build-charts
 
 .PHONY: package
-package: | download-charts package-airgap package-bundle ## Package the rke2 binary
+package: build 						## Package the rke2 binary
 	./scripts/package
 
-.PHONY: package-airgap
-package-airgap: build/images/airgap.tar		## Package docker images for airgap environment
-	./scripts/package-airgap
+.PHONY: package-images
+package-images: build-images		## Package docker images for airgap environment
+	./scripts/package-images
 
 .PHONY: package-bundle
-package-bundle: 						## Package the tarball bundle
+package-bundle: build						## Package the tarball bundle
 	./scripts/package-bundle
 
 ./.dapper:
diff --git a/pkg/images/images.go b/pkg/images/images.go
index 017ab1ae56..87f093e956 100644
--- a/pkg/images/images.go
+++ b/pkg/images/images.go
@@ -47,7 +47,7 @@ func New(repo string) Images {
 		KubeControllManager: override(override("rancher", repo)+"/kubernetes:"+KubernetesVersion, controllerManager),
 		KubeScheduler:       override(override("rancher", repo)+"/kubernetes:"+KubernetesVersion, scheduler),
 		Pause:               override(override("k8s.gcr.io", repo)+"/pause:"+PauseVersion, pause),
-		Runtime:             override(override("rancher", repo)+"/rke2-runtime:"+version.Version, runtime),
+		Runtime:             override(override("rancher", repo)+"/rke2-runtime:"+strings.ReplaceAll(version.Version, "+", "-"), runtime),
 		ETCD:                override(override("rancher", repo)+"/etcd:"+EtcdVersion, etcd),
 	}
 }
diff --git a/scripts/airgap-images.sh b/scripts/airgap-images.sh
deleted file mode 100755
index 185ae3a70d..0000000000
--- a/scripts/airgap-images.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e -x
-
-cd $(dirname $0)/..
-
-. ./scripts/version.sh
-
-mkdir -p ./build/images/
-airgap_image_file='scripts/airgap/image-list.txt'
-images=$(cat "${airgap_image_file}")
-xargs -n1 docker pull <<< "${images}"
-docker save -o ./build/images/airgap.tar ${images}
diff --git a/scripts/build b/scripts/build
index 46efb1e808..d803cbadf4 100755
--- a/scripts/build
+++ b/scripts/build
@@ -1,38 +1,10 @@
-#!/bin/bash
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-. ./scripts/version.sh
-
-if [ -z "${GODEBUG}" ]; then
-    EXTRA_LDFLAGS="${EXTRA_LDFLAGS} -s -w"
-	DEBUG_GO_GCFLAGS=""
-    DEBUG_TAGS=""
-else
-    DEBUG_GO_GCFLAGS='-gcflags=all=-N -l'
-fi
-
-REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)
-RELEASE=${PROG}.${GOOS}-${GOARCH}
-
-
-BUILDTAGS=" netgo osusergo"
-GO_BUILDTAGS=${GO_BUILDTAGS}${BUILDTAGS}${DEBUG_TAGS}
-
-VERSION_FLAGS="
-        -X ${RKE2_PKG}/pkg/images.KubernetesVersion=${KUBERNETES_VERSION}
-        -X ${K3S_PKG}/pkg/version.Program=${PROG}
-        -X ${K3S_PKG}/pkg/version.Version=${VERSION}
-        -X ${K3S_PKG}/pkg/version.GitCommit=${REVISION}
-"
-STATIC_FLAGS='-extldflags "-static"'
-
-GO_LDFLAGS="${STATIC_FLAGS} ${EXTRA_LDFLAGS}"
-echo ${DEBUG_GO_GCFLAGS}
-go build \
-         -tags "${GO_BUILDTAGS}" \
-         ${GO_GCFLAGS} ${GO_BUILD_FLAGS} \
-         -o bin/${PROG} \
-         -ldflags "${GO_LDFLAGS} ${VERSION_FLAGS}" \
-         ${GO_TAGS}
+source ./scripts/version.sh
+mkdir -p build/images
+./scripts/build-binary
+./scripts/build-charts
+./scripts/build-images
diff --git a/scripts/build-binary b/scripts/build-binary
new file mode 100755
index 0000000000..fdb7132e46
--- /dev/null
+++ b/scripts/build-binary
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+if [ -z "${GODEBUG}" ]; then
+    EXTRA_LDFLAGS="${EXTRA_LDFLAGS} -s -w"
+	DEBUG_GO_GCFLAGS=""
+    DEBUG_TAGS=""
+else
+    DEBUG_GO_GCFLAGS='-gcflags=all=-N -l'
+fi
+
+REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)
+RELEASE=${PROG}.${GOOS}-${GOARCH}
+
+
+BUILDTAGS=" netgo osusergo"
+GO_BUILDTAGS=${GO_BUILDTAGS}${BUILDTAGS}${DEBUG_TAGS}
+
+VERSION_FLAGS="
+        -X ${RKE2_PKG}/pkg/images.KubernetesVersion=${DOCKERIZED_VERSION}
+        -X ${K3S_PKG}/pkg/version.Program=${PROG}
+        -X ${K3S_PKG}/pkg/version.Version=${VERSION}
+        -X ${K3S_PKG}/pkg/version.GitCommit=${REVISION}
+"
+STATIC_FLAGS='-extldflags "-static"'
+
+GO_LDFLAGS="${STATIC_FLAGS} ${EXTRA_LDFLAGS}"
+echo ${DEBUG_GO_GCFLAGS}
+go build \
+         -tags "${GO_BUILDTAGS}" \
+         ${GO_GCFLAGS} ${GO_BUILD_FLAGS} \
+         -o bin/${PROG} \
+         -ldflags "${GO_LDFLAGS} ${VERSION_FLAGS}" \
+         ${GO_TAGS}
diff --git a/scripts/download-charts b/scripts/build-charts
similarity index 97%
rename from scripts/download-charts
rename to scripts/build-charts
index 5910207461..27cc55d970 100755
--- a/scripts/download-charts
+++ b/scripts/build-charts
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -ex
 
 CHARTS_DIR=build/static/charts
diff --git a/scripts/build-debug b/scripts/build-debug
deleted file mode 100755
index 43130d0277..0000000000
--- a/scripts/build-debug
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-set -e
-
-cd $(dirname $0)
-GODEBUG=y ./build
diff --git a/scripts/build-image-kubernetes b/scripts/build-image-kubernetes
new file mode 100755
index 0000000000..daa1b4bdf1
--- /dev/null
+++ b/scripts/build-image-kubernetes
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \
+    --build-arg TAG=${VERSION} \
+    --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
+    --tag ${REPO}/kubernetes:${DOCKERIZED_VERSION} \
+    --tag ${REPO}/kubernetes:${DOCKERIZED_VERSION}-${GOARCH} \
+    --target kubernetes \
+.
+
+mkdir -p build/images
+docker image save \
+    --output build/images/${PROG}-kubernetes.tar \
+    ${REPO}/kubernetes:${DOCKERIZED_VERSION} \
+    ${REPO}/kubernetes:${DOCKERIZED_VERSION}-${GOARCH}
diff --git a/scripts/build-image-runtime b/scripts/build-image-runtime
new file mode 100755
index 0000000000..3aa0f0199a
--- /dev/null
+++ b/scripts/build-image-runtime
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \
+    --build-arg TAG=${VERSION} \
+    --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
+    --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \
+    --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH} \
+    --target runtime \
+.
+
+mkdir -p build/images
+docker image save \
+    --output build/images/${PROG}-runtime.tar \
+    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \
+    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
diff --git a/scripts/build-images b/scripts/build-images
new file mode 100755
index 0000000000..b525f7228c
--- /dev/null
+++ b/scripts/build-images
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+./scripts/build-image-kubernetes
+./scripts/build-image-runtime
+
+xargs -n1 -t docker image pull --quiet << EOF > build/images.txt
+    docker.io/rancher/calico:v3.13.3
+    docker.io/rancher/coredns:v1.6.9
+    docker.io/rancher/etcd:v3.4.3
+    docker.io/rancher/flannel:v0.11.0
+    docker.io/rancher/k8s-metrics-server:v0.3.6
+    k8s.gcr.io/defaultbackend-amd64:1.5
+    k8s.gcr.io/pause:3.2
+    quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
+EOF
+echo "${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}" >> build/images.txt
+echo "${REPO}/kubernetes:${DOCKERIZED_VERSION}" >> build/images.txt
+docker image save --output build/images/${PROG}-airgap.tar $(<build/images.txt)
diff --git a/scripts/clean b/scripts/clean
index c7f19d4dcf..4a7b78ac99 100755
--- a/scripts/clean
+++ b/scripts/clean
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 cd $(dirname $0)/..
 
diff --git a/scripts/clean-cache b/scripts/clean-cache
index 09e7e0ae3f..84e843a70a 100755
--- a/scripts/clean-cache
+++ b/scripts/clean-cache
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 cd $(dirname $0)/..
 
diff --git a/scripts/dev-peer b/scripts/dev-peer
index e285608eba..0b1653c1fb 100755
--- a/scripts/dev-peer
+++ b/scripts/dev-peer
@@ -1,6 +1,5 @@
-#!/bin/bash
-
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 PEER=${PEER:-1}
 
diff --git a/scripts/dev-peer-enter b/scripts/dev-peer-enter
index 5b172cdaf4..38362b644c 100755
--- a/scripts/dev-peer-enter
+++ b/scripts/dev-peer-enter
@@ -1,5 +1,5 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+set -ex
 
 PEER=${PEER:-1}
 
diff --git a/scripts/dev-shell b/scripts/dev-shell
index e1713b0a2e..a524b9e8da 100755
--- a/scripts/dev-shell
+++ b/scripts/dev-shell
@@ -1,15 +1,15 @@
-#!/bin/bash
-
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-. ./scripts/version.sh
+source ./scripts/version.sh
+
 if [ -z "${SKIP_PRELOAD_IMAGE}" ]; then
   BINDMOUNT_IMAGES='-v '"${PWD}"'/build/images:/var/lib/rancher/rke2/agent/images'
 fi
 IMAGES_DIR=/var/lib/rancher/rke2/agent/images
-docker run --rm --name ${PROG}-dev-shell \
+docker container run --rm --name ${PROG}-dev-shell \
   --hostname ${PROG}-server \
   -ti -e WORKSPACE=${PWD} \
   -p 127.0.0.1:2345:2345 \
diff --git a/scripts/dev-shell-build b/scripts/dev-shell-build
index 85247c6061..2426e7aca8 100755
--- a/scripts/dev-shell-build
+++ b/scripts/dev-shell-build
@@ -1,15 +1,12 @@
-#!/bin/bash
-
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-IMAGE_REPO=rancher
-
-. ./scripts/version.sh
+source ./scripts/version.sh
 
 if [ ! -d build/images ]; then
-  ./scripts/image
+  ./scripts/build-images
 fi
 # build the dev shell image
-docker build -t ${PROG}-dev --target shell .
+DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build -t ${PROG}-dev --target shell .
diff --git a/scripts/dev-shell-enter b/scripts/dev-shell-enter
index c114a1ef40..d1ab639b7b 100755
--- a/scripts/dev-shell-enter
+++ b/scripts/dev-shell-enter
@@ -1,8 +1,8 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-. ./scripts/version.sh
+source ./scripts/version.sh
 
 docker exec -it ${PROG}-dev-shell bash
diff --git a/scripts/dispatch b/scripts/dispatch
index 3c1b74a523..3196580ea7 100755
--- a/scripts/dispatch
+++ b/scripts/dispatch
@@ -1,6 +1,5 @@
-#!/bin/sh
-set -e
-set -x
+#!/usr/bin/env bash
+set -ex
 
 REPO="https://api.github.com/repos/rancher/rke2-upgrade/dispatches"
 
diff --git a/scripts/image b/scripts/image
deleted file mode 100755
index 057a4e2227..0000000000
--- a/scripts/image
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-set -e
-
-cd $(dirname $0)/..
-
-. ./scripts/version.sh
-
-docker build \
-  --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
-  -t ${REPO}/rke2-runtime:${VERSION}-${GOARCH} .
-
-mkdir -p build/images
-docker save -o ./build/images/rke2-runtime-image-amd64.tar rancher/rke2-runtime:${VERSION}-${GOARCH}
-if [ -n "${BUILD_K8S_IMAGE}" ]; then
-  docker save -o ./build/images/k8s-image-amd64.tar rancher/kubernetes:${VERSION}
-fi
diff --git a/scripts/image-manifest b/scripts/image-manifest
deleted file mode 100755
index 4d61670b9c..0000000000
--- a/scripts/image-manifest
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-cd $(dirname $0)/..
-
-. ./scripts/version.sh
-
-DOCKER_CLI_EXPERIMENTAL=enabled docker manifest \
-  create --amend ${REPO}/rke2-runtime:${VERSION} \
-                 ${REPO}/rke2-runtime:${VERSION}-${GOARCH}
-
-DOCKER_CLI_EXPERIMENTAL=enabled docker manifest \
-  push ${REPO}/rke2-runtime:${VERSION}
diff --git a/scripts/image-publish b/scripts/image-publish
deleted file mode 100755
index 15fc70d9a3..0000000000
--- a/scripts/image-publish
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-set -e
-
-cd $(dirname $0)/..
-
-. ./scripts/version.sh
-. ./scripts/image
-
-docker push ${REPO}/rke2-runtime:${VERSION}-${GOARCH}
diff --git a/scripts/k8s-image b/scripts/k8s-image
deleted file mode 100755
index baf2fe6600..0000000000
--- a/scripts/k8s-image
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-set -e -x
-
-IMAGE_REPO=rancher
-SEVERITIES="HIGH,CRITICAL"
-
-if [ -z "${BUILD_K8S_IMAGE}" ]; then
-    echo "skipping building kubernetes image"
-    exit 0
-fi
-
-cd $(dirname $0)/..
-
-source ./scripts/version.sh
-# build kubernetes image
-docker build \
-    	--build-arg TAG=${VERSION} \
-    	--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
-    	-f Dockerfile.k8s \
-    	-t ${IMAGE_REPO}/kubernetes:${VERSION} .
-
-# scan kubernetes image
-docker run -v /var/run/docker.sock:/var/run/docker.sock --rm --name=scan-k8s docker.io/aquasec/trivy:0.10.2 --quiet image --severity ${SEVERITIES} \
-  --no-progress \
-  --ignore-unfixed \
-  ${IMAGE_REPO}/kubernetes:${VERSION}
diff --git a/scripts/k8s-image-publish b/scripts/k8s-image-publish
deleted file mode 100755
index 0da17810ef..0000000000
--- a/scripts/k8s-image-publish
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -e -x
-
-IMAGE_REPO=rancher
-
-cd $(dirname $0)/..
-
-. ./scripts/version.sh
-. ./scripts/k8s-image
-
-docker push ${IMAGE_REPO}/kubernetes:${VERSION}-${GOARCH}
diff --git a/scripts/package b/scripts/package
index bbdf67e42a..efbf50a3a7 100755
--- a/scripts/package
+++ b/scripts/package
@@ -1,8 +1,10 @@
-#!/bin/bash
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-. scripts/version.sh
-
-cp bin/${PROG} dist/artifacts/${RELEASE}
+source ./scripts/version.sh
+mkdir -p dist/artifacts
+./scripts/package-binary
+./scripts/package-bundle
+./scripts/package-images
diff --git a/scripts/package-airgap b/scripts/package-airgap
deleted file mode 100755
index 78fed5ccf8..0000000000
--- a/scripts/package-airgap
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-set -e -x
-
-cd $(dirname $0)/..
-
-airgap_image_file='scripts/airgap/image-list.txt'
-mkdir -p dist/artifacts
-cp "${airgap_image_file}" dist/artifacts/rke2-images.txt
-gzip < build/images/airgap.tar > dist/artifacts/rke2-airgap-images-amd64.tar.gz
diff --git a/scripts/package-binary b/scripts/package-binary
new file mode 100755
index 0000000000..a6cf5f15d5
--- /dev/null
+++ b/scripts/package-binary
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+cp bin/${PROG} dist/artifacts/${RELEASE}
diff --git a/scripts/package-bundle b/scripts/package-bundle
index b2a7b9f368..e7c9a05a09 100755
--- a/scripts/package-bundle
+++ b/scripts/package-bundle
@@ -1,9 +1,9 @@
-#!/bin/bash
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
-. scripts/version.sh
+source ./scripts/version.sh
 
 if [ ! -d packaging/rpm ]; then
     git submodule update --recursive --remote --init packaging
diff --git a/scripts/package-images b/scripts/package-images
new file mode 100755
index 0000000000..a5d0a660a1
--- /dev/null
+++ b/scripts/package-images
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+mkdir -p dist/artifacts
+
+cp -f build/images.txt dist/artifacts/${PROG}-images.${PLATFORM}.txt
+gzip < build/images/${PROG}-airgap.tar > dist/artifacts/${PROG}-images.${PLATFORM}.tar.gz
diff --git a/scripts/publish-image-kubernetes b/scripts/publish-image-kubernetes
new file mode 100755
index 0000000000..ae4d4c48c7
--- /dev/null
+++ b/scripts/publish-image-kubernetes
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+docker image push ${REPO}/kubernetes:${DOCKERIZED_VERSION}-${GOARCH}
diff --git a/scripts/publish-image-runtime b/scripts/publish-image-runtime
new file mode 100755
index 0000000000..17ffcc5dd9
--- /dev/null
+++ b/scripts/publish-image-runtime
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
diff --git a/scripts/publish-manifest-kubernetes b/scripts/publish-manifest-kubernetes
new file mode 100755
index 0000000000..c1e12070a9
--- /dev/null
+++ b/scripts/publish-manifest-kubernetes
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+export DOCKER_CLI_EXPERIMENTAL=enabled
+
+docker manifest create \
+    --amend ${REPO}/kubernetes:${DOCKERIZED_VERSION} \
+    ${REPO}/kubernetes:${DOCKERIZED_VERSION}-${GOARCH}
+
+docker manifest push ${REPO}/kubernetes:${DOCKERIZED_VERSION}
diff --git a/scripts/publish-manifest-runtime b/scripts/publish-manifest-runtime
new file mode 100755
index 0000000000..b464e080ad
--- /dev/null
+++ b/scripts/publish-manifest-runtime
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+export DOCKER_CLI_EXPERIMENTAL=enabled
+
+docker manifest create \
+    --amend ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \
+    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
+
+docker manifest push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}
diff --git a/scripts/remote-debug b/scripts/remote-debug
index 259243f568..d08ce13ab9 100755
--- a/scripts/remote-debug
+++ b/scripts/remote-debug
@@ -1,8 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
-. ./scripts/version.sh
-./scripts/build-debug
+
+source ./scripts/version.sh
+
+GODEBUG=y ./scripts/build
 go build -o bin/dlv github.com/go-delve/delve/cmd/dlv
 
 CATTLE_DEV_MODE=true ./bin/dlv \
diff --git a/scripts/remote-debug-exit b/scripts/remote-debug-exit
index f918331faa..880885e884 100755
--- a/scripts/remote-debug-exit
+++ b/scripts/remote-debug-exit
@@ -1,6 +1,5 @@
-#!/bin/bash
-
-set -e -x
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
diff --git a/scripts/run b/scripts/run
index d947b48b85..88e054937a 100755
--- a/scripts/run
+++ b/scripts/run
@@ -1,10 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
+set -ex
 
 cd $(dirname $0)/..
 
 . ./scripts/version.sh
 
 COMMAND="server"
-. ./scripts/build-debug
+GODEBUG="y"
 
 ./bin/${PROG} ${COMMAND} ${ARGS}
diff --git a/scripts/scan-image-kubernetes b/scripts/scan-image-kubernetes
new file mode 100755
index 0000000000..44a4a8f9bf
--- /dev/null
+++ b/scripts/scan-image-kubernetes
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+# scan kubernetes image
+docker container run --rm \
+    --name=scan-rancher-kubernetes \
+    --volume /var/run/docker.sock:/var/run/docker.sock \
+docker.io/aquasec/trivy:0.10.2 --quiet image \
+    --severity ${SEVERITIES="HIGH,CRITICAL"} \
+    --no-progress \
+    --ignore-unfixed \
+    ${REPO}/kubernetes:${DOCKERIZED_VERSION}-${GOARCH}
diff --git a/scripts/validate b/scripts/validate
index 5af3902a75..164191216a 100755
--- a/scripts/validate
+++ b/scripts/validate
@@ -1,7 +1,7 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+set -ex
 
-if [ -n ${SKIP_VALIDATE} ]; then
+if [ -n "${SKIP_VALIDATE}" ]; then
     echo "skipping validation. continuing..."
     exit 0
 fi
diff --git a/scripts/version.sh b/scripts/version.sh
index 40a7e135fd..a1e4331bdc 100755
--- a/scripts/version.sh
+++ b/scripts/version.sh
@@ -3,7 +3,6 @@ set -x
 
 PROG=rke2
 REPO=${REPO:-rancher}
-IMAGE=${REPO}/rke2-runtime
 K3S_PKG=github.com/rancher/k3s
 RKE2_PKG=github.com/rancher/rke2
 GO=${GO-go}
@@ -24,12 +23,12 @@ if [ -z "$GOOS" ]; then
     fi
 fi
 
-SUFFIX="-${GOARCH}"
 GIT_TAG=$DRONE_TAG
 TREE_STATE=clean
 COMMIT=$DRONE_COMMIT
 REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)
-RELEASE=${PROG}.${GOOS}${SUFFIX}
+PLATFORM=${GOOS}-${GOARCH}
+RELEASE=${PROG}.${PLATFORM}
 # hardcode k8s version unless its set specifically
 KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.18.4}
 
@@ -53,6 +52,5 @@ if [[ -n "$GIT_TAG" ]]; then
 else
     VERSION="${KUBERNETES_VERSION}-dev+${COMMIT:0:8}$DIRTY"
 fi
-# Normalizing both version and k8s version
-VERSION="$(sed -e 's/+/-/g' <<< "$VERSION")"
-KUBERNETES_VERSION="$(sed -e 's/+/-/g' <<< "$KUBERNETES_VERSION")"
+
+DOCKERIZED_VERSION="${VERSION/+/-}" # this mimics what kubernetes builds do