[backport 1.21] Merge pull request #1212 from rosskirkpat/add-windows

.drone.yml

@@ -16,6 +16,7 @@ steps:
       from_secret: gcloud_auth
   commands:
   - docker pull --quiet rancher/hardened-build-base:v1.16.4b7
+  - docker pull --quiet alpine:3.12
   - dapper -f Dockerfile --target dapper make dapper-ci
   volumes:
   - name: docker
@@ -26,6 +27,7 @@ steps:
   commands:
     - docker pull --quiet rancher/hardened-build-base:v1.16.4b7
     - dapper -f Dockerfile --target dapper make package-images
+    - dapper -f Dockerfile --target dapper make package-windows-images
   volumes:
     - name: docker
       path: /var/run/docker.sock

Dockerfile

@@ -9,6 +9,9 @@ RUN set -x \
     git \
     libseccomp-dev \
     rsync \
+    mingw-w64-gcc \
+    gcc \
+    bsd-compat-headers \
     py-pip \
     pigz
 
@@ -39,6 +42,19 @@ RUN set -x \
     zstd \
     jq \
     python2
+RUN GOCR_VERSION="v0.5.1" && \
+        if [ "${ARCH}" = "arm64" ]; then \
+        wget https://github.com/google/go-containerregistry/releases/download/${GOCR_VERSION}/go-containerregistry_Linux_arm64.tar.gz && \
+        tar -zxvf go-containerregistry_Linux_arm64.tar.gz && \
+        mv crane /usr/local/bin && \
+        chmod a+x /usr/local/bin/crane; \
+        else \
+        wget https://github.com/google/go-containerregistry/releases/download/${GOCR_VERSION}/go-containerregistry_Linux_x86_64.tar.gz && \
+        tar -zxvf go-containerregistry_Linux_x86_64.tar.gz && \
+        mv crane /usr/local/bin && \
+        chmod a+x /usr/local/bin/crane; \
+        fi
+
 RUN VERSION=0.16.0 && \
     if [ "${ARCH}" = "arm64" ]; then \
     wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-ARM64.tar.gz && \

Dockerfile.windows

@@ -1,27 +1,64 @@
-FROM alpine AS build
+FROM alpine:3.12 AS build
 
+RUN apk --no-cache add \
+    curl \
+    unzip
+
+# Dapper/Drone/CI environment
+FROM rancher/hardened-build-base:v1.16.4b7 AS dapper
+ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME GCLOUD_AUTH ENABLE_REGISTRY
+ARG DAPPER_HOST_ARCH
+ENV ARCH $DAPPER_HOST_ARCH
+ENV DAPPER_OUTPUT ./dist ./bin ./build
+ENV DAPPER_DOCKER_SOCKET true
+ENV DAPPER_TARGET dapper
+ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
+RUN apk update
+RUN set -x \
+    && apk add --no-cache \
+    mingw-w64-gcc \
+    libarchive-tools \
+    gcc \
+    bsd-compat-headers \
+    zstd \
+    jq \
+    python2 \
+    git \
+    libseccomp-dev \
+    rsync \
+    file \
+    bash \
+    py-pip
+RUN curl -sL https://storage.googleapis.com/kubernetes-release/release/$( \
+    curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt \
+    )/bin/linux/${ARCH}/kubectl -o /usr/local/bin/kubectl && \
+    chmod a+x /usr/local/bin/kubectl; \
+    pip install codespell
+RUN curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.27.0
+WORKDIR /source
+# End Dapper stuff
+
+FROM build as windows-runtime-collect
 # windows runtime image
-ENV KUBERNETES_VERSION="v1.21.0"
+ENV KUBERNETES_VERSION="v1.21.2"
+ENV CRICTL_VERSION="v1.21.0"
 ENV CONTAINERD_VERSION="1.5.2"
 ENV WINS_VERSION="0.1.1"
 ENV FLANNEL_VERSION="v0.14.0"
 ENV CALICO_VERSION="v3.19.1"
 ENV CNI_PLUGIN_VERSION="v0.9.1"
 
-RUN apk --no-cache add curl unzip
-
 RUN mkdir -p rancher
-
-RUN curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz 
-RUN curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz.sha256sum 
+RUN curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz
+RUN curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz.sha256sum
 RUN sha256sum -c containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz.sha256sum
 
-RUN curl -sLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${KUBERNETES_VERSION}/crictl-${KUBERNETES_VERSION}-windows-amd64.tar.gz 
-RUN curl -SLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${KUBERNETES_VERSION}/crictl-${KUBERNETES_VERSION}-windows-amd64.tar.gz.sha256 
-RUN sha256sum -c ./crictl-${KUBERNETES_VERSION}-windows-amd64.tar.gz.sha256
+RUN curl -sLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-windows-amd64.tar.gz
+RUN curl -SLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-windows-amd64.tar.gz.sha256
+RUN sha256sum -c ./crictl-${CRICTL_VERSION}-windows-amd64.tar.gz.sha256
 
-RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz 
-RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz.sha256 
+RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz
+RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz.sha256
 RUN sha256sum -c cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz.sha256
 
 RUN curl -sLO https://github.com/rancher/wins/releases/download/v${WINS_VERSION}/wins.exe
@@ -52,15 +89,15 @@ RUN curl -sLO https://github.com/flannel-io/flannel/releases/download/${FLANNEL_
 RUN curl -sLO https://github.com/projectcalico/calico/releases/download/${CALICO_VERSION}/calico-windows-${CALICO_VERSION}.zip
 RUN curl -sL https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -o rancher/hns.psm1
 
-RUN tar xzvf crictl-${KUBERNETES_VERSION}-windows-amd64.tar.gz crictl.exe -C rancher/
+RUN tar xzvf crictl-${CRICTL_VERSION}-windows-amd64.tar.gz crictl.exe -C rancher/
 RUN tar xvzf containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz -C rancher/
-RUN tar xzvf cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz ./flannel.exe ./win-overlay.exe -C rancher/
+RUN tar xzvf cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz ./flannel.exe ./win-overlay.exe ./host-local.exe -C rancher/
 RUN tar xzvf flannel-${FLANNEL_VERSION}-windows-amd64.tar.gz flanneld.exe -C rancher/
 
 RUN unzip calico-windows-${CALICO_VERSION}.zip
 RUN mv CalicoWindows/calico-node.exe rancher/
 RUN mv CalicoWindows/cni/calico.exe rancher/
 RUN mv CalicoWindows/cni/calico-ipam.exe rancher/
 
-FROM scratch 
-COPY --from=build ./rancher/* /bin/
+FROM scratch AS windows-runtime
+COPY --from=windows-runtime-collect ./rancher/* /bin/

Makefile

@@ -23,10 +23,14 @@ dapper-ci: .ci                           ## Used by Drone CI, does the same as "
 build:                                   ## Build using host go tools
 	./scripts/build
 
-.PHONY: binary
-binary:                             	## Build only the binary using host go tools
+.PHONY: build-binary
+build-binary:                             	## Build only the Linux binary using host go tools
 	./scripts/build-binary
 
+.PHONY: build-windows-binary
+build-windows-binary:                       ## Build only the Windows binary using host go tools
+	./scripts/build-windows-binary
+
 .PHONY: build-debug
 build-debug:                             ## Debug build using host go tools
 	GODEBUG=y ./scripts/build-binary
@@ -39,6 +43,10 @@ scan-images:
 build-images:                             ## Build all images and image tarballs (including airgap)
 	./scripts/build-images
 
+.PHONY: build-windows-images
+build-windows-images:                     ## Build only the Windows images and tarballs (including airgap)
+	./scripts/build-windows-images
+
 .PHONY: build-image-kubernetes
 build-image-kubernetes:                   ## Build the kubernetes image
 	./scripts/build-image-kubernetes
@@ -119,10 +127,18 @@ package: build 						## Package the rke2 binary
 package-images: build-images		## Package docker images for airgap environment
 	./scripts/package-images
 
+.PHONY: package-windows-images
+package-windows-images: build-windows-images		## Package Windows crane images for airgap environment
+	./scripts/package-windows-images
+
 .PHONY: package-bundle
 package-bundle: build				## Package the tarball bundle
 	./scripts/package-bundle
 
+.PHONY: package-windows-bundle
+package-windows-bundle: build				## Package the Windows tarball bundle
+	./scripts/package-windows-bundle
+
 .PHONY: test
 test: codespell-test unit-tests integration-tests
 

charts/README.md

@@ -4,4 +4,4 @@ Place manifests or charts in this directory so that they will end up in the /cha
 
 ---
 
-See the `charts` target in the `Dockerfile` at the root of this repository for an example of how the `./build-chart.sh` scripts works.
+See the `charts` target in the `Dockerfile` at the root of this repository for an example of how the `./build-chart.sh` scripts works.

scripts/build

@@ -6,6 +6,8 @@ cd $(dirname $0)/..
 source ./scripts/version.sh
 mkdir -p build/images
 ./scripts/build-binary
+./scripts/build-windows-binary
 ./scripts/build-images
+./scripts/build-windows-images
 ./scripts/dev-runtime-image
 ./scripts/build-image-test

scripts/build-binary

@@ -27,7 +27,7 @@ VERSION_FLAGS="
         -X ${RKE2_PKG}/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${ETCD_VERSION}-${IMAGE_BUILD_VERSION}
         -X ${RKE2_PKG}/pkg/images.DefaultKubernetesImage=${REPO}/hardened-kubernetes:${KUBERNETES_VERSION}
         -X ${RKE2_PKG}/pkg/images.DefaultPauseImage=rancher/pause:${PAUSE_VERSION}
-        -X ${RKE2_PKG}/pkg/images.DefaultRuntimeImage=${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}
+        -X ${RKE2_PKG}/pkg/images.DefaultRuntimeImage=${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
         -X ${RKE2_PKG}/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${CCM_VERSION}
 "
 

scripts/build-image-runtime

@@ -11,13 +11,24 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \
     --build-arg MAJOR=${VERSION_MAJOR} \
     --build-arg MINOR=${VERSION_MINOR} \
     --build-arg CACHEBUST="$(date +%s%N)" \
-    --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \
     --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH} \
     --target runtime \
-.
+    --file Dockerfile \
+    .
+
+DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \
+    --build-arg TAG=${VERSION} \
+    --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
+    --build-arg MAJOR=${VERSION_MAJOR} \
+    --build-arg MINOR=${VERSION_MINOR} \
+    --build-arg CACHEBUST="$(date +%s%N)" \
+    --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 \
+    --target windows-runtime \
+    --file Dockerfile.windows \
+    .
 
 mkdir -p build/images
 docker image save \
     --output build/images/${PROG}-runtime.tar \
-    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \
-    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
+    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH} \
+    ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64

scripts/build-images

@@ -8,7 +8,7 @@ source ./scripts/version.sh
 ./scripts/build-image-runtime
 
 awk '{print $1}' << EOF > build/images-core.txt
-    ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}
+    ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH}
     ${REGISTRY}/${REPO}/hardened-kubernetes:${KUBERNETES_VERSION}
 EOF
 

scripts/build-upload

@@ -3,14 +3,17 @@
 [ -n "$GCLOUD_AUTH" ] || {
   exit 0
 }
-[[ $1 =~ rke2\.linux-.+\.tar\.gz ]] || {
+
+[[ $1 =~ rke2\.(linux|windows)-.+\.tar\.gz ]] || {
   echo "First argument should be a dist bundle tarball" >&2
   exit 1
 }
-[[ $2 =~ rke2-runtime\..+\.tar\.zst ]] || {
+
+[[ $2 =~ rke2-runtime\..+\.(tar|tar\.gz)\.zst ]] || {
   echo "Second argument should be a compressed airgap runtime image tarball" >&2
   exit 1
 }
+
 [ -n "$3" ] || {
   echo "Third argument should be a commit hash" >&2
   exit 1
@@ -50,9 +53,17 @@ BUNDLE_NAME=$(basename $1 .tar.gz)-$3.tar.gz
 (cd $(dirname $1) && sha256sum $(basename $1)) >${TMPDIR}/${BUNDLE_NAME}.sha256sum
 cp $1 ${TMPDIR}/${BUNDLE_NAME}
 
-TARBALL_NAME=$(basename $2 .tar.zst)-$3.tar.zst
-(cd $(dirname $2) && sha256sum $(basename $2)) >${TMPDIR}/${TARBALL_NAME}.sha256sum
-cp $2 ${TMPDIR}/${TARBALL_NAME}
+if [[ TARBALL_NAME == *linux* ]]; then
+  TARBALL_NAME=$(basename $2 .tar.zst)-$3.tar.zst
+  (cd $(dirname $2) && sha256sum $(basename $2)) >${TMPDIR}/${TARBALL_NAME}.sha256sum
+  cp $2 ${TMPDIR}/${TARBALL_NAME}
+fi
+
+if [[ TARBALL_NAME == *windows* ]]; then
+  TARBALL_NAME=$(basename $2 .tar.gz.zst)-$3.tar.gz.zst
+  (cd $(dirname $2) && sha256sum $(basename $2)) >${TMPDIR}/${TARBALL_NAME}.sha256sum
+  cp $2 ${TMPDIR}/${TARBALL_NAME}fi
+fi
 
 [ -d "${TMPDIR}/gsutil" ] || curl -sfL https://storage.googleapis.com/pub/gsutil.tar.gz | tar xz -C ${TMPDIR}
 

scripts/build-windows-binary

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+if [ -z "${GODEBUG}" ]; then
+    EXTRA_LDFLAGS="${EXTRA_LDFLAGS} -w"
+    DEBUG_GO_GCFLAGS=""
+    DEBUG_TAGS=""
+else
+    DEBUG_GO_GCFLAGS='-gcflags=all=-N -l'
+fi
+
+REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)
+RELEASE=${PROG}-windows.amd64
+
+BUILDTAGS="netgo osusergo no_stage static_build sqlite_omit_load_extension"
+GO_BUILDTAGS="${GO_BUILDTAGS} ${BUILDTAGS} ${DEBUG_TAGS}"
+
+VERSION_FLAGS="
+        -X ${K3S_PKG}/pkg/version.GitCommit=${REVISION}
+        -X ${K3S_PKG}/pkg/version.Program=${PROG}
+        -X ${K3S_PKG}/pkg/version.Version=${VERSION}
+        -X ${RKE2_PKG}/pkg/images.DefaultRegistry=${REGISTRY}
+        -X ${RKE2_PKG}/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${ETCD_VERSION}-${IMAGE_BUILD_VERSION}
+        -X ${RKE2_PKG}/pkg/images.DefaultKubernetesImage=${REPO}/hardened-kubernetes:${DOCKERIZED_VERSION}
+        -X ${RKE2_PKG}/pkg/images.DefaultPauseImage=mcr.microsoft.com/oss/kubernetes/pause:3.5-windows-1809-amd64
+        -X ${RKE2_PKG}/pkg/images.DefaultRuntimeImage=${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows.amd64
+"
+
+GO_LDFLAGS="${STATIC_FLAGS} ${EXTRA_LDFLAGS}"
+echo ${DEBUG_GO_GCFLAGS}
+GOOS=windows \
+  CGO_ENABLED=1 CXX=x86_64-w64-mingw32-g++ CC=x86_64-w64-mingw32-gcc \
+  go build \
+    -tags "${GO_BUILDTAGS}" \
+    ${GO_GCFLAGS} ${GO_BUILD_FLAGS} \
+    -o bin/${PROG}.exe \
+    -ldflags "${GO_LDFLAGS} ${VERSION_FLAGS}" \
+    ${GO_TAGS}

scripts/build-windows-images

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+awk '{print $1}' << EOF > build/windows-images.txt
+    ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64
+    mcr.microsoft.com/oss/kubernetes/pause:3.5-windows-1809-amd64
+    mcr.microsoft.com/oss/kubernetes/pause:3.5-windows-2004-amd64
+    mcr.microsoft.com/oss/kubernetes/pause:3.5-windows-20H2-amd64
+EOF

scripts/dev-runtime-image

@@ -5,7 +5,13 @@ cd $(dirname $0)/..
 
 source ./scripts/version.sh
 
-docker image save ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} | \
+docker image save \
+  ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOARCH} | \
   zstd -T0 -16 -f --long=25 --no-progress - -o build/images/${PROG}-runtime.${PLATFORM}.tar.zst
 
+docker image save \
+  ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 | \
+  zstd -T0 -16 -f --long=25 --no-progress - -o build/images/${PROG}-runtime.windows-amd64.tar.zst
+
 ./scripts/build-upload dist/artifacts/${RELEASE}.tar.gz build/images/${PROG}-runtime.${PLATFORM}.tar.zst ${COMMIT}
+./scripts/build-upload dist/artifacts/${PROG}.windows-amd64.tar.gz build/images/${PROG}-runtime.windows-amd64.tar.zst ${COMMIT}

scripts/package

@@ -4,7 +4,11 @@ set -ex
 cd $(dirname $0)/..
 
 source ./scripts/version.sh
+
 mkdir -p dist/{artifacts,bundle}
+
 ./scripts/package-binary
+./scripts/package-windows-binary
 ./scripts/package-bundle
+./scripts/package-windows-bundle
 ./scripts/dev-runtime-image

scripts/package-binary

@@ -7,4 +7,4 @@ source ./scripts/version.sh
 
 mkdir -p dist/artifacts
 
-install -s bin/${PROG} dist/artifacts/${RELEASE}
+install -s bin/${PROG} dist/artifacts/${RELEASE}

scripts/package-windows-binary

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+mkdir -p dist/artifacts
+
+install -s bin/${PROG}.exe dist/artifacts/${PROG}-windows-amd64.exe