diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d0c3c09c8d..61f1b20240 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -4,7 +4,8 @@ on: [push, pull_request] env: GO_VERSION: "1.20" - LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le mips64le riscv64" + LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le riscv64" + REPOSITORY: flannel/flannel jobs: build-images: @@ -14,6 +15,9 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: set tag + run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV + - name: Set up Go 1.x uses: actions/setup-go@v4 with: @@ -37,51 +41,22 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build Docker image for amd64 - uses: docker/build-push-action@v4 - with: - context: . - file: images/Dockerfile.amd64 - push: false - - - name: Build Docker image for arm - uses: docker/build-push-action@v4 - with: - context: . - file: images/Dockerfile.arm - push: false - - - name: Build Docker image for arm64 - uses: docker/build-push-action@v4 + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 with: - context: . - file: images/Dockerfile.arm64 - push: false - - - name: Build Docker image for s390x - uses: docker/build-push-action@v4 - with: - context: . - file: images/Dockerfile.s390x - push: false - - - name: Build Docker image for ppc64le - uses: docker/build-push-action@v4 - with: - context: . - file: images/Dockerfile.ppc64le - push: false - - - name: Build Docker image for mips64le - uses: docker/build-push-action@v4 - with: - context: . - file: images/Dockerfile.mips64le - push: false + images: ${{ env.REPOSITORY }} + flavor: latest=false + tags: | + type=ref, event=branch - - name: Build Docker image for riscv64 - uses: docker/build-push-action@v4 + - name: Build and push Docker image + # if: github.repository_owner == 'flannel-io' && success() + uses: docker/build-push-action@v5 with: context: . - file: images/Dockerfile.riscv64 + file: images/Dockerfile push: false + platforms: linux/amd64,linux/arm64,linux/arm,linux/s390x,linux/ppc64le,linux/riscv64 + tags: ${{ steps.meta.outputs.tags }} + build-args: TAG=${{ env.GIT_TAG }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aff0c4a6c6..3fa0ba776a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,10 +1,12 @@ +name: release flannel and upload docker images + on: release: types: [published] env: GO_VERSION: "1.20" - LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le mips64le riscv64" + LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le riscv64" REPOSITORY: flannel/flannel jobs: @@ -18,93 +20,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Go 1.x - uses: actions/setup-go@v4 - with: - go-version: ${{ env.GO_VERSION }} - - - name: go mod vendor - run: go mod vendor - - - name: build linux - run: | - set -e - for arch in ${LINUX_ARCHES}; do - echo "Building for arch $arch" - ARCH=$arch make dist/flanneld-$arch - file dist/flanneld-$arch - done - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REPOSITORY }} - flavor: latest=false - tags: | - type=ref,event=tag - - - name: Log in to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Build and push Docker image for amd64 - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.amd64 -t ${{ steps.meta.outputs.tags }}-amd64 . - docker push ${{ steps.meta.outputs.tags }}-amd64 - - - name: Build and push Docker image for arm - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.arm -t ${{ steps.meta.outputs.tags }}-arm . - docker push ${{ steps.meta.outputs.tags }}-arm - - - name: Build and push Docker image for arm64 - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.arm64 -t ${{ steps.meta.outputs.tags }}-arm64 . - docker push ${{ steps.meta.outputs.tags }}-arm64 - - - name: Build and push Docker image for s390x - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.s390x -t ${{ steps.meta.outputs.tags }}-s390x . - docker push ${{ steps.meta.outputs.tags }}-s390x - - - name: Build and push Docker image for ppc64le - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.ppc64le -t ${{ steps.meta.outputs.tags }}-ppc64le . - docker push ${{ steps.meta.outputs.tags }}-ppc64le - - - name: Build and push Docker image for mips64le - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.mips64le -t ${{ steps.meta.outputs.tags }}-mips64le . - docker push ${{ steps.meta.outputs.tags }}-mips64le - - - name: Build and push Docker image for riscv64 - if: github.repository_owner == 'flannel-io' - run: | - docker build -f images/Dockerfile.riscv64 -t ${{ steps.meta.outputs.tags }}-riscv64 . - docker push ${{ steps.meta.outputs.tags }}-riscv64 - - build-and-push-multi-arch-image: - needs: [build-and-push-images] - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: set tag + run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Set up Go 1.x uses: actions/setup-go@v4 @@ -144,29 +61,16 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Create and push manifest for multi-arch image - if: github.repository_owner == 'flannel-io' - run: | - # get artifacts from previous steps and integrate into one multi-arch manifest - docker pull ${{ steps.meta.outputs.tags }}-amd64 - docker pull ${{ steps.meta.outputs.tags }}-arm64 - docker pull ${{ steps.meta.outputs.tags }}-arm - docker pull ${{ steps.meta.outputs.tags }}-ppc64le - docker pull ${{ steps.meta.outputs.tags }}-s390x - docker pull ${{ steps.meta.outputs.tags }}-mips64le - docker pull ${{ steps.meta.outputs.tags }}-riscv64 - docker manifest create ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-amd64 ${{ steps.meta.outputs.tags }}-arm64 ${{ steps.meta.outputs.tags }}-arm ${{ steps.meta.outputs.tags }}-ppc64le ${{ steps.meta.outputs.tags }}-s390x ${{ steps.meta.outputs.tags }}-mips64le ${{ steps.meta.outputs.tags }}-riscv64 - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-amd64 --arch amd64 - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-arm64 --arch arm64 - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-arm --arch arm - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-ppc64le --arch ppc64le - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-s390x --arch s390x - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-mips64le --arch mips64le - docker manifest annotate ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}-riscv64 --arch riscv64 - docker manifest push ${{ steps.meta.outputs.tags }} - docker pull ${{ steps.meta.outputs.tags }} - docker tag ${{ steps.meta.outputs.tags }} ${{ env.REPOSITORY }}:latest - docker push ${{ env.REPOSITORY }}:latest + - name: Build and push Docker image + if: github.repository_owner == 'flannel-io' && success() + uses: docker/build-push-action@v5 + with: + context: . + file: images/Dockerfile + push: true + platforms: linux/amd64,linux/arm64,linux/arm,linux/s390x,linux/ppc64le,linux/riscv64 + tags: ${{ steps.meta.outputs.tags }} + build-args: TAG=${{ env.GIT_TAG }} build-and-push-artifacts: environment: diff --git a/Makefile b/Makefile index 85ed613cbd..6773581ea3 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ dist/flanneld.exe: $(shell find . -type f -name '*.go') # This will build flannel natively using golang image dist/flanneld-$(ARCH): deps dist/qemu-$(ARCH)-static - # valid values for ARCH are [amd64 arm arm64 ppc64le s390x mips64le riscv64] + # valid values for ARCH are [amd64 arm arm64 ppc64le s390x riscv64] docker run --rm -e CGO_ENABLED=$(CGO_ENABLED) -e GOARCH=$(ARCH) -e GOCACHE=/go \ -u $(shell id -u):$(shell id -g) \ -v $(CURDIR)/dist/qemu-$(ARCH)-static:/usr/bin/qemu-$(ARCH)-static \ @@ -60,12 +60,12 @@ dist/flanneld-$(ARCH): deps dist/qemu-$(ARCH)-static ## Create a docker image on disk for a specific arch and tag image: dist/flanneld-$(TAG)-$(ARCH).docker dist/flanneld-$(TAG)-$(ARCH).docker: dist/flanneld-$(ARCH) - docker build -f images/Dockerfile.$(ARCH) -t $(REGISTRY):$(TAG)-$(ARCH) . + docker build -f images/Dockerfile --platform=$(ARCH) --build-arg TAG=$(TAG) -t $(REGISTRY):$(TAG)-$(ARCH) . docker save -o dist/flanneld-$(TAG)-$(ARCH).docker $(REGISTRY):$(TAG)-$(ARCH) -# amd64 gets an image with the suffix too (i.e. it's the default) +# amd64 gets an image without the suffix too (i.e. it's the default) ifeq ($(ARCH),amd64) - docker build -f images/Dockerfile.$(ARCH) -t $(REGISTRY):$(TAG) . + docker build -f images/Dockerfile --platform=$(ARCH) --build-arg TAG=$(TAG) -t $(REGISTRY):$(TAG) . endif ### TESTING @@ -144,7 +144,7 @@ dist/flanneld-e2e-$(TAG)-$(ARCH).docker: ifneq ($(ARCH),amd64) $(MAKE) dist/qemu-$(ARCH)-static endif - # valid values for ARCH are [amd64 arm arm64 ppc64le s390x mips64le riscv64] + # valid values for ARCH are [amd64 arm arm64 ppc64le s390x riscv64] docker run --rm -e GOARM=$(GOARM) -e CGO_ENABLED=$(CGO_ENABLED) -e GOCACHE=/go \ -u $(shell id -u):$(shell id -g) \ -v $(CURDIR):/go/src/github.com/flannel-io/flannel:ro \ @@ -153,17 +153,16 @@ endif cd /go/src/github.com/flannel-io/flannel && \ make -e dist/flanneld && \ mv dist/flanneld dist/flanneld-$(ARCH)' - docker build -f images/Dockerfile.$(ARCH) -t $(REGISTRY):$(TAG)-$(ARCH) . + docker build -f images/Dockerfile --platform=$(ARCH) --build-arg TAG=$(TAG) -t $(REGISTRY):$(TAG)-$(ARCH) . # Make a release after creating a tag # To build cross platform Docker images, the qemu-static binaries are needed. On ubuntu "apt-get install qemu-user-static" -release: tar.gz dist/qemu-s390x-static dist/qemu-ppc64le-static dist/qemu-arm64-static dist/qemu-arm-static dist/qemu-mips64le-static dist/qemu-riscv64-static release-chart release-helm #release-tests +release: tar.gz dist/qemu-s390x-static dist/qemu-ppc64le-static dist/qemu-arm64-static dist/qemu-arm-static dist/qemu-riscv64-static release-chart release-helm #release-tests ARCH=amd64 make dist/flanneld-$(TAG)-amd64.docker ARCH=arm make dist/flanneld-$(TAG)-arm.docker ARCH=arm64 make dist/flanneld-$(TAG)-arm64.docker ARCH=ppc64le make dist/flanneld-$(TAG)-ppc64le.docker ARCH=s390x make dist/flanneld-$(TAG)-s390x.docker - ARCH=mips64le make dist/flanneld-$(TAG)-mips64le.docker ARCH=riscv64 make dist/flanneld-$(TAG)-riscv64.docker @echo "Everything should be built for $(TAG)" @echo "Add all flanneld-* and *.tar.gz files from dist/ to the Github release" @@ -188,13 +187,11 @@ dist/qemu-%-static: wget -O dist/qemu-amd64-static https://github.com/multiarch/qemu-user-static/releases/download/$(QEMU_VERSION)/qemu-x86_64-static; \ elif [ "$(@F)" = "qemu-arm64-static" ]; then \ wget -O dist/qemu-arm64-static https://github.com/multiarch/qemu-user-static/releases/download/$(QEMU_VERSION)/qemu-aarch64-static; \ - elif [ "$(@F)" = "qemu-mips64le-static" ]; then \ - wget -O dist/qemu-mips64le-static https://github.com/multiarch/qemu-user-static/releases/download/$(QEMU_VERSION)/qemu-mips64el-static; \ else \ wget -O dist/$(@F) https://github.com/multiarch/qemu-user-static/releases/download/$(QEMU_VERSION)/$(@F); \ fi -## Build a .tar.gz for the amd64 ppc64le arm arm64 mips64le riscv64 flanneld binary +## Build a .tar.gz for the amd64 ppc64le arm arm64 riscv64 flanneld binary tar.gz: ARCH=amd64 make dist/flanneld-amd64 tar --transform='flags=r;s|-amd64||' -zcvf dist/flannel-$(TAG)-linux-amd64.tar.gz -C dist flanneld-amd64 mk-docker-opts.sh ../README.md @@ -214,9 +211,6 @@ tar.gz: ARCH=s390x make dist/flanneld-s390x tar --transform='flags=r;s|-s390x||' -zcvf dist/flannel-$(TAG)-linux-s390x.tar.gz -C dist flanneld-s390x mk-docker-opts.sh ../README.md tar -tvf dist/flannel-$(TAG)-linux-s390x.tar.gz - ARCH=mips64le make dist/flanneld-mips64le - tar --transform='flags=r;s|-mips64le||' -zcvf dist/flannel-$(TAG)-linux-mips64le.tar.gz -C dist flanneld-mips64le mk-docker-opts.sh ../README.md - tar -tvf dist/flannel-$(TAG)-linux-mips64le.tar.gz ARCH=riscv64 make dist/flanneld-riscv64 tar --transform='flags=r;s|-riscv64||' -zcvf dist/flannel-$(TAG)-linux-riscv64.tar.gz -C dist flanneld-riscv64 mk-docker-opts.sh ../README.md tar -tvf dist/flannel-$(TAG)-linux-riscv64.tar.gz @@ -254,7 +248,6 @@ docker-push-all: ARCH=arm64 make docker-push docker-manifest-amend ARCH=ppc64le make docker-push docker-manifest-amend ARCH=s390x make docker-push docker-manifest-amend - ARCH=mips64le make docker-push docker-manifest-amend ARCH=riscv64 make docker-push docker-manifest-amend make docker-manifest-push @@ -264,7 +257,6 @@ flannel-git: ARCH=arm64 REGISTRY=quay.io/coreos/flannel-git make clean dist/flanneld-$(TAG)-arm64.docker docker-push docker-manifest-amend ARCH=ppc64le REGISTRY=quay.io/coreos/flannel-git make clean dist/flanneld-$(TAG)-ppc64le.docker docker-push docker-manifest-amend ARCH=s390x REGISTRY=quay.io/coreos/flannel-git make clean dist/flanneld-$(TAG)-s390x.docker docker-push docker-manifest-amend - ARCH=mips64le REGISTRY=quay.io/coreos/flannel-git make clean dist/flanneld-$(TAG)-mips64le.docker docker-push docker-manifest-amend ARCH=riscv64 REGISTRY=quay.io/coreos/flannel-git make clean dist/flanneld-$(TAG)-riscv64.docker docker-push docker-manifest-amend REGISTRY=quay.io/coreos/flannel-git make docker-manifest-push diff --git a/dist/iptables-wrapper-installer.sh b/dist/iptables-wrapper-installer.sh deleted file mode 100755 index e6eb7d8210..0000000000 --- a/dist/iptables-wrapper-installer.sh +++ /dev/null @@ -1,208 +0,0 @@ -#!/bin/sh - -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Usage: -# -# iptables-wrapper-installer.sh [--no-sanity-check] -# -# Installs a wrapper iptables script in a container that will figure out -# whether iptables-legacy or iptables-nft is in use on the host and then -# replaces itself with the correct underlying iptables version. -# -# Unless "--no-sanity-check" is passed, it will first verify that the -# container already contains a suitable version of iptables. - -# NOTE: This can only use POSIX /bin/sh features; the build container -# might not contain bash. - -set -eu - -# Find iptables binary location -if [ -d /usr/sbin -a -e /usr/sbin/iptables ]; then - sbin="/usr/sbin" -elif [ -d /sbin -a -e /sbin/iptables ]; then - sbin="/sbin" -else - echo "ERROR: iptables is not present in either /usr/sbin or /sbin" 1>&2 - exit 1 -fi - -# Determine how the system selects between iptables-legacy and iptables-nft -if [ -x /usr/sbin/alternatives ]; then - # Fedora/SUSE style alternatives - altstyle="fedora" -elif [ -x /usr/sbin/update-alternatives ]; then - # Debian style alternatives - altstyle="debian" -else - # No alternatives system - altstyle="none" -fi - -if [ "${1:-}" != "--no-sanity-check" ]; then - # Ensure dependencies are installed - if ! version=$("${sbin}/iptables-nft" --version 2> /dev/null); then - echo "ERROR: iptables-nft is not installed" 1>&2 - exit 1 - fi - if ! "${sbin}/iptables-legacy" --version > /dev/null 2>&1; then - echo "ERROR: iptables-legacy is not installed" 1>&2 - exit 1 - fi - - case "${version}" in - *v1.8.[0123]\ *) - echo "ERROR: iptables 1.8.0 - 1.8.3 have compatibility bugs." 1>&2 - echo " Upgrade to 1.8.4 or newer." 1>&2 - exit 1 - ;; - *) - # 1.8.4+ are OK - ;; - esac -fi - -# Start creating the wrapper... -rm -f "${sbin}/iptables-wrapper" -cat > "${sbin}/iptables-wrapper" </dev/null | grep -E '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)' | wc -l) -if [ "\${nft_kubelet_rules}" -ne 0 ]; then - mode=nft -else - # Check for kubernetes 1.17-or-later with iptables-legacy. We - # can't pass "-t mangle" to iptables-legacy-save because it would - # cause the kernel to create that table if it didn't already - # exist, which we don't want. So we have to grab all the rules - legacy_kubelet_rules=\$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep -E '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)' | wc -l) - if [ "\${legacy_kubelet_rules}" -ne 0 ]; then - mode=legacy - else - # With older kubernetes releases there may not be any _specific_ - # rules we can look for, but we assume that some non-containerized process - # (possibly kubelet) will have created _some_ iptables rules. - num_legacy_lines=\$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep '^-' | wc -l) - num_nft_lines=\$( (iptables-nft-save || true; ip6tables-nft-save || true) 2>/dev/null | grep '^-' | wc -l) - if [ "\${num_legacy_lines}" -gt "\${num_nft_lines}" ]; then - mode=legacy - else - mode=nft - fi - fi -fi - -EOF - -# Write out the appropriate alternatives-selection commands -case "${altstyle}" in - fedora) -cat >> "${sbin}/iptables-wrapper" < /dev/null || failed=1 -EOF - ;; - - debian) -cat >> "${sbin}/iptables-wrapper" < /dev/null || failed=1 -update-alternatives --set ip6tables "/usr/sbin/ip6tables-\${mode}" > /dev/null || failed=1 -EOF - ;; - - *) -cat >> "${sbin}/iptables-wrapper" </dev/null || failed=1 -EOF - ;; -esac - -# Write out the post-alternatives-selection error checking and final wrap-up -cat >> "${sbin}/iptables-wrapper" <&2 - # fake it, though this will probably also fail if they aren't root - exec "${sbin}/xtables-\${mode}-multi" "\$0" "\$@" -fi - -# Now re-exec the original command with the newly-selected alternative -exec "\$0" "\$@" -EOF -chmod +x "${sbin}/iptables-wrapper" - -# Now back in the installer script, point the iptables binaries at our -# wrapper -case "${altstyle}" in - fedora) - alternatives \ - --install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \ - --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/ip6tables iptables /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/ip6tables-restore iptables-restore /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/ip6tables-save iptables-save /usr/sbin/iptables-wrapper - ;; - - debian) - update-alternatives \ - --install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \ - --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper - update-alternatives \ - --install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \ - --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \ - --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper - ;; - - *) - for cmd in iptables iptables-save iptables-restore ip6tables ip6tables-save ip6tables-restore; do - rm -f "${sbin}/${cmd}" - ln -s "${sbin}/iptables-wrapper" "${sbin}/${cmd}" - done - ;; -esac - -# Cleanup -rm -f "$0" diff --git a/images/Dockerfile b/images/Dockerfile new file mode 100644 index 0000000000..49a67cb70f --- /dev/null +++ b/images/Dockerfile @@ -0,0 +1,40 @@ +FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx + +FROM --platform=$BUILDPLATFORM golang:alpine AS build +# copy xx scripts to your build stage +COPY --from=xx / / +ARG TARGETPLATFORM +ARG BUILDPLATFORM +ARG TAG +RUN apk --no-cache add bash make gcc musl-dev git linux-headers git +COPY Makefile go.mod go.sum *.go /build/ +COPY pkg /build/pkg +WORKDIR /build +RUN mkdir dist +RUN xx-info env +RUN make deps +RUN export GOOS=$(xx-info os) &&\ + export GOARCH=$(xx-info arch) &&\ + export ARCH=$(xx-info arch) &&\ + make dist/flanneld +RUN git clone https://github.com/kubernetes-sigs/iptables-wrappers.git /iptables-wrapper +WORKDIR /iptables-wrapper +RUN git checkout 5792812d9e5a5bb7f22d79d557bbfeece253343d +RUN export GOOS=$(xx-info os) &&\ + export GOARCH=$(xx-info arch) &&\ + export ARCH=$(xx-info arch) &&\ + make build + +FROM alpine:20230901 +RUN apk update && apk upgrade +RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan iptables-legacy && update-ca-certificates +RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community +COPY --from=build /build/dist/flanneld /opt/bin/flanneld +COPY dist/mk-docker-opts.sh /opt/bin/ +COPY --from=build /iptables-wrapper/iptables-wrapper-installer.sh / +COPY --from=build /iptables-wrapper/bin/iptables-wrapper / +RUN /iptables-wrapper-installer.sh --no-sanity-check + + +ENTRYPOINT ["/opt/bin/flanneld"] + diff --git a/images/Dockerfile.amd64 b/images/Dockerfile.amd64 deleted file mode 100644 index c6f9b06b77..0000000000 --- a/images/Dockerfile.amd64 +++ /dev/null @@ -1,14 +0,0 @@ -FROM alpine:3.18.4 - -ENV FLANNEL_ARCH=amd64 - -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh - -ENTRYPOINT ["/opt/bin/flanneld"] - diff --git a/images/Dockerfile.arm b/images/Dockerfile.arm deleted file mode 100644 index ec57372fbe..0000000000 --- a/images/Dockerfile.arm +++ /dev/null @@ -1,15 +0,0 @@ -FROM arm32v6/alpine:3.18.4 - -ENV FLANNEL_ARCH=arm - -ADD dist/qemu-$FLANNEL_ARCH-static /usr/bin/qemu-$FLANNEL_ARCH-static -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] - diff --git a/images/Dockerfile.arm64 b/images/Dockerfile.arm64 deleted file mode 100644 index 8b2c1ec35e..0000000000 --- a/images/Dockerfile.arm64 +++ /dev/null @@ -1,15 +0,0 @@ -FROM arm64v8/alpine:3.18.4 - -ENV FLANNEL_ARCH=arm64 - -ADD dist/qemu-arm64-static /usr/bin/qemu-arm64-static -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] - diff --git a/images/Dockerfile.mips64le b/images/Dockerfile.mips64le deleted file mode 100644 index 558aa5d37c..0000000000 --- a/images/Dockerfile.mips64le +++ /dev/null @@ -1,17 +0,0 @@ -FROM mips64le/debian:stable-20230502 - -ENV FLANNEL_ARCH=mips64le - -ADD dist/qemu-$FLANNEL_ARCH-static /usr/bin/qemu-$FLANNEL_ARCH-static -# RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -# RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -RUN apt-get update && \ - apt-get -y upgrade && \ - apt-get install -y iproute2 net-tools ca-certificates iptables strongswan wireguard-tools && \ - update-ca-certificates -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] diff --git a/images/Dockerfile.ppc64le b/images/Dockerfile.ppc64le deleted file mode 100644 index 73f05e73bc..0000000000 --- a/images/Dockerfile.ppc64le +++ /dev/null @@ -1,15 +0,0 @@ -FROM ppc64le/alpine:3.18.4 - -ENV FLANNEL_ARCH=ppc64le - -ADD dist/qemu-$FLANNEL_ARCH-static /usr/bin/qemu-$FLANNEL_ARCH-static -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] - diff --git a/images/Dockerfile.riscv64 b/images/Dockerfile.riscv64 deleted file mode 100644 index 7aa6d1834c..0000000000 --- a/images/Dockerfile.riscv64 +++ /dev/null @@ -1,15 +0,0 @@ -FROM riscv64/alpine:edge - -ENV FLANNEL_ARCH=riscv64 - -ADD dist/qemu-$FLANNEL_ARCH-static /usr/bin/qemu-$FLANNEL_ARCH-static -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] - diff --git a/images/Dockerfile.s390x b/images/Dockerfile.s390x deleted file mode 100644 index 4f6f9b3dbe..0000000000 --- a/images/Dockerfile.s390x +++ /dev/null @@ -1,15 +0,0 @@ -FROM s390x/alpine:3.18.4 - -ENV FLANNEL_ARCH=s390x - -ADD dist/qemu-$FLANNEL_ARCH-static /usr/bin/qemu-$FLANNEL_ARCH-static -RUN apk update && apk upgrade -RUN apk add --no-cache iproute2 net-tools ca-certificates iptables strongswan && update-ca-certificates -RUN apk add wireguard-tools --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community -COPY dist/flanneld-$FLANNEL_ARCH /opt/bin/flanneld -COPY dist/mk-docker-opts.sh /opt/bin/ -COPY dist/iptables-wrapper-installer.sh / -RUN /iptables-wrapper-installer.sh --no-sanity-check - -ENTRYPOINT ["/opt/bin/flanneld"] -