-
Notifications
You must be signed in to change notification settings - Fork 276
/
Dockerfile.windows
114 lines (98 loc) · 5.63 KB
/
Dockerfile.windows
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
FROM --platform=$BUILDPLATFORM alpine:3.20 AS build
RUN apk --no-cache add \
curl \
unzip
# Dapper/Drone/CI environment
FROM rancher/hardened-build-base:v1.23.3b1 AS dapper
ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV DAPPER_OUTPUT ./dist ./bin ./build
ENV DAPPER_DOCKER_SOCKET true
ENV DAPPER_TARGET dapper
ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
RUN apk update
RUN set -x && \
apk add --no-cache \
mingw-w64-gcc \
libarchive-tools \
gcc \
bsd-compat-headers \
zstd \
jq \
python3 \
git \
libseccomp-dev \
rsync \
file \
bash \
py-pip
RUN curl -sL https://dl.k8s.io/release/$( \
curl -sL https://dl.k8s.io/release/stable.txt \
)/bin/linux/${ARCH}/kubectl -o /usr/local/bin/kubectl && \
chmod a+x /usr/local/bin/kubectl; \
pip install codespell
RUN curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2
WORKDIR /source
# End Dapper stuff
FROM --platform=$BUILDPLATFORM rancher/hardened-containerd:v1.7.23-k3s2-build20241203-amd64-windows AS containerd
FROM build as windows-runtime-collect
ARG KUBERNETES_VERSION=dev
# windows runtime image
ENV CRICTL_VERSION="v1.30.1"
ENV CALICO_VERSION="v3.29.1"
ENV CNI_PLUGIN_VERSION="v1.4.1"
ENV FLANNEL_VERSION="v0.26.1"
ENV CNI_FLANNEL_VERSION="v1.6.0-flannel1"
RUN mkdir -p rancher
# The charts directory is intentionally empty on windows, but its presence is required to address https://github.com/rancher/rke2/issues/5138
RUN mkdir -p charts
# We use the containerd-shim-runhcs-v1.exe binary from upstream, as it apparently can't be cross-built on Linux
COPY Dockerfile ./
RUN CONTAINERD_VERSION=$(grep "rancher/hardened-containerd" Dockerfile | grep ':v' | cut -d '=' -f 2- | grep -oE "([0-9]+)\.([0-9]+)\.([0-9]+)") \
&& curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz \
&& curl -sLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz.sha256sum \
&& sha256sum -c containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz.sha256sum
RUN curl -sLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-windows-amd64.tar.gz
# cri-tools artifact sha256sums are currently broken
#RUN curl -SLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-windows-amd64.tar.gz.sha256
#RUN sha256sum -c ./crictl-${CRICTL_VERSION}-windows-amd64.tar.gz.sha256
RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz
RUN curl -sLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz.sha256
RUN sha256sum -c cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz.sha256
RUN curl -sLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kubectl.exe
RUN curl -sLO https://dl.k8s.io/${KUBERNETES_VERSION}/bin/windows/amd64/kubectl.exe.sha256
RUN echo " kubectl.exe" >> kubectl.exe.sha256
RUN sha256sum -c kubectl.exe.sha256
RUN mv kubectl.exe rancher/
RUN curl -sLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kubelet.exe
RUN curl -sLO https://dl.k8s.io/${KUBERNETES_VERSION}/bin/windows/amd64/kubelet.exe.sha256
RUN echo " kubelet.exe" >> kubelet.exe.sha256
RUN sha256sum -c kubelet.exe.sha256
RUN mv kubelet.exe rancher/
RUN curl -sLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kube-proxy.exe
RUN curl -sLO https://dl.k8s.io/${KUBERNETES_VERSION}/bin/windows/amd64/kube-proxy.exe.sha256
RUN echo " kube-proxy.exe" >> kube-proxy.exe.sha256
RUN sha256sum -c kube-proxy.exe.sha256
RUN mv kube-proxy.exe rancher/
RUN curl -sLO https://github.com/projectcalico/calico/releases/download/${CALICO_VERSION}/calico-windows-${CALICO_VERSION}.zip
RUN curl -sL https://github.com/flannel-io/flannel/releases/download/${FLANNEL_VERSION}/flanneld.exe -o rancher/flanneld.exe
RUN curl -sL https://github.com/flannel-io/cni-plugin/releases/download/${CNI_FLANNEL_VERSION}/flannel-amd64.exe -o rancher/flannel.exe
RUN curl -sL https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -o rancher/hns.psm1
RUN CONTAINERD_VERSION=$(grep "rancher/hardened-containerd" Dockerfile | grep ':v' | cut -d '=' -f 2- | grep -oE "([0-9]+)\.([0-9]+)\.([0-9]+)") \
&& tar xvzf containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz -C rancher/ bin/containerd-shim-runhcs-v1.exe
RUN tar xzvf crictl-${CRICTL_VERSION}-windows-amd64.tar.gz crictl.exe -C rancher/
RUN tar xzvf cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz ./win-overlay.exe ./host-local.exe -C rancher/
RUN unzip calico-windows-${CALICO_VERSION}.zip
RUN mv CalicoWindows/calico-node.exe rancher/
RUN mv CalicoWindows/cni/calico.exe rancher/
RUN mv CalicoWindows/cni/calico-ipam.exe rancher/
RUN mv CalicoWindows/confd confd/
FROM scratch AS windows-runtime
LABEL org.opencontainers.image.url="https://hub.docker.com/r/rancher/rke2-runtime"
LABEL org.opencontainers.image.source="https://github.com/rancher/rke2"
WORKDIR /bin/
COPY --from=containerd /usr/local/bin/*.exe /bin/
COPY --from=windows-runtime-collect ./rancher/* /bin/
COPY --from=windows-runtime-collect ./confd/ /bin/confd
COPY --from=windows-runtime-collect ./charts /charts/