Build volume test images on Windows

* Adds Windows dockerfile for volume-ownership image
  * Build volume-copy-up on Windows
  * Adds a helper tool that fetches the owner username and SID of
a file or folder
  * Adds README
  * Remove 2004 from Windows versions
  * Add ltsc2022 to Windows versions

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

integration/images/volume-copy-up/Dockerfile_windows

@@ -1,42 +1,34 @@
-#   Copyright The containerd Authors.
-
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-
-#       http://www.apache.org/licenses/LICENSE-2.0
-
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright The containerd Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 ARG BASE
-
-FROM --platform=linux/amd64 busybox as prep
-
-# Similar to: https://github.com/kubernetes/kubernetes/blob/7ad7c0757ac7fa37dfae9c7cdc628cf04e35e5cb/test/images/busybox/Dockerfile_windows
-
-# Available busybox functions retrieved by running busybox.exe --list
-ENV BUSYBOX_EXES="[ [[ ar arch ash awk base64 basename bash bunzip2 bzcat bzip2 cal cat chmod cksum clear cmp comm cp cpio cut date dc dd df diff dirname dos2unix dpkg-deb du echo ed egrep env expand expr factor false fgrep find fold fsync ftpget ftpput getopt grep groups gunzip gzip hd head hexdump id ipcalc kill killall less link ln logname ls lzcat lzma lzop lzopcat man md5sum mkdir mktemp mv nl od paste patch pgrep pidof pipe_progress pkill printenv printf ps pwd rev rm rmdir rpm rpm2cpio sed seq sh sha1sum sha256sum sha3sum sha512sum shred shuf sleep sort split ssl_client stat strings sum tac tail tar tee test timeout touch tr true truncate ttysize uname uncompress unexpand uniq unix2dos unlink unlzma unlzop unxz unzip usleep uudecode uuencode vi watch wc wget which whoami whois xargs xxd xz xzcat yes zcat"
-
-ADD https://github.com/kubernetes-sigs/windows-testing/raw/master/images/busybox/busybox.exe /busybox-dir/busybox.exe
-
-# NOTE(claudiub): We're creating symlinks for each of the busybox binaries and after that we're copying
-# # them over to Windows. Unfortunately, docker buildx has some issues copying over Windows symlinks.
-# # "Files/" is always prepended to the symlink target. The symlinks themselves are relative paths,
-# # so, in order to make use of them, we can simply add a busybox binary to Files\busybox.exe.
-RUN cd /busybox-dir/ && \
-    for busybox_binary in $BUSYBOX_EXES; do ln -s busybox.exe $busybox_binary.exe; done && \
-    mkdir Files && \
-    cp busybox.exe Files/busybox.exe
-
-RUN sh -c "mkdir /test_dir; echo test_content > /test_dir/test_file"
-
 FROM $BASE
 
-COPY --from=prep /busybox-dir /bin
-COPY --from=prep /test_dir /test_dir
+ADD https://github.com/kubernetes-sigs/windows-testing/raw/3fea3d48ea8337b2aaca755c1d719e34b45f46b9/images/busybox/busybox.exe /bin/busybox.exe
+
+ENV BUSYBOX_EXES="[ [[ ar arch ash awk base64 basename bash bunzip2 bzcat bzip2 cal cat chmod cksum clear cmp comm cp cpio cut date dc dd df diff dirname dos2unix dpkg-deb du echo ed egrep env expand e xpr factor false fgrep find fold fsync ftpget ftpput getopt grep groups gunzip gzip hd head hexdump id ipcalc kill killall less link ln logname ls lzcat lzma lzop lzopcat man md5sum mkdir mktemp mv nl od paste patch pgrep pidof pipe_progress pkill printenv printf ps pwd rev rm rmdir rpm rpm2cpio sed seq sh sha1sum sha256sum sha3sum sha512sum shred shuf sleep sort split ssl_client stat strings sum ta c tail tar tee test timeout touch tr true truncate ttysize uname uncompress unexpand uniq unix2dos unlink unlzma unlzop unxz unzip usleep uudecode uuencode vi watch wc wget which whoami whois xargs xxd xz xzcat yes zcat"
+
+USER ContainerAdministrator
+WORKDIR C:/bin
+
+RUN cmd.exe /c "@echo off && FOR %i in (%BUSYBOX_EXES%) do (mklink %i.exe busybox.exe)"
+
+USER ContainerUser
+
+RUN cmd.exe /c mkdir C:\test_dir
+
+RUN /bin/sh.exe -c "echo test_content > /test_dir/test_file"
+
 ENV PATH="C:\bin;C:\Windows\System32;C:\Windows;"
-VOLUME "/test_dir"
+VOLUME "C:/test_dir"

integration/images/volume-copy-up/Makefile

@@ -17,33 +17,50 @@ all: build
 PROJ=gcr.io/k8s-cri-containerd
 VERSION=2.1
 IMAGE=$(PROJ)/volume-copy-up:$(VERSION)
+DOCKER_CERT_PATH ?= "$(HOME)/.docker"
+REMOTE_DOCKER_URL ?=
+DOCKER_REMOTE_ARGS ?=
+
+
+ifneq ($(REMOTE_DOCKER_URL),)
+	DOCKER_REMOTE_ARGS = --tlsverify --tlscacert "$(DOCKER_CERT_PATH)/ca.pem" \
+		--tlscert "$(DOCKER_CERT_PATH)/cert.pem" \
+		--tlskey "$(DOCKER_CERT_PATH)/key.pem" \
+		-H "$(REMOTE_DOCKER_URL)"
+endif
 
 # Operating systems supported: linux, windows
 OS ?= linux
 # Architectures supported: amd64, arm64
 ARCH ?= amd64
-# OS Version for the Windows images: 1809, 2004, 20H2
+# OS Version for the Windows images: 1809, 20H2, ltsc2022
 OSVERSION ?= 1809
 
 # The output type could either be docker (local), or registry.
 # If it is registry, it will also allow us to push the Windows images.
 OUTPUT_TYPE ?= docker
 
-ALL_OS = linux windows
+ALL_OS = linux
 ALL_ARCH.linux = amd64 arm64
 ALL_OS_ARCH.linux = $(foreach arch, ${ALL_ARCH.linux}, linux-$(arch))
-ALL_OSVERSIONS.windows := 1809 2004 20H2
+
+ifneq ($(REMOTE_DOCKER_URL),)
+ALL_OS += windows
+ALL_OSVERSIONS.windows := 1809 20H2 ltsc2022
 ALL_OS_ARCH.windows = $(foreach osversion, ${ALL_OSVERSIONS.windows}, windows-amd64-${osversion})
-ALL_OS_ARCH = $(foreach os, $(ALL_OS), ${ALL_OS_ARCH.${os}})
+BASE.windows := mcr.microsoft.com/windows/nanoserver
+endif
 
 BASE.linux.amd64 := busybox
 BASE.linux.arm64 := arm64v8/busybox
 BASE.linux := ${BASE.linux.${ARCH}}
-BASE.windows := mcr.microsoft.com/windows/nanoserver
 BASE := ${BASE.${OS}}
 
+ALL_OS_ARCH = $(foreach os, $(ALL_OS), ${ALL_OS_ARCH.${os}})
+
 configure-docker:
-	gcloud auth configure-docker
+	gcloud auth configure-docker --quiet
+	gcloud auth configure-docker --quiet $(shell echo $(PROJ) | cut -f 1 -d "/") || true
 
 setup-buildx:
 	docker buildx use img-builder || docker buildx create --name img-builder --use
@@ -67,9 +84,10 @@ container: .container-${OS}-$(ARCH)
 		-t $(IMAGE)-${OS}-${ARCH} --build-arg BASE=${BASE} .
 
 .container-windows-$(ARCH):
-	docker buildx build --pull --output=type=${OUTPUT_TYPE} --platform ${OS}/${ARCH} \
+	docker $(DOCKER_REMOTE_ARGS) build --isolation=hyperv --no-cache --pull \
 		-t $(IMAGE)-${OS}-${ARCH}-${OSVERSION} --build-arg BASE=${BASE}:${OSVERSION} \
 		-f Dockerfile_windows .
+	docker $(DOCKER_REMOTE_ARGS) push $(IMAGE)-${OS}-${ARCH}-${OSVERSION}
 
 # For Windows images, we also need to include the "os.version" in the manifest list images,
 # so the Windows node can pull the proper image it needs.
@@ -80,7 +98,8 @@ push-manifest:
 	set -x; \
 	for osversion in ${ALL_OSVERSIONS.windows}; do \
 		full_version=`docker manifest inspect ${BASE.windows}:$${osversion} | grep "os.version" | head -n 1 | awk -F\" '{print $$4}'` || true; \
-		docker manifest annotate --os windows --arch amd64 --os-version $${full_version} ${IMAGE} ${IMAGE}-windows-amd64-$${osversion}; \
+		docker manifest annotate --os windows --arch amd64 --os-version $${full_version} \
+		${IMAGE} ${IMAGE}-windows-amd64-$${osversion}; \
 	done
 	docker manifest push --purge ${IMAGE}