The issue this workaround set out to address has been resolved in
buildx for some time; there is no longer a need to preserve it.
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
This change allows the `TAG` value in the pause Makefile to be
overridden from the environment. Defaults to existing hard-coded value
in `build/pause/Makefile`
For manifest lists containing Windows images, it is important to also have the "os.version"
annotation set, as it is needed by the Windows nodes, so they can pull the appropriate image
from the list.
Previously, the docker manifest CLI did not have the capability to set it, so, we had to set
it outselves in the manifest list's image JSON file. This is no longer necessary since
docker 20.10.0, which includes docker manifest annotate --os-version.
The docker installed in the image gcr.io/k8s-testimages/gcb-docker-gcloud:v20210622-762366a
satisfies this version requirement.
Update dependencies and the test images to use pause 3.5. We also
provide a changelog entry for the new container image version.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
kube-cross:v1.16.3-1 contains x86_64-w64-mingw32, which will allow us to
build Windows binaries. With this, we won't have to rely on the dockerhub
image dockcross/windows-static-x64.
We now build the pause image to use a pseudo user and group 65535:65535.
This increases the security aspect of the container image, if a
vulnerability would directly affect the pause container.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Not all instances of docker run has the --rm argument, which means that they'll
persist after they've finished. This can cause storage to remain occupied needlessly.
The ``.container-$OS-$ARCH`` make subaction is creating files with the same name, and ``clean`` is meant to delete them. However, the ``clean``'s rm regex is not quite correct.
A new Windows image has been released in the second half of 2020 with the tag 20H2.
We are going to need a pause image for it as well.
The image tag can be found here: https://hub.docker.com/_/microsoft-windows-nanoserver
It has been observed that the DiagTrack service in the pause
image is consuming a non-trivial amount of CPU. We don't need
this service in the pause image, so we should disable it.
We can disable the service by running chntpw in a docker buildx Linux stage
and then copy the SYSTEM file back to the final Windows image.
Co-Authored-By: Mark Rossetti <marosset@microsoft.com>
Co-Authored-By: Davanum Srinivas <davanum@gmail.com>
We can use docker buildx in order to build and push Windows images from the same Linux
node, as long as the Dockerfile does not have any RUN commands in the Windows step.
We also need to create a non-default builder instance in order to be able to
build and push Windows images.
The Windows images have to be built and pushed directly to the registry. Because of
this, the make target "push" has been removed (the target "all" will build and push
the images).
We need wincat for a few kubectl proxy scenarios.
For Windows containers without Hyper-V isolation, the host OS Version and the
Container OS Version need to match, which is why we added multiple Windows OS Versions
to the building process.
Adds support for Windows OS Versions: 1809, 1903, 1909, 2004.
Bumps pause image version to 3.4.
Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>
Co-Authored-By: Ben Moss <bmoss@pivotal.io>
Signed-off-by: Leah Hanson <lhanson@pivotal.io>
- Eliminates a failure in one image build from prevent the others
- Allows subdir approvers ownership over individual builds
- Makes cleanup a little easier if one or more of these images go away
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
- Search/replace Google Infra kube-cross locations for K8s Infra
- Update kube-cross make targets
- Don't attempt to pre-pull image (docker build --pull)
This prevents CI failures when the image under test doesn't exist
yet in the registry.
- 'make all' now builds and pushes the kube-cross image
- Allow 'TAG' to be specified via env var
- Use 'KUBE_CROSS_VERSION' to represent the kube-cross version
- Tag kube-cross images with both a kubernetes version
('git describe') and a kube-cross version
- Add a GCB (Google Cloud Build) config file (cloudbuild.yaml)
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
This is the 2nd attempt. The previous was reverted while we figured out
the regional mirrors (oops).
New plan: k8s.gcr.io is a read-only facade that auto-detects your source
region (us, eu, or asia for now) and pulls from the closest. To publish
an image, push k8s-staging.gcr.io and it will be synced to the regionals
automatically (similar to today). For now the staging is an alias to
gcr.io/google_containers (the legacy URL).
When we move off of google-owned projects (working on it), then we just
do a one-time sync, and change the google-internal config, and nobody
outside should notice.
We can, in parallel, change the auto-sync into a manual sync - send a PR
to "promote" something from staging, and a bot activates it. Nice and
visible, easy to keep track of.
Automatic merge from submit-queue (batch tested with PRs 57322, 57723, 58706, 59004, 58857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make the pause image a manifest list
**What this PR does / why we need it**:
Build and push manifest for kubernetes images
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/57869
**Special notes for your reviewer**:
**Release note**:
```
NONE
```
Automatic merge from submit-queue
Improve pause-container warning message
Signed-off-by: Vinothkumar Siddharth <sidvin@amazon.com>
**What this PR does / why we need it**:
This just improves the warning message currently emitted by pause
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
