diff --git a/packages/core/builder/Chart.yaml b/packages/core/builder/Chart.yaml new file mode 100755 index 00000000..91337a4b --- /dev/null +++ b/packages/core/builder/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: builder +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/core/builder/Makefile b/packages/core/builder/Makefile new file mode 100755 index 00000000..9eee5594 --- /dev/null +++ b/packages/core/builder/Makefile @@ -0,0 +1,35 @@ +NAMESPACE=cozy-builder +NAME := builder + +TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' ../installer/images/talos/profiles/installer.yaml) + +include ../../../scripts/common-envs.mk + +help: ## Show this help. + @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) + +show: + helm template -n $(NAMESPACE) $(NAME) . + +apply: ## Create builder sandbox in existing Kubernetes cluster. + helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f - + docker buildx ls | grep -q '^buildkit-builder*' || docker buildx create \ + --bootstrap \ + --name=buildkit-$(NAME) \ + --driver=kubernetes \ + --driver-opt=namespace=$(NAMESPACE),replicas=1 \ + --platform=linux/amd64 \ + --platform=linux/arm64 \ + --use \ + --config config.toml + +diff: + helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f - + +delete: ## Remove builder sandbox from existing Kubernetes cluster. + kubectl delete deploy -n $(NAMESPACE) $(NAME)-talos-imager + docker buildx rm buildkit-$(NAME) + +wait-for-builder: + kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) $(NAME)-talos-imager + kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=$(NAME)-talos-imager diff --git a/packages/core/builder/config.toml b/packages/core/builder/config.toml new file mode 100644 index 00000000..a3cb03a3 --- /dev/null +++ b/packages/core/builder/config.toml @@ -0,0 +1,11 @@ +[worker.oci] + gc = true + gckeepstorage = 50000 + + [[worker.oci.gcpolicy]] + keepBytes = 10737418240 + keepDuration = 604800 + filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"] + [[worker.oci.gcpolicy]] + all = true + keepBytes = 53687091200 diff --git a/packages/core/builder/templates/sandbox.yaml b/packages/core/builder/templates/sandbox.yaml new file mode 100755 index 00000000..9189e8b1 --- /dev/null +++ b/packages/core/builder/templates/sandbox.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Release.Namespace }} + labels: + pod-security.kubernetes.io/enforce: privileged +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-talos-imager + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-talos-imager + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-talos-imager + spec: + automountServiceAccountToken: false + terminationGracePeriodSeconds: 1 + containers: + - name: imagere + image: "{{ .Values.talos.imager.image }}" + securityContext: + privileged: true + command: + - sleep + - infinity + volumeMounts: + - mountPath: /dev + name: dev + volumes: + - hostPath: + path: /dev + type: Directory + name: dev diff --git a/packages/core/builder/values.yaml b/packages/core/builder/values.yaml new file mode 100755 index 00000000..5899a23b --- /dev/null +++ b/packages/core/builder/values.yaml @@ -0,0 +1,3 @@ +talos: + imager: + image: ghcr.io/siderolabs/imager:v1.8.4 diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile index 386006b6..2f0ef052 100644 --- a/packages/core/installer/Makefile +++ b/packages/core/installer/Makefile @@ -19,10 +19,12 @@ diff: update: hack/gen-profiles.sh + IMAGE=$$(awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml) \ + yq -i '.talos.imager.image = "ghcr.io/siderolabs/imager:" + strenv(IMAGE)' ../builder/values.yaml image: pre-checks image-cozystack image-talos image-matchbox -image-cozystack: +image-cozystack: run-builder make -C ../../.. repos docker buildx build -f images/cozystack/Dockerfile ../../.. \ --provenance false \ @@ -37,13 +39,11 @@ image-cozystack: yq -i '.cozystack.image = strenv(IMAGE)' values.yaml rm -f images/cozystack.json -image-talos: +image-talos: run-builder test -f ../../../_out/assets/installer-amd64.tar || make talos-installer - docker load -i ../../../_out/assets/installer-amd64.tar - docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) - docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) + skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) -image-matchbox: +image-matchbox: run-builder test -f ../../../_out/assets/kernel-amd64 || make talos-kernel test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs docker buildx build -f images/matchbox/Dockerfile ../../.. \ @@ -62,5 +62,8 @@ assets: talos-iso talos-nocloud talos-metal talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal: mkdir -p ../../../_out/assets cat images/talos/profiles/$(subst talos-,,$@).yaml | \ - docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \ + kubectl exec -i -n cozy-builder deploy/builder-talos-imager -- imager --tar-to-stdout - | \ tar -C ../../../_out/assets -xzf- + +run-builder: + make -C ../builder/ apply wait-for-builder