diff --git a/.github/workflows/image-test.yml b/.github/workflows/image-test.yml new file mode 100644 index 0000000..2296d36 --- /dev/null +++ b/.github/workflows/image-test.yml @@ -0,0 +1,27 @@ +name: Test UDS Capability + +on: + pull_request: + paths: + - "docker/**" + +permissions: + id-token: write + contents: read + +jobs: + test-clean-install: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Setup UDS + if: always() + uses: defenseunicorns/uds-common/.github/actions/setup@v0.3.6 + with: + username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} + password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} + + - name: Create and deploy the uds-k3d package + run: uds run build-image diff --git a/.github/workflows/build-test.yml b/.github/workflows/k3d-test.yml similarity index 79% rename from .github/workflows/build-test.yml rename to .github/workflows/k3d-test.yml index 6064a0c..dd6acf2 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/k3d-test.yml @@ -20,11 +20,13 @@ jobs: - name: Setup UDS if: always() - uses: defenseunicorns/uds-common/.github/actions/setup@v0.2.2 + uses: defenseunicorns/uds-common/.github/actions/setup@v0.3.6 + with: + username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} + password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} - name: Create and deploy the uds-k3d package run: uds run - name: Validate uds-k3d package run: uds run validate - diff --git a/.github/workflows/tag-and-release.yml b/.github/workflows/tag-and-release.yml index c2ff113..7319fab 100644 --- a/.github/workflows/tag-and-release.yml +++ b/.github/workflows/tag-and-release.yml @@ -34,7 +34,10 @@ jobs: - name: Setup UDS if: always() - uses: defenseunicorns/uds-common/.github/actions/setup@v0.2.2 + uses: defenseunicorns/uds-common/.github/actions/setup@v0.3.6 + with: + username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} + password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} - name: Login to GHCR uses: docker/login-action@v3 @@ -47,3 +50,6 @@ jobs: run: | uds zarf package create --confirm -a arm64 -o oci://ghcr.io/defenseunicorns/packages uds zarf package create --confirm -a amd64 -o oci://ghcr.io/defenseunicorns/packages + + - name: Publish the custom k3s image + run: uds run publish-image diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..85670f8 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,5 @@ +ARG K3S_TAG="v1.28.7-k3s1" + +FROM rancher/k3s:$K3S_TAG as k3s + +COPY config.toml.tmpl /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl diff --git a/docker/config.toml.tmpl b/docker/config.toml.tmpl new file mode 100644 index 0000000..10eb100 --- /dev/null +++ b/docker/config.toml.tmpl @@ -0,0 +1,26 @@ +version = 2 + +[plugins."io.containerd.internal.v1.opt"] + path = "/var/lib/rancher/k3s/agent/containerd" +[plugins."io.containerd.grpc.v1.cri"] + stream_server_address = "127.0.0.1" + stream_server_port = "10010" + enable_selinux = false + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + sandbox_image = "rancher/mirrored-pause:3.6" + +[plugins."io.containerd.grpc.v1.cri".containerd] + snapshotter = "overlayfs" + disable_snapshot_annotations = true + +[plugins."io.containerd.grpc.v1.cri".cni] + bin_dir = "/bin" + conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d" + + +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = false diff --git a/tasks.yaml b/tasks.yaml index 6701c49..cccff97 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,3 +1,7 @@ +variables: + - name: K3S_VERSION + default: "v1.28.7-k3s1" + tasks: - name: default description: "Build and deploy uds-k3d" @@ -27,3 +31,14 @@ tasks: echo "CoreDNS patch failed, foo.uds.dev is resolving to 127.0.0.1" exit 1 fi + + - name: build-image + actions: + - description: Build the custom k3s image + cmd: docker build -t ghcr.io/defenseunicorns/oss/uds-k3d-k3s:${K3S_VERSION} --build-arg K3S_TAG=${K3S_VERSION} docker/ + + - name: publish-image + actions: + - task: build-image + - description: Publish the custom k3s image + cmd: docker push ghcr.io/defenseunicorns/oss/uds-k3d-k3s:${K3S_VERSION} diff --git a/zarf.yaml b/zarf.yaml index 6c91642..63d6c2d 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -17,7 +17,7 @@ variables: - name: K3D_IMAGE description: "K3d image to use" - default: "rancher/k3s:v1.27.4-k3s1" + default: "rancher/k3s:v1.28.7-k3s1" - name: K3D_EXTRA_ARGS description: "Optionally pass k3d arguments to the default"