Merge pull request #16 from liquidmetal-dev/refactor_difference_images

refactor: split k8s kernel to seperate image
liquidmetal-dev · Oct 8, 2024 · a7a7ded · a7a7ded
2 parents 677d50d + 5798c08
commit a7a7ded
Show file tree

Hide file tree

Showing 15 changed files with 216 additions and 4 deletions.
diff --git a/.github/workflows/kernel-cloudhypervisor-k8s.yml b/.github/workflows/kernel-cloudhypervisor-k8s.yml
@@ -0,0 +1,29 @@
+name: Kernel for k8s (CH) - Build and publish
+
+on:
+  workflow_dispatch:
+
+defaults:
+  run:
+    working-directory: kernel-k8s-ch
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Login to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        run: |
+          make build
+          make push
diff --git a/.github/workflows/kernel-firecracker-k8s.yml b/.github/workflows/kernel-firecracker-k8s.yml
@@ -0,0 +1,29 @@
+name: Kernel for k8s (FC) - Build and publish
+
+on:
+  workflow_dispatch:
+
+defaults:
+  run:
+    working-directory: kernel-k8s-fc
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Login to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        run: |
+          make build
+          make push
diff --git a/.github/workflows/kernel-firecracker.yml b/.github/workflows/kernel-firecracker.yml
@@ -5,7 +5,7 @@ on:
 
 defaults:
   run:
-    working-directory: kernel
+    working-directory: kernel-fc
 
 jobs:
   build-and-publish:

diff --git a/kernel-ch/Dockerfile b/kernel-ch/Dockerfile
@@ -33,9 +33,6 @@ WORKDIR ${LINUX_DIR}
 ARG KERNEL_CONFIG
 
 RUN curl -L -o .config ${KERNEL_CONFIG}
-RUN make LOCALVERSION= olddefconfig
-COPY k8s_additions.config k8s_additions-fragment
-RUN ./scripts/kconfig/merge_config.sh .config k8s_additions-fragment
 RUN make LOCALVERSION= -j32
 
 RUN mkdir output

diff --git a/kernel-fc/Dockerfile b/kernel-fc/Dockerfile
@@ -0,0 +1,45 @@
+FROM ubuntu:22.04 AS builder
+
+RUN apt-get update -y && \
+    apt-get install -y --no-install-recommends \
+    bc                  \
+    bison               \
+    build-essential     \
+    gcc                 \
+    flex                \
+    git                 \
+    libelf-dev          \
+    libncurses-dev      \
+    libssl-dev          \
+    ca-certificates     \
+    kmod                \
+    curl                \
+    wget
+
+ENV SRC_DIR=/usr/src            \
+    DIST_DIR=/dist              \
+    LINUX_DIR=/usr/src/linux    \
+    LINUX_REPO_URL=git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
+
+
+ARG KERNEL_VERSION
+
+RUN mkdir -p ${SRC_DIR} ${DIST_DIR} && \
+    git clone --depth 1 --branch v${KERNEL_VERSION} ${LINUX_REPO_URL} ${LINUX_DIR} && \
+    cd ${LINUX_DIR}
+
+WORKDIR ${LINUX_DIR}
+
+ARG KERNEL_CONFIG
+
+RUN curl -L -o .config ${KERNEL_CONFIG}
+
+RUN make LOCALVERSION= olddefconfig
+RUN make LOCALVERSION= -j32
+
+RUN cp vmlinux /boot/vmlinux && \
+    cp .config /boot/config-${KERNEL_VERSION}
+
+FROM scratch
+LABEL org.opencontainers.image.source=https://github.com/liquidmetal-dev/mikrolite-images
+COPY --from=builder /boot /boot
diff --git a/kernel/Makefile → kernel-fc/Makefile b/kernel/Makefile → kernel-fc/Makefile
diff --git a/kernel-fc/README.md b/kernel-fc/README.md
@@ -0,0 +1,10 @@
+# Kernel images
+
+This creates a kernel image suitable for using with Firecracker.
+
+A couple of things to note:
+
+- modules are disabled
+- The **microvm-kernel-ci-x86_64-6.1.config** file comes from the supported kernel configs published by Firecracker from [here](https://github.com/firecracker-microvm/firecracker/tree/main/resources/guest_configs).
+- The **microvm-kernel-ci-x86_64-6.1.config** is downloaded and shouldn't be modified in any way
+
diff --git a/kernel/k8s_additions.config → kernel-fc/k8s_additions.config b/kernel/k8s_additions.config → kernel-fc/k8s_additions.config
diff --git a/kernel-k8s-ch/Dockerfile b/kernel-k8s-ch/Dockerfile
@@ -0,0 +1,47 @@
+FROM ubuntu:22.04 AS builder
+
+RUN apt-get update -y && \
+    apt-get install -y --no-install-recommends \
+    bc                  \
+    bison               \
+    build-essential     \
+    gcc                 \
+    flex                \
+    git                 \
+    libelf-dev          \
+    libncurses-dev      \
+    libssl-dev          \
+    ca-certificates     \
+    kmod                \
+    curl                \
+    wget
+
+ENV SRC_DIR=/usr/src            \
+    DIST_DIR=/dist              \
+    LINUX_DIR=/usr/src/linux    \
+    LINUX_REPO_URL=git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
+
+
+ARG KERNEL_VERSION
+
+RUN mkdir -p ${SRC_DIR} ${DIST_DIR} && \
+    git clone --depth 1 --branch v${KERNEL_VERSION} ${LINUX_REPO_URL} ${LINUX_DIR} && \
+    cd ${LINUX_DIR}
+
+WORKDIR ${LINUX_DIR}
+
+ARG KERNEL_CONFIG
+
+RUN curl -L -o .config ${KERNEL_CONFIG}
+RUN make LOCALVERSION= olddefconfig
+COPY k8s_additions.config k8s_additions-fragment
+RUN ./scripts/kconfig/merge_config.sh .config k8s_additions-fragment
+RUN make LOCALVERSION= -j32
+
+RUN mkdir output
+RUN cp arch/x86/boot/compressed/vmlinux.bin ./output/vmlinux.bin&& \
+    cp .config ./output/config-${KERNEL_VERSION}.0
+
+FROM scratch
+LABEL org.opencontainers.image.source=https://github.com/liquidmetal-dev/mikrolite-images
+COPY --from=builder /usr/src/linux/output   /boot
diff --git a/kernel-k8s-ch/Makefile b/kernel-k8s-ch/Makefile
@@ -0,0 +1,13 @@
+REGISTRY?=ghcr.io/liquidmetal-dev
+IMAGE?=cloudhypervisor-kernel-k8s
+IMAGE_NAME?=$(REGISTRY)/$(IMAGE)
+
+build:
+	docker build \
+		-t $(IMAGE_NAME):6.2 \
+		--build-arg KERNEL_VERSION=6.2 \
+		--build-arg KERNEL_CONFIG=https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/main/resources/linux-config-x86_64 \
+		.
+
+push:
+	docker push $(IMAGE_NAME):6.2
diff --git a/kernel-ch/k8s_additions.config → kernel-k8s-ch/k8s_additions.config b/kernel-ch/k8s_additions.config → kernel-k8s-ch/k8s_additions.config
diff --git a/kernel/Dockerfile → kernel-k8s-fc/Dockerfile b/kernel/Dockerfile → kernel-k8s-fc/Dockerfile
diff --git a/kernel-k8s-fc/Makefile b/kernel-k8s-fc/Makefile
@@ -0,0 +1,19 @@
+REGISTRY?=ghcr.io/liquidmetal-dev
+IMAGE?=firecracker-kernel-k8s
+IMAGE_NAME?=$(REGISTRY)/$(IMAGE)
+
+build:
+	docker build \
+		-t $(IMAGE_NAME):6.1 \
+		--build-arg KERNEL_VERSION=6.1 \
+		--build-arg KERNEL_CONFIG=https://raw.githubusercontent.com/firecracker-microvm/firecracker/main/resources/guest_configs/microvm-kernel-ci-x86_64-6.1.config \
+		.
+	docker build \
+		-t $(IMAGE_NAME):5.10 \
+		--build-arg KERNEL_VERSION=5.10.199 \
+		--build-arg KERNEL_CONFIG=https://raw.githubusercontent.com/firecracker-microvm/firecracker/afe0e5f6469f2d804643be0cc0cef53c9d1c4f5d/resources/guest_configs/microvm-kernel-ci-x86_64-5.10.config \
+		.
+
+push:
+	docker push $(IMAGE_NAME):6.1
+	docker push $(IMAGE_NAME):5.10
diff --git a/kernel/README.md → kernel-k8s-fc/README.md b/kernel/README.md → kernel-k8s-fc/README.md
diff --git a/kernel-k8s-fc/k8s_additions.config b/kernel-k8s-fc/k8s_additions.config
@@ -0,0 +1,23 @@
+CONFIG_NETFILTER=y
+CONFIG_NETFILTER_ADVANCED=y
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_IP_SET=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_CONNTRACK_MARK=y
+CONFIG_NF_CONNTRACK_SECMARK=y
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_NF_NAT_MASQUERADE=y
+CONFIG_NETFILTER_XTABLES=y
+CONFIG_KEYS=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+CONFIG_NETFILTER_XT_MATCH_IPVS=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_VS=y
+CONFIG_BRIDGE=y