-
Notifications
You must be signed in to change notification settings - Fork 337
Expand file tree
/
Copy pathDockerfile.windows
More file actions
129 lines (115 loc) · 6.78 KB
/
Dockerfile.windows
File metadata and controls
129 lines (115 loc) · 6.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
FROM --platform=$BUILDPLATFORM alpine:3.23 AS base
RUN apk --no-cache add \
curl \
unzip
# Build environment
FROM rancher/hardened-build-base:v1.26.2b1 AS build-env
ARG BUILDARCH
ENV ARCH $BUILDARCH
RUN apk update
RUN set -x && \
apk add --no-cache \
mingw-w64-gcc \
libarchive-tools \
gcc \
bsd-compat-headers \
zstd \
jq \
python3 \
git \
libseccomp-dev \
rsync \
file \
bash \
py-pip
RUN KUBECTL_VERSION=v1.36.0 && \
KUBECTL_SHA256="123d8c8844f46b1244c547fffb3c17180c0c26dac9890589fe7e67763298748e" ;; \
cd /tmp && \
curl -fsSL https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o kubectl && \
echo "${KUBECTL_SHA256} kubectl" | sha256sum -c - && \
install -m 0755 kubectl /usr/local/bin/kubectl && \
rm -f /tmp/kubectl
RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \
GOLANGCI_VERSION=v1.55.2 && \
case "${ARCH}" in \
amd64) GOLANGCI_SHA256="ca21c961a33be3bc15e4292dc40c98c8dcc5463a7b6768a3afc123761630c09c" ;; \
arm64) GOLANGCI_SHA256="8eb0cee9b1dbf0eaa49871798c7f8a5b35f2960c52d776a5f31eb7d886b92746" ;; \
*) echo "Unsupported architecture for golangci-lint: ${ARCH}" && exit 1 ;; \
esac && \
cd /tmp && \
curl -fsSL "https://github.com/golangci/golangci-lint/releases/download/${GOLANGCI_VERSION}/golangci-lint-${GOLANGCI_VERSION#v}-linux-${ARCH}.tar.gz" -o golangci-lint.tar.gz && \
echo "${GOLANGCI_SHA256} golangci-lint.tar.gz" | sha256sum -c - && \
tar --strip-components=1 -xzf golangci-lint.tar.gz "golangci-lint-${GOLANGCI_VERSION#v}-linux-${ARCH}/golangci-lint" && \
install -m 0755 golangci-lint /usr/local/bin/golangci-lint && \
rm -f /tmp/golangci-lint /tmp/golangci-lint.tar.gz; \
fi
WORKDIR /source
FROM --platform=$BUILDPLATFORM rancher/hardened-containerd:v2.2.3-k3s1-build20260512-amd64-windows AS containerd
FROM base AS windows-runtime-collect
ARG KUBERNETES_VERSION=dev
# windows runtime image
ENV CRICTL_VERSION="v1.36.0"
ENV CALICO_VERSION="v3.32.0"
ENV CNI_PLUGIN_VERSION="v1.9.1"
ENV FLANNEL_VERSION="v0.28.4"
ENV CNI_FLANNEL_VERSION="v1.9.1-flannel1"
RUN mkdir -p rancher
# The charts directory is intentionally empty on windows, but its presence is required to address https://github.com/rancher/rke2/issues/5138
RUN mkdir -p charts
# We use the containerd-shim-runhcs-v1.exe binary from upstream, as it apparently can't be cross-built on Linux
COPY Dockerfile ./
RUN CONTAINERD_VERSION=$(grep "rancher/hardened-containerd" Dockerfile | grep ':v' | cut -d '=' -f 2- | grep -oE "([0-9]+)\.([0-9]+)\.([0-9]+)") \
&& curl -fsSLO https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz \
&& echo "81314dd5e3baad958acae0e4d1ff21eb27b7c8f8809232ab06c9f397cd221e02 containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz" | sha256sum -c -
RUN curl -fsSLO https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-windows-amd64.tar.gz && \
echo "73ef455b8a5a1e43f19372eba0ec40455e4abde3b9441a21db32c2a3172fb7ea crictl-${CRICTL_VERSION}-windows-amd64.tar.gz" | sha256sum -c -
RUN curl -fsSLO https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz && \
echo "c09a62523d76b32b883b6a9ee824c997b5c3cc8b3caebc8612c2f64fbbe97334 cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz" | sha256sum -c -
RUN case "${KUBERNETES_VERSION}" in \
v1.36.1) \
KUBECTL_SHA256="538f4229eee91a17b34724da7daade7687393d6988e33b723c6c306572c13900" && \
KUBELET_SHA256="60cd2ea85c293a60bd90d01178a06e298c277438429513024815f30dee8ac926" && \
KUBE_PROXY_SHA256="5b87e2231b51ec3857829c3f09fe301d65d6aa027f1b6d7315521b31274d384a"; \
;; \
*) echo "Unsupported KUBERNETES_VERSION for pinned Windows binaries: ${KUBERNETES_VERSION}" && exit 1 ;; \
esac && \
curl -fsSLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kubectl.exe && \
sha256sum kubectl.exe && \
echo "${KUBECTL_SHA256} kubectl.exe" | sha256sum -c - && \
mv kubectl.exe rancher/ && \
curl -fsSLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kubelet.exe && \
sha256sum kubelet.exe && \
echo "${KUBELET_SHA256} kubelet.exe" | sha256sum -c - && \
mv kubelet.exe rancher/ && \
curl -fsSLO https://dl.k8s.io/release/${KUBERNETES_VERSION}/bin/windows/amd64/kube-proxy.exe && \
sha256sum kube-proxy.exe && \
echo "${KUBE_PROXY_SHA256} kube-proxy.exe" | sha256sum -c - && \
mv kube-proxy.exe rancher/
RUN curl -fsSLO https://github.com/projectcalico/calico/releases/download/${CALICO_VERSION}/calico-windows-${CALICO_VERSION}.zip && \
echo "a3edde9031aa788bcfd1a89fa7f9fae9c829cc19f09930f189ed77ec322226e3 calico-windows-${CALICO_VERSION}.zip" | sha256sum -c -
RUN curl -fsSL https://github.com/flannel-io/flannel/releases/download/${FLANNEL_VERSION}/flanneld.exe -o flanneld.exe && \
echo "d5dd439bdd9e1adb04b715d3d4c15ddc1e59e7cd1bd7ab2a3d77a4aeca23429b flanneld.exe" | sha256sum -c - && \
mv flanneld.exe rancher/flanneld.exe
RUN curl -fsSL https://github.com/flannel-io/cni-plugin/releases/download/${CNI_FLANNEL_VERSION}/flannel-amd64.exe -o flannel.exe && \
echo "a603a464eb25ede190e56fed697726eb75f9c1b201f804d11e4ed0b530b5302f flannel.exe" | sha256sum -c - && \
mv flannel.exe rancher/flannel.exe
RUN curl -fsSL https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -o hns.psm1 && \
echo "a8a53ed4fac2e27c7e4268db069d4cf3129a56d466ef3bf9465fb52dcd76a29c hns.psm1" | sha256sum -c - && \
mv hns.psm1 rancher/hns.psm1
RUN CONTAINERD_VERSION=$(grep "rancher/hardened-containerd" Dockerfile | grep ':v' | cut -d '=' -f 2- | grep -oE "([0-9]+)\.([0-9]+)\.([0-9]+)") \
&& tar xvzf containerd-${CONTAINERD_VERSION}-windows-amd64.tar.gz -C rancher/ bin/containerd-shim-runhcs-v1.exe
RUN tar xzvf crictl-${CRICTL_VERSION}-windows-amd64.tar.gz crictl.exe -C rancher/
RUN tar xzvf cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz ./win-overlay.exe ./host-local.exe -C rancher/
RUN unzip calico-windows-${CALICO_VERSION}.zip
RUN mv CalicoWindows/calico-node.exe rancher/
RUN mv CalicoWindows/cni/calico.exe rancher/
RUN mv CalicoWindows/cni/calico-ipam.exe rancher/
RUN mv CalicoWindows/confd confd/
FROM scratch AS windows-runtime
LABEL org.opencontainers.image.url="https://hub.docker.com/r/rancher/rke2-runtime"
LABEL org.opencontainers.image.source="https://github.com/rancher/rke2"
WORKDIR /bin/
COPY --from=windows-runtime-collect ./charts /charts/
COPY --from=containerd /usr/local/bin/*.exe /bin/
COPY --from=windows-runtime-collect ./rancher/* /bin/
COPY --from=windows-runtime-collect ./confd/ /bin/confd