Build k0s calico-cni and calico-kube-controllers images with Chainguard (#797)

Build k0s images with Chainguard - second batch

Author: sgalsaleh

Makefile

@@ -6,6 +6,10 @@ COREDNS_IMAGE = proxy.replicated.com/anonymous/replicated/ec-coredns
 COREDNS_VERSION = 1.11.3-r3@sha256:7996a7ee8e1b7fec9a6dc216b01f0047cafbd551562bde44a2c6615ef8f3dbfc
 CALICO_NODE_IMAGE = proxy.replicated.com/anonymous/replicated/ec-calico-node
 CALICO_NODE_VERSION = 3.26.1-r16@sha256:f2d58c94a900bf33174d81cb270dfdf070350954fd2e4e7edeccc2dad2f855b6
+CALICO_CNI_IMAGE = proxy.replicated.com/anonymous/replicated/ec-calico-cni
+CALICO_CNI_VERSION = 3.26.1-r16@sha256:11d5bf25611ffc578e632e23e09767ca5a964f81ff311c47d2e98b686c2d0365
+CALICO_KUBE_CONTROLLERS_IMAGE = proxy.replicated.com/anonymous/replicated/ec-calico-kube-controllers
+CALICO_KUBE_CONTROLLERS_VERSION = 3.26.1-r16@sha256:50703dc3f6b17188dda3dc445f5b1f41ab4473d8f7dbed0ac39a3685ac8e916d
 METRICS_SERVER_IMAGE = proxy.replicated.com/anonymous/replicated/ec-metrics-server
 METRICS_SERVER_VERSION = 0.6.4-r9@sha256:bd7d9ada28e299979174b2094d1eec7d653f793730b320dc7e90763c92452268
 ADMIN_CONSOLE_CHART_REPO_OVERRIDE =
@@ -48,6 +52,10 @@ LD_FLAGS = -X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$
 	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CoreDNSVersion=$(COREDNS_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoNodeImage=$(CALICO_NODE_IMAGE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoNodeVersion=$(CALICO_NODE_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoCNIImage=$(CALICO_CNI_IMAGE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoCNIVersion=$(CALICO_CNI_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoKubeControllersImage=$(CALICO_KUBE_CONTROLLERS_IMAGE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.CalicoKubeControllersVersion=$(CALICO_KUBE_CONTROLLERS_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.MetricsServerImage=$(METRICS_SERVER_IMAGE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/config/images.MetricsServerVersion=$(METRICS_SERVER_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.ChartRepoOverride=$(ADMIN_CONSOLE_CHART_REPO_OVERRIDE) \

cmd/buildtools/k0s.go

@@ -25,6 +25,14 @@ var k0sComponents = []struct {
 		name:        "calico-node",
 		makefileVar: "CALICO_NODE_VERSION",
 	},
+	{
+		name:        "calico-cni",
+		makefileVar: "CALICO_CNI_VERSION",
+	},
+	{
+		name:        "calico-kube-controllers",
+		makefileVar: "CALICO_KUBE_CONTROLLERS_VERSION",
+	},
 	{
 		name:        "metrics-server",
 		makefileVar: "METRICS_SERVER_VERSION",

deploy/images/calico-cni/apko.tmpl.yaml

@@ -0,0 +1,25 @@
+# source: https://github.com/chainguard-images/images/blob/387659a22a0d41a04801e3507a2238d2f1622906/images/calico/configs/latest.cni.apko.yaml
+contents:
+  repositories:
+    - https://packages.wolfi.dev/os
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+  packages:
+    - calico-cni=${PACKAGE_VERSION}
+    - calico-cni-compat=${PACKAGE_VERSION}
+
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 0
+
+entrypoint:
+  command: /opt/cni/bin/install
+
+environment:
+  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/cni/bin

deploy/images/calico-kube-controllers/apko.tmpl.yaml

@@ -0,0 +1,26 @@
+# source: https://github.com/chainguard-images/images/blob/387659a22a0d41a04801e3507a2238d2f1622906/images/calico/configs/latest.kube-controllers.apko.yaml
+contents:
+  repositories:
+    - https://packages.wolfi.dev/os
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+  packages:
+    - calico-kube-controllers=${PACKAGE_VERSION}
+
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+paths:
+  - path: /status
+    type: directory
+    permissions: 0o777
+
+entrypoint:
+  command: /usr/bin/calico-kube-controllers

pkg/config/images.go

@@ -21,6 +21,18 @@ func OverrideK0sImages(cfg *k0sv1beta1.ClusterConfig) error {
 	if images.CalicoNodeVersion != "" {
 		cfg.Spec.Images.Calico.Node.Version = images.CalicoNodeVersion
 	}
+	if images.CalicoCNIImage != "" {
+		cfg.Spec.Images.Calico.CNI.Image = images.CalicoCNIImage
+	}
+	if images.CalicoCNIVersion != "" {
+		cfg.Spec.Images.Calico.CNI.Version = images.CalicoCNIVersion
+	}
+	if images.CalicoKubeControllersImage != "" {
+		cfg.Spec.Images.Calico.KubeControllers.Image = images.CalicoKubeControllersImage
+	}
+	if images.CalicoKubeControllersVersion != "" {
+		cfg.Spec.Images.Calico.KubeControllers.Version = images.CalicoKubeControllersVersion
+	}
 	if images.MetricsServerImage != "" {
 		cfg.Spec.Images.MetricsServer.Image = images.MetricsServerImage
 	}

pkg/config/images/images.go

@@ -2,10 +2,14 @@ package images
 
 // Overwritten by -ldflags in Makefile
 var (
-	CoreDNSImage         = ""
-	CoreDNSVersion       = ""
-	CalicoNodeImage      = ""
-	CalicoNodeVersion    = ""
-	MetricsServerImage   = ""
-	MetricsServerVersion = ""
+	CoreDNSImage                 = ""
+	CoreDNSVersion               = ""
+	CalicoNodeImage              = ""
+	CalicoNodeVersion            = ""
+	CalicoCNIImage               = ""
+	CalicoCNIVersion             = ""
+	CalicoKubeControllersImage   = ""
+	CalicoKubeControllersVersion = ""
+	MetricsServerImage           = ""
+	MetricsServerVersion         = ""
 )