k0sproject · twz123 · Dec 13, 2024 · Dec 13, 2024 · makhov · Jan 23, 2025
@@ -33,6 +33,11 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: "Download :: k0s"
+        uses: actions/download-artifact@v4
+        with:
+          name: k0s-linux-amd64
+
       - name: "Download :: Airgap image list"
         uses: actions/download-artifact@v4
         with:
@@ -44,7 +49,7 @@ jobs:
       - name: "Cache :: Airgap image bundle :: Calculate cache key"
         id: cache-airgap-image-bundle-calc-key
         env:
-          HASH_VALUE: ${{ hashFiles('Makefile', 'airgap-images.txt', 'hack/image-bundler/*') }}
+          HASH_VALUE: ${{ hashFiles('Makefile', 'airgap-images.txt', 'cmd/airgap/*', 'pkg/airgap/*') }}
         run: |
           printf 'cache-key=build-airgap-image-bundle-%s-%s-%s\n' "$TARGET_OS" "$TARGET_ARCH" "$HASH_VALUE" >> "$GITHUB_OUTPUT"
 
@@ -57,12 +62,13 @@ jobs:
 
       - name: "Build :: Airgap image bundle"
         if: steps.cache-airgap-image-bundle.outputs.cache-hit != 'true'
+        env:
+          DOCKER: ''
+          EMBEDDED_BINS_BUILDMODE: none
         run: |
-          mkdir -p "embedded-bins/staging/$TARGET_OS/bin"
-          make --touch airgap-images.txt
+          chmod +x k0s
+          make --touch k0s airgap-images.txt
           make "airgap-image-bundle-$TARGET_OS-$TARGET_ARCH.tar"
-          tar tf "airgap-image-bundle-$TARGET_OS-$TARGET_ARCH.tar" >/dev/null
-          sha256sum "airgap-image-bundle-$TARGET_OS-$TARGET_ARCH.tar"
 
       - name: "Upload :: Airgap image bundle"
         uses: actions/upload-artifact@v4

@@ -309,7 +309,7 @@ jobs:
         id: cache-airgap-image-bundle
         uses: actions/cache@v4
         with:
-          key: airgap-image-bundle-linux-${{ matrix.arch }}-${{ hashFiles('Makefile', 'airgap-images.txt', 'hack/image-bundler/*') }}
+          key: airgap-image-bundle-linux-${{ matrix.arch }}-${{ hashFiles('Makefile', 'airgap-images.txt', 'cmd/airgap/*', 'pkg/airgap/*') }}
           path: |
             airgap-images.txt
             airgap-image-bundle-linux-${{ matrix.arch }}.tar

@@ -245,15 +245,8 @@ airgap-image-bundle-linux-arm64.tar: TARGET_PLATFORM := linux/arm64
 airgap-image-bundle-linux-arm.tar:   TARGET_PLATFORM := linux/arm/v7
 airgap-image-bundle-linux-amd64.tar \
 airgap-image-bundle-linux-arm64.tar \
-airgap-image-bundle-linux-arm.tar: .k0sbuild.image-bundler.stamp airgap-images.txt
-	$(DOCKER) run --rm -i --privileged \
-	  -e TARGET_PLATFORM='$(TARGET_PLATFORM)' \
-	  '$(shell cat .k0sbuild.image-bundler.stamp)' < airgap-images.txt > '$@'
-
-.k0sbuild.image-bundler.stamp: hack/image-bundler/* embedded-bins/Makefile.variables
-	$(DOCKER) build --progress=plain --iidfile '$@' \
-	  --build-arg ALPINE_VERSION=$(alpine_patch_version) \
-	  -t k0sbuild.image-bundler -- hack/image-bundler
+airgap-image-bundle-linux-arm.tar: k0s airgap-images.txt
+	./k0s airgap -v bundle-artifacts --platform='$(TARGET_PLATFORM)' -o '$@' <airgap-images.txt
 
 .PHONY: $(smoketests)
 check-airgap check-ap-airgap: airgap-image-bundle-linux-$(HOST_ARCH).tar
@@ -284,9 +277,7 @@ clean-docker-image:
 	$(clean-iid-files)
 
 .PHONY: clean-airgap-image-bundles
-clean-airgap-image-bundles: IID_FILES = .k0sbuild.image-bundler.stamp
 clean-airgap-image-bundles:
-	$(clean-iid-files)
 	-rm airgap-images.txt
 	-rm airgap-image-bundle-linux-amd64.tar airgap-image-bundle-linux-arm64.tar airgap-image-bundle-linux-arm.tar
 

@@ -19,16 +19,24 @@ package airgap
 import (
 	"github.com/k0sproject/k0s/pkg/config"
 
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 )
 
 func NewAirgapCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "airgap",
-		Short: "Manage airgap setup",
-		Args:  cobra.NoArgs,
-		RunE:  func(*cobra.Command, []string) error { return pflag.ErrHelp }, // Enforce arg validation
+		Short: "Tooling for airgapped installations",
+		Long: `Tooling for airgapped installations.
+
+For example, to create an image bundle that contains the images required for
+the current configuration, use the following command:
+
+    k0s airgap list-images | k0s airgap bundle-artifacts -v -o image-bundle.tar
+`,
+		Args: cobra.NoArgs,
+		RunE: func(*cobra.Command, []string) error { return pflag.ErrHelp }, // Enforce arg validation
 	}
 
 	var deprecatedFlags pflag.FlagSet
@@ -40,7 +48,9 @@ func NewAirgapCmd() *cobra.Command {
 		cmd.PersistentFlags().AddFlag(f)
 	})
 
-	cmd.AddCommand(NewAirgapListImagesCmd())
+	log := logrus.StandardLogger()
+	cmd.AddCommand(newAirgapListImagesCmd())
+	cmd.AddCommand(newAirgapBundleArtifactsCmd(log, nil))
 
 	return cmd
 }
@@ -0,0 +1,195 @@
+/*
+Copyright 2024 k0s authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package airgap
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/signal"
+	"strconv"
+	"syscall"
+
+	"github.com/k0sproject/k0s/internal/pkg/file"
+	"github.com/k0sproject/k0s/pkg/airgap"
+
+	"k8s.io/kubectl/pkg/util/term"
+
+	"github.com/containerd/platforms"
+	"github.com/distribution/reference"
+	imagespecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func newAirgapBundleArtifactsCmd(log logrus.FieldLogger, rewriteBundleRef airgap.RewriteRefFunc) *cobra.Command {
+	var (
+		outPath  string
+		platform = platforms.DefaultSpec()
+		bundler  = airgap.OCIArtifactsBundler{
+			Log:           log,
+			RewriteTarget: rewriteBundleRef,
+		}
+	)
+
+	cmd := &cobra.Command{
+		Use:   "bundle-artifacts [flags] [names...]",
+		Short: "Bundles artifacts needed for airgapped installations into a tarball",
+		Long: `Bundles artifacts needed for airgapped installations into a tarball. Fetches the
+artifacts from their OCI registries and bundles them into an OCI Image Layout
+archive (written to standard output by default). Reads names from standard input
+if no names are given on the command line.`,
+		RunE: func(cmd *cobra.Command, args []string) (err error) {
+			ctx, cancel := signal.NotifyContext(cmd.Context(), os.Interrupt, syscall.SIGTERM)
+			defer cancel()
+
+			cmd.SilenceUsage = true
+
+			bundler.PlatformMatcher = platforms.Only(platform)
+
+			var out io.Writer
+			if outPath == "" {
+				out = cmd.OutOrStdout()
+				if term.IsTerminal(out) {
+					return errors.New("cowardly refusing to write binary data to a terminal")
+				}
+			} else {
+				f, openErr := file.AtomicWithTarget(outPath).Open()
+				if openErr != nil {
+					return openErr
+				}
+				defer func() {
+					if err == nil {
+						err = f.Finish()
+					} else if closeErr := f.Close(); closeErr != nil {
+						err = errors.Join(err, closeErr)
+					}
+				}()
+				out = f
+			}
+
+			var refs []reference.Named
+			if len(args) > 0 {
+				refs, err = parseArtifactRefs(args)
+			} else {
+				refs, err = parseArtifactRefsFromReader(cmd.InOrStdin())
+			}
+			if err != nil {
+				return err
+			}
+
+			buffered := bufio.NewWriter(out)
+			if err := bundler.Run(ctx, refs, out); err != nil {
+				return err
+			}
+			return buffered.Flush()
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&outPath, "output", "o", "", "output file path (writes to standard output if omitted)")
+	flags.Var((*insecureRegistryFlag)(&bundler.InsecureRegistries), "insecure-registries", "one of no, skip-tls-verify or plain-http")
+	flags.Var((*platformFlag)(&platform), "platform", "the platform to export")
+	flags.StringArrayVar(&bundler.RegistriesConfigPaths, "registries-config", nil, "paths to the authentication files for OCI registries (uses the standard Docker config if omitted)")
+
+	return cmd
+}
+
+func parseArtifactRefsFromReader(in io.Reader) ([]reference.Named, error) {
+	words := bufio.NewScanner(in)
+	words.Split(bufio.ScanWords)
+
+	var refs []string
+	for words.Scan() {
+		refs = append(refs, words.Text())
+	}
+	if err := words.Err(); err != nil {
+		return nil, err
+	}
+
+	return parseArtifactRefs(refs)
+}
+
+func parseArtifactRefs(refs []string) ([]reference.Named, error) {
+	var collected []reference.Named
+	for _, ref := range refs {
+		parsed, err := reference.ParseNormalizedNamed(ref)
+		if err != nil {
+			return nil, fmt.Errorf("while parsing %s: %w", ref, err)
+		}
+		collected = append(collected, parsed)
+	}
+	return collected, nil
+}
+
+type insecureRegistryFlag airgap.InsecureOCIRegistryKind
+
+func (insecureRegistryFlag) Type() string {
+	return "string"
+}
+
+func (i insecureRegistryFlag) String() string {
+	switch (airgap.InsecureOCIRegistryKind)(i) {
+	case airgap.NoInsecureOCIRegistry:
+		return "no"
+	case airgap.SkipTLSVerifyOCIRegistry:
+		return "skip-tls-verify"
+	case airgap.PlainHTTPOCIRegistry:
+		return "plain-http"
+	default:
+		return strconv.Itoa(int(i))
+	}
+}
+
+func (i *insecureRegistryFlag) Set(value string) error {
+	var kind airgap.InsecureOCIRegistryKind
+
+	switch value {
+	case "no":
+		kind = airgap.NoInsecureOCIRegistry
+	case "skip-tls-verify":
+		kind = airgap.SkipTLSVerifyOCIRegistry
+	case "plain-http":
+		kind = airgap.PlainHTTPOCIRegistry
+	default:
+		return errors.New("must be one of no, skip-tls-verify or plain-http")
+	}
+
+	*(*airgap.InsecureOCIRegistryKind)(i) = kind
+	return nil
+}
+
+type platformFlag imagespecv1.Platform
+
+func (p *platformFlag) Type() string {
+	return "string"
+}
+
+func (p *platformFlag) String() string {
+	return platforms.FormatAll(*(*imagespecv1.Platform)(p))
+}
+
+func (p *platformFlag) Set(value string) error {
+	platform, err := platforms.Parse(value)
+	if err != nil {
+		return err
+	}
+	*(*imagespecv1.Platform)(p) = platform
+	return nil
+}