From 41674cbd4b561aac9483d0179092c37302b3b95a Mon Sep 17 00:00:00 2001 From: Josh French Date: Wed, 15 Apr 2026 16:56:49 -0400 Subject: [PATCH 01/32] Add support for arm64-based AMIs --- images/capi/Makefile | 9 +++++++-- images/capi/ansible/roles/node/meta/main.yml | 6 ++++-- .../ansible/roles/providers/tasks/aws.yml | 5 +++++ images/capi/packer/ami/amazon-2023-arm64.json | 19 +++++++++++++++++++ images/capi/packer/ami/packer.json | 2 +- images/capi/packer/ami/ubuntu-2204-arm64.json | 18 ++++++++++++++++++ images/capi/packer/ami/ubuntu-2404-arm64.json | 18 ++++++++++++++++++ images/capi/packer/goss/goss-package.yaml | 10 ++++++++++ images/capi/packer/goss/goss-vars.yaml | 3 ++- 9 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 images/capi/packer/ami/amazon-2023-arm64.json create mode 100644 images/capi/packer/ami/ubuntu-2204-arm64.json create mode 100644 images/capi/packer/ami/ubuntu-2404-arm64.json diff --git a/images/capi/Makefile b/images/capi/Makefile index 47d56c5965..496c7e1748 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -369,7 +369,7 @@ NODE_OVA_VSPHERE_BUILD_NAMES := $(addprefix node-ova-vsphere-,$(PLATFORMS_AND_V NODE_OVA_VSPHERE_BASE_BUILD_NAMES := $(addprefix node-ova-vsphere-base-,$(PLATFORMS_AND_VERSIONS)) NODE_OVA_VSPHERE_CLONE_BUILD_NAMES := $(addprefix node-ova-vsphere-clone-,$(PLATFORMS_AND_VERSIONS)) -AMI_BUILD_NAMES ?= ami-ubuntu-2204 ami-ubuntu-2404 ami-amazon-2 ami-amazon-2023 ami-flatcar ami-flatcar-arm64 ami-windows-2019 +AMI_BUILD_NAMES ?= ami-ubuntu-2204 ami-ubuntu-2404 ami-ubuntu-2204-arm64 ami-ubuntu-2404-arm64 ami-amazon-2 ami-amazon-2023 ami-amazon-2023-arm64 ami-flatcar ami-flatcar-arm64 ami-windows-2019 HUAWEICLOUD_BUILD_NAMES ?= huaweicloud-ubuntu-2204 GCE_BUILD_NAMES ?= gce-ubuntu-2204 gce-ubuntu-2404 @@ -698,8 +698,11 @@ $(RAW_CLEAN_TARGETS): ##@ Builds build-ami-amazon-2: ## Builds Amazon-2 Linux AMI build-ami-amazon-2023: ## Builds Amazon-2023 Linux AMI +build-ami-amazon-2023-arm64: ## Builds Amazon-2023 Linux arm64 AMI build-ami-ubuntu-2204: ## Builds Ubuntu 22.04 AMI +build-ami-ubuntu-2204-arm64: ## Builds Ubuntu 22.04 arm64 AMI build-ami-ubuntu-2404: ## Builds Ubuntu 24.04 AMI +build-ami-ubuntu-2404-arm64: ## Builds Ubuntu 24.04 arm64 AMI build-ami-flatcar: ## Builds Flatcar build-ami-flatcar-arm64: ## Builds Flatcar arm64 build-ami-windows-2019: ## Build Windows Server 2019 AMI Packer config @@ -876,11 +879,13 @@ build-scaleway-all: $(SCALEWAY_BUILD_TARGETS) ## Builds all Scaleway images ##@ Validate packer config validate-ami-amazon-2: ## Validates Amazon-2 Linux AMI Packer config validate-ami-amazon-2023: ## Validates Amazon-2023 Linux AMI Packer config +validate-ami-amazon-2023-arm64: ## Validates Amazon-2023 Linux arm64 AMI Packer config validate-ami-flatcar: ## Validates Flatcar AMI Packer config validate-ami-flatcar-arm64: ## Validates Flatcar arm64 AMI Packer config validate-ami-ubuntu-2204: ## Validates Ubuntu 22.04 AMI Packer config - +validate-ami-ubuntu-2204-arm64: ## Validates Ubuntu 22.04 arm64 AMI Packer config validate-ami-ubuntu-2404: ## Validates Ubuntu 24.04 AMI Packer config +validate-ami-ubuntu-2404-arm64: ## Validates Ubuntu 24.04 arm64 AMI Packer config validate-ami-windows-2019: ## Validates Windows Server 2019 AMI Packer config validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config diff --git a/images/capi/ansible/roles/node/meta/main.yml b/images/capi/ansible/roles/node/meta/main.yml index 573e70fb39..2920518bf3 100644 --- a/images/capi/ansible/roles/node/meta/main.yml +++ b/images/capi/ansible/roles/node/meta/main.yml @@ -29,7 +29,9 @@ dependencies: vars: rpms: "{{ common_rpms }}" debs: "{{ common_debs }}" - when: packer_builder_type == "oracle-oci" and ansible_facts['architecture'] == "aarch64" + when: > + ansible_facts['architecture'] == "aarch64" + and ansible_facts['distribution'] not in ["VMware Photon OS", "Amazon"] - role: setup vars: @@ -45,7 +47,7 @@ dependencies: debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs') }}" when: > ansible_facts['distribution'] not in ["VMware Photon OS", "Amazon"] - and not (packer_builder_type == "oracle-oci" and ansible_facts['architecture'] == "aarch64") + and ansible_facts['architecture'] != "aarch64" and not packer_builder_type is search('qemu') - role: setup diff --git a/images/capi/ansible/roles/providers/tasks/aws.yml b/images/capi/ansible/roles/providers/tasks/aws.yml index fabe8bf813..aa0c17ce4f 100644 --- a/images/capi/ansible/roles/providers/tasks/aws.yml +++ b/images/capi/ansible/roles/providers/tasks/aws.yml @@ -51,6 +51,11 @@ name: hv-kvp-daemon state: stopped enabled: false + register: disable_hypervisor + ignore_errors: true + failed_when: + - disable_hypervisor.failed + - '"Could not find" not in (disable_hypervisor.msg | default(""))' when: ansible_facts['os_family'] == "Debian" - name: Create cloud-init custom data source list diff --git a/images/capi/packer/ami/amazon-2023-arm64.json b/images/capi/packer/ami/amazon-2023-arm64.json new file mode 100644 index 0000000000..8ecb4de583 --- /dev/null +++ b/images/capi/packer/ami/amazon-2023-arm64.json @@ -0,0 +1,19 @@ +{ + "amazon_ssm_agent_rpm": "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm", + "ami_filter_arch": "arm64", + "ami_filter_name": "al2023-ami-minimal-2023.*-kernel-6.1*", + "ami_filter_owners": "amazon", + "arch": "arm64", + "build_name": "amazon-2023-arm64", + "builder_instance_type": "t4g.small", + "distribution": "Amazon Linux", + "distribution_release": "Amazon Linux 2023", + "distribution_version": "2023", + "distro_version": "2023", + "epel_rpm_gpg_key": "", + "goss_arch": "arm64", + "redhat_epel_rpm": "", + "root_device_name": "/dev/xvda", + "source_ami": "", + "ssh_username": "ec2-user" +} diff --git a/images/capi/packer/ami/packer.json b/images/capi/packer/ami/packer.json index 04f6b3054d..6c224997b5 100644 --- a/images/capi/packer/ami/packer.json +++ b/images/capi/packer/ami/packer.json @@ -125,7 +125,7 @@ "use_sudo": true, "vars_file": "{{user `goss_vars_file`}}", "vars_inline": { - "ARCH": "amd64", + "ARCH": "{{user `arch`}}", "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "amazon", diff --git a/images/capi/packer/ami/ubuntu-2204-arm64.json b/images/capi/packer/ami/ubuntu-2204-arm64.json new file mode 100644 index 0000000000..e58a0c5a5f --- /dev/null +++ b/images/capi/packer/ami/ubuntu-2204-arm64.json @@ -0,0 +1,18 @@ +{ + "ami_filter_arch": "arm64", + "ami_filter_name": "ubuntu/images/*ubuntu-jammy-22.04-arm64-server-*", + "ami_filter_owners": "099720109477", + "ansible_extra_vars": "", + "arch": "arm64", + "build_name": "ubuntu-22.04-arm64", + "builder_instance_type": "t4g.small", + "distribution": "Ubuntu", + "distribution_release": "jammy", + "distribution_version": "22.04", + "goss_arch": "arm64", + "root_device_name": "/dev/sda1", + "source_ami": "", + "ssh_username": "ubuntu", + "ubuntu_repo": "http://ports.ubuntu.com/ubuntu-ports", + "ubuntu_security_repo": "http://ports.ubuntu.com/ubuntu-ports" +} diff --git a/images/capi/packer/ami/ubuntu-2404-arm64.json b/images/capi/packer/ami/ubuntu-2404-arm64.json new file mode 100644 index 0000000000..adbbe07e8c --- /dev/null +++ b/images/capi/packer/ami/ubuntu-2404-arm64.json @@ -0,0 +1,18 @@ +{ + "ami_filter_arch": "arm64", + "ami_filter_name": "ubuntu/images/*ubuntu-noble-24.04-arm64-server-*", + "ami_filter_owners": "099720109477", + "ansible_extra_vars": "", + "arch": "arm64", + "build_name": "ubuntu-24.04-arm64", + "builder_instance_type": "t4g.small", + "distribution": "Ubuntu", + "distribution_release": "noble", + "distribution_version": "24.04", + "goss_arch": "arm64", + "root_device_name": "/dev/sda1", + "source_ami": "", + "ssh_username": "ubuntu", + "ubuntu_repo": "http://ports.ubuntu.com/ubuntu-ports", + "ubuntu_security_repo": "http://ports.ubuntu.com/ubuntu-ports" +} diff --git a/images/capi/packer/goss/goss-package.yaml b/images/capi/packer/goss/goss-package.yaml index 3781a9411d..e7496d1741 100644 --- a/images/capi/packer/goss/goss-package.yaml +++ b/images/capi/packer/goss/goss-package.yaml @@ -56,6 +56,16 @@ package: {{$key}}: {{$val}} {{end}} {{end}} +# x86-only provider packages (hypervisor tools not available on arm64) +{{if ne .Vars.ARCH "arm64"}} +{{range $name, $vers := index .Vars .Vars.OS .Vars.PROVIDER "package-x86"}} + {{$name}}: + installed: true + {{range $key, $val := $vers}} + {{$key}}: {{$val}} + {{end}} +{{end}} +{{end}} # Iterate thru different OS Versions like RHEL7/8, Photon 3/4(future) etc. {{$distro_version := .Vars.OS_VERSION}} diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 85c406031a..1abf73f76a 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -461,7 +461,8 @@ ubuntu: snap.amazon-ssm-agent.amazon-ssm-agent.service: enabled: true running: true - package: + package: {} + package-x86: linux-cloud-tools-virtual: linux-tools-virtual: command: From ed7ff4c49ee0a66201bbc600b975510f04c7949e Mon Sep 17 00:00:00 2001 From: Josh French Date: Mon, 27 Apr 2026 12:11:57 -0400 Subject: [PATCH 02/32] goss var naming --- images/capi/packer/goss/goss-package.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/capi/packer/goss/goss-package.yaml b/images/capi/packer/goss/goss-package.yaml index e7496d1741..93fcda4372 100644 --- a/images/capi/packer/goss/goss-package.yaml +++ b/images/capi/packer/goss/goss-package.yaml @@ -57,7 +57,7 @@ package: {{end}} {{end}} # x86-only provider packages (hypervisor tools not available on arm64) -{{if ne .Vars.ARCH "arm64"}} +{{if ne .Vars.arch "arm64"}} {{range $name, $vers := index .Vars .Vars.OS .Vars.PROVIDER "package-x86"}} {{$name}}: installed: true From b495b4ef610d5e918a476da548d5c829b9c949e2 Mon Sep 17 00:00:00 2001 From: Amim Knabben Date: Tue, 28 Apr 2026 10:22:55 -0300 Subject: [PATCH 03/32] ova: fix Photon 5 distro-sync failure due to alternatives/chkconfig conflict iptables-1.8.13-2.ph5 and ebtables-2.0.11-4.ph5 now require the alternatives package (introduced by Broadcom on April 9, 2026). The Photon 5 minimal installation ships chkconfig which conflicts with the new alternatives package, so it cannot be installed directly. The fix installs alternatives via Ansible with --allowerasing before distro-sync runs. This atomically replaces chkconfig with alternatives, satisfying the iptables/ebtables dependency and allowing distro-sync to complete successfully. Validated with a live vSphere build against the testbed. Ref: https://github.com/vmware/photon/issues/1646 Made-with: Cursor --- images/capi/ansible/roles/setup/tasks/photon.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/capi/ansible/roles/setup/tasks/photon.yml b/images/capi/ansible/roles/setup/tasks/photon.yml index 095b01cc2b..f1f86b698d 100644 --- a/images/capi/ansible/roles/setup/tasks/photon.yml +++ b/images/capi/ansible/roles/setup/tasks/photon.yml @@ -36,6 +36,11 @@ changed_when: '"Nothing to do" not in distro.stderr' when: not disable_public_repos|default(false)|bool +- name: Replace chkconfig with alternatives to satisfy iptables dependency + ansible.builtin.command: tdnf install -y alternatives --allowerasing + register: install_alternatives + changed_when: '"Nothing to do" not in install_alternatives.stderr' + - name: Perform a tdnf distro-sync ansible.builtin.command: tdnf distro-sync -y --refresh register: distro From b2c063763c02770d873ca061529e96e0137a7401 Mon Sep 17 00:00:00 2001 From: Amim Knabben Date: Tue, 28 Apr 2026 10:29:56 -0300 Subject: [PATCH 04/32] ova: also swap chkconfig->alternatives in vmware-photon provider role The setup role fix covers firstboot.yml, but vmware-photon.yml runs in node.yml (the second playbook) via the providers role. Add the same alternatives --allowerasing step before the cloud-init install so the fix is present even when node.yml is run independently. Suggested-by: bhllamoreaux Made-with: Cursor --- images/capi/ansible/roles/providers/tasks/vmware-photon.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/capi/ansible/roles/providers/tasks/vmware-photon.yml b/images/capi/ansible/roles/providers/tasks/vmware-photon.yml index 57ba6871a7..96b279adc9 100644 --- a/images/capi/ansible/roles/providers/tasks/vmware-photon.yml +++ b/images/capi/ansible/roles/providers/tasks/vmware-photon.yml @@ -13,6 +13,11 @@ # limitations under the License. --- +- name: Replace chkconfig with alternatives to satisfy iptables dependency + ansible.builtin.command: tdnf install -y alternatives --allowerasing + register: install_alternatives + changed_when: '"Nothing to do" not in install_alternatives.stderr' + - name: Install cloud-init and tools for VMware Photon OS ansible.builtin.command: tdnf install {{ packages }} -y vars: From 9ebf91a1db5f0598088f4f3ba2679300b0913cb5 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 5 May 2026 15:01:40 -0600 Subject: [PATCH 05/32] Bump ansible to v2.18.16 --- images/capi/hack/utils.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/capi/hack/utils.sh b/images/capi/hack/utils.sh index 090133cf9f..d5bd4418fa 100755 --- a/images/capi/hack/utils.sh +++ b/images/capi/hack/utils.sh @@ -15,7 +15,7 @@ # limitations under the License. # Note: ansible-core v2.18 supports Python 3.11-3.13. -_version_ansible_core="2.18.15" +_version_ansible_core="2.18.16" case "${OSTYPE}" in linux*) From 598fb620a8e3c75999cddb3bb3040a66f12350e8 Mon Sep 17 00:00:00 2001 From: Drew Hudson-Viles Date: Wed, 6 May 2026 16:44:12 +0100 Subject: [PATCH 06/32] chore(ci): updating the cloudbuild gcb-docker-gcloud image to the latest release --- cloudbuild.yaml | 2 +- docs/book/src/capi/releasing.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index e872db977a..9ad4a1e13a 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -3,7 +3,7 @@ timeout: 3000s options: substitution_option: ALLOW_LOOSE steps: - - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:63840f133e0dfeea0af9ef391210da7fab9d2676172e2967fccab0cd6110c4e7' # v20250513-9264efb079 + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:ff388e0dc16351e96f8464e2e185b74a7578a5ccb7a112cf3393468e59e6e2d2' # v20260205-38cfa9523f entrypoint: make env: - DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/docs/book/src/capi/releasing.md b/docs/book/src/capi/releasing.md index f9ba7fbaa3..2d5d4b4e2b 100644 --- a/docs/book/src/capi/releasing.md +++ b/docs/book/src/capi/releasing.md @@ -5,6 +5,7 @@ The current release of Image Builder is [v0.1.50][] (April 1, 2026). The corresp ## Release Process Releasing image-builder is a simple process: project maintainers should be able to follow the steps below in order to create a new release. +Before proceeding, make sure the current SHA being used in [`cloudbuild.yaml`](../../../../cloudbuild.yaml) is [still valid](https://console.cloud.google.com/artifacts/docker/k8s-staging-test-infra/us/gcr.io/gcb-docker-gcloud). If it is not, then the job that runs on tag will fail. ### Create a tag From 5cc8e31001037a13a80a054c7b7e4eb907fd1d74 Mon Sep 17 00:00:00 2001 From: Drew Hudson-Viles Date: Wed, 6 May 2026 17:48:48 +0100 Subject: [PATCH 07/32] docs: Update docs for image-builder v0.1.52 --- RELEASE.md | 4 ++-- docs/book/src/capi/container-image.md | 10 +++++----- docs/book/src/capi/releasing.md | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index a120cce83a..751252e50a 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,11 +1,11 @@ # Image Builder Releases -The current release of Image Builder is [v0.1.50][] (April 1, 2026). The corresponding container image is `registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50`. +The current release of Image Builder is [v0.1.52][] (April 1, 2026). The corresponding container image is `registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52`. ## Release Process For more detail about image-builder project releases, see the [Image Builder Book][]. -[v0.1.50]: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.50 +[v0.1.52]: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.52 [Image Builder Book]: https://image-builder.sigs.k8s.io/capi/releasing.html diff --git a/docs/book/src/capi/container-image.md b/docs/book/src/capi/container-image.md index c843ba07e6..8032af64c7 100644 --- a/docs/book/src/capi/container-image.md +++ b/docs/book/src/capi/container-image.md @@ -18,7 +18,7 @@ Run the docker build target of Makefile The latest image-builder container image release is available here: ```commandline -docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50 +docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52 ``` ### Examples @@ -27,7 +27,7 @@ docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v - If the AWS CLI is already installed on your machine, you can simply mount the `~/.aws` folder that stores all the required credentials. ```commandline - docker run -it --rm -v /Users//.aws:/home/imagebuilder/.aws registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50 build-ami-ubuntu-2404 + docker run -it --rm -v /Users//.aws:/home/imagebuilder/.aws registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52 build-ami-ubuntu-2404 ``` - Another alternative is to use an `aws-creds.env` file to load the credentials and pass it during docker run. @@ -37,7 +37,7 @@ docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v ``` ```commandline - docker run -it --rm --env-file aws-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50 build-ami-ubuntu-2404 + docker run -it --rm --env-file aws-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52 build-ami-ubuntu-2404 ``` - AZURE @@ -51,7 +51,7 @@ docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v ``` ```commandline - docker run -it --rm --env-file az-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50 build-azure-sig-ubuntu-2404 + docker run -it --rm --env-file az-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52 build-azure-sig-ubuntu-2404 ``` - Proxmox @@ -83,7 +83,7 @@ docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v - Docker's `--net=host` option to ensure http server starts with the host IP and not the Docker container IP. This option is Linux specific and thus implies that it can be run only from a Linux machine. ```commandline - docker run -it --rm --net=host --env PACKER_VAR_FILES=/home/imagebuilder/vsphere.json -v :/home/imagebuilder/vsphere.json registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50 build-node-ova-vsphere-ubuntu-2404 + docker run -it --rm --net=host --env PACKER_VAR_FILES=/home/imagebuilder/vsphere.json -v :/home/imagebuilder/vsphere.json registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52 build-node-ova-vsphere-ubuntu-2404 ``` In addition to this, further customizations can be done as discussed [here](./capi.md#customization). diff --git a/docs/book/src/capi/releasing.md b/docs/book/src/capi/releasing.md index 2d5d4b4e2b..0066bbd872 100644 --- a/docs/book/src/capi/releasing.md +++ b/docs/book/src/capi/releasing.md @@ -1,6 +1,6 @@ # Image Builder Releases -The current release of Image Builder is [v0.1.50][] (April 1, 2026). The corresponding container image is `registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.50`. +The current release of Image Builder is [v0.1.52][] (April 1, 2026). The corresponding container image is `registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.52`. ## Release Process @@ -23,7 +23,7 @@ Releases in image-builder follow [semantic versioning][semver] conventions. Curr - *If signing tags with GPG, makes your key available to the `git tag` command.* - Create a new tag: - `export IB_VERSION=v0.1.x` - - *Replace `x` with the next patch version. For example: `v0.1.51`.* + - *Replace `x` with the next patch version. For example: `v0.1.53`.* - `git tag -s -m "Image Builder ${IB_VERSION}" ${IB_VERSION}` - `git push upstream ${IB_VERSION}` @@ -78,11 +78,11 @@ Wait for this PR to merge before communicating the release to users, so image-bu In the [#image-builder channel][] on the Kubernetes Slack, post a message announcing the new release. Include a link to the GitHub release and a thanks to the contributors: ``` -Image-builder v0.1.51 is now available: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.51 +Image-builder v0.1.53 is now available: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.53 Thanks to all contributors! ``` -[v0.1.50]: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.50 +[v0.1.52]: https://github.com/kubernetes-sigs/image-builder/releases/tag/v0.1.52 [#image-builder channel]: https://kubernetes.slack.com/archives/C01E0Q35A8J [Personal access tokens]: https://github.com/settings/tokens [post-image-builder-push-images]: https://prow.k8s.io/?repo=kubernetes-sigs%2Fimage-builder&type=postsubmit&job=post-image-builder-push-images From a6e54d69f84eae307845c73abdc5416e906e6dac Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 7 May 2026 19:40:27 -0600 Subject: [PATCH 08/32] Fix windows-cvm source SKUs after Marketplace removal The MicrosoftWindowsServer/windows-cvm Marketplace offer no longer publishes any image versions, breaking pull-azure-sigs builds for sig-windows-2019-containerd-cvm and sig-windows-2022-containerd-cvm. Switch the source images to the corresponding Gen2 SKUs in the WindowsServer offer. The SIG image definition created by init-sig.sh already sets SecurityType=ConfidentialVmSupported, so the resulting captured images remain CVM-capable for downstream consumers. Refs: #1996 --- images/capi/packer/azure/windows-2019-containerd-cvm.json | 4 ++-- images/capi/packer/azure/windows-2022-containerd-cvm.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/capi/packer/azure/windows-2019-containerd-cvm.json b/images/capi/packer/azure/windows-2019-containerd-cvm.json index add3275f06..53dd3a834d 100644 --- a/images/capi/packer/azure/windows-2019-containerd-cvm.json +++ b/images/capi/packer/azure/windows-2019-containerd-cvm.json @@ -4,9 +4,9 @@ "build_name": "windows-2019-containerd-cvm", "distribution": "windows", "distribution_version": "2019", - "image_offer": "windows-cvm", + "image_offer": "WindowsServer", "image_publisher": "MicrosoftWindowsServer", - "image_sku": "2019-datacenter-cvm", + "image_sku": "2019-datacenter-gensecond", "image_version": "latest", "load_additional_components": "false", "runtime": "containerd", diff --git a/images/capi/packer/azure/windows-2022-containerd-cvm.json b/images/capi/packer/azure/windows-2022-containerd-cvm.json index 6e770db638..daa07c0051 100644 --- a/images/capi/packer/azure/windows-2022-containerd-cvm.json +++ b/images/capi/packer/azure/windows-2022-containerd-cvm.json @@ -4,9 +4,9 @@ "build_name": "windows-2022-containerd-cvm", "distribution": "windows", "distribution_version": "2022", - "image_offer": "windows-cvm", + "image_offer": "WindowsServer", "image_publisher": "MicrosoftWindowsServer", - "image_sku": "2022-datacenter-cvm", + "image_sku": "2022-datacenter-g2", "image_version": "latest", "load_additional_components": "false", "runtime": "containerd", From 7e4c97c780b87fbeb643c4487edf4a9037fd1528 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 7 May 2026 20:05:25 -0600 Subject: [PATCH 09/32] Remove dead python2 references These references target RHEL/CentOS 7 and 8, which are no longer build targets in image-builder (the README lists only RHEL 9, Rocky 9, AlmaLinux 9, CentOS 9). The python2-pip install task in vmware-redhat.yml was gated on distribution_major_version <= 8, and the pip<21.0 upgrade was gated on == 7; both conditions are now unreachable. The python2-pip entries in goss-vars.yaml were similarly unused. Refs: #578 --- .../roles/providers/tasks/vmware-redhat.yml | 17 ----------------- images/capi/packer/goss/goss-vars.yaml | 4 ---- 2 files changed, 21 deletions(-) diff --git a/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml b/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml index 1757c6f5ca..419db14754 100644 --- a/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml +++ b/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml @@ -30,23 +30,6 @@ ansible.builtin.set_fact: cloud_init_version: "{{ ansible_facts.packages['cloud-init'][0].version }}" -- name: Install python2 pip - ansible.builtin.dnf: - name: "{{ packages }}" - state: present - vars: - packages: - - python2-pip - when: ansible_facts['distribution_major_version']|int <= 8 - -# pip on CentOS needs to be upgraded, but since it's still -# Python 2.7, need < 21.0 -- name: Upgrade pip - ansible.builtin.pip: - name: pip<21.0 - state: forcereinstall - when: ansible_facts['distribution_major_version'] == '7' - # Directly installing Guestinfo datasource is needed so long as # cloud-init is < 21.3 - name: Directly install Guestinfo diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 8e521468a9..986d3ebf25 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -156,7 +156,6 @@ centos: open-vm-tools: ova: package: - python2-pip: open-vm-tools: qemu: package: @@ -171,7 +170,6 @@ centos: package: cloud-init: cloud-utils-growpart: - python2-pip: almalinux: common-package: *common_rpms ova: @@ -278,7 +276,6 @@ rockylinux: os_version: - distro_version: "8" package: - python2-pip: <<: *rh8_rpms - distro_version: "9" package: @@ -379,7 +376,6 @@ rhel: os_version: - distro_version: "8" package: - python2-pip: <<: *rh8_rpms - distro_version: "9" package: From 2b67324d70c105dad0450c222abc6c8c44499f0c Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 7 May 2026 20:15:30 -0600 Subject: [PATCH 10/32] Remove dead RHEL 7/8 ansible code paths and orphaned nutanix cloud-init files The repo no longer builds RHEL/CentOS 7 or 8 (only -9 variants are in the Makefile and README matrix), so several conditional tasks and a pair of orphaned Nutanix cloud-init templates are unreachable: - roles/providers/tasks/main.yml: 'Set cloudinit feature flags for redhat 8' (gated on RHEL 8). - roles/sysprep/tasks/main.yml: 'not (RedHat and major_version <= 7)' guard around journalctl rotate. - packer/nutanix/linux/cloud-init/{rhel,rockylinux}/8/user-data.tmpl: no rhel-8.json or rockylinux-8.json consumes them. --- images/capi/ansible/roles/providers/tasks/main.yml | 9 --------- images/capi/ansible/roles/sysprep/tasks/main.yml | 1 - .../nutanix/linux/cloud-init/rhel/8/user-data.tmpl | 9 --------- .../nutanix/linux/cloud-init/rockylinux/8/user-data.tmpl | 9 --------- 4 files changed, 28 deletions(-) delete mode 100644 images/capi/packer/nutanix/linux/cloud-init/rhel/8/user-data.tmpl delete mode 100644 images/capi/packer/nutanix/linux/cloud-init/rockylinux/8/user-data.tmpl diff --git a/images/capi/ansible/roles/providers/tasks/main.yml b/images/capi/ansible/roles/providers/tasks/main.yml index 38b651856b..88be9ddf1a 100644 --- a/images/capi/ansible/roles/providers/tasks/main.yml +++ b/images/capi/ansible/roles/providers/tasks/main.yml @@ -143,15 +143,6 @@ mode: "0644" when: ansible_facts['os_family'] == "Debian" -- name: Set cloudinit feature flags for redhat 8 - ansible.builtin.copy: - src: usr/lib/python3/site-packages/cloudinit/feature_overrides.py - dest: /usr/lib/python3.6/site-packages/cloudinit/feature_overrides.py - owner: root - group: root - mode: "0644" - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution'] == "RedHat" and ansible_facts['distribution_major_version'] == "8" - - name: Set cloudinit feature flags for redhat 9 ansible.builtin.copy: src: usr/lib/python3/site-packages/cloudinit/feature_overrides.py diff --git a/images/capi/ansible/roles/sysprep/tasks/main.yml b/images/capi/ansible/roles/sysprep/tasks/main.yml index 1c7402a1a8..92ce7db64d 100644 --- a/images/capi/ansible/roles/sysprep/tasks/main.yml +++ b/images/capi/ansible/roles/sysprep/tasks/main.yml @@ -239,7 +239,6 @@ ansible.builtin.shell: cmd: | journalctl --rotate - when: not ( ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version']|int <= 7 ) - name: Remove archived journalctl logs ansible.builtin.shell: diff --git a/images/capi/packer/nutanix/linux/cloud-init/rhel/8/user-data.tmpl b/images/capi/packer/nutanix/linux/cloud-init/rhel/8/user-data.tmpl deleted file mode 100644 index 246b32e0e9..0000000000 --- a/images/capi/packer/nutanix/linux/cloud-init/rhel/8/user-data.tmpl +++ /dev/null @@ -1,9 +0,0 @@ -#cloud-config -users: - - name: builder - sudo: ['ALL=(ALL) NOPASSWD:ALL'] -chpasswd: - list: | - builder:$SSH_PASSWORD - expire: False -ssh_pwauth: True \ No newline at end of file diff --git a/images/capi/packer/nutanix/linux/cloud-init/rockylinux/8/user-data.tmpl b/images/capi/packer/nutanix/linux/cloud-init/rockylinux/8/user-data.tmpl deleted file mode 100644 index 246b32e0e9..0000000000 --- a/images/capi/packer/nutanix/linux/cloud-init/rockylinux/8/user-data.tmpl +++ /dev/null @@ -1,9 +0,0 @@ -#cloud-config -users: - - name: builder - sudo: ['ALL=(ALL) NOPASSWD:ALL'] -chpasswd: - list: | - builder:$SSH_PASSWORD - expire: False -ssh_pwauth: True \ No newline at end of file From 1ae7ef894ed6ff2c65acac484720c52b54f12c12 Mon Sep 17 00:00:00 2001 From: Alexis Lethuillier Date: Mon, 11 May 2026 15:40:56 +0200 Subject: [PATCH 11/32] fix(ansible): disable both .list and .sources repos when disable_public_repos=true --- images/capi/ansible/roles/setup/tasks/debian.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/images/capi/ansible/roles/setup/tasks/debian.yml b/images/capi/ansible/roles/setup/tasks/debian.yml index f860fd09d4..8ae23482c0 100644 --- a/images/capi/ansible/roles/setup/tasks/debian.yml +++ b/images/capi/ansible/roles/setup/tasks/debian.yml @@ -59,7 +59,9 @@ paths: - /etc/apt - /etc/apt/sources.list.d - patterns: "*.list" + patterns: + - "*.list" + - "*.sources" register: repo_files when: disable_public_repos|bool From 14be687d3d24bf83c685ab38a6d4119ed26b427f Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 11 May 2026 09:29:41 -0600 Subject: [PATCH 12/32] Windows: robustify StartKubelet.ps1 kubelet bootstrap --- .../kubernetes/templates/StartKubelet.ps1 | 38 ++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/images/capi/ansible/windows/roles/kubernetes/templates/StartKubelet.ps1 b/images/capi/ansible/windows/roles/kubernetes/templates/StartKubelet.ps1 index fbe93fa504..629c471d3b 100644 --- a/images/capi/ansible/windows/roles/kubernetes/templates/StartKubelet.ps1 +++ b/images/capi/ansible/windows/roles/kubernetes/templates/StartKubelet.ps1 @@ -13,18 +13,30 @@ # limitations under the License. # From https://github.com/kubernetes-sigs/sig-windows-tools/blob/master/kubeadm/scripts/PrepareNode.ps1 -$FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env" -$kubeAdmArgs = $FileContent.TrimStart('KUBELET_KUBEADM_ARGS=').Trim('"') +$FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env" -Raw +# Substring strip (not char-set) of the KUBELET_KUBEADM_ARGS="..." wrapper. +$kubeAdmArgs = ($FileContent -replace '(?s)^\s*KUBELET_KUBEADM_ARGS=("?)(.*?)\1\s*$', '$2').Trim() -$args = "--cert-dir=$env:SYSTEMDRIVE/var/lib/kubelet/pki", - "--config=$env:SYSTEMDRIVE/var/lib/kubelet/config.yaml", - "--bootstrap-kubeconfig=$env:SYSTEMDRIVE/etc/kubernetes/bootstrap-kubelet.conf", - "--kubeconfig=$env:SYSTEMDRIVE/etc/kubernetes/kubelet.conf", - "--hostname-override=$(hostname)", - "--enable-debugging-handlers", - "--cgroups-per-qos=false", - "--enforce-node-allocatable=`"`"", - "--resolv-conf=`"`"" +$argList = @( + "--cert-dir=$env:SYSTEMDRIVE/var/lib/kubelet/pki", + "--config=$env:SYSTEMDRIVE/var/lib/kubelet/config.yaml", + "--bootstrap-kubeconfig=$env:SYSTEMDRIVE/etc/kubernetes/bootstrap-kubelet.conf", + "--kubeconfig=$env:SYSTEMDRIVE/etc/kubernetes/kubelet.conf", + "--hostname-override=$(hostname)", + "--enable-debugging-handlers", + "--cgroups-per-qos=false", + '--enforce-node-allocatable=""', + '--resolv-conf=""' +) +if ($kubeAdmArgs) { + $argList += $kubeAdmArgs -split '\s+' +} -$kubeletCommandLine = "{{ kubernetes_install_path }}\kubelet.exe " + ($args -join " ") + " $kubeAdmArgs" -Invoke-Expression $kubeletCommandLine +# Log the resolved command line so failures are diagnosable from the kubelet log dir. +$kubeletExe = "{{ kubernetes_install_path }}\kubelet.exe" +$logDir = "$env:SYSTEMDRIVE\var\log\kubelet" +New-Item -ItemType Directory -Force -Path $logDir | Out-Null +"$(Get-Date -Format o) $kubeletExe $($argList -join ' ')" | Out-File -Append -FilePath "$logDir\start-kubelet.log" + +# Splat the args so PowerShell does not re-interpret values containing `=`, `:`, `$`, etc. +& $kubeletExe @argList From 36d3653dda6896c533df40ddeba63bab0c16795c Mon Sep 17 00:00:00 2001 From: Damiano Donati Date: Wed, 13 May 2026 09:35:35 +0200 Subject: [PATCH 13/32] Bump CAPG nightly Kubernetes versions to 1.34.8 and 1.35.5 --- images/capi/packer/gce/ci/nightly/overwrite-1-34.json | 6 +++--- images/capi/packer/gce/ci/nightly/overwrite-1-35.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/capi/packer/gce/ci/nightly/overwrite-1-34.json b/images/capi/packer/gce/ci/nightly/overwrite-1-34.json index 8a36fb79e5..cdb14d1157 100644 --- a/images/capi/packer/gce/ci/nightly/overwrite-1-34.json +++ b/images/capi/packer/gce/ci/nightly/overwrite-1-34.json @@ -1,8 +1,8 @@ { "build_timestamp": "nightly", - "kubernetes_deb_version": "1.34.3-1.1", - "kubernetes_rpm_version": "1.34.3", - "kubernetes_semver": "v1.34.3", + "kubernetes_deb_version": "1.34.8-1.1", + "kubernetes_rpm_version": "1.34.8", + "kubernetes_semver": "v1.34.8", "kubernetes_series": "v1.34", "service_account_email": "gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" } diff --git a/images/capi/packer/gce/ci/nightly/overwrite-1-35.json b/images/capi/packer/gce/ci/nightly/overwrite-1-35.json index 801e4116f1..bdba85ed41 100644 --- a/images/capi/packer/gce/ci/nightly/overwrite-1-35.json +++ b/images/capi/packer/gce/ci/nightly/overwrite-1-35.json @@ -1,8 +1,8 @@ { "build_timestamp": "nightly", - "kubernetes_deb_version": "1.35.0-1.1", - "kubernetes_rpm_version": "1.35.0", - "kubernetes_semver": "v1.35.0", + "kubernetes_deb_version": "1.35.5-1.1", + "kubernetes_rpm_version": "1.35.5", + "kubernetes_semver": "v1.35.5", "kubernetes_series": "v1.35", "service_account_email": "gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com" } From 1f4c42b159d5153776190c914b7acd557409effa Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 7 May 2026 20:17:48 -0600 Subject: [PATCH 14/32] Remove dead RHEL/CentOS 8 entries from goss-vars These distro_version: "8" blocks (and a couple of related python2-pip entries) are unreachable: image-builder no longer ships any *-8 build targets, only the *-9 variants in the README matrix and Makefile. Also drops a few empty 'os_version:' keys left behind after removing the only child entry. The 'rh8_rpms' YAML alias is kept because Oracle Linux 9's OCI block still references it (and 'curl', 'yum-utils', 'nftables', 'python3-netifaces', 'python3-requests' are all valid on OL 9, so behavior is unchanged). --- images/capi/packer/goss/goss-vars.yaml | 44 -------------------------- 1 file changed, 44 deletions(-) diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 986d3ebf25..a04b7bf73a 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -176,9 +176,6 @@ almalinux: package: open-vm-tools: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -257,10 +254,6 @@ rockylinux: amazon: package: amazon-ssm-agent: - os_version: - - distro_version: "8" - package: - <<: *rh8_rpms command: /usr/local/sbin/aws --version: exit-status: 0 @@ -274,9 +267,6 @@ rockylinux: package: open-vm-tools: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -286,9 +276,6 @@ rockylinux: cloud-init: cloud-utils: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -300,9 +287,6 @@ rockylinux: lvm2: xfsprogs: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -314,10 +298,6 @@ rockylinux: package: cloud-init: cloud-utils-growpart: - os_version: - - distro_version: "8" - package: - <<: *rh8_rpms openstack: package: cloud-init: @@ -339,10 +319,6 @@ rhel: amazon: package: amazon-ssm-agent: - os_version: - - distro_version: "8" - package: - <<: *rh8_rpms command: /usr/local/sbin/aws --version: exit-status: 0 @@ -355,10 +331,6 @@ rhel: azure: package: open-vm-tools: - os_version: - - distro_version: "8" - package: - <<: *rh8_rpms gcp: command: find -L /bin -maxdepth 1 -type f -executable -printf "%f\n" | grep -Fx 'gcloud': @@ -366,17 +338,10 @@ rhel: stdout: ["gcloud"] stderr: [] timeout: 0 - os_version: - - distro_version: "8" - package: - <<: *rh8_rpms ova: package: open-vm-tools: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -386,9 +351,6 @@ rhel: cloud-init: cloud-utils-growpart: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -397,9 +359,6 @@ rhel: cloud-init: cloud-utils-growpart: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms @@ -411,9 +370,6 @@ rhel: lvm2: xfsprogs: os_version: - - distro_version: "8" - package: - <<: *rh8_rpms - distro_version: "9" package: <<: *rh9_rpms From 3d71228d37b878701c838961e8325743a488c4d4 Mon Sep 17 00:00:00 2001 From: Aman Shrivastava Date: Mon, 11 May 2026 15:46:53 +0530 Subject: [PATCH 15/32] Add CentOS Stream 10 support for PowerVS image builds - Add packer/powervs/centos-10.json with CentOS Stream 10 base image config - Add powervs-centos-10 build and validate targets to Makefile - Exclude lsvpd from dnf update (IBM RHEL9 repo provides incompatible version on CentOS 10) - Skip ifcfg network reset for CentOS 10 (network-scripts dir removed in CentOS 10) --- images/capi/Makefile | 3 ++- images/capi/ansible/roles/setup/tasks/redhat.yml | 1 + images/capi/ansible/roles/sysprep/tasks/redhat.yml | 4 ++-- images/capi/packer/powervs/centos-10.json | 9 +++++++++ 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 images/capi/packer/powervs/centos-10.json diff --git a/images/capi/Makefile b/images/capi/Makefile index 47d56c5965..ecf67d670b 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -397,7 +397,7 @@ QEMU_KUBEVIRT_BUILD_NAMES := $(addprefix kubevirt-,$(QEMU_BUILD_NAMES)) RAW_BUILD_NAMES ?= raw-ubuntu-2204 raw-ubuntu-2204-efi raw-ubuntu-2404 raw-ubuntu-2404-efi raw-flatcar raw-rhel-9 raw-rhel-9-efi -POWERVS_BUILD_NAMES ?= powervs-centos-9 +POWERVS_BUILD_NAMES ?= powervs-centos-9 powervs-centos-10 NUTANIX_BUILD_NAMES ?= nutanix-ubuntu-2204 nutanix-ubuntu-2404 nutanix-rhel-9 nutanix-rockylinux-9 nutanix-flatcar nutanix-windows-2022 @@ -977,6 +977,7 @@ validate-osc-ubuntu-2404: ## Validates Ubuntu 24.04 Outscale Snapshot Packer con validate-osc-all: $(OSC_VALIDATE_TARGETS) ## Validates all Outscale Snapshot Packer config validate-powervs-centos-9: ## Validates the PowerVS CentOS 9 image packer config +validate-powervs-centos-10: ## Validates the PowerVS CentOS 10 image packer config validate-powervs-all: $(POWERVS_VALIDATE_TARGETS) ## Validates all PowerVS Packer config validate-nutanix-ubuntu-2204: ## Validates Ubuntu 22.04 Nutanix Packer config diff --git a/images/capi/ansible/roles/setup/tasks/redhat.yml b/images/capi/ansible/roles/setup/tasks/redhat.yml index 6bf171aa2b..5d2839f278 100644 --- a/images/capi/ansible/roles/setup/tasks/redhat.yml +++ b/images/capi/ansible/roles/setup/tasks/redhat.yml @@ -59,6 +59,7 @@ name: "*" state: latest lock_timeout: 60 + exclude: "{{ 'lsvpd*' if ansible_facts['distribution_major_version']|int == 10 else omit }}" - name: Install baseline dependencies ansible.builtin.dnf: diff --git a/images/capi/ansible/roles/sysprep/tasks/redhat.yml b/images/capi/ansible/roles/sysprep/tasks/redhat.yml index 78ab8670c4..f7d038d560 100644 --- a/images/capi/ansible/roles/sysprep/tasks/redhat.yml +++ b/images/capi/ansible/roles/sysprep/tasks/redhat.yml @@ -72,7 +72,7 @@ ansible.builtin.shell: | set -o pipefail sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-* - when: packer_builder_type != "googlecompute" and ansible_facts['distribution_major_version']|int != 9 + when: packer_builder_type != "googlecompute" and ansible_facts['distribution_major_version']|int not in [9, 10] - name: Migrate interface configuration files to NetworkManager keyfiles ansible.builtin.command: nmcli connection migrate @@ -80,7 +80,7 @@ - name: Reset network interface IDs ansible.builtin.shell: sed -i '/^\(uuid\)=/d' /etc/NetworkManager/system-connections/*.nmconnection - when: packer_builder_type != "googlecompute" and ansible_facts['distribution_major_version']|int == 9 + when: packer_builder_type != "googlecompute" and ansible_facts['distribution_major_version']|int in [9, 10] - name: Remove the kickstart log ansible.builtin.file: diff --git a/images/capi/packer/powervs/centos-10.json b/images/capi/packer/powervs/centos-10.json new file mode 100644 index 0000000000..c7e3f20878 --- /dev/null +++ b/images/capi/packer/powervs/centos-10.json @@ -0,0 +1,9 @@ +{ + "build_name": "centos-streams10", + "epel_rpm_gpg_key": "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10", + "redhat_epel_rpm": "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm", + "source_cos_bucket": "power-oss-bucket", + "source_cos_object": "centos-streams-10.ova.gz", + "source_cos_region": "us-south", + "ssh_username": "root" +} From 7fb4109e2dd3818a7e85cae7af20c25d8102c295 Mon Sep 17 00:00:00 2001 From: Drew Hudson-Viles Date: Sun, 10 May 2026 21:34:32 +0100 Subject: [PATCH 16/32] feat: adding containerd_enable_limit_no_file as an option to allow users to add this file on demand as required. We still keep the original parameters but are adding an OR option for this so we can use it in a wider scope - defaulting the option to false. Also adding goss checks for this. --- docs/book/src/capi/containerd/customizing-containerd.md | 8 ++++++++ images/capi/ansible/roles/containerd/defaults/main.yml | 1 + images/capi/ansible/roles/containerd/tasks/main.yml | 2 +- images/capi/packer/ami/packer.json | 3 +++ images/capi/packer/azure/packer.json | 3 +++ images/capi/packer/config/ansible-args.json | 2 +- images/capi/packer/config/containerd.json | 1 + images/capi/packer/digitalocean/packer.json | 1 + images/capi/packer/gce/packer.json | 2 ++ images/capi/packer/goss/goss-files.yaml | 7 +++++++ images/capi/packer/goss/goss-vars.yaml | 1 + images/capi/packer/hcloud/packer.json | 3 +++ images/capi/packer/huaweicloud/packer.json | 3 +++ images/capi/packer/maas/packer.json.tmpl | 2 ++ images/capi/packer/nutanix/packer.json.tmpl | 2 ++ images/capi/packer/oci/packer.json | 2 ++ images/capi/packer/openstack/packer.json | 2 ++ images/capi/packer/outscale/packer.json | 2 ++ images/capi/packer/ova/packer-node.json | 1 + images/capi/packer/powervs/packer.json | 1 + images/capi/packer/proxmox/packer.json.tmpl | 2 ++ images/capi/packer/qemu/packer.json.tmpl | 2 ++ images/capi/packer/raw/packer.json.tmpl | 2 ++ images/capi/packer/scaleway/packer.json | 2 ++ images/capi/packer/vultr/packer.json | 1 + 25 files changed, 56 insertions(+), 2 deletions(-) diff --git a/docs/book/src/capi/containerd/customizing-containerd.md b/docs/book/src/capi/containerd/customizing-containerd.md index e6baaf9c35..ef4cb6c88a 100644 --- a/docs/book/src/capi/containerd/customizing-containerd.md +++ b/docs/book/src/capi/containerd/customizing-containerd.md @@ -84,3 +84,11 @@ You can also add further configuration by adding values for `containerd_addition end of the [`config.toml`](https://github.com/kubernetes-sigs/image-builder/blob/main/images/capi/ansible/roles/containerd/templates/etc/containerd/config.toml#L86) default template. + +## Overriding `LimitNOFILE` + +By default a `LimitNOFILE` systemd drop-in (capping the value at `1048576`) is only deployed on +Common Base Linux Mariner, Flatcar, and Microsoft Azure Linux, where the upstream `infinity` value +has been known to cause issues with some containerized software. To opt-in to deploying the same +drop-in on other operating systems, set `containerd_enable_limit_no_file` to `true`. It defaults to +`false`. diff --git a/images/capi/ansible/roles/containerd/defaults/main.yml b/images/capi/ansible/roles/containerd/defaults/main.yml index a470d15d2e..ff5dc0e4b5 100644 --- a/images/capi/ansible/roles/containerd/defaults/main.yml +++ b/images/capi/ansible/roles/containerd/defaults/main.yml @@ -13,6 +13,7 @@ # limitations under the License. --- containerd_config_file: etc/containerd/config.toml +containerd_enable_limit_no_file: false containerd_gvisor_runtime: false containerd_gvisor_version: latest containerd_baseurl: https://github.com/containerd/containerd/releases/download/v{{ containerd_version }} diff --git a/images/capi/ansible/roles/containerd/tasks/main.yml b/images/capi/ansible/roles/containerd/tasks/main.yml index b76ae006db..a6df889ce3 100644 --- a/images/capi/ansible/roles/containerd/tasks/main.yml +++ b/images/capi/ansible/roles/containerd/tasks/main.yml @@ -157,7 +157,7 @@ dest: /etc/systemd/system/containerd.service.d/limit-nofile.conf src: etc/systemd/system/containerd.service.d/limit-nofile.conf mode: "0644" - when: ansible_facts['os_family'] in ["Common Base Linux Mariner", "Flatcar", "Microsoft Azure Linux"] + when: ansible_facts['os_family'] in ["Common Base Linux Mariner", "Flatcar", "Microsoft Azure Linux"] or containerd_enable_limit_no_file | bool - name: Create containerd http proxy conf file if needed ansible.builtin.template: diff --git a/images/capi/packer/ami/packer.json b/images/capi/packer/ami/packer.json index c8e5e787ac..4d3507497e 100644 --- a/images/capi/packer/ami/packer.json +++ b/images/capi/packer/ami/packer.json @@ -71,6 +71,7 @@ "post-processors": [ { "custom_data": { + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_version": "{{user `containerd_version`}}", @@ -129,6 +130,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "amazon", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -163,6 +165,7 @@ "aws_session_token": "", "build_timestamp": "{{timestamp}}", "builder_instance_type": "t3.small", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/azure/packer.json b/images/capi/packer/azure/packer.json index 84c55d70b8..6a4595b39e 100644 --- a/images/capi/packer/azure/packer.json +++ b/images/capi/packer/azure/packer.json @@ -104,6 +104,7 @@ "build_name": "{{user `build_name`}}", "build_timestamp": "{{user `build_timestamp`}}", "build_type": "node", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_version": "{{user `containerd_version`}}", @@ -178,6 +179,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "azure", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -220,6 +222,7 @@ "client_secret": null, "cloud_environment_name": "public", "community_gallery_image_id": "", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/config/ansible-args.json b/images/capi/packer/config/ansible-args.json index b4f74f877f..a875a0ad47 100644 --- a/images/capi/packer/config/ansible-args.json +++ b/images/capi/packer/config/ansible-args.json @@ -1,5 +1,5 @@ { "ansible_common_ssh_args": "-o IdentitiesOnly=yes", - "ansible_common_vars": "containerd_gvisor_runtime={{user `containerd_gvisor_runtime`}} containerd_gvisor_version={{user `containerd_gvisor_version`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_image_pull_progress_timeout={{user `containerd_image_pull_progress_timeout`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" containerd_wasm_shims_runtime_versions=\"{{user `containerd_wasm_shims_runtime_versions`}}\" crictl_version={{user `crictl_version`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" node_custom_roles_post_sysprep=\"{{user `node_custom_roles_post_sysprep`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_kernel_boot_params=\"{{user `extra_kernel_boot_params`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} ecr_credential_provider={{ user `ecr_credential_provider` }} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }} kubernetes_enable_automatic_resource_sizing={{ user `kubernetes_enable_automatic_resource_sizing` }} debug_tools={{user `debug_tools`}} ubuntu_repo={{user `ubuntu_repo`}} ubuntu_security_repo={{user `ubuntu_security_repo`}} gpu_block_nouveau_loading={{user `block_nouveau_loading`}} runc_version={{user `runc_version`}} containerd_service_url={{user `containerd_service_url`}} netplan_removal_excludes=\"{{user `netplan_removal_excludes`}}\"", + "ansible_common_vars": "containerd_gvisor_runtime={{user `containerd_gvisor_runtime`}} containerd_gvisor_version={{user `containerd_gvisor_version`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_image_pull_progress_timeout={{user `containerd_image_pull_progress_timeout`}} containerd_enable_limit_no_file={{user `containerd_enable_limit_no_file`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" containerd_wasm_shims_runtime_versions=\"{{user `containerd_wasm_shims_runtime_versions`}}\" crictl_version={{user `crictl_version`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" node_custom_roles_post_sysprep=\"{{user `node_custom_roles_post_sysprep`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_kernel_boot_params=\"{{user `extra_kernel_boot_params`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} ecr_credential_provider={{ user `ecr_credential_provider` }} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }} kubernetes_enable_automatic_resource_sizing={{ user `kubernetes_enable_automatic_resource_sizing` }} debug_tools={{user `debug_tools`}} ubuntu_repo={{user `ubuntu_repo`}} ubuntu_security_repo={{user `ubuntu_security_repo`}} gpu_block_nouveau_loading={{user `block_nouveau_loading`}} runc_version={{user `runc_version`}} containerd_service_url={{user `containerd_service_url`}} netplan_removal_excludes=\"{{user `netplan_removal_excludes`}}\"", "ansible_scp_extra_args": "{{env `ANSIBLE_SCP_EXTRA_ARGS`}}" } diff --git a/images/capi/packer/config/containerd.json b/images/capi/packer/config/containerd.json index 08b1d789da..0c2a4c5b15 100644 --- a/images/capi/packer/config/containerd.json +++ b/images/capi/packer/config/containerd.json @@ -1,6 +1,7 @@ { "containerd_additional_settings": null, "containerd_cri_socket": "/var/run/containerd/containerd.sock", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/digitalocean/packer.json b/images/capi/packer/digitalocean/packer.json index 35750d72ea..2ab3b84ac8 100644 --- a/images/capi/packer/digitalocean/packer.json +++ b/images/capi/packer/digitalocean/packer.json @@ -43,6 +43,7 @@ "ansible_extra_vars": "", "ansible_scp_extra_args": "", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/gce/packer.json b/images/capi/packer/gce/packer.json index 498e57e580..5347ea49a3 100644 --- a/images/capi/packer/gce/packer.json +++ b/images/capi/packer/gce/packer.json @@ -65,6 +65,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "gcp", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -86,6 +87,7 @@ "ansible_extra_vars": "", "ansible_scp_extra_args": "", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/goss/goss-files.yaml b/images/capi/packer/goss/goss-files.yaml index d38a634989..1d1ad56b33 100644 --- a/images/capi/packer/goss/goss-files.yaml +++ b/images/capi/packer/goss/goss-files.yaml @@ -32,3 +32,10 @@ file: contains: - {{ .Vars.extra_kernel_boot_params }} {{end}} +{{if eq .Vars.containerd_enable_limit_no_file "true"}} + "/etc/systemd/system/containerd.service.d/limit-nofile.conf": + exists: true + filetype: file + contains: + - "LimitNOFILE=1048576" +{{end}} diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 8e521468a9..c656b3aa38 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -89,6 +89,7 @@ photon_5_rpms: &photon_5_rpms logrotate: arch: "amd64" +containerd_enable_limit_no_file: "" containerd_gvisor_runtime: "" containerd_gvisor_version: "" containerd_image_pull_progress_timeout: "" diff --git a/images/capi/packer/hcloud/packer.json b/images/capi/packer/hcloud/packer.json index 19308d02c5..255b3c23ba 100644 --- a/images/capi/packer/hcloud/packer.json +++ b/images/capi/packer/hcloud/packer.json @@ -28,6 +28,7 @@ "build_name": "{{user `build_name`}}", "build_timestamp": "{{user `build_timestamp`}}", "build_type": "node", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_version": "{{user `containerd_version`}}", @@ -102,6 +103,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "hcloud", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -126,6 +128,7 @@ "ansible_user_vars": "", "build_name": null, "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/huaweicloud/packer.json b/images/capi/packer/huaweicloud/packer.json index abe9129f04..4cb0726d78 100644 --- a/images/capi/packer/huaweicloud/packer.json +++ b/images/capi/packer/huaweicloud/packer.json @@ -49,6 +49,7 @@ "post-processors": [ { "custom_data": { + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_version": "{{user `containerd_version`}}", @@ -99,6 +100,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "huaweicloud", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -124,6 +126,7 @@ "associate_public_ip_address": "true", "availability_zone": "ap-southeast-1g", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/maas/packer.json.tmpl b/images/capi/packer/maas/packer.json.tmpl index 48734e1bb5..83e98e850e 100644 --- a/images/capi/packer/maas/packer.json.tmpl +++ b/images/capi/packer/maas/packer.json.tmpl @@ -139,6 +139,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "qemu", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", "containerd_version": "{{user `containerd_version`}}", "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", @@ -163,6 +164,7 @@ "boot_wait": "10s", "build_timestamp": "{{timestamp}}", "cd_files": "linux/base/*.nothing", + "containerd_enable_limit_no_file": "false", "containerd_service_url": "https://raw.githubusercontent.com/containerd/containerd/refs/tags/v{{user `containerd_version`}}/containerd.service", "containerd_url": "https://github.com/containerd/containerd/releases/download/v{{user `containerd_version`}}/containerd-{{user `containerd_version`}}-linux-amd64.tar.gz", "containerd_version": null, diff --git a/images/capi/packer/nutanix/packer.json.tmpl b/images/capi/packer/nutanix/packer.json.tmpl index b71042195b..cb559c6baa 100644 --- a/images/capi/packer/nutanix/packer.json.tmpl +++ b/images/capi/packer/nutanix/packer.json.tmpl @@ -95,6 +95,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "nutanix", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -116,6 +117,7 @@ "ansible_extra_vars": "", "ansible_user_vars": "", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_version": null, diff --git a/images/capi/packer/oci/packer.json b/images/capi/packer/oci/packer.json index 73fdcc0750..901e03efe6 100644 --- a/images/capi/packer/oci/packer.json +++ b/images/capi/packer/oci/packer.json @@ -76,6 +76,7 @@ "OS": "{{user `distribution` | lower }}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "oci", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -100,6 +101,7 @@ "base_image_ocid": "", "build_timestamp": "{{timestamp}}", "compartment_ocid": "", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/openstack/packer.json b/images/capi/packer/openstack/packer.json index 04a7bb60f1..7eb6b75f92 100644 --- a/images/capi/packer/openstack/packer.json +++ b/images/capi/packer/openstack/packer.json @@ -93,6 +93,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `os_version`}}", "PROVIDER": "openstack", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -115,6 +116,7 @@ "ansible_user_vars": "", "attach_config_drive": "false", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/outscale/packer.json b/images/capi/packer/outscale/packer.json index 1343cc198a..300341a7f6 100644 --- a/images/capi/packer/outscale/packer.json +++ b/images/capi/packer/outscale/packer.json @@ -76,6 +76,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "outscale", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -98,6 +99,7 @@ "ansible_common_vars": "", "ansible_extra_vars": "", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/ova/packer-node.json b/images/capi/packer/ova/packer-node.json index cfd3f2d37e..cdd35231f8 100644 --- a/images/capi/packer/ova/packer-node.json +++ b/images/capi/packer/ova/packer-node.json @@ -461,6 +461,7 @@ "OS_VERSION": "{{user `distro_version` | lower}}", "PROVIDER": "ova", "block_nouveau_loading": "{{user `block_nouveau_loading`}}", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", diff --git a/images/capi/packer/powervs/packer.json b/images/capi/packer/powervs/packer.json index e8e8c2a5a6..61c78241a7 100644 --- a/images/capi/packer/powervs/packer.json +++ b/images/capi/packer/powervs/packer.json @@ -72,6 +72,7 @@ "capture_cos_bucket": "", "capture_cos_region": "", "capture_cos_secret_key": "", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/proxmox/packer.json.tmpl b/images/capi/packer/proxmox/packer.json.tmpl index e26a764da4..38d48e8ac0 100644 --- a/images/capi/packer/proxmox/packer.json.tmpl +++ b/images/capi/packer/proxmox/packer.json.tmpl @@ -154,6 +154,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "qemu", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", "containerd_version": "{{user `containerd_version`}}", "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", @@ -187,6 +188,7 @@ "bridge": "{{env `PROXMOX_BRIDGE`}}", "build_timestamp": "{{timestamp}}", "containerd_version": null, + "containerd_enable_limit_no_file": "false", "containerd_image_pull_progress_timeout": null, "containerd_service_url": "https://raw.githubusercontent.com/containerd/containerd/refs/tags/v{{user `containerd_version`}}/containerd.service", "runc_version": null, diff --git a/images/capi/packer/qemu/packer.json.tmpl b/images/capi/packer/qemu/packer.json.tmpl index 76524d47aa..e8d54f5d47 100644 --- a/images/capi/packer/qemu/packer.json.tmpl +++ b/images/capi/packer/qemu/packer.json.tmpl @@ -142,6 +142,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "qemu", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", "containerd_version": "{{user `containerd_version`}}", "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", @@ -186,6 +187,7 @@ "containerd_version": null, "containerd_image_pull_progress_timeout": null, "cpu_model": "host", + "containerd_enable_limit_no_file": "false", "containerd_service_url": "https://raw.githubusercontent.com/containerd/containerd/refs/tags/v{{user `containerd_version`}}/containerd.service", "runc_version": null, "cpus": "1", diff --git a/images/capi/packer/raw/packer.json.tmpl b/images/capi/packer/raw/packer.json.tmpl index 652322341a..8c84ba4786 100644 --- a/images/capi/packer/raw/packer.json.tmpl +++ b/images/capi/packer/raw/packer.json.tmpl @@ -132,6 +132,7 @@ "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distro_version` | lower}}", "PROVIDER": "raw", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -158,6 +159,7 @@ "boot_media_path": "http://{{ .HTTPIP }}:{{ .HTTPPort }}", "boot_wait": "10s", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_version": null, diff --git a/images/capi/packer/scaleway/packer.json b/images/capi/packer/scaleway/packer.json index c091dfef36..faa3e96dad 100644 --- a/images/capi/packer/scaleway/packer.json +++ b/images/capi/packer/scaleway/packer.json @@ -56,6 +56,7 @@ "OS": "{{user `distribution` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", "PROVIDER": "scaleway", + "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", @@ -79,6 +80,7 @@ "ansible_scp_extra_args": "", "build_timestamp": "{{timestamp}}", "commercial_type": "DEV1-S", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, diff --git a/images/capi/packer/vultr/packer.json b/images/capi/packer/vultr/packer.json index 208c4353a7..294ce2f7b4 100644 --- a/images/capi/packer/vultr/packer.json +++ b/images/capi/packer/vultr/packer.json @@ -37,6 +37,7 @@ "ansible_scp_extra_args": "", "api_key": "{{env `VULTR_API_KEY`}}", "build_timestamp": "{{timestamp}}", + "containerd_enable_limit_no_file": "false", "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, From ed4f467f2c44331ee021b8bd45f93ddbcc0bf7bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20PEREZ?= Date: Thu, 21 May 2026 09:38:02 +0200 Subject: [PATCH 17/32] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Bump=20containerd=20?= =?UTF-8?q?to=20v2.3.1=20and=20runc=20to=20v1.4.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- images/capi/ansible/roles/containerd/defaults/main.yml | 2 +- images/capi/packer/config/containerd.json | 4 ++-- images/capi/packer/config/ppc64le/containerd.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/capi/ansible/roles/containerd/defaults/main.yml b/images/capi/ansible/roles/containerd/defaults/main.yml index ff5dc0e4b5..88ffdcbbff 100644 --- a/images/capi/ansible/roles/containerd/defaults/main.yml +++ b/images/capi/ansible/roles/containerd/defaults/main.yml @@ -20,5 +20,5 @@ containerd_baseurl: https://github.com/containerd/containerd/releases/download/v containerd_filename: "containerd-{{ containerd_version }}-{{ system }}-{{ arch }}.tar.gz" containerd_url: "{{ containerd_baseurl }}/{{ containerd_filename }}" containerd_runc_url: "https://github.com/opencontainers/runc/releases/download/v{{ runc_version }}/runc.{{ arch }}" -runc_version: "1.3.4" +runc_version: "1.4.2" containerd_runc_checksum_url: "https://github.com/opencontainers/runc/releases/download/v{{ runc_version }}/runc.sha256sum" diff --git a/images/capi/packer/config/containerd.json b/images/capi/packer/config/containerd.json index 0c2a4c5b15..45bd91215e 100644 --- a/images/capi/packer/config/containerd.json +++ b/images/capi/packer/config/containerd.json @@ -5,6 +5,6 @@ "containerd_gvisor_runtime": "false", "containerd_gvisor_version": "latest", "containerd_image_pull_progress_timeout": null, - "containerd_version": "2.2.2", - "runc_version": "1.3.4" + "containerd_version": "2.3.1", + "runc_version": "1.4.2" } diff --git a/images/capi/packer/config/ppc64le/containerd.json b/images/capi/packer/config/ppc64le/containerd.json index 78d4944db8..e68bb89172 100644 --- a/images/capi/packer/config/ppc64le/containerd.json +++ b/images/capi/packer/config/ppc64le/containerd.json @@ -1,5 +1,5 @@ { "containerd_image_pull_progress_timeout": null, - "containerd_sha256": "8f7a8190f2a635cd0e5580a131408a275ba277f7a04edffba4a4005960093987", - "containerd_version": "2.2.2" + "containerd_sha256": "cb5bcdb38c79fb78dc7b4e7c02d0c0e41b486446f646a49ed7e6c35c077d8d33", + "containerd_version": "2.3.1" } From a7d0577a7aee9751d5e1e3f78adfae6a3b279acb Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 26 May 2026 09:59:36 -0600 Subject: [PATCH 18/32] Retire Azure VHD (unmanaged disk) builder Azure has retired unmanaged disks. Remove the VHD builder and the build-azure-vhd-* / validate-azure-vhd-* make targets, leaving only the managed SIG image builders. --- docs/book/src/capi/providers/azure.md | 23 ++------- docs/book/src/capi/windows/windows.md | 2 +- images/capi/Makefile | 25 +-------- images/capi/azure_targets.sh | 1 - images/capi/packer/azure/azure-vhd.json | 5 -- images/capi/packer/azure/packer-windows.json | 40 +-------------- images/capi/packer/azure/packer.json | 39 +------------- images/capi/packer/azure/scripts/init-vhd.sh | 38 -------------- images/capi/scripts/ci-azure-e2e.sh | 54 ++++++++------------ images/capi/scripts/ci-packer-validate.sh | 2 +- 10 files changed, 29 insertions(+), 200 deletions(-) delete mode 100644 images/capi/packer/azure/azure-vhd.json delete mode 100755 images/capi/packer/azure/scripts/init-vhd.sh diff --git a/docs/book/src/capi/providers/azure.md b/docs/book/src/capi/providers/azure.md index 7a00ea4a9c..0c0d19ffaa 100644 --- a/docs/book/src/capi/providers/azure.md +++ b/docs/book/src/capi/providers/azure.md @@ -7,7 +7,7 @@ These images are designed for use with [Cluster API Provider Azure](https://capz - An Azure account - The Azure CLI installed and configured - Set environment variables for `AZURE_SUBSCRIPTION_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET` -- Set optional environment variables `RESOURCE_GROUP_NAME`, `BUILD_RESOURCE_GROUP_NAME`, `STORAGE_ACCOUNT_NAME`, `AZURE_LOCATION` & `GALLERY_NAME` to override the default values +- Set optional environment variables `RESOURCE_GROUP_NAME`, `BUILD_RESOURCE_GROUP_NAME`, `AZURE_LOCATION` & `GALLERY_NAME` to override the default values ## Building Images @@ -20,11 +20,7 @@ make deps-azure ### Building Managed Images in Shared Image Galleries -From the `images/capi` directory, run `make build-azure-sig-ubuntu-1804` - -### Building VHDs - -From the `images/capi` directory, run `make build-azure-vhd-ubuntu-1804` +From the `images/capi` directory, run `make build-azure-sig-ubuntu-2204` > If building the Windows images from a Mac there is a known issue with connectivity. Please see details on running [macOS with ansible](../windows/windows.md#macos-with-ansible). @@ -34,14 +30,12 @@ Most of the images built from the `images/capi` directory for Azure will be Hype ```bash # Generation 1 image -make build-azure-sig-ubuntu-1804 +make build-azure-sig-ubuntu-2204 # Generation 2 image -make build-azure-sig-ubuntu-1804-gen2 +make build-azure-sig-ubuntu-2204-gen2 ``` -Generation 2 images may only be used with Shared Image Gallery, not VHD. - ### Confidential VM Images Confidential VMs require specific generation 2 OS images. The naming pattern of those images includes the suffix `-cvm`. For example: @@ -76,15 +70,6 @@ list, and greater explanation can be found in the If you are adding features to image builder than it is sometimes useful to work with the images directly. This section gives some tips. -### Provision a VM directly from a VHD - -After creating a VHD, create a managed image using the url output from `make build-azure-vhd-` and use it to [create the VM](https://learn.microsoft.com/azure/virtual-machines/windows/build-image-with-packer#create-a-vm-from-the-packer-image): - -```bash -az image create -n testvmimage -g cluster-api-images --os-type --source -az vm create -n testvm --image testvmimage -g cluster-api-images -``` - ### Debugging Packer scripts There are several ways to debug Packer scripts: https://developer.hashicorp.com/packer/docs/debugging diff --git a/docs/book/src/capi/windows/windows.md b/docs/book/src/capi/windows/windows.md index 46b24c0224..a324ed3a93 100644 --- a/docs/book/src/capi/windows/windows.md +++ b/docs/book/src/capi/windows/windows.md @@ -71,7 +71,7 @@ The WinRM connection plugin for Ansible on macOS causes connection issues which To fix the issue on macOS is to set the no_proxy environment variable. Example: ``` -'no_proxy=* make build-azure-vhd-windows-2019' +'no_proxy=* make build-azure-sig-windows-2022-containerd' ``` ## Annual Channel diff --git a/images/capi/Makefile b/images/capi/Makefile index 3d109f717a..76bfe657fe 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -374,11 +374,9 @@ HUAWEICLOUD_BUILD_NAMES ?= huaweicloud-ubuntu-2204 GCE_BUILD_NAMES ?= gce-ubuntu-2204 gce-ubuntu-2404 # Make needs these lists to be space delimited, no quotes -VHD_TARGETS := $(shell grep VHD_TARGETS azure_targets.sh | sed 's/VHD_TARGETS=//' | tr -d \") SIG_TARGETS := $(shell grep SIG_TARGETS azure_targets.sh | sed 's/SIG_TARGETS=//' | tr -d \") SIG_GEN2_TARGETS := $(shell grep SIG_GEN2_TARGETS azure_targets.sh | sed 's/SIG_GEN2_TARGETS=//' | tr -d \") SIG_CVM_TARGETS := $(shell grep SIG_CVM_TARGETS azure_targets.sh | sed 's/SIG_CVM_TARGETS=//' | tr -d \") -AZURE_BUILD_VHD_NAMES ?= $(addprefix azure-vhd-,$(VHD_TARGETS)) AZURE_BUILD_SIG_NAMES ?= $(addprefix azure-sig-,$(SIG_TARGETS)) AZURE_BUILD_SIG_GEN2_NAMES ?= $(addsuffix -gen2,$(addprefix azure-sig-,$(SIG_GEN2_TARGETS))) AZURE_BUILD_SIG_CVM_NAMES ?= $(addsuffix -cvm,$(addprefix azure-sig-,$(SIG_CVM_TARGETS))) @@ -425,8 +423,6 @@ AMI_BUILD_TARGETS := $(addprefix build-,$(AMI_BUILD_NAMES)) AMI_VALIDATE_TARGETS := $(addprefix validate-,$(AMI_BUILD_NAMES)) GCE_BUILD_TARGETS := $(addprefix build-,$(GCE_BUILD_NAMES)) GCE_VALIDATE_TARGETS := $(addprefix validate-,$(GCE_BUILD_NAMES)) -AZURE_BUILD_VHD_TARGETS := $(addprefix build-,$(AZURE_BUILD_VHD_NAMES)) -AZURE_VALIDATE_VHD_TARGETS := $(addprefix validate-,$(AZURE_BUILD_VHD_NAMES)) AZURE_BUILD_SIG_TARGETS := $(addprefix build-,$(AZURE_BUILD_SIG_NAMES)) AZURE_BUILD_SIG_GEN2_TARGETS := $(addprefix build-,$(AZURE_BUILD_SIG_GEN2_NAMES)) AZURE_BUILD_SIG_CVM_TARGETS := $(addprefix build-,$(AZURE_BUILD_SIG_CVM_NAMES)) @@ -514,14 +510,6 @@ $(GCE_BUILD_TARGETS): deps-gce $(GCE_VALIDATE_TARGETS): deps-gce $(PACKER) validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/gce/$(subst validate-gce-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/gce/packer.json -.PHONY: $(AZURE_BUILD_VHD_TARGETS) -$(AZURE_BUILD_VHD_TARGETS): deps-azure - . $(abspath packer/azure/scripts/init-vhd.sh) && $(PACKER) build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-vhd.json)" -var-file="$(abspath packer/azure/$(subst build-azure-vhd-,,$@).json)" -only="$(subst build-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json - -.PHONY: $(AZURE_VALIDATE_VHD_TARGETS) -$(AZURE_VALIDATE_VHD_TARGETS): deps-azure - $(PACKER) validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-vhd.json)" -var-file="$(abspath packer/azure/$(subst validate-azure-vhd-,,$@).json)" -only="$(subst validate-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json - .PHONY: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_TARGETS): deps-azure . $(abspath packer/azure/scripts/init-sig.sh) $(subst build-azure-sig-,,$@) && $(PACKER) build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-sig.json)" -var-file="$(abspath packer/azure/$(subst build-azure-sig-,,$@).json)" -only="$(subst build-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json @@ -716,11 +704,6 @@ build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with cont build-azure-sig-windows-2025-containerd: ## Builds Windows Server 2025 with containerd Azure managed image in Shared Image Gallery build-azure-sig-windows-2019-containerd-cvm: ## Builds Windows Server 2019 with containerd CVM Azure managed image in Shared Image Gallery build-azure-sig-windows-2022-containerd-cvm: ## Builds Windows Server 2022 with containerd CVM Azure managed image in Shared Image Gallery -build-azure-vhd-ubuntu-2204: ## Builds Ubuntu 22.04 VHD image for Azure -build-azure-vhd-ubuntu-2404: ## Builds Ubuntu 24.04 VHD image for Azure -build-azure-vhd-azurelinux-3: ## Builds Azure Linux 3 VHD image for Azure -build-azure-vhd-windows-2019-containerd: ## Builds for Windows Server 2019 with containerd -build-azure-vhd-windows-2022-containerd: ## Builds for Windows Server 2022 with containerd build-azure-sig-windows-annual-containerd: ## Builds for Windows Server Annual Channel with containerd build-azure-sig-azurelinux-3-gen2: ## Builds Azure Linux 3 Gen2 managed image in Shared Image Gallery build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image Gallery @@ -729,7 +712,6 @@ build-azure-sig-ubuntu-2204-gen2: ## Builds Ubuntu 22.04 Gen2 managed image in S build-azure-sig-ubuntu-2404-gen2: ## Builds Ubuntu 24.04 Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2204-cvm: ## Builds Ubuntu 22.04 CVM managed image in Shared Image Gallery build-azure-sig-ubuntu-2404-cvm: ## Builds Ubuntu 24.04 CVM managed image in Shared Image Gallery -build-azure-vhds: $(AZURE_BUILD_VHD_TARGETS) ## Builds all Azure VHDs build-azure-sigs: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_GEN2_TARGETS) $(AZURE_BUILD_SIG_CVM_TARGETS) ## Builds all Azure Shared Image Gallery images build-do-ubuntu-2204: ## Builds Ubuntu 22.04 DigitalOcean Snapshot @@ -898,17 +880,12 @@ validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-2025-containerd: ## Validate Windows Server 2025 with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-annual-containerd: ## Validate Windows Server Annual Channel with containerd Azure managed image in Shared Image Gallery Packer config -validate-azure-vhd-azurelinux-3: ## Validates Azure Linux 3 VHD image Azure Packer config -validate-azure-vhd-ubuntu-2204: ## Validates Ubuntu 22.04 VHD image Azure Packer config -validate-azure-vhd-ubuntu-2404: ## Validates Ubuntu 24.04 VHD image Azure Packer config -validate-azure-vhd-windows-2019-containerd: ## Validate Windows Server 2019 VHD with containerd image Azure Packer config -validate-azure-vhd-windows-2022-containerd: ## Validate Windows Server 2022 VHD with containerd image Azure Packer config validate-azure-sig-azurelinux-3-gen2: ## Validates Azure Linux 3 Gen2 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204-cvm: ## Validates Ubuntu 22.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404-gen2: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404-cvm: ## Validates Ubuntu 24.04 CVM Azure managed image in Shared Image Gallery Packer config -validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_VHD_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) $(AZURE_VALIDATE_SIG_CVM_TARGETS) ## Validates all images for Azure Packer config +validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) $(AZURE_VALIDATE_SIG_CVM_TARGETS) ## Validates all images for Azure Packer config validate-do-ubuntu-2204: ## Validates Ubuntu 22.04 DigitalOcean Snapshot Packer config validate-do-ubuntu-2404: ## Validates Ubuntu 24.04 DigitalOcean Snapshot Packer config diff --git a/images/capi/azure_targets.sh b/images/capi/azure_targets.sh index 2f03cbe7bc..ecd0b3892d 100644 --- a/images/capi/azure_targets.sh +++ b/images/capi/azure_targets.sh @@ -1,4 +1,3 @@ -VHD_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-3 windows-2022-containerd" SIG_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-3 windows-2022-containerd windows-2025-containerd flatcar" SIG_GEN2_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-3 flatcar" SIG_CVM_TARGETS="ubuntu-2204 ubuntu-2404 windows-2022-containerd" diff --git a/images/capi/packer/azure/azure-vhd.json b/images/capi/packer/azure/azure-vhd.json deleted file mode 100644 index 20296cb2cc..0000000000 --- a/images/capi/packer/azure/azure-vhd.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "capture_container_name": "cluster-api-vhds", - "resource_group_name": "{{env `RESOURCE_GROUP_NAME`}}", - "storage_account_name": "{{env `STORAGE_ACCOUNT_NAME`}}" -} diff --git a/images/capi/packer/azure/packer-windows.json b/images/capi/packer/azure/packer-windows.json index 2acc35d04c..f48218af3c 100644 --- a/images/capi/packer/azure/packer-windows.json +++ b/images/capi/packer/azure/packer-windows.json @@ -1,42 +1,5 @@ { "builders": [ - { - "azure_tags": { - "build_date": "{{isotime}}", - "build_timestamp": "{{user `build_timestamp`}}", - "creationTimestamp": "{{isotime \"2006-01-02T15:04:05Z\"}}", - "image_builder_version": "{{user `ib_version`}}", - "kubernetes_version": "{{user `kubernetes_semver`}}", - "os_version": "{{user `image_sku`}}" - }, - "capture_container_name": "{{user `capture_container_name`}}", - "capture_name_prefix": "capi-{{user `build_timestamp`}}", - "client_id": "{{user `client_id`}}", - "client_secret": "{{user `client_secret`}}", - "communicator": "winrm", - "image_offer": "{{user `image_offer` }}", - "image_publisher": "{{user `image_publisher` }}", - "image_sku": "{{user `image_sku`}}", - "image_version": "{{user `image_version`}}", - "location": "{{user `azure_location`}}", - "name": "vhd-{{user `build_name`}}", - "os_disk_size_gb": "{{user `os_disk_size_gb`}}", - "os_type": "Windows", - "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}", - "resource_group_name": "{{user `resource_group_name`}}", - "storage_account": "{{user `storage_account_name`}}", - "subscription_id": "{{user `subscription_id`}}", - "type": "azure-arm", - "use_azure_cli_auth": "{{user `use_azure_cli_auth`}}", - "virtual_network_name": "{{user `virtual_network_name`}}", - "virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}", - "virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}", - "vm_size": "{{user `vm_size`}}", - "winrm_insecure": true, - "winrm_timeout": "10m", - "winrm_use_ssl": true, - "winrm_username": "packer" - }, { "azure_tags": { "build_date": "{{isotime}}", @@ -109,8 +72,7 @@ "kubernetes_semver": "{{user `kubernetes_semver`}}", "kubernetes_source_type": "{{user `kubernetes_source_type`}}", "os_name": "{{user `distro_name`}}", - "resource_group_name": "{{user `resource_group_name`}}", - "storage_account_name": "{{user `storage_account_name`}}" + "resource_group_name": "{{user `resource_group_name`}}" }, "output": "{{user `manifest_output`}}", "strip_path": true, diff --git a/images/capi/packer/azure/packer.json b/images/capi/packer/azure/packer.json index 6a4595b39e..386e8cc612 100644 --- a/images/capi/packer/azure/packer.json +++ b/images/capi/packer/azure/packer.json @@ -1,41 +1,5 @@ { "builders": [ - { - "azure_tags": { - "build_date": "{{isotime}}", - "build_timestamp": "{{user `build_timestamp`}}", - "creationTimestamp": "{{isotime \"2006-01-02T15:04:05Z\"}}", - "distribution": "{{user `distribution`}}", - "distribution_release": "{{user `distribution_release`}}", - "distribution_version": "{{user `distribution_version`}}", - "image_builder_version": "{{user `ib_version`}}", - "kubernetes_version": "{{user `kubernetes_semver`}}" - }, - "capture_container_name": "{{user `capture_container_name`}}", - "capture_name_prefix": "capi-{{user `build_timestamp`}}", - "client_id": "{{user `client_id`}}", - "client_secret": "{{user `client_secret`}}", - "cloud_environment_name": "{{user `cloud_environment_name`}}", - "image_offer": "{{user `image_offer` }}", - "image_publisher": "{{user `image_publisher` }}", - "image_sku": "{{user `image_sku`}}", - "image_version": "{{user `image_version`}}", - "location": "{{user `azure_location`}}", - "name": "vhd-{{user `build_name`}}", - "os_disk_size_gb": "{{user `os_disk_size_gb`}}", - "os_type": "Linux", - "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}", - "resource_group_name": "{{user `resource_group_name`}}", - "ssh_username": "packer", - "storage_account": "{{user `storage_account_name`}}", - "subscription_id": "{{user `subscription_id`}}", - "type": "azure-arm", - "use_azure_cli_auth": "{{user `use_azure_cli_auth`}}", - "virtual_network_name": "{{user `virtual_network_name`}}", - "virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}", - "virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}", - "vm_size": "{{user `vm_size`}}" - }, { "azure_tags": { "build_date": "{{isotime}}", @@ -112,8 +76,7 @@ "kubernetes_semver": "{{user `kubernetes_semver`}}", "kubernetes_source_type": "{{user `kubernetes_source_type`}}", "os_name": "{{user `distro_name`}}", - "resource_group_name": "{{user `resource_group_name`}}", - "storage_account_name": "{{user `storage_account_name`}}" + "resource_group_name": "{{user `resource_group_name`}}" }, "output": "{{user `manifest_output`}}", "strip_path": true, diff --git a/images/capi/packer/azure/scripts/init-vhd.sh b/images/capi/packer/azure/scripts/init-vhd.sh deleted file mode 100755 index a88c17b896..0000000000 --- a/images/capi/packer/azure/scripts/init-vhd.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -[[ -n ${DEBUG:-} ]] && set -o xtrace - -echo "Sign into Azure" -tracestate="$(shopt -po xtrace)" -set +o xtrace - -if [[ -n "${AZURE_FEDERATED_TOKEN_FILE:-}" ]]; then - az login --service-principal -u "${AZURE_CLIENT_ID}" -t "${AZURE_TENANT_ID}" --federated-token "$(cat "${AZURE_FEDERATED_TOKEN_FILE}")" > /dev/null 2>&1 - export AZURE_STORAGE_AUTH_MODE="login" # Use auth mode "login" in az storage commands. -else - az login --service-principal -u "${AZURE_CLIENT_ID}" -t "${AZURE_TENANT_ID}" -p ${AZURE_CLIENT_SECRET} >/dev/null 2>&1 -fi -az account set -s ${AZURE_SUBSCRIPTION_ID} >/dev/null 2>&1 -eval "$tracestate" - -echo "Create storage account" -export RESOURCE_GROUP_NAME="${RESOURCE_GROUP_NAME:-cluster-api-images}" -export AZURE_LOCATION="${AZURE_LOCATION:-northcentralus}" -if ! az group show -n ${RESOURCE_GROUP_NAME} -o none 2>/dev/null; then - az group create -n ${RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --tags ${TAGS:-} -fi -CREATE_TIME="$(date +%s)" -RANDOM_SUFFIX="$(head /dev/urandom | LC_ALL=C tr -dc a-z | head -c 4 ; echo '')" -get_random_region() { - local REGIONS=("canadacentral" "eastus" "eastus2" "northeurope" "uksouth" "westeurope" "westus2" "westus3") - echo "${REGIONS[${RANDOM} % ${#REGIONS[@]}]}" -} -RANDOMIZE_STORAGE_ACCOUNT="${RANDOMIZE_STORAGE_ACCOUNT:-"false"}" -if [ "$RANDOMIZE_STORAGE_ACCOUNT" == "true" ]; then - export AZURE_LOCATION="$(get_random_region)" -fi -export STORAGE_ACCOUNT_NAME="${STORAGE_ACCOUNT_NAME:-capi${CREATE_TIME}${RANDOM_SUFFIX}}" -az storage account check-name --name ${STORAGE_ACCOUNT_NAME} -az storage account create -n ${STORAGE_ACCOUNT_NAME} -g ${RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --allow-blob-public-access false - -echo "done" diff --git a/images/capi/scripts/ci-azure-e2e.sh b/images/capi/scripts/ci-azure-e2e.sh index f80065a329..602c5683f4 100755 --- a/images/capi/scripts/ci-azure-e2e.sh +++ b/images/capi/scripts/ci-azure-e2e.sh @@ -29,16 +29,10 @@ CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. cd "${CAPI_ROOT}" || exit 1 export ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}" -mkdir -p "${ARTIFACTS}/azure-sigs" "${ARTIFACTS}/azure-vhds" +mkdir -p "${ARTIFACTS}/azure-sigs" # Dynamically gets all targets and filters out the following: # - Any RHEL targets (because of subscription requirements) -VHD_CI_TARGETS=( $(make build-azure-vhds --recon -d | grep "Must remake" | \ - grep -v build-azure-vhds | grep -v deps- | \ - grep -v gen2 | grep -v cvm | \ - grep -E -v 'rhel' | \ - grep -E -o 'build-azure-vhd-[a-zA-Z0-9\-]+' | \ - sed -E 's/build-azure-vhd-([0-9a-z\-]*)/\1/' ) ) SIG_CI_TARGETS=( $(make build-azure-sigs --recon -d | grep "Must remake" | \ grep -v build-azure-sigs | grep -v deps- | \ grep -v cvm | \ @@ -124,35 +118,27 @@ export FLATCAR_VERSION="$(get_flatcar_version)" export PACKER_VAR_FILES="packer/azure/scripts/disable-windows-prepull.json scripts/ci-disable-goss-inspect.json" declare -A PIDS -if [[ "${AZURE_BUILD_FORMAT:-vhd}" == "sig" ]]; then - for target in ${SIG_CI_TARGETS[@]}; - do - login - make build-azure-sig-${target} > ${ARTIFACTS}/azure-sigs/${target}.log 2>&1 & - PIDS["sig-${target}"]=$! - done - - SELECTED_LOCATION="${AZURE_LOCATION}" - if [[ ! " ${VALID_CVM_LOCATIONS[*]} " =~ " ${SELECTED_LOCATION} " ]]; then - SELECTED_LOCATION="$(get_random_cvm_region)" - echo "AZURE_LOCATION=${AZURE_LOCATION} is invalid for Confidential VM targets. Valid CVM locations: ${VALID_CVM_LOCATIONS[*]}." - echo "Selected location is ${SELECTED_LOCATION}." - fi - - for target in ${SIG_CVM_CI_TARGETS[@]}; - do - login - AZURE_LOCATION="${SELECTED_LOCATION}" make build-azure-sig-${target} > ${ARTIFACTS}/azure-sigs/${target}.log 2>&1 & - PIDS["sig-${target}"]=$! - done -else - for target in ${VHD_CI_TARGETS[@]}; - do - make build-azure-vhd-${target} > ${ARTIFACTS}/azure-vhds/${target}.log 2>&1 & - PIDS["vhd-${target}"]=$! - done +for target in ${SIG_CI_TARGETS[@]}; +do + login + make build-azure-sig-${target} > ${ARTIFACTS}/azure-sigs/${target}.log 2>&1 & + PIDS["sig-${target}"]=$! +done + +SELECTED_LOCATION="${AZURE_LOCATION}" +if [[ ! " ${VALID_CVM_LOCATIONS[*]} " =~ " ${SELECTED_LOCATION} " ]]; then + SELECTED_LOCATION="$(get_random_cvm_region)" + echo "AZURE_LOCATION=${AZURE_LOCATION} is invalid for Confidential VM targets. Valid CVM locations: ${VALID_CVM_LOCATIONS[*]}." + echo "Selected location is ${SELECTED_LOCATION}." fi +for target in ${SIG_CVM_CI_TARGETS[@]}; +do + login + AZURE_LOCATION="${SELECTED_LOCATION}" make build-azure-sig-${target} > ${ARTIFACTS}/azure-sigs/${target}.log 2>&1 & + PIDS["sig-${target}"]=$! +done + # need to unset errexit so that failed child tasks don't cause script to exit set +o errexit exit_err=false diff --git a/images/capi/scripts/ci-packer-validate.sh b/images/capi/scripts/ci-packer-validate.sh index 2a3221d784..c12effc2f4 100755 --- a/images/capi/scripts/ci-packer-validate.sh +++ b/images/capi/scripts/ci-packer-validate.sh @@ -31,7 +31,7 @@ export PATH=${PYTHON_BIN_DIR:-"${HOME}/.local/bin"}:$PATH # OCI packer builder requires a valid private key file, hence creating a temporary one openssl genrsa -out /tmp/oci_api_key.pem 2048 -AZURE_LOCATION=fake RESOURCE_GROUP_NAME=fake STORAGE_ACCOUNT_NAME=fake \ +AZURE_LOCATION=fake RESOURCE_GROUP_NAME=fake \ DIGITALOCEAN_ACCESS_TOKEN=fake GCP_PROJECT_ID=fake \ OCI_AVAILABILITY_DOMAIN=fake OCI_SUBNET_OCID=fake OCI_USER_FINGERPRINT=fake \ OCI_TENANCY_OCID=fake OCI_USER_OCID=fake OCI_USER_KEY_FILE=/tmp/oci_api_key.pem \ From b336fb1aa96e769283b15cadf1e432233ec6d0bd Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 20 May 2026 10:39:56 -0600 Subject: [PATCH 19/32] Validate target names in top-level Makefile to prevent command injection The top-level Makefile's .DEFAULT rule forwarded unknown targets to images/capi via: .DEFAULT: $(MAKE) -C images/capi $@ Because $@ was substituted unquoted into the recipe, an attacker who could control the make argument could execute arbitrary commands, e.g.: make '`touch /tmp/pwned`' This commit hardens .DEFAULT with two layers of validation: 1. A make-level $(findstring) check rejects target names containing single quotes or backslashes, both of which could be used to break out of shell single-quoting. 2. A shell-level case statement enforces an allowlist of safe characters ([a-zA-Z0-9_./-]) on the validated target name, which is now passed to the recursive make call inside single quotes. Reported privately by the Kubernetes Security Response Committee from a third-party audit. --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fd8bae7288..84d8610586 100644 --- a/Makefile +++ b/Makefile @@ -34,4 +34,6 @@ update-release-docs: ## Updates the docs with reference to the latest release ve images/capi/scripts/release-update-docs.sh .DEFAULT: - $(MAKE) -C images/capi $@ + @$(if $(or $(findstring ',$@),$(findstring \,$@)),$(error Invalid target name: $@)) + @case '$@' in *[!a-zA-Z0-9_./-]*) echo 'Invalid target name' >&2; exit 1 ;; esac + @$(MAKE) -C images/capi '$@' From fe291bd9ff502e8a3b46f7789ecc703768b449bf Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 26 May 2026 13:50:12 -0600 Subject: [PATCH 20/32] Fix apt-mark hold race with apt-daily/unattended-upgrades The sysprep Debian playbook disables apt-daily timers and unattended-upgrades, but does so after running 'apt-mark hold' on all installed packages. On freshly booted Azure VMs those services are often still in flight and hold the dpkg frontend lock, causing intermittent failures like: dpkg: error: dpkg frontend lock was locked by another process E: Executing dpkg failed. Are you root? Move the disable tasks ahead of the apt-mark tasks, and add a bounded retry loop on the apt-mark shell tasks as a guard against concurrent apt activity that may still be running when sysprep begins. --- .../ansible/roles/sysprep/tasks/debian.yml | 49 ++++++++++++------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/images/capi/ansible/roles/sysprep/tasks/debian.yml b/images/capi/ansible/roles/sysprep/tasks/debian.yml index fd3c4163e6..8da81602cd 100644 --- a/images/capi/ansible/roles/sysprep/tasks/debian.yml +++ b/images/capi/ansible/roles/sysprep/tasks/debian.yml @@ -17,6 +17,28 @@ last_log_mode: "0664" machine_id_mode: "0644" +- name: Get installed packages + ansible.builtin.package_facts: + +- name: Disable apt-daily services + ansible.builtin.systemd: + name: "{{ item }}" + state: stopped + enabled: false + loop: + - apt-daily.timer + - apt-daily-upgrade.timer + +- name: Disable unattended upgrades if installed + ansible.builtin.systemd: + name: unattended-upgrades + state: stopped + enabled: false + when: "'unattended-upgrades' in ansible_facts.packages" + +# The apt-daily/unattended-upgrades services may still be running from before +# they were disabled above. Retry the apt-mark calls until the dpkg frontend +# lock is released to avoid a flaky race with concurrent apt activity. - name: Pin all installed packages with apt-mark ansible.builtin.shell: | set -o pipefail @@ -24,6 +46,10 @@ args: executable: /bin/bash + register: sysprep_apt_mark_hold + until: sysprep_apt_mark_hold.rc == 0 + retries: 30 + delay: 10 - name: Unpin grub packages with apt-mark for MaaS ansible.builtin.shell: | @@ -32,6 +58,10 @@ args: executable: /bin/bash + register: sysprep_apt_mark_unhold_grub + until: sysprep_apt_mark_unhold_grub.rc == 0 + retries: 30 + delay: 10 when: provider is defined and provider is search('maas') - name: Remove extra repos @@ -90,25 +120,6 @@ - { path: /var/lib/apt/lists, state: absent, mode: "0755" } - { path: /var/lib/apt/lists, state: directory, mode: "0755" } -- name: Disable apt-daily services - ansible.builtin.systemd: - name: "{{ item }}" - state: stopped - enabled: false - loop: - - apt-daily.timer - - apt-daily-upgrade.timer - -- name: Get installed packages - ansible.builtin.package_facts: - -- name: Disable unattended upgrades if installed - ansible.builtin.systemd: - name: unattended-upgrades - state: stopped - enabled: false - when: "'unattended-upgrades' in ansible_facts.packages" - - name: Reset network interface IDs ansible.builtin.file: state: absent From a0c6aa12f76bb19b815bf4e5cfd1c5dcfccf4b6c Mon Sep 17 00:00:00 2001 From: Kevin Reeuwijk Date: Wed, 27 May 2026 17:45:16 +0200 Subject: [PATCH 21/32] MAAS ARM64 Support Signed-off-by: Kevin Reeuwijk --- images/capi/Makefile | 15 +- .../ansible/roles/firstboot/meta/main.yml | 13 +- .../capi/ansible/roles/node/defaults/main.yml | 4 + .../ansible/roles/providers/tasks/qemu.yml | 2 +- images/capi/packer/goss/goss-vars.yaml | 23 ++ images/capi/packer/maas/.gitignore | 1 + images/capi/packer/maas/README.md | 54 +++- .../linux/ubuntu/http/22.04.arm64/meta-data | 0 .../ubuntu/http/22.04.arm64/user-data.tmpl | 106 ++++++++ .../linux/ubuntu/http/24.04.arm64/meta-data | 0 .../ubuntu/http/24.04.arm64/user-data.tmpl | 116 +++++++++ .../packer/maas/maas-ubuntu-2204-arm64.json | 22 ++ .../packer/maas/maas-ubuntu-2404-arm64.json | 22 ++ .../capi/packer/maas/packer-arm64.json.tmpl | 235 ++++++++++++++++++ images/capi/packer/maas/packer.json.tmpl | 2 +- images/capi/scripts/ci-goss-populate.sh | 2 +- 16 files changed, 609 insertions(+), 8 deletions(-) create mode 100644 images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/meta-data create mode 100644 images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/user-data.tmpl create mode 100644 images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/meta-data create mode 100644 images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/user-data.tmpl create mode 100644 images/capi/packer/maas/maas-ubuntu-2204-arm64.json create mode 100644 images/capi/packer/maas/maas-ubuntu-2404-arm64.json create mode 100644 images/capi/packer/maas/packer-arm64.json.tmpl diff --git a/images/capi/Makefile b/images/capi/Makefile index 3d109f717a..7c446c59f4 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -407,7 +407,8 @@ PROXMOX_BUILD_NAMES ?= proxmox-ubuntu-2204 proxmox-ubuntu-2404 proxmox-ubuntu- VULTR_BUILD_NAMES ?= vultr-ubuntu-2204 vultr-ubuntu-2404 -MAAS_BUILD_NAMES ?= maas-ubuntu-2204-efi maas-ubuntu-2404-efi +MAAS_BUILD_NAMES ?= maas-ubuntu-2204-efi maas-ubuntu-2404-efi +MAAS_ARM64_BUILD_NAMES ?= maas-ubuntu-2204-arm64 maas-ubuntu-2404-arm64 SCALEWAY_BUILD_NAMES ?= scaleway-rockylinux-9 scaleway-ubuntu-2204 scaleway-ubuntu-2404 @@ -461,6 +462,8 @@ VULTR_BUILD_TARGETS := $(addprefix build-,$(VULTR_BUILD_NAMES)) VULTR_VALIDATE_TARGETS := $(addprefix validate-,$(VULTR_BUILD_NAMES)) MAAS_BUILD_TARGETS := $(addprefix build-,$(MAAS_BUILD_NAMES)) MAAS_VALIDATE_TARGETS := $(addprefix validate-,$(MAAS_BUILD_NAMES)) +MAAS_ARM64_BUILD_TARGETS := $(addprefix build-,$(MAAS_ARM64_BUILD_NAMES)) +MAAS_ARM64_VALIDATE_TARGETS := $(addprefix validate-,$(MAAS_ARM64_BUILD_NAMES)) SCALEWAY_BUILD_TARGETS := $(addprefix build-,$(SCALEWAY_BUILD_NAMES)) SCALEWAY_VALIDATE_TARGETS := $(addprefix validate-,$(SCALEWAY_BUILD_NAMES)) @@ -666,6 +669,14 @@ $(MAAS_BUILD_TARGETS): deps-qemu set-ssh-password $(MAAS_VALIDATE_TARGETS): deps-qemu set-ssh-password $(PACKER) validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/maas/$(subst validate-,,$@).json)" --var="ansible_user_vars=provider=maas" $(ABSOLUTE_PACKER_VAR_FILES) packer/maas/packer.json +.PHONY: $(MAAS_ARM64_BUILD_TARGETS) +$(MAAS_ARM64_BUILD_TARGETS): deps-qemu set-ssh-password + $(PACKER) build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/maas/$(subst build-,,$@).json)" --var="ansible_user_vars=provider=maas" $(ABSOLUTE_PACKER_VAR_FILES) packer/maas/packer-arm64.json + +.PHONY: $(MAAS_ARM64_VALIDATE_TARGETS) +$(MAAS_ARM64_VALIDATE_TARGETS): deps-qemu set-ssh-password + $(PACKER) validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/maas/$(subst validate-,,$@).json)" --var="ansible_user_vars=provider=maas" $(ABSOLUTE_PACKER_VAR_FILES) packer/maas/packer-arm64.json + .PHONY: $(SCALEWAY_BUILD_TARGETS) $(SCALEWAY_BUILD_TARGETS): deps-scaleway $(PACKER) build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/scaleway/$(subst build-scaleway-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/scaleway/packer.json @@ -822,6 +833,8 @@ build-qemu-all: $(QEMU_BUILD_TARGETS) ## Builds all Qemu images build-maas-ubuntu-2204-efi: ## Builds Ubuntu 22.04 MaaS image that EFI boots build-maas-ubuntu-2404-efi: ## Builds Ubuntu 24.04 MaaS image that EFI boots +build-maas-ubuntu-2204-arm64: ## Builds Ubuntu 22.04 ARM64 MaaS image that EFI boots +build-maas-ubuntu-2404-arm64: ## Builds Ubuntu 24.04 ARM64 MaaS image that EFI boots build-raw-flatcar: ## Builds Flatcar RAW image build-raw-ubuntu-2204: ## Builds Ubuntu 22.04 RAW image diff --git a/images/capi/ansible/roles/firstboot/meta/main.yml b/images/capi/ansible/roles/firstboot/meta/main.yml index 004bdd1dc4..883ad49649 100644 --- a/images/capi/ansible/roles/firstboot/meta/main.yml +++ b/images/capi/ansible/roles/firstboot/meta/main.yml @@ -19,9 +19,20 @@ dependencies: debs: "" when: ansible_facts['os_family'] == "VMware Photon OS" + - role: setup + vars: + rpms: >- + {{ ( common_rpms + rh8_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) }} + debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs_arm64') }}" + when: > + packer_builder_type is search('qemu') + and ansible_architecture == "aarch64" + - role: setup vars: rpms: >- {{ ( common_rpms + rh8_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) }} debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs') }}" - when: packer_builder_type is search('qemu') + when: > + packer_builder_type is search('qemu') + and ansible_architecture != "aarch64" diff --git a/images/capi/ansible/roles/node/defaults/main.yml b/images/capi/ansible/roles/node/defaults/main.yml index 789af2027e..dc68f53f55 100644 --- a/images/capi/ansible/roles/node/defaults/main.yml +++ b/images/capi/ansible/roles/node/defaults/main.yml @@ -102,6 +102,10 @@ photon_5_rpms: common_virt_rpms: - open-vm-tools +common_virt_debs_arm64: + - linux-tools-virtual + - open-vm-tools + common_virt_debs: - linux-cloud-tools-virtual - linux-tools-virtual diff --git a/images/capi/ansible/roles/providers/tasks/qemu.yml b/images/capi/ansible/roles/providers/tasks/qemu.yml index 173d64a16a..31d4e324cb 100644 --- a/images/capi/ansible/roles/providers/tasks/qemu.yml +++ b/images/capi/ansible/roles/providers/tasks/qemu.yml @@ -40,7 +40,7 @@ name: hv-kvp-daemon state: stopped enabled: false - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == "Debian" and ansible_architecture != "aarch64" - name: Create directory for DHCP chrony server files ansible.builtin.file: diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 1b1a1e482f..279dd93136 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -459,6 +459,29 @@ ubuntu: cloud-guest-utils: cloud-initramfs-copymods: cloud-initramfs-dyn-netconf: + maas: + service: + networkd-dispatcher: + enabled: true + running: true + package: + linux-cloud-tools-virtual: + linux-tools-virtual: + open-vm-tools: + cloud-guest-utils: + cloud-initramfs-copymods: + cloud-initramfs-dyn-netconf: + maas-arm64: + service: + networkd-dispatcher: + enabled: true + running: true + package: + linux-tools-virtual: + open-vm-tools: + cloud-guest-utils: + cloud-initramfs-copymods: + cloud-initramfs-dyn-netconf: qemu: service: networkd-dispatcher: diff --git a/images/capi/packer/maas/.gitignore b/images/capi/packer/maas/.gitignore index ed3058d85d..e8e39bf3d1 100644 --- a/images/capi/packer/maas/.gitignore +++ b/images/capi/packer/maas/.gitignore @@ -1,4 +1,5 @@ packer.json +packer-arm64.json ks.cfg preseed.cfg preseed-efi.cfg diff --git a/images/capi/packer/maas/README.md b/images/capi/packer/maas/README.md index 24252e380b..50e78fd1db 100644 --- a/images/capi/packer/maas/README.md +++ b/images/capi/packer/maas/README.md @@ -1,18 +1,66 @@ +# Prereqs + +Assuming you're building on Ubuntu: +``` +apt update +apt install -y make jq unzip python3-pip +cd images/capi +make deps-qemu +``` + +If you will be building ARM64 images, ensure you run the builder on a native ARM64 server and add these additional prereqs: +``` +apt-get install qemu-system-arm libvirt-daemon-system -y + +# create EFI disk images for ARM64 +pushd /var/lib/libvirt/images/ +dd if=/dev/zero of=capi.fd bs=1M count=64 +dd if=/dev/zero of=capi-nvmram.fd bs=1M count=64 +dd if=/usr/share/qemu-efi-aarch64/QEMU_EFI.fd of=capi.fd conv=notrunc +popd +``` + +# Building + To build an image using a specific version of Kubernetes use the "PACKER_FLAGS" env var like in the example below: +For AMD64: +``` +export PATH=/root/.local/bin:$PATH + PACKER_FLAGS="--var 'kubernetes_rpm_version=1.30.5' --var 'kubernetes_semver=v1.30.5' --var 'kubernetes_series=v1.30' --var 'kubernetes_deb_version=1.30.5-1.1'" make build-maas-ubuntu-2204-efi +``` + +For ARM64: +``` +export PATH=/root/.local/bin:$PATH + +ARCH=arm64 PACKER_FLAGS="--var 'kubernetes_rpm_version=1.30.5' --var 'kubernetes_semver=v1.30.5' --var 'kubernetes_series=v1.30' --var 'kubernetes_deb_version=1.30.5-1.1'" make build-maas-ubuntu-2204-arm64 +``` P.S: In order to change disk size(defaults to 20GB as of 31.10.22) you can update PACKER_FLAGS with: --var 'disk_size=' +# Uploading to MaaS -Upload images to MaaS +To upload the generates images to MaaS, run the following command. +For AMD64: ``` -maas boot-resources create name=custom/ architecture=amd64/generic title= subarches=generic base_image=ubuntu/ content@=./.tar.gz +maas boot-resources create name= architecture=amd64/generic title= base_image=ubuntu/ content@=./.tar.gz ``` +For ARM64: +``` +maas boot-resources create name= architecture=arm64/generic title= base_image=ubuntu/ content@=./.tar.gz +``` + + Notes / Things you need to known: - If you are using ubuntu **22.04**, set the `base_image` field to: `ubuntu/jammy`. For 24.04, use: `ubuntu/noble` -- Use **UEFI** to boot the machines, if you use BIOS, your MaaS deployment will **probably** fail. \ No newline at end of file +- Use **UEFI** to boot the machines, if you use BIOS, your MaaS deployment will **probably** fail. + +# Development + +Ensure any future changes to packer.json.tmpl that are not architecture-specific, are also synced into packer-arm64.json.tmpl! \ No newline at end of file diff --git a/images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/meta-data b/images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/user-data.tmpl b/images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/user-data.tmpl new file mode 100644 index 0000000000..44eafe3f30 --- /dev/null +++ b/images/capi/packer/maas/linux/ubuntu/http/22.04.arm64/user-data.tmpl @@ -0,0 +1,106 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/vda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-vda + - device: disk-vda + # Create EFI partition of 512MB same as in Ubuntu 20.04 + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-vda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: "all" + ssh: + install-server: true + allow-pw: true + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/meta-data b/images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/user-data.tmpl b/images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/user-data.tmpl new file mode 100644 index 0000000000..532fa05425 --- /dev/null +++ b/images/capi/packer/maas/linux/ubuntu/http/24.04.arm64/user-data.tmpl @@ -0,0 +1,116 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/vda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-vda + - device: disk-vda + # Create EFI partition of 512MB same as in Ubuntu 20.04 + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-vda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/maas/maas-ubuntu-2204-arm64.json b/images/capi/packer/maas/maas-ubuntu-2204-arm64.json new file mode 100644 index 0000000000..3d58d49677 --- /dev/null +++ b/images/capi/packer/maas/maas-ubuntu-2204-arm64.json @@ -0,0 +1,22 @@ +{ + "arch": "arm64", + "boot_command_prefix": "clinux /casper/vmlinuz console=ttyAMA0 autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/' --- initrd /casper/initrdboot", + "boot_type": "uefi", + "build_name": "ubuntu-2204-arm64", + "cpus": "16", + "distribution_version": "2204", + "distro_name": "ubuntu", + "goss_arch": "arm64", + "guest_os_type": "ubuntu-64", + "http_directory": "./packer/maas/linux/ubuntu/http/22.04.arm64", + "iso_checksum": "eafec62cfe760c30cac43f446463e628fada468c2de2f14e0e2bc27295187505", + "iso_checksum_type": "sha256", + "iso_target_path": "/tmp/packer_cache/ubuntu-22.04.5-live-server-arm64.iso", + "iso_url": "https://cdimage.ubuntu.com/releases/22.04.5/release/ubuntu-22.04.5-live-server-arm64.iso", + "memory": "4096", + "os_display_name": "Ubuntu 22.04", + "shutdown_command": "shutdown -P now", + "ubuntu_repo": "http://ports.ubuntu.com/ubuntu-ports", + "ubuntu_security_repo": "http://ports.ubuntu.com/ubuntu-ports", + "unmount_iso": "true" +} diff --git a/images/capi/packer/maas/maas-ubuntu-2404-arm64.json b/images/capi/packer/maas/maas-ubuntu-2404-arm64.json new file mode 100644 index 0000000000..4d115a0b00 --- /dev/null +++ b/images/capi/packer/maas/maas-ubuntu-2404-arm64.json @@ -0,0 +1,22 @@ +{ + "arch": "arm64", + "boot_command_prefix": "clinux /casper/vmlinuz console=ttyAMA0 autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/' --- initrd /casper/initrdboot", + "boot_type": "uefi", + "build_name": "ubuntu-2404-arm64", + "cpus": "16", + "distribution_version": "2404", + "distro_name": "ubuntu", + "goss_arch": "arm64", + "guest_os_type": "ubuntu-64", + "http_directory": "./packer/maas/linux/ubuntu/http/24.04.arm64", + "iso_checksum": "2ee2163c9b901ff5926400e80759088ff3b879982a3956c02100495b489fd555", + "iso_checksum_type": "sha256", + "iso_target_path": "/tmp/packer_cache/ubuntu-24.04.3-live-server-arm64.iso", + "iso_url": "https://cdimage.ubuntu.com/releases/24.04/release/ubuntu-24.04.3-live-server-arm64.iso", + "memory": "4096", + "os_display_name": "Ubuntu 24.04", + "shutdown_command": "shutdown -P now", + "ubuntu_repo": "http://ports.ubuntu.com/ubuntu-ports", + "ubuntu_security_repo": "http://ports.ubuntu.com/ubuntu-ports", + "unmount_iso": "true" +} diff --git a/images/capi/packer/maas/packer-arm64.json.tmpl b/images/capi/packer/maas/packer-arm64.json.tmpl new file mode 100644 index 0000000000..b691d2ba84 --- /dev/null +++ b/images/capi/packer/maas/packer-arm64.json.tmpl @@ -0,0 +1,235 @@ +{ + "builders": [ + { + "accelerator": "{{user `accelerator`}}", + "boot_command": [ + "{{user `boot_command_prefix`}}", + "{{user `boot_media_path`}}", + "{{user `boot_command_suffix`}}" + ], + "boot_wait": "{{user `boot_wait`}}", + "cd_files": [ + "{{user `cd_files`}}" + ], + "cd_label": "cidata", + "cdrom_interface": "{{user `cdrom_interface`}}", + "cpu_model": "{{user `cpu_model`}}", + "cpus": "{{user `cpus`}}", + "disk_compression": "{{ user `disk_compression`}}", + "disk_discard": "{{user `disk_discard`}}", + "disk_image": "{{ user `disk_image` }}", + "disk_interface": "{{ user `disk_interface` }}", + "disk_size": "{{user `disk_size`}}", + "efi_boot": "{{user `efi_boot`}}", + "efi_firmware_code": "{{user `efi_firmware_code`}}", + "efi_firmware_vars": "{{user `efi_firmware_vars`}}", + "firmware": "{{user `firmware`}}", + "format": "{{user `format`}}", + "headless": "{{user `headless`}}", + "http_directory": "{{user `http_directory`}}", + "iso_checksum": "{{user `iso_checksum_type`}}:{{user `iso_checksum`}}", + "iso_url": "{{user `iso_url`}}", + "iso_target_path": "{{user `iso_target_path`}}", + "machine_type": "{{user `machine_type`}}", + "memory": "{{user `memory`}}", + "net_device": "virtio-net", + "output_directory": "{{user `output_directory`}}", + "qemu_binary": "{{user `qemu_binary`}}", + "qemuargs": [ + [ "-device", "usb-ehci" ], + [ "-device", "usb-kbd" ], + "-usb", + [ "-drive", "if=none,file=output/{{user `vm_name`}}/{{user `vm_name`}},id=drive0,cache=writeback,discard=unmap,format=qcow2" ], + [ "-device", "virtio-blk,drive=drive0,bootindex=0" ], + [ "-drive", "file={{user `iso_target_path`}},if=none,index=1,id=cdrom0,media=cdrom" ], + [ "-device", "virtio-blk,drive=cdrom0,bootindex=1" ], + [ "-drive", "file=/var/lib/libvirt/images/capi.fd,format=raw,if=pflash" ], + [ "-drive", "file=/var/lib/libvirt/images/capi-nvmram.fd,format=raw,if=pflash" ], + [ "-device", "virtio-gpu-pci" ] + ], + "shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'", + "ssh_password": "{{user `ssh_password`}}", + "ssh_timeout": "2h", + "ssh_username": "{{user `ssh_username`}}", + "type": "qemu", + "vm_name": "{{user `vm_name`}}", + "vnc_bind_address": "{{user `vnc_bind_address`}}" + } + ], + "post-processors": [ + { + "environment_vars": [ + "CUSTOM_POST_PROCESSOR={{user `custom_post_processor`}}" + ], + "inline": [ + "if [ \"$CUSTOM_POST_PROCESSOR\" != \"true\" ]; then exit 0; fi", + "{{user `custom_post_processor_command`}}" + ], + "name": "custom-post-processor", + "type": "shell-local" + }, + { + "inline": [ + "sudo bash ./packer/maas/scripts/generate-maas-image.sh {{user `output_directory`}}/{{user `artifact_name`}}" + ], + "name": "convert-to-maas", + "type": "shell-local" + } + ], + "provisioners": [ + { + "environment_vars": [ + "PYPY_HTTP_SOURCE={{user `pypy_http_source`}}" + ], + "execute_command": "BUILD_NAME={{user `build_name`}}; if [[ \"${BUILD_NAME}\" == *\"flatcar\"* ]]; then sudo {{.Vars}} -S -E bash '{{.Path}}'; fi", + "script": "./packer/files/flatcar/scripts/bootstrap-flatcar.sh", + "type": "shell" + }, + { + "ansible_env_vars": [ + "ANSIBLE_SSH_ARGS='{{user `existing_ansible_ssh_args`}} {{user `ansible_common_ssh_args`}}'", + "KUBEVIRT={{user `kubevirt`}}" + ], + "extra_arguments": [ + "--extra-vars", + "{{user `ansible_common_vars`}}", + "--extra-vars", + "{{user `ansible_extra_vars`}}", + "--extra-vars", + "{{user `ansible_user_vars`}}", + "--scp-extra-args", + "{{user `ansible_scp_extra_args`}}" + ], + "playbook_file": "./ansible/firstboot.yml", + "type": "ansible", + "user": "builder" + }, + { + "expect_disconnect": true, + "inline": [ + "sudo reboot now" + ], + "inline_shebang": "/bin/bash -e", + "type": "shell" + }, + { + "pause_before": "30s", + "ansible_env_vars": [ + "ANSIBLE_SSH_ARGS='{{user `existing_ansible_ssh_args`}} {{user `ansible_common_ssh_args`}}'", + "KUBEVIRT={{user `kubevirt`}}" + ], + "extra_arguments": [ + "--extra-vars", + "{{user `ansible_common_vars`}}", + "--extra-vars", + "{{user `ansible_extra_vars`}}", + "--extra-vars", + "{{user `ansible_user_vars`}}", + "--scp-extra-args", + "{{user `ansible_scp_extra_args`}}" + ], + "playbook_file": "./ansible/node.yml", + "type": "ansible", + "user": "builder" + }, + { + "inline": [ + "sudo rm -f /etc/fstab" + ], + "inline_shebang": "/bin/bash -e", + "type": "shell" + }, + { + "arch": "{{user `goss_arch`}}", + "format": "{{user `goss_format`}}", + "format_options": "{{user `goss_format_options`}}", + "goss_file": "{{user `goss_entry_file`}}", + "inspect": "{{user `goss_inspect_mode`}}", + "tests": [ + "{{user `goss_tests_dir`}}" + ], + "type": "goss", + "url": "{{user `goss_url`}}", + "use_sudo": true, + "vars_file": "{{user `goss_vars_file`}}", + "vars_inline": { + "ARCH": "amd64", + "OS": "{{user `distro_name` | lower}}", + "OS_VERSION": "{{user `distribution_version` | lower}}", + "PROVIDER": "maas-arm64", + "containerd_version": "{{user `containerd_version`}}", + "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", + "kubernetes_cni_rpm_version": "{{ split (user `kubernetes_cni_rpm_version`) \"-\" 0 }}", + "kubernetes_cni_source_type": "{{user `kubernetes_cni_source_type`}}", + "kubernetes_cni_version": "{{user `kubernetes_cni_semver` | replace \"v\" \"\" 1}}", + "kubernetes_deb_version": "{{ user `kubernetes_deb_version` }}", + "kubernetes_rpm_version": "{{ split (user `kubernetes_rpm_version`) \"-\" 0 }}", + "kubernetes_source_type": "{{user `kubernetes_source_type`}}", + "kubernetes_version": "{{user `kubernetes_semver` | replace \"v\" \"\" 1}}" + }, + "version": "{{user `goss_version`}}" + } + ], + "variables": { + "accelerator": "kvm", + "ansible_common_vars": "", + "ansible_extra_vars": "ansible_python_interpreter=/usr/bin/python3", + "ansible_user_vars": "", + "artifact_name": "{{user `build_name`}}-kube-{{user `kubernetes_semver`}}", + "boot_media_path": "http://{{ .HTTPIP }}:{{ .HTTPPort }}", + "boot_wait": "10s", + "build_timestamp": "{{timestamp}}", + "cd_files": "linux/base/*.nothing", + "cdrom_interface": "none", + "containerd_service_url": "https://raw.githubusercontent.com/containerd/containerd/refs/tags/v{{user `containerd_version`}}/containerd.service", + "containerd_url": "https://github.com/containerd/containerd/releases/download/v{{user `containerd_version`}}/containerd-{{user `containerd_version`}}-linux-arm64.tar.gz", + "containerd_version": null, + "cpu_model": "host", + "cpus": "1", + "crictl_version": null, + "crictl_url": "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-arm64.tar.gz", + "disk_compression": "false", + "disk_discard": "unmap", + "disk_image": "false", + "disk_interface": "virtio-scsi", + "disk_size": "20480", + "efi_boot": "true", + "efi_firmware_code": "/var/lib/libvirt/images/capi.fd", + "efi_firmware_vars": "/var/lib/libvirt/images/capi-nvmram.fd", + "existing_ansible_ssh_args": "{{env `ANSIBLE_SSH_ARGS`}}", + "firmware": "", + "format": "qcow2", + "headless": "true", + "http_directory": "./packer/qemu/linux/{{user `distro_name`}}/http/", + "kubernetes_cni_deb_version": null, + "kubernetes_cni_http_source": null, + "kubernetes_cni_semver": null, + "kubernetes_cni_source_type": null, + "kubernetes_container_registry": null, + "kubernetes_deb_gpg_key": null, + "kubernetes_deb_repo": null, + "kubernetes_deb_version": null, + "kubernetes_http_source": null, + "kubernetes_load_additional_imgs": null, + "kubernetes_rpm_gpg_check": null, + "kubernetes_rpm_gpg_key": null, + "kubernetes_rpm_repo": null, + "kubernetes_rpm_version": null, + "kubernetes_semver": null, + "kubernetes_series": null, + "kubernetes_source_type": null, + "runc_url": "https://github.com/opencontainers/runc/releases/download/v{{user `runc_version`}}/runc.amd64", + "runc_version": null, + "machine_id_mode": "444", + "machine_type": "virt", + "memory": "2048", + "oem_id": "", + "output_directory": "./output/{{user `build_name`}}-kube-{{user `kubernetes_semver`}}", + "python_path": "", + "qemu_binary": "qemu-system-aarch64", + "ssh_password": "$SSH_PASSWORD", + "ssh_username": "builder", + "vm_name": "{{user `build_name`}}-kube-{{user `kubernetes_semver`}}", + "vnc_bind_address": "127.0.0.1" + } +} diff --git a/images/capi/packer/maas/packer.json.tmpl b/images/capi/packer/maas/packer.json.tmpl index 83e98e850e..a6b2885f4e 100644 --- a/images/capi/packer/maas/packer.json.tmpl +++ b/images/capi/packer/maas/packer.json.tmpl @@ -138,7 +138,7 @@ "ARCH": "amd64", "OS": "{{user `distro_name` | lower}}", "OS_VERSION": "{{user `distribution_version` | lower}}", - "PROVIDER": "qemu", + "PROVIDER": "maas", "containerd_enable_limit_no_file": "{{user `containerd_enable_limit_no_file`}}", "containerd_image_pull_progress_timeout": "{{user `containerd_image_pull_progress_timeout`}}", "containerd_version": "{{user `containerd_version`}}", diff --git a/images/capi/scripts/ci-goss-populate.sh b/images/capi/scripts/ci-goss-populate.sh index fa0b1b7de4..f06731f095 100755 --- a/images/capi/scripts/ci-goss-populate.sh +++ b/images/capi/scripts/ci-goss-populate.sh @@ -29,7 +29,7 @@ source hack/utils.sh ensure_py3 _version="v0.3.23" -_bin_url="https://github.com/goss-org/goss/releases/download/${_version}/goss-linux-amd64" +_bin_url="https://github.com/goss-org/goss/releases/download/${_version}/goss-linux-${HOSTARCH}" if ! command -v goss >/dev/null 2>&1; then if [[ ${HOSTOS} == "linux" ]]; then From 6bd2ed18844c5ebafa1399db493be3b69b6535a4 Mon Sep 17 00:00:00 2001 From: Tomy Guichard Date: Fri, 27 Mar 2026 11:14:02 +0100 Subject: [PATCH 22/32] Update Scaleway OWNERS --- OWNERS_ALIASES | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index c3c33cecda..d6f31e9ab2 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -24,8 +24,7 @@ aliases: - yadvr image-builder-scaleway-reviewers: - Tomy2e - - Mia-Cross - - remyleone + - pablo-ruth image-builder-raw-maintainers: - detiber - thebsdbox From 63ffa19861c3b6839b5feced05a41abe07d431d6 Mon Sep 17 00:00:00 2001 From: hajowieland Date: Tue, 2 Jun 2026 15:00:45 +0200 Subject: [PATCH 23/32] Resolve latest Flatcar version from release server version.txt --- images/capi/hack/image-grok-latest-flatcar-version.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/images/capi/hack/image-grok-latest-flatcar-version.sh b/images/capi/hack/image-grok-latest-flatcar-version.sh index 2658949cf9..3fc8b5feda 100755 --- a/images/capi/hack/image-grok-latest-flatcar-version.sh +++ b/images/capi/hack/image-grok-latest-flatcar-version.sh @@ -5,8 +5,6 @@ channel="$1" curl -L -s \ - "https://www.flatcar.org/releases-json/releases-$channel.json" \ - | jq -r 'to_entries[] | "\(.key)"' \ - | grep -v "current" \ - | sort --version-sort \ - | tail -n1 + "https://$channel.release.flatcar-linux.net/amd64-usr/current/version.txt" \ + | grep '^FLATCAR_VERSION=' \ + | cut -d= -f2 From 31ac090862a7ae476ffd95507bac2694b0e172bf Mon Sep 17 00:00:00 2001 From: reasonofsky Date: Tue, 2 Jun 2026 17:57:16 +0200 Subject: [PATCH 24/32] fix(facts): ansible_architecture Signed-off-by: reasonofsky --- images/capi/ansible/roles/firstboot/meta/main.yml | 4 ++-- images/capi/ansible/roles/providers/tasks/qemu.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/capi/ansible/roles/firstboot/meta/main.yml b/images/capi/ansible/roles/firstboot/meta/main.yml index 883ad49649..92442b55fe 100644 --- a/images/capi/ansible/roles/firstboot/meta/main.yml +++ b/images/capi/ansible/roles/firstboot/meta/main.yml @@ -26,7 +26,7 @@ dependencies: debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs_arm64') }}" when: > packer_builder_type is search('qemu') - and ansible_architecture == "aarch64" + and ansible_facts['architecture'] == "aarch64" - role: setup vars: @@ -35,4 +35,4 @@ dependencies: debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs') }}" when: > packer_builder_type is search('qemu') - and ansible_architecture != "aarch64" + and ansible_facts['architecture'] != "aarch64" diff --git a/images/capi/ansible/roles/providers/tasks/qemu.yml b/images/capi/ansible/roles/providers/tasks/qemu.yml index 31d4e324cb..e3ce4b1501 100644 --- a/images/capi/ansible/roles/providers/tasks/qemu.yml +++ b/images/capi/ansible/roles/providers/tasks/qemu.yml @@ -40,7 +40,7 @@ name: hv-kvp-daemon state: stopped enabled: false - when: ansible_facts['os_family'] == "Debian" and ansible_architecture != "aarch64" + when: ansible_facts['os_family'] == "Debian" and ansible_facts['architecture'] != "aarch64" - name: Create directory for DHCP chrony server files ansible.builtin.file: From 97fbb7752ad3fbaf12f92f429d3ff628f269f017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20PEREZ?= Date: Wed, 3 Jun 2026 14:35:17 +0200 Subject: [PATCH 25/32] Add Ubuntu 26.04 LTS (Resolute Raccoon) support - Update Makefile, azure_targets.sh, init-sig.sh with ubuntu-2604 targets - Disable Azure Ubuntu 26 CVM target (not available yet) - Replace deprecated apt_key with signed-by keyring approach (all roles) - Map Azure CLI codename resolute->noble (no MS repo for 26.04 yet) - Set QEMU memory to 4GB for Ubuntu 26.04 - Update README.md and all provider docs - Fix sysctl path for Ubuntu 26.04 (systemd 259 no longer loads /etc/sysctl.conf) - Stop background apt services to prevent race conditions during build --- README.md | 1 + docs/book/src/capi/providers/3dsoutscale.md | 1 + docs/book/src/capi/providers/aws.md | 1 + docs/book/src/capi/providers/digitalocean.md | 1 + docs/book/src/capi/providers/gcp.md | 1 + docs/book/src/capi/providers/hcloud.md | 1 + docs/book/src/capi/providers/maas.md | 4 +- docs/book/src/capi/providers/proxmox.md | 1 + docs/book/src/capi/providers/scaleway.md | 1 + docs/book/src/capi/providers/vsphere.md | 2 + docs/book/src/capi/providers/vultr.md | 1 + images/capi/Makefile | 75 ++++++++--- .../capi/ansible/roles/gpu/tasks/nvidia.yml | 21 +++- .../ansible/roles/kubernetes/tasks/debian.yml | 23 +++- .../capi/ansible/roles/node/defaults/main.yml | 1 + .../roles/providers/tasks/azurecli.yml | 30 ++++- .../ansible/roles/providers/tasks/main.yml | 26 +++- .../ansible/roles/security/tasks/falco.yml | 22 +++- .../ansible/roles/security/tasks/trivy.yml | 22 +++- .../capi/ansible/roles/setup/tasks/redhat.yml | 2 +- images/capi/azure_targets.sh | 4 +- images/capi/packer/ami/ubuntu-2604.json | 14 +++ images/capi/packer/azure/scripts/init-sig.sh | 9 ++ images/capi/packer/azure/ubuntu-2604-cvm.json | 9 ++ .../capi/packer/azure/ubuntu-2604-gen2.json | 9 ++ images/capi/packer/azure/ubuntu-2604.json | 9 ++ .../capi/packer/digitalocean/ubuntu-2604.json | 5 + images/capi/packer/gce/ubuntu-2604.json | 9 ++ images/capi/packer/hcloud/ubuntu-2604.json | 8 ++ .../linux/ubuntu/http/26.04.efi/meta-data | 0 .../ubuntu/http/26.04.efi/user-data.tmpl | 116 ++++++++++++++++++ .../maas/linux/ubuntu/http/26.04/meta-data | 0 .../linux/ubuntu/http/26.04/user-data.tmpl | 93 ++++++++++++++ .../packer/maas/maas-ubuntu-2604-efi.json | 14 +++ images/capi/packer/nutanix/ubuntu-2604.json | 8 ++ images/capi/packer/openstack/ubuntu-2604.json | 5 + images/capi/packer/outscale/ubuntu-2604.json | 7 ++ .../ova/linux/ubuntu/http/26.04.efi/meta-data | 0 .../ubuntu/http/26.04.efi/user-data.tmpl | 111 +++++++++++++++++ .../ova/linux/ubuntu/http/26.04/meta-data | 0 .../linux/ubuntu/http/26.04/user-data.tmpl | 90 ++++++++++++++ images/capi/packer/ova/ubuntu-2604-efi.json | 19 +++ images/capi/packer/ova/ubuntu-2604.json | 18 +++ .../linux/ubuntu/http/26.04.efi/meta-data | 0 .../ubuntu/http/26.04.efi/user-data.tmpl | 99 +++++++++++++++ .../proxmox/linux/ubuntu/http/26.04/meta-data | 0 .../linux/ubuntu/http/26.04/user-data.tmpl | 75 +++++++++++ .../capi/packer/proxmox/ubuntu-2604-efi.json | 14 +++ images/capi/packer/proxmox/ubuntu-2604.json | 14 +++ .../linux/ubuntu/http/26.04.efi/meta-data | 0 .../ubuntu/http/26.04.efi/user-data.tmpl | 116 ++++++++++++++++++ .../qemu/linux/ubuntu/http/26.04/meta-data | 0 .../linux/ubuntu/http/26.04/user-data.tmpl | 93 ++++++++++++++ .../packer/qemu/qemu-ubuntu-2604-efi.json | 15 +++ images/capi/packer/qemu/qemu-ubuntu-2604.json | 14 +++ .../raw/linux/ubuntu/http/26.04.efi/meta-data | 0 .../ubuntu/http/26.04.efi/user-data.tmpl | 114 +++++++++++++++++ .../raw/linux/ubuntu/http/26.04/meta-data | 0 .../linux/ubuntu/http/26.04/user-data.tmpl | 92 ++++++++++++++ .../capi/packer/raw/raw-ubuntu-2604-efi.json | 17 +++ images/capi/packer/raw/raw-ubuntu-2604.json | 16 +++ images/capi/packer/scaleway/ubuntu-2604.json | 6 + images/capi/packer/vultr/ubuntu-2604.json | 6 + 63 files changed, 1446 insertions(+), 39 deletions(-) create mode 100644 images/capi/packer/ami/ubuntu-2604.json create mode 100644 images/capi/packer/azure/ubuntu-2604-cvm.json create mode 100644 images/capi/packer/azure/ubuntu-2604-gen2.json create mode 100644 images/capi/packer/azure/ubuntu-2604.json create mode 100644 images/capi/packer/digitalocean/ubuntu-2604.json create mode 100644 images/capi/packer/gce/ubuntu-2604.json create mode 100644 images/capi/packer/hcloud/ubuntu-2604.json create mode 100644 images/capi/packer/maas/linux/ubuntu/http/26.04.efi/meta-data create mode 100644 images/capi/packer/maas/linux/ubuntu/http/26.04.efi/user-data.tmpl create mode 100644 images/capi/packer/maas/linux/ubuntu/http/26.04/meta-data create mode 100644 images/capi/packer/maas/linux/ubuntu/http/26.04/user-data.tmpl create mode 100644 images/capi/packer/maas/maas-ubuntu-2604-efi.json create mode 100644 images/capi/packer/nutanix/ubuntu-2604.json create mode 100644 images/capi/packer/openstack/ubuntu-2604.json create mode 100644 images/capi/packer/outscale/ubuntu-2604.json create mode 100644 images/capi/packer/ova/linux/ubuntu/http/26.04.efi/meta-data create mode 100644 images/capi/packer/ova/linux/ubuntu/http/26.04.efi/user-data.tmpl create mode 100644 images/capi/packer/ova/linux/ubuntu/http/26.04/meta-data create mode 100644 images/capi/packer/ova/linux/ubuntu/http/26.04/user-data.tmpl create mode 100644 images/capi/packer/ova/ubuntu-2604-efi.json create mode 100644 images/capi/packer/ova/ubuntu-2604.json create mode 100644 images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/meta-data create mode 100644 images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/user-data.tmpl create mode 100644 images/capi/packer/proxmox/linux/ubuntu/http/26.04/meta-data create mode 100644 images/capi/packer/proxmox/linux/ubuntu/http/26.04/user-data.tmpl create mode 100644 images/capi/packer/proxmox/ubuntu-2604-efi.json create mode 100644 images/capi/packer/proxmox/ubuntu-2604.json create mode 100644 images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/meta-data create mode 100644 images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/user-data.tmpl create mode 100644 images/capi/packer/qemu/linux/ubuntu/http/26.04/meta-data create mode 100644 images/capi/packer/qemu/linux/ubuntu/http/26.04/user-data.tmpl create mode 100644 images/capi/packer/qemu/qemu-ubuntu-2604-efi.json create mode 100644 images/capi/packer/qemu/qemu-ubuntu-2604.json create mode 100644 images/capi/packer/raw/linux/ubuntu/http/26.04.efi/meta-data create mode 100644 images/capi/packer/raw/linux/ubuntu/http/26.04.efi/user-data.tmpl create mode 100644 images/capi/packer/raw/linux/ubuntu/http/26.04/meta-data create mode 100644 images/capi/packer/raw/linux/ubuntu/http/26.04/user-data.tmpl create mode 100644 images/capi/packer/raw/raw-ubuntu-2604-efi.json create mode 100644 images/capi/packer/raw/raw-ubuntu-2604.json create mode 100644 images/capi/packer/scaleway/ubuntu-2604.json create mode 100644 images/capi/packer/vultr/ubuntu-2604.json diff --git a/README.md b/README.md index 5c257f1a2d..9df4980db4 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ The table below shows the currently provided operating systems for each provider | Rocky Linux 9 | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | 💙 | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | | Ubuntu 22.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | | Ubuntu 24.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Ubuntu 26.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | | Windows 2019 | ✅ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | Windows 2022 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | Windows 2025 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | diff --git a/docs/book/src/capi/providers/3dsoutscale.md b/docs/book/src/capi/providers/3dsoutscale.md index 668e58a4d4..0b64d9a8cb 100644 --- a/docs/book/src/capi/providers/3dsoutscale.md +++ b/docs/book/src/capi/providers/3dsoutscale.md @@ -28,6 +28,7 @@ the different operating systems. |------|-------------| | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | You must have your [Access Keys](https://docs.outscale.com/en/userguide/About-Access-Keys.html). You must have your [Account Id](https://docs.outscale.com/en/userguide/Getting-Information-About-Your-Account-and-Quotas.html). diff --git a/docs/book/src/capi/providers/aws.md b/docs/book/src/capi/providers/aws.md index f6f11c527e..5e44760599 100644 --- a/docs/book/src/capi/providers/aws.md +++ b/docs/book/src/capi/providers/aws.md @@ -46,6 +46,7 @@ the different operating systems. | `rockylinux.json` | The settings for the Rocky Linux image | | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | | `windows-2019.json` | The settings for the Windows 2019 image | diff --git a/docs/book/src/capi/providers/digitalocean.md b/docs/book/src/capi/providers/digitalocean.md index b4addae554..de2a67504e 100644 --- a/docs/book/src/capi/providers/digitalocean.md +++ b/docs/book/src/capi/providers/digitalocean.md @@ -27,3 +27,4 @@ the different operating systems. |------|-------------| | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | diff --git a/docs/book/src/capi/providers/gcp.md b/docs/book/src/capi/providers/gcp.md index 0fec5d46c2..f5ace949a3 100644 --- a/docs/book/src/capi/providers/gcp.md +++ b/docs/book/src/capi/providers/gcp.md @@ -50,6 +50,7 @@ The `gce` sub-directory inside `images/capi/packer` stores JSON configuration fi | -------- | -------- | `ubuntu-2204.json` | Settings for Ubuntu 22.04 image | | `ubuntu-2404.json` | Settings for Ubuntu 24.04 image | +| `ubuntu-2604.json` | Settings for Ubuntu 26.04 image | #### Common GCP options diff --git a/docs/book/src/capi/providers/hcloud.md b/docs/book/src/capi/providers/hcloud.md index e35759075b..4492e6ae4e 100644 --- a/docs/book/src/capi/providers/hcloud.md +++ b/docs/book/src/capi/providers/hcloud.md @@ -29,3 +29,4 @@ the different operating systems. | `rockylinux-9.json` | The settings for the RockyLinux 9 image | | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | diff --git a/docs/book/src/capi/providers/maas.md b/docs/book/src/capi/providers/maas.md index 2db31b0b9a..3f71d323e3 100644 --- a/docs/book/src/capi/providers/maas.md +++ b/docs/book/src/capi/providers/maas.md @@ -19,7 +19,7 @@ From the `image-builder` directory, run: make build-maas-ubuntu-xxxx-efi ``` -The image will be located in `images/capi/output/BUILD_NAME+kube-KUBERNETES_VERSION`. Replace `xxxx` with `2204` or `2404`, depending on the Ubuntu version. +The image will be located in `images/capi/output/BUILD_NAME+kube-KUBERNETES_VERSION`. Replace `xxxx` with `2204`, `2404` or `2604`, depending on the Ubuntu version. To build a Ubuntu 22.04-based CAPI image: @@ -73,7 +73,7 @@ Use the **.tar.gz** file for the upload: maas admin boot-resources create name=custom/your-image architecture=amd64/generic title=your-image subarches=generic base_image=ubuntu/jammy content@=./ubuntu-2204-efi-kube-v1.30.5.tar.gz ``` -**Note:** Set `base_image=ubuntu/jammy` for Ubuntu 22.04 or `ubuntu/noble` for 24.04. +**Note:** Set `base_image=ubuntu/jammy` for Ubuntu 22.04, `ubuntu/noble` for 24.04, or `ubuntu/resolute` for 26.04. ## Custom Curtin Scripts If you need to override the default MaaS curtin scripts, create a custom role containing the curtin hooks. The files must be copied to the `/curtin` directory diff --git a/docs/book/src/capi/providers/proxmox.md b/docs/book/src/capi/providers/proxmox.md index 44ef8f4a71..f5e317023d 100644 --- a/docs/book/src/capi/providers/proxmox.md +++ b/docs/book/src/capi/providers/proxmox.md @@ -38,6 +38,7 @@ the different operating systems. |--------------------|-----------------------------------------| | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | The full list of available environment vars can be found in the `variables` section of `images/capi/packer/proxmox/packer.json`. diff --git a/docs/book/src/capi/providers/scaleway.md b/docs/book/src/capi/providers/scaleway.md index 5e3daf5175..fa2aa61f9e 100644 --- a/docs/book/src/capi/providers/scaleway.md +++ b/docs/book/src/capi/providers/scaleway.md @@ -27,3 +27,4 @@ the different operating systems. | `rockylinux-9.json` | The settings for the Rocky Linux 9 image | | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | diff --git a/docs/book/src/capi/providers/vsphere.md b/docs/book/src/capi/providers/vsphere.md index f774f4cff5..83276944ba 100644 --- a/docs/book/src/capi/providers/vsphere.md +++ b/docs/book/src/capi/providers/vsphere.md @@ -84,6 +84,8 @@ In addition to the configuration found in `images/capi/packer/config`, the `ova` | `ubuntu-2204-efi.json` | The settings for the Ubuntu 22.04 EFI image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | | `ubuntu-2404-efi.json` | The settings for the Ubuntu 24.04 EFI image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | +| `ubuntu-2604-efi.json` | The settings for the Ubuntu 26.04 EFI image | | `vsphere.json` | Additional settings needed when building on a remote vSphere | ### Photon specific options diff --git a/docs/book/src/capi/providers/vultr.md b/docs/book/src/capi/providers/vultr.md index 97cf74d071..f78254202d 100644 --- a/docs/book/src/capi/providers/vultr.md +++ b/docs/book/src/capi/providers/vultr.md @@ -26,3 +26,4 @@ for the different operating systems. |------|-------------| | `ubuntu-2204.json` | The settings for the Ubuntu 22.04 image | | `ubuntu-2404.json` | The settings for the Ubuntu 24.04 image | +| `ubuntu-2604.json` | The settings for the Ubuntu 26.04 image | diff --git a/images/capi/Makefile b/images/capi/Makefile index 253e3d4d32..81e4a2f980 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -48,6 +48,7 @@ GET_UBUNTU_DOTTED_SEMVER=$(strip \ $(eval _UBUNTU_SEMVER:=$1) \ $(eval _UBUNTU_SEMVER:=$(subst ubuntu-2204,ubuntu-22.04,$(_UBUNTU_SEMVER))) \ $(eval _UBUNTU_SEMVER:=$(subst ubuntu-2404,ubuntu-24.04,$(_UBUNTU_SEMVER))) \ + $(eval _UBUNTU_SEMVER:=$(subst ubuntu-2604,ubuntu-26.04,$(_UBUNTU_SEMVER))) \ $(_UBUNTU_SEMVER) \ ) @@ -342,7 +343,7 @@ PHOTON_VERSIONS := photon-4 photon-5 RHEL_VERSIONS := rhel-9 ROCKYLINUX_VERSIONS := rockylinux-9 ALMALINUX_VERSIONS := almalinux-9 -UBUNTU_VERSIONS := ubuntu-2204 ubuntu-2204-efi ubuntu-2404 ubuntu-2404-efi +UBUNTU_VERSIONS := ubuntu-2204 ubuntu-2204-efi ubuntu-2404 ubuntu-2404-efi ubuntu-2604 ubuntu-2604-efi WINDOWS_VERSIONS := windows-2019 windows-2019-efi windows-2022 windows-2022-efi # Set Flatcar Container Linux channel and version if not supplied @@ -369,9 +370,9 @@ NODE_OVA_VSPHERE_BUILD_NAMES := $(addprefix node-ova-vsphere-,$(PLATFORMS_AND_V NODE_OVA_VSPHERE_BASE_BUILD_NAMES := $(addprefix node-ova-vsphere-base-,$(PLATFORMS_AND_VERSIONS)) NODE_OVA_VSPHERE_CLONE_BUILD_NAMES := $(addprefix node-ova-vsphere-clone-,$(PLATFORMS_AND_VERSIONS)) -AMI_BUILD_NAMES ?= ami-ubuntu-2204 ami-ubuntu-2404 ami-ubuntu-2204-arm64 ami-ubuntu-2404-arm64 ami-amazon-2 ami-amazon-2023 ami-amazon-2023-arm64 ami-flatcar ami-flatcar-arm64 ami-windows-2019 +AMI_BUILD_NAMES ?= ami-ubuntu-2204 ami-ubuntu-2404 ami-ubuntu-2604 ami-ubuntu-2204-arm64 ami-ubuntu-2404-arm64 ami-amazon-2 ami-amazon-2023 ami-amazon-2023-arm64 ami-flatcar ami-flatcar-arm64 ami-windows-2019 HUAWEICLOUD_BUILD_NAMES ?= huaweicloud-ubuntu-2204 -GCE_BUILD_NAMES ?= gce-ubuntu-2204 gce-ubuntu-2404 +GCE_BUILD_NAMES ?= gce-ubuntu-2204 gce-ubuntu-2404 gce-ubuntu-2604 # Make needs these lists to be space delimited, no quotes SIG_TARGETS := $(shell grep SIG_TARGETS azure_targets.sh | sed 's/SIG_TARGETS=//' | tr -d \") @@ -383,32 +384,32 @@ AZURE_BUILD_SIG_CVM_NAMES ?= $(addsuffix -cvm,$(addprefix azure-sig-,$(SIG_CVM_T OCI_BUILD_NAMES ?= oci-ubuntu-2204 oci-oracle-linux-9 oci-windows-2019 oci-windows-2022 -DO_BUILD_NAMES ?= do-ubuntu-2204 do-ubuntu-2404 +DO_BUILD_NAMES ?= do-ubuntu-2204 do-ubuntu-2404 do-ubuntu-2604 -OPENSTACK_BUILD_NAMES ?= openstack-ubuntu-2204 openstack-ubuntu-2404 openstack-flatcar openstack-rockylinux-9 +OPENSTACK_BUILD_NAMES ?= openstack-ubuntu-2204 openstack-ubuntu-2404 openstack-ubuntu-2604 openstack-flatcar openstack-rockylinux-9 -OSC_BUILD_NAMES ?= osc-ubuntu-2204 osc-ubuntu-2404 +OSC_BUILD_NAMES ?= osc-ubuntu-2204 osc-ubuntu-2404 osc-ubuntu-2604 -QEMU_BUILD_NAMES ?= qemu-ubuntu-2204 qemu-ubuntu-2204-cloudimg qemu-ubuntu-2404 qemu-ubuntu-2404-efi qemu-ubuntu-2204-efi qemu-centos-9 qemu-rhel-9 qemu-rockylinux-9 qemu-rockylinux-9-cloudimg qemu-flatcar +QEMU_BUILD_NAMES ?= qemu-ubuntu-2204 qemu-ubuntu-2204-cloudimg qemu-ubuntu-2404 qemu-ubuntu-2404-efi qemu-ubuntu-2604 qemu-ubuntu-2604-efi qemu-ubuntu-2204-efi qemu-centos-9 qemu-rhel-9 qemu-rockylinux-9 qemu-rockylinux-9-cloudimg qemu-flatcar QEMU_KUBEVIRT_BUILD_NAMES := $(addprefix kubevirt-,$(QEMU_BUILD_NAMES)) -RAW_BUILD_NAMES ?= raw-ubuntu-2204 raw-ubuntu-2204-efi raw-ubuntu-2404 raw-ubuntu-2404-efi raw-flatcar raw-rhel-9 raw-rhel-9-efi +RAW_BUILD_NAMES ?= raw-ubuntu-2204 raw-ubuntu-2204-efi raw-ubuntu-2404 raw-ubuntu-2404-efi raw-ubuntu-2604 raw-ubuntu-2604-efi raw-flatcar raw-rhel-9 raw-rhel-9-efi POWERVS_BUILD_NAMES ?= powervs-centos-9 powervs-centos-10 -NUTANIX_BUILD_NAMES ?= nutanix-ubuntu-2204 nutanix-ubuntu-2404 nutanix-rhel-9 nutanix-rockylinux-9 nutanix-flatcar nutanix-windows-2022 +NUTANIX_BUILD_NAMES ?= nutanix-ubuntu-2204 nutanix-ubuntu-2404 nutanix-ubuntu-2604 nutanix-rhel-9 nutanix-rockylinux-9 nutanix-flatcar nutanix-windows-2022 -HCLOUD_BUILD_NAMES ?= hcloud-ubuntu-2204 hcloud-ubuntu-2404 hcloud-rockylinux-9 hcloud-flatcar hcloud-flatcar-arm64 +HCLOUD_BUILD_NAMES ?= hcloud-ubuntu-2204 hcloud-ubuntu-2404 hcloud-ubuntu-2604 hcloud-rockylinux-9 hcloud-flatcar hcloud-flatcar-arm64 -PROXMOX_BUILD_NAMES ?= proxmox-ubuntu-2204 proxmox-ubuntu-2404 proxmox-ubuntu-2404-efi proxmox-rockylinux-9 proxmox-flatcar +PROXMOX_BUILD_NAMES ?= proxmox-ubuntu-2204 proxmox-ubuntu-2404 proxmox-ubuntu-2404-efi proxmox-ubuntu-2604 proxmox-ubuntu-2604-efi proxmox-rockylinux-9 proxmox-flatcar -VULTR_BUILD_NAMES ?= vultr-ubuntu-2204 vultr-ubuntu-2404 +VULTR_BUILD_NAMES ?= vultr-ubuntu-2204 vultr-ubuntu-2404 vultr-ubuntu-2604 -MAAS_BUILD_NAMES ?= maas-ubuntu-2204-efi maas-ubuntu-2404-efi +MAAS_BUILD_NAMES ?= maas-ubuntu-2204-efi maas-ubuntu-2404-efi maas-ubuntu-2604-efi MAAS_ARM64_BUILD_NAMES ?= maas-ubuntu-2204-arm64 maas-ubuntu-2404-arm64 -SCALEWAY_BUILD_NAMES ?= scaleway-rockylinux-9 scaleway-ubuntu-2204 scaleway-ubuntu-2404 +SCALEWAY_BUILD_NAMES ?= scaleway-rockylinux-9 scaleway-ubuntu-2204 scaleway-ubuntu-2404 scaleway-ubuntu-2604 ## -------------------------------------- ## Dynamic build targets @@ -702,6 +703,7 @@ build-ami-ubuntu-2204: ## Builds Ubuntu 22.04 AMI build-ami-ubuntu-2204-arm64: ## Builds Ubuntu 22.04 arm64 AMI build-ami-ubuntu-2404: ## Builds Ubuntu 24.04 AMI build-ami-ubuntu-2404-arm64: ## Builds Ubuntu 24.04 arm64 AMI +build-ami-ubuntu-2604: ## Builds Ubuntu 26.04 AMI build-ami-flatcar: ## Builds Flatcar build-ami-flatcar-arm64: ## Builds Flatcar arm64 build-ami-windows-2019: ## Build Windows Server 2019 AMI Packer config @@ -709,6 +711,7 @@ build-ami-all: $(AMI_BUILD_TARGETS) ## Builds all AMIs build-azure-sig-ubuntu-2204: ## Builds Ubuntu 22.04 Azure managed image in Shared Image Gallery build-azure-sig-ubuntu-2404: ## Builds Ubuntu 24.04 Azure managed image in Shared Image Gallery +build-azure-sig-ubuntu-2604: ## Builds Ubuntu 26.04 Azure managed image in Shared Image Gallery build-azure-sig-azurelinux-3: ## Builds Azure Linux 3 Azure managed image in Shared Image Gallery build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery @@ -721,16 +724,20 @@ build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image G build-azure-sig-flatcar-gen2: ## Builds Flatcar Azure Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2204-gen2: ## Builds Ubuntu 22.04 Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2404-gen2: ## Builds Ubuntu 24.04 Gen2 managed image in Shared Image Gallery +build-azure-sig-ubuntu-2604-gen2: ## Builds Ubuntu 26.04 Gen2 managed image in Shared Image Gallery build-azure-sig-ubuntu-2204-cvm: ## Builds Ubuntu 22.04 CVM managed image in Shared Image Gallery build-azure-sig-ubuntu-2404-cvm: ## Builds Ubuntu 24.04 CVM managed image in Shared Image Gallery +#build-azure-sig-ubuntu-2604-cvm: ## Builds Ubuntu 26.04 CVM managed image in Shared Image Gallery build-azure-sigs: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_GEN2_TARGETS) $(AZURE_BUILD_SIG_CVM_TARGETS) ## Builds all Azure Shared Image Gallery images build-do-ubuntu-2204: ## Builds Ubuntu 22.04 DigitalOcean Snapshot build-do-ubuntu-2404: ## Builds Ubuntu 24.04 DigitalOcean Snapshot +build-do-ubuntu-2604: ## Builds Ubuntu 26.04 DigitalOcean Snapshot build-do-all: $(DO_BUILD_TARGETS) ## Builds all DigitalOcean Snapshot build-gce-ubuntu-2204: ## Builds the GCE ubuntu-2204 image build-gce-ubuntu-2404: ## Builds the GCE ubuntu-2404 image +build-gce-ubuntu-2604: ## Builds the GCE ubuntu-2604 image build-gce-all: $(GCE_BUILD_TARGETS) ## Builds all GCE image build-huaweicloud-ubuntu-2204: ## Builds Ubuntu 22.04 HuaweiCloud image @@ -755,6 +762,8 @@ build-node-ova-vsphere-ubuntu-2204: ## Builds Ubuntu 22.04 Node OVA and template build-node-ova-vsphere-ubuntu-2204-efi: ## Builds Ubuntu 22.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-ubuntu-2404: ## Builds Ubuntu 24.04 Node OVA and template on vSphere build-node-ova-vsphere-ubuntu-2404-efi: ## Builds Ubuntu 24.04 Node OVA and template on vSphere that EFI boots +build-node-ova-vsphere-ubuntu-2604: ## Builds Ubuntu 26.04 Node OVA and template on vSphere +build-node-ova-vsphere-ubuntu-2604-efi: ## Builds Ubuntu 26.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-windows-2019: ## Builds for Windows Server 2019 and template on vSphere build-node-ova-vsphere-windows-2019-efi: ## Builds for Windows Server 2019 and template on vSphere that EFI boots build-node-ova-vsphere-windows-2022: ## Builds for Windows Server 2022 template on vSphere @@ -770,6 +779,8 @@ build-node-ova-vsphere-clone-ubuntu-2204: ## Builds Ubuntu 22.04 Node OVA and te build-node-ova-vsphere-clone-ubuntu-2204-efi: ## ## Builds Ubuntu 22.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-clone-ubuntu-2404: ## Builds Ubuntu 24.04 Node OVA and template on vSphere build-node-ova-vsphere-clone-ubuntu-2404-efi: ## ## Builds Ubuntu 24.04 Node OVA and template on vSphere that EFI boots +build-node-ova-vsphere-clone-ubuntu-2604: ## Builds Ubuntu 26.04 Node OVA and template on vSphere +build-node-ova-vsphere-clone-ubuntu-2604-efi: ## Builds Ubuntu 26.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-clone-all: $(NODE_OVA_VSPHERE_CLONE_BUILD_TARGETS) ## Builds all Node OVAs and templates on vSphere build-node-ova-vsphere-base-photon-4: ## Builds base Photon 4 Node OVA and template on vSphere @@ -781,6 +792,8 @@ build-node-ova-vsphere-base-ubuntu-2204: ## Builds base Ubuntu 22.04 Node OVA an build-node-ova-vsphere-base-ubuntu-2204-efi: ## Builds Ubuntu 22.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-base-ubuntu-2404: ## Builds base Ubuntu 24.04 Node OVA and template on vSphere build-node-ova-vsphere-base-ubuntu-2404-efi: ## Builds Ubuntu 24.04 Node OVA and template on vSphere that EFI boots +build-node-ova-vsphere-base-ubuntu-2604: ## Builds base Ubuntu 26.04 Node OVA and template on vSphere +build-node-ova-vsphere-base-ubuntu-2604-efi: ## Builds Ubuntu 26.04 Node OVA and template on vSphere that EFI boots build-node-ova-vsphere-base-all: $(NODE_OVA_VSPHERE_BASE_BUILD_TARGETS) ## Builds all base Node OVAs and templates on vSphere build-node-ova-local-vmx-photon-4: ## Builds Photon 4 Node OVA from VMX file w local hypervisor @@ -797,6 +810,7 @@ build-node-ova-local-base-almalinux-9: ## Builds base AlmaLinux 9 Base Node OVA build-openstack-ubuntu-2204: ## Builds Ubuntu 22.04 OpenStack image build-openstack-ubuntu-2404: ## Builds Ubuntu 24.04 OpenStack image +build-openstack-ubuntu-2604: ## Builds Ubuntu 26.04 OpenStack image build-openstack-rockylinux-9: ## Builds RockyLinux 9 OpenStack image build-openstack-flatcar: ## Builds Flatcar OpenStack image build-openstack-all: $(OPENSTACK_BUILD_TARGETS) @@ -807,6 +821,8 @@ build-qemu-ubuntu-2204-cloudimg: ## Builds Ubuntu 22.04 QEMU image using cloud i build-qemu-ubuntu-2204-efi: ## Builds Ubuntu 22.04 QEMU image that EFI boots build-qemu-ubuntu-2404: ## Builds Ubuntu 24.04 QEMU image build-qemu-ubuntu-2404-efi: ## Builds Ubuntu 24.04 QEMU image that EFI boots +build-qemu-ubuntu-2604: ## Builds Ubuntu 26.04 QEMU image +build-qemu-ubuntu-2604-efi: ## Builds Ubuntu 26.04 QEMU image that EFI boots build-qemu-centos-9: ## Builds CentOS 9 Stream QEMU image build-qemu-rhel-9: ## Builds RHEL 9 QEMU image build-qemu-rockylinux-9: ## Builds Rocky 9 QEMU image @@ -817,12 +833,15 @@ build-maas-ubuntu-2204-efi: ## Builds Ubuntu 22.04 MaaS image that EFI boots build-maas-ubuntu-2404-efi: ## Builds Ubuntu 24.04 MaaS image that EFI boots build-maas-ubuntu-2204-arm64: ## Builds Ubuntu 22.04 ARM64 MaaS image that EFI boots build-maas-ubuntu-2404-arm64: ## Builds Ubuntu 24.04 ARM64 MaaS image that EFI boots +build-maas-ubuntu-2604-efi: ## Builds Ubuntu 26.04 MaaS image that EFI boots build-raw-flatcar: ## Builds Flatcar RAW image build-raw-ubuntu-2204: ## Builds Ubuntu 22.04 RAW image build-raw-ubuntu-2204-efi: ## Builds Ubuntu 22.04 RAW image that EFI boots build-raw-ubuntu-2404: ## Builds Ubuntu 24.04 RAW image build-raw-ubuntu-2404-efi: ## Builds Ubuntu 24.04 RAW image that EFI boots +build-raw-ubuntu-2604: ## Builds Ubuntu 26.04 RAW image +build-raw-ubuntu-2604-efi: ## Builds Ubuntu 26.04 RAW image that EFI boots build-raw-rhel-9: ## Builds RHEL 9 RAW image build-raw-rhel-9-efi: ## Builds RHEL 9 RAW image that EFI boots build-raw-all: $(RAW_BUILD_TARGETS) ## Builds all RAW images @@ -835,10 +854,12 @@ build-oci-all: $(OCI_BUILD_TARGETS) ## Builds all OCI image build-osc-ubuntu-2204: ## Builds Ubuntu 22.04 Outscale Snapshot build-osc-ubuntu-2404: ## Builds Ubuntu 24.04 Outscale Snapshot +build-osc-ubuntu-2604: ## Builds Ubuntu 26.04 Outscale Snapshot build-osc-all: $(OSC_BUILD_TARGETS) ## Builds all Outscale Snapshot build-nutanix-ubuntu-2204: ## Builds Ubuntu 22.04 Nutanix image build-nutanix-ubuntu-2404: ## Builds Ubuntu 24.04 Nutanix image +build-nutanix-ubuntu-2604: ## Builds Ubuntu 26.04 Nutanix image build-nutanix-rhel-9: ## Builds the Nutanix RedHat Enterprise Linux 9 image build-nutanix-rockylinux-9: ## Builds the Nutanix Rocky Linux 9 image build-nutanix-flatcar: ## Builds the Nutanix Flatcar image @@ -847,6 +868,7 @@ build-nutanix-all: $(NUTANIX_BUILD_TARGETS) ## Builds all Nutanix image build-hcloud-ubuntu-2204: ## Builds the Hetzner Cloud Ubuntu 22.04 image build-hcloud-ubuntu-2404: ## Builds the Hetzner Cloud Ubuntu 24.04 image +build-hcloud-ubuntu-2604: ## Builds the Hetzner Cloud Ubuntu 26.04 image build-hcloud-rockylinux-9: ## Builds the Hetzner Cloud Rocky Linux 9 image build-hcloud-flatcar: ## Builds the Hetzner Cloud Flatcar image build-hcloud-flatcar-arm64: ## Builds the Hetzner Cloud Flatcar arm64 image @@ -855,17 +877,21 @@ build-hcloud-all: $(HCLOUD_BUILD_TARGETS) ## Builds all Hetzner Cloud image build-proxmox-ubuntu-2204: ## Builds Ubuntu 22.04 Proxmox image build-proxmox-ubuntu-2404: ## Builds Ubuntu 24.04 Proxmox image build-proxmox-ubuntu-2404-efi: ## Builds Ubuntu 24.04 Proxmox image that EFI boots +build-proxmox-ubuntu-2604: ## Builds Ubuntu 26.04 Proxmox image +build-proxmox-ubuntu-2604-efi: ## Builds Ubuntu 26.04 Proxmox image that EFI boots build-proxmox-rockylinux-9: ## Builds Rocky Linux 9 Proxmox image build-proxmox-flatcar: ## Builds Flatcar Proxmox image build-proxmox-all: $(PROXMOX_BUILD_TARGETS) ## Builds all Proxmox images build-vultr-ubuntu-2204: ## Builds Ubuntu 22.04 Vultr Snapshot build-vultr-ubuntu-2404: ## Builds Ubuntu 24.04 Vultr Snapshot +build-vultr-ubuntu-2604: ## Builds Ubuntu 26.04 Vultr Snapshot build-vultr-all: $(VULTR_BUILD_TARGETS) ## Builds all Vultr Snapshots build-scaleway-rockylinux-9: ## Builds Rocky Linux 9 Scaleway image build-scaleway-ubuntu-2204: ## Builds Ubuntu 22.04 Scaleway image build-scaleway-ubuntu-2404: ## Builds Ubuntu 24.04 Scaleway image +build-scaleway-ubuntu-2604: ## Builds Ubuntu 26.04 Scaleway image build-scaleway-all: $(SCALEWAY_BUILD_TARGETS) ## Builds all Scaleway images ## -------------------------------------- @@ -881,6 +907,7 @@ validate-ami-ubuntu-2204: ## Validates Ubuntu 22.04 AMI Packer config validate-ami-ubuntu-2204-arm64: ## Validates Ubuntu 22.04 arm64 AMI Packer config validate-ami-ubuntu-2404: ## Validates Ubuntu 24.04 AMI Packer config validate-ami-ubuntu-2404-arm64: ## Validates Ubuntu 24.04 arm64 AMI Packer config +validate-ami-ubuntu-2604: ## Validates Ubuntu 26.04 AMI Packer config validate-ami-windows-2019: ## Validates Windows Server 2019 AMI Packer config validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config @@ -889,6 +916,7 @@ validate-huaweicloud-ubuntu-2204: ## Validates Ubuntu 22.04 HuaweiCloud Snapshot validate-azure-sig-azurelinux-3: ## Validates Azure Linux 3 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-ubuntu-2604: ## Validates Ubuntu 26.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config validate-azure-sig-windows-2025-containerd: ## Validate Windows Server 2025 with containerd Azure managed image in Shared Image Gallery Packer config @@ -898,20 +926,25 @@ validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed ima validate-azure-sig-ubuntu-2204-cvm: ## Validates Ubuntu 22.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404-gen2: ## Validates Ubuntu 24.04 Azure managed image in Shared Image Gallery Packer config validate-azure-sig-ubuntu-2404-cvm: ## Validates Ubuntu 24.04 CVM Azure managed image in Shared Image Gallery Packer config +validate-azure-sig-ubuntu-2604-gen2: ## Validates Ubuntu 26.04 Azure managed image in Shared Image Gallery Packer config +#validate-azure-sig-ubuntu-2604-cvm: ## Validates Ubuntu 26.04 CVM Azure managed image in Shared Image Gallery Packer config validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) $(AZURE_VALIDATE_SIG_CVM_TARGETS) ## Validates all images for Azure Packer config validate-do-ubuntu-2204: ## Validates Ubuntu 22.04 DigitalOcean Snapshot Packer config validate-do-ubuntu-2404: ## Validates Ubuntu 24.04 DigitalOcean Snapshot Packer config +validate-do-ubuntu-2604: ## Validates Ubuntu 26.04 DigitalOcean Snapshot Packer config validate-do-all: $(DO_VALIDATE_TARGETS) ## Validates all DigitalOcean Snapshot Packer config validate-openstack-ubuntu-2204: ## Validates Ubuntu 22.04 Openstack Image Packer config validate-openstack-ubuntu-2404: ## Validates Ubuntu 22.04 Openstack Image Packer config +validate-openstack-ubuntu-2604: ## Validates Ubuntu 26.04 Openstack Image Packer config validate-openstack-rocky-9: ## Validates Rocky 9 Openstack Image Packer config validate-openstack-flatcar: ## Validates Flatcar Openstack Image Packer config validate-openstack-all: $(OPENSTACK_VALIDATE_TARGETS) ## Validates all Openstack Glance Image Packer config validate-gce-ubuntu-2204: ## Validates Ubuntu 22.04 GCE Snapshot Packer config validate-gce-ubuntu-2404: ## Validates Ubuntu 24.04 GCE Snapshot Packer config +validate-gce-ubuntu-2604: ## Validates Ubuntu 26.04 GCE Snapshot Packer config validate-gce-all: $(GCE_VALIDATE_TARGETS) ## Validates all GCE Snapshot Packer config validate-node-ova-local-flatcar: ## Validates Flatcar stable Node OVA Packer config w local hypervisor @@ -922,6 +955,7 @@ validate-node-ova-local-rockylinux-9: ## Validates RockyLinux 9 Node OVA Packer validate-node-ova-local-almalinux-9: ## Validates AlmaLinux 9 Node OVA Packer config w local hypervisor validate-node-ova-local-ubuntu-2204: ## Validates Ubuntu 22.04 Node OVA Packer config w local hypervisor validate-node-ova-local-ubuntu-2404: ## Validates Ubuntu 24.04 Node OVA Packer config w local hypervisor +validate-node-ova-local-ubuntu-2604: ## Validates Ubuntu 26.04 Node OVA Packer config w local hypervisor validate-node-ova-local-windows-2019: ## Validates Windows Server 2019 Node OVA Packer config w local hypervisor validate-node-ova-local-windows-2022: ## Validates Windows Server 2022 Node OVA Packer config w local hypervisor validate-node-ova-local-all: $(NODE_OVA_LOCAL_VALIDATE_TARGETS) ## Validates all Node OVAs Packer config w local hypervisor @@ -933,6 +967,7 @@ validate-node-ova-local-vmx-rockylinux-9: ## Validates RockyLinux 9 Node OVA fro validate-node-ova-local-vmx-almalinux-9: ## Validates AlmaLinux 9 Node OVA from VMX file w local hypervisor validate-node-ova-local-vmx-ubuntu-2204: ## Validates Ubuntu 22.04 Node OVA from VMX file w local hypervisor validate-node-ova-local-vmx-ubuntu-2404: ## Validates Ubuntu 24.04 Node OVA from VMX file w local hypervisor +validate-node-ova-local-vmx-ubuntu-2604: ## Validates Ubuntu 26.04 Node OVA from VMX file w local hypervisor validate-node-ova-local-base-photon-4: ## Validates Photon 4 Base Node OVA w local hypervisor validate-node-ova-local-base-photon-5: ## Validates Photon 5 Base Node OVA w local hypervisor @@ -941,6 +976,7 @@ validate-node-ova-local-base-rockylinux-9: ## Validates RockyLinux 9 Base Node O validate-node-ova-local-base-almalinux-9: ## Validates AlmaLinux 9 Base Node OVA w local hypervisor validate-node-ova-local-base-ubuntu-2204: ## Validates Ubuntu 22.04 Base Node OVA w local hypervisor validate-node-ova-local-base-ubuntu-2404: ## Validates Ubuntu 24.04 Base Node OVA w local hypervisor +validate-node-ova-local-base-ubuntu-2604: ## Validates Ubuntu 26.04 Base Node OVA w local hypervisor validate-qemu-flatcar: ## Validates Flatcar QEMU image packer config validate-qemu-ubuntu-2204: ## Validates Ubuntu 22.04 QEMU image packer config @@ -948,6 +984,8 @@ validate-qemu-ubuntu-2204-cloudimg: ## Validates Ubuntu 22.04 QEMU image packer validate-qemu-ubuntu-2204-efi: ## Validates Ubuntu 22.04 QEMU EFI image packer config validate-qemu-ubuntu-2404: ## Validates Ubuntu 24.04 QEMU image packer config validate-qemu-ubuntu-2404-efi: ## Validates Ubuntu 24.04 QEMU EFI image packer config +validate-qemu-ubuntu-2604: ## Validates Ubuntu 26.04 QEMU image packer config +validate-qemu-ubuntu-2604-efi: ## Validates Ubuntu 26.04 QEMU EFI image packer config validate-qemu-rhel-9: ## Validates RHEL 9 QEMU image validate-qemu-rockylinux-9: ## Validates Rocky Linux 9 QEMU image packer config validate-qemu-rockylinux-9-cloudimg: ## Validates Rocky Linux 9 QEMU image packer config using cloud image @@ -958,6 +996,8 @@ validate-raw-ubuntu-2204: ## Validates Ubuntu 22.04 RAW image packer config validate-raw-ubuntu-2204-efi: ## Validates Ubuntu 22.04 RAW EFI image packer config validate-raw-ubuntu-2404: ## Validates Ubuntu 24.04 RAW image packer config validate-raw-ubuntu-2404-efi: ## Validates Ubuntu 24.04 RAW EFI image packer config +validate-raw-ubuntu-2604: ## Validates Ubuntu 26.04 RAW image packer config +validate-raw-ubuntu-2604-efi: ## Validates Ubuntu 26.04 RAW EFI image packer config validate-raw-rhel-9: ## Validates RHEL 9 RAW image packer config validate-raw-all: $(RAW_VALIDATE_TARGETS) ## Validates all RAW Packer config @@ -969,6 +1009,7 @@ validate-oci-all: $(OCI_VALIDATE_TARGETS) ## Validates all OCI image packer conf validate-osc-ubuntu-2204: ## Validates Ubuntu 22.04 Outscale Snapshot Packer config validate-osc-ubuntu-2404: ## Validates Ubuntu 24.04 Outscale Snapshot Packer config +validate-osc-ubuntu-2604: ## Validates Ubuntu 26.04 Outscale Snapshot Packer config validate-osc-all: $(OSC_VALIDATE_TARGETS) ## Validates all Outscale Snapshot Packer config validate-powervs-centos-9: ## Validates the PowerVS CentOS 9 image packer config @@ -977,6 +1018,7 @@ validate-powervs-all: $(POWERVS_VALIDATE_TARGETS) ## Validates all PowerVS Packe validate-nutanix-ubuntu-2204: ## Validates Ubuntu 22.04 Nutanix Packer config validate-nutanix-ubuntu-2404: ## Validates Ubuntu 24.04 Nutanix Packer config +validate-nutanix-ubuntu-2604: ## Validates Ubuntu 26.04 Nutanix Packer config validate-nutanix-rhel-9: ## Validates RedHat Enterprise Linux 9 Nutanix Packer config validate-nutanix-rockylinux-9: ## Validates Rocky Linux 9 Nutanix Packer config validate-nutanix-flatcar: ## Validates the Nutanix Flatcar Nutanix Packer config @@ -985,6 +1027,7 @@ validate-nutanix-all: $(NUTANIX_VALIDATE_TARGETS) ## Validates all Nutanix Packe validate-hcloud-ubuntu-2204: ## Validates Ubuntu 22.04 Hetzner Cloud Packer config validate-hcloud-ubuntu-2404: ## Validates Ubuntu 24.04 Hetzner Cloud Packer config +validate-hcloud-ubuntu-2604: ## Validates Ubuntu 26.04 Hetzner Cloud Packer config validate-hcloud-rockylinux-9: ## Validates Rocky Linux 9 Hetzner Cloud Packer config validate-hcloud-flatcar: ## Validates the Hetzner Cloud Flatcar Packer config validate-hcloud-flatcar-arm64: ## Validates the Hetzner Cloud Flatcar arm64 Packer config @@ -993,17 +1036,21 @@ validate-hcloud-all: $(HCLOUD_VALIDATE_TARGETS) ## Validates all Hetzner Cloud P validate-proxmox-ubuntu-2204: ## Validates Ubuntu 22.04 Proxmox Packer config validate-proxmox-ubuntu-2404: ## Validates Ubuntu 24.04 Proxmox Packer config validate-proxmox-ubuntu-2404-efi: ## Validates Ubuntu 24.04 EFI Proxmox Packer config +validate-proxmox-ubuntu-2604: ## Validates Ubuntu 26.04 Proxmox Packer config +validate-proxmox-ubuntu-2604-efi: ## Validates Ubuntu 26.04 EFI Proxmox Packer config validate-proxmox-rockylinux-9: ## Validates Rocky Linux 9 Proxmox Packer config validate-proxmox-flatcar: ## Validates Flatcar Proxmox Packer config validate-proxmox-all: $(PROXMOX_VALIDATE_TARGETS) ## Validates all Proxmox Packer config validate-vultr-ubuntu-2204: ## Validates Ubuntu 22.04 Vultr Snapshot Packer config validate-vultr-ubuntu-2404: ## Validates Ubuntu 24.04 Vultr Snapshot Packer config +validate-vultr-ubuntu-2604: ## Validates Ubuntu 26.04 Vultr Snapshot Packer config validate-vultr-all: $(VULTR_VALIDATE_TARGETS) ## Validates all Vultr Snapshot Packer config validate-scaleway-rockylinux-9: ## Validates Rocky Linux 9 Scaleway image Packer config validate-scaleway-ubuntu-2204: ## Validates Ubuntu 22.04 Scaleway image Packer config validate-scaleway-ubuntu-2404: ## Validates Ubuntu 24.04 Scaleway image Packer config +validate-scaleway-ubuntu-2604: ## Validates Ubuntu 26.04 Scaleway image Packer config validate-scaleway-all: $(SCALEWAY_VALIDATE_TARGETS) ## Validates all Scaleway Cloud Packer config validate-all: validate-ami-all \ diff --git a/images/capi/ansible/roles/gpu/tasks/nvidia.yml b/images/capi/ansible/roles/gpu/tasks/nvidia.yml index 7629ca9182..faf88bd992 100644 --- a/images/capi/ansible/roles/gpu/tasks/nvidia.yml +++ b/images/capi/ansible/roles/gpu/tasks/nvidia.yml @@ -13,9 +13,26 @@ # limitations under the License. --- -- name: Add NVIDIA package signing key - ansible.builtin.apt_key: +- name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + when: ansible_facts['os_family'] == "Debian" + +- name: Download NVIDIA package signing key (armored) + ansible.builtin.get_url: url: https://nvidia.github.io/libnvidia-container/gpgkey + dest: /etc/apt/keyrings/nvidia.asc + mode: "0644" + when: ansible_facts['os_family'] == "Debian" + +- name: Dearmor NVIDIA package signing key + ansible.builtin.shell: > + gpg --dearmor < /etc/apt/keyrings/nvidia.asc + > /etc/apt/keyrings/nvidia.gpg + args: + creates: /etc/apt/keyrings/nvidia.gpg when: ansible_facts['os_family'] == "Debian" - name: Perform a cache update diff --git a/images/capi/ansible/roles/kubernetes/tasks/debian.yml b/images/capi/ansible/roles/kubernetes/tasks/debian.yml index 9a2089466c..8bc1b7bb5e 100644 --- a/images/capi/ansible/roles/kubernetes/tasks/debian.yml +++ b/images/capi/ansible/roles/kubernetes/tasks/debian.yml @@ -12,14 +12,29 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: Add the Kubernetes repo key - ansible.builtin.apt_key: +# apt-key was removed in Ubuntu 26.04+. Use signed-by keyring instead. +- name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + +- name: Download the Kubernetes repo GPG key (armored) + ansible.builtin.get_url: url: "{{ kubernetes_deb_gpg_key }}" - state: present + dest: /etc/apt/keyrings/kubernetes-apt-keyring.gpg.asc + mode: "0644" + +- name: Dearmor the Kubernetes repo GPG key + ansible.builtin.shell: > + gpg --dearmor < /etc/apt/keyrings/kubernetes-apt-keyring.gpg.asc + > /etc/apt/keyrings/kubernetes-apt-keyring.gpg + args: + creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg - name: Add the Kubernetes repo ansible.builtin.apt_repository: - repo: deb {{ kubernetes_deb_repo }} / + repo: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] {{ kubernetes_deb_repo }} / update_cache: true state: present mode: "0644" diff --git a/images/capi/ansible/roles/node/defaults/main.yml b/images/capi/ansible/roles/node/defaults/main.yml index dc68f53f55..9c4a1b4047 100644 --- a/images/capi/ansible/roles/node/defaults/main.yml +++ b/images/capi/ansible/roles/node/defaults/main.yml @@ -124,6 +124,7 @@ common_raw_photon_rpms: [] # as it uses systemd-sysctl. set this var so we can use for sysctl conf file value. sysctl_conf_file: >- {{ '/etc/sysctl.d/99-sysctl.conf' if ansible_facts['os_family'] in ['Common Base Linux Mariner', 'Flatcar', 'Microsoft Azure Linux', 'VMware Photon OS'] + or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_major_version'] | int) >= 26) else '/etc/sysctl.conf' }} pause_image: registry.k8s.io/pause:3.10.2 diff --git a/images/capi/ansible/roles/providers/tasks/azurecli.yml b/images/capi/ansible/roles/providers/tasks/azurecli.yml index a83e682362..2c23bac5ee 100644 --- a/images/capi/ansible/roles/providers/tasks/azurecli.yml +++ b/images/capi/ansible/roles/providers/tasks/azurecli.yml @@ -15,10 +15,24 @@ - name: Install Azure CLI when: ansible_facts['os_family'] == "Debian" block: - - name: Add Microsoft Package Repository Key - ansible.builtin.apt_key: + - name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + + - name: Download Microsoft Package Repository Key (armored) + ansible.builtin.get_url: url: https://packages.microsoft.com/keys/microsoft.asc - state: present + dest: /etc/apt/keyrings/microsoft.asc + mode: "0644" + + - name: Dearmor Microsoft Package Repository Key + ansible.builtin.shell: > + gpg --dearmor < /etc/apt/keyrings/microsoft.asc + > /etc/apt/keyrings/microsoft.gpg + args: + creates: /etc/apt/keyrings/microsoft.gpg - name: Find Ubuntu Version ansible.builtin.command: @@ -32,9 +46,17 @@ register: host_arch changed_when: false + # TODO: drop once packages.microsoft.com publishes a resolute repo + - name: Map unsupported codenames to nearest supported codename + ansible.builtin.set_fact: + azure_cli_codename: "{{ 'noble' if ubuntu_version.stdout == 'resolute' else ubuntu_version.stdout }}" + - name: Add Microsoft Package Repository ansible.builtin.apt_repository: - repo: 'deb [arch={{ host_arch.stdout }}] https://packages.microsoft.com/repos/azure-cli/ {{ ubuntu_version.stdout }} main' + repo: >- + deb [arch={{ host_arch.stdout }} signed-by=/etc/apt/keyrings/microsoft.gpg] + https://packages.microsoft.com/repos/azure-cli/ + {{ azure_cli_codename }} main state: present update_cache: true diff --git a/images/capi/ansible/roles/providers/tasks/main.yml b/images/capi/ansible/roles/providers/tasks/main.yml index 88be9ddf1a..bcdfd28c1e 100644 --- a/images/capi/ansible/roles/providers/tasks/main.yml +++ b/images/capi/ansible/roles/providers/tasks/main.yml @@ -113,7 +113,27 @@ # Some OS might disable cloud-final service on boot (rhel 7). # Enable all cloud-init services on boot. -- name: Make sure all cloud init services are enabled +# Since cloud-init 24.3, cloud-init.service was renamed to cloud-init-network.service +# https://discourse.ubuntu.com/t/upstream-release-of-cloud-init-24-3/48004 +# (Single Process Optimization). Ubuntu 26.04+ ships with this change. +- name: Gather service facts to detect cloud-init service names + ansible.builtin.service_facts: + when: ansible_facts['os_family'] != "Flatcar" + +- name: Make sure all cloud init services are enabled (cloud-init >= 24.3) + ansible.builtin.service: + name: "{{ item }}" + enabled: true + with_items: + - cloud-final + - cloud-config + - cloud-init-network + - cloud-init-local + when: + - ansible_facts['os_family'] != "Flatcar" + - "'cloud-init-network.service' in ansible_facts.services" + +- name: Make sure all cloud init services are enabled (cloud-init < 24.3) ansible.builtin.service: name: "{{ item }}" enabled: true @@ -122,7 +142,9 @@ - cloud-config - cloud-init - cloud-init-local - when: ansible_facts['os_family'] != "Flatcar" + when: + - ansible_facts['os_family'] != "Flatcar" + - "'cloud-init-network.service' not in ansible_facts.services" - name: Create cloud-init config file ansible.builtin.copy: diff --git a/images/capi/ansible/roles/security/tasks/falco.yml b/images/capi/ansible/roles/security/tasks/falco.yml index b3c129b6e2..02f3c1e84c 100644 --- a/images/capi/ansible/roles/security/tasks/falco.yml +++ b/images/capi/ansible/roles/security/tasks/falco.yml @@ -17,14 +17,28 @@ - name: Install Falco on Debian based systems when: ansible_facts['os_family'] == "Debian" block: - - name: Add Falco package signing key - ansible.builtin.apt_key: + - name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + + - name: Download Falco package signing key (armored) + ansible.builtin.get_url: url: https://falco.org/repo/falcosecurity-packages.asc - state: present + dest: /etc/apt/keyrings/falcosecurity.asc + mode: "0644" + + - name: Dearmor Falco package signing key + ansible.builtin.shell: > + gpg --dearmor < /etc/apt/keyrings/falcosecurity.asc + > /etc/apt/keyrings/falcosecurity.gpg + args: + creates: /etc/apt/keyrings/falcosecurity.gpg - name: Add Falco apt repo ansible.builtin.apt_repository: - repo: deb https://download.falco.org/packages/deb stable main + repo: deb [signed-by=/etc/apt/keyrings/falcosecurity.gpg] https://download.falco.org/packages/deb stable main state: present filename: falcosecurity diff --git a/images/capi/ansible/roles/security/tasks/trivy.yml b/images/capi/ansible/roles/security/tasks/trivy.yml index 28ae28037e..6a077ddba0 100644 --- a/images/capi/ansible/roles/security/tasks/trivy.yml +++ b/images/capi/ansible/roles/security/tasks/trivy.yml @@ -17,14 +17,28 @@ - name: Install Trivy on Debian based systems when: ansible_facts['os_family'] == "Debian" block: - - name: Add Trivy package signing key - ansible.builtin.apt_key: + - name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + + - name: Download Trivy package signing key (armored) + ansible.builtin.get_url: url: https://aquasecurity.github.io/trivy-repo/deb/public.key - state: present + dest: /etc/apt/keyrings/trivy.asc + mode: "0644" + + - name: Dearmor Trivy package signing key + ansible.builtin.shell: > + gpg --dearmor < /etc/apt/keyrings/trivy.asc + > /etc/apt/keyrings/trivy.gpg + args: + creates: /etc/apt/keyrings/trivy.gpg - name: Add Trivy apt repo ansible.builtin.apt_repository: - repo: "deb https://aquasecurity.github.io/trivy-repo/deb {{ ansible_facts['distribution_release'] }} main" + repo: "deb [signed-by=/etc/apt/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb {{ ansible_facts['distribution_release'] }} main" state: present filename: trivy diff --git a/images/capi/ansible/roles/setup/tasks/redhat.yml b/images/capi/ansible/roles/setup/tasks/redhat.yml index 5d2839f278..73ffecdeeb 100644 --- a/images/capi/ansible/roles/setup/tasks/redhat.yml +++ b/images/capi/ansible/roles/setup/tasks/redhat.yml @@ -59,7 +59,7 @@ name: "*" state: latest lock_timeout: 60 - exclude: "{{ 'lsvpd*' if ansible_facts['distribution_major_version']|int == 10 else omit }}" + exclude: "{{ 'lsvpd*' if ansible_facts['distribution_major_version'] | int == 10 else omit }}" - name: Install baseline dependencies ansible.builtin.dnf: diff --git a/images/capi/azure_targets.sh b/images/capi/azure_targets.sh index ecd0b3892d..b4aa531979 100644 --- a/images/capi/azure_targets.sh +++ b/images/capi/azure_targets.sh @@ -1,3 +1,3 @@ -SIG_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-3 windows-2022-containerd windows-2025-containerd flatcar" -SIG_GEN2_TARGETS="ubuntu-2204 ubuntu-2404 azurelinux-3 flatcar" +SIG_TARGETS="ubuntu-2204 ubuntu-2404 ubuntu-2604 azurelinux-3 windows-2022-containerd windows-2025-containerd flatcar" +SIG_GEN2_TARGETS="ubuntu-2204 ubuntu-2404 ubuntu-2604 azurelinux-3 flatcar" SIG_CVM_TARGETS="ubuntu-2204 ubuntu-2404 windows-2022-containerd" diff --git a/images/capi/packer/ami/ubuntu-2604.json b/images/capi/packer/ami/ubuntu-2604.json new file mode 100644 index 0000000000..2879798599 --- /dev/null +++ b/images/capi/packer/ami/ubuntu-2604.json @@ -0,0 +1,14 @@ +{ + "ami_filter_arch": "x86_64", + "ami_filter_name": "ubuntu/images/*ubuntu-resolute-26.04-amd64-server-*", + "ami_filter_owners": "099720109477", + "ansible_extra_vars": "", + "arch": "amd64", + "build_name": "ubuntu-26.04", + "distribution": "Ubuntu", + "distribution_release": "resolute", + "distribution_version": "26.04", + "root_device_name": "/dev/sda1", + "source_ami": "", + "ssh_username": "ubuntu" +} diff --git a/images/capi/packer/azure/scripts/init-sig.sh b/images/capi/packer/azure/scripts/init-sig.sh index 4fde65c3d7..c62430ee05 100755 --- a/images/capi/packer/azure/scripts/init-sig.sh +++ b/images/capi/packer/azure/scripts/init-sig.sh @@ -81,6 +81,9 @@ case ${SIG_TARGET} in ubuntu-2404) create_image_definition ${SIG_TARGET} "24_04-lts" "V1" "Linux" ;; + ubuntu-2604) + create_image_definition ${SIG_TARGET} "26_04-lts" "V1" "Linux" + ;; azurelinux-3) create_image_definition ${SIG_TARGET} "azurelinux-3" "V1" "Linux" ;; @@ -120,6 +123,12 @@ case ${SIG_TARGET} in ubuntu-2404-cvm) create_image_definition ${SIG_TARGET} "24_04-lts-cvm" "V2" "Linux" ${SECURITY_TYPE_CVM_SUPPORTED_FEATURE} ;; + ubuntu-2604-gen2) + create_image_definition ${SIG_TARGET} "26_04-lts-gen2" "V2" "Linux" + ;; + ubuntu-2604-cvm) + create_image_definition ${SIG_TARGET} "26_04-lts-cvm" "V2" "Linux" ${SECURITY_TYPE_CVM_SUPPORTED_FEATURE} + ;; azurelinux-3-gen2) create_image_definition ${SIG_TARGET} "azurelinux-3-gen2" "V2" "Linux" ;; diff --git a/images/capi/packer/azure/ubuntu-2604-cvm.json b/images/capi/packer/azure/ubuntu-2604-cvm.json new file mode 100644 index 0000000000..361fca37ea --- /dev/null +++ b/images/capi/packer/azure/ubuntu-2604-cvm.json @@ -0,0 +1,9 @@ +{ + "build_name": "ubuntu-2604-cvm", + "distribution": "ubuntu", + "distribution_release": "resolute", + "distribution_version": "2604", + "image_offer": "ubuntu-26_04-lts", + "image_publisher": "Canonical", + "image_sku": "cvm" +} diff --git a/images/capi/packer/azure/ubuntu-2604-gen2.json b/images/capi/packer/azure/ubuntu-2604-gen2.json new file mode 100644 index 0000000000..da9d695f1c --- /dev/null +++ b/images/capi/packer/azure/ubuntu-2604-gen2.json @@ -0,0 +1,9 @@ +{ + "build_name": "ubuntu-2604-gen2", + "distribution": "ubuntu", + "distribution_release": "resolute", + "distribution_version": "2604", + "image_offer": "ubuntu-26_04-lts", + "image_publisher": "Canonical", + "image_sku": "server" +} diff --git a/images/capi/packer/azure/ubuntu-2604.json b/images/capi/packer/azure/ubuntu-2604.json new file mode 100644 index 0000000000..722be40b59 --- /dev/null +++ b/images/capi/packer/azure/ubuntu-2604.json @@ -0,0 +1,9 @@ +{ + "build_name": "ubuntu-2604", + "distribution": "ubuntu", + "distribution_release": "resolute", + "distribution_version": "2604", + "image_offer": "ubuntu-26_04-lts", + "image_publisher": "Canonical", + "image_sku": "server-gen1" +} diff --git a/images/capi/packer/digitalocean/ubuntu-2604.json b/images/capi/packer/digitalocean/ubuntu-2604.json new file mode 100644 index 0000000000..d34086e735 --- /dev/null +++ b/images/capi/packer/digitalocean/ubuntu-2604.json @@ -0,0 +1,5 @@ +{ + "build_name": "ubuntu-2604", + "snapshot_name_suffix": "on Ubuntu 26.04", + "source_image": "ubuntu-26-04-x64" +} diff --git a/images/capi/packer/gce/ubuntu-2604.json b/images/capi/packer/gce/ubuntu-2604.json new file mode 100644 index 0000000000..41fad01b89 --- /dev/null +++ b/images/capi/packer/gce/ubuntu-2604.json @@ -0,0 +1,9 @@ +{ + "build_name": "ubuntu-2604", + "distribution": "ubuntu", + "distribution_release": "resolute", + "distribution_version": "2604", + "source_image_family": "ubuntu-2604-lts-amd64", + "ssh_username": "ubuntu", + "zone": "us-central1-a" +} diff --git a/images/capi/packer/hcloud/ubuntu-2604.json b/images/capi/packer/hcloud/ubuntu-2604.json new file mode 100644 index 0000000000..66f9b0c8ba --- /dev/null +++ b/images/capi/packer/hcloud/ubuntu-2604.json @@ -0,0 +1,8 @@ +{ + "build_name": "ubuntu-2604", + "distribution": "ubuntu", + "distribution_release": "resolute", + "distribution_version": "2604", + "image": "ubuntu-26.04", + "ssh_username": "root" +} diff --git a/images/capi/packer/maas/linux/ubuntu/http/26.04.efi/meta-data b/images/capi/packer/maas/linux/ubuntu/http/26.04.efi/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/maas/linux/ubuntu/http/26.04.efi/user-data.tmpl b/images/capi/packer/maas/linux/ubuntu/http/26.04.efi/user-data.tmpl new file mode 100644 index 0000000000..0d43ca5e1b --- /dev/null +++ b/images/capi/packer/maas/linux/ubuntu/http/26.04.efi/user-data.tmpl @@ -0,0 +1,116 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/sda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-sda + - device: disk-sda + # Create EFI partition of 512MB same as in Ubuntu 20.04 + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-sda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/maas/linux/ubuntu/http/26.04/meta-data b/images/capi/packer/maas/linux/ubuntu/http/26.04/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/maas/linux/ubuntu/http/26.04/user-data.tmpl b/images/capi/packer/maas/linux/ubuntu/http/26.04/user-data.tmpl new file mode 100644 index 0000000000..30edc45b19 --- /dev/null +++ b/images/capi/packer/maas/linux/ubuntu/http/26.04/user-data.tmpl @@ -0,0 +1,93 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + replace_linux_default: false + config: + - type: disk + id: disk-0 + size: largest + grub_device: true + preserve: false + ptable: msdos + wipe: superblock + - type: partition + id: partition-0 + device: disk-0 + size: -1 + number: 1 + preserve: false + flag: boot + - type: format + id: format-0 + volume: partition-0 + fstype: ext4 + preserve: false + - type: mount + id: mount-0 + device: format-0 + path: / + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/maas/maas-ubuntu-2604-efi.json b/images/capi/packer/maas/maas-ubuntu-2604-efi.json new file mode 100644 index 0000000000..018d504276 --- /dev/null +++ b/images/capi/packer/maas/maas-ubuntu-2604-efi.json @@ -0,0 +1,14 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04.efi/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604-efi", + "distribution_version": "2604", + "distro_name": "ubuntu", + "firmware": "OVMF.fd", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/releases/26.04/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "unmount_iso": "true" +} diff --git a/images/capi/packer/nutanix/ubuntu-2604.json b/images/capi/packer/nutanix/ubuntu-2604.json new file mode 100644 index 0000000000..6f2183341d --- /dev/null +++ b/images/capi/packer/nutanix/ubuntu-2604.json @@ -0,0 +1,8 @@ +{ + "build_name": "ubuntu-2604", + "distro_name": "ubuntu", + "guest_os_type": "Linux", + "image_url": "https://cloud-images.ubuntu.com/resolute/current/resolute-server-cloudimg-amd64.img", + "shutdown_command": "shutdown -P now", + "user_data": "I2Nsb3VkLWNvbmZpZwp1c2VyczoKICAtIG5hbWU6IGJ1aWxkZXIKICAgIHN1ZG86IFsnQUxMPShBTEwpIE5PUEFTU1dEOkFMTCddCiAgICBzaGVsbDogL2Jpbi9iYXNoCmNocGFzc3dkOgogIGxpc3Q6IHwKICAgIGJ1aWxkZXI6YnVpbGRlcgogIGV4cGlyZTogRmFsc2UKc3NoX3B3YXV0aDogVHJ1ZQo=" +} diff --git a/images/capi/packer/openstack/ubuntu-2604.json b/images/capi/packer/openstack/ubuntu-2604.json new file mode 100644 index 0000000000..e05505dfa5 --- /dev/null +++ b/images/capi/packer/openstack/ubuntu-2604.json @@ -0,0 +1,5 @@ +{ + "build_name": "ubuntu-2604", + "distro_name": "ubuntu", + "ssh_username": "ubuntu" +} diff --git a/images/capi/packer/outscale/ubuntu-2604.json b/images/capi/packer/outscale/ubuntu-2604.json new file mode 100644 index 0000000000..3b84cc68b3 --- /dev/null +++ b/images/capi/packer/outscale/ubuntu-2604.json @@ -0,0 +1,7 @@ +{ + "build_name": "ubuntu-2604", + "distribution": "ubuntu", + "distribution_release": "ubuntu", + "distribution_version": "2604", + "image_name": "Ubuntu-26.04-2026-04-22" +} diff --git a/images/capi/packer/ova/linux/ubuntu/http/26.04.efi/meta-data b/images/capi/packer/ova/linux/ubuntu/http/26.04.efi/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/ova/linux/ubuntu/http/26.04.efi/user-data.tmpl b/images/capi/packer/ova/linux/ubuntu/http/26.04.efi/user-data.tmpl new file mode 100644 index 0000000000..37b67cf07c --- /dev/null +++ b/images/capi/packer/ova/linux/ubuntu/http/26.04.efi/user-data.tmpl @@ -0,0 +1,111 @@ +#cloud-config +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + mounts: + - [ swap, null ] + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + swap: + size: 0 + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/sda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-sda + - device: disk-sda + # Create EFI partition of 512MB same as in Ubuntu 20.04 + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-sda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: xfs + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: "all" + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Removes snapd, https://bugs.launchpad.net/subiquity/+bug/1946609 + # 2. Cleans up any packages that are no longer required + # 3. Removes the cached list of packages + late-commands: + - chroot /target apt-get purge -y snapd + - curtin in-target --target=/target -- apt-get purge --auto-remove -y + - curtin in-target --target=/target -- apt-get clean + - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/ova/linux/ubuntu/http/26.04/meta-data b/images/capi/packer/ova/linux/ubuntu/http/26.04/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/ova/linux/ubuntu/http/26.04/user-data.tmpl b/images/capi/packer/ova/linux/ubuntu/http/26.04/user-data.tmpl new file mode 100644 index 0000000000..3e91ea071f --- /dev/null +++ b/images/capi/packer/ova/linux/ubuntu/http/26.04/user-data.tmpl @@ -0,0 +1,90 @@ +#cloud-config +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + mounts: + - [ swap, null ] + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + swap: + size: 0 + grub: + replace_linux_default: false + config: + - type: disk + id: disk-0 + size: largest + grub_device: true + preserve: false + ptable: msdos + wipe: superblock + - type: partition + id: partition-0 + device: disk-0 + size: -1 + number: 1 + preserve: false + flag: boot + - type: format + id: format-0 + volume: partition-0 + fstype: xfs + preserve: false + - type: mount + id: mount-0 + device: format-0 + path: / + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Removes snapd, https://bugs.launchpad.net/subiquity/+bug/1946609 + # 2. Cleans up any packages that are no longer required + # 3. Removes the cached list of packages + late-commands: + - chroot /target apt-get purge -y snapd + - curtin in-target --target=/target -- apt-get purge --auto-remove -y + - curtin in-target --target=/target -- apt-get clean + - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/ova/ubuntu-2604-efi.json b/images/capi/packer/ova/ubuntu-2604-efi.json new file mode 100644 index 0000000000..d8d2e3f476 --- /dev/null +++ b/images/capi/packer/ova/ubuntu-2604-efi.json @@ -0,0 +1,19 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz ipv6.disable={{ user `boot_disable_ipv6` }} --- autoinstall ds='nocloud;'initrd /casper/initrdboot", + "boot_disable_ipv6": "0", + "build_name": "ubuntu-2604-efi", + "cd_content_location": "./packer/ova/linux/{{user `distro_name`}}/http/26.04.efi/*", + "cd_label": "cidata", + "distro_arch": "amd64", + "distro_name": "ubuntu", + "distro_version": "26.04", + "firmware": "efi", + "floppy_dirs": "", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/resolute/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "vsphere_guest_os_type": "ubuntu64Guest" +} diff --git a/images/capi/packer/ova/ubuntu-2604.json b/images/capi/packer/ova/ubuntu-2604.json new file mode 100644 index 0000000000..ed2d98e51a --- /dev/null +++ b/images/capi/packer/ova/ubuntu-2604.json @@ -0,0 +1,18 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz ipv6.disable={{ user `boot_disable_ipv6` }} --- autoinstall ds='nocloud;'initrd /casper/initrdboot", + "boot_disable_ipv6": "0", + "build_name": "ubuntu-2604", + "cd_content_location": "./packer/ova/linux/{{user `distro_name`}}/http/{{user `distro_version`}}/*", + "cd_label": "cidata", + "distro_arch": "amd64", + "distro_name": "ubuntu", + "distro_version": "26.04", + "floppy_dirs": "", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/resolute/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "vsphere_guest_os_type": "ubuntu64Guest" +} diff --git a/images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/meta-data b/images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/user-data.tmpl b/images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/user-data.tmpl new file mode 100644 index 0000000000..f731532a65 --- /dev/null +++ b/images/capi/packer/proxmox/linux/ubuntu/http/26.04.efi/user-data.tmpl @@ -0,0 +1,99 @@ +#cloud-config +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + ssh: + install-server: true + allow-pw: true + packages: + - qemu-guest-agent + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + swap: + size: 0 + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/sda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-sda + - device: disk-sda + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-sda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: 'all' + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/proxmox/linux/ubuntu/http/26.04/meta-data b/images/capi/packer/proxmox/linux/ubuntu/http/26.04/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/proxmox/linux/ubuntu/http/26.04/user-data.tmpl b/images/capi/packer/proxmox/linux/ubuntu/http/26.04/user-data.tmpl new file mode 100644 index 0000000000..f4b29aa247 --- /dev/null +++ b/images/capi/packer/proxmox/linux/ubuntu/http/26.04/user-data.tmpl @@ -0,0 +1,75 @@ +#cloud-config +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + ssh: + install-server: true + allow-pw: true + packages: + - qemu-guest-agent + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + replace_linux_default: false + config: + - type: disk + id: disk-0 + size: largest + grub_device: true + preserve: false + ptable: msdos + wipe: superblock + - type: partition + id: partition-0 + device: disk-0 + size: -1 + number: 1 + preserve: false + flag: boot + - type: format + id: format-0 + volume: partition-0 + fstype: ext4 + preserve: false + - type: mount + id: mount-0 + device: format-0 + path: / + updates: 'all' + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/proxmox/ubuntu-2604-efi.json b/images/capi/packer/proxmox/ubuntu-2604-efi.json new file mode 100644 index 0000000000..2d7a055386 --- /dev/null +++ b/images/capi/packer/proxmox/ubuntu-2604-efi.json @@ -0,0 +1,14 @@ +{ + "bios": "ovmf", + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604-efi", + "distribution_version": "2604", + "distro_name": "ubuntu", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_file": "{{env `ISO_FILE`}}", + "iso_url": "https://releases.ubuntu.com/resolute/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "unmount_iso": "true", + "version": "26.04" +} diff --git a/images/capi/packer/proxmox/ubuntu-2604.json b/images/capi/packer/proxmox/ubuntu-2604.json new file mode 100644 index 0000000000..417214f4c7 --- /dev/null +++ b/images/capi/packer/proxmox/ubuntu-2604.json @@ -0,0 +1,14 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604", + "distribution_version": "2604", + "distro_name": "ubuntu", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_file": "{{env `ISO_FILE`}}", + "iso_url": "https://releases.ubuntu.com/resolute/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "source_image": "ubuntu-20-04-x64", + "unmount_iso": "true", + "version": "26.04" +} diff --git a/images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/meta-data b/images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/user-data.tmpl b/images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/user-data.tmpl new file mode 100644 index 0000000000..0d43ca5e1b --- /dev/null +++ b/images/capi/packer/qemu/linux/ubuntu/http/26.04.efi/user-data.tmpl @@ -0,0 +1,116 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/sda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-sda + - device: disk-sda + # Create EFI partition of 512MB same as in Ubuntu 20.04 + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-sda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/qemu/linux/ubuntu/http/26.04/meta-data b/images/capi/packer/qemu/linux/ubuntu/http/26.04/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/qemu/linux/ubuntu/http/26.04/user-data.tmpl b/images/capi/packer/qemu/linux/ubuntu/http/26.04/user-data.tmpl new file mode 100644 index 0000000000..30edc45b19 --- /dev/null +++ b/images/capi/packer/qemu/linux/ubuntu/http/26.04/user-data.tmpl @@ -0,0 +1,93 @@ +#cloud-config +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + apt: + mirror-selection: + primary: + - uri: http://archive.ubuntu.com/ubuntu + # Create a single-partition with no swap space. Kubernetes + # really dislikes the idea of anyone else managing memory. + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + grub: + replace_linux_default: false + config: + - type: disk + id: disk-0 + size: largest + grub_device: true + preserve: false + ptable: msdos + wipe: superblock + - type: partition + id: partition-0 + device: disk-0 + size: -1 + number: 1 + preserve: false + flag: boot + - type: format + id: format-0 + volume: partition-0 + fstype: ext4 + preserve: false + - type: mount + id: mount-0 + device: format-0 + path: / + updates: 'all' + ssh: + install-server: true + allow-pw: true + # Customize the list of packages installed. + packages: + - open-vm-tools + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Cleans up any packages that are no longer required + # 5. Removes the cached list of packages + late-commands: + - swapoff -a + - rm -f /swapfile + - sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - apt-get purge --auto-remove -y + - rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/qemu/qemu-ubuntu-2604-efi.json b/images/capi/packer/qemu/qemu-ubuntu-2604-efi.json new file mode 100644 index 0000000000..46c250c6cd --- /dev/null +++ b/images/capi/packer/qemu/qemu-ubuntu-2604-efi.json @@ -0,0 +1,15 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04.efi/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604-efi", + "distribution_version": "2604", + "distro_name": "ubuntu", + "firmware": "OVMF.fd", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/releases/26.04/ubuntu-26.04-live-server-amd64.iso", + "memory": "4096", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "unmount_iso": "true" +} diff --git a/images/capi/packer/qemu/qemu-ubuntu-2604.json b/images/capi/packer/qemu/qemu-ubuntu-2604.json new file mode 100644 index 0000000000..6d9544e187 --- /dev/null +++ b/images/capi/packer/qemu/qemu-ubuntu-2604.json @@ -0,0 +1,14 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604", + "distribution_version": "2604", + "distro_name": "ubuntu", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/releases/26.04/ubuntu-26.04-live-server-amd64.iso", + "memory": "4096", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "unmount_iso": "true" +} diff --git a/images/capi/packer/raw/linux/ubuntu/http/26.04.efi/meta-data b/images/capi/packer/raw/linux/ubuntu/http/26.04.efi/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/raw/linux/ubuntu/http/26.04.efi/user-data.tmpl b/images/capi/packer/raw/linux/ubuntu/http/26.04.efi/user-data.tmpl new file mode 100644 index 0000000000..5657d3fb98 --- /dev/null +++ b/images/capi/packer/raw/linux/ubuntu/http/26.04.efi/user-data.tmpl @@ -0,0 +1,114 @@ +#cloud-config +# Copyright 2025 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + swap: + size: 0 + grub: + reorder_uefi: false + replace_linux_default: false + config: + - ptable: gpt + path: /dev/sda + wipe: superblock-recursive + preserve: false + name: '' + grub_device: false + type: disk + id: disk-sda + - device: disk-sda + size: 536870912 + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + type: partition + id: partition-0 + - fstype: fat32 + volume: partition-0 + preserve: false + type: format + id: format-0 + - device: disk-sda + size: -1 + wipe: superblock + flag: '' + number: 2 + preserve: false + grub_device: false + type: partition + id: partition-1 + - fstype: ext4 + volume: partition-1 + preserve: false + type: format + id: format-1 + - path: / + device: format-1 + type: mount + id: mount-1 + - path: /boot/efi + device: format-0 + type: mount + id: mount-0 + apt: + fallback: offline-install + updates: 'all' + ssh: + install-server: true + allow-pw: true + + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Removes snapd, https://bugs.launchpad.net/subiquity/+bug/1946609 + # 5. Cleans up any packages that are no longer required + # 6. Removes the cached list of packages + late-commands: + - curtin in-target --target=/target -- swapoff -a + - curtin in-target --target=/target -- rm -f /swap.img + - curtin in-target --target=/target -- sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - chroot /target apt-get purge -y snapd + - curtin in-target --target=/target -- apt-get purge --auto-remove -y + - curtin in-target --target=/target -- apt-get clean + - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/raw/linux/ubuntu/http/26.04/meta-data b/images/capi/packer/raw/linux/ubuntu/http/26.04/meta-data new file mode 100644 index 0000000000..e69de29bb2 diff --git a/images/capi/packer/raw/linux/ubuntu/http/26.04/user-data.tmpl b/images/capi/packer/raw/linux/ubuntu/http/26.04/user-data.tmpl new file mode 100644 index 0000000000..e89ae2f3cc --- /dev/null +++ b/images/capi/packer/raw/linux/ubuntu/http/26.04/user-data.tmpl @@ -0,0 +1,92 @@ +#cloud-config +# Copyright 2025 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# For more information on how autoinstall is configured, please refer to +# https://ubuntu.com/server/docs/install/autoinstall-reference +autoinstall: + version: 1 + # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts + early-commands: + - systemctl stop ssh + # Configure the locale + locale: en_US.UTF-8 + keyboard: + layout: us + # For more information on how partitioning is configured, + # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html. + storage: + swap: + size: 0 + grub: + replace_linux_default: false + config: + - type: disk + id: disk-0 + size: largest + grub_device: true + preserve: false + ptable: msdos + wipe: superblock + - type: partition + id: partition-0 + device: disk-0 + size: -1 + number: 1 + preserve: false + flag: boot + - type: format + id: format-0 + volume: partition-0 + fstype: ext4 + preserve: false + - type: mount + id: mount-0 + device: format-0 + path: / + apt: + fallback: offline-install + updates: 'all' + ssh: + install-server: true + allow-pw: true + + # Create the default user. + # Ensures the "builder" user doesn't require a password to use sudo. + user-data: + users: + - name: builder + # openssl passwd -6 -salt -stdin <<< + passwd: $ENCRYPTED_SSH_PASSWORD + groups: [adm, cdrom, dip, plugdev, lxd, sudo] + lock-passwd: false + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + + # This command runs after all other steps; it: + # 1. Disables swapfiles + # 2. Removes the existing swapfile + # 3. Removes the swapfile entry from /etc/fstab + # 4. Removes snapd, https://bugs.launchpad.net/subiquity/+bug/1946609 + # 5. Cleans up any packages that are no longer required + # 6. Removes the cached list of packages + late-commands: + - curtin in-target --target=/target -- swapoff -a + - curtin in-target --target=/target -- rm -f /swap.img + - curtin in-target --target=/target -- sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab + - chroot /target apt-get purge -y snapd + - curtin in-target --target=/target -- apt-get purge --auto-remove -y + - curtin in-target --target=/target -- apt-get clean + - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/* diff --git a/images/capi/packer/raw/raw-ubuntu-2604-efi.json b/images/capi/packer/raw/raw-ubuntu-2604-efi.json new file mode 100644 index 0000000000..2044a5dd61 --- /dev/null +++ b/images/capi/packer/raw/raw-ubuntu-2604-efi.json @@ -0,0 +1,17 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04.efi/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604-efi", + "build_target": "raw", + "distro_arch": "amd64", + "distro_name": "ubuntu", + "distro_version": "26.04", + "distro_version_slug": "2604", + "firmware": "OVMF.fd", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/releases/26.04/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "unmount_iso": "true" +} diff --git a/images/capi/packer/raw/raw-ubuntu-2604.json b/images/capi/packer/raw/raw-ubuntu-2604.json new file mode 100644 index 0000000000..4b53e183b0 --- /dev/null +++ b/images/capi/packer/raw/raw-ubuntu-2604.json @@ -0,0 +1,16 @@ +{ + "boot_command_prefix": "clinux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/26.04/'initrd /casper/initrdboot", + "build_name": "ubuntu-2604", + "build_target": "raw", + "distro_arch": "amd64", + "distro_name": "ubuntu", + "distro_version": "26.04", + "distro_version_slug": "2604", + "guest_os_type": "ubuntu-64", + "iso_checksum": "dec49008a71f6098d0bcfc822021f4d042d5f2db279e4d75bdd981304f1ca5d9", + "iso_checksum_type": "sha256", + "iso_url": "https://releases.ubuntu.com/releases/26.04/ubuntu-26.04-live-server-amd64.iso", + "os_display_name": "Ubuntu 26.04", + "shutdown_command": "shutdown -P now", + "unmount_iso": "true" +} diff --git a/images/capi/packer/scaleway/ubuntu-2604.json b/images/capi/packer/scaleway/ubuntu-2604.json new file mode 100644 index 0000000000..a09945d444 --- /dev/null +++ b/images/capi/packer/scaleway/ubuntu-2604.json @@ -0,0 +1,6 @@ +{ + "build_name": "ubuntu-2604", + "distribution": "ubuntu", + "distribution_version": "2604", + "image": "ubuntu_resolute" +} diff --git a/images/capi/packer/vultr/ubuntu-2604.json b/images/capi/packer/vultr/ubuntu-2604.json new file mode 100644 index 0000000000..607a439b82 --- /dev/null +++ b/images/capi/packer/vultr/ubuntu-2604.json @@ -0,0 +1,6 @@ +{ + "build_name": "ubuntu-2604", + "os": "2760", + "snapshot_name_suffix": "on Ubuntu 26.04", + "source_image": "ubuntu-26-04-x64" +} From acff0c15d0899942cc995f556be00fffd78dd867 Mon Sep 17 00:00:00 2001 From: Josh Carp Date: Tue, 26 May 2026 13:13:46 -0400 Subject: [PATCH 26/32] Add initial support for Oxide. Build an image for Oxide, supporting ubuntu 24.04. --- README.md | 40 ++++---- docs/book/src/SUMMARY.md | 1 + docs/book/src/capi/providers/oxide.md | 30 ++++++ images/capi/Makefile | 24 ++++- images/capi/packer/goss/goss-vars.yaml | 4 + images/capi/packer/oxide/config.pkr.hcl | 8 ++ images/capi/packer/oxide/packer.json | 107 ++++++++++++++++++++++ images/capi/packer/oxide/ubuntu-2404.json | 6 ++ images/capi/scripts/ci-packer-validate.sh | 1 + 9 files changed, 200 insertions(+), 21 deletions(-) create mode 100644 docs/book/src/capi/providers/oxide.md create mode 100644 images/capi/packer/oxide/config.pkr.hcl create mode 100644 images/capi/packer/oxide/packer.json create mode 100644 images/capi/packer/oxide/ubuntu-2404.json diff --git a/README.md b/README.md index 9df4980db4..39eedcf6ce 100644 --- a/README.md +++ b/README.md @@ -20,26 +20,26 @@ The table below shows the currently provided operating systems for each provider - ✅: Image is available for the provider - ❌: Image is not available for the provider -| OS | ami | azure | digitalocean | gce | hcloud | huaweicloud | maas | nutanix | oci | openstack | outscale | ova | powervs | proxmox | qemu | raw | scaleway | vultr | -|-------------------|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----| -| AlmaLinux 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Amazon Linux 2 | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Amazon Linux 2023 | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Azure Linux 3 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| CentOS 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | -| Flatcar | ✅ | 💙 | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | 💙 | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | -| Oracle Linux 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Photon 4 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Photon 5 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| RHEL 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | -| Rocky Linux 9 | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | 💙 | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | -| Ubuntu 22.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | -| Ubuntu 24.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | -| Ubuntu 26.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | -| Windows 2019 | ✅ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Windows 2022 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Windows 2025 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| Windows Annual | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| OS | ami | azure | digitalocean | gce | hcloud | huaweicloud | maas | nutanix | oci | openstack | outscale | ova | oxide | powervs | proxmox | qemu | raw | scaleway | vultr | +|-------------------|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----| +| AlmaLinux 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Amazon Linux 2 | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Amazon Linux 2023 | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Azure Linux 3 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| CentOS 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | +| Flatcar | ✅ | 💙 | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | 💙 | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | +| Oracle Linux 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Photon 4 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Photon 5 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| RHEL 9 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | +| Rocky Linux 9 | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | 💙 | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | +| Ubuntu 22.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 💙 | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Ubuntu 24.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Ubuntu 26.04 | ✅ | 💙 | ✅ | 💙 | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | 💙 | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Windows 2019 | ✅ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Windows 2022 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Windows 2025 | ❌ | 💙 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| Windows Annual | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ## Community, discussion, contribution, and support diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md index d78bb1a5d0..cbef23db7f 100644 --- a/docs/book/src/SUMMARY.md +++ b/docs/book/src/SUMMARY.md @@ -16,6 +16,7 @@ - [OpenStack](./capi/providers/openstack.md) - [OpenStack remote image building](./capi/providers/openstack-remote.md) - [OCI](./capi/providers/oci.md) + - [Oxide](./capi/providers/oxide.md) - [raw](./capi/providers/raw.md) - [Scaleway](./capi/providers/scaleway.md) - [vSphere](./capi/providers/vsphere.md) diff --git a/docs/book/src/capi/providers/oxide.md b/docs/book/src/capi/providers/oxide.md new file mode 100644 index 0000000000..17c05c7796 --- /dev/null +++ b/docs/book/src/capi/providers/oxide.md @@ -0,0 +1,30 @@ +# Building Images for Oxide + +## Prerequisites for Oxide + +- Credentials for an Oxide rack, configured via either `OXIDE_PROFILE` or `OXIDE_HOST`/`OXIDE_TOKEN` in the environment. +- The following environment variables set: + + | Variable | Description | + |----------|-------------| + | `OXIDE_PROJECT` | Name or ID of the Oxide project to build the image in. | + | `OXIDE_BOOT_DISK_IMAGE_ID` | UUID of the image to use as the build source. | + +## Building Images + +The build [prerequisites](../capi.md#prerequisites) for using `image-builder` for +building Oxide images are managed by running: + +```bash +make deps-oxide +``` + +From the `images/capi` directory, run `make build-oxide-` where `` is the desired operating system. The available choices are listed via `make help`. + +### Configuration + +In addition to the configuration found in `images/capi/packer/config`, the `oxide` directory includes per-OS JSON files that define defaults for each supported image: + +| File | Description | +|------|-------------| +| `ubuntu-2404.json` | Settings for the Ubuntu 24.04 image | diff --git a/images/capi/Makefile b/images/capi/Makefile index 81e4a2f980..52f459a556 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -59,7 +59,7 @@ GET_UBUNTU_DOTTED_SEMVER=$(strip \ .PHONY: deps deps: ## Installs/checks all dependencies -deps: deps-ami deps-azure deps-do deps-gce deps-ova deps-openstack deps-qemu deps-raw deps-oci deps-osc deps-powervs deps-nutanix deps-hcloud +deps: deps-ami deps-azure deps-do deps-gce deps-ova deps-openstack deps-qemu deps-raw deps-oci deps-osc deps-powervs deps-nutanix deps-hcloud deps-oxide .PHONY: deps-common deps-common: ## Installs/checks dependencies common to most builds @@ -171,6 +171,12 @@ deps-huaweicloud: deps-common $(PACKER) init packer/config.pkr.hcl $(PACKER) init packer/huaweicloud/config.pkr.hcl +.PHONY: deps-oxide +deps-oxide: ## Installs/checks dependencies for Oxide builds +deps-oxide: deps-common + $(PACKER) init packer/config.pkr.hcl + $(PACKER) init packer/oxide/config.pkr.hcl + .PHONY: deps-proxmox deps-proxmox: ## Installs/checks dependencies for Proxmox builds deps-proxmox: deps-common @@ -386,6 +392,8 @@ OCI_BUILD_NAMES ?= oci-ubuntu-2204 oci-oracle-linux-9 oci-windows-2019 oci-wi DO_BUILD_NAMES ?= do-ubuntu-2204 do-ubuntu-2404 do-ubuntu-2604 +OXIDE_BUILD_NAMES ?= oxide-ubuntu-2404 + OPENSTACK_BUILD_NAMES ?= openstack-ubuntu-2204 openstack-ubuntu-2404 openstack-ubuntu-2604 openstack-flatcar openstack-rockylinux-9 OSC_BUILD_NAMES ?= osc-ubuntu-2204 osc-ubuntu-2404 osc-ubuntu-2604 @@ -433,6 +441,8 @@ AZURE_VALIDATE_SIG_GEN2_TARGETS := $(addprefix validate-,$(AZURE_BUILD_SIG_GEN2_ AZURE_VALIDATE_SIG_CVM_TARGETS := $(addprefix validate-,$(AZURE_BUILD_SIG_CVM_NAMES)) DO_BUILD_TARGETS := $(addprefix build-,$(DO_BUILD_NAMES)) DO_VALIDATE_TARGETS := $(addprefix validate-,$(DO_BUILD_NAMES)) +OXIDE_BUILD_TARGETS := $(addprefix build-,$(OXIDE_BUILD_NAMES)) +OXIDE_VALIDATE_TARGETS := $(addprefix validate-,$(OXIDE_BUILD_NAMES)) OPENSTACK_BUILD_TARGETS := $(addprefix build-,$(OPENSTACK_BUILD_NAMES)) HUAWEICLOUD_BUILD_TARGETS := $(addprefix build-,$(HUAWEICLOUD_BUILD_NAMES)) HUAWEICLOUD_VALIDATE_TARGETS := $(addprefix validate-,$(HUAWEICLOUD_BUILD_NAMES)) @@ -546,6 +556,10 @@ $(DO_BUILD_TARGETS): deps-do $(DO_VALIDATE_TARGETS): deps-do $(PACKER) validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/digitalocean/$(subst validate-do-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/digitalocean/packer.json +.PHONY: $(OXIDE_BUILD_TARGETS) +$(OXIDE_BUILD_TARGETS): deps-oxide + $(PACKER) build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/oxide/$(subst build-oxide-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/oxide/packer.json + .PHONY: $(HUAWEICLOUD_BUILD_TARGETS) $(HUAWEICLOUD_BUILD_TARGETS): deps-huaweicloud $(PACKER) build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/huaweicloud/$(subst build-huaweicloud-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/huaweicloud/packer.json @@ -562,6 +576,10 @@ $(OPENSTACK_BUILD_TARGETS): deps-openstack $(OPENSTACK_VALIDATE_TARGETS): deps-openstack packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/openstack/$(subst validate-openstack-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/openstack/packer.json +.PHONY: $(OXIDE_VALIDATE_TARGETS) +$(OXIDE_VALIDATE_TARGETS): deps-oxide + $(PACKER) validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/oxide/$(subst validate-oxide-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/oxide/packer.json + .PHONY: $(QEMU_BUILD_TARGETS) $(QEMU_BUILD_TARGETS): deps-qemu set-ssh-password $(PACKER) build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/qemu/$(subst build-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/qemu/packer.json @@ -942,6 +960,9 @@ validate-openstack-rocky-9: ## Validates Rocky 9 Openstack Image Packer config validate-openstack-flatcar: ## Validates Flatcar Openstack Image Packer config validate-openstack-all: $(OPENSTACK_VALIDATE_TARGETS) ## Validates all Openstack Glance Image Packer config +validate-oxide-ubuntu-2404: ## Validates Ubuntu 24.04 Oxide Snapshot Packer config +validate-oxide-all: $(OXIDE_VALIDATE_TARGETS) ## Validates all Oxide Snapshot Packer config + validate-gce-ubuntu-2204: ## Validates Ubuntu 22.04 GCE Snapshot Packer config validate-gce-ubuntu-2404: ## Validates Ubuntu 24.04 GCE Snapshot Packer config validate-gce-ubuntu-2604: ## Validates Ubuntu 26.04 GCE Snapshot Packer config @@ -1062,6 +1083,7 @@ validate-all: validate-ami-all \ validate-raw-all \ validate-oci-all \ validate-osc-all \ + validate-oxide-all \ validate-nutanix-all \ validate-hcloud-all \ validate-scaleway-all \ diff --git a/images/capi/packer/goss/goss-vars.yaml b/images/capi/packer/goss/goss-vars.yaml index 279dd93136..c53e9818f1 100644 --- a/images/capi/packer/goss/goss-vars.yaml +++ b/images/capi/packer/goss/goss-vars.yaml @@ -541,6 +541,10 @@ ubuntu: service: package: command: + oxide: + service: + package: + command: oracle linux: common-kernel-param: diff --git a/images/capi/packer/oxide/config.pkr.hcl b/images/capi/packer/oxide/config.pkr.hcl new file mode 100644 index 0000000000..7292fd5b35 --- /dev/null +++ b/images/capi/packer/oxide/config.pkr.hcl @@ -0,0 +1,8 @@ +packer { + required_plugins { + oxide = { + source = "github.com/oxidecomputer/oxide" + version = "~> 0.6" + } + } +} diff --git a/images/capi/packer/oxide/packer.json b/images/capi/packer/oxide/packer.json new file mode 100644 index 0000000000..21e33b0e89 --- /dev/null +++ b/images/capi/packer/oxide/packer.json @@ -0,0 +1,107 @@ +{ + "builders": [ + { + "artifact_name": "cluster-api-{{user `build_name`}}-{{user `kubernetes_semver` | replace_all `.` `-`}}-{{user `build_timestamp`}}", + "boot_disk_image_id": "{{user `oxide_boot_disk_image_id`}}", + "boot_disk_size": "{{ user `size` }}", + "name": "{{user `build_name`}}", + "project": "{{ user `oxide_project`}}", + "ssh_username": "ubuntu", + "subnet": "{{user `oxide_subnet`}}", + "type": "oxide-instance", + "vpc": "{{user `oxide_vpc`}}" + } + ], + "provisioners": [ + { + "ansible_env_vars": [ + "ANSIBLE_SSH_ARGS='{{user `existing_ansible_ssh_args`}} {{user `ansible_common_ssh_args`}}'" + ], + "extra_arguments": [ + "--extra-vars", + "{{user `ansible_common_vars`}}", + "--extra-vars", + "{{user `ansible_extra_vars`}}", + "--extra-vars", + "{{user `ansible_user_vars`}}", + "--scp-extra-args", + "{{user `ansible_scp_extra_args`}}" + ], + "playbook_file": "./ansible/node.yml", + "type": "ansible", + "user": "packer" + }, + { + "arch": "{{user `goss_arch`}}", + "download_path": "{{user `goss_download_path`}}", + "format": "{{user `goss_format`}}", + "format_options": "{{user `goss_format_options`}}", + "goss_file": "{{user `goss_entry_file`}}", + "inspect": "{{user `goss_inspect_mode`}}", + "remote_folder": "{{user `goss_remote_folder`}}", + "remote_path": "{{user `goss_remote_path`}}", + "skip_install": "{{user `goss_skip_install`}}", + "tests": [ + "{{user `goss_tests_dir`}}" + ], + "type": "goss", + "url": "{{user `goss_url`}}", + "use_sudo": true, + "vars_file": "{{user `goss_vars_file`}}", + "vars_inline": { + "ARCH": "{{ user `arch` | lower }}", + "OS": "{{user `distribution` | lower}}", + "OS_VERSION": "{{user `distribution_version` | lower}}", + "PROVIDER": "oxide", + "containerd_gvisor_runtime": "{{user `containerd_gvisor_runtime`}}", + "containerd_gvisor_version": "{{user `containerd_gvisor_version`}}", + "containerd_version": "{{user `containerd_version`}}", + "containerd_wasm_shims_runtimes": "{{user `containerd_wasm_shims_runtimes` }}", + "kubernetes_cni_deb_version": "{{ user `kubernetes_cni_deb_version` }}", + "kubernetes_cni_rpm_version": "{{ split (user `kubernetes_cni_rpm_version`) \"-\" 0 }}", + "kubernetes_cni_source_type": "{{user `kubernetes_cni_source_type`}}", + "kubernetes_cni_version": "{{user `kubernetes_cni_semver` | replace \"v\" \"\" 1}}", + "kubernetes_deb_version": "{{ user `kubernetes_deb_version` }}", + "kubernetes_rpm_version": "{{ split (user `kubernetes_rpm_version`) \"-\" 0 }}", + "kubernetes_source_type": "{{user `kubernetes_source_type`}}", + "kubernetes_version": "{{user `kubernetes_semver` | replace \"v\" \"\" 1}}" + }, + "version": "{{user `goss_version`}}" + } + ], + "variables": { + "ansible_common_vars": "", + "ansible_extra_vars": "", + "ansible_scp_extra_args": "", + "build_timestamp": "{{timestamp}}", + "containerd_gvisor_runtime": "false", + "containerd_gvisor_version": "latest", + "containerd_service_url": "https://raw.githubusercontent.com/containerd/containerd/refs/tags/v{{user `containerd_version`}}/containerd.service", + "containerd_version": null, + "crictl_version": null, + "existing_ansible_ssh_args": "{{env `ANSIBLE_SSH_ARGS`}}", + "kubernetes_cni_deb_version": null, + "kubernetes_cni_http_source": null, + "kubernetes_cni_rpm_version": null, + "kubernetes_cni_semver": null, + "kubernetes_cni_source_type": null, + "kubernetes_container_registry": null, + "kubernetes_deb_gpg_key": null, + "kubernetes_deb_repo": null, + "kubernetes_deb_version": null, + "kubernetes_http_source": null, + "kubernetes_load_additional_imgs": null, + "kubernetes_rpm_gpg_check": null, + "kubernetes_rpm_gpg_key": null, + "kubernetes_rpm_repo": null, + "kubernetes_rpm_version": null, + "kubernetes_semver": null, + "kubernetes_series": null, + "kubernetes_source_type": null, + "oxide_boot_disk_image_id": "{{env `OXIDE_BOOT_DISK_IMAGE_ID`}}", + "oxide_project": "{{env `OXIDE_PROJECT`}}", + "oxide_subnet": "{{env `OXIDE_SUBNET`}}", + "oxide_vpc": "{{env `OXIDE_VPC`}}", + "runc_version": null + } +} diff --git a/images/capi/packer/oxide/ubuntu-2404.json b/images/capi/packer/oxide/ubuntu-2404.json new file mode 100644 index 0000000000..f19d0d2a68 --- /dev/null +++ b/images/capi/packer/oxide/ubuntu-2404.json @@ -0,0 +1,6 @@ +{ + "build_name": "ubuntu-2404", + "distribution": "ubuntu", + "distribution_release": "noble", + "distribution_version": "2404" +} diff --git a/images/capi/scripts/ci-packer-validate.sh b/images/capi/scripts/ci-packer-validate.sh index c12effc2f4..f02135ab06 100755 --- a/images/capi/scripts/ci-packer-validate.sh +++ b/images/capi/scripts/ci-packer-validate.sh @@ -35,6 +35,7 @@ AZURE_LOCATION=fake RESOURCE_GROUP_NAME=fake \ DIGITALOCEAN_ACCESS_TOKEN=fake GCP_PROJECT_ID=fake \ OCI_AVAILABILITY_DOMAIN=fake OCI_SUBNET_OCID=fake OCI_USER_FINGERPRINT=fake \ OCI_TENANCY_OCID=fake OCI_USER_OCID=fake OCI_USER_KEY_FILE=/tmp/oci_api_key.pem \ + OXIDE_PROJECT=fake OXIDE_BOOT_DISK_IMAGE_ID=fake \ NUTANIX_ENDPOINT=fake NUTANIX_CLUSTER_NAME=fake NUTANIX_USERNAME=fake \ NUTANIX_PASSWORD=fake NUTANIX_SUBNET_NAME=fake \ HCLOUD_LOCATION=fake HCLOUD_TOKEN=fake \ From 5e16c2e83276e0cfcc4eb3c7b692912a2b410270 Mon Sep 17 00:00:00 2001 From: ffais <42377700+ffais@users.noreply.github.com> Date: Thu, 4 Jun 2026 00:51:45 +0200 Subject: [PATCH 27/32] move kubelet --system-reserved deprecated flag to kubelet-config file (#1947) * move kubelet --system-reserved deprecated flag to kubelet-config file Signed-off-by: ffais * fix resource sizing script & add version check on main.yaml and 10-kubeadm.conf Signed-off-by: ffais * improve systemReserved already set checks Signed-off-by: ffais * fix wrong kubelet config extension & use safer procedure to save KUBELET_CONFIG & move the drop-in configuration in main.yml Signed-off-by: ffais * fix: version range for KUBELET_CONFIG_DROPIN_DIR_ALPHA variable & remove debug leftovers Signed-off-by: ffais --------- Signed-off-by: ffais --- .../kubernetes/kubelet-resource-sizing.sh | 55 +++++++++++-------- .../ansible/roles/kubernetes/tasks/main.yml | 13 +++++ 2 files changed, 45 insertions(+), 23 deletions(-) diff --git a/images/capi/ansible/roles/kubernetes/files/usr/libexec/kubernetes/kubelet-resource-sizing.sh b/images/capi/ansible/roles/kubernetes/files/usr/libexec/kubernetes/kubelet-resource-sizing.sh index 864b0aa76d..3c0b840353 100755 --- a/images/capi/ansible/roles/kubernetes/files/usr/libexec/kubernetes/kubelet-resource-sizing.sh +++ b/images/capi/ansible/roles/kubernetes/files/usr/libexec/kubernetes/kubelet-resource-sizing.sh @@ -3,19 +3,23 @@ # This script is used to calculate the resource sizing for the kubelet based on values used by GKE and repeated # in https://github.com/awslabs/amazon-eks-ami/pull/367/files -#RPM and DEB systems kubelet sysconfig PATH -KUBELET_SYSCONFIG_FILES=( "/etc/sysconfig/kubelet" "/etc/default/kubelet" ) - -for KUBELET_SYSCONFIG in "${KUBELET_SYSCONFIG_FILES[@]}" -do - # Check if the file exists - if [ -f "${KUBELET_SYSCONFIG}" ]; then - # shellcheck source=/dev/null - . "${KUBELET_SYSCONFIG}" - # If system-reserved is already set by user, ignore - if grep -q 'KUBELET_EXTRA_ARGS=.*--system-reserved' "${KUBELET_SYSCONFIG}"; then - exit 0 - fi + +# If the user has already configured systemReserved (in the main kubelet +# config or any other drop-in), don't overwrite their value. +KUBELET_CONFIG="/var/lib/kubelet/kubelet.conf.d/kubelet-resource-sizing.conf" +USER_KUBELET_CONFIGS=( "/var/lib/kubelet/config.yaml" ) +if [ -d /var/lib/kubelet/kubelet.conf.d ]; then + while IFS= read -r -d '' f; do + [ "$f" = "$KUBELET_CONFIG" ] && continue + USER_KUBELET_CONFIGS+=( "$f" ) + done < <(find /var/lib/kubelet/kubelet.conf.d -maxdepth 1 -type f -print0) +fi + +for cfg in "${USER_KUBELET_CONFIGS[@]}"; do + [ -f "$cfg" ] || continue + if grep -Eq '^[[:space:]]*systemReserved[[:space:]]*:' "$cfg" \ + || grep -q '"systemReserved"' "$cfg"; then + exit 0 fi done @@ -98,7 +102,7 @@ CPU_CORE_RESERVATION_MICROCORES=( ) # Calculate the CPU reservation -cpu_milicores_to_reserve() { +cpu_millicores_to_reserve() { local cpu_microcores_reserved=0 for ((i = 0; i < schedulable_cores_no; i++)); do @@ -113,13 +117,18 @@ cpu_milicores_to_reserve() { echo "$cpu_microcores_reserved" | awk '{result = $1 / 10; if (result != int(result)) result++; printf "%d\n", result}' } -mkdir -p /run/kubelet -# Check if system-reserved already exists -if grep '.*--system-reserved' <<< "${KUBELET_EXTRA_ARGS}"; then - # If system-reserved is already set by a previous run, replace old value with new one and write to /run/kubelet/extra-args.env - system_reserved=$(sed -E "s|--system-reserved=cpu=[0-9]+m,memory=[0-9]+Mi|--system-reserved=cpu=$(cpu_milicores_to_reserve)m,memory=$(memory_reservation_mebibytes)Mi|" <<< "${KUBELET_EXTRA_ARGS}") - echo "KUBELET_EXTRA_ARGS=${system_reserved} >/run/kubelet/extra-args.env" -else - # If not append system-reserved to KUBELET_EXTRA_ARGS and write to /run/kubelet/extra-args.env - echo "KUBELET_EXTRA_ARGS=${KUBELET_EXTRA_ARGS} --system-reserved=cpu=$(cpu_milicores_to_reserve)m,memory=$(memory_reservation_mebibytes)Mi" >/run/kubelet/extra-args.env +mkdir -p /var/lib/kubelet/kubelet.conf.d + +# Initialize config file if it doesn't exist +if [ ! -f "$KUBELET_CONFIG" ]; then + echo "{}" > "$KUBELET_CONFIG" fi + +# Get the computed values from the functions +memory_reservation_mebibytes=$(memory_reservation_mebibytes) +cpu_millicores_to_reserve=$(cpu_millicores_to_reserve) + +tmp=$(mktemp) && \ +jq --arg memory_reservation_mebibytes "${memory_reservation_mebibytes}Mi" --arg cpu_millicores_to_reserve "${cpu_millicores_to_reserve}m" \ + '. += {"apiVersion": "kubelet.config.k8s.io/v1beta1","kind": "KubeletConfiguration", "systemReserved": {"cpu": $cpu_millicores_to_reserve, "memory": $memory_reservation_mebibytes}}' "$KUBELET_CONFIG" > "$tmp" && \ +mv "$tmp" "$KUBELET_CONFIG" diff --git a/images/capi/ansible/roles/kubernetes/tasks/main.yml b/images/capi/ansible/roles/kubernetes/tasks/main.yml index c2e563d0fe..e85ad96671 100644 --- a/images/capi/ansible/roles/kubernetes/tasks/main.yml +++ b/images/capi/ansible/roles/kubernetes/tasks/main.yml @@ -84,6 +84,19 @@ mode: "0644" when: kubernetes_enable_automatic_resource_sizing | bool +- name: Set Kubelet Configuration Drop-in Directory argument + ansible.builtin.lineinfile: + path: "{{ systemd_prefix }}/system/kubelet.service.d/10-kubeadm.conf" + regexp: '^Environment="KUBELET_CONFIG_ARGS=' + line: Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml --config-dir /var/lib/kubelet/kubelet.conf.d" + when: kubernetes_semver is version('v1.28.0', '>=') and kubernetes_enable_automatic_resource_sizing | bool + +- name: Add KUBELET_CONFIG_DROPIN_DIR_ALPHA environment variable for Kubernetes v1.29 and below + ansible.builtin.lineinfile: + path: "{{ systemd_prefix }}/system/kubelet.service.d/10-kubeadm.conf" + line: Environment="KUBELET_CONFIG_DROPIN_DIR_ALPHA" + when: kubernetes_semver is version('v1.28.0', '>=') and kubernetes_semver is version('v1.30.0', '<') and kubernetes_enable_automatic_resource_sizing | bool + - name: Generate kubectl bash completion ansible.builtin.shell: cmd: "{{ sysusr_prefix }}/bin/kubectl completion bash > {{ sysusr_prefix }}/share/bash-completion/completions/kubectl" From eee0041ffaf6fdfc1891358c670f71615be9de80 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jun 2026 13:05:27 +0000 Subject: [PATCH 28/32] dependabot(deps): bump actions/checkout in the all-github-actions group Bumps the all-github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-azure-sig.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-azure-sig.yaml b/.github/workflows/build-azure-sig.yaml index 1c86351907..9f85b0c83a 100644 --- a/.github/workflows/build-azure-sig.yaml +++ b/.github/workflows/build-azure-sig.yaml @@ -132,7 +132,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Configure Kubernetes version uses: ./.github/actions/configure-k8s-version @@ -287,7 +287,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download publishing info artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 @@ -646,7 +646,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download publishing info artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 @@ -799,7 +799,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Download publishing info artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 From a18df8f5102103e1779b8cad05ddc85f08c35d7e Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 5 Jun 2026 15:48:57 -0600 Subject: [PATCH 29/32] Exclude Ubuntu 26.04 OVA build from CI The ubuntu-2604 vSphere build hangs because its autoinstall never completes, so the VM never reboots and packer waits on SSH until the 2h job timeout, failing all of pull-ova-all. Exclude it like photon-4 until the autoinstall is fixed. See #2035. --- images/capi/scripts/ci-ova.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/images/capi/scripts/ci-ova.sh b/images/capi/scripts/ci-ova.sh index 6a98a8540a..3b3d1546c2 100755 --- a/images/capi/scripts/ci-ova.sh +++ b/images/capi/scripts/ci-ova.sh @@ -29,10 +29,12 @@ export ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}" # The following are currently having issues running in the # test environment so are specifically excluded for now # - Photon-4 +# - Ubuntu 26.04 (autoinstall never completes, hanging the job; see #2035) TARGETS=( $(make build-node-ova-vsphere-all --recon -d | grep "Must remake" | \ grep -v build-node-ova-vsphere-all | \ grep -E -v 'rhel|windows|efi' | \ grep -v build-node-ova-vsphere-photon-4 | \ + grep -v build-node-ova-vsphere-ubuntu-2604 | \ grep -E -o 'build-node-ova-vsphere-[a-zA-Z0-9\-]+' ) ) export BOSKOS_RESOURCE_OWNER=image-builder From d380641aeae148318c1986f529d462323b900a67 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 5 Jun 2026 16:29:58 -0600 Subject: [PATCH 30/32] Move Azure WS2022 builds to new windowsserver2022 offer The old WindowsServer offer's WS2022 .NET 6 images are deprecated on 9 June 2026. Same SKUs are published under the new windowsserver2022 offer, so just switch image_offer. --- images/capi/packer/azure/windows-2022-containerd-cvm.json | 2 +- images/capi/packer/azure/windows-2022-containerd.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/capi/packer/azure/windows-2022-containerd-cvm.json b/images/capi/packer/azure/windows-2022-containerd-cvm.json index daa07c0051..1d545ab830 100644 --- a/images/capi/packer/azure/windows-2022-containerd-cvm.json +++ b/images/capi/packer/azure/windows-2022-containerd-cvm.json @@ -4,7 +4,7 @@ "build_name": "windows-2022-containerd-cvm", "distribution": "windows", "distribution_version": "2022", - "image_offer": "WindowsServer", + "image_offer": "windowsserver2022", "image_publisher": "MicrosoftWindowsServer", "image_sku": "2022-datacenter-g2", "image_version": "latest", diff --git a/images/capi/packer/azure/windows-2022-containerd.json b/images/capi/packer/azure/windows-2022-containerd.json index a0404974d2..6b67335876 100644 --- a/images/capi/packer/azure/windows-2022-containerd.json +++ b/images/capi/packer/azure/windows-2022-containerd.json @@ -4,7 +4,7 @@ "build_name": "windows-2022-containerd", "distribution": "windows", "distribution_version": "2022", - "image_offer": "WindowsServer", + "image_offer": "windowsserver2022", "image_publisher": "MicrosoftWindowsServer", "image_sku": "2022-Datacenter-Core-smalldisk", "image_version": "latest", From f5b207fb30f249dbc404f9e427609fa6ddb6f28d Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 2 Jun 2026 16:01:56 -0600 Subject: [PATCH 31/32] Mask apt-daily and unattended-upgrades early in node role The apt-daily/apt-daily-upgrade timers and unattended-upgrades service fire shortly after first boot and intermittently hold the dpkg/apt lock while the containerd, kubernetes, and sysprep roles install packages, causing flaky Ubuntu build failures (E: Could not get lock). sysprep already disables these units, but that runs at the end of the build, too late to protect the install steps. Stop and mask them at the start of the node role, before any package installs, and wait for any in-flight apt process to release the dpkg frontend lock. This complements the sysprep fix in #2024 by closing the earlier, install-time instances of the same race. --- .../capi/ansible/roles/node/tasks/debian.yml | 46 +++++++++++++++++++ images/capi/ansible/roles/node/tasks/main.yml | 4 ++ 2 files changed, 50 insertions(+) create mode 100644 images/capi/ansible/roles/node/tasks/debian.yml diff --git a/images/capi/ansible/roles/node/tasks/debian.yml b/images/capi/ansible/roles/node/tasks/debian.yml new file mode 100644 index 0000000000..e731e81eb3 --- /dev/null +++ b/images/capi/ansible/roles/node/tasks/debian.yml @@ -0,0 +1,46 @@ +# Copyright 2026 The Kubernetes Authors. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +# The apt-daily and unattended-upgrades systemd timers fire shortly after first +# boot and intermittently hold the dpkg/apt frontend lock while later roles +# (containerd, kubernetes, sysprep) install packages, causing flaky build +# failures. Stop and mask them this early, before any package installs, so they +# cannot race the build. sysprep also disables them, but that runs too late to +# protect the install steps. +- name: Stop and mask apt-daily and unattended-upgrades units + ansible.builtin.systemd: + name: "{{ item }}" + state: stopped + masked: true + failed_when: false + loop: + - apt-daily.timer + - apt-daily-upgrade.timer + - apt-daily.service + - apt-daily-upgrade.service + - unattended-upgrades.service + +- name: Wait for any in-flight apt/dpkg process to release the lock + ansible.builtin.shell: | + set -o pipefail + command -v fuser >/dev/null 2>&1 || exit 0 + for _ in $(seq 1 60); do + fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1 || exit 0 + sleep 5 + done + echo "timed out waiting for dpkg frontend lock to be released" >&2 + exit 1 + args: + executable: /bin/bash + changed_when: false diff --git a/images/capi/ansible/roles/node/tasks/main.yml b/images/capi/ansible/roles/node/tasks/main.yml index 64e085f40e..132cf0d988 100644 --- a/images/capi/ansible/roles/node/tasks/main.yml +++ b/images/capi/ansible/roles/node/tasks/main.yml @@ -20,6 +20,10 @@ ansible.builtin.import_tasks: amazonLinux.yml when: ansible_facts['distribution'] == "Amazon" +- name: Import Debian node tasks + ansible.builtin.import_tasks: debian.yml + when: ansible_facts['os_family'] == "Debian" + # This is required until https://github.com/ansible/ansible/issues/77537 is fixed and used. - name: Override Flatcar's OS family ansible.builtin.set_fact: From 7c358baa8f1ca8268546ebcefe7fee898bf95eaf Mon Sep 17 00:00:00 2001 From: zrk02 Date: Tue, 9 Jun 2026 18:15:32 +0200 Subject: [PATCH 32/32] Fix Ubuntu 26.04 Azure build: drop stale Microsoft 18.04 apt source The Azure SIG builds for Ubuntu 26.04 (sig-ubuntu-2604 and sig-ubuntu-2604-gen2, added in #1987) fail in the pull-azure-sigs job at the "kubernetes : Add the Kubernetes repo" task, which runs the first `apt update` of the build: Failed to update apt cache after 5 retries: ... OpenPGP signature verification failed: https://packages.microsoft.com/ubuntu/18.04/prod bionic InRelease: NO_PUBKEY EB3E94ADBE1229CF ... is not signed The Canonical Ubuntu 26.04 (resolute) Azure Marketplace image ships a legacy Microsoft "prod" apt source pinned to ubuntu/18.04 whose signing key is not present in the keyring. Ubuntu 26.04 removed apt-key and enforces signed-by, so the stale source breaks the first apt cache update. The 24.04 image is unaffected, which is why only 2604 fails. image-builder does not use this repo for node images (azure-cli is only installed when debug_tools is set, from its own signed-by repo), so remove the stale source in the Azure provider tasks before any apt update runs. The task is a no-op on images that don't ship it. The base image is otherwise valid: 26.04 went GA on 2026-04-23 and the ubuntu-26_04-lts offer (server-gen1 / server SKUs) is live in Azure, so the existing packer/azure/ubuntu-2604*.json config is correct. Signed-off-by: zrk02 --- .../ansible/roles/providers/tasks/azure.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/images/capi/ansible/roles/providers/tasks/azure.yml b/images/capi/ansible/roles/providers/tasks/azure.yml index 3aa146ea94..dbeda049a9 100644 --- a/images/capi/ansible/roles/providers/tasks/azure.yml +++ b/images/capi/ansible/roles/providers/tasks/azure.yml @@ -12,6 +12,34 @@ # See the License for the specific language governing permissions and # limitations under the License. --- +# The Canonical Ubuntu 26.04 (resolute) Azure Marketplace image ships a legacy +# Microsoft "prod" apt source pinned to ubuntu/18.04 whose signing key is not in +# the keyring. Ubuntu 26.04 removed apt-key and enforces signed-by, so the first +# `apt update` of the build fails with: +# NO_PUBKEY EB3E94ADBE1229CF ... 'https://packages.microsoft.com/ubuntu/18.04/prod +# bionic InRelease' is not signed +# image-builder does not rely on this repo for node images (azure-cli is only +# installed when debug_tools is set, from its own signed-by repo), so drop the +# stale source before any apt cache update. No-op on images that don't ship it. +- name: Find stale Microsoft prod apt sources shipped on the base image + ansible.builtin.find: + paths: /etc/apt/sources.list.d + patterns: + - "*.list" + - "*.sources" + contains: ".*packages\\.microsoft\\.com/ubuntu/18\\.04.*" + register: stale_ms_apt_sources + when: ansible_facts['os_family'] == "Debian" + +- name: Remove stale Microsoft prod apt sources shipped on the base image + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ stale_ms_apt_sources.files | default([]) }}" + loop_control: + label: "{{ item.path }}" + when: ansible_facts['os_family'] == "Debian" + - name: Import Azure CLI tasks ansible.builtin.import_tasks: azurecli.yml when: debug_tools | bool