[WIP] Add GA support for Windows hostprocess

Build on the changes from projectcalico#7260: - Add a Windows cni-plugin hostprocess image, which will install the cni binaries and config on the host. - Add a Windows node hostprocess image, which no longer needs to match the hosts' Windows version (e.g. only 1809 needs to be used and is supported on 2022).
coutinhop · Jul 27, 2023 · fe5a471 · fe5a471
1 parent 661171e
commit fe5a471
Show file tree

Hide file tree

Showing 16 changed files with 599 additions and 124 deletions.
diff --git a/cni-plugin/Dockerfile-windows b/cni-plugin/Dockerfile-windows
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 Tigera, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG WINDOWS_VERSION
+FROM mcr.microsoft.com/windows/nanoserver:${WINDOWS_VERSION}
+
+ARG GIT_VERSION=unknown
+
+LABEL name="Calico Networking for CNI" \
+      vendor="Project Calico" \
+      version=$GIT_VERSION \
+      release="1" \
+      summary="Calico Networking for CNI" \
+      description="Calico Networking for CNI includes a CNI networking plugin and CNI IPAM plugin" \
+      maintainer="[email protected]"
+
+ADD licenses/ /licenses
+ADD LICENSE /licenses/
+
+ADD bin/windows/ /opt/cni/bin/
+
+ENV PATH=$PATH:/opt/cni/bin
+WORKDIR /opt/cni/bin
+CMD ["/opt/cni/bin/install.exe"]
diff --git a/cni-plugin/Makefile b/cni-plugin/Makefile
@@ -8,6 +8,7 @@ LOCAL_CHECKS=check-boring-ssl
 # Name of the images.
 # e.g., <registry>/<name>:<tag>
 CNI_PLUGIN_IMAGE ?=cni
+CNI_PLUGIN_IMAGE_WINDOWS ?=cni-windows
 BUILD_IMAGES   ?=$(CNI_PLUGIN_IMAGE)
 
 ###############################################################################
@@ -38,6 +39,7 @@ CNI_SPEC_VERSION?=0.3.1
 # Markers for various images we produce.
 DEPLOY_CONTAINER_STATIC_MARKER=cni_deploy_container-$(ARCH).created
 DEPLOY_CONTAINER_FIPS_MARKER=cni_deploy_container-$(ARCH)-fips.created
+DEPLOY_CONTAINER_MARKER_WINDOWS=cni_deploy_container-windows.created
 
 # Set FIPS to true to enable a FIPS compliant build using BoringSSL and CGO.
 # Note that this produces binaries that are dynamically linked, and so have dependencies
@@ -55,23 +57,31 @@ BIN=bin/$(ARCH)
 DEPLOY_CONTAINER_MARKER=$(DEPLOY_CONTAINER_STATIC_MARKER)
 endif
 
-.PHONY: clean
-clean:
+# The directory for windows image tarball
+WINDOWS_DIST = dist/windows
+
+.PHONY: clean clean-windows
+clean: clean-windows
 	# Clean .created files which indicate images / releases have been built.
 	find . -name '.*.created*' -type f -delete
 	find . -name '.*.published*' -type f -delete
-	rm -rf $(BIN) bin $(DEPLOY_CONTAINER_MARKER) .go-pkg-cache pkg/install/install.test 
+	rm -rf $(BIN) bin $(DEPLOY_CONTAINER_MARKER) .go-pkg-cache pkg/install/install.test
 	rm -f *.created
 	rm -rf config/
+	rm -rf dist/
+
+clean-windows: clean-windows-builder
+	rm -rf $(WINDOWS_BIN) $(WINDOWS_DIST) $(DEPLOY_CONTAINER_MARKER_WINDOWS)
 
 ###############################################################################
 # Building the binary
 ###############################################################################
+.PHONY: build
 build: $(BIN)/install $(BIN)/calico $(BIN)/calico-ipam
 ifeq ($(ARCH),amd64)
 # Go only supports amd64 for Windows builds.
-BIN_WIN=bin/windows
-build: $(BIN_WIN)/calico.exe $(BIN_WIN)/calico-ipam.exe
+WINDOWS_BIN=bin/windows
+build: $(WINDOWS_BIN)/install.exe $(WINDOWS_BIN)/calico.exe $(WINDOWS_BIN)/calico-ipam.exe
 endif
 # If ARCH is arm based, find the requested version/variant
 ifeq ($(word 1,$(subst v, ,$(ARCH))),arm)
@@ -97,20 +107,24 @@ else
 endif
 
 ## Build the Calico network plugin and ipam plugins for Windows
-$(BIN_WIN)/calico.exe $(BIN_WIN)/calico-ipam.exe: $(SRC_FILES)
+$(WINDOWS_BIN)/install.exe: $(SRC_FILES)
+	-mkdir -p $(WINDOWS_BIN)
 	$(DOCKER_RUN) \
 	-e GOOS=windows \
+	-e GOARCH=amd64 \
 	-e CGO_ENABLED=1 \
-	    $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) \
-		go build -v -buildvcs=false -o $(BIN_WIN)/calico.exe -ldflags "$(LDFLAGS)" $(PACKAGE_NAME)/cmd/calico && \
-		go build -v -buildvcs=false -o $(BIN_WIN)/calico-ipam.exe -ldflags "$(LDFLAGS)" $(PACKAGE_NAME)/cmd/calico'
+		$(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) \
+		go build -v -buildvcs=false -o $(WINDOWS_BIN)/install.exe -ldflags "$(LDFLAGS)" $(PACKAGE_NAME)/cmd/calico'
 
+$(WINDOWS_BIN)/calico-ipam.exe $(WINDOWS_BIN)/calico.exe: $(WINDOWS_BIN)/install.exe
+	cp "$<" "$@"
 
 ###############################################################################
 # Building the image
 ###############################################################################
 image: $(DEPLOY_CONTAINER_MARKER)
-image-all: $(addprefix sub-image-,$(VALIDARCHES)) sub-image-fips-amd64
+image-tar-windows: $(DEPLOY_CONTAINER_MARKER_WINDOWS)
+image-all: $(addprefix sub-image-,$(VALIDARCHES)) sub-image-fips-amd64 image-tar-windows
 sub-image-%:
 	$(MAKE) image ARCH=$*
 sub-image-fips-%:
@@ -128,17 +142,35 @@ $(DEPLOY_CONTAINER_FIPS_MARKER): Dockerfile.$(ARCH) build fetch-cni-bins
 	$(MAKE) retag-build-images-with-registries VALIDARCHES=$(ARCH) IMAGETAG=latest-fips LATEST_IMAGE_TAG=latest-fips
 	touch $@
 
-.PHONY: fetch-cni-bins
+$(DEPLOY_CONTAINER_MARKER_WINDOWS): setup-windows-builder Dockerfile-windows build fetch-win-cni-bins
+	-mkdir -p $(WINDOWS_DIST)
+	docker buildx build \
+		--platform windows/amd64 \
+		--output=type=docker,dest=$(WINDOWS_DIST)/calico-cni-plugin-windows-$(GIT_VERSION).tar \
+		-t $(CNI_PLUGIN_IMAGE_WINDOWS):latest \
+		--pull \
+		--no-cache \
+		--build-arg GIT_VERSION=$(GIT_VERSION) \
+		--build-arg WINDOWS_VERSION=$(WINDOWS_VERSION) \
+		-f Dockerfile-windows .
+
+.PHONY: fetch-cni-bins fetch-win-cni-bins
 fetch-cni-bins: $(BIN)/flannel $(BIN)/loopback $(BIN)/host-local $(BIN)/portmap $(BIN)/tuning $(BIN)/bandwidth
+fetch-win-cni-bins: $(WINDOWS_BIN)/flannel.exe
 
 $(BIN)/loopback $(BIN)/host-local $(BIN)/portmap $(BIN)/tuning $(BIN)/bandwidth:
-	mkdir -p $(BIN)
+	-mkdir -p $(BIN)
 	$(CURL) -L --retry 5 $(CNI_ARTIFACTS_URL)/$(CNI_VERSION)/cni-plugins-linux-$(subst v7,,$(ARCH))-$(CNI_VERSION).tgz | tar -xz -C $(BIN) ./loopback ./host-local ./portmap ./tuning ./bandwidth
 
 $(BIN)/flannel:
-	mkdir -p $(BIN)
+	-mkdir -p $(BIN)
 	$(CURL) -L --retry 5 https://github.com/flannel-io/cni-plugin/releases/download/$(FLANNEL_VERSION)/cni-plugin-flannel-linux-$(subst v7,,$(ARCH))-$(FLANNEL_VERSION).tgz | tar -xz -C $(BIN) ./flannel-$(subst v7,,$(ARCH))
-	mv $(BIN)/flannel-$(subst v7,,$(ARCH)) $(BIN)/flannel
+	mv $(BIN)/flannel-$(subst v7,,$(ARCH)) $@
+
+$(WINDOWS_BIN)/flannel.exe:
+	-mkdir -p $(WINDOWS_BIN)
+	$(CURL) -L --retry 5 https://github.com/flannel-io/cni-plugin/releases/download/$(FLANNEL_VERSION)/cni-plugin-flannel-windows-amd64-$(FLANNEL_VERSION).tgz | tar -xz -C $(WINDOWS_BIN) ./flannel-amd64.exe
+	mv $(WINDOWS_BIN)/flannel-amd64.exe $@
 
 ###############################################################################
 # Unit Tests
@@ -223,8 +255,8 @@ ci: clean mod-download build static-checks test-cni-versions image-all test-inst
 cd: image-all cd-common
 
 ## Build fv binary for Windows
-$(BIN_WIN)/win-fv.exe: $(WINFV_SRCFILES)
-	$(DOCKER_RUN) -e GOOS=windows $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) go test ./win_tests -c -o $(BIN_WIN)/win-fv.exe'
+$(WINDOWS_BIN)/win-fv.exe: $(WINFV_SRCFILES)
+	$(DOCKER_RUN) -e GOOS=windows $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) go test ./win_tests -c -o $(WINDOWS_BIN)/win-fv.exe'
 
 ###############################################################################
 # Release
@@ -278,6 +310,18 @@ release-publish-latest: release-prereqs
 
 	$(MAKE) push-images-to-registries push-manifests RELEASE=true IMAGETAG=latest RELEASE=$(RELEASE) CONFIRM=$(CONFIRM)
 
+release-windows: release-prereqs clean-windows $(DEPLOY_CONTAINER_MARKER_WINDOWS)
+	for registry in $(DEV_REGISTRIES); do \
+		echo Pushing Windows image to $${registry}; \
+		manifest_image="$${registry}/$(CNI_PLUGIN_IMAGE_WINDOWS):$(VERSION)"; \
+		image_tar="$(WINDOWS_DIST)/calico-cni-plugin-windows-$(GIT_VERSION).tar"; \
+		image="$${registry}/$(CNI_PLUGIN_IMAGE_WINDOWS):$(VERSION)"; \
+		$(CRANE_BINDMOUNT) push $${image_tar} $${image}$(double_quote); \
+		$(DOCKER_MANIFEST) create --amend $${manifest_image} $${image}; \
+		$(DOCKER_MANIFEST) annotate --os windows --arch amd64 $${manifest_image} $${image}; \
+		$(DOCKER_MANIFEST) push --purge $${manifest_image}; \
+	done ;
+
 ###############################################################################
 # Developer helper scripts (not used by build or test)
 ###############################################################################

diff --git a/cni-plugin/cmd/calico/calico.go b/cni-plugin/cmd/calico/calico.go
@@ -36,7 +36,7 @@ func main() {
 		plugin.Main(VERSION)
 	case "calico-ipam", "calico-ipam.exe":
 		ipamplugin.Main(VERSION)
-	case "install":
+	case "install", "install.exe":
 		err := install.Install()
 		if err != nil {
 			logrus.WithError(err).Fatal("Error installing CNI plugin")