build a kube proxy binary package #25
Conversation
tzneal
force-pushed
the
build-kube-proxy-binary
branch
from
563f5d4 to
4d45d5e
Compare
This package provides a matching binary only.
tzneal
force-pushed
the
build-kube-proxy-binary
branch
from
4d45d5e to
7742768
Compare
| @@ -229,4 +261,12 @@ install -p -m 0644 %{S:102} %{buildroot}%{_cross_templatedir}/pod-infra-containe | |||
| %files -n %{_cross_os}kubelet-1.23-fips-bin | |||
| %{_cross_fips_bindir}/kubelet | |||
|
|
|||
| %files -n %{_cross_os}kube-proxy-1.23 | |||
There was a problem hiding this comment.
Is this intentional?
If I am not mistaken, when there’s no list of files or directories after the %files directive, it typically means all files and directories that have been installed to the buildroot during the %install phase are automatically included
There was a problem hiding this comment.
Without the %files directive, the package itself wasn't created. With this, its an empty package with only dependencies:
% rpm -qlp build/rpms/kubernetes-1.28/bottlerocket-kube-proxy-1.28-1.28.7-1.1719972209.77427686.br1.x86_64.rpm
(contains no files)
% rpm -qpR build/rpms/kubernetes-1.28/bottlerocket-kube-proxy-1.28-1.28.7-1.1719972209.77427686.br1.x86_64.rpm
bottlerocket-kube-proxy-1.28(binaries)
bottlerocket-kubelet-1.28
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
There was a problem hiding this comment.
@monirul , this is intentional. In the FIPS world, the new way to compile go packages is by having the main package provide either systemd services, configurations or tmpfiles.d drop ins, and use the image feature flag image-feature-fips/image-feature-no-fips to control which binary is actually installed when the image is built.
| %package -n %{_cross_os}kube-proxy-1.23-fips-bin | ||
| Summary: Container cluster node proxy binaries, FIPS edition | ||
| Provides: %{_cross_os}kube-proxy-1.23(binaries) | ||
| Requires: (%{_cross_os}image-feature(fips) and %{_cross_os}kube-proxy-1.23) |
There was a problem hiding this comment.
One question, how will downstreams use this? Do they have to start this as a systemd service or will this binary be found by the kubelet somehow and it will call it? If the former, will it make sense to provide the systemd service that starts kube-proxy?
Issue number:
Closes #16
Description of changes:
Provides a kube-proxy-1.XX package that is built from the same source as kubelet.
Testing done:
Built & launched 1.29 and 1.30 AMIs and verified the installation:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.