From 094c2100d1fb1414f6418a880f97f6e939674ec3 Mon Sep 17 00:00:00 2001 From: Diogo Souza Date: Tue, 9 Jun 2026 00:10:15 -0300 Subject: [PATCH 1/3] build binaries locally --- hack/make/build.mk | 2 +- hack/make/deps.mk | 16 +++------- package/Dockerfile | 79 ++++++++++++++++++++++++++++------------------ 3 files changed, 54 insertions(+), 43 deletions(-) diff --git a/hack/make/build.mk b/hack/make/build.mk index 5e3aa51..f3e1ec6 100644 --- a/hack/make/build.mk +++ b/hack/make/build.mk @@ -1,6 +1,6 @@ ifeq ($(VERSION),) # Define VERSION, which is used for image tags or to bake it into the - # compiled binary to enable the printing of the application version, + # compiled binary to enable the printing of the application version, # via the --version flag. CHANGES = $(shell git status --porcelain --untracked-files=no) ifneq ($(CHANGES),) diff --git a/hack/make/deps.mk b/hack/make/deps.mk index 267fe16..cab4b16 100644 --- a/hack/make/deps.mk +++ b/hack/make/deps.mk @@ -1,21 +1,13 @@ # renovate: datasource=github-release-attachments depName=rancher/helm -HELM_VERSION := v3.18.4-rancher1 +HELM_VERSION := v3.20.0-rancher1 # renovate-local: kubectl-amd64 -KUBECTL_VERSION := v1.33.9 -# renovate-local: kubectl-arm64=v1.33.9 -KUBECTL_SUM_arm64 := af4dc943a6f447ecb070340efe63c7f8ee2808e6c0bc42126efe7cde0cc1e69b -# renovate-local: kubectl-amd64=v1.33.9 -KUBECTL_SUM_amd64 := 9e33e3234c0842cd44a12c13e334b4ce930145ea84b855ce7cc0a7b6bc670c22 +KUBECTL_VERSION := v1.33.12 # renovate: datasource=github-release-attachments depName=derailed/k9s K9S_VERSION := v0.50.18 -# renovate: datasource=github-release-attachments depName=derailed/k9s digestVersion=v0.50.18 -K9S_SUM_arm64 := d3dcc051d6be26ee911c00f583412802ebe203a189e51bc079332cb410c83b38 -# renovate: datasource=github-release-attachments depName=derailed/k9s digestVersion=v0.50.18 -K9S_SUM_amd64 := 0b697ed4aa80997f7de4deeed6f1fba73df191b28bf691b1f28d2f45fa2a9e9b # Reduces the code duplication on Makefile by keeping all args into a single variable. IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \ - --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) --build-arg KUBECTL_SUM_arm64=$(KUBECTL_SUM_arm64) --build-arg KUBECTL_SUM_amd64=$(KUBECTL_SUM_amd64) \ - --build-arg K9S_VERSION=$(K9S_VERSION) --build-arg K9S_SUM_arm64=$(K9S_SUM_arm64) --build-arg K9S_SUM_amd64=$(K9S_SUM_amd64) + --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) \ + --build-arg K9S_VERSION=$(K9S_VERSION) diff --git a/package/Dockerfile b/package/Dockerfile index c81baea..2f4ff88 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,49 +1,67 @@ -ARG BCI_VERSION=15.7 +ARG BCI_VERSION=16.0 +ARG GO_IMAGE=rancher/hardened-build-base:v1.25.11b1 FROM registry.suse.com/bci/bci-busybox:${BCI_VERSION} AS final # Image that provides cross compilation tooling. FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.6.1 AS xx -FROM --platform=$BUILDPLATFORM registry.suse.com/bci/golang:1.24 AS helm +FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS helm # Clone repository once, and reuse it for target archs. ARG HELM_VERSION ADD --keep-git-dir=true https://github.com/rancher/helm.git#${HELM_VERSION} /helm -RUN cd /helm && go mod download +RUN --mount=type=cache,target=/go/pkg/mod \ + cd /helm && go mod download COPY --from=xx / / # Cross-compile instead of emulating the compilation on the target arch. ARG TARGETPLATFORM RUN xx-go --wrap && mkdir -p /run/lock -RUN make -C /helm +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + make -C /helm RUN xx-verify --static /helm/bin/helm -FROM --platform=$BUILDPLATFORM registry.suse.com/bci/bci-base:${BCI_VERSION} AS build -RUN zypper -n install curl gzip tar +FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS kubectl -# Define build arguments -ARG KUBECTL_VERSION KUBECTL_SUM_arm64 KUBECTL_SUM_amd64 \ - HELM_VERSION HELM_SUM_arm64 HELM_SUM_amd64 \ - K9S_VERSION K9S_SUM_arm64 K9S_SUM_amd64 - -ARG TARGETARCH -# Stage kubectl into build -ADD --chown=root:root --chmod=0755 \ - "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" \ - /kubectl - -ENV KUBECTL_SUM="KUBECTL_SUM_${TARGETARCH}" -RUN echo "${!KUBECTL_SUM} /kubectl" | sha256sum -c - +ARG KUBECTL_VERSION +ADD https://github.com/kubernetes/kubernetes/archive/refs/tags/${KUBECTL_VERSION}.tar.gz /src.tar.gz +RUN mkdir /src && tar -xzf /src.tar.gz -C /src --strip-components=1 && rm /src.tar.gz +COPY --from=xx / / +ARG TARGETPLATFORM +RUN xx-go --wrap +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + cd /src && \ + KUBE_GIT_VERSION=${KUBECTL_VERSION} \ + KUBE_GIT_COMMIT=unknown \ + KUBE_GIT_TREE_STATE=clean \ + KUBE_BUILD_PLATFORMS=$(xx-info os)/$(xx-info arch) \ + GOFLAGS="-tags=providerless" \ + CGO_ENABLED=0 \ + make WHAT=cmd/kubectl && \ + cp /src/_output/local/bin/$(xx-info os)/$(xx-info arch)/kubectl /kubectl +RUN xx-verify --static /kubectl + +FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS k9s + +ARG K9S_VERSION +ADD https://github.com/derailed/k9s/archive/refs/tags/${K9S_VERSION}.tar.gz /src.tar.gz +RUN mkdir /src && tar -xzf /src.tar.gz -C /src --strip-components=1 && rm /src.tar.gz -# Stage k9s into build -ADD "https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${TARGETARCH}.tar.gz" \ - /tmp/k9s.tar.gz -ENV K9S_SUM="K9S_SUM_${TARGETARCH}" -RUN echo "${!K9S_SUM} /tmp/k9s.tar.gz" | sha256sum -c - && \ - tar -xvzf /tmp/k9s.tar.gz -C / k9s +COPY --from=xx / / +ARG TARGETPLATFORM +RUN xx-go --wrap +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + cd /src && \ + CGO_ENABLED=0 go build -trimpath \ + -ldflags="-s -w -X github.com/derailed/k9s/cmd.version=${K9S_VERSION}" \ + -o /k9s . +RUN xx-verify --static /k9s FROM registry.suse.com/bci/bci-base:${BCI_VERSION} AS zypper @@ -64,7 +82,7 @@ RUN zypper --non-interactive refresh && \ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /chroot/etc/passwd && \ echo 'shell:x:1000:' > /chroot/etc/group && \ - mkdir /chroot/home/shell && \ + mkdir -p /chroot/home/shell/.kube /chroot/home/shell/helm-run && \ echo '. /etc/profile.d/bash_completion.sh' >> /chroot/home/shell/.bashrc && \ echo 'alias k="kubectl"' >> /chroot/home/shell/.bashrc && \ echo 'alias ks="kubectl -n kube-system"' >> /chroot/home/shell/.bashrc && \ @@ -72,15 +90,16 @@ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /chroot/etc/passwd echo 'complete -o default -F __start_kubectl k' >> /chroot/home/shell/.bashrc && \ echo 'LANG=en_US.UTF-8' >> /chroot/home/shell/.bashrc && \ echo 'PS1="> "' >> /chroot/home/shell/.bashrc && \ - mkdir /chroot/home/shell/.kube && \ - chown -R 1000:1000 /chroot/home/shell && \ - chmod 700 /chroot/run + mkdir -p /chroot/tmp && \ + chmod 1777 /chroot/tmp && \ + chown -R 1000:1000 /chroot/home/shell FROM scratch COPY --from=zypper /chroot / COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/ -COPY --chown=root:root --chmod=0755 --from=build /kubectl /k9s /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=kubectl /kubectl /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=k9s /k9s /usr/local/bin/ COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome package/kustomize /usr/local/bin/ USER 1000 From d3d8cd7f6658e05e3c360102597757b9fae312c7 Mon Sep 17 00:00:00 2001 From: Diogo Souza Date: Tue, 9 Jun 2026 01:07:40 -0300 Subject: [PATCH 2/3] bump to new k9s --- hack/make/deps.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/make/deps.mk b/hack/make/deps.mk index cab4b16..a44852c 100644 --- a/hack/make/deps.mk +++ b/hack/make/deps.mk @@ -5,7 +5,7 @@ HELM_VERSION := v3.20.0-rancher1 KUBECTL_VERSION := v1.33.12 # renovate: datasource=github-release-attachments depName=derailed/k9s -K9S_VERSION := v0.50.18 +K9S_VERSION := v0.51.0 # Reduces the code duplication on Makefile by keeping all args into a single variable. IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \ From 501c4018674b09d9ea90a87d9e9df68efc4cc2d0 Mon Sep 17 00:00:00 2001 From: Diogo Souza Date: Thu, 11 Jun 2026 19:58:21 -0300 Subject: [PATCH 3/3] update helm version --- hack/make/deps.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/make/deps.mk b/hack/make/deps.mk index a44852c..2be4aa3 100644 --- a/hack/make/deps.mk +++ b/hack/make/deps.mk @@ -1,5 +1,5 @@ # renovate: datasource=github-release-attachments depName=rancher/helm -HELM_VERSION := v3.20.0-rancher1 +HELM_VERSION := v3.20.0-rancher2 # renovate-local: kubectl-amd64 KUBECTL_VERSION := v1.33.12