Prepare binary containers for bazeldnf built content

* Move controll-plane to distroless containers (compile them static) * Let virt-launcher and virt-handler use the new container base which means that we need to add users manually. * Add full libvirt and qemu config files to our codebase which cuts the last connection to kubevirt/libvirt Signed-off-by: Roman Mohr <rmohr@redhat.com>
kubevirt · Dec 21, 2020 · 32dca57 · 32dca57
1 parent e4b3565
commit 32dca57
Show file tree

Hide file tree

Showing 8 changed files with 163 additions and 8 deletions.
diff --git a/cmd/subresource-access-test/BUILD.bazel b/cmd/subresource-access-test/BUILD.bazel
@@ -14,6 +14,7 @@ go_library(
 go_binary(
     name = "subresource-access-test",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
 )
 

diff --git a/cmd/virt-api/BUILD.bazel b/cmd/virt-api/BUILD.bazel
@@ -20,6 +20,7 @@ load("//vendor/kubevirt.io/client-go/version:def.bzl", "version_x_defs")
 go_binary(
     name = "virt-api",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
     x_defs = version_x_defs(),
 )

diff --git a/cmd/virt-controller/BUILD.bazel b/cmd/virt-controller/BUILD.bazel
@@ -18,6 +18,7 @@ load("//vendor/kubevirt.io/client-go/version:def.bzl", "version_x_defs")
 go_binary(
     name = "virt-controller",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
     x_defs = version_x_defs(),
 )

diff --git a/cmd/virt-handler/BUILD.bazel b/cmd/virt-handler/BUILD.bazel
@@ -59,18 +59,81 @@ load(
     "@io_bazel_rules_docker//container:container.bzl",
     "container_image",
 )
+load("@io_bazel_rules_docker//contrib:group.bzl", "group_entry", "group_file")
+load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
+load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
+
+passwd_entry(
+    name = "root-user",
+    gid = 0,
+    home = "/root",
+    info = "root",
+    shell = "/bin/bash",
+    uid = 0,
+    username = "root",
+)
+
+passwd_entry(
+    name = "qemu-user",
+    gid = 107,
+    home = "",
+    shell = "/bin/bash",
+    uid = 107,
+    username = "qemu",
+)
+
+passwd_file(
+    name = "passwd",
+    entries = [
+        ":qemu-user",
+        ":root-user",
+    ],
+)
+
+group_entry(
+    name = "qemu-group",
+    gid = 107,
+    groupname = "qemu",
+)
+
+group_entry(
+    name = "root-group",
+    gid = 0,
+    groupname = "qemu",
+)
+
+
+
+group_file(
+    name = "group",
+    entries = [
+        ":qemu-group",
+        ":root-group",
+    ],
+)
+
+pkg_tar(
+    name = "passwd-tar",
+    srcs = [
+        ":group",
+        ":passwd",
+    ],
+    mode = "0644",
+    package_dir = "etc",
+    visibility = ["//visibility:public"],
+)
 
 container_image(
     name = "version-container",
-    base = select({
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@libvirt_ppc64le//image",
-        "//conditions:default": "@libvirt//image",
-    }),
     directory = "/",
     files = [
         ":virt_launcher.cil",
         "//:get-version",
     ],
+    tars = [
+        ":passwd-tar",
+        "//rpm:launcherbase",
+    ],
 )
 
 container_image(

diff --git a/cmd/virt-launcher/BUILD.bazel b/cmd/virt-launcher/BUILD.bazel
@@ -45,15 +45,87 @@ load(
     "@io_bazel_rules_docker//container:container.bzl",
     "container_image",
 )
+load("@io_bazel_rules_docker//contrib:group.bzl", "group_entry", "group_file")
+load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
+load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
+
+passwd_entry(
+    name = "root-user",
+    gid = 0,
+    home = "/root",
+    info = "root",
+    shell = "/bin/bash",
+    uid = 0,
+    username = "root",
+)
+
+group_entry(
+    name = "qemu-group",
+    gid = 107,
+    groupname = "qemu",
+)
+
+group_entry(
+    name = "root-group",
+    gid = 0,
+    groupname = "qemu",
+)
+
+
+group_file(
+    name = "group",
+    entries = [
+        ":qemu-group",
+        ":root-group",
+    ],
+)
+
+passwd_entry(
+    name = "qemu-user",
+    gid = 107,
+    home = "",
+    shell = "/bin/bash",
+    uid = 107,
+    username = "qemu",
+)
+
+passwd_file(
+    name = "passwd",
+    entries = [
+        ":qemu-user",
+        ":root-user",
+    ],
+)
+
+pkg_tar(
+    name = "libvirt-config",
+    srcs = [
+        ":qemu.conf",
+        ":libvirtd.conf",
+    ],
+    package_dir = "/etc/libvirt",
+)
+
+pkg_tar(
+    name = "passwd-tar",
+    srcs = [
+        ":group",
+        ":passwd",
+    ],
+    mode = "0644",
+    package_dir = "etc",
+    visibility = ["//visibility:public"],
+)
 
 container_image(
     name = "version-container",
-    base = select({
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@libvirt_ppc64le//image",
-        "//conditions:default": "@libvirt//image",
-    }),
     directory = "/",
     files = ["//:get-version"],
+    tars = [
+        ":libvirt-config",
+        ":passwd-tar",
+        "//rpm:launcherbase",
+    ],
 )
 
 container_image(

diff --git a/cmd/virt-launcher/libvirtd.conf b/cmd/virt-launcher/libvirtd.conf
@@ -0,0 +1,4 @@
+listen_tls = 0
+listen_tcp = 1
+auth_tcp = "none"
+log_outputs = "1:stderr"
diff --git a/cmd/virt-launcher/qemu.conf b/cmd/virt-launcher/qemu.conf
@@ -0,0 +1,12 @@
+stdio_handler = "logd"
+spice_listen = "0.0.0.0"
+vnc_listen = "0.0.0.0"
+vnc_tls = 0
+vnc_sasl = 0
+user = "qemu"
+group = "qemu"
+dynamic_ownership = 1
+remember_owner = 0
+namespaces = [ ]
+cgroup_controllers = [ ]
+cgroup_controllers = [ ]
diff --git a/cmd/virt-operator/BUILD.bazel b/cmd/virt-operator/BUILD.bazel
@@ -16,6 +16,7 @@ go_library(
 go_binary(
     name = "virt-operator",
     embed = [":go_default_library"],
+    static = "on",
     visibility = ["//visibility:public"],
 )