metropolis/node/BUILD.bazel - monogon - Gitiles

 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
 load("@rules_pkg//:pkg.bzl", "pkg_zip")
 load("//osbase/build/genosrelease:defs.bzl", "os_release")
 load("//osbase/build/mkerofs:def.bzl", "erofs_image")
 load("//osbase/build/mkimage:def.bzl", "node_image")
 load("//osbase/build/mkoci:def.bzl", "oci_os_image")
 load("//osbase/build/mkpayload:def.bzl", "efi_unified_kernel_image")
 load("//osbase/build/mkverity:def.bzl", "verity_image")

 go_library(
     name = "node",
     srcs = [
         "ids.go",
         "labels.go",
         "net_ips.go",
         "net_protocols.go",
         "ports.go",
         "validation.go",
     ],
     importpath = "source.monogon.dev/metropolis/node",
     visibility = [
         "//metropolis:__subpackages__",
         "@io_k8s_kubernetes//pkg/registry:__subpackages__",
     ],
     deps = ["//metropolis/proto/common"],
 )

 # debug_build checks if we're building in debug mode and enables various debug features for the image.
 config_setting(
     name = "debug_build",
     values = {
         "compilation_mode": "dbg",
     },
 )

 exports_files([
     "passwd",
 ])

 go_binary(
     name = "runc",
     embed = ["@com_github_opencontainers_runc//:runc_lib"],
     gotags = [
         "osusergo",
         "netgo",
         "seccomp",
     ],
     pure = "off",
 )

 erofs_image(
     name = "rootfs",
     files = {
         "/init": "//metropolis/node/core/minit",
         "/core": "//metropolis/node/core",

         # CA Certificate bundle & os-release & resolv.conf & hosts
         # These should not be explicitly used by Metropolis code and are only here for compatibility with
         # paths hardcoded by standard libraries (like Go's).
         "/etc/ssl/cert.pem": "@cacerts//file",
         "/etc/passwd": ":passwd",
         "/etc/resolv.conf": "//osbase/net/dns:resolv.conf",
         "/etc/hosts": "//osbase/net/dns:hosts",
         "/etc/os-release": ":os-release-info",

         # Metrics exporters
         "/metrics/bin/node_exporter": "@com_github_prometheus_node_exporter//:node_exporter",

         # Hyperkube
         "/kubernetes/bin/kube": "//metropolis/node/kubernetes/hyperkube",

         # runsc/gVisor
         "/containerd/bin/runsc": "@dev_gvisor_gvisor//runsc",
         "/containerd/bin/containerd-shim-runsc-v1": "@dev_gvisor_gvisor//shim",

         # runc
         "/containerd/bin/runc": ":runc",
         "/containerd/bin/containerd-shim-runc-v2": "@com_github_containerd_containerd_v2//cmd/containerd-shim-runc-v2",

         # Containerd
         "/containerd/bin/containerd": "@com_github_containerd_containerd_v2//cmd/containerd",

         # Containerd config files
         "/containerd/conf/runsc.toml": "//metropolis/node/kubernetes/containerd:runsc.toml",
         "/containerd/conf/config.toml": "//metropolis/node/kubernetes/containerd:config.toml",
         "/containerd/conf/cnispec.gojson": "//metropolis/node/kubernetes/containerd:cnispec.gojson",

         # Containerd preseed bundles
         "/containerd/preseed/k8s.io/preseedtest.tar": "//metropolis/test/e2e/preseedtest:preseedtest_tarball",
         "/containerd/preseed/k8s.io/pause.tar": "//metropolis/node/kubernetes/pause:pause_tarball",

         # CNI Plugins
         "/containerd/bin/cni/loopback": "@com_github_containernetworking_plugins//plugins/main/loopback",
         "/containerd/bin/cni/ptp": "@com_github_containernetworking_plugins//plugins/main/ptp",
         "/containerd/bin/cni/host-local": "@com_github_containernetworking_plugins//plugins/ipam/host-local",

         # Delve
         "/dlv": "@com_github_go_delve_delve//cmd/dlv:dlv",

         # file system tools
         "/bin/mkfs.xfs": "@xfsprogs//:mkfs",

         # time
         "/time/chrony": "@chrony//:chrony",
     },
     fsspecs = [
         ":erofs-layout.fsspec",
         "//osbase/build:earlydev.fsspec",
         "//third_party:firmware",
     ],
     symlinks = {
         "/etc/machine-id": "/ephemeral/machine-id",
     },
 )

 verity_image(
     name = "verity_rootfs",
     source = ":rootfs",
 )

 efi_unified_kernel_image(
     name = "kernel_efi",
     cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=tty0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs kernel.unknown_nmi_panic=1",
     initrd = ["//third_party:ucode"],
     kernel = "//third_party/linux",
     os_release = ":os-release-info",
     verity = ":verity_rootfs",
 )

 oci_os_image(
     name = "oci_image",
     srcs = {
         "system": ":verity_rootfs",
         "kernel.efi": ":kernel_efi",
     },
     visibility = ["//visibility:public"],
 )

 # An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
 # to the actual bundle format.
 # TODO(lorenz): Replace this
 pkg_zip(
     name = "bundle",
     srcs = [
         ":kernel_efi",
         ":verity_rootfs",
     ],
     visibility = ["//visibility:public"],
 )

 node_image(
     name = "image",
     abloader = "//metropolis/node/core/abloader",
     bios_bootcode = "//metropolis/node/core/bios_bootcode",
     kernel = ":kernel_efi",
     system = ":verity_rootfs",
     visibility = [
         "//metropolis/cli/metroctl/test:__subpackages__",
         "//metropolis/test/e2e:__subpackages__",
         "//metropolis/test/launch:__subpackages__",
     ],
 )

 os_release(
     name = "os-release-info",
     os_id = "metropolis-node",
     os_name = "Metropolis Node",
     stamp_var = "STABLE_MONOGON_metropolis_version",
 )

 go_test(
     name = "node_test",
     srcs = [
         "labels_test.go",
         "validation_test.go",
     ],
     embed = [":node"],
     deps = ["@io_k8s_apimachinery//pkg/util/validation"],
 )
	load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
	load("@rules_pkg//:pkg.bzl", "pkg_zip")
	load("//osbase/build/genosrelease:defs.bzl", "os_release")
	load("//osbase/build/mkerofs:def.bzl", "erofs_image")
	load("//osbase/build/mkimage:def.bzl", "node_image")
	load("//osbase/build/mkoci:def.bzl", "oci_os_image")
	load("//osbase/build/mkpayload:def.bzl", "efi_unified_kernel_image")
	load("//osbase/build/mkverity:def.bzl", "verity_image")

	go_library(
	name = "node",
	srcs = [
	"ids.go",
	"labels.go",
	"net_ips.go",
	"net_protocols.go",
	"ports.go",
	"validation.go",
	],
	importpath = "source.monogon.dev/metropolis/node",
	visibility = [
	"//metropolis:__subpackages__",
	"@io_k8s_kubernetes//pkg/registry:__subpackages__",
	],
	deps = ["//metropolis/proto/common"],
	)

	# debug_build checks if we're building in debug mode and enables various debug features for the image.
	config_setting(
	name = "debug_build",
	values = {
	"compilation_mode": "dbg",
	},
	)

	exports_files([
	"passwd",
	])

	go_binary(
	name = "runc",
	embed = ["@com_github_opencontainers_runc//:runc_lib"],
	gotags = [
	"osusergo",
	"netgo",
	"seccomp",
	],
	pure = "off",
	)

	erofs_image(
	name = "rootfs",
	files = {
	"/init": "//metropolis/node/core/minit",
	"/core": "//metropolis/node/core",

	# CA Certificate bundle & os-release & resolv.conf & hosts
	# These should not be explicitly used by Metropolis code and are only here for compatibility with
	# paths hardcoded by standard libraries (like Go's).
	"/etc/ssl/cert.pem": "@cacerts//file",
	"/etc/passwd": ":passwd",
	"/etc/resolv.conf": "//osbase/net/dns:resolv.conf",
	"/etc/hosts": "//osbase/net/dns:hosts",
	"/etc/os-release": ":os-release-info",

	# Metrics exporters
	"/metrics/bin/node_exporter": "@com_github_prometheus_node_exporter//:node_exporter",

	# Hyperkube
	"/kubernetes/bin/kube": "//metropolis/node/kubernetes/hyperkube",

	# runsc/gVisor
	"/containerd/bin/runsc": "@dev_gvisor_gvisor//runsc",
	"/containerd/bin/containerd-shim-runsc-v1": "@dev_gvisor_gvisor//shim",

	# runc
	"/containerd/bin/runc": ":runc",
	"/containerd/bin/containerd-shim-runc-v2": "@com_github_containerd_containerd_v2//cmd/containerd-shim-runc-v2",

	# Containerd
	"/containerd/bin/containerd": "@com_github_containerd_containerd_v2//cmd/containerd",

	# Containerd config files
	"/containerd/conf/runsc.toml": "//metropolis/node/kubernetes/containerd:runsc.toml",
	"/containerd/conf/config.toml": "//metropolis/node/kubernetes/containerd:config.toml",
	"/containerd/conf/cnispec.gojson": "//metropolis/node/kubernetes/containerd:cnispec.gojson",

	# Containerd preseed bundles
	"/containerd/preseed/k8s.io/preseedtest.tar": "//metropolis/test/e2e/preseedtest:preseedtest_tarball",
	"/containerd/preseed/k8s.io/pause.tar": "//metropolis/node/kubernetes/pause:pause_tarball",

	# CNI Plugins
	"/containerd/bin/cni/loopback": "@com_github_containernetworking_plugins//plugins/main/loopback",
	"/containerd/bin/cni/ptp": "@com_github_containernetworking_plugins//plugins/main/ptp",
	"/containerd/bin/cni/host-local": "@com_github_containernetworking_plugins//plugins/ipam/host-local",

	# Delve
	"/dlv": "@com_github_go_delve_delve//cmd/dlv:dlv",

	# file system tools
	"/bin/mkfs.xfs": "@xfsprogs//:mkfs",

	# time
	"/time/chrony": "@chrony//:chrony",
	},
	fsspecs = [
	":erofs-layout.fsspec",
	"//osbase/build:earlydev.fsspec",
	"//third_party:firmware",
	],
	symlinks = {
	"/etc/machine-id": "/ephemeral/machine-id",
	},
	)

	verity_image(
	name = "verity_rootfs",
	source = ":rootfs",
	)

	efi_unified_kernel_image(
	name = "kernel_efi",
	cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=tty0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs kernel.unknown_nmi_panic=1",
	initrd = ["//third_party:ucode"],
	kernel = "//third_party/linux",
	os_release = ":os-release-info",
	verity = ":verity_rootfs",
	)

	oci_os_image(
	name = "oci_image",
	srcs = {
	"system": ":verity_rootfs",
	"kernel.efi": ":kernel_efi",
	},
	visibility = ["//visibility:public"],
	)

	# An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
	# to the actual bundle format.
	# TODO(lorenz): Replace this
	pkg_zip(
	name = "bundle",
	srcs = [
	":kernel_efi",
	":verity_rootfs",
	],
	visibility = ["//visibility:public"],
	)

	node_image(
	name = "image",
	abloader = "//metropolis/node/core/abloader",
	bios_bootcode = "//metropolis/node/core/bios_bootcode",
	kernel = ":kernel_efi",
	system = ":verity_rootfs",
	visibility = [
	"//metropolis/cli/metroctl/test:__subpackages__",
	"//metropolis/test/e2e:__subpackages__",
	"//metropolis/test/launch:__subpackages__",
	],
	)

	os_release(
	name = "os-release-info",
	os_id = "metropolis-node",
	os_name = "Metropolis Node",
	stamp_var = "STABLE_MONOGON_metropolis_version",
	)

	go_test(
	name = "node_test",
	srcs = [
	"labels_test.go",
	"validation_test.go",
	],
	embed = [":node"],
	deps = ["@io_k8s_apimachinery//pkg/util/validation"],
	)