metropolis/node/BUILD.bazel

load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
load("//osbase/build/genproductinfo:defs.bzl", "product_info")
load("//osbase/build/mkerofs:def.bzl", "erofs_image")
load("//osbase/build/mkoci:def.bzl", "oci_os_image")
load("//osbase/build/mkpayload:def.bzl", "efi_unified_kernel_image")
load("//osbase/build/mkverity:def.bzl", "verity_image")

go_library(
    name = "node",
    srcs = [
        "ids.go",
        "labels.go",
        "net_ips.go",
        "net_protocols.go",
        "ports.go",
        "validation.go",
    ],
    importpath = "source.monogon.dev/metropolis/node",
    visibility = [
        "//metropolis:__subpackages__",
        "@io_k8s_kubernetes//pkg/registry:__subpackages__",
    ],
    deps = ["//metropolis/proto/common"],
)

# debug_build checks if we're building in debug mode and enables various debug features for the image.
config_setting(
    name = "debug_build",
    values = {
        "compilation_mode": "dbg",
    },
)

exports_files([
    "passwd",
])

go_binary(
    name = "runc",
    embed = ["@com_github_opencontainers_runc//:runc_lib"],
    gotags = [
        "osusergo",
        "netgo",
        "seccomp",
    ],
    pure = "off",
)

erofs_image(
    name = "rootfs",
    files = {
        "/init": "//metropolis/node/minit",
        "/core": "//metropolis/node/core",

        # Product info
        "/etc/product-info.json": ":product_info",

        # CA Certificate bundle & os-release & resolv.conf & hosts
        # These should not be explicitly used by Metropolis code and are only here for compatibility with
        # paths hardcoded by standard libraries (like Go's).
        "/etc/ssl/cert.pem": "@cacerts//file",
        "/etc/passwd": ":passwd",
        "/etc/resolv.conf": "//osbase/net/dns:resolv.conf",
        "/etc/hosts": "//osbase/net/dns:hosts",
        "/etc/os-release": ":product_info_os_release",

        # Metrics exporters
        "/metrics/bin/node_exporter": "@com_github_prometheus_node_exporter//:node_exporter",

        # Hyperkube
        "/kubernetes/bin/kube": "//metropolis/node/kubernetes/hyperkube",

        # runsc/gVisor
        "/containerd/bin/runsc": "@dev_gvisor_gvisor//runsc",
        "/containerd/bin/containerd-shim-runsc-v1": "@dev_gvisor_gvisor//shim",

        # runc
        "/containerd/bin/runc": ":runc",
        "/containerd/bin/containerd-shim-runc-v2": "@com_github_containerd_containerd_v2//cmd/containerd-shim-runc-v2",

        # Containerd
        "/containerd/bin/containerd": "@com_github_containerd_containerd_v2//cmd/containerd",

        # Containerd config files
        "/containerd/conf/runsc.toml": "//metropolis/node/kubernetes/containerd:runsc.toml",
        "/containerd/conf/config.toml": "//metropolis/node/kubernetes/containerd:config.toml",
        "/containerd/conf/cnispec.gojson": "//metropolis/node/kubernetes/containerd:cnispec.gojson",

        # Containerd preseed bundles
        "/containerd/preseed/k8s.io/preseedtest.tar": "//metropolis/test/e2e/preseedtest:preseedtest_tarball",
        "/containerd/preseed/k8s.io/pause.tar": "//metropolis/node/kubernetes/pause:pause_tarball",

        # CNI Plugins
        "/containerd/bin/cni/loopback": "@com_github_containernetworking_plugins//plugins/main/loopback",
        "/containerd/bin/cni/ptp": "@com_github_containernetworking_plugins//plugins/main/ptp",
        "/containerd/bin/cni/host-local": "@com_github_containernetworking_plugins//plugins/ipam/host-local",

        # Delve
        "/dlv": "@com_github_go_delve_delve//cmd/dlv:dlv",

        # file system tools
        "/bin/mkfs.xfs": "@xfsprogs//:mkfs",

        # time
        "/time/chrony": "@chrony//:chrony",
    },
    fsspecs = [
        ":erofs-layout.fsspec",
        "//osbase/build:earlydev.fsspec",
        "//third_party:firmware",
    ],
    symlinks = {
        "/etc/machine-id": "/ephemeral/machine-id",
    },
)

verity_image(
    name = "verity_rootfs",
    salt = ":product_info",
    source = ":rootfs",
)

efi_unified_kernel_image(
    name = "kernel_efi",
    cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=ttyAMA0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs kernel.unknown_nmi_panic=1",
    initrd = ["//third_party:ucode"],
    kernel = "//third_party/linux",
    os_release = ":product_info_os_release",
    verity = ":verity_rootfs",
)

oci_os_image(
    name = "oci_image",
    srcs = {
        "system": ":verity_rootfs",
        "kernel.efi": ":kernel_efi",
    },
    product_info = ":product_info",
    visibility = ["//visibility:public"],
)

oci_os_image(
    name = "oci_image_uncompressed",
    srcs = {
        "system": ":verity_rootfs",
        "kernel.efi": ":kernel_efi",
    },
    compression_level = 0,
    product_info = ":product_info",
    visibility = ["//metropolis/test/launch:__pkg__"],
)

product_info(
    name = "product_info",
    components = [
        "linux",
        "kubernetes",
    ],
    os_id = "metropolis-node",
    os_name = "Metropolis Node",
    out_os_release = ":product_info_os_release",
    stamp_var = "STABLE_MONOGON_metropolis_version",
    visibility = [":__subpackages__"],
)

go_test(
    name = "node_test",
    srcs = [
        "labels_test.go",
        "validation_test.go",
    ],
    embed = [":node"],
    deps = ["@io_k8s_apimachinery//pkg/util/validation"],
)