Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / e342086c9d71e3eb38c0a159e559ab4de0033492 / . / metropolis / node / BUILD.bazel
blob: 04b164a9dc2ac0fbbe08fbe488e7fb0a41a9ff98 [file] [log] [blame]
Jan Schär7c38e782025-04-29 09:23:37 +0000[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
Tim Windelschmidt8e19fa42024-11-12 13:39:43 +0000[diff] [blame]2load("@rules_pkg//:pkg.bzl", "pkg_zip")
Tim Windelschmidt8e19fa42024-11-12 13:39:43 +0000[diff] [blame]3load("//osbase/build/genosrelease:defs.bzl", "os_release")
Tim Windelschmidtbed76d92025-02-18 03:04:14 +0100[diff] [blame]4load("//osbase/build/mkerofs:def.bzl", "erofs_image")
Tim Windelschmidtc2290c22024-08-15 19:56:00 +0200[diff] [blame]5load("//osbase/build/mkimage:def.bzl", "node_image")
Jan Schär5fdca562025-04-14 11:33:29 +0000[diff] [blame]6load("//osbase/build/mkoci:def.bzl", "oci_os_image")
Tim Windelschmidtbed76d92025-02-18 03:04:14 +0100[diff] [blame]7load("//osbase/build/mkpayload:def.bzl", "efi_unified_kernel_image")
8load("//osbase/build/mkverity:def.bzl", "verity_image")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]9
10go_library(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]11 name = "node",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]12 srcs = [
13 "ids.go",
Serge Bazanski1f789542024-05-22 14:01:50 +0200[diff] [blame]14 "labels.go",
Lorenz Brun0e291a12023-06-01 12:22:45 +0200[diff] [blame]15 "net_ips.go",
Serge Bazanski93d593b2023-03-28 16:43:47 +0200[diff] [blame]16 "net_protocols.go",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]17 "ports.go",
Jan Schär39f4f5c2024-10-29 09:41:50 +0100[diff] [blame]18 "validation.go",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]19 ],
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]20 importpath = "source.monogon.dev/metropolis/node",
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]21 visibility = [
22 "//metropolis:__subpackages__",
23 "@io_k8s_kubernetes//pkg/registry:__subpackages__",
24 ],
Timon Stampfli91bcf462024-12-15 16:57:05 +0100[diff] [blame]25 deps = ["//metropolis/proto/common"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]26)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]27
Lorenz Brun313816f2020-12-22 16:52:26 +0100[diff] [blame]28# debug_build checks if we're building in debug mode and enables various debug features for the image.
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]29config_setting(
30 name = "debug_build",
31 values = {
32 "compilation_mode": "dbg",
33 },
34)
35
Lorenz Brun2ecccae2024-11-27 22:03:35 +0100[diff] [blame]36exports_files([
37 "passwd",
38])
39
Jan Schär7c38e782025-04-29 09:23:37 +0000[diff] [blame]40go_binary(
Tim Windelschmidt25e0d8f2024-12-02 23:46:24 +0100[diff] [blame]41 name = "runc",
Jan Schär7c38e782025-04-29 09:23:37 +0000[diff] [blame]42 embed = ["@com_github_opencontainers_runc//:runc_lib"],
43 gotags = [
44 "osusergo",
45 "netgo",
46 "seccomp",
47 ],
Jan Schär0fd36f42025-04-29 10:26:03 +0000[diff] [blame]48 pure = "off",
Tim Windelschmidt25e0d8f2024-12-02 23:46:24 +0100[diff] [blame]49)
50
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]51erofs_image(
52 name = "rootfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]53 files = {
Jan Schär69b76872025-05-14 16:39:47 +0000[diff] [blame]54 "/init": "//metropolis/node/minit",
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]55 "/core": "//metropolis/node/core",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]56
Jan Schär91bf1c82024-07-29 17:31:33 +0200[diff] [blame]57 # CA Certificate bundle & os-release & resolv.conf & hosts
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]58 # These should not be explicitly used by Metropolis code and are only here for compatibility with
59 # paths hardcoded by standard libraries (like Go's).
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]60 "/etc/ssl/cert.pem": "@cacerts//file",
61 "/etc/passwd": ":passwd",
62 "/etc/resolv.conf": "//osbase/net/dns:resolv.conf",
63 "/etc/hosts": "//osbase/net/dns:hosts",
64 "/etc/os-release": ":os-release-info",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]65
Serge Bazanski6d563ca2023-06-14 13:44:20 +0200[diff] [blame]66 # Metrics exporters
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]67 "/metrics/bin/node_exporter": "@com_github_prometheus_node_exporter//:node_exporter",
Serge Bazanski6d563ca2023-06-14 13:44:20 +0200[diff] [blame]68
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]69 # Hyperkube
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]70 "/kubernetes/bin/kube": "//metropolis/node/kubernetes/hyperkube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]71
72 # runsc/gVisor
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]73 "/containerd/bin/runsc": "@dev_gvisor_gvisor//runsc",
74 "/containerd/bin/containerd-shim-runsc-v1": "@dev_gvisor_gvisor//shim",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]75
Jan Schär0fd36f42025-04-29 10:26:03 +0000[diff] [blame]76 # runc
77 "/containerd/bin/runc": ":runc",
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]78 "/containerd/bin/containerd-shim-runc-v2": "@com_github_containerd_containerd_v2//cmd/containerd-shim-runc-v2",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]79
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]80 # Containerd
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]81 "/containerd/bin/containerd": "@com_github_containerd_containerd_v2//cmd/containerd",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]82
83 # Containerd config files
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]84 "/containerd/conf/runsc.toml": "//metropolis/node/kubernetes/containerd:runsc.toml",
85 "/containerd/conf/config.toml": "//metropolis/node/kubernetes/containerd:config.toml",
86 "/containerd/conf/cnispec.gojson": "//metropolis/node/kubernetes/containerd:cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]87
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]88 # Containerd preseed bundles
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]89 "/containerd/preseed/k8s.io/preseedtest.tar": "//metropolis/test/e2e/preseedtest:preseedtest_tarball",
90 "/containerd/preseed/k8s.io/pause.tar": "//metropolis/node/kubernetes/pause:pause_tarball",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]91
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]92 # CNI Plugins
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]93 "/containerd/bin/cni/loopback": "@com_github_containernetworking_plugins//plugins/main/loopback",
94 "/containerd/bin/cni/ptp": "@com_github_containernetworking_plugins//plugins/main/ptp",
95 "/containerd/bin/cni/host-local": "@com_github_containernetworking_plugins//plugins/ipam/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]96
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]97 # Delve
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]98 "/dlv": "@com_github_go_delve_delve//cmd/dlv:dlv",
Jan Schär0fd36f42025-04-29 10:26:03 +0000[diff] [blame]99
100 # file system tools
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]101 "/bin/mkfs.xfs": "@xfsprogs//:mkfs",
Jan Schär0fd36f42025-04-29 10:26:03 +0000[diff] [blame]102
103 # time
Tim Windelschmidt24bf6fd2025-02-12 04:48:24 +0100[diff] [blame]104 "/time/chrony": "@chrony//:chrony",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]105 },
Serge Bazanskia3938142022-04-04 17:04:47 +0200[diff] [blame]106 fsspecs = [
107 ":erofs-layout.fsspec",
Tim Windelschmidtc2290c22024-08-15 19:56:00 +0200[diff] [blame]108 "//osbase/build:earlydev.fsspec",
Tim Windelschmidt65bf3112024-04-08 21:32:14 +0200[diff] [blame]109 "//third_party:firmware",
Serge Bazanskia3938142022-04-04 17:04:47 +0200[diff] [blame]110 ],
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]111 symlinks = {
Tim Windelschmidtad4d9542025-03-24 20:20:13 +0100[diff] [blame]112 "/etc/machine-id": "/ephemeral/machine-id",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]113 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]114)
115
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]116verity_image(
117 name = "verity_rootfs",
118 source = ":rootfs",
119)
120
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]121efi_unified_kernel_image(
122 name = "kernel_efi",
Lorenz Brune3420862025-06-05 12:25:03 +0200[diff] [blame^]123 cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=ttyAMA0 console=tty0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs kernel.unknown_nmi_panic=1",
Tim Windelschmidt65bf3112024-04-08 21:32:14 +0200[diff] [blame]124 initrd = ["//third_party:ucode"],
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]125 kernel = "//third_party/linux",
126 os_release = ":os-release-info",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]127 verity = ":verity_rootfs",
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]128)
129
Jan Schär5fdca562025-04-14 11:33:29 +0000[diff] [blame]130oci_os_image(
131 name = "oci_image",
132 srcs = {
133 "system": ":verity_rootfs",
134 "kernel.efi": ":kernel_efi",
135 },
136 visibility = ["//visibility:public"],
137)
138
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]139# An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
140# to the actual bundle format.
141# TODO(lorenz): Replace this
142pkg_zip(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]143 name = "bundle",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]144 srcs = [
145 ":kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]146 ":verity_rootfs",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]147 ],
Lorenz Brunf8ede092021-11-08 20:50:57 +0100[diff] [blame]148 visibility = ["//visibility:public"],
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]149)
150
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]151node_image(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]152 name = "image",
Jan Schär69b76872025-05-14 16:39:47 +0000[diff] [blame]153 abloader = "//metropolis/node/abloader",
154 bios_bootcode = "//metropolis/node/bios_bootcode",
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]155 kernel = ":kernel_efi",
156 system = ":verity_rootfs",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]157 visibility = [
Mateusz Zalegafed8fe52022-07-14 16:19:35 +0200[diff] [blame]158 "//metropolis/cli/metroctl/test:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]159 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]160 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]161 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]162)
163
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]164os_release(
165 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]166 os_id = "metropolis-node",
167 os_name = "Metropolis Node",
Serge Bazanski30494c12023-11-28 16:27:24 +0100[diff] [blame]168 stamp_var = "STABLE_MONOGON_metropolis_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]169)
Serge Bazanski1f789542024-05-22 14:01:50 +0200[diff] [blame]170
171go_test(
172 name = "node_test",
Jan Schär39f4f5c2024-10-29 09:41:50 +0100[diff] [blame]173 srcs = [
174 "labels_test.go",
175 "validation_test.go",
176 ],
Serge Bazanski1f789542024-05-22 14:01:50 +0200[diff] [blame]177 embed = [":node"],
Serge Bazanskidd2b80f2024-09-24 13:06:27 +0000[diff] [blame]178 deps = ["@io_k8s_apimachinery//pkg/util/validation"],
Serge Bazanski1f789542024-05-22 14:01:50 +0200[diff] [blame]179)