[WIP] Switch to a kuberlr based Shell Image

.github/workflows/head-build.yml

@@ -47,6 +47,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Load Secrets from Vault
+        if: ${{ github.repository == 'rancher/shell' }}
         uses: rancher-eio/read-vault-secrets@main
         with:
           secrets: |

.github/workflows/release.yml

@@ -19,19 +19,16 @@ jobs:
       matrix:
         include:
           # Four images are created:
-          # - Multi-arch manifest for amd64, arm64 and s390x
+          # - Multi-arch manifest for amd64, and arm64
           - tag-suffix: ""
-            platforms: linux/amd64,linux/arm64,linux/s390x
+            platforms: linux/amd64,linux/arm64
           # - arm64 manifest
           - tag-suffix: "-arm64"
             platforms: linux/arm64
           # - amd64 manifest
           - tag-suffix: "-amd64"
             platforms: linux/amd64
-          # - s390x manifest
-          - tag-suffix: "-s390x"
-            platforms: linux/s390x
-
+
     steps:
     - name: Checkout code
       uses: actions/checkout@v4

Makefile

@@ -6,24 +6,28 @@ include hack/make/deps.mk
 include hack/make/build.mk
 
 # Define target platforms, image builder and the fully qualified image name.
-TARGET_PLATFORMS ?= linux/amd64,linux/arm64,linux/s390x
+TARGET_PLATFORMS ?= linux/amd64,linux/arm64
 
 REPO ?= rancher
 IMAGE = $(REPO)/shell:$(TAG)
 BUILD_ACTION = --load
 
+# Should always be the highest one in image
+TEST_KUBECTL_VERSION := 1.31.0
+
 .DEFAULT_GOAL := ci
-ci: test validate e2e ## run the targets needed to validate a PR in CI.
+ci: test validate ## run the targets needed to validate a PR in CI.
 
 clean: ## clean up project.
 	rm -rf build
 
 test: test-build ## test the build against all target platforms.
 	$(MAKE) build-image
 	IMAGE=$(IMAGE) \
-	KUBECTL_VERSION=$(KUBECTL_VERSION) HELM_VERSION=$(HELM_VERSION) \
-	KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) K9S_VERSION=$(K9S_VERSION) \
-		./hack/test
+	HELM_VERSION=$(HELM_VERSION) \
+	KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) \
+	K9S_VERSION=$(K9S_VERSION) \
+		./hack/test $(TEST_KUBECTL_VERSION)
 
 test-build:
 	# Instead of loading image, target all platforms, effectivelly testing

hack/make/deps.mk

@@ -1,11 +1,6 @@
 # renovate: datasource=github-release-attachments depName=rancher/helm
 HELM_VERSION := v3.15.1-rancher2
 
-KUBECTL_VERSION := v1.29.8
-KUBECTL_SUM_arm64 ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/arm64/kubectl.sha256")
-KUBECTL_SUM_amd64 ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/amd64/kubectl.sha256")
-KUBECTL_SUM_s390x ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/s390x/kubectl.sha256")
-
 # renovate: datasource=github-release-attachments depName=kubernetes-sigs/kustomize extractVersion=kustomize/v(?<version>\d+\.\d+\.\d+)
 KUSTOMIZE_VERSION := v5.4.3
 # renovate: datasource=github-release-attachments depName=kubernetes-sigs/kustomize versioning=regex:^kustomize/v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)$ digestVersion=kustomize/v5.4.1
@@ -26,6 +21,5 @@ K9S_SUM_s390x := 8aea75262492a699c150833cafc65465541c74becc1b0236b4a7e368f5bd512
 
 # Reduces the code duplication on Makefile by keeping all args into a single variable.
 IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \
-			  --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) --build-arg KUBECTL_SUM_arm64=$(KUBECTL_SUM_arm64) --build-arg KUBECTL_SUM_amd64=$(KUBECTL_SUM_amd64) --build-arg KUBECTL_SUM_s390x=$(KUBECTL_SUM_s390x) \
 			  --build-arg KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) --build-arg KUSTOMIZE_SUM_arm64=$(KUSTOMIZE_SUM_arm64) --build-arg KUSTOMIZE_SUM_amd64=$(KUSTOMIZE_SUM_amd64) --build-arg KUSTOMIZE_SUM_s390x=$(KUSTOMIZE_SUM_s390x) \
 			  --build-arg K9S_VERSION=$(K9S_VERSION) --build-arg K9S_SUM_arm64=$(K9S_SUM_arm64) --build-arg K9S_SUM_amd64=$(K9S_SUM_amd64) --build-arg K9S_SUM_s390x=$(K9S_SUM_s390x)

hack/test

@@ -4,6 +4,7 @@ set -eo pipefail
 
 RUNNER="${RUNNER:-docker}"
 IMAGE="${IMAGE:-rancher/shell:dev}"
+TEST_KUBECTL_VERSION="${1}"
 
 function run(){
     "${RUNNER}" run --rm "${IMAGE}" $1
@@ -31,10 +32,11 @@ function expected_file(){
 
 function check_files(){
     echo "checking expected binaries:"
+    expected_file "/bin/kuberlr" "0:0" "755"
+    expected_file "/bin/kubectl" "0:0" "777"
     expected_file "/usr/local/bin/helm" "0:0" "755"
     expected_file "/usr/local/bin/helm-cmd" "0:0" "755"
     expected_file "/usr/local/bin/k9s" "0:0" "755"
-    expected_file "/usr/local/bin/kubectl" "0:0" "755"
     expected_file "/usr/local/bin/kustomize" "0:0" "755"
     expected_file "/usr/local/bin/welcome" "0:0" "755"
     expected_file "/home/shell/kustomize.sh" "1000:1000" "755"
@@ -66,7 +68,7 @@ function check_versions(){
     expected_version "k9s" "${K9S_VERSION}"
     # --client=true is used so that it does not fail trying to
     # identify the server version.
-    expected_version "kubectl --client=true" "${KUBECTL_VERSION}"
+    expected_version "kubectl --client=true" "${TEST_KUBECTL_VERSION}"
 }
 
 function main(){

package/Dockerfile

@@ -1,5 +1,6 @@
 ARG BCI_VERSION=15.6
 FROM registry.suse.com/bci/bci-busybox:${BCI_VERSION} AS final
+FROM rancher/kuberlr-kubectl:head AS kuberlr
 
 # Image that provides cross compilation tooling.
 FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 AS xx
@@ -24,18 +25,15 @@ FROM --platform=$BUILDPLATFORM registry.suse.com/bci/bci-base:${BCI_VERSION} AS
 RUN zypper -n install curl gzip tar
 
 # Define build arguments
-ARG KUBECTL_VERSION KUBECTL_SUM_arm64 KUBECTL_SUM_amd64 KUBECTL_SUM_s390x \
-    KUSTOMIZE_VERSION KUSTOMIZE_SUM_arm64 KUSTOMIZE_SUM_amd64 KUSTOMIZE_SUM_s390x \
-    K9S_VERSION K9S_SUM_arm64 K9S_SUM_amd64 K9S_SUM_s390x
-
+ARG KUSTOMIZE_VERSION
+ARG KUSTOMIZE_SUM_arm64
+ARG KUSTOMIZE_SUM_amd64
+ARG KUSTOMIZE_SUM_s390x
+ARG K9S_VERSION
+ARG K9S_SUM_arm64
+ARG K9S_SUM_amd64
+ARG K9S_SUM_s390x
 ARG TARGETARCH
-# Stage kubectl into build
-ADD --chown=root:root --chmod=0755 \
-    "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" \
-    /kubectl
-
-ENV KUBECTL_SUM="KUBECTL_SUM_${TARGETARCH}"
-RUN echo "${!KUBECTL_SUM}  /kubectl" | sha256sum -c -
 
 # Stage kubectl into build
 ENV KUSTOMIZE_SUM="KUSTOMIZE_SUM_${TARGETARCH}"
@@ -77,14 +75,22 @@ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /chroot/etc/passwd
         echo 'LANG=en_US.UTF-8' >> /chroot/home/shell/.bashrc && \
         echo 'PS1="> "' >> /chroot/home/shell/.bashrc && \
         mkdir /chroot/home/shell/.kube && \
+        mkdir /chroot/home/shell/.kuberlr && \
+        touch /chroot/home/shell/.kuberlr/kuberlr.conf && \
+        echo "AllowDownload = false" >> /chroot/home/shell/.kuberlr/kuberlr.conf && \
+        echo 'SystemPath = "/usr/local/bin"' >> /chroot/home/shell/.kuberlr/kuberlr.conf && \
+        echo "Timeout = 6" >> /chroot/home/shell/.kuberlr/kuberlr.conf && \
         chown -R 1000:1000 /chroot/home/shell && \
         chmod 700 /chroot/run
 
 FROM scratch
 
 COPY --from=zypper /chroot /
 COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/
-COPY --chown=root:root --chmod=0755 --from=build /kubectl /k9s /kustomize* /usr/local/bin/
+COPY --chown=root:root --chmod=0755 --from=build /k9s /kustomize* /usr/local/bin/
+COPY --chown=root:root --chmod=0755 --from=kuberlr /usr/bin/kubectl* /usr/local/bin/
+COPY --chown=root:root --chmod=0755 --from=kuberlr /bin/kuberlr /bin/
+RUN ln -s /bin/kuberlr /bin/kubectl
 COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome /usr/local/bin/
 COPY --chown=1000:1000 --chmod=0755 package/kustomize.sh /home/shell/