[chore] Make all images distroless

.werf/consts.yaml

@@ -0,0 +1,11 @@
+# base images
+{{- $_ := set $ "BASE_ALT_DEV"     "registry.deckhouse.io/base_images/dev-alt:p10@sha256:76e6e163fa982f03468166203488b569e6d9fc10855d6a259c662706436cdcad" }}
+{{- $_ := set $ "BASE_ALT_P11"     "registry.deckhouse.io/base_images/alt:p11@sha256:c396cd7348a48f9236413e2ef5569223c15e554c0a3ca37f9d92fb787d4f1893" }}
+{{- $_ := set $ "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
+{{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
+
+
+# component versions
+{{- $versions := dict }}
+
+{{- $_ := set $ "VERSIONS" $versions }}

.werf/images.yaml

@@ -1,7 +1,7 @@
 {{- $ImagesBuildFiles := .Files.Glob "images/*/{Dockerfile,werf.inc.yaml}" }}
 
 {{- range $path, $content := $ImagesBuildFiles  }}
-  {{ $ctx := (dict "ImageName" ($path | split "/")._1) }}
+  {{ $ctx := (dict "ImageName" ($path | split "/")._1 "Root" $ "Versions" $.VERSIONS) }}
 ---
   {{- /* For Dockerfile just render it from the folder. */ -}}
   {{- if not (regexMatch "/werf.inc.yaml$" $path) }}

.werf/python-deps.yaml

@@ -2,12 +2,14 @@
 ---
 image: python-dependencies
 from: registry.deckhouse.io/base_images/alpine:3.16.3
-fromCacheVersion: 20240724165018
 git:
   - add: /
     to: /
     includePaths:
       - lib/python
+    stageDependencies:
+      setup:
+        - lib/python/requirements.txt
 shell:
   beforeInstall:
     - apk add --no-cache python3 py3-pip

.werf/release.yaml

@@ -1,7 +1,8 @@
 # Release image, stored in your.registry.io/modules/<module-name>/release:<semver>
 ---
-artifact: release-channel-version-artifact
+image: release-channel-version-artifact
 from: registry.deckhouse.io/base_images/alpine:3.16.3
+final: false
 shell:
   beforeInstall:
     - apk add --no-cache curl
@@ -14,7 +15,7 @@ shell:
 image: release-channel-version
 from: registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc
 import:
-  - artifact: release-channel-version-artifact
+  - image: release-channel-version-artifact
     add: /
     to: /
     after: install

images/sds-local-volume-controller/werf.inc.yaml

@@ -1,10 +1,6 @@
-{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
-fromCacheVersion: 202408091334349
+from: {{ $.Root.BASE_GOLANG_1_23 }}
 final: false
 
 git:
@@ -28,7 +24,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Root.BASE_SCRATCH }}
 
 import:
   - image: {{ $.ImageName }}-golang-artifact

images/sds-local-volume-csi/src/driver/node.go

@@ -105,7 +105,7 @@ func (d *Driver) NodeStageVolume(_ context.Context, request *csi.NodeStageVolume
 	}
 	if fsType == internal.FSTypeXfs && needLegacySupport {
 		d.log.Info("[NodeStageVolume] legacy xfs support is on")
-		formatOptions = append(formatOptions, "-m", "bigtime=0,inobtcount=0,reflink=0")
+		formatOptions = append(formatOptions, "-m", "bigtime=0,inobtcount=0,reflink=0", "-i", "nrext64=0")
 	}
 
 	mountOptions := collectMountOptions(fsType, mountVolume.GetMountFlags(), []string{})
@@ -133,6 +133,7 @@ func (d *Driver) NodeStageVolume(_ context.Context, request *csi.NodeStageVolume
 	lvmType := context[internal.LvmTypeKey]
 	lvmThinPoolName := context[internal.ThinPoolNameKey]
 
+	d.log.Trace(fmt.Sprintf("formatOptions = %s", formatOptions))
 	d.log.Trace(fmt.Sprintf("mountOptions = %s", mountOptions))
 	d.log.Trace(fmt.Sprintf("lvmType = %s", lvmType))
 	d.log.Trace(fmt.Sprintf("lvmThinPoolName = %s", lvmThinPoolName))
@@ -440,5 +441,5 @@ func needLegacyXFSSupport() (bool, error) {
 		return false, fmt.Errorf("unexpected kernel version (minor part): %s", fullVersion)
 	}
 
-	return major < 5 || major == 5 && minor <= 4, nil
+	return major < 5 || major == 5 && minor <= 15, nil
 }

images/sds-local-volume-csi/src/pkg/utils/node_store_manager.go

@@ -59,6 +59,10 @@ func NewStore(logger *logger.Logger) *Store {
 func (s *Store) NodeStageVolumeFS(source, target string, fsType string, mountOpts []string, formatOpts []string, lvmType, lvmThinPoolName string) error {
 	s.Log.Trace(" ----== Start NodeStageVolumeFS ==---- ")
 
+	s.Log.Trace("≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈ Format options ≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈")
+	s.Log.Trace(fmt.Sprintf("[format] params device=%s fs=%s formatOptions=%v", source, fsType, formatOpts))
+	s.Log.Trace("≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈ Format options ≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈")
+
 	s.Log.Trace("≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈ Mount options ≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈")
 	s.Log.Trace(fmt.Sprintf("[mount] params source=%s target=%s fs=%s mountOptions=%v", source, target, fsType, mountOpts))
 	s.Log.Trace("≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈ Mount options ≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈≈")

images/sds-local-volume-csi/werf.inc.yaml

@@ -1,9 +1,6 @@
-{{- $_ := set . "BASE_ALPINE" "registry.deckhouse.io/base_images/alpine:3.16.9-1@sha256:d459393e3090e2f82a97ffb59f1ab5a515af077b6650260e79c9ec4546ab6645" }}
-{{- $_ := set . "BASE_GOLANG"  "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Root.BASE_GOLANG_1_23 }}
 final: false
 
 git:
@@ -27,7 +24,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}
-from: {{ $.BASE_ALPINE }}
+from: {{ $.Root.BASE_ALT_P11 }}
 
 import:
   - image: {{ $.ImageName }}-golang-artifact
@@ -36,8 +33,13 @@ import:
     before: setup
 
 shell:
-  setup:
-    - apk add --no-cache lvm2 e2fsprogs e2fsprogs-extra xfsprogs xfsprogs-extra blkid
+  beforeInstall:
+    - export DEBIAN_FRONTEND=noninteractive
+    - |
+      apt-get update \
+      && apt-get -y install lvm2 e2fsprogs xfsprogs \
+      && apt-get clean \
+      && rm -rf /var/lib/apt/lists/*
 
 docker:
   ENTRYPOINT: ["/sds-local-volume-csi"]

images/sds-local-volume-scheduler-extender/werf.inc.yaml

@@ -1,11 +1,7 @@
 {{- $csiBinaries := "/usr/bin/curl" }}
-{{- $_ := set . "BASE_ALT_DEV"    "registry.deckhouse.io/base_images/dev-alt:p10@sha256:76e6e163fa982f03468166203488b569e6d9fc10855d6a259c662706436cdcad" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-{{- $_ := set . "BASE_ALPINE_DEV" "registry.deckhouse.io/base_images/dev-alpine:3.16.3@sha256:c706fa83cc129079e430480369a3f062b8178cac9ec89266ebab753a574aca8e" }}
-{{- $_ := set . "BASE_GOLANG"  "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Root.BASE_GOLANG_1_23 }}
 final: false
 
 git:
@@ -26,7 +22,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}-binaries-artifact
-from: {{ $.BASE_ALT_DEV }}
+from: {{ $.Root.BASE_ALT_DEV }}
 final: false
 
 shell:
@@ -36,7 +32,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}-distroless-artifact
-from: {{ $.BASE_ALPINE_DEV }}
+from: {{ $.Root.BASE_ALT_DEV }}
 final: false
 
 shell:
@@ -46,15 +42,16 @@ shell:
     - cp -pr /etc/passwd /etc/group /etc/hostname /etc/hosts /etc/shadow /etc/protocols /etc/services /etc/nsswitch.conf /relocate/etc
     - cp -pr /usr/share/ca-certificates /relocate/usr/share
     - cp -pr /usr/share/zoneinfo /relocate/usr/share
-    - cp -pr etc/ssl/cert.pem /relocate/etc/ssl
-    - cp -pr /etc/ssl/certs /relocate/etc/ssl
+    # changed from /etc/ssl/* to ALTLinux specific
+    - cp -pr /etc/pki/tls/cert.pem /relocate/etc/ssl
+    - cp -pr /etc/pki/tls/certs /relocate/etc/ssl
     - echo "deckhouse:x:64535:64535:deckhouse:/:/sbin/nologin" >> /relocate/etc/passwd
     - echo "deckhouse:x:64535:" >> /relocate/etc/group
     - echo "deckhouse:!::0:::::" >> /relocate/etc/shadow
 
 ---
 image: {{ $.ImageName }}-distroless
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Root.BASE_SCRATCH }}
 final: false
 
 import:

images/webhooks/werf.inc.yaml

@@ -1,9 +1,6 @@
-{{- $_ := set . "BASE_GOLANG"  "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Root.BASE_GOLANG_1_23 }}
 final: false
 
 git:
@@ -23,7 +20,7 @@ shell:
     - chmod +x /webhooks
 ---
 image: {{ $.ImageName }}
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Root.BASE_SCRATCH }}
 
 import:
   - image: {{ $.ImageName }}-golang-artifact

werf.yaml

@@ -1,6 +1,7 @@
 project: sds-local-volume
 configVersion: 1
 ---
+{{ tpl (.Files.Get ".werf/consts.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images-digests.yaml") $ }}
 {{ tpl (.Files.Get ".werf/python-deps.yaml") $ }}