Align repo structure with team structure

.common-ci.yml

@@ -76,8 +76,8 @@ stages:
     - '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || docker login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}"'
 
     # Since OUT_IMAGE_NAME and OUT_IMAGE_VERSION are set, this will push the CI image to the target
-    - make pull-image
-    - make push-image
+    - make -f deployments/container/Makefile pull-ubi8
+    - make -f deployments/container/Makefile push-ubi8
 
 # Define a staging release step that pushes an image to an internal "staging" repository
 # This is triggered for all pipelines (i.e. not only tags) to test the pipeline steps

.github/dependabot.yml

@@ -9,12 +9,21 @@ updates:
     schedule:
       interval: "weekly"
       day: "sunday"
-    ignore:
-    - dependency-name: k8s.io/*
     labels:
     - dependencies
+    groups:
+      k8sio:
+        patterns:
+        - k8s.io/*
+        exclude-patterns:
+        - k8s.io/klog/*
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
+
+  - package-ecosystem: "docker"
+    directory: "/deployments/container"
+    schedule:
+      interval: "daily"

.github/workflows/images.yaml

@@ -31,6 +31,9 @@ on:
 jobs:
   build-image:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dist: [ubi8]
     steps:
       - uses: actions/checkout@v4
         name: Checkout code
@@ -71,4 +74,4 @@ jobs:
           VERSION: ${COMMIT_SHORT_SHA}
         run: |
           echo "${VERSION}"
-          make build-image
+          make -f deployments/container/Makefile build-${{ matrix.dist }}

.gitlab-ci.yml

@@ -28,5 +28,5 @@ image-build:
     - 'echo "Logging in to CI registry ${CI_REGISTRY}"'
     - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
   script:
-    - make build-image
-    - make push-image
+    - make -f deployments/container/Makefile build-ubi8
+    - make -f deployments/container/Makefile push-ubi8

Makefile

@@ -43,34 +43,6 @@ ifeq ($(BUILD_MULTI_ARCH_IMAGES),true)
 BUILDX = buildx
 endif
 
-ifeq ($(IMAGE_NAME),)
-REGISTRY ?= nvidia
-IMAGE_NAME := $(REGISTRY)/k8s-kata-manager
-endif
-
-IMAGE_VERSION := $(VERSION)
-
-DIST ?= ubi8
-
-# Note: currently there is no need to build images for different distributions,
-# so the distribution is omitted from the tag
-#IMAGE_TAG ?= $(IMAGE_VERSION)-$(DIST)
-IMAGE_TAG ?= $(IMAGE_VERSION)
-IMAGE = $(IMAGE_NAME):$(IMAGE_TAG)
-
-OUT_IMAGE_NAME ?= $(IMAGE_NAME)
-OUT_IMAGE_VERSION ?= $(IMAGE_VERSION)
-#OUT_IMAGE_TAG = $(OUT_IMAGE_VERSION)-$(DIST)
-OUT_IMAGE_TAG = $(OUT_IMAGE_VERSION)
-OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_TAG)
-
-##### Container image make targets #####
-# Note: currently there is no need to build images for different distributions.
-IMAGE_BUILD_TARGETS := build-image
-IMAGE_PUSH_TARGETS := push-image
-IMAGE_PULL_TARGETS := pull-image
-.PHONY: $(IMAGE_BUILD_TARGETS) $(IMAGE_PUSH_TARGETS)
-
 ###### Target definitions #####
 cmds: $(CMD_TARGETS)
 $(CMD_TARGETS): cmd-%:
@@ -131,26 +103,3 @@ $(DOCKER_TARGETS): docker-%:
 		--user $$(id -u):$$(id -g) \
 		$(BUILDIMAGE) \
 			make $(*)
-
-
-##### Image build and push targets #####
-build-image:
-	DOCKER_BUILDKIT=1 \
-		$(DOCKER) $(BUILDX) build --pull \
-			$(DOCKER_BUILD_OPTIONS) \
-			$(DOCKER_BUILD_PLATFORM_OPTIONS) \
-			--tag $(IMAGE) \
-			--build-arg BASE_DIST="$(DIST)" \
-			--build-arg CUDA_VERSION="$(CUDA_VERSION)" \
-			--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
-			--build-arg VERSION="$(VERSION)" \
-			--build-arg CVE_UPDATES="$(CVE_UPDATES)" \
-			--file Dockerfile.ubi8 \
-			$(CURDIR)
-
-push-image:
-	$(DOCKER) tag "$(IMAGE)" "$(OUT_IMAGE)"
-	$(DOCKER) push "$(OUT_IMAGE)"
-
-pull-image:
-	$(DOCKER) pull "$(IMAGE)"

Dockerfile.ubi8 → deployments/container/Dockerfile.ubi8

@@ -12,16 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ARG BASE_DIST=ubi8
-ARG CUDA_VERSION
-ARG GOLANG_VERSION=x.x.x
+ARG GOLANG_VERSION=1.21.5
 ARG VERSION="N/A"
 
-FROM nvcr.io/nvidia/cuda:${CUDA_VERSION}-base-${BASE_DIST} as build
+FROM nvcr.io/nvidia/cuda:12.3.1-base-ubi8 as build
 
 RUN yum install -y wget make git gcc
 
-ARG GOLANG_VERSION=0.0.0
+ARG GOLANG_VERSION=1.21.5
 RUN set -eux; \
     \
     arch="$(uname -m)"; \
@@ -41,7 +39,7 @@ WORKDIR /build
 COPY . .
 RUN GOOS=linux make cmd-k8s-kata-manager
 
-FROM nvcr.io/nvidia/cuda:${CUDA_VERSION}-base-${BASE_DIST}
+FROM nvcr.io/nvidia/cuda:12.3.1-base-ubi8
 
 COPY --from=build /build/bin/k8s-kata-manager /usr/local/bin/k8s-kata-manager
 

deployments/container/Makefile

@@ -0,0 +1,114 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+BUILD_MULTI_ARCH_IMAGES ?= no
+DOCKER ?= docker
+BUILDX  =
+ifeq ($(BUILD_MULTI_ARCH_IMAGES),true)
+BUILDX = buildx
+endif
+MKDIR    ?= mkdir
+
+##### Global variables #####
+include $(CURDIR)/versions.mk
+
+ifeq ($(IMAGE_NAME),)
+IMAGE_NAME := $(REGISTRY)/$(DRIVER_NAME)
+endif
+
+IMAGE_VERSION := $(VERSION)
+
+IMAGE_TAG ?= $(IMAGE_VERSION)-$(DIST)
+IMAGE = $(IMAGE_NAME):$(IMAGE_TAG)
+
+OUT_IMAGE_NAME ?= $(IMAGE_NAME)
+OUT_IMAGE_VERSION ?= $(IMAGE_VERSION)
+OUT_IMAGE_TAG = $(OUT_IMAGE_VERSION)-$(DIST)
+OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_TAG)
+
+##### Public rules #####
+DEFAULT_TARGET := ubi8
+DISTRIBUTIONS = $(DEFAULT_TARGET)
+
+IMAGE_TARGETS := $(patsubst %,image-%,$(DISTRIBUTIONS))
+BUILD_TARGETS := $(patsubst %,build-%,$(DISTRIBUTIONS))
+PUSH_TARGETS := $(patsubst %,push-%,$(DISTRIBUTIONS))
+PULL_TARGETS := $(patsubst %,pull-%,$(DISTRIBUTIONS))
+TEST_TARGETS := $(patsubst %,test-%, $(DISTRIBUTIONS))
+
+.PHONY: $(DISTRIBUTIONS) $(PUSH_TARGETS) $(BUILD_TARGETS) $(TEST_TARGETS) $(BUILD_TARGETS) $(PULL_TARGETS)
+
+ifneq ($(BUILD_MULTI_ARCH_IMAGES),true)
+include $(CURDIR)/deployments/container/native-only.mk
+else
+include $(CURDIR)/deployments/container/multi-arch.mk
+endif
+
+# For the default push target we also push a short tag equal to the version.
+# We skip this for the development release
+DEVEL_RELEASE_IMAGE_VERSION ?= devel
+PUSH_MULTIPLE_TAGS ?= true
+ifeq ($(strip $(OUT_IMAGE_VERSION)),$(DEVEL_RELEASE_IMAGE_VERSION))
+PUSH_MULTIPLE_TAGS = false
+endif
+ifeq ($(PUSH_MULTIPLE_TAGS),true)
+push-$(DEFAULT_TARGET): push-short
+endif
+
+push-%: DIST = $(*)
+push-short: DIST = $(DEFAULT_TARGET)
+
+pull-%: DIST = $(*)
+
+build-%: DIST = $(*)
+build-%: DOCKERFILE = $(CURDIR)/deployments/container/Dockerfile.$(DOCKERFILE_SUFFIX)
+
+# Use a generic build target to build the relevant images
+$(IMAGE_TARGETS): image-%:
+	DOCKER_BUILDKIT=1 \
+		$(DOCKER) $(BUILDX) build --pull \
+		$(DOCKER_BUILD_OPTIONS) \
+		$(DOCKER_BUILD_PLATFORM_OPTIONS) \
+		--tag $(IMAGE) \
+		--build-arg BASE_DIST="$(DIST)" \
+		--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
+		--build-arg VERSION="$(VERSION)" \
+		--build-arg CVE_UPDATES="$(CVE_UPDATES)" \
+		$(if $(LABEL_IMAGE_SOURCE),--label "org.opencontainers.image.source=$(LABEL_IMAGE_SOURCE)",) \
+		-f $(DOCKERFILE) \
+		$(CURDIR)
+
+build-ubi8: DOCKERFILE_SUFFIX := ubi8
+
+# Handle the default build target.
+.PHONY: build
+build: $(DEFAULT_TARGET)
+$(DEFAULT_TARGET): build-$(DEFAULT_TARGET)
+$(DEFAULT_TARGET): DIST = $(DEFAULT_TARGET)
+
+REGCTL ?= regctl
+$(PUSH_TARGETS): push-%:
+	$(REGCTL) \
+	        image copy \
+	        $(IMAGE) $(OUT_IMAGE)
+
+push-short:
+	$(REGCTL) \
+	        image copy \
+	        $(IMAGE) $(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION)
+
+$(PULL_TARGETS): pull-%:
+	$(REGCTL) \
+	        image copy \
+	        $(OUT_IMAGE) $(IMAGE)

deployments/container/multi-arch.mk

@@ -0,0 +1,19 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PUSH_ON_BUILD ?= false
+DOCKER_BUILD_OPTIONS = --output=type=image,push=$(PUSH_ON_BUILD)
+DOCKER_BUILD_PLATFORM_OPTIONS = --platform=linux/amd64,linux/arm64
+
+$(BUILD_TARGETS): build-%: image-%

deployments/container/native-only.mk

@@ -0,0 +1,31 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PUSH_ON_BUILD ?= false
+DOCKER_BUILD_PLATFORM_OPTIONS = --platform=linux/amd64
+
+ifeq ($(PUSH_ON_BUILD),true)
+$(BUILD_TARGETS): build-%: image-%
+	$(DOCKER) push "$(IMAGE)"
+else
+$(BUILD_TARGETS): build-%: image-%
+endif
+
+# For the default distribution we also retag the image.
+# Note: This needs to be updated for multi-arch images.
+ifeq ($(IMAGE_TAG),$(VERSION)-$(DIST))
+$(DEFAULT_PUSH_TARGET):
+	$(DOCKER) image inspect $(IMAGE) > /dev/null || $(DOCKER) pull $(IMAGE)
+	$(DOCKER) tag $(IMAGE) $(subst :$(IMAGE_TAG),:$(VERSION),$(IMAGE))
+endif

versions.mk

@@ -12,6 +12,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+DRIVER_NAME := k8s-kata-manager
+MODULE := github.com/NVIDIA/$(DRIVER_NAME)
+
+REGISTRY ?= nvcr.io/nvidia
+
 VERSION ?= v0.1.2
 
 vVERSION := v$(VERSION:v%=%)