Add s390x arch support for k3s (#5018)

* Update docs to include s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x drone pipeline

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Install trivy linux arch only for amd64

This is done so that trivy is not installed for s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x arch if condition for Dockerfile.test

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x arch in install script

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x GOARCH in build script

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add SUFFIX s390x in scripts

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Skip image scan for s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update klipper-lb to version v0.3.5

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update traefik version to v2.6.2

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update registry to v2.8.1 in tests which supports s390x

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Skip compact tests for s390x arch

This is done because compact test require a previous k3s version which supports s390x and it is not available

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

.drone.yml

@@ -279,6 +279,102 @@ volumes:
   host:
     path: /var/run/docker.sock
 
+---
+kind: pipeline
+name: s390x
+
+platform:
+  os: linux
+  arch: amd64
+
+# Hack needed for s390x: https://gist.github.com/colstrom/c2f359f72658aaabb44150ac20b16d7c#gistcomment-3858388
+node:
+  arch: s390x
+
+clone:
+  disable: true
+
+steps:
+- name: clone
+  image: alpine/git:v2.30.2-s390x
+  commands:
+  - git clone $DRONE_GIT_HTTP_URL  .
+  - git fetch origin $DRONE_COMMIT_REF
+  - git checkout $DRONE_COMMIT -b origin/$DRONE_TARGET_BRANCH
+
+- name: build
+  image: rancher/dapper:v0.5.8
+  secrets: [ gcloud_auth ]
+  environment:
+    GCLOUD_AUTH:
+      from_secret: gcloud_auth
+  commands:
+  - dapper ci
+  - echo "${DRONE_TAG}-s390x" | sed -e 's/+/-/g' >.tags
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+
+- name: github_binary_release
+  image: rancher/drone-images:github-release-s390x
+  settings:
+    api_key:
+      from_secret: github_token
+    prerelease: true
+    checksum:
+    - sha256
+    checksum_file: CHECKSUMsum-s390x.txt
+    checksum_flatten: true
+    files:
+    - "dist/artifacts/*"
+  when:
+    instance:
+    - drone-publish.k3s.io
+    ref:
+    - refs/head/master
+    - refs/tags/*
+    event:
+    - tag
+
+- name: docker-publish
+  image: rancher/drone-images:docker-s390x
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  settings:
+    dockerfile: package/Dockerfile
+    password:
+      from_secret: docker_password
+    repo: "rancher/k3s"
+    username:
+      from_secret: docker_username
+  when:
+    instance:
+    - drone-publish.k3s.io
+    ref:
+    - refs/head/master
+    - refs/tags/*
+    event:
+    - tag
+
+- name: test
+  image: rancher/dapper:v0.5.8
+  secrets: [ gcloud_auth ]
+  environment:
+    ENABLE_REGISTRY: 'true'
+    GCLOUD_AUTH:
+      from_secret: gcloud_auth
+  commands:
+  - dapper -f Dockerfile.test.dapper
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+
 ---
 kind: pipeline
 name: validate_go_mods
@@ -338,6 +434,7 @@ trigger:
 depends_on:
 - amd64
 - arm64
+- s390x
 - arm
 
 ---

Dockerfile.dapper

@@ -25,7 +25,7 @@ RUN if [ "$(go env GOARCH)" = "arm64" ]; then
     wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-ARM.tar.gz   && \
     tar -zxvf trivy_0.25.3_Linux-ARM.tar.gz                                                              && \
     mv trivy /usr/local/bin;                                                                                \
-    else                                                                                                    \
+    elif [ "$(go env GOARCH)" = "amd64" ]; then                                                             \
     wget https://github.com/aquasecurity/trivy/releases/download/v0.25.3/trivy_0.25.3_Linux-64bit.tar.gz && \
     tar -zxvf trivy_0.25.3_Linux-64bit.tar.gz                                                            && \
     mv trivy /usr/local/bin;                                                                                \

Dockerfile.test.dapper

@@ -8,7 +8,7 @@ ENV SONOBUOY_VERSION 0.56.4
 RUN OS=linux; \
     ARCH=$(go env GOARCH); \
     RELEASE=$(curl -fs https://storage.googleapis.com/kubernetes-release/release/stable.txt); \
-    if [ "${ARCH}" == "amd64" ] || [ "${ARCH}" == "arm64" ]; then \
+    if [ "${ARCH}" == "amd64" ] || [ "${ARCH}" == "arm64" ] || [ "${ARCH}" == "s390x" ]; then \
       curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY_VERSION}/sonobuoy_${SONOBUOY_VERSION}_${OS}_${ARCH}.tar.gz" | \
       tar -xzf - -C /usr/local/bin; \
     fi; \

README.md

@@ -131,7 +131,7 @@ curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -
 Manual Download
 ---------------
 
-1. Download `k3s` from latest [release](https://github.com/k3s-io/k3s/releases/latest), x86_64, armhf, and arm64 are supported.
+1. Download `k3s` from latest [release](https://github.com/k3s-io/k3s/releases/latest), x86_64, armhf, arm64 and s390x are supported.
 1. Run the server.
 
 ```bash

install.sh

@@ -304,6 +304,10 @@ setup_verify_arch() {
             ARCH=arm64
             SUFFIX=-${ARCH}
             ;;
+        s390x)
+            ARCH=s390x
+            SUFFIX=-${ARCH}
+            ;;
         aarch64)
             ARCH=arm64
             SUFFIX=-${ARCH}

manifests/traefik.yaml

@@ -5,7 +5,7 @@ metadata:
   name: traefik-crd
   namespace: kube-system
 spec:
-  chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.14.100.tgz
+  chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.19.300.tgz
 ---
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
@@ -13,7 +13,7 @@ metadata:
   name: traefik
   namespace: kube-system
 spec:
-  chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.14.100.tgz
+  chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.19.300.tgz
   set:
     global.systemDefaultRegistry: "%{SYSTEM_DEFAULT_REGISTRY_RAW}%"
   valuesContent: |-
@@ -33,7 +33,7 @@ spec:
     priorityClassName: "system-cluster-critical"
     image:
       name: "rancher/mirrored-library-traefik"
-      tag: "2.6.1"
+      tag: "2.6.2"
     tolerations:
     - key: "CriticalAddonsOnly"
       operator: "Exists"

package/rpm/install.sh

@@ -294,6 +294,10 @@ setup_verify_arch() {
             ARCH=arm64
             SUFFIX=-${ARCH}
             ;;
+        s390x)
+            ARCH=s390x
+            SUFFIX=-${ARCH}
+            ;;
         aarch64)
             ARCH=arm64
             SUFFIX=-${ARCH}

pkg/deploy/zz_generated_bindata.go

@@ -311,7 +311,7 @@ func rolebindingsYaml() (*asset, error) {
 	return a, nil
 }
 
-var _traefikYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x92\x41\x6f\xd3\x40\x10\x85\xef\xfe\x15\x23\x4b\x39\xae\x9d\x54\x08\x55\xbe\x85\xd4\x40\x05\x14\x94\xa4\xa0\x9e\xa2\xf5\x7a\x12\xaf\xb2\xde\xb5\x66\xc6\x81\x50\xfa\xdf\xd1\xc6\x4d\x9b\x4a\x95\x8a\x10\x1c\x3d\x9e\xf9\xe6\xcd\x7b\xab\x94\x4a\x74\x67\xbf\x22\xb1\x0d\xbe\x80\x06\x5d\x9b\x19\x2d\xe2\x30\xb3\x21\xdf\x4d\x92\xad\xf5\x75\x01\xef\xd1\xb5\xb3\x46\x93\x24\x2d\x8a\xae\xb5\xe8\x22\x01\xf0\xba\xc5\x02\x84\x34\xae\xed\x56\x19\xaa\xef\x6b\xdc\x69\x83\x05\x6c\xfb\x0a\x15\xef\x59\xb0\x4d\xb8\x43\x13\x47\x4c\x84\x14\xd0\x88\x74\x5c\xe4\xf9\xe8\xf6\xc3\xf5\x9b\x72\x7e\x55\x2e\xcb\xc5\x6a\xfa\xe5\xf2\x6e\x94\xb3\x68\xb1\x26\x3f\x34\x72\x7e\x02\x57\x93\x71\x36\x79\x95\x4d\xc6\xe3\x4c\x36\x3f\x93\x7f\x28\xfd\xff\xc9\x7e\x2a\x19\x80\x51\x22\x0e\x60\xe3\x42\xa5\x5d\x36\xac\xb9\xc0\xb5\xee\x9d\xcc\x71\x63\x59\x68\x5f\x40\x3a\xba\x5d\xdc\x2c\x96\xe5\xa7\xd5\x45\xf9\x76\x7a\xfd\x71\xb9\x9a\x97\xef\x2e\x17\xcb\xf9\xcd\x6a\x3e\xfd\x76\x37\x4a\x13\x80\x9d\x76\x3d\xf2\x2c\x78\x41\x2f\x05\xfc\x52\x07\x2e\x55\xda\x0c\x1b\x00\xd0\xeb\xca\x61\x1d\xcf\xec\xf1\x50\xeb\x02\x09\x1f\x7f\x7f\xc7\x8a\xd1\xf4\x84\xc7\x02\x80\x38\x7e\xfc\x78\x1e\x50\x4f\xbd\x0f\xf1\xd6\xe0\x1f\x7a\x3b\x0a\x2d\x4a\x83\x3d\x47\xe7\xe3\x92\x02\xd2\xf3\xf1\xf9\x59\xfa\x6c\x03\x1b\xd2\x1d\x16\x90\x46\xec\xd0\xd2\x51\xd8\xd9\x1a\xe9\x01\x19\x43\x20\x8f\x82\x7c\xe9\x37\x84\x7c\xa2\xab\xeb\x2b\x67\xb9\xc1\x7a\x81\xb4\xb3\x06\x5f\x50\x4c\x36\x90\x95\xfd\xcc\x69\xe6\xab\x43\xea\xe9\xe0\xba\x32\xae\x67\x41\x52\x86\xac\x58\xa3\xdd\x20\xc5\xb6\x7a\xf3\xc0\x1c\x9e\x49\x4a\xda\x9b\x06\x29\x6f\x2d\x51\x20\xac\x95\xb3\x15\x69\xda\xab\xfb\x9c\x8f\x77\x8a\xde\x14\x90\x9e\x65\xaf\xb3\xc9\x50\x92\xe0\x90\x4e\xcd\x52\xb0\xc5\x18\xf0\xec\x7e\xe7\xb4\xae\x83\xe7\xcf\xde\xed\x8f\x8c\xd0\xc5\x89\x40\x05\xa4\xe5\x0f\xcb\xc2\xe9\x93\x41\x1f\x6a\x54\x14\x1c\x66\x8f\x16\x45\x53\x4d\xf0\x42\xc1\xa9\xce\x69\x8f\x2f\xb0\x00\x70\xbd\x46\x13\x53\xba\x0a\x0b\xd3\x60\xdd\x3b\xfc\xb3\x35\xad\x8e\x96\xfd\x1d\xff\x77\x00\x00\x00\xff\xff\x23\x6f\x75\x5d\x6d\x04\x00\x00")
+var _traefikYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x92\x4f\x6f\xdb\x38\x10\xc5\xef\xfa\x14\x03\x01\x3e\x52\x72\xb2\xc0\x22\xcb\x9b\xd7\xd1\x6e\x83\xb6\x69\x61\x3b\x2d\x72\x32\x28\x6a\x6c\x11\xa6\x48\x61\x66\xe4\xd6\x4d\xf3\xdd\x0b\xfa\x4f\xfe\x00\x01\x52\x14\xed\x51\xa3\x99\xdf\xbc\x79\x8f\x4a\xa9\xcc\xf4\xee\x13\x12\xbb\x18\x34\xb4\xe8\xbb\xc2\x1a\x11\x8f\x85\x8b\xe5\xf6\x2c\xdb\xb8\xd0\x68\x78\x83\xbe\x9b\xb6\x86\x24\xeb\x50\x4c\x63\xc4\xe8\x0c\x20\x98\x0e\x35\x08\x19\x5c\xb9\x8d\xb2\xd4\x1c\x6b\xdc\x1b\x8b\x1a\x36\x43\x8d\x8a\x77\x2c\xd8\x65\xdc\xa3\x4d\x23\x36\x41\x34\xb4\x22\x3d\xeb\xb2\x1c\xdd\xbd\xbd\xf9\xb7\x9a\x5d\x57\x8b\x6a\xbe\x9c\x7c\xbc\xba\x1f\x95\x2c\x46\x9c\x2d\xf7\x8d\x5c\x3e\x81\xab\xb3\x71\x71\xf6\x4f\xf1\xd7\x78\x5c\xc8\xfa\x5b\xf6\x1b\xa5\xff\x39\xd9\xcf\x25\x03\x30\x4a\xc2\x01\xac\x7d\xac\x8d\x2f\x0e\x6b\x2e\x71\x65\x06\x2f\x33\x5c\x3b\x16\xda\x69\xc8\x47\x77\xf3\xdb\xf9\xa2\x7a\xbf\xbc\xac\xfe\x9b\xdc\xbc\x5b\x2c\x67\xd5\xff\x57\xf3\xc5\xec\x76\x39\x9b\x7c\xbe\x1f\xe5\x19\xc0\xd6\xf8\x01\x79\x1a\x83\x60\x10\x0d\xdf\xd5\x9e\x4b\xb5\xb1\x87\x0d\x00\x18\x4c\xed\xb1\x49\x67\x0e\xb8\xaf\xf5\x91\x84\x4f\xbf\xbf\x60\xcd\x68\x07\xc2\x53\x01\x40\x3c\x3f\x7e\xbc\x0c\x68\x26\x21\xc4\x74\x6b\x0c\x0f\xbd\x3d\xc5\x0e\xa5\xc5\x81\x93\xf3\x69\x89\x86\xfc\x62\x7c\x71\x9e\xbf\xd8\xc0\x96\x4c\x8f\x1a\xf2\x84\x3d\xb4\xf4\x14\xb7\xae\x41\x7a\x40\xa6\x10\x28\xa0\x20\x5f\x85\x35\x21\x3f\xd1\xd5\x0f\xb5\x77\xdc\x62\x33\x47\xda\x3a\x8b\xaf\x28\x26\x17\xc9\xc9\x6e\xea\x0d\xf3\xf5\x3e\xf5\xfc\xe0\xba\xb2\x7e\x60\x41\x52\x96\x9c\x38\x6b\xfc\x41\x8a\xeb\xcc\xfa\x81\x79\x78\x26\x39\x99\x60\x5b\xa4\xb2\x73\x44\x91\xb0\x51\xde\xd5\x64\x68\xa7\x8e\x39\x9f\xee\x14\xb3\xd6\x90\x9f\x17\x7f\x17\xc7\xd3\x25\x7a\xa4\xa7\x66\x29\xd8\x60\x0a\x78\x7a\xdc\x39\x69\x9a\x18\xf8\x43\xf0\xbb\x13\x23\xf6\x69\x22\x92\x86\xbc\xfa\xea\x58\x38\x7f\x36\x18\x62\x83\x8a\xa2\xc7\xe2\xd1\xa2\x64\xaa\x8d\x41\x28\x7a\xd5\x7b\x13\xf0\x15\x16\x00\xae\x56\x68\x53\x4a\xd7\x71\x6e\x5b\x6c\x06\x8f\x3f\xb7\xa6\x33\xc9\xb2\x5f\xe3\xff\x08\x00\x00\xff\xff\x17\x93\x6a\x87\x6d\x04\x00\x00")
 
 func traefikYamlBytes() ([]byte, error) {
 	return bindataRead(

pkg/servicelb/controller.go

@@ -37,7 +37,7 @@ var (
 	daemonsetNodeLabel     = "svccontroller." + version.Program + ".cattle.io/enablelb"
 	daemonsetNodePoolLabel = "svccontroller." + version.Program + ".cattle.io/lbpool"
 	nodeSelectorLabel      = "svccontroller." + version.Program + ".cattle.io/nodeselector"
-	DefaultLBImage         = "rancher/klipper-lb:v0.3.4"
+	DefaultLBImage         = "rancher/klipper-lb:v0.3.5"
 )
 
 const (

scripts/airgap/image-list.txt

@@ -1,8 +1,8 @@
 docker.io/rancher/klipper-helm:v0.7.1-build20220407
-docker.io/rancher/klipper-lb:v0.3.4
+docker.io/rancher/klipper-lb:v0.3.5
 docker.io/rancher/local-path-provisioner:v0.0.21
 docker.io/rancher/mirrored-coredns-coredns:1.9.1
 docker.io/rancher/mirrored-library-busybox:1.34.1
-docker.io/rancher/mirrored-library-traefik:2.6.1
+docker.io/rancher/mirrored-library-traefik:2.6.2
 docker.io/rancher/mirrored-metrics-server:v0.5.2
 docker.io/rancher/mirrored-pause:3.6

scripts/binary_size_check.sh

@@ -17,6 +17,8 @@ if [ ${ARCH} = amd64 ]; then
     BIN_SUFFIX=""
 elif [ ${ARCH} = arm ]; then
     BIN_SUFFIX="-armhf"
+elif [ ${ARCH} = s390x ]; then
+    BIN_SUFFIX="-s390x"
 fi
 
 CMD_NAME="dist/artifacts/k3s${BIN_SUFFIX}"

scripts/build

@@ -68,6 +68,10 @@ if [ ${ARCH} = armv7l ] || [ ${ARCH} = arm ]; then
     export GOARM="7"
 fi
 
+if [ ${ARCH} = s390x ]; then
+    export GOARCH="s390x"
+fi
+
 rm -f \
     bin/k3s-agent \
     bin/k3s-server \

scripts/image_scan.sh

@@ -2,14 +2,23 @@
 
 set -e 
 
+if [ -z $1 && -z $2 ]; then
+    echo "error: image name and arch name are required as arguments. exiting..."
+    exit 1
+fi
+
+ARCH=$2
+
+# skipping image scan for s390x since trivy doesn't support s390x arch yet
+if [ "${ARCH}" == "s390x" ]; then
+    exit 0
+fi
+
 if [ -n ${DEBUG} ]; then
     set -x
 fi
 
-if [ -z $1 ]; then
-    echo "error: image name required as argument. exiting..."
-    exit 1
-fi
+
 
 IMAGE=$1
 SEVERITIES="HIGH,CRITICAL"

scripts/manifest

@@ -14,7 +14,7 @@ DOCKER_TAG=$(echo "${DRONE_TAG}" | sed -e 's/+/-/g')
 
 # export variables for drone-manifest
 export PLUGIN_TEMPLATE="${REPO}:${DOCKER_TAG}-ARCH"
-export PLUGIN_PLATFORMS="linux/amd64,linux/arm64,linux/arm"
+export PLUGIN_PLATFORMS="linux/amd64,linux/arm64,linux/arm,linux/s390x"
 
 # push current version manifest tag to docker hub
 PLUGIN_TARGET="${REPO}:${DOCKER_TAG}" drone-manifest

scripts/package-cli

@@ -46,6 +46,8 @@ if [ ${ARCH} = amd64 ]; then
     BIN_SUFFIX=""
 elif [ ${ARCH} = arm ]; then
     BIN_SUFFIX="-armhf"
+elif [ ${ARCH} = s390x ]; then
+    BIN_SUFFIX="-s390x"
 fi
 
 CMD_NAME=dist/artifacts/k3s${BIN_SUFFIX}

scripts/package-image

@@ -15,5 +15,5 @@ PROXY_OPTS=
 [ -z "$https_proxy" ] || PROXY_OPTS="$PROXY_OPTS --build-arg https_proxy=$https_proxy"
 [ -z "$no_proxy" ] || PROXY_OPTS="$PROXY_OPTS --build-arg no_proxy=$no_proxy"
 docker build ${PROXY_OPTS} --build-arg VERSION=${VERSION} -t ${IMAGE} -f package/Dockerfile .
-./scripts/image_scan.sh ${IMAGE}
+./scripts/image_scan.sh ${IMAGE} ${ARCH}
 echo Built ${IMAGE}

scripts/package-rpm

@@ -27,6 +27,8 @@ if [ ${ARCH} = aarch64 ] || [ ${ARCH} = arm64 ]; then
     BIN_SUFFIX="-arm64"
 elif [ ${ARCH} = armv7l ] || [ ${ARCH} = arm ]; then
     BIN_SUFFIX="-armhf"
+elif [ ${ARCH} = s390x ]; then
+    BIN_SUFFIX="-s390x"
 fi
 
 # capture version of k3s

scripts/test

@@ -18,8 +18,11 @@ docker ps
 . ./scripts/test-run-basics
 echo "Did test-run-basics $?"
 
-. ./scripts/test-run-compat
-echo "Did test-run-compat $?"
+# Skipping compact tests for s390x since there is no previous s390x release
+if [ ${ARCH} != s390x ]; then
+  . ./scripts/test-run-compat
+  echo "Did test-run-compat $?"
+fi
 
 . ./scripts/test-run-etcd
 echo "Did test-run-etcd $?"

scripts/test-helpers

@@ -509,7 +509,7 @@ export -f provision-cluster
 
 provision-registry-proxy() {
     set -e -o pipefail
-    local image="docker.io/library/registry:2.7.1"
+    local image="docker.io/library/registry:2.8.1"
     local prefix="docker-registry-"
     local registries="docker.io:registry-1.docker.io k8s.gcr.io gcr.io quay.io ghcr.io"
     local registries_yaml="$TEST_DIR/registries.yaml"