chore: bring images up to date

.github/workflows/capmvm-kubernetes-arm-manual.yml

@@ -0,0 +1,59 @@
+name: CAPMVM (ARM, experimental) - Build and release
+
+on:
+  workflow_dispatch:
+    inputs:
+      k8s_version:
+        description: "K8s version (major.minor). For example 1.30"
+        required: true
+      k8s_patch_version:
+        description: "K8s patch version"
+        required: true
+        default: "0"
+      containerd_version:
+        description: "Containerd version (major.minor.patch). For example 1.7.27"
+        required: true
+      ubuntu_version:
+        description: "Ubuntu version"
+        required: true
+        default: "22.04"
+        type: choice
+        options:
+          - "22.04"
+          - "24.04"
+          - "20.04"
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+defaults:
+  run:
+    working-directory: experimental/arm/capmvm/kubernetes
+
+jobs:
+  buildandpublish:
+    name: Build and publish CAPMVM (ARM64)
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push ARM image
+        run: |
+          RELEASE_VERSIONS=${{ inputs.k8s_version }}.${{ inputs.k8s_patch_version }} \
+          CONTAINERD_VERSION=${{ inputs.containerd_version }} \
+          UBUNTU_VERSION=${{ inputs.ubuntu_version }} \
+          make build-and-push

.github/workflows/capmvm-kubernetes-manual.yml

@@ -36,6 +36,9 @@ jobs:
   buildandpublish:
     name: Build and publish CAPMVM
     runs-on: ubuntu-latest
+    env:
+      # Push to this repo's GHCR (e.g. ghcr.io/myownusername on a fork). Set vars.REGISTRY_OWNER to override.
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
     steps:
       - name: checkout code
         uses: actions/checkout@v5

.github/workflows/kernel-images-manual.yml

@@ -2,28 +2,71 @@ name: Kernel (manual) - Build and release
 
 on:
   workflow_dispatch:
-    branches: [main]
+    inputs:
+      arch:
+        description: 'Architecture to build'
+        required: true
+        default: 'amd64'
+        type: choice
+        options:
+          - amd64
+          - arm64
 
 defaults:
   run:
     working-directory: kernel
 
 jobs:
-  release-firecracker:
+  release-firecracker-amd64:
+    if: inputs.arch == 'amd64'
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
       fail-fast: false
       matrix:
-        version: [ 4.19.215, 5.10.77 ]
+        version: [4.19.215, 5.10.77, 6.1.102]
     env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+      ARCH: amd64
       FC_KERNEL_VERSIONS: ${{ matrix.version }}
+      PUSH: --push
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Login to container registry
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        run: |
+          make build-fc
+          make push-fc
+  release-firecracker-arm64:
+    if: inputs.arch == 'arm64'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        version: [5.10.77, 6.1.102]
+    env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+      ARCH: arm64
+      FC_KERNEL_VERSIONS: ${{ matrix.version }}
+      PUSH: --push
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to container registry
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -33,20 +76,23 @@ jobs:
           make build-fc
           make push-fc
   release-cloudhypervisor:
+    if: inputs.arch == 'amd64'
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
       fail-fast: false
       matrix:
-        version: [ 5.12 ]
+        version: [5.12, 5.15.12]
     env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+      ARCH: amd64
       CH_KERNEL_VERSIONS: ${{ matrix.version }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Login to container registry
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/kernel-images.yml

@@ -8,59 +8,98 @@ on:
   push:
     paths:
       - 'kernel/**'
-    branches: [main]
+    branches: [main, issue/*]
+  workflow_dispatch:
 
 defaults:
   run:
     working-directory: kernel
 
 jobs:
   build-firecracker:
-    if: github.event_name != 'push'
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     strategy:
       fail-fast: false
       matrix:
-        version: [ 4.19.215, 5.10.77 ]
+        # arm64 has configs only for 5.10.77 and 6.1.102
+        include:
+          - arch: amd64
+            version: 4.19.215
+          - arch: amd64
+            version: 5.10.77
+          - arch: amd64
+            version: 6.1.102
+          - arch: arm64
+            version: 5.10.77
+          - arch: arm64
+            version: 6.1.102
     env:
+      ARCH: ${{ matrix.arch }}
       FC_KERNEL_VERSIONS: ${{ matrix.version }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (arm64)
+        if: matrix.arch == 'arm64'
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx (arm64)
+        if: matrix.arch == 'arm64'
+        uses: docker/setup-buildx-action@v3
       - name: Build kernel
         run: make build-fc
   build-cloudhypervisor:
-    if: github.event_name != 'push'
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     strategy:
       fail-fast: false
       matrix:
-        version: [ 5.12 ]
+        version: [5.12, 5.15.12]
     env:
+      ARCH: amd64
       CH_KERNEL_VERSIONS: ${{ matrix.version }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Build kernel
         run: make build-ch
   release-firecracker:
-    if: github.event_name != 'pull_request'
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
       fail-fast: false
       matrix:
-        version: [ 4.19.215, 5.10.77 ]
+        include:
+          - arch: amd64
+            version: 4.19.215
+          - arch: amd64
+            version: 5.10.77
+          - arch: amd64
+            version: 6.1.102
+          - arch: arm64
+            version: 5.10.77
+          - arch: arm64
+            version: 6.1.102
     env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+      ARCH: ${{ matrix.arch }}
       FC_KERNEL_VERSIONS: ${{ matrix.version }}
+      PUSH: --push
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (arm64)
+        if: matrix.arch == 'arm64'
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx (arm64)
+        if: matrix.arch == 'arm64'
+        uses: docker/setup-buildx-action@v3
       - name: Login to container registry
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -70,21 +109,23 @@ jobs:
           make build-fc
           make push-fc
   release-cloudhypervisor:
-    if: github.event_name != 'pull_request'
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     strategy:
       fail-fast: false
       matrix:
-        version: [ 5.12 ]
+        version: [5.12, 5.15.12]
     env:
+      REGISTRY: ghcr.io/${{ vars.REGISTRY_OWNER || github.repository_owner }}
+      ARCH: amd64
       CH_KERNEL_VERSIONS: ${{ matrix.version }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Login to container registry
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

README.md

@@ -10,6 +10,17 @@ For OS/k8s image builder instructions, see the doc [here][os-docs].
 
 Experimental images can be found [here][exp].
 
+## Publishing and forks
+
+Workflows push images to the **repository’s GitHub Container Registry** by default:
+
+- **Upstream** (`liquidmetal-dev/image-builder`): images go to `ghcr.io/liquidmetal-dev/...`
+- **Forks** (e.g. `my-fork/liquidmetal-image-builder`): images go to `ghcr.io/my-fork/...`
+
+So you can run the same workflows on a fork and publish to your own GHCR without changing the workflow files.
+
+To use a different registry owner (e.g. for the official Liquid Metal org), set the repository variable **`REGISTRY_OWNER`** in the repo’s GitHub settings (e.g. `liquidmetal-dev`). The workflows will then use `ghcr.io/<REGISTRY_OWNER>/...` instead of `ghcr.io/<repository_owner>/...`.
+
 [capmvm]: https://github.com/liquidmetal-dev/cluster-api-provider-microvm
 [flint]: https://github.com/liquidmetal-dev/flintlock
 [k-docs]: https://github.com/liquidmetal-dev/image-builder/tree/main/kernel

capmvm/kubernetes/Makefile

@@ -7,7 +7,7 @@ CONTAINERD_VERSION?=1.7.27
 K8S_MAJOR_MINOR?=1.30
 K8S_FULL_VERSION?=$(K8S_MAJOR_MINOR).14
 UBUNTU_VERSION?=22.04
-IMAGE_NAME?=$(REGISTRY)/capmvm-k8s-ubuntu-$(UBUNTU_VERSION)
+IMAGE_NAME?=$(REGISTRY)/capmvm-k8s-ubuntu-$(UBUNTU_VERSION)-amd64
 IMAGE?=$(IMAGE_NAME):$(K8S_FULL_VERSION)
 
 build: 

capmvm/kubernetes/README.md

@@ -15,7 +15,7 @@ The builder can be found at `capmvm/kubernetes`.
 The resulting images can be added to Microvm specs like so:
 
 ```text
-docker pull ghcr.io/liquidmetal-dev/capmvm-k8s-ubuntu-22.04:1.28.4
+docker pull ghcr.io/liquidmetal-dev/capmvm-k8s-ubuntu-22.04-amd64:1.28.4
 ```
 
 ## Publishing new images

experimental/arm/capmvm/kubernetes/Dockerfile

@@ -2,9 +2,9 @@ ARG OS_VERSION=20.04
 FROM ubuntu:${OS_VERSION}
 
 ARG ARCH="arm64"
-ARG CONTAINERD_VERSION=1.6.0
-# Kubernetes version will be used to keep the kubeadm, kubelet, and kubectl version consistent
-ARG KUBERNETES_VERSION=1.21.8
+ARG CONTAINERD_VERSION=1.7.27
+ARG KUBERNETES_MAJOR_MINOR=1.30
+ARG KUBERNETES_FULL_VERSION=1.30.14
 
 RUN apt-get update && apt-get install -y \
         kmod \
@@ -51,19 +51,18 @@ kernel.panic_on_oops = 1" >> /etc/sysctl.d/99-kubernetes-cri.conf
 # Apply sysctl params without reboot
 RUN sysctl --system
 
-# Install Containerd
+# Install Containerd (same artifact pattern as x86 capmvm)
 RUN wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-${ARCH}.tar.gz
 RUN tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${CONTAINERD_VERSION}-linux-${ARCH}.tar.gz && rm -f cri-containerd-cni-${CONTAINERD_VERSION}-linux-${ARCH}.tar.gz
 
-### Add apt repos
-# Kubeadm, Kubelet, and Kubectl
-RUN curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
-RUN echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
+### Add apt repos (pkgs.k8s.io, same as x86 capmvm)
+RUN curl -fsSL https://pkgs.k8s.io/core:/stable:/v${KUBERNETES_MAJOR_MINOR}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+RUN echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${KUBERNETES_MAJOR_MINOR}/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
 
 RUN apt-get update && apt-get install -y \
-        kubeadm=${KUBERNETES_VERSION}-00 \
-        kubelet=${KUBERNETES_VERSION}-00 \
-        kubectl=${KUBERNETES_VERSION}-00 && \
+        kubeadm=${KUBERNETES_FULL_VERSION}-1.1 \
+        kubelet=${KUBERNETES_FULL_VERSION}-1.1 \
+        kubectl=${KUBERNETES_FULL_VERSION}-1.1 && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     apt-mark hold kubelet kubeadm kubectl
@@ -72,6 +71,7 @@ RUN mkdir -p /etc/containerd && containerd config default > /etc/containerd/conf
 RUN rm /etc/cni/net.d/10-containerd-net.conflist
 RUN systemctl enable containerd
 
+RUN mkdir -p /etc/systemd/system/kubelet.service.d
 RUN echo '[Service] \n\
 Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"' \
     >> /etc/systemd/system/kubelet.service.d/0-containerd.conf