Add iptables-detect scripts, revert iptables to 1.8.3, move iptables …

…related links and binaries to bin/aux, create second set of tar balls only containing xtables/iptables binaries and links, add Drone CI with Dapper

.drone.yml

@@ -0,0 +1,176 @@
+---
+kind: pipeline
+name: k3s-root-linux-amd64
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  path: /workdir
+
+steps:
+  - name: build-amd64
+    image: rancher/dapper:v0.5.0
+    environment:
+      BUILDARCH: amd64
+    commands:
+    - dapper ci
+    volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  - name: github-amd64-binary-release
+    image: plugins/github-release
+    settings:
+      api_key:
+        from_secret: github_token
+      checksum:
+      - sha256
+      checksum_file: CHECKSUMsum-amd64.txt
+      checksum_flatten: true
+      prerelease: true
+      files:
+      - "/workdir/dist/k3s-*amd64.tar"
+    when:
+      instance:
+      - drone-publish.rancher.io
+      ref:
+      - refs/head/master
+      - refs/tags/*
+      event:
+      - tag
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+---
+kind: pipeline
+name: k3s-root-linux-arm64
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  path: /workdir
+
+steps:
+  - name: build-arm64
+    image: rancher/dapper:v0.5.0
+    environment:
+      BUILDARCH: arm64
+    commands:
+    - dapper ci
+    volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  - name: github-arm64-binary-release
+    image: plugins/github-release
+    settings:
+      api_key:
+        from_secret: github_token
+      checksum:
+      - sha256
+      checksum_file: CHECKSUMsum-arm64.txt
+      checksum_flatten: true
+      prerelease: true
+      files:
+      - "/workdir/dist/k3s-*arm64.tar"
+    when:
+      instance:
+      - drone-publish.rancher.io
+      ref:
+      - refs/head/master
+      - refs/tags/*
+      event:
+      - tag
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+---
+kind: pipeline
+name: k3s-root-linux-arm
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  path: /workdir
+
+steps:
+  - name: build-arm
+    image: rancher/dapper:v0.5.0
+    environment:
+      BUILDARCH: arm
+    commands:
+    - dapper ci
+    volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  - name: github-arm-binary-release
+    image: plugins/github-release
+    settings:
+      api_key:
+        from_secret: github_token
+      checksum:
+      - sha256
+      checksum_file: CHECKSUMsum-arm.txt
+      checksum_flatten: true
+      prerelease: true
+      files:
+      - "/workdir/dist/k3s-*arm.tar"
+    when:
+      instance:
+      - drone-publish.rancher.io
+      ref:
+      - refs/head/master
+      - refs/tags/*
+      event:
+      - tag
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+---
+kind: pipeline
+name: k3s-root-linux-ppc64le
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  path: /workdir
+
+steps:
+  - name: build-ppc64le
+    image: rancher/dapper:v0.5.0
+    environment:
+      BUILDARCH: ppc64le
+    commands:
+    - dapper ci
+    volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  - name: github-ppc64le-binary-release
+    image: plugins/github-release
+    settings:
+      api_key:
+        from_secret: github_token
+      checksum:
+      - sha256
+      checksum_file: CHECKSUMsum-ppc64le.txt
+      checksum_flatten: true
+      prerelease: true
+      files:
+      - "/workdir/dist/k3s-*ppc64le.tar"
+    when:
+      instance:
+      - drone-publish.rancher.io
+      ref:
+      - refs/head/master
+      - refs/tags/*
+      event:
+      - tag
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock

.gitignore

@@ -1,2 +1,4 @@
 /dist
+/artifacts
 /build
+/.dapper

Dockerfile.dapper

@@ -0,0 +1,28 @@
+FROM ubuntu:18.04 AS ubuntu
+RUN yes | unminimize
+
+# setup prereqs
+RUN apt-get update
+RUN apt-get install -y \
+    build-essential \
+    ccache \
+    gcc \
+    git \
+    g++ \
+    rsync \
+    bc \
+    wget \
+    curl \
+    ca-certificates \
+    ncurses-dev \
+    python \
+    unzip
+
+ENV DAPPER_SOURCE /source
+ENV DAPPER_OUTPUT ./artifacts ./dist
+ENV DAPPER_ENV BUILDARCH
+ENV HOME ${DAPPER_SOURCE}
+WORKDIR ${DAPPER_SOURCE}
+
+ENTRYPOINT ["./scripts/entry"]
+CMD ["ci"]

Makefile

@@ -0,0 +1,25 @@
+ARCH ?= amd64
+ALL_ARCH = amd64 arm64 arm ppc64le
+
+export BUILDARCH = $(ARCH)
+
+TARGETS := $(shell ls scripts)
+
+.dapper:
+	@echo Downloading dapper
+	@curl -sL https://releases.rancher.com/dapper/latest/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
+	@@chmod +x .dapper.tmp
+	@./.dapper.tmp -v
+	@mv .dapper.tmp .dapper
+
+$(TARGETS): .dapper
+	./.dapper $@
+
+all-build: $(addprefix sub-build-,$(ALL_ARCH))
+
+sub-build-%:
+	$(MAKE) ARCH=$* ci
+
+.DEFAULT_GOAL := ci 
+
+.PHONY: $(TARGETS)

README.md

@@ -0,0 +1,15 @@
+# k3s-root
+
+`k3s-root` is based on https://github.com/buildroot/buildroot and provides the userspace binaries for `rancher/k3s`
+
+## Building
+
+`k3s-root` is dapper powered, which means you should be able to simply `make` on your machine to compile. By default, `make` will compile for `amd64`. If you want to compile for other architectures, you can run commands like:
+```
+make ARCH=arm64
+```
+
+or alternatively, if you want to compile all architectures at once, you can run:
+```
+make all-build
+```

iptables-detect/README.md

@@ -0,0 +1,13 @@
+# iptables-detect
+
+This is a set of scripts designed to interoperate with the upstream netfilter/iptables 1.8.3 project. The intention of using these scripts is the following:
+
+### Requirements:
+1. `xtables-nft-multi` and `xtables-legacy-multi` binaries exist and are in the same folder as the `.sh` scripts
+2. Initially, symlinks are set up for `iptables-detect.sh` from `iptables` `ip6tables` `iptables-restore` `ip6tables-restore` `iptables-save` `ip6tables-save`
+
+### Expectations:
+When `iptables-detect.sh` is invoked without a symlink in place, it will simply spit out what it detects via what mode. This can be useful for debugging. 
+
+### More Info
+The `iptables-detect.sh` script started out as the base `debian-iptables` script from https://github.com/kubernetes/kubernetes/blob/master/build/debian-iptables/iptables-wrapper but was modified to call a designated script called `xtables-set-mode.sh`. This is due to the fact that the original intention of usage of this script was for `k3s-root`, and we should not be updating system level alternatives. In addition, due to the multi-platform nature of K3s, there was no guarantee that `update-alternatives` would even exist on the underlying host system (let alone `/etc/alternatives`) and as such, we only use system-level alternatives to attempt to detect version.