elastisys · vomba · Jan 16, 2026 · Oct 21, 2025 · Dec 1, 2025 · Dec 9, 2025
diff --git a/.github/workflows/build-azure-capi-image.yml b/.github/workflows/build-azure-capi-image.yml
@@ -0,0 +1,91 @@
+name: Build Azure CAPI VM image
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Kuberentes version
+        required: true
+        type: string
+      tag:
+        description: ck8s-capi tag
+        required: true
+        type: string
+      builder_image:
+        description: image builder image
+        required: true
+        type: string
+        default: "ghcr.io/elastisys/image-builder-amd64:main"
+
+  workflow_call:
+    inputs:
+      version:
+        description: Kubernetes version
+        required: true
+        type: string
+      tag:
+        description: ck8s-capi tag
+        required: true
+        type: string
+      builder_image:
+        description: image builder image
+        required: true
+        type: string
+        default: "ghcr.io/elastisys/image-builder-amd64:main"
+
+env:
+  version: ${{ inputs.version }}
+  tag: ${{ inputs.tag }}
+  docker_image: ${{ inputs.builder_image }}
+
+defaults:
+  run:
+    working-directory: ./images/capi
+    shell: bash
+
+jobs:
+  build-image:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: replace variables
+        run: |
+          package="${version}-1.1"
+          series="${version%.*}"
+
+          sed -r \
+            -e "s/\\\$KUBERNETES_SERIES/${series}/" \
+            -e "s/\\\$KUBERNETES_VERSION/${version}/" \
+            -e "s/\\\$KUBERNETES_DEB_VERSION/${package}/" \
+            -e "s/\\\$IMAGE_TAG/${tag}/" \
+            <"template.json" >"kubernetes.json"
+
+      - name: build azure image
+        run: |
+          image_name="ubuntu-2404-kube-${version%%-*}-ck8s-capi-${tag}"
+
+          export SIG_IMAGE_DEFINITION="${image_name}"
+          export SIG_PUBLISHER="elastisys"
+          export SIG_OFFER="ck8s-capi"
+          export SIG_SKU="${image_name}"
+
+          docker run -i --rm \
+          -e PACKER_VAR_FILES -e PACKER_GITHUB_API_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+          -e SIG_IMAGE_DEFINITION -e SIG_PUBLISHER -e SIG_OFFER -e SIG_SKU \
+          -e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_TENANT_ID -e AZURE_LOCATION \
+          -e RESOURCE_GROUP_NAME -e GALLERY_NAME -e BUILD_RESOURCE_GROUP_NAME \
+          -v ${{ github.workspace }}/images/capi:/tmp/host \
+          ${{ env.docker_image }} build-azure-sig-ubuntu-2404-gen2
+
+        env:
+          PACKER_VAR_FILES: /tmp/host/kubernetes.json
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID}}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
+          RESOURCE_GROUP_NAME: ${{ secrets.RESOURCE_GROUP_NAME }}
+          GALLERY_NAME: ${{ secrets.GALLERY_NAME }}
+          BUILD_RESOURCE_GROUP_NAME: ${{ secrets.RESOURCE_GROUP_NAME }}
diff --git a/.github/workflows/build-capi-vm-images.yml b/.github/workflows/build-capi-vm-images.yml
@@ -0,0 +1,38 @@
+name: Build CAPI VM image with manual input
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: k8s version
+        required: true
+        type: string
+        default: "1.33.1"
+      tag:
+        description: ck8s capi version
+        required: true
+        type: string
+        default: "0.8"
+      builder_image:
+        description: image builder image
+        required: true
+        type: string
+        default: "ghcr.io/elastisys/image-builder-amd64:main"
+
+env:
+  PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  build-azure-image:
+    uses: ./.github/workflows/build-azure-capi-image.yml
+    with:
+      version: ${{ inputs.version }}
+      tag: ${{ inputs.tag }}
+      docker_image: ${{ inputs.docker_image }}
+    secrets: inherit
+  build-openstack-image:
+    uses: ./.github/workflows/build-openstack-capi-image.yml
+    with:
+      version: ${{ inputs.version }}
+      tag: ${{ inputs.tag }}
+      docker_image: ${{ inputs.docker_image }}
diff --git a/.github/workflows/build-image-builder.yml b/.github/workflows/build-image-builder.yml
@@ -0,0 +1,33 @@
+name: Build CAPI image builder
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  IMAGE_NAME: image-builder
+  REGISTRY: ghcr.io/elastisys
+
+jobs:
+  build-image-builder:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: "Login to GitHub Container Registry"
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: run make docker-build
+        run: make docker-build
+        env:
+          TAG: ${{ steps.get-tag.outputs.TAG }}
+
+      - name: run make docker-push
+        run: make docker-push
+        env:
+          TAG: ${{ steps.get-tag.outputs.TAG }}
diff --git a/.github/workflows/build-openstack-capi-image.yml b/.github/workflows/build-openstack-capi-image.yml
@@ -0,0 +1,93 @@
+name: Build OpenStack VM CAPI image
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Kubernetes version
+        required: true
+        type: string
+      tag:
+        description: ck8s-capi tag
+        required: true
+        type: string
+      builder_image:
+        description: image builder image
+        required: true
+        type: string
+        default: "ghcr.io/elastisys/image-builder-amd64:main"
+
+  workflow_call:
+    inputs:
+      version:
+        description: Kubernetes version
+        required: true
+        type: string
+      tag:
+        description: ck8s-capi tag
+        required: true
+        type: string
+      builder_image:
+        description: image builder image
+        required: true
+        type: string
+        default: "ghcr.io/elastisys/image-builder-amd64:main"
+
+
+env:
+  version: ${{ inputs.version }}
+  tag: ${{ inputs.tag }}
+  docker_image: ${{ inputs.builder_image }}
+
+defaults:
+  run:
+    working-directory: ./images/capi
+    shell: bash
+
+jobs:
+  build-image:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: run patchs
+        run: |
+          git apply patches/dockerfile.patch
+
+      - name: Enable KVM
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm
+
+      - name: replace variables
+        run: |
+          package="${version}-1.1"
+          series="${version%.*}"
+
+          sed -r \
+            -e "s/\\\$KUBERNETES_SERIES/${series}/" \
+            -e "s/\\\$KUBERNETES_VERSION/${version}/" \
+            -e "s/\\\$KUBERNETES_DEB_VERSION/${package}/" \
+            -e "s/\\\$IMAGE_TAG/${tag}/" \
+            <"template.json" >"kubernetes.json"
+
+      - name: add user
+        run: |
+          mkdir -p ${{ github.workspace }}/output
+          sudo useradd -ms /bin/bash imagebuilder
+          sudo chmod -R 777 ${{ github.workspace }}/output
+
+      - name: build openstack image
+        run: |
+          docker run --device=/dev/kvm -i --rm \
+           -e PACKER_VAR_FILES=/tmp/host/kubernetes.json -e PACKER_LOG -e PACKER_GITHUB_API_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+           -v ${{ github.workspace }}/images/capi:/tmp/host -v ${{ github.workspace }}/output:/home/imagebuilder/output:rw \
+           ${{ env.docker_image }} build-qemu-ubuntu-2404-efi
+
+      - name: store openstack image
+        uses: actions/upload-artifact@v4
+        with:
+          name: ubuntu-2404-efi-kube-${{ env.version }}-ck8s-capi-${{ env.tag }}
+          path: ${{ github.workspace }}/output/ubuntu-2404-efi-kube-${{ env.version }}-ck8s-capi-${{ env.tag }}
diff --git a/images/capi/.dockerignore b/images/capi/.dockerignore
@@ -9,3 +9,4 @@
 !packer
 !Makefile
 !azure_targets.sh
+!template.json
diff --git a/images/capi/patches/dockerfile.patch b/images/capi/patches/dockerfile.patch
@@ -0,0 +1,21 @@
+diff --git a/images/capi/.dockerignore b/images/capi/.dockerignore
+index e474674ca..565293fe8 100644
+--- a/images/capi/.dockerignore
++++ b/images/capi/.dockerignore
+@@ -9,3 +9,4 @@
+ !packer
+ !Makefile
+ !azure_targets.sh
++!template.json
+diff --git a/images/capi/Dockerfile b/images/capi/Dockerfile
+index e9ace3ed6..c0bb40356 100644
+--- a/images/capi/Dockerfile
++++ b/images/capi/Dockerfile
+@@ -55,6 +55,7 @@ COPY --chown=imagebuilder:imagebuilder hack hack/
+ COPY --chown=imagebuilder:imagebuilder packer packer/
+ COPY --chown=imagebuilder:imagebuilder Makefile Makefile
+ COPY --chown=imagebuilder:imagebuilder azure_targets.sh azure_targets.sh
++COPY --chown=imagebuilder:imagebuilder template.json template.json
+
+ ENV PATH="/home/imagebuilder/.local/bin:${PATH}"
+ ENV PACKER_ARGS=''
diff --git a/images/capi/template.json b/images/capi/template.json
@@ -0,0 +1,38 @@
+{
+  "crictl_arch": "amd64",
+  "crictl_sha256": "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-{{user `crictl_arch`}}.tar.gz.sha256",
+  "crictl_source_type": "pkg",
+  "crictl_url": "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-{{user `crictl_arch`}}.tar.gz",
+  "crictl_version": "$KUBERNETES_SERIES.0",
+  "kubeadm_template": "etc/kubeadm.yml",
+  "kubernetes_apiserver_port": "6443",
+  "kubernetes_container_registry": "registry.k8s.io",
+  "kubernetes_deb_gpg_key": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/deb/Release.key",
+  "kubernetes_deb_repo": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/deb/",
+  "kubernetes_deb_version": "$KUBERNETES_DEB_VERSION",
+  "kubernetes_goarch": "amd64",
+  "kubernetes_http_source": "https://dl.k8s.io/release",
+  "kubernetes_load_additional_imgs": "false",
+  "kubernetes_rpm_gpg_check": "True",
+  "kubernetes_rpm_gpg_key": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/rpm/repodata/repomd.xml.key",
+  "kubernetes_rpm_repo": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/rpm/",
+  "kubernetes_rpm_repo_arch": "x86_64",
+  "kubernetes_rpm_version": "$KUBERNETES_VERSION",
+  "kubernetes_semver": "v$KUBERNETES_VERSION",
+  "kubernetes_series": "v$KUBERNETES_SERIES",
+  "kubernetes_source_type": "pkg",
+  "node_custom_roles_post": "sshca",
+  "systemd_prefix": "/usr/lib/systemd",
+  "sysusr_prefix": "/usr",
+  "sysusrlocal_prefix": "/usr/local",
+  "vm_name": "{{user `build_name`}}-kube-$KUBERNETES_VERSION-ck8s-capi-$IMAGE_TAG",
+  "artifact_name": "{{user `build_name`}}-kube-$KUBERNETES_VERSION-ck8s-capi-$IMAGE_TAG",
+  "output_directory": "./output/{{user `build_name`}}-kube-$KUBERNETES_VERSION-ck8s-capi-$IMAGE_TAG",
+  "image_name": "{{user `distribution`}}-{{user `distribution_version`}}-kube-$KUBERNETES_VERSION-ck8s-capi-$IMAGE_TAG",
+  "aws_region": "eu-north-1",
+  "ami_regions": "eu-north-1",
+  "ami_groups": "",
+  "snapshot_groups": "",
+  "containerd_version": "1.7.27",
+  "containerd_url": "https://github.com/containerd/containerd/releases/download/v1.7.27/containerd-1.7.27-linux-amd64.tar.gz"
+}