Build GCP guest agent from github actions in constellation repo

.github/workflows/build-gcp-guest-agent.yml

@@ -0,0 +1,67 @@
+name: Build and Upload GCP guest-agent container
+env:
+  REGISTRY: ghcr.io
+on: [workflow_dispatch]
+
+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-gcp-guest-agent:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        version: ["20220713.00"]
+        include:
+          - version: "20220713.00"
+            latest: true
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          repository: "GoogleCloudPlatform/guest-agent"
+          ref: refs/tags/${{ matrix.version }}
+          path: "guest-agent"
+
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          path: "constellation"
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
+        with:
+          images: |
+            ${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent
+          flavor: |
+            latest=${{ matrix.latest || false }}
+          tags: |
+            type=raw,value=${{ matrix.version }}
+      - name: Set up Docker Buildx
+        id: docker-setup
+        uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6
+      - name: Log in to the Container registry
+        id: docker-login
+        uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Prepare hardcoded configuration file
+        run: |
+          cp "${GITHUB_WORKSPACE}/constellation/3rdparty/gcp-guest-agent/instance_configs.cfg" "${GITHUB_WORKSPACE}/guest-agent/"
+
+      - name: Build and push container image
+        id: build
+        uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94
+        with:
+          context: ./guest-agent
+          file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

3rdparty/gcp-guest-agent/Dockerfile

@@ -0,0 +1,31 @@
+FROM ubuntu:22.04 as build
+
+# Install packages
+RUN apt-get update && apt-get install -y \
+    wget \
+    git
+
+# Install Go
+ARG GO_VER=1.18
+RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
+    rm go${GO_VER}.linux-amd64.tar.gz
+ENV PATH ${PATH}:/usr/local/go/bin
+
+# Download go dependencies
+WORKDIR /src/
+COPY go.mod ./
+COPY go.sum ./
+RUN go mod download all
+
+# Build
+ARG VERSION=latest
+COPY . /src
+WORKDIR /src/google_guest_agent
+RUN CGO_ENABLED=0 go build -ldflags="-s -w -X main.version=${VERSION}" -mod=readonly
+WORKDIR /
+
+FROM scratch as run
+COPY --from=build /src/google_guest_agent/google_guest_agent /
+COPY instance_configs.cfg /etc/default/
+ENTRYPOINT [ "/google_guest_agent" ]

3rdparty/gcp-guest-agent/instance_configs.cfg

@@ -0,0 +1,41 @@
+[Accounts]
+deprovision_remove = /bin/false
+gpasswd_add_cmd = /bin/false
+gpasswd_remove_cmd = /bin/false
+groupadd_cmd = /bin/false
+groups = nobody
+useradd_cmd = /bin/false
+userdel_cmd = /bin/false
+
+[Daemons]
+accounts_daemon = false
+clock_skew_daemon = false
+network_daemon = true
+
+[InstanceSetup]
+host_key_types = ecdsa,ed25519,rsa
+network_enabled = true
+optimize_local_ssd = false
+set_boto_config = false
+set_host_keys = false
+set_multiqueue = false
+
+[IpForwarding]
+ethernet_proto_id = 66
+ip_aliases = false
+target_instance_ips = true
+
+[MetadataScripts]
+default_shell = /bin/false
+run_dir =
+shutdown = false
+startup = false
+
+[NetworkInterfaces]
+dhclient_script = /bin/false
+dhcp_command = /bin/false
+ip_forwarding = true
+setup = false
+
+[diagnostics]
+enable = false

bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go

@@ -13,7 +13,6 @@ type gcpGuestAgentDaemonset struct {
 }
 
 // NewGCPGuestAgentDaemonset creates a new GCP Guest Agent Daemonset.
-// The GCP guest agent is built in a separate repository: https://github.com/edgelesssys/gcp-guest-agent
 // It is used automatically to add loadbalancer IPs to the local routing table of GCP instances.
 func NewGCPGuestAgentDaemonset() *gcpGuestAgentDaemonset {
 	return &gcpGuestAgentDaemonset{
@@ -65,7 +64,7 @@ func NewGCPGuestAgentDaemonset() *gcpGuestAgentDaemonset {
 						Containers: []k8s.Container{
 							{
 								Name:  "gcp-guest-agent",
-								Image: versions.GcpGuestImage, // built from https://github.com/edgelesssys/gcp-guest-agent
+								Image: versions.GcpGuestImage,
 								SecurityContext: &k8s.SecurityContext{
 									Privileged: func(b bool) *bool { return &b }(true),
 									Capabilities: &k8s.Capabilities{

internal/versions/versions.go

@@ -34,7 +34,7 @@ const (
 	AccessManagerImage                  = "ghcr.io/edgelesssys/constellation/access-manager:v1.4.0"
 	KmsImage                            = "ghcr.io/edgelesssys/constellation/kmsserver:v1.4.0"
 	VerificationImage                   = "ghcr.io/edgelesssys/constellation/verification-service:v1.4.0"
-	GcpGuestImage                       = "ghcr.io/edgelesssys/gcp-guest-agent:latest"
+	GcpGuestImage                       = "ghcr.io/edgelesssys/gcp-guest-agent:20220713.00"
 	NodeOperatorCatalogImage            = "ghcr.io/edgelesssys/constellation/node-operator-catalog"
 	NodeOperatorVersion                 = "v1.4.1-0.20220809082533-41bdd362a18a"
 	NodeMaintenanceOperatorCatalogImage = "quay.io/medik8s/node-maintenance-operator-catalog"