update agent cluster support for s390x

Signed-off-by: cluibm <[email protected]>

Makefile

@@ -432,14 +432,14 @@ anax-k8s-image: anax-k8s-clean
 	cp $(CLI_EXECUTABLE) $(ANAX_K8S_CONTAINER_DIR)
 	cp -f $(LICENSE_FILE) $(ANAX_K8S_CONTAINER_DIR)
 	@echo "Producing ANAX K8S docker image $(ANAX_K8S_IMAGE_STG)"
-	if [[ $(arch) == "amd64" || $(arch) == "ppc64el" || $(arch) == "arm64" ]]; then \
+	if [[ $(arch) == "amd64" || $(arch) == "ppc64el" || $(arch) == "arm64" || $(arch) == "s390x" ]]; then \
 		cd $(ANAX_K8S_CONTAINER_DIR) && docker $(DOCKER_BUILD_CMD) $(DOCKER_MAYBE_CACHE) $(ANAX_K8S_IMAGE_LABELS) -t $(ANAX_K8S_IMAGE_STG) -f Dockerfile.ubi.$(arch) .; \
 	fi
 	docker tag $(ANAX_K8S_IMAGE_STG) $(ANAX_K8S_IMAGE_BASE):$(ANAX_K8S_IMAGE_VERSION)
 
 auto-upgrade-cronjob-k8s-image: auto-upgrade-cronjob-k8s-clean
 	@echo "Producing Agent Auto Upgrade CronJob K8S docker image $(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_STG)"
-	if [[ $(arch) == "amd64" || $(arch) == "ppc64el" || $(arch) == "arm64" ]]; then \
+	if [[ $(arch) == "amd64" || $(arch) == "ppc64el" || $(arch) == "arm64" || $(arch) == "s390x" ]]; then \
 		cd $(ANAX_K8S_CONTAINER_DIR) && docker build $(DOCKER_MAYBE_CACHE) $(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_LABELS) -t $(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_STG) -f Dockerfile.ubi.auto-upgrade-cron.$(arch) .; \
 	fi
 	docker tag $(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_STG) $(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_BASE):$(CRONJOB_AUTO_UPGRADE_K8S_IMAGE_VERSION)

anax-in-k8s/Dockerfile.ubi.auto-upgrade-cron.s390x

@@ -0,0 +1,33 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+
+LABEL vendor="IBM"
+LABEL summary="The agent auto upgrade cron job for edge clusters."
+LABEL description=""
+
+# add EPEL repo with jq pkg and all deps
+COPY EPEL.repo /etc/yum.repos.d
+
+# The build calls adduser (from shadow-utils)
+# The auto-upgrade-cronjob.sh calls jq (from jq)
+# Download kubectl
+# Create required directories
+# Create cronjobuser
+ARG REQUIRED_RPMS="shadow-utils jq"
+RUN  microdnf update  -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager \
+  && microdnf install -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager ${REQUIRED_RPMS} \
+  && microdnf clean all --disableplugin=subscription-manager \
+  && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
+  && curl -4LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/s390x/kubectl \
+  && chmod +x ./kubectl \
+  && mv ./kubectl /usr/local/bin \
+  && mkdir -p /tmp/agentbackup \
+  && adduser cronjobuser -u 1000 -U -f -1 -c "cronjob user,1,2,3"
+
+# Copy cronjob script into container
+COPY cronjobs/auto-upgrade-cronjob.sh /usr/local/bin/
+
+# Give user access to cronjob script
+RUN chown -R cronjobuser:cronjobuser /usr/local/bin/auto-upgrade-cronjob.sh /tmp/agentbackup
+
+USER cronjobuser
+RUN chmod 755 /usr/local/bin/auto-upgrade-cronjob.sh

anax-in-k8s/Dockerfile.ubi.s390x

@@ -0,0 +1,38 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+
+LABEL vendor="IBM"
+LABEL summary="The agent for edge clusters."
+LABEL description="The agent in a container that is used solely for the purpose of running the agent in a kubernetes edge cluster."
+
+# add EPEL repo with jq pkg and all deps
+COPY EPEL.repo /etc/yum.repos.d
+
+# The anax binary (secrets manager code) shells out to groupadd, groupdel (from shadow-utils), pkill (from procps-ng)
+# The anax.service calls jq (from jq) and killall (from psmisc)
+# anax does not use iptables directly but the github.com/coreos/go-iptables/iptables dependency needs the directory structure
+# Create required directories
+ARG REQUIRED_RPMS="openssl ca-certificates shadow-utils jq iptables vim-minimal psmisc procps-ng"
+RUN  microdnf update  -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager \
+  && microdnf install -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager ${REQUIRED_RPMS} \
+  && microdnf clean all --disableplugin=subscription-manager \
+  && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
+  && mkdir -p /licenses /usr/horizon/bin /usr/horizon/web /var/horizon \
+  && mkdir -p /etc/horizon/agbot/policy.d /etc/horizon/policy.d /etc/horizon/trust /etc/docker/certs.d \
+  && adduser agentuser -u 1000 -U -f -1 -c "agent user,1,2,3"
+
+# add license file
+COPY LICENSE.txt /licenses
+
+COPY script/* /home/agentuser/
+COPY config/* /etc/horizon/
+
+ADD anax /usr/horizon/bin/
+ADD hzn /usr/bin/
+
+RUN chown -R agentuser:agentuser /home/agentuser /etc/horizon
+
+USER agentuser
+WORKDIR /home/agentuser
+RUN mkdir -p /home/agentuser/policy.d
+
+ENTRYPOINT ["/home/agentuser/anax.service", "start"]