chore: Switch to hostprocess base image and add support for Windows Server 2025 on Kubernetes (click PR number for more information) (#1731)

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

.github/workflows/release.yml

@@ -6,6 +6,7 @@ on:
     branches:
       - master
   pull_request:
+  workflow_dispatch:
   release:
     types:
       - published
@@ -16,10 +17,7 @@ permissions:
   packages: write
 
 env:
-  VERSION_PROMU: '0.14.0'
-  VERSION_CONTAINERD: '1.7.21'
-  VERSION_BUILDKIT: '0.15.2'
-  VERSION_BUILDX: '0.16.2'
+  VERSION_PROMU: '0.17.0'
 
 jobs:
   build:
@@ -33,27 +31,6 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      # https://github.com/pl4nty/Windows-Containers/blob/Main/helpful_tools/Install-BuildKit-GitHubActions/workflow.yaml
-      - name: Setup containerd
-        run: |
-          curl.exe -L https://github.com/containerd/containerd/releases/download/v${{ env.VERSION_CONTAINERD }}/containerd-${{ env.VERSION_CONTAINERD }}-windows-amd64.tar.gz -o containerd.tar.gz
-          tar.exe xvf containerd.tar.gz
-          .\bin\containerd.exe --register-service
-          Start-Service containerd
-      - name: Setup BuildKit
-        run: |
-          curl.exe -L https://github.com/moby/buildkit/releases/download/v${{ env.VERSION_BUILDKIT }}/buildkit-v${{ env.VERSION_BUILDKIT }}.windows-amd64.tar.gz -o buildkit.tar.gz
-          tar.exe xvf buildkit.tar.gz
-
-          .\bin\buildkitd.exe --register-service
-          Start-Service buildkitd
-      - name: Setup Docker Buildx
-        run: |
-          curl.exe -L https://github.com/docker/buildx/releases/download/v${{ env.VERSION_BUILDX }}/buildx-v${{ env.VERSION_BUILDX }}.windows-amd64.exe -o $env:ProgramData\Docker\cli-plugins\docker-buildx.exe
-      - uses: docker/setup-buildx-action@v3
-        with:
-          driver: remote
-          endpoint: npipe:////./pipe/buildkitd
       - name: Install WiX
         run: dotnet tool install --global wix
 
@@ -114,16 +91,27 @@ jobs:
             output\windows_exporter-*.exe
             output\windows_exporter-*.msi
 
-      - name: Build Docker Artifacts
-        run: make build-all
+      - name: Release
+        if: startsWith(github.ref, 'refs/tags/')
         env:
-          VERSION: >-
-            ${{
-              startsWith(github.ref, 'refs/tags/') && 'latest' ||
-              (
-                github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || github.ref_name
-              )
-            }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          $TagName = $env:GITHUB_REF -replace 'refs/tags/', ''
+          Get-ChildItem -Path output\* -Include @('windows_exporter*.msi', 'windows_exporter*.exe', 'sha256sums.txt') | Foreach-Object {gh release upload $TagName $_}
+  docker:
+    name: Build docker images
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: windows_exporter_binaries
 
       - name: Login to Docker Hub
         if: ${{ github.event_name != 'pull_request' }}
@@ -132,13 +120,13 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_LOGIN }}
           password: ${{ secrets.DOCKER_HUB_PASSWORD }}
 
-      #- name: Login to quay.io
-      #  if: ${{ github.event_name != 'pull_request' }}
-      #  uses: docker/login-action@v3
-      #  with:
-      #    registry: quay.io
-      #    username: 'robot'
-      #    password: ${{ secrets.QUAY_IO_API_TOKEN }}
+      - name: Login to quay.io
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASS }}
 
       - name: Login to GitHub container registry
         if: ${{ github.event_name != 'pull_request' }}
@@ -148,19 +136,32 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push Latest image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VERSION: ${{ startsWith(github.ref, 'refs/tags/') && 'latest' || github.ref_name }}
-        run: |
-          make push-all
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/prometheus-community/windows-exporter
+            quay.io/prometheuscommunity/windows-exporter
+            docker.io/prometheuscommunity/windows-exporter
+          tags: |
+            type=semver,pattern={{version}}
+            type=ref,event=branch
+            type=ref,event=pr
+          labels: |
+            org.opencontainers.image.title=windows_exporter
+            org.opencontainers.image.description=A Prometheus exporter for Windows machines.
+            org.opencontainers.image.vendor=The Prometheus Community
+            org.opencontainers.image.licenses=MIT
 
-      - name: Release
-        if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          $TagName = $env:GITHUB_REF -replace 'refs/tags/', ''
-          Get-ChildItem -Path output\* -Include @('windows_exporter*.msi', 'windows_exporter*.exe', 'sha256sums.txt') | Foreach-Object {gh release upload $TagName $_}
-          make push-all
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: windows/amd64

Dockerfile

@@ -1,9 +1,13 @@
-# Note this image doesn't really matter for hostprocess but it is good to build per OS version
-# the files in the image are copied to $env:CONTAINER_SANDBOX_MOUNT_POINT on the host
-# but the file system is the Host NOT the container
-ARG BASE="mcr.microsoft.com/windows/nanoserver:ltsc2022"
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+# Using this image as a base for HostProcess containers has a few advantages over using other base images for Windows containers including:
+# - Smaller image size
+# - OS compatibility (works on any Windows version that supports containers)
+
+# This image MUST be built with docker buildx build (buildx) command on a Linux system.
+# Ref: https://github.com/microsoft/windows-host-process-containers-base-image
+
+ARG BASE="mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0"
 FROM $BASE
 
-ENV PATH="C:\Windows\system32;C:\Windows;"
-COPY output/amd64/windows_exporter.exe /windows_exporter.exe
+COPY windows_exporter*-amd64.exe /windows_exporter.exe
 ENTRYPOINT ["windows_exporter.exe"]

Dockerfile.cross

@@ -1,22 +0,0 @@
-# Build this Docker Image on any platform with
-# docker buildx build -t a --platform=windows/amd64 .
-
-ARG BASE=mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
-
-FROM --platform=$BUILDPLATFORM golang:1.21 as builder
-ARG TARGETARCH
-ARG TARGETOS
-
-# Get dependencies
-WORKDIR /w
-COPY go.mod go.sum ./
-RUN go mod download
-RUN go install github.com/prometheus/promu@latest
-
-# Build windows_exporter
-COPY . ./
-RUN GOOS=$TARGETOS GOARCH=$TARGETARCH make windows_exporter.exe
-
-FROM $BASE
-COPY --from=builder /w/windows_exporter.exe /windows_exporter.exe
-ENTRYPOINT ["windows_exporter.exe"]

Makefile

@@ -64,31 +64,19 @@ build-hostprocess:
 sub-build-%:
 	$(MAKE) OS=$* build-image
 
-build-all: $(addprefix sub-build-,$(ALL_OS)) build-hostprocess
-
-push:
-	set -x; \
-	for docker_repo in ${DOCKER_REPO}; do \
-		for osversion in ${ALL_OS}; do \
-			$(DOCKER) tag local/$(DOCKER_IMAGE_NAME):$(VERSION)-$${osversion} $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION)-$${osversion}; \
-			$(DOCKER) push $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION)-$${osversion}; \
-			$(DOCKER) manifest create --amend $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION) $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION)-$${osversion}; \
-			full_version=`$(DOCKER) manifest inspect $(BASE_IMAGE):$${osversion} | grep "os.version" | head -n 1 | awk -F\" '{print $$4}'` || true; \
-			$(DOCKER) manifest annotate --os windows --arch amd64 --os-version $${full_version} $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION) $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION)-$${osversion}; \
-		done; \
-		$(DOCKER) manifest push --purge $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION); \
+build-all: crossbuild
+	@for docker_repo in ${DOCKER_REPO}; do \
+		echo $(DOCKER) buildx build -f Dockerfile -t $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION) .; \
 	done
 
-# We can't load the image into the local docker store, so we have to build and push it in one go
-push-hostprocess:
-	set -x; \
-	for docker_repo in ${DOCKER_REPO}; do \
-		$(DOCKER) buildx build --push --build-arg=BASE=mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 -f Dockerfile -t $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION)-hostprocess .; \
+push:
+	@for docker_repo in ${DOCKER_REPO}; do \
+		echo $(DOCKER) buildx build --push -f Dockerfile -t $${docker_repo}/$(DOCKER_IMAGE_NAME):$(VERSION) .; \
 	done
 
 .PHONY: push-all
 push-all: build-all
-	$(MAKE) DOCKER_REPO="$(ALL_DOCKER_REPOS)" push # push-hostprocess - disabled until it works on Windows
+	$(MAKE) DOCKER_REPO="$(ALL_DOCKER_REPOS)" push
 
 # Mandatory target for container description sync action
 .PHONY: docker-repo-name