kubesolo-os

adelorenzo/kubesolo-os

Fork 0

Commit Graph

Author	SHA1	Message	Date
Adolfo Delorenzo	09dcea84ef	fix: disk image build, piCore64 URL, license Some checks failed CI / Go Tests (push) Has been cancelled Details CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Has been cancelled Details CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Has been cancelled Details CI / Shellcheck (push) Has been cancelled Details Release / Test (push) Has been cancelled Details Release / Build Binaries (amd64, linux, linux-amd64) (push) Has been cancelled Details Release / Build Binaries (arm64, linux, linux-arm64) (push) Has been cancelled Details Release / Build ISO (amd64) (push) Has been cancelled Details Release / Create Release (push) Has been cancelled Details - Add kpartx for reliable loop partition mapping in Docker containers - Fix piCore64 download URL (changed from .img.gz to .zip format) - Fix piCore64 boot partition mount (initramfs on p1, not p2) - Fix tar --wildcards for RPi firmware extraction - Add MIT license (same as KubeSolo) - Add kpartx and unzip to Docker builder image Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 17:05:03 -06:00
Adolfo Delorenzo	efc7f80b65	feat: add security hardening, AppArmor, and ARM64 Raspberry Pi support (Phase 6) Some checks failed CI / Go Tests (push) Has been cancelled Details CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Has been cancelled Details CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Has been cancelled Details CI / Shellcheck (push) Has been cancelled Details Security hardening: bind kubeconfig server to localhost, mount hardening (noexec/nosuid/nodev on tmpfs), sysctl network hardening, kernel module loading lock after boot, SHA256 checksum verification for downloads, kernel AppArmor + Audit support, complain-mode AppArmor profiles for containerd and kubelet, and security integration test. ARM64 Raspberry Pi support: piCore64 base extraction, RPi kernel build from raspberrypi/linux fork, RPi firmware fetch, SD card image with 4- partition GPT and tryboot A/B mechanism, BootEnv Go interface abstracting GRUB vs RPi boot environments, architecture-aware build scripts, QEMU aarch64 dev VM and boot test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 13:08:17 -06:00
Adolfo Delorenzo	e372df578b	feat: initial Phase 1 PoC scaffolding for KubeSolo OS Complete Phase 1 implementation of KubeSolo OS — an immutable, bootable Linux distribution built on Tiny Core Linux for running KubeSolo single-node Kubernetes. Build system: - Makefile with fetch, rootfs, initramfs, iso, disk-image targets - Dockerfile.builder for reproducible builds - Scripts to download Tiny Core, extract rootfs, inject KubeSolo, pack initramfs, and create bootable ISO/disk images Init system (10 POSIX sh stages): - Early mount (proc/sys/dev/cgroup2), cmdline parsing, persistent mount with bind-mounts, kernel module loading, sysctl, DHCP networking, hostname, clock sync, containerd prep, KubeSolo exec Shared libraries: - functions.sh (device wait, IP lookup, config helpers) - network.sh (static IP, config persistence, interface detection) - health.sh (containerd, API server, node readiness checks) - Emergency shell for boot failure debugging Testing: - QEMU boot test with serial log marker detection - K8s readiness test with kubectl verification - Persistence test (reboot + verify state survives) - Workload deployment test (nginx pod) - Local storage test (PVC + local-path provisioner) - Network policy test - Reusable run-vm.sh launcher Developer tools: - dev-vm.sh (interactive QEMU with port forwarding) - rebuild-initramfs.sh (fast iteration) - inject-ssh.sh (dropbear SSH for debugging) - extract-kernel-config.sh + kernel-audit.sh Documentation: - Full design document with architecture research - Boot flow documentation covering all 10 init stages - Cloud-init examples (DHCP, static IP, Portainer Edge, air-gapped) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-11 10:18:42 -06:00

Author

SHA1

Message

Date

Adolfo Delorenzo

09dcea84ef

fix: disk image build, piCore64 URL, license

CI / Go Tests (push) Has been cancelled

Details

CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Has been cancelled

Details

CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Has been cancelled

Details

CI / Shellcheck (push) Has been cancelled

Details

Release / Test (push) Has been cancelled

Details

Release / Build Binaries (amd64, linux, linux-amd64) (push) Has been cancelled

Details

Release / Build Binaries (arm64, linux, linux-arm64) (push) Has been cancelled

Details

Release / Build ISO (amd64) (push) Has been cancelled

Details

Release / Create Release (push) Has been cancelled

Details

- Add kpartx for reliable loop partition mapping in Docker containers
- Fix piCore64 download URL (changed from .img.gz to .zip format)
- Fix piCore64 boot partition mount (initramfs on p1, not p2)
- Fix tar --wildcards for RPi firmware extraction
- Add MIT license (same as KubeSolo)
- Add kpartx and unzip to Docker builder image

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-12 17:05:03 -06:00

Adolfo Delorenzo

efc7f80b65

feat: add security hardening, AppArmor, and ARM64 Raspberry Pi support (Phase 6)

CI / Go Tests (push) Has been cancelled

Details

CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Has been cancelled

Details

CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Has been cancelled

Details

CI / Shellcheck (push) Has been cancelled

Details

Security hardening: bind kubeconfig server to localhost, mount hardening
(noexec/nosuid/nodev on tmpfs), sysctl network hardening, kernel module
loading lock after boot, SHA256 checksum verification for downloads,
kernel AppArmor + Audit support, complain-mode AppArmor profiles for
containerd and kubelet, and security integration test.

ARM64 Raspberry Pi support: piCore64 base extraction, RPi kernel build
from raspberrypi/linux fork, RPi firmware fetch, SD card image with 4-
partition GPT and tryboot A/B mechanism, BootEnv Go interface abstracting
GRUB vs RPi boot environments, architecture-aware build scripts, QEMU
aarch64 dev VM and boot test.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-12 13:08:17 -06:00

Adolfo Delorenzo

e372df578b

feat: initial Phase 1 PoC scaffolding for KubeSolo OS

Complete Phase 1 implementation of KubeSolo OS — an immutable, bootable
Linux distribution built on Tiny Core Linux for running KubeSolo
single-node Kubernetes.

Build system:
- Makefile with fetch, rootfs, initramfs, iso, disk-image targets
- Dockerfile.builder for reproducible builds
- Scripts to download Tiny Core, extract rootfs, inject KubeSolo,
  pack initramfs, and create bootable ISO/disk images

Init system (10 POSIX sh stages):
- Early mount (proc/sys/dev/cgroup2), cmdline parsing, persistent
  mount with bind-mounts, kernel module loading, sysctl, DHCP
  networking, hostname, clock sync, containerd prep, KubeSolo exec

Shared libraries:
- functions.sh (device wait, IP lookup, config helpers)
- network.sh (static IP, config persistence, interface detection)
- health.sh (containerd, API server, node readiness checks)
- Emergency shell for boot failure debugging

Testing:
- QEMU boot test with serial log marker detection
- K8s readiness test with kubectl verification
- Persistence test (reboot + verify state survives)
- Workload deployment test (nginx pod)
- Local storage test (PVC + local-path provisioner)
- Network policy test
- Reusable run-vm.sh launcher

Developer tools:
- dev-vm.sh (interactive QEMU with port forwarding)
- rebuild-initramfs.sh (fast iteration)
- inject-ssh.sh (dropbear SSH for debugging)
- extract-kernel-config.sh + kernel-audit.sh

Documentation:
- Full design document with architecture research
- Boot flow documentation covering all 10 init stages
- Cloud-init examples (DHCP, static IP, Portainer Edge, air-gapped)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-11 10:18:42 -06:00

3 Commits