build the pause image from upstream source and use as the default

[tzneal]

Description of changes:

Builds the pause image from the Kubernetes source into the image.

Testing done:

Ran an instance with no pod-infra-container-image specified, and with one specified:

bash-5.1# journalctl --facility=1
May 06 18:59:42 localhost root[5061]: The setting settings.kubernetes.pod-infra-container-image is deprecated and has no effect. It will be removed in future versions of Bottlerocket.
May 06 19:05:51 i-00e97c60c2abba780.us-west-2.compute.internal root[34230]: The setting settings.kubernetes.pod-infra-container-image is deprecated and has no effect. It will be removed in future versions of Bottlerocket.

bash-5.1# journalctl  -u kubelet | head
May 06 18:59:43 i-00e97c60c2abba780.us-west-2.compute.internal systemd[1]: Starting Kubelet...
May 06 18:59:43 i-00e97c60c2abba780.us-west-2.compute.internal ctr[5426]: unpacking localhost/kubernetes/pause:0.1.0 (sha256:dc510f415dfb132b9359fc451408733862c89b0e10e3ffbdeb6e36be50148a54)...done
May 06 18:59:43 i-00e97c60c2abba780.us-west-2.compute.internal ctr[5478]: io.cri-containerd.pinned=pinned,io.cri-containerd.image=managed
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: Flag --container-runtime-endpoint has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: Flag --containerd has been deprecated, This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: Flag --register-with-taints has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: Flag --pod-infra-container-image has been deprecated, will be removed in a future release. Image garbage collector will get sandbox image information from CRI.
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: I0506 18:59:44.811726    5492 server.go:204] "--pod-infra-container-image will not be pruned by the image garbage collector in kubelet and should also be set in the remote runtime"
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: I0506 18:59:44.821784    5492 server.go:487] "Kubelet version" kubeletVersion="v1.29.1-eks-61c0bbb"
May 06 18:59:44 i-00e97c60c2abba780.us-west-2.compute.internal kubelet[5492]: I0506 18:59:44.821820    5492 server.go:489] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK="

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[tzneal]

Putting up to get some thoughts on the approach before I replicate this to the other K8s versions.

[tzneal]

I left the pause-prefix code in for now as its referenced in migrations:

sources/api/migration/migrations/v1.16.0/schnauzer-v2-generators/src/main.rs
58:                new_val: "schnauzer-v2 render --requires 'aws@v1' --requires 'kubernetes@v1(helpers=[pause-prefix])' --template '{{ pause-prefix settings.aws.region }}/eks/pause:3.1-eksbuild.1'",

sources/api/migration/migrations/archived/v1.1.0/schnauzer-paws/src/main.rs
8:    "{{ pause-prefix settings.aws.region }}/eks/pause-{{ goarch os.arch }}:3.1";

But maybe its good to be removed from there as well?

[bcressey]

All the code and config changes look good to me. The remaining piece is the migrations, which you're welcome to tackle or punt to one of the developers more familiar with this dark corner of Bottlerocket.

[bcressey]

I left the pause-prefix code in for now as its referenced in migrations:

We're overdue for a migrations archival - relocating some of the newer migrations to sources/migration/migrations/archived where they'll no longer be built. After that we can clean up this part of schnauzer. Agreed that it's probably better as a backlog issue than worrying about it here.

[bcressey]

LGTM. Might be good to tweak the commit titles a bit:

settings: use built-in pause container image for k8s
kubernetes-*: switch to built-in pause container image

(The k8s commits can be kept separate or squashed into one, up to you.)

[larvacea]

lgtm. I am happy to get a second (or so) back from pulling this image from ECR.