iso: support building the arm64 ISO on an arm64 host

[abedegno]

Fix for arm64-host buildroot builds of the minikube arm64 ISO.

Problem

On an arm64 Linux host (e.g. Colima on Apple Silicon), make minikube-iso-aarch64 completes with exit 0 but silently produces a ~319 MB ISO instead of the expected ~403 MB. The ISO boots fine, but minikube start fails during provisioning:

diff: can't stat '/lib/systemd/system/docker.service': No such file or directory
Created symlink '/etc/systemd/system/multi-user.target.wants/docker.service' -> '/usr/lib/systemd/system/docker.service'.
Job for docker.service failed because the control process exited with error code.

Same failure mode on vfkit, qemu2, and virtualbox (so it isn't driver-specific).

Root cause

buildroot's BR2_PACKAGE_HOST_GO_BOOTSTRAP_STAGE1_ARCH_SUPPORTS only default-y's for x86, x86_64 and arm hosts. When the buildroot host is aarch64 the symbol stays unset, which leaves BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS unset, which silently drops every Go-target package: cri-dockerd-aarch64, cni-plugins-latest-aarch64, podman, crio-bin, plus transitive deps. docker-bin-aarch64 has no host-go dependency and still installs, which is why the docker binary ends up in the ISO but none of the CRI service glue does.

The gate is the right shape for host-go-src (source bootstrap of Go has real host arch restrictions), but minikube resolves host-go via host-go-bin which has a prebuilt Go binary for aarch64 and works fine. The stage1 gate is overly strict for the host-go-bin case.

Fix

Adds a buildroot patch at deploy/iso/minikube-iso/patches/buildroot/0001-host-go-aarch64-stage1.patch:

--- a/package/go/go-bootstrap-stage1/Config.in.host
+++ b/package/go/go-bootstrap-stage1/Config.in.host
@@ -4,3 +4,4 @@ config BR2_PACKAGE_HOST_GO_BOOTSTRAP_STAGE1_ARCH_SUPPORTS
 	default y if BR2_HOSTARCH = "x86"
 	default y if BR2_HOSTARCH = "x86_64"
 	default y if BR2_HOSTARCH = "arm"
+	default y if BR2_HOSTARCH = "aarch64"

Extends the buildroot: target in the top-level Makefile to apply any *.patch files dropped into that directory right after the initial git clone. Any future per-host fixes can be added there without further Makefile work.

The proper long-term fix belongs upstream in buildroot; this is a pragmatic near-term workaround so local arm64-host builds produce the same artifact as CI.

Test

On darwin/arm64 (M-series Mac, Colima --vm-type vz --arch aarch64):

• Before this PR: ISO 319 MB, provisioning fails on all drivers at docker.service restart.
• After this PR: ISO 403 MB (size-matches the published minikube-v1.38.0-arm64.iso), cri-docker.service, crio.service, podman.service, cri-dockerd/crio/podman binaries all present.
• minikube start --driver=vfkit|qemu2|virtualbox all produce a Ready control-plane node on the newly-built ISO.
• make minikube-iso-x86_64 unaffected (patch only activates on aarch64 hosts).

Upstream CI (x86_64 builders) is unaffected.

Related

• Fixes iso: building arm64 ISO on an aarch64 host drops Go-target packages #22866 (the bug this PR works around).
• Found while validating PR virtualbox: support darwin/arm64 with VirtualBox 7.1+ #22861 (darwin/arm64 VirtualBox support); the two PRs are independent.

[k8s-ci-robot]

Hi @abedegno. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[minikube-bot]

Can one of the admins verify this patch?

[nirs]

/ok-to-build-iso

[nirs]

/cc @afbjorklund

[nirs]

/cc @medyagh

[nirs]

Changes looks good to me, but the best way to validate the change is to post a patch to buildroot. The fix is like much simpler if we don't have to keep a patch file.

[nirs]

@abedegno maybe open an issue for building on macOS? the existing issue is about building on Fedora - but the issue fixed here is not related to Fedora.

[minikube-bot]

Hi @abedegno, we have updated your PR with the reference to newly built ISO. Pull the changes locally if you want to test with them or update your PR further.

[nirs]

/ok-to-test

[minikube-pr-bot]

kvm2 driver with docker runtime

┌────────────────┬──────────┬────────────────────────┐
│    COMMAND     │ MINIKUBE │ MINIKUBE  ( PR 22862 ) │
├────────────────┼──────────┼────────────────────────┤
│ minikube start │ 36.1s    │ 36.1s                  │
│ enable ingress │ 15.5s    │ 15.6s                  │
└────────────────┴──────────┴────────────────────────┘

Details

Times for minikube (PR 22862) start: 37.3s 35.5s 36.5s 35.7s 35.3s
Times for minikube start: 34.9s 34.4s 35.3s 38.8s 37.0s

Times for minikube (PR 22862) ingress: 16.2s 15.2s 15.7s 15.7s 15.2s
Times for minikube ingress: 15.2s 15.7s 15.2s 15.2s 16.2s

docker driver with docker runtime

┌────────────────┬──────────┬────────────────────────┐
│    COMMAND     │ MINIKUBE │ MINIKUBE  ( PR 22862 ) │
├────────────────┼──────────┼────────────────────────┤
│ minikube start │ 21.3s    │ 19.3s                  │
│ enable ingress │ 16.6s    │ 16.6s                  │
└────────────────┴──────────┴────────────────────────┘

Details

Times for minikube (PR 22862) start: 20.6s 18.1s 21.6s 18.4s 17.9s
Times for minikube start: 20.7s 21.2s 21.5s 21.5s 21.5s

Times for minikube ingress: 10.6s 10.6s 40.6s 10.6s 10.6s
Times for minikube (PR 22862) ingress: 10.6s 10.6s 10.6s 10.6s 40.6s

docker driver with containerd runtime

┌────────────────┬──────────┬────────────────────────┐
│    COMMAND     │ MINIKUBE │ MINIKUBE  ( PR 22862 ) │
├────────────────┼──────────┼────────────────────────┤
│ minikube start │ 17.4s    │ 18.1s                  │
│ enable ingress │ 23.1s    │ 23.3s                  │
└────────────────┴──────────┴────────────────────────┘

Details

Times for minikube start: 16.7s 16.2s 16.0s 18.8s 19.3s
Times for minikube (PR 22862) start: 16.8s 20.3s 19.3s 18.6s 15.6s

Times for minikube ingress: 23.1s 23.1s 23.1s 23.1s 23.1s
Times for minikube (PR 22862) ingress: 23.1s 23.1s 24.1s 23.1s 23.1s

[abedegno]

Quick triage of the failed lanes - they all look environmental to me, and I don't think anything this PR changes can affect them. Flagging so we can kick a retest rather than chase them.

[abedegno]

/retest

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: abedegno, afbjorklund
Once this PR has been reviewed and has the lgtm label, please assign medyagh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[afbjorklund]

It will be hard to get patches from upstream, if never updating the operating system...

• iso: Update buildroot to bugfix release 2025.02.x #20993

(this bug is on master too, though. buildroot doesn't really try to build on non-x86)

[abedegno]

Two failed lanes from the previous retest - appear to be environmental again.

Retesting both lanes individually:

/test pull-minikube-kvm-docker-linux-x86
/test pull-minikube-docker-crio-linux-x86

[abedegno]

@abedegno maybe open an issue for building on macOS? the existing issue is about building on Fedora - but the issue fixed here is not related to Fedora.

@nirs Done #22866

[nirs]

It will be hard to get patches from upstream, if never updating the operating system...

• iso: Update buildroot to bugfix release 2025.02.x #20993

Sure, this is another gap we need to close.

(this bug is on master too, though. buildroot doesn't really try to build on non-x86)

We also build on x86_64 in CI, but we want to build on aarch64 in GitHub actions for faster build.

[k8s-ci-robot]

@abedegno: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-minikube-docker-crio-linux-x86	ee198bd	link	false	/test pull-minikube-docker-crio-linux-x86

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[abedegno]

All required checks green:

• pull-minikube-kvm-docker-linux-x86 passed on retest. The previous TestMultiNode/serial/FreshStart2Nodes failure was a flake as suspected (pods mid-startup when the test snapshotted, then gone by post-mortem).
• pull-minikube-docker-crio-linux-x86 (not required) is still hitting the known runc: open /run/runc: no such file or directory pattern tracked at crio on in KIC uses different runtime-root than ISO ("open /run/runc: no such file or directory") #22326. Not PR-related.