Build environment agnostic changes

Author: chethanv28

Makefile

@@ -13,8 +13,26 @@ export BIN_OUT ?= $(BUILD_OUT)/bin
 # DIST_OUT is the directory containting the distribution packages
 export DIST_OUT ?= $(BUILD_OUT)/dist
 
-# Compile Go with boringcrypto. This is required to import crypto/tls/fipsonly package.
-export GOEXPERIMENT=boringcrypto
+# Detect architecture and conditionally enable FIPS
+ARCH ?= $(shell uname -m)
+ifeq ($(ARCH),x86_64)
+    GOARCH := amd64
+    # Enable FIPS for amd64/x86_64 architecture only
+    export GOEXPERIMENT=boringcrypto
+else ifeq ($(ARCH),aarch64)
+    GOARCH := arm64
+    # FIPS not supported on ARM64, disable boringcrypto
+    export GOEXPERIMENT=
+else ifeq ($(ARCH),arm64)
+    GOARCH := arm64
+    # FIPS not supported on ARM64, disable boringcrypto
+    export GOEXPERIMENT=
+else
+    # Default to amd64 for unknown architectures
+    GOARCH := amd64
+    export GOEXPERIMENT=boringcrypto
+endif
+
 
 
 ################################################################################

hack/release.sh

@@ -51,7 +51,24 @@ BUILD_RELEASE_TYPE="${BUILD_RELEASE_TYPE:-}"
 # Example: CUSTOM_REPO_FOR_GOLANG=<docker-registry>/dockerhub-proxy-cache/library/
 GOLANG_IMAGE=${CUSTOM_REPO_FOR_GOLANG:-}golang:1.25.5
 
-ARCH=amd64
+# Detect architecture automatically, default to amd64 if not detected
+ARCH=${ARCH:-$(uname -m)}
+case "$ARCH" in
+  x86_64)
+    ARCH=amd64
+    ;;
+  aarch64|arm64)
+    ARCH=arm64
+    ;;
+  armv7l)
+    ARCH=arm
+    ;;
+  *)
+    echo "Warning: Unknown architecture $ARCH, defaulting to amd64"
+    ARCH=amd64
+    ;;
+esac
+
 OSVERSION=1809
 # OS Version for the Windows images: 1809, 20H2, ltsc2022
 OSVERSION_WIN=(1809 20H2 ltsc2022)
@@ -136,7 +153,7 @@ function build_driver_images_linux() {
    --output "${LINUX_IMAGE_OUTPUT}" \
    --file images/driver/Dockerfile \
    --tag "${tag}" \
-   --build-arg ARCH=amd64 \
+   --build-arg ARCH=${ARCH} \
    --build-arg "VERSION=${VERSION}" \
    --build-arg "GOPROXY=${GOPROXY}" \
    --build-arg "GIT_COMMIT=${GIT_COMMIT}" \
@@ -148,6 +165,7 @@ function build_driver_images_linux() {
 function build_syncer_image_linux() {
   echo "building ${SYNCER_IMAGE_NAME}:${VERSION} for linux"
   docker buildx build --platform "linux/$ARCH"\
+      --output "${LINUX_IMAGE_OUTPUT}" \
       -f images/syncer/Dockerfile \
       -t "${SYNCER_IMAGE_NAME}":"${VERSION}" \
       --build-arg "VERSION=${VERSION}" \

images/driver/Dockerfile

@@ -34,15 +34,23 @@ ARG VERSION=unknown
 # This build arg controls the GOPROXY setting
 ARG GOPROXY
 
+# Architecture detection for conditional FIPS support
+ARG TARGETARCH
+
 WORKDIR /build
 COPY go.mod go.sum ./
 COPY pkg/    pkg/
 COPY cmd/    cmd/
 ENV CGO_ENABLED=0
-ENV GOFIPS=1
-ENV GOEXPERIMENT="boringcrypto"
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
-RUN go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o vsphere-csi ./cmd/vsphere-csi
+
+# Conditionally set FIPS environment variables based on architecture
+# FIPS/boringcrypto is only supported on amd64 architecture
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o vsphere-csi ./cmd/vsphere-csi
 
 ################################################################################
 ##                               MAIN STAGE                                   ##

images/syncer/Dockerfile

@@ -29,6 +29,9 @@ ARG VERSION=unknown
 
 ARG GOPROXY
 
+# Architecture detection for conditional FIPS support
+ARG TARGETARCH
+
 WORKDIR /build
 
 COPY go.mod go.sum ./
@@ -41,11 +44,13 @@ ENV CGO_ENABLED=0
 
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
 
-ENV GOFIPS=1
-
-ENV GOEXPERIMENT="boringcrypto"
-
-RUN go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer.Version=${VERSION}" -o vsphere-syncer ./cmd/syncer
+# Conditionally set FIPS environment variables based on architecture
+# FIPS/boringcrypto is only supported on amd64 architecture
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer.Version=${VERSION}" -o vsphere-syncer ./cmd/syncer
 
 ################################################################################
 ##                               MAIN STAGE                                   ##

images/windows/driver/Dockerfile

@@ -19,13 +19,14 @@
 ARG GOLANG_IMAGE=golang:1.25.5
 ARG OSVERSION
 ARG ARCH=amd64
+ARG TARGETARCH
 
 ################################################################################
 ##                              BUILD STAGE                                   ##
 ################################################################################
 # Build the manager as a statically compiled binary so it has no dependencies
 # libc, muscl, etc.
-FROM --platform=linux/amd64 ${GOLANG_IMAGE} as builder
+FROM --platform=linux/${TARGETARCH:-amd64} ${GOLANG_IMAGE} as builder
 
 # This build arg is the version to embed in the CSI binary
 ARG VERSION=unknown
@@ -38,22 +39,26 @@ COPY go.mod go.sum ./
 COPY pkg/    pkg/
 COPY cmd/    cmd/
 ENV CGO_ENABLED=0
-ENV GOFIPS=1
-ENV GOEXPERIMENT="boringcrypto"
 ENV GOPROXY ${GOPROXY:-https://proxy.golang.org}
-RUN GOOS=windows GOARCH=amd64 go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o ./bin/vsphere-csi.windows_amd64 cmd/vsphere-csi/main.go
+
+# Conditionally set FIPS environment variables and build for target architecture
+RUN if [ "${TARGETARCH:-amd64}" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    GOOS=windows GOARCH=${TARGETARCH:-amd64} go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o ./bin/vsphere-csi.windows_${TARGETARCH:-amd64} cmd/vsphere-csi/main.go
 
 
 ################################################################################
 ##                              MAIN STAGE                                   ##
 ################################################################################
-FROM --platform=linux/amd64 gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-${ARCH}-${OSVERSION} as core
+FROM --platform=linux/${TARGETARCH:-amd64} gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-${TARGETARCH:-amd64}-${OSVERSION} as core
 
 FROM mcr.microsoft.com/windows/nanoserver:${OSVERSION}
 COPY --from=core /Windows/System32/netapi32.dll /Windows/System32/netapi32.dll
 
 USER ContainerAdministrator
 LABEL description="vSphere CSI Driver Windows Plugin"
 
-COPY --from=builder /build/bin/vsphere-csi.windows_amd64 ./csi.exe
+COPY --from=builder /build/bin/vsphere-csi.windows_${TARGETARCH:-amd64} ./csi.exe
 ENTRYPOINT ["/csi.exe"]

pkg/syncer/admissionhandler/cnscsi_admissionhandler.go

@@ -3,8 +3,6 @@ package admissionhandler
 import (
 	"context"
 	"crypto/tls"
-
-	_ "crypto/tls/fipsonly"
 	"crypto/x509"
 	"encoding/json"
 	"fmt"