Build environment agnostic changes

Makefile

@@ -13,8 +13,26 @@ export BIN_OUT ?= $(BUILD_OUT)/bin
 # DIST_OUT is the directory containting the distribution packages
 export DIST_OUT ?= $(BUILD_OUT)/dist
 
-# Compile Go with boringcrypto. This is required to import crypto/tls/fipsonly package.
-export GOEXPERIMENT=boringcrypto
+# Detect architecture and conditionally enable FIPS
+ARCH ?= $(shell uname -m)
+ifeq ($(ARCH),x86_64)
+    GOARCH := amd64
+    # Enable FIPS for amd64/x86_64 architecture only
+    export GOEXPERIMENT=boringcrypto
+else ifeq ($(ARCH),aarch64)
+    GOARCH := arm64
+    # FIPS not supported on ARM64, disable boringcrypto
+    export GOEXPERIMENT=
+else ifeq ($(ARCH),arm64)
+    GOARCH := arm64
+    # FIPS not supported on ARM64, disable boringcrypto
+    export GOEXPERIMENT=
+else
+    # Default to amd64 for unknown architectures
+    GOARCH := amd64
+    export GOEXPERIMENT=boringcrypto
+endif
+
 
 
 ################################################################################
@@ -390,10 +408,33 @@ vet:
 ################################################################################
 ##                                 BUILD IMAGES                               ##
 ################################################################################
+# Build all images (Linux + Windows)
 .PHONY: images
 images: | $(DOCKER_SOCK)
 	hack/release.sh
 
+# Build Linux images only (excludes Windows builds) - Recommended for development
+.PHONY: images-linux
+images-linux: | $(DOCKER_SOCK)
+	DO_WINDOWS_BUILD=false hack/release.sh
+
+# Build Windows images only (excludes Linux builds)
+.PHONY: images-windows
+images-windows: | $(DOCKER_SOCK)
+	DO_WINDOWS_BUILD=true LINUX_BUILD=false hack/release.sh
+
+# Show help for image build targets
+.PHONY: help-images
+help-images:
+	@echo "Available image build targets:"
+	@echo "  images        - Build all images (Linux + Windows) [default]"
+	@echo "  images-linux  - Build Linux images only (recommended for development)"
+	@echo "  images-windows - Build Windows images only"
+	@echo ""
+	@echo "Environment variables:"
+	@echo "  DO_WINDOWS_BUILD=false - Skip Windows builds"
+	@echo "  LINUX_BUILD=false      - Skip Linux builds"
+
 ################################################################################
 ##                                  PUSH IMAGES                               ##
 ################################################################################

hack/release.sh

@@ -14,16 +14,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This script is used build new container images of the CAPV manager and
-# clusterctl. When invoked without arguments, the default behavior is to build
-# new ci images
+# This script is used build new container images of the vSphere CSI driver and syncer.
+# When invoked without arguments, the default behavior is to build new ci images
+# for both Linux and Windows platforms.
+#
+# Environment Variables:
+#   DO_WINDOWS_BUILD - Set to 'false' to skip Windows image builds (default: true)
+#   LINUX_BUILD      - Set to 'false' to skip Linux image builds (default: true)
+#
+# Examples:
+#   ./hack/release.sh                           # Build both Linux and Windows images
+#   DO_WINDOWS_BUILD=false ./hack/release.sh    # Build Linux images only
+#   LINUX_BUILD=false ./hack/release.sh         # Build Windows images only
 
 set -o errexit
 set -o nounset
 set -o pipefail
 set -x
 
-DO_WINDOWS_BUILD=${DO_WINDOWS_BUILD_ENV:-true}
+DO_WINDOWS_BUILD=${DO_WINDOWS_BUILD:-${DO_WINDOWS_BUILD_ENV:-true}}
+LINUX_BUILD=${LINUX_BUILD:-true}
 
 # BASE_REPO is the root path of the image repository
 readonly BASE_IMAGE_REPO=us-central1-docker.pkg.dev/k8s-staging-images/csi-vsphere
@@ -51,7 +61,24 @@ BUILD_RELEASE_TYPE="${BUILD_RELEASE_TYPE:-}"
 # Example: CUSTOM_REPO_FOR_GOLANG=<docker-registry>/dockerhub-proxy-cache/library/
 GOLANG_IMAGE=${CUSTOM_REPO_FOR_GOLANG:-}golang:1.25.5
 
-ARCH=amd64
+# Detect architecture automatically, default to amd64 if not detected
+ARCH=${ARCH:-$(uname -m)}
+case "$ARCH" in
+  x86_64)
+    ARCH=amd64
+    ;;
+  aarch64|arm64)
+    ARCH=arm64
+    ;;
+  armv7l)
+    ARCH=arm
+    ;;
+  *)
+    echo "Warning: Unknown architecture $ARCH, defaulting to amd64"
+    ARCH=amd64
+    ;;
+esac
+
 OSVERSION=1809
 # OS Version for the Windows images: 1809, 20H2, ltsc2022
 OSVERSION_WIN=(1809 20H2 ltsc2022)
@@ -136,7 +163,7 @@ function build_driver_images_linux() {
    --output "${LINUX_IMAGE_OUTPUT}" \
    --file images/driver/Dockerfile \
    --tag "${tag}" \
-   --build-arg ARCH=amd64 \
+   --build-arg ARCH=${ARCH} \
    --build-arg "VERSION=${VERSION}" \
    --build-arg "GOPROXY=${GOPROXY}" \
    --build-arg "GIT_COMMIT=${GIT_COMMIT}" \
@@ -148,6 +175,7 @@ function build_driver_images_linux() {
 function build_syncer_image_linux() {
   echo "building ${SYNCER_IMAGE_NAME}:${VERSION} for linux"
   docker buildx build --platform "linux/$ARCH"\
+      --output "${LINUX_IMAGE_OUTPUT}" \
       -f images/syncer/Dockerfile \
       -t "${SYNCER_IMAGE_NAME}":"${VERSION}" \
       --build-arg "VERSION=${VERSION}" \
@@ -169,11 +197,15 @@ function build_images() {
   LATEST="latest"
 
   # build images for linux platform
-  build_driver_images_linux
-  build_syncer_image_linux
+  if [ "$LINUX_BUILD" = true ]; then
+    echo "Building Linux images..."
+    build_driver_images_linux
+    build_syncer_image_linux
+  fi
 
   if [ "$DO_WINDOWS_BUILD" = true ]; then
     # build images for windows platform
+    echo "Building Windows images..."
     build_driver_images_windows
   fi
 }
@@ -326,13 +358,17 @@ if [ "${PUSH}" ]; then
     done
   fi
   # tag linux images with linux and push them to registry
-  LINUX_IMAGE_OUTPUT="type=registry"
-  build_driver_images_linux
+  if [ "$LINUX_BUILD" = true ]; then
+    echo "Pushing Linux images..."
+    LINUX_IMAGE_OUTPUT="type=registry"
+    build_driver_images_linux
+    #push syncer images
+    push_syncer_images
+  fi
+
   if [ "$DO_WINDOWS_BUILD" = true ]; then
     #create and push manifest for driver
     push_manifest_driver
   fi
-  #push syncer images
-  push_syncer_images
 fi
 

images/driver/Dockerfile

@@ -34,15 +34,23 @@ ARG VERSION=unknown
 # This build arg controls the GOPROXY setting
 ARG GOPROXY
 
+# Architecture detection for conditional FIPS support
+ARG TARGETARCH
+
 WORKDIR /build
 COPY go.mod go.sum ./
 COPY pkg/    pkg/
 COPY cmd/    cmd/
 ENV CGO_ENABLED=0
-ENV GOFIPS=1
-ENV GOEXPERIMENT="boringcrypto"
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
-RUN go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o vsphere-csi ./cmd/vsphere-csi
+
+# Conditionally set FIPS environment variables based on architecture
+# FIPS/boringcrypto is only supported on amd64 architecture
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o vsphere-csi ./cmd/vsphere-csi
 
 ################################################################################
 ##                               MAIN STAGE                                   ##

images/syncer/Dockerfile

@@ -29,6 +29,9 @@ ARG VERSION=unknown
 
 ARG GOPROXY
 
+# Architecture detection for conditional FIPS support
+ARG TARGETARCH
+
 WORKDIR /build
 
 COPY go.mod go.sum ./
@@ -41,11 +44,13 @@ ENV CGO_ENABLED=0
 
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
 
-ENV GOFIPS=1
-
-ENV GOEXPERIMENT="boringcrypto"
-
-RUN go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer.Version=${VERSION}" -o vsphere-syncer ./cmd/syncer
+# Conditionally set FIPS environment variables based on architecture
+# FIPS/boringcrypto is only supported on amd64 architecture
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer.Version=${VERSION}" -o vsphere-syncer ./cmd/syncer
 
 ################################################################################
 ##                               MAIN STAGE                                   ##

images/windows/driver/Dockerfile

@@ -19,13 +19,14 @@
 ARG GOLANG_IMAGE=golang:1.25.5
 ARG OSVERSION
 ARG ARCH=amd64
+ARG TARGETARCH
 
 ################################################################################
 ##                              BUILD STAGE                                   ##
 ################################################################################
 # Build the manager as a statically compiled binary so it has no dependencies
 # libc, muscl, etc.
-FROM --platform=linux/amd64 ${GOLANG_IMAGE} as builder
+FROM --platform=linux/${TARGETARCH:-amd64} ${GOLANG_IMAGE} as builder
 
 # This build arg is the version to embed in the CSI binary
 ARG VERSION=unknown
@@ -38,22 +39,26 @@ COPY go.mod go.sum ./
 COPY pkg/    pkg/
 COPY cmd/    cmd/
 ENV CGO_ENABLED=0
-ENV GOFIPS=1
-ENV GOEXPERIMENT="boringcrypto"
 ENV GOPROXY ${GOPROXY:-https://proxy.golang.org}
-RUN GOOS=windows GOARCH=amd64 go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o ./bin/vsphere-csi.windows_amd64 cmd/vsphere-csi/main.go
+
+# Conditionally set FIPS environment variables and build for target architecture
+RUN if [ "${TARGETARCH:-amd64}" = "amd64" ]; then \
+        export GOFIPS=1 && \
+        export GOEXPERIMENT="boringcrypto"; \
+    fi && \
+    GOOS=windows GOARCH=${TARGETARCH:-amd64} go build -a -ldflags="-w -s -extldflags=static -X sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service.Version=${VERSION}" -o ./bin/vsphere-csi.windows_${TARGETARCH:-amd64} cmd/vsphere-csi/main.go
 
 
 ################################################################################
 ##                              MAIN STAGE                                   ##
 ################################################################################
-FROM --platform=linux/amd64 gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-${ARCH}-${OSVERSION} as core
+FROM --platform=linux/${TARGETARCH:-amd64} gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-${TARGETARCH:-amd64}-${OSVERSION} as core
 
 FROM mcr.microsoft.com/windows/nanoserver:${OSVERSION}
 COPY --from=core /Windows/System32/netapi32.dll /Windows/System32/netapi32.dll
 
 USER ContainerAdministrator
 LABEL description="vSphere CSI Driver Windows Plugin"
 
-COPY --from=builder /build/bin/vsphere-csi.windows_amd64 ./csi.exe
+COPY --from=builder /build/bin/vsphere-csi.windows_${TARGETARCH:-amd64} ./csi.exe
 ENTRYPOINT ["/csi.exe"]

pkg/syncer/admissionhandler/cnscsi_admissionhandler.go

@@ -3,8 +3,6 @@ package admissionhandler
 import (
 	"context"
 	"crypto/tls"
-
-	_ "crypto/tls/fipsonly"
 	"crypto/x509"
 	"encoding/json"
 	"fmt"