diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index 9fb7ff5dca..6b96e63407 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -53,7 +53,7 @@ projects: repos: - name: cert-manager versions: - - tag: v1.12.1 + - tag: v1.12.2 - org: cilium repos: - name: cilium @@ -143,7 +143,7 @@ projects: repos: - name: cluster-api versions: - - tag: v1.4.3 + - tag: v1.4.4 - name: cluster-api-provider-cloudstack versions: - tag: v0.4.9-rc5 @@ -161,7 +161,7 @@ projects: - tag: v0.1.16 - name: kind versions: - - tag: v0.18.0 + - tag: v0.20.0 - org: metallb repos: - name: metallb diff --git a/build/lib/common.sh b/build/lib/common.sh index 6daf50f3fd..0bb3c38935 100755 --- a/build/lib/common.sh +++ b/build/lib/common.sh @@ -413,3 +413,23 @@ function build::jq::update_in_place() { cat $json_file | jq -S ''"$jq_query"'' > $json_file.tmp && mv $json_file.tmp $json_file } + +function build::common::copy_if_source_destination_different() { + local source=$1 + local destination=$2 + + source_inode=$(stat -c %i $source) + destination_inode="" + if [ -d $destination ] && [ -e $destination/$(basename $source) ]; then + destination_inode=$(stat -c %i $destination/$(basename $source)) + elif [ -f $destination ] && [ -e $destination ]; then + destination_inode=$(stat -c %i $destination) + fi + + if [ -n "$destination_inode" ] && [ "$source_inode" = "$destination_inode" ]; then + echo "Source and destination are the same file" + exit 0 + fi + + cp -rf $source $destination +} diff --git a/build/lib/simple_create_tarballs.sh b/build/lib/simple_create_tarballs.sh index 060c4c1e88..0b8866b0ec 100755 --- a/build/lib/simple_create_tarballs.sh +++ b/build/lib/simple_create_tarballs.sh @@ -41,10 +41,10 @@ function build::simple::tarball() { TAR_FILE="${TAR_FILE_PREFIX}-${OS}-${ARCH}-${TAG}.tar.gz" for path in "${LICENSE_PATHS[@]}"; do - build::common::echo_and_run cp -rf $path ${OUTPUT_BIN_DIR}/${OS}-${ARCH}/ + build::common::echo_and_run build::common::copy_if_source_destination_different $path ${OUTPUT_BIN_DIR}/${OS}-${ARCH}/ done for path in "${ATTRIBUTION_PATHS[@]}"; do - build::common::echo_and_run cp $path ${OUTPUT_BIN_DIR}/${OS}-${ARCH}/ + build::common::echo_and_run build::common::copy_if_source_destination_different $path ${OUTPUT_BIN_DIR}/${OS}-${ARCH}/ done build::common::create_tarball ${TAR_PATH}/${TAR_FILE} ${OUTPUT_BIN_DIR}/${OS}-${ARCH} . done diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt index 257f7c4451..07fd491a22 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/acmesolver-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt index ff20e70d2b..97795c577c 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cainjector-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/cainjector-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/cainjector-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt index 249a5e2dd6..730d61b501 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt @@ -32,7 +32,7 @@ https://github.com/Azure/go-autorest/tracing ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/controller-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/controller-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/controller-binary ** github.com/coreos/go-semver/semver; version v0.3.0 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt index d0d3176a71..06907c8932 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v1.12.1-0.20230524130037-7ea113504de2 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cmd/ctl; version v1.12.1 -- +** github.com/cert-manager/cert-manager/cmd/ctl; version v1.12.2 -- https://github.com/cert-manager/cert-manager/cmd/ctl ** github.com/containerd/containerd; version v1.7.0 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt index 499d5de691..b954a09a01 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/webhook-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/webhook-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/webhook-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CHECKSUMS b/projects/cert-manager/cert-manager/CHECKSUMS index e8c6be4352..b4f7528e09 100644 --- a/projects/cert-manager/cert-manager/CHECKSUMS +++ b/projects/cert-manager/cert-manager/CHECKSUMS @@ -1,10 +1,10 @@ -b27e0f8fdde56522342b15531b586f1a1658d79f62c0b4dbb30e8f8cb72b1d7f _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver -ec50b30c6650eb43f353b2c2012f83a9f9141dc7ace18c372c5b840ff0df1df9 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector -868f0e629002bd69d91c388f8fadd8563d28a7af4dd149c2cb76ada5fe4624f3 _output/bin/cert-manager/linux-amd64/cert-manager-controller -a9e25f38de1f72c6438c488f199f95a59e37b91e987ce659612911ec0cd8d6f5 _output/bin/cert-manager/linux-amd64/cert-manager-ctl -c61c06716d578cede28ffa1b85f21110dd47564adf95125d27999a100be579b5 _output/bin/cert-manager/linux-amd64/cert-manager-webhook -ec169a43ebc6830c935dff29536c2d2dc799a4c34e2dfc6a1c5af7a9dc76b82a _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver -58bdda035d98549df3829c085cc32ca8a7d141130fd3195e01c1bc8f69e4a47d _output/bin/cert-manager/linux-arm64/cert-manager-cainjector -33800139795ef5d4762092c57dcd5e32a0ca8fac4bd4ff1105f621b3ea46cd67 _output/bin/cert-manager/linux-arm64/cert-manager-controller -9d1c1ae65ade567d3340d5b8b0f8f54ba852978af6b892d11505342d38d1df32 _output/bin/cert-manager/linux-arm64/cert-manager-ctl -b9387c69c37ba6ab93cab8681b933e61493c60a9ee13842af19627358ee444e2 _output/bin/cert-manager/linux-arm64/cert-manager-webhook +55bb3ab64e1b7800f5a44edd0b217dfad9f7eddb962bbf6f110c838c858595dd _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver +e34ca2b8c8c47f2f05e2ea041695e8c7422b31e5ebfeba6241410453b0ebdc86 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector +a9e6a4c4a0ba8fc6d1d93f1a96832470023f31038e8b30e4c3628a0eeac9c7bd _output/bin/cert-manager/linux-amd64/cert-manager-controller +5ef1243565f0224ad4af2fcfb5c05a442435745db2faecd4bb044a675c72477e _output/bin/cert-manager/linux-amd64/cert-manager-ctl +788d265ec23993384d2a8cb77a724ba87fa66b7a39450a3a3d71e42f1f05f9af _output/bin/cert-manager/linux-amd64/cert-manager-webhook +b105c8f3e6cd7d844522f97ad27d21778b54b7554d30d849a15ce73cc33bb2de _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver +d9e13b63b4a6e08009cd6e5512a3a514d89e5ac873a84acf3e97bba35bd75450 _output/bin/cert-manager/linux-arm64/cert-manager-cainjector +f20795a19580f2a083f90d3abd9ac83a1b734b91a6b37412471e6962d9f0b915 _output/bin/cert-manager/linux-arm64/cert-manager-controller +ba802dc58d3764b09384c0df28c6115d7afbd41e0e434b976603cfd8de16f96b _output/bin/cert-manager/linux-arm64/cert-manager-ctl +43db2e15a508b0fd47e8956cd437ef96605e01f9341a6702268d309db11fd227 _output/bin/cert-manager/linux-arm64/cert-manager-webhook diff --git a/projects/cert-manager/cert-manager/GIT_TAG b/projects/cert-manager/cert-manager/GIT_TAG index 51b86ba24b..41de27dfab 100644 --- a/projects/cert-manager/cert-manager/GIT_TAG +++ b/projects/cert-manager/cert-manager/GIT_TAG @@ -1 +1 @@ -v1.12.1 +v1.12.2 diff --git a/projects/cert-manager/cert-manager/README.md b/projects/cert-manager/cert-manager/README.md index 8d99b86d3d..df991b0943 100644 --- a/projects/cert-manager/cert-manager/README.md +++ b/projects/cert-manager/cert-manager/README.md @@ -1,5 +1,5 @@ ## **cert-manager** -![Version](https://img.shields.io/badge/version-v1.12.1-blue) +![Version](https://img.shields.io/badge/version-v1.12.2-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiUkphQkhWTUpOOVE1OFVLU0dHQmVFUXZJV0dJaGVLYmtEZHp0aGtDRnJBQUxtaHVqOWp3S0l6d0NlTytqNWpwc2tNTmF6RnNhMTZ3d1J1RXErR0lWcldZPSIsIml2UGFyYW1ldGVyU3BlYyI6IlQyU2lIcVVtU3ozZVZSVTgiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [cert-manager](https://github.com/cert-manager/cert-manager) is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources, such as [Let’s Encrypt](https://letsencrypt.org), [HashiCorp Vault](https://www.vaultproject.io), [Venafi](https://www.venafi.com/), a simple signing key pair, or self signed. It periodically ensures that certificates are valid and up-to-date, and attempts to renew certificates at an appropriate time before expiry. diff --git a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml index 235dc1c4ef..44b817fd80 100644 --- a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml +++ b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -227,7 +227,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -600,7 +600,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: acme.cert-manager.io names: @@ -1678,7 +1678,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -2998,7 +2998,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -4318,7 +4318,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: acme.cert-manager.io names: @@ -4502,7 +4502,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/serviceaccount.yaml apiVersion: v1 @@ -4516,7 +4516,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/webhook-serviceaccount.yaml apiVersion: v1 @@ -4530,7 +4530,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/webhook-config.yaml apiVersion: v1 @@ -4543,7 +4543,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" data: --- # Source: cert-manager/templates/cainjector-rbac.yaml @@ -4556,7 +4556,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates"] @@ -4588,7 +4588,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["issuers", "issuers/status"] @@ -4614,7 +4614,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "clusterissuers/status"] @@ -4640,7 +4640,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] @@ -4675,7 +4675,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["acme.cert-manager.io"] resources: ["orders", "orders/status"] @@ -4713,7 +4713,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: # Use to update challenge resource status - apiGroups: ["acme.cert-manager.io"] @@ -4773,7 +4773,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests"] @@ -4810,7 +4810,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -4832,7 +4832,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -4857,7 +4857,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] @@ -4877,7 +4877,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] @@ -4903,7 +4903,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4919,7 +4919,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4939,7 +4939,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4959,7 +4959,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4979,7 +4979,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4999,7 +4999,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5019,7 +5019,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5039,7 +5039,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5059,7 +5059,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5079,7 +5079,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5099,7 +5099,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5122,7 +5122,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: # Used for leader election by the controller # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller @@ -5148,7 +5148,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5169,7 +5169,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: [""] resources: ["secrets"] @@ -5194,7 +5194,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5217,7 +5217,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5239,7 +5239,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5261,7 +5261,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: type: ClusterIP ports: @@ -5285,7 +5285,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: type: ClusterIP ports: @@ -5309,7 +5309,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5324,7 +5324,7 @@ spec: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: serviceAccountName: cert-manager-cainjector securityContext: @@ -5333,7 +5333,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-cainjector - image: "quay.io/jetstack/cert-manager-cainjector:v1.12.1" + image: "quay.io/jetstack/cert-manager-cainjector:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5362,7 +5362,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5377,7 +5377,7 @@ spec: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: prometheus.io/path: "/metrics" prometheus.io/scrape: 'true' @@ -5390,13 +5390,13 @@ spec: type: RuntimeDefault containers: - name: cert-manager-controller - image: "quay.io/jetstack/cert-manager-controller:v1.12.1" + image: "quay.io/jetstack/cert-manager-controller:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.1 + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.2 - --max-concurrent-challenges=60 ports: - containerPort: 9402 @@ -5429,7 +5429,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5444,7 +5444,7 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: serviceAccountName: cert-manager-webhook securityContext: @@ -5453,7 +5453,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-webhook - image: "quay.io/jetstack/cert-manager-webhook:v1.12.1" + image: "quay.io/jetstack/cert-manager-webhook:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5514,7 +5514,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: @@ -5555,7 +5555,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: diff --git a/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt b/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt index cb171f8eef..ba35c3bb45 100644 --- a/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt @@ -170,7 +170,7 @@ https://github.com/kubernetes/kubectl ** k8s.io/utils; version v0.0.0-20221128185143-99ec85e7a448 -- https://github.com/kubernetes/utils -** sigs.k8s.io/cluster-api; version v1.4.3 -- +** sigs.k8s.io/cluster-api; version v1.4.4 -- https://github.com/kubernetes-sigs/cluster-api ** sigs.k8s.io/controller-runtime; version v0.14.5 -- diff --git a/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt b/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt index 4f22d5964a..69ee47aa72 100644 --- a/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt @@ -113,10 +113,13 @@ https://github.com/kubernetes/utils ** sigs.k8s.io/cluster-api; version v0.0.0-00010101000000-000000000000 -- https://github.com/kubernetes-sigs/cluster-api -** sigs.k8s.io/cluster-api/test/infrastructure/container; version v1.4.3 -- +** sigs.k8s.io/cluster-api/test/infrastructure/container; version v1.4.4 -- https://github.com/kubernetes-sigs/cluster-api -** sigs.k8s.io/cluster-api/test/infrastructure/docker; version v1.4.3 -- +** sigs.k8s.io/cluster-api/test/infrastructure/docker; version v1.4.4 -- +https://github.com/kubernetes-sigs/cluster-api + +** sigs.k8s.io/cluster-api/test/infrastructure/kind; version v1.4.4 -- https://github.com/kubernetes-sigs/cluster-api ** sigs.k8s.io/controller-runtime; version v0.14.5 -- @@ -125,7 +128,7 @@ https://github.com/kubernetes-sigs/controller-runtime ** sigs.k8s.io/json; version v0.0.0-20220713155537-f223a00ba0e2 -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/kind/pkg; version v0.18.0 -- +** sigs.k8s.io/kind/pkg; version v0.20.0 -- https://github.com/kubernetes-sigs/kind ** sigs.k8s.io/structured-merge-diff/v4; version v4.2.3 -- diff --git a/projects/kubernetes-sigs/cluster-api/CHECKSUMS b/projects/kubernetes-sigs/cluster-api/CHECKSUMS index 6e7e417d04..72dfa171fa 100644 --- a/projects/kubernetes-sigs/cluster-api/CHECKSUMS +++ b/projects/kubernetes-sigs/cluster-api/CHECKSUMS @@ -1,10 +1,10 @@ -fa0da15e88ac0c7f4904f66c83bdea9cd4a2c42af1902d1e2f8b588df24a6c63 _output/bin/cluster-api/linux-amd64/cluster-api-provider-docker-manager -0b4b61c20418c27d0b01cc3bd0688da7a846531e1d400ecad9362b7369d78ff6 _output/bin/cluster-api/linux-amd64/clusterctl -39904b6be4dd287a1bc05129ff2dfb86e7019f9ccc5a9037ef13832bb4671911 _output/bin/cluster-api/linux-amd64/kubeadm-bootstrap-manager -36e297c10a4a1c62523c5543d63b20cc25dedfcf0ab05a0d9c495997b961ea48 _output/bin/cluster-api/linux-amd64/kubeadm-control-plane-manager -6960325d14c8a76cd1c8e1ef7d499dc9389946ffc60f17e776bcffb88bc2c377 _output/bin/cluster-api/linux-amd64/manager -81c0f131d0fab5f736bbe30395bea6030e44307a645462754172909833733c3e _output/bin/cluster-api/linux-arm64/cluster-api-provider-docker-manager -1a191e2479a374d2ade23293e90aa3993174ba4eaef4f6f7c4c108fd4b458735 _output/bin/cluster-api/linux-arm64/clusterctl -d07e2ede84ab59c0cb2e63b909bcce53414ccde9b2c869a6cac8aa7de0c705f5 _output/bin/cluster-api/linux-arm64/kubeadm-bootstrap-manager -58616d19284020b66d3fd803e6e17b8b6989e1f9703644ac8de3252060c62d2d _output/bin/cluster-api/linux-arm64/kubeadm-control-plane-manager -114fb081b916afbb90d630a30a03366050dd82c8471d8c4516ef8d5c0a94e1eb _output/bin/cluster-api/linux-arm64/manager +175994c0cdcadc9432bac2a01ed87eed9b3de1cd4c3d184a66d2d1f30148ca7c _output/bin/cluster-api/linux-amd64/cluster-api-provider-docker-manager +f747419a71009a7eb441751c51c99a26ccfbf4affa529f14c0f5c2796bbc2ad3 _output/bin/cluster-api/linux-amd64/clusterctl +023210fdafb6ad54c7f1c976267bf74a9dd293f24630c3a6482baa71bf3d8a99 _output/bin/cluster-api/linux-amd64/kubeadm-bootstrap-manager +bf949ad793668d5498748104a34e10824770c89f0127ad91ecbf46c7a51ccc5e _output/bin/cluster-api/linux-amd64/kubeadm-control-plane-manager +fe9f5cb36684eead883824d13a3e1b58476470ac078715149d038bd445cb6984 _output/bin/cluster-api/linux-amd64/manager +52c95b44ec40b9630233ed3f2b210e5e2cd6ee0ea9bcec0b2d28517eacb1323d _output/bin/cluster-api/linux-arm64/cluster-api-provider-docker-manager +7fcc8a1f066ad6a6a7800e364c3c0e4e070a8217857c7cbd96bbecb87ad4dafd _output/bin/cluster-api/linux-arm64/clusterctl +fceb8346ff6c2af8aeb723f67386ee448be7913220165612326ef545d32589af _output/bin/cluster-api/linux-arm64/kubeadm-bootstrap-manager +226e60d9e29ddfb968e481f112be4d13c007a0842e2c522930b90f688869c528 _output/bin/cluster-api/linux-arm64/kubeadm-control-plane-manager +b67874ec80fe9987501af8a3fa99f33fcd97f502d914efbe252769180ee0126b _output/bin/cluster-api/linux-arm64/manager diff --git a/projects/kubernetes-sigs/cluster-api/GIT_TAG b/projects/kubernetes-sigs/cluster-api/GIT_TAG index 92f76b4232..61919cdd8e 100644 --- a/projects/kubernetes-sigs/cluster-api/GIT_TAG +++ b/projects/kubernetes-sigs/cluster-api/GIT_TAG @@ -1 +1 @@ -v1.4.3 +v1.4.4 diff --git a/projects/kubernetes-sigs/cluster-api/Makefile b/projects/kubernetes-sigs/cluster-api/Makefile index 68ccd28a71..705ada9c55 100644 --- a/projects/kubernetes-sigs/cluster-api/Makefile +++ b/projects/kubernetes-sigs/cluster-api/Makefile @@ -29,7 +29,8 @@ BUILDSPEC_COMPUTE_TYPE=BUILD_GENERAL1_LARGE FIX_LICENSES_GO_JSON_TARGET=$(REPO)/vendor/github.com/github.com/ajeddeloh/go-json/LICENSE.txt FIX_LICENSES_TEST_CONTAINER_TARGET=$(REPO)/test/infrastructure/docker/LICENSE -FIX_LICENSES_TEST_DOCKER_TARGET=$(REPO)/test/infrastructure/container/LICENSE +FIX_LICENSES_TEST_DOCKER_TARGET=$(REPO)/test/infrastructure/container/LICENSE +FIX_LICENSES_TEST_KIND_TARGET=$(REPO)/test/infrastructure/kind/LICENSE include $(BASE_DIRECTORY)/Common.mk @@ -38,7 +39,7 @@ $(OUTPUT_BIN_DIR)/linux-%/cluster-api-provider-docker-manager: EXTRA_GO_LDFLAGS= s3-artifacts: create-manifests -$(GATHER_LICENSES_TARGETS): | $(FIX_LICENSES_GO_JSON_TARGET) $(FIX_LICENSES_TEST_CONTAINER_TARGET) $(FIX_LICENSES_TEST_DOCKER_TARGET) +$(GATHER_LICENSES_TARGETS): | $(FIX_LICENSES_GO_JSON_TARGET) $(FIX_LICENSES_TEST_CONTAINER_TARGET) $(FIX_LICENSES_TEST_DOCKER_TARGET) $(FIX_LICENSES_TEST_KIND_TARGET) cluster-api-docker-controller/images/%: BASE_IMAGE_NAME=eks-distro-minimal-base @@ -55,14 +56,18 @@ $(FIX_LICENSES_GO_JSON_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) $(REPO)/vendor/github.com/ajeddeloh/go-json/LICENSE.txt; $(FIX_LICENSES_TEST_CONTAINER_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) -# capd pulls in a dep in test/infra/container which does not have a LICENSE file and go-licenses does look up +# CAPD pulls in a dep in test/infrastructure/container which does not have a LICENSE file and go-licenses does look it up # We use capi license instead cp $(REPO)/LICENSE $@ $(FIX_LICENSES_TEST_DOCKER_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) -# capd is a separate module but it doesn't have its own license, it inherits the one at the REPO top level. +# CAPD is a separate module but it doesn't have its own license, it inherits the one at the REPO top level. cp $(REPO)/LICENSE $@ +$(FIX_LICENSES_TEST_KIND_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) +# CAPD pulls in a dep in test/infrstructure/kind which does not have a LICENSE file and go-licenses does look it up +# We use capi license instead + cp $(REPO)/LICENSE $@ ########### DO NOT EDIT ############################# # To update call: make add-generated-help-block diff --git a/projects/kubernetes-sigs/cluster-api/README.md b/projects/kubernetes-sigs/cluster-api/README.md index cd106b284c..780b5f740a 100644 --- a/projects/kubernetes-sigs/cluster-api/README.md +++ b/projects/kubernetes-sigs/cluster-api/README.md @@ -1,5 +1,5 @@ ## **Cluster API** -![Version](https://img.shields.io/badge/version-v1.4.3-blue) +![Version](https://img.shields.io/badge/version-v1.4.4-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiQVZ3TDBZZVVXZUZiVmtqLzVoOVcrV2FaMmxRRzJXRmJCRlZtQkNodXdWZ0FrNm0zQ3l5UzNqTkdsQXgwdzc0bTBZc1RIcjBhMUVFbEhIK3d2VDVPek1rPSIsIml2UGFyYW1ldGVyU3BlYyI6IkVuOGJxNXBPZEtDek81Q3giLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Cluster API](https://github.com/kubernetes-sigs/cluster-api) is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. It uses Kubernetes-style APIs and patterns to automate cluster lifecycle management for platform operators. The supporting infrastructure, like virtual machines, networks, load balancers, and VPCs, as well as the Kubernetes cluster configuration are all defined in the same way that application developers operate deploying and managing their workloads. This enables consistent and repeatable cluster deployments across a wide variety of infrastructure environments. Cluster API can be extended to support any infrastructure provider (AWS, Azure, vSphere, etc.) or bootstrap provider (kubeadm is default) as required by the customer. diff --git a/projects/kubernetes-sigs/kind/ATTRIBUTION.txt b/projects/kubernetes-sigs/kind/ATTRIBUTION.txt index 2979916389..d460c8d4e6 100644 --- a/projects/kubernetes-sigs/kind/ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/kind/ATTRIBUTION.txt @@ -11,7 +11,7 @@ https://github.com/spf13/cobra ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** sigs.k8s.io/kind; version v0.18.0 -- +** sigs.k8s.io/kind; version v0.20.0 -- https://github.com/kubernetes-sigs/kind diff --git a/projects/kubernetes-sigs/kind/CHECKSUMS b/projects/kubernetes-sigs/kind/CHECKSUMS index 8ec9431d76..6c27ae6092 100644 --- a/projects/kubernetes-sigs/kind/CHECKSUMS +++ b/projects/kubernetes-sigs/kind/CHECKSUMS @@ -1,4 +1,4 @@ -5c192440c2870a7ff1810237503f3950853dbdf07a6057bb8d57e3040289ef7c _output/bin/kind/linux-amd64/kind -62344b893805da524e129c820b982574a04f84e35aaf98a5f4718c9f8a6edc65 _output/bin/kind/linux-amd64/kindnetd -1061c140a1c85e3adba725bfb570366fb21a1642ba066ed8772a8abd5c29aba9 _output/bin/kind/linux-arm64/kind -54a7a42aca5dc73a7909292e82ca801baa7d4715d14af6fdeefb4c18d4c334e1 _output/bin/kind/linux-arm64/kindnetd +3201b5e1d3199dd1271ffde0f272a42eef76826ff84a18ac1ab98f58d0d9fdf3 _output/bin/kind/linux-amd64/kind +5ac16b95376ffbd6a5af04d238616050bf3ea6bc2c78b99a32d60fa110363def _output/bin/kind/linux-amd64/kindnetd +0f694a8dc8886e23e4b73b5bc7d18e0b0d7ab0e00ab37100fef12acda0ee2aa1 _output/bin/kind/linux-arm64/kind +20a4aaeea684463d2518ecc8cfe6722975eed72cc3aac7557e107396732d0273 _output/bin/kind/linux-arm64/kindnetd diff --git a/projects/kubernetes-sigs/kind/GIT_TAG b/projects/kubernetes-sigs/kind/GIT_TAG index a86d3df725..1847373e96 100644 --- a/projects/kubernetes-sigs/kind/GIT_TAG +++ b/projects/kubernetes-sigs/kind/GIT_TAG @@ -1 +1 @@ -v0.18.0 +v0.20.0 diff --git a/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt b/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt index 1b7e3bd3c8..7b9a89dcd4 100644 --- a/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt @@ -59,7 +59,7 @@ https://github.com/kubernetes/utils ** sigs.k8s.io/json; version v0.0.0-20220713155537-f223a00ba0e2 -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/kind/images/kindnetd/cmd/kindnetd; version v0.18.0 -- +** sigs.k8s.io/kind/images/kindnetd/cmd/kindnetd; version v0.20.0 -- https://github.com/kubernetes-sigs/kind ** sigs.k8s.io/structured-merge-diff/v4; version v4.2.3 -- diff --git a/projects/kubernetes-sigs/kind/README.md b/projects/kubernetes-sigs/kind/README.md index 92cd24fcad..5308d049e4 100644 --- a/projects/kubernetes-sigs/kind/README.md +++ b/projects/kubernetes-sigs/kind/README.md @@ -1,5 +1,5 @@ ## **Kind** -![Version](https://img.shields.io/badge/version-v0.18.0-blue) +![Version](https://img.shields.io/badge/version-v0.20.0-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiVkgvQm93WHUvUWJ1U2ZhSG9JTUJNMFdjdGtwSkIyRCt1azM0THYxcWYweC8rM2lHRmNYMXI0QkVPUm4yZ0JZZ1c4RzdMeTJ3dGtpREdYeFpvTEhtc2FnPSIsIml2UGFyYW1ldGVyU3BlYyI6Im9GV2EzRGZQNVZ5c25kTmoiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Kind](https://github.com/kubernetes-sigs/kind) is a tool for running local Kubernetes clusters using Docker container "nodes". kind bootstraps each "node" with `kubeadm`. kind consists of: diff --git a/projects/kubernetes-sigs/kind/build/node-image-build-args.sh b/projects/kubernetes-sigs/kind/build/node-image-build-args.sh index cecbceca49..7dd7a23b23 100755 --- a/projects/kubernetes-sigs/kind/build/node-image-build-args.sh +++ b/projects/kubernetes-sigs/kind/build/node-image-build-args.sh @@ -51,13 +51,13 @@ ETCD_VERSION=$(build::eksd_releases::get_eksd_component_version "etcd" $EKSD_REL # Expected versions provided by kind which are replaced in the docker build with our versions # when updating kind check the following, they may need to be updated -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_cni.go#L23 -KINDNETD_IMAGE_TAG="docker.io/kindest/kindnetd:v20230330-48f316cd@sha256:c19d6362a6a928139820761475a38c24c0cf84d507b9ddf414a078cf627497af" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_storage.go#L28 -LOCAL_PATH_PROVISONER_IMAGE_TAG="docker.io/kindest/local-path-provisioner:v0.0.23-kind.0@sha256:f2d0a02831ff3a03cf51343226670d5060623b43a4cfc4808bd0875b2c4b9501" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_storage.go#L29 -LOCAL_PATH_HELPER_IMAGE_TAG="docker.io/kindest/local-path-helper:v20230330-48f316cd@sha256:135203f2441f916fb13dad1561d27f60a6f11f50ec288b01a7d2ee9947c36270" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/images/base/files/etc/containerd/config.toml#L37 +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_cni.go#L23 +KINDNETD_IMAGE_TAG="docker.io/kindest/kindnetd:v20230511-dc714da8" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_storage.go#L28 +LOCAL_PATH_PROVISONER_IMAGE_TAG="docker.io/kindest/local-path-provisioner:v20230511-dc714da8" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_storage.go#L29 +LOCAL_PATH_HELPER_IMAGE_TAG="docker.io/kindest/local-path-helper:v20230510-486859a6" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/images/base/files/etc/containerd/config.toml#L37 PAUSE_IMAGE_TAG="registry.k8s.io/pause:3.7" mkdir -p $(dirname $OUTPUT_FILE) diff --git a/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch b/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch index 0ae5053fe4..cb20545466 100644 --- a/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch +++ b/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch @@ -1,24 +1,28 @@ -From 3c55c9e2dfbd31a1f0e4c92db01728d076f08086 Mon Sep 17 00:00:00 2001 +From fc6ed013f61ce370ea9bb89d972c70acae247aa9 Mon Sep 17 00:00:00 2001 From: Jackson West -Date: Sat, 2 Apr 2022 22:00:37 -0500 -Subject: [PATCH 1/2] Switch to AL2 base image for node image +Date: Thu, 29 Jun 2023 00:56:53 -0700 +Subject: [PATCH 1/3] Switch to AL2 base image for node image -Signed-off-by: Jackson West --- - images/base/Dockerfile | 146 ++++++++---------- + images/base/Dockerfile | 231 +++++++----------- images/base/files/usr/local/bin/clean-install | 10 +- - 2 files changed, 69 insertions(+), 87 deletions(-) + 2 files changed, 99 insertions(+), 142 deletions(-) diff --git a/images/base/Dockerfile b/images/base/Dockerfile -index f6abfa3b..e4c13a47 100644 +index eb3f95ad..0ab8ab87 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile -@@ -19,43 +19,25 @@ +@@ -17,11 +17,27 @@ + # For systemd + docker configuration used below, see the following references: + # https://systemd.io/CONTAINER_INTERFACE/ - # start from ubuntu, this image is reasonably small as a starting point - # for a kubernetes node image, it doesn't contain much we don't need --ARG BASE_IMAGE=ubuntu:22.04 --FROM $BASE_IMAGE as build +-# start from debian slim, this image is reasonably small as a starting point +-# for a kubernetes node image, it doesn't contain much (anything?) we don't need +-# this stage will install basic files and packages +-ARG BASE_IMAGE=debian:bullseye-slim +-FROM $BASE_IMAGE as base ++# start from ubuntu, this image is reasonably small as a starting point ++# for a kubernetes node image, it doesn't contain much we don't need +ARG BASE_IMAGE +ARG BUILDER_IMAGE +FROM $BASE_IMAGE as base-amd64 @@ -27,41 +31,8 @@ index f6abfa3b..e4c13a47 100644 +ARG CRICTL_AMD64_SHA256SUM_URL +ARG CRICTL_URL=${CRICTL_AMD64_URL} +ARG CRICTL_SHA256SUM_URL=${CRICTL_AMD64_SHA256SUM_URL} - --# `docker buildx` automatically sets this arg value --ARG TARGETARCH - --# Configure containerd and runc binaries from kind-ci/containerd-nightlies repository --# The repository contains latest stable releases and nightlies built for multiple architectures --ARG CONTAINERD_VERSION="1.6.19-46-g941215f49" --ARG CONTAINERD_BASE_URL="https://github.com/kind-ci/containerd-nightlies/releases/download" --ARG CONTAINERD_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CONTAINERD_AMD64_SHA256SUM="df182a12d9108042df7dc449506be43f2fed8b3babde5bb9a72e5554e055a085" --ARG CONTAINERD_ARM64_SHA256SUM="2c76703c81ddaee5295911b8d8816dc84bcd8c5f78e48ea6f03b00a86148694e" -- --ARG RUNC_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/runc.${TARGETARCH}" --ARG RUNC_AMD64_SHA256SUM="76acadf30309b3e36aeb1bdb69238e52be2dd12e7a3557641e6f25415c1cb29b" --ARG RUNC_ARM64_SHA256SUM="2216c944455b4664113ce0af8b4a6ddc3beb7bacecc06b45b03b004995c822c1" -- --# Configure crictl binary from upstream --ARG CRICTL_VERSION="v1.26.1" --ARG CRICTL_URL="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CRICTL_AMD64_SHA256SUM="0c1a0f9900c15ee7a55e757bcdc220faca5dd2e1cfc120459ad1f04f08598127" --ARG CRICTL_ARM64_SHA256SUM="cfa28be524b5da1a6dded455bb497dfead27b1fd089e1161eb008909509be585" -- --# Configure CNI binaries from upstream --ARG CNI_PLUGINS_VERSION="v1.2.0" --ARG CNI_PLUGINS_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH}-${CNI_PLUGINS_VERSION}.tgz" --ARG CNI_PLUGINS_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_TARBALL}" --ARG CNI_PLUGINS_AMD64_SHA256SUM="f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37" --ARG CNI_PLUGINS_ARM64_SHA256SUM="525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57" -- --# Configure containerd-fuse-overlayfs snapshotter binary from upstream --ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="1.0.5" --ARG CONTAINERD_FUSE_OVERLAYFS_TARBALL="v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CONTAINERD_FUSE_OVERLAYFS_URL="https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_TARBALL}" --ARG CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM="1f4b12322cc1b044dfbbeaec30fc42295cedc8b6f0642146ba518333f9d5ddca" --ARG CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM="073e83196a7a73bd130fe44085bd65303c7e6cfc8c53ba46d90a16cbb8e5a112" ++ ++ +FROM $BASE_IMAGE as base-arm64 + +ARG CRICTL_ARM64_URL @@ -74,79 +45,189 @@ index f6abfa3b..e4c13a47 100644 # copy in static files # all scripts are 0755 (rwx r-x r-x) -@@ -102,11 +84,11 @@ COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/syst +@@ -71,10 +87,11 @@ COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/syst RUN echo "Installing Packages ..." \ && DEBIAN_FRONTEND=noninteractive clean-install \ systemd \ -- conntrack iptables iproute2 ethtool socat util-linux mount ebtables kmod \ -- libseccomp2 pigz \ -+ conntrack iptables iproute ethtool socat util-linux ebtables kmod \ +- conntrack iptables iproute2 ethtool util-linux mount ebtables kmod \ +- libseccomp2 pigz fuse-overlayfs \ +- nfs-common open-iscsi \ ++ conntrack iptables iproute ethtool util-linux ebtables kmod \ + libseccomp pigz \ - bash ca-certificates curl rsync \ -- nfs-common fuse-overlayfs open-iscsi \ -- jq \ + nfs-utils \ -+ containerd which tar procps hostname jq lockdev sudo \ + bash ca-certificates curl jq procps \ ++ containerd hostname lockdev rsync sudo tar which \ && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \ && rm -f /lib/systemd/system/multi-user.target.wants/* \ && rm -f /etc/systemd/system/*.wants/* \ -@@ -114,49 +96,65 @@ RUN echo "Installing Packages ..." \ - && rm -f /lib/systemd/system/sockets.target.wants/*udev* \ +@@ -83,148 +100,90 @@ RUN echo "Installing Packages ..." \ && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && rm -f /lib/systemd/system/basic.target.wants/* \ -- && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \ + && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \ - && ln -s "$(which systemd)" /sbin/init ++ # already set on al23 ++ # && ln -s "$(which systemd)" /sbin/init + # avoid runaway agetty processes most likely due to al2 being based on older centos 7 -+ && systemctl mask getty@tty1.service \ -+ && echo "ReadKMsg=no" >> /etc/systemd/journald.conf ++ # leaving for now, but al23 may not be affected by this issue ++ && systemctl mask getty@tty1.service ++ - RUN echo "Enabling kubelet ... " \ - && systemctl enable kubelet.service - --RUN echo "Installing containerd ..." \ -- && curl -sSL --retry 5 --output /tmp/containerd.${TARGETARCH}.tgz "${CONTAINERD_URL}" \ -- && echo "${CONTAINERD_AMD64_SHA256SUM} /tmp/containerd.amd64.tgz" | tee /tmp/containerd.sha256 \ -- && echo "${CONTAINERD_ARM64_SHA256SUM} /tmp/containerd.arm64.tgz" | tee -a /tmp/containerd.sha256 \ -- && sha256sum --ignore-missing -c /tmp/containerd.sha256 \ -- && rm -f /tmp/containerd.sha256 \ -- && tar -C /usr/local -xzvf /tmp/containerd.${TARGETARCH}.tgz \ -- && rm -rf /tmp/containerd.${TARGETARCH}.tgz \ -- && rm -f /usr/local/bin/containerd-stress /usr/local/bin/containerd-shim-runc-v1 \ -- && curl -sSL --retry 5 --output /tmp/runc.${TARGETARCH} "${RUNC_URL}" \ -- && echo "${RUNC_AMD64_SHA256SUM} /tmp/runc.amd64" | tee /tmp/runc.sha256 \ -- && echo "${RUNC_ARM64_SHA256SUM} /tmp/runc.arm64" | tee -a /tmp/runc.sha256 \ -- && sha256sum --ignore-missing -c /tmp/runc.sha256 \ -- && mv /tmp/runc.${TARGETARCH} /usr/local/sbin/runc \ -- && chmod 755 /usr/local/sbin/runc \ -+RUN echo "Enabling containerd ..." \ - && ctr oci spec \ - | jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/usr/local/bin/mount-product-files"}' \ - | jq 'del(.process.rlimits)' \ - > /etc/containerd/cri-base.json \ - && containerd --version \ - && runc --version \ -- && systemctl enable containerd -+ && systemctl enable containerd.service \ -+ && cp /usr/lib/systemd/system/containerd.service /etc/systemd/system/containerd.service + RUN echo "Enabling services ... " \ + && systemctl enable kubelet.service \ + && systemctl enable containerd.service \ + && systemctl enable undo-mount-hacks.service --RUN echo "Installing crictl ..." \ +RUN echo "Installing crictl ..." \ - && curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \ -- && echo "${CRICTL_AMD64_SHA256SUM} /tmp/crictl.amd64.tgz" | tee /tmp/crictl.sha256 \ -- && echo "${CRICTL_ARM64_SHA256SUM} /tmp/crictl.arm64.tgz" | tee -a /tmp/crictl.sha256 \ -- && sha256sum --ignore-missing -c /tmp/crictl.sha256 \ ++ && curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \ + && echo "$(curl $CRICTL_SHA256SUM_URL | cut -d ' ' -f1) /tmp/crictl.${TARGETARCH}.tgz" | tee /tmp/crictl.sha256 \ + && sha256sum -c /tmp/crictl.sha256 \ - && rm -f /tmp/crictl.sha256 \ - && tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \ -- && rm -rf /tmp/crictl.${TARGETARCH}.tgz ++ && rm -f /tmp/crictl.sha256 \ ++ && tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \ + && rm -rf /tmp/crictl.${TARGETARCH}.tgz + -+RUN echo "Ensuring /etc/kubernetes/manifests" \ -+ && mkdir -p /etc/kubernetes/manifests -+ + RUN echo "Ensuring /etc/kubernetes/manifests" \ + && mkdir -p /etc/kubernetes/manifests + +-# shared stage to setup go version for building binaries +-# NOTE we will be cross-compiling for performance reasons +-# This is also why we start again FROM the same base image but a different +-# platform and only the files needed for building +-# We will copy the built binaries from later stages to the final stage(s) +-FROM --platform=$BUILDPLATFORM $BASE_IMAGE as go-build +-COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ +-COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/ +-COPY --chmod=0755 scripts/target-cc /usr/local/bin/ +-# tools needed at build-time only +-# first ensure we can install packages for both architectures +-RUN dpkg --add-architecture arm64 && dpkg --add-architecture amd64 \ +- && clean-install bash ca-certificates curl git make pkg-config \ +- crossbuild-essential-amd64 crossbuild-essential-arm64 \ +- libseccomp-dev:amd64 libseccomp-dev:arm64 +-# set by makefile to .go-version +-ARG GO_VERSION +-RUN eval "$(gimme "${GO_VERSION}")" \ +- && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest +- +- +-# stage for building containerd +-FROM go-build as build-containerd +-ARG TARGETARCH GO_VERSION +-ARG CONTAINERD_VERSION="v1.7.1" +-ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd" +-# we don't build with optional snapshotters, we never select any of these +-# they're not ideal inside kind anyhow, and we save some disk space +-ARG BUILDTAGS="no_aufs no_zfs no_btrfs no_devmapper" +-RUN git clone --filter=tree:0 "${CONTAINERD_CLONE_URL}" /containerd \ +- && cd /containerd \ +- && git checkout "${CONTAINERD_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make bin/ctr bin/containerd bin/containerd-shim-runc-v2 \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES \ +- ./cmd/ctr ./cmd/containerd ./cmd/containerd-shim-runc-v2 +- +-# stage for building runc +-FROM go-build as build-runc +-ARG TARGETARCH GO_VERSION +-ARG RUNC_VERSION="v1.1.7" +-ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc" +-RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \ +- && cd /runc \ +- && git checkout "${RUNC_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make runc \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES . +- +-# stage for building crictl +-FROM go-build as build-crictl +-ARG TARGETARCH GO_VERSION +-ARG CRI_TOOLS_CLONE_URL="https://github.com/kubernetes-sigs/cri-tools" +-ARG CRICTL_VERSION="v1.27.0" +-RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \ +- && cd /cri-tools \ +- && git checkout "${CRICTL_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make BUILD_BIN_PATH=./build crictl \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/crictl +- +-# stage for building cni-plugins +-FROM go-build as build-cni +-ARG TARGETARCH GO_VERSION +-ARG CNI_PLUGINS_VERSION="v1.3.0" +-ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins" +-RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \ +- && cd /cni-plugins \ +- && git checkout "${CNI_PLUGINS_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && mkdir ./bin \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && go build -o ./bin/host-local -mod=vendor ./plugins/ipam/host-local \ +- && go build -o ./bin/loopback -mod=vendor ./plugins/main/loopback \ +- && go build -o ./bin/ptp -mod=vendor ./plugins/main/ptp \ +- && go build -o ./bin/portmap -mod=vendor ./plugins/meta/portmap \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES \ +- ./plugins/ipam/host-local \ +- ./plugins/main/loopback ./plugins/main/ptp \ +- ./plugins/meta/portmap +- +-# stage for building containerd-fuse-overlayfs +-FROM go-build as build-fuse-overlayfs +-ARG TARGETARCH GO_VERSION +-ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v1.0.5" +-ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter" +-RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \ +- && cd /fuse-overlayfs-snapshotter \ +- && git checkout "${CONTAINERD_FUSE_OVERLAYFS_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make bin/containerd-fuse-overlayfs-grpc \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/containerd-fuse-overlayfs-grpc +- +- +-# build final image layout from other stages +-FROM base as build +-# copy over containerd build and install +-COPY --from=build-containerd /containerd/bin/containerd /usr/local/bin/ +-COPY --from=build-containerd /containerd/bin/ctr /usr/local/bin/ +-COPY --from=build-containerd /containerd/bin/containerd-shim-runc-v2 /usr/local/bin/ ++# this was removed upstream when they switched to debian ++# keeping since this unit exists in al23 +RUN echo "Adjusting systemd-tmpfiles timer" \ + && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' ++ + RUN ctr oci spec \ + | jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/kind/bin/mount-product-files.sh"}' \ + | jq 'del(.process.rlimits)' \ + > /etc/containerd/cri-base.json \ + && containerd --version +-COPY --from=build-containerd /_LICENSES/* /LICENSES/ +-# copy over runc build and install +-COPY --from=build-runc /runc/runc /usr/local/sbin/runc +-RUN runc --version +-COPY --from=build-runc /_LICENSES/* /LICENSES/ +-# copy over crictl build and install +-COPY --from=build-crictl /cri-tools/build/crictl /usr/local/bin/ +-COPY --from=build-crictl /_LICENSES/* /LICENSES/ +-# copy over CNI plugins build and install +-RUN mkdir -p /opt/cni/bin +-COPY --from=build-cni /cni-plugins/bin/host-local /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/loopback /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/ptp /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/portmap /opt/cni/bin/ +-COPY --from=build-cni /_LICENSES/* /LICENSES/ +-# copy over containerd-fuse-overlayfs and install +-COPY --from=build-fuse-overlayfs /fuse-overlayfs-snapshotter/bin/containerd-fuse-overlayfs-grpc /usr/local/bin/ +-COPY --from=build-fuse-overlayfs /_LICENSES/* /LICENSES/ +- +-# squash down to one compressed layer, without any lingering whiteout files etc +-FROM scratch +-COPY --from=build / / +-# add metadata, must be done after the squashing ++ ++# force use of al23 provided containerd.service config ++RUN cp /usr/lib/systemd/system/containerd.service /etc/systemd/system/containerd.service + +# These targets are basing off the "pushed" verison of the image above which is BUILDER_IMAGE +# the final base will be eks-distro-base, with the contents from the above copied @@ -171,44 +252,33 @@ index f6abfa3b..e4c13a47 100644 + +COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ +COPY --chmod=0644 files/etc/* /etc - - RUN echo "Installing CNI plugin binaries ..." \ - && curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \ -- && echo "${CNI_PLUGINS_AMD64_SHA256SUM} /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \ -- && echo "${CNI_PLUGINS_ARM64_SHA256SUM} /tmp/cni.arm64.tgz" | tee -a /tmp/cni.sha256 \ -- && sha256sum --ignore-missing -c /tmp/cni.sha256 \ ++ ++RUN echo "Installing CNI plugin binaries ..." \ ++ && curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \ + && echo "${CNI_PLUGINS_SHA256SUM} /tmp/cni.${TARGETARCH}.tgz" | tee /tmp/cni.sha256 \ + && sha256sum -c /tmp/cni.sha256 \ - && rm -f /tmp/cni.sha256 \ - && mkdir -p /opt/cni/bin \ - && tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \ -@@ -169,24 +167,10 @@ RUN echo "Installing CNI plugin binaries ..." \ - \) \ - -delete - --RUN echo "Installing containerd-fuse-overlayfs ..." \ -- && curl -sSL --retry 5 --output /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz "${CONTAINERD_FUSE_OVERLAYFS_URL}" \ -- && echo "${CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM} /tmp/containerd-fuse-overlayfs.amd64.tgz" | tee /tmp/containerd-fuse-overlayfs.sha256 \ -- && echo "${CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM} /tmp/containerd-fuse-overlayfs.arm64.tgz" | tee -a /tmp/containerd-fuse-overlayfs.sha256 \ -- && sha256sum --ignore-missing -c /tmp/containerd-fuse-overlayfs.sha256 \ -- && rm -f /tmp/containerd-fuse-overlayfs.sha256 \ -- && tar -C /usr/local/bin -xzvf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz \ -- && rm -rf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz -- --RUN echo "Ensuring /etc/kubernetes/manifests" \ -- && mkdir -p /etc/kubernetes/manifests - --RUN echo "Adjusting systemd-tmpfiles timer" \ -- && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' ++ && rm -f /tmp/cni.sha256 \ ++ && mkdir -p /opt/cni/bin \ ++ && tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \ ++ && rm -rf /tmp/cni.${TARGETARCH}.tgz \ ++ && find /opt/cni/bin -type f -not \( \ ++ -iname host-local \ ++ -o -iname ptp \ ++ -o -iname portmap \ ++ -o -iname loopback \ ++ \) \ ++ -delete ++ ++ +FROM $BASE_IMAGE as base-versioned - --# squash --FROM scratch --COPY --from=build / / ++ +COPY --from=base-versioned-intermediate / / - - # tell systemd that it is in docker (it will check for the container env) ++ ++ ++ + # first tell systemd that it is in docker (it will check for the container env) # https://systemd.io/CONTAINER_INTERFACE/ + ENV container docker diff --git a/images/base/files/usr/local/bin/clean-install b/images/base/files/usr/local/bin/clean-install index b0b861c3..f1d714a6 100755 --- a/images/base/files/usr/local/bin/clean-install @@ -236,5 +306,5 @@ index b0b861c3..f1d714a6 100755 - /usr/share/local/* + /usr/share/local/* || true -- -2.39.2 +2.40.1 diff --git a/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch b/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch index d2be7215f8..37f8f84526 100644 --- a/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch +++ b/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch @@ -1,19 +1,19 @@ -From 2a6b966caf858c5683660b644b7c2ee914e4e533 Mon Sep 17 00:00:00 2001 +From 314187ac127a4e8a190e62b9788a7940efbbb6f0 Mon Sep 17 00:00:00 2001 From: Jackson West Date: Sat, 2 Apr 2022 22:01:04 -0500 -Subject: [PATCH 2/2] skip ctr pulling required images since the build removes +Subject: [PATCH 2/3] skip ctr pulling required images since the build removes them anyway Signed-off-by: Jackson West --- - pkg/build/nodeimage/buildcontext.go | 48 +++++++++++++++-------------- - 1 file changed, 25 insertions(+), 23 deletions(-) + pkg/build/nodeimage/buildcontext.go | 36 +++++++++++++++-------------- + 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/pkg/build/nodeimage/buildcontext.go b/pkg/build/nodeimage/buildcontext.go -index ecbaf6b1..6922a23a 100644 +index fed540dc..7815c87f 100644 --- a/pkg/build/nodeimage/buildcontext.go +++ b/pkg/build/nodeimage/buildcontext.go -@@ -257,29 +257,31 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers +@@ -258,23 +258,25 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers } }() @@ -22,17 +22,11 @@ index ecbaf6b1..6922a23a 100644 - image := image // https://golang.org/doc/faq#closures_and_goroutines - fns = append(fns, func() error { - if !builtImages.Has(image) { -- /* -- TODO: show errors when we have real errors. See comments in -- importer implementation -- err := importer.Pull(image, dockerBuildOsAndArch(c.arch)) -- if err != nil { -- c.logger.Warnf("Failed to pull %s with error: %v", image, err) -- runE := exec.RunErrorForError(err) -- c.logger.Warn(string(runE.Output)) -- } -- */ -- _ = importer.Pull(image, dockerBuildOsAndArch(c.arch)) +- if err = importer.Pull(image, dockerBuildOsAndArch(c.arch)); err != nil { +- c.logger.Warnf("Failed to pull %s with error: %v", image, err) +- runE := exec.RunErrorForError(err) +- c.logger.Warn(string(runE.Output)) +- } - } - return nil - }) @@ -47,17 +41,11 @@ index ecbaf6b1..6922a23a 100644 + // image := image // https://golang.org/doc/faq#closures_and_goroutines + // fns = append(fns, func() error { + // if !builtImages.Has(image) { -+ // /* -+ // TODO: show errors when we have real errors. See comments in -+ // importer implementation -+ // err := importer.Pull(image, dockerBuildOsAndArch(c.arch)) -+ // if err != nil { -+ // c.logger.Warnf("Failed to pull %s with error: %v", image, err) -+ // runE := exec.RunErrorForError(err) -+ // c.logger.Warn(string(runE.Output)) -+ // } -+ // */ -+ // _ = importer.Pull(image, dockerBuildOsAndArch(c.arch)) ++ // if err = importer.Pull(image, dockerBuildOsAndArch(c.arch)); err != nil { ++ // c.logger.Warnf("Failed to pull %s with error: %v", image, err) ++ // runE := exec.RunErrorForError(err) ++ // c.logger.Warn(string(runE.Output)) ++ // } + // } + // return nil + // }) diff --git a/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch b/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch index 094ccd6d8a..6056b556b5 100644 --- a/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch +++ b/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch @@ -1,12 +1,11 @@ -From bc76a1b60451aa3df5bf85b37009eb298de86a2b Mon Sep 17 00:00:00 2001 -From: Prow Bot +From 00c9ce28d95941e4d555f2ace4a0eb3bc15d01a7 Mon Sep 17 00:00:00 2001 +From: Jackson West Date: Wed, 19 Apr 2023 12:28:28 -0500 Subject: [PATCH 3/3] Patch haproxy maxconn value to avoid ulimit issue EKS-A uses haproxy 2.5 which errors if the maxconn value requires more FDs than allowed by the ulimit setting of docker. 100k maxconn is too high for the default ulimit on an al2 node. - --- images/haproxy/haproxy.cfg | 5 ++++- pkg/cluster/internal/loadbalancer/config.go | 5 ++++-