Merge pull request #725 from erikwilson/update-hardened-images

Update hardened images

Dockerfile

@@ -127,21 +127,21 @@ ARG CHARTS_REPO="https://rke2-charts.rancher.io"
 ARG CACHEBUST="cachebust"
 COPY charts/ /charts/
 RUN echo ${CACHEBUST}>/dev/null
-RUN CHART_VERSION="v3.13.3"     CHART_FILE=/charts/rke2-canal.yaml             CHART_BOOTSTRAP=true    /charts/build-chart.sh
-RUN CHART_VERSION="1.10.101"    CHART_FILE=/charts/rke2-coredns.yaml           CHART_BOOTSTRAP=true    /charts/build-chart.sh
-RUN CHART_VERSION="1.36.300"    CHART_FILE=/charts/rke2-ingress-nginx.yaml     CHART_BOOTSTRAP=false   /charts/build-chart.sh
-RUN CHART_VERSION="v1.19.8"    CHART_FILE=/charts/rke2-kube-proxy.yaml        CHART_BOOTSTRAP=true    /charts/build-chart.sh
-RUN CHART_VERSION="2.11.100"    CHART_FILE=/charts/rke2-metrics-server.yaml    CHART_BOOTSTRAP=false   /charts/build-chart.sh
+RUN CHART_VERSION="v3.13.300-build20210223"   CHART_FILE=/charts/rke2-canal.yaml             CHART_BOOTSTRAP=true    /charts/build-chart.sh
+RUN CHART_VERSION="1.10.101-build2021022301"  CHART_FILE=/charts/rke2-coredns.yaml           CHART_BOOTSTRAP=true    /charts/build-chart.sh
+RUN CHART_VERSION="1.36.300"                  CHART_FILE=/charts/rke2-ingress-nginx.yaml     CHART_BOOTSTRAP=false   /charts/build-chart.sh
+RUN CHART_VERSION="v1.19.8"                   CHART_FILE=/charts/rke2-kube-proxy.yaml        CHART_BOOTSTRAP=true    /charts/build-chart.sh
+RUN CHART_VERSION="2.11.100-build2021022300"  CHART_FILE=/charts/rke2-metrics-server.yaml    CHART_BOOTSTRAP=false   /charts/build-chart.sh
 RUN rm -vf /charts/*.sh /charts/*.md
 
 # rke-runtime image
 # This image includes any host level programs that we might need. All binaries
 # must be placed in bin/ of the file image and subdirectories of bin/ will be flattened during installation.
 # This means bin/foo/bar will become bin/bar when rke2 installs this to the host
 FROM rancher/k3s:v1.19.8-rc1-k3s1 AS k3s
-FROM rancher/hardened-containerd:v1.4.3-k3s3 AS containerd
-FROM rancher/hardened-crictl:v1.19.0 AS crictl
-FROM rancher/hardened-runc:v1.0.0-rc92 AS runc
+FROM rancher/hardened-containerd:v1.4.3-k3s3-build20210223 AS containerd
+FROM rancher/hardened-crictl:v1.19.0-build20210223 AS crictl
+FROM rancher/hardened-runc:v1.0.0-rc93-build20210223 AS runc
 
 FROM scratch AS runtime
 COPY --from=k3s \

pkg/images/images.go

@@ -15,9 +15,9 @@ const (
 )
 
 var (
-	KubernetesVersion = "v1.19.8"      // make sure this matches what is in the scripts/version.sh script
-	PauseVersion      = "3.2"          // make sure this matches what is in the scripts/build-images script
-	EtcdVersion       = "v3.4.13-k3s1" // make sure this matches what is in the scripts/build-images script
+	KubernetesVersion = "v1.19.8"                    // make sure this matches what is in the scripts/version.sh script
+	PauseVersion      = "3.2"                        // make sure this matches what is in the scripts/build-images script
+	EtcdVersion       = "v3.4.13-k3s1-build20210223" // make sure this matches what is in the scripts/build-images script
 	RuntimeImageName  = "rke2-runtime"
 )
 

scripts/build-images

@@ -9,11 +9,11 @@ source ./scripts/version.sh
 ./scripts/build-image-runtime
 
 xargs -n1 -t docker image pull --quiet << EOF > build/images.txt
-    docker.io/rancher/hardened-calico:v3.13.3
-    docker.io/rancher/hardened-coredns:v1.6.9
-    docker.io/rancher/hardened-etcd:v3.4.13-k3s1
-    docker.io/rancher/hardened-flannel:v0.13.0-rancher1
-    docker.io/rancher/hardened-k8s-metrics-server:v0.3.6
+    docker.io/rancher/hardened-calico:v3.13.3-build20210223
+    docker.io/rancher/hardened-coredns:v1.6.9-build20210223
+    docker.io/rancher/hardened-etcd:v3.4.13-k3s1-build20210223
+    docker.io/rancher/hardened-flannel:v0.13.0-rancher1-build20210223
+    docker.io/rancher/hardened-k8s-metrics-server:v0.3.6-build20210223
     docker.io/rancher/hardened-kube-proxy:${KUBERNETES_VERSION}
     docker.io/rancher/klipper-helm:v0.4.3
     docker.io/rancher/pause:3.2