mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 06:59:40 -05:00
versions: add Kubernetes image patches to components
This commit is contained in:
parent
b740a1a75b
commit
4ba483ec0e
@ -848,6 +848,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C
|
||||
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
|
||||
github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
|
||||
github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
|
||||
github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
|
||||
github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
|
||||
github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
|
||||
github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
|
||||
github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
|
||||
|
@ -106,6 +106,8 @@ const (
|
||||
KubeadmPath = "/run/state/bin/kubeadm"
|
||||
// KubeletPath install path for kubelet.
|
||||
KubeletPath = "/run/state/bin/kubelet"
|
||||
// KubeadmPatchDir directory for kubeadm patches .
|
||||
KubeadmPatchDir = "/opt/kubernetes/patches"
|
||||
|
||||
//
|
||||
// Filenames for Constellation's micro services.
|
||||
|
@ -18,5 +18,9 @@ go_test(
|
||||
name = "versions_test",
|
||||
srcs = ["versions_test.go"],
|
||||
embed = [":versions"],
|
||||
deps = ["@com_github_stretchr_testify//assert"],
|
||||
deps = [
|
||||
"@com_github_stretchr_testify//assert",
|
||||
"@com_github_stretchr_testify//require",
|
||||
"@com_github_vincent_petithory_dataurl//:dataurl",
|
||||
],
|
||||
)
|
||||
|
@ -19,6 +19,7 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/tools/go/ast/astutil"
|
||||
)
|
||||
@ -147,8 +148,13 @@ func main() {
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("Generating hash for", url.Value.(*ast.BasicLit).Value)
|
||||
hash.Value.(*ast.BasicLit).Value = mustGetHash(url.Value.(*ast.BasicLit).Value)
|
||||
urlValue := url.Value.(*ast.BasicLit).Value
|
||||
if strings.HasPrefix(urlValue, `"data:`) {
|
||||
// TODO(burgerdev): support patch generation
|
||||
continue
|
||||
}
|
||||
fmt.Println("Generating hash for", urlValue)
|
||||
hash.Value.(*ast.BasicLit).Value = mustGetHash(urlValue)
|
||||
}
|
||||
|
||||
return true
|
||||
|
@ -13,6 +13,7 @@ package versions
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"path"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
@ -154,6 +155,12 @@ func hasPatchVersion(version string) bool {
|
||||
return semver.MajorMinor(version) != version
|
||||
}
|
||||
|
||||
// patchFilePath returns the canonical path for kubeadm patch files for the given component.
|
||||
// See https://pkg.go.dev/k8s.io/kubernetes@v1.27.7/cmd/kubeadm/app/apis/kubeadm/v1beta3#InitConfiguration.
|
||||
func patchFilePath(component string) string {
|
||||
return path.Join(constants.KubeadmPatchDir, fmt.Sprintf("%s+json.json", component))
|
||||
}
|
||||
|
||||
const (
|
||||
//
|
||||
// Constellation images.
|
||||
@ -227,6 +234,18 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
InstallPath: constants.KubectlPath,
|
||||
Extract: false,
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI2LjExQHNoYTI1NjozOTUzNWQwZWZlODk1YWU5MWI1NTExZmRhZGI1MmVjOTMyOWYzODk4NzYxMTYzYThjMGRlMjAzZTIzZTMzODUzIn1d",
|
||||
InstallPath: patchFilePath("kube-apiserver"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI2LjExQHNoYTI1NjpjZGJlZmZmMTU0ZDRjY2I1ZDhlOGIxNmI4MDRjYmM2Y2M5MzI2YTc2MGI5ZjkxNDIyMjcwOGY5OTExOThkNTdjIn1d",
|
||||
InstallPath: patchFilePath("kube-controller-manager"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI2LjExQHNoYTI1NjowNjg0ZTIzMTcyZDkyMDMxNDk3MTU4MGFiMTE1YTViNjc5YWMxZmFlMmNiOTRkODNlOTEwNWMwYjFlOTNhMWJjIn1d",
|
||||
InstallPath: patchFilePath("kube-scheduler"),
|
||||
},
|
||||
},
|
||||
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
||||
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.6@sha256:33445ab57f48938fe989ffe311dacee0044b82f2bd23cb7f7b563275926f0ce9", // renovate:container
|
||||
@ -278,6 +297,18 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
InstallPath: constants.KubectlPath,
|
||||
Extract: false,
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI3LjhAc2hhMjU2OjcwYjA1YjYxZDg0NmViYjY5YTkwN2ZlMjU1ZDM5YTZmNmMxMGQ1Y2E5NTA0ZjNkMmMwZGZmM2Y4NjQ2OTBkMzMifV0=",
|
||||
InstallPath: patchFilePath("kube-apiserver"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI3LjhAc2hhMjU2OmU1OWM2MzczZDI2YjY4NGE5MWNmYTU5NDJjMGY3MzcxYmRhOWI0YmI3Njg5ZTNmOTBmN2VlNGY5NjUxZWUyMmIifV0=",
|
||||
InstallPath: patchFilePath("kube-controller-manager"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI3LjhAc2hhMjU2OjYyMzdlNzEwMGNjZGJiZDVlMGU3Y2ZmNzc5NjgzMWMxODVhMzk0NzE5OTgyM2YzOTEyODNjNzlkMDBhZmYwNzAifV0=",
|
||||
InstallPath: patchFilePath("kube-scheduler"),
|
||||
},
|
||||
},
|
||||
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
||||
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.2@sha256:42be09a2b13b4e69b42905639d6b005ebe1ca490aabefad427256abf2cc892c7", // renovate:container
|
||||
@ -329,6 +360,18 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
InstallPath: constants.KubectlPath,
|
||||
Extract: false,
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjRAc2hhMjU2OjViMjhhMzY0NDY3Y2Y3ZTEzNDM0M2JiM2VlMmM2ZDQwNjgyYjQ3M2E3NDNhNzIxNDJjN2JiZTI1NzY3ZDM2ZWIifV0=",
|
||||
InstallPath: patchFilePath("kube-apiserver"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjRAc2hhMjU2OjY1NDg2YzhjMzM4Zjk2ZGMwMjJkZDFhMGFiZTg3NjNlMzhmMzUwOTViODRiMjA4Yzc4ZjQ0ZDllOTk0NDdkMWMifV0=",
|
||||
InstallPath: patchFilePath("kube-controller-manager"),
|
||||
},
|
||||
{
|
||||
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjRAc2hhMjU2OjMzNWJiYTllODYxYjg4ZmE4YjdiYjkyNTBiY2Q2OWI3YTMzZjgzZGE0ZmVlOTNmOWZjMGVlZGM2ZjM0ZTI4YmEifV0=",
|
||||
InstallPath: patchFilePath("kube-scheduler"),
|
||||
},
|
||||
},
|
||||
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
||||
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.1@sha256:79b423ac8bc52d00f932b40de11fc3047a5ed1cbec47cda23bcf8f45ef583ed1", // renovate:container
|
||||
|
@ -7,9 +7,14 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||
package versions
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"path"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/vincent-petithory/dataurl"
|
||||
)
|
||||
|
||||
func TestVersionFromDockerImage(t *testing.T) {
|
||||
@ -44,3 +49,25 @@ func TestVersionFromDockerImage(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestKubernetesImagePatchCompatibility(t *testing.T) {
|
||||
// This test ensures that pinned Kubernetes images correspond to the
|
||||
// supported Kubernetes versions. It prevents automatic upgrades until
|
||||
// a patch generator is added to the codebase.
|
||||
// TODO(burgerdev): remove after patches are generated automatically.
|
||||
for v, clusterConfig := range VersionConfigs {
|
||||
t.Run(string(v), func(t *testing.T) {
|
||||
for i, component := range clusterConfig.KubernetesComponents.GetUpgradableComponents() {
|
||||
if !strings.HasPrefix(component.Url, "data:") {
|
||||
continue
|
||||
}
|
||||
t.Run(fmt.Sprintf("%d-%s", i, path.Base(component.InstallPath)), func(t *testing.T) {
|
||||
require := require.New(t)
|
||||
dataURL, err := dataurl.DecodeString(component.Url)
|
||||
require.NoError(err)
|
||||
require.Contains(string(dataURL.Data), clusterConfig.ClusterVersion)
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -871,6 +871,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C
|
||||
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
|
||||
github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
|
||||
github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
|
||||
github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
|
||||
github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
|
||||
github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
|
Loading…
Reference in New Issue
Block a user