From c51694a51ad4f2343e4186d67cf05533e238a494 Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Thu, 10 Nov 2022 15:20:10 +0100 Subject: [PATCH] kubernetes: add hashes to components --- .../internal/kubernetes/k8sapi/k8sutil.go | 10 +- go.mod | 3 +- go.sum | 7 +- hack/go.mod | 2 +- hack/go.sum | 7 +- internal/versions/generateHashes.go | 158 ++++++++++++++++++ internal/versions/versions.go | 111 ++++++++---- 7 files changed, 257 insertions(+), 41 deletions(-) create mode 100644 internal/versions/generateHashes.go diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index 29d1b37c1..1db84ebb4 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -82,27 +82,27 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions versionConf := versions.VersionConfigs[version] if err := k.inst.Install( - ctx, versionConf.CNIPluginsURL, []string{cniPluginsDir}, executablePerm, true, + ctx, versionConf.CNIPlugins.URL, []string{cniPluginsDir}, executablePerm, true, ); err != nil { return fmt.Errorf("installing cni plugins: %w", err) } if err := k.inst.Install( - ctx, versionConf.CrictlURL, []string{binDir}, executablePerm, true, + ctx, versionConf.Crictl.URL, []string{binDir}, executablePerm, true, ); err != nil { return fmt.Errorf("installing crictl: %w", err) } if err := k.inst.Install( - ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false, + ctx, versionConf.Kubelet.URL, []string{kubeletPath}, executablePerm, false, ); err != nil { return fmt.Errorf("installing kubelet: %w", err) } if err := k.inst.Install( - ctx, versionConf.KubeadmURL, []string{kubeadmPath}, executablePerm, false, + ctx, versionConf.Kubeadm.URL, []string{kubeadmPath}, executablePerm, false, ); err != nil { return fmt.Errorf("installing kubeadm: %w", err) } if err := k.inst.Install( - ctx, versionConf.KubectlURL, []string{constants.KubectlPath}, executablePerm, false, + ctx, versionConf.Kubectl.URL, []string{constants.KubectlPath}, executablePerm, false, ); err != nil { return fmt.Errorf("installing kubectl: %w", err) } diff --git a/go.mod b/go.mod index 6eb6d5244..4a82e29d7 100644 --- a/go.mod +++ b/go.mod @@ -118,6 +118,7 @@ require ( github.com/google/logger v1.1.1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/hashicorp/go-retryablehttp v0.7.1 // indirect + github.com/rogpeppe/go-internal v1.8.1 // indirect golang.org/x/text v0.4.0 // indirect ) @@ -286,7 +287,7 @@ require ( golang.org/x/sync v0.1.0 // indirect golang.org/x/term v0.2.0 // indirect golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.3.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index c3400f1eb..7c212edf8 100644 --- a/go.sum +++ b/go.sum @@ -1167,8 +1167,9 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ= @@ -1826,8 +1827,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/hack/go.mod b/hack/go.mod index c0dc60904..e88af471e 100644 --- a/hack/go.mod +++ b/hack/go.mod @@ -210,7 +210,7 @@ require ( golang.org/x/term v0.2.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.3.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/hack/go.sum b/hack/go.sum index 9b3f3a705..c3e5d6da0 100644 --- a/hack/go.sum +++ b/hack/go.sum @@ -1001,8 +1001,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -1406,6 +1406,7 @@ golang.org/x/sync v0.0.0-20200930132711-30421366ff76/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1603,8 +1604,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/versions/generateHashes.go b/internal/versions/generateHashes.go new file mode 100644 index 000000000..af6701bec --- /dev/null +++ b/internal/versions/generateHashes.go @@ -0,0 +1,158 @@ +//go:build ignore + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package main + +import ( + "bytes" + "context" + "crypto/sha256" + "fmt" + "go/ast" + "go/parser" + "go/printer" + "go/token" + "io" + "log" + "net/http" + "os" + + "golang.org/x/tools/go/ast/astutil" +) + +func mustGetHash(url string) string { + // remove quotes around url + url = url[1 : len(url)-1] + + // Get the data + req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, url, nil) + if err != nil { + panic(err) + } + resp, err := http.DefaultClient.Do(req) + if err != nil { + panic(err) + } + defer resp.Body.Close() + + // Check server response + if resp.StatusCode != http.StatusOK { + panic("bad status: " + resp.Status) + } + + // Generate SHA256 hash of the file + sha := sha256.New() + if _, err := io.Copy(sha, resp.Body); err != nil { + panic(err) + } + fileHash := sha.Sum(nil) + + // Get upstream hash + req, err = http.NewRequestWithContext(context.Background(), http.MethodGet, url+".sha256", nil) + if err != nil { + panic(err) + } + resp, err = http.DefaultClient.Do(req) + if err != nil { + panic(err) + } + defer resp.Body.Close() + + // Check server response + if resp.StatusCode != http.StatusOK { + panic("bad status: " + resp.Status) + } + + // Compare hashes + + // Take the first 64 ascii characters = 32 bytes. + // Some .sha256 files contain additional information afterwards. + upstreamHash := make([]byte, 64) + if _, err = resp.Body.Read(upstreamHash); err != nil { + panic(err) + } + if string(upstreamHash) != fmt.Sprintf("%x", fileHash) { + panic("hash mismatch") + } + + return fmt.Sprintf("\"sha256:%x\"", fileHash) +} + +func main() { + fmt.Println("Generating hashes...") + + const filePath = "./versions.go" + + fset := token.NewFileSet() + file, err := parser.ParseFile(fset, filePath, nil, parser.ParseComments) + if err != nil { + log.Fatal(err) + } + + newFile := astutil.Apply(file, func(cursor *astutil.Cursor) bool { + n := cursor.Node() + + if x, ok := n.(*ast.CompositeLit); ok { + ident, ok := x.Type.(*ast.Ident) + if !ok { + return true + } + if ident.Name == "ArtifactVersion" { + var url *ast.KeyValueExpr + var hash *ast.KeyValueExpr + // Find the URL field + for _, e := range x.Elts { + kv, ok := e.(*ast.KeyValueExpr) + if !ok { + continue + } + ident, ok := kv.Key.(*ast.Ident) + if !ok { + continue + } + if ident.Name == "URL" { + url = kv + break + } + } + // Find the Hash field + for _, e := range x.Elts { + kv, ok := e.(*ast.KeyValueExpr) + if !ok { + continue + } + ident, ok := kv.Key.(*ast.Ident) + if !ok { + continue + } + if ident.Name == "Hash" { + hash = kv + break + } + } + + // Generate the hash + fmt.Println("Generating hash for", url.Value.(*ast.BasicLit).Value) + hash.Value.(*ast.BasicLit).Value = mustGetHash(url.Value.(*ast.BasicLit).Value) + } + } + return true + }, nil, + ) + + var buf bytes.Buffer + printConfig := printer.Config{Mode: printer.UseSpaces | printer.TabIndent, Tabwidth: 8} + + if err = printConfig.Fprint(&buf, fset, newFile); err != nil { + log.Fatalf("error formatting file %s: %s", filePath, err) + } + if err := os.WriteFile(filePath, buf.Bytes(), 0o644); err != nil { + log.Fatalf("error writing file %s: %s", filePath, err) + } + fmt.Println("Successfully generated hashes.") +} diff --git a/internal/versions/versions.go b/internal/versions/versions.go index f16b27fad..9975455ff 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -94,15 +94,34 @@ var ( NodeMaintenanceOperatorVersion = versionFromDockerImage(NodeMaintenanceOperatorCatalogImage) ) +// Regenerate the hashes by running go generate. +// To add another Kubernetes version, add a new entry to the VersionConfigs map below and fill the Hash field with an empty string. +//go:generate go run generateHashes.go + // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_23: { - PatchVersion: "v1.23.14", // renovate:kubernetes-release - CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release - CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release - KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubelet", // renovate:kubernetes-release - KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubectl", // renovate:kubernetes-release + PatchVersion: "v1.23.14", // renovate:kubernetes-release + CNIPlugins: ArtifactVersion{ + URL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5", + }, + Crictl: ArtifactVersion{ + URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:86ab210c007f521ac4cdcbcf0ae3fb2e10923e65f16de83e0e1db191a07f0235", + }, + Kubelet: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:f2bef00508790f632d035a6cfdd31539115611bfc93c5a3266ceb95bb2f27b76", + }, + Kubeadm: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:46c847e2699839b9ccf6673f0b946c4778a3a2e8e463d15854ba30d3f0cbd87a", + }, + Kubectl: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.14/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:13ce4b18ba6e15d5d259249c530637dd7fb9722d121df022099f3ed5f2bd74cd", + }, // CloudControllerManagerImageAWS is the CCM image used on AWS. CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.23.2@sha256:5caf74bfe1c6e1b7b7d40345db52b54eeea7229a8fd73c7db9488ef87dc7a496", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. @@ -116,12 +135,27 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", // renovate:container }, V1_24: { - PatchVersion: "v1.24.8", // renovate:kubernetes-release - CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release - CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release - KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubelet", // renovate:kubernetes-release - KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubectl", // renovate:kubernetes-release + PatchVersion: "v1.24.8", // renovate:kubernetes-release + CNIPlugins: ArtifactVersion{ + URL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5", + }, + Crictl: ArtifactVersion{ + URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:86ab210c007f521ac4cdcbcf0ae3fb2e10923e65f16de83e0e1db191a07f0235", + }, + Kubelet: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:2da0b93857cf352bff5d1eb42e34d398a5971b63a53d8687b45179a78540d6d6", + }, + Kubeadm: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:9fea42b4fb5eb2da638d20710ebb791dde221e6477793d3de70134ac058c4cc7", + }, + Kubectl: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.8/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:f93c18751ec715b4d4437e7ece18fe91948c71be1f24ab02a2dde150f5449855", + }, // CloudControllerManagerImageAWS is the CCM image used on AWS. CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.1@sha256:4b75b09cc5b3959d06a8c2fb84f165e8163ec0153eaa6a48ece6c8113e78e720", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. @@ -135,12 +169,27 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", // renovate:container }, V1_25: { - PatchVersion: "v1.25.4", // renovate:kubernetes-release - CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release - CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release - KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubelet", // renovate:kubernetes-release - KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubectl", // renovate:kubernetes-release + PatchVersion: "v1.25.4", // renovate:kubernetes-release + CNIPlugins: ArtifactVersion{ + URL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5", + }, + Crictl: ArtifactVersion{ + URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:86ab210c007f521ac4cdcbcf0ae3fb2e10923e65f16de83e0e1db191a07f0235", + }, + Kubelet: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:7f7437e361f829967ee02e30026d7e85219693432ac5e930cc98dd9c7ddb2fac", + }, + Kubeadm: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:b8a6119d2a3a7c6add43dcf8f920436bf7fe71a77a086e96e40aa9d6f70be826", + }, + Kubectl: ArtifactVersion{ + URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.4/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:e4e569249798a09f37e31b8b33571970fcfbdecdd99b1b81108adc93ca74b522", + }, // CloudControllerManagerImageAWS is the CCM image used on AWS. CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.1@sha256:85d3f1e9dacc72531445989bb10999e1e70ebc409d11be57e5baa5f031a893b0", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. @@ -161,16 +210,22 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ // KubernetesVersion bundles download URLs to all version-releated binaries necessary for installing/deploying a particular Kubernetes version. type KubernetesVersion struct { PatchVersion string - CNIPluginsURL string // No k8s version dependency. - CrictlURL string // k8s version dependency. - KubeletURL string // k8s version dependency. - KubeadmURL string // k8s version dependency. - KubectlURL string // k8s version dependency. - CloudControllerManagerImageAWS string // k8s version dependency. - CloudControllerManagerImageGCP string // Using self-built image until resolved: https://github.com/kubernetes/cloud-provider-gcp/issues/289 - CloudControllerManagerImageAzure string // k8s version dependency. - CloudNodeManagerImageAzure string // k8s version dependency. Same version as above. - ClusterAutoscalerImage string // Matches k8s versioning scheme. + CNIPlugins ArtifactVersion // No k8s version dependency. + Crictl ArtifactVersion // k8s version dependency. + Kubelet ArtifactVersion // k8s version dependency. + Kubeadm ArtifactVersion // k8s version dependency. + Kubectl ArtifactVersion // k8s version dependency. + CloudControllerManagerImageAWS string // k8s version dependency. + CloudControllerManagerImageGCP string // Using self-built image until resolved: https://github.com/kubernetes/cloud-provider-gcp/issues/289 + CloudControllerManagerImageAzure string // k8s version dependency. + CloudNodeManagerImageAzure string // k8s version dependency. Same version as above. + ClusterAutoscalerImage string // Matches k8s versioning scheme. +} + +// ArtifactVersion is a version of a particular artifact. +type ArtifactVersion struct { + URL string + Hash string } // versionFromDockerImage returns the version tag from the image name, e.g. "v1.22.2" from "foocr.io/org/repo:v1.22.2@sha256:3009fj0...".