Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

kubernetes: use new registry

Browse Source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2022-12-12 11:35:12 +01:00
parent 6862c2587f
commit c741ccfb4b
8 changed files with 56 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/docs/upgrade-kubernetes.md vendored
View File

@ -17,19 +17,15 @@ During cluster initialization, multiple Kubernetes resources are deployed. Some
You can check available version tags for container images using [the container registry tags API](https://docs.docker.com/registry/spec/api/#listing-image-tags):
```sh
curl -q https://k8s.gcr.io/v2/autoscaling/cluster-autoscaler/tags/list | jq .tags
curl -q https://k8s.gcr.io/v2/cloud-controller-manager/tags/list | jq .tags
curl -q https://us.gcr.io/v2/k8s-artifacts-prod/provider-aws/cloud-controller-manager/tags/list | jq .tags
curl -q https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-controller-manager/tags/list | jq .tags
curl -q https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-node-manager/tags/list | jq .tags
curl -qL https://registry.k8s.io/v2/autoscaling/cluster-autoscaler/tags/list | jq .tags
curl -qL https://registry.k8s.io/v2/cloud-controller-manager/tags/list | jq .tags
curl -qL https://registry.k8s.io/v2/provider-aws/cloud-controller-manager/tags/list | jq .tags
curl -qL https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-controller-manager/tags/list | jq .tags
curl -qL https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-node-manager/tags/list | jq .tags
# [...]
```
## Upgrade go dependencies
The [`go.mod`](/go.mod) and [`go.sum`](/go.sum) files pin versions of the Kubernetes go packages. While these do not need to be on the exact versions used in the Kubernetes deployment, it is a good idea to keep them updated and on a similar version.
Upgrade Kubernetes go dependencies by changing the versions of all packages in the `k8s.io` namespace from the old version to the new version in [`go.mod`](/go.mod) and run `go mod tidy`. Ensure that there are no other conflicts and test your changes.
See the diff of [this PR](https://github.com/edgelesssys/constellation/pull/110) as an example of updating the go dependencies.
Normally renovate will handle the upgrading of Kubernetes dependencies.
## Test the new Kubernetes version

28
cli/internal/helm/charts/edgeless/constellation-services/charts/autoscaler/values.schema.json
View File

@ -3,13 +3,19 @@
"properties": {
"csp": {
"description": "CSP to which the chart is deployed.",
"enum": ["Azure", "GCP", "AWS", "QEMU"]
"enum": [
"Azure",
"GCP",
"AWS",
"QEMU"
]
},
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"]
"examples": [
"registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1"
]
},
"Azure": {
"description": "Config values required for deployment on Azure",
@ -50,10 +56,20 @@
"image"
],
"if": {
"properties": { "csp": { "const": "Azure" } },
"required": ["csp"]
"properties": {
"csp": {
"const": "Azure"
}
},
"required": [
"csp"
]
},
"then": {
"required": [
"Azure"
]
},
"then": { "required": ["Azure"] },
"title": "Values",
"type": "object"
}

12
cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/values.schema.json
View File

@ -11,8 +11,9 @@
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"]
"examples": [
"registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1"
]
}
},
"required": [
@ -26,7 +27,12 @@
},
"csp": {
"description": "CSP to which the chart is deployed.",
"enum": ["Azure", "GCP", "AWS", "QEMU"]
"enum": [
"Azure",
"GCP",
"AWS",
"QEMU"
]
},
"constellationUID": {
"description": "UID for the specific cluster",

5
cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json
View File

@ -11,8 +11,9 @@
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"]
"examples": [
"registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1"
]
}
},
"required": [

2
image/mkosi.skeleton/usr/etc/containerd/config.toml
View File

@ -53,7 +53,7 @@ version = 2
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "k8s.gcr.io/pause:3.5"
sandbox_image = "registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"

10
internal/versions/versions.go
View File

@ -55,7 +55,7 @@ const (
//
// KonnectivityAgentImage agent image for konnectivity service.
KonnectivityAgentImage = "us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da" // renovate:container
KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da" // renovate:container
// KonnectivityServerImage server image for konnectivity service.
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.0.33@sha256:2c111f004bec24888d8cfa2a812a38fb8341350abac67dcd0ac64e709dfe389c" // renovate:container
// JoinImage image of Constellation join service.
@ -146,7 +146,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.23.23@sha256:a82d73fb1ee10e3041b4f03cfe4ab5bb8edc8329c45bf1d42ff9e06340137de3", // renovate:container
// External service image. Depends on k8s version.
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", // renovate:container
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", // renovate:container
},
V1_24: {
PatchVersion: "v1.24.9", // renovate:kubernetes-release
@ -192,7 +192,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.10@sha256:fed0573c5200e2ba6874a08b4fa875523958d6e6cebc4831f5798ae8caf4ac8e", // renovate:container
// External service image. Depends on k8s version.
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", // renovate:container
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", // renovate:container
},
V1_25: {
PatchVersion: "v1.25.5", // renovate:kubernetes-release
@ -241,7 +241,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.4@sha256:5227c3820a60df390107fa0a0865bf19745f21fc3c323c779ac71e3b70e46846", // renovate:container
// External service image. Depends on k8s version.
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container
},
V1_26: {
PatchVersion: "v1.26.0", // renovate:kubernetes-release
@ -290,7 +290,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.4@sha256:5227c3820a60df390107fa0a0865bf19745f21fc3c323c779ac71e3b70e46846", // renovate:container
// External service image. Depends on k8s version.
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container
},
}

6
internal/versions/versions_test.go
View File

@ -19,15 +19,15 @@ func TestVersionFromDockerImage(t *testing.T) {
wantPanic bool
}{
"valid image name": {
imageName: "k8s.gcr.io/kube-apiserver:v1.18.0",
imageName: "registry.test.foo/kube-apiserver:v1.18.0",
wantVersion: "v1.18.0",
},
"valid image name with sha": {
imageName: "k8s.gcr.io/kube-apiserver:v1.18.0@sha256:1234567890abcdef",
imageName: "registry.test.foo/kube-apiserver:v1.18.0@sha256:1234567890abcdef",
wantVersion: "v1.18.0",
},
"invalid image name": {
imageName: "k8s.gcr.io/kube-apiserver",
imageName: "registry.test.foo/kube-apiserver",
wantPanic: true,
},
}

10
renovate.json
View File

@ -100,7 +100,7 @@
"registry.k8s.io/provider-aws/cloud-controller-manager",
"mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager",
"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager",
"k8s.gcr.io/autoscaling/cluster-autoscaler"
"registry.k8s.io/autoscaling/cluster-autoscaler"
],
"versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
"groupName": "K8s constrained versions",
@ -149,8 +149,12 @@
"prPriority": -20
},
{
"matchManagers": ["github-actions"],
"matchPackageNames": ["slsa-framework/slsa-github-generator"],
"matchManagers": [
"github-actions"
],
"matchPackageNames": [
"slsa-framework/slsa-github-generator"
],
"pinDigests": false
}
],