mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-27 00:19:36 -05:00
e0285c122e
* chore: add TODO responsibilities * chore: remove not needed TODOs * chore: remove outdated migrations * chore: remove resolved goleak exception * chore: remove not needed cosign env * config: add link to our Azure snp docs
279 lines
16 KiB
Go
279 lines
16 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
/*
|
|
Package versions defines the supported versions of Constellation components.
|
|
|
|
Binaries and container image versions are pinned by their hashes, the generate tool can be found in the hash-generator subpackage.
|
|
*/
|
|
package versions
|
|
|
|
import (
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/compatibility"
|
|
"github.com/edgelesssys/constellation/v2/internal/constants"
|
|
"github.com/edgelesssys/constellation/v2/internal/versions/components"
|
|
"golang.org/x/mod/semver"
|
|
)
|
|
|
|
// SupportedK8sVersions returns a list (sorted) of supported Kubernetes versions.
|
|
func SupportedK8sVersions() []string {
|
|
validVersions := make([]string, len(VersionConfigs))
|
|
i := 0
|
|
for _, conf := range VersionConfigs {
|
|
validVersions[i] = compatibility.EnsurePrefixV(conf.ClusterVersion)
|
|
i++
|
|
}
|
|
validVersionsSorted := semver.ByVersion(validVersions)
|
|
sort.Sort(validVersionsSorted)
|
|
|
|
return validVersionsSorted
|
|
}
|
|
|
|
// ValidK8sVersion represents any of the three currently supported k8s versions.
|
|
type ValidK8sVersion string
|
|
|
|
// NewValidK8sVersion validates the given string and produces a new ValidK8sVersion object.
|
|
func NewValidK8sVersion(k8sVersion string) (ValidK8sVersion, error) {
|
|
if IsSupportedK8sVersion(k8sVersion) {
|
|
return ValidK8sVersion(k8sVersion), nil
|
|
}
|
|
return "", fmt.Errorf("invalid k8sVersion supplied: %s", k8sVersion)
|
|
}
|
|
|
|
// IsSupportedK8sVersion checks if a given Kubernetes version is supported by Constellation.
|
|
func IsSupportedK8sVersion(version string) bool {
|
|
for _, valid := range SupportedK8sVersions() {
|
|
if valid == version {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// IsPreviewK8sVersion checks if a given Kubernetes version is still in preview and not fully supported.
|
|
func IsPreviewK8sVersion(_ ValidK8sVersion) bool {
|
|
return false
|
|
}
|
|
|
|
const (
|
|
//
|
|
// Constellation images.
|
|
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
|
//
|
|
|
|
// KonnectivityAgentImage agent image for konnectivity service.
|
|
KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container
|
|
// KonnectivityServerImage server image for konnectivity service.
|
|
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container
|
|
// GcpGuestImage image for GCP guest agent.
|
|
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
|
|
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:20230221.0@sha256:8be328a5d8d601170b82481d413cf326b20c5219c016633f1651e35d95f1d6f1" // renovate:container
|
|
// NodeMaintenanceOperatorImage is the image for the node maintenance operator.
|
|
NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.14.0@sha256:2dffb6ffdbbe997d317799fc709baf030d678bde0be0264931ff6b3e94fd89ab" // renovate:container
|
|
// LogstashImage is the container image of logstash, used for log collection by debugd.
|
|
LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.7.0-pre.0.20230405123345-6bf3c63115a5@sha256:1e2c396538be7571138272f8a54e3412d4ff91ee370880f89894501a2555706a" // renovate:container
|
|
// FilebeatImage is the container image of filebeat, used for log collection by debugd.
|
|
FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.7.0-pre.0.20230405123345-6bf3c63115a5@sha256:abd739853af4981c3a4b338bb3a27433284525d7ebdb84adfc77f1873c41de93" // renovate:container
|
|
|
|
// currently supported versions.
|
|
//nolint:revive
|
|
V1_25 ValidK8sVersion = "v1.25.10" // renovate:kubernetes-release
|
|
//nolint:revive
|
|
V1_26 ValidK8sVersion = "v1.26.5" // renovate:kubernetes-release
|
|
//nolint:revive
|
|
V1_27 ValidK8sVersion = "v1.27.2" // renovate:kubernetes-release
|
|
|
|
// Default k8s version deployed by Constellation.
|
|
Default ValidK8sVersion = V1_26
|
|
)
|
|
|
|
// Regenerate the hashes by running go generate.
|
|
// To add another Kubernetes version, add a new entry to the VersionConfigs map below and fill the Hash field with an empty string.
|
|
//go:generate hash-generator
|
|
|
|
// VersionConfigs holds download URLs for all required kubernetes components for every supported version.
|
|
var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
|
V1_25: {
|
|
ClusterVersion: "v1.25.10", // renovate:kubernetes-release
|
|
KubernetesComponents: components.Components{
|
|
{
|
|
URL: "https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz", // renovate:cni-plugins-release
|
|
Hash: "sha256:f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37",
|
|
InstallPath: constants.CniPluginsDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.26.1/crictl-v1.26.1-linux-amd64.tar.gz", // renovate:crictl-release
|
|
Hash: "sha256:0c1a0f9900c15ee7a55e757bcdc220faca5dd2e1cfc120459ad1f04f08598127",
|
|
InstallPath: constants.BinDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.10/bin/linux/amd64/kubelet", // renovate:kubernetes-release
|
|
Hash: "sha256:280515c431b8c966e475de1b953b960242549cb86f0821ad819224085b449c9b",
|
|
InstallPath: constants.KubeletPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.10/bin/linux/amd64/kubeadm", // renovate:kubernetes-release
|
|
Hash: "sha256:7300211efa962d1ca27121ae68be6f06c7f2dca4ca8e5087a2a69f36daa6b9dc",
|
|
InstallPath: constants.KubeadmPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.10/bin/linux/amd64/kubectl", // renovate:kubernetes-release
|
|
Hash: "sha256:62129056c9e390b23253aadfce1fe23e43316cb3d79a73303d687d86d73707f2",
|
|
InstallPath: constants.KubectlPath,
|
|
Extract: false,
|
|
},
|
|
},
|
|
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
|
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.3@sha256:47eb1c1e6a3bd6d0fb44ac4992885b6218f1448ea339de778d8b703df463c06f", // renovate:container
|
|
// CloudControllerManagerImageAzure is the CCM image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.25.14@sha256:ec3750ee2e8e466186aa7b96e60bb466c9d209a3ca96f117daed37ee66124885", // renovate:container
|
|
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14@sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e", // renovate:container
|
|
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
|
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
|
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v25.2.0@sha256:86fa9d31ed0b3d0d8806f13d6e7debd3471028b2cb7cca3a876d8a31612a7ba5", // renovate:container
|
|
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
|
|
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.25.5", // renovate:container
|
|
// External service image. Depends on k8s version.
|
|
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
|
|
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.2@sha256:e1507a57738ccba5fbe7b313aad80f0c9822680eadca1a742b84c988f17287e5", // renovate:container
|
|
},
|
|
V1_26: {
|
|
ClusterVersion: "v1.26.5", // renovate:kubernetes-release
|
|
KubernetesComponents: components.Components{
|
|
{
|
|
URL: "https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz", // renovate:cni-plugins-release
|
|
Hash: "sha256:f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37",
|
|
InstallPath: constants.CniPluginsDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.26.1/crictl-v1.26.1-linux-amd64.tar.gz", // renovate:crictl-release
|
|
Hash: "sha256:0c1a0f9900c15ee7a55e757bcdc220faca5dd2e1cfc120459ad1f04f08598127",
|
|
InstallPath: constants.BinDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.26.5/bin/linux/amd64/kubelet", // renovate:kubernetes-release
|
|
Hash: "sha256:ad5e318ff0e81bc2bef874b2038489722cfcc117bd31726d0193056458c18bff",
|
|
InstallPath: constants.KubeletPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.26.5/bin/linux/amd64/kubeadm", // renovate:kubernetes-release
|
|
Hash: "sha256:793767419c382bae2dc2c9396baafbf051bfa3214accf40dcd7c5ea405583802",
|
|
InstallPath: constants.KubeadmPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.26.5/bin/linux/amd64/kubectl", // renovate:kubernetes-release
|
|
Hash: "sha256:5080bb2e9631fe095139f7e973df9a31eb73e668d1785ffeb524832aed8f87c3",
|
|
InstallPath: constants.KubectlPath,
|
|
Extract: false,
|
|
},
|
|
},
|
|
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
|
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.1@sha256:2a43d2d5611ba920c49e23127cfd474fb7932fcade1671dddbef757921fcdb40", // renovate:container
|
|
// CloudControllerManagerImageAzure is the CCM image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.10@sha256:4c4cd4c280cb85bf45567d50165cdd03670283ec2aa39ef8a242eac53a62d144", // renovate:container
|
|
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10@sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6", // renovate:container
|
|
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
|
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
|
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1@sha256:db2b15a20ad690784a6015bfad55c4dff15826be8cf9f6ac77d70abd11b1f70c", // renovate:container
|
|
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
|
|
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.2", // renovate:container
|
|
// External service image. Depends on k8s version.
|
|
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
|
|
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.3@sha256:7572c43b32f5e6912cd7d087dc20a908b6f34186f000cacc698883f44be0db23", // renovate:container
|
|
},
|
|
V1_27: {
|
|
ClusterVersion: "v1.27.2", // renovate:kubernetes-release
|
|
KubernetesComponents: components.Components{
|
|
{
|
|
URL: "https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz", // renovate:cni-plugins-release
|
|
Hash: "sha256:f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37",
|
|
InstallPath: constants.CniPluginsDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.27.0/crictl-v1.27.0-linux-amd64.tar.gz", // renovate:crictl-release
|
|
Hash: "sha256:d335d6e16c309fbc3ff1a29a7e49bb253b5c9b4b030990bf7c6b48687f985cee",
|
|
InstallPath: constants.BinDir,
|
|
Extract: true,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.27.2/bin/linux/amd64/kubelet", // renovate:kubernetes-release
|
|
Hash: "sha256:a0d12afcab3b2836de4a427558d067bebdff040e9b306b0512c93d9d2a066579",
|
|
InstallPath: constants.KubeletPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.27.2/bin/linux/amd64/kubeadm", // renovate:kubernetes-release
|
|
Hash: "sha256:95c4bfb7929900506a42de4d92280f06efe6b47e0a32cbc1f5a1ed737592977a",
|
|
InstallPath: constants.KubeadmPath,
|
|
Extract: false,
|
|
},
|
|
{
|
|
URL: "https://storage.googleapis.com/kubernetes-release/release/v1.27.2/bin/linux/amd64/kubectl", // renovate:kubernetes-release
|
|
Hash: "sha256:4f38ee903f35b300d3b005a9c6bfb9a46a57f92e89ae602ef9c129b91dc6c5a5",
|
|
InstallPath: constants.KubectlPath,
|
|
Extract: false,
|
|
},
|
|
},
|
|
// CloudControllerManagerImageAWS is the CCM image used on AWS.
|
|
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.1@sha256:c02832d2e4bb96ac4ea14a466982d261069f9bb366f2ad68889f9a5b10b8d1b0", // renovate:container
|
|
// CloudControllerManagerImageAzure is the CCM image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.4@sha256:d3f5823d2b7975e7a90d51007d0c677bc3e1a89d09069a71494d0eeb4a3c1941", // renovate:container
|
|
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
|
|
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
|
|
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4@sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c", // renovate:container
|
|
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
|
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
|
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1@sha256:db2b15a20ad690784a6015bfad55c4dff15826be8cf9f6ac77d70abd11b1f70c", // renovate:container
|
|
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
|
|
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.2", // renovate:container
|
|
// External service image. Depends on k8s version.
|
|
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
|
|
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.2@sha256:dfbb63a82d437253febc68540ced60ed796494edf242d1d2cb5b9665570e99c0", // renovate:container
|
|
},
|
|
}
|
|
|
|
// KubernetesVersion bundles download URLs to all version-releated binaries necessary for installing/deploying a particular Kubernetes version.
|
|
type KubernetesVersion struct {
|
|
ClusterVersion string
|
|
KubernetesComponents components.Components
|
|
CloudControllerManagerImageAWS string // k8s version dependency.
|
|
CloudControllerManagerImageAzure string // k8s version dependency.
|
|
CloudControllerManagerImageGCP string // Using self-built image until resolved: https://github.com/kubernetes/cloud-provider-gcp/issues/289
|
|
CloudControllerManagerImageOpenStack string // k8s version dependency.
|
|
CloudNodeManagerImageAzure string // k8s version dependency. Same version as above.
|
|
ClusterAutoscalerImage string // Matches k8s versioning scheme.
|
|
}
|
|
|
|
// versionFromDockerImage returns the version tag from the image name, e.g. "v1.22.2" from "foocr.io/org/repo:v1.22.2@sha256:3009fj0...".
|
|
func versionFromDockerImage(imageName string) string {
|
|
beforeAt, _, _ := strings.Cut(imageName, "@")
|
|
_, version, ok := strings.Cut(beforeAt, ":")
|
|
if !ok {
|
|
panic(fmt.Errorf("failed to extract version from image name, no ':' found in %s", imageName))
|
|
}
|
|
return version
|
|
}
|