feat: pull add on images through replicated proxy

replace add on image references in order to pull images using replicated proxy for oci artifacts.
replicatedhq · Jul 18, 2024 · c835732 · c835732
1 parent b6f2e17
commit c835732
Show file tree

Hide file tree

Showing 20 changed files with 1,006 additions and 191 deletions.
diff --git a/Makefile b/Makefile
@@ -2,23 +2,33 @@ VERSION ?= $(shell git describe --tags --dirty)
 UNAME := $(shell uname)
 ARCH := $(shell uname -m)
 APP_NAME = embedded-cluster
-ADMIN_CONSOLE_CHART_REPO_OVERRIDE =
 ADMIN_CONSOLE_CHART_VERSION = 1.112.1
+ADMIN_CONSOLE_IMAGE_TAG = v1.112.1@sha256:c258cfe395b3aea134e6efde9e5ec5b19a1dadda4206905a2540ee2f9aa14e18
+ADMIN_CONSOLE_RQLITE_IMAGE_TAG = 8.26.7-r0@sha256:5100d28c8ccfed3ce35bc4b171770c26c5f98addebf42df97c5dcc64795eb28a
+ADMIN_CONSOLE_MIGRATIONS_IMAGE_TAG = v1.112.1@sha256:738fe80441500ace7d2fa1517d5482a8d60d8ec8d362c5c516b695852527d825
+ADMIN_CONSOLE_KURL_PROXY_IMAGE_TAG = v1.112.1@sha256:1f62caed3e9be4b5e3b4b6ff95e49381a80ce7392063f1b66c4de92e4c698a24
 ADMIN_CONSOLE_IMAGE_OVERRIDE =
 ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE =
 ADMIN_CONSOLE_KURL_PROXY_IMAGE_OVERRIDE =
+ADMIN_CONSOLE_CHART_REPO_OVERRIDE =
 EMBEDDED_OPERATOR_CHART_VERSION = 0.40.2
+EMBEDDED_OPERATOR_IMAGE_TAG = 0.40.2@sha256:8f464cc976210676bf4a75ec487b073e1902647449e4a945f195d51e94f0e4c8
+EMBEDDED_OPERATOR_PROXY_IMAGE_TAG = v0.13.1@sha256:18f12fc3a0085bbc303cfbd2ad1151127c1c959c4641e36027547b6b66eb4c92
+EMBEDDED_OPERATOR_UTILS_IMAGE_TAG = 1.36@sha256:50aa4698fa6262977cff89181b2664b99d8a56dbca847bf62f2ef04854597cf8
+EMBEDDED_OPERATOR_IMAGE_OVERRIDE =
 EMBEDDED_OPERATOR_BINARY_URL_OVERRIDE =
-EMBEDDED_OPERATOR_UTILS_IMAGE = busybox:1.36.1
-EMBEDDED_CLUSTER_OPERATOR_IMAGE_OVERRIDE =
 OPENEBS_CHART_VERSION = 4.1.0
-OPENEBS_UTILS_VERSION = 4.1.0
+OPENEBS_IMAGE_TAG = 4.1.0@sha256:7a9bb247229564c74b5c4981304bf614f1b0157797a52c6d882d5f1cb057b838
+OPENEBS_UTILS_IMAGE_TAG = 4.1.0@sha256:a0f8fd9457388d5728e8e9c41f1cf5dc3b21ef8f00d7b019520101812ae602dc
 SEAWEEDFS_CHART_VERSION = 4.0.0
+SEAWEEDFS_IMAGE_TAG = 3.69@sha256:88eaab1398cd95b1e49f7210a36af389b4ebc896cccd2ef6f4baff3fa1b245fd
 REGISTRY_CHART_VERSION = 2.2.3
-REGISTRY_IMAGE_VERSION = 2.8.3
+REGISTRY_IMAGE_TAG = 2.8.1@sha256:85d4cd48754d4e8e4d4fe933bbde017d969e0e20775507add9faca39064bf9b0
 VELERO_CHART_VERSION = 6.3.0
-VELERO_IMAGE_VERSION = v1.13.2
-VELERO_AWS_PLUGIN_IMAGE_VERSION = v1.9.2
+VELERO_IMAGE_TAG = v1.13.2@sha256:9a833acbc2391f50c994e3c1379e038e5a64372f6d645d89b4321b732f8dc8ef
+VELERO_AWS_PLUGIN_IMAGE_TAG = v1.10.0@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc
+VELERO_KUBECTL_IMAGE_TAG = 1.29@sha256:89bde5352cd988ed9440ff0956a7ceb00415923aea9d34fc0ac82d9b3eee8af7
+VELERO_RESTORE_HELPER_IMAGE_TAG = v1.13.2@sha256:83943510812496ad7ba6750f440645b313fd676db460fda7dcbf70f437db775c
 KUBECTL_VERSION = v1.30.1
 K0S_VERSION = v1.29.5+k0s.0-ec.0
 K0S_GO_VERSION = v1.29.5+k0s.0
@@ -30,28 +40,40 @@ KOTS_VERSION = v$(shell echo $(ADMIN_CONSOLE_CHART_VERSION) | sed 's/\([0-9]\+\.
 KOTS_BINARY_URL_OVERRIDE =
 LOCAL_ARTIFACT_MIRROR_IMAGE ?= registry.replicated.com/library/embedded-cluster-local-artifact-mirror
 LOCAL_ARTIFACT_MIRROR_IMAGE_LOCATION = ${LOCAL_ARTIFACT_MIRROR_IMAGE}:$(subst +,-,$(VERSION))
-LD_FLAGS = -X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$(K0S_VERSION) \
+LD_FLAGS = \
+	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$(K0S_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.Version=$(VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.TroubleshootVersion=$(TROUBLESHOOT_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.KubectlVersion=$(KUBECTL_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.LocalArtifactMirrorImage=$(LOCAL_ARTIFACT_MIRROR_IMAGE_LOCATION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.ChartRepoOverride=$(ADMIN_CONSOLE_CHART_REPO_OVERRIDE) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.Version=$(ADMIN_CONSOLE_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.ImageOverride=$(ADMIN_CONSOLE_IMAGE_OVERRIDE) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.MigrationsImageOverride=$(ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.KurlProxyImageOverride=$(ADMIN_CONSOLE_KURL_PROXY_IMAGE_OVERRIDE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleChartRepoOverride=$(ADMIN_CONSOLE_CHART_REPO_OVERRIDE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleChartVersion=$(ADMIN_CONSOLE_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleImageTag=$(ADMIN_CONSOLE_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleRQLiteImageTag=$(ADMIN_CONSOLE_RQLITE_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleMigrationsImageTag=$(ADMIN_CONSOLE_MIGRATIONS_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleRQLiteImageTag=$(ADMIN_CONSOLE_RQLITE_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleKurlProxyImageTag=$(ADMIN_CONSOLE_KURL_PROXY_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleImageOverride=$(ADMIN_CONSOLE_IMAGE_OVERRIDE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleMigrationsImageOverride=$(ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.AdminConsoleKurlProxyImageOverride=$(ADMIN_CONSOLE_KURL_PROXY_IMAGE_OVERRIDE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.KotsVersion=$(KOTS_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.Version=$(EMBEDDED_OPERATOR_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.UtilsImage=$(EMBEDDED_OPERATOR_UTILS_IMAGE) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.ImageOverride=$(EMBEDDED_CLUSTER_OPERATOR_IMAGE_OVERRIDE) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.Version=$(OPENEBS_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.UtilsVersion=$(OPENEBS_UTILS_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/seaweedfs.Version=$(SEAWEEDFS_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.Version=$(REGISTRY_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.ImageVersion=$(REGISTRY_IMAGE_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.Version=$(VELERO_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroTag=$(VELERO_IMAGE_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.AwsPluginTag=$(VELERO_AWS_PLUGIN_IMAGE_VERSION)
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.EmbeddedOperatorChartVersion=$(EMBEDDED_OPERATOR_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.EmbeddedOperatorImageTag=$(EMBEDDED_OPERATOR_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.EmbeddedOperatorProxyImageTag=$(EMBEDDED_OPERATOR_PROXY_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.EmbeddedOperatorUtilsImageTag=$(EMBEDDED_OPERATOR_UTILS_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.EmbeddedOperatorImageOverride=$(EMBEDDED_OPERATOR_IMAGE_OVERRIDE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.OpenEBSChartVersion=$(OPENEBS_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.OpenEBSImageTag=$(OPENEBS_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.OpenEBSUtilsImageTag=$(OPENEBS_UTILS_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/seaweedfs.SeaweedFSChartVersion=$(SEAWEEDFS_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/seaweedfs.SeaweedFSImageTag=$(SEAWEEDFS_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.RegistryChartVersion=$(REGISTRY_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.RegistryImageTag=$(REGISTRY_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroChartVersion=$(VELERO_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroImageTag=$(VELERO_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroAWSPluginImageTag=$(VELERO_AWS_PLUGIN_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroKubectlImageTag=$(VELERO_KUBECTL_IMAGE_TAG) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroRestoreHelperImageTag=$(VELERO_RESTORE_HELPER_IMAGE_TAG)
 
 .DEFAULT_GOAL := default
 default: embedded-cluster-linux-amd64

diff --git a/cmd/buildtools/addon.go b/cmd/buildtools/addon.go
@@ -26,5 +26,7 @@ var updateAddonCommand = &cli.Command{
 		updateSeaweedFSAddonCommand,
 		updateRegistryAddonCommand,
 		updateVeleroAddonCommand,
+		updateOperatorAddonCommand,
+		updateAdminConsoleAddonCommand,
 	},
 }
diff --git a/cmd/buildtools/adminconsole.go b/cmd/buildtools/adminconsole.go
@@ -0,0 +1,72 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+)
+
+var updateAdminConsoleAddonCommand = &cli.Command{
+	Name:      "admin-console",
+	Usage:     "Updates the Admin Console addon",
+	UsageText: environmentUsageText,
+	Action: func(c *cli.Context) error {
+		logrus.Infof("updating admin console addon")
+
+		logrus.Infof("getting admin console latest tag")
+		latest, err := GetLatestGitHubTag(c.Context, "replicatedhq", "kots-helm")
+		if err != nil {
+			return fmt.Errorf("failed to get admin console latest tag: %w", err)
+		}
+		logrus.Infof("latest tag found: %s", latest)
+
+		latest = strings.TrimPrefix(latest, "v")
+		original, err := GetMakefileVariable("ADMIN_CONSOLE_CHART_VERSION")
+		if err != nil {
+			return fmt.Errorf("unable to get value: %w", err)
+		} else if latest == original && !c.Bool("force") {
+			logrus.Infof("admin console chart version is already up-to-date: %s", original)
+			return nil
+		}
+
+		logrus.Infof("updating makefile with admin console version")
+		if err := SetMakefileVariable("ADMIN_CONSOLE_CHART_VERSION", latest); err != nil {
+			return fmt.Errorf("failed to set admin console chart version: %w", err)
+		}
+
+		images := map[string]string{
+			"ADMIN_CONSOLE_IMAGE_TAG":            "kotsadm/kotsadm",
+			"ADMIN_CONSOLE_MIGRATIONS_IMAGE_TAG": "kotsadm/kotsadm-migrations",
+			"ADMIN_CONSOLE_RQLITE_IMAGE_TAG":     "kotsadm/rqlite",
+			"ADMIN_CONSOLE_KURL_PROXY_IMAGE_TAG": "kotsadm/kurl-proxy",
+		}
+
+		for key, image := range images {
+			tag, err := RenderOCIChartAndFindImageDigest(
+				c.Context,
+				"oci://registry.replicated.com/library/admin-console",
+				"admin-console",
+				latest,
+				map[string]interface{}{
+					"kurlProxy": map[string]interface{}{
+						"enabled": true,
+					},
+				},
+				image,
+			)
+			if err != nil {
+				return fmt.Errorf("failed to find digest for image %s: %w", image, err)
+			}
+
+			logrus.Infof("updating makefile tag for image %s", image)
+			if err := SetMakefileVariable(key, tag); err != nil {
+				return fmt.Errorf("unable to update value: %w", err)
+			}
+		}
+
+		logrus.Infof("admin console operator addon updated")
+		return nil
+	},
+}
diff --git a/cmd/buildtools/helm.go b/cmd/buildtools/helm.go
@@ -1,17 +1,24 @@
 package main
 
 import (
+	"bytes"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	"helm.sh/helm/v3/pkg/chartutil"
 	"helm.sh/helm/v3/pkg/downloader"
 	"helm.sh/helm/v3/pkg/getter"
 	"helm.sh/helm/v3/pkg/pusher"
 	"helm.sh/helm/v3/pkg/registry"
+	"helm.sh/helm/v3/pkg/releaseutil"
 	"helm.sh/helm/v3/pkg/repo"
 	"helm.sh/helm/v3/pkg/uploader"
 )
@@ -121,7 +128,7 @@ func (h *Helm) Close() error {
 }
 
 func (h *Helm) Latest(reponame, chart string) (string, error) {
-	logrus.Infof("finding latest version of %s/%s", reponame, chart)
+	logrus.Infof("finding latest chart version of %s/%s", reponame, chart)
 	for _, repository := range repositories.Repositories {
 		if repository.Name != reponame {
 			continue
@@ -156,6 +163,25 @@ func (h *Helm) Latest(reponame, chart string) (string, error) {
 	return "", fmt.Errorf("repository %s not found", reponame)
 }
 
+func (h *Helm) PullOCI(url, version string) (string, error) {
+	if err := h.prepare(); err != nil {
+		return "", err
+	}
+
+	dl := downloader.ChartDownloader{
+		Out:              io.Discard,
+		Options:          []getter.Option{},
+		RepositoryConfig: h.repocfg,
+		RepositoryCache:  h.tmpdir,
+		Getters:          getters,
+	}
+	path, _, err := dl.DownloadTo(url, version, h.tmpdir)
+	if err != nil {
+		return "", fmt.Errorf("unable to download chart: %w", err)
+	}
+	return path, nil
+}
+
 func (h *Helm) Pull(repo, chart, version string) (string, error) {
 	if err := h.prepare(); err != nil {
 		return "", err
@@ -188,3 +214,59 @@ func (h *Helm) Push(path, dst string) error {
 	}
 	return up.UploadTo(path, dst)
 }
+
+func (h *Helm) Render(chartName string, chartPath string, vals map[string]interface{}, namespace string) ([]string, error) {
+	cfg := &action.Configuration{}
+
+	client := action.NewInstall(cfg)
+	client.DryRun = true
+	client.ReleaseName = chartName
+	client.Replace = true
+	client.ClientOnly = true
+	client.IncludeCRDs = true
+	client.Namespace = namespace
+
+	rawver, err := GetMakefileVariable("K0S_VERSION")
+	if err != nil {
+		return nil, fmt.Errorf("unable to get k0s version: %w", err)
+	}
+	kversion := semver.MustParse(rawver)
+
+	// since ClientOnly is true we need to initialize KubeVersion otherwise resorts defaults
+	client.KubeVersion = &chartutil.KubeVersion{
+		Version: fmt.Sprintf("v%d.%d.0", kversion.Major(), kversion.Minor()),
+		Major:   fmt.Sprintf("%d", kversion.Major()),
+		Minor:   fmt.Sprintf("%d", kversion.Minor()),
+	}
+
+	chartRequested, err := loader.Load(chartPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load chart: %w", err)
+	}
+
+	if req := chartRequested.Metadata.Dependencies; req != nil {
+		if err := action.CheckDependencies(chartRequested, req); err != nil {
+			return nil, fmt.Errorf("failed dependency check: %w", err)
+		}
+	}
+
+	rel, err := client.Run(chartRequested, vals)
+	if err != nil {
+		return nil, fmt.Errorf("failed to render chart: %w", err)
+	}
+
+	var manifests bytes.Buffer
+	fmt.Fprintln(&manifests, strings.TrimSpace(rel.Manifest))
+	for _, m := range rel.Hooks {
+		fmt.Fprintf(&manifests, "---\n# Source: %s\n%s\n", m.Path, m.Manifest)
+	}
+
+	resources := []string{}
+	splitManifests := releaseutil.SplitManifests(manifests.String())
+	for _, manifest := range splitManifests {
+		manifest = strings.TrimSpace(manifest)
+		resources = append(resources, manifest)
+	}
+
+	return resources, nil
+}