diff --git a/.github/actions/build-push-dex-image/action.yml b/.github/actions/build-push-dex-image/action.yml new file mode 100644 index 0000000000..ec70b426ae --- /dev/null +++ b/.github/actions/build-push-dex-image/action.yml @@ -0,0 +1,28 @@ +name: 'Build and push dex image' +description: 'Composite action for building and pushing dex image' +inputs: + image-name: + description: 'Full destination dex image name' + required: true + + registry-username: + description: 'Username to login to registry' + default: '' + required: false + + registry-password: + description: 'Password to login to registry' + default: '' + required: false + +runs: + using: "composite" + steps: + - uses: chainguard-images/actions/apko-publish@main + with: + config: deploy/dex/apko.yaml + archs: x86_64 + tag: ${{ inputs.image-name }} + vcs-url: true + generic-user: ${{ inputs.registry-username }} + generic-pass: ${{ inputs.registry-password }} diff --git a/.github/workflows/alpha.yaml b/.github/workflows/alpha.yaml index ab176c4da7..0a721884ec 100644 --- a/.github/workflows/alpha.yaml +++ b/.github/workflows/alpha.yaml @@ -71,6 +71,22 @@ jobs: registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} + build-dex: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v4 + - name: Read image tags from env file + uses: falti/dotenv-action@v1 + id: dotenv + with: + path: .image.env + - uses: ./.github/actions/build-push-dex-image + with: + image-name: index.docker.io/kotsadm/dex:${{ steps.dotenv.outputs.DEX_TAG }} + registry-username: ${{ secrets.DOCKERHUB_USER }} + registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} + + build-kotsadm: runs-on: ubuntu-20.04 needs: [generate-tag] @@ -171,7 +187,7 @@ jobs: id: scan uses: aquasecurity/trivy-action@master with: - image-ref: "ghcr.io/dexidp/dex:${{ steps.dotenv.outputs.dex_tag }}" + image-ref: "docker.io/kotsadm/dex:${{ steps.dotenv.outputs.dex_tag }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'dex-scan-output.sarif' diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 63277babf4..187b34a0ba 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -429,7 +429,7 @@ jobs: - uses: ./.github/actions/build-push-minio-image with: - image-name: ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }} + image-name: ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.MINIO_TAG }} push-rqlite: @@ -461,10 +461,9 @@ jobs: with: path: .image.env - - name: push dex for CI - run: | - docker build --pull -f deploy/dex.Dockerfile -t ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} --build-arg TAG=${{ steps.dotenv.outputs.DEX_TAG }} . - docker push ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} + - uses: ./.github/actions/build-push-dex-image + with: + image-name: ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} # only run validate-kurl-addon if changes to "deploy/kurl/kotsadm/template/**" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 86bcbcb582..29a9633010 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,6 +6,7 @@ on: - "v*.*.*" branches: - main + - build-rqlite-with-apko jobs: generate-tag: @@ -164,6 +165,13 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + + - name: Read image tags from env file + uses: falti/dotenv-action@v1 + id: dotenv + with: + path: .image.env + - uses: ./.github/actions/build-push-kotsadm-image with: chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }} @@ -173,17 +181,31 @@ jobs: git-tag: ${{ needs.generate-tag.outputs.tag }} registry-username: ${{ secrets.DOCKERHUB_USER }} registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} - - uses: azure/docker-login@v1 - env: - DOCKER_CONFIG: ./.docker + + - uses: ./.github/actions/build-push-minio-image with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + image-name: index.docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }} + registry-username: ${{ secrets.DOCKERHUB_USER }} + registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - uses: ./.github/actions/build-push-rqlite-image + with: + image-name: index.docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} + registry-username: ${{ secrets.DOCKERHUB_USER }} + registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - uses: ./.github/actions/build-push-dex-image + with: + image-name: index.docker.io/kotsadm/dex:${{ steps.dotenv.outputs.DEX_TAG }} + registry-username: ${{ secrets.DOCKERHUB_USER }} + registry-password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Build tagged release env: GIT_TAG: ${{ needs.generate-tag.outputs.tag }} DOCKER_CONFIG: ./.docker run: mapfile -t envs < <(grep -v '#.*' < .image.env) && export "${envs[@]}" && make build-release + - name: Upload airgap image uses: actions/upload-artifact@v3 with: diff --git a/.image.env b/.image.env index cb5fd3bde3..f6d5f1c69f 100644 --- a/.image.env +++ b/.image.env @@ -1,8 +1,8 @@ # Generated file, do not modify. This file is generated from a text file containing a list of images. The # most recent tag is interpolated from the source repository and used to generate a fully qualified image # name. -MINIO_TAG='RELEASE.2023-11-11T08-14-41Z' -RQLITE_TAG='7.21.4' -DEX_TAG='v2.37.0' -SCHEMAHERO_TAG='0.16.0' +MINIO_TAG='0.20231101.183725' +RQLITE_TAG='8.0.1' +DEX_TAG='2.37.0' +SCHEMAHERO_TAG='0.17.0' LVP_TAG='v0.5.5' \ No newline at end of file diff --git a/Makefile b/Makefile index b2c6216431..d37bc28cb2 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ include Makefile.build.mk CURRENT_USER := $(shell id -u -n) -MINIO_TAG ?= RELEASE.2023-11-11T08-14-41Z -RQLITE_TAG ?= 7.21.4 -DEX_TAG ?= v2.37.0 +MINIO_TAG ?= 0.20231101.183725 +RQLITE_TAG ?= 8.0.1 +DEX_TAG ?= 2.37.0 LVP_TAG ?= v0.5.5 define sendMetrics @@ -118,31 +118,27 @@ build-ttl.sh: build all-ttl.sh: build-ttl.sh source .image.env && IMAGE=ttl.sh/${CURRENT_USER}/kotsadm-migrations:24h make -C migrations build_schema - docker pull minio/minio:${MINIO_TAG} - docker tag minio/minio:${MINIO_TAG} ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} + docker pull kotsadm/minio:${MINIO_TAG} + docker tag kotsadm/minio:${MINIO_TAG} ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} docker push ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} - docker pull rqlite/rqlite:${RQLITE_TAG} - docker tag rqlite/rqlite:${RQLITE_TAG} ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} + docker pull kotsadm/rqlite:${RQLITE_TAG} + docker tag kotsadm/rqlite:${RQLITE_TAG} ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} docker push ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} -.PHONY: build-alpha -build-alpha: - docker build --pull -f deploy/Dockerfile --build-arg version=${GIT_TAG} -t kotsadm/kotsadm:alpha . - docker push kotsadm/kotsadm:alpha - .PHONY: build-release build-release: mkdir -p bin/docker-archive/kotsadm skopeo copy docker://kotsadm/kotsadm:${GIT_TAG} docker-archive:bin/docker-archive/kotsadm/${GIT_TAG} - docker build --pull -f deploy/dex.Dockerfile -t kotsadm/dex:${DEX_TAG} --build-arg TAG=${DEX_TAG} . - docker push kotsadm/dex:${DEX_TAG} mkdir -p bin/docker-archive/dex skopeo copy docker://kotsadm/dex:${DEX_TAG} docker-archive:bin/docker-archive/dex/${DEX_TAG} mkdir -p bin/docker-archive/minio - skopeo copy docker://minio/minio:${MINIO_TAG} docker-archive:bin/docker-archive/minio/${MINIO_TAG} + skopeo copy docker://kotsadm/minio:${MINIO_TAG} docker-archive:bin/docker-archive/minio/${MINIO_TAG} + + mkdir -p bin/docker-archive/rqlite + skopeo copy docker://kotsadm/rqlite:${RQLITE_TAG} docker-archive:bin/docker-archive/rqlite/${RQLITE_TAG} mkdir -p bin/docker-archive/local-volume-provider skopeo copy docker://replicated/local-volume-provider:${LVP_TAG} docker-archive:bin/docker-archive/local-volume-provider/${LVP_TAG} diff --git a/cmd/imagedeps/README.md b/cmd/imagedeps/README.md index 8962ea024d..50b797671f 100644 --- a/cmd/imagedeps/README.md +++ b/cmd/imagedeps/README.md @@ -20,27 +20,27 @@ is useful to restrict release tags to a major version, or to filter out garbage | Name | Image URI | Matcher Regexp (Optional) | |------|--------------------|----------| -| Name of the image for example **minio** | Untagged image reference **ghcr.io/dexidp/dex**| An optional regular expression, only matching tags will be included. | +| Name of the image for example **minio** | Untagged image reference **kotsadm/minio**| An optional regular expression, only matching tags will be included. | ### Sample image-spec ```text -minio minio/minio -rqlite rqlite/rqlite -dex ghcr.io/dexidp/dex +minio kotsadm/minio +rqlite kotsadm/rqlite +dex kotsadm/dex ``` The preceding image spec will produce the following environment and Go files. ```shell -MINIO_TAG='RELEASE.2021-09-15T04-54-25Z' -RQLITE_TAG='7.7.0' -DEX_TAG='v2.30.0' +MINIO_TAG='0.20231101.183725' +RQLITE_TAG='8.0.1' +DEX_TAG='2.37.0' ``` ```go package image const ( - Minio = "minio/minio:RELEASE.2021-09-15T04-54-25Z" - Rqlite = "rqlite/rqlite:7.7.0" - Dex = "ghcr.io/dexidp/dex:v2.30.0" + Minio = "kotsadm/minio:0.20231101.183725" + Rqlite = "kotsadm/rqlite:8.0.1" + Dex = "kotsadm/dex:2.37.0" ) ``` diff --git a/cmd/imagedeps/image-spec b/cmd/imagedeps/image-spec index 66a0ae252a..5bdafba0c5 100644 --- a/cmd/imagedeps/image-spec +++ b/cmd/imagedeps/image-spec @@ -1,5 +1,5 @@ -minio minio/minio -rqlite rqlite/rqlite ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ -dex ghcr.io/dexidp/dex +minio kotsadm/minio +rqlite kotsadm/rqlite +dex kotsadm/dex schemahero schemahero/schemahero ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ lvp replicated/local-volume-provider ^v([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ \ No newline at end of file diff --git a/cmd/imagedeps/main.go b/cmd/imagedeps/main.go index 97897a16fb..470116b44a 100644 --- a/cmd/imagedeps/main.go +++ b/cmd/imagedeps/main.go @@ -5,7 +5,6 @@ import ( "bytes" "fmt" "go/format" - "io/ioutil" "log" "os" "regexp" @@ -56,6 +55,9 @@ var ( replacers = []*replacer{ getMakefileReplacer("Makefile"), getMakefileReplacer("migrations/Makefile"), + getApkoFileReplacer("deploy/minio/apko.yaml", "minio"), + getApkoFileReplacer("deploy/rqlite/apko.yaml", "rqlite"), + getApkoFileReplacer("deploy/dex/apko.yaml", "dex"), } ) @@ -146,7 +148,7 @@ func generateOutput(filename, fileTemplate string, refs []*ImageRef, fn template return err } - if err := ioutil.WriteFile(filename, buff, 0644); err != nil { + if err := os.WriteFile(filename, buff, 0644); err != nil { return err } @@ -154,7 +156,7 @@ func generateOutput(filename, fileTemplate string, refs []*ImageRef, fn template } func (r *replacer) replace(refs []*ImageRef) error { - b, err := ioutil.ReadFile(r.path) + b, err := os.ReadFile(r.path) if err != nil { return errors.Wrap(err, "failed to read file") } @@ -168,7 +170,7 @@ func (r *replacer) replace(refs []*ImageRef) error { content = reg.ReplaceAllString(content, r.valueFn(ref)) } - if err := ioutil.WriteFile(r.path, []byte(content), 0644); err != nil { + if err := os.WriteFile(r.path, []byte(content), 0644); err != nil { return errors.Wrap(err, "failed to write file") } @@ -198,7 +200,7 @@ func getMakefileVarName(s string) string { return strings.ToUpper(strings.ReplaceAll(s, "-", "_")) + "_TAG" } -// converts a name from the input string into an a makefile variable name +// converts a name from the input string into an a dockerfile variable name // for example: foo_bar_baz -> FOO_BAR_BAZ func getDockerfileVarName(s string) string { return strings.ToUpper(strings.ReplaceAll(s, "-", "_")) + "_TAG" @@ -227,3 +229,15 @@ func getDockerfileReplacer(path string) *replacer { }, } } + +func getApkoFileReplacer(path string, pkg string) *replacer { + return &replacer{ + path: path, + regexFn: func(ir *ImageRef) string { + return fmt.Sprintf(`- %s~\d+\.\d+\.\d+`, ir.name) + }, + valueFn: func(ir *ImageRef) string { + return ir.GetApkoFileLine(ir.name) + }, + } +} diff --git a/cmd/imagedeps/tag-finder.go b/cmd/imagedeps/tag-finder.go index eac106a303..902e027436 100644 --- a/cmd/imagedeps/tag-finder.go +++ b/cmd/imagedeps/tag-finder.go @@ -3,6 +3,7 @@ package main import ( "context" "fmt" + "io" "net/http" "os" "path" @@ -14,6 +15,7 @@ import ( "github.com/google/go-github/v39/github" "github.com/heroku/docker-registry-client/registry" "golang.org/x/oauth2" + "gopkg.in/yaml.v2" ) type ImageRef struct { @@ -42,6 +44,11 @@ func (ir ImageRef) GetDockerfileLine() string { return fmt.Sprintf("ARG %s=%s", getDockerfileVarName(ir.name), ir.tag) } +// GetApkoFileLine generates a line of text intended for use in an Apko file. +func (ir ImageRef) GetApkoFileLine(pkg string) string { + return fmt.Sprintf("- %s~%s", pkg, ir.tag) +} + type getTagsFn func(string) ([]string, error) type getReleaseFn func(string, string) ([]*github.RepositoryRelease, error) type tagFinderFn func(inputLine string) (*ImageRef, error) @@ -119,19 +126,19 @@ func getTagFinder(opts ...func(c *configuration)) tagFinderFn { switch imageName { case minioReference: - latestReleaseTag, err = getLatestTagFromGithub(config.releaseFinder, "minio", "minio", matcherFn) + latestReleaseTag, err = getLatestTagFromWolfi("minio") if err != nil { - return nil, fmt.Errorf("failed to get release tag for minio/minio %w", err) + return nil, fmt.Errorf("failed to get latest minio tag from wolfi %w", err) } case dexReference: - latestReleaseTag, err = getLatestTagFromGithub(config.releaseFinder, "dexidp", "dex", matcherFn) + latestReleaseTag, err = getLatestTagFromWolfi("dex") if err != nil { - return nil, fmt.Errorf("failed to get release tag for dexidp/dex %w", err) + return nil, fmt.Errorf("failed to get latest dex tag from wolfi %w", err) } case rqliteReference: - latestReleaseTag, err = getLatestTagFromRegistry("rqlite/rqlite", config.repositoryTagsFinder, matcherFn) + latestReleaseTag, err = getLatestTagFromWolfi("rqlite") if err != nil { - return nil, fmt.Errorf("failed to get release tag for %s %w", imageName, err) + return nil, fmt.Errorf("failed to get latest rqlite tag from wolfi %w", err) } case schemaheroReference: latestReleaseTag, err = getLatestTagFromRegistry("schemahero/schemahero", config.repositoryTagsFinder, matcherFn) @@ -274,3 +281,31 @@ func getRegistryTags(untaggedRef string) ([]string, error) { } return tags, nil } + +func getLatestTagFromWolfi(pkg string) (string, error) { + resp, err := http.Get(fmt.Sprintf("https://raw.githubusercontent.com/wolfi-dev/os/main/%s.yaml", pkg)) + if err != nil { + return "", fmt.Errorf("failed to get %s.yaml from wolfi-dev/os: %w", pkg, err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("unexpected status code %d", resp.StatusCode) + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + return "", fmt.Errorf("failed to read body %w", err) + } + + var yamlData struct { + Package struct { + Version string `yaml:"version"` + } `yaml:"package"` + } + if err := yaml.Unmarshal(body, &yamlData); err != nil { + return "", fmt.Errorf("failed to unmarshal yaml %w", err) + } + + return yamlData.Package.Version, nil +} diff --git a/deploy/apko_melange_build.md b/deploy/apko_melange_build.md index c67583f632..4d682a598a 100644 --- a/deploy/apko_melange_build.md +++ b/deploy/apko_melange_build.md @@ -30,10 +30,10 @@ melange build melange.yaml --arch=x86_64 > 💡 Only building for your local platform makes builds faster, since it doesn't have to emulate with qemu. > If you're on an arm64 machine (e.g., Apple Silicon), use `--arch=aarch64` here and below. -Then, build the image from the newly built `kots` package, and the other packages needed by the image, using `apko`: +Then, build the image from the newly built `kotsadm` package, and the other packages needed by the image, using `apko`: ```sh -apko publish apko.yaml ttl.sh/kots --arch=x86_64 +apko publish apko.yaml ttl.sh/kotsadm --arch=x86_64 ``` This will print the image to stdout, so you can run it: diff --git a/deploy/dex.Dockerfile b/deploy/dex.Dockerfile deleted file mode 100644 index 7db7f0ff67..0000000000 --- a/deploy/dex.Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -ARG TAG=v2.32.0 -FROM ghcr.io/dexidp/dex:$TAG diff --git a/deploy/dex/apko.yaml b/deploy/dex/apko.yaml new file mode 100644 index 0000000000..e312449ce6 --- /dev/null +++ b/deploy/dex/apko.yaml @@ -0,0 +1,29 @@ +contents: + repositories: + - https://packages.wolfi.dev/os + keyring: + - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub + packages: + - dex~2.37.0 + - bash + - busybox + - wolfi-baselayout + +accounts: + groups: + - groupname: dex + gid: 1001 + users: + - username: dex + uid: 1001 + gid: 1001 + run-as: dex + +entrypoint: + command: docker-entrypoint + +cmd: dex serve /etc/dex/config.docker.yaml + +archs: + - x86_64 + - aarch64 diff --git a/deploy/kurl/kotsadm/template/base/Manifest b/deploy/kurl/kotsadm/template/base/Manifest index 0e57a590cf..f1fb302415 100644 --- a/deploy/kurl/kotsadm/template/base/Manifest +++ b/deploy/kurl/kotsadm/template/base/Manifest @@ -1,7 +1,7 @@ image kotsadm-migrations __KOTSADM_MIGRATIONS_IMAGE__ image kotsadm __KOTSADM_IMAGE__ image kurl-proxy __KURL_PROXY_IMAGE__ -image rqlite rqlite/rqlite:__RQLITE_TAG__ +image rqlite __RQLITE_IMAGE__ image dex __DEX_IMAGE__ asset kots.tar.gz __KOTSADM_BINARY__ diff --git a/deploy/kurl/kotsadm/template/base/rqlite.yaml b/deploy/kurl/kotsadm/template/base/rqlite.yaml index 5038d90722..a71e5d6ff2 100644 --- a/deploy/kurl/kotsadm/template/base/rqlite.yaml +++ b/deploy/kurl/kotsadm/template/base/rqlite.yaml @@ -50,7 +50,7 @@ spec: - kotsadm-rqlite topologyKey: "kubernetes.io/hostname" containers: - - image: rqlite/rqlite:__RQLITE_TAG__ + - image: __RQLITE_IMAGE__ name: rqlite args: - -disco-mode=dns diff --git a/deploy/kurl/kotsadm/template/generate.sh b/deploy/kurl/kotsadm/template/generate.sh index 234ea3cd60..a3f82b516a 100755 --- a/deploy/kurl/kotsadm/template/generate.sh +++ b/deploy/kurl/kotsadm/template/generate.sh @@ -28,7 +28,8 @@ function generate() { sed -i -e "s|__KOTSADM_BINARY__|$kotsadm_binary|g" "${dir}/Manifest" # The following environment variables will be exported by the .image.env file - find "$dir" -type f -exec sed -i -e "s|__RQLITE_TAG__|$RQLITE_TAG|g" {} \; + local rqlite_image="$kotsadm_image_registry/$kotsadm_image_namespace/rqlite:$RQLITE_TAG" + find "$dir" -type f -exec sed -i -e "s|__RQLITE_IMAGE__|$rqlite_image|g" {} \; local dex_image="$kotsadm_image_registry/$kotsadm_image_namespace/dex:$DEX_TAG" find "$dir" -type f -exec sed -i -e "s|__DEX_IMAGE__|$dex_image|g" {} \; } diff --git a/deploy/minio/apko.yaml b/deploy/minio/apko.yaml index 8ddf39807c..2937015a7b 100644 --- a/deploy/minio/apko.yaml +++ b/deploy/minio/apko.yaml @@ -4,7 +4,7 @@ contents: keyring: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub packages: - - minio + - minio~0.20231101.183725 - mc - bash - busybox diff --git a/deploy/rqlite/apko.yaml b/deploy/rqlite/apko.yaml index d57a18497c..7097434175 100644 --- a/deploy/rqlite/apko.yaml +++ b/deploy/rqlite/apko.yaml @@ -4,7 +4,7 @@ contents: keyring: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub packages: - - rqlite~7.21.4 + - rqlite~8.0.1 - rqlite-oci-entrypoint - bash - busybox diff --git a/migrations/Makefile b/migrations/Makefile index 011acb5480..3e38a4e8af 100644 --- a/migrations/Makefile +++ b/migrations/Makefile @@ -1,7 +1,6 @@ SHELL:=/bin/bash PROJECT_NAME ?= kotsadm-migrations -RQLITE_TAG ?= 7.21.4 -SCHEMAHERO_TAG ?= 0.16.0 +SCHEMAHERO_TAG ?= 0.17.0 .PHONY: schema-alpha schema-alpha: IMAGE = kotsadm/${PROJECT_NAME}:alpha @@ -12,8 +11,6 @@ schema-release: IMAGE = kotsadm/${PROJECT_NAME}:${GIT_TAG} schema-release: build_schema mkdir -p bin/docker-archive/${PROJECT_NAME} skopeo copy docker-daemon:kotsadm/${PROJECT_NAME}:${GIT_TAG} docker-archive:bin/docker-archive/${PROJECT_NAME}/${GIT_TAG} - mkdir -p bin/docker-archive/rqlite - skopeo copy docker://rqlite/rqlite:${RQLITE_TAG} docker-archive:bin/docker-archive/rqlite/${RQLITE_TAG} build_schema: docker build --pull --build-arg SCHEMAHERO_TAG=${SCHEMAHERO_TAG} -f deploy/Dockerfile -t ${IMAGE} . diff --git a/pkg/image/constants.go b/pkg/image/constants.go index f1b491f53d..fae7b78d0a 100644 --- a/pkg/image/constants.go +++ b/pkg/image/constants.go @@ -5,9 +5,9 @@ package image // image name. const ( - Minio = "minio/minio:RELEASE.2023-11-11T08-14-41Z" - Rqlite = "rqlite/rqlite:7.21.4" - Dex = "ghcr.io/dexidp/dex:v2.37.0" - Schemahero = "schemahero/schemahero:0.16.0" + Minio = "kotsadm/minio:0.20231101.183725" + Rqlite = "kotsadm/rqlite:8.0.1" + Dex = "kotsadm/dex:2.37.0" + Schemahero = "schemahero/schemahero:0.17.0" Lvp = "replicated/local-volume-provider:v0.5.5" ) diff --git a/pkg/kotsadm/minio.go b/pkg/kotsadm/minio.go index fb478a421f..f6e5a4e928 100644 --- a/pkg/kotsadm/minio.go +++ b/pkg/kotsadm/minio.go @@ -25,7 +25,8 @@ import ( ) var ( - MinioImageTagDateRegexp = regexp.MustCompile(`RELEASE\.(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z)`) + MinioChainguardImageTagRegexp = regexp.MustCompile(`:0\.\d+`) + MinioImageTagDateRegexp = regexp.MustCompile(`RELEASE\.(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z)`) // MigrateToMinioXlBeforeTime is the time that the minio version was released that removed the legacy backend // that we need to migrate from: https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z MigrateToMinioXlBeforeTime = time.Date(2022, 10, 29, 6, 21, 33, 0, time.UTC) @@ -394,6 +395,12 @@ func IsMinioXlMigrationNeeded(clientset kubernetes.Interface, namespace string) // imageNeedsMinioXlMigration returns true if the minio image is older than the migrate before time (2022-10-29T06-21-33Z). func imageNeedsMinioXlMigration(minioImage string) (bool, error) { + isCGImage := len(MinioChainguardImageTagRegexp.FindStringSubmatch(minioImage)) > 0 + if isCGImage { + // minio images built with chainguard are all new and don't need to be migrated + return false, nil + } + existingImageTagDateMatch := MinioImageTagDateRegexp.FindStringSubmatch(minioImage) if len(existingImageTagDateMatch) != 2 { return false, errors.New("failed to parse existing image tag date") diff --git a/pkg/kotsadm/minio_test.go b/pkg/kotsadm/minio_test.go index f10fec56b1..6a65f5228b 100644 --- a/pkg/kotsadm/minio_test.go +++ b/pkg/kotsadm/minio_test.go @@ -91,6 +91,13 @@ func Test_IsMinioXlMigrationNeeded(t *testing.T) { wantMinioImage: "minio/minio:RELEASE.2023-02-10T18-48-39Z", wantErr: false, }, + { + name: "should not migrate image built with chainguard", + clientset: fake.NewSimpleClientset(minioStsWithImage("kotsadm/minio:0.20231101.183725")), + wantMigration: false, + wantMinioImage: "kotsadm/minio:0.20231101.183725", + wantErr: false, + }, { name: "should not migrate if no minio", clientset: fake.NewSimpleClientset(), diff --git a/pkg/kotsadm/objects/images.go b/pkg/kotsadm/objects/images.go index 1d097d2611..bfc799b3ce 100644 --- a/pkg/kotsadm/objects/images.go +++ b/pkg/kotsadm/objects/images.go @@ -18,9 +18,9 @@ func GetAdminConsoleImages(deployOptions types.DeployOptions) map[string]string rqliteTag, _ := image.GetTag(image.Rqlite) dexTag, _ := image.GetTag(image.Dex) - minioImage := fmt.Sprintf("minio/minio:%s", minioTag) - rqliteImage := fmt.Sprintf("rqlite/rqlite:%s", rqliteTag) - dexImage := fmt.Sprintf("kotsadm/dex:%s", dexTag) + minioImage := image.Minio + rqliteImage := image.Rqlite + dexImage := image.Dex if s := kotsadmversion.KotsadmPullSecret(deployOptions.Namespace, deployOptions.RegistryConfig); s != nil { minioImage = fmt.Sprintf("%s/minio:%s", kotsadmversion.KotsadmRegistry(deployOptions.RegistryConfig), minioTag) @@ -43,12 +43,11 @@ func GetAdminConsoleImages(deployOptions types.DeployOptions) map[string]string } func GetOriginalAdminConsoleImages(deployOptions types.DeployOptions) map[string]string { - dexTag, _ := image.GetTag(image.Dex) // dex image is special; we host a copy return map[string]string{ "kotsadm-migrations": fmt.Sprintf("kotsadm/kotsadm-migrations:%s", kotsadmversion.KotsadmTag(deployOptions.RegistryConfig)), "kotsadm": fmt.Sprintf("kotsadm/kotsadm:%s", kotsadmversion.KotsadmTag(deployOptions.RegistryConfig)), "minio": image.Minio, "rqlite": image.Rqlite, - "dex": fmt.Sprintf("kotsadm/dex:%s", dexTag), + "dex": image.Dex, } } diff --git a/pkg/snapshot/filesystem_minio.go b/pkg/snapshot/filesystem_minio.go index cfebe071bd..07e1048d2a 100644 --- a/pkg/snapshot/filesystem_minio.go +++ b/pkg/snapshot/filesystem_minio.go @@ -269,7 +269,7 @@ func fileSystemMinioDeploymentResource(clientset kubernetes.Interface, secretChe if err != nil { return nil, errors.Wrap(err, "failed to get minio image tag") } - minioImage := fmt.Sprintf("minio/minio:%s", minioTag) + minioImage := fmt.Sprintf("minio/minio:%s", minioTag) // TODO NOW: figure this out imagePullSecrets := []corev1.LocalObjectReference{} isKurl, err := kurl.IsKurl(clientset)