airship/kubernetes-entrypoint
Code Issues Proposed changes

Update to ubuntu_jammy to fix CVEs

Browse Source 
Change-Id: I2ceead5260df6c818cf9fbdac0603c2692b87d72
This commit is contained in:
Sergiy Markin 2024-10-15 03:28:14 +00:00
parent 4fbcf7ce32
commit 209939f02b
15 changed files with 164 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Makefile
View File

@ -13,8 +13,10 @@ LABEL ?= org.airshipit.build=community
COMMIT ?= $(shell git rev-parse HEAD)
PYTHON = python3
CHARTS := $(filter-out deps, $(patsubst charts/%/.,%,$(wildcard charts/*/.)))
DISTRO ?= ubuntu_focal
DISTRO ?= ubuntu_jammy
DISTRO_ALIAS ?= ubuntu_focal
IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO}
IMAGE_ALIAS := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO_ALIAS}
UBUNTU_BASE_IMAGE ?=
# VERSION INFO
@ -115,10 +117,18 @@ else
--build-arg MAKE_TARGET=$(MAKE_TARGET) \
$(_BASE_IMAGE_ARG) .
endif
ifeq ($(PUSH_IMAGE), true)
@docker push $(IMAGE)
ifneq ($(DISTRO), $(DISTRO_ALIAS))
docker tag $(IMAGE) $(IMAGE_ALIAS)
ifeq ($(DOCKER_REGISTRY), localhost:5000)
docker push $(IMAGE_ALIAS)
endif
endif
ifeq ($(DOCKER_REGISTRY), localhost:5000)
docker push $(IMAGE)
endif
ifeq ($(PUSH_IMAGE), true)
docker push $(IMAGE)
endif
check-docker:
@if [ -z $$(which docker) ]; then \

BIN
bin/kubernetes-entrypoint Executable file
View File

Binary file not shown.

21
go.mod
View File

@ -1,6 +1,8 @@
module opendev.org/airship/kubernetes-entrypoint
go 1.21
go 1.22.0
toolchain go1.23.1
require (
github.com/golangci/golangci-lint v1.18.0
@ -84,17 +86,18 @@ require (
github.com/spf13/viper v1.0.2 // indirect
github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec // indirect
github.com/ultraware/funlen v0.0.1 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/mod v0.21.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.12.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.31.0 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/fsnotify.v1 v1.4.7 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect

36
go.sum
View File

@ -234,12 +234,12 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -249,32 +249,32 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -291,8 +291,8 @@ golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss=
golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -301,8 +301,8 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/airbrake/gobrake.v2 v2.0.9 h1:7z2uVWwn7oVeeugY1DtlPAy5H+KYgB1KeKTnqjNatLo=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

38
images/Dockerfile.ubuntu_jammy Normal file
View File

@ -0,0 +1,38 @@
ARG FROM=ubuntu:jammy
# Build the manager binary
FROM golang:1.23-bullseye as builder
ARG TARGETOS
ARG TARGETARCH
SHELL [ "/bin/bash", "-cex" ]
ADD . /usr/src/kubernetes-entrypoint
WORKDIR /usr/src/kubernetes-entrypoint
ENV GO111MODULE=on
RUN make get-modules
ARG MAKE_TARGET=build
RUN make ${MAKE_TARGET}
FROM ${FROM} as release
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
org.opencontainers.image.url='https://airshipit.org' \
org.opencontainers.image.documentation='https://docs.airshipit.org/kubernetes-entrypoint' \
org.opencontainers.image.source='https://opendev.org/airship/kubernetes-entrypoint' \
org.opencontainers.image.vendor='The Airship Authors' \
org.opencontainers.image.licenses='Apache-2.0'
ENV DEBIAN_FRONTEND noninteractive
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
COPY --from=builder /usr/src/kubernetes-entrypoint/bin/kubernetes-entrypoint /usr/local/bin/kubernetes-entrypoint
RUN apt update \
&& apt install -y --no-install-recommends coreutils
USER 65534
ENTRYPOINT [ "/usr/local/bin/kubernetes-entrypoint" ]

31
playbooks/checkout-treasuremap-ref.yaml Normal file
View File

@ -0,0 +1,31 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
tasks:
- name: Checkout treasuremap ref
shell: |
set -xe;
: "${TREASUREMAP_REF:=v1.9}"
cd ../treasuremap
git fetch https://review.opendev.org/airship/treasuremap ${TREASUREMAP_REF} && git checkout FETCH_HEAD
args:
chdir: "{{ zuul.project.src_dir }}"
environment:
TREASUREMAP_REF: "{{ treasuremap_ref }}"
...

2
playbooks/deploy-env.yaml
View File

@ -18,11 +18,11 @@
roles:
- ensure-python
- ensure-pip
- ensure-tox
- clear-firewall
- deploy-apparmor
- deploy-selenium
- deploy-env
- ensure-tox
tasks:
- name: Install Packaging python module for tools/airship

3
playbooks/docker-image-build.yaml
View File

@ -52,7 +52,6 @@
block:
- pip:
name: docker
version: 4.4.4
executable: pip3
become: True
@ -60,7 +59,6 @@
block:
- pip:
name: tox
version: 3.28.0
executable: pip3
become: True
@ -102,6 +100,7 @@
username: "{{ airship_kubernetes_entrypoint_quay_creds.username }}"
password: "{{ airship_kubernetes_entrypoint_quay_creds.password }}"
registry_url: "https://quay.io/api/v1/"
api_version: "1.43"
- make:
chdir: "{{ zuul.project.src_dir }}"

4
roles/airship-run-script-set/defaults/main.yaml
View File

@ -19,12 +19,12 @@ osh_params:
container_distro_version: focal
# feature_gates:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz
HTK_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_INFRA_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_COMMIT: 176b412072969f982386db9560b6f50fcb7e0148
COREDNS_VERSION: v1.11.1
DISTRO: ubuntu_focal
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: quay.io
CLONE_ARMADA: true
CLONE_ARMADA_GO: true

4
roles/airship-run-script-set/tasks/main.yaml
View File

@ -35,12 +35,12 @@
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
PL_SITE: "{{ site | default('airskiff') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz') }}"
HTK_COMMIT: "{{ HTK_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}"
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}"
OSH_COMMIT: "{{ OSH_COMMIT | default('176b412072969f982386db9560b6f50fcb7e0148') }}"
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
DISTRO: "{{ DISTRO | default('ubuntu_focal') }}"
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"

4
roles/airship-run-script/defaults/main.yaml
View File

@ -19,12 +19,12 @@ osh_params:
container_distro_version: focal
# feature_gates:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz
HTK_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_INFRA_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_COMMIT: 176b412072969f982386db9560b6f50fcb7e0148
COREDNS_VERSION: v1.11.1
DISTRO: ubuntu_focal
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: quay.io
CLONE_ARMADA: true

4
roles/airship-run-script/tasks/main.yaml
View File

@ -32,12 +32,12 @@
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
PL_SITE: "{{ site | default('airskiff') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz') }}"
HTK_COMMIT: "{{ HTK_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}"
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}"
OSH_COMMIT: "{{ OSH_COMMIT | default('176b412072969f982386db9560b6f50fcb7e0148') }}"
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
DISTRO: "{{ DISTRO | default('ubuntu_focal') }}"
DISTRO: "{{ DISTRO | default('ubuntu_jammy') }}"
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
CLONE_ARMADA_GO: "{{ CLONE_ARMADA_GO | default('true') }}"

57
zuul.d/jobs.yaml
View File

@ -14,7 +14,7 @@
name: airship-kubernetes-entrypoint-lint-unit
pre-run: playbooks/airship-kubernetes-entrypoint-deploy-docker.yaml
run: playbooks/airship-kubernetes-entrypoint-lint-unit.yaml
nodeset: airship-kubernetes-entrypoint-single-node-focal
nodeset: airship-kubernetes-entrypoint-single-node-jammy
- job:
@ -22,14 +22,14 @@
timeout: 3600
pre-run: playbooks/airship-kubernetes-entrypoint-deploy-docker.yaml
run: playbooks/airship-kubernetes-entrypoint-lint.yaml
nodeset: airship-kubernetes-entrypoint-single-node-focal
nodeset: airship-kubernetes-entrypoint-single-node-jammy
- job:
name: airship-kubernetes-entrypoint-unit
timeout: 3600
pre-run: playbooks/airship-kubernetes-entrypoint-deploy-docker.yaml
run: playbooks/airship-kubernetes-entrypoint-unit.yaml
nodeset: airship-kubernetes-entrypoint-single-node-focal
nodeset: airship-kubernetes-entrypoint-single-node-jammy
- job:
name: airship-kubernetes-entrypoint-base
@ -40,6 +40,7 @@
required-projects:
- name: openstack/openstack-helm
- name: openstack/openstack-helm-infra
- name: openstack/openstack-helm-plugin
- name: airship/treasuremap
override-checkout: v1.9
irrelevant-files: &irrelevant-files
@ -51,6 +52,7 @@
- ^deckhand/tests/unit/.*$
timeout: 10800
pre-run:
- playbooks/checkout-treasuremap-ref.yaml
- playbooks/prepare-hosts.yaml
- playbooks/mount-volumes.yaml
- playbooks/deploy-env.yaml
@ -59,6 +61,7 @@
post-run:
- playbooks/osh-infra-collect-logs.yaml
vars:
treasuremap_ref: v1.9
extra_volume:
size: 80G
type: Linux
@ -68,21 +71,23 @@
containerd:
root_path: "/opt/ext_vol/containerd"
kubeadm:
pod_network_cidr: "10.244.0.0/24"
pod_network_cidr: "10.244.0.0/16"
service_cidr: "10.96.0.0/16"
osh_plugin_repo: "{{ zuul.project.src_dir }}/../../openstack/openstack-helm-plugin"
loopback_setup: true
loopback_device: /dev/loop100
loopback_image: "/opt/ext_vol/openstack-helm/ceph-loop.img"
ceph_osd_data_device: /dev/loop100
kube_version_repo: "v1.29"
# the list of k8s package versions are available here
# https://pkgs.k8s.io/core:/stable:/{{ kube_version_repo }}/deb/Packages
kube_version: "1.29.2-1.1"
calico_version: "v3.27.0"
coredns_version: "v1.11.1"
helm_version: "v3.13.2"
yq_version: "v4.6.0"
crictl_version: "v1.26.1"
kube_version_repo: "v1.30"
kube_version: "1.30.3-1.1"
calico_setup: true
calico_version: "v3.27.4"
cilium_setup: false
cilium_version: "1.16.0"
flannel_setup: false
flannel_version: v0.25.4
helm_version: "v3.15.4"
crictl_version: "v1.30.1"
zuul_osh_relative_path: ../../openstack/openstack-helm
zuul_osh_infra_relative_path: ../../openstack/openstack-helm-infra
zuul_treasuremap_relative_path: ../../airship/treasuremap
@ -90,19 +95,19 @@
run_helm_tests: "no"
- job:
name: airship-kubernetes-entrypoint-airskiff-deployment-focal
nodeset: treasuremap-airskiff-1node-ubuntu_focal
name: airship-kubernetes-entrypoint-airskiff-deployment-jammy
nodeset: treasuremap-airskiff-1node-ubuntu_jammy
description: |
Deploy Memcached using Airskiff and submitted kubernetes-entrypoint changes.
parent: airship-kubernetes-entrypoint-base
vars:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz
HTK_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_INFRA_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40
OSH_COMMIT: 176b412072969f982386db9560b6f50fcb7e0148
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz
HTK_COMMIT: 43fd7143481b6ddda0dbd2f26bf6ec39a417b15b
OSH_INFRA_COMMIT: 43fd7143481b6ddda0dbd2f26bf6ec39a417b15b
OSH_COMMIT: 540df5cb0dbdaed63c202e2d6f2b7891062f8203
CLONE_KUBERNETES_ENTRYPOINT: false
DISTRO: ubuntu_focal
DISTRO: ubuntu_jammy
DOCKER_REGISTRY: localhost:5000
MAKE_KUBERTENES_ENTRYPOINT_IMAGES: true
USE_ARMADA_GO: true
@ -127,28 +132,28 @@
- job:
name: airship-kubernetes-entrypoint-docker-build-gate-ubuntu_focal
name: airship-kubernetes-entrypoint-docker-build-gate-ubuntu_jammy
timeout: 3600
run: playbooks/docker-image-build.yaml
nodeset: airship-kubernetes-entrypoint-single-node-focal
nodeset: airship-kubernetes-entrypoint-single-node-jammy
vars:
publish: false
distro: ubuntu_focal
distro: ubuntu_jammy
tags:
dynamic:
patch_set: true
- job:
name: airship-kubernetes-entrypoint-docker-publish-ubuntu_focal
name: airship-kubernetes-entrypoint-docker-publish-ubuntu_jammy
timeout: 3600
run: playbooks/docker-image-build.yaml
nodeset: airship-kubernetes-entrypoint-single-node-focal
nodeset: airship-kubernetes-entrypoint-single-node-jammy
secrets:
- airship_kubernetes_entrypoint_quay_creds
vars:
publish: true
distro: ubuntu_focal
distro: ubuntu_jammy
tags:
dynamic:
branch: true

6
zuul.d/nodesets.yaml
View File

@ -21,3 +21,9 @@
nodes:
- name: primary
label: ubuntu-focal
- nodeset:
name: airship-kubernetes-entrypoint-single-node-jammy
nodes:
- name: primary
label: ubuntu-jammy

8
zuul.d/projects.yaml
View File

@ -15,15 +15,15 @@
jobs:
- airship-kubernetes-entrypoint-lint
- airship-kubernetes-entrypoint-unit
- airship-kubernetes-entrypoint-docker-build-gate-ubuntu_focal
- airship-kubernetes-entrypoint-airskiff-deployment-focal
- airship-kubernetes-entrypoint-docker-build-gate-ubuntu_jammy
- airship-kubernetes-entrypoint-airskiff-deployment-jammy
gate:
jobs:
- airship-kubernetes-entrypoint-lint
- airship-kubernetes-entrypoint-unit
- airship-kubernetes-entrypoint-docker-build-gate-ubuntu_focal
- airship-kubernetes-entrypoint-docker-build-gate-ubuntu_jammy
post:
jobs:
- airship-kubernetes-entrypoint-upload-git-mirror
- airship-kubernetes-entrypoint-docker-publish-ubuntu_focal
- airship-kubernetes-entrypoint-docker-publish-ubuntu_jammy