Update Kubernetes to v1.31.1

Signed-off-by: Tommy Xiao <[email protected]>
xiaods · Oct 20, 2024 · 059aa40 · 059aa40
1 parent 0ce6ab5
commit 059aa40
Show file tree

Hide file tree

Showing 54 changed files with 7,135 additions and 1,939 deletions.
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -1,57 +1,64 @@
-ARG GOLANG=golang:1.20.10-alpine3.18
+ARG GOLANG=golang:1.22.6-alpine3.20
 FROM ${GOLANG}
 
-ARG http_proxy=$http_proxy
-ARG https_proxy=$https_proxy
-ARG no_proxy=$no_proxy
-ENV http_proxy=$http_proxy
-ENV https_proxy=$https_proxy
-ENV no_proxy=$no_proxy
-
-RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers \
-    zlib-dev tar zip squashfs-tools npm coreutils python3 openssl-dev libffi-dev libseccomp libseccomp-dev \
-    libseccomp-static make libuv-static sqlite-dev sqlite-static libselinux libselinux-dev zlib-dev zlib-static \
-    zstd pigz alpine-sdk binutils-gold btrfs-progs-dev btrfs-progs-static gawk yq \
-    && \
-    if [ "$(go env GOARCH)" = "amd64" ]; then \
-    apk -U --no-cache add mingw-w64-gcc; \
-    fi
+# Set proxy environment variables
+ARG http_proxy
+ARG https_proxy
+ARG no_proxy
+ENV http_proxy=${http_proxy} \
+    https_proxy=${https_proxy} \
+    no_proxy=${no_proxy}
+
+# Install necessary packages
+RUN apk -U --no-cache add \
+    bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers \
+    zlib-dev tar zip squashfs-tools npm coreutils python3 py3-pip openssl-dev libffi-dev libseccomp \
+    libseccomp-dev libseccomp-static make libuv-static sqlite-dev sqlite-static libselinux \
+    libselinux-dev zlib-dev zlib-static zstd pigz alpine-sdk binutils-gold btrfs-progs-dev \
+    btrfs-progs-static gawk yq pipx \
+    && [ "$(go env GOARCH)" = "amd64" ] && apk -U --no-cache add mingw-w64-gcc || true
 
-RUN TRIVY_VERSION="0.43.1" && \
-    if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \
-        if [ "$(go env GOARCH)" = "arm64" ]; then \
-            # Turn arm64 into uppercase ARM64 for Trivy's download
-            TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
-            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
-            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
-            mv trivy /usr/local/bin; \
-        elif [ "$(go env GOARCH)" = "amd64" ]; then \
-            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
-            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
-            mv trivy /usr/local/bin; \
-        fi \
+# Install Trivy
+ENV TRIVY_VERSION="0.56.2"
+RUN case "$(go env GOARCH)" in \
+    arm64) TRIVY_ARCH="ARM64" ;; \
+    amd64) TRIVY_ARCH="64bit" ;; \
+    s390x) TRIVY_ARCH="s390x" ;; \
+    *) TRIVY_ARCH="" ;; \
+    esac
+RUN if [ -n "${TRIVY_ARCH}" ]; then \ 
+        wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" \
+        && tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" \
+        && mv trivy /usr/local/bin; \
     fi
 
-# this works for both go 1.17 and 1.18
-RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.8.2
+# Install goimports
+RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.11.0
+
+# Cleanup
 RUN rm -rf /go/src /go/pkg
 
+# Install golangci-lint for amd64
 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \
-    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/v1.45.2/install.sh | sh -s;  \
+    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2;  \
     fi
 
+# Set SELINUX environment variable
 ARG SELINUX=true
-ENV SELINUX $SELINUX
+ENV SELINUX=${SELINUX}
 
+# Set Dapper configuration variables
 ENV DAPPER_RUN_ARGS --privileged -v k8e-cache:/go/src/github.com/xiaods/k8e/.cache -v trivy-cache:/root/.cache/trivy
-ENV DAPPER_ENV REPO TAG RELEASE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG GOOS GOARCH DEBUG
-ENV DAPPER_SOURCE /go/src/github.com/xiaods/k8e/
-ENV DAPPER_OUTPUT ./bin ./dist ./build/out ./build/static ./pkg/static ./pkg/deploy
-
-ENV DAPPER_DOCKER_SOCKET true
-ENV HOME ${DAPPER_SOURCE}
-ENV CROSS true
-ENV STATIC_BUILD true
+    DAPPER_ENV REPO TAG RELEASE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG GOOS GOARCH DEBUG
+    DAPPER_SOURCE="/go/src/github.com/xiaods/k8e/" \
+    DAPPER_OUTPUT ./bin ./dist ./build/out ./build/static ./pkg/static ./pkg/deploy \
+    DAPPER_DOCKER_SOCKET=true \
+    CROSS=true \
+    STATIC_BUILD=true
+
+# Set $HOME separately because it refers to $DAPPER_SOURCE, set above
+ENV HOME=${DAPPER_SOURCE}
+
 WORKDIR ${DAPPER_SOURCE}
 
 ENTRYPOINT ["./hack/entry.sh"]

diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@ GO_FILES ?= $$(find . -name '*.go' | grep -v generated)
 
 .dapper:
 	@echo Downloading dapper
-	@curl -sL https://releases.rancher.com/dapper/v0.5.7/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
+	@curl -sL https://releases.rancher.com/dapper/v0.6.0/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
 	@@chmod +x .dapper.tmp
 	@./.dapper.tmp -v
 	@mv .dapper.tmp .dapper

diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 
 	"github.com/docker/docker/pkg/reexec"
-	crictl2 "github.com/kubernetes-sigs/cri-tools/cmd/crictl"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 	"github.com/xiaods/k8e/pkg/cli/agent"
@@ -25,6 +24,7 @@ import (
 	"github.com/xiaods/k8e/pkg/containerd"
 	ctr2 "github.com/xiaods/k8e/pkg/ctr"
 	kubectl2 "github.com/xiaods/k8e/pkg/kubectl"
+	crictl2 "sigs.k8s.io/cri-tools/cmd/crictl"
 )
 
 func init() {
@@ -56,23 +56,23 @@ func main() {
 			token.List,
 			token.Rotate,
 		),
-		cmds.NewEtcdSnapshotCommand(etcdsnapshot.Save,
-			cmds.NewEtcdSnapshotSubcommands(
-				etcdsnapshot.Delete,
-				etcdsnapshot.List,
-				etcdsnapshot.Prune,
-				etcdsnapshot.Save),
+		cmds.NewEtcdSnapshotCommands(
+			etcdsnapshot.Delete,
+			etcdsnapshot.List,
+			etcdsnapshot.Prune,
+			etcdsnapshot.Save,
 		),
-		cmds.NewSecretsEncryptCommand(cli.ShowAppHelp,
-			cmds.NewSecretsEncryptSubcommands(
-				secretsencrypt.Status,
-				secretsencrypt.Enable,
-				secretsencrypt.Disable,
-				secretsencrypt.Prepare,
-				secretsencrypt.Rotate,
-				secretsencrypt.Reencrypt),
+		cmds.NewSecretsEncryptCommands(
+			secretsencrypt.Status,
+			secretsencrypt.Enable,
+			secretsencrypt.Disable,
+			secretsencrypt.Prepare,
+			secretsencrypt.Rotate,
+			secretsencrypt.Reencrypt,
+			secretsencrypt.RotateKeys,
 		),
 		cmds.NewCertCommands(
+			cert.Check,
 			cert.Rotate,
 			cert.RotateCA,
 		),