From 7ea7c07e7b7d787a5e27a8958b78a5b5de6febfb Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 10:36:15 -0400 Subject: [PATCH 1/7] Remove kubectl related steps --- Makefile | 5 +++-- hack/make/deps.mk | 6 ------ hack/test | 1 - package/Dockerfile | 21 +++++++++------------ 4 files changed, 12 insertions(+), 21 deletions(-) diff --git a/Makefile b/Makefile index cfafdbb..56a6ba5 100644 --- a/Makefile +++ b/Makefile @@ -21,9 +21,10 @@ clean: ## clean up project. test: test-build ## test the build against all target platforms. $(MAKE) build-image IMAGE=$(IMAGE) \ - KUBECTL_VERSION=$(KUBECTL_VERSION) HELM_VERSION=$(HELM_VERSION) \ - KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) K9S_VERSION=$(K9S_VERSION) \ ./hack/test + HELM_VERSION=$(HELM_VERSION) \ + KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) \ + K9S_VERSION=$(K9S_VERSION) \ test-build: # Instead of loading image, target all platforms, effectivelly testing diff --git a/hack/make/deps.mk b/hack/make/deps.mk index 7674fa8..5f9e4e8 100644 --- a/hack/make/deps.mk +++ b/hack/make/deps.mk @@ -1,11 +1,6 @@ # renovate: datasource=github-release-attachments depName=rancher/helm HELM_VERSION := v3.15.1-rancher2 -KUBECTL_VERSION := v1.29.8 -KUBECTL_SUM_arm64 ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/arm64/kubectl.sha256") -KUBECTL_SUM_amd64 ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/amd64/kubectl.sha256") -KUBECTL_SUM_s390x ?= $(shell curl -L "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/s390x/kubectl.sha256") - # renovate: datasource=github-release-attachments depName=kubernetes-sigs/kustomize extractVersion=kustomize/v(?\d+\.\d+\.\d+) KUSTOMIZE_VERSION := v5.4.3 # renovate: datasource=github-release-attachments depName=kubernetes-sigs/kustomize versioning=regex:^kustomize/v(?\d+)\.(?\d+)\.(?\d+)$ digestVersion=kustomize/v5.4.1 @@ -26,6 +21,5 @@ K9S_SUM_s390x := 8aea75262492a699c150833cafc65465541c74becc1b0236b4a7e368f5bd512 # Reduces the code duplication on Makefile by keeping all args into a single variable. IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \ - --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) --build-arg KUBECTL_SUM_arm64=$(KUBECTL_SUM_arm64) --build-arg KUBECTL_SUM_amd64=$(KUBECTL_SUM_amd64) --build-arg KUBECTL_SUM_s390x=$(KUBECTL_SUM_s390x) \ --build-arg KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) --build-arg KUSTOMIZE_SUM_arm64=$(KUSTOMIZE_SUM_arm64) --build-arg KUSTOMIZE_SUM_amd64=$(KUSTOMIZE_SUM_amd64) --build-arg KUSTOMIZE_SUM_s390x=$(KUSTOMIZE_SUM_s390x) \ --build-arg K9S_VERSION=$(K9S_VERSION) --build-arg K9S_SUM_arm64=$(K9S_SUM_arm64) --build-arg K9S_SUM_amd64=$(K9S_SUM_amd64) --build-arg K9S_SUM_s390x=$(K9S_SUM_s390x) diff --git a/hack/test b/hack/test index fc40c58..056a22e 100755 --- a/hack/test +++ b/hack/test @@ -34,7 +34,6 @@ function check_files(){ expected_file "/usr/local/bin/helm" "0:0" "755" expected_file "/usr/local/bin/helm-cmd" "0:0" "755" expected_file "/usr/local/bin/k9s" "0:0" "755" - expected_file "/usr/local/bin/kubectl" "0:0" "755" expected_file "/usr/local/bin/kustomize" "0:0" "755" expected_file "/usr/local/bin/welcome" "0:0" "755" expected_file "/home/shell/kustomize.sh" "1000:1000" "755" diff --git a/package/Dockerfile b/package/Dockerfile index 76d4fd5..d533877 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -24,18 +24,15 @@ FROM --platform=$BUILDPLATFORM registry.suse.com/bci/bci-base:${BCI_VERSION} AS RUN zypper -n install curl gzip tar # Define build arguments -ARG KUBECTL_VERSION KUBECTL_SUM_arm64 KUBECTL_SUM_amd64 KUBECTL_SUM_s390x \ - KUSTOMIZE_VERSION KUSTOMIZE_SUM_arm64 KUSTOMIZE_SUM_amd64 KUSTOMIZE_SUM_s390x \ - K9S_VERSION K9S_SUM_arm64 K9S_SUM_amd64 K9S_SUM_s390x - +ARG KUSTOMIZE_VERSION +ARG KUSTOMIZE_SUM_arm64 +ARG KUSTOMIZE_SUM_amd64 +ARG KUSTOMIZE_SUM_s390x +ARG K9S_VERSION +ARG K9S_SUM_arm64 +ARG K9S_SUM_amd64 +ARG K9S_SUM_s390x ARG TARGETARCH -# Stage kubectl into build -ADD --chown=root:root --chmod=0755 \ - "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" \ - /kubectl - -ENV KUBECTL_SUM="KUBECTL_SUM_${TARGETARCH}" -RUN echo "${!KUBECTL_SUM} /kubectl" | sha256sum -c - # Stage kubectl into build ENV KUSTOMIZE_SUM="KUSTOMIZE_SUM_${TARGETARCH}" @@ -84,7 +81,7 @@ FROM scratch COPY --from=zypper /chroot / COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/ -COPY --chown=root:root --chmod=0755 --from=build /kubectl /k9s /kustomize* /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=build /k9s /kustomize* /usr/local/bin/ COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome /usr/local/bin/ COPY --chown=1000:1000 --chmod=0755 package/kustomize.sh /home/shell/ From c661f2ec96a9441d81c8acd0407fc0f397fc1062 Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 10:36:55 -0400 Subject: [PATCH 2/7] Add kubectl back via kuberlr --- Makefile | 5 ++++- hack/test | 5 ++++- package/Dockerfile | 9 +++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 56a6ba5..5167f28 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,9 @@ REPO ?= rancher IMAGE = $(REPO)/shell:$(TAG) BUILD_ACTION = --load +# Should always be the highest one in image +TEST_KUBECTL_VERSION := 1.30.4 + .DEFAULT_GOAL := ci ci: test validate e2e ## run the targets needed to validate a PR in CI. @@ -21,10 +24,10 @@ clean: ## clean up project. test: test-build ## test the build against all target platforms. $(MAKE) build-image IMAGE=$(IMAGE) \ - ./hack/test HELM_VERSION=$(HELM_VERSION) \ KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) \ K9S_VERSION=$(K9S_VERSION) \ + ./hack/test $(TEST_KUBECTL_VERSION) test-build: # Instead of loading image, target all platforms, effectivelly testing diff --git a/hack/test b/hack/test index 056a22e..bd426f2 100755 --- a/hack/test +++ b/hack/test @@ -4,6 +4,7 @@ set -eo pipefail RUNNER="${RUNNER:-docker}" IMAGE="${IMAGE:-rancher/shell:dev}" +TEST_KUBECTL_VERSION="${1}" function run(){ "${RUNNER}" run --rm "${IMAGE}" $1 @@ -31,6 +32,8 @@ function expected_file(){ function check_files(){ echo "checking expected binaries:" + expected_file "/bin/kuberlr" "0:0" "755" + expected_file "/bin/kubectl" "0:0" "777" expected_file "/usr/local/bin/helm" "0:0" "755" expected_file "/usr/local/bin/helm-cmd" "0:0" "755" expected_file "/usr/local/bin/k9s" "0:0" "755" @@ -65,7 +68,7 @@ function check_versions(){ expected_version "k9s" "${K9S_VERSION}" # --client=true is used so that it does not fail trying to # identify the server version. - expected_version "kubectl --client=true" "${KUBECTL_VERSION}" + expected_version "kubectl --client=true" "${TEST_KUBECTL_VERSION}" } function main(){ diff --git a/package/Dockerfile b/package/Dockerfile index d533877..45fad67 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,5 +1,6 @@ ARG BCI_VERSION=15.6 FROM registry.suse.com/bci/bci-busybox:${BCI_VERSION} AS final +FROM rancher/kuberlr-kubectl:head AS kuberlr # Image that provides cross compilation tooling. FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 AS xx @@ -74,6 +75,11 @@ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /chroot/etc/passwd echo 'LANG=en_US.UTF-8' >> /chroot/home/shell/.bashrc && \ echo 'PS1="> "' >> /chroot/home/shell/.bashrc && \ mkdir /chroot/home/shell/.kube && \ + mkdir /chroot/home/shell/.kuberlr && \ + touch /chroot/home/shell/.kuberlr/kuberlr.conf && \ + echo "AllowDownload = false" >> /chroot/home/shell/.kuberlr/kuberlr.conf && \ + echo 'SystemPath = "/usr/local/bin"' >> /chroot/home/shell/.kuberlr/kuberlr.conf && \ + echo "Timeout = 6" >> /chroot/home/shell/.kuberlr/kuberlr.conf && \ chown -R 1000:1000 /chroot/home/shell && \ chmod 700 /chroot/run @@ -82,6 +88,9 @@ FROM scratch COPY --from=zypper /chroot / COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/ COPY --chown=root:root --chmod=0755 --from=build /k9s /kustomize* /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=kuberlr /usr/bin/kubectl* /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=kuberlr /bin/kuberlr /bin/ +RUN ln -s /bin/kuberlr /bin/kubectl COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome /usr/local/bin/ COPY --chown=1000:1000 --chmod=0755 package/kustomize.sh /home/shell/ From f23171f9e17938a36493182f00d8962ab8875acd Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 11:27:39 -0400 Subject: [PATCH 3/7] Drop s390x support as k8s did as well --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5167f28..569aa62 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ include hack/make/deps.mk include hack/make/build.mk # Define target platforms, image builder and the fully qualified image name. -TARGET_PLATFORMS ?= linux/amd64,linux/arm64,linux/s390x +TARGET_PLATFORMS ?= linux/amd64,linux/arm64 REPO ?= rancher IMAGE = $(REPO)/shell:$(TAG) From 61036385c25b711e5586d44e0f36a4f314c746ac Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 11:27:54 -0400 Subject: [PATCH 4/7] Bump kubectl version for test to match proper main --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 569aa62..6114d4d 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ IMAGE = $(REPO)/shell:$(TAG) BUILD_ACTION = --load # Should always be the highest one in image -TEST_KUBECTL_VERSION := 1.30.4 +TEST_KUBECTL_VERSION := 1.31.0 .DEFAULT_GOAL := ci ci: test validate e2e ## run the targets needed to validate a PR in CI. From a13b78c6045d67036e888dc4df39649ae9f6597a Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 12:10:56 -0400 Subject: [PATCH 5/7] only use secrets on rancher repo (cherry picked from commit f917f31c7fe9d9c19d9dcc95156b90bc8441482e) --- .github/workflows/head-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/head-build.yml b/.github/workflows/head-build.yml index fdf4f67..466e859 100644 --- a/.github/workflows/head-build.yml +++ b/.github/workflows/head-build.yml @@ -47,6 +47,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Load Secrets from Vault + if: ${{ github.repository == 'rancher/shell' }} uses: rancher-eio/read-vault-secrets@main with: secrets: | From 5bfcdb605e0243dd905e918fe6e9e6580798f90f Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 3 Sep 2024 12:22:38 -0400 Subject: [PATCH 6/7] Remove s390x from release workflow too --- .github/workflows/release.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a5a0ee..57f7c2d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,19 +19,16 @@ jobs: matrix: include: # Four images are created: - # - Multi-arch manifest for amd64, arm64 and s390x + # - Multi-arch manifest for amd64, and arm64 - tag-suffix: "" - platforms: linux/amd64,linux/arm64,linux/s390x + platforms: linux/amd64,linux/arm64 # - arm64 manifest - tag-suffix: "-arm64" platforms: linux/arm64 # - amd64 manifest - tag-suffix: "-amd64" platforms: linux/amd64 - # - s390x manifest - - tag-suffix: "-s390x" - platforms: linux/s390x - + steps: - name: Checkout code uses: actions/checkout@v4 From 0c1496c0c812d6bfc7613c7ce17dae7132cd545d Mon Sep 17 00:00:00 2001 From: Dan Pock Date: Tue, 10 Sep 2024 17:42:22 -0400 Subject: [PATCH 7/7] remove undefined e2e action --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6114d4d..3cf76ff 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ BUILD_ACTION = --load TEST_KUBECTL_VERSION := 1.31.0 .DEFAULT_GOAL := ci -ci: test validate e2e ## run the targets needed to validate a PR in CI. +ci: test validate ## run the targets needed to validate a PR in CI. clean: ## clean up project. rm -rf build