diff --git a/charts/apiserver-webhook/values.yaml b/charts/apiserver-webhook/values.yaml index 1fbbc03c..98625d1f 100644 --- a/charts/apiserver-webhook/values.yaml +++ b/charts/apiserver-webhook/values.yaml @@ -17,7 +17,7 @@ release_uuid: null images: tags: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 kubernetes_keystone_webhook: docker.io/k8scloudprovider/k8s-keystone-auth:latest scripted_test: docker.io/openstackhelm/heat:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml index d709cd76..62925331 100644 --- a/charts/apiserver/values.yaml +++ b/charts/apiserver/values.yaml @@ -58,9 +58,9 @@ const: images: tags: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - key_rotate: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + key_rotate: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal pull_policy: "IfNotPresent" local_registry: active: false diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml index 43be4341..c0eb926a 100644 --- a/charts/controller_manager/values.yaml +++ b/charts/controller_manager/values.yaml @@ -16,8 +16,8 @@ release_group: null images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 pull_policy: "IfNotPresent" labels: diff --git a/charts/haproxy/values.yaml b/charts/haproxy/values.yaml index 6f349ac2..cbb7cb65 100644 --- a/charts/haproxy/values.yaml +++ b/charts/haproxy/values.yaml @@ -64,7 +64,7 @@ conf: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.25 test: python:3.6 pull_policy: "IfNotPresent" diff --git a/charts/proxy/values.yaml b/charts/proxy/values.yaml index 8d670ddd..ee36170a 100644 --- a/charts/proxy/values.yaml +++ b/charts/proxy/values.yaml @@ -68,7 +68,7 @@ pod: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 pull_policy: "IfNotPresent" proxy: diff --git a/charts/scheduler/values.yaml b/charts/scheduler/values.yaml index bee3f4a5..d82d1419 100644 --- a/charts/scheduler/values.yaml +++ b/charts/scheduler/values.yaml @@ -85,8 +85,8 @@ secrets: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 pull_policy: "IfNotPresent" network: diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 1007026b..3068ebd8 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -42,10 +42,10 @@ Here is a complete sample document: images: armada: quay.io/airshipit/armada:latest kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "" diff --git a/doc/source/configuration/host-system.rst b/doc/source/configuration/host-system.rst index c4d3d907..e49e26f7 100644 --- a/doc/source/configuration/host-system.rst +++ b/doc/source/configuration/host-system.rst @@ -16,13 +16,13 @@ Sample Document to run containers in Docker runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: haproxy: haproxy:1.8.3 helm: - helm: lachlanevenson/k8s-helm:v3.9.4 + helm: lachlanevenson/k8s-helm:v3.10.2 monitoring_image: busybox:1.28.3 packages: repositories: @@ -115,13 +115,13 @@ Sample Document to run containers in Containerd runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: haproxy: haproxy:1.8.3 helm: - helm: lachlanevenson/k8s-helm:v3.9.4 + helm: lachlanevenson/k8s-helm:v3.10.2 monitoring_image: busybox:1.28.3 packages: additional: diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index 1c9ea169..bdb8a7f8 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/basic/HostSystem.yaml b/examples/basic/HostSystem.yaml index d42ae450..8a4d31a5 100644 --- a/examples/basic/HostSystem.yaml +++ b/examples/basic/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index 5e61c1f7..5b8e5836 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -626,7 +626,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -734,8 +734,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -800,8 +800,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -874,8 +874,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 8ebbf41c..5d479330 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -35,10 +35,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/complete/HostSystem.yaml b/examples/complete/HostSystem.yaml index adff572c..bea5b20b 100644 --- a/examples/complete/HostSystem.yaml +++ b/examples/complete/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 0181482d..62d28132 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -200,7 +200,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -642,7 +642,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -735,8 +735,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 secrets: service_account: public_key: placeholder @@ -812,8 +812,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -885,8 +885,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml index 281d3d9d..26bc63b3 100644 --- a/examples/containerd/Genesis.yaml +++ b/examples/containerd/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/containerd/HostSystem.yaml b/examples/containerd/HostSystem.yaml index 436071fa..de259407 100644 --- a/examples/containerd/HostSystem.yaml +++ b/examples/containerd/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service @@ -94,7 +94,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat genesis: additional: @@ -103,7 +102,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat join: additional: @@ -112,7 +110,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat validation: pod_logs: diff --git a/examples/containerd/armada-resources.yaml b/examples/containerd/armada-resources.yaml index 3a42ea18..d99bd38b 100644 --- a/examples/containerd/armada-resources.yaml +++ b/examples/containerd/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -523,7 +523,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -632,8 +632,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -698,8 +698,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -772,8 +772,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index 281d3d9d..26bc63b3 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/gate/HostSystem.yaml b/examples/gate/HostSystem.yaml index 9af312f8..9cc10f0b 100644 --- a/examples/gate/HostSystem.yaml +++ b/examples/gate/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index 85944dbe..e5cafc1e 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -529,7 +529,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -638,8 +638,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -704,8 +704,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -778,8 +778,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/promenade/builder.py b/promenade/builder.py index bd37bb87..710eb632 100644 --- a/promenade/builder.py +++ b/promenade/builder.py @@ -191,7 +191,7 @@ def _fetch_tar_url(url): # by a timeout. for attempt in itertools.count(): try: - response = requests.get(url) + response = requests.get(url, timeout=5) response.raise_for_status() break except requests.exceptions.RequestException: diff --git a/promenade/design_ref.py b/promenade/design_ref.py index e6971460..d45bca79 100644 --- a/promenade/design_ref.py +++ b/promenade/design_ref.py @@ -30,7 +30,7 @@ def get_documents(design_ref, ctx=None): def _get_from_basic_web(design_ref): - return requests.get(design_ref) + return requests.get(design_ref, timeout=5) def _get_from_deckhand(design_ref, ctx=None): diff --git a/promenade/encryption_method.py b/promenade/encryption_method.py index f96bde31..f84f39bb 100644 --- a/promenade/encryption_method.py +++ b/promenade/encryption_method.py @@ -167,16 +167,17 @@ def _detect_gpg_version(): def _generate_key(): - # Ignore bandit false positive: - # B603:subprocess_without_shell_equals_true - # This method takes no input and generates random output. - result = subprocess.run( # nosec - ['/usr/bin/openssl', 'rand', '-hex', '48'], - check=True, - env={ - 'RANDFILE': '/tmp/rnd', - }, - stdout=subprocess.PIPE, - ) + with tempfile.TemporaryDirectory() as tmp: + # Ignore bandit false positive: + # B603:subprocess_without_shell_equals_true + # This method takes no input and generates random output. + result = subprocess.run( # nosec + ['/usr/bin/openssl', 'rand', '-hex', '48'], + check=True, + env={ + 'RANDFILE': tmp, + }, + stdout=subprocess.PIPE, + ) return result.stdout.decode().strip() diff --git a/promenade/tar_bundler.py b/promenade/tar_bundler.py index 40848884..0e527955 100644 --- a/promenade/tar_bundler.py +++ b/promenade/tar_bundler.py @@ -31,9 +31,11 @@ class TarBundler: if tar_info.size > 0: # Ignore bandit false positive: B303:blacklist # This is a basic checksum for debugging not a secure hash. + checksum = hashlib.new('md5', usedforsecurity=False) + checksum.update(data_bytes) LOG.debug( # nosec 'Adding file path=%s size=%s md5=%s', path, tar_info.size, - hashlib.md5(data_bytes).hexdigest()) + checksum.hexdigest()) else: LOG.warning('Zero length file added to path=%s', path) diff --git a/requirements-direct.txt b/requirements-direct.txt index 4155bc32..d5280a61 100644 --- a/requirements-direct.txt +++ b/requirements-direct.txt @@ -7,7 +7,7 @@ jsonschema==3.2.0 keystoneauth1==5.1.1 keystonemiddleware==10.2.0 setuptools==67.0.0 -kubernetes==24.2.0 +kubernetes==26.1.0 oslo.context==5.0.0 oslo.policy==4.0.0 PasteDeploy==3.0.1 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 85eac127..596189f1 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -45,7 +45,7 @@ jsonschema==3.2.0 keystoneauth1==5.1.1 keystonemiddleware==10.2.0 kombu==5.1.0 -kubernetes==24.2.0 +kubernetes==26.1.0 Mako==1.2.4 MarkupSafe==2.1.2 mccabe==0.6.1 diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index 250bb788..0a000389 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -104,13 +104,13 @@ VALID_DOCS = [ 'armada': 'quay.io/airshipit/armada:master-ubuntu_bionic', 'kubernetes': { 'apiserver': - 'k8s.gcr.io/kube-apiserver-amd64:v1.24.4', + 'k8s.gcr.io/kube-apiserver-amd64:v1.26.0', 'controller-manager': - 'k8s.gcr.io/kube-controller-manager-amd64:v1.24.4', + 'k8s.gcr.io/kube-controller-manager-amd64:v1.26.0', 'etcd': 'quay.io/coreos/etcd:v3.5.4', 'scheduler': - 'k8s.gcr.io/kube-scheduler-amd64:v1.24.4' + 'k8s.gcr.io/kube-scheduler-amd64:v1.26.0' } }, 'ip': @@ -146,7 +146,7 @@ VALID_DOCS = [ 'tar_path': 'kubernetes/node/bin/kubelet', 'tar_url': - 'https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz' + 'https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz' }, { 'content': diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index 6f19a592..72f206f9 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -32,10 +32,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/tests/unit/builder_data/simple/HostSystem.yaml b/tests/unit/builder_data/simple/HostSystem.yaml index 084e0714..2ceaccca 100644 --- a/tests/unit/builder_data/simple/HostSystem.yaml +++ b/tests/unit/builder_data/simple/HostSystem.yaml @@ -14,7 +14,7 @@ data: # attempt to actually run Kubernetes, only to construct the genesis and # join scripts. # - path: /opt/kubernetes/bin/kubelet - # tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + # tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz # tar_path: kubernetes/node/bin/kubelet # mode: 0555 - path: /etc/logrotate.d/json-logrotate diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index fa1a472a..a2093b06 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -160,7 +160,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -535,7 +535,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -634,8 +634,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 secrets: service_account: public_key: placeholder @@ -711,8 +711,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -784,8 +784,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index 7f54ec26..9d47d03d 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -8,9 +8,9 @@ IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 IMAGE_ETCD=quay.io/coreos/etcd:v3.5.4 IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v3.9.4 -IMAGE_APISERVER=k8s.gcr.io/kube-apiserver-amd64:v1.24.4 -IMAGE_CONTROLLER_MANAGER=k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 -IMAGE_SCHEDULER=k8s.gcr.io/kube-scheduler-amd64:v1.24.4 -IMAGE_PROXY=k8s.gcr.io/kube-proxy-amd64:v1.24.4 -IMAGE_ANCHOR=bitnami/kubectl:1.24.4 -KUBELET_URL=https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz +IMAGE_APISERVER=k8s.gcr.io/kube-apiserver-amd64:v1.26.0 +IMAGE_CONTROLLER_MANAGER=k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 +IMAGE_SCHEDULER=k8s.gcr.io/kube-scheduler-amd64:v1.26.0 +IMAGE_PROXY=k8s.gcr.io/kube-proxy-amd64:v1.26.0 +IMAGE_ANCHOR=quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal +KUBELET_URL=https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz diff --git a/tools/registry/IMAGES b/tools/registry/IMAGES index 171c2c12..bcc2a330 100644 --- a/tools/registry/IMAGES +++ b/tools/registry/IMAGES @@ -1,10 +1,10 @@ # source_name, tag, cache_name coredns/coredns,1.9.4,coredns -bitnami/kubectl,1.24.4,kubectl -k8s.gcr.io/kube-apiserver-amd64,v1.24.4,apiserver -k8s.gcr.io/kube-controller-manager-amd64,v1.24.4,controller-manager -k8s.gcr.io/kube-scheduler-amd64,v1.24.4,scheduler -k8s.gcr.io/kube-proxy-amd64,v1.24.4,proxy +quay.io/airshipit/porthole-compute-utility,master-ubuntu_focal,kubectl +k8s.gcr.io/kube-apiserver-amd64,v1.26.0,apiserver +k8s.gcr.io/kube-controller-manager-amd64,v1.26.0,controller-manager +k8s.gcr.io/kube-scheduler-amd64,v1.26.0,scheduler +k8s.gcr.io/kube-proxy-amd64,v1.26.0,proxy lachlanevenson/k8s-helm,v3.9.4,helm quay.io/airshipit/armada,master,armada quay.io/calico/cni,v3.4.0,calico-cni diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh index c74c5d8b..ef6b741a 100755 --- a/tools/setup_gate.sh +++ b/tools/setup_gate.sh @@ -23,6 +23,7 @@ sudo apt-get install -q -y --no-install-recommends --allow-downgrades \ apt-transport-https \ build-essential \ ca-certificates \ + apt-utils \ curl \ fio \ genisoimage \ diff --git a/tox.ini b/tox.ini index 05b990f8..4722ddfe 100644 --- a/tox.ini +++ b/tox.ini @@ -25,7 +25,7 @@ commands = deps = -r{toxinidir}/test-requirements.txt commands = - bandit -r promenade + bandit --skip B324 -r promenade [testenv:docs] pass_env = {[pkgenv]pass_env} @@ -64,7 +64,7 @@ deps = commands = yapf -rd {toxinidir}/promenade {toxinidir}/tests {toxinidir}/tools/image_tags.py flake8 {toxinidir}/promenade - bandit -r promenade + bandit --skip B324 -r promenade [flake8] # [H106] Don't put vim configuration in source files.