From 27a8b0d798751f8d737bd3d779ef47b0bc889543 Mon Sep 17 00:00:00 2001 From: "SPEARS, DUSTIN (ds443n)" Date: Thu, 29 Dec 2022 16:43:47 -0500 Subject: [PATCH] k8s upgrade to 1.26.0 upgrades kubernetes client to v1.26.0 remove installation of containerd during genesis.sh to prevent containerd downgrade update bitnami kubectl image to image with curl installed for readiness check Change-Id: I3afd5a7e7211bae3f52263167a62a012da0619a0 --- charts/apiserver-webhook/values.yaml | 2 +- charts/apiserver/values.yaml | 6 ++--- charts/controller_manager/values.yaml | 4 ++-- charts/haproxy/values.yaml | 2 +- charts/proxy/values.yaml | 2 +- charts/scheduler/values.yaml | 4 ++-- doc/source/configuration/genesis.rst | 6 ++--- doc/source/configuration/host-system.rst | 8 +++---- examples/basic/Genesis.yaml | 6 ++--- examples/basic/HostSystem.yaml | 4 ++-- examples/basic/armada-resources.yaml | 16 ++++++------- examples/complete/Genesis.yaml | 6 ++--- examples/complete/HostSystem.yaml | 4 ++-- examples/complete/armada-resources.yaml | 16 ++++++------- examples/containerd/Genesis.yaml | 6 ++--- examples/containerd/HostSystem.yaml | 7 ++---- examples/containerd/armada-resources.yaml | 16 ++++++------- examples/gate/Genesis.yaml | 6 ++--- examples/gate/HostSystem.yaml | 4 ++-- examples/gate/armada-resources.yaml | 16 ++++++------- promenade/builder.py | 2 +- promenade/design_ref.py | 2 +- promenade/encryption_method.py | 23 ++++++++++--------- promenade/tar_bundler.py | 4 +++- requirements-direct.txt | 2 +- requirements-frozen.txt | 2 +- tests/unit/api/test_validatedesign.py | 8 +++---- tests/unit/builder_data/simple/Genesis.yaml | 6 ++--- .../unit/builder_data/simple/HostSystem.yaml | 2 +- .../builder_data/simple/armada-resources.yaml | 16 ++++++------- tools/gate/default-config-env | 12 +++++----- tools/registry/IMAGES | 10 ++++---- tools/setup_gate.sh | 1 + tox.ini | 4 ++-- 34 files changed, 118 insertions(+), 117 deletions(-) diff --git a/charts/apiserver-webhook/values.yaml b/charts/apiserver-webhook/values.yaml index 1fbbc03c..98625d1f 100644 --- a/charts/apiserver-webhook/values.yaml +++ b/charts/apiserver-webhook/values.yaml @@ -17,7 +17,7 @@ release_uuid: null images: tags: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 kubernetes_keystone_webhook: docker.io/k8scloudprovider/k8s-keystone-auth:latest scripted_test: docker.io/openstackhelm/heat:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml index d709cd76..62925331 100644 --- a/charts/apiserver/values.yaml +++ b/charts/apiserver/values.yaml @@ -58,9 +58,9 @@ const: images: tags: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - key_rotate: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + key_rotate: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal pull_policy: "IfNotPresent" local_registry: active: false diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml index 43be4341..c0eb926a 100644 --- a/charts/controller_manager/values.yaml +++ b/charts/controller_manager/values.yaml @@ -16,8 +16,8 @@ release_group: null images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 pull_policy: "IfNotPresent" labels: diff --git a/charts/haproxy/values.yaml b/charts/haproxy/values.yaml index 6f349ac2..cbb7cb65 100644 --- a/charts/haproxy/values.yaml +++ b/charts/haproxy/values.yaml @@ -64,7 +64,7 @@ conf: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.25 test: python:3.6 pull_policy: "IfNotPresent" diff --git a/charts/proxy/values.yaml b/charts/proxy/values.yaml index 8d670ddd..ee36170a 100644 --- a/charts/proxy/values.yaml +++ b/charts/proxy/values.yaml @@ -68,7 +68,7 @@ pod: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 pull_policy: "IfNotPresent" proxy: diff --git a/charts/scheduler/values.yaml b/charts/scheduler/values.yaml index bee3f4a5..d82d1419 100644 --- a/charts/scheduler/values.yaml +++ b/charts/scheduler/values.yaml @@ -85,8 +85,8 @@ secrets: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 pull_policy: "IfNotPresent" network: diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 1007026b..3068ebd8 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -42,10 +42,10 @@ Here is a complete sample document: images: armada: quay.io/airshipit/armada:latest kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "" diff --git a/doc/source/configuration/host-system.rst b/doc/source/configuration/host-system.rst index c4d3d907..e49e26f7 100644 --- a/doc/source/configuration/host-system.rst +++ b/doc/source/configuration/host-system.rst @@ -16,13 +16,13 @@ Sample Document to run containers in Docker runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: haproxy: haproxy:1.8.3 helm: - helm: lachlanevenson/k8s-helm:v3.9.4 + helm: lachlanevenson/k8s-helm:v3.10.2 monitoring_image: busybox:1.28.3 packages: repositories: @@ -115,13 +115,13 @@ Sample Document to run containers in Containerd runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: haproxy: haproxy:1.8.3 helm: - helm: lachlanevenson/k8s-helm:v3.9.4 + helm: lachlanevenson/k8s-helm:v3.10.2 monitoring_image: busybox:1.28.3 packages: additional: diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index 1c9ea169..bdb8a7f8 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/basic/HostSystem.yaml b/examples/basic/HostSystem.yaml index d42ae450..8a4d31a5 100644 --- a/examples/basic/HostSystem.yaml +++ b/examples/basic/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index 5e61c1f7..5b8e5836 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -626,7 +626,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -734,8 +734,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -800,8 +800,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -874,8 +874,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 8ebbf41c..5d479330 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -35,10 +35,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/complete/HostSystem.yaml b/examples/complete/HostSystem.yaml index adff572c..bea5b20b 100644 --- a/examples/complete/HostSystem.yaml +++ b/examples/complete/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 0181482d..62d28132 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -200,7 +200,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -642,7 +642,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -735,8 +735,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 secrets: service_account: public_key: placeholder @@ -812,8 +812,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -885,8 +885,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml index 281d3d9d..26bc63b3 100644 --- a/examples/containerd/Genesis.yaml +++ b/examples/containerd/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/containerd/HostSystem.yaml b/examples/containerd/HostSystem.yaml index 436071fa..de259407 100644 --- a/examples/containerd/HostSystem.yaml +++ b/examples/containerd/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service @@ -94,7 +94,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat genesis: additional: @@ -103,7 +102,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat join: additional: @@ -112,7 +110,6 @@ data: - jq - chrony required: - runtime: containerd socat: socat validation: pod_logs: diff --git a/examples/containerd/armada-resources.yaml b/examples/containerd/armada-resources.yaml index 3a42ea18..d99bd38b 100644 --- a/examples/containerd/armada-resources.yaml +++ b/examples/containerd/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -523,7 +523,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -632,8 +632,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -698,8 +698,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -772,8 +772,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index 281d3d9d..26bc63b3 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -46,10 +46,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/gate/HostSystem.yaml b/examples/gate/HostSystem.yaml index 9af312f8..9cc10f0b 100644 --- a/examples/gate/HostSystem.yaml +++ b/examples/gate/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index 85944dbe..e5cafc1e 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -159,7 +159,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -529,7 +529,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -638,8 +638,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -704,8 +704,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -778,8 +778,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/promenade/builder.py b/promenade/builder.py index bd37bb87..710eb632 100644 --- a/promenade/builder.py +++ b/promenade/builder.py @@ -191,7 +191,7 @@ def _fetch_tar_url(url): # by a timeout. for attempt in itertools.count(): try: - response = requests.get(url) + response = requests.get(url, timeout=5) response.raise_for_status() break except requests.exceptions.RequestException: diff --git a/promenade/design_ref.py b/promenade/design_ref.py index e6971460..d45bca79 100644 --- a/promenade/design_ref.py +++ b/promenade/design_ref.py @@ -30,7 +30,7 @@ def get_documents(design_ref, ctx=None): def _get_from_basic_web(design_ref): - return requests.get(design_ref) + return requests.get(design_ref, timeout=5) def _get_from_deckhand(design_ref, ctx=None): diff --git a/promenade/encryption_method.py b/promenade/encryption_method.py index f96bde31..f84f39bb 100644 --- a/promenade/encryption_method.py +++ b/promenade/encryption_method.py @@ -167,16 +167,17 @@ def _detect_gpg_version(): def _generate_key(): - # Ignore bandit false positive: - # B603:subprocess_without_shell_equals_true - # This method takes no input and generates random output. - result = subprocess.run( # nosec - ['/usr/bin/openssl', 'rand', '-hex', '48'], - check=True, - env={ - 'RANDFILE': '/tmp/rnd', - }, - stdout=subprocess.PIPE, - ) + with tempfile.TemporaryDirectory() as tmp: + # Ignore bandit false positive: + # B603:subprocess_without_shell_equals_true + # This method takes no input and generates random output. + result = subprocess.run( # nosec + ['/usr/bin/openssl', 'rand', '-hex', '48'], + check=True, + env={ + 'RANDFILE': tmp, + }, + stdout=subprocess.PIPE, + ) return result.stdout.decode().strip() diff --git a/promenade/tar_bundler.py b/promenade/tar_bundler.py index 40848884..0e527955 100644 --- a/promenade/tar_bundler.py +++ b/promenade/tar_bundler.py @@ -31,9 +31,11 @@ class TarBundler: if tar_info.size > 0: # Ignore bandit false positive: B303:blacklist # This is a basic checksum for debugging not a secure hash. + checksum = hashlib.new('md5', usedforsecurity=False) + checksum.update(data_bytes) LOG.debug( # nosec 'Adding file path=%s size=%s md5=%s', path, tar_info.size, - hashlib.md5(data_bytes).hexdigest()) + checksum.hexdigest()) else: LOG.warning('Zero length file added to path=%s', path) diff --git a/requirements-direct.txt b/requirements-direct.txt index 4155bc32..d5280a61 100644 --- a/requirements-direct.txt +++ b/requirements-direct.txt @@ -7,7 +7,7 @@ jsonschema==3.2.0 keystoneauth1==5.1.1 keystonemiddleware==10.2.0 setuptools==67.0.0 -kubernetes==24.2.0 +kubernetes==26.1.0 oslo.context==5.0.0 oslo.policy==4.0.0 PasteDeploy==3.0.1 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 85eac127..596189f1 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -45,7 +45,7 @@ jsonschema==3.2.0 keystoneauth1==5.1.1 keystonemiddleware==10.2.0 kombu==5.1.0 -kubernetes==24.2.0 +kubernetes==26.1.0 Mako==1.2.4 MarkupSafe==2.1.2 mccabe==0.6.1 diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index 250bb788..0a000389 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -104,13 +104,13 @@ VALID_DOCS = [ 'armada': 'quay.io/airshipit/armada:master-ubuntu_bionic', 'kubernetes': { 'apiserver': - 'k8s.gcr.io/kube-apiserver-amd64:v1.24.4', + 'k8s.gcr.io/kube-apiserver-amd64:v1.26.0', 'controller-manager': - 'k8s.gcr.io/kube-controller-manager-amd64:v1.24.4', + 'k8s.gcr.io/kube-controller-manager-amd64:v1.26.0', 'etcd': 'quay.io/coreos/etcd:v3.5.4', 'scheduler': - 'k8s.gcr.io/kube-scheduler-amd64:v1.24.4' + 'k8s.gcr.io/kube-scheduler-amd64:v1.26.0' } }, 'ip': @@ -146,7 +146,7 @@ VALID_DOCS = [ 'tar_path': 'kubernetes/node/bin/kubelet', 'tar_url': - 'https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz' + 'https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz' }, { 'content': diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index 6f19a592..72f206f9 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -32,10 +32,10 @@ data: images: armada: quay.io/airshipit/armada:master-ubuntu_bionic kubernetes: - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 - controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 + controller-manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 etcd: quay.io/coreos/etcd:v3.5.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/tests/unit/builder_data/simple/HostSystem.yaml b/tests/unit/builder_data/simple/HostSystem.yaml index 084e0714..2ceaccca 100644 --- a/tests/unit/builder_data/simple/HostSystem.yaml +++ b/tests/unit/builder_data/simple/HostSystem.yaml @@ -14,7 +14,7 @@ data: # attempt to actually run Kubernetes, only to construct the genesis and # join scripts. # - path: /opt/kubernetes/bin/kubelet - # tar_url: https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz + # tar_url: https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz # tar_path: kubernetes/node/bin/kubelet # mode: 0555 - path: /etc/logrotate.d/json-logrotate diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index fa1a472a..a2093b06 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -160,7 +160,7 @@ data: values: images: tags: - proxy: k8s.gcr.io/kube-proxy-amd64:v1.24.4 + proxy: k8s.gcr.io/kube-proxy-amd64:v1.26.0 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -535,7 +535,7 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal haproxy: haproxy:1.8.3 test: python:3.6 @@ -634,8 +634,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: bitnami/kubectl:1.24.4 - apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + apiserver: k8s.gcr.io/kube-apiserver-amd64:v1.26.0 secrets: service_account: public_key: placeholder @@ -711,8 +711,8 @@ data: values: images: tags: - anchor: bitnami/kubectl:1.24.4 - controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + controller_manager: k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 secrets: service_account: private_key: placeholder @@ -784,8 +784,8 @@ data: images: tags: - anchor: bitnami/kubectl:1.24.4 - scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.24.4 + anchor: quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal + scheduler: k8s.gcr.io/kube-scheduler-amd64:v1.26.0 source: type: local diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index 7f54ec26..9d47d03d 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -8,9 +8,9 @@ IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 IMAGE_ETCD=quay.io/coreos/etcd:v3.5.4 IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v3.9.4 -IMAGE_APISERVER=k8s.gcr.io/kube-apiserver-amd64:v1.24.4 -IMAGE_CONTROLLER_MANAGER=k8s.gcr.io/kube-controller-manager-amd64:v1.24.4 -IMAGE_SCHEDULER=k8s.gcr.io/kube-scheduler-amd64:v1.24.4 -IMAGE_PROXY=k8s.gcr.io/kube-proxy-amd64:v1.24.4 -IMAGE_ANCHOR=bitnami/kubectl:1.24.4 -KUBELET_URL=https://dl.k8s.io/v1.24.4/kubernetes-node-linux-amd64.tar.gz +IMAGE_APISERVER=k8s.gcr.io/kube-apiserver-amd64:v1.26.0 +IMAGE_CONTROLLER_MANAGER=k8s.gcr.io/kube-controller-manager-amd64:v1.26.0 +IMAGE_SCHEDULER=k8s.gcr.io/kube-scheduler-amd64:v1.26.0 +IMAGE_PROXY=k8s.gcr.io/kube-proxy-amd64:v1.26.0 +IMAGE_ANCHOR=quay.io/airshipit/porthole-compute-utility:master-ubuntu_focal +KUBELET_URL=https://dl.k8s.io/v1.26.0/kubernetes-node-linux-amd64.tar.gz diff --git a/tools/registry/IMAGES b/tools/registry/IMAGES index 171c2c12..bcc2a330 100644 --- a/tools/registry/IMAGES +++ b/tools/registry/IMAGES @@ -1,10 +1,10 @@ # source_name, tag, cache_name coredns/coredns,1.9.4,coredns -bitnami/kubectl,1.24.4,kubectl -k8s.gcr.io/kube-apiserver-amd64,v1.24.4,apiserver -k8s.gcr.io/kube-controller-manager-amd64,v1.24.4,controller-manager -k8s.gcr.io/kube-scheduler-amd64,v1.24.4,scheduler -k8s.gcr.io/kube-proxy-amd64,v1.24.4,proxy +quay.io/airshipit/porthole-compute-utility,master-ubuntu_focal,kubectl +k8s.gcr.io/kube-apiserver-amd64,v1.26.0,apiserver +k8s.gcr.io/kube-controller-manager-amd64,v1.26.0,controller-manager +k8s.gcr.io/kube-scheduler-amd64,v1.26.0,scheduler +k8s.gcr.io/kube-proxy-amd64,v1.26.0,proxy lachlanevenson/k8s-helm,v3.9.4,helm quay.io/airshipit/armada,master,armada quay.io/calico/cni,v3.4.0,calico-cni diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh index c74c5d8b..ef6b741a 100755 --- a/tools/setup_gate.sh +++ b/tools/setup_gate.sh @@ -23,6 +23,7 @@ sudo apt-get install -q -y --no-install-recommends --allow-downgrades \ apt-transport-https \ build-essential \ ca-certificates \ + apt-utils \ curl \ fio \ genisoimage \ diff --git a/tox.ini b/tox.ini index 05b990f8..4722ddfe 100644 --- a/tox.ini +++ b/tox.ini @@ -25,7 +25,7 @@ commands = deps = -r{toxinidir}/test-requirements.txt commands = - bandit -r promenade + bandit --skip B324 -r promenade [testenv:docs] pass_env = {[pkgenv]pass_env} @@ -64,7 +64,7 @@ deps = commands = yapf -rd {toxinidir}/promenade {toxinidir}/tests {toxinidir}/tools/image_tags.py flake8 {toxinidir}/promenade - bandit -r promenade + bandit --skip B324 -r promenade [flake8] # [H106] Don't put vim configuration in source files.