diff --git a/Dockerfile b/Dockerfile index b77da72..3f2284b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM alpine:3.17 -ARG ALPINE="v3.17" +FROM alpine:3.18 +ARG ALPINE="v3.18" ARG BUILDUSER=alpine RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \ diff --git a/Makefile b/Makefile index d08d6f7..995fdf6 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ REGION := us-east-1 include .ci/podman.mk -BUILDER := v3.17.3 +BUILDER := v3.18.2 PKG := '*' CF_DIST := E1YFUJXMCXT2RN diff --git a/abuilder b/abuilder index cdaa23a..0e5577f 100755 --- a/abuilder +++ b/abuilder @@ -11,7 +11,7 @@ if [ "$1" = 'aarch64-toolchain' ]; then else # Set ENV for cross compile for aarch64 if [ "$2" = "cross-arm64" ]; then - ALPINE="v3.16" + ALPINE="v3.18" TARGET_ARCH=aarch64 SUDO_APK=abuild-apk APORTS=/home/alpine/aports diff --git a/kubezero/aws-neuron-driver/APKBUILD b/kubezero/aws-neuron-driver/APKBUILD index a8a0e55..d90907b 100644 --- a/kubezero/aws-neuron-driver/APKBUILD +++ b/kubezero/aws-neuron-driver/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Stefan Reimer # Maintainer: Stefan Reimer pkgname=aws-neuron-driver -pkgver=2.8.4.0 +pkgver=2.10.11.0 pkgrel=0 pkgdesc="Linux Kernel module for AWS Neuron INF instances" url="https://awsdocs-neuron.readthedocs-hosted.com/en/latest/release-notes/index.html#" @@ -42,5 +42,5 @@ package() { } sha512sums=" -1fa536cf32fb9a0d383e73c6694ddbdee38a775a25a7d0013322c4e4b4c724d546082f88ac1c8e485e808312d7821453a9d27391e98f613431ccff0081a76483 aws-neuron-driver-2.8.4.0.deb +0fdbc1ebd12044be77714affd427c198f72ce04f0236a100e49642fbdb143a4e6c1156f4555ac0fe8baa6bea09420408bbb1cfd2857f29d54e615b22193afd0d aws-neuron-driver-2.10.11.0.deb " diff --git a/kubezero/cri-o/APKBUILD b/kubezero/cri-o/APKBUILD index d0f9b67..daf1408 100644 --- a/kubezero/cri-o/APKBUILD +++ b/kubezero/cri-o/APKBUILD @@ -3,23 +3,23 @@ # Contributor: TBK # Maintainer: ungleich pkgname=cri-o -pkgver=1.25.3 +pkgver=1.26.3 pkgrel=0 pkgdesc="OCI-based implementation of Kubernetes Container Runtime Interface" url="https://github.com/cri-o/cri-o/" arch="all" license="Apache-2.0" - # Most tests will fail if not ran as root - # since it tries to create network interfaces +# Most tests will fail if not ran as root +# since it tries to create network interfaces options="net chmod-clean !check" depends=" cni-plugins - conmon conntrack-tools + conmon containers-common iproute2 iptables - runc + oci-runtime " makedepends=" bash @@ -35,33 +35,41 @@ makedepends=" ostree-dev tzdata " -checkdepends="bats cri-tools jq parallel sudo" +checkdepends="bats cri-tools jq parallel sudo conmon" subpackages=" $pkgname-doc $pkgname-bash-completion $pkgname-zsh-completion $pkgname-fish-completion - $pkgname-contrib-cni:contrib_cni:noarch $pkgname-openrc " -source="https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz +source=" + $pkgname-$pkgver.tar.gz::https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz crio.conf crio.initd crio.logrotated cni-plugins-path.patch makefile-fix-install.patch + fix-test.patch remove-systemd-files.patch " # secfixes: # 1.23.2-r0: # - CVE-2022-0811 +# 1.24.1-r0: +# - CVE-2022-1708 +# 1.26.2-r0: +# - CVE-2022-4318 + +export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}" +export GOTMPDIR="${GOTMPDIR:-"$srcdir"}" +export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}" +export GOBIN="$GOPATH/bin" build() { - export GOPATH="$srcdir" - export GOBIN="$GOPATH/bin" # https://github.com/cri-o/cri-o/blob/master/install.md#build-tags - make BUILDTAGS="seccomp selinux containers_image_openpgp containers_image_ostree_stub apparmor" + make BUILDTAGS="seccomp selinux apparmor containers_image_openpgp containers_image_ostree_stub" } check() { @@ -75,23 +83,21 @@ package() { mkdir -p "$pkgdir"/usr/share/oci-umount/oci-umount.d/ ln -sf /etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf + # The CNI plugins are recommended to be installed as examples + install -Dm644 contrib/cni/*.conflist -t "$pkgdir"/usr/share/doc/cri-o/examples/cni/ + install -Dm755 "$srcdir"/crio.initd "$pkgdir"/etc/init.d/crio install -Dm644 "$srcdir"/crio.conf "$pkgdir"/etc/crio/crio.conf install -Dm644 "$srcdir"/crio.logrotated "$pkgdir"/etc/logrotate.d/crio } -contrib_cni() { - pkgdesc="$pkgname contrib cni config files" - mkdir -p "$subpkgdir"/etc/cni/net.d - cp "$builddir"/contrib/cni/*.conf "$subpkgdir"/etc/cni/net.d -} - sha512sums=" -39b162c55141af009879f600c4b6cf91b6d710392bf07783080efe195f3ece1a0ed186eeadaf3a84bbed11a376995c3fab3c951a6d7ed14bb7e85b39e7920e21 cri-o-1.25.3.tar.gz -e026f056ed92489413e16ed7955a9dcd7d1f4df1cc28e3ea785771b44d43811fea4f5b953cc46bc0c4aeac8ad07115bfff304d7516ebd24f2e58fe782ff812c8 crio.conf -29561e95398975748236217bbd9df64997f6e3de6c0555d007306bd0535895a648368385a13079eb7d52c06249a91980523a73b6563e86d0575d9cd9c3fa4ee9 crio.initd +58718db358d35b61e5edb8a16185bc534337a1ebfaf0d40ab17efb73c266fb2c337fad3cf92a7d8bcc7a02c4e2180b2b79a5896eb635b43334bcc1366b12baf8 cri-o-1.26.3.tar.gz +1f60719677295c9c5c615eb25d9159bde0af68a132eee67747f57fe76642d457c98c896c6189f85637d7b4ac24ba55fd9eaeb1699f43c3c5077b645f72a479fb crio.conf +26048a219bc426ef4a4f50e96d6e0ded1c55dc8415df9a2773764d2ebcb3d9e91077b2916da1ff32674ca4a53062e41e185503d671dacc3167a018b0066347e1 crio.initd 1115228546a696eeebeb6d4b3e5c3152af0c99a2559097fc5829d8b416d979c457b4b1789e0120054babf57f585d3f63cbe49949d40417ae7aab613184bf4516 crio.logrotated 0a567dfa431ab1e53f2a351689be8d588a60cc5fcdbda403ec4f8b6ab9b1c18ad425f6c47f9a5ab1491e3a61a269dc4efa6a59e91e7521fa2b6bb165074aa8e0 cni-plugins-path.patch f9577aa7b1c90c6809010e9e406e65092251b6e82f6a0adbc3633290aa35f2a21895e1a8b6ba4b6375dcad3e02629b49a34ab16387e1c36eeb32c8f4dac74706 makefile-fix-install.patch +1c1bfa5feeb0c5ddc92271a5ef80edc38d56afa1574ffc124605d5bb227a407b55dd5268df6cebc6720768ac31245e08b7950e5ab2b7f14ba934c94f1e325f86 fix-test.patch 78c150f87027de489289596371dce0465159ced0758776b445deb58990e099de9c654406183c9da3cc909878b24d28db62121b7056cd180a6f2820e79e165cc6 remove-systemd-files.patch " diff --git a/kubezero/cri-o/crio.conf b/kubezero/cri-o/crio.conf index 70dc756..525c6a4 100644 --- a/kubezero/cri-o/crio.conf +++ b/kubezero/cri-o/crio.conf @@ -3,3 +3,9 @@ # Overide defaults to not use systemd cgroups. conmon_cgroup = "pod" cgroup_manager = "cgroupfs" + +default_runtime = "crun" + +[crio.runtime.runtimes.crun] +runtime_type = "oci" +runtime_root = "/run/crun" diff --git a/kubezero/cri-o/crio.initd b/kubezero/cri-o/crio.initd index 9e6383a..c5eec65 100755 --- a/kubezero/cri-o/crio.initd +++ b/kubezero/cri-o/crio.initd @@ -21,6 +21,8 @@ checkconfig() { /var/log/${RC_SVCNAME} checkpath --file --owner root:root --mode 0644 \ /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log + checkpath --directory --owner root:root --mode 0750 \ + /var/lib/crio } start() { diff --git a/kubezero/cri-o/fix-test.patch b/kubezero/cri-o/fix-test.patch index a5b47b0..271773e 100644 --- a/kubezero/cri-o/fix-test.patch +++ b/kubezero/cri-o/fix-test.patch @@ -1,26 +1,45 @@ ---- a/test/helpers.bash -+++ b/test/helpers.bash -@@ -68,7 +68,7 @@ - # The default log directory where all logs will go unless directly specified by the kubelet - DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods} - # Cgroup manager to be used --CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd} -+CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs} - # Image volumes handling - CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir} - # Container pids limit -@@ -166,7 +166,7 @@ - # Copy all the CNI dependencies around to ensure encapsulated tests - CRIO_CNI_PLUGIN="$TESTDIR/cni-bin" - mkdir "$CRIO_CNI_PLUGIN" -- cp /opt/cni/bin/* "$CRIO_CNI_PLUGIN" -+ cp /usr/libexec/cni/* "$CRIO_CNI_PLUGIN" - cp "$INTEGRATION_ROOT"/cni_plugin_helper.bash "$CRIO_CNI_PLUGIN" - sed -i "s;%TEST_DIR%;$TESTDIR;" "$CRIO_CNI_PLUGIN"/cni_plugin_helper.bash +diff --git a/test/cgroups.bats b/test/cgroups.bats +index 8beb6f06..80193413 100644 +--- a/test/cgroups.bats ++++ b/test/cgroups.bats +@@ -45,6 +45,10 @@ EOF + } + @test "conmon pod cgroup" { ++ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then ++ skip "need systemd cgroup manager" ++ fi ++ + CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_CONMON_CGROUP="pod" start_crio + + jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \ +@@ -61,6 +65,10 @@ EOF + skip "not yet supported by conmonrs" + fi + ++ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then ++ skip "need systemd cgroup manager" ++ fi ++ + CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio + + jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \ +@@ -77,6 +85,10 @@ EOF + skip "not supported for conmon" + fi + ++ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then ++ skip "need systemd cgroup manager" ++ fi ++ + configure_monitor_cgroup_for_conmonrs "customcrioconmon.slice" + + CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=true start_crio +diff --git a/test/cni_plugin_helper.bash b/test/cni_plugin_helper.bash +index 04492172..abae521e 100755 --- a/test/cni_plugin_helper.bash +++ b/test/cni_plugin_helper.bash -@@ -43,7 +43,7 @@ +@@ -48,7 +48,7 @@ EOT . "$TEST_DIR"/cni_plugin_helper_input.env rm -f "$TEST_DIR"/cni_plugin_helper_input.env @@ -29,16 +48,25 @@ if [[ "${DEBUG_ARGS}" == "malformed-result" ]]; then cat <<-EOF ---- a/test/cgroups.bats -+++ b/test/cgroups.bats -@@ -26,6 +26,10 @@ - } - - @test "conmon custom cgroup" { -+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then -+ skip "need systemd cgroup manager" -+ fi -+ - CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio - - jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \ +diff --git a/test/helpers.bash b/test/helpers.bash +index f7f8e1f2..45b7dd58 100644 +--- a/test/helpers.bash ++++ b/test/helpers.bash +@@ -38,7 +38,7 @@ CONTAINER_UID_MAPPINGS=${CONTAINER_UID_MAPPINGS:-} + CONTAINER_GID_MAPPINGS=${CONTAINER_GID_MAPPINGS:-} + OVERRIDE_OPTIONS=${OVERRIDE_OPTIONS:-} + # CNI path +-CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/opt/cni/bin} ++CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/usr/libexec/cni} + # Runtime + CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc} + RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME") +@@ -70,7 +70,7 @@ CHECKCRIU_BINARY=${CHECKCRIU_BINARY:-${CRIO_ROOT}/test/checkcriu/checkcriu} + # The default log directory where all logs will go unless directly specified by the kubelet + DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods} + # Cgroup manager to be used +-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd} ++CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs} + # Image volumes handling + CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir} + # Container pids limit diff --git a/kubezero/cri-tools/APKBUILD b/kubezero/cri-tools/APKBUILD index 8d0d95a..8b81337 100644 --- a/kubezero/cri-tools/APKBUILD +++ b/kubezero/cri-tools/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Francesco Colista # Maintainer: Francesco Colista pkgname=cri-tools -pkgver=1.24.2 -pkgrel=0 +pkgver=1.26.1 +pkgrel=1 pkgdesc="CLI tool for Kubelet Container Runtime Interface (CRI)" url="https://github.com/kubernetes-sigs/cri-tools" arch="x86_64 aarch64 ppc64le s390x armv7 x86" @@ -11,15 +11,21 @@ makedepends="go" options="!check" # no check available source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/cri-tools/archive/v$pkgver.tar.gz" +export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}" +export GOTMPDIR="${GOTMPDIR:-"$srcdir"}" +export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}" + build() { make all } +check() { + make test +} package() { - install -Dm755 build/bin/crictl "$pkgdir/usr/bin/crictl" - install -Dm755 build/bin/critest "$pkgdir/usr/bin/critest" + make BINDIR="$pkgdir"/usr/bin install } -sha512sums=' -9b5907b37bb5f00295eff4fa4207ae55d930feae7e0f48fa130c7ecc936bcd259a11d59ed240684a3e12c8bcee40f2c67d7f4af52c2a76df3d7bf82e5e388a75 cri-tools-1.24.2.tar.gz -' +sha512sums=" +1900b5d22a20ab1f01c13832be4dcf1e9845b64afb3cdcb6169752bbb20a6e69dcbb6ccc8d31b9d4bf091bf81aa04b9979544586763ea985499f229e7ab2a39d cri-tools-1.26.1.tar.gz +" diff --git a/kubezero/docker-registry/APKBUILD b/kubezero/docker-registry/APKBUILD index d46696a..18f7af4 100644 --- a/kubezero/docker-registry/APKBUILD +++ b/kubezero/docker-registry/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Christian Kampka -# Maintainer: +# Maintainer: Stefan Reimer pkgname=docker-registry -pkgver=2.9.0_git20230327 -pkgrel=1 +pkgver=2.8.2_git20230519 +pkgrel=0 pkgdesc="An implementation of the Docker Registry HTTP API V2 for use with docker 1.6+" url="https://github.com/distribution/distribution" # riscv64 blocked by dependency panicwrap @@ -14,7 +14,7 @@ pkgusers="docker-registry" pkggroups="docker-registry" subpackages="$pkgname-openrc" #source="$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz -source="$pkgname-$pkgver.tar.gz::$url/archive/0c958010ace2e0c2a87f1bf9915b7c74157dfb62.tar.gz +source="$pkgname-$pkgver.tar.gz::$url/archive/983358f8e2509bf8ae196a8e135180a2c5b11264.tar.gz docker-registry.initd config-example.patch" builddir="$srcdir/src/github.com/docker/distribution" @@ -23,7 +23,7 @@ options="chmod-clean" prepare() { mkdir -p "${builddir%/*}" #mv "$srcdir"/distribution-$pkgver "$builddir" - mv "$srcdir"/distribution-0c958010ace2e0c2a87f1bf9915b7c74157dfb62 "$builddir" + mv "$srcdir"/distribution-* "$builddir" } build() { @@ -57,7 +57,7 @@ package() { } sha512sums=" -baf540b81d5f736e105eb2c05f5f4775c61ace3118f965a52b7b477a596291e12b33e56f882ce364731e9701ae6e9b2e09add3bcf8a1a11bb25eb54833c14368 docker-registry-2.9.0_git20230327.tar.gz +8ceb8b994085bc6522e8a203785bd670977117988d391023148a4153e3c150ad7c17fb98de863c4c2300714022444dc5141a75a2899b8b0f04cbbdc17794b5c7 docker-registry-2.8.2_git20230519.tar.gz 96100a4de311afa19d293a3b8a63105e1fcdf49258aa8b1752befd389e6b4a2b1f70711341ea011b450d4468bd37dbd07a393ffab3b9aa1b2213cf0fdd915904 docker-registry.initd 5a38f4d3f0ee5cd00c0a5ced744eb5b29b839da5921adea26c5de3eb88b6b2626a7ba29b1ab931e5f8fbfafbed8c94cb972a58737ec0c0a69cf515c32139e387 config-example.patch " diff --git a/kubezero/ecr-credential-provider/APKBUILD b/kubezero/ecr-credential-provider/APKBUILD index 2aa9cda..91cb2eb 100644 --- a/kubezero/ecr-credential-provider/APKBUILD +++ b/kubezero/ecr-credential-provider/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Stefan Reimer # Maintainer: Stefan Reimer pkgname=ecr-credential-provider -pkgver=1.25.3 +pkgver=1.26.1 pkgrel=0 pkgdesc="AWS Kubernetes ecr-credential-provider" url="https://github.com/kubernetes/cloud-provider-aws" @@ -24,5 +24,5 @@ package() { } sha512sums=" -d727c01ea98608b0b51edc2bfe892218b55eee7148e358e18387f3f4a52ad765f8d0ee372884e36f95f1303c13dbeba81926f7560c325a8d3c258da11cdfc24b ecr-credential-provider-1.25.3.tar.gz +59ec934a93b94290b0dce830a53301957842d8d45118471bb6eaa142b06dc37ed7f32e4c4a83f1f5341b0dda6745cfa7d8ebbac6d31378e3288857808f2aef71 ecr-credential-provider-1.26.1.tar.gz " diff --git a/kubezero/falco/APKBUILD b/kubezero/falco/APKBUILD new file mode 100644 index 0000000..1a81812 --- /dev/null +++ b/kubezero/falco/APKBUILD @@ -0,0 +1,59 @@ +# Contributor: Stefan Reimer +# Maintainer: Stefan Reimer +pkgname=falco +pkgver=0.35.1 +pkgrel=0 +pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud" +url="https://github.com/falcosecurity/falco" +arch="x86_64 aarch64" +license="AGPL-3.0" +makedepends="cmake bash linux-virt-dev linux-headers perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev" + #protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev" +options="!check" +source="$pkgname-$pkgver.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/$pkgver.tar.gz" + +subpackages="$pkgname-kernel" # $pkgname-plugins" + +prepare() { + [[ -d build ]] || mkdir build +} + +build() { + # Hack running the build inside a container other uname -r returns host kernel + KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt)) + + cd build + cmake .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DFALCO_VERSION=$pkgver \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DMUSL_OPTIMIZED_BUILD=On \ + -DUSE_BUNDLED_DEPS=On + + KERNELDIR=/lib/modules/$KERNEL_VERSION/build make -j4 +} + +package() { + KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt)) + + cd build + make DESTDIR="${pkgdir}" KERNELDIR=/lib/modules/$KERNEL_VERSION/build install + + # We dont build anything on targets so remove sources + rm -rf $pkgdir/usr/src + rm -rf $pkgdir/usr/lib + rm -rf $pkgdir/usr/include +} + +kernel() { + KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt)) + depends="linux-virt~$(echo $KERNEL_VERSION | sed -e 's/-.*$//')" + + cd src/$pkgname-$pkgver/build + mkdir -p "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel + gzip -9 -c driver/falco.ko > "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel/falco.ko.gz +} + +sha512sums=" +dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz +" diff --git a/kubezero/fluent-bit/APKBUILD b/kubezero/fluent-bit/APKBUILD index 8669014..6d2cd00 100644 --- a/kubezero/fluent-bit/APKBUILD +++ b/kubezero/fluent-bit/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Stefan Reimer # Maintainer: Stefan Reimer pkgname=fluent-bit -pkgver=2.1.1 +pkgver=2.1.5 pkgrel=0 pkgdesc="Fast and Lightweight Log processor and forwarder" url="https://fluentbit.io/" @@ -27,6 +27,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$ fluent-bit.confd fluent-bit.initd chunkio-static-lib-fts.patch + fluent-bit.conf + zdt-parsers.conf " # enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055 # Disable all things AWS to make tests pass @@ -38,7 +40,7 @@ build() { fi # default CORE_STACK_SIZE=((3 * PTHREAD_STACK_MIN) / 2)=3072 is invalid # set default to 24576 - # Disable stream processor due to issue see: https://github.com/fluent/fluent-bit/issues/2464 + # Disable stream processor due to issue see: https://github.com/fluent/fluent-bit/issues/2464 cmake -B build \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=lib \ @@ -52,7 +54,7 @@ build() { -DFLB_IN_SYSTEMD=Off \ -DFLB_PROXY_GO=No \ -DFLB_HTTP_SERVER=Yes \ - $CMAKE_CROSSOPTS . + $CMAKE_CROSSOPTS . make -C build #-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \ #-DCMAKE_EXE_LINKER_FLAGS="-static" \ @@ -83,11 +85,19 @@ package() { "$pkgdir"/etc/conf.d/$pkgname mv "$pkgdir"/usr/etc/* "$pkgdir"/etc + rm "$pkgdir"/etc/fluent-bit/fluent-bit.conf + + mkdir -p "$pkgdir"/var/spool/fluent-bit + install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf" + install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf" + touch "$pkgdir"/etc/fluent-bit/metadata.conf } sha512sums=" -8c682e41411cae42580636a8d55b3f6c09b729f8e25f7d4e4b306ff286e0aea91da9ebc1a57dee153a90117884cc2a9d4342cae0e860a2f5f74a8a8c4f3b1e81 fluent-bit-2.1.1.tar.gz +de9c6a4744223ed0f6f401adeb95956c90524feba6f592459ed517e1058f7e1a21f1c42910d3ac721be639264979ba3ebb5503cd7dc5874e1f676bf32a7e7df0 fluent-bit-2.1.5.tar.gz f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd 8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd 6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch +ea125b68825ae17bb6d08b1cbe7b3594d4844f7abb06465d7de0a39995dfa927087a28e592f40239792aee7f3494a8ba7a2d2373efc36f6ac712e802ace2f8a2 fluent-bit.conf +31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf " diff --git a/kubezero/fluent-bit/fluent-bit.conf b/kubezero/fluent-bit/fluent-bit.conf new file mode 100644 index 0000000..3f0d808 --- /dev/null +++ b/kubezero/fluent-bit/fluent-bit.conf @@ -0,0 +1,41 @@ +[SERVICE] + Flush 5 + Daemon Off + Log_Level info + log_file /var/log/fluent-bit.log + + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port 2020 + Health_Check On + + parsers_file parsers.conf + parsers_file zdt-parsers.conf + plugins_file plugins.conf + + storage.metrics on + storage.path /var/spool/fluent-bit + storage.sync normal + storage.checksum on + storage.backlog.mem_limit 5M + +[INPUT] + Name tail + Path /var/log/messages + Parser syslog-ng-json + Tag system + DB /var/log/flb_kube.db + DB.Sync Normal + DB.locking true + +@INCLUDE metadata.conf + +[OUTPUT] + Match * + Name forward + Host fluentd + Port 24224 + Shared_Key cloudbender + tls on + Send_options true + Require_ack_response true diff --git a/kubezero/fluent-bit/zdt-parsers.conf b/kubezero/fluent-bit/zdt-parsers.conf new file mode 100644 index 0000000..0b43e90 --- /dev/null +++ b/kubezero/fluent-bit/zdt-parsers.conf @@ -0,0 +1,22 @@ +[PARSER] + Name syslog-ng-json + Format json + Time_Key time + Time_Format %s.%L + +# SQUID access.logs +# "%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s" +[PARSER] + Name squid-access + Format regex + Regex /^(?