diff --git a/.ci/README.md b/.ci/README.md index 689e535..699dbe6 100644 --- a/.ci/README.md +++ b/.ci/README.md @@ -14,7 +14,7 @@ include .ci/podman.mk Add subtree to your project: ``` -git subtree add --prefix .ci https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git master --squash +git subtree add --prefix .ci https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git main --squash ``` diff --git a/.ci/ecr_public_lifecycle.py b/.ci/ecr_public_lifecycle.py index 7397dc4..40bfc59 100755 --- a/.ci/ecr_public_lifecycle.py +++ b/.ci/ecr_public_lifecycle.py @@ -41,7 +41,8 @@ for image in sorted(images, key=lambda d: d['imagePushedAt'], reverse=True): _delete = True for tag in image["imageTags"]: # Look for at least one tag NOT beign a SemVer dev tag - if "-" not in tag: + # untagged dev builds get tagged as -g + if "-g" not in tag and "dirty" not in tag: _delete = False if _delete: print("Deleting development image {}".format(image["imageTags"])) diff --git a/.ci/podman.mk b/.ci/podman.mk index ed5aa26..59286e2 100644 --- a/.ci/podman.mk +++ b/.ci/podman.mk @@ -8,8 +8,8 @@ SHELL := bash .PHONY: all # All targets are accessible for user .DEFAULT: help # Running Make will run the help target -# Parse version from latest git semver tag -GIT_TAG ?= $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) +# Parse version from latest git semver tag, use short commit otherwise +GIT_TAG ?= $(shell git describe --tags --match v*.*.* --dirty 2>/dev/null || git describe --match="" --always --dirty 2>/dev/null) GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) TAG ::= $(GIT_TAG) diff --git a/kubezero/containerd/APKBUILD b/kubezero/containerd/APKBUILD index a421877..4c10884 100644 --- a/kubezero/containerd/APKBUILD +++ b/kubezero/containerd/APKBUILD @@ -4,15 +4,15 @@ pkgname=containerd # NOTE: containerd's Makefile tries to get REVISION from git, but we're building from a tarball. -_commit=207ad71 -pkgver=2.0.0 +_commit=bcc810d +pkgver=1.7.25 pkgrel=1337 pkgdesc="An open and reliable container runtime" url="https://containerd.io/" arch="all" license="Apache-2.0" # we use crun -#depends="runc" +depends="crun" makedepends="btrfs-progs-dev go go-md2man libseccomp-dev log_proxy" subpackages=" $pkgname-ctr @@ -108,6 +108,9 @@ package() { install -d "$pkgdir"/etc/containerd/conf.d install -Dm644 "$srcdir"/config.toml "$pkgdir"/etc/containerd/config.toml + + # Provide runc as there seem to be various hardcoded runc refs unfortunately + cd $pkgdir/usr/bin && ln -s crun runc } openrc() { @@ -127,8 +130,8 @@ stress() { } sha512sums=" -b1a89c4c53db2c69757bc40d90d585e2662ab4fffb28acb904f9710b281a9f22273ecdbab49250b229bf95b29cf1a33a352afb81967db7580ae209a83c5fb2ea containerd-2.0.0.tar.gz +83477f9ed1d5d0653f5a4829d1ac6299cdd8958ca5534de1b22d7b5858d0118e97c9d3ce4c5d58e5b06393be007007f7bf4ac511e1903d1fe407579fa96ab36d containerd-1.7.25.tar.gz 75a882a95167578bb4f289822256e770ecf2f74d7a50181e622c15e847383120d3622100e5e5629b94b58e2082f990de1cc3daa2f69b0ee48827072c1e9dde0e containerd.confd 8315a8d58b4ba7e19ebed2cd82c7b5eaab45da630f9818a9e6cc8f3c8e88f159432474299798f79e6e465e843c91c0f50df04030083c8913c385ea1d73e81e6a containerd.initd -a10a1e1b5deea30c156a786592bfc54597bcf2d45c4e6447182b72a7d0a5e2eb058698a8830dbace95e71176aa3070d123bcf75c4c4a36d814182c5d24fe9d71 config.toml +dfb92fffeac35310956da6c6ad5f8c43eba3a5355ecbfabeec0f9c7445a08e309312b56b6855a17a471fd6012cc099d6abb39dc8bd26279112d0fe936624023d config.toml " diff --git a/kubezero/containerd/config.toml b/kubezero/containerd/config.toml index 3e3225f..99cf35e 100644 --- a/kubezero/containerd/config.toml +++ b/kubezero/containerd/config.toml @@ -1,6 +1,8 @@ -version = 3 +version = 2 imports = ["/etc/containerd/conf.d/*.toml"] -[plugins.'io.containerd.cri.v1.runtime'.cni] - bin_dir = '/usr/libexec/cni' +[plugins] + [plugins."io.containerd.grpc.v1.cri"] + [plugins."io.containerd.grpc.v1.cri".cni] + bin_dir = "/usr/libexec/cni" diff --git a/kubezero/falco/APKBUILD b/kubezero/falco/APKBUILD index 3fe64b3..fc86f19 100644 --- a/kubezero/falco/APKBUILD +++ b/kubezero/falco/APKBUILD @@ -65,7 +65,7 @@ package() { cd build make DESTDIR="${pkgdir}" install - # patch falco config + # normalize and patch falco config cd $pkgdir/etc/falco patch --no-backup-if-mismatch -i $srcdir/falco.patch patch --no-backup-if-mismatch -i $srcdir/rules.patch diff --git a/kubezero/glibc/APKBUILD b/kubezero/glibc/APKBUILD index 0584af5..5fcb4b1 100644 --- a/kubezero/glibc/APKBUILD +++ b/kubezero/glibc/APKBUILD @@ -1,18 +1,18 @@ # Maintainer: Sasha Gerrand pkgname="glibc" -pkgver="2.35" +pkgver="2.39" _pkgrel="0" -pkgrel="1" +pkgrel="0" pkgdesc="GNU C Library compatibility layer" arch="x86_64" url="https://github.com/sgerrand/alpine-pkg-glibc" license="LGPL" source="https://github.com/sgerrand/docker-glibc-builder/releases/download/$pkgver-$_pkgrel/glibc-bin-$pkgver-$_pkgrel-x86_64.tar.gz -ld.so.conf" -subpackages="$pkgname-bin $pkgname-dev $pkgname-i18n" + ld.so.conf" +subpackages="$pkgname-bin $pkgname-dev $pkgname-i18n:i18n:noarch" triggers="$pkgname-bin.trigger=/lib:/usr/lib:/usr/glibc-compat/lib:/lib64" -options="!check lib64" +options="lib64 !check !tracedeps" package() { conflicts="gcompat" @@ -42,12 +42,11 @@ bin() { i18n() { depends="$pkgname-bin" - arch="noarch" mkdir -p "$subpkgdir"/usr/glibc-compat cp -a "$srcdir"/usr/glibc-compat/share "$subpkgdir"/usr/glibc-compat } sha512sums=" -0aff0ec76f4d341957a792b8635c0770148eba9a5cb64f9bbd85228c14d9cb93c1a402063cab533a9f536f5f7be92c27bc5be8ed13c2b4f7aa416510c754d071 glibc-bin-2.35-0-x86_64.tar.gz +ccedadd12b5a5b7848e580ef9cf1c857c69f6fe6d4adc9dedb476dcf6197c3e3e5e0f29e575fbaf121a9dba84fa3149bbf58f9780963db0751d89320c4dc0063 glibc-bin-2.39-0-x86_64.tar.gz 35f2c9e6cbada640b7c1b50e5d55d7f789864f8b12e419ed966422d99d911dedff96f63c6b3f7ab07b7434aedcd1bd4d45807d5e14f738053d169d11a88bfa53 ld.so.conf " diff --git a/kubezero/kubezero/APKBUILD b/kubezero/kubezero/APKBUILD index 21cc9f2..ffa53e8 100644 --- a/kubezero/kubezero/APKBUILD +++ b/kubezero/kubezero/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Stefan Reimer # Maintainer: Stefan Reimer pkgname=kubezero -pkgver=1.31.5 -_containerd=2.0.0-r1337 +pkgver=1.31.6 +_containerd=1.7.25-r1337 _ecr=1.31.4 _iam=0.6.29 @@ -94,6 +94,6 @@ ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh 92499ec9a8b3634c42b16c01d27f1c1bb650bcc074a2c8d9d16cfe2ea08942948989c6aae79bd2df562ff17df11bbc329e0971f15c4e64f944457825dee7aa79 credential-provider.yaml 8b81eb0fb66e6a739965db6af6a31c443e8f612c06146bd51107372abd833b527423299ee11b27e011f46cfbee11415234b3fa0dea695dbbb06711e0ad58f08d kubelet.monit -dad818ca88a6b3404b155f145522ac07217f6812bdd3282f850ee84fdd94f602c857b62bb769a3e0273991b29a2cb9e8f57e005233c31a4171642b637e270f6c containerd.conf +dda96910382f65c69672a60c789f0e0f9883f8a018a07fde2f16ad27e62af900a74d55d5892029346dafbe81c58bca8396a3f6691c75434a9977fcc61ea452b9 containerd.conf b112ffd86f095aec47bf75179659af20720792c453d6cc9d11db26446aa2f3c237fe59b793dd8ef3ee93f6fd4230ff8abadfdada76e6452779b982a71eb37cb9 crictl.yaml " diff --git a/kubezero/kubezero/containerd.conf b/kubezero/kubezero/containerd.conf index 0cdafb9..6ad6adc 100644 --- a/kubezero/kubezero/containerd.conf +++ b/kubezero/kubezero/containerd.conf @@ -1,28 +1,36 @@ -version = 3 +version = 2 oom_score = -999 -[plugins.'io.containerd.cri.v1.images'.pinned_images] - sandbox = 'registry.k8s.io/pause:3.10' +[plugins] + [plugins."io.containerd.grpc.v1.cri"] + enable_cdi = true + sandbox_image = "registry.k8s.io/pause:3.10" + tolerate_missing_hugetlb_controller = false -[plugins.'io.containerd.cri.v1.images'.registry] - config_path = '/etc/containerd/certs.d' + [plugins."io.containerd.grpc.v1.cri".cni] + bin_dir = "/usr/libexec/cni" -[plugins.'io.containerd.monitor.v1.cgroups'] - no_prometheus = true + [plugins."io.containerd.grpc.v1.cri".containerd] + default_runtime_name = "crun" -[plugins.'io.containerd.cri.v1.runtime'] - tolerate_missing_hugetlb_controller = false - [plugins.'io.containerd.cri.v1.runtime'.containerd] - default_runtime_name = 'crun' + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] - [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes] - [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.crun] - runtime_type = 'io.containerd.runc.v2' - [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.crun.options] - BinaryName = '/usr/bin/crun' + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options] + BinaryName = "/usr/bin/crun" - [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.nvidia] - runtime_type = 'io.containerd.runc.v2' - [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.nvidia.options] - BinaryName = '/usr/bin/nvidia-container-runtime' + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] + BinaryName = "/usr/bin/nvidia-container-runtime" + + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" + + [plugins."io.containerd.runtime.v1.linux"] + runtime = "crun" + + [plugins."io.containerd.monitor.v1.cgroups"] + no_prometheus = true diff --git a/kubezero/nvidia-container-toolkit/APKBUILD b/kubezero/nvidia-container-toolkit/APKBUILD index c4b999a..aed5835 100644 --- a/kubezero/nvidia-container-toolkit/APKBUILD +++ b/kubezero/nvidia-container-toolkit/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Stefan Reimer # https://github.com/NVIDIA/nvidia-container-toolkit pkgname=nvidia-container-toolkit -pkgver=1.17.0 +pkgver=1.17.4 pkgrel=0 pkgdesc="NVIDIA Container toolkit" url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html" @@ -66,9 +66,9 @@ package() { } sha512sums=" -a69db9dfc7781bde5983a31c7f3083ae7a7b133926a047d7cd3ddbe3ca273a0b96cec9c3aaaf0f2791569b50e23def222c6d322bdaf3e16e5a4cfc037f269a6e libnvidia-container1_1.17.0-1_amd64.deb -48388e0a9dc5d011de55e8a59bdea6552d9a4228c226dfc96a8a642e27ca2f8e414ba0a2c58ebc1246b1787e7b838ca1077b91431549febd6531dc0edb315ff7 libnvidia-container-tools_1.17.0-1_amd64.deb -1de328d0b033083d2433943c4177bafd9a0ea3e58c3f76bc689aece799d7c8d4516ee193c94dd35d300d169c0be3963bf1d30d7e9d754b236aaeebb60d69405c nvidia-container-toolkit-base_1.17.0-1_amd64.deb +f72c9f816b58855126e5acf597371332b8d44fcb51098cd7625a9f760c9071c7c0979ff0c503eb9c4253bdb51e9dcc7453772ea53f8610eba86b2ceef70310a2 libnvidia-container1_1.17.4-1_amd64.deb +6f21dc07dcf018f75db4f64503baa94e4f6c9ccf0c43b734640db9beda988180bfeef466e05c996550b9cd764b80bb71a1abd4212ba7b76c707ce661ccdf7ea5 libnvidia-container-tools_1.17.4-1_amd64.deb +172b06a7651b4fa8f6ae398b20f767d33d271f430e7079618d8efd0f7821e6f77999a7229466bd2cd442737f3e2da3c82aae7679d25a0e07c32a4525b71e3a6b nvidia-container-toolkit-base_1.17.4-1_amd64.deb 5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb cc9109cdcf51dc40db732e10ac3eda7e4ac73299ad51d2ec619d7f4cff3f0311be0937530d2175e5486c393bc9e91c709072094fad510573785739afaad831f1 libcap2_2.44-1_amd64.deb 355880f5a865d9245c1d353b3c97a71037cf9880afb16e52ff94998b8a0a0cd9d0a6a28175afd85224e4ff3e4a783c60e994ca0bac8196ea8ce05ed61ed463ef config.toml diff --git a/kubezero/nvidia-drivers/APKBUILD b/kubezero/nvidia-drivers/APKBUILD index 38330e8..1828d90 100644 --- a/kubezero/nvidia-drivers/APKBUILD +++ b/kubezero/nvidia-drivers/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Stefan Reimer # Maintainer: Stefan Reimer pkgname=nvidia-drivers -pkgver=565.57.01 +pkgver=570.86.15 pkgrel=0 pkgdesc="NVIDIA Driver" url="https://www.nvidia.com/download/index.aspx" @@ -11,7 +11,7 @@ makedepends="bash xz" depends="glibc-bin" options="!check !strip !tracedeps" -source="NVIDIA-Linux-x86_64-$pkgver.run::https://download.nvidia.com/XFree86/Linux-x86_64/$pkgver/NVIDIA-Linux-x86_64-$pkgver.run" +source="NVIDIA-Linux-x86_64-$pkgver.run::https://us.download.nvidia.com/tesla/$pkgver/NVIDIA-Linux-x86_64-$pkgver.run" build() { sh "$srcdir"/NVIDIA-Linux-x86_64-$pkgver.run -x -s @@ -55,5 +55,5 @@ package() { } sha512sums=" -8f5c0f06e13cf84042c9ad1d628ef3fd5aaffb116f1716b099e6ededb125e973a4a2c511bb6201e3a39d7710b2850c3418bdbeac792036b7524c5a5fc8746f52 NVIDIA-Linux-x86_64-565.57.01.run +9726e5cf25e03a0e1b99d55aec7f58d86faa108707ad375d6959edb1b1e80437a965a7903cd600f6d7949ebd8a6e883a57a7536470195a702364094a3a1ef323 NVIDIA-Linux-x86_64-570.86.15.run " diff --git a/kubezero/nvidia-open-gpu/APKBUILD b/kubezero/nvidia-open-gpu/APKBUILD index 0e83ca8..2a9f7c7 100644 --- a/kubezero/nvidia-open-gpu/APKBUILD +++ b/kubezero/nvidia-open-gpu/APKBUILD @@ -7,7 +7,7 @@ # remove coreutils from makedepends pkgname=nvidia-open-gpu -pkgver=565.57.01 +pkgver=570.86.15 pkgrel=0 pkgdesc="NVIDIA Linux open GPU kernel modules" url="https://github.com/NVIDIA/open-gpu-kernel-modules" @@ -53,7 +53,7 @@ package() { } sha512sums=" -193755b00a5baa4b879b8b190c70c46ed3d48e6cee9b10e81218f85b3ab00cad7f38559f217d297e2478296e3fbc780d7ae47019ff9549ee1b55c15b52db744a nvidia-565.57.01.tar.gz +2b2cb1cb80ae5297d85117091e21e75a25fd9ee56f8261f4a5714c6471d31c5bf5bb47c81b26ac66a41915f569ed81a8754a55a45f41fa88f7a9bf9c31d2259c nvidia-570.86.15.tar.gz b16b86ded8601ff802477e2b191c5728290014f90bb85ad6ec0e5b7e84f8004c467f5b6c66b80dc5d205fb70a3900ac286764a3829ca3ad3b8a3a5fd0b73a702 91-nvidia.rules 8335bd69c482da1f67b5cddd31a0b40d01b5c627aeca137b40ac7776cb3e7475767bec808a972ed739c26914207aca264324c41496f6fb579d910c8477f7cc1c create-nvidia-uvm-dev-node.sh "