From 3b2c8c6f1056961022e714937eb24e0aa0826b6e Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 8 Apr 2024 13:01:20 +0000 Subject: [PATCH] feat: KubeZero v1.28 --- Makefile | 9 ++----- cleanup_amis.sh | 2 +- overlay/zdt/configs/edition/common.conf | 7 +++++ .../configs/edition/kubezero-packages.conf | 4 +-- overlay/zdt/configs/edition/kubezero.conf | 14 ++++++---- overlay/zdt/configs/machine/vm.conf | 7 +++++ overlay/zdt/configs/zdt.conf | 27 +++++++++++-------- scan_image.sh | 11 ++++++++ 8 files changed, 55 insertions(+), 26 deletions(-) create mode 100755 scan_image.sh diff --git a/Makefile b/Makefile index fd3224e..550e24d 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ OVERLAY := $(shell pwd)/overlay ONLY := SKIP := -FILTER := --only 3.18 $(ONLY) --skip aarch64 $(SKIP) +FILTER := --only $(ONLY) --skip aarch64 $(SKIP) STEP := publish all: build @@ -35,12 +35,7 @@ age-seal: # Just a reference how it could work, requires root though scan-image: - doas modprobe nbd - doas qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/*/image.qcow2 - doas mount /dev/nbd0p2 /mnt/temp/ - doas trivy rootfs /mnt/temp - doas umount /mnt/temp - doas qemu-nbd -d /dev/nbd0 + doas ./scan_image.sh alpine-cloud-images/work/images/aws/*/image.qcow2 pull-upstream: ## pull latest shared alpine-cloud-images git stash && git subtree pull --prefix alpine-cloud-images git@gitlab.alpinelinux.org:alpine/cloud/alpine-cloud-images.git main --squash && git stash pop diff --git a/cleanup_amis.sh b/cleanup_amis.sh index 7cd22cf..f74c347 100755 --- a/cleanup_amis.sh +++ b/cleanup_amis.sh @@ -2,7 +2,7 @@ # set -x TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.18*dev*" #-dev" #kubezero*" -#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-*kubezero*1.26*" +#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-*kubezero*1.28*" echo "Are you really sure to delete AMIs matching \"$TAG_FILTER\" ?" read diff --git a/overlay/zdt/configs/edition/common.conf b/overlay/zdt/configs/edition/common.conf index 4baee45..0ff4b0b 100644 --- a/overlay/zdt/configs/edition/common.conf +++ b/overlay/zdt/configs/edition/common.conf @@ -25,6 +25,13 @@ WHEN { } } + nocloud { + packages { + zdt-base-nocloud = kubezero + tiny-cloud-nocloud = true + } + } + # Disable KVM during cross build aarch64 { qemu.args = [ diff --git a/overlay/zdt/configs/edition/kubezero-packages.conf b/overlay/zdt/configs/edition/kubezero-packages.conf index dcabb3d..0708826 100644 --- a/overlay/zdt/configs/edition/kubezero-packages.conf +++ b/overlay/zdt/configs/edition/kubezero-packages.conf @@ -1,3 +1,3 @@ curl = true -kubezero = "kubezero=~1.27" -kubezero-imagecache = "kubezero=~1.27" +kubezero = kubezero +kubezero-imagecache = kubezero diff --git a/overlay/zdt/configs/edition/kubezero.conf b/overlay/zdt/configs/edition/kubezero.conf index 2bdfd24..1d808bf 100644 --- a/overlay/zdt/configs/edition/kubezero.conf +++ b/overlay/zdt/configs/edition/kubezero.conf @@ -1,19 +1,23 @@ # vim: ts=2 et: +kubezero-version = "1.28.8" + include required("common.conf") +description = [ "- https://kubezero.com" ] +name = [ "kubezero-{kubezero-version}" ] +disk_size = [1024] + packages { include required("kubezero-packages.conf") } services { include required("kubezero-services.conf") } -description = [ "- https://kubezero.com" ] -name = [ kubezero-1.27.8 ] -disk_size = [1024] - +# Cloud specifics WHEN { aws { packages { - aws-neuron-driver = kubezero + #aws-neuron-driver = kubezero nvidia-open-gpu = kubezero } } } + diff --git a/overlay/zdt/configs/machine/vm.conf b/overlay/zdt/configs/machine/vm.conf index b4cce28..5fd6e0b 100644 --- a/overlay/zdt/configs/machine/vm.conf +++ b/overlay/zdt/configs/machine/vm.conf @@ -4,3 +4,10 @@ machine_name = "Virtual" packages { falco-kernel-virt = kubezero } + +services { + boot { + # Fails on cloudhypervisor anyways + hwclock = null + } +} diff --git a/overlay/zdt/configs/zdt.conf b/overlay/zdt/configs/zdt.conf index eed7fa7..763e18e 100644 --- a/overlay/zdt/configs/zdt.conf +++ b/overlay/zdt/configs/zdt.conf @@ -32,15 +32,17 @@ Default { # profile build matrix # atm we only support: -# - tiny-cloud +# - tiny-cloud # - uefi boot -# - latest stable Alpine 3.18 +# - Alpine 3.19 +# - aws + nocloud +# - x86_64 + aarch64 Dimensions { version { - "3.18" { include required("version/3.18.conf") + "3.19" { include required("version/3.19.conf") repos { - "https://cdn.zero-downtime.net/alpine/v3.18/kubezero" = kubezero + "https://cdn.zero-downtime.net/alpine/v3.19/kubezero" = kubezero } } # edge { include required("version/edge.conf") } @@ -64,12 +66,12 @@ Dimensions { aws { include required("cloud/aws.conf") } aws.regions { ALL = false - #ap-southeast-2 = true - #ca-central-1 = true + ap-southeast-2 = true + ca-central-1 = true eu-central-1 = true - #us-east-1 = true - #us-west-1 = true - #us-west-2 = true + us-east-1 = true + us-west-1 = true + us-west-2 = true } nocloud { include required("cloud/nocloud.conf") } } @@ -88,11 +90,14 @@ Dimensions { # all build configs merge these at the very end Mandatory { - name = [ "dev", "r{revision}" ] + # name = [ "dev", "r{revision}" ] + name = [ "r{revision}" ] encrypted = "alias/zdt/amis" # We use neofetch custom branding - motd = {} + motd = { + sudo_removed = null + } # final provisioning script scripts = [ cleanup ] diff --git a/scan_image.sh b/scan_image.sh new file mode 100755 index 0000000..5baf088 --- /dev/null +++ b/scan_image.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -x + +IMAGE=$1 + +modprobe nbd +qemu-nbd -c /dev/nbd0 --read-only $IMAGE +mount /dev/nbd0p2 /mnt/temp/ +trivy rootfs /mnt/temp +umount /mnt/temp +qemu-nbd -d /dev/nbd0