Kubezero v1.25, Alpine 3.17

2023-04-27 07:34:14 +00:00 · 2023-04-27 07:34:14 +00:00 · db52530017
parent 7edeb62b28
commit db52530017
10 changed files with 38 additions and 29 deletions
--- a/4
+++ b/4
@ -1,12 +1,12 @@
 OVERLAY := $(shell pwd)/overlay
 ONLY :=
-FILTER := --only 3.16 $(ONLY)
+FILTER := --only 3.17 $(ONLY) --skip aarch64 metal
 STEP := publish

 all: build

 build:
-	cd alpine-cloud-images && ./build $(STEP) --clean --no-pad-uefi-bins --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl
+	cd alpine-cloud-images && ./build $(STEP) --clean --pad-uefi-bin-arch '' --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl

 clean:
 	rm -rf alpine-cloud-images/work
--- a/cleanup_amis.sh
+++ b/cleanup_amis.sh
@ -1,13 +1,14 @@
 #!/bin/bash
-set -x
+# set -x

-echo "Are you really sure as AMIs might be used by customers !!"
-read
-
-TAG_FILTER="Name=tag:Name,Values=*-uefi-*"
+TAG_FILTER="Name=tag:Name,Values=*-uefi-*kubezero*"
+TAG_FILTER="Name=tag:Name,Values=*3.17*minimal*"
 # TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
 # TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r2"

+echo "Are you really sure to delete AMIs matching \"$TAG_FILTER\" ?"
+read
+
 #for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
 for r in eu-central-1 us-west-2 ap-southeast-2 ca-central-1 us-east-1 us-west-1; do
  amis=$(aws ec2 describe-images --region $r --owners self --output json --filters $TAG_FILTER | jq -r '.Images[].ImageId')
--- a/overlay/zdt/configs/edition/common-packages.conf
+++ b/overlay/zdt/configs/edition/common-packages.conf
@ -16,11 +16,14 @@ dhclient        = true
 busybox-extras  = true
 tcpdump         = true
 uuidgen         = true
-tiny-cloud          = edge-main
-tiny-cloud-openrc   = edge-main
-tiny-cloud-network  = edge-main
-tiny-cloud-aws      = edge-main
-conmon              = edge-community
+apparmor        = true
+apparmor-utils  = true
+apparmor-profiles   = true
+tiny-cloud          = true
+tiny-cloud-openrc   = true
+tiny-cloud-network  = true
+tiny-cloud-aws      = true
+conmon              = true
 prometheus-node-exporter       = true
 prometheus-wireguard-exporter  = true
 zdt-base        = kubezero
--- a/overlay/zdt/configs/edition/common-services.conf
+++ b/overlay/zdt/configs/edition/common-services.conf
@ -4,14 +4,17 @@ sysinit {
 }

 boot {
+  cloudbender-early = true
+  localmount = true
  syslog = null
  syslog-ng = true
-  zdt-mount = true
+  apparmor = true
 }

 default {
+  cloudbender = true
  local = true
  crond = true
-  # monit = true # We use init
  node-exporter = true
+  # monit = true # We use inittab
 }
--- a/overlay/zdt/configs/edition/common.conf
+++ b/overlay/zdt/configs/edition/common.conf
@ -10,6 +10,11 @@ repos {

 repos_keys = [ "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" ]

+kernel_options {
+  "apparmor=1" = true
+  "security=apparmor" = true
+}
+
 WHEN {
  aws {
    packages {
--- a/overlay/zdt/configs/edition/kubezero-packages.conf
+++ b/overlay/zdt/configs/edition/kubezero-packages.conf
@ -1,6 +1,2 @@
-cri-tools               = kubezero
-cri-o                   = "kubezero=~1.24"
-kubelet                 = "kubezero=~1.24"
-kubectl                 = "kubezero=~1.24"
-ecr-credential-provider = "kubezero=~1.24"
-aws-iam-authenticator   = "kubezero=~0.5.9"
+curl     = true
+kubezero = "kubezero=~1.25"
--- a/overlay/zdt/configs/edition/kubezero-services.conf
+++ b/overlay/zdt/configs/edition/kubezero-services.conf
@ -0,0 +1,4 @@
+default {
+  # Until we migrate away from DS
+  node-exporter = null
+}
--- a/overlay/zdt/configs/edition/kubezero.conf
+++ b/overlay/zdt/configs/edition/kubezero.conf
@ -3,9 +3,10 @@
 include required("common.conf")

 packages { include required("kubezero-packages.conf") }
+services { include required("kubezero-services.conf") }

 description = [ "- https://kubezero.com" ]
-name = [ kubezero-1.24.7 ]
+name = [ kubezero-1.25.8 ]
 # size = 2G

 WHEN {
--- a/overlay/zdt/configs/edition/minimal.conf
+++ b/overlay/zdt/configs/edition/minimal.conf
@ -4,7 +4,3 @@ include required("common.conf")

 description = [ "- https://zero-downtime.net/cloud" ]
 name = [ minimal ]
-
-#kernel_options {
-#  "lsm=landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor" = true
-#}
--- a/overlay/zdt/configs/zdt.conf
+++ b/overlay/zdt/configs/zdt.conf
@ -17,7 +17,7 @@ Default {
  size  = 1G
  login = alpine

-  local_format  = vhd
+  image_format  = vhd

  # image access
  access.PUBLIC = false
@ -30,13 +30,13 @@ Default {
 # atm we only support:
 # - tiny-cloud 
 # - uefi boot
-# - latest stable Alpine 3.16
+# - latest stable Alpine 3.17

 Dimensions {
  version {
-    "3.16" { include required("version/3.16.conf")
+    "3.17" { include required("version/3.17.conf")
             repos {
-               "https://cdn.zero-downtime.net/alpine/v3.16/kubezero" = kubezero
+               "https://cdn.zero-downtime.net/alpine/v3.17/kubezero" = kubezero
             }
          }
    # edge { include required("version/edge.conf") }