diff --git a/Makefile b/Makefile index e47780c..fd08026 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ OVERLAY := $(shell pwd)/overlay ONLY := -FILTER := --only 3.16 $(ONLY) +FILTER := --only 3.17 $(ONLY) --skip aarch64 metal STEP := publish all: build build: - cd alpine-cloud-images && ./build $(STEP) --clean --no-pad-uefi-bins --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl + cd alpine-cloud-images && ./build $(STEP) --clean --pad-uefi-bin-arch '' --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl clean: rm -rf alpine-cloud-images/work diff --git a/cleanup_amis.sh b/cleanup_amis.sh index 350d8c9..32b955a 100755 --- a/cleanup_amis.sh +++ b/cleanup_amis.sh @@ -1,13 +1,14 @@ #!/bin/bash -set -x +# set -x -echo "Are you really sure as AMIs might be used by customers !!" -read - -TAG_FILTER="Name=tag:Name,Values=*-uefi-*" +TAG_FILTER="Name=tag:Name,Values=*-uefi-*kubezero*" +TAG_FILTER="Name=tag:Name,Values=*3.17*minimal*" # TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0" # TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r2" +echo "Are you really sure to delete AMIs matching \"$TAG_FILTER\" ?" +read + #for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do for r in eu-central-1 us-west-2 ap-southeast-2 ca-central-1 us-east-1 us-west-1; do amis=$(aws ec2 describe-images --region $r --owners self --output json --filters $TAG_FILTER | jq -r '.Images[].ImageId') diff --git a/overlay/zdt/configs/edition/common-packages.conf b/overlay/zdt/configs/edition/common-packages.conf index 4962353..e4e5b12 100644 --- a/overlay/zdt/configs/edition/common-packages.conf +++ b/overlay/zdt/configs/edition/common-packages.conf @@ -16,11 +16,14 @@ dhclient = true busybox-extras = true tcpdump = true uuidgen = true -tiny-cloud = edge-main -tiny-cloud-openrc = edge-main -tiny-cloud-network = edge-main -tiny-cloud-aws = edge-main -conmon = edge-community +apparmor = true +apparmor-utils = true +apparmor-profiles = true +tiny-cloud = true +tiny-cloud-openrc = true +tiny-cloud-network = true +tiny-cloud-aws = true +conmon = true prometheus-node-exporter = true prometheus-wireguard-exporter = true zdt-base = kubezero diff --git a/overlay/zdt/configs/edition/common-services.conf b/overlay/zdt/configs/edition/common-services.conf index 5554c40..745063f 100644 --- a/overlay/zdt/configs/edition/common-services.conf +++ b/overlay/zdt/configs/edition/common-services.conf @@ -4,14 +4,17 @@ sysinit { } boot { + cloudbender-early = true + localmount = true syslog = null syslog-ng = true - zdt-mount = true + apparmor = true } default { + cloudbender = true local = true crond = true - # monit = true # We use init node-exporter = true + # monit = true # We use inittab } diff --git a/overlay/zdt/configs/edition/common.conf b/overlay/zdt/configs/edition/common.conf index c6bf33f..a1161c8 100644 --- a/overlay/zdt/configs/edition/common.conf +++ b/overlay/zdt/configs/edition/common.conf @@ -10,6 +10,11 @@ repos { repos_keys = [ "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" ] +kernel_options { + "apparmor=1" = true + "security=apparmor" = true +} + WHEN { aws { packages { diff --git a/overlay/zdt/configs/edition/kubezero-packages.conf b/overlay/zdt/configs/edition/kubezero-packages.conf index 966e464..f0dea42 100644 --- a/overlay/zdt/configs/edition/kubezero-packages.conf +++ b/overlay/zdt/configs/edition/kubezero-packages.conf @@ -1,6 +1,2 @@ -cri-tools = kubezero -cri-o = "kubezero=~1.24" -kubelet = "kubezero=~1.24" -kubectl = "kubezero=~1.24" -ecr-credential-provider = "kubezero=~1.24" -aws-iam-authenticator = "kubezero=~0.5.9" +curl = true +kubezero = "kubezero=~1.25" diff --git a/overlay/zdt/configs/edition/kubezero-services.conf b/overlay/zdt/configs/edition/kubezero-services.conf new file mode 100644 index 0000000..241f19a --- /dev/null +++ b/overlay/zdt/configs/edition/kubezero-services.conf @@ -0,0 +1,4 @@ +default { + # Until we migrate away from DS + node-exporter = null +} diff --git a/overlay/zdt/configs/edition/kubezero.conf b/overlay/zdt/configs/edition/kubezero.conf index 1eaeb1b..2ded8e1 100644 --- a/overlay/zdt/configs/edition/kubezero.conf +++ b/overlay/zdt/configs/edition/kubezero.conf @@ -3,9 +3,10 @@ include required("common.conf") packages { include required("kubezero-packages.conf") } +services { include required("kubezero-services.conf") } description = [ "- https://kubezero.com" ] -name = [ kubezero-1.24.7 ] +name = [ kubezero-1.25.8 ] # size = 2G WHEN { diff --git a/overlay/zdt/configs/edition/minimal.conf b/overlay/zdt/configs/edition/minimal.conf index b7f7c87..105ee9b 100644 --- a/overlay/zdt/configs/edition/minimal.conf +++ b/overlay/zdt/configs/edition/minimal.conf @@ -4,7 +4,3 @@ include required("common.conf") description = [ "- https://zero-downtime.net/cloud" ] name = [ minimal ] - -#kernel_options { -# "lsm=landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor" = true -#} diff --git a/overlay/zdt/configs/zdt.conf b/overlay/zdt/configs/zdt.conf index c27d2bb..ae69ad1 100644 --- a/overlay/zdt/configs/zdt.conf +++ b/overlay/zdt/configs/zdt.conf @@ -17,7 +17,7 @@ Default { size = 1G login = alpine - local_format = vhd + image_format = vhd # image access access.PUBLIC = false @@ -30,13 +30,13 @@ Default { # atm we only support: # - tiny-cloud # - uefi boot -# - latest stable Alpine 3.16 +# - latest stable Alpine 3.17 Dimensions { version { - "3.16" { include required("version/3.16.conf") + "3.17" { include required("version/3.17.conf") repos { - "https://cdn.zero-downtime.net/alpine/v3.16/kubezero" = kubezero + "https://cdn.zero-downtime.net/alpine/v3.17/kubezero" = kubezero } } # edge { include required("version/edge.conf") }