forked from mirrors/nixpkgs
k3s: 1.25.3+k3s1 -> 1.26.0+k3s2
We dropped behind on releases for a bit due to our automatic update script breaking. This happened because of the traefik chart packaging changing considerably. See the related upstream PR https://github.com/k3s-io/k3s/pull/6519 This updates our packaging to work with the new setup. Conveniently, this also lets us drop a patch since chart packaging upstream has simplified some too.
This commit is contained in:
parent
768a982bfc
commit
0f9165d8b6
10
pkgs/applications/networking/cluster/k3s/chart-versions.nix
Normal file
10
pkgs/applications/networking/cluster/k3s/chart-versions.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
traefik-crd = {
|
||||
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-20.3.1+up20.3.0.tgz";
|
||||
sha256 = "1775vjldvqvhzdbzanxhbaqbmkih09yb91im651q8bc7z5sb9ckn";
|
||||
};
|
||||
traefik = {
|
||||
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-20.3.1+up20.3.0.tgz";
|
||||
sha256 = "1rj0f0n0vgjcbzfwzhqmsd501i2f6vw145w9plbp8gwdyzmg2nc6";
|
||||
};
|
||||
}
|
|
@ -47,31 +47,31 @@ with lib;
|
|||
# Those pieces of software we entirely ignore upstream's handling of, and just
|
||||
# make sure they're in the path if desired.
|
||||
let
|
||||
k3sVersion = "1.25.3+k3s1"; # k3s git tag
|
||||
k3sCommit = "f2585c1671b31b4b34bddbb3bf4e7d69662b0821"; # k3s git commit at the above version
|
||||
k3sRepoSha256 = "0zwf3iwjcidx14zw36s1hr0q8wmmbfc0rfqwd7fmpjq597h8zkms";
|
||||
k3sVendorSha256 = "sha256-U67tJRGqPFk5AfRe7I50zKGC9HJ2oh+iI/C7qF/76BQ=";
|
||||
k3sVersion = "1.26.0+k3s2"; # k3s git tag
|
||||
k3sCommit = "f0ec6a4c127b2c671b271974a2f21783f0e3c525"; # k3s git commit at the above version
|
||||
k3sRepoSha256 = "0yc2k45s321hjir3c2wabqihk96wbjxp274dpbh9kv3471j89lkm";
|
||||
k3sVendorSha256 = "sha256-ptC39SgzCA4CULA+VmcMGlPG8KsLRbWlVI/jQrrF/RU=";
|
||||
|
||||
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
|
||||
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
|
||||
traefikChartVersion = "12.0.0";
|
||||
traefikChartSha256 = "1sqmi71fi3ad5dh5fmsp9mv80x6pkgqwi4r9fr8l6i9sdnai6f1a";
|
||||
# nix generated by update.sh
|
||||
# Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/scripts/download#L29-L32
|
||||
# see also https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/manifests/traefik.yaml#L8
|
||||
# At the time of writing, there are two traefik charts, and that's it
|
||||
charts = import ./chart-versions.nix;
|
||||
|
||||
# taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
|
||||
k3sRootVersion = "0.11.0";
|
||||
k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
|
||||
k3sRootVersion = "0.12.1";
|
||||
k3sRootSha256 = "0724yx3zk89m2239fmdgwzf9w672pik71xqrvgb7pdmknmmdn9f4";
|
||||
|
||||
# taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
|
||||
k3sCNIVersion = "1.1.1-k3s1";
|
||||
k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";
|
||||
|
||||
# taken from go.mod, the 'github.com/containerd/containerd' line
|
||||
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
|
||||
containerdVersion = "1.5.13-k3s2";
|
||||
containerdSha256 = "1pfr2ji4aij9js90gf4a3hqnhyw5hshcjdccm62l700j68gs5z97";
|
||||
# taken from ./scripts/version.sh VERSION_CONTAINERD
|
||||
containerdVersion = "1.6.14-k3s1";
|
||||
containerdSha256 = "01zs2xbpmww6hdh248px4dlh1n7xy9gzj2b8afyfmv3c2m2alf5p";
|
||||
|
||||
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
|
||||
criCtlVersion = "1.25.0-k3s1";
|
||||
criCtlVersion = "1.26.0-rc.0-k3s1";
|
||||
|
||||
baseMeta = {
|
||||
description = "A lightweight Kubernetes distribution";
|
||||
|
@ -99,10 +99,9 @@ let
|
|||
];
|
||||
|
||||
# bundled into the k3s binary
|
||||
traefikChart = fetchurl {
|
||||
url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
|
||||
sha256 = traefikChartSha256;
|
||||
};
|
||||
traefikChart = fetchurl charts.traefik;
|
||||
traefik-crdChart = fetchurl charts.traefik-crd;
|
||||
|
||||
# so, k3s is a complicated thing to package
|
||||
# This derivation attempts to avoid including any random binaries from the
|
||||
# internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
|
||||
|
@ -224,10 +223,6 @@ buildGoModule rec {
|
|||
src = k3sRepo;
|
||||
vendorSha256 = k3sVendorSha256;
|
||||
|
||||
patches = [
|
||||
./patches/0001-scrips-download-strip-downloading-just-package-CRD.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# Nix prefers dynamically linked binaries over static binary.
|
||||
|
||||
|
@ -295,11 +290,9 @@ buildGoModule rec {
|
|||
ln -vsf ${k3sContainerd}/bin/* ./bin/
|
||||
rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
|
||||
mkdir -p ./build/static/charts
|
||||
# Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
|
||||
export TRAEFIK_CHART_FILE=${traefikChart}
|
||||
# place the traefik chart using their code since it's complicated
|
||||
# We trim the actual download, see patches
|
||||
./scripts/download
|
||||
|
||||
cp ${traefikChart} ./build/static/charts
|
||||
cp ${traefik-crdChart} ./build/static/charts
|
||||
|
||||
export ARCH=$GOARCH
|
||||
export DRONE_TAG="v${k3sVersion}"
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
|
||||
From: Euan Kemp <euank@euank.com>
|
||||
Date: Thu, 3 Feb 2022 23:50:40 -0800
|
||||
Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
|
||||
|
||||
The CRD packaging is a complicated set of commands, so let's reuse it.
|
||||
---
|
||||
scripts/download | 10 ++--------
|
||||
1 file changed, 2 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/scripts/download b/scripts/download
|
||||
index 5effc0562a..82361803ee 100755
|
||||
--- a/scripts/download
|
||||
+++ b/scripts/download
|
||||
@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
|
||||
mkdir -p ${CHARTS_DIR}
|
||||
mkdir -p ${DATA_DIR}
|
||||
|
||||
-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
|
||||
-
|
||||
-git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
|
||||
-
|
||||
-git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
|
||||
-
|
||||
setup_tmp() {
|
||||
TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
|
||||
cleanup() {
|
||||
@@ -44,8 +38,8 @@ setup_tmp() {
|
||||
|
||||
download_and_package_traefik () {
|
||||
echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
|
||||
- curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
|
||||
- code=$?
|
||||
+ # nixpkgs: copy in our known traefik chart instead
|
||||
+ cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
|
||||
|
||||
if [ $code -ne 0 ]; then
|
||||
echo "Error: Failed to download Traefik Helm chart!"
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -11,7 +11,7 @@ NIXPKGS_K3S_PATH=$(cd $(dirname ${BASH_SOURCE[0]}); pwd -P)/
|
|||
cd ${NIXPKGS_K3S_PATH}
|
||||
|
||||
LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json
|
||||
curl --silent ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \
|
||||
curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \
|
||||
https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE}
|
||||
|
||||
LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | \
|
||||
|
@ -19,27 +19,52 @@ LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | \
|
|||
|
||||
K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//')
|
||||
|
||||
K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \
|
||||
K3S_COMMIT=$(curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \
|
||||
https://api.github.com/repos/k3s-io/k3s/tags \
|
||||
| jq -r "map(select(.name == \"${LATEST_TAG_NAME}\")) | .[0] | .commit.sha")
|
||||
|
||||
K3S_REPO_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/k3s-io/k3s/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz)
|
||||
|
||||
FILE_SCRIPTS_DOWNLOAD=${WORKDIR}/scripts-download
|
||||
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/download > $FILE_SCRIPTS_DOWNLOAD
|
||||
curl --silent -f https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/download > $FILE_SCRIPTS_DOWNLOAD
|
||||
|
||||
FILE_SCRIPTS_VERSION=${WORKDIR}/scripts-version.sh
|
||||
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/version.sh > $FILE_SCRIPTS_VERSION
|
||||
curl --silent -f https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/version.sh > $FILE_SCRIPTS_VERSION
|
||||
|
||||
FILE_MANIFESTS_TRAEFIK=${WORKDIR}/manifests-traefik.yaml
|
||||
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/manifests/traefik.yaml > $FILE_MANIFESTS_TRAEFIK
|
||||
FILE_TRAEFIK_MANIFEST=${WORKDIR}/traefik.yml
|
||||
curl --silent -f -o "$FILE_TRAEFIK_MANIFEST" https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/manifests/traefik.yaml
|
||||
|
||||
CHART_FILES=( $(yq eval --no-doc .spec.chart "$FILE_TRAEFIK_MANIFEST" | xargs -n1 basename) )
|
||||
# These files are:
|
||||
# 1. traefik-crd-20.3.1+up20.3.0.tgz
|
||||
# 2. traefik-20.3.1+up20.3.0.tgz
|
||||
# at the time of writing
|
||||
|
||||
if [[ "${#CHART_FILES[@]}" != "2" ]]; then
|
||||
echo "New manifest charts added, the packaging scripts will need to be updated: ${CHART_FILES}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CHARTS_URL=https://k3s.io/k3s-charts/assets
|
||||
# Get metadata for both files
|
||||
rm -f chart-versions.nix.update
|
||||
cat > chart-versions.nix.update <<EOF
|
||||
{
|
||||
traefik-crd = {
|
||||
url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}";
|
||||
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")";
|
||||
};
|
||||
traefik = {
|
||||
url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}";
|
||||
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")";
|
||||
};
|
||||
}
|
||||
EOF
|
||||
mv chart-versions.nix.update chart-versions.nix
|
||||
|
||||
FILE_GO_MOD=${WORKDIR}/go.mod
|
||||
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/go.mod > $FILE_GO_MOD
|
||||
|
||||
TRAEFIK_CHART_VERSION=$(yq e '.spec.chart' $FILE_MANIFESTS_TRAEFIK | awk 'match($0, /([0-9.]+)([0-9]{2})/,
|
||||
m) { print m[1]; exit; }')
|
||||
TRAEFIK_CHART_SHA256=$(nix-prefetch-url --quiet "https://helm.traefik.io/traefik/traefik-${TRAEFIK_CHART_VERSION}.tgz")
|
||||
|
||||
K3S_ROOT_VERSION=$(grep 'VERSION_ROOT=' ${FILE_SCRIPTS_VERSION} \
|
||||
| cut -d'=' -f2 | sed -e 's/"//g' -e 's/^v//')
|
||||
|
@ -51,8 +76,8 @@ CNIPLUGINS_VERSION=$(grep 'VERSION_CNIPLUGINS=' ${FILE_SCRIPTS_VERSION} \
|
|||
CNIPLUGINS_SHA256=$(nix-prefetch-url --quiet --unpack \
|
||||
"https://github.com/rancher/plugins/archive/refs/tags/v${CNIPLUGINS_VERSION}.tar.gz")
|
||||
|
||||
CONTAINERD_VERSION=$(grep github.com/containerd/containerd ${FILE_GO_MOD} \
|
||||
| head -n1 | awk '{print $4}' | sed -e 's/"//g' -e 's/^v//')
|
||||
CONTAINERD_VERSION=$(grep 'VERSION_CONTAINERD=' ${FILE_SCRIPTS_VERSION} \
|
||||
| cut -d'=' -f2 | sed -e 's/"//g' -e 's/^v//')
|
||||
CONTAINERD_SHA256=$(nix-prefetch-url --quiet --unpack \
|
||||
"https://github.com/k3s-io/containerd/archive/refs/tags/v${CONTAINERD_VERSION}.tar.gz")
|
||||
|
||||
|
@ -67,9 +92,6 @@ setKV k3sVersion ${K3S_VERSION}
|
|||
setKV k3sCommit ${K3S_COMMIT}
|
||||
setKV k3sRepoSha256 ${K3S_REPO_SHA256}
|
||||
|
||||
setKV traefikChartVersion ${TRAEFIK_CHART_VERSION}
|
||||
setKV traefikChartSha256 ${TRAEFIK_CHART_SHA256}
|
||||
|
||||
setKV k3sRootVersion ${K3S_ROOT_VERSION}
|
||||
setKV k3sRootSha256 ${K3S_ROOT_SHA256}
|
||||
|
||||
|
|
Loading…
Reference in a new issue