Add kubernetes-1.27 package and variants

This adds a new package for installing k8s 1.27. It also adds all variants for the *-k8s-* variant. Signed-off-by: Sean McGinnis <[email protected]>
bottlerocket-os · May 5, 2023 · fe2cc1c · fe2cc1c
1 parent 7a63929
commit fe2cc1c
Show file tree

Hide file tree

Showing 133 changed files with 1,334 additions and 59 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -38,7 +38,14 @@ jobs:
     continue-on-error: ${{ matrix.supported }}
     strategy:
       matrix:
-        variant: [aws-k8s-1.22, aws-k8s-1.23, aws-k8s-1.24, aws-k8s-1.25, aws-k8s-1.26, aws-ecs-1]
+        variant:
+          - aws-k8s-1.22
+          - aws-k8s-1.23
+          - aws-k8s-1.24
+          - aws-k8s-1.25
+          - aws-k8s-1.26
+          - aws-k8s-1.27
+          - aws-ecs-1
         arch: [x86_64, aarch64]
         supported: [true]
         fetch-upstream: ["false"]
@@ -75,6 +82,10 @@ jobs:
             arch: x86_64
             supported: false
             fetch-upstream: "false"
+          - variant: metal-k8s-1.27
+            arch: x86_64
+            supported: false
+            fetch-upstream: "false"
           - variant: vmware-k8s-1.22
             arch: x86_64
             supported: true
@@ -95,6 +106,10 @@ jobs:
             arch: x86_64
             supported: true
             fetch-upstream: "false"
+          - variant: vmware-k8s-1.27
+            arch: x86_64
+            supported: true
+            fetch-upstream: "false"
           - variant: aws-k8s-1.22-nvidia
             arch: x86_64
             supported: true
@@ -135,6 +150,14 @@ jobs:
             arch: aarch64
             supported: true
             fetch-upstream: "true"
+          - variant: aws-k8s-1.27-nvidia
+            arch: x86_64
+            supported: true
+            fetch-upstream: "true"
+          - variant: aws-k8s-1.27-nvidia
+            arch: aarch64
+            supported: true
+            fetch-upstream: "true"
           - variant: aws-ecs-1-nvidia
             arch: x86_64
             supported: true

diff --git a/README.md b/README.md
@@ -65,11 +65,13 @@ The following variants support EKS, as described above:
 * `aws-k8s-1.24`
 * `aws-k8s-1.25`
 * `aws-k8s-1.26`
+* `aws-k8s-1.27`
 * `aws-k8s-1.22-nvidia`
 * `aws-k8s-1.23-nvidia`
 * `aws-k8s-1.24-nvidia`
 * `aws-k8s-1.25-nvidia`
 * `aws-k8s-1.26-nvidia`
+* `aws-k8s-1.27-nvidia`
 
 The following variants support ECS:
 
@@ -83,6 +85,7 @@ We also have variants that are designed to be Kubernetes worker nodes in VMware:
 * `vmware-k8s-1.24`
 * `vmware-k8s-1.25`
 * `vmware-k8s-1.26`
+* `vmware-k8s-1.27`
 
 The following variants are designed to be Kubernetes worker nodes on bare metal:
 
@@ -91,6 +94,7 @@ The following variants are designed to be Kubernetes worker nodes on bare metal:
 * `metal-k8s-1.24`
 * `metal-k8s-1.25`
 * `metal-k8s-1.26`
+* `metal-k8s-1.27`
 
 The following variants are no longer supported:
 

diff --git a/packages/ecr-credential-provider-1.27/Cargo.toml b/packages/ecr-credential-provider-1.27/Cargo.toml
@@ -0,0 +1,24 @@
+[package]
+# "." is not allowed in crate names, but we want a friendlier name for the
+# directory and spec file, so we override it below.
+name = "ecr-credential-provider-1_27"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "build.rs"
+
+[lib]
+path = "pkg.rs"
+
+[package.metadata.build-package]
+package-name = "ecr-credential-provider-1.27"
+releases-url = "https://github.com/kubernetes/cloud-provider-aws/releases"
+
+[[package.metadata.build-package.external-files]]
+url = "https://codeload.github.com/kubernetes/cloud-provider-aws/tar.gz/v1.27.1"
+path = "cloud-provider-aws-1.27.1.tar.gz"
+sha512 = "d7a28f4fb3cb2a1e7ee8d94405e3268608562af0ac509b51c32fcca19353eb68c87b023bd7dae1e84a76d9e856e4951cbc8a2260bab358d1eb492e47caedd29d"
+bundle-modules = [ "go" ]
+
+[build-dependencies]
+glibc = { path = "../glibc" }
diff --git a/packages/ecr-credential-provider-1.27/build.rs b/packages/ecr-credential-provider-1.27/build.rs
@@ -0,0 +1,9 @@
+use std::process::{exit, Command};
+
+fn main() -> Result<(), std::io::Error> {
+    let ret = Command::new("buildsys").arg("build-package").status()?;
+    if !ret.success() {
+        exit(1);
+    }
+    Ok(())
+}
diff --git a/packages/ecr-credential-provider-1.27/clarify.toml b/packages/ecr-credential-provider-1.27/clarify.toml
@@ -0,0 +1,5 @@
+[clarify."sigs.k8s.io/yaml"]
+expression = "MIT AND BSD-3-Clause"
+license-files = [
+    { path = "LICENSE", hash = 0xcdf3ae00 },
+]
diff --git a/packages/ecr-credential-provider-1.27/ecr-credential-provider-1.27.spec b/packages/ecr-credential-provider-1.27/ecr-credential-provider-1.27.spec
@@ -0,0 +1,45 @@
+%global goproject github.com/kubernetes
+%global gorepo cloud-provider-aws
+%global goimport %{goproject}/%{gorepo}
+
+%global gover 1.27.1
+%global rpmver %{gover}
+
+%global _dwz_low_mem_die_limit 0
+
+Name: %{_cross_os}ecr-credential-provider-1.27
+Version: %{rpmver}
+Release: 1%{?dist}
+Summary: Container image registry credential provider for AWS ECR
+License: Apache-2.0
+URL: https://github.com/kubernetes/cloud-provider-aws
+
+Source: cloud-provider-aws-%{gover}.tar.gz
+Source1: bundled-cloud-provider-aws-%{gover}.tar.gz
+Source1000: clarify.toml
+
+BuildRequires: %{_cross_os}glibc-devel
+
+%description
+%{summary}.
+
+%prep
+%setup -n %{gorepo}-%{gover} -q
+%setup -T -D -n %{gorepo}-%{gover} -b 1 -q
+
+%build
+%set_cross_go_flags
+
+go build -buildmode=pie -ldflags="${GOLDFLAGS}" -o=ecr-credential-provider cmd/ecr-credential-provider/*.go
+
+%install
+install -d %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet/plugins
+install -p -m 0755 ecr-credential-provider %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet/plugins/ecr-credential-provider
+
+%cross_scan_attribution --clarify %{S:1000} go-vendor vendor
+
+%files
+%license LICENSE
+%{_cross_attribution_file}
+%{_cross_attribution_vendor_dir}
+%{_cross_libexecdir}/kubernetes/kubelet/plugins/ecr-credential-provider
diff --git a/packages/ecr-credential-provider-1.27/pkg.rs b/packages/ecr-credential-provider-1.27/pkg.rs
@@ -0,0 +1 @@
+// not used
diff --git a/packages/kubernetes-1.27/Cargo.toml b/packages/kubernetes-1.27/Cargo.toml
@@ -0,0 +1,32 @@
+[package]
+# "." is not allowed in crate names, but we want a friendlier name for the
+# directory and spec file, so we override it below.
+name = "kubernetes-1_27"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "build.rs"
+
+[lib]
+path = "pkg.rs"
+
+[package.metadata.build-package]
+package-name = "kubernetes-1.27"
+
+[[package.metadata.build-package.external-files]]
+url = "https://distro.eks.amazonaws.com/kubernetes-1-27/releases/1/artifacts/kubernetes/v1.27.1/kubernetes-src.tar.gz"
+sha512 = "bec6b87a1cf974feb041ac684057be42d0a9abd332371bc8a8a7311d7f23e4ecba923dc9f46d4db8a5a2818976ddf7e06baef7b9fd87ff5fda27b6665b956c07"
+
+# RPM BuildRequires
+[build-dependencies]
+glibc = { path = "../glibc" }
+
+# RPM Requires
+[dependencies]
+aws-signing-helper = { path = "../aws-signing-helper" }
+ecr-credential-provider-1_27 = { path = "../ecr-credential-provider-1.27" }
+# `conntrack-tools`, `containerd` and `findutils` are only needed at runtime,
+# and are pulled in by `release`.
+# conntrack-tools = { path = "../conntrack-tools" }
+# containerd = { path = "../containerd" }
+# findutils = { path = "../findutils" }
diff --git a/packages/kubernetes-1.27/build.rs b/packages/kubernetes-1.27/build.rs
@@ -0,0 +1,9 @@
+use std::process::{exit, Command};
+
+fn main() -> Result<(), std::io::Error> {
+    let ret = Command::new("buildsys").arg("build-package").status()?;
+    if !ret.success() {
+        exit(1);
+    }
+    Ok(())
+}
diff --git a/packages/kubernetes-1.27/clarify.toml b/packages/kubernetes-1.27/clarify.toml
@@ -0,0 +1,62 @@
+[clarify."github.com/JeffAshton/win_pdh"]
+expression = "BSD-3-Clause"
+license-files = [
+    { path = "LICENSE", hash = 0xb221dcc9 },
+]
+
+[clarify."github.com/daviddengcn/go-colortext"]
+expression = "BSD-3-Clause AND MIT"
+license-files = [
+    { path = "LICENSE", hash = 0x9769fae1 },
+]
+
+[clarify."github.com/ghodss/yaml"]
+expression = "MIT AND BSD-3-Clause"
+license-files = [
+    { path = "LICENSE", hash = 0xcdf3ae00 },
+]
+
+[clarify."github.com/heketi/heketi"]
+# kubernetes only uses code that is under LGPLv3+/Apache 2.0, not the code that is GPLv2+/LGPLv3+
+expression = "LGPL-3.0-or-later OR Apache-2.0"
+license-files = [
+    { path = "LICENSE", hash = 0x3c4b96d1 },
+    { path = "LICENSE-APACHE2", hash = 0x438c8616 },
+    { path = "COPYING-LGPLV3", hash = 0xf0bccb3a },
+]
+skip-files = [ "COPYING-GPLV2" ]
+
+[clarify."github.com/go-bindata/go-bindata"]
+expression = "CC0-1.0"
+license-files = [
+    { path = "LICENSE", hash = 0x393fafd6 },
+]
+
+[clarify."github.com/miekg/dns"]
+expression = "BSD-3-Clause"
+license-files = [
+    { path = "COPYRIGHT", hash = 0xe41dd36c },
+    { path = "LICENSE", hash = 0xfc8f12ff },
+]
+
+[clarify."sigs.k8s.io/yaml"]
+expression = "MIT AND BSD-3-Clause"
+license-files = [
+    { path = "LICENSE", hash = 0xcdf3ae00 },
+]
+
+[clarify."honnef.co/go/tools"]
+expression = "MIT AND BSD-3-Clause AND Apache-2.0"
+license-files = [
+    { path = "LICENSE", hash = 0xad378ed2 },
+    { path = "LICENSE-THIRD-PARTY", hash = 0x546425eb },
+    { path = "lint/LICENSE", hash = 0xc6b58232 },
+    { path = "ssa/LICENSE", hash = 0xe656fb62 },
+]
+
+[clarify."github.com/storageos/go-api"]
+expression = "MIT AND BSD-2-Clause"
+license-files = [
+    { path = "LICENCE", hash = 0x67a6861e },
+]
+skip-files = ["licence.go", "types/licence.go"]
diff --git a/packages/kubernetes-1.27/credential-provider-config-yaml b/packages/kubernetes-1.27/credential-provider-config-yaml
@@ -0,0 +1,33 @@
+apiVersion: kubelet.config.k8s.io/v1
+kind: CredentialProviderConfig
+providers:
+{{#if settings.kubernetes.credential-providers}}
+{{#each settings.kubernetes.credential-providers}}
+{{#if this.enabled}}
+  - name: {{@key}}
+    matchImages:
+{{#each this.image-patterns}}
+      - "{{this}}"
+{{/each}}
+    defaultCacheDuration: "{{default "12h" this.cache-duration}}"
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
+{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
+    env:
+{{#if this.environment}}
+{{#each this.environment}}
+      - name: {{@key}}
+        value: '{{this}}'
+{{/each}}
+{{/if}}
+{{#if (eq @key "ecr-credential-provider")}}
+      - name: HOME
+        value: '/root'
+{{#if @root.settings.aws.profile}}
+      - name: AWS_PROFILE
+        value: '{{@root.settings.aws.profile}}'
+{{/if}}
+{{/if}}
+{{/if}}
+{{/if}}
+{{/each}}
+{{/if}}
diff --git a/packages/kubernetes-1.27/dockershim-symlink.conf b/packages/kubernetes-1.27/dockershim-symlink.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/bin/ln -sf /run/containerd/containerd.sock /run/dockershim.sock
diff --git a/packages/kubernetes-1.27/etc-kubernetes-pki-private.mount b/packages/kubernetes-1.27/etc-kubernetes-pki-private.mount
@@ -0,0 +1,16 @@
+[Unit]
+Description=Kubernetes PKI private directory (/etc/kubernetes/pki/private)
+DefaultDependencies=no
+Conflicts=umount.target
+Before=local-fs.target umount.target
+After=selinux-policy-files.service
+Wants=selinux-policy-files.service
+
+[Mount]
+What=tmpfs
+Where=/etc/kubernetes/pki/private
+Type=tmpfs
+Options=nosuid,nodev,noexec,noatime,context=system_u:object_r:secret_t:s0,mode=0700
+
+[Install]
+WantedBy=preconfigured.target
diff --git a/packages/kubernetes-1.27/kubelet-bootstrap-kubeconfig b/packages/kubernetes-1.27/kubelet-bootstrap-kubeconfig
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+{{#if settings.kubernetes.api-server}}
+    certificate-authority: "/etc/kubernetes/pki/ca.crt"
+    server: "{{settings.kubernetes.api-server}}"
+{{/if}}
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: kubelet
+  name: kubelet
+current-context: kubelet
+users:
+- name: kubelet
+{{#if settings.kubernetes.bootstrap-token}}
+  user:
+    token: "{{settings.kubernetes.bootstrap-token}}"
+{{/if}}