cilium: enforce device detection and enable image building

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

hack/build-images.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail
-set -e
-
-REGISTRY=$1
-NAME=$2
-TYPE=$3
-PUSH=$4
-LOAD=$5
-
-# an example for packages/system/capi-operator, native image and transformed one
-# registry.k8s.io/capi-operator/cluster-api-operator:v0.8.1
-# ghcr.io/aenix-io/cozystack/system/capi-operator/cluster-api-operator:v0.8.1
-
-find images -mindepth 1 -maxdepth 1 -type d | \
-    while read dockerfile_path; do
-        image_name=$(echo $dockerfile_path | awk -F/ '{print $2}')
-        tag=$(egrep -o "FROM .*$image_name.*" $dockerfile_path/Dockerfile | awk -F: '{print $NF}')
-        docker buildx build $dockerfile_path \
-            --provenance=false \
-            --tag=$REGISTRY/$TYPE/$image_name:$tag \
-            --cache-from=type=registry,ref=$REGISTRY/$TYPE/$image_name:latest \
-            --cache-to=type=inline \
-            --push=$PUSH \
-            --load=$LOAD
-    done
-

hack/update-dockerfiles.sh

@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail
-set -e
-
-function update_dockerfile() {
-    local image=$1
-    local image_name=$(echo $image | awk -F/ '{print $NF}' | awk -F: '{print $1}')
-
-    [[ -z $image_name ]] && { echo "image_name is empty for image: $image">&2; exit 1; }
-    mkdir -p images/$image_name
-    if [[ ! -f images/$image_name/Dockerfile ]];
-        then
-            echo "FROM $image" > images/$image_name/Dockerfile
-        else
-            sed -i "s|FROM .*$image_name.*|FROM $image|" images/$image_name/Dockerfile
-        fi
-}
-
-
-function with_helm() {
-    helm template . | awk '/^[ \t"-]*image["]*: [a-zA-Z0-9/:@"\.-]+$/{print $NF}' | sed 's/"//g' | \
-        while read image; do
-            update_dockerfile $image
-        done
-}
-
-function with_grep() {
-}
-
-[[ -z $1 ]] && with_helm || $1
-

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.7.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.7.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/clickhouse/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -14,7 +14,6 @@ spec:
       {{- range $name, $u := . }}
       {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
       {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
-      {{ $name }}/networks/ip: ["::/0"]
       {{- end }}
     {{- end }}
     profiles:

packages/apps/http-cache/images/nginx-cache.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:31dedc466b9f92131f3e0f35b47d1f3771b6895d5b9a6cc089786b76b00c3a25",
-  "containerimage.digest": "sha256:86c7a8f2a11cbede492c778ffd67c759f722ab6958cab4a9df66af4035b1d7d9"
+  "containerimage.config.digest": "sha256:aa7a9874c35d7fac8668a623744acbf376b48aed2ef1dc4b3a19054fdcff99cf",
+  "containerimage.digest": "sha256:d825427d433dda95db40264c6559b44c7bbb726e69279e90fe73fe8fc9265abb"
 }

packages/apps/versions_map

@@ -1,6 +1,5 @@
 clickhouse 0.1.0 ca79f72
-clickhouse 0.2.0 7cd7de73
-clickhouse 0.2.1 HEAD
+clickhouse 0.2.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 HEAD
 kafka 0.1.0 760f86d2

packages/core/installer/images/cozystack.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:6d54a5b971e80fbaace664054d4e67f24fd1fbb7807ebaffd036d4ea7195df10",
-  "containerimage.digest": "sha256:a6b167235d8556ff7e45f4582c2491a2ad48292a46005dcf767908e2fb78e74e"
+  "containerimage.config.digest": "sha256:8726af130b534d259ae28a92d84fb866df045765739a59146974d85554e5f188",
+  "containerimage.digest": "sha256:bc9109b0ed072ecbb143ea74edb9bf8a801b4903e0b849aeaa79488c4a9fb7f2"
 }

packages/core/installer/images/cozystack.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.7.0
+ghcr.io/aenix-io/cozystack/cozystack:v0.6.0

packages/core/installer/images/matchbox.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:ed483d1187cdfeb92df319a30dde57141ceb1d4bafcc28ba006a1e60abc445ff",
-  "containerimage.digest": "sha256:000a46c2bffc3cf13909dc0ca570cdcea9692d85b1ef2a875afe08ea8136d2c2"
+  "containerimage.config.digest": "sha256:05f6f9ed2e662dde64ace18dbbd69001b39778841bda812d7b6b86e064270e64",
+  "containerimage.digest": "sha256:56ef77367394c4b073c862974726d882036c9b95d27a56a774987fe3244c35f6"
 }

packages/core/platform/bundles/distro-hosted.yaml

@@ -54,13 +54,13 @@ releases:
   releaseName: kafka-operator
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
-  dependsOn: []
+  dependsOn: [cilium,kubeovn]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
-  dependsOn: []
+  dependsOn: [cilium,kubeovn]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator

packages/core/platform/bundles/paas-hosted.yaml

@@ -54,13 +54,13 @@ releases:
   releaseName: kafka-operator
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
-  dependsOn: []
+  dependsOn: [cilium,kubeovn]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
-  dependsOn: []
+  dependsOn: [cilium,kubeovn]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator

packages/system/capi-operator/Makefile

@@ -1,42 +1,11 @@
 NAME=capi-operator
 NAMESPACE=cozy-cluster-api
-TYPE=system
 
-include ../../../scripts/common-envs.mk
 include ../../../scripts/package-system.mk
 
-update: update-charts update-dockerfiles update-images
-
-update-charts:
+update:
 	rm -rf charts
 	helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator
 	helm repo update capi-operator
 	helm pull capi-operator/cluster-api-operator --untar --untardir charts
 	rm -rf charts/cluster-api-operator/charts
-
-update-dockerfiles:
-	../../../hack/update-dockerfiles.sh with_helm
-
-components := $(subst /,,$(subst images/,,$(dir $(wildcard images/*/Dockerfile))))
-img_targets := $(addprefix image-,$(components))
-
-update-images: $(img_targets)
-
-.PHONY: $(img_targets)
-$(img_targets):
-	@$(eval name := $(subst image-,,$@))
-	@$(eval tag := $(shell egrep -o "FROM .*$(name).*" images/$(name)/Dockerfile | awk -F: '{print $$NF}'))
-	BUILDX_METADATA_PROVENANCE=0 docker buildx build images/$(name)/ \
-		--provenance false \
-		--tag $(subst //,/,$(REGISTRY)/$(TYPE)/$(name):$(tag)) \
-		--cache-from type=registry,ref=$(subst //,/,$(REGISTRY)/$(TYPE)/$(name):latest) \
-		--cache-to type=inline \
-		--metadata-file images/$(name).json \
-		--push=$(PUSH) \
-		--load=$(LOAD) && \
-	img_name=$$(jq -r '."image.name" | split(":")[:-1] | join(":")' images/$(name).json) \
-		yq -i '.$(name).image.manager.repository = ("$${img_name}"|envsubst(nu,ne))' values.yaml && \
-	img_tag=$$(jq -r '."image.name" | split(":")[-1]' images/$(name).json) \
-	img_digest=$$(jq -r '."containerimage.digest"' images/$(name).json) \
-		yq -i '.$(name).image.manager.tag = ("$${img_tag}@$${img_digest}"|envsubst(nu,ne))' values.yaml
-

packages/system/capi-operator/images/cluster-api-operator.json

@@ -1,6 +0,0 @@
-{
-  "buildx.build.ref": "default/default/7nxaun3sgw6z95qhgc4c873qo",
-  "containerimage.config.digest": "sha256:0ff1e569cc97f686d6c0c9ed6e6396c72eca93df746e7ca469f97124cae1e73d",
-  "containerimage.digest": "sha256:79282412e0b891630235ecf919c45b0531f25a0926825385a51bb2a7dde880fb",
-  "image.name": "localhost:5000/aenix-io/cozystack/system/cluster-api-operator:v0.8.1"
-}

packages/system/capi-operator/images/cluster-api-operator/Dockerfile

@@ -1 +0,0 @@
-FROM registry.k8s.io/capi-operator/cluster-api-operator:v0.8.1

packages/system/capi-operator/values.yaml

@@ -1,5 +0,0 @@
-cluster-api-operator:
-  image:
-    manager:
-      repository: "localhost:5000/aenix-io/cozystack/system/cluster-api-operator"
-      tag: "v0.8.1@sha256:79282412e0b891630235ecf919c45b0531f25a0926825385a51bb2a7dde880fb"

packages/system/cilium/images/cilium.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cilium:v0.7.0
+ghcr.io/aenix-io/cozystack/cilium:latest

packages/system/dashboard/images/dashboard.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/dashboard:v0.7.0
+ghcr.io/aenix-io/cozystack/dashboard:v0.6.0

packages/system/dashboard/images/kubeapps-apis.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:44db4f7c92adb68c79eb3e152c95318e559e5c1ac0ba6e3d467596b1315f37a1",
-  "containerimage.digest": "sha256:b0c355cf5387b376e676a9e395fa0a11790409123a29e637a7080a413fe7f10d"
+  "containerimage.config.digest": "sha256:79ac02f0fe54d2007b222efe05596a1bf35b8557e406d018f825a2334bd73249",
+  "containerimage.digest": "sha256:1c1dbee8e5c4be14e5df36a69be75a6a2907445564379e23b7f8fbea1afc7093"
 }

packages/system/dashboard/images/kubeapps-apis.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.7.0
+ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.6.0

packages/system/kubeovn/Makefile

@@ -17,6 +17,7 @@ update:
 image:
 	docker buildx build images/kubeovn \
 		--provenance false \
+		--tag $(REGISTRY)/kubeovn:$(call settag,$(TAG)) \
 		--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)) \
 		--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/kubeovn:latest \

packages/system/kubeovn/images/kubeovn.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:b3d76d1764c8c470a32b4d3b19e48592eda547710e8e6508666930e1db1b4cb3",
-  "containerimage.digest": "sha256:e5275d3a367aba3b4a7ec0bf25583cc21241e320da2ffd86f5c9cf4a7f6fac77"
+  "containerimage.config.digest": "sha256:f83db05cfc7228a02d1308721de535e90e355d1b147b2d36bb98e10a848c3ef6",
+  "containerimage.digest": "sha256:440075488baba3610d7f8be6283f89ab3862ff3a9556c51a0e99ec6d46315192"
 }

packages/system/kubeovn/images/kubeovn.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubeovn:v0.7.0
+ghcr.io/aenix-io/cozystack/kubeovn:latest

scripts/installer.sh

@@ -3,7 +3,7 @@ set -o pipefail
 set -e
 
 BUNDLE=$(set -x; kubectl get configmap -n cozy-system cozystack -o 'go-template={{index .data "bundle-name"}}')
-VERSION=4
+VERSION=3
 
 run_migrations() {
   if ! kubectl get configmap -n cozy-system cozystack-version; then

scripts/migrations/3

@@ -1,12 +0,0 @@
-#!/bin/sh
-# Migration 3 --> 4
-
-# Fix kubeovn crds
-kubeovn_crds=$(kubectl get crd -o name | grep '\.kubeovn\.io$')
-if [ -n "$kubeovn_crds" ]; then
-  kubectl annotate $kubeovn_crds meta.helm.sh/release-namespace=cozy-kubeovn meta.helm.sh/release-name=kubeovn
-  kubectl label $kubeovn_crds app.kubernetes.io/managed-by=Helm
-fi
-
-# Write version to cozystack-version config
-kubectl create configmap -n cozy-system cozystack-version --from-literal=version=4 --dry-run=client -o yaml | kubectl apply -f-