Merge pull request #239030 from euank/euan/k3s-1-26-bump

authored by

Ryan Lahfa and committed by
GitHub
a0930d1a 6ecb8ef4

+26 -159
+4 -4
pkgs/applications/networking/cluster/k3s/1_26/chart-versions.nix
··· 1 1 { 2 2 traefik-crd = { 3 - url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-20.3.1+up20.3.0.tgz"; 4 - sha256 = "1775vjldvqvhzdbzanxhbaqbmkih09yb91im651q8bc7z5sb9ckn"; 3 + url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-21.2.1+up21.2.0.tgz"; 4 + sha256 = "05j3vyikb7g2z2i07rij9h4ki5lb2hb2rynpiqfd4l1y5qm0qhw9"; 5 5 }; 6 6 traefik = { 7 - url = "https://k3s.io/k3s-charts/assets/traefik/traefik-20.3.1+up20.3.0.tgz"; 8 - sha256 = "1rj0f0n0vgjcbzfwzhqmsd501i2f6vw145w9plbp8gwdyzmg2nc6"; 7 + url = "https://k3s.io/k3s-charts/assets/traefik/traefik-21.2.1+up21.2.0.tgz"; 8 + sha256 = "0gvz0yzph2893scd0q10b938yc7f36b3zqs57pkjgqqpl1d0nwhg"; 9 9 }; 10 10 }
-123
pkgs/applications/networking/cluster/k3s/1_26/update.sh
··· 1 - #!/usr/bin/env nix-shell 2 - #!nix-shell -i bash -p curl gnugrep gnused jq yq-go nix-prefetch 3 - 4 - set -x -eu -o pipefail 5 - 6 - WORKDIR=$(mktemp -d) 7 - trap "rm -rf ${WORKDIR}" EXIT 8 - 9 - NIXPKGS_ROOT="$(git rev-parse --show-toplevel)"/ 10 - NIXPKGS_K3S_PATH=$(cd $(dirname ${BASH_SOURCE[0]}); pwd -P)/ 11 - cd ${NIXPKGS_K3S_PATH} 12 - 13 - LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json 14 - curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \ 15 - https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE} 16 - 17 - LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | \ 18 - grep -v -e rc -e engine | tail -n +2 | head -n -1 | sed 's|[", ]||g' | sort -rV | head -n1) 19 - 20 - K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') 21 - 22 - K3S_COMMIT=$(curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \ 23 - https://api.github.com/repos/k3s-io/k3s/tags \ 24 - | jq -r "map(select(.name == \"${LATEST_TAG_NAME}\")) | .[0] | .commit.sha") 25 - 26 - K3S_REPO_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/k3s-io/k3s/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz) 27 - 28 - FILE_SCRIPTS_DOWNLOAD=${WORKDIR}/scripts-download 29 - curl --silent -f https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/download > $FILE_SCRIPTS_DOWNLOAD 30 - 31 - FILE_SCRIPTS_VERSION=${WORKDIR}/scripts-version.sh 32 - curl --silent -f https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/version.sh > $FILE_SCRIPTS_VERSION 33 - 34 - FILE_TRAEFIK_MANIFEST=${WORKDIR}/traefik.yml 35 - curl --silent -f -o "$FILE_TRAEFIK_MANIFEST" https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/manifests/traefik.yaml 36 - 37 - CHART_FILES=( $(yq eval --no-doc .spec.chart "$FILE_TRAEFIK_MANIFEST" | xargs -n1 basename) ) 38 - # These files are: 39 - # 1. traefik-crd-20.3.1+up20.3.0.tgz 40 - # 2. traefik-20.3.1+up20.3.0.tgz 41 - # at the time of writing 42 - 43 - if [[ "${#CHART_FILES[@]}" != "2" ]]; then 44 - echo "New manifest charts added, the packaging scripts will need to be updated: ${CHART_FILES}" 45 - exit 1 46 - fi 47 - 48 - CHARTS_URL=https://k3s.io/k3s-charts/assets 49 - # Get metadata for both files 50 - rm -f chart-versions.nix.update 51 - cat > chart-versions.nix.update <<EOF 52 - { 53 - traefik-crd = { 54 - url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}"; 55 - sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")"; 56 - }; 57 - traefik = { 58 - url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}"; 59 - sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")"; 60 - }; 61 - } 62 - EOF 63 - mv chart-versions.nix.update chart-versions.nix 64 - 65 - FILE_GO_MOD=${WORKDIR}/go.mod 66 - curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/go.mod > $FILE_GO_MOD 67 - 68 - 69 - K3S_ROOT_VERSION=$(grep 'VERSION_ROOT=' ${FILE_SCRIPTS_VERSION} \ 70 - | cut -d'=' -f2 | sed -e 's/"//g' -e 's/^v//') 71 - K3S_ROOT_SHA256=$(nix-prefetch-url --quiet --unpack \ 72 - "https://github.com/k3s-io/k3s-root/releases/download/v${K3S_ROOT_VERSION}/k3s-root-amd64.tar") 73 - 74 - CNIPLUGINS_VERSION=$(grep 'VERSION_CNIPLUGINS=' ${FILE_SCRIPTS_VERSION} \ 75 - | cut -d'=' -f2 | sed -e 's/"//g' -e 's/^v//') 76 - CNIPLUGINS_SHA256=$(nix-prefetch-url --quiet --unpack \ 77 - "https://github.com/rancher/plugins/archive/refs/tags/v${CNIPLUGINS_VERSION}.tar.gz") 78 - 79 - CONTAINERD_VERSION=$(grep 'VERSION_CONTAINERD=' ${FILE_SCRIPTS_VERSION} \ 80 - | cut -d'=' -f2 | sed -e 's/"//g' -e 's/^v//') 81 - CONTAINERD_SHA256=$(nix-prefetch-url --quiet --unpack \ 82 - "https://github.com/k3s-io/containerd/archive/refs/tags/v${CONTAINERD_VERSION}.tar.gz") 83 - 84 - CRI_CTL_VERSION=$(grep github.com/kubernetes-sigs/cri-tools ${FILE_GO_MOD} \ 85 - | head -n1 | awk '{print $4}' | sed -e 's/"//g' -e 's/^v//') 86 - 87 - setKV () { 88 - sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" ${NIXPKGS_K3S_PATH}default.nix 89 - } 90 - 91 - setKV k3sVersion ${K3S_VERSION} 92 - setKV k3sCommit ${K3S_COMMIT} 93 - setKV k3sRepoSha256 ${K3S_REPO_SHA256} 94 - 95 - setKV k3sRootVersion ${K3S_ROOT_VERSION} 96 - setKV k3sRootSha256 ${K3S_ROOT_SHA256} 97 - 98 - setKV k3sCNIVersion ${CNIPLUGINS_VERSION} 99 - setKV k3sCNISha256 ${CNIPLUGINS_SHA256} 100 - 101 - setKV containerdVersion ${CONTAINERD_VERSION} 102 - setKV containerdSha256 ${CONTAINERD_SHA256} 103 - 104 - setKV criCtlVersion ${CRI_CTL_VERSION} 105 - 106 - set +e 107 - K3S_VENDOR_SHA256=$(nix-prefetch -I nixpkgs=${NIXPKGS_ROOT} "{ sha256 }: (import ${NIXPKGS_ROOT}. {}).k3s.go-modules.overrideAttrs (_: { vendorSha256 = sha256; })") 108 - set -e 109 - 110 - if [ -n "${K3S_VENDOR_SHA256:-}" ]; then 111 - setKV k3sVendorSha256 ${K3S_VENDOR_SHA256} 112 - else 113 - echo "Update failed. K3S_VENDOR_SHA256 is empty." 114 - exit 1 115 - fi 116 - 117 - # `git` flag here is to be used by local maintainers to speed up the bump process 118 - if [ $# -eq 1 ] && [ "$1" = "git" ]; then 119 - OLD_VERSION="$(nix-instantiate --eval -E "with import $NIXPKGS_ROOT. {}; k3s.version or (builtins.parseDrvName k3s.name).version" | tr -d '"')" 120 - git switch -c "package-k3s-${K3S_VERSION}" 121 - git add "$NIXPKGS_K3S_PATH"/default.nix 122 - git commit -m "k3s: ${OLD_VERSION} -> ${K3S_VERSION}" 123 - fi
+14
pkgs/applications/networking/cluster/k3s/1_26/versions.nix
··· 1 + { 2 + k3sVersion = "1.26.5+k3s1"; 3 + k3sCommit = "7cefebeaac7dbdd0bfec131ea7a43a45cb125354"; 4 + k3sRepoSha256 = "0iz8w24lhb3mgwnks79ky4nypdqbjn91zm4nrj1ar3abkb5i8bg3"; 5 + k3sVendorSha256 = "sha256-yPzpt9OZfW7qY9gFgrRVgmk2l9OSMMF85OY79MDCKTs="; 6 + chartVersions = import ./chart-versions.nix; 7 + k3sRootVersion = "0.12.2"; 8 + k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k"; 9 + k3sCNIVersion = "1.2.0-k3s1"; 10 + k3sCNISha256 = "0hzcap4vbl94zsiqc66dlwjgql50gw5g6f0adag0p8yqwcy6vaw2"; 11 + containerdVersion = "1.7.1-k3s1"; 12 + containerdSha256 = "00k7nkclfxwbzcgnn8s7rkrxyn0zpk57nyy18icf23wsj352gfrn"; 13 + criCtlVersion = "1.26.0-rc.0-k3s1"; 14 + }
+5 -17
pkgs/applications/networking/cluster/k3s/builder.nix
··· 21 21 # run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag 22 22 criCtlVersion, 23 23 updateScript ? null, 24 - # multicallContainerd is a temporary variable for migrating k3s versions 25 - # forward, and can be removed once all callers set it. 26 - # It is here so we can update 1.26 and 1.27 independently, but they'll both migrate to this. 27 - # This variable controls whether we build with containerd as a separate 28 - # binary, or as a k3s multicall. Upstream k3s changed this in 1.27.2 and 29 - # 1.26.5. See https://github.com/k3s-io/k3s/issues/7419 for more context 30 - multicallContainerd ? false, 31 24 }: 32 25 33 26 # builder.nix contains a "builder" expression that, given k3s version and hash ··· 193 186 subPackages = [ "cmd/server" ]; 194 187 ldflags = versionldflags; 195 188 196 - tags = [ "libsqlite3" "linux" ] ++ lib.optional multicallContainerd "ctrd"; 189 + tags = [ "ctrd" "libsqlite3" "linux" ]; 197 190 198 191 # create the multicall symlinks for k3s 199 192 postInstall = '' 200 193 mv $out/bin/server $out/bin/k3s 201 194 pushd $out 202 195 # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113 196 + ln -s k3s ./bin/containerd 203 197 ln -s k3s ./bin/crictl 204 198 ln -s k3s ./bin/ctr 205 199 ln -s k3s ./bin/k3s-agent ··· 210 204 ln -s k3s ./bin/k3s-server 211 205 ln -s k3s ./bin/k3s-token 212 206 ln -s k3s ./bin/kubectl 213 - '' + lib.optionalString multicallContainerd '' 214 - # for the multicall binary, also do containerd per 215 - # https://github.com/k3s-io/k3s/blob/v1.27.2%2Bk3s1/scripts/build#L136-L146 216 - ln -s k3s ./bin/containerd 217 - '' + '' 218 207 popd 219 208 ''; 220 209 ··· 222 211 description = "The various binaries that get packaged into the final k3s binary"; 223 212 }; 224 213 }; 225 - # For the multicall binary, only used for the shim 214 + # Only used for the shim since 226 215 # https://github.com/k3s-io/k3s/blob/v1.27.2%2Bk3s1/scripts/build#L153 227 216 k3sContainerd = buildGoModule { 228 217 pname = "k3s-containerd"; ··· 235 224 }; 236 225 vendorSha256 = null; 237 226 buildInputs = [ btrfs-progs ]; 238 - subPackages = [ "cmd/containerd-shim-runc-v2" ] ++ lib.optional (!multicallContainerd) "cmd/containerd"; 227 + subPackages = [ "cmd/containerd-shim-runc-v2" ]; 239 228 ldflags = versionldflags; 240 229 }; 241 230 in ··· 243 232 pname = "k3s"; 244 233 version = k3sVersion; 245 234 246 - tags = [ "libsqlite3" "linux" ] ++ lib.optional multicallContainerd "ctrd"; 235 + tags = [ "libsqlite3" "linux" "ctrd" ]; 247 236 src = k3sRepo; 248 237 vendorSha256 = k3sVendorSha256; 249 238 ··· 312 301 rsync -a --no-perms ${k3sServer}/bin/ ./bin/ 313 302 ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni 314 303 ln -vsf ${k3sContainerd}/bin/containerd-shim-runc-v2 ./bin 315 - ${lib.optionalString (!multicallContainerd) "ln -vsf ${k3sContainerd}/bin/containerd ./bin/"} 316 304 rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/ 317 305 mkdir -p ./build/static/charts 318 306
+3 -15
pkgs/applications/networking/cluster/k3s/default.nix
··· 5 5 common = opts: callPackage (k3s_builder opts); 6 6 in 7 7 { 8 - k3s_1_26 = common { 9 - k3sVersion = "1.26.4+k3s1"; 10 - k3sCommit = "8d0255af07e95b841952563253d27b0d10bd72f0"; 11 - k3sRepoSha256 = "0qlszdnlsvj3hzx2p0wl3zhaw908w8a62z6vlf2g69a3c75f55cs"; 12 - k3sVendorSha256 = "sha256-JXTsZYtTspu/pWMRSS2BcegktawBJ6BK7YEKbz1J/ao="; 13 - chartVersions = import ./1_26/chart-versions.nix; 14 - k3sRootVersion = "0.12.1"; 15 - k3sRootSha256 = "0724yx3zk89m2239fmdgwzf9w672pik71xqrvgb7pdmknmmdn9f4"; 16 - k3sCNIVersion = "1.1.1-k3s1"; 17 - k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl"; 18 - containerdVersion = "1.6.19-k3s1"; 19 - containerdSha256 = "12dwqh77wplg30kdi73d90qni23agw2cwxjd2p5lchq86mpmmwwr"; 20 - criCtlVersion = "1.26.0-rc.0-k3s1"; 21 - } { }; 8 + k3s_1_26 = common ((import ./1_26/versions.nix) // { 9 + updateScript = [ ./update-script.sh "26" ]; 10 + }) { }; 22 11 23 12 # 1_27 can be built with the same builder as 1_26 24 13 k3s_1_27 = common ((import ./1_27/versions.nix) // { 25 - multicallContainerd = true; 26 14 updateScript = [ ./update-script.sh "27" ]; 27 15 }) { }; 28 16 }