From d8a5a620da8e1cae5348ede15cd244705e02598c Mon Sep 17 00:00:00 2001 From: Zheng Junyi Date: Thu, 30 May 2024 18:24:31 +0800 Subject: rke2: update and release packages by official release channels (#315599) Get the legal go version from the k8s project. Use the `buildGoModule` compilation package instead of patching the build script. Add documents to explain Release Channels and support strategies. Increase the metadata `eol` (End of Life) to mark the life cycle of the package. --- .../applications/networking/cluster/rke2/README.md | 25 ++++++ .../networking/cluster/rke2/builder.nix | 99 ++++++++++++++++++++++ .../networking/cluster/rke2/default.nix | 96 ++++----------------- .../networking/cluster/rke2/latest/versions.nix | 14 +++ .../networking/cluster/rke2/stable/versions.nix | 14 +++ .../networking/cluster/rke2/testing/versions.nix | 14 +++ .../networking/cluster/rke2/update-script.sh | 86 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 10 ++- 8 files changed, 279 insertions(+), 79 deletions(-) create mode 100644 pkgs/applications/networking/cluster/rke2/README.md create mode 100644 pkgs/applications/networking/cluster/rke2/builder.nix create mode 100644 pkgs/applications/networking/cluster/rke2/latest/versions.nix create mode 100644 pkgs/applications/networking/cluster/rke2/stable/versions.nix create mode 100644 pkgs/applications/networking/cluster/rke2/testing/versions.nix create mode 100755 pkgs/applications/networking/cluster/rke2/update-script.sh diff --git a/pkgs/applications/networking/cluster/rke2/README.md b/pkgs/applications/networking/cluster/rke2/README.md new file mode 100644 index 0000000000000..f7a12677db965 --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/README.md @@ -0,0 +1,25 @@ +# RKE2 Version + +RKE2, Kubernetes, and other clustered software has the property of not being able to update atomically. Most software in nixpkgs, like for example bash, can be updated as part of a `nixos-rebuild switch` without having to worry about the old and the new bash interacting in some way. + +> [!NOTE] +> Upgrade the server nodes first, one at a time. Once all servers have been upgraded, you may then upgrade agent nodes. + +## Release Channels + +RKE2 has there own release channels, which are: `stable`, `latest` and `testing`. + +The `stable` channel is the default channel and is recommended for production use. The `latest` channel is the latest stable release. The `testing` channel is the latest release, including pre-releases. + +| Channel | Description | +| --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `stable` | **(Default)** Stable is recommended for production environments. These releases have been through a period of community hardening, and are compatible with the most recent release of Rancher. | +| `latest` | Latest is recommended for trying out the latest features. These releases have not yet been through a period of community hardening, and may not be compatible with Rancher. | +| `testing` | The most recent release, including pre-releases. | + +Learn more about the [RKE2 release channels](https://docs.rke2.io/upgrade/manual_upgrade). + +For an exhaustive and up-to-date list of channels, you can visit the [rke2 channel service API](https://update.rke2.io/v1-release/channels). For more technical details on how channels work, you can see the [channelserver project](https://github.com/rancher/channelserver). + +> [!TIP] +> When attempting to upgrade to a new version of RKE2, the [Kubernetes version skew policy](https://kubernetes.io/docs/setup/release/version-skew-policy) applies. Ensure that your plan does not skip intermediate minor versions when upgrading. Nothing in the upgrade process will protect against unsupported changes to the Kubernetes version. diff --git a/pkgs/applications/networking/cluster/rke2/builder.nix b/pkgs/applications/networking/cluster/rke2/builder.nix new file mode 100644 index 0000000000000..d2771c114f8c0 --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/builder.nix @@ -0,0 +1,99 @@ +lib: { rke2Version, rke2RepoSha256, rke2VendorHash, updateScript + +, rke2Commit, k8sImageTag, etcdVersion, pauseVersion, ccmVersion, dockerizedVersion, ... }: + +{ lib, stdenv, buildGoModule, go, fetchgit, makeWrapper + +# Runtime dependencies +, procps, coreutils, util-linux, ethtool, socat, iptables, bridge-utils, iproute2, kmod, lvm2 + +# Testing dependencies +, nixosTests, testers, rke2 +}: + +buildGoModule rec { + pname = "rke2"; + version = rke2Version; + + src = fetchgit { + url = "https://github.com/rancher/rke2.git"; + rev = "v${version}"; + sha256 = rke2RepoSha256; + }; + + vendorHash = rke2VendorHash; + + nativeBuildInputs = [ makeWrapper ]; + + # Important utilities used by the kubelet. + # See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494 + # Notice the list in that issue is stale, but as a redundancy reservation. + buildInputs = [ + procps # pidof pkill + coreutils # uname touch env nice du + util-linux # lsblk fsck mkfs nsenter mount umount + ethtool # ethtool + socat # socat + iptables # iptables iptables-restore iptables-save + bridge-utils # brctl + iproute2 # ip tc + kmod # modprobe + lvm2 # dmsetup + ]; + + # See: https://github.com/rancher/rke2/blob/e7f87c6dd56fdd76a7dab58900aeea8946b2c008/scripts/build-binary#L27-L38 + ldflags = [ + "-w" + "-X github.com/k3s-io/k3s/pkg/version.GitCommit=${lib.substring 0 6 rke2Commit}" + "-X github.com/k3s-io/k3s/pkg/version.Program=${pname}" + "-X github.com/k3s-io/k3s/pkg/version.Version=v${version}" + "-X github.com/k3s-io/k3s/pkg/version.UpstreamGolang=go${go.version}" + "-X github.com/rancher/rke2/pkg/images.DefaultRegistry=docker.io" + "-X github.com/rancher/rke2/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${etcdVersion}-build20240418" + "-X github.com/rancher/rke2/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${k8sImageTag}" + "-X github.com/rancher/rke2/pkg/images.DefaultPauseImage=rancher/mirrored-pause:${pauseVersion}" + "-X github.com/rancher/rke2/pkg/images.DefaultRuntimeImage=rancher/rke2-runtime:${dockerizedVersion}" + "-X github.com/rancher/rke2/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${ccmVersion}" + ]; + + tags = [ + "no_cri_dockerd" + "no_embedded_executor" + "no_stage" + "sqlite_omit_load_extension" + "selinux" + "netgo" + "osusergo" + ]; + + subPackages = [ "." ]; + + installPhase = '' + install -D $GOPATH/bin/rke2 $out/bin/rke2 + wrapProgram $out/bin/rke2 \ + --prefix PATH : ${lib.makeBinPath buildInputs} + ''; + + doCheck = false; + + passthru.updateScript = updateScript; + + passthru.tests = { + version = testers.testVersion { + package = rke2; + version = "v${version}"; + }; + } // lib.optionalAttrs stdenv.isLinux { + inherit (nixosTests) rke2; + }; + + meta = with lib; { + homepage = "https://github.com/rancher/rke2"; + description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution."; + changelog = "https://github.com/rancher/rke2/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ zimbatm zygot ]; + mainProgram = "rke2"; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/networking/cluster/rke2/default.nix b/pkgs/applications/networking/cluster/rke2/default.nix index 2ac749148f0f0..fc65ac8694731 100644 --- a/pkgs/applications/networking/cluster/rke2/default.nix +++ b/pkgs/applications/networking/cluster/rke2/default.nix @@ -1,79 +1,19 @@ -{ lib, stdenv, buildGoModule, fetchFromGitHub, makeWrapper, nix-update-script - -# Runtime dependencies -, procps, coreutils, util-linux, ethtool, socat, iptables, bridge-utils, iproute2, kmod, lvm2 - -# Testing dependencies -, nixosTests, testers, rke2 -}: - -buildGoModule rec { - pname = "rke2"; - version = "1.29.0+rke2r1"; - - src = fetchFromGitHub { - owner = "rancher"; - repo = pname; - rev = "v${version}"; - hash = "sha256-E59GUcbnbvsGZYn87RGNrGTVUsydKsjL+C5h15q74p0="; - }; - - vendorHash = "sha256-Og0CqxNnhRN6PdggneGK05uprZ2D7lux/snXcArIm8Q="; - - postPatch = '' - # Patch the build scripts so they work in the Nix build environment. - patchShebangs ./scripts - - # Disable the static build as it breaks. - sed -e 's/STATIC_FLAGS=.*/STATIC_FLAGS=/g' -i scripts/build-binary - ''; - - nativeBuildInputs = [ makeWrapper ]; - - # Important utilities used by the kubelet. - # See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494 - # Notice the list in that issue is stale, but as a redundancy reservation. - buildInputs = [ - procps # pidof pkill - coreutils # uname touch env nice du - util-linux # lsblk fsck mkfs nsenter mount umount - ethtool # ethtool - socat # socat - iptables # iptables iptables-restore iptables-save - bridge-utils # brctl - iproute2 # ip tc - kmod # modprobe - lvm2 # dmsetup - ]; - - buildPhase = '' - DRONE_TAG="v${version}" ./scripts/build-binary - ''; - - installPhase = '' - install -D ./bin/rke2 $out/bin/rke2 - wrapProgram $out/bin/rke2 \ - --prefix PATH : ${lib.makeBinPath buildInputs} - ''; - - passthru.updateScript = nix-update-script { }; - - passthru.tests = { - version = testers.testVersion { - package = rke2; - version = "v${version}"; - }; - } // lib.optionalAttrs stdenv.isLinux { - inherit (nixosTests) rke2; - }; - - meta = with lib; { - homepage = "https://github.com/rancher/rke2"; - description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution."; - changelog = "https://github.com/rancher/rke2/releases/tag/v${version}"; - license = licenses.asl20; - maintainers = with maintainers; [ zimbatm zygot ]; - mainProgram = "rke2"; - platforms = platforms.linux; - }; +{ lib, callPackage, ... }@args: + +let + common = opts: callPackage (import ./builder.nix lib opts); + extraArgs = builtins.removeAttrs args [ "callPackage" ]; +in +{ + rke2_stable = common ((import ./stable/versions.nix) // { + updateScript = [ ./update-script.sh "stable" ]; + }) extraArgs; + + rke2_latest = common ((import ./latest/versions.nix) // { + updateScript = [ ./update-script.sh "latest" ]; + }) extraArgs; + + rke2_testing = common ((import ./testing/versions.nix) // { + updateScript = [ ./update-script.sh "testing" ]; + }) extraArgs; } diff --git a/pkgs/applications/networking/cluster/rke2/latest/versions.nix b/pkgs/applications/networking/cluster/rke2/latest/versions.nix new file mode 100644 index 0000000000000..c1b2695fd9d7a --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/latest/versions.nix @@ -0,0 +1,14 @@ +{ + rke2Version = "1.30.1+rke2r1"; + rke2RepoSha256 = "0jrvvpj9fnlbykyr06w1f92ay708xzaizg8dhg1z4bsq1cdgs33k"; + rke2Commit = "e7f87c6dd56fdd76a7dab58900aeea8946b2c008"; + rke2VendorHash = "sha256-QqV8mSbqa8A5zABHQoVB2jht/eYCoqTZ/WoAqIl9oZY="; + k8sVersion = "v1.30.1"; + k8sImageTag = "v1.30.1-rke2r1-build20240515"; + etcdVersion = "v3.5.9-k3s1"; + pauseVersion = "3.6"; + ccmVersion = "v1.29.3-build20240412"; + dockerizedVersion = "v1.30.1-rke2r1"; + golangVersion = "go1.22.2"; + eol = "2025-06-28"; +} diff --git a/pkgs/applications/networking/cluster/rke2/stable/versions.nix b/pkgs/applications/networking/cluster/rke2/stable/versions.nix new file mode 100644 index 0000000000000..0fd4279226fef --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/stable/versions.nix @@ -0,0 +1,14 @@ +{ + rke2Version = "1.28.10+rke2r1"; + rke2RepoSha256 = "1pbanikvrl6rqrplrpvjc9ym8qq1yrs621gwy99shp0prfw5zvsx"; + rke2Commit = "b0d0d687d98f4fa015e7b30aaf2807b50edcc5d7"; + rke2VendorHash = "sha256-iidkTSrrHyW5ZEouzHAWUwCC9nplGz1v/E9bM2lMPeM="; + k8sVersion = "v1.28.10"; + k8sImageTag = "v1.28.10-rke2r1-build20240514"; + etcdVersion = "v3.5.9-k3s1"; + pauseVersion = "3.6"; + ccmVersion = "v1.29.3-build20240412"; + dockerizedVersion = "v1.28.10-rke2r1"; + golangVersion = "go1.21.9"; + eol = "2024-10-28"; +} diff --git a/pkgs/applications/networking/cluster/rke2/testing/versions.nix b/pkgs/applications/networking/cluster/rke2/testing/versions.nix new file mode 100644 index 0000000000000..c0447324a1122 --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/testing/versions.nix @@ -0,0 +1,14 @@ +{ + rke2Version = "1.30.1-rc3+rke2r1"; + rke2RepoSha256 = "0jrvvpj9fnlbykyr06w1f92ay708xzaizg8dhg1z4bsq1cdgs33k"; + rke2Commit = "e7f87c6dd56fdd76a7dab58900aeea8946b2c008"; + rke2VendorHash = "sha256-QqV8mSbqa8A5zABHQoVB2jht/eYCoqTZ/WoAqIl9oZY="; + k8sVersion = "v1.30.1"; + k8sImageTag = "v1.30.1-rke2r1-build20240515"; + etcdVersion = "v3.5.9-k3s1"; + pauseVersion = "3.6"; + ccmVersion = "v1.29.3-build20240412"; + dockerizedVersion = "v1.30.1-rc3-rke2r1"; + golangVersion = "go1.22.2"; + eol = "2025-06-28"; +} diff --git a/pkgs/applications/networking/cluster/rke2/update-script.sh b/pkgs/applications/networking/cluster/rke2/update-script.sh new file mode 100755 index 0000000000000..608f49bb64903 --- /dev/null +++ b/pkgs/applications/networking/cluster/rke2/update-script.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl git gnugrep gnused yq-go nix-prefetch + +set -x -eu -o pipefail + +CHANNEL_NAME="${1:?Must provide a release channel, like 'stable', as the only argument}" + +mkdir --parents --verbose ./${CHANNEL_NAME} + +LATEST_TAG_NAME=$(curl --silent --fail https://update.rke2.io/v1-release/channels | \ + yq eval ".data[] | select(.id == \"${CHANNEL_NAME}\").latest" - | \ + sort -rV | grep --extended-regexp "^v[0-9]+\.[0-9]+\.[0-9]+" | head -n1) + +RKE2_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') + +RKE2_REPO_SHA256=$(nix-prefetch-url --quiet --unpack \ + https://github.com/rancher/rke2/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz) + +RKE2_COMMIT=$(curl --silent --fail ${GITHUB_TOKEN:+-u ":${GITHUB_TOKEN}"} \ + https://api.github.com/repos/rancher/rke2/git/refs/tags | \ + yq eval ".[] | select(.ref == \"refs/tags/${LATEST_TAG_NAME}\").object.sha" -) + +VERSIONS_SCRIPT=$(mktemp --suffix ".${RKE2_COMMIT:0:6}.sh") +trap "rm --force ${VERSIONS_SCRIPT}" EXIT + +curl --silent --fail --output ${VERSIONS_SCRIPT} \ + https://raw.githubusercontent.com/rancher/rke2/${RKE2_COMMIT}/scripts/version.sh + +set +eu +DRONE_TAG=${LATEST_TAG_NAME} source ${VERSIONS_SCRIPT} +set -eu + +KUBERNETES_CYCLES=$(echo ${KUBERNETES_VERSION} | grep -Eo "[0-9]+\.[0-9]+") +KUBERNETES_EOL=$(curl --silent --fail \ + https://endoflife.date/api/kubernetes/${KUBERNETES_CYCLES}.json | \ + yq eval ".eol" -) + +FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + +cat > ./${CHANNEL_NAME}/versions.nix << EOF +{ + rke2Version = "${RKE2_VERSION}"; + rke2RepoSha256 = "${RKE2_REPO_SHA256}"; + rke2Commit = "${RKE2_COMMIT}"; + rke2VendorHash = "${FAKE_HASH}"; + k8sVersion = "${KUBERNETES_VERSION}"; + k8sImageTag = "${KUBERNETES_IMAGE_TAG}"; + etcdVersion = "${ETCD_VERSION}"; + pauseVersion = "${PAUSE_VERSION}"; + ccmVersion = "${CCM_VERSION}"; + dockerizedVersion = "${DOCKERIZED_VERSION}"; + golangVersion = "${VERSION_GOLANG}"; + eol = "${KUBERNETES_EOL}"; +} +EOF + +NIXPKGS_ROOT=$(git rev-parse --show-toplevel) + +set +e +RKE2_VENDOR_HASH=$(nix-prefetch -I nixpkgs=${NIXPKGS_ROOT} \ + "{ sha256 }: (import ${NIXPKGS_ROOT}/. {}).rke2_${CHANNEL_NAME}.goModules.overrideAttrs (_: { vendorHash = sha256; })") +set -e + +if [ -n "${RKE2_VENDOR_HASH:-}" ]; then + sed -i "s#${FAKE_HASH}#${RKE2_VENDOR_HASH}#g" ./${CHANNEL_NAME}/versions.nix +else + echo "Update failed. 'RKE2_VENDOR_HASH' is empty." + exit 1 +fi + +# Implement commit +# See: https://nixos.org/manual/nixpkgs/stable/#var-passthru-updateScript-commit +OLD_VERSION=$(nix-instantiate --eval -E \ + "with import ${NIXPKGS_ROOT}/. {}; rke2.version or (builtins.parseDrvName rke2.name).version" | \ + tr -d '"') + +cat << EOF +[{ + "attrPath": "rke2_${CHANNEL_NAME}", + "oldVersion": "${OLD_VERSION}", + "newVersion": "${RKE2_VERSION}", + "files": [ + "${PWD}/${CHANNEL_NAME}/versions.nix" + ] +}] +EOF diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d89c5a2f88404..ae7d30e33311e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -34124,7 +34124,15 @@ with pkgs; rke = callPackage ../applications/networking/cluster/rke { }; - rke2 = callPackage ../applications/networking/cluster/rke2 { }; + inherit (callPackage ../applications/networking/cluster/rke2 { + buildGoModule = buildGo121Module; + go = go_1_21; + }) rke2_stable; + inherit (callPackage ../applications/networking/cluster/rke2 { + buildGoModule = buildGo122Module; + go = go_1_22; + }) rke2_latest rke2_testing; + rke2 = rke2_stable; rocketchat-desktop = callPackage ../applications/networking/instant-messengers/rocketchat-desktop { }; -- cgit 1.4.1