From c37a61fd66cae267f019e854e0a15444c9523fdb Mon Sep 17 00:00:00 2001 From: Dustin Nemes <39643802+some-things@users.noreply.github.com> Date: Tue, 20 Aug 2024 23:22:41 -0500 Subject: [PATCH] [release-2.9][backport] feat: embed k8s rpms in container --- Dockerfile | 4 +- Dockerfile.devkit | 27 ++++++++++ ansible/roles/kubeadm/tasks/redhat.yaml | 38 +++++++++++++- ansible/roles/packages/tasks/redhat.yaml | 52 ++++++++++++++++--- bundles/centos7.9/bundle.sh.gotmpl | 1 + bundles/redhat7.9/bundle.sh.gotmpl | 1 + bundles/redhat8.4/bundle.sh.gotmpl | 1 + bundles/redhat8.6/bundle.sh.gotmpl | 9 +++- bundles/redhat8.6/packages.txt.gotmpl | 4 +- bundles/redhat8.8/bundle.sh.gotmpl | 9 +++- bundles/redhat8.8/packages.txt.gotmpl | 4 +- bundles/rocky9.1/bundle.sh.gotmpl | 2 +- bundles/rocky9.1/packages.txt.gotmpl | 4 +- bundles/ubuntu20.04/bundle.sh.gotmpl | 1 + .../cmd/create-package-bundle.go | 23 +++++--- 15 files changed, 155 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index 653b57080..59eaf9927 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,8 +31,8 @@ ARG BUILDARCH # we copy this to remote hosts to execute GOSS # Packer copies /usr/local/bin/goss-amd64 from this container to the remote host COPY --from=devkit /usr/local/bin/goss-amd64 /usr/local/bin/goss-amd64 - -COPY --from=devkit /opt/amazon-ssm-agent.rpm /opt/amazon-ssm-agent.rpm +COPY --from=devkit /opt/*.rpm /opt +COPY --from=devkit /opt/d2iq-sign-authority-gpg-public-key /opt/d2iq-sign-authority-gpg-public-key # we copy this to remote hosts to execute mindthegap so its always amd64 COPY --from=devkit /usr/local/bin/mindthegap /usr/local/bin/ diff --git a/Dockerfile.devkit b/Dockerfile.devkit index 002b7dbc6..778ec1634 100644 --- a/Dockerfile.devkit +++ b/Dockerfile.devkit @@ -79,6 +79,33 @@ RUN chmod +rx /usr/local/bin/goss-amd64 ARG BUILDARCH RUN ln -s /usr/local/bin/goss-${BUILDARCH} /usr/local/bin/goss RUN curl -o /opt/amazon-ssm-agent.rpm https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm +COPY ansible ansible +# Fetch nokmem rpms +RUN \ + export KUBERNETES_VERSION=$(awk -F': ' '/kubernetes_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '2p' | xargs) && \ + echo ${KUBERNETES_VERSION} && \ + curl -o /opt/kubectl-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubectl-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + curl -o /opt/kubeadm-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubeadm-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + curl -o /opt/kubelet-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubelet-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + export CRICTL_TOOLS_VERSION="$(echo ${KUBERNETES_VERSION} | cut -d. -f1-2).0" && \ + curl -o /opt/cri-tools-${CRICTL_TOOLS_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/cri-tools-${CRICTL_TOOLS_VERSION}-0.x86_64.rpm && \ + export CNI_VERSION=$(awk -F': ' '/kubernetes_cni_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '1p' | xargs) && \ + curl -o /opt/kubernetes-cni-${CNI_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubernetes-cni-${CNI_VERSION}-0.x86_64.rpm + + +# Fetch fips rpms +RUN \ + export KUBERNETES_VERSION=$(awk -F': ' '/kubernetes_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '2p' | xargs) && \ + echo ${KUBERNETES_VERSION} && \ + curl -o /opt/kubectl-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubectl-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + curl -o /opt/kubeadm-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubeadm-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + curl -o /opt/kubelet-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubelet-${KUBERNETES_VERSION}-0.x86_64.rpm && \ + export CRICTL_TOOLS_VERSION="$(echo ${KUBERNETES_VERSION} | cut -d. -f1-2).0" && \ + curl -o /opt/cri-tools-${CRICTL_TOOLS_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/cri-tools-${CRICTL_TOOLS_VERSION}-0.x86_64.rpm && \ + export CNI_VERSION=$(awk -F': ' '/kubernetes_cni_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '1p' | xargs) && \ + curl -o /opt/kubernetes-cni-${CNI_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubernetes-cni-${CNI_VERSION}-0.x86_64.rpm + +RUN curl -o /opt/d2iq-sign-authority-gpg-public-key https://packages.d2iq.com/konvoy/stable/linux/repos/d2iq-sign-authority-gpg-public-key COPY --from=packer-amd64 /bin/packer /usr/local/bin/packer-amd64 COPY --from=packer-arm64 /bin/packer /usr/local/bin/packer-arm64 diff --git a/ansible/roles/kubeadm/tasks/redhat.yaml b/ansible/roles/kubeadm/tasks/redhat.yaml index 2fed46b13..82d96d161 100644 --- a/ansible/roles/kubeadm/tasks/redhat.yaml +++ b/ansible/roles/kubeadm/tasks/redhat.yaml @@ -14,9 +14,43 @@ not 'kubeadm-' + package_versions.kubernetes_rpm in exportedversionlocklist.stdout )" +- block: + - name: copy cri-tools rpm + copy: + src: "/opt/{{ 'cri-tools-' + critools_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + dest: "/opt/{{ 'cri-tools-' + critools_rpm }}.rpm" + + - name: install cri-tools rpm package + yum: + name: "/opt/{{ 'cri-tools-' + critools_rpm }}.rpm" + state: present + update_cache: true + enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" + disablerepo: "{{ '*' if offline_mode_enabled else '' }}" + register: result + until: result is success + retries: 3 + delay: 3 + +# If the rpms for the kubernetes version provided by the customer +# exists on the current container, we should copy it to the remote +# and install it with the file. +- name: check kubeadm rpm exists for provided version + stat: + path: "/opt/{{ 'kubeadm-' + package_versions.kubernetes_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + delegate_to: localhost + register: haslocalkubeadm + become: false + +- name: copy kubeadm rpm + copy: + src: "/opt/{{ 'kubeadm-' + package_versions.kubernetes_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + dest: "/opt/{{ 'kubeadm-' + package_versions.kubernetes_rpm }}.rpm" + when: haslocalkubeadm.stat.exists + - name: install kubeadm rpm package yum: - name: "{{ 'kubeadm-' + package_versions.kubernetes_rpm }}" + name: "{{ '/opt/' if haslocalkubeadm.stat.exists }}{{ 'kubeadm-' + package_versions.kubernetes_rpm }}{{ '.rpm' if haslocalkubeadm.stat.exists }}" state: present update_cache: true enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" @@ -34,4 +68,4 @@ changed_when: | 'command_result.stdout is regex(".*versionlock added: [1-9]+.*")' when: - - versionlock_plugin_enabled + - versionlock_plugin_enabled \ No newline at end of file diff --git a/ansible/roles/packages/tasks/redhat.yaml b/ansible/roles/packages/tasks/redhat.yaml index d15597aff..76ab29715 100644 --- a/ansible/roles/packages/tasks/redhat.yaml +++ b/ansible/roles/packages/tasks/redhat.yaml @@ -65,9 +65,47 @@ - versionlock_plugin_enabled - item in exportedversionlocklist.stdout +# If the rpms for the kubernetes version provided by the customer +# exists on the current container, we should copy it to the remote +# and install it with the file. +- name: check kubernetes rpms exist for provided version + stat: + path: "/opt/{{ 'kubectl-' + package_versions.kubernetes_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + delegate_to: localhost + register: haslocalk8srpms + become: false + +- block: + - name: copy gpg key + copy: + src: /opt/d2iq-sign-authority-gpg-public-key + dest: /opt/d2iq-sign-authority-gpg-public-key + + - name: import key + ansible.builtin.rpm_key: + state: present + key: /opt/d2iq-sign-authority-gpg-public-key + + - name: copy kubectl rpm + copy: + src: "/opt/{{ 'kubectl-' + package_versions.kubernetes_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + dest: "/opt/{{ 'kubectl-' + package_versions.kubernetes_rpm }}.rpm" + + - name: copy kubernetes_cni rpm + copy: + src: "/opt/{{ 'kubernetes-cni-' + kubernetes_cni_version }}-0{{ '-fips' if fips.enabled else '' }}.rpm" + dest: "/opt/{{ 'kubernetes-cni-' + kubernetes_cni_version }}-0.rpm" + + - name: copy kubelet rpm + copy: + src: "/opt/{{ 'kubelet-' + package_versions.kubernetes_rpm }}{{ '-fips' if fips.enabled else '' }}.rpm" + dest: "/opt/{{ 'kubelet-' + package_versions.kubernetes_rpm }}.rpm" + when: + - haslocalk8srpms.stat.exists + - name: install kubectl rpm package yum: - name: "{{ 'kubectl-' + package_versions.kubernetes_rpm }}" + name: "{{ '/opt/' if haslocalk8srpms.stat.exists }}{{ 'kubectl-' + package_versions.kubernetes_rpm }}{{ '.rpm' if haslocalk8srpms.stat.exists }}" state: present update_cache: true enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" @@ -77,15 +115,17 @@ retries: 3 delay: 3 -- name: install kubelet rpm package +- name: install kubernetes_cni and kubelet rpm packages yum: - name: "{{ 'kubelet-' + package_versions.kubernetes_rpm }}" + name: + - "{{ '/opt/' if haslocalk8srpms.stat.exists }}{{ 'kubernetes-cni-' + kubernetes_cni_version }}-0{{ '.rpm' if haslocalk8srpms.stat.exists }}" + - "{{ '/opt/' if haslocalk8srpms.stat.exists }}{{ 'kubelet-' + package_versions.kubernetes_rpm }}{{ '.rpm' if haslocalk8srpms.stat.exists }}" state: present update_cache: true enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}" disablerepo: "{{ '*' if offline_mode_enabled else '' }}" - register: kubelet_installation_rpm - until: kubelet_installation_rpm is success + register: installation_rpm + until: installation_rpm is success retries: 3 delay: 3 @@ -100,4 +140,4 @@ changed_when: > 'command_result.stdout is regex(".*versionlock added: [1-9]+.*")' when: - - versionlock_plugin_enabled + - versionlock_plugin_enabled \ No newline at end of file diff --git a/bundles/centos7.9/bundle.sh.gotmpl b/bundles/centos7.9/bundle.sh.gotmpl index 5df13d64b..74d7cc7b2 100755 --- a/bundles/centos7.9/bundle.sh.gotmpl +++ b/bundles/centos7.9/bundle.sh.gotmpl @@ -12,6 +12,7 @@ echo skip_missing_names_on_install=False >> /etc/yum.conf yum -y install epel-release gettext yum-utils createrepo yum clean all TMP_DIR="$(mktemp -d repodata-XXXX)" +chmod 777 -R "${TMP_DIR}" cp packages.txt "${TMP_DIR}" pushd "${TMP_DIR}" #shellcheck disable=SC2046 diff --git a/bundles/redhat7.9/bundle.sh.gotmpl b/bundles/redhat7.9/bundle.sh.gotmpl index 56681855f..7c0b1a2a3 100755 --- a/bundles/redhat7.9/bundle.sh.gotmpl +++ b/bundles/redhat7.9/bundle.sh.gotmpl @@ -58,6 +58,7 @@ subscription-manager repos --enable=rhel-7-server-extras-rpms yum -y install createrepo gettext yum-utils https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum clean all TMP_DIR="$(mktemp -d repodata-XXXX)" +chmod 777 -R "${TMP_DIR}" cp packages.txt "${TMP_DIR}" pushd "${TMP_DIR}" #shellcheck disable=SC2046 diff --git a/bundles/redhat8.4/bundle.sh.gotmpl b/bundles/redhat8.4/bundle.sh.gotmpl index a97baca52..71fe2a8ac 100755 --- a/bundles/redhat8.4/bundle.sh.gotmpl +++ b/bundles/redhat8.4/bundle.sh.gotmpl @@ -51,6 +51,7 @@ subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms yum --disablerepo=appstream-centos -y install gettext yum-utils createrepo dnf-utils yum clean all TMP_DIR="$(mktemp -d repodata-XXXX)" +chmod 777 -R "${TMP_DIR}" cp packages.txt "${TMP_DIR}" pushd "${TMP_DIR}" #shellcheck disable=SC2046,SC2062,SC2063,SC2035 diff --git a/bundles/redhat8.6/bundle.sh.gotmpl b/bundles/redhat8.6/bundle.sh.gotmpl index 11411f079..3e2efe36b 100755 --- a/bundles/redhat8.6/bundle.sh.gotmpl +++ b/bundles/redhat8.6/bundle.sh.gotmpl @@ -55,7 +55,7 @@ if [[ -z "${SKIP_SUBSCRIPTION_MANAGER}" ]]; then subscription-manager refresh subscription::defer_unregister - ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms" + ENABLED_REPOS="codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms" EUS_REPOS=${EUS_REPOS:-""} if [[ -n "${EUS_REPOS}" ]]; then #disables the standard repositories which should not be enabled when using EUS @@ -63,7 +63,7 @@ if [[ -z "${SKIP_SUBSCRIPTION_MANAGER}" ]]; then subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms subscription-manager repos --enable rhel-8-for-x86_64-appstream-eus-rpms subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-eus-rpms - ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms" + ENABLED_REPOS="codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms" else subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms @@ -73,6 +73,11 @@ else echo "Bypassing subscription-manager and upstream RHEL repositories due to --skip-subscription-manager being set to true." fi +KUBERNETES_REPOS=${KUBERNETES_REPOS:-""} +if [[ -n "${KUBERNETES_REPOS}" ]]; then + ENABLED_REPOS="${ENABLED_REPOS},kubernetes" +fi + if [[ -f /etc/yum.repos.d/user-repos.repo ]]; then USER_REPOS="$(awk -F '[][]' '/^\[.*\]/ {print $2}' /etc/yum.repos.d/user-repos.repo | paste -sd, -)" if [[ -n "${ENABLED_REPOS}" ]] && [[ -n "${USER_REPOS}" ]]; then diff --git a/bundles/redhat8.6/packages.txt.gotmpl b/bundles/redhat8.6/packages.txt.gotmpl index 89197c37a..f44fda428 100644 --- a/bundles/redhat8.6/packages.txt.gotmpl +++ b/bundles/redhat8.6/packages.txt.gotmpl @@ -15,16 +15,18 @@ yum-utils cloud-init cloud-utils-growpart container-selinux +{{ if .FetchKubernetesRPMs -}} kubectl-{{ .KubernetesVersion }}-0 kubelet-{{ .KubernetesVersion }}-0 kubeadm-{{ .KubernetesVersion }}-0 +cri-tools +{{- end }} conntrack ebtables ethtool iproute iptables socat -cri-tools gcc make elfutils-libelf-devel diff --git a/bundles/redhat8.8/bundle.sh.gotmpl b/bundles/redhat8.8/bundle.sh.gotmpl index 6063d9fb8..b74df65ea 100755 --- a/bundles/redhat8.8/bundle.sh.gotmpl +++ b/bundles/redhat8.8/bundle.sh.gotmpl @@ -55,7 +55,7 @@ if [[ -z "${SKIP_SUBSCRIPTION_MANAGER}" ]]; then subscription-manager refresh subscription::defer_unregister - ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms" + ENABLED_REPOS="codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms" EUS_REPOS=${EUS_REPOS:-""} if [[ -n "${EUS_REPOS}" ]]; then #disables the standard repositories which should not be enabled when using EUS @@ -63,7 +63,7 @@ if [[ -z "${SKIP_SUBSCRIPTION_MANAGER}" ]]; then subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms subscription-manager repos --enable rhel-8-for-x86_64-appstream-eus-rpms subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-eus-rpms - ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms" + ENABLED_REPOS="codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms" else subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms @@ -73,6 +73,11 @@ else echo "Bypassing subscription-manager and upstream RHEL repositories due to --skip-subscription-manager being set to true." fi +KUBERNETES_REPOS=${KUBERNETES_REPOS:-""} +if [[ -n "${KUBERNETES_REPOS}" ]]; then + ENABLED_REPOS="${ENABLED_REPOS},kubernetes" +fi + if [[ -f /etc/yum.repos.d/user-repos.repo ]]; then USER_REPOS="$(awk -F '[][]' '/^\[.*\]/ {print $2}' /etc/yum.repos.d/user-repos.repo | paste -sd, -)" if [[ -n "${ENABLED_REPOS}" ]] && [[ -n "${USER_REPOS}" ]]; then diff --git a/bundles/redhat8.8/packages.txt.gotmpl b/bundles/redhat8.8/packages.txt.gotmpl index 62edd8f8c..0157e9fb8 100644 --- a/bundles/redhat8.8/packages.txt.gotmpl +++ b/bundles/redhat8.8/packages.txt.gotmpl @@ -15,16 +15,18 @@ yum-utils cloud-init cloud-utils-growpart container-selinux +{{ if .FetchKubernetesRPMs -}} kubectl-{{ .KubernetesVersion }}-0 kubelet-{{ .KubernetesVersion }}-0 kubeadm-{{ .KubernetesVersion }}-0 +cri-tools +{{- end }} conntrack ebtables ethtool iproute iptables socat -cri-tools gcc make libseccomp diff --git a/bundles/rocky9.1/bundle.sh.gotmpl b/bundles/rocky9.1/bundle.sh.gotmpl index 7b6321ff0..da92aa6cb 100755 --- a/bundles/rocky9.1/bundle.sh.gotmpl +++ b/bundles/rocky9.1/bundle.sh.gotmpl @@ -8,6 +8,7 @@ echo skip_missing_names_on_install=False >> /etc/yum.conf yum -y install epel-release gettext yum-utils createrepo dnf-utils yum clean all TMP_DIR="$(mktemp -d repodata-XXXX)" +chmod 777 -R "${TMP_DIR}" cp packages.txt "${TMP_DIR}" pushd "${TMP_DIR}" #shellcheck disable=SC2046 @@ -15,7 +16,6 @@ repoquery --archlist=x86_64,noarch --resolve --requires --recursive $(< packag #shellcheck disable=SC2046 yumdownloader --archlist=x86_64,noarch -x \*i686 $(< packages.txt) rm packages.txt -curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm createrepo -v . && chown -R 1000:1000 repodata/ #shellcheck disable=SC1083,SC2035 tar -czf {{ .OutputDirectory }}/{{ .KubernetesVersion }}_rocky_9.1_x86_64.tar.gz * diff --git a/bundles/rocky9.1/packages.txt.gotmpl b/bundles/rocky9.1/packages.txt.gotmpl index c20daf350..85472e688 100644 --- a/bundles/rocky9.1/packages.txt.gotmpl +++ b/bundles/rocky9.1/packages.txt.gotmpl @@ -15,16 +15,18 @@ yum-utils cloud-init cloud-utils-growpart container-selinux +{{ if .FetchKubernetesRPMs -}} kubectl-{{ .KubernetesVersion }}-0 kubelet-{{ .KubernetesVersion }}-0 kubeadm-{{ .KubernetesVersion }}-0 +cri-tools +{{- end }} conntrack ebtables ethtool iproute iptables socat -cri-tools gcc libseccomp nfs-utils diff --git a/bundles/ubuntu20.04/bundle.sh.gotmpl b/bundles/ubuntu20.04/bundle.sh.gotmpl index f38b7f625..324e48539 100644 --- a/bundles/ubuntu20.04/bundle.sh.gotmpl +++ b/bundles/ubuntu20.04/bundle.sh.gotmpl @@ -24,6 +24,7 @@ sed -i 's/cri-tools/cri-tools='"{{ .CRIToolsVersion }}-${DEB_PATCH_VERSION}"'/' sed -i 's/cloud-init/cloud-init='"23.1.2-0ubuntu0~20.04.2"'/' /tmp/packages TMP_DIR="$(mktemp -d repodata-XXXX)" +chmod 777 -R "${TMP_DIR}" pushd "${TMP_DIR}" #shellcheck disable=SC2046 apt-get download $(< /tmp/packages) diff --git a/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go b/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go index c28a03325..73f0c881d 100644 --- a/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go +++ b/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go @@ -170,17 +170,23 @@ func (r *Runner) CreatePackageBundle(args []string) error { return err } } + fetchKubernetesRPMs := true kubernetesVersion := kubernetesVersionFlag if kubernetesVersion == "" { kubernetesVersion, err = getKubernetesVerisonFromAnsible() if err != nil { return err } + // if we are getting the default version from ansible, we don't need to modify this. + fetchKubernetesRPMs = false } if eusReposFlag { //nolint:goconst // it is ok to not use const here r.env["EUS_REPOS"] = "true" } + if fetchKubernetesRPMs { + r.env["KUBERNETES_REPOS"] = "true" + } if satelliteFlag != "" { r.env["SATELLITE_SERVER_URL"] = satelliteFlag } @@ -194,7 +200,7 @@ func (r *Runner) CreatePackageBundle(args []string) error { dir := r.workingDir absPathToOutput = path.Join(dir, outputDirectoy) } - reposList, err := templateObjects(osFlag, kubernetesVersion, absPathToOutput, fipsFlag, fetchKernelHeaders) + reposList, err := templateObjects(osFlag, kubernetesVersion, absPathToOutput, fipsFlag, fetchKernelHeaders, fetchKubernetesRPMs) if err != nil { return err } @@ -209,7 +215,7 @@ func (r *Runner) CreatePackageBundle(args []string) error { } //nolint:gocyclo,funlen // the function is relatively clear -func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool, fetchKernelHeaders bool) ([]string, error) { +func templateObjects(targetOS, kubernetesVersion, outputDir string, fips, fetchKernelHeaders, fetchKubernetesRPMs bool) ([]string, error) { config, found := osToConfig[targetOS] if !found { return nil, fmt.Errorf("buildOS %s is invalid must be one of %v", targetOS, getKeys(osToConfig)) @@ -259,7 +265,8 @@ func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool, f } //nolint:nestif // this if is not nested - if strings.Contains(filepath, "kubernetes.repo.gotmpl") { + if strings.Contains(filepath, "kubernetes.repo.gotmpl") && fetchKubernetesRPMs { + fmt.Printf("fetchKubernetesRPMs is %v", fetchKubernetesRPMs) kubernetesRepoTmpl, err := os.ReadFile(path.Join(base, filepath)) if err != nil { return fmt.Errorf("failed to read template kubernetes repo file %w", err) @@ -304,11 +311,13 @@ func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool, f return fmt.Errorf("failed to create file: %w", err) } templateInput := struct { - KubernetesVersion string - FetchKernelHeaders bool + KubernetesVersion string + FetchKernelHeaders bool + FetchKubernetesRPMs bool }{ - KubernetesVersion: kubernetesVersion, - FetchKernelHeaders: fetchKernelHeaders, + KubernetesVersion: kubernetesVersion, + FetchKernelHeaders: fetchKernelHeaders, + FetchKubernetesRPMs: fetchKubernetesRPMs, } err = t.Execute(out, templateInput) if err != nil {