mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-24 05:31:31 +00:00
deps: bumping yq to v4.40.7
Since yq frequently updates, let's upgrade to a version from February to bypass potential issues with versions 4.41-4.43 for now. We can always upgrade to the newest version if necessary. Fixes #9354 Depends-on:github.com/kata-containers/tests#5818 Signed-off-by: Beraldo Leal <bleal@redhat.com>
This commit is contained in:
@@ -23,11 +23,11 @@ workdir="$(mktemp -d --tmpdir build-libseccomp.XXXXX)"
|
||||
# Variables for libseccomp
|
||||
libseccomp_version="${LIBSECCOMP_VERSION:-""}"
|
||||
if [ -z "${libseccomp_version}" ]; then
|
||||
libseccomp_version=$(get_from_kata_deps "externals.libseccomp.version")
|
||||
libseccomp_version=$(get_from_kata_deps ".externals.libseccomp.version")
|
||||
fi
|
||||
libseccomp_url="${LIBSECCOMP_URL:-""}"
|
||||
if [ -z "${libseccomp_url}" ]; then
|
||||
libseccomp_url=$(get_from_kata_deps "externals.libseccomp.url")
|
||||
libseccomp_url=$(get_from_kata_deps ".externals.libseccomp.url")
|
||||
fi
|
||||
libseccomp_tarball="libseccomp-${libseccomp_version}.tar.gz"
|
||||
libseccomp_tarball_url="${libseccomp_url}/releases/download/v${libseccomp_version}/${libseccomp_tarball}"
|
||||
@@ -36,11 +36,11 @@ cflags="-O2"
|
||||
# Variables for gperf
|
||||
gperf_version="${GPERF_VERSION:-""}"
|
||||
if [ -z "${gperf_version}" ]; then
|
||||
gperf_version=$(get_from_kata_deps "externals.gperf.version")
|
||||
gperf_version=$(get_from_kata_deps ".externals.gperf.version")
|
||||
fi
|
||||
gperf_url="${GPERF_URL:-""}"
|
||||
if [ -z "${gperf_url}" ]; then
|
||||
gperf_url=$(get_from_kata_deps "externals.gperf.url")
|
||||
gperf_url=$(get_from_kata_deps ".externals.gperf.url")
|
||||
fi
|
||||
gperf_tarball="gperf-${gperf_version}.tar.gz"
|
||||
gperf_tarball_url="${gperf_url}/${gperf_tarball}"
|
||||
|
@@ -16,7 +16,7 @@ die() {
|
||||
# Install via binary download, as we may not have golang installed at this point
|
||||
function install_yq() {
|
||||
local yq_pkg="github.com/mikefarah/yq"
|
||||
local yq_version=3.4.1
|
||||
local yq_version=v4.40.7
|
||||
local precmd=""
|
||||
INSTALL_IN_GOPATH=${INSTALL_IN_GOPATH:-true}
|
||||
|
||||
|
@@ -461,7 +461,7 @@ and repository utilized can be found by looking at the [versions file](../versio
|
||||
Find the correct version of QEMU from the versions file:
|
||||
```bash
|
||||
$ source kata-containers/tools/packaging/scripts/lib.sh
|
||||
$ qemu_version="$(get_from_kata_deps "assets.hypervisor.qemu.version")"
|
||||
$ qemu_version="$(get_from_kata_deps ".assets.hypervisor.qemu.version")"
|
||||
$ echo "${qemu_version}"
|
||||
```
|
||||
Get source from the matching branch of QEMU:
|
||||
|
@@ -35,27 +35,23 @@ $ git clone -b "${nydus_snapshotter_version}" "${nydus_snapshotter_url}" "${nydu
|
||||
2. Configure DaemonSet file
|
||||
```bash
|
||||
$ pushd "$nydus_snapshotter_install_dir"
|
||||
$ yq write -i \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
> 'data.FS_DRIVER' \
|
||||
> "proxy" --style=double
|
||||
$ yq -i \
|
||||
> '.data.FS_DRIVER = "proxy"' -P \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
# Disable to read snapshotter config from configmap
|
||||
$ yq write -i \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
> 'data.ENABLE_CONFIG_FROM_VOLUME' \
|
||||
> "false" --style=double
|
||||
$ yq -i \
|
||||
> 'data.ENABLE_CONFIG_FROM_VOLUME = "false"' -P \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
# Enable to run snapshotter as a systemd service
|
||||
# (skip if you want to run nydus snapshotter as a standalone process)
|
||||
$ yq write -i \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
> 'data.ENABLE_SYSTEMD_SERVICE' \
|
||||
> "true" --style=double
|
||||
$ yq -i \
|
||||
> 'data.ENABLE_SYSTEMD_SERVICE = "true"' -P \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
# Enable "runtime specific snapshotter" feature in containerd when configuring containerd for snapshotter
|
||||
# (skip if you want to configure nydus snapshotter as a global snapshotter in containerd)
|
||||
$ yq write -i \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
> 'data.ENABLE_RUNTIME_SPECIFIC_SNAPSHOTTER' \
|
||||
> "true" --style=double
|
||||
$ yq -i \
|
||||
> 'data.ENABLE_RUNTIME_SPECIFIC_SNAPSHOTTER = "true"' -P \
|
||||
> misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
```
|
||||
|
||||
3. Install `nydus snapshotter` as a DaemonSet
|
||||
|
@@ -44,8 +44,8 @@ $ popd
|
||||
- Build a custom QEMU
|
||||
```bash
|
||||
$ source kata-containers/tools/packaging/scripts/lib.sh
|
||||
$ qemu_url="$(get_from_kata_deps "assets.hypervisor.qemu-snp-experimental.url")"
|
||||
$ qemu_tag="$(get_from_kata_deps "assets.hypervisor.qemu-snp-experimental.tag")"
|
||||
$ qemu_url="$(get_from_kata_deps ".assets.hypervisor.qemu-snp-experimental.url")"
|
||||
$ qemu_tag="$(get_from_kata_deps ".assets.hypervisor.qemu-snp-experimental.tag")"
|
||||
$ git clone "${qemu_url}"
|
||||
$ pushd qemu
|
||||
$ git checkout "${qemu_tag}"
|
||||
|
@@ -27,7 +27,17 @@ ifeq (,$(not_check_version))
|
||||
ifneq (,$(install_yq))
|
||||
$(error "ERROR: install yq failed")
|
||||
endif
|
||||
golang_version_min=$(shell $(GOPATH)/bin/yq r ../../versions.yaml languages.golang.version)
|
||||
|
||||
YQ_VERSION=$(shell $(GOPATH)/bin/yq --version | grep -oE "version v?[0-9]+" | grep -oE "[0-9]+")
|
||||
QUERY="languages.golang.version"
|
||||
|
||||
ifneq (,$(findstring 4,$(YQ_VERSION)))
|
||||
YQ_CMD=$(GOPATH)/bin/yq eval .$(QUERY) ../../versions.yaml
|
||||
else
|
||||
YQ_CMD=$(GOPATH)/bin/yq r ../../versions.yaml $(QUERY)
|
||||
endif
|
||||
|
||||
golang_version_min=$(shell $(YQ_CMD))
|
||||
|
||||
ifeq (,$(golang_version_min))
|
||||
$(error "ERROR: cannot determine minimum golang version")
|
||||
|
@@ -25,7 +25,7 @@ update-yaml:
|
||||
ifndef YQ
|
||||
$(MK_DIR)/../../../../../ci//install_yq.sh
|
||||
endif
|
||||
clh_version=$(shell yq r $(VERSIONS_FILE) assets.hypervisor.cloud_hypervisor.version); \
|
||||
clh_version=$(shell yq .assets.hypervisor.cloud_hypervisor.version $(VERSIONS_FILE)); \
|
||||
curl -OL https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/$$clh_version/vmm/src/api/openapi/cloud-hypervisor.yaml
|
||||
|
||||
clean-generated-code:
|
||||
|
@@ -48,7 +48,7 @@ merge_yaml()
|
||||
[ -n "$out" ] || die "need output file"
|
||||
|
||||
need_yq
|
||||
yq merge "$file1" --append "$file2" > "$out"
|
||||
yq eval-all '. as $item ireduce ({}; . *+ $item)' "$file1" "$file2" > "$out"
|
||||
}
|
||||
|
||||
check_yaml()
|
||||
@@ -58,7 +58,7 @@ check_yaml()
|
||||
[ -n "$file" ] || die "need file to check"
|
||||
|
||||
need_yq
|
||||
yq read "$file" >/dev/null
|
||||
yq "$file" >/dev/null
|
||||
|
||||
[ -z "$(command -v yamllint)" ] && die "need yamllint installed"
|
||||
|
||||
|
@@ -497,11 +497,19 @@ function ensure_yq() {
|
||||
|
||||
# dependency: What we want to get the version from the versions.yaml file
|
||||
function get_from_kata_deps() {
|
||||
local dependency="$1"
|
||||
versions_file="${repo_root_dir}/versions.yaml"
|
||||
|
||||
command -v yq &>/dev/null || die 'yq command is not in your $PATH'
|
||||
result=$("yq" read -X "$versions_file" "$dependency")
|
||||
|
||||
yq_version=$(yq --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | cut -d. -f1)
|
||||
if [ "$yq_version" -eq 3 ]; then
|
||||
dependency=$(echo "$1" | sed "s/^\.//g")
|
||||
result=$("yq" read "$versions_file" "$dependency")
|
||||
else
|
||||
dependency=$1
|
||||
result=$("yq" "$dependency | explode (.)" "$versions_file")
|
||||
fi
|
||||
|
||||
[ "$result" = "null" ] && result=""
|
||||
echo "$result"
|
||||
}
|
||||
@@ -743,7 +751,7 @@ function get_dep_from_yaml_db(){
|
||||
|
||||
"${repo_root_dir}/ci/install_yq.sh" >&2
|
||||
|
||||
result=$("${GOPATH}/bin/yq" r -X "$versions_file" "$dependency")
|
||||
result=$("${GOPATH}/bin/yq" "$dependency" "$versions_file")
|
||||
[ "$result" = "null" ] && result=""
|
||||
echo "$result"
|
||||
}
|
||||
@@ -759,7 +767,7 @@ function get_test_version(){
|
||||
|
||||
db="${cidir}/../versions.yaml"
|
||||
|
||||
get_dep_from_yaml_db "${db}" "${dependency}"
|
||||
get_dep_from_yaml_db "${db}" ".${dependency}"
|
||||
}
|
||||
|
||||
# Load vhost, vhost_net, vhost_vsock modules.
|
||||
|
@@ -29,40 +29,30 @@ setup() {
|
||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
# Enable debug for Kata Containers
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[1].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[1].value = "true"' \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Create the runtime class only for the shim that's being tested
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[2].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[2].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Set the tested hypervisor as the default `kata` shim
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[3].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[3].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Let the `kata-deploy` script take care of the runtime class creation / removal
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[4].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[4].value = "true"' \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Let the `kata-deploy` create the default `kata` runtime class
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[5].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[5].value = "true"' \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[+].name' \
|
||||
"HOST_OS"
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[-1].value' \
|
||||
"${KATA_HOST_OS}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env += [{\"name\": \"HOST_OS\", \"value\": \"${KATA_HOST_OS}\"}]" \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
fi
|
||||
|
||||
echo "::group::Final kata-deploy.yaml that is used in the test"
|
||||
@@ -144,25 +134,21 @@ teardown() {
|
||||
kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod
|
||||
|
||||
# Let the `kata-deploy` script take care of the runtime class creation / removal
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[4].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[4].value = "true"' \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Create the runtime class only for the shim that's being tested
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[2].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[2].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Set the tested hypervisor as the default `kata` shim
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[3].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[3].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Let the `kata-deploy` create the default `kata` runtime class
|
||||
yq write -i \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[5].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[5].value = "true"' \
|
||||
"tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
cat "tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
|
@@ -36,15 +36,15 @@ function install_dependencies() {
|
||||
# - cri-tools
|
||||
# - containerd
|
||||
# - cri-container-cni release tarball already includes CNI plugins
|
||||
cri_tools_version=$(get_from_kata_deps "externals.critools.latest")
|
||||
cri_tools_version=$(get_from_kata_deps ".externals.critools.latest")
|
||||
declare -a github_deps
|
||||
github_deps[0]="cri_tools:${cri_tools_version}"
|
||||
case "${CONTAINER_ENGINE}" in
|
||||
containerd)
|
||||
github_deps[1]="cri_containerd:$(get_from_kata_deps "externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[1]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
|
||||
;;
|
||||
crio)
|
||||
github_deps[1]="cni_plugins:$(get_from_kata_deps "externals.cni-plugins.version")"
|
||||
github_deps[1]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@@ -174,8 +174,8 @@ ${environment}
|
||||
pushd /workspace
|
||||
source tests/common.bash
|
||||
ensure_yq
|
||||
cri_containerd=\$(get_from_kata_deps "externals.containerd.lts")
|
||||
cri_tools=\$(get_from_kata_deps "externals.critools.latest")
|
||||
cri_containerd=\$(get_from_kata_deps ".externals.containerd.lts")
|
||||
cri_tools=\$(get_from_kata_deps ".externals.critools.latest")
|
||||
install_cri_containerd \${cri_containerd}
|
||||
install_cri_tools \${cri_tools}
|
||||
|
||||
|
@@ -127,9 +127,9 @@ function install_kustomize() {
|
||||
fi
|
||||
|
||||
ensure_yq
|
||||
version=$(get_from_kata_deps "externals.kustomize.version")
|
||||
version=$(get_from_kata_deps ".externals.kustomize.version")
|
||||
arch=$(arch_to_golang)
|
||||
checksum=$(get_from_kata_deps "externals.kustomize.checksum.${arch}")
|
||||
checksum=$(get_from_kata_deps ".externals.kustomize.checksum.${arch}")
|
||||
|
||||
local tarball="kustomize_${version}_linux_${arch}.tar.gz"
|
||||
curl -Lf -o "$tarball" "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${version}/${tarball}"
|
||||
|
@@ -67,7 +67,7 @@ shift $(( $OPTIND - 1 ))
|
||||
go_version="${1:-""}"
|
||||
|
||||
if [ -z "$go_version" ] && [ "${USE_VERSIONS_FILE}" = "true" ] ;then
|
||||
go_version=$(get_from_kata_deps "languages.golang.meta.newest-version")
|
||||
go_version=$(get_from_kata_deps ".languages.golang.meta.newest-version")
|
||||
fi
|
||||
|
||||
if [ -z "$go_version" ];then
|
||||
|
@@ -17,7 +17,7 @@ rustarch=$(arch_to_rust)
|
||||
|
||||
version="${1:-""}"
|
||||
if [ -z "${version}" ]; then
|
||||
version=$(get_from_kata_deps "languages.rust.meta.newest-version")
|
||||
version=$(get_from_kata_deps ".languages.rust.meta.newest-version")
|
||||
fi
|
||||
|
||||
echo "Install rust ${version}"
|
||||
|
@@ -43,8 +43,8 @@ function install_dependencies() {
|
||||
# - cri-container-cni release tarball already includes CNI plugins
|
||||
# - cri-tools
|
||||
declare -a github_deps
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps "externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[1]="cri_tools:$(get_from_kata_deps "externals.critools.latest")"
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")"
|
||||
|
||||
for github_dep in "${github_deps[@]}"; do
|
||||
IFS=":" read -r -a dep <<< "${github_dep}"
|
||||
@@ -53,7 +53,7 @@ function install_dependencies() {
|
||||
|
||||
# Clone containerd as we'll need to build it in order to run the tests
|
||||
# base_version: The version to be intalled in the ${major}.${minor} format
|
||||
clone_cri_containerd $(get_from_kata_deps "externals.containerd.${CONTAINERD_VERSION}")
|
||||
clone_cri_containerd $(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")
|
||||
}
|
||||
|
||||
function run() {
|
||||
|
@@ -149,7 +149,7 @@ kbs_install_cli() {
|
||||
# Mininum required version to build the client (read from versions.yaml)
|
||||
local rust_version
|
||||
ensure_yq
|
||||
rust_version=$(get_from_kata_deps "externals.coco-trustee.toolchain")
|
||||
rust_version=$(get_from_kata_deps ".externals.coco-trustee.toolchain")
|
||||
# Currently kata version from version.yaml is 1.72.0
|
||||
# which doesn't match the requirement, so let's pass
|
||||
# the required version.
|
||||
@@ -205,10 +205,10 @@ function kbs_k8s_deploy() {
|
||||
ensure_yq
|
||||
|
||||
# Read from versions.yaml
|
||||
repo=$(get_from_kata_deps "externals.coco-trustee.url")
|
||||
version=$(get_from_kata_deps "externals.coco-trustee.version")
|
||||
image=$(get_from_kata_deps "externals.coco-trustee.image")
|
||||
image_tag=$(get_from_kata_deps "externals.coco-trustee.image_tag")
|
||||
repo=$(get_from_kata_deps ".externals.coco-trustee.url")
|
||||
version=$(get_from_kata_deps ".externals.coco-trustee.version")
|
||||
image=$(get_from_kata_deps ".externals.coco-trustee.image")
|
||||
image_tag=$(get_from_kata_deps ".externals.coco-trustee.image_tag")
|
||||
|
||||
# The ingress handler for AKS relies on the cluster's name which in turn
|
||||
# contain the HEAD commit of the kata-containers repository (supposedly the
|
||||
|
@@ -26,7 +26,7 @@ main()
|
||||
${repo_root_dir}/ci/install_yq.sh > /dev/null
|
||||
fi
|
||||
|
||||
local K8S_SKIP_UNION=$("${GOPATH_LOCAL}/bin/yq" read "${K8S_CONFIG_FILE}" "${K8S_FILTER_FLAG}")
|
||||
local K8S_SKIP_UNION=$("${GOPATH_LOCAL}/bin/yq" ".${K8S_FILTER_FLAG}" "${K8S_CONFIG_FILE}")
|
||||
[ "${K8S_SKIP_UNION}" == "null" ] && return
|
||||
mapfile -t _K8S_SKIP_UNION <<< "${K8S_SKIP_UNION}"
|
||||
|
||||
|
@@ -160,75 +160,59 @@ function deploy_kata() {
|
||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
# Enable debug for Kata Containers
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[1].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[1].value = "true"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Create the runtime class only for the shim that's being tested
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[2].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[2].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Set the tested hypervisor as the default `kata` shim
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[3].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[3].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Let the `kata-deploy` script take care of the runtime class creation / removal
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[4].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[4].value = "true"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Let the `kata-deploy` create the default `kata` runtime class
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[5].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[5].value = "true"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
# Enable 'default_vcpus' hypervisor annotation
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[6].value' \
|
||||
"default_vcpus"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[6].value = "default_vcpus"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
if [ -n "${SNAPSHOTTER}" ]; then
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[7].value' \
|
||||
"${KATA_HYPERVISOR}:${SNAPSHOTTER}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[7].value = \"${KATA_HYPERVISOR}:${SNAPSHOTTER}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
fi
|
||||
|
||||
if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[6].value' \
|
||||
"initrd kernel default_vcpus"
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[+].name' \
|
||||
"HOST_OS"
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[-1].value' \
|
||||
"${KATA_HOST_OS}"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[6].value = "initrd kernel default_vcpus"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env += [{\"name\": \"HOST_OS\", \"value\": \"${KATA_HOST_OS}\"}]" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
fi
|
||||
|
||||
if [ "${KATA_HYPERVISOR}" = "qemu" ]; then
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[6].value' \
|
||||
"image initrd kernel default_vcpus"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[6].value = "image initrd kernel default_vcpus"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
fi
|
||||
|
||||
if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[8].value' \
|
||||
"${HTTPS_PROXY}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[8].value = \"${HTTPS_PROXY}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[9].value' \
|
||||
"${NO_PROXY}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[9].value = \"${NO_PROXY}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
fi
|
||||
|
||||
echo "::group::Final kata-deploy.yaml that is used in the test"
|
||||
@@ -415,25 +399,21 @@ function cleanup_kata_deploy() {
|
||||
kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod
|
||||
|
||||
# Let the `kata-deploy` script take care of the runtime class creation / removal
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[4].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[4].value = "true"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Create the runtime class only for the shim that's being tested
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[2].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[2].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Set the tested hypervisor as the default `kata` shim
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" \
|
||||
'spec.template.spec.containers[0].env[3].value' \
|
||||
"${KATA_HYPERVISOR}"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].env[3].value = \"${KATA_HYPERVISOR}\"" \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
# Let the `kata-deploy` create the default `kata` runtime class
|
||||
yq write -i \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" \
|
||||
'spec.template.spec.containers[0].env[5].value' \
|
||||
--tag '!!str' "true"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env[5].value = "true"' \
|
||||
"${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
|
||||
|
||||
sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
cat "${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
|
||||
@@ -496,8 +476,8 @@ function deploy_nydus_snapshotter() {
|
||||
rm -rf "${nydus_snapshotter_install_dir}"
|
||||
fi
|
||||
mkdir -p "${nydus_snapshotter_install_dir}"
|
||||
nydus_snapshotter_url=$(get_from_kata_deps "externals.nydus-snapshotter.url")
|
||||
nydus_snapshotter_version=$(get_from_kata_deps "externals.nydus-snapshotter.version")
|
||||
nydus_snapshotter_url=$(get_from_kata_deps ".externals.nydus-snapshotter.url")
|
||||
nydus_snapshotter_version=$(get_from_kata_deps ".externals.nydus-snapshotter.version")
|
||||
git clone -b "${nydus_snapshotter_version}" "${nydus_snapshotter_url}" "${nydus_snapshotter_install_dir}"
|
||||
|
||||
pushd "$nydus_snapshotter_install_dir"
|
||||
@@ -506,36 +486,31 @@ function deploy_nydus_snapshotter() {
|
||||
fi
|
||||
if [ "${PULL_TYPE}" == "guest-pull" ]; then
|
||||
# Enable guest pull feature in nydus snapshotter
|
||||
yq write -i \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
'data.FS_DRIVER' \
|
||||
"proxy" --style=double
|
||||
yq -i \
|
||||
'select(.kind == "ConfigMap").data.FS_DRIVER = "proxy"' \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
else
|
||||
>&2 echo "Invalid pull type"; exit 2
|
||||
fi
|
||||
|
||||
# Disable to read snapshotter config from configmap
|
||||
yq write -i \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
'data.ENABLE_CONFIG_FROM_VOLUME' \
|
||||
"false" --style=double
|
||||
yq -i \
|
||||
'select(.kind == "ConfigMap").data.ENABLE_CONFIG_FROM_VOLUME = "false"' \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
# Enable to run snapshotter as a systemd service
|
||||
yq write -i \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
'data.ENABLE_SYSTEMD_SERVICE' \
|
||||
"true" --style=double
|
||||
yq -i \
|
||||
'select(.kind == "ConfigMap").data.ENABLE_SYSTEMD_SERVICE = "true"' \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
# Enable "runtime specific snapshotter" feature in containerd when configuring containerd for snapshotter
|
||||
yq write -i \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
'data.ENABLE_RUNTIME_SPECIFIC_SNAPSHOTTER' \
|
||||
"true" --style=double
|
||||
yq -i \
|
||||
'select(.kind == "ConfigMap").data.ENABLE_RUNTIME_SPECIFIC_SNAPSHOTTER = "true"' \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
|
||||
# Pin the version of nydus-snapshotter image.
|
||||
# TODO: replace with a definitive solution (see https://github.com/kata-containers/kata-containers/issues/9742)
|
||||
yq write -i -d 1 \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml \
|
||||
'spec.template.spec.containers[0].image' \
|
||||
"ghcr.io/containerd/nydus-snapshotter:${nydus_snapshotter_version}" --style=double
|
||||
yq -i \
|
||||
"select(.kind == \"DaemonSet\").spec.template.spec.containers[0].image = \"ghcr.io/containerd/nydus-snapshotter:${nydus_snapshotter_version}\"" \
|
||||
misc/snapshotter/base/nydus-snapshotter.yaml
|
||||
|
||||
# Deploy nydus snapshotter as a daemonset
|
||||
kubectl create -f "misc/snapshotter/nydus-snapshotter-rbac.yaml"
|
||||
|
@@ -19,9 +19,9 @@ setup() {
|
||||
|
||||
@test "Kubectl exec rejected by policy" {
|
||||
# Add to the YAML file a policy that rejects ExecProcessRequest.
|
||||
yq write -i "${pod_yaml}" \
|
||||
'metadata.annotations."io.katacontainers.config.agent.policy"' \
|
||||
"${allow_all_except_exec_policy}"
|
||||
yq -i \
|
||||
".metadata.annotations.\"io.katacontainers.config.agent.policy\" = \"${allow_all_except_exec_policy}\"" \
|
||||
"${pod_yaml}"
|
||||
|
||||
# Create the pod
|
||||
kubectl create -f "${pod_yaml}"
|
||||
|
@@ -69,103 +69,64 @@ test_job_policy_error() {
|
||||
|
||||
@test "Policy failure: unexpected environment variable" {
|
||||
# Changing the job spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
'spec.template.spec.containers[0].env.[+].name' unexpected_variable
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
'spec.template.spec.containers[0].env.[-1].value' unexpected_value
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].env += [{"name": "unexpected_variable", "value": "unexpected_value"}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_job_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected command line argument" {
|
||||
# Changing the job spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].args[+]" \
|
||||
"unexpected_arg"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].args += ["unexpected_arg"]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_job_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected emptyDir volume" {
|
||||
# Changing the job spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[+].mountPath" \
|
||||
"/unexpected1"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].volumeMounts += [{"mountPath": "/unexpected1", "name": "unexpected-volume1"}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[-1].name" \
|
||||
"unexpected-volume1"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes[+].name" \
|
||||
"unexpected-volume1"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes[-1].emptyDir.medium" \
|
||||
"Memory"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes[-1].emptyDir.sizeLimit" \
|
||||
"50M"
|
||||
yq -i \
|
||||
'.spec.template.spec.volumes += [{"name": "unexpected-volume1", "emptyDir": {"medium": "Memory", "sizeLimit": "50M"}}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_job_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected projected volume" {
|
||||
# Changing the job spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[+].mountPath" \
|
||||
"/test-volume"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].volumeMounts += [{"mountPath": "/test-volume", "name": "test-volume", "readOnly": true}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[-1].name" \
|
||||
"test-volume"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[-1].readOnly" \
|
||||
"true"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[+].name" \
|
||||
"test-volume"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[-1].projected.defaultMode" \
|
||||
"420"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[-1].projected.sources.[+].serviceAccountToken.expirationSeconds" \
|
||||
"3600"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[-1].projected.sources.[-1].serviceAccountToken.path" \
|
||||
"token"
|
||||
yq -i '
|
||||
.spec.template.spec.volumes += [{
|
||||
"name": "test-volume",
|
||||
"projected": {
|
||||
"defaultMode": 420,
|
||||
"sources": [{
|
||||
"serviceAccountToken": {
|
||||
"expirationSeconds": 3600,
|
||||
"path": "token"
|
||||
}
|
||||
}]
|
||||
}
|
||||
}]
|
||||
' "${incorrect_yaml}"
|
||||
|
||||
test_job_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected readOnlyRootFilesystem" {
|
||||
# Changing the job spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem" \
|
||||
"false"
|
||||
yq -i \
|
||||
".spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem = false" \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_job_policy_error
|
||||
}
|
||||
|
@@ -49,69 +49,48 @@ test_pod_policy_error() {
|
||||
@test "Policy failure: unexpected container image" {
|
||||
# Change the container image after generating the policy. The different image has
|
||||
# different attributes (e.g., different command line) so the policy will reject it.
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.containers[0].image" \
|
||||
"quay.io/footloose/ubuntu18.04:latest"
|
||||
yq -i \
|
||||
'.spec.containers[0].image = "quay.io/footloose/ubuntu18.04:latest"' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
test_pod_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected privileged security context" {
|
||||
# Changing the pod spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
'spec.containers[0].securityContext.privileged' \
|
||||
"true"
|
||||
yq -i \
|
||||
'.spec.containers[0].securityContext.privileged = true' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
test_pod_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected terminationMessagePath" {
|
||||
# Changing the pod spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
'spec.containers[0].terminationMessagePath' \
|
||||
"/dev/termination-custom-log"
|
||||
yq -i \
|
||||
'.spec.containers[0].terminationMessagePath = "/dev/termination-custom-log"' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
test_pod_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected hostPath volume mount" {
|
||||
# Changing the pod spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.containers[0].volumeMounts.[+].name" \
|
||||
"mountpoint-dir"
|
||||
yq -i \
|
||||
'.spec.containers[0].volumeMounts += [{"name": "mountpoint-dir", "mountPath": "/var/lib/kubelet/pods"}]' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.containers[0].volumeMounts.[-1].mountPath" \
|
||||
"/var/lib/kubelet/pods"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.volumes.[+].hostPath.path" \
|
||||
"/var/lib/kubelet/pods"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.volumes.[-1].hostPath.type" \
|
||||
"DirectoryOrCreate"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
"spec.volumes.[-1].name" \
|
||||
"mountpoint-dir"
|
||||
yq -i \
|
||||
'.spec.volumes += [{"hostPath": {"path": "/var/lib/kubelet/pods", "type": "DirectoryOrCreate"}, "name": "mountpoint-dir"}]' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
test_pod_policy_error
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected config map" {
|
||||
yq write -i \
|
||||
"${incorrect_configmap_yaml}" \
|
||||
'data.data-2' \
|
||||
"foo"
|
||||
yq -i \
|
||||
'.data.data-2 = "foo"' \
|
||||
"${incorrect_configmap_yaml}"
|
||||
|
||||
# These commands are different from the test_pod_policy_error() commands above
|
||||
# because in this case an incorrect config map spec is used.
|
||||
@@ -123,15 +102,13 @@ test_pod_policy_error() {
|
||||
@test "Policy failure: unexpected lifecycle.postStart.exec.command" {
|
||||
# Add a postStart command after generating the policy and verify that the post
|
||||
# start hook command gets blocked by policy.
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
'spec.containers[0].lifecycle.postStart.exec.command.[+]' \
|
||||
"echo"
|
||||
yq -i \
|
||||
'.spec.containers[0].lifecycle.postStart.exec.command += ["echo"]' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_pod_yaml}" \
|
||||
'spec.containers[0].lifecycle.postStart.exec.command.[+]' \
|
||||
"hello"
|
||||
yq -i \
|
||||
'.spec.containers[0].lifecycle.postStart.exec.command += ["hello"]' \
|
||||
"${incorrect_pod_yaml}"
|
||||
|
||||
kubectl create -f "${correct_configmap_yaml}"
|
||||
kubectl create -f "${incorrect_pod_yaml}"
|
||||
|
@@ -48,7 +48,7 @@ test_rc_policy() {
|
||||
# Create replication controller
|
||||
if [ "${expect_denied_create_container}" = "true" ]; then
|
||||
kubectl create -f "${incorrect_yaml}"
|
||||
else
|
||||
else
|
||||
kubectl create -f "${correct_yaml}"
|
||||
fi
|
||||
|
||||
@@ -92,65 +92,49 @@ test_rc_policy() {
|
||||
|
||||
@test "Policy failure: unexpected container command" {
|
||||
# Changing the template spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].command.[+]" \
|
||||
"ls"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].command += ["ls"]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_rc_policy true
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected volume mountPath" {
|
||||
# Changing the template spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts[0].mountPath" \
|
||||
"/host/unexpected"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].volumeMounts[0].mountPath = "/host/unexpected"' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_rc_policy true
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected host device mapping" {
|
||||
# Changing the template spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[+].mountPath" \
|
||||
"/dev/ttyS0"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].volumeMounts += [{"mountPath": "/dev/ttyS0", "name": "dev-ttys0"}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].volumeMounts.[-1].name" \
|
||||
"dev-ttys0"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[+].name" \
|
||||
"dev-ttys0"
|
||||
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.volumes.[-1].hostPath.path" \
|
||||
"/dev/ttyS0"
|
||||
yq -i \
|
||||
'.spec.template.spec.volumes += [{"name": "dev-ttys0", "hostPath": {"path": "/dev/ttyS0"}}]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_rc_policy true
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected securityContext.allowPrivilegeEscalation" {
|
||||
# Changing the template spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation" \
|
||||
"false"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation = false' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_rc_policy true
|
||||
}
|
||||
|
||||
@test "Policy failure: unexpected capability" {
|
||||
# Changing the template spec after generating its policy will cause CreateContainer to be denied.
|
||||
yq write -i \
|
||||
"${incorrect_yaml}" \
|
||||
"spec.template.spec.containers[0].securityContext.capabilities.add.[+]" \
|
||||
"CAP_SYS_CHROOT"
|
||||
yq -i \
|
||||
'.spec.template.spec.containers[0].securityContext.capabilities.add += ["CAP_SYS_CHROOT"]' \
|
||||
"${incorrect_yaml}"
|
||||
|
||||
test_rc_policy true
|
||||
}
|
||||
|
@@ -189,7 +189,7 @@ set_metadata_annotation() {
|
||||
echo "$annotation_key"
|
||||
# yq set annotations in yaml. Quoting the key because it can have
|
||||
# dots.
|
||||
yq write -i --style=double "${yaml}" "${annotation_key}" "${value}"
|
||||
yq -i ".${annotation_key} = \"${value}\"" "${yaml}"
|
||||
}
|
||||
|
||||
# Set the command for container spec.
|
||||
@@ -205,10 +205,9 @@ set_container_command() {
|
||||
shift 2
|
||||
|
||||
for command_value in "$@"; do
|
||||
yq write -i \
|
||||
"${yaml}" \
|
||||
"spec.containers[${container_idx}].command[+]" \
|
||||
--tag '!!str' "${command_value}"
|
||||
yq -i \
|
||||
'.spec.containers['"${container_idx}"'].command += ["'"${command_value}"'"]' \
|
||||
"${yaml}"
|
||||
done
|
||||
}
|
||||
|
||||
@@ -223,10 +222,9 @@ set_node() {
|
||||
local node="$2"
|
||||
[ -n "$node" ] || return 1
|
||||
|
||||
yq write -i \
|
||||
"${yaml}" \
|
||||
"spec.nodeName" \
|
||||
"$node"
|
||||
yq -i \
|
||||
".spec.nodeName = \"$node\"" \
|
||||
"${yaml}"
|
||||
}
|
||||
|
||||
# Get the systemd's journal from a worker node
|
||||
|
@@ -53,24 +53,26 @@ add_annotations_to_yaml() {
|
||||
local yaml_file="$1"
|
||||
local annotation_name="$2"
|
||||
local annotation_value="$3"
|
||||
local resource_kind="$(yq read ${yaml_file} kind)"
|
||||
|
||||
# Previous version of yq was not ready to handle multiple objects in a single yaml.
|
||||
# By default was changing only the first object.
|
||||
# With yq>4 we need to make it explicit during the read and write.
|
||||
local resource_kind="$(yq .kind ${yaml_file} | head -1)"
|
||||
|
||||
case "${resource_kind}" in
|
||||
|
||||
Pod)
|
||||
info "Adding \"${annotation_name}=${annotation_value}\" to ${resource_kind} from ${yaml_file}"
|
||||
yq write -i \
|
||||
"${K8S_TEST_YAML}" \
|
||||
"metadata.annotations[${annotation_name}]" \
|
||||
"${annotation_value}"
|
||||
yq -i \
|
||||
".metadata.annotations.\"${annotation_name}\" = \"${annotation_value}\"" \
|
||||
"${K8S_TEST_YAML}"
|
||||
;;
|
||||
|
||||
Deployment|Job|ReplicationController)
|
||||
info "Adding \"${annotation_name}=${annotation_value}\" to ${resource_kind} from ${yaml_file}"
|
||||
yq write -i \
|
||||
"${K8S_TEST_YAML}" \
|
||||
"spec.template.metadata.annotations[${annotation_name}]" \
|
||||
"${annotation_value}"
|
||||
yq -i \
|
||||
".spec.template.metadata.annotations.\"${annotation_name}\" = \"${annotation_value}\"" \
|
||||
"${K8S_TEST_YAML}"
|
||||
;;
|
||||
|
||||
List)
|
||||
|
@@ -274,22 +274,25 @@ add_allow_all_policy_to_yaml() {
|
||||
policy_tests_enabled || return 0
|
||||
|
||||
local yaml_file="$1"
|
||||
local resource_kind="$(yq read ${yaml_file} kind)"
|
||||
# Previous version of yq was not ready to handle multiple objects in a single yaml.
|
||||
# By default was changing only the first object.
|
||||
# With yq>4 we need to make it explicit during the read and write.
|
||||
local resource_kind="$(yq .kind ${yaml_file} | head -1)"
|
||||
|
||||
case "${resource_kind}" in
|
||||
|
||||
Pod)
|
||||
info "Adding allow all policy to ${resource_kind} from ${yaml_file}"
|
||||
ALLOW_ALL_POLICY="${ALLOW_ALL_POLICY}" yq write -i "${yaml_file}" \
|
||||
'metadata.annotations."io.katacontainers.config.agent.policy"' \
|
||||
"${ALLOW_ALL_POLICY}"
|
||||
ALLOW_ALL_POLICY="${ALLOW_ALL_POLICY}" yq -i \
|
||||
".metadata.annotations.\"io.katacontainers.config.agent.policy\" = \"${ALLOW_ALL_POLICY}\"" \
|
||||
"${yaml_file}"
|
||||
;;
|
||||
|
||||
Deployment|Job|ReplicationController)
|
||||
info "Adding allow all policy to ${resource_kind} from ${yaml_file}"
|
||||
ALLOW_ALL_POLICY="${ALLOW_ALL_POLICY}" yq write -i "${yaml_file}" \
|
||||
'spec.template.metadata.annotations."io.katacontainers.config.agent.policy"' \
|
||||
"${ALLOW_ALL_POLICY}"
|
||||
ALLOW_ALL_POLICY="${ALLOW_ALL_POLICY}" yq -i \
|
||||
".spec.template.metadata.annotations.\"io.katacontainers.config.agent.policy\" = \"${ALLOW_ALL_POLICY}\"" \
|
||||
"${yaml_file}"
|
||||
;;
|
||||
|
||||
List)
|
||||
|
@@ -35,10 +35,10 @@ function install_dependencies() {
|
||||
# - nydus
|
||||
# - nydus-snapshotter
|
||||
declare -a github_deps
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps "externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[1]="cri_tools:$(get_from_kata_deps "externals.critools.latest")"
|
||||
github_deps[2]="nydus:$(get_from_kata_deps "externals.nydus.version")"
|
||||
github_deps[3]="nydus_snapshotter:$(get_from_kata_deps "externals.nydus-snapshotter.version")"
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")"
|
||||
github_deps[2]="nydus:$(get_from_kata_deps ".externals.nydus.version")"
|
||||
github_deps[3]="nydus_snapshotter:$(get_from_kata_deps ".externals.nydus-snapshotter.version")"
|
||||
|
||||
for github_dep in "${github_deps[@]}"; do
|
||||
IFS=":" read -r -a dep <<< "${github_dep}"
|
||||
|
@@ -33,7 +33,7 @@ function install_dependencies() {
|
||||
# - containerd
|
||||
# - cri-container-cni release tarball already includes CNI plugins
|
||||
declare -a github_deps
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps "externals.containerd.${CONTAINERD_VERSION}")"
|
||||
github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")"
|
||||
|
||||
for github_dep in "${github_deps[@]}"; do
|
||||
IFS=":" read -r -a dep <<< "${github_dep}"
|
||||
|
@@ -173,7 +173,7 @@ function init() {
|
||||
fi
|
||||
|
||||
versions_file="${cidir}/../../versions.yaml"
|
||||
nginx_version=$("${GOPATH}/bin/yq" read "$versions_file" "docker_images.nginx.version")
|
||||
nginx_version=$("${GOPATH}/bin/yq" ".docker_images.nginx.version" "$versions_file")
|
||||
nginx_image="docker.io/library/nginx:$nginx_version"
|
||||
|
||||
# Pull nginx image
|
||||
|
@@ -238,8 +238,8 @@ get_coco_guest_components_tarball_path() {
|
||||
}
|
||||
|
||||
get_latest_coco_guest_components_artefact_and_builder_image_version() {
|
||||
local coco_guest_components_version=$(get_from_kata_deps "externals.coco-guest-components.version")
|
||||
local coco_guest_components_toolchain=$(get_from_kata_deps "externals.coco-guest-components.toolchain")
|
||||
local coco_guest_components_version=$(get_from_kata_deps ".externals.coco-guest-components.version")
|
||||
local coco_guest_components_toolchain=$(get_from_kata_deps ".externals.coco-guest-components.toolchain")
|
||||
local latest_coco_guest_components_artefact="${coco_guest_components_version}-${coco_guest_components_toolchain}"
|
||||
local latest_coco_guest_components_builder_image="$(get_coco_guest_components_image_name)"
|
||||
|
||||
@@ -254,8 +254,8 @@ get_pause_image_tarball_path() {
|
||||
}
|
||||
|
||||
get_latest_pause_image_artefact_and_builder_image_version() {
|
||||
local pause_image_repo="$(get_from_kata_deps "externals.pause.repo")"
|
||||
local pause_image_version=$(get_from_kata_deps "externals.pause.version")
|
||||
local pause_image_repo="$(get_from_kata_deps ".externals.pause.repo")"
|
||||
local pause_image_version=$(get_from_kata_deps ".externals.pause.version")
|
||||
local latest_pause_image_artefact="${pause_image_repo}-${pause_image_version}"
|
||||
local latest_pause_image_builder_image="$(get_pause_image_name)"
|
||||
|
||||
@@ -263,7 +263,7 @@ get_latest_pause_image_artefact_and_builder_image_version() {
|
||||
}
|
||||
|
||||
get_latest_kernel_confidential_artefact_and_builder_image_version() {
|
||||
local kernel_version=$(get_from_kata_deps "assets.kernel.confidential.version")
|
||||
local kernel_version=$(get_from_kata_deps ".assets.kernel.confidential.version")
|
||||
local kernel_kata_config_version="$(cat ${repo_root_dir}/tools/packaging/kernel/kata_config_version)"
|
||||
local latest_kernel_artefact="${kernel_version}-${kernel_kata_config_version}-$(get_last_modification $(dirname $kernel_builder))"
|
||||
local latest_kernel_builder_image="$(get_kernel_image_name)"
|
||||
@@ -285,9 +285,9 @@ install_image() {
|
||||
local osbuilder_last_commit="$(get_last_modification "${repo_root_dir}/tools/osbuilder")"
|
||||
local guest_image_last_commit="$(get_last_modification "${repo_root_dir}/tools/packaging/guest-image")"
|
||||
local libs_last_commit="$(get_last_modification "${repo_root_dir}/src/libs")"
|
||||
local gperf_version="$(get_from_kata_deps "externals.gperf.version")"
|
||||
local libseccomp_version="$(get_from_kata_deps "externals.libseccomp.version")"
|
||||
local rust_version="$(get_from_kata_deps "languages.rust.meta.newest-version")"
|
||||
local gperf_version="$(get_from_kata_deps ".externals.gperf.version")"
|
||||
local libseccomp_version="$(get_from_kata_deps ".externals.libseccomp.version")"
|
||||
local rust_version="$(get_from_kata_deps ".languages.rust.meta.newest-version")"
|
||||
local agent_last_commit=$(merge_two_hashes \
|
||||
"$(get_last_modification "${repo_root_dir}/src/agent")" \
|
||||
"$(get_last_modification "${repo_root_dir}/tools/packaging/static-build/agent")")
|
||||
@@ -315,16 +315,16 @@ install_image() {
|
||||
info "Create image"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.${variant}.version")"
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.${variant}.version")"
|
||||
|
||||
if [ "${variant}" == "confidential" ]; then
|
||||
export COCO_GUEST_COMPONENTS_TARBALL="$(get_coco_guest_components_tarball_path)"
|
||||
export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
|
||||
fi
|
||||
else
|
||||
os_name="$(get_from_kata_deps "assets.image.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.image.architecture.${ARCH}.version")"
|
||||
os_name="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.image.architecture.${ARCH}.version")"
|
||||
fi
|
||||
|
||||
export AGENT_TARBALL=$(get_agent_tarball_path)
|
||||
@@ -354,9 +354,9 @@ install_initrd() {
|
||||
local osbuilder_last_commit="$(get_last_modification "${repo_root_dir}/tools/osbuilder")"
|
||||
local guest_image_last_commit="$(get_last_modification "${repo_root_dir}/tools/packaging/guest-image")"
|
||||
local libs_last_commit="$(get_last_modification "${repo_root_dir}/src/libs")"
|
||||
local gperf_version="$(get_from_kata_deps "externals.gperf.version")"
|
||||
local libseccomp_version="$(get_from_kata_deps "externals.libseccomp.version")"
|
||||
local rust_version="$(get_from_kata_deps "languages.rust.meta.newest-version")"
|
||||
local gperf_version="$(get_from_kata_deps ".externals.gperf.version")"
|
||||
local libseccomp_version="$(get_from_kata_deps ".externals.libseccomp.version")"
|
||||
local rust_version="$(get_from_kata_deps ".languages.rust.meta.newest-version")"
|
||||
local agent_last_commit=$(merge_two_hashes \
|
||||
"$(get_last_modification "${repo_root_dir}/src/agent")" \
|
||||
"$(get_last_modification "${repo_root_dir}/tools/packaging/static-build/agent")")
|
||||
@@ -385,16 +385,16 @@ install_initrd() {
|
||||
info "Create initrd"
|
||||
|
||||
if [ -n "${variant}" ]; then
|
||||
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.${variant}.version")"
|
||||
|
||||
if [ "${variant}" == "confidential" ]; then
|
||||
export COCO_GUEST_COMPONENTS_TARBALL="$(get_coco_guest_components_tarball_path)"
|
||||
export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
|
||||
fi
|
||||
else
|
||||
os_name="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps "assets.initrd.architecture.${ARCH}.version")"
|
||||
os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.name")"
|
||||
os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.version")"
|
||||
fi
|
||||
|
||||
export AGENT_TARBALL=$(get_agent_tarball_path)
|
||||
@@ -493,11 +493,11 @@ install_kernel_helper() {
|
||||
local extra_cmd="${3:-}"
|
||||
local extra_tarballs=""
|
||||
|
||||
export kernel_version="$(get_from_kata_deps ${kernel_version_yaml_path})"
|
||||
export kernel_version="$(get_from_kata_deps .${kernel_version_yaml_path})"
|
||||
export kernel_kata_config_version="$(cat ${repo_root_dir}/tools/packaging/kernel/kata_config_version)"
|
||||
|
||||
if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
|
||||
kernel_version="$(get_from_kata_deps assets.kernel.confidential.version)"
|
||||
kernel_version="$(get_from_kata_deps .assets.kernel.confidential.version)"
|
||||
fi
|
||||
|
||||
if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
|
||||
@@ -530,7 +530,7 @@ install_kernel() {
|
||||
}
|
||||
|
||||
install_kernel_confidential() {
|
||||
local kernel_url="$(get_from_kata_deps assets.kernel.confidential.url)"
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.confidential.url)"
|
||||
|
||||
export MEASURED_ROOTFS=yes
|
||||
|
||||
@@ -549,7 +549,7 @@ install_kernel_dragonball_experimental() {
|
||||
|
||||
#Install GPU enabled kernel asset
|
||||
install_kernel_nvidia_gpu() {
|
||||
local kernel_url="$(get_from_kata_deps assets.kernel.url)"
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.url)"
|
||||
|
||||
install_kernel_helper \
|
||||
"assets.kernel.version" \
|
||||
@@ -559,7 +559,7 @@ install_kernel_nvidia_gpu() {
|
||||
|
||||
#Install GPU and TEE enabled kernel asset
|
||||
install_kernel_nvidia_gpu_confidential() {
|
||||
local kernel_url="$(get_from_kata_deps assets.kernel.confidential.url)"
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.confidential.url)"
|
||||
|
||||
install_kernel_helper \
|
||||
"assets.kernel.confidential.version" \
|
||||
@@ -574,8 +574,8 @@ install_qemu_helper() {
|
||||
local builder="${4}"
|
||||
local qemu_tarball_name="${qemu_tarball_name:-kata-static-qemu.tar.gz}"
|
||||
|
||||
export qemu_repo="$(get_from_kata_deps ${qemu_repo_yaml_path})"
|
||||
export qemu_version="$(get_from_kata_deps ${qemu_version_yaml_path})"
|
||||
export qemu_repo="$(get_from_kata_deps .${qemu_repo_yaml_path})"
|
||||
export qemu_version="$(get_from_kata_deps .${qemu_version_yaml_path})"
|
||||
|
||||
latest_artefact="${qemu_version}-$(calc_qemu_files_sha256sum)"
|
||||
latest_builder_image="$(get_qemu_image_name)"
|
||||
@@ -615,7 +615,7 @@ install_qemu_snp_experimental() {
|
||||
|
||||
# Install static firecracker asset
|
||||
install_firecracker() {
|
||||
local firecracker_version=$(get_from_kata_deps "assets.hypervisor.firecracker.version")
|
||||
local firecracker_version=$(get_from_kata_deps ".assets.hypervisor.firecracker.version")
|
||||
|
||||
latest_artefact="${firecracker_version}"
|
||||
latest_builder_image=""
|
||||
@@ -641,7 +641,7 @@ install_clh_helper() {
|
||||
features="${2}"
|
||||
suffix="${3:-""}"
|
||||
|
||||
latest_artefact="$(get_from_kata_deps "assets.hypervisor.cloud_hypervisor.version")"
|
||||
latest_artefact="$(get_from_kata_deps ".assets.hypervisor.cloud_hypervisor.version")"
|
||||
latest_builder_image=""
|
||||
|
||||
install_cached_tarball_component \
|
||||
@@ -683,7 +683,7 @@ install_clh_glibc() {
|
||||
|
||||
# Install static stratovirt asset
|
||||
install_stratovirt() {
|
||||
local stratovirt_version=$(get_from_kata_deps "assets.hypervisor.stratovirt.version")
|
||||
local stratovirt_version=$(get_from_kata_deps ".assets.hypervisor.stratovirt.version")
|
||||
|
||||
latest_artefact="${stratovirt_version}"
|
||||
latest_builder_image=""
|
||||
@@ -705,7 +705,7 @@ install_stratovirt() {
|
||||
|
||||
# Install static virtiofsd asset
|
||||
install_virtiofsd() {
|
||||
latest_artefact="$(get_from_kata_deps "externals.virtiofsd.version")-$(get_from_kata_deps "externals.virtiofsd.toolchain")"
|
||||
latest_artefact="$(get_from_kata_deps ".externals.virtiofsd.version")-$(get_from_kata_deps ".externals.virtiofsd.toolchain")"
|
||||
latest_builder_image="$(get_virtiofsd_image_name)"
|
||||
|
||||
install_cached_tarball_component \
|
||||
@@ -727,7 +727,7 @@ install_virtiofsd() {
|
||||
install_nydus() {
|
||||
[ "${ARCH}" == "aarch64" ] && ARCH=arm64
|
||||
|
||||
latest_artefact="$(get_from_kata_deps "externals.nydus.version")"
|
||||
latest_artefact="$(get_from_kata_deps ".externals.nydus.version")"
|
||||
latest_builder_image=""
|
||||
|
||||
install_cached_tarball_component \
|
||||
@@ -752,8 +752,8 @@ install_shimv2() {
|
||||
local shim_v2_last_commit="$(get_last_modification "${repo_root_dir}/src/runtime")"
|
||||
local runtime_rs_last_commit="$(get_last_modification "${repo_root_dir}/src/runtime-rs")"
|
||||
local protocols_last_commit="$(get_last_modification "${repo_root_dir}/src/libs/protocols")"
|
||||
local GO_VERSION="$(get_from_kata_deps "languages.golang.meta.newest-version")"
|
||||
local RUST_VERSION="$(get_from_kata_deps "languages.rust.meta.newest-version")"
|
||||
local GO_VERSION="$(get_from_kata_deps ".languages.golang.meta.newest-version")"
|
||||
local RUST_VERSION="$(get_from_kata_deps ".languages.rust.meta.newest-version")"
|
||||
|
||||
latest_artefact="${shim_v2_last_commit}-${protocols_last_commit}-${runtime_rs_last_commit}-${GO_VERSION}-${RUST_VERSION}"
|
||||
latest_builder_image="$(get_shim_v2_image_name)"
|
||||
@@ -779,7 +779,7 @@ install_ovmf() {
|
||||
local component_name="ovmf"
|
||||
[ "${ovmf_type}" == "sev" ] && component_name="ovmf-sev"
|
||||
|
||||
latest_artefact="$(get_from_kata_deps "externals.ovmf.${ovmf_type}.version")"
|
||||
latest_artefact="$(get_from_kata_deps ".externals.ovmf.${ovmf_type}.version")"
|
||||
latest_builder_image="$(get_ovmf_image_name)"
|
||||
|
||||
install_cached_tarball_component \
|
||||
@@ -812,18 +812,18 @@ install_agent() {
|
||||
"${final_tarball_path}" \
|
||||
&& return 0
|
||||
|
||||
export LIBSECCOMP_VERSION="$(get_from_kata_deps "externals.libseccomp.version")"
|
||||
export LIBSECCOMP_URL="$(get_from_kata_deps "externals.libseccomp.url")"
|
||||
export GPERF_VERSION="$(get_from_kata_deps "externals.gperf.version")"
|
||||
export GPERF_URL="$(get_from_kata_deps "externals.gperf.url")"
|
||||
export LIBSECCOMP_VERSION="$(get_from_kata_deps ".externals.libseccomp.version")"
|
||||
export LIBSECCOMP_URL="$(get_from_kata_deps ".externals.libseccomp.url")"
|
||||
export GPERF_VERSION="$(get_from_kata_deps ".externals.gperf.version")"
|
||||
export GPERF_URL="$(get_from_kata_deps ".externals.gperf.url")"
|
||||
|
||||
info "build static agent"
|
||||
DESTDIR="${destdir}" AGENT_POLICY="yes" PULL_TYPE=${PULL_TYPE} "${agent_builder}"
|
||||
}
|
||||
|
||||
install_coco_guest_components() {
|
||||
latest_artefact="$(get_from_kata_deps "externals.coco-guest-components.version")-$(get_from_kata_deps "externals.coco-guest-components.toolchain")"
|
||||
artefact_tag="$(get_from_kata_deps "externals.coco-guest-components.version")"
|
||||
latest_artefact="$(get_from_kata_deps ".externals.coco-guest-components.version")-$(get_from_kata_deps ".externals.coco-guest-components.toolchain")"
|
||||
artefact_tag="$(get_from_kata_deps ".externals.coco-guest-components.version")"
|
||||
latest_builder_image="$(get_coco_guest_components_image_name)"
|
||||
|
||||
install_cached_tarball_component \
|
||||
@@ -839,7 +839,7 @@ install_coco_guest_components() {
|
||||
}
|
||||
|
||||
install_pause_image() {
|
||||
latest_artefact="$(get_from_kata_deps "externals.pause.repo")-$(get_from_kata_deps "externals.pause.version")"
|
||||
latest_artefact="$(get_from_kata_deps ".externals.pause.repo")-$(get_from_kata_deps ".externals.pause.version")"
|
||||
artefact_tag=${latest_artefact}
|
||||
latest_builder_image="$(get_pause_image_name)"
|
||||
|
||||
|
@@ -8,8 +8,8 @@ automates the process to build a kernel for Kata Containers.
|
||||
|
||||
The `build-kernel.sh` script requires an installed Golang version matching the
|
||||
[component build requirements](../../../docs/Developer-Guide.md#requirements-to-build-individual-components).
|
||||
It also requires [yq](https://github.com/mikefarah/yq) version 3.4.1
|
||||
> **Hint**: `go install github.com/mikefarah/yq/v3@latest`
|
||||
It also requires [yq](https://github.com/mikefarah/yq) version v4.40.7.
|
||||
> **Hint**: `go install github.com/mikefarah/yq/v4@latest`
|
||||
|
||||
|
||||
The Linux kernel scripts further require a few packages (flex, bison, and libelf-dev)
|
||||
|
@@ -142,7 +142,7 @@ get_tee_kernel() {
|
||||
mkdir -p ${kernel_path}
|
||||
|
||||
if [ -z "${kernel_url}" ]; then
|
||||
kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
|
||||
kernel_url=$(get_from_kata_deps ".assets.kernel.${tee}.url")
|
||||
fi
|
||||
|
||||
local kernel_tarball="${version}.tar.gz"
|
||||
@@ -644,26 +644,26 @@ main() {
|
||||
# If not kernel version take it from versions.yaml
|
||||
if [ -z "$kernel_version" ]; then
|
||||
if [[ ${build_type} == "experimental" ]]; then
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel-experimental.tag")
|
||||
elif [[ ${build_type} == "arch-experimental" ]]; then
|
||||
case "${arch_target}" in
|
||||
"aarch64")
|
||||
build_type="arm-experimental"
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel-arm-experimental.version")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel-arm-experimental.version")
|
||||
;;
|
||||
*)
|
||||
info "No arch-specific experimental kernel supported, using experimental one instead"
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel-experimental.tag")
|
||||
;;
|
||||
esac
|
||||
elif [[ ${build_type} == "dragonball-experimental" ]]; then
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel-dragonball-experimental.version")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel-dragonball-experimental.version")
|
||||
elif [[ "${conf_guest}" != "" ]]; then
|
||||
#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.version" 2>/dev/null || true)
|
||||
[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel.${conf_guest}.version" 2>/dev/null || true)
|
||||
[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps ".assets.kernel.${conf_guest}.tag")
|
||||
else
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel.version")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel.version")
|
||||
fi
|
||||
fi
|
||||
#Remove extra 'v'
|
||||
|
@@ -60,8 +60,8 @@ function _create_our_own_notes()
|
||||
export PATH=${HOME}/go/bin:${PATH}
|
||||
|
||||
source "${repo_root_dir}/tools/packaging/scripts/lib.sh"
|
||||
libseccomp_version=$(get_from_kata_deps "externals.libseccomp.version")
|
||||
libseccomp_url=$(get_from_kata_deps "externals.libseccomp.url")
|
||||
libseccomp_version=$(get_from_kata_deps ".externals.libseccomp.version")
|
||||
libseccomp_url=$(get_from_kata_deps ".externals.libseccomp.url")
|
||||
|
||||
cat >> /tmp/our_notes_${RELEASE_VERSION} <<EOF
|
||||
## Survey
|
||||
@@ -194,8 +194,8 @@ function _upload_libseccomp_tarball()
|
||||
GOPATH=${HOME}/go ./ci/install_yq.sh
|
||||
|
||||
versions_yaml="versions.yaml"
|
||||
version=$(${HOME}/go/bin/yq read ${versions_yaml} "externals.libseccomp.version")
|
||||
repo_url=$(${HOME}/go/bin/yq read ${versions_yaml} "externals.libseccomp.url")
|
||||
version=$(${HOME}/go/bin/yq ".externals.libseccomp.version" ${versions_yaml})
|
||||
repo_url=$(${HOME}/go/bin/yq ".externals.libseccomp.url" ${versions_yaml})
|
||||
download_url="${repo_url}releases/download/v${version}"
|
||||
tarball="libseccomp-${version}.tar.gz"
|
||||
asc="${tarball}.asc"
|
||||
|
@@ -35,21 +35,21 @@ gen_version_file() {
|
||||
ref="refs/tags/${kata_version}^{}"
|
||||
fi
|
||||
|
||||
qemu_vanilla_branch=$(get_from_kata_deps "assets.hypervisor.qemu.version")
|
||||
qemu_vanilla_branch=$(get_from_kata_deps ".assets.hypervisor.qemu.version")
|
||||
# Check if qemu.version can be used to get the version and hash, otherwise use qemu.tag
|
||||
qemu_vanilla_ref="refs/heads/${qemu_vanilla_branch}"
|
||||
if ! (git ls-remote --heads "https://github.com/qemu/qemu.git" | grep -q "refs/heads/${qemu_vanilla_branch}"); then
|
||||
qemu_vanilla_branch=$(get_from_kata_deps "assets.hypervisor.qemu.tag")
|
||||
qemu_vanilla_branch=$(get_from_kata_deps ".assets.hypervisor.qemu.tag")
|
||||
qemu_vanilla_ref="refs/tags/${qemu_vanilla_branch}^{}"
|
||||
fi
|
||||
qemu_vanilla_version=$(curl -s -L "https://raw.githubusercontent.com/qemu/qemu/${qemu_vanilla_branch}/VERSION")
|
||||
qemu_vanilla_hash=$(git ls-remote https://github.com/qemu/qemu.git | grep "${qemu_vanilla_ref}" | awk '{print $1}')
|
||||
|
||||
kernel_version=$(get_from_kata_deps "assets.kernel.version")
|
||||
kernel_version=$(get_from_kata_deps ".assets.kernel.version")
|
||||
#Remove extra 'v'
|
||||
kernel_version=${kernel_version#v}
|
||||
|
||||
golang_version=$(get_from_kata_deps "languages.golang.meta.newest-version")
|
||||
golang_version=$(get_from_kata_deps ".languages.golang.meta.newest-version")
|
||||
|
||||
# - is not a valid char for rpmbuild
|
||||
# see https://github.com/semver/semver/issues/145
|
||||
|
@@ -34,11 +34,11 @@ install_yq() {
|
||||
}
|
||||
|
||||
get_from_kata_deps() {
|
||||
local dependency="$1"
|
||||
local dependency="$1 | explode(.)"
|
||||
versions_file="${this_script_dir}/../../../versions.yaml"
|
||||
|
||||
command -v yq &>/dev/null || die 'yq command is not in your $PATH'
|
||||
result=$("yq" read -X "$versions_file" "$dependency")
|
||||
result=$("yq" "$dependency" "$versions_file")
|
||||
[ "$result" = "null" ] && result=""
|
||||
echo "$result"
|
||||
}
|
||||
@@ -178,7 +178,7 @@ get_qemu_image_name() {
|
||||
|
||||
get_shim_v2_image_name() {
|
||||
shim_v2_script_dir="${repo_root_dir}/tools/packaging/static-build/shim-v2"
|
||||
echo "${BUILDER_REGISTRY}:shim-v2-go-$(get_from_kata_deps "languages.golang.meta.newest-version")-rust-$(get_from_kata_deps "languages.rust.meta.newest-version")-$(get_last_modification ${shim_v2_script_dir})-$(uname -m)"
|
||||
echo "${BUILDER_REGISTRY}:shim-v2-go-$(get_from_kata_deps ".languages.golang.meta.newest-version")-rust-$(get_from_kata_deps ".languages.rust.meta.newest-version")-$(get_last_modification ${shim_v2_script_dir})-$(uname -m)"
|
||||
}
|
||||
|
||||
get_ovmf_image_name() {
|
||||
@@ -204,7 +204,7 @@ get_virtiofsd_image_name() {
|
||||
esac
|
||||
|
||||
virtiofsd_script_dir="${repo_root_dir}/tools/packaging/static-build/virtiofsd"
|
||||
echo "${BUILDER_REGISTRY}:virtiofsd-$(get_from_kata_deps "externals.virtiofsd.toolchain")-${libc}-$(get_last_modification ${virtiofsd_script_dir})-$(uname -m)"
|
||||
echo "${BUILDER_REGISTRY}:virtiofsd-$(get_from_kata_deps ".externals.virtiofsd.toolchain")-${libc}-$(get_last_modification ${virtiofsd_script_dir})-$(uname -m)"
|
||||
}
|
||||
|
||||
get_tools_image_name() {
|
||||
@@ -227,7 +227,7 @@ get_agent_image_name() {
|
||||
|
||||
get_coco_guest_components_image_name() {
|
||||
coco_guest_components_script_dir="${repo_root_dir}/tools/packaging/static-build/coco-guest-components"
|
||||
echo "${BUILDER_REGISTRY}:coco-guest-components-$(get_from_kata_deps "externals.coco-guest-components.toolchain")-$(get_last_modification ${coco_guest_components_script_dir})-$(uname -m)"
|
||||
echo "${BUILDER_REGISTRY}:coco-guest-components-$(get_from_kata_deps ".externals.coco-guest-components.toolchain")-$(get_last_modification ${coco_guest_components_script_dir})-$(uname -m)"
|
||||
}
|
||||
|
||||
get_pause_image_name() {
|
||||
|
@@ -18,7 +18,7 @@ container_image="${AGENT_CONTAINER_BUILDER:-$(get_agent_image_name)}"
|
||||
|
||||
docker pull ${container_image} || \
|
||||
(docker $BUILDX build $PLATFORM \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps ".languages.rust.meta.newest-version")" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
@@ -26,7 +26,7 @@ cloud_hypervisor_pull_ref_branch="${cloud_hypervisor_pull_ref_branch:-main}"
|
||||
|
||||
if [ -z "$cloud_hypervisor_repo" ]; then
|
||||
info "Get cloud_hypervisor information from runtime versions.yaml"
|
||||
cloud_hypervisor_url=$(get_from_kata_deps "assets.hypervisor.cloud_hypervisor.url")
|
||||
cloud_hypervisor_url=$(get_from_kata_deps ".assets.hypervisor.cloud_hypervisor.url")
|
||||
[ -n "$cloud_hypervisor_url" ] || die "failed to get cloud_hypervisor url"
|
||||
cloud_hypervisor_repo="${cloud_hypervisor_url}.git"
|
||||
fi
|
||||
@@ -36,7 +36,7 @@ if [ -n "$cloud_hypervisor_pr" ]; then
|
||||
force_build_from_source=true
|
||||
cloud_hypervisor_version="PR $cloud_hypervisor_pr"
|
||||
else
|
||||
[ -n "$cloud_hypervisor_version" ] || cloud_hypervisor_version=$(get_from_kata_deps "assets.hypervisor.cloud_hypervisor.version")
|
||||
[ -n "$cloud_hypervisor_version" ] || cloud_hypervisor_version=$(get_from_kata_deps ".assets.hypervisor.cloud_hypervisor.version")
|
||||
[ -n "$cloud_hypervisor_version" ] || die "failed to get cloud_hypervisor version"
|
||||
fi
|
||||
|
||||
|
@@ -20,9 +20,9 @@ coco_guest_components_version="${coco_guest_components_version:-}"
|
||||
coco_guest_components_toolchain="${coco_guest_components_toolchain:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
[ -n "${coco_guest_components_repo}" ] || coco_guest_components_repo=$(get_from_kata_deps "externals.coco-guest-components.url")
|
||||
[ -n "${coco_guest_components_version}" ] || coco_guest_components_version=$(get_from_kata_deps "externals.coco-guest-components.version")
|
||||
[ -n "${coco_guest_components_toolchain}" ] || coco_guest_components_toolchain=$(get_from_kata_deps "externals.coco-guest-components.toolchain")
|
||||
[ -n "${coco_guest_components_repo}" ] || coco_guest_components_repo=$(get_from_kata_deps ".externals.coco-guest-components.url")
|
||||
[ -n "${coco_guest_components_version}" ] || coco_guest_components_version=$(get_from_kata_deps ".externals.coco-guest-components.version")
|
||||
[ -n "${coco_guest_components_toolchain}" ] || coco_guest_components_toolchain=$(get_from_kata_deps ".externals.coco-guest-components.toolchain")
|
||||
|
||||
[ -n "${coco_guest_components_repo}" ] || die "Failed to get coco-guest-components repo"
|
||||
[ -n "${coco_guest_components_version}" ] || die "Failed to get coco-guest-components version or commit"
|
||||
|
@@ -20,10 +20,10 @@ firecracker_version="${firecracker_version:-}"
|
||||
|
||||
arch=$(uname -m)
|
||||
|
||||
[ -n "$firecracker_url" ] ||firecracker_url=$(get_from_kata_deps "assets.hypervisor.firecracker.url")
|
||||
[ -n "$firecracker_url" ] ||firecracker_url=$(get_from_kata_deps ".assets.hypervisor.firecracker.url")
|
||||
[ -n "$firecracker_url" ] || die "failed to get firecracker url"
|
||||
|
||||
[ -n "$firecracker_version" ] || firecracker_version=$(get_from_kata_deps "assets.hypervisor.firecracker.version")
|
||||
[ -n "$firecracker_version" ] || firecracker_version=$(get_from_kata_deps ".assets.hypervisor.firecracker.version")
|
||||
[ -n "$firecracker_version" ] || die "failed to get firecracker version"
|
||||
|
||||
firecracker_tarball_url="${firecracker_url}/releases/download"
|
||||
|
@@ -22,10 +22,10 @@ lvm2_repo="${lvm2_repo:-}"
|
||||
lvm2_version="${lvm2_version:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
[ -n "${cryptsetup_repo}" ] || cryptsetup_repo=$(get_from_kata_deps "externals.cryptsetup.url")
|
||||
[ -n "${cryptsetup_version}" ] || cryptsetup_version=$(get_from_kata_deps "externals.cryptsetup.version")
|
||||
[ -n "${lvm2_repo}" ] || lvm2_repo=$(get_from_kata_deps "externals.lvm2.url")
|
||||
[ -n "${lvm2_version}" ] || lvm2_version=$(get_from_kata_deps "externals.lvm2.version")
|
||||
[ -n "${cryptsetup_repo}" ] || cryptsetup_repo=$(get_from_kata_deps ".externals.cryptsetup.url")
|
||||
[ -n "${cryptsetup_version}" ] || cryptsetup_version=$(get_from_kata_deps ".externals.cryptsetup.version")
|
||||
[ -n "${lvm2_repo}" ] || lvm2_repo=$(get_from_kata_deps ".externals.lvm2.url")
|
||||
[ -n "${lvm2_version}" ] || lvm2_version=$(get_from_kata_deps ".externals.lvm2.version")
|
||||
|
||||
[ -n "${cryptsetup_repo}" ] || die "Failed to get cryptsetup repo"
|
||||
[ -n "${cryptsetup_version}" ] || die "Failed to get cryptsetup version"
|
||||
|
@@ -18,9 +18,9 @@ nydus_url="${nydus_url:-}"
|
||||
nydus_version="${nydus_version:-}"
|
||||
|
||||
info "Get nydus information from runtime versions.yaml"
|
||||
[ -n "$nydus_url" ] || nydus_url=$(get_from_kata_deps "externals.nydus.url")
|
||||
[ -n "$nydus_url" ] || nydus_url=$(get_from_kata_deps ".externals.nydus.url")
|
||||
[ -n "$nydus_url" ] || die "failed to get nydus url"
|
||||
[ -n "$nydus_version" ] || nydus_version=$(get_from_kata_deps "externals.nydus.version")
|
||||
[ -n "$nydus_version" ] || nydus_version=$(get_from_kata_deps ".externals.nydus.version")
|
||||
[ -n "$nydus_version" ] || die "failed to get nydus version"
|
||||
|
||||
nydus_tarball_url="${nydus_url}/releases/download"
|
||||
|
@@ -24,23 +24,23 @@ ovmf_package="${ovmf_package:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
if [ -z "$ovmf_repo" ]; then
|
||||
ovmf_repo=$(get_from_kata_deps "externals.ovmf.url")
|
||||
ovmf_repo=$(get_from_kata_deps ".externals.ovmf.url")
|
||||
fi
|
||||
|
||||
[ -n "$ovmf_repo" ] || die "failed to get ovmf repo"
|
||||
|
||||
if [ "${ovmf_build}" == "x86_64" ]; then
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.x86_64.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.x86_64.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.x86_64.package_output_dir")
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps ".externals.ovmf.x86_64.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps ".externals.ovmf.x86_64.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps ".externals.ovmf.x86_64.package_output_dir")
|
||||
elif [ "${ovmf_build}" == "sev" ]; then
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.sev.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.sev.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.sev.package_output_dir")
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps ".externals.ovmf.sev.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps ".externals.ovmf.sev.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps ".externals.ovmf.sev.package_output_dir")
|
||||
elif [ "${ovmf_build}" == "tdx" ]; then
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.tdx.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.tdx.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.tdx.package_output_dir")
|
||||
[ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps ".externals.ovmf.tdx.version")
|
||||
[ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps ".externals.ovmf.tdx.package")
|
||||
[ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps ".externals.ovmf.tdx.package_output_dir")
|
||||
fi
|
||||
|
||||
[ -n "$ovmf_version" ] || die "failed to get ovmf version or commit"
|
||||
|
@@ -19,8 +19,8 @@ pause_image_repo="${pause_image_repo:-}"
|
||||
pause_image_version="${pause_image_version:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
[ -n "${pause_image_repo}" ] || pause_image_repo=$(get_from_kata_deps "externals.pause.repo")
|
||||
[ -n "${pause_image_version}" ] || pause_image_version=$(get_from_kata_deps "externals.pause.version")
|
||||
[ -n "${pause_image_repo}" ] || pause_image_repo=$(get_from_kata_deps ".externals.pause.repo")
|
||||
[ -n "${pause_image_version}" ] || pause_image_version=$(get_from_kata_deps ".externals.pause.version")
|
||||
|
||||
[ -n "${pause_image_repo}" ] || die "Failed to get pause image repo"
|
||||
[ -n "${pause_image_version}" ] || die "Failed to get pause image version or commit"
|
||||
|
@@ -17,13 +17,13 @@ qemu_version="${qemu_version:-}"
|
||||
|
||||
if [ -z "$qemu_repo" ]; then
|
||||
info "Get qemu information from runtime versions.yaml"
|
||||
qemu_url=$(get_from_kata_deps "assets.hypervisor.qemu.url")
|
||||
qemu_url=$(get_from_kata_deps ".assets.hypervisor.qemu.url")
|
||||
[ -n "$qemu_url" ] || die "failed to get qemu url"
|
||||
qemu_repo="${qemu_url}.git"
|
||||
fi
|
||||
[ -n "$qemu_repo" ] || die "failed to get qemu repo"
|
||||
|
||||
[ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.version")
|
||||
[ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps ".assets.hypervisor.qemu.version")
|
||||
[ -n "$qemu_version" ] || die "failed to get qemu version"
|
||||
|
||||
"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "" "kata-static-qemu.tar.gz"
|
||||
|
@@ -18,11 +18,11 @@ source "${script_dir}/../../scripts/lib.sh"
|
||||
|
||||
info "Get stratovirt information from runtime versions.yaml"
|
||||
stratovirt_url="${stratovirt_url:-}"
|
||||
[ -n "$stratovirt_url" ] || stratovirt_url=$(get_from_kata_deps "assets.hypervisor.stratovirt.url")
|
||||
[ -n "$stratovirt_url" ] || stratovirt_url=$(get_from_kata_deps ".assets.hypervisor.stratovirt.url")
|
||||
[ -n "$stratovirt_url" ] || die "failed to get stratovirt url"
|
||||
|
||||
stratovirt_version="${stratovirt_version:-}"
|
||||
[ -n "$stratovirt_version" ] || stratovirt_version=$(get_from_kata_deps "assets.hypervisor.stratovirt.version")
|
||||
[ -n "$stratovirt_version" ] || stratovirt_version=$(get_from_kata_deps ".assets.hypervisor.stratovirt.version")
|
||||
[ -n "$stratovirt_version" ] || die "failed to get stratovirt version"
|
||||
|
||||
pull_stratovirt_released_binary() {
|
||||
|
@@ -20,7 +20,7 @@ container_image="${TOOLS_CONTAINER_BUILDER:-$(get_tools_image_name)}"
|
||||
|
||||
docker pull ${container_image} || \
|
||||
(docker $BUILDX build $PLATFORM \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps ".languages.rust.meta.newest-version")" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
@@ -23,10 +23,10 @@ virtiofsd_toolchain="${virtiofsd_toolchain:-}"
|
||||
virtiofsd_zip="${virtiofsd_zip:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url")
|
||||
[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version")
|
||||
[ -n "${virtiofsd_toolchain}" ] || virtiofsd_toolchain=$(get_from_kata_deps "externals.virtiofsd.toolchain")
|
||||
[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary")
|
||||
[ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps ".externals.virtiofsd.url")
|
||||
[ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps ".externals.virtiofsd.version")
|
||||
[ -n "${virtiofsd_toolchain}" ] || virtiofsd_toolchain=$(get_from_kata_deps ".externals.virtiofsd.toolchain")
|
||||
[ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps ".externals.virtiofsd.meta.binary")
|
||||
|
||||
[ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo"
|
||||
[ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit"
|
||||
|
Reference in New Issue
Block a user