Bump steve and dashboard

fix text incorrect

.drone.yml

@@ -96,6 +96,21 @@ steps:
     event:
     - push
 
+- name: image-scan-head
+  image: aquasec/trivy
+  commands:
+  - trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL --scanners vuln --exit-code 1 cnrancher/kube-explorer:head-linux-amd64
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  when:
+    ref:
+      include:
+      - "refs/heads/main"
+      - "refs/heads/v*"
+    event:
+    - push
+
 - name: docker-publish
   pull: default
   image: plugins/docker

Dockerfile.dapper

@@ -1,28 +1,23 @@
-FROM golang:1.17
+FROM registry.suse.com/bci/golang:1.19
 
 ARG DAPPER_HOST_ARCH
 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
 
-RUN apt-get update && \
-    apt-get install -y ca-certificates git wget curl xz-utils && \
-    rm -f /bin/sh && ln -s /bin/bash /bin/sh && \
-    curl -sL https://github.com/upx/upx/releases/download/v3.96/upx-3.96-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
+RUN zypper -n install ca-certificates git-core wget curl unzip tar vim less file xz
+RUN zypper install -y -f docker
+
+ENV UPX_VERSION 4.0.2
+RUN curl -sL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
     mv /tmp/upx /usr/bin/
 
 RUN if [ "${ARCH}" == "amd64" ]; then \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.43.0; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.49.0; \
     fi
 
-ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
-    DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \
-    DOCKER_URL_arm64=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm64 \
-    DOCKER_URL=DOCKER_URL_${ARCH}
-RUN wget -O - ${!DOCKER_URL} > /usr/bin/docker && chmod +x /usr/bin/docker
-
-ENV GIT_COMMIT="26e14afc0b652b0363fc38e05ef28aa99d26694c" \
-    GIT_BRANCH="ke/v0.2" \
-    GIT_SOURCE="/go/src/github.com/rancher/steve" \
-    CATTLE_DASHBOARD_UI_VERSION="v2.6.7-kube-explorer-ui-rc2"
+ENV GIT_COMMIT="5d9667043a7b0b1541743dad47949df489b8ad04" \
+    GIT_BRANCH="ke/v0.3" \
+    GIT_SOURCE=${GOPATH}/src/github.com/rancher/steve \
+    CATTLE_DASHBOARD_UI_VERSION="v2.7.5-kube-explorer-ui-rc7"
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS
 ENV DAPPER_SOURCE /opt/kube-explorer

deploy/kubectl/README.md

@@ -0,0 +1,12 @@
+## Access Control Via Basic Auth
+
+Deploy the kube-explorer workload:
+
+```
+kubectl create -f .
+```
+
+Configure for different IngressClass:
+
+- [Nginx Ingress](./nginx-auth)
+- [Traefik Ingress](./traefik-v2-auth)

deploy/kubectl/nginx-auth/README.md

@@ -1,4 +1,4 @@
-## Traefik Auth
+## Ingress-Nginx Basic Auth
 
 This can be used in the cluster which uses the nginx-ingress.
 
@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+kubectl create -f ./secret.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

deploy/kubectl/nginx-auth/ingress.yaml.tpl

@@ -1,8 +1,8 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: kube-explorer
@@ -10,16 +10,18 @@ metadata:
   labels:
     app: kube-explorer
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-secret: kube-explorer
     nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - kube-explorer'
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /
+        pathType: Prefix
         backend:
-          serviceName: kube-explorer
-          servicePort: 8989
+          service:
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v1-auth/README.md

@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+kubectl create -f ./secret.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://doc.traefik.io/traefik/v1.7/configuration/backends/kubernetes/

deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl

@@ -1,5 +1,5 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
 apiVersion: networking.k8s.io/v1beta1
@@ -16,7 +16,7 @@ metadata:
     ingress.kubernetes.io/auth-remove-header: "true"
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /

deploy/kubectl/traefik-v2-auth/README.md

@@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in K3s, as K3s use traefik as the default ingress class.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl create -f ./middleware.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
+```
+
+For more infos: https://doc.traefik.io/traefik/middlewares/http/basicauth/

deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl

@@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use sslip.io.io: https://sslip.io.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-kube-explorer@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v2-auth/middleware.yaml

@@ -0,0 +1,28 @@
+# The definitions below require the definitions for the Middleware and IngressRoute kinds.
+# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+spec:
+  basicAuth:
+    secret: kube-explorer
+    removeHeader: true
+
+---
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque

package/Dockerfile

@@ -1,6 +1,4 @@
-FROM alpine:3.13
+FROM registry.suse.com/bci/bci-minimal:15.5
 
 COPY kube-explorer entrypoint.sh /usr/bin/
-# Hack to make golang do files,dns search order
-ENV LOCALDOMAIN=""
 ENTRYPOINT ["entrypoint.sh"]

scripts/build

@@ -40,7 +40,7 @@ else
 fi
 
 for f in $(ls ./bin/); do
-    if [[ $f != *darwin-arm64 ]]; then
+    if [[ $f != *darwin* ]]; then
         upx -o $DAPPER_SOURCE/bin/$f bin/$f || true
     fi
     if [ -f $DAPPER_SOURCE/bin/$f ]; then

scripts/download

@@ -10,7 +10,7 @@ git reset --hard ${GIT_COMMIT}
 
 mkdir -p pkg/ui/ui/dashboard
 cd pkg/ui/ui/dashboard
-curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.6-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | tar xvzf - --strip-components=2
+curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.7-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | tar xvzf - --strip-components=2
 cp index.html ../index.html
 
 popd