Bump steve and dashboard for Rancher v2.7.2

.drone.yml

@@ -99,7 +99,7 @@ steps:
 - name: image-scan-head
   image: aquasec/trivy
   commands:
-  - trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL --security-checks vuln --exit-code 1 cnrancher/kube-explorer:head-linux-amd64
+  - trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL --scanners vuln --exit-code 1 cnrancher/kube-explorer:head-linux-amd64
   volumes:
   - name: docker
     path: /var/run/docker.sock

Dockerfile.dapper

@@ -1,28 +1,23 @@
-FROM golang:1.19
+FROM registry.suse.com/bci/golang:1.19
 
 ARG DAPPER_HOST_ARCH
 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
 
-RUN apt-get update && \
+RUN zypper -n install ca-certificates git-core wget curl unzip tar vim less file xz
-    apt-get install -y ca-certificates git wget curl xz-utils && \
+RUN zypper install -y -f docker
-    rm -f /bin/sh && ln -s /bin/bash /bin/sh && \
+
-    curl -sL https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
+ENV UPX_VERSION 4.0.2
+RUN curl -sL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
     mv /tmp/upx /usr/bin/
 
 RUN if [ "${ARCH}" == "amd64" ]; then \
     curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.49.0; \
     fi
 
-ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
+ENV GIT_COMMIT="6906cf5ce850ae0bb51f286afaf3c10c5ff506af" \
-    DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \
-    DOCKER_URL_arm64=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm64 \
-    DOCKER_URL=DOCKER_URL_${ARCH}
-RUN wget -O - ${!DOCKER_URL} > /usr/bin/docker && chmod +x /usr/bin/docker
-
-ENV GIT_COMMIT="4bcc9108508cd8112a28903f76bfca2fdd0bfc9d" \
     GIT_BRANCH="ke/v0.3" \
     GIT_SOURCE=${GOPATH}/src/github.com/rancher/steve \
-    CATTLE_DASHBOARD_UI_VERSION="v2.7.0-kube-explorer-ui-rc1"
+    CATTLE_DASHBOARD_UI_VERSION="v2.7.2-kube-explorer-ui-rc1"
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS
 ENV DAPPER_SOURCE /opt/kube-explorer

deploy/kubectl/README.md

@@ -0,0 +1,12 @@
+## Access Control Via Basic Auth
+
+Deploy the kube-explorer workload:
+
+```
+kubectl create -f .
+```
+
+Configure for different IngressClass:
+
+- [Nginx Ingress](./nginx-auth)
+- [Traefik Ingress](./traefik-v2-auth)

deploy/kubectl/nginx-auth/README.md

@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
+kubectl create -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
+export MY_IP=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

deploy/kubectl/nginx-auth/ingress.yaml.tpl

@@ -1,8 +1,8 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: kube-explorer
@@ -10,16 +10,18 @@ metadata:
   labels:
     app: kube-explorer
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-secret: kube-explorer
     nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - kube-explorer'
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /
+        pathType: Prefix
         backend:
-          serviceName: kube-explorer
+          service:
-          servicePort: 8989
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v1-auth/README.md

@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
+kubectl create -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
+export MY_IP=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://doc.traefik.io/traefik/v1.7/configuration/backends/kubernetes/

deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl

@@ -1,5 +1,5 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
 apiVersion: networking.k8s.io/v1beta1
@@ -16,7 +16,7 @@ metadata:
     ingress.kubernetes.io/auth-remove-header: "true"
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /

deploy/kubectl/traefik-v2-auth/README.md

@@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in K3s, as K3s use traefik as the default ingress class.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl create -f ./middleware.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
+```
+
+For more infos: https://doc.traefik.io/traefik/middlewares/http/basicauth/

deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl

@@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use sslip.io.io: https://sslip.io.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-kube-explorer@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v2-auth/middleware.yaml

@@ -0,0 +1,28 @@
+# The definitions below require the definitions for the Middleware and IngressRoute kinds.
+# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+spec:
+  basicAuth:
+    secret: kube-explorer
+    removeHeader: true
+
+---
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque

scripts/build

@@ -40,7 +40,7 @@ else
 fi
 
 for f in $(ls ./bin/); do
-    if [[ $f != *darwin-arm64 ]]; then
+    if [[ $f != *darwin* ]]; then
         upx -o $DAPPER_SOURCE/bin/$f bin/$f || true
     fi
     if [ -f $DAPPER_SOURCE/bin/$f ]; then