init core linkerd packages (#31209)

init bunch of core linkerd packages which will power core linkerd images. --------- Signed-off-by: kranurag7 <[email protected]>
wolfi-dev · Oct 23, 2024 · 0576ed2 · 0576ed2
1 parent a19ae3f
commit 0576ed2
Show file tree

Hide file tree

Showing 5 changed files with 264 additions and 23 deletions.
diff --git a/linkerd-await.yaml b/linkerd-await.yaml
@@ -1,7 +1,7 @@
 package:
   name: linkerd-await
   version: 0.2.9
-  epoch: 1
+  epoch: 2
   description: "A program that blocks on linkerd readiness"
   copyright:
     - license: Apache-2.0
@@ -10,10 +10,6 @@ environment:
   contents:
     packages:
       - build-base
-      - busybox
-      - ca-certificates-bundle
-      - cargo-auditable
-      - rust
 
 pipeline:
   - uses: git-checkout
@@ -22,11 +18,12 @@ pipeline:
       tag: release/v${{package.version}}
       expected-commit: 6a1c017f93f0268bc31c291746e2e7a0a882c65f
 
-  - runs: |
-      cargo fetch
-      cargo auditable build --frozen --release
-      mkdir -p ${{targets.destdir}}/usr/bin
-      mv target/release/linkerd-await ${{targets.destdir}}/usr/bin
+  - name: build linkerd-await
+    uses: cargo/build
+    with:
+      modroot: .
+      output: linkerd-await
+      install-dir: lib/linkerd
 
   - uses: strip
 
@@ -39,4 +36,4 @@ update:
 test:
   pipeline:
     - runs: |
-        linkerd-await --version | grep ${{package.version}}
+        /usr/lib/linkerd/linkerd-await --version | grep ${{package.version}}
diff --git a/linkerd-network-validator.yaml b/linkerd-network-validator.yaml
@@ -1,7 +1,7 @@
 package:
   name: linkerd-network-validator
   version: 0.1.2
-  epoch: 2
+  epoch: 3
   description: "A program that validates linkerd networks"
   copyright:
     - license: Apache-2.0
@@ -30,8 +30,8 @@ pipeline:
       cargo auditable build --frozen --release
 
       cd ..
-      mkdir -p ${{targets.destdir}}/usr/bin
-      mv target/release/linkerd-network-validator ${{targets.destdir}}/usr/bin
+      mkdir -p ${{targets.destdir}}/usr/lib/linkerd
+      mv target/release/linkerd-network-validator ${{targets.destdir}}/usr/lib/linkerd/linkerd2-network-validator
 
   - uses: strip
 
@@ -45,5 +45,5 @@ update:
 test:
   pipeline:
     - runs: |
-        linkerd-network-validator --version | grep ${{package.version}}
-        linkerd-network-validator --help
+        /usr/lib/linkerd/linkerd2-network-validator --version | grep ${{package.version}}
+        /usr/lib/linkerd/linkerd2-network-validator --help
diff --git a/linkerd2-proxy-init.yaml b/linkerd2-proxy-init.yaml
@@ -0,0 +1,64 @@
+package:
+  name: linkerd2-proxy-init
+  version: 2.4.1
+  epoch: 0
+  description: "Init container that sets up the iptables rules to forward traffic into the Linkerd2 sidecar proxy"
+  copyright:
+    - license: Apache-2.0
+  dependencies:
+    runtime:
+      - ip6tables
+      - iptables-xtables-privileged
+      - libcap
+      - libcap-utils
+
+environment:
+  contents:
+    packages:
+      - libcap-utils
+
+pipeline:
+  - uses: git-checkout
+    with:
+      expected-commit: 1fd76aecbf026032b36c38ed5a9d0442a6214d36
+      repository: https://github.com/linkerd/linkerd2-proxy-init
+      tag: proxy-init/v${{package.version}}
+
+  - uses: go/build
+    with:
+      packages: ./proxy-init/main.go
+      tags: prod
+      output: proxy-init
+
+  - name: set file capabilities
+    runs: |
+      setcap cap_net_raw,cap_net_admin+eip ${{targets.contextdir}}/usr/bin/proxy-init
+
+subpackages:
+  - name: ${{package.name}}-compat
+    description: "upstream image have executable placed at /"
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}/run
+          mkdir -p ${{targets.contextdir}}/usr/local/bin
+          ln -sf /usr/bin/proxy-init ${{targets.contextdir}}/usr/local/bin/proxy-init
+          touch ${{targets.contextdir}}/run/xtables.lock
+          chmod 0666 ${{targets.contextdir}}/run/xtables.lock
+
+update:
+  enabled: true
+  github:
+    identifier: linkerd/linkerd2-proxy-init
+    tag-filter: proxy-init/v
+    strip-prefix: proxy-init/v
+
+test:
+  environment:
+    contents:
+      packages:
+        - libcap-utils
+  pipeline:
+    - name: help message
+      runs: |
+        # the executable have a --help flag, use that when GHA and elastic are in sync
+        stat /usr/bin/proxy-init
diff --git a/linkerd2-proxy.yaml b/linkerd2-proxy.yaml
@@ -1,7 +1,7 @@
 package:
   name: linkerd2-proxy
   version: 2.259.0
-  epoch: 0
+  epoch: 1
   description: "A program that validates linkerd networks"
   copyright:
     - license: Apache-2.0
@@ -17,6 +17,8 @@ environment:
       - cmake
       - openssf-compiler-options
       - rust
+  environment:
+    RUSTFLAGS: "--cfg tokio_unstable"
 
 pipeline:
   - uses: git-checkout
@@ -26,14 +28,13 @@ pipeline:
       expected-commit: 9abbaeacd0774b0bd57e38fb7ad3eec908ca2839
 
   - runs: |
-      export RUSTFLAGS="$RUSTFLAGS --cfg tokio_unstable"
       cargo fetch
       cargo auditable build --frozen --release --package=linkerd2-proxy
 
-      mkdir -p ${{targets.destdir}}/usr/bin
-      mv target/release/linkerd2-proxy ${{targets.destdir}}/usr/bin
+      mkdir -p ${{targets.destdir}}/usr/lib/linkerd
+      mv target/release/linkerd2-proxy ${{targets.destdir}}/usr/lib/linkerd
       # Other packages expect this version to be declared next to the binary, it doesn't have a version subcommand.
-      echo ${{package.version}} > ${{targets.destdir}}/usr/bin/linkerd2-proxy-version.txt
+      echo ${{package.version}} > ${{targets.destdir}}/usr/lib/linkerd/linkerd2-proxy-version.txt
 
   - uses: strip
 
@@ -48,5 +49,5 @@ test:
   pipeline:
     - runs: |
         # There aren't really any flags here to get the version so just run and look for the right error
-        /usr/bin/linkerd2-proxy 2>&1 | grep "no destination service configured"
-        cat /usr/bin/linkerd2-proxy-version.txt | grep "${{package.version}}"
+        /usr/lib/linkerd/linkerd2-proxy 2>&1 | grep "no destination service configured"
+        cat /usr/lib/linkerd/linkerd2-proxy-version.txt | grep "${{package.version}}"
diff --git a/linkerd2.yaml b/linkerd2.yaml
@@ -0,0 +1,179 @@
+package:
+  name: linkerd2
+  version: 24.10.3
+  epoch: 0
+  description: "meta linkerd package"
+  copyright:
+    - license: Apache-2.0
+
+environment:
+  contents:
+    packages:
+      - build-base
+      - busybox
+      - ca-certificates-bundle
+      - cargo-auditable
+      - clang
+      - cmake
+      - nodejs
+      - openssf-compiler-options
+      - openssl-dev
+      - perl-dev
+      - rust
+      - yarn
+
+pipeline:
+  - uses: git-checkout
+    with:
+      expected-commit: 64130e1eb5313a4b15c5b279edeb6f263b70fdd5
+      repository: https://github.com/linkerd/linkerd2/
+      tag: edge-${{package.version}}
+
+subpackages:
+  - name: ${{package.name}}-web
+    pipeline:
+      - runs: |
+          ./bin/web setup install --frozen-lockfile
+          ./bin/web build
+          go build -mod=readonly -o web/web -ldflags "-w" ./web
+          mkdir -p ${{targets.contextdir}}/app
+          mkdir -p ${{targets.contextdir}}/templates
+          cp -r ./web/app/dist ${{targets.contextdir}}/app
+          cp -r ./web/templates ${{targets.contextdir}}/
+          cp ./web/web ${{targets.contextdir}}/
+    test:
+      pipeline:
+        - name: version and help message
+          runs: |
+            /web -version
+            /web -help
+            /web 2>&1 | grep 'starting admin server'
+
+  - name: ${{package.name}}-cli
+    pipeline:
+      - runs: |
+          go generate -mod=readonly ./pkg/charts/static
+          go generate -mod=readonly ./jaeger/static
+          go generate -mod=readonly ./multicluster/static
+          go generate -mod=readonly ./viz/static
+      - uses: go/build
+        with:
+          packages: ./cli
+          tags: prod
+          output: linkerd
+          ldflags: -X github.com/linkerd/linkerd2/pkg/version.Version=edge-${{package.version}}
+    test:
+      pipeline:
+        - name: linkerd version check
+          runs: linkerd version --client | grep ${{package.version}}
+
+  - name: ${{package.name}}-proxy-identity
+    pipeline:
+      - uses: go/build
+        with:
+          packages: ./proxy-identity/main.go
+          output: linkerd2-proxy-identity
+          install-dir: lib/linkerd
+    test:
+      pipeline:
+        - name: check presence of required files
+          runs: |
+            # executable doesn't have help or version flag.
+            stat /usr/lib/linkerd/linkerd2-proxy-identity
+
+  - name: ${{package.name}}-controller
+    pipeline:
+      - runs: |
+          go generate -mod=readonly ./pkg/charts/static
+      - uses: go/build
+        with:
+          packages: ./controller/cmd/main.go
+          tags: prod
+          output: controller
+    test:
+      pipeline:
+        - name: check presence of required files
+          runs: |
+            # executable doesn't have help or version flag.
+            stat /usr/bin/controller
+
+  - name: ${{package.name}}-controller-compat
+    description: "upstream image have executable placed at /"
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}/
+          ln -sf /usr/bin/controller ${{targets.contextdir}}/controller
+
+  - name: ${{package.name}}-policy-controller
+    pipeline:
+      - runs: |
+          export RUSTFLAGS="$RUSTFLAGS --cfg tokio_unstable"
+          cargo fetch
+          cargo auditable build --frozen --release --package=linkerd-policy-controller
+          mkdir -p ${{targets.contextdir}}/usr/bin
+          mv ./target/release/linkerd-policy-controller ${{targets.contextdir}}/usr/bin
+      - uses: strip
+    test:
+      pipeline:
+        - name: check presence of required files
+          runs: |
+            # executable doesn't have help or version flag.
+            stat /usr/bin/linkerd-policy-controller
+
+  - name: ${{package.name}}-policy-controller-compat
+    description: "upstream image have executable placed at /bin"
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}/bin/
+          ln -sf /usr/bin/linkerd-policy-controller ${{targets.contextdir}}/bin/linkerd-policy-controller
+
+  - name: ${{package.name}}-metrics-api
+    dependencies:
+      runtime:
+        - ca-certificates-bundle
+    pipeline:
+      - uses: go/build
+        with:
+          packages: ./viz/metrics-api/cmd/main.go
+          tags: prod
+          output: metrics-api
+    test:
+      pipeline:
+        - name: version and help message
+          runs: |
+            /usr/bin/metrics-api -version
+            /usr/bin/metrics-api -help
+
+  - name: ${{package.name}}-metrics-api-compat
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}
+          ln -sf /usr/bin/metrics-api ${{targets.contextdir}}/metrics-api
+
+  - name: ${{package.name}}-tap
+    pipeline:
+      - uses: go/build
+        with:
+          packages: ./viz/tap/cmd/main.go
+          tags: prod
+          output: tap
+    test:
+      pipeline:
+        - runs: |
+            # executable doesn't have help or version flags
+            # it only take two args https://github.com/linkerd/linkerd2/blob/main/viz/tap/cmd/main.go (to be run inside kubernetes)
+            stat /usr/bin/tap
+            /usr/bin/tap api 2>&1 | grep "starting admin server"
+
+  - name: ${{package.name}}-tap-compat
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}
+          ln -sf /usr/bin/tap ${{targets.contextdir}}/tap
+
+update:
+  enabled: true
+  github:
+    identifier: linkerd/linkerd2
+    tag-filter: edge-
+    strip-prefix: edge-