From 0576ed23d36b082e9bb9b0afb7a215eb5f00bb10 Mon Sep 17 00:00:00 2001 From: kranurag7 <81210977+kranurag7@users.noreply.github.com> Date: Wed, 23 Oct 2024 22:21:20 +0530 Subject: [PATCH] init core linkerd packages (#31209) init bunch of core linkerd packages which will power core linkerd images. --------- Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> --- linkerd-await.yaml | 19 ++-- linkerd-network-validator.yaml | 10 +- linkerd2-proxy-init.yaml | 64 ++++++++++++ linkerd2-proxy.yaml | 15 +-- linkerd2.yaml | 179 +++++++++++++++++++++++++++++++++ 5 files changed, 264 insertions(+), 23 deletions(-) create mode 100644 linkerd2-proxy-init.yaml create mode 100644 linkerd2.yaml diff --git a/linkerd-await.yaml b/linkerd-await.yaml index 7388011603a..3ac791e50d2 100644 --- a/linkerd-await.yaml +++ b/linkerd-await.yaml @@ -1,7 +1,7 @@ package: name: linkerd-await version: 0.2.9 - epoch: 1 + epoch: 2 description: "A program that blocks on linkerd readiness" copyright: - license: Apache-2.0 @@ -10,10 +10,6 @@ environment: contents: packages: - build-base - - busybox - - ca-certificates-bundle - - cargo-auditable - - rust pipeline: - uses: git-checkout @@ -22,11 +18,12 @@ pipeline: tag: release/v${{package.version}} expected-commit: 6a1c017f93f0268bc31c291746e2e7a0a882c65f - - runs: | - cargo fetch - cargo auditable build --frozen --release - mkdir -p ${{targets.destdir}}/usr/bin - mv target/release/linkerd-await ${{targets.destdir}}/usr/bin + - name: build linkerd-await + uses: cargo/build + with: + modroot: . + output: linkerd-await + install-dir: lib/linkerd - uses: strip @@ -39,4 +36,4 @@ update: test: pipeline: - runs: | - linkerd-await --version | grep ${{package.version}} + /usr/lib/linkerd/linkerd-await --version | grep ${{package.version}} diff --git a/linkerd-network-validator.yaml b/linkerd-network-validator.yaml index 8a948fb9dea..2f62e6efde3 100644 --- a/linkerd-network-validator.yaml +++ b/linkerd-network-validator.yaml @@ -1,7 +1,7 @@ package: name: linkerd-network-validator version: 0.1.2 - epoch: 2 + epoch: 3 description: "A program that validates linkerd networks" copyright: - license: Apache-2.0 @@ -30,8 +30,8 @@ pipeline: cargo auditable build --frozen --release cd .. - mkdir -p ${{targets.destdir}}/usr/bin - mv target/release/linkerd-network-validator ${{targets.destdir}}/usr/bin + mkdir -p ${{targets.destdir}}/usr/lib/linkerd + mv target/release/linkerd-network-validator ${{targets.destdir}}/usr/lib/linkerd/linkerd2-network-validator - uses: strip @@ -45,5 +45,5 @@ update: test: pipeline: - runs: | - linkerd-network-validator --version | grep ${{package.version}} - linkerd-network-validator --help + /usr/lib/linkerd/linkerd2-network-validator --version | grep ${{package.version}} + /usr/lib/linkerd/linkerd2-network-validator --help diff --git a/linkerd2-proxy-init.yaml b/linkerd2-proxy-init.yaml new file mode 100644 index 00000000000..1547ef9390a --- /dev/null +++ b/linkerd2-proxy-init.yaml @@ -0,0 +1,64 @@ +package: + name: linkerd2-proxy-init + version: 2.4.1 + epoch: 0 + description: "Init container that sets up the iptables rules to forward traffic into the Linkerd2 sidecar proxy" + copyright: + - license: Apache-2.0 + dependencies: + runtime: + - ip6tables + - iptables-xtables-privileged + - libcap + - libcap-utils + +environment: + contents: + packages: + - libcap-utils + +pipeline: + - uses: git-checkout + with: + expected-commit: 1fd76aecbf026032b36c38ed5a9d0442a6214d36 + repository: https://github.com/linkerd/linkerd2-proxy-init + tag: proxy-init/v${{package.version}} + + - uses: go/build + with: + packages: ./proxy-init/main.go + tags: prod + output: proxy-init + + - name: set file capabilities + runs: | + setcap cap_net_raw,cap_net_admin+eip ${{targets.contextdir}}/usr/bin/proxy-init + +subpackages: + - name: ${{package.name}}-compat + description: "upstream image have executable placed at /" + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}}/run + mkdir -p ${{targets.contextdir}}/usr/local/bin + ln -sf /usr/bin/proxy-init ${{targets.contextdir}}/usr/local/bin/proxy-init + touch ${{targets.contextdir}}/run/xtables.lock + chmod 0666 ${{targets.contextdir}}/run/xtables.lock + +update: + enabled: true + github: + identifier: linkerd/linkerd2-proxy-init + tag-filter: proxy-init/v + strip-prefix: proxy-init/v + +test: + environment: + contents: + packages: + - libcap-utils + pipeline: + - name: help message + runs: | + # the executable have a --help flag, use that when GHA and elastic are in sync + stat /usr/bin/proxy-init diff --git a/linkerd2-proxy.yaml b/linkerd2-proxy.yaml index 99744bd0811..a178f22b164 100644 --- a/linkerd2-proxy.yaml +++ b/linkerd2-proxy.yaml @@ -1,7 +1,7 @@ package: name: linkerd2-proxy version: 2.259.0 - epoch: 0 + epoch: 1 description: "A program that validates linkerd networks" copyright: - license: Apache-2.0 @@ -17,6 +17,8 @@ environment: - cmake - openssf-compiler-options - rust + environment: + RUSTFLAGS: "--cfg tokio_unstable" pipeline: - uses: git-checkout @@ -26,14 +28,13 @@ pipeline: expected-commit: 9abbaeacd0774b0bd57e38fb7ad3eec908ca2839 - runs: | - export RUSTFLAGS="$RUSTFLAGS --cfg tokio_unstable" cargo fetch cargo auditable build --frozen --release --package=linkerd2-proxy - mkdir -p ${{targets.destdir}}/usr/bin - mv target/release/linkerd2-proxy ${{targets.destdir}}/usr/bin + mkdir -p ${{targets.destdir}}/usr/lib/linkerd + mv target/release/linkerd2-proxy ${{targets.destdir}}/usr/lib/linkerd # Other packages expect this version to be declared next to the binary, it doesn't have a version subcommand. - echo ${{package.version}} > ${{targets.destdir}}/usr/bin/linkerd2-proxy-version.txt + echo ${{package.version}} > ${{targets.destdir}}/usr/lib/linkerd/linkerd2-proxy-version.txt - uses: strip @@ -48,5 +49,5 @@ test: pipeline: - runs: | # There aren't really any flags here to get the version so just run and look for the right error - /usr/bin/linkerd2-proxy 2>&1 | grep "no destination service configured" - cat /usr/bin/linkerd2-proxy-version.txt | grep "${{package.version}}" + /usr/lib/linkerd/linkerd2-proxy 2>&1 | grep "no destination service configured" + cat /usr/lib/linkerd/linkerd2-proxy-version.txt | grep "${{package.version}}" diff --git a/linkerd2.yaml b/linkerd2.yaml new file mode 100644 index 00000000000..fb0e4dadb3a --- /dev/null +++ b/linkerd2.yaml @@ -0,0 +1,179 @@ +package: + name: linkerd2 + version: 24.10.3 + epoch: 0 + description: "meta linkerd package" + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - build-base + - busybox + - ca-certificates-bundle + - cargo-auditable + - clang + - cmake + - nodejs + - openssf-compiler-options + - openssl-dev + - perl-dev + - rust + - yarn + +pipeline: + - uses: git-checkout + with: + expected-commit: 64130e1eb5313a4b15c5b279edeb6f263b70fdd5 + repository: https://github.com/linkerd/linkerd2/ + tag: edge-${{package.version}} + +subpackages: + - name: ${{package.name}}-web + pipeline: + - runs: | + ./bin/web setup install --frozen-lockfile + ./bin/web build + go build -mod=readonly -o web/web -ldflags "-w" ./web + mkdir -p ${{targets.contextdir}}/app + mkdir -p ${{targets.contextdir}}/templates + cp -r ./web/app/dist ${{targets.contextdir}}/app + cp -r ./web/templates ${{targets.contextdir}}/ + cp ./web/web ${{targets.contextdir}}/ + test: + pipeline: + - name: version and help message + runs: | + /web -version + /web -help + /web 2>&1 | grep 'starting admin server' + + - name: ${{package.name}}-cli + pipeline: + - runs: | + go generate -mod=readonly ./pkg/charts/static + go generate -mod=readonly ./jaeger/static + go generate -mod=readonly ./multicluster/static + go generate -mod=readonly ./viz/static + - uses: go/build + with: + packages: ./cli + tags: prod + output: linkerd + ldflags: -X github.com/linkerd/linkerd2/pkg/version.Version=edge-${{package.version}} + test: + pipeline: + - name: linkerd version check + runs: linkerd version --client | grep ${{package.version}} + + - name: ${{package.name}}-proxy-identity + pipeline: + - uses: go/build + with: + packages: ./proxy-identity/main.go + output: linkerd2-proxy-identity + install-dir: lib/linkerd + test: + pipeline: + - name: check presence of required files + runs: | + # executable doesn't have help or version flag. + stat /usr/lib/linkerd/linkerd2-proxy-identity + + - name: ${{package.name}}-controller + pipeline: + - runs: | + go generate -mod=readonly ./pkg/charts/static + - uses: go/build + with: + packages: ./controller/cmd/main.go + tags: prod + output: controller + test: + pipeline: + - name: check presence of required files + runs: | + # executable doesn't have help or version flag. + stat /usr/bin/controller + + - name: ${{package.name}}-controller-compat + description: "upstream image have executable placed at /" + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}}/ + ln -sf /usr/bin/controller ${{targets.contextdir}}/controller + + - name: ${{package.name}}-policy-controller + pipeline: + - runs: | + export RUSTFLAGS="$RUSTFLAGS --cfg tokio_unstable" + cargo fetch + cargo auditable build --frozen --release --package=linkerd-policy-controller + mkdir -p ${{targets.contextdir}}/usr/bin + mv ./target/release/linkerd-policy-controller ${{targets.contextdir}}/usr/bin + - uses: strip + test: + pipeline: + - name: check presence of required files + runs: | + # executable doesn't have help or version flag. + stat /usr/bin/linkerd-policy-controller + + - name: ${{package.name}}-policy-controller-compat + description: "upstream image have executable placed at /bin" + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}}/bin/ + ln -sf /usr/bin/linkerd-policy-controller ${{targets.contextdir}}/bin/linkerd-policy-controller + + - name: ${{package.name}}-metrics-api + dependencies: + runtime: + - ca-certificates-bundle + pipeline: + - uses: go/build + with: + packages: ./viz/metrics-api/cmd/main.go + tags: prod + output: metrics-api + test: + pipeline: + - name: version and help message + runs: | + /usr/bin/metrics-api -version + /usr/bin/metrics-api -help + + - name: ${{package.name}}-metrics-api-compat + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}} + ln -sf /usr/bin/metrics-api ${{targets.contextdir}}/metrics-api + + - name: ${{package.name}}-tap + pipeline: + - uses: go/build + with: + packages: ./viz/tap/cmd/main.go + tags: prod + output: tap + test: + pipeline: + - runs: | + # executable doesn't have help or version flags + # it only take two args https://github.com/linkerd/linkerd2/blob/main/viz/tap/cmd/main.go (to be run inside kubernetes) + stat /usr/bin/tap + /usr/bin/tap api 2>&1 | grep "starting admin server" + + - name: ${{package.name}}-tap-compat + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}} + ln -sf /usr/bin/tap ${{targets.contextdir}}/tap + +update: + enabled: true + github: + identifier: linkerd/linkerd2 + tag-filter: edge- + strip-prefix: edge-