You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

259 lines
11 KiB

  1. #!/bin/bash
  2. set -o errexit
  3. set -o pipefail
  4. if [[ ${DEBUG:-false} == "true" ]]; then
  5. set -o xtrace
  6. fi
  7. checksums_file="$(git rev-parse --show-toplevel)/roles/kubespray-defaults/defaults/main/checksums.yml"
  8. downloads_folder=/tmp/kubespray_binaries
  9. function get_versions {
  10. local type="$1"
  11. local name="$2"
  12. # NOTE: Limit in the number of versions to be register in the checksums file
  13. local limit="${3:-7}"
  14. local python_app="${4:-"import sys,re;tags=[tag.rstrip() for tag in sys.stdin if re.match(\'^v?(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$\',tag)];print(\' \'.join(tags[:$limit]))"}"
  15. local version=""
  16. local attempt_counter=0
  17. readonly max_attempts=5
  18. until [ "$version" ]; do
  19. version=$("_get_$type" "$name" "$python_app")
  20. if [ "$version" ]; then
  21. break
  22. elif [ ${attempt_counter} -eq ${max_attempts} ]; then
  23. echo "Max attempts reached"
  24. exit 1
  25. fi
  26. attempt_counter=$((attempt_counter + 1))
  27. sleep $((attempt_counter * 2))
  28. done
  29. echo "${version}"
  30. }
  31. function _get_github_tags {
  32. local repo="$1"
  33. local python_app="$2"
  34. # The number of results per page (max 100).
  35. tags="$(curl -s "https://api.github.com/repos/$repo/tags?per_page=100")"
  36. if [ "$tags" ]; then
  37. echo "$tags" | grep -Po '"name":.*?[^\\]",' | awk -F '"' '{print $4}' | python -c "$python_app"
  38. fi
  39. }
  40. function _vercmp {
  41. local v1=$1
  42. local op=$2
  43. local v2=$3
  44. local result
  45. # sort the two numbers with sort's "-V" argument. Based on if v2
  46. # swapped places with v1, we can determine ordering.
  47. result=$(echo -e "$v1\n$v2" | sort -V | head -1)
  48. case $op in
  49. "==")
  50. [ "$v1" = "$v2" ]
  51. return
  52. ;;
  53. ">")
  54. [ "$v1" != "$v2" ] && [ "$result" = "$v2" ]
  55. return
  56. ;;
  57. "<")
  58. [ "$v1" != "$v2" ] && [ "$result" = "$v1" ]
  59. return
  60. ;;
  61. ">=")
  62. [ "$result" = "$v2" ]
  63. return
  64. ;;
  65. "<=")
  66. [ "$result" = "$v1" ]
  67. return
  68. ;;
  69. *)
  70. echo "unrecognised op: $op"
  71. exit 1
  72. ;;
  73. esac
  74. }
  75. function get_checksums {
  76. local binary="$1"
  77. local version_exceptions="cri_dockerd_archive nerdctl_archive containerd_archive youki"
  78. declare -A skip_archs=(
  79. ["crio_archive"]="arm ppc64le"
  80. ["calicoctl_binary"]="arm"
  81. ["ciliumcli_binary"]="ppc64le"
  82. ["etcd_binary"]="arm"
  83. ["cri_dockerd_archive"]="arm ppc64le"
  84. ["runc"]="arm"
  85. ["crun"]="arm ppc64le"
  86. ["youki"]="arm arm64 ppc64le"
  87. ["kata_containers_binary"]="arm arm64 ppc64le"
  88. ["gvisor_runsc_binary"]="arm ppc64le"
  89. ["gvisor_containerd_shim_binary"]="arm ppc64le"
  90. ["containerd_archive"]="arm"
  91. ["skopeo_binary"]="arm ppc64le"
  92. )
  93. echo "${binary}_checksums:" | tee --append "$checksums_file"
  94. for arch in arm arm64 amd64 ppc64le; do
  95. echo " $arch:" | tee --append "$checksums_file"
  96. for version in "${@:2}"; do
  97. checksum=0
  98. [[ "${skip_archs[$binary]}" == *"$arch"* ]] || checksum=$(_get_checksum "$binary" "$version" "$arch")
  99. [[ "$version_exceptions" != *"$binary"* ]] || version=${version#v}
  100. echo " $version: $checksum" | tee --append "$checksums_file"
  101. done
  102. done
  103. }
  104. function get_krew_archive_checksums {
  105. declare -A archs=(
  106. ["linux"]="arm arm64 amd64"
  107. ["darwin"]="arm64 amd64"
  108. ["windows"]="amd64"
  109. )
  110. echo "krew_archive_checksums:" | tee --append "$checksums_file"
  111. for os in "${!archs[@]}"; do
  112. echo " $os:" | tee --append "$checksums_file"
  113. for arch in arm arm64 amd64 ppc64le; do
  114. echo " $arch:" | tee --append "$checksums_file"
  115. for version in "$@"; do
  116. checksum=0
  117. [[ " ${archs[$os]} " != *" $arch "* ]] || checksum=$(_get_checksum "krew_archive" "$version" "$arch" "$os")
  118. echo " $version: $checksum" | tee --append "$checksums_file"
  119. done
  120. done
  121. done
  122. }
  123. function get_calico_crds_archive_checksums {
  124. echo "calico_crds_archive_checksums:" | tee --append "$checksums_file"
  125. for version in "$@"; do
  126. echo " $version: $(_get_checksum "calico_crds_archive" "$version")" | tee --append "$checksums_file"
  127. done
  128. }
  129. function get_containerd_archive_checksums {
  130. declare -A support_version_history=(
  131. ["arm"]="2"
  132. ["arm64"]="1.6.0"
  133. ["amd64"]="1.5.5"
  134. ["ppc64le"]="1.6.7"
  135. )
  136. echo "containerd_archive_checksums:" | tee --append "$checksums_file"
  137. for arch in arm arm64 amd64 ppc64le; do
  138. echo " $arch:" | tee --append "$checksums_file"
  139. for version in "${@}"; do
  140. _vercmp "${version#v}" '>=' "${support_version_history[$arch]}" && checksum=$(_get_checksum "containerd_archive" "$version" "$arch") || checksum=0
  141. echo " ${version#v}: $checksum" | tee --append "$checksums_file"
  142. done
  143. done
  144. }
  145. function get_k8s_checksums {
  146. local binary=$1
  147. echo "${binary}_checksums:" | tee --append "$checksums_file"
  148. echo " arm:" | tee --append "$checksums_file"
  149. for version in "${@:2}"; do
  150. _vercmp "${version#v}" '<' "1.27" && checksum=$(_get_checksum "$binary" "$version" "arm") || checksum=0
  151. echo " ${version}: $checksum" | tee --append "$checksums_file"
  152. done
  153. for arch in arm64 amd64 ppc64le; do
  154. echo " $arch:" | tee --append "$checksums_file"
  155. for version in "${@:2}"; do
  156. echo " ${version}: $(_get_checksum "$binary" "$version" "$arch")" | tee --append "$checksums_file"
  157. done
  158. done
  159. }
  160. function _get_checksum {
  161. local binary="$1"
  162. local version="$2"
  163. local arch="${3:-amd64}"
  164. local os="${4:-linux}"
  165. local target="$downloads_folder/$binary/$version-$os-$arch"
  166. readonly github_url="https://github.com"
  167. readonly github_releases_url="$github_url/%s/releases/download/$version/%s"
  168. readonly github_archive_url="$github_url/%s/archive/%s"
  169. readonly google_url="https://storage.googleapis.com"
  170. readonly release_url="https://dl.k8s.io"
  171. readonly k8s_url="$release_url/release/$version/bin/$os/$arch/%s"
  172. # Download URLs
  173. declare -A urls=(
  174. ["crictl"]="$(printf "$github_releases_url" "kubernetes-sigs/cri-tools" "crictl-$version-$os-$arch.tar.gz")"
  175. ["crio_archive"]="$google_url/cri-o/artifacts/cri-o.$arch.$version.tar.gz"
  176. ["kubelet"]="$(printf "$k8s_url" "kubelet")"
  177. ["kubectl"]="$(printf "$k8s_url" "kubectl")"
  178. ["kubeadm"]="$(printf "$k8s_url" "kubeadm")"
  179. ["etcd_binary"]="$(printf "$github_releases_url" "etcd-io/etcd" "etcd-$version-$os-$arch.tar.gz")"
  180. ["cni_binary"]="$(printf "$github_releases_url" "containernetworking/plugins" "cni-plugins-$os-$arch-$version.tgz")"
  181. ["calicoctl_binary"]="$(printf "$github_releases_url" "projectcalico/calico" "calicoctl-$os-$arch")"
  182. ["ciliumcli_binary"]="$(printf "$github_releases_url" "cilium/cilium-cli" "cilium-$os-$arch.tar.gz")"
  183. ["calico_crds_archive"]="$(printf "$github_archive_url" "projectcalico/calico" "$version.tar.gz")"
  184. ["krew_archive"]="$(printf "$github_releases_url" "kubernetes-sigs/krew" "krew-${os}_$arch.tar.gz")"
  185. ["helm_archive"]="https://get.helm.sh/helm-$version-$os-$arch.tar.gz"
  186. ["cri_dockerd_archive"]="$(printf "$github_releases_url" "Mirantis/cri-dockerd" "cri-dockerd-${version#v}.$arch.tgz")"
  187. ["runc"]="$(printf "$github_releases_url" "opencontainers/runc" "runc.$arch")"
  188. ["crun"]="$(printf "$github_releases_url" "containers/crun" "crun-$version-$os-$arch")"
  189. ["youki"]="$(printf "$github_releases_url" "containers/youki" "youki_$([ $version == "v0.0.1" ] && echo "v0_0_1" || echo "${version#v}" | sed 's|\.|_|g')_$os.tar.gz")"
  190. ["kata_containers_binary"]="$(printf "$github_releases_url" "kata-containers/kata-containers" "kata-static-$version-${arch//amd64/x86_64}.tar.xz")"
  191. ["gvisor_runsc_binary"]="$(printf "$google_url/gvisor/releases/release/$version/%s/runsc" "$(echo "$arch" | sed -e 's/amd64/x86_64/' -e 's/arm64/aarch64/')")"
  192. ["gvisor_containerd_shim_binary"]="$(printf "$google_url/gvisor/releases/release/$version/%s/containerd-shim-runsc-v1" "$(echo "$arch" | sed -e 's/amd64/x86_64/' -e 's/arm64/aarch64/')")"
  193. ["nerdctl_archive"]="$(printf "$github_releases_url" "containerd/nerdctl" "nerdctl-${version#v}-$os-$([ "$arch" == "arm" ] && echo "arm-v7" || echo "$arch" ).tar.gz")"
  194. ["containerd_archive"]="$(printf "$github_releases_url" "containerd/containerd" "containerd-${version#v}-$os-$arch.tar.gz")"
  195. ["skopeo_binary"]="$(printf "$github_releases_url" "lework/skopeo-binary" "skopeo-$os-$arch")"
  196. ["yq"]="$(printf "$github_releases_url" "mikefarah/yq" "yq_${os}_$arch")"
  197. )
  198. mkdir -p "$(dirname $target)"
  199. [ -f "$target" ] || curl -LfSs -o "${target}" "${urls[$binary]}"
  200. sha256sum ${target} | awk '{print $1}'
  201. }
  202. function main {
  203. mkdir -p "$(dirname "$checksums_file")"
  204. echo "---" | tee "$checksums_file"
  205. get_checksums crictl $(get_versions github_tags kubernetes-sigs/cri-tools 4)
  206. get_checksums crio_archive $(get_versions github_tags cri-o/cri-o)
  207. kubernetes_versions=$(get_versions github_tags kubernetes/kubernetes 25)
  208. echo "# Checksum" | tee --append "$checksums_file"
  209. echo "# Kubernetes versions above Kubespray's current target version are untested and should be used with caution." | tee --append "$checksums_file"
  210. get_k8s_checksums kubelet $kubernetes_versions
  211. get_checksums kubectl $kubernetes_versions
  212. get_k8s_checksums kubeadm $kubernetes_versions
  213. get_checksums etcd_binary $(get_versions github_tags etcd-io/etcd)
  214. get_checksums cni_binary $(get_versions github_tags containernetworking/plugins)
  215. calico_versions=$(get_versions github_tags projectcalico/calico 20)
  216. get_checksums calicoctl_binary $calico_versions
  217. get_checksums ciliumcli_binary $(get_versions github_tags cilium/cilium-cli 10)
  218. get_calico_crds_archive_checksums $calico_versions
  219. get_krew_archive_checksums $(get_versions github_tags kubernetes-sigs/krew 2)
  220. get_checksums helm_archive $(get_versions github_tags helm/helm)
  221. get_checksums cri_dockerd_archive $(get_versions github_tags Mirantis/cri-dockerd)
  222. get_checksums runc $(get_versions github_tags opencontainers/runc 5)
  223. get_checksums crun $(get_versions github_tags containers/crun)
  224. get_checksums youki $(get_versions github_tags containers/youki)
  225. get_checksums kata_containers_binary $(get_versions github_tags kata-containers/kata-containers 10)
  226. gvisor_versions=$(get_versions github_tags google/gvisor 0 "import sys,re;tags=[tag[8:16] for tag in sys.stdin if re.match('^release-?(0|[1-9]\d*)\.(0|[1-9]\d*)$',tag)];print(' '.join(tags[:9]))")
  227. get_checksums gvisor_runsc_binary $gvisor_versions
  228. get_checksums gvisor_containerd_shim_binary $gvisor_versions
  229. get_checksums nerdctl_archive $(get_versions github_tags containerd/nerdctl)
  230. get_containerd_archive_checksums $(get_versions github_tags containerd/containerd 30)
  231. get_checksums skopeo_binary $(get_versions github_tags lework/skopeo-binary)
  232. get_checksums yq $(get_versions github_tags mikefarah/yq)
  233. }
  234. if [[ ${__name__:-"__main__"} == "__main__" ]]; then
  235. main
  236. fi