component_hash_update: support calico_crds (#12122)

- add support for "no_arch" downloads: arch-indendendant files such as
  YAML manifests, helm charts, etc.
- wire calico_crds with it.

roles/kubespray-defaults/defaults/main/checksums.yml

@@ -536,19 +536,20 @@ ciliumcli_binary_checksums:
     0.15.16: sha256:f30095e1a0b926d2114b7a419141bea76e950b643182e97e666950ca05a205d9
     0.15.15: sha256:492279c1f960c79747290a5d1e1b21084a04a93f9e13ab4ae7df4c76fe808aff
 calico_crds_archive_checksums:
-  3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917
-  3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3
-  3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064
-  3.28.3: sha256:2b3348fb9e022bb6703c460789bd9327d9062c6854262e263fd409ff368034e7
-  3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389
-  3.28.1: sha256:c56f1530e7ded9d5b4afb9d83a7a24da6d2959ef7ad38521813f1c2bf138182d
-  3.28.0: sha256:ee721337db0cd847e91aae1cdfd420596896ebcb865575fd913c2f12ac2cdb76
-  3.27.5: sha256:f9cca65b96ab05732ed1902afd0f3086be54d6bb6b47c86a289ecf4ea5cdc25d
-  3.27.4: sha256:5f6ac510bd6bd8c14542afe91f7dbcf2a846dba02ae3152a3b07a1bfdea96078
-  3.27.3: sha256:d11a32919bff389f642af5df8180ad3cec586030decd35adb2a7d4a8aa3b298e
-  3.27.2: sha256:8154bb4aad887f2a5500b505fe203a918f72c4e602b04c688c4b94f76a26e925
-  3.27.1: sha256:76abb0db222af279e3514cfae02be9259097b565bbb2ffcb776ca00566480edb
-  3.27.0: sha256:2a4b5132035dfd6ac4abc8d545f33de139350eca523e0c5cfe4ac32e43fcb2f1
+  no_arch:
+    3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917
+    3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3
+    3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064
+    3.28.3: sha256:2b3348fb9e022bb6703c460789bd9327d9062c6854262e263fd409ff368034e7
+    3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389
+    3.28.1: sha256:c56f1530e7ded9d5b4afb9d83a7a24da6d2959ef7ad38521813f1c2bf138182d
+    3.28.0: sha256:ee721337db0cd847e91aae1cdfd420596896ebcb865575fd913c2f12ac2cdb76
+    3.27.5: sha256:f9cca65b96ab05732ed1902afd0f3086be54d6bb6b47c86a289ecf4ea5cdc25d
+    3.27.4: sha256:5f6ac510bd6bd8c14542afe91f7dbcf2a846dba02ae3152a3b07a1bfdea96078
+    3.27.3: sha256:d11a32919bff389f642af5df8180ad3cec586030decd35adb2a7d4a8aa3b298e
+    3.27.2: sha256:8154bb4aad887f2a5500b505fe203a918f72c4e602b04c688c4b94f76a26e925
+    3.27.1: sha256:76abb0db222af279e3514cfae02be9259097b565bbb2ffcb776ca00566480edb
+    3.27.0: sha256:2a4b5132035dfd6ac4abc8d545f33de139350eca523e0c5cfe4ac32e43fcb2f1
 helm_archive_checksums:
   arm:
     3.16.4: sha256:432e774d1087d3773737888d384c62477b399227662b42cbf0c32e95e6e72556

roles/kubespray-defaults/defaults/main/download.yml

@@ -198,7 +198,6 @@ kubectl_binary_checksum: "{{ kubectl_checksums[image_arch][kube_version] }}"
 kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kube_version] }}"
 yq_binary_checksum: "{{ yq_checksums[image_arch][yq_version] }}"
 calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}"
-calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}"
 ciliumcli_binary_checksum: "{{ ciliumcli_binary_checksums[image_arch][cilium_cli_version] }}"
 crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
 crio_archive_checksum: "{{ crio_archive_checksums[image_arch][crio_version] }}"
@@ -791,7 +790,7 @@ downloads:
     file: true
     enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}"
     dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ calico_version }}.tar.gz"
-    checksum: "{{ calico_crds_archive_checksum }}"
+    checksum: "{{ calico_crds_archive_checksums.no_arch[calico_version] }}"
     url: "{{ calico_crds_download_url }}"
     unarchive: true
     unarchive_extra_opts:

roles/network_plugin/calico/tasks/check.yml

@@ -27,8 +27,8 @@
 - name: Stop if supported Calico versions
   assert:
     that:
-      - "calico_version in calico_crds_archive_checksums.keys()"
-    msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.keys() }}"
+      - "calico_version in calico_crds_archive_checksums.no_arch.keys()"
+    msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.no_arch.keys() }}"
   run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
 

scripts/component_hash_update/src/component_hash_update/components.py

@@ -7,6 +7,11 @@ infos = {
         "url": "https://github.com/projectcalico/calico/releases/download/v{version}/SHA256SUMS",
         "graphql_id": "R_kgDOA87D0g",
     },
+    "calico_crds_archive": {
+        "url": "https://github.com/projectcalico/calico/archive/v{version}.tar.gz",
+        "graphql_id": "R_kgDOA87D0g",
+        "binary": True,
+    },
     "ciliumcli_binary": {
         "url": "https://github.com/cilium/cilium-cli/releases/download/v{version}/cilium-{os}-{arch}.tar.gz.sha256sum",
         "graphql_id": "R_kgDOE0nmLg",

scripts/component_hash_update/src/component_hash_update/download.py

@@ -47,14 +47,13 @@ arch_alt_name = {
     "arm64": "aarch64",
     "ppc64le": None,
     "arm": None,
+    "no_arch": None,
 }
 
 # TODO: downloads not supported
 # helm_archive: PGP signatures
-# calico_crds_archive: different yaml structure (in our download)
 
 # TODO:
-# noarch support -> k8s manifests, helm charts
 # different verification methods (gpg, cosign) ( needs download role changes) (or verify the sig in this script and only use the checksum in the playbook)
 # perf improvements (async)