SYS-633 image updates for Dec 2024 (#176)

* SYS-633 image updates for Dec 2024 * SYS-633 image updates wip
instantlinux · Jan 1, 2025 · a15f20e · a15f20e
1 parent 1eb33ad
commit a15f20e
Show file tree

Hide file tree

Showing 51 changed files with 140 additions and 148 deletions.
diff --git a/ansible/roles/docker_node/defaults/main.yml b/ansible/roles/docker_node/defaults/main.yml
@@ -81,4 +81,4 @@ ubuntu_repos:
   - deb {{ ubuntu_repo_uri }} {{ ansible_distribution_release }}-backports main restricted universe multiverse
   - deb {{ ubuntu_repo_uri }} {{ ansible_distribution_release }}-security main restricted universe multiverse
 
-local_package_additions: {}
+ubuntu_package_additions: []
diff --git a/images/data-sync/Dockerfile b/images/data-sync/Dockerfile
@@ -1,8 +1,7 @@
-FROM alpine:3.20
-MAINTAINER Rich Braun "[email protected]"
+FROM alpine:3.21
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
     org.label-schema.license=Apache-2.0 \
     org.label-schema.name=data-sync \
     org.label-schema.vcs-ref=$VCS_REF \
@@ -16,9 +15,9 @@ ENV PEERNAME= \
     SSHKEY1=data-sync-sshkey1 \
     SSHKEY2=data-sync-sshkey2
 
-ARG UNISON_VERSION=2.53.5
+ARG UNISON_VERSION=2.53.7
 ARG OCAML_VERSION=4.14.2-r1
-ARG UNISON_SHA=330418ad130d93d0e13da7e7e30f9b829bd7c0e859355114bd4644c35fe08d23
+ARG UNISON_SHA=a259537cef465c4806d6c1638c382620db2dd395ae42a0dd2efa3ba92712bed5
 ARG RRSYNC_SHA=b745a37909fc10087cc9c901ad7dfda8ad8b6b493097b156b68ba33db4a5a52f
 
 COPY src/ /root/src/

diff --git a/images/data-sync/helm/Chart.yaml b/images/data-sync/helm/Chart.yaml
@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.13
-appVersion: "2.53.5-4.14.2-r1"
+version: 0.1.14
+appVersion: "2.53.7-4.14.2-r1"
 dependencies:
 - name: chartlib
   version: 0.1.8

diff --git a/images/ddclient/Dockerfile b/images/ddclient/Dockerfile
@@ -1,8 +1,8 @@
-FROM alpine:3.20
-MAINTAINER Rich Braun "[email protected]"
+FROM alpine:3.21
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=GPL-2.0 \
     org.label-schema.name=ddclient \
     org.label-schema.vcs-ref=$VCS_REF \
@@ -15,11 +15,11 @@ ENV HOST= \
     SERVER=members.easydns.com \
     SERVICE_TYPE=easydns \
     USER_LOGIN= \
-    USER_SECRET=ddclient-user
+    USER_SECRETNAME=ddclient-user
 
 RUN apk add --no-cache --update curl ddclient=$DDCLIENT_VERSION \
       su-exec && \
     chown ddclient /var/cache/ddclient
 
 COPY entrypoint.sh /usr/local/bin/
-ENTRYPOINT /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/images/ddclient/README.md b/images/ddclient/README.md
@@ -20,7 +20,7 @@ Then deploy this service, see the example [helm](https://github.com/instantlinux
 | SERVER | members.easydns.com | remote dynamic-DNS server hostname|
 | SERVICE_TYPE | easydns | DNS vendor, see [available services](https://github.com/ddclient/ddclient/blob/develop/README.md)
 | USER_LOGIN | |Login name|
-| USER_SECRET | ddclient-user |Name of the Docker secret containing password |
+| USER_SECRETNAME | ddclient-user |Name of the Docker secret containing password |
 
 Instead of supplying these variables, if your provider requires more parameters than shown above, you can volume-mount the configuration as `/etc/ddclient/ddclient.conf`.
 

diff --git a/images/ddclient/entrypoint.sh b/images/ddclient/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/sh -e
 
-USER_PASSWORD=$(cat /run/secrets/$USER_SECRET)
+USER_PASSWORD=$(cat /run/secrets/$USER_SECRETNAME)
 
 if [ -z "$HOST" ]; then
     echo "** HOST must be specified **"

diff --git a/images/dovecot/Dockerfile b/images/dovecot/Dockerfile
@@ -1,18 +1,17 @@
-FROM instantlinux/postfix:3.8.3-r1
+FROM instantlinux/postfix:3.9.0-r1
 
-MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
     org.label-schema.license=Apache-2.0 \
     org.label-schema.name=dovecot \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG DOVECOT_VERSION=2.3.21-r17
+ARG DOVECOT_VERSION=2.3.21.1-r0
 ARG MKCERT_SHA=24b6988d1709e71c24dcf94ffce5db93bd2e89dc5cbec1ac3c173de5274b68dd
 
-ENV LDAP_PASSWD_SECRET=ldap-ro-password \
+ENV LDAP_SECRETNAME=ldap-ro-password \
     SSL_DH=
 
 # TODO - procmail is missing from 3.12 repo, unsure if support ended

diff --git a/images/dovecot/README.md b/images/dovecot/README.md
@@ -43,7 +43,7 @@ See the Makefile and Makefile.vars files under k8s directory for default values
 
 | Variable | Default | Description |
 | -------- | ------- | ----------- |
-| LDAP_PASSWD_SECRET | ldap-ro-passwd | name of secret for LDAP credential |
+| LDAP_SECRETNAME | ldap-ro-passwd | name of secret for LDAP credential |
 | SSL_DH |  | Filename (in conf.local) of DH parameters |
 | TZ | UTC | time zone |
 

diff --git a/images/dovecot/entrypoint-dovecot.sh b/images/dovecot/entrypoint-dovecot.sh
@@ -33,11 +33,11 @@ else
 fi
 if [ -s $ETC/conf.local/dovecot-ldap.conf ]; then
   cp $ETC/conf.local/dovecot-ldap.conf $ETC
-  if [ -s /run/secrets/$LDAP_PASSWD_SECRET ]; then
-    sed -i -e "s/PASSWORD/`cat /run/secrets/$LDAP_PASSWD_SECRET`/" \
+  if [ -s /run/secrets/$LDAP_SECRETNAME ]; then
+    sed -i -e "s/PASSWORD/`cat /run/secrets/$LDAP_SECRETNAME`/" \
       $ETC/dovecot-ldap.conf
   else
-    echo "** Config dovecot-ldap.conf secret $LDAP_PASSWD_SECRET unspecified **"
+    echo "** Config dovecot-ldap.conf secret $LDAP_SECRETNAME unspecified **"
   fi
 fi
 if [ -f /etc/postfix/transport ]; then

diff --git a/images/ez-ipupdate/Dockerfile b/images/ez-ipupdate/Dockerfile
@@ -1,8 +1,8 @@
-FROM alpine:3.20
-MAINTAINER Rich Braun "[email protected]"
+FROM alpine:3.21
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=GPL-2.0 \
     org.label-schema.name=ez-ipupdate \
     org.label-schema.vcs-ref=$VCS_REF \
@@ -13,12 +13,12 @@ ENV HOST= \
     INTERVAL=3600 \
     IPLOOKUP_URI=http://ipinfo.io/ip \
     SERVICE_TYPE=easydns \
-    USER_SECRET=ez-ipupdate-user
+    USER_SECRETNAME=ez-ipupdate-user
 
 RUN apk add --update curl ez-ipupdate=$EZ_VERSION && \
     rm -fr /var/log/* /var/cache/apk/*
 
-CMD sh -c 'echo "user=`cat /run/secrets/$USER_SECRET`" > /run/ez.conf && \
+CMD sh -c 'echo "user=`cat /run/secrets/$USER_SECRETNAME`" > /run/ez.conf && \
     if [ -z "$HOST" ]; then echo "Please set a HOST name"; exit 1; fi && \
     while [ 1 == 1 ]; do \
      IPADDR=`curl -s $IPLOOKUP_URI` && \

diff --git a/images/ez-ipupdate/README.md b/images/ez-ipupdate/README.md
@@ -20,7 +20,7 @@ Then deploy this service, see the example [helm](https://github.com/instantlinux
 | INTERVAL | 3600 | poll interval in seconds |
 | IPLOOKUP_URI | http://ipinfo.io/ip | a URI that returns the IPv4 address to be assigned |
 | SERVICE_TYPE | easydns | DNS vendor, see [available services](http://leaf.sourceforge.net/doc/bucu-ezipupd.html) |
-| USER_SECRET | ez-ipupdate-user |Name of the Docker secret to deploy |
+| USER_SECRETNAME | ez-ipupdate-user |Name of the Docker secret to deploy |
 
 This repo has complete instructions for
 [building a kubernetes cluster](https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md) where you can deploy with [helm](https://github.com/instantlinux/docker-tools/tree/main/images/ez-ipupdate/helm) or [kubernetes.yaml](https://github.com/instantlinux/docker-tools/blob/main/images/ez-ipupdate/kubernetes.yaml) using _make_ and customizing [Makefile.vars](https://github.com/instantlinux/docker-tools/blob/main/k8s/Makefile.vars) after cloning this repo:

diff --git a/images/git-dump/Dockerfile b/images/git-dump/Dockerfile
@@ -1,26 +1,26 @@
-FROM alpine:3.20
-MAINTAINER Rich Braun "[email protected]"
+FROM alpine:3.21
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=GPL-2.0 \
     org.label-schema.name=git-dump \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
-ENV API_TOKEN_SECRET= \
+ENV API_TOKEN_SECRETNAME= \
     DEST_DIR=/var/backup/git \
     HOUR=0 MINUTE=45 \
     KEEP_DAYS=31 \
     ORG= \
     [email protected]:instantlinux/ \
     REPOS= \
     SCM_TYPE=github \
-    SSHKEY_SECRET=git-dump_sshkey \
+    SSHKEY_SECRETNAME=git-dump_sshkey \
     SSH_PORT=22 \
     USERNAME=git-dump \
     TZ=UTC
 
-ARG GIT_VERSION=2.45.2-r0
+ARG GIT_VERSION=2.47.1-r0
 ARG GROUP=care
 ARG GID=505
 ARG UID=212

diff --git a/images/git-dump/README.md b/images/git-dump/README.md
@@ -43,7 +43,7 @@ These variables can be passed to the image from kubernetes.yaml or docker-compos
 
 | Variable | Default | Description |
 | -------- | ------- | ----------- |
-| API_TOKEN_SECRET | | docker secret name of API token as below |
+| API_TOKEN_SECRETNAME | | docker secret name of API token as below |
 | DEST_DIR | /var/backup/git | destination path |
 | HOUR | 0 |cron-syntax backup hour |
 | KEEP_DAYS | 31 | days of snapshots to keep |
@@ -52,7 +52,7 @@ These variables can be passed to the image from kubernetes.yaml or docker-compos
 | REPO_PREFIX | [email protected]:instantlinux/ | prefix for each repository URI |
 | REPOS | | repository URIs to back up |
 | SCM_TYPE | github | type - github, gitlab, or gitea |
-| SSHKEY_SECRET | git-dump_sshkey | docker secret name as below |
+| SSHKEY_SECRETNAME | git-dump_sshkey | docker secret name as below |
 | SSH_PORT | 22 | TCP port of git service |
 | TZ | UTC | time zone |
 

diff --git a/images/git-dump/entrypoint.sh b/images/git-dump/entrypoint.sh
@@ -6,20 +6,20 @@ if [ ! -f /etc/timezone ] && [ ! -z "$TZ" ]; then
   echo $TZ >/etc/timezone
 fi
 
-if [ -z "$REPOS" ] && [ ! -s /run/secrets/$API_TOKEN_SECRET ]; then
-  echo "** This container requires setting for REPOS or API_TOKEN_SECRET **"
+if [ -z "$REPOS" ] && [ ! -s /run/secrets/$API_TOKEN_SECRETNAME ]; then
+  echo "** This container requires setting for REPOS or API_TOKEN_SECRETNAME **"
   sleep 10
   exit 1
 fi
 
 SSH_PATH=/home/$USERNAME/.ssh
 mkdir -p -m 700 $SSH_PATH
-if [ ! -z "$SSHKEY_SECRET" ]; then
-  cp /run/secrets/$SSHKEY_SECRET $SSH_PATH/$SSHKEY_SECRET
-  chmod 400 $SSH_PATH/$SSHKEY_SECRET
+if [ ! -z "$SSHKEY_SECRETNAME" ]; then
+  cp /run/secrets/$SSHKEY_SECRETNAME $SSH_PATH/$SSHKEY_SECRETNAME
+  chmod 400 $SSH_PATH/$SSHKEY_SECRETNAME
   cat <<EOF >$SSH_PATH/config
 Host *
- IdentityFile $SSH_PATH/$SSHKEY_SECRET
+ IdentityFile $SSH_PATH/$SSHKEY_SECRETNAME
  Port $SSH_PORT
 EOF
   if [ ! -z "$REPO_PREFIX" ]; then
@@ -45,7 +45,7 @@ chown $USERNAME.$GROUP $DEST_DIR /var/log/git-dump.log /var/log/git-dump-status.
 
 cat <<EOF >/etc/opt/git-dump
 # Options for /usr/local/bin/git-dump
-API_TOKEN_SECRET=$API_TOKEN_SECRET
+API_TOKEN_SECRETNAME=$API_TOKEN_SECRETNAME
 LOGFILE=/var/log/git-dump.log
 REPO_PREFIX=$REPO_PREFIX
 STATFILE=/var/log/git-dump-status.txt

diff --git a/images/git-dump/git-dump.sh b/images/git-dump/git-dump.sh
@@ -9,7 +9,7 @@
 #  $2 number of files to keep
 #  $3-$ git repo suffixes
 
-# Omit git repo list if a API_TOKEN_SECRET is provided to query project
+# Omit git repo list if a API_TOKEN_SECRETNAME is provided to query project
 # list from gitlab
 
 DESTDIR=$1
@@ -44,9 +44,9 @@ else
  DAY=`date +%m%d`
 fi
 
-if [ ! -z "$API_TOKEN_SECRET" ] && [ -e /run/secrets/$API_TOKEN_SECRET ]; then
+if [ ! -z "$API_TOKEN_SECRETNAME" ] && [ -e /run/secrets/$API_TOKEN_SECRETNAME ]; then
   SSH_HOST=$(echo $REPO_PREFIX | cut -d@ -f 2 | cut -d/ -f 1 | cut -d: -f 1)
-  TOKEN=$(cat /run/secrets/$API_TOKEN_SECRET)
+  TOKEN=$(cat /run/secrets/$API_TOKEN_SECRETNAME)
   if [ $SCM_TYPE == github ]; then
     API_VERSION=v3
     API_PATH=repo

diff --git a/images/git-dump/helm/Chart.yaml b/images/git-dump/helm/Chart.yaml
@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.14
-appVersion: "2.45.2-r0"
+version: 0.1.15
+appVersion: "2.47.1-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

diff --git a/images/git-pull/Dockerfile b/images/git-pull/Dockerfile
@@ -1,14 +1,14 @@
-FROM alpine:3.20
-MAINTAINER Rich Braun <[email protected]>
+FROM alpine:3.21
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=GPL-2.0 \
     org.label-schema.name=git-pull \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG GIT_VERSION=2.45.2-r0
+ARG GIT_VERSION=2.47.1-r0
 ENV DEST=. \
     GIT_COMMIT=master \
     GIT_HOST=github.com \
@@ -20,4 +20,4 @@ RUN apk add --no-cache --update git=$GIT_VERSION openssh-client && \
 VOLUME /git
 
 COPY entrypoint.sh /root/
-ENTRYPOINT /root/entrypoint.sh
+ENTRYPOINT ["/root/entrypoint.sh"]
diff --git a/images/git-pull/helm/Chart.yaml b/images/git-pull/helm/Chart.yaml
@@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools
 sources:
 - https://github.com/instantlinux/docker-tools
 type: application
-version: 0.1.12
-appVersion: "2.45.2-r0"
+version: 0.1.13
+appVersion: "2.47.1-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

diff --git a/images/haproxy-keepalived/Dockerfile b/images/haproxy-keepalived/Dockerfile
@@ -1,18 +1,18 @@
-FROM haproxy:3.0.2-alpine
-MAINTAINER Rich Braun "[email protected]"
+FROM haproxy:3.1.1-alpine
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun [email protected]" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=GPL-2.0 \
     org.label-schema.name=haproxy-keepalived \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
 
-ARG KEEPALIVED_VERSION=2.2.8-r0
+ARG KEEPALIVED_VERSION=2.3.1-r0
 ENV KEEPALIVE_CONFIG_ID=main \
     PORT_HAPROXY_STATS=8080 \
     STATS_ENABLE=yes \
-    STATS_SECRET=haproxy-stats-password \
+    STATS_SECRETNAME=haproxy-stats-password \
     STATS_USER=haproxy \
     STATS_URI=/stats \
     TIMEOUT=50000 \

diff --git a/images/haproxy-keepalived/README.md b/images/haproxy-keepalived/README.md
@@ -43,7 +43,7 @@ These variables can be passed to the image from kubernetes.yaml or docker-compos
 |KEEPALIVE_CONFIG_ID| main | Which configuration to use (usually a hostname) |
 |PORT_HAPROXY_STATS| 8080 | What port to use for stats page |
 |STATS_ENABLE| yes | Whether to include stats | 
-|STATS_SECRET|haproxy-stats-password | Secret to use for stats page |
+|STATS_SECRETNAME|haproxy-stats-password | Secret to use for stats page |
 |STATS_USER|haproxy|Username for stats page basic-auth |
 |STATS_URI|/stats| URI for stats page |
 |TIMEOUT|50000| Timeout for haproxy (ms)|

diff --git a/images/haproxy-keepalived/entrypoint.sh b/images/haproxy-keepalived/entrypoint.sh
@@ -6,8 +6,8 @@ function graceful_stop() {
     sleep 1; exit 0
 }
 
-if [ -s /run/secrets/$STATS_SECRET ]; then
-  STATS_PASSWORD=$(cat /run/secrets/$STATS_SECRET)
+if [ -s /run/secrets/$STATS_SECRETNAME ]; then
+  STATS_PASSWORD=$(cat /run/secrets/$STATS_SECRETNAME)
 else
   STATS_PASSWORD=changeme
 fi

diff --git a/images/haproxy-keepalived/helm/Chart.yaml b/images/haproxy-keepalived/helm/Chart.yaml
@@ -7,8 +7,8 @@ sources:
 - https://github.com/haproxy/haproxy
 - https://github.com/acassen/keepalived
 type: application
-version: 0.1.15
-appVersion: "3.0.2-alpine-2.2.8-r0"
+version: 0.1.16
+appVersion: "3.1.1-alpine-2.3.1-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8