Fix rancher traefik upgrade suggestion

* Backport traefik repackaging logic from release-1.21 * Fix rancher traefik upgrade suggestion * Add package version to traefik helm chart Signed-off-by: Brad Davidson <[email protected]>
k3s-io · Nov 24, 2021 · 261a9b1 · 261a9b1
1 parent a838256
commit 261a9b1
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 12 deletions.
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -10,7 +10,7 @@ ENV no_proxy=$no_proxy
 
 RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers zlib-dev tar zip squashfs-tools npm coreutils \
     python3 openssl-dev libffi-dev libseccomp libseccomp-dev libseccomp-static make libuv-static sqlite-dev sqlite-static libselinux libselinux-dev zlib-dev \
-    zlib-static zstd
+    zlib-static zstd gawk
 RUN if [ "$(go env GOARCH)" = "arm64" ]; then                                                               \
     wget https://github.com/aquasecurity/trivy/releases/download/v0.11.0/trivy_0.11.0_Linux-ARM64.tar.gz && \
     tar -zxvf trivy_0.11.0_Linux-ARM64.tar.gz                                                            && \
@@ -32,6 +32,9 @@ RUN if [ "$(go env GOARCH)" = "amd64" ]; then \
     curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.40.0; \
     fi
 
+ENV YQ_URL=https://github.com/mikefarah/yq/releases/download/v4.6.2/yq_linux
+RUN wget -O - ${YQ_URL}_$(go env GOARCH) > /usr/bin/yq && chmod +x /usr/bin/yq
+
 ARG SELINUX=true
 ENV SELINUX $SELINUX
 

diff --git a/manifests/traefik.yaml b/manifests/traefik.yaml
@@ -4,7 +4,7 @@ metadata:
   name: traefik
   namespace: kube-system
 spec:
-  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
+  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.001.tgz
   valuesContent: |-
     rbac:
       enabled: true

diff --git a/scripts/chart-templates/crd-base/overlay-upstream/templates/_registry.tpl b/scripts/chart-templates/crd-base/overlay-upstream/templates/_registry.tpl
@@ -0,0 +1,8 @@
+{{/* vim: set filetype=mustache: */}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/scripts/download b/scripts/download
@@ -1,12 +1,17 @@
 #!/bin/bash
 
+set -e
+
 cd $(dirname $0)/..
 
 . ./scripts/version.sh
 
 RUNC_VERSION=v1.0.0-rc95
 ROOT_VERSION=v0.9.1
-TRAEFIK_VERSION=1.81.0
+TRAEFIK_CHART_VERSION=$(yq e '.spec.chart' manifests/traefik.yaml | awk 'match($0, /([0-9.]+)([0-9]{2})/, m) { print m[1]; }')
+TRAEFIK_PACKAGE_VERSION=$(yq e '.spec.chart' manifests/traefik.yaml | awk 'match($0, /([0-9.]+)([0-9]{2})/, m) { print m[2]; }')
+TRAEFIK_FILE=traefik-${TRAEFIK_CHART_VERSION}${TRAEFIK_PACKAGE_VERSION}.tgz
+TRAEFIK_URL=https://charts.helm.sh/stable/packages/traefik-${TRAEFIK_CHART_VERSION}.tgz
 CHARTS_DIR=build/static/charts
 RUNC_DIR=build/src/github.com/opencontainers/runc
 DATA_DIR=build/data
@@ -25,16 +30,62 @@ git fetch --all --tags
 git checkout ${RUNC_VERSION} -b k3s
 popd
 
-TRAEFIK_FILE=traefik-${TRAEFIK_VERSION}.tgz
-TRAEFIK_URL=https://charts.helm.sh/stable/packages/${TRAEFIK_FILE}
+setup_tmp() {
+    TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
+    cleanup() {
+        code=$?
+        set +e
+        trap - EXIT
+        rm -rf ${TMP_DIR}
+        exit $code
+    }
+    trap cleanup INT EXIT
+}
+
+download_and_package_traefik () {
+  echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
+  curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
+  code=$?
+
+  if [ $code -ne 0 ]; then
+    echo "Error: Failed to download Traefik Helm chart!"
+    exit $code
+  fi
+
+  echo "Uncompress ${TMP_DIR}/${TRAEFIK_FILE}"
+  tar xf ${TMP_DIR}/${TRAEFIK_FILE} -C ${TMP_DIR}
+  TRAEFIK_TMP_CHART=${TMP_DIR}/traefik
+
+  # Move anything from ${f}/charts-crd/overlay-upstream to the main chart
+  cp -R ./scripts/chart-templates/crd-base/overlay-upstream/* ${TRAEFIK_TMP_CHART}
+
+  # Modify charts to support system-default-registry
+  echo -e 'global:\n  systemDefaultRegistry: ""' >> ${TRAEFIK_TMP_CHART}/values.yaml
+  find ${TRAEFIK_TMP_CHART} -type f | xargs sed -i 's/{{ .Values.image }}/{{ template "system_default_registry" .}}&/g'
+
+  # Modify chart version to append package version.
+  # If we alter our repackaging of the helm chart without also bumping the version of the
+  # chart, the package version portion (final two digits) of the version string in the
+  # traefik HelmChart manifest should be bumped accordingly.
+  sed -Ei "s/version: .*/&${TRAEFIK_PACKAGE_VERSION}/" ${TRAEFIK_TMP_CHART}/Chart.yaml
+
+  # Add dashboard annotations to main chart
+  cat <<EOF >>${TRAEFIK_TMP_CHART}/Chart.yaml
+annotations:
+  fleet.cattle.io/bundle-id: k3s
+EOF
 
-echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
-curl -sfL ${TRAEFIK_URL} -o ${CHARTS_DIR}/${TRAEFIK_FILE}
-code=$?
+  # Package charts
+  OPTS="--format=gnu --sort=name --owner=0 --group=0 --mode=gou-s --numeric-owner --no-acls --no-selinux --no-xattrs"
+  tar ${OPTS} --mtime='2021-01-01 00:00:00Z' -cf - -C ${TMP_DIR} $(basename ${TRAEFIK_TMP_CHART}) | gzip -n > ${CHARTS_DIR}/${TRAEFIK_FILE}
+  for TAR in ${CHARTS_DIR}/*.tgz; do
+    sha256sum ${TAR}
+    stat ${TAR}
+    tar -vtf ${TAR}
+  done
+}
 
-if [ $code -ne 0 ]; then
-  echo "Error: Failed to download Traefik Helm chart!"
-  exit $code
-fi
+setup_tmp
+download_and_package_traefik
 
 cp scripts/wg-add.sh bin/aux/