update all container tags with date and sha, upgrade all containers (#…

…9834) Signed-off-by: James Strong <[email protected]>
kubernetes · Apr 6, 2023 · 26d83d1 · 26d83d1
1 parent 5226838
commit 26d83d1
Show file tree

Hide file tree

Showing 24 changed files with 88 additions and 66 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -22,6 +22,7 @@ on:
         required: false
         type: boolean
 
+
 permissions:
   contents: read
 

diff --git a/hack/verify-chart-lint.sh b/hack/verify-chart-lint.sh
@@ -20,5 +20,5 @@ set -o pipefail
 
 KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )"
 # TODO: This is a temporary workaround while we don't update Helm Chart test
-curl https://raw.githubusercontent.com/helm/chart-testing/v3.7.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml
+curl https://raw.githubusercontent.com/helm/chart-testing/v3.8.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml
 ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml
diff --git a/images/cfssl/cloudbuild.yaml b/images/cfssl/cloudbuild.yaml
@@ -6,7 +6,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile
@@ -14,8 +14,11 @@
 
 FROM alpine:3.17.2
 
+
 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
-RUN apk add --no-cache \
+RUN apk update \
+    && apk upgrade &&  \
+    apk add --no-cache \
     bash \
     cfssl@testing
 

diff --git a/images/custom-error-pages/cloudbuild.yaml b/images/custom-error-pages/cloudbuild.yaml
@@ -6,7 +6,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile
@@ -13,7 +13,9 @@
 # limitations under the License.
 
 FROM golang:1.20.1-alpine3.17 as builder
-RUN apk add git
+
+RUN apk update \
+    && apk upgrade && apk add git
 
 WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages
 

diff --git a/images/echo/Makefile b/images/echo/Makefile
@@ -18,7 +18,7 @@ SHELL=/bin/bash -o pipefail -o errexit
 DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
 INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
 
-TAG ?=v1.0.0
+TAG ?=v$(shell date +%Y%m%d)-$(shell git rev-parse --short HEAD)
 REGISTRY ?= local
 
 IMAGE = $(REGISTRY)/e2e-test-echo

diff --git a/images/echo/cloudbuild.yaml b/images/echo/cloudbuild.yaml
@@ -6,7 +6,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/echo/rootfs/Dockerfile b/images/echo/rootfs/Dockerfile
@@ -2,7 +2,7 @@ ARG BASE_IMAGE
 
 FROM ${BASE_IMAGE}
 
-RUN apk add -U perl curl make unzip
+RUN apk update && apk upgrade && apk add -U --no-cache perl curl make unzip
 
 ARG LUAROCKS_VERSION
 ARG LUAROCKS_SHA

diff --git a/images/ext-auth-example-authsvc/cloudbuild.yaml b/images/ext-auth-example-authsvc/cloudbuild.yaml
@@ -8,7 +8,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml
@@ -6,7 +6,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/go-grpc-greeter-server/cloudbuild.yaml b/images/go-grpc-greeter-server/cloudbuild.yaml
@@ -8,7 +8,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/httpbin/cloudbuild.yaml b/images/httpbin/cloudbuild.yaml
@@ -8,7 +8,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile
@@ -17,7 +17,7 @@ FROM alpine:3.17.2
 ENV LC_ALL=C.UTF-8
 ENV LANG=C.UTF-8
 
-RUN apk update \
+RUN apk upgrade && apk update \
   && apk add --no-cache \
     python3 python3-dev \
     musl-dev gcc g++ make \

diff --git a/images/kube-webhook-certgen/cloudbuild.yaml b/images/kube-webhook-certgen/cloudbuild.yaml
@@ -21,7 +21,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/nginx/Makefile b/images/nginx/Makefile
@@ -21,7 +21,7 @@ DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
 INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
 
 # 0.0.0 shouldn't clobber any released builds
-TAG ?= 0.0
+TAG ?=v$(shell date +%Y%m%d)-$(shell git rev-parse --short HEAD)
 REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
 
 IMAGE = $(REGISTRY)/nginx

diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml
@@ -9,7 +9,6 @@ steps:
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
       - BASE_REF=$_PULL_BASE_REF
-      - TAG=$_PULL_BASE_SHA
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       - HOME=/root
     args:

diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile
@@ -17,7 +17,7 @@ COPY . /
 
 RUN apk update \
   && apk upgrade \
-  && apk add -U bash \
+  && apk add -U bash --no-cache \
   && /build.sh
 
 # Use a multi-stage build

diff --git a/images/opentelemetry/cloudbuild.yaml b/images/opentelemetry/cloudbuild.yaml
@@ -8,7 +8,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile
@@ -30,27 +30,52 @@ export DOCKER_CLI_EXPERIMENTAL=enabled
 
 # build with buildx
 PLATFORMS?=linux/amd64,linux/arm64
-OUTPUT=
+OUTPUT?=
 PROGRESS=plain
 
+image:
+	echo "Building docker image ($(ARCH))..."
+	docker build \
+		${PLATFORM_FLAG} ${PLATFORM} \
+		--no-cache \
+		--pull \
+		--push \
+		--build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \
+		--build-arg GOLANG_VERSION=1.20.1 \
+		--build-arg ETCD_VERSION=3.4.3-0 \
+		--build-arg K8S_RELEASE=v1.26.0 \
+		--build-arg RESTY_CLI_VERSION=0.27 \
+		--build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \
+		--build-arg LUAROCKS_VERSION=3.8.0 \
+		--build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \
+		--build-arg CHART_TESTING_VERSION=3.8.0 \
+		--build-arg YAML_LINT_VERSION=1.27.1 \
+		--build-arg YAMALE_VERSION=4.0.4 \
+		--build-arg HELM_VERSION=3.11.2 \
+		--build-arg GINKGO_VERSION=2.9.0 \
+		--build-arg GOLINT_VERSION=latest \
+		-t ${IMAGE}:${TAG} rootfs
+
 build: ensure-buildx
 	docker buildx build \
-		--platform=${PLATFORMS} $(OUTPUT) \
-		--progress=$(PROGRESS) \
+		--platform=${PLATFORMS} ${OUTPUT} \
+		--progress=${PROGRESS} \
 		--pull \
-		--build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \
+		--build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \
 		--build-arg GOLANG_VERSION=1.20.1 \
 		--build-arg ETCD_VERSION=3.4.3-0 \
-		--build-arg K8S_RELEASE=v1.24.2 \
+		--build-arg K8S_RELEASE=v1.26.0 \
 		--build-arg RESTY_CLI_VERSION=0.27 \
 		--build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \
 		--build-arg LUAROCKS_VERSION=3.8.0 \
 		--build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \
-		--build-arg CHART_TESTING_VERSION=3.7.0 \
+		--build-arg CHART_TESTING_VERSION=3.8.0 \
 		--build-arg YAML_LINT_VERSION=1.27.1 \
 		--build-arg YAMALE_VERSION=4.0.4 \
-		--build-arg HELM_VERSION=v3.9.0 \
-		-t $(IMAGE):$(TAG) rootfs
+		--build-arg HELM_VERSION=3.11.2 \
+		--build-arg GINKGO_VERSION=2.9.0 \
+		--build-arg GOLINT_VERSION=latest \
+		-t ${IMAGE}:${TAG} rootfs
 
 # push the cross built image
 push: OUTPUT=--push

diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml
@@ -6,7 +6,6 @@ steps:
     entrypoint: bash
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled
-      - TAG=$_GIT_TAG
       - BASE_REF=$_PULL_BASE_REF
       - REGISTRY=gcr.io/k8s-staging-ingress-nginx
       # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx
@@ -20,3 +19,4 @@ steps:
 substitutions:
   _GIT_TAG: "12345"
   _PULL_BASE_REF: "master"
+  _PULL_BASE_SHA: '12345'
diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 ARG BASE_IMAGE
 ARG GOLANG_VERSION
 ARG ETCD_VERSION
@@ -21,20 +20,37 @@ FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd
 
 FROM ${BASE_IMAGE}
 
+ARG RESTY_CLI_VERSION
+ARG RESTY_CLI_SHA
+ARG LUAROCKS_VERSION
+ARG LUAROCKS_SHA
+ARG TARGETARCH
+ARG K8S_RELEASE
+ARG CHART_TESTING_VERSION
+ARG HELM_VERSION
+ARG YAMALE_VERSION
+ARG YAML_LINT_VERSION
+ARG GINKGO_VERSION
+ARG GOLINT_VERSION
+
+
 RUN set -eux; \
 	if [ -e /etc/nsswitch.conf ]; then \
 		grep '^hosts: files dns' /etc/nsswitch.conf; \
 	else \
 		echo 'hosts: files dns' > /etc/nsswitch.conf; \
 	fi
 
-
 COPY --from=GO   /usr/local/go /usr/local/go
+ENV GOPATH /go
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
+
 COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd
 
-RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
+RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
 
-RUN apk add --no-cache \
+RUN apk update && apk upgrade && apk add --no-cache \
   bash \
   ca-certificates \
   wget \
@@ -48,30 +64,23 @@ RUN apk add --no-cache \
   py-pip \
   unzip \
   openssl \
-  cfssl@testing
-
-ENV GOPATH /go
-ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
-
-RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
-
-RUN go install github.com/onsi/ginkgo/v2/[email protected]  && go install golang.org/x/lint/golint@latest
+  cfssl@testing \
+  curl \
+  tzdata \
+  libc6-compat
 
-ARG RESTY_CLI_VERSION
-ARG RESTY_CLI_SHA
+RUN go install -v github.com/onsi/ginkgo/v2/ginkgo@v${GINKGO_VERSION} \
+    && go install golang.org/x/lint/golint@${GOLINT_VERSION}
 
-RUN wget -O /tmp/resty_cli.tgz \
+RUN wget -qO /tmp/resty_cli.tgz \
   https://github.com/openresty/resty-cli/archive/v${RESTY_CLI_VERSION}.tar.gz \
   && echo "${RESTY_CLI_SHA} */tmp/resty_cli.tgz" | sha256sum -c - \
   && tar -C /tmp -xzf /tmp/resty_cli.tgz \
   && mv /tmp/resty-cli-${RESTY_CLI_VERSION}/bin/* /usr/local/bin/ \
   && resty -V \
   && rm -rf /tmp/*
 
-ARG LUAROCKS_VERSION
-ARG LUAROCKS_SHA
-
-RUN wget -O /tmp/luarocks.tgz \
+RUN wget -qO /tmp/luarocks.tgz \
   https://github.com/luarocks/luarocks/archive/v${LUAROCKS_VERSION}.tar.gz \
   && echo "${LUAROCKS_SHA} */tmp/luarocks.tgz" | sha256sum -c - \
   && tar -C /tmp -xzf /tmp/luarocks.tgz \
@@ -82,48 +91,39 @@ RUN wget -O /tmp/luarocks.tgz \
 RUN  luarocks install busted \
   && luarocks install luacheck
 
-ARG TARGETARCH
-
-ARG K8S_RELEASE
-
-RUN wget -O /usr/local/bin/kubectl \
+RUN wget -qO /usr/local/bin/kubectl \
   https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kubectl \
   && chmod +x /usr/local/bin/kubectl
 
-RUN wget -O /usr/local/bin/kube-apiserver \
+RUN wget -qO /usr/local/bin/kube-apiserver \
   https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kube-apiserver \
   && chmod +x /usr/local/bin/kube-apiserver
 
-ARG CHART_TESTING_VERSION
-
-RUN wget -O /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
-  https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_amd64.tar.gz \
+RUN wget -qO /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz \
+  https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_${TARGETARCH}.tar.gz \
   && mkdir -p /tmp/ct-download \
-  && tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz -C /tmp/ct-download \
-  && rm /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
+  && tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz -C /tmp/ct-download \
+  && rm /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz \
   && cp /tmp/ct-download/ct /usr/local/bin \
   && mkdir -p /etc/ct \
   && cp -R /tmp/ct-download/etc/* /etc/ct \
   && rm -rf /tmp/*
 
-RUN wget -O /usr/local/bin/lj-releng \
+RUN wget -qO /usr/local/bin/lj-releng \
   https://raw.githubusercontent.com/openresty/openresty-devel-utils/master/lj-releng \
   && chmod +x /usr/local/bin/lj-releng
 
-ARG HELM_VERSION
 
-RUN wget -O /tmp/helm.tgz \
-  https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
+RUN wget -qO /tmp/helm.tgz \
+  https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
   && tar -C /tmp -xzf /tmp/helm.tgz \
   && cp /tmp/linux*/helm /usr/local/bin \
   && rm -rf /tmp/*
 
 # Install a YAML Linter
-ARG YAML_LINT_VERSION
 RUN pip install "yamllint==$YAML_LINT_VERSION"
 
 # Install Yamale YAML schema validator
-ARG YAMALE_VERSION
 RUN pip install "yamale==$YAMALE_VERSION"
 
 WORKDIR $GOPATH
diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile
@@ -3,7 +3,8 @@ FROM ${E2E_BASE_IMAGE} AS BASE
 
 FROM alpine:3.17.2
 
-RUN apk add -U --no-cache \
+RUN apk update \
+	&& apk upgrade && apk add -U --no-cache \
   ca-certificates \
   bash \
   curl \