375 строки
14 KiB
Plaintext
375 строки
14 KiB
Plaintext
#
|
|
# spec file for package kured
|
|
#
|
|
# Copyright (c) 2021 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
# nodebuginfo
|
|
|
|
|
|
# Remove stripping of Go binaries.
|
|
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
|
# Project upstream commit.
|
|
%define commit 2b36eab
|
|
%global debug_package %{nil}
|
|
Summary: Kubernetes daemonset to perform safe automatic node reboots
|
|
Name: kured
|
|
Version: 1.14.2
|
|
Release: 5%{?dist}
|
|
License: Apache-2.0
|
|
Vendor: Microsoft Corporation
|
|
Distribution: Mariner
|
|
Group: System/Management
|
|
URL: https://github.com/weaveworks/kured
|
|
#Source0: https://github.com/weaveworks/kured/archive/refs/tags/%{version}.tar.gz
|
|
Source0: %{name}-%{version}.tar.gz
|
|
# Below is a manually created tarball, no download link.
|
|
# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
|
|
# How to re-build this file:
|
|
# 1. wget https://github.com/weaveworks/kured/archive/refs/tags/%%{version}.tar.gz -O %%{name}-%%{version}.tar.gz
|
|
# 2. tar -xf %%{name}-%%{version}.tar.gz
|
|
# 3. cd %%{name}-%%{version}
|
|
# 4. go mod vendor
|
|
# 5. tar --sort=name \
|
|
# --mtime="2021-04-26 00:00Z" \
|
|
# --owner=0 --group=0 --numeric-owner \
|
|
# --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
|
|
# -cf %%{name}-%%{version}-vendor.tar.gz vendor
|
|
#
|
|
Source1: %{name}-%{version}-vendor.tar.gz
|
|
Patch0: kured-imagePullPolicy.patch
|
|
Patch1: CVE-2023-45288.patch
|
|
BuildRequires: fdupes
|
|
BuildRequires: go-go-md2man
|
|
BuildRequires: golang
|
|
ExcludeArch: s390
|
|
|
|
%description
|
|
Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that
|
|
performs safe automatic node reboots when the need to do so is
|
|
indicated by the package management system of the underlying OS.
|
|
|
|
- Watches for the presence of a reboot sentinel e.g. %{_localstatedir}/run/reboot-required
|
|
|
|
- Utilises a lock in the API server to ensure only one node reboots at a time
|
|
|
|
- Optionally defers reboots in the presence of active Prometheus alerts
|
|
|
|
- Cordons & drains worker nodes before reboot, uncordoning them after
|
|
|
|
%package k8s-yaml
|
|
Summary: Kubernetes yaml file to run kured container
|
|
Group: System/Management
|
|
BuildArch: noarch
|
|
|
|
%description k8s-yaml
|
|
This package contains the yaml file requried to download and run the
|
|
kured container in a kubernetes cluster.
|
|
|
|
%prep
|
|
%autosetup -a 1 -p1
|
|
|
|
%build
|
|
# Build the binary.
|
|
export VERSION=%{version}
|
|
export COMMIT=%{commit}
|
|
go build \
|
|
-mod vendor -v -buildmode=pie \
|
|
-ldflags "-s -w -X main.gitCommit=$COMMIT -X main.version=$VERSION" \
|
|
-o %{name} cmd/kured/*go
|
|
|
|
%install
|
|
# Install the binary.
|
|
install -D -m 0755 %{name} "%{buildroot}/%{_bindir}/%{name}"
|
|
|
|
# Build the man page from markdown documentation.
|
|
go-md2man -in README.md -out %{name}.1
|
|
|
|
# Install the man page.
|
|
install -D -m 0644 %{name}.1 "%{buildroot}/%{_mandir}/man1/%{name}.1"
|
|
rm %{name}.1
|
|
|
|
# Install provided yaml file to download and run the kured container
|
|
mkdir -p %{buildroot}%{_datadir}/k8s-yaml/kured
|
|
cat kured-rbac.yaml kured-ds.yaml > %{buildroot}%{_datadir}/k8s-yaml/kured/kured.yaml
|
|
chmod 644 %{buildroot}%{_datadir}/k8s-yaml/kured/kured.yaml
|
|
sed -i -e 's|image: .*|image: registry.opensuse.org/kubic/kured:%{version}|g' %{buildroot}%{_datadir}/k8s-yaml/kured/kured.yaml
|
|
|
|
%fdupes %{buildroot}
|
|
|
|
%files
|
|
%doc README.md
|
|
%license LICENSE
|
|
%{_bindir}/%{name}
|
|
%{_mandir}/man1/kured.1.*
|
|
|
|
%files k8s-yaml
|
|
%dir %{_datarootdir}/k8s-yaml
|
|
%dir %{_datarootdir}/k8s-yaml/kured
|
|
%{_datarootdir}/k8s-yaml/kured/kured.yaml
|
|
|
|
%changelog
|
|
* Mon Sep 09 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.14.2-5
|
|
- Bump release to rebuild with go 1.22.7
|
|
|
|
* Thu Jun 06 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.14.2-4
|
|
- Bump release to rebuild with go 1.21.11
|
|
|
|
* Thu Apr 18 2024 chrisgun@microsoft.com <chrisgun@microsoft.com> - 1.14.2-3
|
|
- Fix for CVE-2023-45288
|
|
|
|
* Fri Feb 02 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.14.2-2
|
|
- Bump release to rebuild with go 1.21.6
|
|
|
|
* Tue Jan 16 2024 Mandeep Plaha <mandeepplaha@microsoft.com> - 1.14.2-1
|
|
- Upgrade to 1.14.2 for vendored go CVE-2023-39325
|
|
|
|
* Mon Nov 06 2023 Rachel Menge <rachelmenge@microsoft.com> - 1.13.2-1
|
|
- Upgrade to 1.13.2 for vendored go CVEs
|
|
|
|
* Mon Oct 16 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-15
|
|
- Bump release to rebuild with go 1.20.9
|
|
|
|
* Tue Oct 10 2023 Dan Streetman <ddstreet@ieee.org> - 1.9.1-14
|
|
- Bump release to rebuild with updated version of Go.
|
|
|
|
* Mon Aug 07 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-13
|
|
- Bump release to rebuild with go 1.19.12
|
|
|
|
* Thu Jul 13 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-12
|
|
- Bump release to rebuild with go 1.19.11
|
|
|
|
* Thu Jun 15 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-11
|
|
- Bump release to rebuild with go 1.19.10
|
|
|
|
* Wed Apr 05 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-10
|
|
- Bump release to rebuild with go 1.19.8
|
|
|
|
* Tue Mar 28 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-9
|
|
- Bump release to rebuild with go 1.19.7
|
|
|
|
* Wed Mar 15 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-8
|
|
- Bump release to rebuild with go 1.19.6
|
|
|
|
* Fri Feb 03 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-7
|
|
- Bump release to rebuild with go 1.19.5
|
|
|
|
* Wed Jan 18 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.9.1-6
|
|
- Bump release to rebuild with go 1.19.4
|
|
|
|
* Fri Dec 16 2022 Daniel McIlvaney <damcilva@microsoft.com> - 1.9.1-5
|
|
- Bump release to rebuild with go 1.18.8 with patch for CVE-2022-41717
|
|
|
|
* Tue Nov 01 2022 Olivia Crain <oliviacrain@microsoft.com> - 1.9.1-4
|
|
- Bump release to rebuild with go 1.18.8
|
|
|
|
* Mon Aug 22 2022 Olivia Crain <oliviacrain@microsoft.com> - 1.9.1-3
|
|
- Bump release to rebuild against Go 1.18.5
|
|
|
|
* Tue Jun 14 2022 Muhammad Falak <mwani@microsoft.com> - 1.9.1-2
|
|
- Bump release to rebuild with golang 1.18.3
|
|
|
|
* Wed Feb 09 2022 Henry Li <lihl@microsoft.com> - 1.9.1-1
|
|
- Upgrade to version 1.9.1
|
|
- Remove systemctl-path.patch
|
|
- Update kured-imagePullPolicy.patch
|
|
|
|
* Tue Oct 12 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.6.1-2
|
|
- Switching to using a single digit for the 'Release' tag.
|
|
|
|
* Fri Jun 18 2021 Henry Li <lihl@microsoft.com> 1.6.1-1.6
|
|
- Initial CBL-Mariner import from openSUSE Tumbleweed (license: same as "License" tag).
|
|
- License Verified
|
|
- Use golang as build dependency
|
|
- Remove {?ext_man}, which is not supported in CBL-Mariner
|
|
- Add %global debug_package %{nil} to resolve empty file error
|
|
- Use self-built go vendor source
|
|
- Add -v to the go build step
|
|
|
|
* Tue Feb 2 2021 kukuk@suse.com
|
|
- Update to version 1.6.1:
|
|
- add additional parameters to override the drain/reboot slack messages
|
|
- rename message template parameters so they are not related to slack
|
|
- Improve coordinated reboot output
|
|
- Add more logs into gates
|
|
- Added support for time wrap in timewindow.Contains
|
|
|
|
* Tue Nov 24 2020 kukuk@suse.com
|
|
- Update to version 1.5.1:
|
|
* rename annotation-ttl to lock-ttl in all places, follow-up to #213
|
|
* Drain: allow pods grace period to terminate
|
|
* Prepare 1.5.1 release
|
|
* Add lint job
|
|
* Make lint happier in pkg folder
|
|
* Make lint happier
|
|
* Remove prom-active-alerts
|
|
* update docs following #210
|
|
* run 'go mod tidy'
|
|
* Replaced --annotationTTL with --lockTTL and made it work correctly
|
|
* Refactor drain/uncordon
|
|
* Remove kubectl exception in container scanning
|
|
* Bump prometheus
|
|
* Use kubectl as library instead of calling from cli
|
|
* fix: Follow DKL-DI-0004 guideline
|
|
* feat: Add security scanning into CI
|
|
* add missing quote - thanks Karan Arora for reporting
|
|
* Bump helm chart version
|
|
* Remove quote for parameter alert-filter-regexp
|
|
* Release helper
|
|
|
|
* Mon Sep 21 2020 kukuk@suse.com
|
|
- Update to version 1.5.0:
|
|
* Prepare 1.5.0 release
|
|
* Bump helm/kind-action from v1.0.0-rc.1 to v1.0.0
|
|
* Bump helm/chart-testing-action from v1.0.0-rc.2 to v1.0.0
|
|
* Add dependabot
|
|
* Prepare for k8s release 1.19 (Aug 25)
|
|
|
|
* Fri Aug 14 2020 kukuk@suse.com
|
|
- Update to version 1.4.5:
|
|
* document how releases are town wrt Helm bits
|
|
* bump versions for 1.4.5 release
|
|
* Use nindent, not indent
|
|
* chart: update readme
|
|
* Bump chart version
|
|
* Add missing 'end'
|
|
* Chart: Support extraEnvVars
|
|
* update install instructions to use latest
|
|
* update chart version
|
|
* Prep for 1.4.4 release
|
|
* bump and fix
|
|
* split matchLabels template
|
|
* restructured and improved service
|
|
|
|
* Tue Jun 30 2020 dmueller@suse.com
|
|
- Update to version 1.4.3:
|
|
* bump and fix
|
|
* split matchLabels template
|
|
* restructured and improved service
|
|
* bumped kured to upcoming 1.4.3 fixed servicemonitor indent fixed quotes for arguments
|
|
* update things for 1.4.2 release
|
|
* Use GITHUB_TOKEN for releasing chart
|
|
* make markdownlint happier
|
|
* update version
|
|
* prepare chart-release for 1.4.1
|
|
* Revert #139
|
|
- use obs-service for regenerating vendor.tar.gz
|
|
|
|
* Tue Jun 30 2020 Thorsten Kukuk <kukuk@suse.com>
|
|
- Update to version 1.4.2
|
|
- Adding --annotation-ttl for automatic unlock
|
|
- Refresh vendor.tar.xz
|
|
|
|
* Mon May 18 2020 Thorsten Kukuk <kukuk@suse.com>
|
|
- kured-imagePullPolicy.patch: always update the image
|
|
|
|
* Sun May 17 2020 Thorsten Kukuk <kukuk@suse.com>
|
|
- systemctl-path.patch: last systemd update removed symlinks
|
|
from /bin ...
|
|
|
|
* Mon May 11 2020 Thorsten Kukuk <kukuk@suse.com>
|
|
- Update to version 1.4.0
|
|
- Updated kubectl, client-go, etc to k8s 1.17 (#127, #135)
|
|
- Update to go 1.13 (#130)
|
|
- print node id when commanding reboot (#134)
|
|
|
|
* Wed Apr 22 2020 Dominique Leuenberger <dimstar@opensuse.org>
|
|
- Fix build-dependency: we require golang(API) 1.12, not the exact
|
|
go package version 1.12.
|
|
|
|
* Mon Mar 2 2020 Thorsten Kukuk <kukuk@suse.com>
|
|
- Update to version 1.3.0
|
|
- Update k8s client tools to 1.15.x
|
|
- Ad Slack channel name configuration
|
|
- Add reboot window
|
|
- Obsoletes k8s-1.14.diff
|
|
- Remove kured-telemetrics.patch, chances that upstream accepts
|
|
any third party code are nearly zero.
|
|
- Update vendor.tar.xz
|
|
|
|
* Mon Jun 24 2019 kukuk@suse.de
|
|
- k8s-1.14.diff: kubernetes 1.14.1 support from git
|
|
|
|
* Wed Jun 5 2019 kukuk@suse.de
|
|
- Fix path to image in manifest
|
|
|
|
* Wed May 22 2019 kukuk@suse.de
|
|
- Update to version 1.2.0
|
|
- support newer kubernetes versions
|
|
- Adjust kured-telemetrics.patch
|
|
- Update vendor.tar.gz with recent versions
|
|
|
|
* Sat Apr 6 2019 kukuk@suse.de
|
|
- Enable building on s390x
|
|
|
|
* Thu Mar 28 2019 Jan Engelhardt <jengelh@inai.de>
|
|
- Combine %%setup calls.
|
|
|
|
* Thu Mar 28 2019 kukuk@suse.de
|
|
- kured-telemetrics.patch: add hooks for telemetrics data
|
|
- Renamed kured-yaml to kured-k8s-yaml to follow new policy
|
|
|
|
* Thu Feb 28 2019 kukuk@suse.de
|
|
- Change path in yaml file to point to official container image
|
|
|
|
* Fri Jan 18 2019 kukuk@suse.de
|
|
- Create a correct yaml file to download and run the kured container
|
|
image in a kubernetes cluster
|
|
- Create new subpackage containing only the yaml file, so that
|
|
people using the container don't need to install the not needed
|
|
full package.
|
|
|
|
* Thu Nov 15 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
- Update to kured 1.1.0
|
|
- Upstream bumped dependency on go1.10 via dependency k8s.io/client-go 0.9.0
|
|
https://github.com/kubernetes/client-go
|
|
- Provide dependencies in separate vendor.tar.gz
|
|
- Improvements
|
|
* RBAC support
|
|
* Use the systemctl in the host mount namespace to effect reboots, reducing
|
|
image size and eliminating the potential for incompatibility
|
|
* Notify Slack on drain in addition to reboot
|
|
* Pass through log output from invoked kubectl commands
|
|
* Tolerate NoSchedule taint on node-role.kubernetes.io/master
|
|
* Fixed reversal of daemonset name/namespace arguments and comments in the
|
|
manifest
|
|
- Kubernetes Version Compatibility
|
|
* The daemon image contains a 1.12.x k8s.io/client-go and kubectl binary for
|
|
the purposes of maintaining the lock and draining worker nodes. Kubernetes
|
|
aims to provide forwards & backwards compatibility of one minor version
|
|
between client and server, so this should work on 1.11.x and 1.13.x.
|
|
* Tested in minikube on 1.11.4, 1.12.1 & 1.13.0-alpha.2
|
|
* Tested in production on 1.11.2 & 1.12.2
|
|
|
|
* Thu Sep 13 2018 jkowalczyk@suse.com
|
|
- Remove hardcoded GOARCH=amd64 and GOOS=linux
|
|
- Revise go build arg -ldflags and add -buildmode=pie
|
|
- Together these fix rpmlint warnings:
|
|
* position-independent-executable-suggested
|
|
* statically-linked-binary
|
|
- Upstream kured project code imports package as 'context'. Bump BuildRequires
|
|
to go1.7 wherein import path for package context graduates from
|
|
'golang.org/x/net/context' to the standard library as 'context'.
|
|
https://golang.org/doc/go1.7#context
|
|
- Bump release number
|
|
|
|
* Wed Sep 12 2018 jkowalczyk@suse.com
|
|
- Initial packaging of upstream master branch @ 5731b98 (tagged 1.0.0 + 24)
|
|
- Include 24 commits since release 1.0.0 updating kubernetes version support
|
|
- Dependency sources vendored via dep ensure per upstream build instructions
|
|
- Man page converted from README.md, some HTML formatting artifacts present
|
|
- rpmlint warning: position-independent-executable-suggested
|
|
* go1.11 currently in review status supports option -buildmode=pie
|
|
- rpmlint warning: statically-linked-binary
|
|
* Go binaries are generally statically linked
|