wolfi-dev · imjasonh · Jun 29, 2023 · Jun 23, 2023 · Jun 27, 2023
diff --git a/kubectl.yaml b/kubectl.yaml
diff --git a/kubernetes-1.24.yaml b/kubernetes-1.24.yaml
@@ -0,0 +1,177 @@
+package:
+  name: kubernetes-1.24
+  version: 1.24.15
+  epoch: 0
+  description: Production-Grade Container Scheduling and Management
+  copyright:
+    - license: Apache-2.0
+
+environment:
+  contents:
+    packages:
+      - busybox
+      - bash
+      - ca-certificates-bundle
+      - build-base
+      - go
+      - go-bindata
+      - linux-headers
+      - grep
+      - jq
+      - coreutils # needed for non busybox version of `mktemp`
+      - findutils # needed for non busybox version of `xargs`
+      - rsync
+      - apk-tools
+
+# "transform" the kubernetes version into the corresponding pause version, these don't always line up
+var-transforms:
+  - from: ${{package.version}}
+    match: ^(.+)$
+    replace: 3.7
+    to: pause-version
+
+vars:
+  components: "kubectl kubeadm kubelet kube-scheduler kube-proxy kube-controller-manager kube-apiserver"
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/kubernetes/kubernetes
+      tag: v${{package.version}}
+      expected-commit: 2c67202dc0bb96a7a837cbfb8d72e1f34dfc2808
+
+  - runs: |
+      # Mitigate GHSA-hqxw-f8mx-cpmw / CVE-2023-2253
+      ./hack/pin-dependency.sh github.com/docker/distribution v2.8.2
+      ./hack/update-vendor.sh
+      ./hack/lint-dependencies.sh
+
+  - runs: |
+      WHAT=""
+      for c in ${{vars.components}} ; do
+        WHAT="$WHAT cmd/$c"
+      done
+
+      make WHAT="$WHAT"
+
+  - runs: |
+      mkdir -p "${{targets.destdir}}"/usr/bin/
+      install -m755 _output/bin/* ${{targets.destdir}}/usr/bin/
+
+      mkdir -p "${{targets.destdir}}"/etc/kubernetes
+
+subpackages:
+  - name: kubectl-1.24
+    description: A command line tool for communicating with a Kubernetes API server
+    dependencies:
+      provides:
+        - kubectl=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubectl ${{targets.subpkgdir}}/usr/bin/kubectl
+
+          mkdir -p "${{targets.subpkgdir}}"/usr/share/bash-completion/completions
+          _output/bin/kubectl completion bash > "${{targets.subpkgdir}}"/usr/share/bash-completion/completions/kubectl
+
+  - name: kubeadm-1.24
+    description: A tool for quickly installing Kubernetes and setting up a secure cluster
+    dependencies:
+      runtime:
+        - iproute2
+        - socat
+        - ethtool
+        - conntrack-tools
+        - crictl
+      provides:
+        - kubeadm=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubeadm ${{targets.subpkgdir}}/usr/bin/kubeadm
+
+          mkdir -p "${{targets.subpkgdir}}"/usr/share/bash-completion/completions
+          _output/bin/kubeadm completion bash > "${{targets.subpkgdir}}"/usr/share/bash-completion/completions/kubeadm
+
+  - name: kubelet-1.24
+    description: An agent that runs on each node in a Kubernetes cluster making sure that containers are running in a Pod
+    dependencies:
+      runtime:
+        - ip6tables
+      provides:
+        - kubelet=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubelet ${{targets.subpkgdir}}/usr/bin/kubelet
+
+          install -d ${{targets.subpkgdir}}/var/lib/kubelet
+          install -d ${{targets.subpkgdir}}/var/log/kubelet
+
+  - name: kube-scheduler-1.24
+    description: Kubernetes control plane component watching over pods on nodes
+    dependencies:
+      provides:
+        - kube-scheduler=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-scheduler ${{targets.subpkgdir}}/usr/bin/kube-scheduler
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-scheduler
+
+  - name: kube-proxy-1.24
+    description: Kubernetes network proxy that runs on each node
+    dependencies:
+      provides:
+        - kube-proxy=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-proxy ${{targets.subpkgdir}}/usr/bin/kube-proxy
+
+          install -d ${{targets.subpkgdir}}/var/lib/kube-proxy
+          install -d ${{targets.subpkgdir}}/var/log/kube-proxy
+
+  - name: kube-controller-manager-1.24
+    description: Kubernetes control plane component that runs controller processes
+    dependencies:
+      provides:
+        - kube-controller-manager=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-controller-manager ${{targets.subpkgdir}}/usr/bin/kube-controller-manager
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-controller-manager
+
+  - name: kube-apiserver-1.24
+    description: Kubernetes control plane component exposing the Kubernetes API
+    dependencies:
+      provides:
+        - kube-apiserver=1.24
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-apiserver ${{targets.subpkgdir}}/usr/bin/kube-apiserver
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-apiserver
+
+  - name: kubernetes-pause-3.7
+    description: ""
+    dependencies:
+      provides:
+        - kubernetes-pause=3.7
+    pipeline:
+      - working-directory: /home/build/build/pause
+        runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin/
+          CFLAGS="$CFLAGS -static -DVERSION=${{vars.pause-version}}-${{package.version}}"
+          gcc -o "${{targets.subpkgdir}}"/usr/bin/pause linux/pause.c
+
+update:
+  enabled: true
+  github:
+    identifier: kubernetes/kubernetes
+    strip-prefix: v
+    tag-filter: v1.24
diff --git a/kubernetes-1.25.yaml b/kubernetes-1.25.yaml
@@ -0,0 +1,177 @@
+package:
+  name: kubernetes-1.25
+  version: 1.25.11
+  epoch: 0
+  description: Production-Grade Container Scheduling and Management
+  copyright:
+    - license: Apache-2.0
+
+environment:
+  contents:
+    packages:
+      - busybox
+      - bash
+      - ca-certificates-bundle
+      - build-base
+      - go
+      - go-bindata
+      - linux-headers
+      - grep
+      - jq
+      - coreutils # needed for non busybox version of `mktemp`
+      - findutils # needed for non busybox version of `xargs`
+      - rsync
+      - apk-tools
+
+# "transform" the kubernetes version into the corresponding pause version, these don't always line up
+var-transforms:
+  - from: ${{package.version}}
+    match: ^(.+)$
+    replace: 3.8
+    to: pause-version
+
+vars:
+  components: "kubectl kubeadm kubelet kube-scheduler kube-proxy kube-controller-manager kube-apiserver"
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/kubernetes/kubernetes
+      tag: v${{package.version}}
+      expected-commit: 8cfcba0b15c343a8dc48567a74c29ec4844e0b9e
+
+  - runs: |
+      # Mitigate GHSA-hqxw-f8mx-cpmw / CVE-2023-2253
+      ./hack/pin-dependency.sh github.com/docker/distribution v2.8.2
+      ./hack/update-vendor.sh
+      ./hack/lint-dependencies.sh
+
+  - runs: |
+      WHAT=""
+      for c in ${{vars.components}} ; do
+        WHAT="$WHAT cmd/$c"
+      done
+
+      make WHAT="$WHAT"
+
+  - runs: |
+      mkdir -p "${{targets.destdir}}"/usr/bin/
+      install -m755 _output/bin/* ${{targets.destdir}}/usr/bin/
+
+      mkdir -p "${{targets.destdir}}"/etc/kubernetes
+
+subpackages:
+  - name: kubectl-1.25
+    description: A command line tool for communicating with a Kubernetes API server
+    dependencies:
+      provides:
+        - kubectl=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubectl ${{targets.subpkgdir}}/usr/bin/kubectl
+
+          mkdir -p "${{targets.subpkgdir}}"/usr/share/bash-completion/completions
+          _output/bin/kubectl completion bash > "${{targets.subpkgdir}}"/usr/share/bash-completion/completions/kubectl
+
+  - name: kubeadm-1.25
+    description: A tool for quickly installing Kubernetes and setting up a secure cluster
+    dependencies:
+      runtime:
+        - iproute2
+        - socat
+        - ethtool
+        - conntrack-tools
+        - crictl
+      provides:
+        - kubeadm=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubeadm ${{targets.subpkgdir}}/usr/bin/kubeadm
+
+          mkdir -p "${{targets.subpkgdir}}"/usr/share/bash-completion/completions
+          _output/bin/kubeadm completion bash > "${{targets.subpkgdir}}"/usr/share/bash-completion/completions/kubeadm
+
+  - name: kubelet-1.25
+    description: An agent that runs on each node in a Kubernetes cluster making sure that containers are running in a Pod
+    dependencies:
+      runtime:
+        - ip6tables
+      provides:
+        - kubelet=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kubelet ${{targets.subpkgdir}}/usr/bin/kubelet
+
+          install -d ${{targets.subpkgdir}}/var/lib/kubelet
+          install -d ${{targets.subpkgdir}}/var/log/kubelet
+
+  - name: kube-scheduler-1.25
+    description: Kubernetes control plane component watching over pods on nodes
+    dependencies:
+      provides:
+        - kube-scheduler=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-scheduler ${{targets.subpkgdir}}/usr/bin/kube-scheduler
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-scheduler
+
+  - name: kube-proxy-1.25
+    description: Kubernetes network proxy that runs on each node
+    dependencies:
+      provides:
+        - kube-proxy=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-proxy ${{targets.subpkgdir}}/usr/bin/kube-proxy
+
+          install -d ${{targets.subpkgdir}}/var/lib/kube-proxy
+          install -d ${{targets.subpkgdir}}/var/log/kube-proxy
+
+  - name: kube-controller-manager-1.25
+    description: Kubernetes control plane component that runs controller processes
+    dependencies:
+      provides:
+        - kube-controller-manager=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-controller-manager ${{targets.subpkgdir}}/usr/bin/kube-controller-manager
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-controller-manager
+
+  - name: kube-apiserver-1.25
+    description: Kubernetes control plane component exposing the Kubernetes API
+    dependencies:
+      provides:
+        - kube-apiserver=1.25
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          install -m755 _output/bin/kube-apiserver ${{targets.subpkgdir}}/usr/bin/kube-apiserver
+
+          install -d ${{targets.subpkgdir}}/var/log/kube-apiserver
+
+  - name: kubernetes-pause-3.8
+    description: ""
+    dependencies:
+      provides:
+        - kubernetes-pause=3.8
+    pipeline:
+      - working-directory: /home/build/build/pause
+        runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin/
+          CFLAGS="$CFLAGS -static -DVERSION=${{vars.pause-version}}-${{package.version}}"
+          gcc -o "${{targets.subpkgdir}}"/usr/bin/pause linux/pause.c
+
+update:
+  enabled: true
+  github:
+    identifier: kubernetes/kubernetes
+    strip-prefix: v
+    tag-filter: v1.25