2023-03-10 05:56:30 +08:00
#!/bin/bash
2019-12-18 16:29:57 +08:00
2023-03-10 05:56:30 +08:00
set -o errexit
set -o pipefail
if [ [ ${ DEBUG :- false } = = "true" ] ] ; then
set -o xtrace
2019-12-18 16:29:57 +08:00
fi
2023-03-10 05:56:30 +08:00
checksums_file = " $( git rev-parse --show-toplevel) /roles/download/defaults/main/checksums.yml "
downloads_folder = /tmp/kubespray_binaries
function get_versions {
local type = " $1 "
local name = " $2 "
# NOTE: Limit in the number of versions to be register in the checksums file
local limit = " ${ 3 :- 7 } "
local python_app = " ${ 4 :- " import sys,re;tags=[tag.rstrip() for tag in sys.stdin if re.match(\'^v?(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*) $\',tag)];print(\' \'.join(tags[: $limit ])) " } "
local version = ""
local attempt_counter = 0
readonly max_attempts = 5
until [ " $version " ] ; do
version = $( " _get_ $type " " $name " " $python_app " )
if [ " $version " ] ; then
break
elif [ ${ attempt_counter } -eq ${ max_attempts } ] ; then
echo "Max attempts reached"
exit 1
fi
attempt_counter = $(( attempt_counter + 1 ))
sleep $(( attempt_counter * 2 ))
2019-12-18 16:29:57 +08:00
done
2023-03-10 05:56:30 +08:00
echo " ${ version } "
}
function _get_github_tags {
local repo = " $1 "
local python_app = " $2 "
# The number of results per page (max 100).
tags = " $( curl -s " https://api.github.com/repos/ $repo /tags?per_page=100 " ) "
if [ " $tags " ] ; then
echo " $tags " | grep -Po '"name":.*?[^\\]",' | awk -F '"' '{print $4}' | python -c " $python_app "
fi
}
function _vercmp {
local v1 = $1
local op = $2
local v2 = $3
local result
# sort the two numbers with sort's "-V" argument. Based on if v2
# swapped places with v1, we can determine ordering.
result = $( echo -e " $v1 \n $v2 " | sort -V | head -1)
case $op in
"==" )
[ " $v1 " = " $v2 " ]
return
; ;
">" )
[ " $v1 " != " $v2 " ] && [ " $result " = " $v2 " ]
return
; ;
"<" )
[ " $v1 " != " $v2 " ] && [ " $result " = " $v1 " ]
return
; ;
">=" )
[ " $result " = " $v2 " ]
return
; ;
"<=" )
[ " $result " = " $v1 " ]
return
; ;
*)
echo " unrecognised op: $op "
exit 1
; ;
esac
}
function get_checksums {
local binary = " $1 "
2023-08-09 10:33:51 +08:00
local version_exceptions = "cri_dockerd_archive nerdctl_archive containerd_archive youki"
2023-03-10 05:56:30 +08:00
declare -A skip_archs = (
[ "crio_archive" ] = "arm ppc64le"
[ "calicoctl_binary" ] = "arm"
[ "ciliumcli_binary" ] = "ppc64le"
[ "etcd_binary" ] = "arm"
[ "cri_dockerd_archive" ] = "arm ppc64le"
[ "runc" ] = "arm"
[ "crun" ] = "arm ppc64le"
[ "youki" ] = "arm arm64 ppc64le"
[ "kata_containers_binary" ] = "arm arm64 ppc64le"
[ "gvisor_runsc_binary" ] = "arm ppc64le"
[ "gvisor_containerd_shim_binary" ] = "arm ppc64le"
[ "containerd_archive" ] = "arm"
[ "skopeo_binary" ] = "arm ppc64le"
)
echo " ${ binary } _checksums: " | tee --append " $checksums_file "
for arch in arm arm64 amd64 ppc64le; do
echo " $arch : " | tee --append " $checksums_file "
for version in " ${ @ : 2 } " ; do
checksum = 0
[ [ " ${ skip_archs [ $binary ] } " = = *" $arch " * ] ] || checksum = $( _get_checksum " $binary " " $version " " $arch " )
[ [ " $version_exceptions " != *" $binary " * ] ] || version = ${ version #v }
echo " $version : $checksum " | tee --append " $checksums_file "
done
done
}
function get_krew_archive_checksums {
declare -A archs = (
[ "linux" ] = "arm arm64 amd64"
[ "darwin" ] = "arm64 amd64"
[ "windows" ] = "amd64"
)
echo "krew_archive_checksums:" | tee --append " $checksums_file "
for os in " ${ !archs[@] } " ; do
echo " $os : " | tee --append " $checksums_file "
for arch in arm arm64 amd64 ppc64le; do
echo " $arch : " | tee --append " $checksums_file "
for version in " $@ " ; do
checksum = 0
[ [ " ${ archs [ $os ] } " != *" $arch " * ] ] || checksum = $( _get_checksum "krew_archive" " $version " " $arch " " $os " )
echo " $version : $checksum " | tee --append " $checksums_file "
done
done
done
}
function get_calico_crds_archive_checksums {
echo "calico_crds_archive_checksums:" | tee --append " $checksums_file "
for version in " $@ " ; do
echo " $version : $( _get_checksum "calico_crds_archive" " $version " ) " | tee --append " $checksums_file "
done
}
function get_containerd_archive_checksums {
declare -A support_version_history = (
[ "arm" ] = "2"
[ "arm64" ] = "1.6.0"
[ "amd64" ] = "1.5.5"
[ "ppc64le" ] = "1.6.7"
)
echo "containerd_archive_checksums:" | tee --append " $checksums_file "
for arch in arm arm64 amd64 ppc64le; do
echo " $arch : " | tee --append " $checksums_file "
for version in " ${ @ } " ; do
_vercmp " ${ version #v } " '>=' " ${ support_version_history [ $arch ] } " && checksum = $( _get_checksum "containerd_archive" " $version " " $arch " ) || checksum = 0
echo " ${ version #v } : $checksum " | tee --append " $checksums_file "
done
done
}
2023-06-19 17:52:22 +08:00
function get_k8s_checksums {
local binary = $1
echo " ${ binary } _checksums: " | tee --append " $checksums_file "
echo " arm:" | tee --append " $checksums_file "
for version in " ${ @ : 2 } " ; do
2023-07-05 18:32:58 +08:00
_vercmp " ${ version #v } " '<' "1.27" && checksum = $( _get_checksum " $binary " " $version " "arm" ) || checksum = 0
echo " ${ version } : $checksum " | tee --append " $checksums_file "
2023-06-19 17:52:22 +08:00
done
for arch in arm64 amd64 ppc64le; do
echo " $arch : " | tee --append " $checksums_file "
for version in " ${ @ : 2 } " ; do
2023-07-05 18:32:58 +08:00
echo " ${ version } : $( _get_checksum " $binary " " $version " " $arch " ) " | tee --append " $checksums_file "
2023-06-19 17:52:22 +08:00
done
done
}
2023-03-10 05:56:30 +08:00
function _get_checksum {
local binary = " $1 "
local version = " $2 "
local arch = " ${ 3 :- amd64 } "
local os = " ${ 4 :- linux } "
local target = " $downloads_folder / $binary / $version - $os - $arch "
readonly github_url = "https://github.com"
readonly github_releases_url = " $github_url /%s/releases/download/ $version /%s "
readonly github_archive_url = " $github_url /%s/archive/%s "
readonly google_url = "https://storage.googleapis.com"
2023-05-23 08:50:21 +08:00
readonly release_url = "https://dl.k8s.io"
readonly k8s_url = " $release_url /release/ $version /bin/ $os / $arch /%s "
2023-03-10 05:56:30 +08:00
# Download URLs
declare -A urls = (
[ "crictl" ] = " $( printf " $github_releases_url " "kubernetes-sigs/cri-tools" " crictl- $version - $os - $arch .tar.gz " ) "
2023-06-19 17:52:22 +08:00
[ "crio_archive" ] = " $google_url /cri-o/artifacts/cri-o. $arch . $version .tar.gz "
2023-03-10 05:56:30 +08:00
[ "kubelet" ] = " $( printf " $k8s_url " "kubelet" ) "
[ "kubectl" ] = " $( printf " $k8s_url " "kubectl" ) "
[ "kubeadm" ] = " $( printf " $k8s_url " "kubeadm" ) "
[ "etcd_binary" ] = " $( printf " $github_releases_url " "etcd-io/etcd" " etcd- $version - $os - $arch .tar.gz " ) "
[ "cni_binary" ] = " $( printf " $github_releases_url " "containernetworking/plugins" " cni-plugins- $os - $arch - $version .tgz " ) "
[ "calicoctl_binary" ] = " $( printf " $github_releases_url " "projectcalico/calico" " calicoctl- $os - $arch " ) "
[ "ciliumcli_binary" ] = " $( printf " $github_releases_url " "cilium/cilium-cli" " cilium- $os - $arch .tar.gz " ) "
[ "calico_crds_archive" ] = " $( printf " $github_archive_url " "projectcalico/calico" " $version .tar.gz " ) "
[ "krew_archive" ] = " $( printf " $github_releases_url " "kubernetes-sigs/krew" " krew- ${ os } _ $arch .tar.gz " ) "
[ "helm_archive" ] = " https://get.helm.sh/helm- $version - $os - $arch .tar.gz "
[ "cri_dockerd_archive" ] = " $( printf " $github_releases_url " "Mirantis/cri-dockerd" " cri-dockerd- ${ version #v } . $arch .tgz " ) "
[ "runc" ] = " $( printf " $github_releases_url " "opencontainers/runc" " runc. $arch " ) "
[ "crun" ] = " $( printf " $github_releases_url " "containers/crun" " crun- $version - $os - $arch " ) "
[ "youki" ] = " $( printf " $github_releases_url " "containers/youki" " youki_ $( [ $version = = "v0.0.1" ] && echo "v0_0_1" || echo " ${ version #v } " | sed 's|\.|_|g' ) _ $os .tar.gz " ) "
[ "kata_containers_binary" ] = " $( printf " $github_releases_url " "kata-containers/kata-containers" " kata-static- $version - ${ arch //amd64/x86_64 } .tar.xz " ) "
[ "gvisor_runsc_binary" ] = " $( printf " $google_url /gvisor/releases/release/ $version /%s/runsc " " $( echo " $arch " | sed -e 's/amd64/x86_64/' -e 's/arm64/aarch64/' ) " ) "
[ "gvisor_containerd_shim_binary" ] = " $( printf " $google_url /gvisor/releases/release/ $version /%s/containerd-shim-runsc-v1 " " $( echo " $arch " | sed -e 's/amd64/x86_64/' -e 's/arm64/aarch64/' ) " ) "
[ "nerdctl_archive" ] = " $( printf " $github_releases_url " "containerd/nerdctl" " nerdctl- ${ version #v } - $os - $( [ " $arch " = = "arm" ] && echo "arm-v7" || echo " $arch " ) .tar.gz " ) "
[ "containerd_archive" ] = " $( printf " $github_releases_url " "containerd/containerd" " containerd- ${ version #v } - $os - $arch .tar.gz " ) "
[ "skopeo_binary" ] = " $( printf " $github_releases_url " "lework/skopeo-binary" " skopeo- $os - $arch " ) "
[ "yq" ] = " $( printf " $github_releases_url " "mikefarah/yq" " yq_ ${ os } _ $arch " ) "
)
mkdir -p " $( dirname $target ) "
[ -f " $target " ] || curl -LfSs -o " ${ target } " " ${ urls [ $binary ] } "
sha256sum ${ target } | awk '{print $1}'
}
function main {
mkdir -p " $( dirname " $checksums_file " ) "
echo "---" | tee " $checksums_file "
2023-07-05 18:32:58 +08:00
get_checksums crictl $( get_versions github_tags kubernetes-sigs/cri-tools 4)
2023-03-10 05:56:30 +08:00
get_checksums crio_archive $( get_versions github_tags cri-o/cri-o)
2023-07-05 18:32:58 +08:00
kubernetes_versions = $( get_versions github_tags kubernetes/kubernetes 25)
2023-03-10 05:56:30 +08:00
echo "# Checksum" | tee --append " $checksums_file "
echo "# Kubernetes versions above Kubespray's current target version are untested and should be used with caution." | tee --append " $checksums_file "
2023-06-19 17:52:22 +08:00
get_k8s_checksums kubelet $kubernetes_versions
2023-03-10 05:56:30 +08:00
get_checksums kubectl $kubernetes_versions
2023-06-19 17:52:22 +08:00
get_k8s_checksums kubeadm $kubernetes_versions
2023-03-10 05:56:30 +08:00
get_checksums etcd_binary $( get_versions github_tags etcd-io/etcd)
get_checksums cni_binary $( get_versions github_tags containernetworking/plugins)
calico_versions = $( get_versions github_tags projectcalico/calico 20)
get_checksums calicoctl_binary $calico_versions
get_checksums ciliumcli_binary $( get_versions github_tags cilium/cilium-cli 10)
get_calico_crds_archive_checksums $calico_versions
get_krew_archive_checksums $( get_versions github_tags kubernetes-sigs/krew 2)
get_checksums helm_archive $( get_versions github_tags helm/helm)
get_checksums cri_dockerd_archive $( get_versions github_tags Mirantis/cri-dockerd)
get_checksums runc $( get_versions github_tags opencontainers/runc 5)
get_checksums crun $( get_versions github_tags containers/crun)
get_checksums youki $( get_versions github_tags containers/youki)
get_checksums kata_containers_binary $( get_versions github_tags kata-containers/kata-containers 10)
gvisor_versions = $( get_versions github_tags google/gvisor 0 " import sys,re;tags=[tag[8:16] for tag in sys.stdin if re.match('^release-?(0|[1-9]\d*)\.(0|[1-9]\d*) $',tag)];print(' '.join(tags[:9])) " )
get_checksums gvisor_runsc_binary $gvisor_versions
get_checksums gvisor_containerd_shim_binary $gvisor_versions
get_checksums nerdctl_archive $( get_versions github_tags containerd/nerdctl)
get_containerd_archive_checksums $( get_versions github_tags containerd/containerd 30)
get_checksums skopeo_binary $( get_versions github_tags lework/skopeo-binary)
get_checksums yq $( get_versions github_tags mikefarah/yq)
}
if [ [ ${ __name__ :- "__main__" } = = "__main__" ] ] ; then
main
fi
