rke2: update and release packages by official release channels (#315599)
Get the legal go version from the k8s project. Use the `buildGoModule` compilation package instead of patching the build script. Add documents to explain Release Channels and support strategies. Increase the metadata `eol` (End of Life) to mark the life cycle of the package.
This commit is contained in:
parent
507146ab23
commit
d8a5a620da
25
pkgs/applications/networking/cluster/rke2/README.md
Normal file
25
pkgs/applications/networking/cluster/rke2/README.md
Normal file
|
@ -0,0 +1,25 @@
|
|||
# RKE2 Version
|
||||
|
||||
RKE2, Kubernetes, and other clustered software has the property of not being able to update atomically. Most software in nixpkgs, like for example bash, can be updated as part of a `nixos-rebuild switch` without having to worry about the old and the new bash interacting in some way.
|
||||
|
||||
> [!NOTE]
|
||||
> Upgrade the server nodes first, one at a time. Once all servers have been upgraded, you may then upgrade agent nodes.
|
||||
|
||||
## Release Channels
|
||||
|
||||
RKE2 has there own release channels, which are: `stable`, `latest` and `testing`.
|
||||
|
||||
The `stable` channel is the default channel and is recommended for production use. The `latest` channel is the latest stable release. The `testing` channel is the latest release, including pre-releases.
|
||||
|
||||
| Channel | Description |
|
||||
| --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `stable` | **(Default)** Stable is recommended for production environments. These releases have been through a period of community hardening, and are compatible with the most recent release of Rancher. |
|
||||
| `latest` | Latest is recommended for trying out the latest features. These releases have not yet been through a period of community hardening, and may not be compatible with Rancher. |
|
||||
| `testing` | The most recent release, including pre-releases. |
|
||||
|
||||
Learn more about the [RKE2 release channels](https://docs.rke2.io/upgrade/manual_upgrade).
|
||||
|
||||
For an exhaustive and up-to-date list of channels, you can visit the [rke2 channel service API](https://update.rke2.io/v1-release/channels). For more technical details on how channels work, you can see the [channelserver project](https://github.com/rancher/channelserver).
|
||||
|
||||
> [!TIP]
|
||||
> When attempting to upgrade to a new version of RKE2, the [Kubernetes version skew policy](https://kubernetes.io/docs/setup/release/version-skew-policy) applies. Ensure that your plan does not skip intermediate minor versions when upgrading. Nothing in the upgrade process will protect against unsupported changes to the Kubernetes version.
|
99
pkgs/applications/networking/cluster/rke2/builder.nix
Normal file
99
pkgs/applications/networking/cluster/rke2/builder.nix
Normal file
|
@ -0,0 +1,99 @@
|
|||
lib: { rke2Version, rke2RepoSha256, rke2VendorHash, updateScript
|
||||
|
||||
, rke2Commit, k8sImageTag, etcdVersion, pauseVersion, ccmVersion, dockerizedVersion, ... }:
|
||||
|
||||
{ lib, stdenv, buildGoModule, go, fetchgit, makeWrapper
|
||||
|
||||
# Runtime dependencies
|
||||
, procps, coreutils, util-linux, ethtool, socat, iptables, bridge-utils, iproute2, kmod, lvm2
|
||||
|
||||
# Testing dependencies
|
||||
, nixosTests, testers, rke2
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "rke2";
|
||||
version = rke2Version;
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://github.com/rancher/rke2.git";
|
||||
rev = "v${version}";
|
||||
sha256 = rke2RepoSha256;
|
||||
};
|
||||
|
||||
vendorHash = rke2VendorHash;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
# Important utilities used by the kubelet.
|
||||
# See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
|
||||
# Notice the list in that issue is stale, but as a redundancy reservation.
|
||||
buildInputs = [
|
||||
procps # pidof pkill
|
||||
coreutils # uname touch env nice du
|
||||
util-linux # lsblk fsck mkfs nsenter mount umount
|
||||
ethtool # ethtool
|
||||
socat # socat
|
||||
iptables # iptables iptables-restore iptables-save
|
||||
bridge-utils # brctl
|
||||
iproute2 # ip tc
|
||||
kmod # modprobe
|
||||
lvm2 # dmsetup
|
||||
];
|
||||
|
||||
# See: https://github.com/rancher/rke2/blob/e7f87c6dd56fdd76a7dab58900aeea8946b2c008/scripts/build-binary#L27-L38
|
||||
ldflags = [
|
||||
"-w"
|
||||
"-X github.com/k3s-io/k3s/pkg/version.GitCommit=${lib.substring 0 6 rke2Commit}"
|
||||
"-X github.com/k3s-io/k3s/pkg/version.Program=${pname}"
|
||||
"-X github.com/k3s-io/k3s/pkg/version.Version=v${version}"
|
||||
"-X github.com/k3s-io/k3s/pkg/version.UpstreamGolang=go${go.version}"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultRegistry=docker.io"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${etcdVersion}-build20240418"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${k8sImageTag}"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultPauseImage=rancher/mirrored-pause:${pauseVersion}"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultRuntimeImage=rancher/rke2-runtime:${dockerizedVersion}"
|
||||
"-X github.com/rancher/rke2/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${ccmVersion}"
|
||||
];
|
||||
|
||||
tags = [
|
||||
"no_cri_dockerd"
|
||||
"no_embedded_executor"
|
||||
"no_stage"
|
||||
"sqlite_omit_load_extension"
|
||||
"selinux"
|
||||
"netgo"
|
||||
"osusergo"
|
||||
];
|
||||
|
||||
subPackages = [ "." ];
|
||||
|
||||
installPhase = ''
|
||||
install -D $GOPATH/bin/rke2 $out/bin/rke2
|
||||
wrapProgram $out/bin/rke2 \
|
||||
--prefix PATH : ${lib.makeBinPath buildInputs}
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
|
||||
passthru.updateScript = updateScript;
|
||||
|
||||
passthru.tests = {
|
||||
version = testers.testVersion {
|
||||
package = rke2;
|
||||
version = "v${version}";
|
||||
};
|
||||
} // lib.optionalAttrs stdenv.isLinux {
|
||||
inherit (nixosTests) rke2;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/rancher/rke2";
|
||||
description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.";
|
||||
changelog = "https://github.com/rancher/rke2/releases/tag/v${version}";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ zimbatm zygot ];
|
||||
mainProgram = "rke2";
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -1,79 +1,19 @@
|
|||
{ lib, stdenv, buildGoModule, fetchFromGitHub, makeWrapper, nix-update-script
|
||||
{ lib, callPackage, ... }@args:
|
||||
|
||||
# Runtime dependencies
|
||||
, procps, coreutils, util-linux, ethtool, socat, iptables, bridge-utils, iproute2, kmod, lvm2
|
||||
let
|
||||
common = opts: callPackage (import ./builder.nix lib opts);
|
||||
extraArgs = builtins.removeAttrs args [ "callPackage" ];
|
||||
in
|
||||
{
|
||||
rke2_stable = common ((import ./stable/versions.nix) // {
|
||||
updateScript = [ ./update-script.sh "stable" ];
|
||||
}) extraArgs;
|
||||
|
||||
# Testing dependencies
|
||||
, nixosTests, testers, rke2
|
||||
}:
|
||||
rke2_latest = common ((import ./latest/versions.nix) // {
|
||||
updateScript = [ ./update-script.sh "latest" ];
|
||||
}) extraArgs;
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "rke2";
|
||||
version = "1.29.0+rke2r1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rancher";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-E59GUcbnbvsGZYn87RGNrGTVUsydKsjL+C5h15q74p0=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-Og0CqxNnhRN6PdggneGK05uprZ2D7lux/snXcArIm8Q=";
|
||||
|
||||
postPatch = ''
|
||||
# Patch the build scripts so they work in the Nix build environment.
|
||||
patchShebangs ./scripts
|
||||
|
||||
# Disable the static build as it breaks.
|
||||
sed -e 's/STATIC_FLAGS=.*/STATIC_FLAGS=/g' -i scripts/build-binary
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
# Important utilities used by the kubelet.
|
||||
# See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
|
||||
# Notice the list in that issue is stale, but as a redundancy reservation.
|
||||
buildInputs = [
|
||||
procps # pidof pkill
|
||||
coreutils # uname touch env nice du
|
||||
util-linux # lsblk fsck mkfs nsenter mount umount
|
||||
ethtool # ethtool
|
||||
socat # socat
|
||||
iptables # iptables iptables-restore iptables-save
|
||||
bridge-utils # brctl
|
||||
iproute2 # ip tc
|
||||
kmod # modprobe
|
||||
lvm2 # dmsetup
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
DRONE_TAG="v${version}" ./scripts/build-binary
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -D ./bin/rke2 $out/bin/rke2
|
||||
wrapProgram $out/bin/rke2 \
|
||||
--prefix PATH : ${lib.makeBinPath buildInputs}
|
||||
'';
|
||||
|
||||
passthru.updateScript = nix-update-script { };
|
||||
|
||||
passthru.tests = {
|
||||
version = testers.testVersion {
|
||||
package = rke2;
|
||||
version = "v${version}";
|
||||
};
|
||||
} // lib.optionalAttrs stdenv.isLinux {
|
||||
inherit (nixosTests) rke2;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/rancher/rke2";
|
||||
description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.";
|
||||
changelog = "https://github.com/rancher/rke2/releases/tag/v${version}";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ zimbatm zygot ];
|
||||
mainProgram = "rke2";
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
rke2_testing = common ((import ./testing/versions.nix) // {
|
||||
updateScript = [ ./update-script.sh "testing" ];
|
||||
}) extraArgs;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
rke2Version = "1.30.1+rke2r1";
|
||||
rke2RepoSha256 = "0jrvvpj9fnlbykyr06w1f92ay708xzaizg8dhg1z4bsq1cdgs33k";
|
||||
rke2Commit = "e7f87c6dd56fdd76a7dab58900aeea8946b2c008";
|
||||
rke2VendorHash = "sha256-QqV8mSbqa8A5zABHQoVB2jht/eYCoqTZ/WoAqIl9oZY=";
|
||||
k8sVersion = "v1.30.1";
|
||||
k8sImageTag = "v1.30.1-rke2r1-build20240515";
|
||||
etcdVersion = "v3.5.9-k3s1";
|
||||
pauseVersion = "3.6";
|
||||
ccmVersion = "v1.29.3-build20240412";
|
||||
dockerizedVersion = "v1.30.1-rke2r1";
|
||||
golangVersion = "go1.22.2";
|
||||
eol = "2025-06-28";
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
rke2Version = "1.28.10+rke2r1";
|
||||
rke2RepoSha256 = "1pbanikvrl6rqrplrpvjc9ym8qq1yrs621gwy99shp0prfw5zvsx";
|
||||
rke2Commit = "b0d0d687d98f4fa015e7b30aaf2807b50edcc5d7";
|
||||
rke2VendorHash = "sha256-iidkTSrrHyW5ZEouzHAWUwCC9nplGz1v/E9bM2lMPeM=";
|
||||
k8sVersion = "v1.28.10";
|
||||
k8sImageTag = "v1.28.10-rke2r1-build20240514";
|
||||
etcdVersion = "v3.5.9-k3s1";
|
||||
pauseVersion = "3.6";
|
||||
ccmVersion = "v1.29.3-build20240412";
|
||||
dockerizedVersion = "v1.28.10-rke2r1";
|
||||
golangVersion = "go1.21.9";
|
||||
eol = "2024-10-28";
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
rke2Version = "1.30.1-rc3+rke2r1";
|
||||
rke2RepoSha256 = "0jrvvpj9fnlbykyr06w1f92ay708xzaizg8dhg1z4bsq1cdgs33k";
|
||||
rke2Commit = "e7f87c6dd56fdd76a7dab58900aeea8946b2c008";
|
||||
rke2VendorHash = "sha256-QqV8mSbqa8A5zABHQoVB2jht/eYCoqTZ/WoAqIl9oZY=";
|
||||
k8sVersion = "v1.30.1";
|
||||
k8sImageTag = "v1.30.1-rke2r1-build20240515";
|
||||
etcdVersion = "v3.5.9-k3s1";
|
||||
pauseVersion = "3.6";
|
||||
ccmVersion = "v1.29.3-build20240412";
|
||||
dockerizedVersion = "v1.30.1-rc3-rke2r1";
|
||||
golangVersion = "go1.22.2";
|
||||
eol = "2025-06-28";
|
||||
}
|
86
pkgs/applications/networking/cluster/rke2/update-script.sh
Executable file
86
pkgs/applications/networking/cluster/rke2/update-script.sh
Executable file
|
@ -0,0 +1,86 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl git gnugrep gnused yq-go nix-prefetch
|
||||
|
||||
set -x -eu -o pipefail
|
||||
|
||||
CHANNEL_NAME="${1:?Must provide a release channel, like 'stable', as the only argument}"
|
||||
|
||||
mkdir --parents --verbose ./${CHANNEL_NAME}
|
||||
|
||||
LATEST_TAG_NAME=$(curl --silent --fail https://update.rke2.io/v1-release/channels | \
|
||||
yq eval ".data[] | select(.id == \"${CHANNEL_NAME}\").latest" - | \
|
||||
sort -rV | grep --extended-regexp "^v[0-9]+\.[0-9]+\.[0-9]+" | head -n1)
|
||||
|
||||
RKE2_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//')
|
||||
|
||||
RKE2_REPO_SHA256=$(nix-prefetch-url --quiet --unpack \
|
||||
https://github.com/rancher/rke2/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz)
|
||||
|
||||
RKE2_COMMIT=$(curl --silent --fail ${GITHUB_TOKEN:+-u ":${GITHUB_TOKEN}"} \
|
||||
https://api.github.com/repos/rancher/rke2/git/refs/tags | \
|
||||
yq eval ".[] | select(.ref == \"refs/tags/${LATEST_TAG_NAME}\").object.sha" -)
|
||||
|
||||
VERSIONS_SCRIPT=$(mktemp --suffix ".${RKE2_COMMIT:0:6}.sh")
|
||||
trap "rm --force ${VERSIONS_SCRIPT}" EXIT
|
||||
|
||||
curl --silent --fail --output ${VERSIONS_SCRIPT} \
|
||||
https://raw.githubusercontent.com/rancher/rke2/${RKE2_COMMIT}/scripts/version.sh
|
||||
|
||||
set +eu
|
||||
DRONE_TAG=${LATEST_TAG_NAME} source ${VERSIONS_SCRIPT}
|
||||
set -eu
|
||||
|
||||
KUBERNETES_CYCLES=$(echo ${KUBERNETES_VERSION} | grep -Eo "[0-9]+\.[0-9]+")
|
||||
KUBERNETES_EOL=$(curl --silent --fail \
|
||||
https://endoflife.date/api/kubernetes/${KUBERNETES_CYCLES}.json | \
|
||||
yq eval ".eol" -)
|
||||
|
||||
FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
|
||||
cat > ./${CHANNEL_NAME}/versions.nix << EOF
|
||||
{
|
||||
rke2Version = "${RKE2_VERSION}";
|
||||
rke2RepoSha256 = "${RKE2_REPO_SHA256}";
|
||||
rke2Commit = "${RKE2_COMMIT}";
|
||||
rke2VendorHash = "${FAKE_HASH}";
|
||||
k8sVersion = "${KUBERNETES_VERSION}";
|
||||
k8sImageTag = "${KUBERNETES_IMAGE_TAG}";
|
||||
etcdVersion = "${ETCD_VERSION}";
|
||||
pauseVersion = "${PAUSE_VERSION}";
|
||||
ccmVersion = "${CCM_VERSION}";
|
||||
dockerizedVersion = "${DOCKERIZED_VERSION}";
|
||||
golangVersion = "${VERSION_GOLANG}";
|
||||
eol = "${KUBERNETES_EOL}";
|
||||
}
|
||||
EOF
|
||||
|
||||
NIXPKGS_ROOT=$(git rev-parse --show-toplevel)
|
||||
|
||||
set +e
|
||||
RKE2_VENDOR_HASH=$(nix-prefetch -I nixpkgs=${NIXPKGS_ROOT} \
|
||||
"{ sha256 }: (import ${NIXPKGS_ROOT}/. {}).rke2_${CHANNEL_NAME}.goModules.overrideAttrs (_: { vendorHash = sha256; })")
|
||||
set -e
|
||||
|
||||
if [ -n "${RKE2_VENDOR_HASH:-}" ]; then
|
||||
sed -i "s#${FAKE_HASH}#${RKE2_VENDOR_HASH}#g" ./${CHANNEL_NAME}/versions.nix
|
||||
else
|
||||
echo "Update failed. 'RKE2_VENDOR_HASH' is empty."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Implement commit
|
||||
# See: https://nixos.org/manual/nixpkgs/stable/#var-passthru-updateScript-commit
|
||||
OLD_VERSION=$(nix-instantiate --eval -E \
|
||||
"with import ${NIXPKGS_ROOT}/. {}; rke2.version or (builtins.parseDrvName rke2.name).version" | \
|
||||
tr -d '"')
|
||||
|
||||
cat << EOF
|
||||
[{
|
||||
"attrPath": "rke2_${CHANNEL_NAME}",
|
||||
"oldVersion": "${OLD_VERSION}",
|
||||
"newVersion": "${RKE2_VERSION}",
|
||||
"files": [
|
||||
"${PWD}/${CHANNEL_NAME}/versions.nix"
|
||||
]
|
||||
}]
|
||||
EOF
|
|
@ -34124,7 +34124,15 @@ with pkgs;
|
|||
|
||||
rke = callPackage ../applications/networking/cluster/rke { };
|
||||
|
||||
rke2 = callPackage ../applications/networking/cluster/rke2 { };
|
||||
inherit (callPackage ../applications/networking/cluster/rke2 {
|
||||
buildGoModule = buildGo121Module;
|
||||
go = go_1_21;
|
||||
}) rke2_stable;
|
||||
inherit (callPackage ../applications/networking/cluster/rke2 {
|
||||
buildGoModule = buildGo122Module;
|
||||
go = go_1_22;
|
||||
}) rke2_latest rke2_testing;
|
||||
rke2 = rke2_stable;
|
||||
|
||||
rocketchat-desktop = callPackage ../applications/networking/instant-messengers/rocketchat-desktop { };
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user