diff --git a/Makefile b/Makefile index 620f89989425..fbf2175b2863 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,21 @@ TARGETS := $(shell ls scripts | grep -v \\.sh) GO_FILES ?= $$(find . -name '*.go' | grep -v generated) +GO_VERSION ?= 1.22.6 +USE_DAPPER ?= 1 +UNAME := $(shell uname -m) +SHELL = /bin/bash +WD := $(shell pwd) +export TOOLPATH := $(WD) +export GOROOT := $(TOOLPATH)/bin/go +export PATH := $(TOOLPATH)/bin:$(GOROOT)/bin:$(PATH) +ifeq ($(UNAME),x86_64) + ARCH = amd64 +else + ifeq ($(UNAME),aarch64) + ARCH = arm64 + endif +endif .dapper: @echo Downloading dapper @@ -9,8 +24,47 @@ GO_FILES ?= $$(find . -name '*.go' | grep -v generated) @./.dapper.tmp -v @mv .dapper.tmp .dapper +.nodapper: + $(info Checking essential build tools.) + @if [ ! -d $(WD)/bin ] ; then \ + mkdir $(WD)/bin ; \ + fi + $(info Checking go version for compatibility.) + @if [ ! -d $(GOROOT) ] ; then \ + echo "No go found, fetching compatible version." ; curl -sL https://go.dev/dl/go$(GO_VERSION).linux-$(ARCH).tar.gz | tar -C $$PWD/bin -zxf - ; \ + else \ + case "$$(go version)" in \ + *$(GO_VERSION)* ) echo "Compatible go version found." ;; \ + * ) echo "Go appears to be " $$(go version) ; echo "Incompatible or non-functional go found, fetching compatible version." ; curl -sL https://go.dev/dl/go$(GO_VERSION).linux-$(ARCH).tar.gz | tar -C $$PWD/bin -zxf - ;; \ + esac \ + fi + @if ! type yq 2>/dev/null ; then \ + echo "yq not found, fetching."; \ + curl -sL --output $$PWD/bin/yq https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_$(ARCH) ; \ + chmod +x $$PWD/bin/yq ; \ + fi + +ifeq ($(strip $(USE_DAPPER)),1) $(TARGETS): .dapper ./.dapper $@ +else + +# We call clean ourselves in a separate target and we are reproducing the ci +# call here in our 'build' case. +$(filter-out clean ci, $(TARGETS)): .nodapper + env ; \ + case $@ in \ + build ) ./scripts/download ; ./scripts/validate ; ./scripts/build ;; \ + * ) ./scripts/$@ ;; \ + esac + +ci: build + $(info No additional ci steps required.) + +clean: + ./scripts/clean + +endif .PHONY: deps deps: @@ -42,4 +96,4 @@ format: local: DOCKER_BUILDKIT=1 docker build \ --build-arg="REPO TAG GITHUB_TOKEN GOLANG GOCOVER DEBUG" \ - -t k3s-local -f Dockerfile.local --output=. . \ No newline at end of file + -t k3s-local -f Dockerfile.local --output=. . diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 000000000000..faa7b45a0b63 --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,3 @@ +debhelper-build-stamp +files +k3s* diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 000000000000..13b9b34eca53 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,3 @@ +This package source is managed by quilt. Please refer to +/usr/share/doc/quilt/README.source for details on working +with the quilt patch management system. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000000..02fb83071fe5 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,31 @@ +k3s (1.31.1+k3s1+ind1) UNRELEASED; urgency=medium + + * upgrade k3s + + -- Industrial OS Team Tue, 10 Dec 2024 13:46:00 +0200 + +k3s (1.27.2+k3s1+mel4) UNRELEASED; urgency=medium + + * set HOME in rules to allow successful go builds + + -- Industrial OS Team Fri, 14 Jul 2023 16:06:00 -0400 + +k3s (1.27.2+k3s1+mel3) UNRELEASED; urgency=medium + + * Add git to Build-Depends since debian/source/format requires it + + -- Industrial OS Team Tue, 11 Jul 2023 07:30:00 +0100 + +k3s (1.27.2+k3s1+mel2) UNRELEASED; urgency=medium + + * local package + * Correct service file exec locations + + -- Industrial OS Team Tue, 04 Jul 2023 07:47:19 -0400 + +k3s (1.27.2+k3s1+mel1) UNRELEASED; urgency=medium + + * local package + * Packaging k3s from meta-virtualization for Sokol Linux + + -- Industrial OS Team Thu, 20 Apr 2023 16:14:13 -0400 diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000000..b4de39476753 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000000..eddfbd5d4117 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: k3s +Section: admin +Priority: optional +Maintainer: Mentor Embedded +Build-Depends: debhelper (>= 11), chrpath, cpio, curl, diffstat, docker.io | docker-ce, gawk, libseccomp-dev, lz4, pkg-config, wget, zstd, git +Standards-Version: 4.5.1 +Homepage: https://k3s.io/ +Rules-Requires-Root: no + +Package: k3s +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ca-certificates, conntrack, iproute2, ipset, iptables, libc6 (>= 2.36), runc, libipset13, containerd +Description: Lightweight Kubernetes client binary (k3s) + K3s - Lightweight Kubernetes - is a portable, extensible, open-source + platform for managing containerized workloads and services, that + facilitates both declarative configuration and automation. It has a + large, rapidly growing ecosystem. + . + K3s is fully compliant with Kubernetes distribution that is packaged as a + single binary, providing all dependencies with approximately half the + memory footprint of a full Kubernetes implementation and a binary of + approximately 100MB in size. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000000..2e1444fdbc39 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,24 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: k3s +Upstream-Contact: Derek Nola + +Files: * +Copyright: 2021 K3s Project Authors +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + +Files: debian/* +Copyright: 2024, Siemens diff --git a/debian/k3s-killall b/debian/k3s-killall new file mode 100644 index 000000000000..de89e9758aab --- /dev/null +++ b/debian/k3s-killall @@ -0,0 +1,78 @@ +#!/bin/bash +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +for bin in /var/lib/rancher/k3s/data/**/bin/; do + [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux +done + +set -x + +for service in /etc/systemd/system/k3s*.service; do + [ -s $service ] && systemctl stop $(basename $service) +done + +for service in /etc/init.d/k3s*; do + [ -x $service ] && $service stop +done + +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +pstree() { + for pid in $@; do + echo $pid + for child in $(pschildren $pid); do + pstree $child + done + done +} + +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree $@; + set -x; + ) 2>/dev/null +} + +getshims() { + ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 +} + +killtree $({ set +x; } 2>/dev/null; getshims; set -x) + +do_unmount_and_remove() { + set +x + while read -r _ path _; do + case "$path" in $1*) echo "$path" ;; esac + done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount "$0" && rm -rf "$0"' + set -x +} + +do_unmount_and_remove '/run/k3s' +do_unmount_and_remove '/var/lib/rancher/k3s' +do_unmount_and_remove '/var/lib/kubelet/pods' +do_unmount_and_remove '/var/lib/kubelet/plugins' +do_unmount_and_remove '/run/netns/cni-' + +# Remove CNI namespaces +ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete + +# Delete network interface(s) that match 'master cni0' +ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done +ip link delete cni0 +ip link delete flannel.1 +ip link delete flannel-v6.1 +ip link delete kube-ipvs0 +ip link delete flannel-wg +ip link delete flannel-wg-v6 +rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | iptables-restore +ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | ip6tables-restore diff --git a/debian/k3s.links b/debian/k3s.links new file mode 100644 index 000000000000..3fa20092e1d2 --- /dev/null +++ b/debian/k3s.links @@ -0,0 +1,3 @@ +usr/sbin/k3s usr/sbin/kubectl +usr/sbin/k3s usr/sbin/crictl +usr/sbin/k3s usr/sbin/ctr diff --git a/debian/k3s.lintian-overrides b/debian/k3s.lintian-overrides new file mode 100644 index 000000000000..9618cc6fdfd0 --- /dev/null +++ b/debian/k3s.lintian-overrides @@ -0,0 +1,18 @@ +# The purpose of the k3s package is to provide a static binary. This static +# linking is intentional, since no dynamic link version is possible. +k3s: statically-linked-binary usr/sbin/k3s +# k3s intentionally does not provide manpages for these. +k3s: no-manual-page usr/sbin/containerd +k3s: no-manual-page usr/sbin/crictl +k3s: no-manual-page usr/sbin/ctr +k3s: no-manual-page usr/sbin/k3s +k3s: no-manual-page usr/sbin/k3s-agent +k3s: no-manual-page usr/sbin/k3s-certificate +k3s: no-manual-page usr/sbin/k3s-completion +k3s: no-manual-page usr/sbin/k3s-etcd-snapshot +k3s: no-manual-page usr/sbin/k3s-secrets-encrypt +k3s: no-manual-page usr/sbin/k3s-server +k3s: no-manual-page usr/sbin/k3s-token +k3s: no-manual-page usr/sbin/kubectl +# We want to build without PIE, this is intentional +k3s: hardening-no-pie usr/sbin/k3s diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000000..4b0ccbcdb30c --- /dev/null +++ b/debian/rules @@ -0,0 +1,51 @@ +#!/usr/bin/make -f + +# output every command that modifies files on the build system. +# export DH_VERBOSE = 1 +# make debhelper commands more verbose +# export DH_OPTIONS = -v +export USE_DAPPER ?= 0 +# set HOME since go requires GOCACHE be set and the default ($HOME/.go-cache) +# will cause a build failure with sbuild. Setting $HOME to $(CURDIR) is a +# default solution to this problem for some packages: +# https://lists.debian.org/debian-mentors/2018/08/msg00003.html +export HOME = $(CURDIR) +# DRONE_TAG is used by dapper, which gets the version from the git tag, +# but because dapper is not used in the build process will initialize it +# here based on the git tag +DRONE_TAG=v1.31.1+k3s1 + +%: + dh $@ + +ifeq ($(strip $(USE_DAPPER)),1) +# Dapper builds require this, regular builds don't +override_dh_auto_configure: + mkdir -p build/data + make download + make generate +endif + +override_dh_auto_build: + dh_auto_build -- DRONE_TAG=$(DRONE_TAG) + +override_dh_auto_test: + @echo Skipping tests + +override_dh_auto_install: + mkdir -p debian/k3s/usr/sbin/ + mkdir -p debian/k3s/etc/rancher/k3s/ + mkdir -p debian/k3s/lib/systemd/system/ + install -m 0755 bin/k3s debian/k3s/usr/sbin/ + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/containerd + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/crictl + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/ctr + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-agent + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-certificate + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-completion + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-etcd-snapshot + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-secrets-encrypt + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-server + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-token + ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/kubectl + install -m 0644 k3s.service debian/k3s/lib/systemd/system/ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000000..af745b310bc8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (git) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 000000000000..de00adfd5ee0 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,41 @@ +# dapper is a build environment used by k3s. It isn't necessary to build the +# source but the makefile provided by the project assumes it will be used and +# will download it as part of the preparation step +source-is-missing .dapper +# These are tools used by dapper to build k3s within docker containers +source-is-missing bin/aux/ebtables-legacy +source-is-missing bin/aux/ebtablesd +source-is-missing bin/aux/ebtablesu +source-is-missing bin/aux/xtables-legacy-multi +source-is-missing bin/aux/xtables-nft-multi +source-is-missing bin/blkid +source-is-missing bin/busybox +source-is-missing bin/cni +source-is-missing bin/conntrack +source-is-missing bin/containerd-shim-runc-v2 +source-is-missing bin/coreutils +source-is-missing bin/ethtool +source-is-missing bin/find +source-is-missing bin/fuse-overlayfs +source-is-missing bin/ip +source-is-missing bin/ipset +source-is-missing bin/k3s +source-is-missing bin/losetup +source-is-missing bin/nsenter +source-is-missing bin/pigz +source-is-missing bin/runc +source-is-missing bin/slirp4netns +# this is the output of the full build process, lintian is unable to determine +# this correctly +source-is-missing dist/artifacts/k3s +# the k3s package intentionally provides only a statically linked binary +package-depends-on-hardcoded-libc k3s Depends +package-needs-versioned-debhelper-build-depends 11 +# k3s has no Debian maintainer, this is a vendor packaging +no-nmu-in-changelog +# we are using the git source format +unsupported-source-format +# upstream sources aren't part of the git source format +empty-upstream-sources +# this is the formatting used by the k3s.io project for their releases +malformed-debian-changelog-version 1.31.1+k3s1+mel5 (for non-native) diff --git a/go.mod b/go.mod index 3e922385d27c..e75765b7404a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/k3s-io/k3s -go 1.22.5 +go 1.22.6 replace ( github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.7 diff --git a/k3s-rootless.service b/k3s-rootless.service index 5879e2f8f20e..a4b6e5e28115 100644 --- a/k3s-rootless.service +++ b/k3s-rootless.service @@ -26,7 +26,7 @@ Description=k3s (Rootless) Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation. # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope. -ExecStart=/usr/local/bin/k3s server --rootless --snapshotter=fuse-overlayfs +ExecStart=/usr/sbin/k3s server --rootless --snapshotter=fuse-overlayfs ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 diff --git a/k3s.service b/k3s.service index 70ce10c1aab2..f84fcb2121cb 100644 --- a/k3s.service +++ b/k3s.service @@ -9,8 +9,8 @@ Type=notify EnvironmentFile=-/etc/default/%N EnvironmentFile=-/etc/sysconfig/%N EnvironmentFile=-/etc/systemd/system/k3s.service.env -ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service 2>/dev/null' -ExecStart=/usr/local/bin/k3s server +ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service' +ExecStart=/usr/sbin/k3s server KillMode=process Delegate=yes # Having non-zero Limit*s causes performance problems due to accounting overhead