-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade-kind-images Issue #226
Comments
looks like curl -fsSL "https://api.github.com/repos/kubernetes-sigs/kind/releases/tags/v0.25.0" | jq '
[ .body | capture("- v?1\\.(?<minor>[0-9]+)(.(?<patch>[0-9]+))?: `kindest/node:v(?<version>[^@]+)@sha256:(?<sha256>[^`]+)`\r"; "g") ]
| group_by(.minor) | map(max_by(.patch))
| sort_by(.minor)' returns [
# ...
{
"minor": "32",
"patch": "0",
"version": "1.32.0",
"sha256": "2458b423d635d7b01637cac2d6de7e1c1dca1148a2ba2e90975e214ca849e7cb"
}
] I would let the Kind maintainers know that the list of checksums listed in https://github.com/kubernetes-sigs/kind/releases/tag/v0.25.0 needs updating Alternatively, if we see this problem again and again, we could fetch the checksums ourselves instead of relying on the GitHub release's markdown contents? Maybe something like: curl -fsSL "https://api.github.com/repos/kubernetes-sigs/kind/releases/tags/v0.25.0" | jq '
[ .body | capture("- v?1\\.(?<minor>[0-9]+)(.(?<patch>[0-9]+))?: `kindest/node:v(?<version>[^@]+)@.*`\r"; "g") ]
| group_by(.minor) | map(max_by(.patch))
| sort_by(.minor) | .[]' --compact-output \
| while read -r line; do
version=$(jq <<<"$line" -r '.version')
sha256=$(crane manifest docker.io/kindest/node:v$version | sha256sum \
| tee /dev/stderr \
| awk '{print $1}')
jq <<<"$line" ".sha256 = \"$sha256\""
done |
Thanks for looking into it! I guess we're kinda in trouble here then. This has propagated to our projects and broken CI already. We probably need to manually override in makefile-modules here
We can't do this unfortunately - Kind documents that the only supported way to get the checksums is from the release notes. |
ah, yes:
makes sense, let's |
After manually overriding this, we could have a fix in makefile-modules/modules/kind/kind-image-preload.mk Lines 35 to 46 in 8efc8e4
Why are we doing this? Especially since Kind regularly overrides its tags |
The kind image for k8s 1.32.0 has an incorrect SHASUM for arm64 currently.
This was found in trust-manager, which is using this PR's kind images: cert-manager/trust-manager#509
Specifically, this file.
The main bug is that running
make upgrade-kind-images
on the latest commit (8efc8e4) of the makefile-modules repo does not fix this issue - it produces no changes.The text was updated successfully, but these errors were encountered: