From 5be5b1815458110250746f5e5c518b6dfea11633 Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Wed, 30 Oct 2024 02:25:35 +0000 Subject: [PATCH 1/7] wip Signed-off-by: zhangzujian --- pkg/controller/vpc_nat_gateway.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go index 02f0f3f940e..3bf30e8cf04 100644 --- a/pkg/controller/vpc_nat_gateway.go +++ b/pkg/controller/vpc_nat_gateway.go @@ -759,7 +759,7 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 } // Add an interface that can reach the API server, we need access to it to probe Kube-OVN resources - if gw.Spec.BgpSpeaker.Enabled { + if gw.Spec.BgpSpeaker.Enabled && gw.Spec.Vpc != c.config.ClusterRouter { if err := c.setNatGwAPIAccess(podAnnotations, externalNetworkNad); err != nil { klog.Error(err) return nil, err @@ -847,7 +847,7 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 Labels: labels, }, Spec: v1.StatefulSetSpec{ - Replicas: ptr.To(int32(1)), + Replicas: ptr.To(int32(2)), Selector: &metav1.LabelSelector{ MatchLabels: labels, }, From 98af44bb28253b9e657f4538d395ce157e3813e0 Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Wed, 30 Oct 2024 02:53:51 +0000 Subject: [PATCH 2/7] wip Signed-off-by: zhangzujian --- charts/kube-ovn/templates/kube-ovn-crd.yaml | 11 +++++++ dist/images/install.sh | 11 +++++++ pkg/apis/kubeovn/v1/types.go | 8 ++++++ pkg/controller/service_lb.go | 6 ++-- pkg/controller/vpc_nat_gateway.go | 32 ++++++++++++++++++++- pkg/daemon/ovs_linux.go | 8 +++--- 6 files changed, 68 insertions(+), 8 deletions(-) diff --git a/charts/kube-ovn/templates/kube-ovn-crd.yaml b/charts/kube-ovn/templates/kube-ovn-crd.yaml index 1c858734813..ad8883b0bec 100644 --- a/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ b/charts/kube-ovn/templates/kube-ovn-crd.yaml @@ -528,6 +528,17 @@ spec: type: array items: type: string + bfd: + type: object + properties: + enabled: + type: boolean + minRX: + type: integer + minTX: + type: integer + multiplier: + type: integer tolerations: type: array items: diff --git a/dist/images/install.sh b/dist/images/install.sh index b4683bb793b..e2273bb22d5 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -775,6 +775,17 @@ spec: type: array items: type: string + bfd: + type: object + properties: + enabled: + type: boolean + minRX: + type: integer + minTX: + type: integer + multiplier: + type: integer tolerations: type: array items: diff --git a/pkg/apis/kubeovn/v1/types.go b/pkg/apis/kubeovn/v1/types.go index 19badbfe2f1..d2fa63689e0 100644 --- a/pkg/apis/kubeovn/v1/types.go +++ b/pkg/apis/kubeovn/v1/types.go @@ -529,6 +529,7 @@ type VpcNatSpec struct { Affinity corev1.Affinity `json:"affinity"` QoSPolicy string `json:"qosPolicy"` BgpSpeaker VpcBgpSpeaker `json:"bgpSpeaker"` + BFD VpcBFD `json:"bfd"` } type VpcBgpSpeaker struct { @@ -543,6 +544,13 @@ type VpcBgpSpeaker struct { ExtraArgs []string `json:"extraArgs"` } +type VpcBFD struct { + Enabled bool `json:"enabled"` + MinRX uint32 `json:"minRX"` + MinTX uint32 `json:"minTX"` + Multiplier uint32 `json:"multiplier"` +} + type VpcNatStatus struct { QoSPolicy string `json:"qosPolicy" patchStrategy:"merge"` ExternalSubnets []string `json:"externalSubnets" patchStrategy:"merge"` diff --git a/pkg/controller/service_lb.go b/pkg/controller/service_lb.go index 420c010ed2d..d686dcd03e9 100644 --- a/pkg/controller/service_lb.go +++ b/pkg/controller/service_lb.go @@ -195,9 +195,9 @@ func (c *Controller) getLbSvcPod(svcName, svcNamespace string) (*corev1.Pod, err case len(pods) == 0: time.Sleep(2 * time.Second) return nil, fmt.Errorf("pod of deployment %s/%s not found", svcNamespace, genLbSvcDpName(svcName)) - case len(pods) != 1: - time.Sleep(2 * time.Second) - return nil, errors.New("too many pods") + // case len(pods) != 1: + // time.Sleep(2 * time.Second) + // return nil, errors.New("too many pods") case pods[0].Status.Phase != corev1.PodRunning: time.Sleep(2 * time.Second) return nil, fmt.Errorf("pod %s/%s is not running", pods[0].Namespace, pods[0].Name) diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go index 3bf30e8cf04..51386bfc855 100644 --- a/pkg/controller/vpc_nat_gateway.go +++ b/pkg/controller/vpc_nat_gateway.go @@ -755,7 +755,11 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 util.VpcNatGatewayAnnotation: gw.Name, util.AttachmentNetworkAnnotation: fmt.Sprintf("%s/%s", c.config.PodNamespace, externalNetworkNad), util.LogicalSwitchAnnotation: gw.Spec.Subnet, - util.IPAddressAnnotation: gw.Spec.LanIP, + } + if strings.ContainsAny(gw.Spec.LanIP, ",;") { + podAnnotations[util.IPPoolAnnotation] = gw.Spec.LanIP + } else { + podAnnotations[util.IPAddressAnnotation] = gw.Spec.LanIP } // Add an interface that can reach the API server, we need access to it to probe Kube-OVN resources @@ -768,6 +772,9 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 for key, value := range podAnnotations { annotations[key] = value + if key == util.IPPoolAnnotation { + delete(annotations, util.IPAddressAnnotation) + } } subnets, err := c.subnetsLister.List(labels.Everything()) @@ -982,6 +989,29 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 sts.Spec.Template.Spec.Containers = append(containers, speakerContainer) } + if gw.Spec.BFD.Enabled { + sts.Spec.Template.Spec.Containers = append(sts.Spec.Template.Spec.Containers, corev1.Container{ + Name: "bfd", + Image: "docker.io/kubeovn/kube-ovn:dev", + ImagePullPolicy: corev1.PullIfNotPresent, + Command: []string{ + "sh", "-xc", + "bfdd-beacon", "--listen=${POD_IP}", + }, + Env: []corev1.EnvVar{ + { + Name: "POD_IP", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "status.podIP", + }, + }, + }, + }, + // TODO: add liveness/readiness probes + }) + } + return sts, nil } diff --git a/pkg/daemon/ovs_linux.go b/pkg/daemon/ovs_linux.go index a228c396c74..1868e248408 100644 --- a/pkg/daemon/ovs_linux.go +++ b/pkg/daemon/ovs_linux.go @@ -735,7 +735,7 @@ func (c *Controller) checkNodeGwNicInNs(nodeExtIP, ip, gw string, gwNS ns.NetNS) return ns.WithNetNSPath(gwNS.Path(), func(_ ns.NetNS) error { err = waitNetworkReady(util.NodeGwNic, ip, gw, true, true, 3, nil) if err == nil { - if output, err := exec.Command("sh", "-c", "bfdd-control status").CombinedOutput(); err != nil { + if output, err := exec.Command("bfdd-control", "status").CombinedOutput(); err != nil { err := fmt.Errorf("failed to get bfdd status, %w, %s", err, output) klog.Error(err) return err @@ -743,7 +743,7 @@ func (c *Controller) checkNodeGwNicInNs(nodeExtIP, ip, gw string, gwNS ns.NetNS) for _, eip := range ovnEips { if eip.Status.Ready { // #nosec G204 - cmd := exec.Command("sh", "-c", fmt.Sprintf("bfdd-control status remote %s local %s", eip.Spec.V4Ip, nodeExtIP)) + cmd := exec.Command("bfdd-control", "status", "remote", eip.Spec.V4Ip, "local", nodeExtIP) var outb bytes.Buffer cmd.Stdout = &outb if err := cmd.Run(); err == nil { @@ -751,7 +751,7 @@ func (c *Controller) checkNodeGwNicInNs(nodeExtIP, ip, gw string, gwNS ns.NetNS) klog.V(3).Info(out) if strings.Contains(out, "No session") { // not exist - cmd = exec.Command("sh", "-c", fmt.Sprintf("bfdd-control allow %s", eip.Spec.V4Ip)) // #nosec G204 + cmd = exec.Command("bfdd-control", "allow", eip.Spec.V4Ip) // #nosec G204 if err := cmd.Run(); err != nil { err := fmt.Errorf("failed to add lrp %s ip %s into bfd listening list, %w", eip.Name, eip.Status.V4Ip, err) klog.Error(err) @@ -852,7 +852,7 @@ func configureNodeGwNic(portName, ip, gw string, macAddr net.HardwareAddr, mtu i if err != nil { return fmt.Errorf("failed to configure gateway: %w", err) } - cmd := exec.Command("sh", "-c", "bfdd-beacon --listen=0.0.0.0") + cmd := exec.Command("bfdd-beacon", "--listen=0.0.0.0") if err := cmd.Run(); err != nil { err := fmt.Errorf("failed to get start bfd listen, %w", err) klog.Error(err) From 9bc5717ceefb05b3c478b167e0b1b8c4784010a1 Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Wed, 30 Oct 2024 07:20:30 +0000 Subject: [PATCH 3/7] wip Signed-off-by: zhangzujian --- pkg/controller/vpc_nat_gateway.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go index 51386bfc855..bb744f81564 100644 --- a/pkg/controller/vpc_nat_gateway.go +++ b/pkg/controller/vpc_nat_gateway.go @@ -994,10 +994,7 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 Name: "bfd", Image: "docker.io/kubeovn/kube-ovn:dev", ImagePullPolicy: corev1.PullIfNotPresent, - Command: []string{ - "sh", "-xc", - "bfdd-beacon", "--listen=${POD_IP}", - }, + Command: []string{"sh", "-xc", "bfdd-beacon --nofork --listen=${POD_IP} --tee"}, Env: []corev1.EnvVar{ { Name: "POD_IP", @@ -1008,10 +1005,12 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1 }, }, }, - // TODO: add liveness/readiness probes + // TODO: add liveness/readiness probes by executing bfdd-control version/status }) } + // kubectl ko nbctl create bfd logical_port=lrp1 dst_ip=10.16.0.6 min_tx=100 min_rx=100 detect_mult=3 + return sts, nil } @@ -1040,9 +1039,9 @@ func (c *Controller) getNatGwPod(name string) (*corev1.Pod, error) { return nil, err case len(pods) == 0: return nil, k8serrors.NewNotFound(v1.Resource("pod"), name) - case len(pods) != 1: - time.Sleep(5 * time.Second) - return nil, errors.New("too many pod") + // case len(pods) != 1: + // time.Sleep(5 * time.Second) + // return nil, errors.New("too many pod") case pods[0].Status.Phase != corev1.PodRunning: time.Sleep(5 * time.Second) return nil, errors.New("pod is not active now") From eaa7a18d2427f092e19061078ece64ef100268ec Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Wed, 30 Oct 2024 07:20:59 +0000 Subject: [PATCH 4/7] wip Signed-off-by: zhangzujian --- dist/images/Dockerfile.base | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 64b28d142a0..968054a1e23 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -59,7 +59,8 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o # northd: skip arp/nd request for lrp addresses from localnet ports curl -s https://github.com/kubeovn/ovn/commit/cf6ba220851ae13de76473b6569097bb70ec76d8.patch | git apply && \ # ovn-controller: make activation strategy work for single chassis - curl -s https://github.com/kubeovn/ovn/commit/487cd1c6c0cc9def7cedaaaf3dd4bc99c23974c4.patch | git apply + curl -s https://github.com/kubeovn/ovn/commit/487cd1c6c0cc9def7cedaaaf3dd4bc99c23974c4.patch | git apply && \ + curl -s https://github.com/kubeovn/ovn/commit/452dee23139dd2bcf3961e9e0648d4870d313524.patch | git apply RUN apt install -y build-essential fakeroot \ autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \ From 3096877f93ae18b0773196c695c92d267696b8ca Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Wed, 30 Oct 2024 07:33:22 +0000 Subject: [PATCH 5/7] fix patch Signed-off-by: zhangzujian --- dist/images/Dockerfile.base | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 968054a1e23..24e2524db03 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -60,7 +60,7 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o curl -s https://github.com/kubeovn/ovn/commit/cf6ba220851ae13de76473b6569097bb70ec76d8.patch | git apply && \ # ovn-controller: make activation strategy work for single chassis curl -s https://github.com/kubeovn/ovn/commit/487cd1c6c0cc9def7cedaaaf3dd4bc99c23974c4.patch | git apply && \ - curl -s https://github.com/kubeovn/ovn/commit/452dee23139dd2bcf3961e9e0648d4870d313524.patch | git apply + curl -s https://github.com/kubeovn/ovn/commit/2f3d9e32bf5677cdb72225f743177305b8b5b4bf.patch | git apply RUN apt install -y build-essential fakeroot \ autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \ From 3c2a23d442b05fb5b2184c45ffdc4f229642d269 Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Thu, 31 Oct 2024 01:28:39 +0000 Subject: [PATCH 6/7] wip Signed-off-by: zhangzujian --- Makefile | 4 +-- dist/images/Dockerfile | 2 +- dist/images/Dockerfile.base | 45 ++++++++++++++++--------- dist/images/go-deps/download-go-deps.sh | 43 ++++++++++++----------- 4 files changed, 56 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index ab704293d4a..a38a927b677 100644 --- a/Makefile +++ b/Makefile @@ -154,8 +154,8 @@ build-debug: .PHONY: base-amd64 base-amd64: docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 --build-arg GO_VERSION --build-arg TRIVY_DB_REPOSITORY -t $(REGISTRY)/kube-ovn-base:$(RELEASE_TAG)-amd64 -o type=docker -f dist/images/Dockerfile.base dist/images/ - docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 --build-arg GO_VERSION --build-arg TRIVY_DB_REPOSITORY --build-arg LEGACY=true -t $(REGISTRY)/kube-ovn-base:$(LEGACY_TAG) -o type=docker -f dist/images/Dockerfile.base dist/images/ - docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 --build-arg GO_VERSION --build-arg TRIVY_DB_REPOSITORY --build-arg DEBUG=true -t $(REGISTRY)/kube-ovn-base:$(DEBUG_TAG)-amd64 -o type=docker -f dist/images/Dockerfile.base dist/images/ + # docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 --build-arg GO_VERSION --build-arg TRIVY_DB_REPOSITORY --build-arg LEGACY=true -t $(REGISTRY)/kube-ovn-base:$(LEGACY_TAG) -o type=docker -f dist/images/Dockerfile.base dist/images/ + # docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 --build-arg GO_VERSION --build-arg TRIVY_DB_REPOSITORY --build-arg DEBUG=true -t $(REGISTRY)/kube-ovn-base:$(DEBUG_TAG)-amd64 -o type=docker -f dist/images/Dockerfile.base dist/images/ .PHONY: base-amd64-dpdk base-amd64-dpdk: diff --git a/dist/images/Dockerfile b/dist/images/Dockerfile index 5e39f82d8a3..43cd5fd74a8 100644 --- a/dist/images/Dockerfile +++ b/dist/images/Dockerfile @@ -1,6 +1,6 @@ # syntax = docker/dockerfile:experimental ARG VERSION -ARG BASE_TAG=$VERSION +ARG BASE_TAG=$VERSION-amd64 FROM kubeovn/kube-ovn-base:$BASE_TAG AS setcap COPY *.sh /kube-ovn/ diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 24e2524db03..6c3c05ac1e8 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -10,6 +10,15 @@ ENV SRC_DIR='/usr/src' RUN apt update && apt install -y git curl +ARG http_proxy=http://192.168.73.1:8889 + +RUN apt install -y build-essential fakeroot \ + autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \ + graphviz iproute2 libcap-ng-dev libdbus-1-dev libnuma-dev libpcap-dev libssl-dev libtool libunbound-dev \ + openssl pkg-config procps python3-all-dev python3-setuptools python3-sortedcontainers python3-sphinx + +ARG https_proxy=http://192.168.73.1:8889 + RUN cd /usr/src/ && \ git clone -b branch-3.3 --depth=1 https://github.com/openvswitch/ovs.git && \ cd ovs && \ @@ -34,6 +43,14 @@ RUN cd /usr/src/ && \ # increase the default probe interval for large cluster curl -s https://github.com/kubeovn/ovs/commit/7e894a0bda966e746f81b2ebe262a62cd91bf269.patch | git apply +RUN cd /usr/src/ovs && \ + ./boot.sh && \ + ./configure && \ + rm -rf .git && \ + CONFIGURE_OPTS='CFLAGS="-fPIC"' && \ + if [ "$ARCH" = "amd64" ] && [ "$LEGACY" != "true" ]; then CONFIGURE_OPTS='CFLAGS="-O2 -g -msse4.2 -mpopcnt -fPIC"'; fi && \ + DATAPATH_CONFIGURE_OPTS='--prefix=/usr' EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS make debian-deb + RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-org/ovn.git && \ cd ovn && \ # change hash type from dp_hash to hash with field src_ip @@ -59,21 +76,11 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o # northd: skip arp/nd request for lrp addresses from localnet ports curl -s https://github.com/kubeovn/ovn/commit/cf6ba220851ae13de76473b6569097bb70ec76d8.patch | git apply && \ # ovn-controller: make activation strategy work for single chassis - curl -s https://github.com/kubeovn/ovn/commit/487cd1c6c0cc9def7cedaaaf3dd4bc99c23974c4.patch | git apply && \ - curl -s https://github.com/kubeovn/ovn/commit/2f3d9e32bf5677cdb72225f743177305b8b5b4bf.patch | git apply - -RUN apt install -y build-essential fakeroot \ - autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \ - graphviz iproute2 libcap-ng-dev libdbus-1-dev libnuma-dev libpcap-dev libssl-dev libtool libunbound-dev \ - openssl pkg-config procps python3-all-dev python3-setuptools python3-sortedcontainers python3-sphinx - -RUN cd /usr/src/ovs && \ - ./boot.sh && \ - ./configure && \ - rm -rf .git && \ - CONFIGURE_OPTS='CFLAGS="-fPIC"' && \ - if [ "$ARCH" = "amd64" ] && [ "$LEGACY" != "true" ]; then CONFIGURE_OPTS='CFLAGS="-O2 -g -msse4.2 -mpopcnt -fPIC"'; fi && \ - DATAPATH_CONFIGURE_OPTS='--prefix=/usr' EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS make debian-deb + curl -s https://github.com/kubeovn/ovn/commit/487cd1c6c0cc9def7cedaaaf3dd4bc99c23974c4.patch | git apply + +RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/399a153572f19d2fb05de0b5f72bf8256bede7d4.patch | git apply +RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/8f41f3fe9cb7e01d9b8866b36487a6f7d94bfc1e.patch | git apply +RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/83577448203692834fce764af7e5887edc4e75a3.patch | git apply RUN cd /usr/src/ovn && \ sed -i 's/OVN/ovn/g' debian/changelog && \ @@ -95,14 +102,20 @@ ARG ARCH ENV CNI_VERSION="v1.6.0" ENV KUBE_VERSION="v1.31.2" ENV GOBGP_VERSION="3.30.0" + ENV TRIVY_DB_REPOSITORY="public.ecr.aws/aquasecurity/trivy-db:2" +ARG https_proxy=http://192.168.73.1:8889 + RUN apk --no-cache add curl jq + ADD go-deps/download-go-deps.sh / RUN sh -x /download-go-deps.sh FROM golang:$GO_VERSION-alpine AS go-deps +ARG https_proxy=http://192.168.73.1:8889 + RUN apk --no-cache add bash curl jq ADD go-deps/rebuild-go-deps.sh / RUN --mount=type=bind,target=/trivy,from=trivy,source=/godeps \ @@ -140,6 +153,8 @@ RUN mkdir -p /var/run/openvswitch && \ mkdir -p /etc/cni/net.d && \ mkdir -p /opt/cni/bin +ARG https_proxy=http://192.168.73.1:8889 + ARG DUMB_INIT_VERSION="1.2.5" RUN curl -sSf -L --retry 5 -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_$(arch) && \ chmod +x /usr/bin/dumb-init diff --git a/dist/images/go-deps/download-go-deps.sh b/dist/images/go-deps/download-go-deps.sh index a841e2362c8..406bfda8f8e 100644 --- a/dist/images/go-deps/download-go-deps.sh +++ b/dist/images/go-deps/download-go-deps.sh @@ -23,30 +23,33 @@ curl -sSf -L --retry 5 https://github.com/osrg/gobgp/releases/download/v${GOBGP_ ls -lh "$DEPS_DIR" -trivy rootfs --ignore-unfixed --scanners vuln --pkg-types library -f json --output trivy.json "$DEPS_DIR" +# unset https_proxy +# unset TRIVY_DB_REPOSITORY -cat trivy.json +# trivy rootfs --ignore-unfixed --scanners vuln --pkg-types library -f json --output trivy.json "$DEPS_DIR" + +# cat trivy.json TARGETS_FILE="$DEPS_DIR/trivy-targets.txt" : > "$TARGETS_FILE" -jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy.json | while read f; do - name=$(basename $f) - case $name in - loopback|macvlan|portmap) - echo "$name@$CNI_PLUGINS_VERSION" >> "$TARGETS_FILE" - ;; - kubectl) - echo "$name@$KUBECTL_VERSION" >> "$TARGETS_FILE" - ;; - gobgp) - echo "$name@v$GOBGP_VERSION" >> "$TARGETS_FILE" - ;; - *) - echo "Unknown go binary: $f" - exit 1 - ;; - esac -done +# jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy.json | while read f; do +# name=$(basename $f) +# case $name in +# loopback|macvlan|portmap) +# echo "$name@$CNI_PLUGINS_VERSION" >> "$TARGETS_FILE" +# ;; +# kubectl) +# echo "$name@$KUBECTL_VERSION" >> "$TARGETS_FILE" +# ;; +# gobgp) +# echo "$name@v$GOBGP_VERSION" >> "$TARGETS_FILE" +# ;; +# *) +# echo "Unknown go binary: $f" +# exit 1 +# ;; +# esac +# done cat "$TARGETS_FILE" From 1253ffa8274d5fabba75978261bc3f6ad2b20a83 Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Thu, 31 Oct 2024 01:42:19 +0000 Subject: [PATCH 7/7] wip Signed-off-by: zhangzujian --- dist/images/Dockerfile.base | 1 + 1 file changed, 1 insertion(+) diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 6c3c05ac1e8..be686997d7e 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -81,6 +81,7 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/399a153572f19d2fb05de0b5f72bf8256bede7d4.patch | git apply RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/8f41f3fe9cb7e01d9b8866b36487a6f7d94bfc1e.patch | git apply RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/83577448203692834fce764af7e5887edc4e75a3.patch | git apply +RUN cd /usr/src/ovn && curl -s https://github.com/kubeovn/ovn/commit/4a29dd2bf8f276d656887c2c55f141c9e41fab78.patch | git apply RUN cd /usr/src/ovn && \ sed -i 's/OVN/ovn/g' debian/changelog && \