[BREAKING] v13 - Updates to debian, kubectl, helm, vault, kubeval, yq…

…, python. DEPRECATES helm 2 (#446) * [BREAKING] - Updates to debian, kubectl, helm. DEPRECATES helm 2 * fix alpine * remove bookwork * Fix python install
FairwindsOps · Aug 15, 2023 · b1bfc86 · b1bfc86
1 parent 342a165
commit b1bfc86
Show file tree

Hide file tree

Showing 11 changed files with 35 additions and 63 deletions.
diff --git a/bin/helm-deploy b/bin/helm-deploy
@@ -11,22 +11,6 @@ CI_REF="${CI_TAG}"
 CI_REF="${CI_REF:-$CI_BRANCH}"
 CI_REF=$(echo "${CI_REF}" | tr / _)
 
-detect_helm_2() {
-  # If there is tiller running, then Helm2 is probaby configured. Error and quit.
-  # set DISABLE_HELM_2_DETECTION to skip
-  if [[ ! ${DISABLE_HELM_2_DETECTION} ]]; then
-    mapfile -t TILLERS < <(kubectl get deploy --all-namespaces -l app=helm,name=tiller | awk 'NR > 1 {print $1}')
-    if [ ${#TILLERS[@]} -gt 0 ]; then
-      echo "WARNING: You appear to have helm2 running with a Tiller in your cluster!!!! This is not supported!!!"
-      echo "If you REALLY want to do this, then you can set DISABLE_HELM_2_DETECTION to true in your config file."
-      echo "Doing that is not tested or recommended, so proceed with caution!"
-      echo "Found a tiller in these namespaces:"
-      printf '%s\n' "${TILLERS[@]}"
-      exit 1
-    fi
-  fi
-}
-
 if [ "${HELM_TEMPLATE_ONLY}" != "true" ]; then
   detect_helm_2
   if [[ ! $(kubectl get namespace "$NAMESPACE") ]]; then
@@ -56,11 +40,7 @@ format_multiple_values_files() {
 }
 helm_upgrade() {
   # shellcheck disable=SC2086
-  if [ "$ROK8S_USE_HELM2" == "true" ]; then
-      helmCmd="helm2"
-  else
-      helmCmd="helm"
-  fi
+  helmCmd="helm"
   "$helmCmd" upgrade --install "${CHART_RELEASE_NAME}" \
     "${CHART_PATH}" \
     -f "${CHART_VALUES}" \
@@ -75,10 +55,6 @@ helm_upgrade() {
 }
 
 helm_template() {
-  if [ "$ROK8S_USE_HELM2" ]; then
-      rok8s_echo "Template does not support helm2"
-      exit 1
-  fi
   temp_dir="${ROK8S_TMP}/remote_repo"
   if [ -n "${HELM_REPO_URLS}" ]; then
     helm fetch --untar --untardir "${temp_dir}" "${CHART_PATH}"

diff --git a/bin/install-rok8s-requirements b/bin/install-rok8s-requirements
@@ -32,10 +32,9 @@ else
   PKG_INSTALL="${PKG_MANAGER} install -y"
 fi
 
-AWS_CLI_VERSION="${AWS_CLI_VERSION:-2.11.15}"
-KUBECTL_VERSION="${KUBECTL_VERSION:-v1.24.14}"
-HELM_VERSION="${HELM_VERSION:-v3.12.0}"
-HELM2_VERSION="${HELM2_VERSION:-v2.17.0}"
+AWS_CLI_VERSION="${AWS_CLI_VERSION:-2.13.8}"
+KUBECTL_VERSION="${KUBECTL_VERSION:-v1.25.12}"
+HELM_VERSION="${HELM_VERSION:-v3.12.2}"
 SOPS_VERSION="${SOPS_VERSION:-v3.7.3}"
 
 # make sure sudo is installed
@@ -123,49 +122,34 @@ if ! hash helm 2>/dev/null; then
   rm -rf "${ROK8S_INSTALL_PATH}/helm-tmp"
 fi
 
-# make sure helm2 is installed
-if ! hash helm2 2>/dev/null; then
-  echo Installing helm2...
-  mkdir "${ROK8S_INSTALL_PATH}/helm2-tmp"
-  curl "https://get.helm.sh/helm-${HELM2_VERSION}-linux-amd64.tar.gz" | tar xzvf - -C "${ROK8S_INSTALL_PATH}/helm2-tmp"
-  mv "${ROK8S_INSTALL_PATH}/helm2-tmp/linux-amd64/helm" "${ROK8S_INSTALL_PATH}/helm2"
-  chmod +x "${ROK8S_INSTALL_PATH}/helm2"
-  rm -rf "${ROK8S_INSTALL_PATH}/helm2-tmp"
-fi
-
 # make sure kubeval is installed
 if ! hash kubeval 2>/dev/null; then
   echo Installing kubeval...
   cd "${ROK8S_INSTALL_PATH}"
-  curl -L "https://github.com/garethr/kubeval/releases/download/0.7.3/kubeval-linux-amd64.tar.gz" | tar xzvf -
-  echo "0582bd259fb8045562d3db3bc01ab834d8f210e7  kubeval"  | sha1sum -c -
+  curl -LO "https://github.com/garethr/kubeval/releases/download/v0.16.1/kubeval-linux-amd64.tar.gz"
+  echo "2d6f9bda1423b93787fa05d9e8dfce2fc1190fefbcd9d0936b9635f3f78ba790  kubeval-linux-amd64.tar.gz"  | sha256sum -c -
+  tar -zxvf kubeval-linux-amd64.tar.gz
+  rm kubeval-linux-amd64.tar.gz
   chmod +x "${ROK8S_INSTALL_PATH}/kubeval"
 fi
 
-# make sure aws-iam-authenticator is installed
-if ! hash aws-iam-authenticator 2>/dev/null; then
-  echo Installing aws-iam-authenticator...
-  cd "${ROK8S_INSTALL_PATH}"
-  wget -q "https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.6.2/aws-iam-authenticator_0.6.2_linux_amd64" -O "${ROK8S_INSTALL_PATH}/aws-iam-authenticator"
-  echo "953faf58a5e3653d6355e8f2c35aa4daaafb1c28987708a6c72760f49dc91023  aws-iam-authenticator" | sha256sum -c -
-  chmod +x "${ROK8S_INSTALL_PATH}/aws-iam-authenticator"
-fi
-
 # make sure vault is installed
 if ! hash vault 2>/dev/null; then
   echo Installing vault...
   cd "${ROK8S_INSTALL_PATH}"
-  curl -LO "https://releases.hashicorp.com/vault/1.9.3/vault_1.9.3_linux_amd64.zip"
-  unzip vault_1.9.3_linux_amd64.zip
-  rm vault_1.9.3_linux_amd64.zip
+  curl -LO "https://releases.hashicorp.com/vault/1.14.1/vault_1.14.1_linux_amd64.zip"
+  echo "6031432dfc3de07f6523d206c44fc018aa969d94c8e9125a77340af359f57ea3  vault_1.14.1_linux_amd64.zip" | sha256sum -c -
+  unzip vault_1.14.1_linux_amd64.zip
+  rm vault_1.14.1_linux_amd64.zip
   chmod +x vault
 fi
 
+# install yq
 if ! hash yq 2>/dev/null; then
   echo Installing yq...
   cd "${ROK8S_INSTALL_PATH}"
-  curl -L "https://github.com/mikefarah/yq/releases/download/v4.8.0/yq_linux_amd64.tar.gz" | tar zxvf -
-  echo "1bdbf68deeaf36267ec9ee9d39dded381f12d9d5e86ba352fdbb54cd78a4b068  yq_linux_amd64" | sha256sum -c -
+  curl -L "https://github.com/mikefarah/yq/releases/download/v4.34.2/yq_linux_amd64.tar.gz" | tar zxvf -
+  echo "1952f93323e871700325a70610d2b33bafae5fe68e6eb4aec0621214f39a4c1e  yq_linux_amd64" | sha256sum -c -
   mv yq_linux_amd64 yq
   chmod +x yq
 fi
diff --git a/ci-images/alpine/Dockerfile b/ci-images/alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10-alpine3.18 as builder
+FROM python:3.11-alpine3.18 as builder
 
 ARG AWS_CLI_VERSION=2.11.15
 RUN apk add --no-cache git unzip groff build-base libffi-dev cmake

diff --git a/ci-images/bullseye/Dockerfile b/ci-images/bullseye/Dockerfile
@@ -0,0 +1,12 @@
+FROM circleci/buildpack-deps:bullseye
+
+USER root
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y -qq jq wget python3-pip python3-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY bin /usr/local/bin
+RUN install-rok8s-requirements
diff --git a/docs/ci-images.md b/docs/ci-images.md
@@ -7,7 +7,7 @@ meta:
 
 Each new release of rok8s-scripts generates CI images for common workflows. These images include a set of common CI/CD dependencies, including Docker, Kubernetes, Helm, AWS, and Google Cloud client libraries. Starting with these images as a base for deployment workflows ensures that you don't need to spend any build time installing extra dependencies.
 
-We currently include CI Images based on Alpine and Debian Buster as our recommended starting points. The latest Debian Buster release can be pulled from `quay.io/reactiveops/ci-images:v12.2-buster`. A full list of image tags is available on our [Quay repository](https://quay.io/repository/reactiveops/ci-images).
+We currently include CI Images based on Alpine and Debian Buster as our recommended starting points. The latest Debian Buster release can be pulled from `quay.io/reactiveops/ci-images:v13.0-buster`. A full list of image tags is available on our [Quay repository](https://quay.io/repository/reactiveops/ci-images).
 
 **Deprecation Notice** As of v10 and onward, alpine and stretch will be the only available images.
 

diff --git a/examples/ci/bitbucket-pipelines.yml b/examples/ci/bitbucket-pipelines.yml
@@ -1,4 +1,4 @@
-image: quay.io/reactiveops/ci-images:v12.2-buster
+image: quay.io/reactiveops/ci-images:v13.0-buster
 
 aliases:
   - &initialize-env |

diff --git a/examples/minimal-sops-secrets/README.md b/examples/minimal-sops-secrets/README.md
@@ -19,7 +19,7 @@ we run some of the scripts provided by rok8s-scripts. In particular, we use:
 * `k8s-deploy-and-verify` to deploy our image to Kubernetes and make sure the deployment succeeded
 	* This also calls the `k8s-deploy-secrets` script to decrypt and deploy secrets
 
-We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v12.2-buster`,
+We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v13.0-buster`,
 to ensure rok8s-scripts and its dependencies are available during the build and deploy jobs.
 
 ## Try it out

diff --git a/examples/minimal/README.md b/examples/minimal/README.md
@@ -18,7 +18,7 @@ we run some of the scripts provided by rok8s-scripts. In particular, we use:
 * `prepare-kubectl` to configure the `kubectl` command to be able to deploy resources to our Kubernetes cluster
 * `k8s-deploy-and-verify` to deploy our image to Kubernetes and make sure the deployment succeeded
 
-We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v12.2-buster`,
+We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v13.0-buster`,
 to ensure rok8s-scripts and its dependencies are available during the build and deploy jobs.
 
 ## Try it out

diff --git a/orb/executors/ci-images.yml b/orb/executors/ci-images.yml
@@ -1,6 +1,6 @@
 parameters:
   version:
     type: string
-    default: "v12.2-buster"
+    default: "v13.0-bullseye"
 docker:
   - image: quay.io/reactiveops/ci-images:<<parameters.version>>
diff --git a/orb/executors/default.yml b/orb/executors/default.yml
@@ -1,6 +1,6 @@
 parameters:
   version:
     type: string
-    default: "v12.2-buster"
+    default: "v13.0-bullseye"
 docker:
   - image: quay.io/reactiveops/ci-images:<<parameters.version>>
diff --git a/orb/jobs/kubernetes_e2e_tests.yml b/orb/jobs/kubernetes_e2e_tests.yml
@@ -50,7 +50,7 @@ parameters:
   command_runner_image:
     description: "The image to execute commands from against the kind cluster. Also where the script gets executed."
     type: string
-    default: "quay.io/reactiveops/ci-images:v12.2-alpine"
+    default: "quay.io/reactiveops/ci-images:v13.0-alpine"
   pre_script:
     description: "Script to run on the local machine before running script on command runner."
     type: string