diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 10938cc..0000000
--- a/.drone.yml
+++ /dev/null
@@ -1,156 +0,0 @@
----
-kind: pipeline
-name: default-linux-amd64
-
-platform:
- os: linux
- arch: amd64
-
-steps:
-- name: prepare-amd64-binaries
- image: ubuntu:20.04
- commands:
- - apt-get -y update && apt-get -y install make curl tar
- - make scripts/iptables-wrapper-installer.sh
- when:
- event:
- - push
- - pull_request
- - tag
-
-- name: docker-publish-head
- image: plugins/docker
- settings:
- build_args:
- - ARCH=amd64
- - VERSION=${DRONE_BRANCH/release\//}-${DRONE_BUILD_NUMBER}-head
- custom_dns: 1.1.1.1
- dockerfile: Dockerfile
- tag: ${DRONE_BRANCH/release\//}-head-linux-amd64
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- repo: rancher/hyperkube-base
- when:
- ref:
- include:
- - "refs/heads/master"
- - "refs/heads/release/v*"
- event:
- - push
-
-- name: docker-publish
- image: plugins/docker
- settings:
- build_args:
- - ARCH=amd64
- - "VERSION=${DRONE_TAG}"
- custom_dns: 1.1.1.1
- dockerfile: Dockerfile
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- repo: rancher/hyperkube-base
- tag: "${DRONE_TAG}-linux-amd64"
- when:
- event:
- - tag
-
----
-kind: pipeline
-name: default-linux-arm64
-
-platform:
- os: linux
- arch: arm64
-
-steps:
-- name: prepare-arm64-binaries
- image: ubuntu:20.04
- commands:
- - apt-get -y update && apt-get -y install make curl tar
- - make ARCH=arm64 scripts/iptables-wrapper-installer.sh
- when:
- event:
- - push
- - pull_request
- - tag
-
-- name: docker-publish-head
- image: plugins/docker
- settings:
- build_args:
- - ARCH=arm64
- - VERSION=${DRONE_BRANCH/release\//}-${DRONE_BUILD_NUMBER}-head
- custom_dns: 1.1.1.1
- dockerfile: Dockerfile
- tag: ${DRONE_BRANCH/release\//}-head-linux-arm64
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- repo: rancher/hyperkube-base
- when:
- ref:
- include:
- - "refs/heads/master"
- - "refs/heads/release/v*"
- event:
- - push
-
-- name: docker-publish
- image: plugins/docker
- settings:
- build_args:
- - ARCH=arm64
- - "VERSION=${DRONE_TAG}"
- custom_dns: 1.1.1.1
- dockerfile: Dockerfile
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- repo: rancher/hyperkube-base
- tag: "${DRONE_TAG}-linux-arm64"
- when:
- event:
- - tag
-
----
-kind: pipeline
-name: manifest
-
-steps:
-- name: push-head-manifest
- image: plugins/manifest
- settings:
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- spec: manifest.tmpl
- when:
- ref:
- include:
- - "refs/heads/master"
- - "refs/heads/release/v*"
- event:
- - push
-
-- name: push-manifest
- image: plugins/manifest
- settings:
- username:
- from_secret: docker_username
- password:
- from_secret: docker_password
- spec: manifest.tmpl
- when:
- event:
- - tag
-
-depends_on:
-- default-linux-amd64
-- default-linux-arm64
diff --git a/.github/workflows/ci-on-pr.yaml b/.github/workflows/ci-on-pr.yaml
new file mode 100644
index 0000000..85fe193
--- /dev/null
+++ b/.github/workflows/ci-on-pr.yaml
@@ -0,0 +1,51 @@
+name: CI on Push and Pull Request
+
+on:
+ pull_request:
+ branches:
+ - master
+ push:
+ branches:
+ - master
+
+env:
+ IMAGE: rancher/hyperkube-base
+
+jobs:
+ test-prepare-binaries:
+ permissions:
+ contents: read
+ strategy:
+ matrix:
+ os: [linux]
+ arch: [ amd64, arm64 ]
+ runs-on: org-${{ github.repository_owner_id }}-${{ matrix.arch }}-k8s
+ container: ubuntu:22.04
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Prepare binaries
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y make
+ make ARCH=${{ matrix.arch }} scripts/iptables-wrapper-installer.sh
+
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ${{ env.IMAGE }}
+ flavor: |
+ latest=false
+
+ - name: Test build Docker image
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ push: false
+ tags: "${{ steps.meta.outputs.tags }}"
+ platforms: "${{ matrix.os }}/${{ matrix.arch }}"
+ labels: "${{ steps.meta.outputs.labels }}"
+ build-args: |
+ ARCH="${{ matrix.arch }}"
diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
new file mode 100644
index 0000000..5432a4c
--- /dev/null
+++ b/.github/workflows/fossa.yaml
@@ -0,0 +1,30 @@
+name: Run Fossa Scan
+
+on:
+ push:
+ branches:
+ - "master"
+ # For manual scans.
+ workflow_dispatch:
+
+jobs:
+ fossa:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ id-token: write # needed for the Vault authentication
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Read FOSSA token
+ uses: rancher-eio/read-vault-secrets@main
+ with:
+ secrets: |
+ secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+
+ - name: FOSSA scan
+ uses: fossas/fossa-action@main
+ with:
+ api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+ run-tests: false
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..f6cf9c4
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,132 @@
+name: Release
+
+on:
+ push:
+ tags:
+ - '*'
+
+env:
+ IMAGE: rancher/hyperkube-base
+
+jobs:
+ build-push-images:
+ permissions:
+ contents: read
+ id-token: write # needed for the Vault authentication
+ strategy:
+ fail-fast: true
+ matrix:
+ os: [linux]
+ arch: [amd64, arm64]
+ runs-on: org-${{ github.repository_owner_id }}-${{ matrix.arch }}-k8s
+ container: ubuntu:22.04
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Prepare binaries
+ run: |
+ make ARCH=${{ matrix.arch }} scripts/iptables-wrapper-installer.sh
+
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ${{ env.IMAGE }}
+ flavor: |
+ latest=false
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v3
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Load Secrets from Vault
+ uses: rancher-eio/read-vault-secrets@main
+ with:
+ secrets: |
+ secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+ secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ env.DOCKER_USERNAME }}
+ password: ${{ env.DOCKER_PASSWORD }}
+
+ - name: Build and push Docker image
+ id: build
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ push: true
+ tags: "${{ steps.meta.outputs.tags }}"
+ platforms: "${{ matrix.os }}/${{ matrix.arch }}"
+ labels: "${{ steps.meta.outputs.labels }}"
+ build-args: |
+ ARCH="${{ matrix.arch }}"
+
+ - name: Export digest
+ run: |
+ mkdir -p /tmp/digests
+ digest="${{ steps.build.outputs.digest }}"
+ touch "/tmp/digests/${digest#sha256:}"
+
+ - name: Upload digest
+ uses: actions/upload-artifact@v4
+ with:
+ name: "digests-${{ matrix.os }}-${{ matrix.arch }}"
+ path: /tmp/digests/*
+ if-no-files-found: error
+ retention-days: 7
+ overwrite: true
+
+ merge:
+ runs-on: ubuntu-latest
+ needs:
+ - build-push-images
+ permissions:
+ contents: read
+ id-token: write # needed for the Vault authentication
+ steps:
+ - name: Download digests
+ uses: actions/download-artifact@v4
+ with:
+ path: /tmp/digests
+ pattern: digests-*
+ merge-multiple: true
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ${{ env.IMAGE }}
+ flavor: |
+ latest=false
+
+ - name: Load Secrets from Vault
+ uses: rancher-eio/read-vault-secrets@main
+ with:
+ secrets: |
+ secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+ secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ env.DOCKER_USERNAME }}
+ password: ${{ env.DOCKER_PASSWORD }}
+
+ - name: Create manifest list and push
+ working-directory: /tmp/digests
+ run: |
+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+ $(printf '${{ env.IMAGE }}@sha256:%s ' *)
+
+ - name: Inspect image
+ run: |
+ docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..b58b603
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,5 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
diff --git a/.idea/hyperkube-base.iml b/.idea/hyperkube-base.iml
new file mode 100644
index 0000000..5e764c4
--- /dev/null
+++ b/.idea/hyperkube-base.iml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..c1c4955
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/manifest.tmpl b/manifest.tmpl
deleted file mode 100644
index 3e5b403..0000000
--- a/manifest.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-image: rancher/hyperkube-base:{{#if build.tag}}{{build.tag}}{{else}}{{replace "release/" "" build.branch }}-head{{/if}}
-manifests:
- -
- image: rancher/hyperkube-base:{{#if build.tag}}{{build.tag}}{{else}}{{replace "release/" "" build.branch }}-head{{/if}}-linux-amd64
- platform:
- architecture: amd64
- os: linux
- -
- image: rancher/hyperkube-base:{{#if build.tag}}{{build.tag}}{{else}}{{replace "release/" "" build.branch }}-head{{/if}}-linux-arm64
- platform:
- architecture: arm64
- os: linux
\ No newline at end of file