From a192971d72197b559228c06ed5e1e778133ce5f6 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Mon, 17 Jul 2023 10:46:05 +0200 Subject: [PATCH 1/4] agent: Update image-rs to 0.7.0-rc Update image-rs, which is part of the guest-components repo, to the commit that will become the v0.7.0 tag. Fixes: #7353 Signed-off-by: Jeremi Piotrowski --- src/agent/Cargo.lock | 4 ++-- src/agent/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 5a5554c4d..056af2dfc 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -1836,7 +1836,7 @@ dependencies = [ [[package]] name = "image-rs" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components?rev=43f6832#43f68320ed78cef438c838c10a6f462c06bad83f" +source = "git+https://github.com/confidential-containers/guest-components?rev=88dcc14#88dcc147ba8ddf34e8425c98d5931df8a995f04a" dependencies = [ "anyhow", "async-compression", @@ -2693,7 +2693,7 @@ dependencies = [ [[package]] name = "ocicrypt-rs" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components?rev=43f6832#43f68320ed78cef438c838c10a6f462c06bad83f" +source = "git+https://github.com/confidential-containers/guest-components?rev=88dcc14#88dcc147ba8ddf34e8425c98d5931df8a995f04a" dependencies = [ "aes 0.8.2", "anyhow", diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index baf1ab1fd..249bb942d 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -71,7 +71,7 @@ clap = { version = "3.0.1", features = ["derive"] } openssl = { version = "0.10.38", features = ["vendored"] } # Image pull/decrypt -image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "43f6832", default-features = false, features = ["kata-cc-native-tls"] } +image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "88dcc14", default-features = false, features = ["kata-cc-native-tls"] } [patch.crates-io] oci-distribution = { git = "https://github.com/krustlet/oci-distribution.git", rev = "f44124c" } From 484e363e6722ffe18019995899a538598abd470d Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Mon, 17 Jul 2023 10:46:56 +0200 Subject: [PATCH 2/4] versions: Update attestation-agent to 0.7.0-rc Update attestation-agent to the commit that will become the v0.7.0 tag. Fixes: #7353 Signed-off-by: Jeremi Piotrowski --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index 6a2bdaaf1..c4bc81450 100644 --- a/versions.yaml +++ b/versions.yaml @@ -194,7 +194,7 @@ externals: attestation-agent: description: "Provide attested key unwrapping for image decryption" url: "https://github.com/confidential-containers/guest-components/" - version: "43f68320ed78cef438c838c10a6f462c06bad83f" + version: "88dcc147ba8ddf34e8425c98d5931df8a995f04a" cni-plugins: description: "CNI network plugins" From ef8b5ca32d69bf7d2bfbbf72798b384d9fb6159f Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Mon, 17 Jul 2023 10:48:28 +0200 Subject: [PATCH 3/4] versions: Update td-shim to 0.7.0-rc Update td-shim to the commit that will become the v0.7.0-rc tag. Fixes: #7353 Signed-off-by: Jeremi Piotrowski --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index c4bc81450..d610a5ca9 100644 --- a/versions.yaml +++ b/versions.yaml @@ -311,7 +311,7 @@ externals: td-shim: description: "Confidential Containers Shim Firmware" url: "https://github.com/confidential-containers/td-shim" - version: "v0.6.0" + version: "4ecf76ab8bc57c2e857937487d1923961c2b6769" toolchain: "nightly-2022-11-15" virtiofsd: From 94b3ab833975557628ff305d908c6dd49cc9ddee Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 18 Jul 2023 09:55:09 -0300 Subject: [PATCH 4/4] versions: migrate out of k8s.gcr.io The k8s.gcr.io is deprecated for a while now and has been redirected to registry.k8s.io. However on some bare-metal machines in our testing pools that redirection is not working, so let's just replace the registries. Fixes #6461 Signed-off-by: Wainer dos Santos Moschetta Signed-off-by: Jeremi Piotrowski --- tests/integration/kubernetes/tests_common.sh | 2 +- tools/packaging/kata-deploy/examples/test-deploy-kata-clh.yaml | 2 +- .../kata-deploy/examples/test-deploy-kata-dragonball.yaml | 2 +- tools/packaging/kata-deploy/examples/test-deploy-kata-fc.yaml | 2 +- tools/packaging/kata-deploy/examples/test-deploy-kata-qemu.yaml | 2 +- tools/packaging/kata-deploy/examples/test-deploy-runc.yaml | 2 +- versions.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index 481cf4a57..660a429c8 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -11,7 +11,7 @@ # Variables used by the kubernetes tests export docker_images_nginx_version="1.15-alpine" -export container_images_agnhost_name="k8s.gcr.io/e2e-test-images/agnhost" +export container_images_agnhost_name="registry.k8s.io/e2e-test-images/agnhost" export container_images_agnhost_version="2.21" # Timeout options, mainly for use with waitForProcess(). Use them unless the diff --git a/tools/packaging/kata-deploy/examples/test-deploy-kata-clh.yaml b/tools/packaging/kata-deploy/examples/test-deploy-kata-clh.yaml index 665b03227..e942fa90d 100644 --- a/tools/packaging/kata-deploy/examples/test-deploy-kata-clh.yaml +++ b/tools/packaging/kata-deploy/examples/test-deploy-kata-clh.yaml @@ -16,7 +16,7 @@ spec: spec: runtimeClassName: kata-clh containers: - - image: k8s.gcr.io/hpa-example + - image: registry.k8s.io/hpa-example imagePullPolicy: Always name: php-apache ports: diff --git a/tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml b/tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml index 14ad93a85..64ab68c52 100644 --- a/tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml +++ b/tools/packaging/kata-deploy/examples/test-deploy-kata-dragonball.yaml @@ -16,7 +16,7 @@ spec: spec: runtimeClassName: kata-dragonball containers: - - image: k8s.gcr.io/hpa-example + - image: registry.k8s.io/hpa-example imagePullPolicy: Always name: php-apache ports: diff --git a/tools/packaging/kata-deploy/examples/test-deploy-kata-fc.yaml b/tools/packaging/kata-deploy/examples/test-deploy-kata-fc.yaml index 498de27ae..0386bf2ad 100644 --- a/tools/packaging/kata-deploy/examples/test-deploy-kata-fc.yaml +++ b/tools/packaging/kata-deploy/examples/test-deploy-kata-fc.yaml @@ -16,7 +16,7 @@ spec: spec: runtimeClassName: kata-fc containers: - - image: k8s.gcr.io/hpa-example + - image: registry.k8s.io/hpa-example imagePullPolicy: Always name: php-apache ports: diff --git a/tools/packaging/kata-deploy/examples/test-deploy-kata-qemu.yaml b/tools/packaging/kata-deploy/examples/test-deploy-kata-qemu.yaml index 3abdbdd6e..75c9108c9 100644 --- a/tools/packaging/kata-deploy/examples/test-deploy-kata-qemu.yaml +++ b/tools/packaging/kata-deploy/examples/test-deploy-kata-qemu.yaml @@ -16,7 +16,7 @@ spec: spec: runtimeClassName: kata-qemu containers: - - image: k8s.gcr.io/hpa-example + - image: registry.k8s.io/hpa-example imagePullPolicy: Always name: php-apache ports: diff --git a/tools/packaging/kata-deploy/examples/test-deploy-runc.yaml b/tools/packaging/kata-deploy/examples/test-deploy-runc.yaml index c7702bc0f..d347c0830 100644 --- a/tools/packaging/kata-deploy/examples/test-deploy-runc.yaml +++ b/tools/packaging/kata-deploy/examples/test-deploy-runc.yaml @@ -15,7 +15,7 @@ spec: run: php-apache-runc spec: containers: - - image: k8s.gcr.io/hpa-example + - image: registry.k8s.io/hpa-example imagePullPolicy: Always name: php-apache ports: diff --git a/versions.yaml b/versions.yaml index d610a5ca9..d4ee86bb3 100644 --- a/versions.yaml +++ b/versions.yaml @@ -260,7 +260,7 @@ externals: pause: description: "Kubernetes pause container image" - repo: "docker://k8s.gcr.io/pause" + repo: "docker://registry.k8s.io/pause" version: "3.6" runc: