automated commit

Signed-off-by: Public copy <41898282+github-actions[bot]@users.noreply.github.com>
chainguard-images · Nov 18, 2024 · 8b07bf6 · 8b07bf6
1 parent 56fca24
commit 8b07bf6
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 60 deletions.
diff --git a/images/curl/config/main.tf b/images/curl/config/main.tf
@@ -12,6 +12,7 @@ output "config" {
       packages = concat([
         "curl",
         "libcurl-rustls4",
+        "ncurses-terminfo",
       ], var.extra_packages)
     }
     accounts = module.accts.block

diff --git a/images/grafana/README.md b/images/grafana/README.md
@@ -33,16 +33,16 @@ Be sure to replace the `ORGANIZATION` placeholder with the name used for your or
 
 <!--body:start-->
 ## Upstream documentation
-For more information on grafana, refer to the [grafana documentation](https://grafana.com/docs/).
-Additionally the grafana GitHub reposiory can be [found here](https://github.com/grafana/grafana).
+For more information on Grafana, refer to the [Grafana documentation](https://grafana.com/docs/).
+Additionally, the Grafana GitHub repository can be [found here](https://github.com/grafana/grafana).
 
 ## Helm
-grafana can be deployed using the following helm chart:
+Grafana can be deployed using the following Helm chart:
 - [https://artifacthub.io/packages/helm/grafana/grafana](https://artifacthub.io/packages/helm/grafana/grafana)
 
-Follow the instructions in the link above to deploy grafana using helm. Note you
+Follow the instructions in the link above to deploy Grafana using Helm. Note you
 will need to override the default image and tag used, replacing with the
-chainguard image, example:
+Chainguard image, example:
 
 ```bash
 helm repo add grafana https://grafana.github.io/helm-charts
@@ -54,20 +54,20 @@ helm install grafana https://grafana.github.io/helm-charts \
   --set image.tag=latest
 ```
 
-You can also leverage the chainguard image for the sidecar images if you opt to use those as well:
+You can also leverage the Chainguard image for the sidecar images if you opt to use those as well:
 
 ```bash
   --set sidecar.image.registry=cgr.dev \
   --set sidecar.image.repository=chainguard/k8s-sidecar \
   --set sidecar.image.tag=latest
 ```
 
-Refer to the [helm chart documentation](https://artifacthub.io/packages/helm/grafana/grafana)
-for full instructions on how to use the helm chart.
+Refer to the [Helm chart documentation](https://artifacthub.io/packages/helm/grafana/grafana)
+for full instructions on how to use the Helm chart.
 
 ## Docker
-grafana can be launched using docker. Refer to the
-[grafana docker image documentation](https://grafana.com/docs/grafana/latest/setup-grafana/installation/docker)
+Grafana can be launched using Docker. Refer to the
+[Grafana Docker image documentation](https://grafana.com/docs/grafana/latest/setup-grafana/installation/docker)
 for full instructions.
 
 Example:
@@ -76,7 +76,7 @@ Example:
 docker run --name=local-grafana -p 3000:3000 cgr.dev/chainguard/grafana:latest
 ```
 
-The grafana Web UI would be accessible via:
+The Grafana Web UI would be accessible via:
 - [http://localhost:3000](http://localhost:3000)
 <!--body:end-->
 

diff --git a/images/istio/main.tf b/images/istio/main.tf
@@ -2,18 +2,46 @@ variable "target_repository" {
   description = "The docker repo into which the image and attestations should be published."
 }
 
+locals {
+  # get all the versions that operator is required for
+  versions_supported_by_operator = [for k, v in module.versions-istio-operator.versions : v.version]
+
+  # determine which versions should use the operator
+  use_operator = {
+    for k, v in module.versions-istio-pilot-agent.versions :
+    "${v.version}" => contains(local.versions_supported_by_operator, v.version)
+  }
+}
+
 module "test-things" {
   source = "./tests"
+  # Pick something that is versioned with istio/istio, in this case, istio-operator
+  for_each = module.versions-istio-operator.versions
+
+  # Append -operator here (or any of the subcomponents) to ensure we
+  # avoid creating a "top level" /istio repo
+  target_repository = "${var.target_repository}-operator"
 
-  target_repository = var.target_repository
+  warn_on_failure = each.value.eol
+
+  use_operator = local.use_operator[each.value.version]
 
   digests = {
-    install-cni = module.install-cni-versioned["istio-cni"].image_ref
-    proxy       = module.proxy-versioned["istio-envoy"].image_ref
-    pilot       = module.pilot-versioned["istio-pilot-discovery"].image_ref
-    operator    = module.operator-versioned["istio-operator"].image_ref
+    install-cni = module.install-cni-versioned["istio-cni-${each.value.version}"].image_ref
+    pilot       = module.pilot-versioned["istio-pilot-discovery-${each.value.version}"].image_ref
+    proxy       = module.proxy-versioned["istio-envoy-${each.value.version}"].image_ref
+
+    # only provide operator image digest if available ; otherwise provide an empty string
+    operator = local.use_operator[each.value.version] ? module.operator-versioned["istio-operator-${each.value.version}"].image_ref : ""
   }
 
-  # Use latest versions for these charts
-  # chart_versions = { ... }
+  # These charts are versioned to istio/istio, even though the images aren't
+  chart_versions = {
+    install-cni = each.value.version
+    pilot       = each.value.version
+    proxy       = each.value.version
+
+    # only provide operator version if available ; otherwise provide an empty string
+    operator = local.use_operator[each.value.version] ? each.value.version : ""
+  }
 }
diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf
@@ -45,7 +45,13 @@ variable "chart_versions" {
   }
 }
 
-locals { parsed = { for k, v in var.digests : k => provider::oci::parse(v) } }
+variable "use_operator" {
+  description = "Whether to install operator helm chart"
+  type        = bool
+}
+
+# this is only parsing images that are not empty strings as operator can be optional
+locals { parsed = { for k, v in var.digests : k => provider::oci::parse(v) if v != "" } }
 
 locals {
   namespace = "istio-system"
@@ -79,6 +85,7 @@ module "helm_base" {
 }
 
 module "helm_operator" {
+  count  = var.use_operator ? 1 : 0
   source = "./helm/operator"
   values = {
     name             = "operator"
@@ -190,45 +197,52 @@ resource "imagetest_feature" "this" {
   description     = "Test istio functionality of the various istio helm charts."
   warn_on_failure = var.warn_on_failure
 
-  steps = [
-    {
-      name = "Install base",
-      cmd  = module.helm_base.install_cmd
-    },
-    {
-      name = "Install operator",
-      cmd  = module.helm_operator.install_cmd
-    },
-    {
-      name = "Install istiod",
-      cmd  = module.helm_istiod.install_cmd
-    },
-    {
-      name = "Install gateway",
-      cmd  = module.helm_gateway.install_cmd
-    },
-    {
-      name = "Install CNI",
-      cmd  = module.helm_install-cni.install_cmd
-    },
-    {
-      name  = "Check install CNI worked",
-      cmd   = <<EOF
+  steps = concat(
+    [
+      {
+        name = "Install base",
+        cmd  = module.helm_base.install_cmd
+      },
+    ],
+    (
+      var.use_operator ? [
+        {
+          name = "Install operator",
+          cmd  = module.helm_operator[0].install_cmd
+        },
+      ] : []
+    ),
+    [
+      {
+        name = "Install istiod",
+        cmd  = module.helm_istiod.install_cmd
+      },
+      {
+        name = "Install gateway",
+        cmd  = module.helm_gateway.install_cmd
+      },
+      {
+        name = "Install CNI",
+        cmd  = module.helm_install-cni.install_cmd
+      },
+      {
+        name  = "Check install CNI worked",
+        cmd   = <<EOF
         kubectl rollout status daemonset -n ${local.namespace} istio-cni-node --timeout 60s
       EOF
-      retry = { attempts = 5, delay = "10s" }
-    },
-    {
-      name  = "Assert readiness"
-      cmd   = <<EOF
+        retry = { attempts = 5, delay = "10s" }
+      },
+      {
+        name  = "Assert readiness"
+        cmd   = <<EOF
 kubectl rollout status -n istio-system deploy/istiod
 kubectl get mutatingwebhookconfigurations istio-sidecar-injector
       EOF
-      retry = { attempts = 5, delay = "10s" }
-    },
-    {
-      name = "Test injection"
-      cmd  = <<EOF
+        retry = { attempts = 5, delay = "10s" }
+      },
+      {
+        name = "Test injection"
+        cmd  = <<EOF
 kubectl apply -f- <<YAML
 ---
 apiVersion: v1
@@ -259,10 +273,10 @@ if [[ "$(kubectl get pod -n ${local.test-namespace} bar -ojsonpath='{range .spec
     exit 1
 fi
       EOF
-    },
-    {
-      name = "Test Gateway"
-      cmd  = <<EOF
+      },
+      {
+        name = "Test Gateway"
+        cmd  = <<EOF
 kubectl apply -f- <<YAML
 ---
 apiVersion: networking.istio.io/v1beta1
@@ -335,8 +349,8 @@ YAML
 
 kubectl wait --for=condition=complete --timeout=120s -n ${local.test-namespace} job/istio-curl-check
       EOF
-    },
-  ]
+      },
+  ])
 
   labels = {
     type = "k8s"

diff --git a/images/mariadb/tests/02-runs.sh b/images/mariadb/tests/02-runs.sh
@@ -5,7 +5,8 @@ set -o errexit -o nounset -o errtrace -o pipefail -x
 # Start up the mariadb container in the background
 name=mariadb-${RANDOM}
 docker run -d --name $name -e MARIADB_ROOT_PASSWORD=secret "${IMAGE_NAME}"
-sleep 5
+# Database needs some time to start up
+sleep 30
 
 # Exec into the container and run the mysql command
 docker exec $name mariadb -uroot -psecret -e "SHOW status;" | grep Uptime

diff --git a/images/redis/tests/main.tf b/images/redis/tests/main.tf
@@ -8,6 +8,10 @@ variable "digest" {
   description = "The image digest to run tests over."
 }
 
+variable "test_activedefrag" {
+  default = true
+}
+
 data "oci_exec_test" "version" {
   digest = var.digest
   script = "docker run --rm $IMAGE_NAME --version"
@@ -19,6 +23,8 @@ data "oci_exec_test" "server" {
 }
 
 data "oci_exec_test" "activedefrag" {
+  count = var.test_activedefrag ? 1 : 0
+
   digest = var.digest
   script = "${path.module}/03-server-activedefrag.sh"
 }