Skip to content

USHIFT-5531: Auto-rebase procedure with flannel and kube-proxy image update #4726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 25, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions scripts/auto-rebase/rebase.sh
Original file line number Diff line number Diff line change
Expand Up @@ -816,6 +816,7 @@ EOF

update_olm_images
update_multus_images
update_kubeproxy_images

popd >/dev/null
}
Expand Down Expand Up @@ -1118,6 +1119,44 @@ EOF
done # for goarch
}

update_kubeproxy_images() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know what's the difference between kube-proxy and kube-rbac-proxy? Can they be used interchangeably?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI tells below difference and i don't think it can be use interchangeably.

kube-proxy

Purpose:
Manages networking rules on each node to route traffic to the appropriate pods.

Key Role:
    Handles network routing for services in a Kubernetes cluster.
    Runs on each node.
    Uses either iptables, ipvs, or userspace to forward traffic to pod IPs behind a service.

kube-rbac-proxy

Purpose:
Provides an authentication and authorization layer (based on Kubernetes RBAC) in front of an HTTP server (e.g., metrics endpoint).

Key Role:
    Runs as a sidecar or standalone proxy.
    Forwards requests only if the user is authorized per Kubernetes RBAC policies.
    Often used with metrics endpoints (like Prometheus scraping metrics from controllers or custom services).

title "Rebasing kube-proxy images"

for goarch in amd64 arm64; do
arch=${GOARCH_TO_UNAME_MAP["${goarch}"]:-noarch}

local release_file="${STAGING_DIR}/release_${goarch}.json"
local kustomization_arch_file="${REPOROOT}/assets/optional/kube-proxy/kustomization.${arch}.yaml"
local kubeproxy_release_json="${REPOROOT}/assets/optional/kube-proxy/release-kube-proxy-${arch}.json"

local base_release
base_release=$(jq -r ".metadata.version" "${release_file}")
jq -n "{\"release\": {\"base\": \"$base_release\"}, \"images\": {}}" > "${kubeproxy_release_json}"

# Create extra kustomization for each arch in separate file.
# Right file (depending on arch) should be appended during rpmbuild to kustomization.yaml.
cat <<EOF > "${kustomization_arch_file}"

images:
EOF

for container in kube-proxy; do
local new_image
new_image=$(jq -r ".references.spec.tags[] | select(.name == \"${container}\") | .from.name" "${release_file}")
local new_image_name="${new_image%@*}"
local new_image_digest="${new_image#*@}"

cat <<EOF >> "${kustomization_arch_file}"
- name: ${container}
newName: ${new_image_name}
digest: ${new_image_digest}
EOF

yq -i -o json ".images += {\"${container}\": \"${new_image}\"}" "${kubeproxy_release_json}"
done # for container
done # for goarch
}

check_for_manifests_changes() {
# Changes to ignore:
# - `release-$ARCH.json` files
Expand Down