Merge pull request #5561 from song-jiang/song-pick-v3.22

Merge pull request #5485 from song-jiang/song-ipset
projectcalico · Feb 2, 2022 · 33cbaf8 · 33cbaf8
2 parents a2d4141 + 81baa24
commit 33cbaf8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/metadata.mk b/metadata.mk
@@ -6,8 +6,8 @@
 GO_BUILD_VER = v0.65
 
 # Version of Kubernetes to use for tests.
-K8S_VERSION     = v1.22.1
-KUBECTL_VERSION = v1.22.1
+K8S_VERSION     = v1.23.0
+KUBECTL_VERSION = v1.23.0
 
 # Version of various tools used in the build and tests.
 COREDNS_VERSION=1.5.2

diff --git a/node/Dockerfile.amd64 b/node/Dockerfile.amd64
@@ -15,6 +15,7 @@ ARG ARCH=x86_64
 ARG GIT_VERSION=unknown
 ARG IPTABLES_VER=1.8.4-17
 ARG LIBNFTNL_VER=1.1.5-4
+ARG IPSET_VER=7.11-6
 ARG RUNIT_VER=2.1.2
 ARG BIRD_IMAGE=calico/bird:latest
 ARG UBI_IMAGE
@@ -30,10 +31,13 @@ FROM quay.io/centos/centos:stream8 as centos
 ARG ARCH
 ARG IPTABLES_VER
 ARG LIBNFTNL_VER
+ARG IPSET_VER
 ARG RUNIT_VER
 ARG CENTOS_MIRROR_BASE_URL=https://vault.centos.org/8.4.2105
 ARG LIBNFTNL_SOURCERPM_URL=${CENTOS_MIRROR_BASE_URL}/BaseOS/Source/SPackages/libnftnl-${LIBNFTNL_VER}.el8.src.rpm
 ARG IPTABLES_SOURCERPM_URL=${CENTOS_MIRROR_BASE_URL}/BaseOS/Source/SPackages/iptables-${IPTABLES_VER}.el8.src.rpm
+ARG STREAM9_MIRROR_BASE_URL=https://iad.mirror.rackspace.com/centos-stream/9-stream
+ARG IPSET_SOURCERPM_URL=${STREAM9_MIRROR_BASE_URL}/BaseOS/source/tree/Packages/ipset-${IPSET_VER}.el9.src.rpm
 
 # Install build dependencies and security updates.
 RUN dnf install -y 'dnf-command(config-manager)' && \
@@ -87,6 +91,11 @@ RUN sed -i '/%files$/a \
 # Finally rebuild iptables.
 RUN rpmbuild -bb /root/rpmbuild/SPECS/iptables.spec
 
+# Install source RPM for ipset and install its build dependencies.
+RUN rpm -i ${IPSET_SOURCERPM_URL} && \
+    yum-builddep -y --spec /root/rpmbuild/SPECS/ipset.spec && \
+    rpmbuild -bb /root/rpmbuild/SPECS/ipset.spec
+
 # runit is not available in ubi or CentOS repos so build it.
 # get it from the debian repos as the official website doesn't support https
 RUN wget -P /tmp https://ftp.debian.org/debian/pool/main/r/runit/runit_${RUNIT_VER}.orig.tar.gz && \
@@ -101,6 +110,7 @@ ARG ARCH
 ARG GIT_VERSION
 ARG IPTABLES_VER
 ARG LIBNFTNL_VER
+ARG IPSET_VER
 ARG RUNIT_VER
 
 # Update base packages to pick up security updates.  Must do this before adding the centos repo.
@@ -126,7 +136,6 @@ RUN rm /etc/yum.repos.d/ubi.repo && \
     --setopt=tsflags=nodocs \
     # Needed for iptables
     libpcap libmnl libnfnetlink libnetfilter_conntrack \
-    ipset \
     iputils \
     # Need arp
     net-tools \
@@ -150,6 +159,9 @@ RUN rm /etc/yum.repos.d/ubi.repo && \
     # Install compatible libnftnl version with selected iptables version
     rpm --force -i /tmp/rpms/libnftnl-${LIBNFTNL_VER}.el8.${ARCH}.rpm && \
     rpm -i /tmp/rpms/iptables-${IPTABLES_VER}.el8.${ARCH}.rpm && \
+    # Install ipset version
+    rpm --force -i /tmp/rpms/ipset-libs-${IPSET_VER}.el8.x86_64.rpm && \
+    rpm -i /tmp/rpms/ipset-${IPSET_VER}.el8.x86_64.rpm && \
     # Set alternatives
     alternatives --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 1 && \
     alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 1