This document describes the procedure for updating each container image.
Besides on-demand container updates, we have two regular renewal operations: Kubernetes Update
and Regular Update
.
The target container of these operations have the following badges, so check before the operations.
In case of components whose Go source code are in neco-containers, all dependent Go modules should be updated if there is no special reason. Kubernetes-related modules such as client-go may be newer than the Kubernetes to be updated. For example, it is acceptable that client-go is v0.30 and Kubernetes is v1.29.
- Kubernetes Update ()
- Upgrade of Kubernetes. Besides the related components of Kubernetes, update the containers managed by CKE and some go modules.
- Regular Update ()
- Update in every quarter. Keeping up with the upstream version and updating the ubuntu base image.
- CSA Update ()
- Update by CSA team.
- No Need Update ()
- Used as a PoC, so regular updates are not required.
- admission (neco-admission)
- alertmanager
- argocd
- argocd-image-updater
- bird
- blackbox_exporter
- bmc-reverse-proxy
- bpf-map-pressure-exporter
- cadvisor
- cep-checker
- ceph
- ceph-extra-exporter
- cephcsi
- cert-manager
- chrony
- cilium
- cilium-certgen
- cilium-operator-generic
- configmap-reload
- contour
- coredns
- csi addons controller
- csi sidecars
- dex
- envoy
- etcd
- external-dns
- fluent-bit
- golang-all (golang for combinations of versions and platforms)
- gorush
- grafana
- grafana-operator
- haproxy
- heartbeat
- hubble
- hubble-relay
- hubble-ui
- kube-metrics-adapter
- kube-state-metrics
- kube-storage-version-migrator
- kubernetes
- local-pv-provisioner
- loki
- machines-endpoints
- memcached
- memcached_exporter
- meows-dctest-runner
- meows-neco-runner
- moco-switchover-downtime-monitor
- opentelemetry-collector
- pause
- pod-delete-rate-limiter
- pomerium
- prometheus-adapter
- prometheus-config-reloader
- promtail
- promtail-debug
- pushgateway
- redis
- registry
- rook
- s3gw
- sealed-secrets
- serf
- squid
- squid-exporter
- stakater/Reloader
- tcp-keepalive
- teleport-node
- tempo
- testhttpd
- trust-manager
- trust-packages
- unbound
- unbound_exporter
- vault
- victoriametrics
- victoriametrics-operator
In Kubernetes update:
-
Update the following version variables in
Makefile
.CONTROLLER_TOOLS_VERSION
KUSTOMIZE_VERSION
ENVTEST_K8S_VERSION
-
Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. -
Generate code and manifests.
cd $GOPATH/src/github.com/cybozu/neco-containers/admission make generate manifests # Commit, if there are any updated files.
-
Confirm build and test are green.
make build test
-
Update
TAG
file.
In Regular update, do the following as part of the update of each CRD-providing product:
-
Update a matching version variable from the following in
Makefile
.CONTOUR_VERSION
ARGOCD_VERSION
GRAFANA_OPERATOR_VERSION
-
Modify the code to match the new CRDs if CRDs are changed.
-
Generate code and manifests.
cd $GOPATH/src/github.com/cybozu/neco-containers/admission make clean make generate manifests # Commit, if there are any updated files.
-
Confirm build and test are green.
make build test
-
Update
TAG
file.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockefile
.https://github.com/prometheus/alertmanager/blob/vX.Y.Z/Dockerfile
- Update version variables in
Dockerfile
. - Update
BRANCH
andTAG
files.
- Check releases for changes.
- Check
hack/tool-versions.sh
for the tools versions.https://github.com/argoproj/argo-cd/blob/vX.Y.Z/hack/tool-versions.sh
- Update tool versions in
Dockerfile
. - Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/argoproj/argo-cd/blob/vX.Y.Z/Dockerfile
- Update version variables in
Dockerfile
.- Update
ARGOCD_VERSION
,KUSTOMIZE_VERSION
andHELM_VERSION
.
- Update
- Update
BRANCH
andTAG
files. - Follow maintenance instructions for neco-admission if needed.
Note
ArgoCD depends on dex,Redis,HAProxy. So browse the following manifests and update dex,redis,haproxy images next.
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/base/dex/argocd-dex-server-deployment.yaml
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/base/redis/argocd-redis-deployment.yaml
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/ha/install.yaml
Note
ArgoCD's Application objects are validated by neco-admission. If Application CRD has been changed, you may need to update neco-admission.
- Check releases for changes.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/argoproj-labs/argocd-image-updater/blob/vX.Y.Z/Dockerfile
- Update version variables in
Dockerfile
.- Update
ARGOCD_IMAGE_UPDATER_VERSION
.
- Update
- Update
TAG
file.
- Check the releases page in the official website.
- Update
BIRD_VERSION
variable inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the release page.
- Update
BLACKBOX_EXPORTER_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
-
Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. -
Confirm test are green.
make test
-
Update image tag in
bmc-reverse-proxy.yaml
. -
Update
TAG
file.
TBD
- Check the release page.
- Check the upstream build files. If there are any updates, update our
Dockerfile
.https://github.com/google/cadvisor/blob/vX.Y.Z/Makefile
https://github.com/google/cadvisor/blob/vX.Y.Z/build/release.sh
https://github.com/google/cadvisor/blob/vX.Y.Z/build/build.sh
https://github.com/google/cadvisor/blob/vX.Y.Z/deploy/Dockerfile
- Update
CADVISOR_VERSION
inDockerfile
- Update
TAG
file.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update cilium and cilium-cli version in
Makefile
andgo.mod
to the version used by neco. - Update
TAG
by incrementing the patch revision, e.g. 1.0.1, 1.0.2, ...
- Check the release page.
- Check the build ceph document and README.md.
- If other instructions are needed for
ceph/build.sh
, add the instructions. - If there are ceph runtime packages or required tool changes, update Dockerfile.
- If other instructions are needed for
- Update the
version
argument on thebuild-ceph
job in the CircleCImain
workflow and thebuild_ceph
job in the Github Actionsmain
workflow. - Update
BRANCH
andTAG
files.
Note
The rook image is based on the ceph image. So upgrade the rook image next.
When you want to create a new image with patches to the specific version of Ceph, follow these steps.
- Create a branch with the name
ceph-vX.Y.Z
from the commit you want, and push it.- You must follow the branch naming convention to activate the image build and push jobs.
- If the branch already exists, you can skip this step.
- Create a PR to the branch
ceph-vX.Y.Z
, and merge it.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Upgrade base images in
Dockerfile
. - Update the
TAG
files accordingly.
- See Rook's values.yaml file of the appropriate tag and check the version of cephcsi.
- Update
CSI_IMAGE_VERSION
in Dockerfile with the value which you checked in the previous step. - Update
BASE_IMAGE
in Dockerfile if necessary.- If
BASE_IMAGE
is too old, the build may fail. - You should also check
BASE_IMAGE
in the upstream build.env file of the appropriate tag.
- If
- See the upstream Dockerfile of the appropriate tag, and update our Dockerfile if necessary.
- Update
BRANCH
andTAG
files.
Note
Because cephcsi container is build based on the ceph container, build the ceph container first if necessary.
- Check releases for changes.
- Check whether manually applied patches have been included in the new release and remove them accordingly.
- If patches are still needed, synchronize the forked repository (https://github.com/cybozu-go/cert-manager).
- Create and checkout a new branch named
vX.Y.Z-neco
from the tag namedvX.Y.Z
. - Cherry-pick the commit included patches and create a new tag named
vX.Y.Z-neco-longtimeout.1
. - Push it.
- Update
CERT_MANAGER_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the release note.
- Update
CHRONY_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the releases page for changes.
- Update
CILIUM_IMAGE_TOOLS_TARGET
andCILIUM_PROXY_TARGET
inneco-containers/cilium/Makefile
.CILIUM_IMAGE_TOOLS_TARGET
is a commit SHA of https://github.com/cilium/image-tools . Update to the latest one and go backward to find an appropriate SHA.CILIUM_PROXY_TARGET
is a commit SHA of https://github.com/cilium/proxy . To find the appropriate one, do:- Update
BRANCH
andTAG
files. - Run
make clean checkout-cilium
. It checks outcilium/cilium
atneco-containers/cilium/src/cilium
. - Run
cat src/cilium/images/cilium/Dockerfile | grep cilium-envoy:
.
- Update
- Checkout
cilium/cilium
,cilium/image-tools
, andcilium/proxy
at the relevant SHA.- Run
make checkout
and download them underneco-containers/cilium/src
.
- Run
- Check the upstream
Dockerfile
s to make necessary changes forneco-containers/cilium
.- Run
make urls
. It displays all the URLs of the upstreamDockerfile
s. - All the build specification is written in
neco-containers/cilium/Dockerfile
. Please check the header comment of the file to find the mapping of our build targets and the upstream ones.
- Run
- Build
ghcr.io/cybozu/cilium
and see the result.- Run
make build
to build. - Run
make test
to make sanity check. - Run
make test-e2e
to run the standard connectivity test.- Remove
--test=!check-log-errors
ine2e/Makefile
to confirm no important error is ignored. - Restore the flag until we catch up with the upstream that solves the LLVM-17-related issue.
- Remove
- If any problem found,
dive ghcr.io/cybozu/cilium:$(cat TAG)
will help.
- Run
Note
The cilium-operator-generic and hubble-relay images should be updated at the same time as the cilium image for consistency.
- Check the releases page for changes.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cilium/certgen/blob/vX.Y.Z/Dockerfile
- Update the
BRANCH
andTAG
files accordingly.
- Check the releases page for changes.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cilium/cilium/blob/vX.Y.Z/images/operator/Dockerfile
- Update the
BRANCH
andTAG
files accordingly.
Note
The cilium-operator-generic image should be updated at the same time as the cilium image for consistency.
- Check the tags page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/jimmidyson/configmap-reload/blob/vX.Y.Z/Dockerfile
- Update
CONFIGMAP_RELOAD_VERSION
inDockerfile
- Update
BRANCH
andTAG
files.
Note
Contour uses Envoy as a "data plane." Keep version correspondence between the contour and envoy images. Check the compatibility matrix below.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/projectcontour/contour/blob/vX.Y.Z/Dockerfile
- Update
CONTOUR_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files. - Follow maintenance instructions for neco-admission if needed.
Note
Contour's HTTPProxy objects are validated by neco-admission. If HTTPProxy CRD has been changed, you may need to update neco-admission.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/coredns/coredns/blob/vX.Y.Z/Dockerfile
- Update
COREDNS_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Update
VERSION
in Dockerfile. - See the upstream Dockerfile of the appropriate tag, and update our Dockerfile if necessary. The upstream Dockerfile is here.
- update image tag in
Dockerfile
if necessary. - Update
BRANCH
andTAG
files.
This section applies to the following containers. These containers are maintained similarly.
- csi-attacher
- csi-node-driver-registrar
- csi-provisioner
- csi-resizer
- csi-snapshotter
- See Rook's values.yaml file of the appropriate tag and check the version of csi sidecars.
- Update
VERSION
in Dockerfile with the value which you checked in the previous step. - See the upstream Dockerfile of the appropriate tag, and update our Dockerfile if necessary. The upstream Dockerfile is listed below.
- update image tag in
Dockerfile
if necessary. - Update
BRANCH
andTAG
files.
Note
You can choose the latest stable Ubuntu image for runtime. upstream uses distroless as the base image for runtime, while Neco uses Ubuntu for easier debugging.
Note
You may choose the latest docker image for the build, regardless of the upstream go version. The current go compiler builds with the language version and toolchain version based on the go version specified in the go.mod file. There is no need to use an older version of the image to match go.mod. As a known issue, the upstream build script warns that test-gofmt and test-vendor are known to be sensitive to the version of Go.
. However, we use the latest docker image unless the test fails.
Note
This image is used by ArgoCD. So browse the following manifest and check the required version. If the manifest uses version a.b.c, we should use version a.b.d where d >= c. Don't use a newer minor version.
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/base/dex/argocd-dex-server-deployment.yaml
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/dexidp/dex/blob/vX.Y.Z/Dockerfile
- Update
DEX_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
Note
Envoy is managed by Contour so update to the supported version. See the below.
- Check the release page.
- Update
clang_archive_path
in.github/workflows/main.yaml
if you want to update the clang version. - Update image tag in
README.md
. - Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update
BRANCH
andTAG
files.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/etcd-io/etcd/blob/vX.Y.Z/Dockerfile-release.amd64
- Update
ETCD_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the release page.
- Check the upstream
.ko.yaml
. If there are any updates, update ourDockerfile
.https://github.com/kubernetes-sigs/external-dns/blob/vX.Y.Z/.ko.yaml
- Update
EXTERNALDNS_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
TAG
file.
- Check the release page.
- Update
FLUENT_BIT_VERSION
inDockerfile
. - Update
TAG
.
Automated by .github/workflows/update.yaml
.
Manual update
- Check the release history.
- Update
GO_VERSION
inDockerfile
. - Update
BRANCH
andTAG
.
Ignore!!!
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/grafana/grafana/blob/vX.Y.Z/Dockerfile
- Check
JS_IMAGE
in the Dockerfile
- Update
GRAFANA_VERSION
inDockerfile
. - Update installation of Node.js in
Dockerfile
according toJS_IMAGE
if necessary. - Update
TAG
.
- Check the release page.
- Check the upstream build procedure (Makefile, Dockerfile, .ko.yaml, etc). At the point of v5.4.1, grafana-operator is built by ko with its default configuration.
If there are any updates, update our
Dockerfile
.https://github.com/grafana/grafana-operator/tree/vX.Y.Z
- Update
VERSION
inDockerfile
. - Update
TAG
. - Update
GRAFANA_OPERATOR_VERSION
inadmission/Makefile
. - Follow maintenance instructions for neco-admission if needed.
Note
Grafana Operator's GrafanaDashboard objects are validated by neco-admission. If GrafanaDashboard CRD has been changed, you may need to update neco-admission.
Note
This image is used by ArgoCD. So browse the following manifest and check the required version. If the manifest uses version a.b.c, we should use version a.b.d where d >= c. Don't use a newer minor version.
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/ha/install.yaml
- Check the release notes in the official site.
- Update
HAPROXY_SHA256
inDockerfile
, SHA256 hash in http://www.haproxy.org/download - Update
BRANCH
andTAG
files.
Only the base image and module dependency should be updated.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update
TAG
by incrementing the patch revision, e.g. 1.0.1, 1.0.2, ...
- Check the releases page for changes.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cilium/hubble/blob/vX.Y.Z/Dockerfile
- Update the
BRANCH
andTAG
files accordingly.
- Check the releases page for changes.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cilium/cilium/blob/vX.Y.Z/images/hubble-relay/Dockerfile
- Update the
BRANCH
andTAG
files accordingly.
Note
The hubble-relay image should be updated at the same time as the cilium image for consistency.
- Check the releases page for changes.
- Update the
BRANCH
andTAG
files accordingly. - Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cilium/cilium/blob/vX.Y.Z/images/hubble-relay/Dockerfile
hubble-ui
depends on nginx. As such, it may be also be necessary to bump the following nginx-related variables in theDockerfile
:NGINX_VERSION
NJS_VERSION
NGINX_UNPRIVILEGED_COMMIT_HASH
Update nginx that hubble-ui depends on as follows.
- Pick a commit hash from https://github.com/nginxinc/docker-nginx-unprivileged/commits/main/mainline/debian/Dockerfile
- If
NGINX_VERSION
is 1.23.2, the commit hash is 85f846c6c5d121b2b750d71c31429d9686523da0 referencing the commit "Update mainline NGINX to 1.23.2" - You can find the corresponding
NJS_VERSION
value in the same commit
- If
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.
# Check diff between v1.23.1 and v1.23.2
git diff 0b794b2bd54217ac3882680265c9426ae2edcbd6 85f846c6c5d121b2b750d71c31429d9686523da0 -- mainline/debian/Dockerfile
- Check the release page.
- Update
KMA_VERSION
inDockerfile
. - Update
TAG
file.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/kubernetes/kube-state-metrics/blob/vX.Y.Z/Dockerfile
- Update
KUBE_STATE_METRICS_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
TAG
files.
- Check the release page.
- Check the upstream build files. If there are any updates, update our
Dockerfile
.https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/vX.Y.Z/Makefile
https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/vX.Y.Z/cmd/initializer/Dockerfile
https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/vX.Y.Z/cmd/migrator/Dockerfile
https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/vX.Y.Z/cmd/trigger/Dockerfile
- Update
MIGRATOR_VERSION
inDockerfile
- Update
TAG
file.
- Check the release page.
- Update
K8S_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
-
Update version variables in
Makefile
. -
Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. -
Generate code and manifests.
cd $GOPATH/src/github.com/cybozu/neco-containers/local-pv-provisioner make generate manifests # Commit, if there are any updated files.
-
Confirm build and test are green.
make build test
-
Update image tag in
local-pv-provisioner.yaml
. -
Update
TAG
file.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/grafana/loki/blob/vX.Y.Z/cmd/loki/Dockerfile
- Update
LOKI_VERSION
inDockerfile
. - Update
TAG
file.
Note
Keep the version of promtail the same as that of loki.
-
Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. -
Confirm test is green.
make test
-
Update image tag in
machines-endpoints.yaml
. -
Update
TAG
file.
- Check the release page.
- Update
MEMCACHED_VERSION
inDockerfile
. - Update
TAG
file.
- Check the release page.
- Update
MEMCACHED_EXPORTER_VERSION
inDockerfile
. - Update
BRANCH
andTAG
file.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cybozu-go/meows/blob/vX.Y.Z/Dockerfile
- Update
MEOWS_VERSION
inDockerfile
. - Update
GO_VERSION
andPLACEMAT_VERSION
inDockerfile
, if there are any updates.GO_VERSION
: https://github.com/cybozu/neco-containers/blob/main/golang-allPLACEMAT_VERSION
: https://github.com/cybozu-go/placemat/releases/latest
- Update
BRANCH
andTAG
files.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/cybozu-go/meows/blob/vX.Y.Z/Dockerfile
- Update the
Dockerfile
to install the same tools as ubuntu-debug.- Also update
GRPCURL_VERSION
, if there are any changes. - https://github.com/cybozu/ubuntu-base/blob/main/22.04/ubuntu-debug/Dockerfile#L5
- Also update
- Update
MEOWS_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update
TAG
file.
opentelemetry-collector container consists of three repositories: opentelemetry-collector, opentelemetry-collector-contrib and opentelemetry-collector-releases
- Check the release pages main contrib release.
- Check the upstream Dockerfile and builder manifest. If there are any updates, update our
Dockerfile
.https://github.com/open-telemetry/opentelemetry-collector-releases/blob/vX.Y.Z/distributions/otelcol/Dockerfile
https://github.com/open-telemetry/opentelemetry-collector-releases/blob/vX.Y.Z/distributions/otelcol/manifest.yaml
- Update
OTELCOL_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
- Check the changelog.
https://github.com/kubernetes/kubernetes/blob/vX.Y.Z/build/pause/CHANGELOG.md
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/kubernetes/kubernetes/blob/vX.Y.Z/build/pause/Dockerfile
- Update
K8S_VERSION
andPAUSE_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
-
Update the following version variables in
Makefile
.CONTROLLER_TOOLS_VERSION
KUSTOMIZE_VERSION
ENVTEST_K8S_VERSION
-
Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. -
Generate code and manifests.
cd $GOPATH/src/github.com/cybozu/neco-containers/pod-delete-rate-limiter make generate manifests # Commit, if there are any updated files.
-
Confirm build and test are green.
make build test
-
Update
TAG
file.
-
Check the release page and upgrade guide.
-
Check the diff of the Dockerfile.
cd /path/to/pomerium git switch --detach v${NewVersion} git diff v${CurrentVersion} Dockerfile
-
Update
Dockerfile
.- Pomeruim version
- Golang version
- Node.js version
-
Update
TAG
file.
- Check the release page.
- Update version variables in
Dockerfile
. - Update
TAG
file.
This is a part of prometheus-operator. This is used by victoria-metrics operator too.
- Check the latest release of
prometheus-operator
- Update version variable in
Dockerfile
. - Update
TAG
file.
Promtail contains two versions, one for promtail and the other for libsystemd. The promtail version should be the same with loki. The libsystemd version should be the same with the one running on the stable Flatcar OS.
- Update
LOKI_VERSION
inDockerfile
. - Update
SYSTEMD_VERSION
inDockerfile
if needed. - Update
TAG
file.
TBD
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/prometheus/pushgateway/blob/vX.Y.Z/Dockerfile
- Update version variables in
Dockerfile
. - Update
TAG
file.
Note
This image is used by ArgoCD. So browse the following manifest and check the required version. If the manifest uses version a.b.c, we should use version a.b.d where d >= c. Don't use a newer minor version.
https://github.com/argoproj/argo-cd/blob/vX.Y.Z/manifests/base/redis/argocd-redis-deployment.yaml
- Check the release notes in the official site.
- Check the Dockerfile in docker-library. If there are any updates, update our
Dockerfile
. - Update
REDIS_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
- Check the release notes in the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
. - Update
REGISTRY_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
Note
If we update both Rook and Ceph, update Ceph image first, and then update Rook image.
Note
A specific version of rook depends on specific versions of csi sidecar containers listed below. Update these containers at the same time.
- cephcsi
- csi-attacher
- csi-node-driver-registrar
- csi-provisioner
- csi-resizer
- csi-snapshotter
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/rook/rook/blob/vX.Y.Z/images/ceph/Dockerfile
- update build image tag in
Dockerfile
if necessary. - Update
ROOK_VERSION
inDockerfile
. - Update ceph image tag in
Dockerfile
. - Update
BRANCH
andTAG
files.
Note
You may choose the latest docker image for the build, regardless of the upstream go version. The current go compiler builds with the language version and toolchain version based on the go version specified in the go.mod file. There is no need to use an older version of the image to match go.mod.
Only the base image and module dependency should be updated.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update
TAG
by incrementing the patch revision, e.g. 1.0.1, 1.0.2, ...
- Check the release page.
- Check the upstream Dockerfile and compare with ours especially on the runtime stage. If there are any updates, update our
Dockerfile
.https://github.com/bitnami-labs/sealed-secrets/blob/vX.Y.Z/docker/controller.Dockerfile
https://github.com/bitnami-labs/sealed-secrets/blob/vX.Y.Z/docker/kubeseal.Dockerfile
- Update
SEALED_SECRETS_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/hashicorp/serf/blob/vX.Y.Z/scripts/serf-builder/Dockerfile
- Update
SERF_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the latest stable version at http://www.squid-cache.org/Versions/
- Check release notes if a new version is released.
- e.g.,
http://www.squid-cache.org/Versions/vX/squid-X.Y-RELEASENOTES.html
- e.g.,
- Update
SQUID_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update squid version in
Makefile
ande2e/pod.yaml
if there are any updates. - Update
TAG
by incrementing the patch revision, e.g. 1.0.1, 1.0.2, ...
Note
The squid images should be updated at the same time as the squid-exporter image for consistency.
- Check the release page.
- Check the upstream Dockerfile. If there are any updates, update our
Dockerfile
.https://github.com/stakater/Reloader/blob/vX.Y.Z/Dockerfile
- Update
BRANCH
andTAG
files.
TBD
- Check the release page.
- Run
make -C teleport-node/ check-teleport-update
and check the upstreamMakefile
andversion.mk
. - Update tools version in
Dockerfile
. - Update
Dockerfile
If there are any changes to the build method. - Update
TELEPORT_VERSION
inDockerfile
. - Update
TAG
files.
- Check the release page.
- Check the upstream
Makefile
andcmd/tempo//Dockerfile
. If they have been updated significantly, update ourDockerfile
.https://github.com/grafana/tempo/blob/vX.Y.Z/Makefile
https://github.com/grafana/tempo/blob/vX.Y.Z/cmd/tempo/Dockerfile
- Update
TEMPO_VERSION
inDockerfile
. - Update
TAG
file.
- Upgrade direct dependencies listed in
go.mod
. Usego get
or your editor's function. - Update
BRANCH
andTAG
files.
- Check the release page.
- Update
BRANCH
andTAG
files.
- Check the release page.
- Update
TRUST_MANAGER_VERSION
inDockerfile
. - Update
TAG
file.
- Check the download page.
- Run
make update-root-hints
. - Update
UNBOUND_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the release page
- Update
UNBOUND_EXPORTER_VERSION
inDockerfile
. - Update
BRANCH
andTAG
files.
- Check the release page and these notes:
- Update
VAULT_VERSION
inDockerfile
. - Update image tag in
README.md
. - Update
BRANCH
andTAG
files.
- Check the release page.
- Check upstream
Makefile
andDockerfile
, and update ourDockerfile
if needed.https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z/Makefile
https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z/app/*/Makefile
https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z/app/*/deployment/Dockerfile
https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z-cluster/Makefile
https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z-cluster/app/*/Makefile
https://github.com/VictoriaMetrics/VictoriaMetrics/blob/vX.Y.Z-cluster/app/*/deployment/Dockerfile
- Update
VICTORIAMETRICS_SINGLE_VERSION
andVICTORIAMETRICS_CLUSTER_VERSION
inDockerfile
. - Update
TAG
file.
- Check the release page.
- Check upstream Makefile and Dockerfile, and update our Dockerfile if needed.
- Update
VICTORIAMETRICS_OPERATOR_VERSION
inDockerfile
. - Update
TAG
file.