Skip to content

Commit

Permalink
Merge pull request #45 from csrwng/merge_latest_into_414
Browse files Browse the repository at this point in the history 
HOSTEDCP-1323: Merge latest code into 4.14 branch
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] committed Dec 1, 2023
2 parents 15cd434 + f0caebb commit 3362d67
Show file tree
Hide file tree
Showing 3,891 changed files with 876,335 additions and 97,854 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 1 addition & 1 deletion .ci-operator.yaml
View file
@@ -1,4 +1,4 @@
build_root_image:
name: release
namespace: openshift
tag: rhel-8-release-golang-1.20-openshift-4.14
tag: rhel-8-release-golang-1.20-openshift-4.15
13 changes: 13 additions & 0 deletions .gitignore
View file
Expand Up @@ -5,3 +5,16 @@
/easy-rsa-master/
/easy-rsa.tar.gz
/easy-rsa

# editor and IDE paraphernalia
.idea
.vscode

# macOS paraphernalia
.DS_Store

# coverage files
konnectivity.out
konnectivity.html
konnectivity-client/client.out
konnectivity-client/client.html
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
View file
Expand Up @@ -14,7 +14,7 @@ If your repo has certain guidelines for contribution, put them here ahead of the

- [Contributor License Agreement](https://git.k8s.io/community/CLA.md) Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests
- [Kubernetes Contributor Guide](https://git.k8s.io/community/contributors/guide) - Main contributor documentation, or you can just jump directly to the [contributing section](https://git.k8s.io/community/contributors/guide#contributing)
- [Contributor Cheat Sheet](https://git.k8s.io/community/contributors/guide/contributor-cheatsheet.md) - Common resources for existing developers
- [Contributor Cheat Sheet](https://github.com/kubernetes/community/blob/master/contributors/guide/contributor-cheatsheet/README.md) - Common resources for existing developers

## Mentorship

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.openshift
View file
@@ -1,4 +1,4 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.20-openshift-4.14 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.20-openshift-4.15 AS builder

WORKDIR /go/src/sigs.k8s.io/apiserver-network-proxy

Expand All @@ -7,7 +7,7 @@ COPY . .
RUN CGO_ENABLED=0 go build -v -a -ldflags '-extldflags "-static"' -o proxy-server sigs.k8s.io/apiserver-network-proxy/cmd/server
RUN CGO_ENABLED=0 go build -v -a -ldflags '-extldflags "-static"' -o proxy-agent sigs.k8s.io/apiserver-network-proxy/cmd/agent

FROM registry.ci.openshift.org/ocp/4.14:base
FROM registry.ci.openshift.org/ocp/4.15:base

COPY --from=builder /go/src/sigs.k8s.io/apiserver-network-proxy/proxy-server /usr/bin/proxy-server
COPY --from=builder /go/src/sigs.k8s.io/apiserver-network-proxy/proxy-agent /usr/bin/proxy-agent
Expand Down
77 changes: 51 additions & 26 deletions Makefile
View file
Expand Up @@ -24,8 +24,8 @@ endif
GOOS ?= $(shell go env GOOS)
GOARCH ?= $(shell go env GOARCH)
INSTALL_LOCATION:=$(shell go env GOPATH)/bin
GOLANGCI_LINT_VERSION ?= 1.35.2
GOSEC_VERSION ?= 2.5.0
GOLANGCI_LINT_VERSION ?= 1.51.2
GOSEC_VERSION ?= 2.13.1

REGISTRY ?= gcr.io/$(shell gcloud config get-value project)
STAGING_REGISTRY := gcr.io/k8s-staging-kas-network-proxy
Expand All @@ -48,6 +48,7 @@ PROXY_SERVER_IP ?= 127.0.0.1
## --------------------------------------
## Testing
## --------------------------------------
.PHONY: mock_gen
mock_gen:
mkdir -p proto/agent/mocks
mockgen sigs.k8s.io/apiserver-network-proxy/proto/agent AgentService_ConnectServer > proto/agent/mocks/agent_mock.go
Expand All @@ -56,28 +57,31 @@ mock_gen:

.PHONY: test
test:
GO111MODULE=on go test -race sigs.k8s.io/apiserver-network-proxy/...
go test -race -covermode=atomic -coverprofile=konnectivity.out ./... && go tool cover -html=konnectivity.out -o=konnectivity.html
cd konnectivity-client && go test -race -covermode=atomic -coverprofile=client.out ./... && go tool cover -html=client.out -o=client.html

## --------------------------------------
## Binaries
## --------------------------------------

SOURCE = $(shell find . -name \*.go)

bin:
mkdir -p bin

.PHONY: build
build: bin/proxy-agent bin/proxy-server bin/proxy-test-client bin/http-test-server

bin/proxy-agent: proto/agent/agent.pb.go konnectivity-client/proto/client/client.pb.go bin cmd/agent/main.go
bin/proxy-agent: bin $(SOURCE)
GO111MODULE=on go build -o bin/proxy-agent cmd/agent/main.go

bin/proxy-test-client: konnectivity-client/proto/client/client.pb.go bin cmd/client/main.go
GO111MODULE=on go build -o bin/proxy-test-client cmd/client/main.go
bin/proxy-test-client: bin $(SOURCE)
GO111MODULE=on go build -o bin/proxy-test-client cmd/test-client/main.go

bin/http-test-server: bin cmd/test-server/main.go
bin/http-test-server: bin $(SOURCE)
GO111MODULE=on go build -o bin/http-test-server cmd/test-server/main.go

bin/proxy-server: proto/agent/agent.pb.go konnectivity-client/proto/client/client.pb.go bin cmd/server/main.go pkg/server/server.go pkg/server/metrics/metrics.go
bin/proxy-server: bin $(SOURCE)
GO111MODULE=on go build -o bin/proxy-server cmd/server/main.go

## --------------------------------------
Expand All @@ -87,7 +91,7 @@ bin/proxy-server: proto/agent/agent.pb.go konnectivity-client/proto/client/clien
.PHONY: lint
lint:
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(INSTALL_LOCATION) v$(GOLANGCI_LINT_VERSION)
$(INSTALL_LOCATION)/golangci-lint run --no-config --disable-all --enable=gofmt,golint,gosec,govet,unused --fix --verbose --timeout 3m
$(INSTALL_LOCATION)/golangci-lint run --no-config --disable-all --enable=gofmt,revive,gosec,govet,unused --fix --verbose --timeout 3m

## --------------------------------------
## Go
Expand All @@ -102,30 +106,27 @@ mod-download:
## --------------------------------------

.PHONY: gen
gen: mod-download proto/agent/agent.pb.go konnectivity-client/proto/client/client.pb.go mock_gen

konnectivity-client/proto/client/client.pb.go: konnectivity-client/proto/client/client.proto
mkdir -p ${GOPATH}/src
protoc -I . konnectivity-client/proto/client/client.proto --go_out=plugins=grpc:${GOPATH}/src
cat hack/go-license-header.txt ${GOPATH}/src/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.pb.go > konnectivity-client/proto/client/client.licensed.go
mv konnectivity-client/proto/client/client.licensed.go konnectivity-client/proto/client/client.pb.go
gen: mod-download gen-proto mock_gen

proto/agent/agent.pb.go: proto/agent/agent.proto
mkdir -p ${GOPATH}/src
protoc -I . proto/agent/agent.proto --go_out=plugins=grpc:${GOPATH}/src
cat hack/go-license-header.txt ${GOPATH}/src/sigs.k8s.io/apiserver-network-proxy/proto/agent/agent.pb.go > proto/agent/agent.licensed.go
mv proto/agent/agent.licensed.go proto/agent/agent.pb.go
.PHONY: gen-proto
gen-proto:
protoc -I . konnectivity-client/proto/client/client.proto --go_out=. --go_opt=paths=source_relative --go-grpc_out=require_unimplemented_servers=false:. --go-grpc_opt=paths=source_relative
cat hack/go-license-header.txt konnectivity-client/proto/client/client_grpc.pb.go > konnectivity-client/proto/client/client_grpc.licensed.go
mv konnectivity-client/proto/client/client_grpc.licensed.go konnectivity-client/proto/client/client_grpc.pb.go
protoc -I . proto/agent/agent.proto --go_out=. --go_opt=paths=source_relative --go-grpc_out=require_unimplemented_servers=false:. --go-grpc_opt=paths=source_relative
cat hack/go-license-header.txt proto/agent/agent_grpc.pb.go > proto/agent/agent_grpc.licensed.go
mv proto/agent/agent_grpc.licensed.go proto/agent/agent_grpc.pb.go

## --------------------------------------
## Certs
## --------------------------------------

easy-rsa.tar.gz:
curl -L -o easy-rsa.tar.gz --connect-timeout 20 --retry 6 --retry-delay 2 https://github.com/OpenVPN/easy-rsa/archive/refs/tags/v3.0.8.tar.gz
curl -L -o easy-rsa.tar.gz --connect-timeout 20 --retry 6 --retry-delay 2 https://dl.k8s.io/easy-rsa/easy-rsa.tar.gz

easy-rsa: easy-rsa.tar.gz
tar xvf easy-rsa.tar.gz
mv easy-rsa-3.0.8 easy-rsa
mv easy-rsa-master easy-rsa

cfssl:
@if ! command -v cfssl &> /dev/null; then \
Expand Down Expand Up @@ -178,9 +179,13 @@ certs: easy-rsa cfssl cfssljson
buildx-setup:
${DOCKER_CMD} buildx inspect img-builder > /dev/null || docker buildx create --name img-builder --use

# Does not include test images
.PHONY: docker-build
docker-build: docker-build/proxy-agent docker-build/proxy-server

.PHONY: docker-build-test
docker-build-test: docker-build/proxy-test-client docker-build/http-test-server

.PHONY: docker-push
docker-push: docker-push/proxy-agent docker-push/proxy-server

Expand All @@ -206,6 +211,28 @@ docker-push/proxy-server: docker-build/proxy-server
@[ "${DOCKER_CMD}" ] || ( echo "DOCKER_CMD is not set"; exit 1 )
${DOCKER_CMD} push ${SERVER_FULL_IMAGE}-$(ARCH):${TAG}

.PHONY: docker-build/proxy-test-client
docker-build/proxy-test-client: cmd/test-client/main.go proto/agent/agent.pb.go buildx-setup
@[ "${TAG}" ] || ( echo "TAG is not set"; exit 1 )
echo "Building proxy-test-client for ${ARCH}"
${DOCKER_CMD} buildx build . --pull --output=type=$(OUTPUT_TYPE) --platform linux/$(ARCH) --build-arg ARCH=$(ARCH) -f artifacts/images/test-client-build.Dockerfile -t ${TEST_CLIENT_FULL_IMAGE}-$(ARCH):${TAG}

.PHONY: docker-push/proxy-test-client
docker-push/proxy-test-client: docker-build/proxy-test-client
@[ "${DOCKER_CMD}" ] || ( echo "DOCKER_CMD is not set"; exit 1 )
${DOCKER_CMD} push ${TEST_CLIENT_FULL_IMAGE}-$(ARCH):${TAG}

.PHONY: docker-build/http-test-server
docker-build/http-test-server: cmd/test-server/main.go buildx-setup
@[ "${TAG}" ] || ( echo "TAG is not set"; exit 1 )
echo "Building http-test-server for ${ARCH}"
${DOCKER_CMD} buildx build . --pull --output=type=$(OUTPUT_TYPE) --platform linux/$(ARCH) --build-arg ARCH=$(ARCH) -f artifacts/images/test-server-build.Dockerfile -t ${TEST_SERVER_FULL_IMAGE}-$(ARCH):${TAG}

.PHONY: docker-push/http-test-server
docker-push/http-test-server: docker-build/http-test-server
@[ "${DOCKER_CMD}" ] || ( echo "DOCKER_CMD is not set"; exit 1 )
${DOCKER_CMD} push ${TEST_SERVER_FULL_IMAGE}-$(ARCH):${TAG}

## --------------------------------------
## Docker — All ARCH
## --------------------------------------
Expand Down Expand Up @@ -262,8 +289,6 @@ release-staging: ## Builds and push container images to the staging bucket.
release-alias-tag: # Adds the tag to the last build tag. BASE_REF comes from the cloudbuild.yaml
gcloud container images add-tag $(AGENT_FULL_IMAGE):$(TAG) $(AGENT_FULL_IMAGE):$(BASE_REF)
gcloud container images add-tag $(SERVER_FULL_IMAGE):$(TAG) $(SERVER_FULL_IMAGE):$(BASE_REF)
gcloud container images add-tag $(TEST_CLIENT_FULL_IMAGE):$(TAG) $(TEST_CLIENT_FULL_IMAGE):$(BASE_REF)
gcloud container images add-tag $(TEST_SERVER_FULL_IMAGE):$(TAG) $(TEST_SERVER_FULL_IMAGE):$(BASE_REF)

## --------------------------------------
## Cleanup / Verification
Expand All @@ -272,4 +297,4 @@ release-alias-tag: # Adds the tag to the last build tag. BASE_REF comes from the
.PHONY: clean
clean:
go clean -testcache
rm -rf proto/agent/agent.pb.go konnectivity-client/proto/client/client.pb.go easy-rsa.tar.gz easy-rsa cfssl cfssljson certs bin proto/agent/mocks
rm -rf proto/agent/agent.pb.go proto/agent/agent_grpc.pb.go konnectivity-client/proto/client/client.pb.go konnectivity-client/proto/client/client_grpc.pb.go konnectivity-client/proto/client/client_grpc.licensed.go proto/agent/agent_grpc.licensed.go easy-rsa.tar.gz easy-rsa cfssl cfssljson certs bin proto/agent/mocks konnectivity.html konnectivity.out konnectivity-client/client.html konnectivity-client/client.out
41 changes: 38 additions & 3 deletions README.md
View file
Expand Up @@ -17,6 +17,37 @@ You can reach the maintainers of this project at:

Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).

## Versioning and releases

As of the `0.28.0` release, the apiserver-network-proxy project is changing its versioning and release
process. Going forward the project will adhere to these rules:

* This project follows semantic versioning (eg `x.y.z`) for releases and tags.
* Tags indicate readiness for a release, and project maintainers will create corresponding releases.
* Releases and tags align with the Kubernetes minor release versions (the `y` in `x.y.z`). For instance,
if Kubernetes releases version `1.99.0`, the corresponding release and tag for apiserver-network-proxy will be
`0.99.0`.
* Branches will be created when the minor release version (the `y` in `x.y.z`) is increased, and follow the
pattern of `release-x.y`. For instance, if version `0.99.0` has been released, the corresponding branch
will be named `release-0.99`.
* Patch level versions for releases and tags will be updated when patches are applied to the specific release
branch. For example, if patches must be applied to the `release-0.99` branch and a new release is created,
the version will be `0.99.1`. In this manner the patch level version number (the `z` in `x.y.z`) may not
match the Kubernetes patch level.

For Kubernetes version `1.28.0+`, we recommend using the tag that corresponds to the same minor version
number. For example, if you are working with Kubernetes version `1.99`, please utilize the latest `0.99`
tag and refer to the `release-0.99` branch. It is important to note that there may be disparities in the
patch level between apiserver-network-proxy and Kubernetes.

For Kubernetes version `<=1.27`, it is recommended to match apiserver-network-proxy server & client
minor release versions. With Kubernetes, this means:

* Kubernetes versions v1.26 through v1.27: `0.1.X` tags, `release-0.1` branch.
* Kubernetes versions v1.23 through v1.25: `0.0.X` tags, `release-0.0` branch.
* Kubernetes versions up to v1.23: apiserver-network-proxy versions up to `v0.0.30`.
Refer to the kubernetes go.mod file for the specific release version.

## Build

Please make sure you have the REGISTRY and PROJECT_ID environment variables set.
Expand All @@ -31,11 +62,15 @@ The [```mockgen```](https://github.com/golang/mock) tool must be installed on yo

### Protoc

Proto definitions are compiled with `protoc`. Please ensure you have protoc installed ([Instructions](https://grpc.io/docs/protoc-installation/)) and the `proto-gen-go` library at the appropriate version.
Proto definitions are compiled with `protoc`. Please ensure you have protoc installed ([Instructions](https://grpc.io/docs/languages/go/quickstart/)) and the `protoc-gen-go` and `protoc-gen-go-grpc` libraries at the appropriate version.

Currently, we are using protoc-gen-go@v1.27.1

`go get google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1`

Currently we are using proto-gen-go@v1.3.2
Currently, we are using protoc-gen-go-grpc@v1.2

`go get github.com/golang/protobuf/protoc-gen-go@v1.3.2`
`go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2`

### Local builds

Expand Down
66 changes: 56 additions & 10 deletions RELEASE.md
View file
Expand Up @@ -4,21 +4,54 @@ Please note this guide is only intended for the admins of this repository, and r

Creating a new release of network proxy involves releasing a new version of the client library (konnectivity-client) and new images for the proxy agent and server. Generally we also want to upgrade kubernetes/kubernetes with the latest version of the images and library, but this is a GCE specific change.

1. The first step involves creating a new git tag for the release, following semvar for go libraries. A tag is required for both the repository and the konnectivity-client library. For example releasing the `0.0.15` version will have two tags `v0.0.15` and `konnectivity-client/v0.0.15` on the appropriate commit.
1. The first step involves creating a new git tag for the release, following semver for go libraries. A tag is required for both the repository and the konnectivity-client library. For example releasing the `0.99.0` version will have two tags `v0.99.0` and `konnectivity-client/v0.99.0` on the appropriate commit. The minor version number (the `y` in `x.y.z`) should match the minor version of the Kubernetes version that is utilized by the apiserver-network-proxy. The patch level version number (the `z` in `x.y.z`) should increase by one unless a new minor version is being created, in which case it should be `0`.

The exact commands are
In the master branch, choose the appropriate commit, and determine a patch version based on the required Kubernetes version and the current patch level.

Example commands for `HEAD` of `master` branch. (Assumes you have `git remote add upstream git@github.com:kubernetes-sigs/apiserver-network-proxy.git`.)

```
# Assuming v0.1.1 exists
export TAG=v0.1.2
export MESSAGE="Meaningful description of change."
git fetch upstream
git tag -a "${TAG}" -m "${MESSAGE}" upstream/master
git tag -a "konnectivity-client/${TAG}" -m "${MESSAGE}" upstream/master
git push upstream "${TAG}"
git push upstream "konnectivity-client/${TAG}"
```

In a release branch, the process is similar but corresponds to earlier minor versions.

Example commands for `HEAD` of `release-0.0` branch:

```
# Check out the appropriate commit (usually head of master)
git tag -a v0.0.15
git tag konnectivity-client/v0.0.15
git push upstream v0.0.15
git push upstream konnectivity-client/v0.0.15
# Assuming v0.0.35 exists
export TAG=v0.0.36
export MESSAGE="Meaningful description of change."
git fetch upstream
git tag -a "${TAG}" -m "${MESSAGE}" upstream/release-0.0
git tag -a "konnectivity-client/${TAG}" -m "${MESSAGE}" upstream/release-0.0
git push upstream "${TAG}"
git push upstream "konnectivity-client/${TAG}"
```

Once the two tags are created, the konnectivity-client can be imported as a library in kubernetes/kubernetes and other go programs.

2. To publish the proxy server and proxy agent images, they must be promoted from the k8s staging repo. An example PR can be seen here: [https://github.com/kubernetes/k8s.io/pull/1602](https://github.com/kubernetes/k8s.io/pull/1602)
2. If increasing the minor version (the `y` in `x.y.z`), a new release branch must be created. The name of this branch should be `release-x.y` where `x` and `y` correspond to the major and minor release numbers for apiserver-network-proxy. For example, if increasing the apiserver-network-proxy from verision `0.98.4` to `0.99.0` a new branch should be created named `release-0.99`.

After making the new tag for the release version, use the following command to create the new branch:

```
# assuming a release version of 0.99.0
export RELEASE=release-0.99
git checkout -b "${RELEASE}"
git push upstream "${RELEASE}"
```

3. To publish the proxy server and proxy agent images, they must be promoted from the k8s staging repo. An example PR can be seen here: [https://github.com/kubernetes/k8s.io/pull/5686](https://github.com/kubernetes/k8s.io/pull/5686)

The SHA in the PR corresponds to the SHA of the image within the k8s staging repo. (This is under the **Name** column)

Expand All @@ -28,7 +61,7 @@ Creating a new release of network proxy involves releasing a new version of the

<img src="https://user-images.githubusercontent.com/7691399/106816880-09040600-6644-11eb-8907-f50c53dfe475.png" width="400px" height="300px" /> <img src="https://user-images.githubusercontent.com/7691399/106815303-a4e04280-6641-11eb-82d2-4ef4fb34437a.png" width="400px" height="300px" />

3. Finally, update kubernetes/kubernetes with the new client library and images.
4. Finally, update kubernetes/kubernetes with the new client library and images.

An example PR can be found here: [https://github.com/kubernetes/kubernetes/pull/94983](https://github.com/kubernetes/kubernetes/pull/94983)

Expand All @@ -41,6 +74,19 @@ Creating a new release of network proxy involves releasing a new version of the

```
./hack/pin-dependency.sh sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15
make clean generated_files
./hack/update-codegen.sh
./hack/update-vendor.sh
```

## Updating Go Dependencies

`go.mod` versions should be kept consistent between the apiserver-network-proxy [main module](go.mod),
and the [konnectivity-client module](/konnectivity-client/go.mod).

Konnectivity-client dependency versions must be compatible
[Kubernetes go.mod versions](https://github.com/kubernetes/kubernetes/blob/master/go.mod),
meaning for a given release branch the konnectivity-client versions must not be newer than the
Kubernetes versions.

In practice, this means that to update `konnectivity-client/go.mod` dependencies, a new Konnectivity
branch must be cut, and the dependencies should be pinned to the latest versions used by Kubernetes.

0 comments on commit 3362d67

Please sign in to comment.