From 9533714f18446ffa25803f5d8c9cf935b71d7f19 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Sat, 9 Jun 2018 09:41:47 -0700 Subject: [PATCH] Upgrade to HAProxy 1.8.9 (#1124) --- chart/voyager/README.md | 2 +- chart/voyager/values.yaml | 2 +- docs/reference/voyager_run.md | 2 +- docs/setup/developer-guide/overview.md | 2 +- docs/setup/install.md | 4 +-- hack/deploy/voyager.sh | 6 ++-- hack/dev-test.sh | 4 +-- hack/docker/haproxy/1.8.9-alpine/Dockerfile | 23 +++++++++++++ hack/docker/haproxy/1.8.9-alpine/runit.sh | 14 ++++++++ hack/docker/haproxy/1.8.9-alpine/setup.sh | 30 +++++++++++++++++ .../1.8.9-alpine/sv/haproxy-controller/run | 8 +++++ .../haproxy/1.8.9-alpine/sv/socklog-unix/run | 3 ++ hack/docker/haproxy/1.8.9/Dockerfile | 29 +++++++++++++++++ hack/docker/haproxy/1.8.9/runit.sh | 14 ++++++++ hack/docker/haproxy/1.8.9/setup.sh | 32 +++++++++++++++++++ .../haproxy/1.8.9/sv/haproxy-controller/run | 8 +++++ hack/docker/haproxy/1.8.9/sv/socklog-unix/run | 3 ++ hack/docker/voyager/Dockerfile | 2 +- hack/docker/voyager/setup.sh | 2 +- hack/release.sh | 8 ++--- pkg/cmds/server/options.go | 2 +- 21 files changed, 182 insertions(+), 18 deletions(-) create mode 100644 hack/docker/haproxy/1.8.9-alpine/Dockerfile create mode 100755 hack/docker/haproxy/1.8.9-alpine/runit.sh create mode 100755 hack/docker/haproxy/1.8.9-alpine/setup.sh create mode 100755 hack/docker/haproxy/1.8.9-alpine/sv/haproxy-controller/run create mode 100755 hack/docker/haproxy/1.8.9-alpine/sv/socklog-unix/run create mode 100644 hack/docker/haproxy/1.8.9/Dockerfile create mode 100755 hack/docker/haproxy/1.8.9/runit.sh create mode 100755 hack/docker/haproxy/1.8.9/setup.sh create mode 100755 hack/docker/haproxy/1.8.9/sv/haproxy-controller/run create mode 100755 hack/docker/haproxy/1.8.9/sv/socklog-unix/run diff --git a/chart/voyager/README.md b/chart/voyager/README.md index c8d45f16b..a83e7d867 100644 --- a/chart/voyager/README.md +++ b/chart/voyager/README.md @@ -52,7 +52,7 @@ The following tables lists the configurable parameters of the Voyager chart and | `voyager.tag` | Voyager container image tag | `7.0.0` | | `haproxy.registry` | Docker registry used to pull HAProxy image | `appscode` | | `haproxy.repository` | HAProxy container image | `haproxy` | -| `haproxy.tag` | HAProxy container image tag | `1.8.8-7.0.0-alpine` | +| `haproxy.tag` | HAProxy container image tag | `1.8.9-7.0.0-alpine` | | `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | | `imagePullPolicy` | Image pull policy | `IfNotPresent` | | `cloudProvider` | Name of cloud provider | `nil` | diff --git a/chart/voyager/values.yaml b/chart/voyager/values.yaml index 99d9e401c..32661e353 100644 --- a/chart/voyager/values.yaml +++ b/chart/voyager/values.yaml @@ -10,7 +10,7 @@ voyager: haproxy: registry: appscode repository: haproxy - tag: 1.8.8-7.0.0-alpine + tag: 1.8.9-7.0.0-alpine ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod diff --git a/docs/reference/voyager_run.md b/docs/reference/voyager_run.md index 6a7a7f6b9..1dd80d4a0 100644 --- a/docs/reference/voyager_run.md +++ b/docs/reference/voyager_run.md @@ -63,7 +63,7 @@ voyager run [flags] --docker-registry string Docker image registry for HAProxy and Prometheus exporter (default "appscode") --enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui --exporter-image-tag string Tag of Docker image containing Prometheus exporter (default "7.0.0") - --haproxy-image-tag string Tag of Docker image containing HAProxy binary (default "1.8.8-7.0.0-alpine") + --haproxy-image-tag string Tag of Docker image containing HAProxy binary (default "1.8.9-7.0.0-alpine") --haproxy.server-metric-fields string Comma-separated list of exported server metrics. See http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.1 (default "2,3,4,5,6,7,8,9,13,14,15,16,17,18,21,24,33,35,38,39,40,41,42,43,44") --haproxy.timeout duration Timeout for trying to get stats from HAProxy. (default 5s) -h, --help help for run diff --git a/docs/setup/developer-guide/overview.md b/docs/setup/developer-guide/overview.md index 8f8fd2837..c80ac7437 100644 --- a/docs/setup/developer-guide/overview.md +++ b/docs/setup/developer-guide/overview.md @@ -162,7 +162,7 @@ Following configurations can be enabled for test via flags in `./hack/make.py te | cloud-provider | | Name of cloud Provider | | ingress-class | | | Ingress class handled by voyager. Unset by default. Set to voyager to only handle ingress with annotation kubernetes.io/ingress.class=voyager. | | namespace | test- | Run tests in this namespaces | -| haproxy-image| appscode/haproxy:1.8.8-7.0.0-alpine | HAProxy image name to run | +| haproxy-image| appscode/haproxy:1.8.9-7.0.0-alpine | HAProxy image name to run | | cleanup | true | Turn off cleanup for dynamically generated pods and configmaps. Helps with manual testing | | in-cluster | false | Operator is running inside cluster. Helps with running operator testing. | | daemon-host-name | master | Daemon host name to run daemon hosts | diff --git a/docs/setup/install.md b/docs/setup/install.md index 0b1bd1a57..4ebafa691 100644 --- a/docs/setup/install.md +++ b/docs/setup/install.md @@ -62,7 +62,7 @@ options: -p, --provider=PROVIDER specify a cloud provider --rbac create RBAC roles and bindings (default: true) --docker-registry docker registry used to pull voyager images (default: appscode) - --haproxy-image-tag tag of Docker image containing HAProxy binary (default: 1.8.8-7.0.0-alpine) + --haproxy-image-tag tag of Docker image containing HAProxy binary (default: 1.8.9-7.0.0-alpine) --image-pull-secret name of secret used to pull voyager operator images --restrict-to-namespace restrict voyager to its own namespace --run-on-master run voyager operator on master @@ -109,7 +109,7 @@ $ curl -fsSL https://raw.githubusercontent.com/appscode/voyager/7.0.0/hack/deplo | bash -s -- --provider=$provider --docker-registry=MY_REGISTRY [--image-pull-secret=SECRET_NAME] [--rbac] ``` -By default, Voyager uses Alpine based HAProxy image (1.8.8-7.0.0-alpine). But you can also Debian based image for HAProxy by setting --haproxy-image-tag=1.8.8-7.0.0 flag. +By default, Voyager uses Alpine based HAProxy image (1.8.9-7.0.0-alpine). But you can also Debian based image for HAProxy by setting --haproxy-image-tag=1.8.9-7.0.0 flag. Voyager implements a [validating admission webhook](https://kubernetes.io/docs/admin/admission-controllers/#validatingadmissionwebhook-alpha-in-18-beta-in-19) to validate Voyager CRDs. This is enabled by default for Kubernetes 1.9.0 or later releases. To disable this feature, pass the `--enable-validating-webhook=false` flag. diff --git a/hack/deploy/voyager.sh b/hack/deploy/voyager.sh index e60e3ccdd..2190229f1 100755 --- a/hack/deploy/voyager.sh +++ b/hack/deploy/voyager.sh @@ -95,7 +95,7 @@ export VOYAGER_RESTRICT_TO_NAMESPACE=false export VOYAGER_ROLE_TYPE=ClusterRole export VOYAGER_DOCKER_REGISTRY=${DOCKER_REGISTRY:-appscode} export VOYAGER_IMAGE_TAG=7.0.0 -export VOYAGER_HAPROXY_IMAGE_TAG=1.8.8-7.0.0-alpine +export VOYAGER_HAPROXY_IMAGE_TAG=1.8.9-7.0.0-alpine export VOYAGER_IMAGE_PULL_SECRET= export VOYAGER_IMAGE_PULL_POLICY=IfNotPresent export VOYAGER_ENABLE_ANALYTICS=true @@ -109,7 +109,7 @@ if [ "$APPSCODE_ENV" = "dev" ]; then detect_tag export SCRIPT_LOCATION="cat " export VOYAGER_IMAGE_TAG=$TAG - export VOYAGER_HAPROXY_IMAGE_TAG=1.8.8-$TAG-alpine + export VOYAGER_HAPROXY_IMAGE_TAG=1.8.9-$TAG-alpine export VOYAGER_IMAGE_PULL_POLICY=Always fi @@ -127,7 +127,7 @@ show_help() { echo "-p, --provider=PROVIDER specify a cloud provider" echo " --rbac create RBAC roles and bindings (default: true)" echo " --docker-registry docker registry used to pull voyager images (default: appscode)" - echo " --haproxy-image-tag tag of Docker image containing HAProxy binary (default: 1.8.8-7.0.0-alpine)" + echo " --haproxy-image-tag tag of Docker image containing HAProxy binary (default: 1.8.9-7.0.0-alpine)" echo " --image-pull-secret name of secret used to pull voyager operator images" echo " --restrict-to-namespace restrict voyager to its own namespace" echo " --run-on-master run voyager operator on master" diff --git a/hack/dev-test.sh b/hack/dev-test.sh index d5e1f1de9..5ae91317b 100755 --- a/hack/dev-test.sh +++ b/hack/dev-test.sh @@ -33,14 +33,14 @@ docker_build() { echo "===building voyager docker image===" ./hack/docker/voyager/setup.sh echo "===building haproxy docker image===" - ./hack/docker/haproxy/1.8.8-alpine/setup.sh + ./hack/docker/haproxy/1.8.9-alpine/setup.sh } docker_push() { echo "===pushing voyager docker image===" ./hack/docker/voyager/setup.sh push echo "===pushing haproxy docker image===" - ./hack/docker/haproxy/1.8.8-alpine/setup.sh push + ./hack/docker/haproxy/1.8.9-alpine/setup.sh push } install() { diff --git a/hack/docker/haproxy/1.8.9-alpine/Dockerfile b/hack/docker/haproxy/1.8.9-alpine/Dockerfile new file mode 100644 index 000000000..544c4ead5 --- /dev/null +++ b/hack/docker/haproxy/1.8.9-alpine/Dockerfile @@ -0,0 +1,23 @@ +FROM haproxy:1.8.9-alpine + +# Installs required packages +# Change timezone to UTC +RUN set -x \ + && apk add --update --no-cache ca-certificates su-exec runit socklog tzdata bash openrc lua5.3 lua-socket \ + && rm -rf /etc/sv /etc/service \ + && echo 'Etc/UTC' > /etc/timezone \ + && ln -sf /usr/share/lua/ /usr/local/share/ \ + && ln -sf /usr/lib/lua/ /usr/local/lib/ + +ENV TZ :/etc/localtime +ENV LANG en_US.utf8 + +COPY voyager /usr/bin/voyager +COPY auth-request.lua /etc/auth-request.lua + +# Setup runit scripts +COPY sv /etc/sv/ +RUN ln -s /etc/sv /etc/service + +COPY runit.sh /runit.sh +ENTRYPOINT ["/runit.sh"] diff --git a/hack/docker/haproxy/1.8.9-alpine/runit.sh b/hack/docker/haproxy/1.8.9-alpine/runit.sh new file mode 100755 index 000000000..9ad8f31a9 --- /dev/null +++ b/hack/docker/haproxy/1.8.9-alpine/runit.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +export HAPROXY_CONTROLLER_ARGS="$@" +export > /etc/envvars + +[[ $DEBUG == true ]] && set -x + +# create haproxy.cfg dir +mkdir /etc/haproxy +touch /var/run/haproxy.pid +mkdir -p /etc/ssl/private/haproxy + +echo "Starting runit..." +exec /sbin/runsvdir -P /etc/service diff --git a/hack/docker/haproxy/1.8.9-alpine/setup.sh b/hack/docker/haproxy/1.8.9-alpine/setup.sh new file mode 100755 index 000000000..a25059ed4 --- /dev/null +++ b/hack/docker/haproxy/1.8.9-alpine/setup.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -eou pipefail + +GOPATH=$(go env GOPATH) +REPO_ROOT=$GOPATH/src/github.com/appscode/voyager + +source "$REPO_ROOT/hack/libbuild/common/public_image.sh" + +detect_tag $REPO_ROOT/dist/.tag + +IMG=haproxy +TAG=1.8.9-$TAG-alpine +DOCKER_REGISTRY=${DOCKER_REGISTRY:-appscode} + +build() { + pushd $(dirname "${BASH_SOURCE}") + cp $REPO_ROOT/dist/voyager/voyager-alpine-amd64 voyager + chmod +x voyager + + # download auth-request.lua + curl -fsSL -o auth-request.lua https://raw.githubusercontent.com/appscode/haproxy-auth-request/v1.8.9/auth-request.lua + + local cmd="docker build -t $DOCKER_REGISTRY/$IMG:$TAG ." + echo $cmd; $cmd + rm voyager auth-request.lua + popd +} + +binary_repo $@ \ No newline at end of file diff --git a/hack/docker/haproxy/1.8.9-alpine/sv/haproxy-controller/run b/hack/docker/haproxy/1.8.9-alpine/sv/haproxy-controller/run new file mode 100755 index 000000000..c61da92cf --- /dev/null +++ b/hack/docker/haproxy/1.8.9-alpine/sv/haproxy-controller/run @@ -0,0 +1,8 @@ +#!/bin/bash + +source /etc/envvars + +echo "Starting HAProxy controller ..." +cmd="exec voyager haproxy-controller $HAPROXY_CONTROLLER_ARGS" +echo $cmd +$cmd diff --git a/hack/docker/haproxy/1.8.9-alpine/sv/socklog-unix/run b/hack/docker/haproxy/1.8.9-alpine/sv/socklog-unix/run new file mode 100755 index 000000000..652b3366a --- /dev/null +++ b/hack/docker/haproxy/1.8.9-alpine/sv/socklog-unix/run @@ -0,0 +1,3 @@ +#!/bin/bash +exec 2>&1 +exec chpst -Unobody socklog unix /dev/log diff --git a/hack/docker/haproxy/1.8.9/Dockerfile b/hack/docker/haproxy/1.8.9/Dockerfile new file mode 100644 index 000000000..21fdea8d2 --- /dev/null +++ b/hack/docker/haproxy/1.8.9/Dockerfile @@ -0,0 +1,29 @@ +FROM haproxy:1.8.9 + +ENV DEBIAN_FRONTEND noninteractive +ENV DEBCONF_NONINTERACTIVE_SEEN true + +# Installs required packages +# Change timezone to UTC +RUN set -x \ + && apt-get update \ + && apt-get install -y --no-install-recommends ca-certificates runit lua5.3 lua-socket \ + && rm -rf /var/lib/apt/lists/* /usr/share/doc /usr/share/man /tmp/* /etc/sv /etc/service \ + && echo 'Etc/UTC' > /etc/timezone + +# Install socklog +COPY socklog.deb . +RUN set -x && apt install ./socklog.deb && rm socklog.deb + +ENV TZ :/etc/localtime +ENV LANG en_US.utf8 + +COPY voyager /usr/bin/voyager +COPY auth-request.lua /etc/auth-request.lua + +# Setup runit scripts +COPY sv /etc/sv/ +RUN ln -s /etc/sv /etc/service + +COPY runit.sh /runit.sh +ENTRYPOINT ["/runit.sh"] diff --git a/hack/docker/haproxy/1.8.9/runit.sh b/hack/docker/haproxy/1.8.9/runit.sh new file mode 100755 index 000000000..6e6fbd8f7 --- /dev/null +++ b/hack/docker/haproxy/1.8.9/runit.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +export HAPROXY_CONTROLLER_ARGS="$@" +export > /etc/envvars + +[[ $DEBUG == true ]] && set -x + +# create haproxy.cfg dir +mkdir /etc/haproxy +touch /var/run/haproxy.pid +mkdir -p /etc/ssl/private/haproxy + +echo "Starting runit..." +exec /usr/bin/runsvdir -P /etc/service diff --git a/hack/docker/haproxy/1.8.9/setup.sh b/hack/docker/haproxy/1.8.9/setup.sh new file mode 100755 index 000000000..629b845d2 --- /dev/null +++ b/hack/docker/haproxy/1.8.9/setup.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -eou pipefail + +GOPATH=$(go env GOPATH) +REPO_ROOT=$GOPATH/src/github.com/appscode/voyager + +source "$REPO_ROOT/hack/libbuild/common/public_image.sh" + +detect_tag $REPO_ROOT/dist/.tag + +IMG=haproxy +TAG=1.8.9-$TAG +DOCKER_REGISTRY=${DOCKER_REGISTRY:-appscode} + +build() { + pushd $(dirname "${BASH_SOURCE}") + cp $REPO_ROOT/dist/voyager/voyager-linux-amd64 voyager + chmod +x voyager + + # download socklog (`socklog` not available for `stretch`, use `jessie` deb instead) + curl -L -o socklog.deb http://ftp.us.debian.org/debian/pool/main/s/socklog/socklog_2.1.0-8_amd64.deb + # download auth-request.lua + curl -fsSL -o auth-request.lua https://raw.githubusercontent.com/appscode/haproxy-auth-request/v1.8.9/auth-request.lua + + local cmd="docker build -t $DOCKER_REGISTRY/$IMG:$TAG ." + echo $cmd; $cmd + rm voyager socklog.deb auth-request.lua + popd +} + +binary_repo $@ diff --git a/hack/docker/haproxy/1.8.9/sv/haproxy-controller/run b/hack/docker/haproxy/1.8.9/sv/haproxy-controller/run new file mode 100755 index 000000000..c61da92cf --- /dev/null +++ b/hack/docker/haproxy/1.8.9/sv/haproxy-controller/run @@ -0,0 +1,8 @@ +#!/bin/bash + +source /etc/envvars + +echo "Starting HAProxy controller ..." +cmd="exec voyager haproxy-controller $HAPROXY_CONTROLLER_ARGS" +echo $cmd +$cmd diff --git a/hack/docker/haproxy/1.8.9/sv/socklog-unix/run b/hack/docker/haproxy/1.8.9/sv/socklog-unix/run new file mode 100755 index 000000000..652b3366a --- /dev/null +++ b/hack/docker/haproxy/1.8.9/sv/socklog-unix/run @@ -0,0 +1,3 @@ +#!/bin/bash +exec 2>&1 +exec chpst -Unobody socklog unix /dev/log diff --git a/hack/docker/voyager/Dockerfile b/hack/docker/voyager/Dockerfile index f15ced352..32aa7175d 100644 --- a/hack/docker/voyager/Dockerfile +++ b/hack/docker/voyager/Dockerfile @@ -1,4 +1,4 @@ -FROM haproxy:1.8.8-alpine +FROM haproxy:1.8.9-alpine RUN set -x \ && apk add --update --no-cache ca-certificates lua5.3 lua-socket \ diff --git a/hack/docker/voyager/setup.sh b/hack/docker/voyager/setup.sh index ab7b2fe04..803d62b27 100755 --- a/hack/docker/voyager/setup.sh +++ b/hack/docker/voyager/setup.sh @@ -41,7 +41,7 @@ build_docker() { chmod 755 voyager # download auth-request.lua - curl -fsSL -o auth-request.lua https://raw.githubusercontent.com/appscode/haproxy-auth-request/v1.8.8/auth-request.lua + curl -fsSL -o auth-request.lua https://raw.githubusercontent.com/appscode/haproxy-auth-request/v1.8.9/auth-request.lua local cmd="docker build -t $DOCKER_REGISTRY/$IMG:$TAG ." echo $cmd; $cmd diff --git a/hack/release.sh b/hack/release.sh index d4c0ff3a4..168af2551 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -13,11 +13,11 @@ rm -rf dist ./hack/docker/voyager/setup.sh ./hack/docker/voyager/setup.sh release -./hack/docker/haproxy/1.8.8/setup.sh -./hack/docker/haproxy/1.8.8/setup.sh release +./hack/docker/haproxy/1.8.9/setup.sh +./hack/docker/haproxy/1.8.9/setup.sh release -./hack/docker/haproxy/1.8.8-alpine/setup.sh -./hack/docker/haproxy/1.8.8-alpine/setup.sh release +./hack/docker/haproxy/1.8.9-alpine/setup.sh +./hack/docker/haproxy/1.8.9-alpine/setup.sh release rm dist/.tag diff --git a/pkg/cmds/server/options.go b/pkg/cmds/server/options.go index fe5f7f71b..488bb697c 100644 --- a/pkg/cmds/server/options.go +++ b/pkg/cmds/server/options.go @@ -69,7 +69,7 @@ func (s OperatorOptions) WatchNamespace() string { func NewOperatorOptions() *OperatorOptions { return &OperatorOptions{ DockerRegistry: "appscode", - HAProxyImageTag: "1.8.8-7.0.0-alpine", + HAProxyImageTag: "1.8.9-7.0.0-alpine", ExporterImageTag: "7.0.0", OperatorNamespace: meta.Namespace(), OperatorService: "voyager-operator",