Merge pull request #4884 from steeling/release-v1.2

release: sync release-v1.2 branch

Author: shashankram

.env.example

@@ -11,6 +11,7 @@ export CTR_REGISTRY=localhost:5000
 # mandatory: Password to the container registry to use. Leave blank if no authentication is required.
 # For Azure Container Registry (ACR), the following command may be used: az acr credential show -n <your_registry_name> --query "passwords[0].value" | tr -d '"'
 # For the local registry stood up with `make kind-up`, this can be left blank.
+# USE_PRIVATE_REGISTRY=true must be set in addition for this password to be used when pulling images.
 export CTR_REGISTRY_PASSWORD=
 #---------------------------------------------------------------------------------
 
@@ -24,10 +25,6 @@ export CTR_REGISTRY_PASSWORD=
 # Default: osm-system
 export K8S_NAMESPACE=osm-system
 
-# optional: name of Kubernetes contexts that OSM will be deployed in multicluster mode
-# export ALPHA_CLUSTER=alpha
-# export BETA_CLUSTER=beta
-
 # optional: Kubernetes namespace where bookbuyer app will be installed.
 # This cannot be the default namespace because it has to be a namespace that can be deleted.
 # Default: bookbuyer
@@ -58,6 +55,10 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
 # Default: acr-creds
 # export CTR_REGISTRY_CREDS_NAME=acr-creds
 
+# optional: Whether to enable permissive mode, defaults to true.
+# Default: true
+# export PERMISSIVE_MODE=false
+
 # optional: A tag for the containers used to version the container images in the registry
 # Default: latest
 # export CTR_TAG=latest
@@ -91,8 +92,8 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
 # export ENABLE_DEBUG_SERVER=true
 
 # optional: ENABLE_EGRESS (true/false)
-# Default: false
-# export ENABLE_EGRESS=true
+# Default: true
+# export ENABLE_EGRESS=false
 
 # optional: ENABLE_RECONCILER (true/false)
 # Default: false
@@ -183,6 +184,10 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
 # Default: true
 #export PUBLISH_IMAGES=true
 
+### optional: The local proxy mode for the control plane
+# Default: Localhost
+# export LOCAL_PROXY_MODE=Localhost
+
 # See ./demo/deploy-vault.sh script on an example of how to deploy Hashicorp Vault
 # to your Kubernetes cluster.
 #--------------------------------------------------------------------------------

.github/workflows/codeql-analysis.yml

@@ -36,19 +36,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-    - name: Restore Module Cache
-      uses: actions/cache@v2
-      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-gomod2-
-    - name: Restore Build Cache
-      uses: actions/cache@v2
-      with:
-        path: ~/.cache/go-build
-        key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1

.github/workflows/main.yml

@@ -8,6 +8,8 @@ on:
       - "docs/**"
       - "**.md"
       - "scripts/cleanup/**"
+      - "CODEOWNERS"
+      - "OWNERS"
   pull_request:
     branches:
       - main
@@ -16,6 +18,8 @@ on:
       - "docs/**"
       - "**.md"
       - "scripts/cleanup/**"
+      - "CODEOWNERS"
+      - "OWNERS"
 env:
   CI_WAIT_FOR_OK_SECONDS: 60
   CI_MAX_ITERATIONS_THRESHOLD: 60
@@ -40,10 +44,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: go build deps
         run: make embed-files-test
       - name: golangci-lint
@@ -58,10 +63,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: go mod tidy
         run: make go-mod-tidy
       - name: Codegen checks
@@ -73,10 +79,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: go mod tidy
         run: make go-mod-tidy
       - name: gomock checks
@@ -97,22 +104,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Restore Module Cache
-        uses: actions/cache@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-gomod2-
-      - name: Restore Build Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/.cache/go-build
-          key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: Go Build
         run: make build-ci
 
@@ -123,22 +119,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Restore Module Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-gomod2-
-      - name: Restore Build Cache
-        uses: actions/cache@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          path: ~/.cache/go-build
-          key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: go mod tidy
         run: make go-mod-tidy
       - name: Test
@@ -149,35 +134,6 @@ jobs:
         with:
           flags: unittests
 
-  scenarios_tests:
-    name: Test various Envoy + SMI configuration scenarios
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Restore Module Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-gomod2-
-      - name: Restore Build Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/.cache/go-build
-          key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.17
-      - name: Test
-        run: |
-          touch .env
-          make kind-up
-          go test -v ./tests/scenarios/...
-
   imagescan:
     name: Scan images for security vulnerabilities
     runs-on: ubuntu-latest
@@ -202,73 +158,59 @@ jobs:
     needs: build
     strategy:
       matrix:
+        k8s_version: [""]
+        focus: [""]
         bucket: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+        include:
+          - k8s_version: v1.22.9
+            focus: "Test traffic flowing from client to server with a Kubernetes Service for the Source: HTTP"
+            bucket: ".*"
+          - k8s_version: v1.23.6
+            focus: "Test traffic flowing from client to server with a Kubernetes Service for the Source: HTTP"
+            bucket: ".*"
+          - k8s_version: v1.24.1
+            focus: "Test traffic flowing from client to server with a Kubernetes Service for the Source: HTTP"
+            bucket: ".*"
     env:
       CTR_TAG: ${{ github.sha }}
       CTR_REGISTRY: "localhost:5000" # unused for kind, but currently required in framework
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Restore Module Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-gomod2-
-      - name: Restore Build Cache
-        uses: actions/cache@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          path: ~/.cache/go-build
-          key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: Build test dependencies
         env:
           DOCKER_BUILDX_OUTPUT: type=docker
         run: make docker-build-osm build-osm docker-build-tcp-echo-server
-      # PR Tests
-      - name: Run PR tests
-        id: pr_test
-        if: ${{ github.event_name == 'pull_request' }}
+      - name: Run tests
+        id: test
         env:
           K8S_NAMESPACE: "osm-system"
-        run: go test ./tests/e2e -test.v -ginkgo.v -ginkgo.progress -installType=KindCluster -test.timeout 0 -test.failfast -ginkgo.failFast -ginkgo.focus='\[Bucket ${{ matrix.bucket }}\]'
+        run: go test ./tests/e2e -test.v -ginkgo.v -ginkgo.progress -installType=KindCluster -kindClusterVersion='${{ matrix.k8s_version }}' -test.timeout 0 -test.failfast -ginkgo.failFast -ginkgo.focus='\[Bucket ${{ matrix.bucket }}\].*${{ matrix.focus }}'
         continue-on-error: true
-      - name: Upload PR test logs
-        if: ${{ steps.pr_test.conclusion != 'skipped' }}
-        uses: actions/upload-artifact@v2
-        with:
-          name: pr_test_logs_bucket_${{ matrix.bucket }}
-          path: /tmp/test**/*
-      - name: Check continue PR tests
-        if: ${{ steps.pr_test.conclusion != 'skipped' && steps.pr_test.outcome == 'failure'}}
-        run: exit 1
-      - name: Clean PR tests
-        if: ${{ steps.pr_test.conclusion != 'skipped' }}
-        run: rm -rf /tmp/test*
-
-      # Push Tests
-      - name: Run Push tests
-        id: push_test
-        if: ${{ github.event_name == 'push' }}
-        env:
-          K8S_NAMESPACE: "osm-system"
-        run: go test ./tests/e2e -test.v -ginkgo.v -ginkgo.progress -installType=KindCluster -test.timeout 0 -test.failfast -ginkgo.failFast -ginkgo.focus='\[Bucket ${{ matrix.bucket }}\]'
-        continue-on-error: true
-      - name: Upload Push test logs
-        if: ${{ steps.push_test.conclusion != 'skipped' }}
+      - name: Set Logs name
+        if: ${{ steps.test.conclusion != 'skipped' }}
+        run: |
+          if [[ -n "${{ matrix.k8s_version }}" ]]; then
+            echo "ARTIFACT_NAME=test_logs_k8s_version_${{ matrix.k8s_version }}" >> $GITHUB_ENV
+          else
+            echo "ARTIFACT_NAME=test_logs_bucket_${{ matrix.bucket }}" >> $GITHUB_ENV
+          fi
+      - name: Upload test logs
+        if: ${{ steps.test.conclusion != 'skipped' }}
         uses: actions/upload-artifact@v2
         with:
-          name: push_test_logs_bucket_${{ matrix.bucket }}
+          name: ${{ env.ARTIFACT_NAME }}
           path: /tmp/test**/*
-      - name: Check continue Push tests
-        if: ${{ steps.push_test.conclusion != 'skipped' && steps.push_test.outcome == 'failure'}}
+      - name: Check continue tests
+        if: ${{ steps.test.conclusion != 'skipped' && steps.test.outcome == 'failure'}}
         run: exit 1
-      - name: Clean Push tests logs
-        if: ${{ steps.push_test.conclusion != 'skipped' }}
+      - name: Clean tests
+        if: ${{ steps.test.conclusion != 'skipped' }}
         run: rm -rf /tmp/test*
 
   integration-tresor:
@@ -278,34 +220,19 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
-      - name: Restore Module Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-gomod2-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-gomod2-
-
-      - name: Restore Build Cache
-        uses: actions/cache@v2
-        with:
-          path: ~/.cache/go-build
-          key: ${{ runner.os }}-gobuild-${{ hashFiles('**/*.go') }}
-
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
-        id: go
-
+          go-version-file: go.mod
+          cache: true
       - name: Run Simulation w/ Tresor, SMI policies, egress disabled and reconciler disabled
         env:
           CERT_MANAGER: "tresor"
           BOOKSTORE_SVC: "bookstore"
           BOOKTHIEF_EXPECTED_RESPONSE_CODE: "0"
           ENABLE_EGRESS: "false"
           ENABLE_RECONCILER: "false"
+          PERMISSIVE_MODE: "false"
           DEPLOY_TRAFFIC_SPLIT: "true"
           CTR_TAG: ${{ github.sha }}
           USE_PRIVATE_REGISTRY: "false"

.github/workflows/nightly-noinstall.yml

@@ -50,10 +50,11 @@ jobs:
         run: |
           kubectl version
           kubectl get nodes
-      - name: Setup Go 1.17
-        uses: actions/setup-go@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version-file: go.mod
+          cache: true
       - name: Install OSM via OSM CLI
         run: |
           make build-osm