From d13f2113544a2fbd49c62a808894254a07dcdd32 Mon Sep 17 00:00:00 2001 From: Balazs Czoma Date: Tue, 22 Aug 2023 14:44:42 -0400 Subject: [PATCH 01/10] Updated broker scripts from PubSubPlus Helm v3.3.2 --- controllers/brokerscripts/init.sh | 4 +- controllers/brokerscripts/readiness_check.sh | 324 ++++++++++--------- controllers/brokerscripts/semp_query.sh | 2 +- controllers/brokerscripts/startup-broker.sh | 26 +- 4 files changed, 189 insertions(+), 167 deletions(-) diff --git a/controllers/brokerscripts/init.sh b/controllers/brokerscripts/init.sh index 96f3256..8377d76 100644 --- a/controllers/brokerscripts/init.sh +++ b/controllers/brokerscripts/init.sh @@ -15,15 +15,15 @@ if [ "${BROKER_TLS_ENABLED}" = "true" ]; then cat /mnt/disks/certs/server/${BROKER_CERT_FILENAME} /mnt/disks/certs/server/${BROKER_CERTKEY_FILENAME} > /dev/shm/server.cert export tls_servercertificate_filepath="/dev/shm/server.cert" fi +# Deal with the fact we cannot accept "-" in router names +export routername=$(echo $(hostname) | sed 's/-//g') if [ "${BROKER_REDUNDANCY}" = "true" ]; then IFS='-' read -ra host_array <<< $(hostname) is_monitor=$([ ${host_array[-2]} = "m" ] && echo 1 || echo 0) is_backup=$([ ${host_array[-2]} = "b" ] && echo 1 || echo 0) namespace=$(echo $STATEFULSET_NAMESPACE) service=${BROKERSERVICES_NAME} - # Deal with the fact we cannot accept "-" in broker names service_name=$(echo ${service} | sed 's/-//g') - export routername=$(echo $(hostname) | sed 's/-//g') export redundancy_enable=yes export configsync_enable=yes export redundancy_authentication_presharedkey_key=$(cat /mnt/disks/secrets/presharedauthkey/preshared_auth_key | base64) diff --git a/controllers/brokerscripts/readiness_check.sh b/controllers/brokerscripts/readiness_check.sh index f80ecf7..e6b7df1 100644 --- a/controllers/brokerscripts/readiness_check.sh +++ b/controllers/brokerscripts/readiness_check.sh @@ -19,188 +19,200 @@ set_label () { #Prevent overdriving Kubernetes infra, don't set activity state to same as previous state previous_state=$(get_label "active") if [ "${2}" = "${previous_state}" ]; then - #echo "$(date) INFO: ${APP}-Current and Previous state match (${2}), not updating pod label" - : + #echo "$(date) INFO: ${APP}-Current and Previous state match (${2}), not updating pod label" + : else - echo "$(date) INFO: ${APP}-Updating pod label using K8s API from ${previous_state} to ${2}" - echo "[{\"op\": \"add\", \"path\": \"/metadata/labels/${1}\", \"value\": \"${2}\" }]" > /tmp/patch_label.json - K8S=https://kubernetes.default.svc.cluster.local:$KUBERNETES_SERVICE_PORT - KUBE_TOKEN=$(&2 - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + echo "$(date) INFO: ${APP}-Updating pod label using K8s API from ${previous_state} to ${2}" + echo "[{\"op\": \"add\", \"path\": \"/metadata/labels/${1}\", \"value\": \"${2}\" }]" > /tmp/patch_label.json + K8S=https://kubernetes.default.svc.cluster.local:$KUBERNETES_SERVICE_PORT + KUBE_TOKEN=$(&2 + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + fi fi fi - fi +} + + +# Function to get remote sync state +get_router_remote_config_state() { + # Params: $1 is property of config to return for router + routerresults=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/config-sync/database/remote/tables/table[1]/source-router/${1}") + routerremotesync_result=$(echo ${routerresults} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + echo $routerremotesync_result } # Main logic: note that there are no re-tries here, if check fails then return not ready. if [ "${BROKER_REDUNDANCY}" = "true" ]; then # HA config IFS='-' read -ra host_array <<< $(hostname) - is_monitor=$([ ${host_array[-2]} = "m" ] && echo 1 || echo 0) - is_backup=$([ ${host_array[-2]} = "b" ] && echo 1 || echo 0) - password=$(cat /mnt/disks/secrets/admin/username_admin_password) - # For update (includes SolOS upgrade) purposes, additional checks are required for readiness state when the pod has been started - # This is an update if the LASTVERSION_FILE with K8s controller-revision-hash exists and contents differ from current value - LASTVERSION_FILE=/var/lib/solace/var/lastConfigRevisionBeforeReboot - if [ ! -f ${LASTVERSION_FILE} ] || [[ $(cat ${LASTVERSION_FILE}) != $(get_label "controller-revision-hash") ]] ; then - echo "$(date) INFO: ${APP}-Initial startup or Upgrade detected, running additional checks..." - # Check redundancy - echo "$(date) INFO: ${APP}-Running checks. Redundancy state check started..." - results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/redundancy-status") - redundancystatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - if [ "${redundancystatus_results}" != "Up" ]; then - echo "$(date) INFO: ${APP}-Redundancy state is not yet up." - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - fi - # Additionally check config-sync status for non-monitoring nodes - echo "$(date) INFO: ${APP}-Running checks. Config-sync state check started..." - if [ "${is_monitor}" = "0" ]; then + node_ordinal=${host_array[-1]} + password=$(cat /mnt/disks/secrets/username_admin_password) + # For monitor node just check for redundancy; active label will never be set + if [ "${node_ordinal}" = "2" ]; then + # Check redundancy results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/config-sync/status/oper-status") - confsyncstatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - if [ "${confsyncstatus_results}" != "Up" ]; then - echo "$(date) INFO: ${APP}-Config-sync state is not yet up." - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/redundancy-status") + redundancystatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "${redundancystatus_results}" != "Up" ]; then + echo "$(date) INFO: ${APP}-Waiting for redundancy up, redundancy state is not yet up." + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 fi - fi - fi - # Record current version in LASTVERSION_FILE - echo $(get_label "controller-revision-hash") > ${LASTVERSION_FILE} - # For monitor node just check for redundancy; active label will never be set - if [ "${is_monitor}" = "1" ]; then - # Check redundancy - echo "$(date) INFO: ${APP}-Running checks. Redundancy state check started..." - results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/redundancy-status") - redundancystatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - if [ "${redundancystatus_results}" != "Up" ]; then - echo "$(date) INFO: ${APP}-Redundancy state is not yet up." - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - fi - if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then - echo "$(date) INFO: ${APP}-All nodes online, monitor node is redundancy ready" - touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} - echo "$(date) INFO: ${APP}-Server status check complete for this broker node" - exit 1 - fi - exit 0 + if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then + echo "$(date) INFO: ${APP}-All nodes online, monitor node is redundancy ready" + touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} + echo "$(date) INFO: ${APP}-Server status check complete for this broker node" + exit 1 + fi + exit 0 fi # End Monitor Node + # From here only message routing nodes. # For Primary or Backup nodes set both service readiness (active label) and k8s readiness (exit return value) health_result=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:5550/health-check/guaranteed-active) case "${health_result}" in - "200") - if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then - echo "$(date) INFO: ${APP}-HA Event Broker health check reported 200, message spool is up" - touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} - echo "$(date) INFO: ${APP}-Server status check complete for this broker node" - echo "$(date) INFO: ${APP}-Changing pod label to active" - #exit 1 Removing as this may delay activity switch by 5 seconds - fi - set_label "active" "true" - exit 0 - ;; - "503") - if [[ $(get_label "active") = "true" ]]; then echo "$(date) INFO: ${APP}-HA Event Broker health check reported 503"; fi - set_label "active" "false" - # Further check is required to determine readiness - ;; - *) - echo "$(date) WARN: ${APP}-HA Event Broker health check reported unexpected ${health_result}" - set_label "active" "false" - echo "$(date) INFO: ${APP}-Changing pod label to inactive" - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + "200") + if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then + echo "$(date) INFO: ${APP}-HA Event Broker health check reported 200, message spool is up" + touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} + echo "$(date) INFO: ${APP}-Server status check complete for this broker node" + echo "$(date) INFO: ${APP}-Changing pod label to active" + #exit 1 Removing as this may delay activity switch by 5 seconds + fi + set_label "active" "true" + exit 0 + ;; + "503") + if [[ $(get_label "active") = "true" ]]; then echo "$(date) INFO: ${APP}-HA Event Broker health check reported 503"; fi + set_label "active" "false" + # Further check is required to determine readiness + ;; + *) + echo "$(date) WARN: ${APP}-HA Event Broker health check reported unexpected ${health_result}" + set_label "active" "false" + echo "$(date) INFO: ${APP}-Changing pod label to inactive" + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 esac # At this point analyzing readiness after health check returned 503 - checking if Event Broker is Standby - case "${is_backup}" in - "0") - config_role="primary" - ;; - "1") - config_role="backup" - ;; + case "${node_ordinal}" in + "0") + config_role="primary" + ;; + "1") + config_role="backup" + ;; esac online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${config_role}/status/activity[text()]") + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${config_role}/status/activity[text()]") local_activity=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) case "${local_activity}" in - "Mate Active") - # Check redundancy - results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/redundancy-status") - redundancystatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - if [ "${redundancystatus_results}" != "Up" ]; then - echo "$(date) INFO: ${APP}-Running checks.Redundancy state is not yet up." - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - fi - # Additionally check config-sync status for non-monitoring nodes - if [ "${node_ordinal}" != "2" ]; then - results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/config-sync/status/oper-status") - confsyncstatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - if [ "${confsyncstatus_results}" != "Up" ]; then - echo "$(date) INFO: ${APP}-Running checks. Config-sync state is not yet up." + "Mate Active") + # Check redundancy + results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/redundancy-status") + redundancystatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "${redundancystatus_results}" != "Up" ]; then + echo "$(date) INFO: ${APP}-Running checks.Redundancy state is not yet up." + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + fi + # Check config-sync status + results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/config-sync/status/oper-status") + confsyncstatus_results=$(echo ${results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "${confsyncstatus_results}" != "Up" ]; then + + # Additional check to confirm config-sync + echo "$(date) INFO: ${APP}-Checking Config-sync Setup. Starting additional checks to confirm config-sync locally..." + + messagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(/rpc-reply/rpc/show/config-sync/database/local/tables/table)") + messagevpn_total=$(echo ${messagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + + # Count message_vpns in-sync and compare with total + localmessagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table[sync-state='In-Sync'])") + local_messagevpn_total_insync=$(echo ${localmessagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "$messagevpn_total" -ne "$local_messagevpn_total_insync" ]; then + echo "$(date) INFO: ${APP}-Config-sync state is not in-sync locally." + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + fi + + echo "$(date) INFO: ${APP}-Checking Config-sync Setup. Remote config-sync state check starting..." + vpnremotehamate_result=$(get_router_remote_config_state "name") + + remote_messagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table/source-router[name='$vpnremotehamate_result'])") + remote_messagevpn_total=$(echo ${remote_messagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + + #Count message_vpns in-sync, not stale and compare with total + remotemessagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table/source-router[name='$vpnremotehamate_result' and sync-state='In-Sync' and stale='No'])") + remote_messagevpn_total_insync=$(echo ${remotemessagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "$remote_messagevpn_total" -ne "$remote_messagevpn_total_insync" ]; then + echo "$(date) INFO: ${APP}-Config-sync state is not in-sync for remote." + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + fi + fi + # Pass readiness check + if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then + echo "$(date) INFO: ${APP}-Redundancy is up and node is Mate Active" + touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} + echo "$(date) INFO: ${APP}-Server status check complete for this broker node" + exit 1 + fi + exit 0 + ;; + *) + echo "$(date) WARN: ${APP}-Health check returned 503 and local activity state is: ${local_activity}, failing readiness check." rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - fi - fi - # Pass readiness check - if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then - echo "$(date) INFO: ${APP}-Redundancy is up and node is mate Active" - touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} - echo "$(date) INFO: ${APP}-Server status check complete for this broker node" - exit 1 - fi - exit 0 - ;; - *) - echo "$(date) WARN: ${APP}-Health check returned 503 and local activity state is: ${local_activity}, failing readiness check." - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - ;; + ;; esac else # nonHA config health_result=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:5550/health-check/guaranteed-active) case "${health_result}" in - "200") - if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then - echo "$(date) INFO: ${APP}-nonHA Event Broker health check reported 200, message spool is up" - touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} - echo "$(date) INFO: ${APP}-Server status check complete for this broker node" - echo "$(date) INFO: ${APP}-Changing pod label to active" - exit 1 - fi - set_label "active" "true" - exit 0 - ;; - "503") - if [[ $(get_label "active") = "true" ]]; then echo "$(date) INFO: ${APP}-nonHA Event Broker health check reported 503, message spool is down"; fi - set_label "active" "false" - echo "$(date) INFO: ${APP}-Changing pod label to inactive" - # Fail readiness check - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 - ;; - *) - echo "$(date) WARN: ${APP}-nonHA Event Broker health check reported ${health_result}" - set_label "active" "false" - echo "$(date) INFO: ${APP}-Changing pod label to inactive" - # Fail readiness check - rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + "200") + if [ ! -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} ]; then + echo "$(date) INFO: ${APP}-nonHA Event Broker health check reported 200, message spool is up" + touch ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE} + echo "$(date) INFO: ${APP}-Server status check complete for this broker node" + echo "$(date) INFO: ${APP}-Changing pod label to active" + exit 1 + fi + set_label "active" "true" + exit 0 + ;; + "503") + if [[ $(get_label "active") = "true" ]]; then echo "$(date) INFO: ${APP}-nonHA Event Broker health check reported 503, message spool is down"; fi + set_label "active" "false" + echo "$(date) INFO: ${APP}-Changing pod label to inactive" + # Fail readiness check + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 + ;; + *) + echo "$(date) WARN: ${APP}-nonHA Event Broker health check reported ${health_result}" + set_label "active" "false" + echo "$(date) INFO: ${APP}-Changing pod label to inactive" + # Fail readiness check + rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 esac fi \ No newline at end of file diff --git a/controllers/brokerscripts/semp_query.sh b/controllers/brokerscripts/semp_query.sh index 60ca37e..7b8887c 100644 --- a/controllers/brokerscripts/semp_query.sh +++ b/controllers/brokerscripts/semp_query.sh @@ -39,7 +39,7 @@ if [[ ${url} = "" || ${username} = "" || ${password} = "" ]]; then echo 'missing parameter' exit 1 fi -if [ "$(curl --write-out '%{http_code}' --silent --output /dev/null -u ${username}:${password} ${url}/SEMP)" != "200" ] ; then +if [ "$(curl --write-out '%{http_code}' --silent --output /dev/null -u ${username}:${password} ${url}/SEMP -d '')" != "200" ] ; then echo "management host is not responding" exit 1 fi diff --git a/controllers/brokerscripts/startup-broker.sh b/controllers/brokerscripts/startup-broker.sh index 891aa74..ccf2098 100644 --- a/controllers/brokerscripts/startup-broker.sh +++ b/controllers/brokerscripts/startup-broker.sh @@ -7,12 +7,13 @@ echo "$(date) INFO: ${APP}-PubSub+ broker node starting. HA flags: HA_configured echo "$(date) INFO: ${APP}-Waiting for management API to become available" password=$(cat /mnt/disks/secrets/admin/username_admin_password) INITIAL_STARTUP_FILE=/var/lib/solace/var/k8s_initial_startup_marker -loop_guard=120 +loop_guard=60 pause=10 count=0 -while [ ${count} -lt ${loop_guard} ]; do +# Wait for Solace Management API +while [ ${count} -lt ${loop_guard} ]; do if /mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 -t ; then - break + break fi run_time=$((${count} * ${pause})) ((count++)) @@ -26,16 +27,25 @@ fi if [ "${BROKER_TLS_ENABLED}" = "true" ]; then rm /dev/shm/server.cert # remove as soon as possible cert_results=$(curl --write-out '%{http_code}' --silent --output /dev/null -k -X PATCH -u admin:${password} https://localhost:1943/SEMP/v2/config/ \ - -H "content-type: application/json" \ - -d "{\"tlsServerCertContent\":\"$(cat /mnt/disks/certs/server/${BROKER_CERT_FILENAME} /mnt/disks/certs/server/${BROKER_CERTKEY_FILENAME} | awk '{printf "%s\\n", $0}')\"}") + -H "content-type: application/json" \ + -d "{\"tlsServerCertContent\":\"$(cat /mnt/disks/certs/server/${BROKER_CERT_FILENAME} /mnt/disks/certs/server/${BROKER_CERTKEY_FILENAME} | awk '{printf "%s\\n", $0}')\"}") if [ "${cert_results}" != "200" ]; then - echo "$(date) ERROR: ${APP}-Unable to set the server certificate, exiting" >&2 - exit 1 + echo "$(date) ERROR: ${APP}-Unable to set the server certificate, exiting" >&2 + exit 1 fi echo "$(date) INFO: ${APP}-Server certificate has been configured" # Future improvement: enable CA configuration from secret ca.crt fi if [ "${BROKER_REDUNDANCY}" = "true" ]; then + # Function to get remote sync state + get_router_remote_config_state() { + # Params: $1 is property of config to return for router + routerresults=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/config-sync/database/remote/tables/table[1]/source-router/${1}") + routerremotesync_result=$(echo ${routerresults} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + echo $routerremotesync_result + } # for non-monitor nodes setup redundancy and config-sync if [ "${is_monitor}" = "0" ]; then resync_step_required="" @@ -185,4 +195,4 @@ echo "$(date) INFO: ${APP}-PubSub+ Event Broker bringup is complete for this nod if [[ ! -e ${INITIAL_STARTUP_FILE} ]]; then echo "PubSub+ Event Broker initial startup completed on $(date)" > ${INITIAL_STARTUP_FILE} fi -exit 0 +exit 0 \ No newline at end of file From 5d509137fc8b223ead651ddec6e96947e52b8750 Mon Sep 17 00:00:00 2001 From: Balazs Czoma Date: Tue, 22 Aug 2023 14:59:57 -0400 Subject: [PATCH 02/10] Updated new release to 1.0.1 and adjusted min OpenShift version to 4.11 --- .github/workflows/prep-release.yml | 2 +- Dockerfile | 4 ++-- Makefile | 2 +- bundle/metadata/annotations.yaml | 2 +- ci/whitesource/whitesource-agent.config | 2 +- version.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index 7a154d8..6083856 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -4,7 +4,7 @@ on: release_tag: description: 'Release tag' required: true - default: '1.0.0-dev' + default: '1.0.1-dev' prep_internal_release: # Need to distinguish between internal and external releases # Internal release: Will use default internal location for created images (ghcr.io) and will tag and push operator candidate there diff --git a/Dockerfile b/Dockerfile index 9a2a284..870d386 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,8 +23,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest LABEL name="solace/pubsubplus-eventbroker-operator" LABEL vendor="Solace Corporation" -LABEL version="1.0.0" -LABEL release="1.0.0" +LABEL version="1.0.1" +LABEL release="1.0.1" LABEL summary="Solace PubSub+ Event Broker Kubernetes Operator" LABEL description="The Solace PubSub+ Event Broker Kubernetes Operator deploys and manages the lifecycle of PubSub+ Event Brokers" diff --git a/Makefile b/Makefile index 495bd91..4642dd3 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 1.0.0-dev +VERSION ?= 1.0.1-dev # API_VERSION defines the API version for the PubSubPlusEventBroker CRD API_VERSION ?= v1beta1 diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index d4ab5aa..fb59147 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Required by RedHat certification - com.redhat.openshift.versions: "v4.10" + com.redhat.openshift.versions: "v4.11" diff --git a/ci/whitesource/whitesource-agent.config b/ci/whitesource/whitesource-agent.config index 7945775..1a776b4 100644 --- a/ci/whitesource/whitesource-agent.config +++ b/ci/whitesource/whitesource-agent.config @@ -45,7 +45,7 @@ projectVersion= projectToken= productName=pubsubplus-kubernetes-operator -productVersion=v1.0.0 +productVersion=v1.0.1 productToken= updateType=OVERRIDE #requesterEmail=user@provider.com diff --git a/version.go b/version.go index 41a8082..fec03ba 100644 --- a/version.go +++ b/version.go @@ -15,4 +15,4 @@ // limitations under the License. package main -const version = "1.0.0" +const version = "1.0.1" From f65f01898c3c7167a902d46ee3db0107d1c411e2 Mon Sep 17 00:00:00 2001 From: Balazs Czoma Date: Tue, 22 Aug 2023 18:35:44 -0400 Subject: [PATCH 03/10] Fixes in readiness check --- controllers/brokerscripts/readiness_check.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/controllers/brokerscripts/readiness_check.sh b/controllers/brokerscripts/readiness_check.sh index e6b7df1..6e4827c 100644 --- a/controllers/brokerscripts/readiness_check.sh +++ b/controllers/brokerscripts/readiness_check.sh @@ -58,10 +58,11 @@ get_router_remote_config_state() { if [ "${BROKER_REDUNDANCY}" = "true" ]; then # HA config IFS='-' read -ra host_array <<< $(hostname) - node_ordinal=${host_array[-1]} - password=$(cat /mnt/disks/secrets/username_admin_password) + is_monitor=$([ ${host_array[-2]} = "m" ] && echo 1 || echo 0) + is_backup=$([ ${host_array[-2]} = "b" ] && echo 1 || echo 0) + password=$(cat /mnt/disks/secrets/admin/username_admin_password) # For monitor node just check for redundancy; active label will never be set - if [ "${node_ordinal}" = "2" ]; then + if [ "${is_monitor}" = "1" ]; then # Check redundancy results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ -q "" \ @@ -106,7 +107,7 @@ if [ "${BROKER_REDUNDANCY}" = "true" ]; then rm -f ${FINAL_ACTIVITY_LOGGED_TRACKING_FILE}; exit 1 esac # At this point analyzing readiness after health check returned 503 - checking if Event Broker is Standby - case "${node_ordinal}" in + case "${is_backup}" in "0") config_role="primary" ;; From 212290f468bbee67b0d3c315f4897be3efaf476f Mon Sep 17 00:00:00 2001 From: Balazs Czoma Date: Thu, 24 Aug 2023 15:41:55 -0400 Subject: [PATCH 04/10] Startup script adjustments --- controllers/brokerscripts/startup-broker.sh | 297 +++++++++++--------- 1 file changed, 168 insertions(+), 129 deletions(-) diff --git a/controllers/brokerscripts/startup-broker.sh b/controllers/brokerscripts/startup-broker.sh index ccf2098..1ca41bf 100644 --- a/controllers/brokerscripts/startup-broker.sh +++ b/controllers/brokerscripts/startup-broker.sh @@ -48,146 +48,185 @@ if [ "${BROKER_REDUNDANCY}" = "true" ]; then } # for non-monitor nodes setup redundancy and config-sync if [ "${is_monitor}" = "0" ]; then - resync_step_required="" - role="" - count=0 - while [ ${count} -lt ${loop_guard} ]; do - role_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/active-standby-role[text()]") - run_time=$((${count} * ${pause})) - case "$(echo ${role_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -)" in - "Primary") - role="primary" - break - ;; - "Backup") - role="backup" - break - ;; - esac - ((count++)) - echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, got ${role_results} for this node's active-standby role" - sleep ${pause} - done - if [ ${count} -eq ${loop_guard} ]; then - echo "$(date) ERROR: ${APP}-Could not determine this node's active-standby role" >&2 - exit 1 - fi - # Determine local activity - count=0 - echo "$(date) INFO: ${APP}-Management API is up, determined that this node's active-standby role is: ${role}" - while [ ${count} -lt ${loop_guard} ]; do - online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${role}/status/activity[text()]") - local_activity=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - run_time=$((${count} * ${pause})) - case "${local_activity}" in - "Local Active") - echo "$(date) INFO: ${APP}-Node activity status is Local Active, after ${run_time} seconds" - # We should only be here on new cluster create, if not this is an indication of unexpected HA procedures - if [[ ! -e ${INITIAL_STARTUP_FILE} ]]; then - # Need to issue assert master to get back into sync only one time when the PubSub+ Event Broker starts the first time - echo "$(date) INFO: ${APP}-Broker initial startup detected. This node will assert config-sync configuration over its mate" - resync_step_required="true" - else - echo "$(date) WARN: ${APP}-Unexpected state: this is not an initial startup of the broker and this node reports Local Active. Normally expected nodes are Mate Active after restart" - fi + resync_step_required="" + role="" + count=0 + # Determine node's primary or backup role + while [ ${count} -lt ${loop_guard} ]; do + role_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/active-standby-role[text()]") + run_time=$((${count} * ${pause})) + case "$(echo ${role_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -)" in + "Primary") + role="primary" break ;; - "Mate Active") - echo "$(date) INFO: ${APP}-Node activity status is Mate Active, after ${run_time} seconds" + "Backup") + role="backup" break ;; - esac - ((count++)) - echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Local activity state is: ${local_activity}" - sleep ${pause} - done - if [ ${count} -eq ${loop_guard} ]; then - echo "$(date) ERROR: ${APP}-Local activity state never become Local Active or Mate Active" >&2 - exit 1 - fi - # If we need to assert master, then we need to wait for mate to reconcile - if [ "${resync_step_required}" = "true" ]; then + esac + ((count++)) + echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, got ${role_results} for this node's primary or backup role" + sleep ${pause} + done + if [ ${count} -eq ${loop_guard} ]; then + echo "$(date) ERROR: ${APP}-Could not determine this node's primary or backup role" >&2 + exit 1 + fi + echo "$(date) INFO: ${APP}-Management API is up, determined that this node's role is: ${role}" + # Determine activity (local or mate active) count=0 - echo "$(date) INFO: ${APP}-Waiting for mate activity state to be 'Standby'" while [ ${count} -lt ${loop_guard} ]; do - online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${role}/status/detail/priority-reported-by-mate/summary[text()]") - mate_activity=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - run_time=$((${count} * ${pause})) - case "${mate_activity}" in - "Standby") - echo "$(date) INFO: ${APP}-Activity state reported by mate is Standby, after ${run_time} seconds" - break - ;; - esac - ((count++)) - echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Mate activity state is: ${mate_activity}, not yet in sync" - sleep ${pause} + online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${role}/status/activity[text()]") + local_activity=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + run_time=$((${count} * ${pause})) + case "${local_activity}" in + "Local Active") + echo "$(date) INFO: ${APP}-Node activity status is Local Active, after ${run_time} seconds" + # We should only be here on new cluster create, if not this is an indication of unexpected HA procedures + if [[ ! -e ${INITIAL_STARTUP_FILE} ]]; then + # Need to issue assert master to get back into sync only one time when the PubSub+ Event Broker starts the first time + echo "$(date) INFO: ${APP}-Broker initial startup detected. This node will assert config-sync configuration over its mate" + resync_step_required="true" + else + echo "$(date) WARN: ${APP}-Unexpected state: this is not an initial startup of the broker and this node reports Local Active. Possibly a redeploy?" + fi + break + ;; + "Mate Active") + echo "$(date) INFO: ${APP}-Node activity status is Mate Active, after ${run_time} seconds" + break + ;; + esac + ((count++)) + echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, node activity state is: ${local_activity}" + sleep ${pause} done if [ ${count} -eq ${loop_guard} ]; then - echo "$(date) ERROR: ${APP}-Mate not in sync, never reached Standby" >&2 - exit 1 + echo "$(date) ERROR: ${APP}-Node activity state never become Local Active or Mate Active" >&2 + exit 1 fi - fi # if assert-master - # Ensure Config-sync connection state is Connected before proceeding - count=0 - echo "$(date) INFO: ${APP}-Waiting for config-sync connected" - while [ ${count} -lt ${loop_guard} ]; do - online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" \ - -v "/rpc-reply/rpc/show/config-sync/status/client/connection-state") - connection_state=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - run_time=$((${count} * ${pause})) - case "${connection_state}" in - "Connected") - echo "$(date) INFO: ${APP}-Config-sync connection state is Connected, after ${run_time} seconds" - break - ;; - esac - ((count++)) - echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Config-sync connection state is: ${connection_state}, not yet in Connected" - sleep ${pause} - done - if [ ${count} -eq ${loop_guard} ]; then - echo "$(date) ERROR: ${APP}-Config-sync connection state never reached Connected" >&2 - exit 1 - fi - # Now can issue assert-master command - if [ "${resync_step_required}" = "true" ]; then - echo "$(date) INFO: ${APP}-Initiating assert-master" - /mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "" - /mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ - -q "*" - fi - # Wait for config-sync results - count=0 - echo "$(date) INFO: ${APP}-Waiting for config-sync results" - while [ ${count} -lt ${loop_guard} ]; do - online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + # If we need to assert leader, then first wait for mate to report Standby state + if [ "${resync_step_required}" = "true" ]; then + # This branch is AD-active only + count=0 + echo "$(date) INFO: ${APP}-Waiting for mate activity state to be 'Standby'" + while [ ${count} -lt ${loop_guard} ]; do + online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/redundancy/virtual-routers/${role}/status/detail/priority-reported-by-mate/summary[text()]") + mate_activity=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + run_time=$((${count} * ${pause})) + case "${mate_activity}" in + "Standby") + echo "$(date) INFO: ${APP}-Activity state reported by mate is Standby, after ${run_time} seconds" + break + ;; + esac + ((count++)) + echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Mate activity state is: ${mate_activity}, not yet in sync" + sleep ${pause} + done + if [ ${count} -eq ${loop_guard} ]; then + echo "$(date) ERROR: ${APP}-Mate not in sync, never reached Standby" >&2 + exit 1 + fi + fi # if assert-leader + # Ensure Config-sync connection state is Connected for both primary and backup before proceeding + count=0 + echo "$(date) INFO: ${APP}-Waiting for config-sync connected" + while [ ${count} -lt ${loop_guard} ]; do + online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ -q "" \ - -v "/rpc-reply/rpc/show/config-sync/status/oper-status") - confsyncstatus_results=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) - run_time=$((${count} * ${pause})) - case "${confsyncstatus_results}" in - "Up") - echo "$(date) INFO: ${APP}-Config-sync is Up, after ${run_time} seconds" + -v "/rpc-reply/rpc/show/config-sync/status/client/connection-state") + connection_state=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + run_time=$((${count} * ${pause})) + case "${connection_state}" in + "Connected") + echo "$(date) INFO: ${APP}-Config-sync connection state is Connected, after ${run_time} seconds" + break + ;; + esac + ((count++)) + echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Config-sync connection state is: ${connection_state}, not yet in Connected" + sleep ${pause} + done + if [ ${count} -eq ${loop_guard} ]; then + echo "$(date) ERROR: ${APP}-Config-sync connection state never reached Connected" >&2 + exit 1 + fi + # Now can issue assert-leader command + if [ "${resync_step_required}" = "true" ]; then + # This branch is AD-active only + echo "$(date) INFO: ${APP}-Initiating assert-leader" + /mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" + /mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "*" + fi + # Wait for config-sync results + count=0 + echo "$(date) INFO: ${APP}-Waiting for config-sync results" + while [ ${count} -lt ${loop_guard} ]; do + online_results=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "/rpc-reply/rpc/show/config-sync/status/oper-status") + confsyncstatus_results=$(echo ${online_results} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + run_time=$((${count} * ${pause})) + case "${confsyncstatus_results}" in + "Up") + echo "$(date) INFO: ${APP}-Config-sync is Up, after ${run_time} seconds" + break + ;; + esac + ((count++)) + echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Config-sync is: ${confsyncstatus_results}, not yet Up" + # Additional checks to confirm config-sync (even if reported gloabally as not Up, it may be still up between local primary and backup in a DR setup) + echo "$(date) INFO: ${APP}-Checking Config-sync Setup. Starting additional checks to confirm config-sync locally..." + messagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(/rpc-reply/rpc/show/config-sync/database/local/tables/table)") + messagevpn_total=$(echo ${messagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + + # Count message_vpns in-sync and compare with total + localmessagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table[sync-state='In-Sync'])") + local_messagevpn_total_insync=$(echo ${localmessagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "$messagevpn_total" -ne "$local_messagevpn_total_insync" ]; then + echo "$(date) INFO: ${APP}-Config-sync state is not in-sync locally." + sleep ${pause} + continue + fi + + echo "$(date) INFO: ${APP}-Checking Config-sync Setup. Remote config-sync state check starting..." + vpnremotehamate_result=$(get_router_remote_config_state "name") + + remote_messagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table/source-router[name='$vpnremotehamate_result'])") + remote_messagevpn_total=$(echo ${remote_messagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + + #Count message_vpns in-sync, not stale and compare with total + remotemessagevpn_result=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ + -q "" \ + -v "count(//table/source-router[name='$vpnremotehamate_result' and sync-state='In-Sync' and stale='No'])") + remote_messagevpn_total_insync=$(echo ${remotemessagevpn_result} | xmllint -xpath "string(returnInfo/valueSearchResult)" -) + if [ "$remote_messagevpn_total" -ne "$remote_messagevpn_total_insync" ]; then + echo "$(date) INFO: ${APP}-Config-sync state is not in-sync for remote." + sleep ${pause} + continue + fi break - ;; - esac - ((count++)) - echo "$(date) INFO: ${APP}-Waited ${run_time} seconds, Config-sync is: ${confsyncstatus_results}, not yet Up" - sleep ${pause} - done - if [ ${count} -eq ${loop_guard} ]; then - echo "$(date) ERROR: ${APP}-Config-sync never reached state \"Up\"" >&2 - exit 1 - fi + done + if [ ${count} -eq ${loop_guard} ]; then + echo "$(date) ERROR: ${APP}-Config-sync never reached state \"Up\"" >&2 + exit 1 + fi fi # if not monitor fi echo "$(date) INFO: ${APP}-PubSub+ Event Broker bringup is complete for this node." From f82a78481da3a85217a949fcf19ea352be7bb1da Mon Sep 17 00:00:00 2001 From: Balazs Czoma Date: Thu, 24 Aug 2023 17:07:47 -0400 Subject: [PATCH 05/10] Minor script adjustments --- .github/workflows/build-test-dev.yml | 2 +- controllers/brokerscripts/init.sh | 24 ++++++++++----------- controllers/brokerscripts/startup-broker.sh | 1 - 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-test-dev.yml b/.github/workflows/build-test-dev.yml index 0812ed3..bf8b94b 100644 --- a/.github/workflows/build-test-dev.yml +++ b/.github/workflows/build-test-dev.yml @@ -39,7 +39,7 @@ jobs: - name: Upload Test coverage Reports if: ${{ always() }} - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: code-coverage-report path: | diff --git a/controllers/brokerscripts/init.sh b/controllers/brokerscripts/init.sh index 8377d76..36e7d09 100644 --- a/controllers/brokerscripts/init.sh +++ b/controllers/brokerscripts/init.sh @@ -37,18 +37,18 @@ if [ "${BROKER_REDUNDANCY}" = "true" ]; then # Non Monitor Nodes if [ "${is_monitor}" = "0" ]; then - case ${is_backup} in - 0) - export nodetype=message_routing - export redundancy_matelink_connectvia=${service}-b-0.${service}-discovery.${namespace}.svc - export redundancy_activestandbyrole=primary - ;; - 1) - export nodetype=message_routing - export redundancy_matelink_connectvia=${service}-p-0.${service}-discovery.${namespace}.svc - export redundancy_activestandbyrole=backup - ;; - esac + case ${is_backup} in + 0) + export nodetype=message_routing + export redundancy_matelink_connectvia=${service}-b-0.${service}-discovery.${namespace}.svc + export redundancy_activestandbyrole=primary + ;; + 1) + export nodetype=message_routing + export redundancy_matelink_connectvia=${service}-p-0.${service}-discovery.${namespace}.svc + export redundancy_activestandbyrole=backup + ;; + esac else export nodetype=monitoring fi diff --git a/controllers/brokerscripts/startup-broker.sh b/controllers/brokerscripts/startup-broker.sh index 1ca41bf..f9c5cbd 100644 --- a/controllers/brokerscripts/startup-broker.sh +++ b/controllers/brokerscripts/startup-broker.sh @@ -34,7 +34,6 @@ if [ "${BROKER_TLS_ENABLED}" = "true" ]; then exit 1 fi echo "$(date) INFO: ${APP}-Server certificate has been configured" - # Future improvement: enable CA configuration from secret ca.crt fi if [ "${BROKER_REDUNDANCY}" = "true" ]; then # Function to get remote sync state From acdc40cae3285b27d7667ba9d9a6479d232a57e7 Mon Sep 17 00:00:00 2001 From: bczoma Date: Fri, 25 Aug 2023 00:30:36 +0000 Subject: [PATCH 06/10] Prepared deploy yaml, bundle with latest relase info and updated params doc and licenses [skip ci] --- ...lus-eventbroker-operator.clusterserviceversion.yaml | 10 +++++----- .../pubsubplus.solace.com_pubsubpluseventbrokers.yaml | 2 +- deploy/deploy.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml index 4cbd579..54301c5 100644 --- a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml +++ b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml @@ -20,8 +20,8 @@ metadata: certified: "true" com.redhat.delivery.operator.bundle: "true" com.redhat.openshift.versions: v4.10 - containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.0.0 - createdAt: "2023-04-19T16:00:24Z" + containerImage: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 + createdAt: "2023-08-25T00:28:23Z" description: The Solace PubSub+ Event Broker Operator deploys and manages the lifecycle of PubSub+ Event Brokers operators.openshift.io/valid-subscription: '[]' @@ -29,7 +29,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart support: Solace Products - name: pubsubplus-eventbroker-operator.v1.0.0 + name: pubsubplus-eventbroker-operator.v1.0.1-rc.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -296,7 +296,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.0 + image: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -411,4 +411,4 @@ spec: provider: name: Solace Corporation url: www.solace.com - version: 1.0.0 + version: 1.0.1-rc.1 diff --git a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml index 9cacbb3..f012a1b 100644 --- a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml +++ b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml @@ -4,7 +4,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.3 labels: - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v1.0.1-rc.1 name: pubsubpluseventbrokers.pubsubplus.solace.com spec: group: pubsubplus.solace.com diff --git a/deploy/deploy.yaml b/deploy/deploy.yaml index 35cb87a..af1080d 100644 --- a/deploy/deploy.yaml +++ b/deploy/deploy.yaml @@ -1881,7 +1881,7 @@ spec: env: - name: WATCH_NAMESPACE value: "" - image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.0 + image: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 imagePullPolicy: Always livenessProbe: httpGet: From 1ec2012aafb03d479a55a858bb051c7b8fc7daed Mon Sep 17 00:00:00 2001 From: bczoma Date: Wed, 13 Sep 2023 10:42:32 +0000 Subject: [PATCH 07/10] Prepared deploy yaml, bundle with latest relase info and updated params doc and licenses [skip ci] --- ...lus-eventbroker-operator.clusterserviceversion.yaml | 10 +++++----- .../pubsubplus.solace.com_pubsubpluseventbrokers.yaml | 2 +- deploy/deploy.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml index 54301c5..356145d 100644 --- a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml +++ b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml @@ -20,8 +20,8 @@ metadata: certified: "true" com.redhat.delivery.operator.bundle: "true" com.redhat.openshift.versions: v4.10 - containerImage: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 - createdAt: "2023-08-25T00:28:23Z" + containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 + createdAt: "2023-09-13T10:40:30Z" description: The Solace PubSub+ Event Broker Operator deploys and manages the lifecycle of PubSub+ Event Brokers operators.openshift.io/valid-subscription: '[]' @@ -29,7 +29,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart support: Solace Products - name: pubsubplus-eventbroker-operator.v1.0.1-rc.1 + name: pubsubplus-eventbroker-operator.v1.0.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -296,7 +296,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 + image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -411,4 +411,4 @@ spec: provider: name: Solace Corporation url: www.solace.com - version: 1.0.1-rc.1 + version: 1.0.1 diff --git a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml index f012a1b..a7b5141 100644 --- a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml +++ b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml @@ -4,7 +4,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.3 labels: - app.kubernetes.io/version: v1.0.1-rc.1 + app.kubernetes.io/version: v1.0.1 name: pubsubpluseventbrokers.pubsubplus.solace.com spec: group: pubsubplus.solace.com diff --git a/deploy/deploy.yaml b/deploy/deploy.yaml index af1080d..806c2e4 100644 --- a/deploy/deploy.yaml +++ b/deploy/deploy.yaml @@ -1881,7 +1881,7 @@ spec: env: - name: WATCH_NAMESPACE value: "" - image: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.1-rc.1 + image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 imagePullPolicy: Always livenessProbe: httpGet: From ce16d55b117e1d97be6d6d339521f8e0cabdc2fb Mon Sep 17 00:00:00 2001 From: malike Date: Tue, 7 Nov 2023 08:11:14 -0500 Subject: [PATCH 08/10] SOL-106389 | Addition of Trivy scan for docker images and updated base image for packaging --- .github/workflows/build-test-dev.yml | 25 +++++++++++++++++++++++++ .github/workflows/prep-release.yml | 4 ++-- Dockerfile | 6 +++--- Makefile | 2 +- ci/whitesource/whitesource-agent.config | 2 +- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ version.go | 2 +- 8 files changed, 51 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build-test-dev.yml b/.github/workflows/build-test-dev.yml index bf8b94b..961d2ba 100644 --- a/.github/workflows/build-test-dev.yml +++ b/.github/workflows/build-test-dev.yml @@ -81,6 +81,31 @@ jobs: - name: Build image and push GitHub Container Registry run: make docker-push + + - name: Run Whitesource Action + uses: SolaceDev/Mend-Scan-GHA@v1.0.0 + with: + wssURL: https://saas.whitesourcesoftware.com/agent + apiKey: ${{ secrets.WSS_API_KEY }} + productName: 'pubsubplus-kubernetes-operator' + projectName: 'pubsubplus-kubernetes-operator' + configFile: 'ci/whitesource/whitesource-agent.config' + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/solacedev/pubsubplus-eventbroker-operator:1.0.2-dev + format: 'sarif' + severity: 'CRITICAL,HIGH' + output: 'trivy-results.sarif' + + - name: Uploads Trivy Scan Reports + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + path: | + trivy-results.sarif + int-minimal-non-ha: # if: ${{ false }} # disable for now needs: build diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index 6083856..39ee4b6 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -4,7 +4,7 @@ on: release_tag: description: 'Release tag' required: true - default: '1.0.1-dev' + default: '1.0.2-dev' prep_internal_release: # Need to distinguish between internal and external releases # Internal release: Will use default internal location for created images (ghcr.io) and will tag and push operator candidate there @@ -114,7 +114,7 @@ jobs: docker push `echo $CATALOG | awk '{print $1}'`:latest - name: Run Whitesource Action - uses: mercari/Whitesource-Scan-Action@v1.0.0 + uses: SolaceDev/Mend-Scan-GHA@v1.0.0 with: wssURL: https://saas.whitesourcesoftware.com/agent apiKey: ${{ secrets.WSS_API_KEY }} diff --git a/Dockerfile b/Dockerfile index 870d386..07b3136 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,12 +19,12 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest LABEL name="solace/pubsubplus-eventbroker-operator" LABEL vendor="Solace Corporation" -LABEL version="1.0.1" -LABEL release="1.0.1" +LABEL version="1.0.2" +LABEL release="1.0.2" LABEL summary="Solace PubSub+ Event Broker Kubernetes Operator" LABEL description="The Solace PubSub+ Event Broker Kubernetes Operator deploys and manages the lifecycle of PubSub+ Event Brokers" diff --git a/Makefile b/Makefile index 4642dd3..c821560 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 1.0.1-dev +VERSION ?= 1.0.2-dev # API_VERSION defines the API version for the PubSubPlusEventBroker CRD API_VERSION ?= v1beta1 diff --git a/ci/whitesource/whitesource-agent.config b/ci/whitesource/whitesource-agent.config index 1a776b4..0c7d8d2 100644 --- a/ci/whitesource/whitesource-agent.config +++ b/ci/whitesource/whitesource-agent.config @@ -45,7 +45,7 @@ projectVersion= projectToken= productName=pubsubplus-kubernetes-operator -productVersion=v1.0.1 +productVersion=v1.0.2 productToken= updateType=OVERRIDE #requesterEmail=user@provider.com diff --git a/go.mod b/go.mod index e57da17..bc91a62 100644 --- a/go.mod +++ b/go.mod @@ -59,14 +59,14 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.1 - golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.6.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.27.1 // indirect diff --git a/go.sum b/go.sum index 5c5c500..266abbf 100644 --- a/go.sum +++ b/go.sum @@ -526,8 +526,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -613,8 +613,8 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -706,12 +706,12 @@ golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -721,8 +721,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -788,8 +788,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/version.go b/version.go index fec03ba..d23d365 100644 --- a/version.go +++ b/version.go @@ -15,4 +15,4 @@ // limitations under the License. package main -const version = "1.0.1" +const version = "1.0.2" From e600fefa6320b9ff4969886adeb1a7987a759f1b Mon Sep 17 00:00:00 2001 From: malike Date: Thu, 9 Nov 2023 10:09:10 -0500 Subject: [PATCH 09/10] SOL-106389 | Update of the curl-minimal and libcurl-minimal --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 07b3136..0199822 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,8 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +RUN microdnf install -y curl-minimal-7.76.1-26.el9_3.2 libcurl-minimal-7.76.1-26.el9_3.2 + LABEL name="solace/pubsubplus-eventbroker-operator" LABEL vendor="Solace Corporation" LABEL version="1.0.2" From 815bb323960f89a68a88aeeb332e9ee9cfc84ce0 Mon Sep 17 00:00:00 2001 From: LewisKSaint Date: Tue, 14 Nov 2023 16:32:26 +0000 Subject: [PATCH 10/10] Prepared deploy yaml, bundle with latest relase info and updated params doc and licenses [skip ci] --- THIRD-PARTY-LICENSES.md | 10 +++++----- ...lus-eventbroker-operator.clusterserviceversion.yaml | 10 +++++----- .../pubsubplus.solace.com_pubsubpluseventbrokers.yaml | 2 +- deploy/deploy.yaml | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/THIRD-PARTY-LICENSES.md b/THIRD-PARTY-LICENSES.md index 7d0692c..8840000 100644 --- a/THIRD-PARTY-LICENSES.md +++ b/THIRD-PARTY-LICENSES.md @@ -5568,7 +5568,7 @@ THE SOFTWARE. * Name: golang.org/x/crypto/pkcs12 -* License: [BSD-3-Clause](https://cs.opensource.google/go/x/crypto/+/v0.1.0:LICENSE) +* License: [BSD-3-Clause](https://cs.opensource.google/go/x/crypto/+/v0.14.0:LICENSE) LICENSE REQUIREMENTS & SPECIFICATIONS ====================================== @@ -5605,7 +5605,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Name: golang.org/x/net -* License: [BSD-3-Clause](https://cs.opensource.google/go/x/net/+/v0.7.0:LICENSE) +* License: [BSD-3-Clause](https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE) LICENSE REQUIREMENTS & SPECIFICATIONS ====================================== @@ -5679,7 +5679,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Name: golang.org/x/sys/unix -* License: [BSD-3-Clause](https://cs.opensource.google/go/x/sys/+/v0.5.0:LICENSE) +* License: [BSD-3-Clause](https://cs.opensource.google/go/x/sys/+/v0.13.0:LICENSE) LICENSE REQUIREMENTS & SPECIFICATIONS ====================================== @@ -5716,7 +5716,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Name: golang.org/x/term -* License: [BSD-3-Clause](https://cs.opensource.google/go/x/term/+/v0.5.0:LICENSE) +* License: [BSD-3-Clause](https://cs.opensource.google/go/x/term/+/v0.13.0:LICENSE) LICENSE REQUIREMENTS & SPECIFICATIONS ====================================== @@ -5753,7 +5753,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Name: golang.org/x/text -* License: [BSD-3-Clause](https://cs.opensource.google/go/x/text/+/v0.7.0:LICENSE) +* License: [BSD-3-Clause](https://cs.opensource.google/go/x/text/+/v0.13.0:LICENSE) LICENSE REQUIREMENTS & SPECIFICATIONS ====================================== diff --git a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml index 356145d..6e7f8ae 100644 --- a/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml +++ b/bundle/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml @@ -20,8 +20,8 @@ metadata: certified: "true" com.redhat.delivery.operator.bundle: "true" com.redhat.openshift.versions: v4.10 - containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 - createdAt: "2023-09-13T10:40:30Z" + containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.0.2 + createdAt: "2023-11-14T16:30:42Z" description: The Solace PubSub+ Event Broker Operator deploys and manages the lifecycle of PubSub+ Event Brokers operators.openshift.io/valid-subscription: '[]' @@ -29,7 +29,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart support: Solace Products - name: pubsubplus-eventbroker-operator.v1.0.1 + name: pubsubplus-eventbroker-operator.v1.0.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -296,7 +296,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 + image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -411,4 +411,4 @@ spec: provider: name: Solace Corporation url: www.solace.com - version: 1.0.1 + version: 1.0.2 diff --git a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml index a7b5141..a85e821 100644 --- a/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml +++ b/bundle/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml @@ -4,7 +4,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.3 labels: - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: v1.0.2 name: pubsubpluseventbrokers.pubsubplus.solace.com spec: group: pubsubplus.solace.com diff --git a/deploy/deploy.yaml b/deploy/deploy.yaml index 806c2e4..5f696c2 100644 --- a/deploy/deploy.yaml +++ b/deploy/deploy.yaml @@ -1881,7 +1881,7 @@ spec: env: - name: WATCH_NAMESPACE value: "" - image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.1 + image: docker.io/solace/pubsubplus-eventbroker-operator:1.0.2 imagePullPolicy: Always livenessProbe: httpGet: