From 7b5b36f94aa5c9a5fdcbd0efd855f8526d95bddb Mon Sep 17 00:00:00 2001 From: Christian Geie Date: Tue, 28 Nov 2023 10:03:07 +0100 Subject: [PATCH 1/4] chore: update kind-action to v1.8.0 adapt k8s node images to use kind v0.20.0 add k8s v1.28 node image --- .github/workflows/build_and_test.yaml | 34 +++++++++++---------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 924a4d2..1cfba24 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -39,19 +39,21 @@ jobs: # see https://github.com/kubernetes-sigs/kind/releases for supported k8s versions per kind version k8s: - maj_min: v1.21 - digest: sha256:220cfafdf6e3915fbce50e13d1655425558cb98872c53f802605aa2fb2d569cf + digest: sha256:8a4e9bb3f415d2bb81629ce33ef9c76ba514c14d707f9797a01e3216376ba093 - maj_min: v1.22 - digest: sha256:9af784f45a584f6b28bce2af84c494d947a05bd709151466489008f80a9ce9d5 + digest: sha256:f5b2e5698c6c9d6d0adc419c0deae21a425c07d81bbf3b6a6834042f25d4fba2 - maj_min: v1.23 - digest: sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff + digest: sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb - maj_min: v1.24 - digest: sha256:cea86276e698af043af20143f4bf0509e730ec34ed3b7fa790cc0bea091bc5dd + digest: sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab - maj_min: v1.25 - digest: sha256:c08d6c52820aa42e533b70bce0c2901183326d86dcdcbedecc9343681db45161 + digest: sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - maj_min: v1.26 - digest: sha256:f4c0d87be03d6bea69f5e5dc0adb678bb498a190ee5c38422bf751541cebe92e + digest: sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - maj_min: v1.27 - digest: sha256:b7d12ed662b873bd8510879c1846e87c7e676a79fefc93e17b2a52989d3ff42b + digest: sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 + - maj_min: v1.28 + digest: sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 name: "Test on k8s ${{ matrix.k8s.maj_min }}" runs-on: ubuntu-latest steps: @@ -59,7 +61,7 @@ jobs: uses: actions/checkout@v3 - name: Create k8s Kind Cluster # make sure the k8s versions match the kind version of the action version 🤯 - uses: helm/kind-action@v1.7.0 + uses: helm/kind-action@v1.8.0 with: node_image: kindest/node@${{ matrix.k8s.digest }} config: test/kind-config.yaml @@ -90,8 +92,6 @@ jobs: wait_for_pod_ready "sidecar" wait_for_pod_ready "sidecar-5xx" wait_for_pod_ready "sidecar-pythonscript" - wait_for_pod_ready "sidecar-pythonscript-logfile" - wait_for_pod_ready "sidecar-logtofile-pythonscript" wait_for_pod_ready "dummy-server-pod" - name: Install Configmaps and Secrets @@ -104,22 +104,21 @@ jobs: sleep 20 echo "Installing resources..." kubectl apply -f "test/resources/resources.yaml" - pods=("sidecar" "sidecar-5xx" "sidecar-pythonscript" "sidecar-pythonscript-logfile") + pods=("sidecar" "sidecar-5xx" "sidecar-pythonscript") resources=("sample-configmap" "sample-secret-binary" "absolute-configmap" "relative-configmap" "change-dir-configmap" "similar-configmap-secret" "url-configmap-500" "url-configmap-basic-auth" "sample-configmap") for p in ${pods[*]}; do for r in ${resources[*]}; do wait_for_pod_log $p $r done done - # 10 more seconds after the last thing appeared in the logs. - sleep 10 + # 5 more seconds after the last thing appeared in the logs. + sleep 5 - name: Retrieve pod logs run: | mkdir /tmp/logs kubectl logs sidecar > /tmp/logs/sidecar.log kubectl logs sidecar-5xx > /tmp/logs/sidecar-5xx.log kubectl logs sidecar-pythonscript > /tmp/logs/sidecar-pythonscript.log - kubectl logs sidecar-pythonscript-logfile > /tmp/logs/sidecar-pythonscript-logfile.log kubectl logs dummy-server-pod > /tmp/logs/dummy-server.log - name: Upload artifacts (pod logs) uses: actions/upload-artifact@v3 @@ -218,12 +217,7 @@ jobs: - name: Verify sidecar-python logs after initial sync run: | # Make sure to update this number this when adding or removing configmap or secrets - # For log to a file, Need to consider Jobs "Install Configmaps and Secrets" and "Update Configmaps and Secrets" - # Total is (9 + 7) - test $(cat /tmp/logs/sidecar-pythonscript.log | grep "Hello from python script!" | wc -l) = "9" && - test $(cat /tmp/logs/sidecar-pythonscript-logfile.log | grep "Hello from python script!" | wc -l) = "9" && - kubectl exec sidecar-logtofile-pythonscript -- sh -c "test -e /opt/logs/sidecar.log" && - test $(kubectl exec sidecar-logtofile-pythonscript -- sh -c 'cat /opt/logs/sidecar.log | grep "Hello from python script!" | wc -l') = "16" + test $(cat /tmp/logs/sidecar-pythonscript.log | grep "Hello from python script!" | wc -l) = "9" - name: Verify sidecar files after update run: | kubectl exec sidecar -- sh -c "ls /tmp/" && From fc762d44d121164ffa224e3e5aefbff8c7b72ca7 Mon Sep 17 00:00:00 2001 From: Christian Geie Date: Tue, 28 Nov 2023 10:45:56 +0100 Subject: [PATCH 2/4] adjust README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a19964a..d0eeb25 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ All are identical multi-arch images built for `amd64`, `arm64`, `arm/v7`, `ppc64 - Filter based on label - Update/Delete on change of configmap or secret - Enforce unique filenames -- CI tests for k8s v1.21-v1.27 +- CI tests for k8s v1.21-v1.28 - Support `binaryData` for both `Secret` and `ConfigMap` kinds - Binary data content is base64 decoded before generating the file on disk - Values can also be base64 encoded URLs that download binary data e.g. executables @@ -81,7 +81,7 @@ If the filename ends with `.url` suffix, the content will be processed as a URL | `SCRIPT` | Absolute path to a script to execute after a configmap got reloaded. It runs before calls to `REQ_URI`. If the file is not executable it will be passed to `sh`. Otherwise it's executed as is. [Shebangs](https://en.wikipedia.org/wiki/Shebang_(Unix)) known to work are `#!/bin/sh` and `#!/usr/bin/env python` | false | - | string | | `ERROR_THROTTLE_SLEEP` | How many seconds to wait before watching resources again when an error occurs | false | `5` | integer | | `SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for kube api calls | false | - | boolean | -| `REQ_SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for all HTTP requests (except the Kube API server, which are controlled by `SKIP_TLS_VERIFY`). | false | - | boolean | +| `REQ_SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for all HTTP requests (except the Kube API server, which are controlled by `SKIP_TLS_VERIFY`). Note that the latest 'requests' library no longer offer a way to disable this via env vars; however a custom truststore can be set via REQUESTS_CA_BUNDLE. | false | - | boolean | | `UNIQUE_FILENAMES` | Set to true to produce unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | false | `false` | boolean | | `DEFAULT_FILE_MODE` | The default file system permission for every file. Use three digits (e.g. '500', '440', ...) | false | - | string | | `KUBECONFIG` | if this is given and points to a file or `~/.kube/config` is mounted k8s config will be loaded from this file, otherwise "incluster" k8s configuration is tried. | false | - | string | @@ -92,4 +92,3 @@ If the filename ends with `.url` suffix, the content will be processed as a URL | `LOG_LEVEL` | Set the logging level. (DEBUG, INFO, WARN, ERROR, CRITICAL) | false | `INFO` | string | | `LOG_FORMAT` | Set a log format. (JSON or LOGFMT) | false | `JSON` | string | | `LOG_TZ` | Set the log timezone. (LOCAL or UTC) | false | `LOCAL` | string | -| `LOG_CONFIG` | Log configuration file path. If not configured, uses the default log config for backward compatibility support. When not configured `LOG_LEVEL, LOG_FORMAT and LOG_TZ` would be used. Refer to [Python logging](https://docs.python.org/3/library/logging.config.html) for log configuration. For sample configuration file refer to file examples/example_logconfig.yaml | false | - | string | \ No newline at end of file From ad5db3da71195435a25fc9b93012d357943db178 Mon Sep 17 00:00:00 2001 From: Christian Geie Date: Tue, 28 Nov 2023 12:46:19 +0100 Subject: [PATCH 3/4] cherry pick changes from wrong branch and undo --- .github/workflows/build_and_test.yaml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 1cfba24..d37a175 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -92,6 +92,8 @@ jobs: wait_for_pod_ready "sidecar" wait_for_pod_ready "sidecar-5xx" wait_for_pod_ready "sidecar-pythonscript" + wait_for_pod_ready "sidecar-pythonscript-logfile" + wait_for_pod_ready "sidecar-logtofile-pythonscript" wait_for_pod_ready "dummy-server-pod" - name: Install Configmaps and Secrets @@ -104,21 +106,22 @@ jobs: sleep 20 echo "Installing resources..." kubectl apply -f "test/resources/resources.yaml" - pods=("sidecar" "sidecar-5xx" "sidecar-pythonscript") + pods=("sidecar" "sidecar-5xx" "sidecar-pythonscript" "sidecar-pythonscript-logfile") resources=("sample-configmap" "sample-secret-binary" "absolute-configmap" "relative-configmap" "change-dir-configmap" "similar-configmap-secret" "url-configmap-500" "url-configmap-basic-auth" "sample-configmap") for p in ${pods[*]}; do for r in ${resources[*]}; do wait_for_pod_log $p $r done done - # 5 more seconds after the last thing appeared in the logs. - sleep 5 + # 10 more seconds after the last thing appeared in the logs. + sleep 10 - name: Retrieve pod logs run: | mkdir /tmp/logs kubectl logs sidecar > /tmp/logs/sidecar.log kubectl logs sidecar-5xx > /tmp/logs/sidecar-5xx.log kubectl logs sidecar-pythonscript > /tmp/logs/sidecar-pythonscript.log + kubectl logs sidecar-pythonscript-logfile > /tmp/logs/sidecar-pythonscript-logfile.log kubectl logs dummy-server-pod > /tmp/logs/dummy-server.log - name: Upload artifacts (pod logs) uses: actions/upload-artifact@v3 @@ -217,7 +220,12 @@ jobs: - name: Verify sidecar-python logs after initial sync run: | # Make sure to update this number this when adding or removing configmap or secrets - test $(cat /tmp/logs/sidecar-pythonscript.log | grep "Hello from python script!" | wc -l) = "9" + # For log to a file, Need to consider Jobs "Install Configmaps and Secrets" and "Update Configmaps and Secrets" + # Total is (9 + 7) + test $(cat /tmp/logs/sidecar-pythonscript.log | grep "Hello from python script!" | wc -l) = "9" && + test $(cat /tmp/logs/sidecar-pythonscript-logfile.log | grep "Hello from python script!" | wc -l) = "9" && + kubectl exec sidecar-logtofile-pythonscript -- sh -c "test -e /opt/logs/sidecar.log" && + test $(kubectl exec sidecar-logtofile-pythonscript -- sh -c 'cat /opt/logs/sidecar.log | grep "Hello from python script!" | wc -l') = "16" - name: Verify sidecar files after update run: | kubectl exec sidecar -- sh -c "ls /tmp/" && @@ -228,4 +236,4 @@ jobs: kubectl exec sidecar -- sh -c "! test -e /tmp/relative/relative.txt" && kubectl exec sidecar -- sh -c "test -e /tmp/relative/change-relative.txt" && kubectl exec sidecar -- sh -c "! test -e /tmp/orig-dir/change-dir.txt" && kubectl exec sidecar -- sh -c "test -e /tmp/new-dir/change-dir.txt" && kubectl exec sidecar -- sh -c "! test -e /tmp/similar-configmap.txt" && kubectl exec sidecar -- sh -c "test -e /tmp/change-similar-configmap.txt" && - kubectl exec sidecar -- sh -c "! test -e /tmp/similar-secret.txt" && kubectl exec sidecar -- sh -c "test -e /tmp/change-similar-secret.txt" + kubectl exec sidecar -- sh -c "! test -e /tmp/similar-secret.txt" && kubectl exec sidecar -- sh -c "test -e /tmp/change-similar-secret.txt" \ No newline at end of file From 9a604ee632416a3cdabae4fb9502f33f0e41f3d3 Mon Sep 17 00:00:00 2001 From: Christian Geie Date: Tue, 28 Nov 2023 12:52:09 +0100 Subject: [PATCH 4/4] cherry pick changes from wrong branch and undo --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d0eeb25..ae673bb 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ If the filename ends with `.url` suffix, the content will be processed as a URL | `SCRIPT` | Absolute path to a script to execute after a configmap got reloaded. It runs before calls to `REQ_URI`. If the file is not executable it will be passed to `sh`. Otherwise it's executed as is. [Shebangs](https://en.wikipedia.org/wiki/Shebang_(Unix)) known to work are `#!/bin/sh` and `#!/usr/bin/env python` | false | - | string | | `ERROR_THROTTLE_SLEEP` | How many seconds to wait before watching resources again when an error occurs | false | `5` | integer | | `SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for kube api calls | false | - | boolean | -| `REQ_SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for all HTTP requests (except the Kube API server, which are controlled by `SKIP_TLS_VERIFY`). Note that the latest 'requests' library no longer offer a way to disable this via env vars; however a custom truststore can be set via REQUESTS_CA_BUNDLE. | false | - | boolean | +| `REQ_SKIP_TLS_VERIFY` | Set to `true` to skip tls verification for all HTTP requests (except the Kube API server, which are controlled by `SKIP_TLS_VERIFY`). | false | - | boolean | | `UNIQUE_FILENAMES` | Set to true to produce unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | false | `false` | boolean | | `DEFAULT_FILE_MODE` | The default file system permission for every file. Use three digits (e.g. '500', '440', ...) | false | - | string | | `KUBECONFIG` | if this is given and points to a file or `~/.kube/config` is mounted k8s config will be loaded from this file, otherwise "incluster" k8s configuration is tried. | false | - | string | @@ -92,3 +92,4 @@ If the filename ends with `.url` suffix, the content will be processed as a URL | `LOG_LEVEL` | Set the logging level. (DEBUG, INFO, WARN, ERROR, CRITICAL) | false | `INFO` | string | | `LOG_FORMAT` | Set a log format. (JSON or LOGFMT) | false | `JSON` | string | | `LOG_TZ` | Set the log timezone. (LOCAL or UTC) | false | `LOCAL` | string | +| `LOG_CONFIG` | Log configuration file path. If not configured, uses the default log config for backward compatibility support. When not configured `LOG_LEVEL, LOG_FORMAT and LOG_TZ` would be used. Refer to [Python logging](https://docs.python.org/3/library/logging.config.html) for log configuration. For sample configuration file refer to file examples/example_logconfig.yaml | false | - | string | \ No newline at end of file