Skip to content

Commit

Permalink
Merge pull request #37 from datawire/rel/v2.1.0
Browse files Browse the repository at this point in the history 
[v2.1.0] Release PR
  • Loading branch information
@LukeShu
LukeShu authored Dec 16, 2021
2 parents ef6796d + fdc5cdc commit 90d88cb
Show file tree
Hide file tree
Showing 37 changed files with 6,490 additions and 5,781 deletions.
41 changes: 40 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,46 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest

## RELEASE NOTES

## [2.0.5] 2021-11-08
## [2.1.0] 2021-12-16
[2.1.0]: https://github.com/datawire/edge-stack/releases/v2.1.0

## Ambassador Edge Stack

- Feature: Ambassador Edge Stack supports `getambassador.io/v2` CRDs, to simplify migration from Ambassador
Edge Stack 1.X. _Note:_ it is important to read the <a
href="../topics/install/migrate-to-version-2">migration documentation</a> before starting
migration.

- Change: The Ambassador Edge Stack CRDs (`Filter`, `FilterPolicy`, and `RateLimit`) will now be validated
for correct syntax by Kubernetes itself. This means that `kubectl apply` will reject invalid CRDs
before they are actually applied, preventing them from causing errors.

- Bugfix: The incremental reconfiguration cache could miss some updates when multiple `Mapping`s had the
same `prefix` ("canary"ing multiple `Mapping`s together). This has been corrected, so that all
such updates correctly take effect. ([3945])

- Bugfix: When using Kubernetes Secrets to store ACME private keys (as the Edge Stack ACME client does), an
error would always be logged about the Secret not being present, even though it was present, and
everything was working correctly. This error is no longer logged.

- Bugfix: When using gzip compression, upstream services will no longer receive compressed data. This bug
was introduced in 1.14.0. The fix restores the default behavior of not sending compressed data to
upstream services. ([3818])

- Security: Update to busybox 1.34.1 to resolve CVE-2021-28831, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385,
and CVE-2021-42386.

- Security: Update Python dependencies to resolve CVE-2020-28493 (jinja2), CVE-2021-28363 (urllib3), and
CVE-2021-33503 (urllib3).

- Security: Previous built images included some Python packages used only for test. These have now been
removed, resolving CVE-2020-29651.

[3945]: https://github.com/emissary-ingress/emissary/issues/3945
[3818]: https://github.com/emissary-ingress/emissary/issues/3818

## [2.0.5] 2021-11-09
[2.0.5]: https://github.com/datawire/edge-stack/releases/v2.0.5

## Ambassador Edge Stack
Expand Down
77 changes: 28 additions & 49 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,10 @@ SHELL := /bin/bash
HELM_OUTPUT_DIR := $(EDGE_STACK_HOME)/build/helm/

generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-defaultns-migration.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/aes-emissaryns-migration.yaml
generate/files += $(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml
generate/files += $(EDGE_STACK_HOME)/CHANGELOG.md
generate/files += $(EDGE_STACK_HOME)/.circleci/config.yml
Expand All @@ -16,57 +18,34 @@ $(EDGE_STACK_HOME)/venv:

FORCE:
.PHONY: FORCE
.SECONDARY:

$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml)
$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz)
$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: $(EDGE_STACK_HOME)/k8s-config/aes/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/aes.yaml: FORCE
mkdir -p $(@D)
helm template edge-stack -n ambassador -f $(EDGE_STACK_HOME)/k8s-config/aes/values.yaml $(EDGE_STACK_HOME)/charts/edge-stack/ > $@
$(EDGE_STACK_HOME)/charts/edge-stack/charts: %/charts: %/Chart.yaml
rm -rf $@
cd $* && helm dependency update

$(HELM_OUTPUT_DIR):
$(HELM_OUTPUT_DIR): $(EDGE_STACK_HOME)/charts/edge-stack/charts FORCE
rm -rf $@
mkdir -p $@
helm template edge-stack --output-dir $@ --include-crds -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack

$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml)
$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/charts/*.tgz)
$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: $(HELM_OUTPUT_DIR)
$(EDGE_STACK_HOME)/manifests/edge-stack/aes-crds.yaml: FORCE
cat $(sort $(wildcard $(HELM_OUTPUT_DIR)/edge-stack/charts/emissary-ingress/crds/*.yaml)) > $@
cat $(sort $(wildcard $(HELM_OUTPUT_DIR)/edge-stack/crds/*.yaml)) >> $@
rm -rf $(HELM_OUTPUT_DIR)

define generate_yaml_from_helm
mkdir -p `dirname $(3)` && \
mkdir -p $(EDGE_STACK_HOME)/build/yaml/$(1) && \
helm template edge-stack -n $(2) \
-f $(EDGE_STACK_HOME)/k8s-config/$(1)/values.yaml \
$(EDGE_STACK_HOME)/charts/edge-stack > $(EDGE_STACK_HOME)/build/yaml/$(1)/helm-expanded.yaml
$(EDGE_STACK_HOME)/venv/bin/python $(EDGE_STACK_HOME)/k8s-config/create_yaml.py \
$(EDGE_STACK_HOME)/build/yaml/$(1)/helm-expanded.yaml $(EDGE_STACK_HOME)/k8s-config/$(1)/require.yaml > $(3)
endef

$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/create_yaml.py
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/oss-migration/require.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/oss-migration/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml)
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: $(EDGE_STACK_HOME)/venv
$(EDGE_STACK_HOME)/manifests/edge-stack/oss-migration.yaml: FORCE
@printf ' $(CYN)$@$(END)\n'
$(call generate_yaml_from_helm,oss-migration,default,$@)

$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/create_yaml.py
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/resources-migration/require.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/k8s-config/resources-migration/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(wildcard $(EDGE_STACK_HOME)/charts/edge-stack/templates/*.yaml)
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/charts/edge-stack/values.yaml
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: $(EDGE_STACK_HOME)/venv
$(EDGE_STACK_HOME)/manifests/edge-stack/resources-migration.yaml: FORCE
@printf ' $(CYN)$@$(END)\n'
$(call generate_yaml_from_helm,resources-migration,default,$@)
helm template edge-stack --output-dir $@ -n ambassador $(EDGE_STACK_HOME)/charts/edge-stack

helm-namespace.aes = ambassador
helm-namespace.aes-defaultns = default
helm-namespace.aes-defaultms-migration = default
helm-namespace.aes-emissaryns = emissary
helm-namespace.aes-emissaryns-migration = emissary
helm-namespace.resources-migration = default
$(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml: \
$(EDGE_STACK_HOME)/charts/edge-stack/charts \
$(EDGE_STACK_HOME)/k8s-config/%/values.yaml \
FORCE
helm template --namespace=$(helm-namespace.$*) --values=$(@D)/values.yaml edge-stack $(EDGE_STACK_HOME)/charts/edge-stack >$@
$(EDGE_STACK_HOME)/manifests/edge-stack/%.yaml: \
$(EDGE_STACK_HOME)/k8s-config/%/helm-expanded.yaml \
$(EDGE_STACK_HOME)/k8s-config/%/require.yaml \
$(EDGE_STACK_HOME)/k8s-config/create_yaml.py \
$(EDGE_STACK_HOME)/venv
. $(EDGE_STACK_HOME)/venv/bin/activate && $(filter %.py,$^) $(filter %/helm-expanded.yaml,$^) $(filter %/require.yaml,$^) >$@

push-manifests:
$(EDGE_STACK_HOME)/manifests/push_manifests.sh
Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.1.0-rc.0
2.1.0
4 changes: 4 additions & 0 deletions charts/charts.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ chart/preflight-kubeconfig:
chart/create-cluster: chart/preflight-kubeconfig
$(MAKE) chart/delete-cluster || true
$(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik"
while ! kubectl --kubeconfig=$(CHART_KUBECONFIG) get serviceaccount default >/dev/null; do sleep 1; done
kubectl --kubeconfig=$(CHART_KUBECONFIG) version
kubectl --kubeconfig=$(CHART_KUBECONFIG) apply -f manifests/edge-stack/aes-crds.yaml
kubectl --kubeconfig=$(CHART_KUBECONFIG) --namespace=emissary-system wait --timeout=90s --for=condition=available Deployments/emissary-apiext
.PHONY: chart/create-cluster

chart/delete-cluster:
Expand Down
1 change: 1 addition & 0 deletions charts/edge-stack/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/charts/
8 changes: 4 additions & 4 deletions charts/edge-stack/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: emissary-ingress
repository: https://s3.amazonaws.com/datawire-static-files/charts-dev
version: 7.2.0-rc.1
digest: sha256:e40ea2c73b39ad31c097467e9aba5fd9ac7f1da2633fb3fe07a7a803adf1770f
generated: "2021-12-07T11:08:51.525938875-07:00"
repository: https://s3.amazonaws.com/datawire-static-files/charts
version: 7.2.0
digest: sha256:b9a8a718fc677f4b226278970e8f3ea90ce520fb6c2cb88574fa3c109aced5d0
generated: "2021-12-16T10:17:55.440833795-07:00"
8 changes: 4 additions & 4 deletions charts/edge-stack/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
appVersion: 2.1.0-rc.0
appVersion: 2.1.0
description: A Helm chart for Ambassador Edge Stack
name: edge-stack
version: 7.2.0-rc.0
version: 7.2.0
# TODO: change these to whatever the appropriate things are
icon: https://www.getambassador.io/images/logo.png
home: https://www.getambassador.io/
Expand All @@ -27,5 +27,5 @@ maintainers:
engine: gotpl
dependencies:
- name: emissary-ingress
version: v7.2.0-rc.1
repository: "https://s3.amazonaws.com/datawire-static-files/charts-dev"
version: v7.2.0
repository: "https://s3.amazonaws.com/datawire-static-files/charts"
Loading

0 comments on commit 90d88cb

Please sign in to comment.