Merge pull request #1288 from flanksource/misc-fixes

Misc fixes
flanksource · Oct 6, 2023 · e4eafab · e4eafab
2 parents 20ab564 + 1a44593
commit e4eafab
Show file tree

Hide file tree

Showing 43 changed files with 768 additions and 721 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -10,21 +10,21 @@ permissions: read-all
 jobs:
   golangci:
     permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
     name: lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Install Go
         uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: golangci-lint
         with:
           version: v1.52.2 # TODO: Catching new linter errors now. Need to fix those and upgrade to v1.53.0
         uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
-        
+
       - name: setup node
         uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
         with:

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -10,23 +10,51 @@ name: Test
 permissions:
   contents: read
 jobs:
+  # build:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Install Go
+  #       uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
+  #       with:
+  #         go-version: 1.20.x
+  #     - name: Checkout code
+  #       uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+  #     - uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2
+  #       with:
+  #         path: |
+  #           ~/go/pkg/mod
+  #           ~/.cache/go-build
+  #           .bin
+  #         key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }}
+  #         restore-keys: |
+  #           cache-
+  #     - run: make  build
+  #     - run: cd test && make build
+  #     - run: make compress-build
+  #     - uses: actions/upload-artifact@v3
+  #       with:
+  #         name: bin
+  #         path: |
+  #           .bin/canary-checker
+  #           .bin/canary-checker.test
   test:
     strategy:
       fail-fast: false
       matrix:
         suite:
-          - minimal --skip-all
-          - k8s
-          - datasources
-          - search
-          - git
+          - { name: minimal --skip-all, on: ubuntu-latest }
+          - { name: k8s, on: ubuntu-latest }
+          - { name: datasources, on: ubuntu-latest }
+          - { name: opensearch, on: ubuntu-latest }
+          - { name: elasticsearch, on: ubuntu-latest }
+          - { name: git, on: ubuntu-latest }
           # - restic
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.suite.on }}
     steps:
       - name: Install Go
         uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
         with:
-          go-version: 1.19.x
+          go-version: 1.20.x
       - name: Checkout code
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2
@@ -43,10 +71,10 @@ jobs:
         env:
           KUBERNETES_VERSION: v1.20.7
           GH_TOKEN: ${{ secrets.CHECKRUNS_TOKEN }}
-        run: ./test/e2e.sh fixtures/${{matrix.suite}}
+        run: ./test/e2e.sh fixtures/${{matrix.suite.name}}
       - name: Publish Unit Test Results
         uses: EnricoMi/publish-unit-test-result-action@b9f6c61d965bcaa18acc02d6daf706373a448f02 # v1.40
         if: always() &&  github.event.repository.fork == 'false'
         with:
           files: test/test-results.xml
-          check_name: E2E - ${{matrix.suite}}
+          check_name: E2E - ${{matrix.suite.name}}
diff --git a/Makefile b/Makefile
@@ -4,8 +4,7 @@ CRD_OPTIONS ?= ""
 NAME=canary-checker
 OS   = $(shell uname -s | tr '[:upper:]' '[:lower:]')
 ARCH = $(shell uname -m | sed 's/x86_64/amd64/')
-KUSTOMIZE=$(PWD)/.bin/kustomize
-
+LD_FLAGS=-ldflags "-w -s -X \"main.version=$(VERSION_TAG)\""
 ifeq ($(VERSION),)
   VERSION_TAG=$(shell git describe --abbrev=0 --tags || echo latest)
 else
@@ -49,25 +48,25 @@ uninstall: manifests
 	kubectl delete -f config/deploy/crd.yaml
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy: .bin/kustomize manifests
-	cd config && .bin/kustomize edit set image controller=${IMG}
-	kubectl $(KUSTOMIZE) config | kubectl apply -f -
+deploy: manifests
+	cd config && kustomize edit set image controller=${IMG}
+	kustomize build config | kubectl apply -f -
 
-static: .bin/kustomize generate manifests .bin/yq
-	.bin/kustomize build ./config | $(YQ) ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/manifests.yaml
-	.bin/kustomize build ./config/base | $(YQ) ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/base.yaml
+static:  generate manifests
+	kustomize build ./config | yq ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/manifests.yaml
+	kustomize build ./config/base | yq ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/base.yaml
 
 # Generate OpenAPI schema
 .PHONY: gen-schemas
 gen-schemas:
 	cd hack/generate-schemas && go run ./main.go
 
 # Generate manifests e.g. CRD, RBAC etc.
-manifests: .bin/controller-gen .bin/yq
+manifests: .bin/controller-gen
 	schemaPath=.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties
-	.bin/controller-gen crd paths="./api/..." output:stdout | $(YQ) ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/crd.yaml
+	.bin/controller-gen crd paths="./api/..." output:stdout | yq ea -P '[.] | sort_by(.metadata.name) | .[] | splitDoc' - > config/deploy/crd.yaml
 	$(MAKE) gen-schemas
-	cd config/deploy && $(YQ) ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.checks.items.properties)' crd.yaml | $(YQ) ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.forEach.properties)' /dev/stdin  | $(YQ) ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.lookup.properties)'  /dev/stdin | $(YQ) ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.properties.items.properties.lookup.properties)' /dev/stdin | $(YQ) ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.forEach.properties)' /dev/stdin |  $(YQ) ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.lookup.properties)' /dev/stdin | $(YQ) ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.checks.items.properties.inline.properties)' /dev/stdin | $(YQ) ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.properties.items.properties.lookup.properties)' /dev/stdin > crd.slim.yaml
+	cd config/deploy && yq ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.checks.items.properties)' crd.yaml | yq ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.forEach.properties)' /dev/stdin  | yq ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.lookup.properties)'  /dev/stdin | yq ea  'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.properties.items.properties.lookup.properties)' /dev/stdin | yq ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.forEach.properties)' /dev/stdin |  yq ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.lookup.properties)' /dev/stdin | yq ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.checks.items.properties.inline.properties)' /dev/stdin | yq ea 'del(.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.components.items.properties.properties.items.properties.lookup.properties)' /dev/stdin > crd.slim.yaml
 	cd config/deploy && mv crd.slim.yaml crd.yaml
 
 # Run go fmt against code
@@ -108,65 +107,60 @@ docker-push:
 
 .PHONY: compress
 compress: .bin/upx
-	upx -5 ./.bin/$(NAME)_linux_amd64 ./.bin/$(NAME)_linux_arm64 ./.bin/$(NAME)_darwin_amd64 ./.bin/$(NAME)_darwin_arm64 ./.bin/$(NAME).exe
+	upx -5 ./.bin/$(NAME)_linux_amd64 ./.bin/$(NAME)_linux_arm64 ./.bin/$(NAME)_darwin_amd64 ./.bin/$(NAME)_darwin_arm64 ./.bin/$(NAME).exe ./.bin/$(NAME) ./.bin/$(NAME).test
+
+.PHONY: compress-build
+compress-build: .bin/upx
+	upx -5 ./.bin/$(NAME) ./.bin/$(NAME).test
 
 .PHONY: linux
 linux:
-	GOOS=linux GOARCH=amd64 go build  -o ./.bin/$(NAME)_linux_amd64 -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
-	GOOS=linux GOARCH=arm64 go build  -o ./.bin/$(NAME)_linux_arm64 -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
+	GOOS=linux GOARCH=amd64 go build  -o ./.bin/$(NAME)_linux_amd64 $(LD_FLAGS)  main.go
+	GOOS=linux GOARCH=arm64 go build  -o ./.bin/$(NAME)_linux_arm64 $(LD_FLAGS)  main.go
 
 .PHONY: darwin
 darwin:
-	GOOS=darwin GOARCH=amd64 go build -o ./.bin/$(NAME)_darwin_amd64 -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
-	GOOS=darwin GOARCH=arm64 go build -o ./.bin/$(NAME)_darwin_arm64 -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
+	GOOS=darwin GOARCH=amd64 go build -o ./.bin/$(NAME)_darwin_amd64 $(LD_FLAGS)  main.go
+	GOOS=darwin GOARCH=arm64 go build -o ./.bin/$(NAME)_darwin_arm64 $(LD_FLAGS)  main.go
 
 .PHONY: windows
 windows:
-	GOOS=windows GOARCH=amd64 go build -o ./.bin/$(NAME).exe -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
+	GOOS=windows GOARCH=amd64 go build -o ./.bin/$(NAME).exe $(LD_FLAGS)  main.go
 
 .PHONY: binaries
 binaries: linux darwin windows compress
 
 .PHONY: release
-release: .bin/kustomize binaries
+release: binaries
 	mkdir -p .release
-	cd config/base && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/ > .release/release.yaml
+	cd config/base && kustomize edit set image controller=${IMG}
+	kustomize build config/ > .release/release.yaml
 	cp .bin/canary-checker* .release/
 
 .PHONY: lint
 lint:
 	golangci-lint run -v ./...
 
-.PHONY: serve-docs
-serve-docs:
-	docker run --rm -it -p 8000:8000 -v $(PWD):/docs -w /docs squidfunk/mkdocs-material
-
 .PHONY: build-api-docs
 build-api-docs:
 	go run main.go docs  api/v1/*.go --output-file docs/api.md
 
-.PHONY: build-docs
-build-docs:
-	pip3 install $(MKDOCS_INSIDERS)
-	mkdocs build -d build/docs
-
-.PHONY: deploy-docs
-deploy-docs:
-	which netlify 2>&1 > /dev/null || sudo npm install -g netlify-cli
-	netlify deploy --site cfe8c6b7-79b7-4a88-9e13-ff792126717f --prod --dir build/docs
-
 .PHONY: dev
 dev:
 	go build -o ./.bin/$(NAME) -gcflags="all=-N -l" -v main.go
 
 .PHONY: build
 build:
-	go build -o ./.bin/$(NAME) -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
+	go build -o ./.bin/$(NAME) $(LD_FLAGS)  main.go
+
+.PHONY: test-build
+test-build:
+	go test  test/...  -o ./.bin/$(NAME).test $(LD_FLAGS)  main.go
+
 
 .PHONY: fast-build
 fast-build:
-	go build --tags fast -o ./.bin/$(NAME) -ldflags "-X \"main.version=$(VERSION_TAG)\""  main.go
+	go build --tags fast -o ./.bin/$(NAME) $(LD_FLAGS)  main.go
 
 .PHONY: install
 install:
@@ -197,11 +191,6 @@ endif
 		GOBIN=$(PWD)/.bin go install sigs.k8s.io/controller-tools/cmd/[email protected]
 		CONTROLLER_GEN=$(GOBIN)/controller-gen
 
-.bin/kustomize: .bin
-	curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.3.0/kustomize_v4.3.0_$(OS)_$(ARCH).tar.gz -o kustomize.tar.gz && \
-	tar xf kustomize.tar.gz -C .bin/ && \
-	rm kustomize.tar.gz
-
 .bin/go-junit-report: .bin
 	GOBIN=$(PWD)/.bin GOFLAGS="-mod=mod"  go install github.com/jstemmer/go-junit-report
 
@@ -211,11 +200,6 @@ endif
     rm apache-jmeter-5.4.3.tgz && \
 		ln -s apache-jmeter-5.4.3/bin/jmeter .bin/jmeter
 
-.bin/restic:
-	curl -sSLo /usr/local/bin/restic.bz2  https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_$(OS)_$(ARCH).bz2   && \
-    bunzip2  /usr/local/bin/restic.bz2  && \
-    chmod +x /usr/local/bin/restic
-
 .bin/wait4x:
 	wget -nv https://github.com/atkrad/wait4x/releases/download/v0.3.0/wait4x-$(OS)-$(ARCH) -O .bin/wait4x && \
   chmod +x .bin/wait4x
@@ -224,10 +208,6 @@ endif
 	curl -sSLo .bin/karina https://github.com/flanksource/karina/releases/download/v0.50.0/karina_$(OS)-$(ARCH) && \
 	chmod +x .bin/karina
 
-.bin/yq: .bin
-	curl -sSLo .bin/yq https://github.com/mikefarah/yq/releases/download/v4.16.1/yq_$(OS)_$(ARCH) && chmod +x .bin/yq
-YQ = $(realpath ./.bin/yq)
-
 .PHONY: telepresence
 telepresence:
 ifeq (, $(shell which telepresence))
@@ -246,12 +226,7 @@ endif
 .bin:
 	mkdir -p .bin
 
-.bin/octopilot:
-	curl -sSLo .bin/octopilot https://github.com/dailymotion-oss/octopilot/releases/download/v1.0.7/octopilot_1.0.7_$(OS)_$(ARCH) && \
-	chmod +x .bin/octopilot
-
-bin: .bin .bin/wait4x .bin/yq .bin/karina .bin/go-junit-report .bin/restic .bin/jmeter telepresence .bin/octopilot .bin/kustomize
-
+bin: .bin .bin/wait4x .bin/karina .bin/go-junit-report  telepresence
 
 # Generate all the resources and formats your code, i.e: CRDs, controller-gen, static
 .PHONY: resources

diff --git a/api/context/context.go b/api/context/context.go
@@ -14,6 +14,7 @@ import (
 	"github.com/flanksource/duty/models"
 	"github.com/flanksource/duty/types"
 	"github.com/flanksource/kommons"
+	"github.com/jackc/pgx/v5/pgxpool"
 	"gorm.io/gorm"
 	"k8s.io/client-go/kubernetes"
 )
@@ -35,7 +36,8 @@ type Context struct {
 	Canary      v1.Canary
 	Environment map[string]interface{}
 	logger.Logger
-	db *gorm.DB
+	db   *gorm.DB
+	pool *pgxpool.Pool
 }
 
 func (ctx *Context) DB() *gorm.DB {
@@ -46,6 +48,9 @@ func (ctx *Context) DB() *gorm.DB {
 	return ctx.db.WithContext(ctx.Context)
 }
 
+func (ctx *Context) Pool() *pgxpool.Pool {
+	return ctx.pool
+}
 func (ctx *Context) String() string {
 	return fmt.Sprintf("%s/%s", ctx.Canary.Namespace, ctx.Canary.Name)
 }
@@ -194,13 +199,14 @@ func (ctx *KubernetesContext) Clone() *KubernetesContext {
 	}
 }
 
-func New(client *kommons.Client, kubernetes kubernetes.Interface, db *gorm.DB, canary v1.Canary) *Context {
+func New(client *kommons.Client, kubernetes kubernetes.Interface, db *gorm.DB, pool *pgxpool.Pool, canary v1.Canary) *Context {
 	if canary.Namespace == "" {
 		canary.Namespace = "default"
 	}
 
 	return &Context{
 		db:          db,
+		pool:        pool,
 		Context:     gocontext.Background(),
 		Kommons:     client,
 		Kubernetes:  kubernetes,

diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -9,3 +9,6 @@ data:
     {{- range $k, $v := .Values.disableChecks }}
     check.disabled.{{ $k }}={{ $v }}
     {{- end }}
+    {{- range $k, $v := .Values.properties }}
+    {{ $k }}={{ $v }}
+    {{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -57,22 +57,33 @@ spec:
             name: {{ include "canary-checker.name" . }}
       securityContext:
         fsGroup: 1000
+        {{- if eq .Values.pingMode "unprivileged" }}
+        sysctls:
+          - name: net.ipv4.ping_group_range
+            value: "0 2147483647"
+        {{- end }}
       containers:
         - name: {{ include "canary-checker.name" . }}
+          {{- if eq .Values.allowPrivilegeEscalation true }}
           securityContext:
-            allowPrivilegeEscalation: {{.Values.allowPrivilegeEscalation}}
+            allowPrivilegeEscalation: true
             capabilities:
               add:
                 - CAP_NET_RAW
+          {{- end }}
           image: {{ include "canary-checker.imageString" . }}
           imagePullPolicy: "{{ .Values.image.pullPolicy }}"
           env:
+            - name: PING_MODE
+              value:  {{ .Values.pingMode | quote }}
             {{- if eq .Values.debug true }}
             - name: DEBUG
               value: "true"
             {{- end }}
+            {{- if eq .Values.dockerSocket true }}
             - name: DOCKER_API_VERSION
               value: "1.39"
+            {{- end }}
             - name: DB_URL
               {{- if eq .Values.db.external.enabled true }}
               valueFrom:
@@ -106,7 +117,7 @@ spec:
               name: podinfo
             - mountPath: /app/canary-checker.properties
               name: config
-              subpath: canary-checker.properties
+              subPath: canary-checker.properties
           command:
             - /app/canary-checker
           args:

diff --git a/chart/templates/priorityclass.yaml b/chart/templates/priorityclass.yaml