dell · sharmilarama · Nov 11, 2021 · Oct 20, 2021 · Oct 20, 2021 · Nov 2, 2021
@@ -96,7 +96,7 @@ jobs:
       - name: Scan Proxy Server
         uses: Azure/container-scan@v0
         with:
-          image-name:  proxy-server:1.0.0
+          image-name:  proxy-server:1.1.0
           severity-threshold: HIGH
       - name: Scan SideCar Proxy
         uses: Azure/container-scan@v0

@@ -1,4 +1,5 @@
-DOCKER_TAG ?= 1.0.0
+DOCKER_TAG ?= 1.1.0
+SIDECAR_TAG ?= 1.0.0
 
 .PHONY: build
 build:
@@ -36,7 +37,7 @@ redeploy: build docker
 .PHONY: docker
 docker: build
 	docker build -t proxy-server:$(DOCKER_TAG) --build-arg APP=proxy-server ./bin/.
-	docker build -t sidecar-proxy:$(DOCKER_TAG) --build-arg APP=sidecar-proxy ./bin/.
+	docker build -t sidecar-proxy:$(SIDECAR_TAG) --build-arg APP=sidecar-proxy ./bin/.
 	docker build -t tenant-service:$(DOCKER_TAG) --build-arg APP=tenant-service ./bin/.
 
 .PHONY: protoc

@@ -1,7 +1,7 @@
 #!/bin/bash -x
 
 ARCH=amd64
-DOCKER_TAG=1.0.0
+SIDECAR_DOCKER_TAG=1.0.0
 DIST=dist
 
 K3S_INSTALL_SCRIPT=${DIST}/k3s-install.sh
@@ -32,19 +32,19 @@ fi
 # Download k3s
 if [[ ! -f $K3S_BINARY ]]
 then
-	curl -kL -o $K3S_BINARY  https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s
+	curl -kL -o $K3S_BINARY  https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s
 fi
 
 if [[ ! -f $K3S_IMAGES_TAR ]]
 then
 	# Download k3s images
-	curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s-airgap-images-$ARCH.tar
+	curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-airgap-images-$ARCH.tar
 fi
 
 if [[ ! -f $CERT_MANAGER_MANIFEST ]]
 then
 	# Download cert-manager manifest
-	curl -kL -o  ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
+	curl -kL -o  ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml
 fi
 
 # Pull all 3rd party images to ensure they exist locally.
@@ -62,7 +62,7 @@ cp $CRED_SHIELD_DEPLOYMENT_MANIFEST $CRED_SHIELD_INGRESS_MANIFEST $CERT_MANAGER_
 cp ../policies/*.rego ../policies/policy-install.sh $DIST/.
 cp ../bin/$KARAVICTL $DIST/.
 
-docker save $SIDECAR_PROXY:$DOCKER_TAG -o $DIST/$SIDECAR_PROXY-$DOCKER_TAG.tar
+docker save $SIDECAR_PROXY:$SIDECAR_DOCKER_TAG -o $DIST/$SIDECAR_PROXY-$SIDECAR_DOCKER_TAG.tar
 
 tar -czv -C $DIST -f karavi-airgap-install.tar.gz .
 
@@ -78,7 +78,7 @@ rm $K3S_INSTALL_SCRIPT \
 	${DIST}/$CRED_SHIELD_INGRESS_MANIFEST \
 	${DIST}/*.rego \
 	${DIST}/policy-install.sh \
-	${DIST}/$SIDECAR_PROXY-$DOCKER_TAG.tar \
+	${DIST}/$SIDECAR_PROXY-$SIDECAR_DOCKER_TAG.tar \
 	${DIST}/$KARAVICTL
 
 # Move the tarball into dist.

@@ -44,14 +44,6 @@ subjects:
   name: system:serviceaccounts:karavi
   apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: karavi-storage-secret
-  namespace: karavi
-data:
-  storage-systems.yaml: c3RvcmFnZToK
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -71,7 +63,7 @@ spec:
     spec:
       containers:
       - name: proxy-server
-        image: proxy-server:1.0.0
+        image: proxy-server:1.1.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080
@@ -129,7 +121,7 @@ spec:
     spec:
       containers:
       - name: tenant-service
-        image: tenant-service:1.0.0
+        image: tenant-service:1.1.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 50051

@@ -1,4 +1,4 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: proxy-server
@@ -22,10 +22,10 @@ spec:
         - path: /
           pathType: Prefix
           backend:
-            serviceName: proxy-server
-            servicePort: 8080
+            service.name: proxy-server
+            service.port.number: 8080
 ---
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: grpc-services
@@ -49,5 +49,5 @@ spec:
       - path: /
         pathType: Prefix
         backend:
-          serviceName: tenant-service
-          servicePort: grpc
+          service.name: tenant-service
+          service.port.name: grpc
@@ -52,6 +52,7 @@ var (
 	ioutilReadFile       = ioutil.ReadFile
 	ioutilWriteFile      = ioutil.WriteFile
 	osRemoveAll          = os.RemoveAll
+	osRemove             = os.Remove
 	ioutilTempFile       = ioutil.TempFile
 	execCommand          = exec.Command
 	osGeteuid            = os.Geteuid
@@ -85,6 +86,7 @@ const (
 	RancherManifestsDir       = "/var/lib/rancher/k3s/server/manifests"
 	RancherK3sKubeConfigPath  = "/etc/rancher/k3s/k3s.yaml"
 	EnvK3sInstallSkipDownload = "INSTALL_K3S_SKIP_DOWNLOAD=true"
+	EnvK3sForceRestart        = "INSTALL_K3S_FORCE_RESTART=true"
 )
 
 const (
@@ -185,10 +187,12 @@ func NewDeploymentProcess(stdout, stderr io.Writer, bundle fs.FS) *DeployProcess
 		dp.CopyImagesToRancherDirs,
 		dp.CopyManifestsToRancherDirs,
 		dp.WriteConfigSecretManifest,
+		dp.WriteStorageSecretManifest,
 		dp.WriteConfigMapManifest,
 		dp.ExecuteK3sInstallScript,
 		dp.InitKaraviPolicies,
 		dp.ChownK3sKubeConfig,
+		dp.RemoveSecretManifest,
 		dp.CopySidecarProxyToCwd,
 		dp.Cleanup,
 		dp.PrintFinishedMessage,
@@ -335,6 +339,22 @@ func (dp *DeployProcess) Cleanup() {
 	}
 }
 
+// RemoveSecretManifest removes the karavi-storage-secret.yaml to prevent
+// overriding storage system data on k3s restart.
+func (dp *DeployProcess) RemoveSecretManifest() {
+	if dp.Err != nil {
+		return
+	}
+
+	fname := filepath.Join(RancherManifestsDir, "karavi-storage-secret.yaml")
+
+	if err := osRemove(fname); err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			fmt.Fprintf(dp.stderr, "error: cleaning up secret file: %+v\n", err)
+		}
+	}
+}
+
 // UntarFiles extracts the files from the embedded bundle tar file.
 func (dp *DeployProcess) UntarFiles() {
 	if dp.Err != nil {
@@ -556,6 +576,65 @@ func (dp *DeployProcess) WriteConfigSecretManifest() {
 	}
 }
 
+// WriteStorageSecretManifest generates and writes the Kubernetes
+// Storage Secret manifest for Karavi-Authorization, if it does not exist from previous install
+func (dp *DeployProcess) WriteStorageSecretManifest() {
+	if dp.Err != nil {
+		return
+	}
+
+	//check if a secret already exists from previous install
+	cmd := execCommand("/usr/local/bin/k3s", "kubectl", "get", "secret", "karavi-storage-secret", "-n", "karavi", "-o", "json")
+	err := cmd.Run()
+	if err == nil {
+		//skip creating the secret
+		return
+	}
+
+	secret := corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "karavi-storage-secret",
+			Namespace: "karavi",
+		},
+		Data: make(map[string][]byte),
+	}
+	b64, err := base64.StdEncoding.DecodeString("c3RvcmFnZToK")
+	if err != nil {
+		dp.Err = fmt.Errorf("decoding base64 string: %w", err)
+		return
+	}
+	secret.Data["storage-systems.yaml"] = b64
+	secretBytes, err := yamlMarshalSecret(&secret)
+	if err != nil {
+		dp.Err = fmt.Errorf("marshalling %+v: %w", secret, err)
+		return
+	}
+
+	fname := filepath.Join(RancherManifestsDir, "karavi-storage-secret.yaml")
+	f, err := osOpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0341)
+	if err != nil {
+		dp.Err = fmt.Errorf("creating %s: %w", fname, err)
+		return
+	}
+	defer func() {
+		err := f.Close()
+		if err != nil {
+			dp.Err = fmt.Errorf("closing RancherManifestsDir: %w", err)
+		}
+	}()
+
+	_, err = f.Write(secretBytes)
+	if err != nil {
+		dp.Err = fmt.Errorf("writing secret: %w", err)
+		return
+	}
+
+}
+
 // WriteConfigMapManifest generates and writes the Kubernetes
 // Secret manifest for Karavi-Authorization, based on the provided
 // configuration options, if any.
@@ -662,7 +741,7 @@ func (dp *DeployProcess) ExecuteK3sInstallScript() {
 	}
 
 	cmd := execCommand(filepath.Join(dp.tmpDir, k3SInstallScript))
-	cmd.Env = append(os.Environ(), EnvK3sInstallSkipDownload)
+	cmd.Env = append(os.Environ(), EnvK3sInstallSkipDownload, EnvK3sForceRestart)
 	cmd.Stdout = logFile
 	cmd.Stderr = logFile
 	err = cmd.Run()