Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update patching branch to same height as master #749

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 91 additions & 0 deletions .github/workflows/prod-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,97 @@ jobs:
docker pull "${SRC}-linux_amd64"
docker pull "${SRC}-linux_arm64"

- name: Deploy Images To ECR Public
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "public.ecr.aws"
image_tag: "${{ github.event.inputs.tag }}"
dst_image_name: "appmesh/appmesh-controller"
region: "us-west-2"
role: "${{ secrets.PROD_AWS_ROLE }}"

- name: Deploy Images to PDX
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "us-west-2"
role: "${{ secrets.PROD_AWS_ROLE }}"

- name: Deploy Images to BAH
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_BAH_AWS_ACCOUNT }}.dkr.ecr.me-south-1.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "me-south-1"
role: "${{ secrets.PROD_BAH_AWS_ROLE }}"

- name: Deploy Images to CPT
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_CPT_AWS_ACCOUNT }}.dkr.ecr.af-south-1.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "af-south-1"
role: "${{ secrets.PROD_CPT_AWS_ROLE }}"

- name: Deploy Images to HKG
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_HKG_AWS_ACCOUNT }}.dkr.ecr.ap-east-1.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "ap-east-1"
role: "${{ secrets.PROD_HKG_AWS_ROLE }}"

- name: Deploy Images to MXP
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_MXP_AWS_ACCOUNT }}.dkr.ecr.eu-south-1.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "eu-south-1"
role: "${{ secrets.PROD_MXP_AWS_ROLE }}"

- name: Deploy Images to CGK
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_CGK_AWS_ACCOUNT }}.dkr.ecr.ap-southeast-3.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "ap-southeast-3"
role: "${{ secrets.PROD_CGK_AWS_ROLE }}"

- name: Deploy Images to BJS
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_BJS_AWS_ACCOUNT }}.dkr.ecr.cn-north-1.amazonaws.com.cn"
image_tag: "${{ github.event.inputs.tag }}"
region: "cn-north-1"
role: "${{ secrets.PROD_BJS_AWS_ROLE }}"

- name: Deploy Images to ZHY
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_ZHY_AWS_ACCOUNT }}.dkr.ecr.cn-northwest-1.amazonaws.com.cn"
image_tag: "${{ github.event.inputs.tag }}"
region: "cn-northwest-1"
role: "${{ secrets.PROD_ZHY_AWS_ROLE }}"

- name: Deploy Images to TLV
uses: ./.github/actions/push-image
with:
src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
dst_host: "${{ secrets.PROD_TLV_AWS_ACCOUNT }}.dkr.ecr.il-central-1.amazonaws.com"
image_tag: "${{ github.event.inputs.tag }}"
region: "il-central-1"
role: "${{ secrets.PROD_TLV_AWS_ROLE }}"

- name: Deploy Images to PDT
uses: ./.github/actions/push-image
with:
Expand Down
19 changes: 19 additions & 0 deletions config/helm/appmesh-controller/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,25 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \

The [configuration](#configuration) section lists the parameters that can be configured during installation.

**Note**
If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`.
If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like:
```
helm upgrade -i appmesh-controller eks/appmesh-controller \
--namespace appmesh-system \
--set region=$AWS_REGION \
--set serviceAccount.create=false \
--set serviceAccount.name=appmesh-controller \
--set accountId=$AWS_ACCOUNT_ID \
--set log.level=debug \
--set tracing.enabled=true \
--set tracing.provider=x-ray \
--set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \
--set xray.image.tag={your-xray-daemon-image-tag}
```
Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway.
More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html

**Note**
Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration
- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
Expand Down
31 changes: 16 additions & 15 deletions test/e2e/fishapp/dynamic_stack.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,21 +42,22 @@ const (
connectivityCheckUniformDistributionSL = 0.001 // Significance level that traffic to targets are uniform distributed.
AppContainerPort = 9080
HttpProxyContainerPort = 8899
defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1"
defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest"
caCertScript = "certs/ca_certs.sh"
nodeCertScript = "certs/node_certs.sh"
genericNodeCertCfgFile = "certs/node_cert.cfg"
certsBasePath = "certs/"
certsCfgFileSuffix = "_cert.cfg"
certChainSuffix = "_cert_chain.pem"
certKeySuffix = "_key.pem"
caCertFile = "ca_cert.pem"
envoyCACertPath = "/certs/ca_cert.pem"
certCleanupScript = "certs/cleanup.sh"
sdsDeployScript = "certs/sds_provider.sh"
registerAgentIdentity = "certs/register_agent_entry.sh"
registerWorkloadIdentity = "certs/register_workload_entry.sh"
// From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller
defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller"
defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest"
caCertScript = "certs/ca_certs.sh"
nodeCertScript = "certs/node_certs.sh"
genericNodeCertCfgFile = "certs/node_cert.cfg"
certsBasePath = "certs/"
certsCfgFileSuffix = "_cert.cfg"
certChainSuffix = "_cert_chain.pem"
certKeySuffix = "_key.pem"
caCertFile = "ca_cert.pem"
envoyCACertPath = "/certs/ca_cert.pem"
certCleanupScript = "certs/cleanup.sh"
sdsDeployScript = "certs/sds_provider.sh"
registerAgentIdentity = "certs/register_agent_entry.sh"
registerWorkloadIdentity = "certs/register_workload_entry.sh"
)

var (
Expand Down
3 changes: 2 additions & 1 deletion test/e2e/fishapp/load/dynamic_stack_load_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ const (
connectivityCheckUniformDistributionSL = 0.001 // Significance level that traffic to targets are uniform distributed.
AppContainerPort = 9080
HttpProxyContainerPort = 8899
//defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1"
// From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller
//defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller"
defaultAppImage = "python:3.9"
defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest"
caCertScript = "certs/ca_certs.sh"
Expand Down
4 changes: 3 additions & 1 deletion test/integration/sidecar-v1.22/sidecar_stack.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package sidecar_v1_22
import (
"context"
"fmt"

"github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject"

appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2"
Expand All @@ -17,7 +18,8 @@ import (
)

const (
defaultImage = "public.ecr.aws/b7m0w2t6/color-be-app:2.0.2"
// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-backend
defaultImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-be-app"
)

type SidecarStack struct {
Expand Down
10 changes: 7 additions & 3 deletions test/integration/sidecar/sidecar_stack.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ package sidecar
import (
"context"
"fmt"
"github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject"
"time"

"github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject"

appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2"
"github.com/aws/aws-app-mesh-controller-for-k8s/test/framework"
"github.com/aws/aws-sdk-go/aws"
Expand All @@ -22,8 +23,11 @@ import (
)

const (
defaultFrontendImage = "public.ecr.aws/b7m0w2t6/color-fe-app:2.0.3"
defaultBackendImage = "public.ecr.aws/b7m0w2t6/color-be-app:2.0.2"
// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-frontend
defaultFrontendImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-fe-app"

// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-backend
defaultBackendImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-be-app"
)

type SidecarStack struct {
Expand Down
8 changes: 6 additions & 2 deletions test/integration/timeout/timeout_stack.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,12 @@ import (
const (
//If you're not able to access below images, try to build them based on the app code under "timeout_app"
//directory and push it to any accessible ECR repo and update the below values
defaultFrontEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-feapp:v1"
defaultBackEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-beapp:v1"

// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/frontend
defaultFrontEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-frontend"

// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/backend
defaultBackEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-backend"

timeoutTest = "timeout-e2e"
AppContainerPort = 8080
Expand Down
8 changes: 6 additions & 2 deletions test/integration/tls/tls_stack.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,12 @@ import (
const (
//If you're not able to access below images, try to build them based on the app code under "timeout_app"
//directory and push it to any accessible ECR repo and update the below values
defaultFrontEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-feapp:v1"
defaultBackEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-beapp:v1"

// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/frontend
defaultFrontEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-frontend"

// From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/backend
defaultBackEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-backend"

tlsTest = "tls-e2e"
AppContainerPort = 8080
Expand Down
8 changes: 5 additions & 3 deletions test/integration/virtualnode/virtualnode_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ package virtualnode_test
import (
"context"
"fmt"
"sync"
"time"

appmeshk8s "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/k8s"
"github.com/aws/aws-app-mesh-controller-for-k8s/test/framework/k8s"
"github.com/aws/aws-sdk-go/aws"
Expand All @@ -15,8 +18,6 @@ import (
apierrs "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
"sync"
"time"

appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2"
"github.com/aws/aws-app-mesh-controller-for-k8s/pkg/algorithm"
Expand All @@ -31,7 +32,8 @@ import (
)

const (
defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1"
// From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller
defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller"
AppContainerPort = 8080
)

Expand Down
Loading