From 400204600019f679788ab1f77fa728585e5476b5 Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Fri, 8 Nov 2024 17:58:45 +0100 Subject: [PATCH 1/7] fix: configcheck cleaner label selector Signed-off-by: Peter Wilcsinszky --- pkg/resources/configcheck/configcheck.go | 5 +++-- pkg/resources/fluentd/fluentd.go | 2 +- pkg/resources/syslogng/syslogng.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/resources/configcheck/configcheck.go b/pkg/resources/configcheck/configcheck.go index 7d59cd508..9d721e20b 100644 --- a/pkg/resources/configcheck/configcheck.go +++ b/pkg/resources/configcheck/configcheck.go @@ -46,11 +46,12 @@ type ConfigCheckCleaner struct { labels client.MatchingLabels } -func NewConfigCheckCleaner(c client.Client, component string) *ConfigCheckCleaner { +func NewConfigCheckCleaner(c client.Client, component string, logging string) *ConfigCheckCleaner { return &ConfigCheckCleaner{ client: c, labels: client.MatchingLabels{ - "app.kubernetes.io/component": component, + "app.kubernetes.io/component": component, + "app.kubernetes.io/managed-by": logging, }, } } diff --git a/pkg/resources/fluentd/fluentd.go b/pkg/resources/fluentd/fluentd.go index 0ecaa607c..aba9872f7 100644 --- a/pkg/resources/fluentd/fluentd.go +++ b/pkg/resources/fluentd/fluentd.go @@ -168,7 +168,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { } if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) diff --git a/pkg/resources/syslogng/syslogng.go b/pkg/resources/syslogng/syslogng.go index 374e153d7..a8a3b6447 100644 --- a/pkg/resources/syslogng/syslogng.go +++ b/pkg/resources/syslogng/syslogng.go @@ -142,7 +142,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { // Cleanup previous configcheck results if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) From c0ce20ff86fb40dd7fefcb86e0e25b68ee540287 Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Fri, 8 Nov 2024 19:37:08 +0100 Subject: [PATCH 2/7] Revert "fix: configcheck cleaner label selector" This reverts commit 400204600019f679788ab1f77fa728585e5476b5. --- pkg/resources/configcheck/configcheck.go | 5 ++--- pkg/resources/fluentd/fluentd.go | 2 +- pkg/resources/syslogng/syslogng.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/pkg/resources/configcheck/configcheck.go b/pkg/resources/configcheck/configcheck.go index 9d721e20b..7d59cd508 100644 --- a/pkg/resources/configcheck/configcheck.go +++ b/pkg/resources/configcheck/configcheck.go @@ -46,12 +46,11 @@ type ConfigCheckCleaner struct { labels client.MatchingLabels } -func NewConfigCheckCleaner(c client.Client, component string, logging string) *ConfigCheckCleaner { +func NewConfigCheckCleaner(c client.Client, component string) *ConfigCheckCleaner { return &ConfigCheckCleaner{ client: c, labels: client.MatchingLabels{ - "app.kubernetes.io/component": component, - "app.kubernetes.io/managed-by": logging, + "app.kubernetes.io/component": component, }, } } diff --git a/pkg/resources/fluentd/fluentd.go b/pkg/resources/fluentd/fluentd.go index aba9872f7..0ecaa607c 100644 --- a/pkg/resources/fluentd/fluentd.go +++ b/pkg/resources/fluentd/fluentd.go @@ -168,7 +168,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { } if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) diff --git a/pkg/resources/syslogng/syslogng.go b/pkg/resources/syslogng/syslogng.go index a8a3b6447..374e153d7 100644 --- a/pkg/resources/syslogng/syslogng.go +++ b/pkg/resources/syslogng/syslogng.go @@ -142,7 +142,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { // Cleanup previous configcheck results if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) From a65cae893840c4a94913978de6be8eb3baa84fd9 Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Fri, 8 Nov 2024 17:58:45 +0100 Subject: [PATCH 3/7] fix: configcheck cleaner label selector Signed-off-by: Peter Wilcsinszky --- pkg/resources/configcheck/configcheck.go | 5 +++-- pkg/resources/fluentd/fluentd.go | 2 +- pkg/resources/syslogng/syslogng.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/resources/configcheck/configcheck.go b/pkg/resources/configcheck/configcheck.go index 7d59cd508..9d721e20b 100644 --- a/pkg/resources/configcheck/configcheck.go +++ b/pkg/resources/configcheck/configcheck.go @@ -46,11 +46,12 @@ type ConfigCheckCleaner struct { labels client.MatchingLabels } -func NewConfigCheckCleaner(c client.Client, component string) *ConfigCheckCleaner { +func NewConfigCheckCleaner(c client.Client, component string, logging string) *ConfigCheckCleaner { return &ConfigCheckCleaner{ client: c, labels: client.MatchingLabels{ - "app.kubernetes.io/component": component, + "app.kubernetes.io/component": component, + "app.kubernetes.io/managed-by": logging, }, } } diff --git a/pkg/resources/fluentd/fluentd.go b/pkg/resources/fluentd/fluentd.go index 0ecaa607c..aba9872f7 100644 --- a/pkg/resources/fluentd/fluentd.go +++ b/pkg/resources/fluentd/fluentd.go @@ -168,7 +168,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { } if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) diff --git a/pkg/resources/syslogng/syslogng.go b/pkg/resources/syslogng/syslogng.go index 374e153d7..a8a3b6447 100644 --- a/pkg/resources/syslogng/syslogng.go +++ b/pkg/resources/syslogng/syslogng.go @@ -142,7 +142,7 @@ func (r *Reconciler) Reconcile(ctx context.Context) (*reconcile.Result, error) { // Cleanup previous configcheck results if result, ok := r.Logging.Status.ConfigCheckResults[hash]; ok { - cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck) + cleaner := configcheck.NewConfigCheckCleaner(r.Client, ComponentConfigCheck, r.Logging.GetName()) var cleanupErrs error cleanupErrs = errors.Append(cleanupErrs, cleaner.SecretCleanup(ctx, hash)) From ba70c052606d1013eb43d5b5ea0a9bad28cbe5aa Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Mon, 11 Nov 2024 09:29:55 +0100 Subject: [PATCH 4/7] chore(CI): Use AWS ECR location for trivy DBs Signed-off-by: Szilard Parrag --- .github/workflows/artifacts.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 219044dde..95d711a4c 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -162,6 +162,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:1 with: input: image format: sarif @@ -275,6 +278,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:1 with: scan-type: config scan-ref: charts/${{ steps.chart-name.outputs.value }} From e58551378ece3bf801926ec04bb81ea29a40675e Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Sun, 10 Nov 2024 07:43:49 +0100 Subject: [PATCH 5/7] chore: prepare for release with bumping fluentd image version Signed-off-by: Peter Wilcsinszky --- e2e/common/helpers.go | 2 +- .../fluentd_aggregator_test.go | 2 +- e2e/fluentd-aggregator/fluentd_aggregator_test.go | 4 ++-- e2e/volumedrain/volumedrain_test.go | 2 +- pkg/sdk/logging/api/v1beta1/logging_types.go | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/e2e/common/helpers.go b/e2e/common/helpers.go index 0f89a884b..82dfe8c32 100644 --- a/e2e/common/helpers.go +++ b/e2e/common/helpers.go @@ -125,7 +125,7 @@ func LoggingInfra( ControlNamespace: nsInfra, FluentdSpec: &v1beta1.FluentdSpec{ Image: v1beta1.ImageSpec{ - Tag: "v1.16-4.9-base", + Tag: "v1.16-4.11-base", }, DisablePvc: true, Resources: v12.ResourceRequirements{ diff --git a/e2e/fluentd-aggregator-namespacelabel/fluentd_aggregator_test.go b/e2e/fluentd-aggregator-namespacelabel/fluentd_aggregator_test.go index b26a5d623..53fa6e0c6 100644 --- a/e2e/fluentd-aggregator-namespacelabel/fluentd_aggregator_test.go +++ b/e2e/fluentd-aggregator-namespacelabel/fluentd_aggregator_test.go @@ -103,7 +103,7 @@ func TestFluentdAggregator_NamespaceLabel(t *testing.T) { }, FluentdSpec: &v1beta1.FluentdSpec{ Image: v1beta1.ImageSpec{ - Tag: "v1.16-4.9-base", + Tag: "v1.16-4.11-base", }, Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ diff --git a/e2e/fluentd-aggregator/fluentd_aggregator_test.go b/e2e/fluentd-aggregator/fluentd_aggregator_test.go index e485ff383..544b1f9aa 100644 --- a/e2e/fluentd-aggregator/fluentd_aggregator_test.go +++ b/e2e/fluentd-aggregator/fluentd_aggregator_test.go @@ -91,7 +91,7 @@ func TestFluentdAggregator_MultiWorker(t *testing.T) { }, FluentdSpec: &v1beta1.FluentdSpec{ Image: v1beta1.ImageSpec{ - Tag: "v1.16-4.9-base", + Tag: "v1.16-4.11-base", }, Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ @@ -259,7 +259,7 @@ func TestFluentdAggregator_ConfigChecks(t *testing.T) { }, FluentdSpec: &v1beta1.FluentdSpec{ Image: v1beta1.ImageSpec{ - Tag: "v1.16-4.9-base", + Tag: "v1.16-4.11-base", }, Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ diff --git a/e2e/volumedrain/volumedrain_test.go b/e2e/volumedrain/volumedrain_test.go index 2709e991b..7f64cd626 100644 --- a/e2e/volumedrain/volumedrain_test.go +++ b/e2e/volumedrain/volumedrain_test.go @@ -89,7 +89,7 @@ func TestVolumeDrain_Downscale(t *testing.T) { }, FluentdSpec: &v1beta1.FluentdSpec{ Image: v1beta1.ImageSpec{ - Tag: "v1.16-4.9-base", + Tag: "v1.16-4.11-base", }, Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ diff --git a/pkg/sdk/logging/api/v1beta1/logging_types.go b/pkg/sdk/logging/api/v1beta1/logging_types.go index faeb1c316..916995ddb 100644 --- a/pkg/sdk/logging/api/v1beta1/logging_types.go +++ b/pkg/sdk/logging/api/v1beta1/logging_types.go @@ -179,7 +179,7 @@ const ( DefaultFluentbitConfigReloaderImageRepository = "ghcr.io/kube-logging/config-reloader" DefaultFluentbitConfigReloaderImageTag = "v0.0.6" DefaultFluentdImageRepository = "ghcr.io/kube-logging/fluentd" - DefaultFluentdImageTag = "v1.16-4.10-full" + DefaultFluentdImageTag = "v1.16-4.11-full" DefaultFluentdBufferStorageVolumeName = "fluentd-buffer" DefaultFluentdDrainWatchImageRepository = "ghcr.io/kube-logging/fluentd-drain-watch" DefaultFluentdDrainWatchImageTag = "v0.2.3" From 0826736b2dc273d46c9336dfa3b2ec87bade918e Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Sun, 10 Nov 2024 07:44:42 +0100 Subject: [PATCH 6/7] chore: use moving image tag for axosyslog Signed-off-by: Peter Wilcsinszky --- pkg/sdk/logging/api/v1beta1/syslogng_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sdk/logging/api/v1beta1/syslogng_types.go b/pkg/sdk/logging/api/v1beta1/syslogng_types.go index 2cabde194..de645f96f 100644 --- a/pkg/sdk/logging/api/v1beta1/syslogng_types.go +++ b/pkg/sdk/logging/api/v1beta1/syslogng_types.go @@ -34,7 +34,7 @@ type _metaSyslogNGSpec interface{} //nolint:deadcode,unused const ( defaultSyslogngImageRepository = "ghcr.io/axoflow/axosyslog" - defaultSyslogngImageTag = "4.8.1-1" + defaultSyslogngImageTag = "4.8.1" configReloaderImageRepository = "ghcr.io/kube-logging/syslogng-reload" configReloaderImageTag = "v1.5.0" prometheusExporterImageRepository = "ghcr.io/axoflow/axosyslog-metrics-exporter" From c0f8192241da814bdaddf5230314d142b09423ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Mon, 11 Nov 2024 15:23:57 +0100 Subject: [PATCH 7/7] chore(pkg): update AxoSyslog image to 4.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: László Várady --- pkg/sdk/logging/api/v1beta1/syslogng_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sdk/logging/api/v1beta1/syslogng_types.go b/pkg/sdk/logging/api/v1beta1/syslogng_types.go index de645f96f..8e3872fef 100644 --- a/pkg/sdk/logging/api/v1beta1/syslogng_types.go +++ b/pkg/sdk/logging/api/v1beta1/syslogng_types.go @@ -34,7 +34,7 @@ type _metaSyslogNGSpec interface{} //nolint:deadcode,unused const ( defaultSyslogngImageRepository = "ghcr.io/axoflow/axosyslog" - defaultSyslogngImageTag = "4.8.1" + defaultSyslogngImageTag = "4.9.0" configReloaderImageRepository = "ghcr.io/kube-logging/syslogng-reload" configReloaderImageTag = "v1.5.0" prometheusExporterImageRepository = "ghcr.io/axoflow/axosyslog-metrics-exporter"