linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: Use devcontainer tooling in CI (#8925) 

Our devcontainers pin versions of all of the tools we need to build &
test the project, but these tools are not necessarily kept in sync with
those in our devcontainer.

This change introduces new variants of our devcontainer image that can
be pre-bundled with Go or Rust tooling (with fairly minimal container
images). Various CI workflows are updated to use the same tooling
versions that are used by our devcontainer, and a CI workflow is added
to ensure that these versions stay in sync. Some workflows are NOT
updated--especially those that invoke `docker`--since the docker
environment is severely limited when running inside of a container.

Furthermore, this change does the following:

* Update shellcheck to v0.8.0;
* Update `bin/shellcheck-all` to exclude irrelevant files (that are not
  part of the project);
* Add `helm` and `helm-docs` to the devcontainer;
* Update `helm` to v3.9.1
* Update `helm-docs` to v1.11.0
* Include tools like `just`, `cargo-action-fmt`, and `cargo-nextest` in
  our Rust image
* Add a `just` recipe that builds (and optionally publish) the
  appropriate devcontainer images

Signed-off-by: Oliver Gould <ver@buoyant.io>
This commit is contained in:
Oliver Gould 2022-07-27 09:54:39 -07:00 committed by GitHub
parent e6c263fd3d
commit 6adcf81625
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 327 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

322
.devcontainer/Dockerfile
View File

@ -1,145 +1,241 @@
ARG GO_VERSION=1.17
ARG RUST_TOOLCHAIN=1.62.0
ARG RUST_TOOLCHAIN=1.62.1
FROM docker.io/golang:${GO_VERSION}-bullseye as go
ARG GOLANGCI_LINT_VERSION=v1.46.2
##
## Base
##
FROM docker.io/debian:stable-slim as base
RUN apt update && apt upgrade -y --autoremove \
&& apt install -y \
curl \
file \
git \
jo \
jq \
time \
unzip \
xz-utils \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
COPY bin/scurl /usr/local/bin/scurl
FROM base as just
ARG JUST_VERSION=1.2.0
RUN url="https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz" ; \
scurl "$url" | tar zvxf - -C /usr/local/bin just
FROM base as protoc
ARG PROTOC_VERSION=v3.20.1
RUN url="https://github.com/google/protobuf/releases/download/$PROTOC_VERSION/protoc-${PROTOC_VERSION#v}-linux-$(uname -m).zip" ; \
cd $(mktemp -d) && \
scurl -o protoc.zip "$url" && \
unzip protoc.zip bin/protoc && \
mv bin/protoc /usr/local/bin/protoc && \
chmod +x /usr/local/bin/protoc
FROM base as yq
ARG YQ_VERSION=v4.25.1
RUN url="https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" ; \
scurl -o /usr/local/bin/yq "$url" && chmod +x /usr/local/bin/yq
##
## Rust image
##
FROM base as cargo-action-fmt
ARG CARGO_ACTION_FMT_VERSION=1.0.2
RUN url="https://github.com/olix0r/cargo-action-fmt/releases/download/release%2Fv${CARGO_ACTION_FMT_VERSION}/cargo-action-fmt-x86_64-unknown-linux-gnu" ; \
scurl -o /usr/local/bin/cargo-action-fmt "$url" && chmod +x /usr/local/bin/cargo-action-fmt
FROM base as cargo-deny
ARG CARGO_DENY_VERSION=0.12.1
RUN url="https://github.com/EmbarkStudios/cargo-deny/releases/download/${CARGO_DENY_VERSION}/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl.tar.gz" ; \
scurl "$url" | tar zvxf - --strip-components=1 -C /usr/local/bin "cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl/cargo-deny"
FROM base as cargo-nextest
ARG NEXTEST_VERSION=0.9.24
RUN url="https://github.com/nextest-rs/nextest/releases/download/cargo-nextest-${NEXTEST_VERSION}/cargo-nextest-${NEXTEST_VERSION}-x86_64-unknown-linux-gnu.tar.gz" ; \
scurl "$url" | tar zvxf - -C /usr/local/bin cargo-nextest
FROM base as cargo-tarpaulin
ARG CARGO_TARPAULIN_VERSION=0.20.1
RUN url="https://github.com/xd009642/tarpaulin/releases/download/${CARGO_TARPAULIN_VERSION}/cargo-tarpaulin-${CARGO_TARPAULIN_VERSION}-travis.tar.gz" ; \
scurl "$url" | tar xzvf - -C /usr/local/bin cargo-tarpaulin
FROM docker.io/rust:${RUST_TOOLCHAIN}-slim as rust
RUN rustup component add clippy rustfmt
RUN apt update && apt upgrade -y --autoremove \
&& apt install -y \
clang \
cmake \
curl \
git \
jo \
jq \
libssl-dev \
pkg-config \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
COPY --from=cargo-action-fmt /usr/local/bin/cargo-action-fmt /usr/local/cargo/bin/cargo-action-fmt
COPY --from=cargo-deny /usr/local/bin/cargo-deny /usr/local/cargo/bin/cargo-deny
COPY --from=cargo-nextest /usr/local/bin/cargo-nextest /usr/local/cargo/bin/cargo-nextest
COPY --from=cargo-tarpaulin /usr/local/bin/cargo-tarpaulin /usr/local/cargo/bin/cargo-tarpaulin
COPY --from=just /usr/local/bin/just /usr/local/bin/just
COPY --from=yq /usr/local/bin/yq /usr/local/bin/yq
COPY bin/scurl /usr/local/bin/scurl
ENV USER=root
##
## Go image
##
FROM docker.io/golang:${GO_VERSION} as go
RUN apt update && apt upgrade -y --autoremove \
&& apt install -y \
curl \
file \
jq \
time \
unzip \
xz-utils \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN for p in \
github.com/uudashr/gopkgs/v2/cmd/gopkgs@latest \
github.com/ramya-rao-a/go-outline@latest \
github.com/cweill/gotests/gotests@latest \
github.com/fatih/gomodifytags@latest \
github.com/josharian/impl@latest \
github.com/haya14busa/goplay/cmd/goplay@latest \
github.com/go-delve/delve/cmd/dlv@latest \
github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION} \
github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.2 \
github.com/fatih/gomodifytags@latest \
github.com/haya14busa/goplay/cmd/goplay@latest \
github.com/josharian/impl@latest \
github.com/ramya-rao-a/go-outline@latest \
github.com/uudashr/gopkgs/v2/cmd/gopkgs@latest \
golang.org/x/tools/gopls@latest \
google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 \
google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 \
; do go install "$p" ; done
FROM docker.io/golang:${GO_VERSION}-bullseye as cargo-deny
ARG CARGO_DENY_VERSION=0.12.1
gotest.tools/gotestsum@v0.4.2 \
; do go install "$p" ; done \
&& rm -rf /go/pkg/* /go/src/*
COPY bin/scurl /usr/local/bin/scurl
RUN scurl "https://github.com/EmbarkStudios/cargo-deny/releases/download/${CARGO_DENY_VERSION}/cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl.tar.gz" \
| tar zvxf - --strip-components=1 -C /usr/local/bin "cargo-deny-${CARGO_DENY_VERSION}-x86_64-unknown-linux-musl/cargo-deny"
FROM docker.io/golang:${GO_VERSION}-bullseye as yq
ARG YQ_VERSION=v4.25.1
COPY bin/scurl /usr/local/bin/scurl
RUN scurl -vo /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" \
&& chmod +x /usr/local/bin/yq
ENV PROTOC_NO_VENDOR=1
ENV PROTOC=/usr/local/bin/protoc
COPY --from=protoc /usr/local/bin/protoc $PROTOC
FROM docker.io/golang:${GO_VERSION}-bullseye as kubectl
ARG KUBECTL_VERSION=v1.24.2
COPY bin/scurl /usr/local/bin/scurl
RUN scurl -vo /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
&& chmod 755 /usr/local/bin/kubectl
##
## Kubernetes tools
##
FROM base as k8s
ARG KUBECTL_VERSION=v1.24.3
RUN url="https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" ; \
scurl -o /usr/local/bin/kubectl "$url" && chmod +x /usr/local/bin/kubectl
FROM docker.io/golang:${GO_VERSION}-bullseye as k3d
ARG K3D_VERSION=v5.4.4
COPY bin/scurl /usr/local/bin/scurl
RUN scurl -v https://raw.githubusercontent.com/rancher/k3d/$K3D_VERSION/install.sh \
| USE_SUDO=false K3D_INSTALL_DIR=/usr/local/bin bash
RUN url="https://raw.githubusercontent.com/rancher/k3d/$K3D_VERSION/install.sh" ; \
scurl "$url" | USE_SUDO=false K3D_INSTALL_DIR=/usr/local/bin bash
FROM docker.io/golang:${GO_VERSION}-bullseye as just
ARG JUST_VERSION=1.2.0
RUN curl --proto '=https' --tlsv1.3 -vsSfL "https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz" \
| tar zvxf - -C /usr/local/bin just
ARG HELM_VERSION=v3.9.2
RUN url="https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" ; \
scurl "$url" | tar xzvf - --strip-components=1 -C /usr/local/bin linux-amd64/helm
FROM docker.io/golang:${GO_VERSION}-bullseye as nextest
ARG NEXTEST_VERSION=0.9.24
RUN curl --proto '=https' --tlsv1.3 -vsSfL "https://github.com/nextest-rs/nextest/releases/download/cargo-nextest-${NEXTEST_VERSION}/cargo-nextest-${NEXTEST_VERSION}-x86_64-unknown-linux-gnu.tar.gz" \
| tar zvxf - -C /usr/local/bin cargo-nextest
FROM docker.io/golang:${GO_VERSION}-bullseye as actionlint
ARG ACTION_LINT_VERSION=1.6.15
COPY bin/scurl /usr/local/bin/scurl
RUN scurl -v "https://raw.githubusercontent.com/rhysd/actionlint/v${ACTION_LINT_VERSION}/scripts/download-actionlint.bash" \
| bash -s -- "${ACTION_LINT_VERSION}" /usr/local/bin
FROM docker.io/rust:${RUST_TOOLCHAIN}-bullseye as protoc
ARG PROTOC_VERSION=v3.20.1
WORKDIR /tmp
RUN arch="$(uname -m)" ; \
version="$PROTOC_VERSION" ; \
curl --proto '=https' --tlsv1.3 -vsSfLo protoc.zip "https://github.com/google/protobuf/releases/download/$version/protoc-${version#v}-linux-$arch.zip" && \
unzip protoc.zip bin/protoc && \
chmod 755 bin/protoc
FROM docker.io/rust:${RUST_TOOLCHAIN}-bullseye as rust
RUN rustup component add rustfmt clippy rls
ARG HELM_DOCS_VERSION=v1.11.0
RUN url="https://github.com/norwoodj/helm-docs/releases/download/$HELM_DOCS_VERSION/helm-docs_${HELM_DOCS_VERSION#v}_Linux_x86_64.tar.gz" ; \
scurl "$url" | tar xzvf - -C /usr/local/bin helm-docs
##
## Main container configuration
## Other tools
##
FROM docker.io/golang:${GO_VERSION}-bullseye
FROM base as checksec
ARG CHECKSEC_VERSION=2.5.0
RUN url="https://raw.githubusercontent.com/slimm609/checksec.sh/${CHECKSEC_VERSION}/checksec" ; \
scurl -o /usr/local/bin/checksec "$url" && chmod 755 /usr/local/bin/checksec
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update && \
apt upgrade -y --autoremove && \
apt install -y \
clang \
cmake \
jq \
libssl-dev \
lldb \
locales \
lsb-release \
npm \
shellcheck \
sudo \
time \
unzip && \
rm -rf /var/lib/apt/lists/*
RUN npm install markdownlint-cli2@0.4.0 --global
FROM base as shellcheck
ARG SHELLCHECK_VERSION=v0.8.0
RUN url="https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" ; \
scurl "$url" | tar xJvf - --strip-components=1 -C /usr/local/bin "shellcheck-${SHELLCHECK_VERSION}/shellcheck"
RUN sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen
FROM shellcheck as actionlint
ARG ACTIONLINT_VERSION=v1.6.15
RUN url="https://github.com/rhysd/actionlint/releases/download/${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION#v}_linux_amd64.tar.gz" ; \
scurl "$url" | tar xzvf - -C /usr/local/bin actionlint
ARG USER=code
ARG USER_UID=1000
ARG USER_GID=1000
RUN groupadd --gid=$USER_GID $USER \
&& useradd --uid=$USER_UID --gid=$USER_GID -m $USER \
&& echo "$USER ALL=(root) NOPASSWD:ALL" >/etc/sudoers.d/$USER \
&& chmod 0440 /etc/sudoers.d/$USER
##
## Tools: Everything needed for a development environment, minus non-root settings.
##
# Install a Docker client that uses the host's Docker daemon
ARG USE_MOBY=false
ENV DOCKER_BUILDKIT=1
COPY bin/scurl /usr/local/bin/scurl
RUN scurl -v https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/docker-debian.sh \
| bash -s -- true /var/run/docker-host.sock /var/run/docker.sock "${USER}" "${USE_MOBY}" latest
RUN (echo "LC_ALL=en_US.UTF-8" \
&& echo "LANGUAGE=en_US.UTF-8") >/etc/default/locale
USER $USER
ENV USER=$USER
ENV HOME=/home/$USER
COPY --from=go /go/bin /go/bin
COPY --from=cargo-deny /usr/local/bin/cargo-deny /usr/local/bin/cargo-deny
COPY --from=k3d /usr/local/bin/k3d /usr/local/bin/k3d
COPY --from=kubectl /usr/local/bin/kubectl /usr/local/bin/kubectl
COPY --from=yq /usr/local/bin/yq /usr/local/bin/yq
COPY --from=just /usr/local/bin/just /usr/local/bin/just
COPY --from=nextest /usr/local/bin/cargo-nextest /usr/local/bin/cargo-nextest
COPY --from=actionlint /usr/local/bin/actionlint /usr/local/bin/actionlint
COPY --from=protoc /tmp/bin/protoc /usr/local/bin/protoc
FROM base as tools
COPY --from=actionlint /usr/local/bin/actionlint /usr/local/bin/
COPY --from=checksec /usr/local/bin/checksec /usr/local/bin/che
COPY --from=just /usr/local/bin/just /usr/local/bin/
COPY --from=k8s /usr/local/bin/helm /usr/local/bin/
COPY --from=k8s /usr/local/bin/helm-docs /usr/local/bin/
COPY --from=k8s /usr/local/bin/k3d /usr/local/bin/
COPY --from=k8s /usr/local/bin/kubectl /usr/local/bin/
COPY --from=protoc /usr/local/bin/protoc /usr/local/bin/
COPY --from=shellcheck /usr/local/bin/shellcheck /usr/local/bin/
COPY --from=yq /usr/local/bin/yq /usr/local/bin/
ENV PROTOC_NO_VENDOR=1
ENV PROTOC=/usr/local/bin/protoc
COPY --from=rust /usr/local/cargo /usr/local/cargo
COPY --from=rust /usr/local/rustup /usr/local/rustup
##
## Runtime
##
FROM docker.io/debian:stable as runtime
RUN apt update && apt upgrade -y --autoremove \
&& apt install -y \
clang curl \
cmake \
file \
jo \
jq \
libssl-dev \
locales \
lsb-release \
npm \
pkg-config \
sudo \
time \
unzip \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen
RUN (echo "LC_ALL=en_US.UTF-8" \
&& echo "LANGUAGE=en_US.UTF-8") >/etc/default/locale
ARG MARKDOWNLINT_VERSION=0.4.0
RUN npm install "markdownlint-cli2@${MARKDOWNLINT_VERSION}" --global
ENV GOPATH=/go
COPY --from=go /go/bin $GOPATH/bin
COPY --from=go /usr/local/go /usr/local/go
ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
ENV CARGO_HOME=/usr/local/cargo
ENV RUSTUP_HOME=/usr/local/rustup
RUN sudo chmod 777 $CARGO_HOME $RUSTUP_HOME
ENV PATH=/usr/local/cargo/bin:$PATH
COPY --from=rust $CARGO_HOME $CARGO_HOME
COPY --from=rust $RUSTUP_HOME $RUSTUP_HOME
ENV PATH=$CARGO_HOME/bin:$PATH
RUN rustup component add rust-analysis rust-std
RUN scurl -v https://run.linkerd.io/install-edge | sh
ENV PATH=$HOME/.linkerd2/bin:$PATH
COPY --from=tools /usr/local/bin/* /usr/local/bin/
ENV PROTOC_NO_VENDOR=1
ENV PROTOC=/usr/local/bin/protoc
ENV DOCKER_BUILDKIT=1
RUN groupadd --gid=1000 code \
&& useradd --create-home --uid=1000 --gid=1000 code \
&& echo "code ALL=(root) NOPASSWD:ALL" >/etc/sudoers.d/code \
&& chmod 0440 /etc/sudoers.d/code \
&& scurl https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/docker-debian.sh | bash -s \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN chmod 777 $CARGO_HOME $RUSTUP_HOME
ENV USER=code
ENV HOME=/home/code
USER code
ENTRYPOINT ["/usr/local/share/docker-init.sh"]
CMD ["sleep", "infinity"]

2
.devcontainer/devcontainer.json
View File

@ -1,6 +1,6 @@
{
"name": "linkerd2",
"image": "ghcr.io/linkerd/dev:v18",
"image": "ghcr.io/linkerd/dev:v19",
// "dockerFile": "./Dockerfile",
// "context": "..",
"extensions": [

26
.github/workflows/actions.yml vendored
View File

@ -8,22 +8,34 @@ on:
permissions:
contents: read
env:
ACTIONLINT_VERSION: 1.6.15
jobs:
actionlint:
runs-on: ubuntu-20.04
timeout-minutes: 10
container: ghcr.io/linkerd/dev:v19-tools
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Install actionlint
run: |
url="https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_1.6.15_linux_amd64.tar.gz"
bin/scurl "$url" | tar xzvf - -C /usr/local/bin actionlint
- name: Run actionlint
run: |
# shellcheck disable=SC2016
actionlint \
-format '{{range $err := .}}::error file={{$err.Filepath}},line={{$err.Line}},col={{$err.Column}}::{{$err.Message}}%0A```%0A{{replace $err.Snippet "\\n" "%0A"}}%0A```\n{{end}}' \
.github/workflows/*
devcontainer-versions:
runs-on: ubuntu-latest
container: ghcr.io/linkerd/dev:v19-tools
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Scan workflows for other Devcontainer image versions
run: |
# Strip jsonc comments because `jq` doesn't support them.
image=$(sed -E '/^\s*\/\/.*/d' .devcontainer/devcontainer.json |jq -Mr .image)
for f in .github/workflows/* ; do
for i in $(yq '.jobs.* | .container.image // .container // "" | match("ghcr.io/linkerd/dev:v[0-9]+").string' < "$f") ; do
if [ "$i" != "$image" ]; then
echo "::error file=$f::Workflow '$f' uses incorrect Devcontainer image '$i'"
exit 1
fi
done
done

2
.github/workflows/codecov.yml vendored
View File

@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 15
container:
image: docker://rust:1.62.0
image: docker://rust:1.62.1
options: --security-opt seccomp=unconfined
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

13
.github/workflows/go.yml vendored
View File

@ -15,9 +15,7 @@ jobs:
go-lint:
timeout-minutes: 10
runs-on: ubuntu-20.04
container:
image: ghcr.io/linkerd/dev:v18
options: --user root
container: ghcr.io/linkerd/dev:v19-go
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: golangci-lint run --verbose --timeout=10m
@ -25,8 +23,7 @@ jobs:
go-format:
timeout-minutes: 10
runs-on: ubuntu-20.04
container:
image: golang:1.17
container: ghcr.io/linkerd/dev:v19-go
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: bin/fmt
@ -34,14 +31,10 @@ jobs:
go-test:
timeout-minutes: 10
runs-on: ubuntu-20.04
container:
image: golang:1.17
container: ghcr.io/linkerd/dev:v19-go
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: go mod download
- run: go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2
- run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28
- run: go install gotest.tools/gotestsum@v0.4.2
- run: gotestsum -- -race -v -mod=readonly ./...
env:
LINKERD_TEST_PRETTY_DIFF: 1

1
.github/workflows/helm.yml vendored
View File

@ -15,6 +15,7 @@ jobs:
helm-docs-diff:
runs-on: ubuntu-20.04
timeout-minutes: 5
container: ghcr.io/linkerd/dev:v19-tools
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: bin/helm-docs-diff

10
.github/workflows/markdown.yml vendored
View File

@ -6,8 +6,8 @@ permissions:
on:
pull_request:
paths:
- '**/*.md'
- .github/workflows/markdown.yml
- '**/*.md'
jobs:
markdownlint:
@ -17,7 +17,7 @@ jobs:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- uses: DavidAnson/markdownlint-cli2-action@d199b6e1b89360c71e0c21eac02f7965faf07ba6
with:
globs: |
**/*.md
!**/node_modules/**
!target/**
globs: |
**/*.md
!**/node_modules/**
!target/**

4
.github/workflows/proto.yml vendored
View File

@ -15,10 +15,8 @@ jobs:
proto-diff:
timeout-minutes: 10
runs-on: ubuntu-20.04
container:
image: golang:1.17
container: ghcr.io/linkerd/dev:v19-go
steps:
- run: apt-get update && apt-get -y --no-install-recommends install unzip
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: bin/protoc-diff

37
.github/workflows/rust.yml vendored
View File

@ -21,18 +21,8 @@ env:
PROTOC_NO_VENDOR: 1
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
jobs:
fmt:
timeout-minutes: 5
runs-on: ubuntu-latest
container:
image: docker://rust:1.62.0
steps:
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: rustup component add rustfmt
- run: just rs-check-fmt
jobs:
audit:
timeout-minutes: 10
runs-on: ubuntu-latest
@ -49,27 +39,29 @@ jobs:
with:
command: check ${{ matrix.checks }}
fmt:
timeout-minutes: 5
runs-on: ubuntu-latest
container: ghcr.io/linkerd/dev:v19-rust
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: just rs-check-fmt
clippy:
timeout-minutes: 10
runs-on: ubuntu-latest
container:
image: docker://rust:1.62.0
container: ghcr.io/linkerd/dev:v19-rust
steps:
- run: rustup component add clippy
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
- uses: olix0r/cargo-action-fmt@ed3530f0739c46ffa0dd983f8746b8c4a3d0a01c
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: just rs-fetch
- run: just rs-clippy
- run: just rs-doc --no-deps
check:
timeout-minutes: 20
runs-on: ubuntu-latest
container:
image: docker://rust:1.62.0
container: ghcr.io/linkerd/dev:v19-rust
steps:
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
- uses: olix0r/cargo-action-fmt@ed3530f0739c46ffa0dd983f8746b8c4a3d0a01c
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: just rs-fetch
- run: just rs-check-dirs
@ -78,11 +70,8 @@ jobs:
name: test
runs-on: ubuntu-latest
timeout-minutes: 15
container:
image: docker://rust:1.62.0
container: ghcr.io/linkerd/dev:v19-rust
steps:
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
- uses: olix0r/cargo-action-fmt@ee1ef42932e44794821dab57ef1bf7a73df8b21f
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: just rs-fetch
- run: just rs-test-build

1
.github/workflows/shell.yml vendored
View File

@ -15,6 +15,7 @@ jobs:
shellcheck:
timeout-minutes: 10
runs-on: ubuntu-20.04
container: ghcr.io/linkerd/dev:v19-tools
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- run: bin/shellcheck-all

6
bin/helm
View File

@ -2,7 +2,11 @@
set -eu
helmversion=v3.8.0
if command -v helm >/dev/null ; then
exec helm "$@"
fi
helmversion=v3.9.1
bindir=$( cd "${0%/*}" && pwd )
targetbin=$( cd "$bindir"/.. && pwd )/target/bin
helmbin=$targetbin/helm-$helmversion

6
bin/helm-docs
View File

@ -2,7 +2,11 @@
set -eu
helmdocsv=1.4.0
if command -v helm-docs >/dev/null ; then
exec helm-docs "$@"
fi
helmdocsv=1.11.0
bindir=$( cd "${0%/*}" && pwd ) # Change to script dir and set bin dir to this
targetbin=$( cd "$bindir"/.. && pwd )/target/bin
helmdocsbin=$targetbin/helm-docs-$helmdocsv

7
bin/shellcheck
View File

@ -2,12 +2,15 @@
set -eu
scversion=v0.7.1
if command -v shellcheck >/dev/null ; then
exec shellcheck "$@"
fi
scversion=v0.8.0
bindir=$( cd "${0%/*}" && pwd )
targetbin=$( cd "$bindir"/.. && pwd )/target/bin
scbin=$targetbin/.shellcheck-$scversion
if [ ! -f "$scbin" ]; then
if [ "$(uname -s)" = Darwin ]; then
file=darwin.x86_64.tar.xz

15
bin/shellcheck-all
View File

@ -1,23 +1,30 @@
#!/usr/bin/env sh
#!/usr/bin/env bash
set -eu
bindir=$( cd "${0%/*}" && pwd )
rootdir=$( cd "$bindir"/.. && pwd )
scripts() {
find "$rootdir" -name '*.sh' \
-not -path "$rootdir/.git/*" \
-not -path "$rootdir/target/*" \
-not -path "$rootdir/web/app/node_modules/*"
}
# Make sure all files with the .sh extension are shellscripts and have a
# proper shebang
shebangpattern='#!/usr/bin/env (bash|sh)'
find "$rootdir" -name \*.sh -type f | while IFS= read -r file; do
while IFS= read -r file ; do
head -1 "$file" | grep -qE "$shebangpattern\$" || {
echo "ERROR: No valid '$shebangpattern' shebang found in '$file'" >&2
exit 1
}
done
done < <(scripts)
# For more information on shellcheck failures:
# https://github.com/koalaman/shellcheck/wiki/Checks
# We want the word splitting for the shellcheck arguments
# shellcheck disable=SC2046
"$bindir"/shellcheck -x -P "$bindir" $(grep -rnsle '^#!/usr/bin/env \(bash\|sh\)' "$rootdir"/* | xargs)
"$bindir"/shellcheck -x -P "$bindir" $(scripts |xargs)

4
charts/linkerd-control-plane/README.md
View File

@ -134,7 +134,7 @@ Kubernetes: `>=1.21.0-0`
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
| clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod and service networks, but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
| clusterNetworks | string | `"10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16"` | The cluster networks for which service discovery is performed. This should include the pod and service networks, but need not include the node network. By default, all private networks are specified so that resolution works in typical Kubernetes environments. |
| cniEnabled | bool | `false` | enabling this omits the NET_ADMIN capability in the PSP and the proxy-init container when injecting the proxy; requires the linkerd-cni plugin to already be installed |
| controlPlaneTracing | bool | `false` | enables control plane tracing |
| controlPlaneTracingNamespace | string | `"linkerd-jaeger"` | namespace to send control plane traces to |
@ -252,4 +252,4 @@ Kubernetes: `>=1.21.0-0`
| webhookFailurePolicy | string | `"Ignore"` | Failure policy for the proxy injector |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

2
charts/linkerd-control-plane/values.yaml
View File

@ -157,7 +157,7 @@ proxy:
# hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
# for more info on container lifecycle hooks.
waitBeforeExitSeconds: 0
# -- If set, the application container will not start until the proxy is
# -- If set, the application container will not start until the proxy is
# ready
await: true
requireIdentityOnInboundPorts: ""

2
charts/linkerd-crds/README.md
View File

@ -68,4 +68,4 @@ Kubernetes: `>=1.21.0-0`
| file://../partials | partials | 0.1.0 |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

2
charts/linkerd2-cni/README.md
View File

@ -43,4 +43,4 @@ Kubernetes: `>=1.21.0-0`
| useWaitFlag | bool | `false` | Configures the CNI plugin to use the -w flag for the iptables command |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

2
charts/partials/README.md
View File

@ -6,4 +6,4 @@ depended by the 'linkerd' and 'patch' charts.
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

2
go.sum
View File

@ -1588,7 +1588,7 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.62.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=

2
jaeger/charts/linkerd-jaeger/README.md
View File

@ -133,4 +133,4 @@ Kubernetes: `>=1.21.0-0`
| webhook.tolerations | string | `nil` | Tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

23
justfile
View File

@ -411,6 +411,29 @@ _linkerd-viz-uninit:
# TODO linkerd-jaeger-install
# TODO linkerd-multicluster-install
##
## Devcontainer
##
devcontainer-build-mode := "load"
devcontainer-image := "ghcr.io/linkerd/dev"
devcontainer-build tag:
#!/usr/bin/env bash
set -euo pipefail
for tgt in tools go rust runtime ; do
just devcontainer-build-mode={{ devcontainer-build-mode }} \
_devcontainer-build {{ tag }} "${tgt}"
done
_devcontainer-build tag target='':
docker buildx build . \
--progress=plain \
--file=.devcontainer/Dockerfile \
--tag='{{ devcontainer-image }}:{{ tag }}{{ if target != "runtime" { "-" + target } else { "" } }}' \
--target='{{ target }}' \
--{{ if devcontainer-build-mode == "push" { "push" } else { "load" } }}
##
## Git
##

2
multicluster/charts/linkerd-multicluster-link/README.md
View File

@ -39,4 +39,4 @@ Kubernetes: `>=1.21.0-0`
| tolerations | object | `{}` | Tolerations for the Service mirror pod |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

4
multicluster/charts/linkerd-multicluster/README.md
View File

@ -80,7 +80,7 @@ Kubernetes: `>=1.21.0-0`
| gateway.port | int | `4143` | The port on which all the gateway will accept incoming traffic |
| gateway.probe.path | string | `"/ready"` | The path that will be used by remote clusters for determining whether the gateway is alive |
| gateway.probe.port | int | `4191` | The port used for liveliness probing |
| gateway.probe.seconds | int | `3` | |
| gateway.probe.seconds | int | `3` | The interval (in seconds) between liveness probes |
| gateway.replicas | int | `1` | Number of replicas for the gateway pod |
| gateway.serviceAnnotations | object | `{}` | Annotations to add to the gateway service |
| gateway.serviceType | string | `"LoadBalancer"` | Service Type of gateway Service |
@ -92,4 +92,4 @@ Kubernetes: `>=1.21.0-0`
| remoteMirrorServiceAccountName | string | `"linkerd-service-mirror-remote-access-default"` | The name of the service account used to allow remote clusters to mirror local services |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

6
policy-controller/amd64.dockerfile
View File

@ -1,4 +1,4 @@
ARG RUST_IMAGE=docker.io/library/rust:1.62.0
ARG RUST_IMAGE=docker.io/library/rust:1.62.1
ARG RUNTIME_IMAGE=gcr.io/distroless/cc
# Builds the controller binary.
@ -11,10 +11,10 @@ COPY Cargo.toml Cargo.lock .
COPY policy-controller policy-controller
RUN cargo new policy-test --lib
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
cargo fetch
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
if [ "$BUILD_TYPE" = debug ]; then \
cargo build --frozen --target=x86_64-unknown-linux-gnu --package=linkerd-policy-controller && \
mv target/x86_64-unknown-linux-gnu/debug/linkerd-policy-controller /tmp/ ; \

6
policy-controller/arm.dockerfile
View File

@ -1,4 +1,4 @@
ARG RUST_IMAGE=docker.io/library/rust:1.62.0
ARG RUST_IMAGE=docker.io/library/rust:1.62.1
ARG RUNTIME_IMAGE=gcr.io/distroless/cc
FROM $RUST_IMAGE as build
@ -13,11 +13,11 @@ COPY Cargo.toml Cargo.lock .
COPY policy-controller policy-controller
RUN cargo new policy-test --lib
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
cargo fetch
# XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm.
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
cargo build --frozen --release --target=armv7-unknown-linux-gnueabihf \
--package=linkerd-policy-controller --no-default-features --features="rustls-tls" && \
mv target/armv7-unknown-linux-gnueabihf/release/linkerd-policy-controller /tmp/

6
policy-controller/arm64.dockerfile
View File

@ -1,4 +1,4 @@
ARG RUST_IMAGE=docker.io/library/rust:1.62.0
ARG RUST_IMAGE=docker.io/library/rust:1.62.1
ARG RUNTIME_IMAGE=gcr.io/distroless/cc
FROM $RUST_IMAGE as build
@ -13,11 +13,11 @@ COPY Cargo.toml Cargo.lock .
COPY policy-controller policy-controller
RUN cargo new policy-test --lib
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
cargo fetch
# XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm.
RUN --mount=type=cache,target=target \
--mount=type=cache,from=rust:1.62.0,source=/usr/local/cargo,target=/usr/local/cargo \
--mount=type=cache,from=rust:1.62.1,source=/usr/local/cargo,target=/usr/local/cargo \
cargo build --frozen --release --target=aarch64-unknown-linux-gnu \
--package=linkerd-policy-controller --no-default-features --features="rustls-tls" && \
mv target/aarch64-unknown-linux-gnu/release/linkerd-policy-controller /tmp/

2
rust-toolchain
View File

@ -1 +1 @@
1.62.0
1.62.1

6
viz/charts/linkerd-viz/README.md
View File

@ -94,7 +94,7 @@ Kubernetes: `>=1.21.0-0`
| defaultLogLevel | string | `"info"` | Log level for all the viz components |
| defaultRegistry | string | `"cr.l5d.io/linkerd"` | Docker registry for all viz components |
| defaultUID | int | `2103` | UID for all the viz components |
| enablePSP | bool | `false` | NodeAffinity section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) for more information nodeAffinity: -- Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
| enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
| enablePodAntiAffinity | bool | `false` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. |
| grafana.externalUrl | string | `nil` | url of a Grafana instance hosted off-cluster. Cannot be set if grafana.url is set. The reverse proxy will not be used for this URL. |
| grafana.uidPrefix | string | `nil` | prefix for Grafana dashboard UID's, used when grafana.externalUrl is set. |
@ -168,7 +168,7 @@ Kubernetes: `>=1.21.0-0`
| tap.resources.ephemeral-storage.request | string | `""` | Amount of ephemeral storage that the tap container requests |
| tap.resources.memory.limit | string | `nil` | Maximum amount of memory that tap container can use |
| tap.resources.memory.request | string | `nil` | Amount of memory that the tap container requests |
| tapInjector.UID | string | `nil` | |
| tapInjector.UID | string | `nil` | UID for the tapInjector resource |
| tapInjector.caBundle | string | `""` | Bundle of CA certificates for the tapInjector. If not provided nor injected with cert-manager, then Helm will use the certificate generated for `tapInjector.crtPEM`. If `tapInjector.externalSecret` is set to true, this value, injectCaFrom, or injectCaFromSecret must be set, as no certificate will be generated. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information. |
| tapInjector.crtPEM | string | `""` | Certificate for the tapInjector. If not provided and not using an external secret then Helm will generate one. |
| tapInjector.externalSecret | bool | `false` | Do not create a secret resource for the tapInjector webhook. If this is set to `true`, the value `tapInjector.caBundle` must be set or the ca bundle must injected with cert-manager ca injector using `tapInjector.injectCaFrom` or `tapInjector.injectCaFromSecret` (see below). |
@ -195,4 +195,4 @@ Kubernetes: `>=1.21.0-0`
| tolerations | string | `nil` | Default tolerations section, See the [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)