From 744a310b930a78130cedbb927edef676aa90b56f Mon Sep 17 00:00:00 2001 From: denis-tingaikin Date: Tue, 30 Jan 2024 18:21:58 +0300 Subject: [PATCH] run 'make pull-release-nodes' manually Signed-off-by: denis-tingaikin --- .github/sync/Makefile | 2 +- .github/workflows/sync.yaml | 2 +- Makefile | 4 +- content/docs/releases/history.md | 14 +++ content/docs/releases/v1.11.0.md | 135 ++++++++++++++++++++- content/docs/releases/v1.11.2.md | 46 +++++++ content/docs/releases/v1.12.0.md | 201 ++++++++++++++++++++++++++++++- 7 files changed, 398 insertions(+), 6 deletions(-) create mode 100755 content/docs/releases/v1.11.2.md diff --git a/.github/sync/Makefile b/.github/sync/Makefile index 9dbc4c7..bc6ce75 100644 --- a/.github/sync/Makefile +++ b/.github/sync/Makefile @@ -1,3 +1,3 @@ -fetch-notes-build: +pull-release-notes-build: @GOPATH=$(GOPATH) GOBIN=$(GOBIN) go build -o fetchnotes main.go githubv4.go mv fetchnotes ../../bin/fetchnotes \ No newline at end of file diff --git a/.github/workflows/sync.yaml b/.github/workflows/sync.yaml index af35e47..1c8b5b3 100644 --- a/.github/workflows/sync.yaml +++ b/.github/workflows/sync.yaml @@ -14,7 +14,7 @@ jobs: with: go-version: 1.20.8 - name: build & run fetchnotes - run: make fetch-notes + run: make pull-release-notes env: GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - name: Create commit message diff --git a/Makefile b/Makefile index 62b08c9..40288af 100644 --- a/Makefile +++ b/Makefile @@ -4,10 +4,10 @@ yarn: clean: rm -rf public resources -fetch-notes-build: +pull-release-notes-build: $(MAKE) -C .github/sync -fetch-notes: fetch-notes-build +pull-release-notes: pull-release-notes-build @echo make sure that GITHUB_TOKEN is set @GITHUB_TOKEN=$(GITHUB_TOKEN) bin/fetchnotes diff --git a/content/docs/releases/history.md b/content/docs/releases/history.md index 77e82cd..6106fe5 100644 --- a/content/docs/releases/history.md +++ b/content/docs/releases/history.md @@ -3,6 +3,20 @@ title = "History" weight = 2 +++ +## 1.12 + +**Latest Release:** 1.12.0 (released: 2024-01-24)\ +**Patch Releases:** [1.10.0](../v1.10.0)\ +**Kubernetes support:** v1.21, v1.22, v1.23, v1.24, v1.25, v1.26, v1.27, v1.28 + + +## 1.11 + +**Latest Release:** 1.11.0 (released: 2023-12-07)\ +**Patch Releases:** [1.11.0](../v1.11.0)\, [1.11.2](../v1.11.2)\ +**Kubernetes support:** v1.21, v1.22, v1.23, v1.24, v1.25, v1.26, v1.27, v1.28 + + ## 1.10 **Latest Release:** 1.10.0 (released: 2023-07-18)\ diff --git a/content/docs/releases/v1.11.0.md b/content/docs/releases/v1.11.0.md index e871c49..2d9b162 100755 --- a/content/docs/releases/v1.11.0.md +++ b/content/docs/releases/v1.11.0.md @@ -197,7 +197,133 @@ Status: RESOLVED. ### Feature Request: Support configuration of NamespaceSelector -Status: RESOLVED. + + +Auto registration creates a `MutatingWebhookConfiguration` with no Namespace filters. +The mutation applies to all Namespaces. + +The Webhook watching the system namespaces can create circular dependencies. Where system pods are required for Nodes to be made Ready to have the Webhook scheduled onto them. + +We would like to configure this selector to exclude some Namespaces which should never be modified. +For example we could configure the webhook to exclude the namespaces: `nsm-system` `kube-system` and `spire`. + +Example of current webhook config: + +``` +kind: MutatingWebhookConfiguration +metadata: + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: + service: + name: admission-webhook-svc + namespace: nsm-system + path: /mutate + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io + namespaceSelector: {} + objectSelector: {} + reinvocationPolicy: Never + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + scope: '*' + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - deployments + - statefulsets + - daemonsets + - replicasets + scope: '*' + sideEffects: None + timeoutSeconds: 10 +``` + +Example of desired webhook config: + +``` +kind: MutatingWebhookConfiguration +metadata: + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: + service: + name: admission-webhook-svc + namespace: nsm-system + path: /mutate + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - nsm-system + - kube-system + - spire + objectSelector: {} + reinvocationPolicy: Never + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + scope: '*' + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - deployments + - statefulsets + - daemonsets + - replicasets + scope: '*' + sideEffects: None + timeoutSeconds: 10 + ``` + + + + + + + + + + + [See more details](https://github.com/networkservicemesh/cmd-admission-webhook-k8s/issues/291) @@ -261,6 +387,13 @@ Status: RESOLVED. [See more details](https://github.com/networkservicemesh/site/issues/256) +### missing interface in NSE after relocation + +Status: RESOLVED. + +[See more details](https://github.com/networkservicemesh/deployments-k8s/issues/9863) + + ### Automate updating versing of 'go' Updating version of 'go' is a very monotonous and most importantly time-consuming task since we need to update all our repositories (https://github.com/networkservicemesh?q=&type=all&language=go&sort= we have 54 repos) diff --git a/content/docs/releases/v1.11.2.md b/content/docs/releases/v1.11.2.md new file mode 100755 index 0000000..0dc7bb0 --- /dev/null +++ b/content/docs/releases/v1.11.2.md @@ -0,0 +1,46 @@ + ++++ +short="v1.11.2" +title = "Release v1.11.2" +date="2023-01-14 00:00:00 +0000 UTC" ++++ + + +# NSM Release v1.11.2 + + +NSM v1.11.2 has been tested on: +- [kind](https://github.com/networkservicemesh/integration-k8s-kind/actions?query=branch%3Arelease%2Fv1.11.2+) +- [GKE](https://github.com/networkservicemesh/integration-k8s-gke/actions?query=branch%3Arelease%2Fv1.11.2+) +- [AKS](https://github.com/networkservicemesh/integration-k8s-aks/actions?query=branch%3Arelease%2Fv1.11.2+) +- [AWS/AWS IPv6](https://github.com/networkservicemesh/integration-k8s-aws/actions?query=branch%3Arelease%2Fv1.11.2+) +- [Bare metal in Equinix Metal](https://github.com/networkservicemesh/integration-k8s-packet/actions?query=branch%3Arelease%2Fv1.11.2+) +- [Interdomain GKE/AWS/AKS](https://github.com/networkservicemesh/integration-interdomain-k8s/actions?query=branch%3Arelease%2Fv1.11.2+) + +## Changes since last release + + + +## System stability fixes and improvements + + + +### AF_PACKET stopped receiving traffic + +https://jira.fd.io/browse/VPP-2081 +This issues is a continuation of this discussion - https://github.com/networkservicemesh/govpp/issues/9 + +[See more details](https://github.com/networkservicemesh/cmd-forwarder-vpp/issues/927) + + +### Registry k8s can not correctly handle unregister when its scaled + +Status: RESOLVED. + +[See more details](https://github.com/networkservicemesh/sdk-k8s/issues/456) + + + +## Release project board + +[Notes based on](https://github.com/orgs/networkservicemesh/projects/27) diff --git a/content/docs/releases/v1.12.0.md b/content/docs/releases/v1.12.0.md index 5fe021e..79e5dc1 100755 --- a/content/docs/releases/v1.12.0.md +++ b/content/docs/releases/v1.12.0.md @@ -21,6 +21,13 @@ NSM v1.12.0 has been tested on: +### `begin` can't do `Unregister` requests without `Register` requests + +Status: RESOLVED. + +[See more details](https://github.com/networkservicemesh/sdk/issues/1515) + + ### Registry k8s can not correctly handle unregister when its scaled Status: RESOLVED. @@ -40,6 +47,20 @@ Update Spire version in Dockerfiles for all cmd-repos. Also add support for mult +### network service endpoint candidates not found: all forwarders have failed + +Status: RESOLVED. + +[See more details](https://github.com/networkservicemesh/deployments-k8s/issues/10378) + + +### Create a cronjob to check for CVEs in all images presented in this repo once a week + +Status: RESOLVED. + +[See more details](https://github.com/networkservicemesh/deployments-k8s/issues/10500) + + ### Interdomain doesn't work when cluster internal IP doesn't have internet access Status: RESOLVED. @@ -49,7 +70,133 @@ Status: RESOLVED. ### Feature Request: Support configuration of NamespaceSelector -Status: RESOLVED. + + +Auto registration creates a `MutatingWebhookConfiguration` with no Namespace filters. +The mutation applies to all Namespaces. + +The Webhook watching the system namespaces can create circular dependencies. Where system pods are required for Nodes to be made Ready to have the Webhook scheduled onto them. + +We would like to configure this selector to exclude some Namespaces which should never be modified. +For example we could configure the webhook to exclude the namespaces: `nsm-system` `kube-system` and `spire`. + +Example of current webhook config: + +``` +kind: MutatingWebhookConfiguration +metadata: + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: + service: + name: admission-webhook-svc + namespace: nsm-system + path: /mutate + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io + namespaceSelector: {} + objectSelector: {} + reinvocationPolicy: Never + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + scope: '*' + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - deployments + - statefulsets + - daemonsets + - replicasets + scope: '*' + sideEffects: None + timeoutSeconds: 10 +``` + +Example of desired webhook config: + +``` +kind: MutatingWebhookConfiguration +metadata: + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + caBundle: + service: + name: admission-webhook-svc + namespace: nsm-system + path: /mutate + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - nsm-system + - kube-system + - spire + objectSelector: {} + reinvocationPolicy: Never + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + scope: '*' + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - deployments + - statefulsets + - daemonsets + - replicasets + scope: '*' + sideEffects: None + timeoutSeconds: 10 + ``` + + + + + + + + + + + [See more details](https://github.com/networkservicemesh/cmd-admission-webhook-k8s/issues/291) @@ -116,6 +263,49 @@ Status: RESOLVED. [See more details](https://github.com/networkservicemesh/sdk-vpp/issues/768) +### alpine cant use curl with NSM dns + +It looks like alpine:3.19's curl doesn't accept such DNS responses. I tried to manually change the DNS response from greeting.default.svc.cluster.local to greeting.default in ANSWER SECTION and curl (alpine:3.19) accepted that. + +[See more details](https://github.com/networkservicemesh/deployments-k8s/issues/11185) + + +### External NSC fix interface problem + + +Hi all, I was testing the example related to the configuration of an [external client](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc) to the cluster and noticed how the configuration of the MetalLB LoadBalancer needs to be changed. +In fact, in the [guide](https://kind.sigs.k8s.io/docs/user/loadbalancer/) offered by Kind, it is pointed out that the method through the ConfigMap is no longer supported. +One should run these commands + +``` +`kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml` +``` + +``` + +kubectl wait --namespace metallb-system \ + --for=condition=ready pod \ + --selector=app=metallb \ + --timeout=90s +``` +``` +` kubectl apply -f https://kind.sigs.k8s.io/examples/loadbalancer/metallb-config.yaml` +``` +I tried to open a pull request to make noticed this, but it failed. +I followed the instructions inside the example, but apparently the external docker fails to communicate with the service: in fact the 2 kernel interfaces that should be available, are not created. +I don't know if it affects the order but this is what I followed: +LoadBalancer , via the commands provided above and offered by the guide; +[`DNS,`](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc/dns); +[External Docker](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc/docker); +[Spire](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/spire/single_cluster); +[SPIFFE](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc/spiffe_federation) ; +I then ran the [command](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc) to configure the cluster with the NSM resources, and finally the deployment for the [example](https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/k8s_monolith/external_nsc/usecases/Kernel2IP2Kernel). + +Do you have any hints for solving this problem? + +[See more details](https://github.com/networkservicemesh/deployments-k8s/issues/10580) + + ### Test_DNSUsecase is unstable Status: RESOLVED. @@ -184,6 +374,15 @@ Build: https://github.com/networkservicemesh/integration-k8s-kind/actions/runs/7 [See more details](https://github.com/networkservicemesh/cmd-admission-webhook-k8s/issues/384) +### Add the ability to use a Spire certificate instead of an automatically generated one + + + +Add the ability to use a spire as a source of certs instead of an automatically generated to improve security and safety of NSM webhook. + +[See more details](https://github.com/networkservicemesh/cmd-admission-webhook-k8s/issues/389) + + ## Release project board