Merge remote-tracking branch 'origin/1.14.0' into k0s-1-28

Author: sgalsaleh

.github/workflows/image-scan.yaml

@@ -36,13 +36,13 @@ jobs:
       - name: Build and push local-artifact-mirror image
         id: local-artifact-mirror
         run: |
-          make -C local-artifact-mirror apko build-ttl.sh
+          make -C local-artifact-mirror build-ttl.sh
           echo "image=$(cat local-artifact-mirror/build/image)" >> $GITHUB_OUTPUT
 
       - name: Build and push operator image
         id: operator
         run: |
-          make -C operator apko build-ttl.sh build-chart-ttl.sh
+          make -C operator build-ttl.sh build-chart-ttl.sh
           echo "image=$(cat operator/build/image)" >> $GITHUB_OUTPUT
           echo "chart=$(cat operator/build/chart)" >> $GITHUB_OUTPUT
 

cmd/embedded-cluster/join.go

@@ -31,21 +31,17 @@ import (
 	"github.com/replicatedhq/embedded-cluster/pkg/netutils"
 	"github.com/replicatedhq/embedded-cluster/pkg/prompts"
 	"github.com/replicatedhq/embedded-cluster/pkg/spinner"
+	"github.com/replicatedhq/embedded-cluster/pkg/versions"
 )
 
 // JoinCommandResponse is the response from the kots api we use to fetch the k0s join token.
 type JoinCommandResponse struct {
-	K0sJoinCommand            string    `json:"k0sJoinCommand"`
-	K0sToken                  string    `json:"k0sToken"`
-	ClusterID                 uuid.UUID `json:"clusterID"`
-	K0sUnsupportedOverrides   string    `json:"k0sUnsupportedOverrides"`
-	EndUserK0sConfigOverrides string    `json:"endUserK0sConfigOverrides"`
-	// MetricsBaseURL is the https://replicated.app endpoint url
-	MetricsBaseURL          string                 `json:"metricsBaseURL"`
-	AirgapRegistryAddress   string                 `json:"airgapRegistryAddress"`
-	Proxy                   *ecv1beta1.ProxySpec   `json:"proxy"`
-	Network                 *ecv1beta1.NetworkSpec `json:"network"`
-	LocalArtifactMirrorPort int                    `json:"localArtifactMirrorPort,omitempty"`
+	K0sJoinCommand         string                     `json:"k0sJoinCommand"`
+	K0sToken               string                     `json:"k0sToken"`
+	ClusterID              uuid.UUID                  `json:"clusterID"`
+	EmbeddedClusterVersion string                     `json:"embeddedClusterVersion"`
+	AirgapRegistryAddress  string                     `json:"airgapRegistryAddress"`
+	InstallationSpec       ecv1beta1.InstallationSpec `json:"installationSpec,omitempty"`
 }
 
 // extractK0sConfigOverridePatch parses the provided override and returns a dig.Mapping that
@@ -69,13 +65,13 @@ func (j JoinCommandResponse) extractK0sConfigOverridePatch(data []byte) (dig.Map
 // EndUserOverrides returns a dig.Mapping that can be applied on top of a k0s configuration.
 // This patch is assembled based on the EndUserK0sConfigOverrides field.
 func (j JoinCommandResponse) EndUserOverrides() (dig.Mapping, error) {
-	return j.extractK0sConfigOverridePatch([]byte(j.EndUserK0sConfigOverrides))
+	return j.extractK0sConfigOverridePatch([]byte(j.InstallationSpec.EndUserK0sConfigOverrides))
 }
 
 // EmbeddedOverrides returns a dig.Mapping that can be applied on top of a k0s configuration.
 // This patch is assembled based on the K0sUnsupportedOverrides field.
 func (j JoinCommandResponse) EmbeddedOverrides() (dig.Mapping, error) {
-	return j.extractK0sConfigOverridePatch([]byte(j.K0sUnsupportedOverrides))
+	return j.extractK0sConfigOverridePatch([]byte(j.InstallationSpec.Config.UnsupportedOverrides.K0s))
 }
 
 // getJoinToken issues a request to the kots api to get the actual join command
@@ -114,15 +110,15 @@ func startAndWaitForK0s(c *cli.Context, jcmd *JoinCommandResponse) error {
 	logrus.Debugf("starting %s service", binName)
 	if err := startK0sService(); err != nil {
 		err := fmt.Errorf("unable to start service: %w", err)
-		metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+		metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 		return err
 	}
 
 	loading.Infof("Waiting for %s node to be ready", binName)
 	logrus.Debugf("waiting for k0s to be ready")
 	if err := waitForK0s(); err != nil {
 		err := fmt.Errorf("unable to wait for node: %w", err)
-		metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+		metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 		return err
 	}
 
@@ -198,13 +194,18 @@ var joinCommand = &cli.Command{
 			return fmt.Errorf("unable to get join token: %w", err)
 		}
 
-		setProxyEnv(jcmd.Proxy)
-		proxyOK, localIP, err := checkProxyConfigForLocalIP(jcmd.Proxy, networkInterface)
+		// check to make sure the version returned by the join token is the same as the one we are running
+		if jcmd.EmbeddedClusterVersion != versions.Version {
+			return fmt.Errorf("embedded cluster version mismatch - this binary is version %q, but the cluster is running version %q", versions.Version, jcmd.EmbeddedClusterVersion)
+		}
+
+		setProxyEnv(jcmd.InstallationSpec.Proxy)
+		proxyOK, localIP, err := checkProxyConfigForLocalIP(jcmd.InstallationSpec.Proxy, networkInterface)
 		if err != nil {
 			return fmt.Errorf("failed to check proxy config for local IP: %w", err)
 		}
 		if !proxyOK {
-			return fmt.Errorf("no-proxy config %q does not allow access to local IP %q", jcmd.Proxy.NoProxy, localIP)
+			return fmt.Errorf("no-proxy config %q does not allow access to local IP %q", jcmd.InstallationSpec.Proxy.NoProxy, localIP)
 		}
 
 		isAirgap := c.String("airgap-bundle") != ""
@@ -216,25 +217,25 @@ var joinCommand = &cli.Command{
 			}
 		}
 
-		metrics.ReportJoinStarted(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID)
+		metrics.ReportJoinStarted(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID)
 		logrus.Debugf("materializing %s binaries", binName)
 		if err := materializeFiles(c); err != nil {
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
-		applier, err := getAddonsApplier(c, "", jcmd.Proxy)
+		applier, err := getAddonsApplier(c, "", jcmd.InstallationSpec.Proxy)
 		if err != nil {
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
-		// jcmd.MetricsBaseURL is the replicated.app endpoint url
-		replicatedAPIURL := jcmd.MetricsBaseURL
+		// jcmd.InstallationSpec.MetricsBaseURL is the replicated.app endpoint url
+		replicatedAPIURL := jcmd.InstallationSpec.MetricsBaseURL
 		proxyRegistryURL := fmt.Sprintf("https://%s", defaults.ProxyRegistryAddress)
-		if err := RunHostPreflights(c, applier, replicatedAPIURL, proxyRegistryURL, isAirgap, jcmd.Proxy); err != nil {
+		if err := RunHostPreflights(c, applier, replicatedAPIURL, proxyRegistryURL, isAirgap, jcmd.InstallationSpec.Proxy); err != nil {
 			err := fmt.Errorf("unable to run host preflights locally: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
@@ -246,54 +247,54 @@ var joinCommand = &cli.Command{
 		logrus.Debugf("saving token to disk")
 		if err := saveTokenToDisk(jcmd.K0sToken); err != nil {
 			err := fmt.Errorf("unable to save token to disk: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
 		logrus.Debugf("installing %s binaries", binName)
 		if err := installK0sBinary(); err != nil {
 			err := fmt.Errorf("unable to install k0s binary: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
 		if jcmd.AirgapRegistryAddress != "" {
 			if err := airgap.AddInsecureRegistry(jcmd.AirgapRegistryAddress); err != nil {
 				err := fmt.Errorf("unable to add insecure registry: %w", err)
-				metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+				metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 				return err
 			}
 		}
 
 		logrus.Debugf("creating systemd unit files")
 		localArtifactMirrorPort := defaults.LocalArtifactMirrorPort
-		if jcmd.LocalArtifactMirrorPort > 0 {
-			localArtifactMirrorPort = jcmd.LocalArtifactMirrorPort
+		if jcmd.InstallationSpec.LocalArtifactMirror != nil && jcmd.InstallationSpec.LocalArtifactMirror.Port > 0 {
+			localArtifactMirrorPort = jcmd.InstallationSpec.LocalArtifactMirror.Port
 		}
 		// both controller and worker nodes will have 'worker' in the join command
-		if err := createSystemdUnitFiles(!strings.Contains(jcmd.K0sJoinCommand, "controller"), jcmd.Proxy, localArtifactMirrorPort); err != nil {
+		if err := createSystemdUnitFiles(!strings.Contains(jcmd.K0sJoinCommand, "controller"), jcmd.InstallationSpec.Proxy, localArtifactMirrorPort); err != nil {
 			err := fmt.Errorf("unable to create systemd unit files: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
 		logrus.Debugf("overriding network configuration")
 		if err := applyNetworkConfiguration(jcmd, networkInterface); err != nil {
 			err := fmt.Errorf("unable to apply network configuration: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 		}
 
 		logrus.Debugf("applying configuration overrides")
 		if err := applyJoinConfigurationOverrides(jcmd); err != nil {
 			err := fmt.Errorf("unable to apply configuration overrides: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
 		logrus.Debugf("joining node to cluster")
 		if err := runK0sInstallCommand(jcmd.K0sJoinCommand, networkInterface); err != nil {
 			err := fmt.Errorf("unable to join node to cluster: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
@@ -302,45 +303,45 @@ var joinCommand = &cli.Command{
 		}
 
 		if !strings.Contains(jcmd.K0sJoinCommand, "controller") {
-			metrics.ReportJoinSucceeded(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID)
+			metrics.ReportJoinSucceeded(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID)
 			logrus.Debugf("worker node join finished")
 			return nil
 		}
 
 		kcli, err := kubeutils.KubeClient()
 		if err != nil {
 			err := fmt.Errorf("unable to get kube client: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 		hostname, err := os.Hostname()
 		if err != nil {
 			err := fmt.Errorf("unable to get hostname: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 		if err := waitForNode(c.Context, kcli, hostname); err != nil {
 			err := fmt.Errorf("unable to wait for node: %w", err)
-			metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+			metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 			return err
 		}
 
 		if c.Bool("enable-ha") {
 			if err := maybeEnableHA(c.Context, kcli); err != nil {
 				err := fmt.Errorf("unable to enable high availability: %w", err)
-				metrics.ReportJoinFailed(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID, err)
+				metrics.ReportJoinFailed(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID, err)
 				return err
 			}
 		}
 
-		metrics.ReportJoinSucceeded(c.Context, jcmd.MetricsBaseURL, jcmd.ClusterID)
+		metrics.ReportJoinSucceeded(c.Context, jcmd.InstallationSpec.MetricsBaseURL, jcmd.ClusterID)
 		logrus.Debugf("controller node join finished")
 		return nil
 	},
 }
 
 func applyNetworkConfiguration(jcmd *JoinCommandResponse, networkInterface string) error {
-	if jcmd.Network != nil {
+	if jcmd.InstallationSpec.Network != nil {
 		clusterSpec := config.RenderK0sConfig()
 		address, err := netutils.FirstValidAddress(networkInterface)
 		if err != nil {
@@ -350,13 +351,13 @@ func applyNetworkConfiguration(jcmd *JoinCommandResponse, networkInterface strin
 		clusterSpec.Spec.Storage.Etcd.PeerAddress = address
 		// NOTE: we should be copying everything from the in cluster config spec and overriding
 		// the node specific config from clusterSpec.GetClusterWideConfig()
-		clusterSpec.Spec.Network.PodCIDR = jcmd.Network.PodCIDR
-		clusterSpec.Spec.Network.ServiceCIDR = jcmd.Network.ServiceCIDR
-		if jcmd.Network.NodePortRange != "" {
+		clusterSpec.Spec.Network.PodCIDR = jcmd.InstallationSpec.Network.PodCIDR
+		clusterSpec.Spec.Network.ServiceCIDR = jcmd.InstallationSpec.Network.ServiceCIDR
+		if jcmd.InstallationSpec.Network.NodePortRange != "" {
 			if clusterSpec.Spec.API.ExtraArgs == nil {
 				clusterSpec.Spec.API.ExtraArgs = map[string]string{}
 			}
-			clusterSpec.Spec.API.ExtraArgs["service-node-port-range"] = jcmd.Network.NodePortRange
+			clusterSpec.Spec.API.ExtraArgs["service-node-port-range"] = jcmd.InstallationSpec.Network.NodePortRange
 		}
 		clusterSpecYaml, err := k8syaml.Marshal(clusterSpec)
 

cmd/embedded-cluster/join_test.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/k0sproject/dig"
 	k0sconfig "github.com/k0sproject/k0s/pkg/apis/k0s/v1beta1"
+	ecv1beta1 "github.com/replicatedhq/embedded-cluster/kinds/apis/v1beta1"
 	embeddedclusterv1beta1 "github.com/replicatedhq/embedded-cluster/kinds/apis/v1beta1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -101,8 +102,14 @@ func TestJoinCommandResponseOverrides(t *testing.T) {
 		t.Run(tname, func(t *testing.T) {
 			req := require.New(t)
 			join := JoinCommandResponse{
-				K0sUnsupportedOverrides:   tt.EmbeddedOverrides,
-				EndUserK0sConfigOverrides: tt.EndUserOverrides,
+				InstallationSpec: ecv1beta1.InstallationSpec{
+					Config: &ecv1beta1.ConfigSpec{
+						UnsupportedOverrides: ecv1beta1.UnsupportedOverrides{
+							K0s: tt.EmbeddedOverrides,
+						},
+					},
+					EndUserK0sConfigOverrides: tt.EndUserOverrides,
+				},
 			}
 
 			embedded, err := join.EmbeddedOverrides()

cmd/embedded-cluster/preflights.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/replicatedhq/embedded-cluster/pkg/defaults"
 	"github.com/replicatedhq/embedded-cluster/pkg/netutils"
+	"github.com/replicatedhq/embedded-cluster/pkg/versions"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
 )
@@ -126,13 +127,18 @@ var joinRunPreflightsCommand = &cli.Command{
 			return fmt.Errorf("unable to get join token: %w", err)
 		}
 
-		setProxyEnv(jcmd.Proxy)
-		proxyOK, localIP, err := checkProxyConfigForLocalIP(jcmd.Proxy, networkInterface)
+		// check to make sure the version returned by the join token is the same as the one we are running
+		if jcmd.EmbeddedClusterVersion != versions.Version {
+			return fmt.Errorf("embedded cluster version mismatch - this binary is version %q, but the cluster is running version %q", versions.Version, jcmd.EmbeddedClusterVersion)
+		}
+
+		setProxyEnv(jcmd.InstallationSpec.Proxy)
+		proxyOK, localIP, err := checkProxyConfigForLocalIP(jcmd.InstallationSpec.Proxy, networkInterface)
 		if err != nil {
 			return fmt.Errorf("failed to check proxy config for local IP: %w", err)
 		}
 		if !proxyOK {
-			return fmt.Errorf("no-proxy config %q does not allow access to local IP %q", jcmd.Proxy.NoProxy, localIP)
+			return fmt.Errorf("no-proxy config %q does not allow access to local IP %q", jcmd.InstallationSpec.Proxy.NoProxy, localIP)
 		}
 
 		isAirgap := c.String("airgap-bundle") != ""
@@ -142,15 +148,15 @@ var joinRunPreflightsCommand = &cli.Command{
 			return err
 		}
 
-		applier, err := getAddonsApplier(c, "", jcmd.Proxy)
+		applier, err := getAddonsApplier(c, "", jcmd.InstallationSpec.Proxy)
 		if err != nil {
 			return err
 		}
 
 		logrus.Debugf("running host preflights")
-		replicatedAPIURL := jcmd.MetricsBaseURL
+		replicatedAPIURL := jcmd.InstallationSpec.MetricsBaseURL
 		proxyRegistryURL := fmt.Sprintf("https://%s", defaults.ProxyRegistryAddress)
-		if err := RunHostPreflights(c, applier, replicatedAPIURL, proxyRegistryURL, isAirgap, jcmd.Proxy); err != nil {
+		if err := RunHostPreflights(c, applier, replicatedAPIURL, proxyRegistryURL, isAirgap, jcmd.InstallationSpec.Proxy); err != nil {
 			err := fmt.Errorf("unable to run host preflights locally: %w", err)
 			return err
 		}