Merge branch 'master' into errkit_migration_4_blockstorage

kanisterio · Oct 7, 2024 · a6e7187 · a6e7187
2 parents 737d1ba + 310f873
commit a6e7187
Show file tree

Hide file tree

Showing 23 changed files with 736 additions and 31 deletions.
diff --git a/.github/workflows/atlas-image-build.yaml b/.github/workflows/atlas-image-build.yaml
@@ -39,7 +39,7 @@ jobs:
     if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
     - name: Image metadata
       id: meta
       uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
@@ -57,7 +57,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
       with:
         context: "{{defaultContext}}:docker/mongodb-atlas"
         push: true

diff --git a/.github/workflows/build_docker.yaml b/.github/workflows/build_docker.yaml
@@ -47,7 +47,7 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
     - name: Login to GHCR
       uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
@@ -66,7 +66,7 @@ jobs:
           ${{ inputs.extra_tags }}
         labels: ${{ inputs.labels }}
     - name: Build and push
-      uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
       with:
         context: .
         file: ${{ inputs.image_file }}

diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
@@ -24,7 +24,7 @@ jobs:
           echo "go_version=$version" >> "$GITHUB_OUTPUT"
       - id: govulncheck
         name: 'Govulncheck'
-        uses: golang/govulncheck-action@dd0578b371c987f96d1185abb54344b44352bd58 # v1.0.3
+        uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
         continue-on-error: ${{ github.event_name == 'pull_request' }}
         with:
           repo-checkout: false

diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml
@@ -54,7 +54,7 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
     - name: Image metadata
       id: meta
       uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
@@ -73,7 +73,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
       with:
         context: "{{defaultContext}}:docker/build"
         platforms: linux/amd64,linux/arm64

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -39,7 +39,7 @@ jobs:
       -
         # Upload the results to GitHub's code scanning dashboard.
         name: "Upload to results to dashboard"
-        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
         with:
           sarif_file: results.sarif
       -

diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
@@ -22,9 +22,7 @@ jobs:
         close-pr-label: rotten
         stale-issue-label: stale
         stale-pr-label: stale
-        exempt-issue-labels:
-          - frozen
-          - accepted
+        exempt-issue-labels: frozen,accepted
         exempt-pr-labels: frozen
         close-issue-message: This issue is closed due to inactivity. Feel free to reopen it, if it's still relevant. CC @kanisterio/maintainers
         close-pr-message: This PR is closed due to inactivity. Feel free to reopen it, if it's still relevant. CC @kanisterio/maintainers

diff --git a/docker/couchbase-tools/Dockerfile b/docker/couchbase-tools/Dockerfile
@@ -1,4 +1,4 @@
-FROM couchbase:enterprise-7.6.2
+FROM couchbase:enterprise-7.6.3
 
 MAINTAINER "Tom Manville <[email protected]>"
 

diff --git a/docker/kafka-adobes3Connector/image/adobeSink.Dockerfile b/docker/kafka-adobes3Connector/image/adobeSink.Dockerfile
@@ -1,7 +1,7 @@
 ARG TOOLS_IMAGE
 FROM ${TOOLS_IMAGE} AS TOOLS_IMAGE
 
-FROM confluentinc/cp-kafka-connect:7.7.0
+FROM confluentinc/cp-kafka-connect:7.7.1
 
 USER root
 

diff --git a/docker/kafka-adobes3Connector/image/adobeSource.Dockerfile b/docker/kafka-adobes3Connector/image/adobeSource.Dockerfile
@@ -1,4 +1,4 @@
-FROM confluentinc/cp-kafka-connect:7.7.0
+FROM confluentinc/cp-kafka-connect:7.7.1
 
 USER root
 

diff --git a/docker/postgres-kanister-tools/Dockerfile b/docker/postgres-kanister-tools/Dockerfile
@@ -4,7 +4,7 @@ ARG TOOLS_IMAGE
 FROM ${TOOLS_IMAGE} AS TOOLS_IMAGE
 
 # Actual image base
-FROM postgres:16-bullseye
+FROM postgres:17-bullseye
 
 ENV DEBIAN_FRONTEND noninteractive
 

diff --git a/docker/postgres-kanister-tools/requirements.txt b/docker/postgres-kanister-tools/requirements.txt
@@ -1,4 +1,4 @@
-awscli==1.34.26
+awscli==1.34.29
 pip==24.2
 setuptools==75.1.0
 wheel==0.44.0
diff --git a/docker/postgresql/requirements.txt b/docker/postgresql/requirements.txt
@@ -1,4 +1,4 @@
-awscli==1.34.26
+awscli==1.34.29
 wal-e==1.1.1
 pip==24.2
 setuptools==75.1.0

diff --git a/docs/functions.rst b/docs/functions.rst
@@ -150,6 +150,82 @@ Example:
         - |
           echo "Example"
 
+MultiContainerRun
+-----------------
+
+MultiContainerRun spins up a new pod with two containers connected
+via shared `emptyDir`_ volume.
+It's similar to KubeTask, but allows using multiple images to move backup data.
+"background" container is one responsible for generating data, while "output" container
+should export it to destination.
+The main difference between these containers is that phase outputs can only be generated
+from the "output" container.
+The function also supports an optional init container to set up the volume contents.
+
+.. csv-table::
+   :header: "Argument", "Required", "Type", "Description"
+   :align: left
+   :widths: 5,5,5,15
+
+   `namespace`, No, `string`, namespace in which to execute (the pod will be created in controller's namespace if not specified)
+   `backgroundImage`, Yes, `string`, image to be used in "background" container
+   `backgroundCommand`, Yes, `[]string`,  command list to execute in "background" container
+   `outputImage`, Yes, `string`, image to be used in "output" container
+   `outputCommand`, Yes, `[]string`,  command list to execute in "output" container
+   `initImage`, No, `string`, image to be used in init container of the pod
+   `initCommand`, No, `[]string`, command list to execute in init container of the pod
+   `podOverride`, No, `map[string]interface{}`, specs to override default pod specs with
+   `podAnnotations`, No, `map[string]string`, custom annotations for the temporary pod that gets created
+   `podLabels`, No, `map[string]string`, custom labels for the temporary pod that gets created
+   `sharedVolumeMedium`, No, `string`, medium setting for shared volume. See `emptyDir`_.
+   `sharedVolumeSizeLimit`, No, `string`, sizeLimit setting for shared volume. See `emptyDir`_.
+   `sharedVolumeDir`, No, `string`, directory to mount shared volume. Defaults to `/tmp`
+
+.. _emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+
+Example:
+
+.. code-block:: yaml
+  :linenos:
+
+  - func: MultiContainerRun
+    name: examplePhase
+    args:
+      namespace: "{{ .Deployment.Namespace }}"
+      podOverride:
+        containers:
+        - name: export
+          imagePullPolicy: IfNotPresent
+      podAnnotations:
+        annKey: annValue
+      podLabels:
+        labelKey: labelValue
+      sharedVolumeMedium: Memory
+      sharedVolumeSizeLimit: 1Gi
+      sharedVolumeDir: /tmp/
+      initImage: ubuntu
+      initCommand:
+        - bash
+        - -c
+        - |
+          mkfifo /tmp/pipe-file
+      backgroundImage: ubuntu
+      backgroundCommand:
+        - bash
+        - -c
+        - |
+          for i in {1..10}
+          do
+            echo $i
+            sleep 0.1
+          done > /tmp/pipe-file
+      outputImage: ubuntu
+      outputCommand:
+        - bash
+        - -c
+        - |
+          cat /tmp/pipe-file
+
 ScaleWorkload
 -------------
 

diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
@@ -63,3 +63,6 @@ webhook
 Kopia
 kopia
 hostname
+emptyDir
+sizeLimit
+init
diff --git a/docs_new/functions.md b/docs_new/functions.md
@@ -129,6 +129,72 @@ Example:
         echo "Example"
 ```
 
+### MultiContainerRun
+
+MultiContainerRun spins up a new pod with two containers connected via shared [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) volume.
+It's similar to KubeTask, but allows using multiple images to move backup data.
+"background" container is one responsible for generating data, while "output" container
+should export it to destination.
+The main difference between these containers is that phase outputs can only be generated from the
+"output" container.
+The function also supports an optional init container to set up the volume contents.
+
+
+  | Argument    | Required | Type                    | Description |
+  | ----------- | :------: | ----------------------- | ----------- |
+  | namespace   | No       | string                  | namespace in which to execute (the pod will be created in controller's namespace if not specified) |
+  | backgroundImage       | Yes | string            | image to be used in "background" container |
+  | backgroundCommand     | Yes | []string          | command list to execute in "background" container |
+  | outputImage           | Yes | string            | image to be used in "output" container |
+  | outputCommand         | Yes | []string          | command list to execute in "output" container |
+  | initImage             | No  | string            | image to be used in init container of the pod |
+  | initCommand           | No  | []string          | command list to execute in init container of the pod |
+  | podOverride           | No  | map[string]interface{}  | specs to override default pod specs with |
+  | podAnnotations        | No  | map[string]string | custom annotations for the temporary pod that gets created |
+  | podLabels             | No  | map[string]string | custom labels for the temporary pod that gets created |
+  | sharedVolumeMedium    | No  | string            |  medium setting for shared volume. See [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir). |
+  | sharedVolumeSizeLimit | No  | string            | sizeLimit setting for shared volume. See [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir). |
+  | sharedVolumeDir       | No  | string            | directory to mount shared volume, defaults to `/tmp` |
+
+
+Example:
+
+``` yaml
+- func: MultiContainerRun
+  name: examplePhase
+  args:
+    namespace: "{{ .Deployment.Namespace }}"
+    podOverride:
+      containers:
+      - name: export
+        imagePullPolicy: IfNotPresent
+    podAnnotations:
+      annKey: annValue
+    podLabels:
+      labelKey: labelValue
+    sharedVolumeMedium: Memory
+    sharedVolumeSizeLimit: 1Gi
+    sharedVolumeDir: /tmp/
+    backgroundImage: ubuntu
+    backgroundCommand:
+      - bash
+      - -c
+      - |
+        mkfifo /tmp/pipe-file
+        for i in {1..10}
+        do
+          echo $i
+          sleep 0.1
+        done > /tmp/pipe-file
+    outputImage: ubuntu
+    outputCommand:
+      - bash
+      - -c
+      - |
+        while [ ! -e /tmp/pipe-file  ]; do sleep 1; done
+        cat /tmp/pipe-file
+```
+
 ### ScaleWorkload
 
 ScaleWorkload is used to scale up or scale down a Kubernetes workload.

diff --git a/docs_new/install.md b/docs_new/install.md
@@ -7,15 +7,16 @@ tool to target the Kubernetes cluster you want to install Kanister on.
 Start by adding the Kanister repository to your local setup:
 
 ``` bash
-helm repo add kanister <https://charts.kanister.io/>
+helm repo add kanister https://charts.kanister.io/
 ```
 
 Use the `helm install` command to install Kanister in the `kanister`
 namespace:
 
 ``` bash
-helm -n kanister upgrade \--install kanister \--create-namespace
-kanister/kanister-operator
+helm -n kanister upgrade \
+--install kanister \
+--create-namespace kanister/kanister-operator
 ```
 
 Confirm that the Kanister workloads are ready:
@@ -72,8 +73,10 @@ you will have to install Kanister with the
 `--set controller.updateCRDs=false` option:
 
 ``` bash
-helm -n kanister upgade \--install kanister \--create-namespace
-kanister/kanister-operator \--set controller.updateCRDs=false
+helm -n kanister upgrade \
+--install kanister \
+--create-namespace kanister/kanister-operator \
+--set controller.updateCRDs=false
 ```
 
 This option lets Helm manage the CRD resources.
@@ -101,10 +104,10 @@ Install Kanister, providing the PEM-encoded CA bundle and the
 `tls` secret name like below:
 
 ``` bash
-helm upgrade \--install kanister kanister/kanister-operator \--namespace
-kanister \--create-namespace \--set bpValidatingWebhook.tls.mode=custom
-\--set bpValidatingWebhook.tls.caBundle=\$(cat /path/to/ca.pem \| base64
--w 0) \--set bpValidatingWebhook.tls.secretName=tls-secret
+helm upgrade --install kanister kanister/kanister-operator --namespace kanister --create-namespace \
+--set bpValidatingWebhook.tls.mode=custom \
+--set bpValidatingWebhook.tls.caBundle=$(cat /path/to/ca.pem | base64 -w 0) \
+--set bpValidatingWebhook.tls.secretName=tls-secret
 ```
 
 ## Building and Deploying from Source

diff --git a/pkg/app/postgresql.go b/pkg/app/postgresql.go
@@ -41,7 +41,7 @@ type PostgresDB struct {
 }
 
 // NewPostgresDB initialises an instance of Postgres DB
-// Last tested chart version "10.12.3". Also, we are using postgres version 13.4
+// Last tested chart version "15.5.38". Also, we are using postgres version 16
 func NewPostgresDB(name string, subPath string) App {
 	return &PostgresDB{
 		name: name,
@@ -62,6 +62,10 @@ func NewPostgresDB(name string, subPath string) App {
 				"primary.containerSecurityContext.capabilities.add[1]":    "FOWNER",
 				"primary.containerSecurityContext.capabilities.add[2]":    "DAC_OVERRIDE",
 				"primary.containerSecurityContext.readOnlyRootFilesystem": "false",
+				// Update manually whenever a new version is release.
+				// TODO: Automate the update process for the image tag.
+				"image.repository": "postgres",
+				"image.tag":        "16-bullseye",
 			},
 		},
 	}