Skip to content

Commit

Permalink
Merge main to release-1.0 (#88)
Browse files Browse the repository at this point in the history
* Move to mainline sdk changes (#25)

* Reuse eBPF SDK Client (#26)

* Code refactoring - Sync to SDK's new API interface (#27)

* Additional UTs for eBPF pkg (#29)

* Additional UTs for eBPF pkg

* UT for Global Map recovery flow

* format changes

* Events refactor (#30)

* Remove replace and add comments

* Minor refactor

* Update AL2023 image

* vmlinux generation

* update readme (#31)

* Third party attribution doc (#32)

* Thirdparty attribution doc

* Minor nits

* minor nit

* README Updates (#34)

* Update README.md (#35)

* Update go.mod and go.sum for master (#38)

* Update go.mod and go.sum

docker/make file changes

* fix up vet

* Run Conformance and Performance tests with github actions (#5)

* Updated conformance and performance test parameters (#39)

* Fix problem with policy not being applied to pods on IPv6 nodes (#40)

* Update the session duration to 5 hrs for github actions (#53)

* Update scripts to run cyclonus suite and install latest MAO

* Handle 0 entries in cli (#60)

* Update test pkg (#61)

* Ignore policy restrictions against Node IP (#65)

* feat: Add flag enable-policy-event-logs (#48)

* feat: Add flag enable-policy-event-logs

Policy event logging is now disabled by default

* feat: Add enable-policy-event-logs flag to readme

---------

Co-authored-by: Apurup Chevuru <60630804+achevuru@users.noreply.github.com>

* Issue#45 Modified Default Metrics Bind Port (#46)

* Issue#45 Modified Default Metrics Bind Port

* Modified Health Probe Bind address to 8163

---------

Co-authored-by: Kareem Rady <kareemrady@KR-MBA.local>
Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>
Co-authored-by: Apurup Chevuru <60630804+achevuru@users.noreply.github.com>

* Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#43)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](google/uuid@v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Apurup Chevuru <60630804+achevuru@users.noreply.github.com>

* Bump github.com/vishvananda/netlink (#42)

Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.1-0.20210330154013-f5de75959ad5 to 1.2.1-beta.2.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/commits/v1.2.1-beta.2)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add update image script and make targets (#59)

* Fixes to cyclonus test script (#69)

* Remove KUBECONFIG environment variable from cyclonus test script

* With catchALL honor "except" (#58)

* Honor except with catchALL

* PR feedback

* Remove unnecessary header files (#71)

* Return exit status if test verification fails

* V6 Optimizations (#80)

* Bump github.com/aws/amazon-vpc-cni-k8s from 1.13.4 to 1.15.0 (#82)

Bumps [github.com/aws/amazon-vpc-cni-k8s](https://github.com/aws/amazon-vpc-cni-k8s) from 1.13.4 to 1.15.0.
- [Release notes](https://github.com/aws/amazon-vpc-cni-k8s/releases)
- [Changelog](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/CHANGELOG.md)
- [Commits](aws/amazon-vpc-cni-k8s@v1.13.4...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/aws/amazon-vpc-cni-k8s
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Honor V6 Elf file updates (#84)

* Build latest image with conformance tests (#85)

* Create a github action to build multi-arch docker image

* Update credentials action to v3

* Log rotate support (#87)

* Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#81)

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>
Co-authored-by: Geoffrey Cline <geoffreyc@outlook.com>
Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com>
Co-authored-by: K.Hoshi <rxnew.axdseuan@gmail.com>
Co-authored-by: Jay Deokar <jsdeokar@amazon.com>
Co-authored-by: Tobias Germer <bvrcreepyx@hotmail.de>
Co-authored-by: Kareem Rady <82394457+kareem-rady@users.noreply.github.com>
Co-authored-by: Kareem Rady <kareemrady@KR-MBA.local>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
10 people authored Oct 4, 2023
1 parent a58f148 commit 0546aac
Show file tree
Hide file tree
Showing 22 changed files with 548 additions and 358 deletions.
47 changes: 47 additions & 0 deletions .github/actions/build-and-push-image/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Build Image and Push
description: 'Builds Multi-arch Network Policy Agent image and pushes to ECR'
inputs:
aws-region:
description: AWS region
required: true
outputs:
image_uri:
description: "Network Policy Agent Image"
value: ${{ steps.build.outputs.image_uri }}
runs:
using: "composite"
steps:
- name: Set up Docker QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and Push Image
id: build
shell: bash
env:
REGION: ${{ inputs.aws-region }}
AWS_ECR_REPO_NAME: amazon/aws-network-policy-agent
run: |
IMAGE_VERSION=$(git rev-parse HEAD)
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
AWS_ECR_REGISTRY="$AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com"
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY}
if ! `aws ecr describe-repositories --registry-id $AWS_ACCOUNT_ID --repository-names $AWS_ECR_REPO_NAME >/dev/null 2>&1`; then
echo "creating ECR repo with name $AWS_ECR_REPO_NAME"
aws ecr create-repository --repository-name $AWS_ECR_REPO_NAME
fi
if [[ $(aws ecr batch-get-image --repository-name=$AWS_ECR_REPO_NAME --image-ids imageTag=$IMAGE_VERSION \
--query 'images[].imageId.imageTag' --region $REGION) != "[]" ]]; then
echo "Image $AWS_ECR_REPO_NAME:$IMAGE_VERSION already exists. Skipping image build."
else
echo "Building AWS Network Policy Agent latest image"
docker buildx create --name="network-policy-agent-builder" --buildkitd-flags '--allow-insecure-entitlement network.host' --use >/dev/null
make multi-arch-build-and-push VERSION=$IMAGE_VERSION IMAGE=$AWS_ECR_REGISTRY/$AWS_ECR_REPO_NAME
docker buildx rm network-policy-agent-builder
fi
image_uri=$AWS_ECR_REGISTRY/$AWS_ECR_REPO_NAME:$IMAGE_VERSION
echo "image_uri=$(echo $image_uri)" >> $GITHUB_OUTPUT
2 changes: 1 addition & 1 deletion .github/actions/install-dependencies/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ runs:
shell: bash
run: |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin/
sudo mv /tmp/eksctl /usr/local/bin/
32 changes: 27 additions & 5 deletions .github/workflows/e2e-conformance.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: e2e-conformance-tests
name: E2E Conformance Tests

on:
workflow_dispatch: {}
Expand All @@ -10,7 +10,28 @@ permissions:
contents: read

jobs:
build-image:
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
outputs:
AWS_EKS_NODEAGENT_IMAGE: ${{steps.build-and-push-image.outputs.image_uri}}
steps:
- name: Checkout latest commit
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: us-west-2
role-duration-seconds: 3600 # 1 hour
- name: Build and Push Network Policy Image
id: build-and-push-image
uses: ./.github/actions/build-and-push-image
with:
aws-region: us-west-2
e2e-conformance-tests:
needs: build-image
strategy:
fail-fast: false
matrix:
Expand All @@ -19,19 +40,20 @@ jobs:
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
steps:
- name: Checkout latest commit in the PR
- name: Checkout latest commit
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
aws-region: us-west-2
role-duration-seconds: 18000 # 5 hours
- name: Run e2e conformance test
env:
RUN_CONFORMANCE_TESTS: true
K8S_VERSION: 1.27
IP_FAMILY: ${{ matrix.ip-family }}
AWS_EKS_NODEAGENT_IMAGE: ${{ needs.build-image.outputs.AWS_EKS_NODEAGENT_IMAGE }}
run: |
./scripts/run-tests.sh
./scripts/run-tests.sh
32 changes: 27 additions & 5 deletions .github/workflows/performance-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,44 @@ permissions:
contents: read

jobs:
build-image:
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
outputs:
AWS_EKS_NODEAGENT_IMAGE: ${{steps.build-and-push-image.outputs.image_uri}}
steps:
- name: Checkout latest commit
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: us-west-2
role-duration-seconds: 3600 # 1 hour
- name: Build and Push Network Policy Image
id: build-and-push-image
uses: ./.github/actions/build-and-push-image
with:
aws-region: us-west-2
performance-tests:
needs: build-image
strategy:
fail-fast: false
matrix:
ip-family: [ "IPv4", "IPv6"]
ip-family: [ IPv4, IPv6 ]
# kubernetes-versions: ["1.25", "1.26", "1.27"]
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
steps:
- name: Checkout latest commit in the PR
- name: Checkout latest commit
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
aws-region: us-west-2
role-duration-seconds: 18000 # 5 hours
- name: Run performance tests
env:
Expand All @@ -35,5 +56,6 @@ jobs:
NODES_CAPACITY: 3
INSTANCE_TYPE: c5.xlarge
IP_FAMILY: ${{ matrix.ip-family }}
AWS_EKS_NODEAGENT_IMAGE: ${{ needs.build-image.outputs.AWS_EKS_NODEAGENT_IMAGE }}
run: |
./scripts/run-tests.sh
./scripts/run-tests.sh
16 changes: 15 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,20 @@ docker-buildx: setup-ebpf-sdk-override ## Build and push docker image for the ma
- docker buildx rm project-v3-builder
rm Dockerfile.cross


.PHONY: multi-arch-build-and-push
multi-arch-build-and-push: setup-ebpf-sdk-override ## Build and push docker image for the manager for cross-platform support

sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
docker buildx build $(DOCKER_BUILD_FLAGS_NP_AGENT) \
-f Dockerfile.cross \
--platform "$(PLATFORMS)"\
--cache-from=type=gha \
--cache-to=type=gha,mode=max \
-t $(IMAGE):$(VERSION) \
--push \
.

##@ Deployment

ifndef ignore-not-found
Expand Down Expand Up @@ -289,7 +303,7 @@ endif

./PHONY: update-node-agent-image
update-node-agent-image: ## Updates node agent image on an existing cluster. Optionally call with AWS_EKS_NODEAGENT=<Image URI>
./scripts/update-node-agent-image.sh AWS_EKS_NODEAGENT=$(AWS_EKS_NODEAGENT)
./scripts/update-node-agent-image.sh AWS_EKS_NODEAGENT=$(AWS_EKS_NODEAGENT) IP_FAMILY=$(IP_FAMILY)

./PHONY: update-image-and-test
update-image-and-test: ## Updates node agent image on existing cluster and runs cyclonus tests. Call with CLUSTER_NAME=<name of the cluster> and AWS_EKS_NODEAGENT=<Image URI>
Expand Down
32 changes: 16 additions & 16 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/aws/aws-network-policy-agent
go 1.20

require (
github.com/aws/amazon-vpc-cni-k8s v1.13.4
github.com/aws/amazon-vpc-cni-k8s v1.15.0
github.com/aws/aws-ebpf-sdk-go v1.0.2
github.com/aws/aws-sdk-go v1.44.318
github.com/go-logr/logr v1.2.4
Expand All @@ -17,12 +17,13 @@ require (
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.8.4
github.com/vishvananda/netlink v1.2.1-beta.2
go.uber.org/zap v1.25.0
golang.org/x/sys v0.8.0
k8s.io/api v0.27.2
k8s.io/apimachinery v0.27.2
k8s.io/client-go v0.27.2
sigs.k8s.io/controller-runtime v0.15.0
go.uber.org/zap v1.26.0
golang.org/x/sys v0.12.0
gopkg.in/natefinch/lumberjack.v2 v2.2.1
k8s.io/api v0.27.3
k8s.io/apimachinery v0.27.3
k8s.io/client-go v0.27.3
sigs.k8s.io/controller-runtime v0.15.1
)

require (
Expand Down Expand Up @@ -56,23 +57,22 @@ require (
github.com/prometheus/procfs v0.10.1 // indirect
github.com/vishvananda/netns v0.0.4 // indirect
go.uber.org/multierr v1.10.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/net v0.12.0 // indirect
golang.org/x/oauth2 v0.5.0 // indirect
golang.org/x/term v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/term v0.10.0 // indirect
golang.org/x/text v0.11.0 // indirect
golang.org/x/time v0.3.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.30.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.27.2 // indirect
k8s.io/component-base v0.27.2 // indirect
k8s.io/klog/v2 v2.90.1 // indirect
k8s.io/apiextensions-apiserver v0.27.3 // indirect
k8s.io/component-base v0.27.3 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
Expand Down
Loading

0 comments on commit 0546aac

Please sign in to comment.