Upgrade dependencies

Some Golang CVEs get flagged in the suc binary as it was built with an older golang version. Use go 1.22.6 Updating other go module deps. SLES update is required for libc compatiblity with latest ginkgo version. Update golangci-lint. Most gingko and gomega changes are to fix linting failures. Update sonobuoy docker bridge address is added to tls-san to avoid cert errors when using the client to connect the KUBEHOST. Drop deprecated version field in the docker compose manifests. It is recommended that the next release be v0.15.0 as 0.14.0 was already published and deleted in the past and gosumdb already has entries.
rancher · Aug 27, 2024 · 3c5598c · 3c5598c
1 parent 57605e3
commit 3c5598c
Show file tree

Hide file tree

Showing 43 changed files with 764 additions and 1,143 deletions.
diff --git a/.golangci.json b/.golangci.json
@@ -11,9 +11,9 @@
 		]
 	},
 	"run": {
-		"skip-files": [
+		"exclude-files": [
 			"/zz_generated_"
 		],
 		"deadline": "5m"
 	}
-}
+}
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -1,24 +1,23 @@
-ARG KUBECTL=rancher/kubectl:v1.25.4
+ARG KUBECTL=rancher/kubectl:v1.30.3
 FROM ${KUBECTL} AS kubectl
 
-FROM registry.suse.com/bci/golang:1.20
+FROM registry.suse.com/bci/golang:1.22
 
 COPY --from=kubectl /bin/kubectl /usr/local/bin/kubectl
 
 ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
-ARG SONOBUOY_VERSION=0.56.16
-
+ARG SONOBUOY_VERSION=0.57.1
 RUN zypper -n install expect git jq  docker vim less file curl wget iproute2 gawk
 RUN if [ "${ARCH:-$(go env GOARCH)}" = "amd64" ]; then \
-        curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2; \
-        curl -sL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.0.3/kustomize_v5.0.3_linux_amd64.tar.gz" | tar -xz -C /usr/local/bin; \
-        curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY_VERSION}/sonobuoy_${SONOBUOY_VERSION}_linux_${ARCH}.tar.gz" | tar -xz -C /usr/local/bin; \
-        curl -sL "https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose && \
-        chmod +x /usr/local/bin/docker-compose; \
+    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.59.1; \
+    curl -sL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.3/kustomize_v5.4.3_linux_amd64.tar.gz" | tar -xz -C /usr/local/bin; \
+    curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY_VERSION}/sonobuoy_${SONOBUOY_VERSION}_linux_${ARCH}.tar.gz" | tar -xz -C /usr/local/bin; \
+    curl -sL "https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose && \
+    chmod +x /usr/local/bin/docker-compose; \
     fi
 RUN mkdir -p /usr/local/lib/docker/cli-plugins; \
-    curl -o /usr/local/lib/docker/cli-plugins/docker-buildx -fsSL "https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-${ARCH}"; \
+    curl -o /usr/local/lib/docker/cli-plugins/docker-buildx -fsSL "https://github.com/docker/buildx/releases/download/v0.16.2/buildx-v0.16.2.linux-${ARCH}"; \
     chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
 ENV DAPPER_ENV REPO TAG DRONE_TAG
 ENV DAPPER_SOURCE /go/src/github.com/rancher/system-upgrade-controller/

diff --git a/e2e/cluster/local/docker-compose.yaml b/e2e/cluster/local/docker-compose.yaml
@@ -1,5 +1,3 @@
-version: "3.7"
-
 volumes:
   kubeconfig:
     name: e2e-local-kubeconfig
@@ -13,7 +11,7 @@ services:
       context: ./images/k3s/.
       args:
         - ARCH=${ARCH}
-    command: server --disable=traefik,metrics-server --disable-helm-controller
+    command: server --disable=traefik,metrics-server --disable-helm-controller --tls-san 172.17.0.1
     environment:
       - K3S_TOKEN=e2e
     hostname: k3s-server-1

diff --git a/e2e/cluster/local/images/k3s/Dockerfile b/e2e/cluster/local/images/k3s/Dockerfile
@@ -1,21 +1,21 @@
 # Install the all-in-one binary so we can copy our run-time images into the image
 # which helps avoid pulling them when running e2e tests.
-ARG BCI="registry.suse.com/bci/bci-base:15.5"
+ARG BCI="registry.suse.com/bci/bci-base:15.6"
 FROM ${BCI} AS k3s
 ARG ARCH
-ARG K3S_VERSION="v1.25.9+k3s1"
+ARG K3S_VERSION="v1.30.3+k3s1"
 RUN set -x \
- && zypper -n in \
-    ca-certificates \
-    curl \
- && if [ "${ARCH?required}" != "amd64" ]; then \
-        K3S_SUFFIX="-${ARCH}"; \
-    fi \
- && curl -fsSL "https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s${K3S_SUFFIX}" > /bin/k3s \
- && chmod +x /bin/k3s \
- && ln -s /bin/k3s /bin/kubectl \
- && ln -s /bin/k3s /bin/ctr \
- && k3s --version
+   && zypper -n in \
+   ca-certificates \
+   curl \
+   && if [ "${ARCH?required}" != "amd64" ]; then \
+   K3S_SUFFIX="-${ARCH}"; \
+   fi \
+   && curl -fsSL "https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s${K3S_SUFFIX}" > /bin/k3s \
+   && chmod +x /bin/k3s \
+   && ln -s /bin/k3s /bin/kubectl \
+   && ln -s /bin/k3s /bin/ctr \
+   && k3s --version
 
 COPY scratch/*-${ARCH}.tar /var/lib/rancher/k3s/agent/images/
 #ADD https://github.com/rancher/k3s/releases/download/${K3S_VERSION}/k3s-airgap-images-${ARCH}.tar /var/lib/rancher/k3s/agent/images/

diff --git a/e2e/cluster/local/scripts/cluster-prepare b/e2e/cluster/local/scripts/cluster-prepare
@@ -5,8 +5,8 @@ set -e
 : "${ARCH?required}"
 : "${DIST?required}"
 : "${BCI_TAG:=15.4}"
-: "${KUBECTL_TAG:=v1.25.4}"
-: "${SONOBUOY_TAG:=v0.56.16}"
+: "${KUBECTL_TAG:=v1.30.3}"
+: "${SONOBUOY_TAG:=v0.57.1}"
 
 docker-image-save() {
   echo "Pulling '$1:$2' ..."

diff --git a/e2e/framework/channel.go b/e2e/framework/channel.go
@@ -13,7 +13,7 @@ func ChannelServer(location string, statusCode int) *httptest.Server {
 		Failf("cannot read hostname: %v", err)
 	}
 	server := &httptest.Server{
-		Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			w.Header().Set("Location", location)
 			w.WriteHeader(statusCode)
 		})},

diff --git a/e2e/framework/framework.go b/e2e/framework/framework.go
@@ -60,15 +60,10 @@ func New(name string, opt ...Option) *Client {
 		fn(options)
 	}
 	client := &Client{
-		Framework: framework.Framework{
-			BaseName:                         name,
-			AddonResourceConstraints:         make(map[string]framework.ResourceConstraint),
-			NamespacePodSecurityEnforceLevel: admissionapi.LevelPrivileged,
-			Options:                          options.Options,
-		},
+		Framework: *framework.NewFramework(name, options.Options, nil),
 	}
+	client.Framework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
 	ginkgo.BeforeEach(client.BeforeEach)
-	ginkgo.AfterEach(client.AfterEach)
 	return client
 }
 
@@ -161,14 +156,14 @@ func (c *Client) WaitForPlanJobs(plan *upgradeapiv1.Plan, count int, timeout tim
 	})
 }
 
-func (c *Client) BeforeEach() {
+func (c *Client) BeforeEach(ctx context.Context) {
 	c.beforeFramework()
-	c.Framework.BeforeEach()
+	c.Framework.BeforeEach(ctx)
 	c.setupController()
 }
 
-func (c *Client) AfterEach() {
-	c.Framework.AfterEach()
+func (c *Client) AfterEach(ctx context.Context) {
+	c.Framework.AfterEach(ctx)
 }
 
 func (c *Client) setupController() {
@@ -181,7 +176,7 @@ func (c *Client) setupController() {
 	}, metav1.CreateOptions{})
 	framework.ExpectNoError(err)
 
-	err = frameworkauth.BindClusterRole(c.ClientSet.RbacV1(), "cluster-admin", c.Namespace.Name, rbacv1.Subject{
+	err = frameworkauth.BindClusterRole(context.TODO(), c.ClientSet.RbacV1(), "cluster-admin", c.Namespace.Name, rbacv1.Subject{
 		Kind:      rbacv1.ServiceAccountKind,
 		Name:      c.controllerServiceAccount.Name,
 		Namespace: c.controllerServiceAccount.Namespace,

diff --git a/e2e/framework/logging.go b/e2e/framework/logging.go
@@ -5,7 +5,7 @@ import (
 	"time"
 
 	"github.com/onsi/ginkgo/v2"
-	"k8s.io/kubernetes/test/e2e/framework/ginkgowrapper"
+	"k8s.io/kubernetes/test/e2e/framework"
 )
 
 // Logf logs the info.
@@ -35,7 +35,7 @@ func Failf(format string, args ...interface{}) {
 func FailfWithOffset(offset int, format string, args ...interface{}) {
 	msg := fmt.Sprintf(format, args...)
 	Logf("FAIL", msg)
-	ginkgowrapper.Fail(nowStamp()+": "+msg, 1+offset)
+	framework.Fail(nowStamp()+": "+msg, 1+offset)
 }
 
 func nowStamp() string {

diff --git a/e2e/suite/channel_resolve_test.go b/e2e/suite/channel_resolve_test.go
@@ -5,17 +5,17 @@ import (
 	"net/http"
 	"net/http/httptest"
 
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
 	"github.com/rancher/system-upgrade-controller/e2e/framework"
 	upgradeapiv1 "github.com/rancher/system-upgrade-controller/pkg/apis/upgrade.cattle.io/v1"
 	upgradeplan "github.com/rancher/system-upgrade-controller/pkg/upgrade/plan"
 )
 
-var _ = Describe("Resolve channel", func() {
+var _ = ginkgo.Describe("Resolve channel", func() {
 	e2e := framework.New("channel")
 
-	When("passed url fails to resolve", func() {
+	ginkgo.When("passed url fails to resolve", func() {
 		var (
 			err        error
 			plan       *upgradeapiv1.Plan
@@ -25,45 +25,45 @@ var _ = Describe("Resolve channel", func() {
 			clusterID  string
 			latest     string
 		)
-		BeforeEach(func() {
+		ginkgo.BeforeEach(func() {
 			ctx, cancel = context.WithCancel(context.Background())
 			plan = e2e.NewPlan("channel-", "", nil)
 		})
-		AfterEach(func() {
+		ginkgo.AfterEach(func() {
 			if channelSrv != nil {
 				channelSrv.Close()
 			}
 			cancel()
 		})
-		It("channel server is up with correct address", func() {
+		ginkgo.It("channel server is up with correct address", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusFound)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(latest).NotTo(BeEmpty())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
+			gomega.Expect(latest).NotTo(gomega.BeEmpty())
 		})
-		It("channel server is up but url not found", func() {
+		ginkgo.It("channel server is up but url not found", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusNotFound)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).To(HaveOccurred())
-			Expect(latest).To(BeEmpty())
+			gomega.Expect(err).To(gomega.HaveOccurred())
+			gomega.Expect(latest).To(gomega.BeEmpty())
 		})
-		It("Service Unavailable", func() {
+		ginkgo.It("Service Unavailable", func() {
 			channelSrv = framework.ChannelServer("/local", http.StatusServiceUnavailable)
 			plan.Spec.Channel = channelSrv.URL
-			Expect(plan.Spec.Channel).ToNot(BeEmpty())
+			gomega.Expect(plan.Spec.Channel).ToNot(gomega.BeEmpty())
 			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
 			latest, err = upgradeplan.ResolveChannel(ctx, plan.Spec.Channel, plan.Status.LatestVersion, clusterID)
-			Expect(err).To(HaveOccurred())
-			Expect(latest).To(BeEmpty())
+			gomega.Expect(err).To(gomega.HaveOccurred())
+			gomega.Expect(latest).To(gomega.BeEmpty())
 		})
 	})
 })