DE-58 Helm 4.10.4

.github/workflows/ci.yaml

@@ -60,7 +60,8 @@ jobs:
   test:
     name: Test
     needs: build
-    uses: wallarm/sidecar/.github/workflows/test.yaml@DE-53_smoke_tests # TODO: fix, tmp, no dynamic resolving here
+    # TODO switch to main when tests success
+    uses: wallarm/sidecar/.github/workflows/test.yaml@DE-58
     secrets:
       VAULT_URL: ${{ secrets.VAULT_URL }}
       VAULT_ROLE: ${{ secrets.VAULT_ROLE }}
@@ -80,7 +81,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        k8s: [v1.27.1]
+        k8s: [1.28.7]
         ARCH: [amd64, arm64]
         INJECTION_STRATEGY: [single, split]
         include:
@@ -130,7 +131,7 @@ jobs:
         run: docker load -i sidecar-${{ matrix.ARCH }}.tar
 
       - name: Create cluster
-        run: kind create cluster --image=kindest/node:${{ matrix.k8s }}
+        run: kind create cluster --image=kindest/node:v${{ matrix.k8s }}
 
       - name: Run smoke tests
         env:

.github/workflows/test.yaml

@@ -98,9 +98,14 @@ jobs:
           - 1.19.16
           - 1.20.15
           - 1.21.14
-          - 1.22.13
+          - 1.22.17
           - 1.23.9
-          - 1.24.4
+          - 1.24.9
+          - 1.25.16
+          - 1.26.15
+          - 1.27.13
+          - 1.28.9
+          - 1.29.4
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -118,25 +123,26 @@ jobs:
           ignore_missing_schemas: false
 
   test:
-    name: Integration test
-    runs-on: ${{ matrix.RUNNER }}
+    name: Installation test
+    runs-on: self-hosted-amd64-1cpu
     if: ${{ inputs.run_test }}
     needs: check
+    env:
+      ARCH: amd64
     strategy:
       matrix:
         kubeVersion:
           - 1.19.16
           - 1.20.15
           - 1.21.14
-          - 1.22.15
-          - 1.23.13
-          - 1.24.7
-          - 1.25.3
-        ARCH: [ amd64 ]
-        RUNNER: [ self-hosted-amd64-1cpu ]
-        include:
-          - { kubeVersion: 1.19.16, ARCH: arm64, RUNNER: self-hosted-arm64-1cpu }
-          - { kubeVersion: 1.25.3,  ARCH: arm64, RUNNER: self-hosted-arm64-1cpu }
+          - 1.22.17
+          - 1.23.17
+          - 1.24.17
+          - 1.25.16
+          - 1.26.14
+          - 1.27.11
+          - 1.28.7
+          - 1.29.2
     steps:
       - name: Import secrets
         uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0
@@ -169,11 +175,11 @@ jobs:
         if: ${{ inputs.load_artifact }}
         uses: actions/download-artifact@v4
         with:
-          name: sidecar-${{ matrix.ARCH }}.tar
+          name: sidecar-${{ env.ARCH }}.tar
 
       - name: Load image
         if: ${{ inputs.load_artifact }}
-        run: kind load image-archive sidecar-${{ matrix.ARCH }}.tar
+        run: kind load image-archive sidecar-${{ env.ARCH }}.tar
 
       - name: Install Helm chart
         run: |
@@ -226,7 +232,7 @@ jobs:
 
       - name: Create cluster
         run: |
-          kind create cluster --image kindest/node:v1.25.3
+          kind create cluster --image kindest/node:v1.28.7
           kubectl wait --for=condition=Ready pods --all --timeout=180s -n kube-system
 
       - name: Load cache

Dockerfile

@@ -1,15 +1,21 @@
 ARG ALPINE_VERSION
-FROM golang:1.21.1-alpine${ALPINE_VERSION} as builder
+ARG GOLANG_VERSION
+FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} as builder
 
-MAINTAINER Wallarm Support Team <[email protected]>
+ARG ALPINE_VERSION
+ARG GOLANG_VERSION
+ARG CONTAINER_VERSION
+ARG COMMIT_SHA
 
-LABEL org.opencontainers.image.title="Docker official image for Wallarm Node. API security platform agent"
-LABEL org.opencontainers.image.title="Kubernetes Sidecar schema of Wallarm API Security deployment"
+LABEL org.opencontainers.image.authors="Wallarm Support Team <[email protected]>"
+LABEL org.opencontainers.image.title="Kubernetes Sidecar controller of Wallarm API Security deployment"
 LABEL org.opencontainers.image.documentation="https://docs.wallarm.com/installation/kubernetes/sidecar-proxy/deployment/"
 LABEL org.opencontainers.image.source="https://github.com/wallarm/sidecar"
 LABEL org.opencontainers.image.vendor="Wallarm"
+LABEL org.opencontainers.image.version="${CONTAINER_VERSION}"
 LABEL org.opencontainers.image.revision="${COMMIT_SHA}"
 LABEL com.wallarm.sidecar-controller.versions.alpine="${ALPINE_VERSION}"
+LABEL com.wallarm.sidecar-controller.versions.golang="${GOLANG_VERSION}"
 
 RUN apk add --no-cache                         \
         bash                                   \

Makefile

@@ -17,7 +17,14 @@ TAG   	 		 ?= $(shell cat TAG)
 IMAGE 	  		 ?= wallarm/sidecar-controller
 CONTROLLER_IMAGE = $(IMAGE):$(TAG)
 COMMIT_SHA ?= git-$(shell git rev-parse --short HEAD)
-ALPINE_VERSION   = 3.18
+
+### Versions used to build controller image
+###
+ALPINE_VERSION = 3.19
+GOLANG_VERSION = 1.22.2
+
+### Variables used in tests
+###
 INJECTION_STRATEGY ?= single
 REGISTRY ?= wallarm
 
@@ -122,6 +129,8 @@ build: setup_buildx
 		--file Dockerfile \
 		--platform=$(PLATFORMS) \
 		--build-arg ALPINE_VERSION="$(ALPINE_VERSION)" \
+		--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
+		--build-arg CONTAINER_VERSION="$(TAG)" \
 		--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
 		--force-rm --no-cache --progress=plain \
 		--tag $(CONTROLLER_IMAGE) $(BUILDX_ARGS) .

TAG

@@ -1 +1 @@
-1.3.5
+1.3.6

go.mod

@@ -1,7 +1,6 @@
 module github.com/wallarm/sidecar
 
-go 1.21
-toolchain go1.22.2
+go 1.22.2
 
 require (
 	github.com/alexflint/go-arg v1.4.3
@@ -16,23 +15,23 @@ require (
 require (
 	github.com/alexflint/go-scalar v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.53.0 // indirect
+	github.com/prometheus/procfs v0.14.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
-	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
+	k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )

go.sum

@@ -5,8 +5,8 @@ github.com/alexflint/go-scalar v1.2.0 h1:WR7JPKkeNpnYIOfHRa7ivM21aWAdHD0gEWHCx+W
 github.com/alexflint/go-scalar v1.2.0/go.mod h1:LoFvNMqS1CPrMVltza4LvnGKhaSpc3oyLEBUZVhhS2o=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -37,12 +37,12 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
 github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
-github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
-github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
+github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
+github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s=
+github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -66,17 +66,17 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
@@ -108,8 +108,8 @@ k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
 k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=

helm/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: wallarm-sidecar
-version: 4.10.2
-appVersion: 4.10.2-1
+version: 4.10.4
+appVersion: 4.10.4-1
 description: Sidecar controller for Kubernetes. Injects sidecar proxy based on NGINX with Wallarm module and helper services.
 home: https://github.com/wallarm/sidecar
 icon: https://static.wallarm.com/wallarm-logo.svg
@@ -21,8 +21,8 @@ kubeVersion: ">=1.19.16-0"
 annotations:
   artifacthub.io/images: |
     - name: sidecar
-      image: wallarm/sidecar:4.10.2-1
+      image: wallarm/sidecar:4.10.4-1
     - name: sidecar-controller
-      image: wallarm/sidecar-controller:1.3.5
+      image: wallarm/sidecar-controller:1.3.6
     - name: node-helpers
-      image: wallarm/node-helpers:4.10.2-2
+      image: wallarm/node-helpers:4.10.4-1

helm/values.dev.yaml

@@ -13,7 +13,7 @@ controller:
   image:
     registry: docker.io
     image: golang
-    tag: "1.21.1-alpine3.18"
+    tag: "1.22.2-alpine3.19"
   replicaCount: 1
   command:
     - sleep

helm/values.yaml

@@ -183,7 +183,7 @@ config:
     image:
       registry: docker.io
       image: wallarm/sidecar
-      tag: "4.10.2-1"
+      tag: "4.10.4-1"
       pullPolicy: IfNotPresent
     ### Shared security context for all (init and regular) containers in sidecar schema except `iptables` container.
     ### For `iptables` container it is described in `sidecar.initContainers.iptables.securityContext` value
@@ -348,7 +348,7 @@ helper:
   image:
     registry: "docker.io"
     image: "wallarm/node-helpers"
-    tag: "4.10.2-2"
+    tag: "4.10.4-1"
     pullPolicy: IfNotPresent
 
 ### Configuration for post-analytics module
@@ -785,7 +785,7 @@ controller:
   image:
     registry: docker.io
     image: wallarm/sidecar-controller
-    tag: "1.3.5"
+    tag: 1.3.6
     pullPolicy: IfNotPresent
   # -- Admission webhook configuration
   # @default -- *See below for details*

test/smoke/run-smoke-suite.sh

@@ -32,7 +32,7 @@ WALLARM_API_HOST="${WALLARM_API_HOST:-api.wallarm.com}"
 WALLARM_API_PRESET="${WALLARM_API_PRESET:-eu1}"
 NODE_BASE_URL="${NODE_BASE_URL:-http://workload.default.svc.cluster.local}"
 PYTEST_ARGS=$(echo "${PYTEST_ARGS:---allure-features=Node}" | xargs)
-PYTEST_WORKERS="${PYTEST_WORKERS:-10}"
+PYTEST_WORKERS="${PYTEST_WORKERS:-15}"
 #TODO We need it here just to don't let test fail. Remove this variable when test will be fixed.
 HOSTNAME_OLD_NODE="smoke-tests-old-node"
 
@@ -49,15 +49,15 @@ function get_logs_and_fail() {
 
 function get_logs() {
     echo "#################################"
-    echo "###### Controller logs ######"
+    echo "######## Controller logs ########"
     echo "#################################"
     kubectl logs -l "app.kubernetes.io/component=controller" --tail=-1
     echo -e "#################################\n"
 
     for CONTAINER in antibot appstructure supervisord tarantool ; do
       echo "#######################################"
       echo "###### ${CONTAINER} container logs ######"
-      echo "#######################################\n"
+      echo -e "#######################################\n"
       kubectl logs -l "app.kubernetes.io/component=postanalytics" -c ${CONTAINER} --tail=-1
       echo -e "#######################################\n"
     done
@@ -205,7 +205,7 @@ EOF
 
 echo "Waiting for all pods ready ..."
 sleep 10
-kubectl wait --for=condition=Ready pods --all --timeout=300s
+kubectl wait --for=condition=Ready pods --all --timeout=300s || get_logs_and_fail
 
 echo "Run smoke tests ..."
 GITHUB_VARS=$(env | awk -F '=' '/^GITHUB_/ {vars = vars $1 "=" $2 " ";} END {print vars}')