diff --git a/.github/workflows/prod-release.yaml b/.github/workflows/prod-release.yaml index 54a62e67..b599a5a8 100644 --- a/.github/workflows/prod-release.yaml +++ b/.github/workflows/prod-release.yaml @@ -37,6 +37,97 @@ jobs: docker pull "${SRC}-linux_amd64" docker pull "${SRC}-linux_arm64" + - name: Deploy Images To ECR Public + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "public.ecr.aws" + image_tag: "${{ github.event.inputs.tag }}" + dst_image_name: "appmesh/appmesh-controller" + region: "us-west-2" + role: "${{ secrets.PROD_AWS_ROLE }}" + + - name: Deploy Images to PDX + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "us-west-2" + role: "${{ secrets.PROD_AWS_ROLE }}" + + - name: Deploy Images to BAH + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_BAH_AWS_ACCOUNT }}.dkr.ecr.me-south-1.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "me-south-1" + role: "${{ secrets.PROD_BAH_AWS_ROLE }}" + + - name: Deploy Images to CPT + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_CPT_AWS_ACCOUNT }}.dkr.ecr.af-south-1.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "af-south-1" + role: "${{ secrets.PROD_CPT_AWS_ROLE }}" + + - name: Deploy Images to HKG + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_HKG_AWS_ACCOUNT }}.dkr.ecr.ap-east-1.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "ap-east-1" + role: "${{ secrets.PROD_HKG_AWS_ROLE }}" + + - name: Deploy Images to MXP + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_MXP_AWS_ACCOUNT }}.dkr.ecr.eu-south-1.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "eu-south-1" + role: "${{ secrets.PROD_MXP_AWS_ROLE }}" + + - name: Deploy Images to CGK + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_CGK_AWS_ACCOUNT }}.dkr.ecr.ap-southeast-3.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "ap-southeast-3" + role: "${{ secrets.PROD_CGK_AWS_ROLE }}" + + - name: Deploy Images to BJS + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_BJS_AWS_ACCOUNT }}.dkr.ecr.cn-north-1.amazonaws.com.cn" + image_tag: "${{ github.event.inputs.tag }}" + region: "cn-north-1" + role: "${{ secrets.PROD_BJS_AWS_ROLE }}" + + - name: Deploy Images to ZHY + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_ZHY_AWS_ACCOUNT }}.dkr.ecr.cn-northwest-1.amazonaws.com.cn" + image_tag: "${{ github.event.inputs.tag }}" + region: "cn-northwest-1" + role: "${{ secrets.PROD_ZHY_AWS_ROLE }}" + + - name: Deploy Images to TLV + uses: ./.github/actions/push-image + with: + src_host: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com" + dst_host: "${{ secrets.PROD_TLV_AWS_ACCOUNT }}.dkr.ecr.il-central-1.amazonaws.com" + image_tag: "${{ github.event.inputs.tag }}" + region: "il-central-1" + role: "${{ secrets.PROD_TLV_AWS_ROLE }}" + - name: Deploy Images to PDT uses: ./.github/actions/push-image with: diff --git a/config/helm/appmesh-controller/README.md b/config/helm/appmesh-controller/README.md index 6123871f..c3044e94 100644 --- a/config/helm/appmesh-controller/README.md +++ b/config/helm/appmesh-controller/README.md @@ -90,6 +90,25 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \ The [configuration](#configuration) section lists the parameters that can be configured during installation. +**Note** +If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`. +If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like: +``` +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller \ + --set accountId=$AWS_ACCOUNT_ID \ + --set log.level=debug \ + --set tracing.enabled=true \ + --set tracing.provider=x-ray \ + --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \ + --set xray.image.tag={your-xray-daemon-image-tag} +``` +Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway. +More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html + **Note** Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration - https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json diff --git a/go.mod b/go.mod index fc698c05..4a3720f5 100644 --- a/go.mod +++ b/go.mod @@ -58,7 +58,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/cli v20.10.21+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v20.10.24+incompatible // indirect + github.com/docker/docker v24.0.7+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index 80d4b817..a5a9a046 100644 --- a/go.sum +++ b/go.sum @@ -132,8 +132,8 @@ github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SH github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE= -github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= +github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= diff --git a/test/e2e/fishapp/dynamic_stack.go b/test/e2e/fishapp/dynamic_stack.go index 937cf0ae..1238b52f 100644 --- a/test/e2e/fishapp/dynamic_stack.go +++ b/test/e2e/fishapp/dynamic_stack.go @@ -42,21 +42,22 @@ const ( connectivityCheckUniformDistributionSL = 0.001 // Significance level that traffic to targets are uniform distributed. AppContainerPort = 9080 HttpProxyContainerPort = 8899 - defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1" - defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest" - caCertScript = "certs/ca_certs.sh" - nodeCertScript = "certs/node_certs.sh" - genericNodeCertCfgFile = "certs/node_cert.cfg" - certsBasePath = "certs/" - certsCfgFileSuffix = "_cert.cfg" - certChainSuffix = "_cert_chain.pem" - certKeySuffix = "_key.pem" - caCertFile = "ca_cert.pem" - envoyCACertPath = "/certs/ca_cert.pem" - certCleanupScript = "certs/cleanup.sh" - sdsDeployScript = "certs/sds_provider.sh" - registerAgentIdentity = "certs/register_agent_entry.sh" - registerWorkloadIdentity = "certs/register_workload_entry.sh" + // From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller + defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller" + defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest" + caCertScript = "certs/ca_certs.sh" + nodeCertScript = "certs/node_certs.sh" + genericNodeCertCfgFile = "certs/node_cert.cfg" + certsBasePath = "certs/" + certsCfgFileSuffix = "_cert.cfg" + certChainSuffix = "_cert_chain.pem" + certKeySuffix = "_key.pem" + caCertFile = "ca_cert.pem" + envoyCACertPath = "/certs/ca_cert.pem" + certCleanupScript = "certs/cleanup.sh" + sdsDeployScript = "certs/sds_provider.sh" + registerAgentIdentity = "certs/register_agent_entry.sh" + registerWorkloadIdentity = "certs/register_workload_entry.sh" ) var ( diff --git a/test/e2e/fishapp/load/dynamic_stack_load_test.go b/test/e2e/fishapp/load/dynamic_stack_load_test.go index b38ba813..40912684 100644 --- a/test/e2e/fishapp/load/dynamic_stack_load_test.go +++ b/test/e2e/fishapp/load/dynamic_stack_load_test.go @@ -45,7 +45,8 @@ const ( connectivityCheckUniformDistributionSL = 0.001 // Significance level that traffic to targets are uniform distributed. AppContainerPort = 9080 HttpProxyContainerPort = 8899 - //defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1" + // From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller + //defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller" defaultAppImage = "python:3.9" defaultHTTPProxyImage = "abhinavsingh/proxy.py:latest" caCertScript = "certs/ca_certs.sh" diff --git a/test/integration/sidecar-v1.22/sidecar_stack.go b/test/integration/sidecar-v1.22/sidecar_stack.go index ae77cb45..31214be3 100644 --- a/test/integration/sidecar-v1.22/sidecar_stack.go +++ b/test/integration/sidecar-v1.22/sidecar_stack.go @@ -3,6 +3,7 @@ package sidecar_v1_22 import ( "context" "fmt" + "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject" appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2" @@ -17,7 +18,8 @@ import ( ) const ( - defaultImage = "public.ecr.aws/b7m0w2t6/color-be-app:2.0.2" + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-backend + defaultImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-be-app" ) type SidecarStack struct { diff --git a/test/integration/sidecar/sidecar_stack.go b/test/integration/sidecar/sidecar_stack.go index 915d2864..fa69168a 100644 --- a/test/integration/sidecar/sidecar_stack.go +++ b/test/integration/sidecar/sidecar_stack.go @@ -3,9 +3,10 @@ package sidecar import ( "context" "fmt" - "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject" "time" + "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/inject" + appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2" "github.com/aws/aws-app-mesh-controller-for-k8s/test/framework" "github.com/aws/aws-sdk-go/aws" @@ -22,8 +23,11 @@ import ( ) const ( - defaultFrontendImage = "public.ecr.aws/b7m0w2t6/color-fe-app:2.0.3" - defaultBackendImage = "public.ecr.aws/b7m0w2t6/color-be-app:2.0.2" + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-frontend + defaultFrontendImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-fe-app" + + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/sidecar-backend + defaultBackendImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:color-be-app" ) type SidecarStack struct { diff --git a/test/integration/timeout/timeout_stack.go b/test/integration/timeout/timeout_stack.go index ed8a36e8..42bba0ae 100644 --- a/test/integration/timeout/timeout_stack.go +++ b/test/integration/timeout/timeout_stack.go @@ -28,8 +28,12 @@ import ( const ( //If you're not able to access below images, try to build them based on the app code under "timeout_app" //directory and push it to any accessible ECR repo and update the below values - defaultFrontEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-feapp:v1" - defaultBackEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-beapp:v1" + + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/frontend + defaultFrontEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-frontend" + + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/backend + defaultBackEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-backend" timeoutTest = "timeout-e2e" AppContainerPort = 8080 diff --git a/test/integration/tls/tls_stack.go b/test/integration/tls/tls_stack.go index 34226e98..4ef57601 100644 --- a/test/integration/tls/tls_stack.go +++ b/test/integration/tls/tls_stack.go @@ -31,8 +31,12 @@ import ( const ( //If you're not able to access below images, try to build them based on the app code under "timeout_app" //directory and push it to any accessible ECR repo and update the below values - defaultFrontEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-feapp:v1" - defaultBackEndImage = "public.ecr.aws/e6v3k1j4/appmesh-test-beapp:v1" + + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/frontend + defaultFrontEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-frontend" + + // From https://github.com/aws/aws-app-mesh-controller-for-k8s/tree/master/test/integration/test_app/backend + defaultBackEndImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:testapp-backend" tlsTest = "tls-e2e" AppContainerPort = 8080 diff --git a/test/integration/virtualnode/virtualnode_test.go b/test/integration/virtualnode/virtualnode_test.go index 801a7bef..9f469216 100644 --- a/test/integration/virtualnode/virtualnode_test.go +++ b/test/integration/virtualnode/virtualnode_test.go @@ -3,6 +3,9 @@ package virtualnode_test import ( "context" "fmt" + "sync" + "time" + appmeshk8s "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/k8s" "github.com/aws/aws-app-mesh-controller-for-k8s/test/framework/k8s" "github.com/aws/aws-sdk-go/aws" @@ -15,8 +18,6 @@ import ( apierrs "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" - "sync" - "time" appmesh "github.com/aws/aws-app-mesh-controller-for-k8s/apis/appmesh/v1beta2" "github.com/aws/aws-app-mesh-controller-for-k8s/pkg/algorithm" @@ -31,7 +32,8 @@ import ( ) const ( - defaultAppImage = "public.ecr.aws/e6v3k1j4/colorteller:v1" + // From https://github.com/aws/aws-app-mesh-examples/tree/main/examples/apps/colorapp/src/colorteller + defaultAppImage = "public.ecr.aws/e4i4k4a4/appmesh-k8s-test:colorteller" AppContainerPort = 8080 )