bump envtest, golangci-lint, and kind (#6088)

Signed-off-by: Bryce Palmer <[email protected]>

Author: everettraven

Makefile

@@ -9,7 +9,7 @@ export IMAGE_VERSION = v1.24.0
 export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git)
 export GIT_VERSION = $(shell git describe --dirty --tags --always)
 export GIT_COMMIT = $(shell git rev-parse HEAD)
-export K8S_VERSION = 1.24.2
+export K8S_VERSION = 1.25.0
 
 # Build settings
 export TOOLS_DIR = tools/bin
@@ -57,7 +57,7 @@ fix: ## Fixup files in the repo.
 
 .PHONY: setup-lint
 setup-lint: ## Setup the lint
-	$(SCRIPTS_DIR)/fetch golangci-lint 1.46.2
+	$(SCRIPTS_DIR)/fetch golangci-lint 1.50.0
 
 .PHONY: lint
 lint: setup-lint ## Run the lint check
@@ -175,12 +175,12 @@ cluster-create::
 
 .PHONY: dev-install
 dev-install::
-	$(SCRIPTS_DIR)/fetch kind 0.14.0
+	$(SCRIPTS_DIR)/fetch kind 0.16.0
 	$(SCRIPTS_DIR)/fetch kubectl $(K8S_VERSION) # Install kubectl AFTER envtest because envtest includes its own kubectl binary
 
 .PHONY: test-e2e-teardown
 test-e2e-teardown:
-	$(SCRIPTS_DIR)/fetch kind 0.14.0
+	$(SCRIPTS_DIR)/fetch kind 0.16.0
 	$(TOOLS_DIR)/kind delete cluster --name $(KIND_CLUSTER)
 	rm -f $(KUBECONFIG)
 

changelog/fragments/envtest-bump.yaml

@@ -0,0 +1,18 @@
+# entries is a list of entries to include in
+# release notes and/or the migration guide
+entries:
+  - description: >
+      (ansible/v1): updates the base ansible base operator event api, api server, 
+      and proxy to now have a 5 second timeout when reading the request headers. 
+      This is to prevent the possibility of a [Slowloris attack](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
+
+    # kind is one of:
+    # - addition
+    # - change
+    # - deprecation
+    # - removal
+    # - bugfix
+    kind: "change"
+
+    # Is this a breaking change?
+    breaking: false

internal/ansible/apiserver/apiserver.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"time"
 
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	crmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
@@ -38,8 +39,9 @@ func Run(options Options) error {
 	mux.HandleFunc("/metrics", metricsHandler)
 
 	server := http.Server{
-		Addr:    fmt.Sprintf("%s:%d", options.Address, options.Port),
-		Handler: mux,
+		Addr:              fmt.Sprintf("%s:%d", options.Address, options.Port),
+		Handler:           mux,
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 	log.Info("Starting to serve metrics listener", "Address", server.Addr)
 	return server.ListenAndServe()

internal/ansible/proxy/kubectl.go

@@ -254,7 +254,8 @@ func (s *server) ListenUnix(path string) (net.Listener, error) {
 // ServeOnListener starts the server using given listener, loops forever.
 func (s *server) ServeOnListener(l net.Listener) error {
 	server := http.Server{
-		Handler: s.Handler,
+		Handler:           s.Handler,
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 	return server.Serve(l)
 }

internal/ansible/runner/eventapi/eventapi.go

@@ -80,7 +80,7 @@ func New(ident string, errChan chan<- error) (*EventReceiver, error) {
 
 	mux := http.NewServeMux()
 	mux.HandleFunc(rec.URLPath, rec.handleEvents)
-	srv := http.Server{Handler: mux}
+	srv := http.Server{Handler: mux, ReadHeaderTimeout: 5 * time.Second}
 	rec.server = &srv
 
 	go func() {