Merge remote-tracking branch 'origin/main' into k0s-1-28-9

Author: laverya

.github/workflows/pull-request.yaml

@@ -19,7 +19,7 @@ jobs:
       run: |
         make vet
     - name: Lint
-      uses: golangci/golangci-lint-action@v5
+      uses: golangci/golangci-lint-action@v6
       with:
         version: v1.54
   tests:

Makefile

@@ -9,7 +9,7 @@ ADMIN_CONSOLE_IMAGE_OVERRIDE =
 ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE =
 EMBEDDED_OPERATOR_CHART_URL = oci://registry.replicated.com/library
 EMBEDDED_OPERATOR_CHART_NAME = embedded-cluster-operator
-EMBEDDED_OPERATOR_CHART_VERSION = 0.30.5
+EMBEDDED_OPERATOR_CHART_VERSION = 0.31.1
 EMBEDDED_OPERATOR_UTILS_IMAGE = busybox:1.36.1
 EMBEDDED_CLUSTER_OPERATOR_IMAGE_OVERRIDE =
 OPENEBS_CHART_URL = https://openebs.github.io/openebs
@@ -22,14 +22,14 @@ REGISTRY_CHART_VERSION = 2.2.3
 REGISTRY_IMAGE_VERSION = 2.8.3
 VELERO_CHART_URL = https://vmware-tanzu.github.io/helm-charts
 VELERO_CHART_NAME = vmware-tanzu/velero
-VELERO_CHART_VERSION = 6.0.0
+VELERO_CHART_VERSION = 6.3.0
 VELERO_IMAGE_VERSION = v1.13.2
 VELERO_AWS_PLUGIN_IMAGE_VERSION = v1.9.2
 KUBECTL_VERSION = v1.28.9
 K0S_VERSION = v1.28.9+k0s.0
 PREVIOUS_K0S_VERSION ?= v1.28.8+k0s.0
 K0S_BINARY_SOURCE_OVERRIDE =
-TROUBLESHOOT_VERSION = v0.92.0
+TROUBLESHOOT_VERSION = v0.92.1
 KOTS_VERSION = v$(shell echo $(ADMIN_CONSOLE_CHART_VERSION) | sed 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/')
 LD_FLAGS = -X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$(K0S_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.Version=$(VERSION) \

cmd/embedded-cluster/restore.go

@@ -684,6 +684,19 @@ var restoreCommand = &cli.Command{
 			if err := waitForK0s(); err != nil {
 				return fmt.Errorf("unable to wait for node: %w", err)
 			}
+
+			kcli, err := kubeutils.KubeClient()
+			if err != nil {
+				return fmt.Errorf("unable to create kube client: %w", err)
+			}
+			errCh := kubeutils.WaitForKubernetes(c.Context, kcli)
+			defer func() {
+				for len(errCh) > 0 {
+					err := <-errCh
+					logrus.Error(fmt.Errorf("infrastructure failed to become ready: %w", err))
+				}
+			}()
+
 			logrus.Debugf("running outro")
 			if err := runOutroForRestore(c); err != nil {
 				return fmt.Errorf("unable to run outro: %w", err)

e2e/scripts/unsupported-overrides.sh

@@ -51,13 +51,16 @@ spec:
                 name: admin-console
                 namespace: kotsadm
                 order: 3
-                version: 1.108.0-build.1
+                version: 1.109.3
                 values: |
                   isHelmManaged: false
                   minimalRBAC: false
                   service:
                     nodePort: 30000
                     type: NodePort
+                  passwordSecretRef:
+                    name: kotsadm-password
+                    key: passwordBcrypt
               - chartname: oci://registry-1.docker.io/bitnamicharts/memcached
                 name: memcached
                 namespace: embedded-cluster

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/canonical/lxd v0.0.0-20230814092713-c77ee90f5032
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/creack/pty v1.1.21
-	github.com/fatih/color v1.16.0
+	github.com/fatih/color v1.17.0
 	github.com/google/uuid v1.6.0
 	github.com/gosimple/slug v1.14.0
 	github.com/jedib0t/go-pretty v4.3.0+incompatible
@@ -18,7 +18,7 @@ require (
 	github.com/replicatedhq/embedded-cluster-operator v0.31.1
 	github.com/replicatedhq/embedded-cluster-utils v1.0.0
 	github.com/replicatedhq/kotskinds v0.0.0-20230724164735-f83482cc9cfe
-	github.com/replicatedhq/troubleshoot v0.92.0
+	github.com/replicatedhq/troubleshoot v0.92.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli/v2 v2.27.2
@@ -28,7 +28,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.30.0
-	k8s.io/apimachinery v0.30.0
+	k8s.io/apimachinery v0.30.1
 	oras.land/oras-go/v2 v2.5.0
 	sigs.k8s.io/controller-runtime v0.18.2
 	sigs.k8s.io/yaml v1.4.0

go.sum

@@ -44,8 +44,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lSh
 github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3 h1:fmFk0Wt3bBxxwZnu48jqMdaOR/IZ4vdtJFuaFV8MpIE=
 github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3/go.mod h1:bJWSKrZyQvfTnb2OudyUjurSG4/edverV7n82+K3JiM=
 github.com/frankban/quicktest v1.0.0/go.mod h1:R98jIehRai+d1/3Hv2//jOVCTJhW1VBavT6B6CuGq2k=
@@ -259,8 +259,8 @@ github.com/replicatedhq/embedded-cluster-utils v1.0.0 h1:Axdni1nYfl5zeOP9g5U79yv
 github.com/replicatedhq/embedded-cluster-utils v1.0.0/go.mod h1:4JmMC2CwMCLxq05GEW3XSPPVotqyamAF/omrbB3pH+c=
 github.com/replicatedhq/kotskinds v0.0.0-20230724164735-f83482cc9cfe h1:3AJInd06UxzqHmgy8+24CPsT2tYSE0zToJZyuX9q+MA=
 github.com/replicatedhq/kotskinds v0.0.0-20230724164735-f83482cc9cfe/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I=
-github.com/replicatedhq/troubleshoot v0.92.0 h1:hi0uA/1lO7h8DPOwXqzXNC8g8h7bvVgu3n4gPU+VZ/4=
-github.com/replicatedhq/troubleshoot v0.92.0/go.mod h1:ZKwwgdoe9SQFNBAzkJGzslnKy2hN4o7gp36UMY54+Lw=
+github.com/replicatedhq/troubleshoot v0.92.1 h1:TjO/NGM/TZRim2chVbW2mGbVbyOZ/qV8KBeApJwdqUc=
+github.com/replicatedhq/troubleshoot v0.92.1/go.mod h1:aPdpP2+V8HCHt3V6ozdeAcMAifzOQqN1siQ5Pc5XY0w=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -489,8 +489,8 @@ k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
 k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
 k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=
 k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y=
-k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
-k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
 k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=

pkg/addons/adminconsole/adminconsole.go

@@ -13,6 +13,7 @@ import (
 	"github.com/k0sproject/k0s/pkg/apis/k0s/v1beta1"
 	"github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
 	"gopkg.in/yaml.v3"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -42,6 +43,7 @@ var (
 	ImageOverride           = ""
 	MigrationsImageOverride = ""
 	CounterRegex            = regexp.MustCompile(`(\d+)/(\d+)`)
+	Password                = ""
 )
 
 // protectedFields are helm values that are not overwritten when upgrading the addon.
@@ -64,6 +66,10 @@ var helmValues = map[string]interface{}{
 		"replicated.com/disaster-recovery":       "infra",
 		"replicated.com/disaster-recovery-chart": "kotsadm",
 	},
+	"passwordSecretRef": map[string]interface{}{
+		"name": "kotsadm-password",
+		"key":  "passwordBcrypt",
+	},
 }
 
 func init() {
@@ -160,31 +166,16 @@ func (a *AdminConsole) GetCurrentChartConfig() *v1beta1.Chart {
 	return nil
 }
 
-// addPasswordToHelmValues adds the adminconsole password to the helm values.
-func (a *AdminConsole) addPasswordToHelmValues() error {
-	curconfig := a.GetCurrentChartConfig()
-	if curconfig == nil {
-		pass, err := a.askPassword()
-		if err != nil {
-			return fmt.Errorf("unable to ask password: %w", err)
-		}
-		helmValues["password"] = pass
-		return nil
-	}
-	pass, err := getPasswordFromConfig(curconfig)
-	if err != nil {
-		return fmt.Errorf("unable to get password from current config: %w", err)
-	}
-	helmValues["password"] = pass
-	return nil
-}
-
 // GenerateHelmConfig generates the helm config for the adminconsole and writes the charts to
 // the disk.
 func (a *AdminConsole) GenerateHelmConfig(onlyDefaults bool) ([]v1beta1.Chart, []v1beta1.Repository, error) {
 	if !onlyDefaults {
-		if err := a.addPasswordToHelmValues(); err != nil {
-			return nil, nil, fmt.Errorf("unable to add password to helm values: %w", err)
+		if Password == "" {
+			var err error
+			Password, err = a.askPassword()
+			if err != nil {
+				return nil, nil, fmt.Errorf("unable to set kotsadm-password: %w", err)
+			}
 		}
 		helmValues["embeddedClusterID"] = metrics.ClusterID().String()
 		if a.airgapBundle != "" {
@@ -218,6 +209,10 @@ func (a *AdminConsole) Outro(ctx context.Context, cli client.Client) error {
 	loading.Infof("Waiting for Admin Console to deploy")
 	defer loading.Close()
 
+	if err := createKotsPasswordSecret(ctx, cli, a.namespace, Password); err != nil {
+		return fmt.Errorf("unable to create kots password secret: %w", err)
+	}
+
 	if a.airgapBundle != "" {
 		err := createRegistrySecret(ctx, cli, a.namespace)
 		if err != nil {
@@ -330,10 +325,47 @@ func createRegistrySecret(ctx context.Context, cli client.Client, namespace stri
 		},
 		Type: "kubernetes.io/dockerconfigjson",
 	}
+
 	err := cli.Create(ctx, &registryCreds)
 	if err != nil {
 		return fmt.Errorf("unable to create registry-auth secret: %w", err)
 	}
 
 	return nil
 }
+
+func createKotsPasswordSecret(ctx context.Context, cli client.Client, namespace string, password string) error {
+	if err := kubeutils.WaitForNamespace(ctx, cli, namespace); err != nil {
+		return err
+	}
+
+	passwordBcrypt, err := bcrypt.GenerateFromPassword([]byte(password), 10)
+	if err != nil {
+		return fmt.Errorf("unable to generate bcrypt from password: %w", err)
+	}
+
+	kotsPasswordSecret := corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: "v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "kotsadm-password",
+			Namespace: namespace,
+			Labels: map[string]string{
+				"kots.io/kotsadm":                  "true",
+				"replicated.com/disaster-recovery": "infra",
+			},
+		},
+		Data: map[string][]byte{
+			"passwordBcrypt": []byte(passwordBcrypt),
+		},
+	}
+
+	err = cli.Create(ctx, &kotsPasswordSecret)
+	if err != nil {
+		return fmt.Errorf("unable to create kotsadm-password secret: %w", err)
+	}
+
+	return nil
+}

pkg/addons/applier.go

@@ -6,16 +6,13 @@ package addons
 import (
 	"context"
 	"fmt"
-	"time"
-
 	"github.com/k0sproject/k0s/pkg/apis/k0s/v1beta1"
 	k0sconfig "github.com/k0sproject/k0s/pkg/apis/k0s/v1beta1"
 	embeddedclusterv1beta1 "github.com/replicatedhq/embedded-cluster-kinds/apis/v1beta1"
 	"github.com/replicatedhq/embedded-cluster-kinds/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
 	"github.com/sirupsen/logrus"
-	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole"
@@ -62,6 +59,15 @@ func (a *Applier) Outro(ctx context.Context) error {
 	if err != nil {
 		return fmt.Errorf("unable to load addons: %w", err)
 	}
+
+	errCh := kubeutils.WaitForKubernetes(ctx, kcli)
+	defer func() {
+		for len(errCh) > 0 {
+			err := <-errCh
+			logrus.Error(fmt.Errorf("infrastructure failed to become ready: %w", err))
+		}
+	}()
+
 	for _, addon := range addons {
 		if err := addon.Outro(ctx, kcli); err != nil {
 			return err
@@ -319,39 +325,6 @@ func (a *Applier) Versions(additionalCharts []v1beta1.Chart) (map[string]string,
 	return versions, nil
 }
 
-// waitForKubernetes waits until we manage to make a successful connection to the
-// Kubernetes API server.
-func (a *Applier) waitForKubernetes(ctx context.Context) error {
-	loading := spinner.Start()
-	defer func() {
-		loading.Closef("Kubernetes API server is ready")
-	}()
-	kcli, err := kubeutils.KubeClient()
-	if err != nil {
-		return fmt.Errorf("unable to create kubernetes client: %w", err)
-	}
-	ticker := time.NewTicker(3 * time.Second)
-	defer ticker.Stop()
-	counter := 1
-	loading.Infof("1/n Waiting for Kubernetes API server to be ready")
-	for {
-		select {
-		case <-ticker.C:
-		case <-ctx.Done():
-			return ctx.Err()
-		}
-		counter++
-		if err := kcli.List(ctx, &corev1.NamespaceList{}); err != nil {
-			loading.Infof(
-				"%d/n Waiting for Kubernetes API server to be ready.",
-				counter,
-			)
-			continue
-		}
-		return nil
-	}
-}
-
 func spinForInstallation(ctx context.Context, cli client.Client) error {
 	installSpin := spinner.Start()
 	installSpin.Infof("Waiting for additional components to be ready")