hyperledger-bevel / bevel

An automation framework for rapidly and consistently deploying production-ready DLT platforms
https://hyperledger-bevel.readthedocs.io/en/latest/
Apache License 2.0
344 stars 715 forks source link

Spike: Update Ambassador to the latest stable version #761

Closed suvajit-sarkar closed 3 years ago

suvajit-sarkar commented 4 years ago

Description

As a developer I want to use the latest stable version of Ambassador to avoid any vulnerabilities and use the latest features.

How

  1. Make a list of all the (breaking) changes that occurred from v0.52 until v1.9.1
  2. Make changes to the code according to the created list and test Ambassador

Acceptance Criteria

  1. Have that latest version of Ambassador supported (which is 1.9.1).
  2. Test out of one component which uses Ambassador annotations.
jagpreetsinghsasan commented 4 years ago

https://github.com/hyperledger-labs/blockchain-automation-framework/issues/824 story status should be checked for, to confirm if UDP support is enabled in the latest ambassador version or not. If UDP support is there, we should upgrade ambassador to directly that version

ghost commented 3 years ago

For the complete changelog for Ambassador check: https://github.com/datawire/ambassador/blob/master/CHANGELOG.md

Most impacting changes from 0.52 to latest are:

ghost commented 3 years ago

During the upgrade from 0.52 to 1.9.1, we stumbled upon an issue where the secret could not be found. This happend due to the fact the the default namespace is not used for retrieving the secret, it looks in the service namespace.

ghost commented 3 years ago

824 story status should be checked for, to confirm if UDP support is enabled in the latest ambassador version or not.

If UDP support is there, we should upgrade ambassador to directly that version

I can't find any mention on UDP in the change log, we have decided to upgrade to the latest version.

ghost commented 3 years ago

Possible issue with searching for secret in namespace if ambassador version is higher then 1.8.

suvajit-sarkar commented 3 years ago

Spike outcome:

  1. Ambassador v1.9.1 would be used as upgraded version for BAF
  2. Ambassador v1.9.1 create CRDs which makes current BAF ambassador incompatible / not working until the CRDs are deleted, suggest approach is to use a separate cluster
  3. Ambassador v1.9.1 uses v2 annotations which expects to secret to be in the same namespace of the service to be annotated. So the TLS cert secret should be created in the same namespace not in the default

Stories and Next Steps

  1. Install Ambassador v1.9.1 using BAF shared code #1285
  2. Update the annotations for BAF HL Besu ( includes changing secret namespace) #1286
  3. Further DLT annotation upgrading issues needs to be create