search

pravega / zookeeper-operator

Kubernetes Operator for Zookeeper
Apache License 2.0
364 stars 203 forks source link

Issue 585: Upgrade Zookeeper to version 3.7.2 #586

Closed pandoscas closed 8 months ago

pandoscas commented 8 months ago

Change log description

While running trivy to look for vulnerabilities in the latest 0.2.15 images, the report returned multiple CRITICAL CVEs in the zookeeper image that have been resolved in the latest stable 3.7.2.

Purpose of the change

Fixes #585.

What the code does

Upgrade version of Zookeeper to version 3.7.2

How to verify it

Build validation make build-zk-image runs succesfully

Tests executed ran make test


go test $(go list ./... | grep -v /vendor/ | grep -v /test/e2e) -race -coverprofile=coverage.txt -covermode=atomic
?       github.com/pravega/zookeeper-operator   [no test files]
?       github.com/pravega/zookeeper-operator/cmd/exporter  [no test files]
?       github.com/pravega/zookeeper-operator/pkg/controller/config [no test files]
?       github.com/pravega/zookeeper-operator/pkg/version   [no test files]
ok      github.com/pravega/zookeeper-operator/api/v1beta1   1.421s  coverage: 99.0% of statements
ok      github.com/pravega/zookeeper-operator/controllers   15.710s coverage: 78.3% of statements
ok      github.com/pravega/zookeeper-operator/pkg/utils 1.135s  coverage: 68.6% of statements
ok      github.com/pravega/zookeeper-operator/pkg/yamlexporter  1.093s  coverage: 72.2% of statements
ok      github.com/pravega/zookeeper-operator/pkg/zk    6.184s  coverage: 96.2% of statements
ran `make test-e2e-remote`
0. Started minikube
1. Pushed the built image to docker-hub (pandoscas/test-zk)
2. Modified `spec_util.go`

// NewDefaultCluster returns a cluster with an empty spec, which will be filled // with default values func NewDefaultCluster(namespace string) *api.ZookeeperCluster { return &api.ZookeeperCluster{ TypeMeta: metav1.TypeMeta{ Kind: "ZookeeperCluster", APIVersion: "zookeeper.pravega.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "zookeeper", Namespace: namespace, }, Spec: api.ZookeeperClusterSpec{ Image: api.ContainerImage{ Repository: "pandoscas/test-zk", Tag: "latest", }, }, } }

3. Ran the command `make test-e2e`

make test-e2e

Ran 8 of 8 Specs in 3481.537 seconds SUCCESS! -- 8 Passed | 0 Failed | 0 Pending | 0 Skipped --- PASS: TestAPIs (3481.54s) PASS

Type Reason Age From Message

Warning FailedScheduling 49s default-scheduler 0/1 nodes are available: pod has unbound immediate PersistentVolumeClaims. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.. Normal Scheduled 47s default-scheduler Successfully assigned default/zk1-0 to test-profile Normal Pulling 47s kubelet Pulling image "pandoscas/test-zk:latest" Normal Pulled 34s kubelet Successfully pulled image "pandoscas/test-zk:latest" in 13.038s (13.038s including waiting) Normal Created 33s kubelet Created container zookeeper Normal Started 33s kubelet Started container zookeeper



> Integration tests
Build my solution with the zookeeper-operator image.
anishakj commented 8 months ago

@pandoscas Please sign-off your commit

codecov[bot] commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (2c8bfec) 85.91% compared to head (51946ac) 85.91%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #586 +/- ## ======================================= Coverage 85.91% 85.91% ======================================= Files 12 12 Lines 1633 1633 ======================================= Hits 1403 1403 Misses 145 145 Partials 85 85 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

anishakj commented 8 months ago

@pandoscas Please sign-off your commit

Also please let us know have you done testing with the new zookeeper image

pandoscas commented 8 months ago

Updated with validations done.

anishakj commented 8 months ago

@pandoscas Could you please update version as 3.7.2 in Readme (https://github.com/pravega/zookeeper-operator/blob/master/README.md)

pandoscas commented 8 months ago

Hello I am commiting now the README, that was something I forgot to do when I submitted the commit. Apologies for the delay in the e2e validations but I am facing some issues on my local setup unrelated with the zookeeper-operator.

anishakj commented 8 months ago

Hello I am commiting now the README, that was something I forgot to do when I submitted the commit. Apologies for the delay in the e2e validations but I am facing some issues on my local setup unrelated with the zookeeper-operator.

I have ran the sanity with your changes

pandoscas commented 8 months ago

Updated README, and will also update the commit with the procedure for running the e2e testing.

anishakj commented 8 months ago

@pandoscas DCO check is failing, please sign-off the commit