From 2e3da8e5c3bb9dec6a4a83bfbef93559a5f17d9f Mon Sep 17 00:00:00 2001 From: Filippe Spolti Date: Thu, 23 Nov 2023 19:27:22 -0300 Subject: [PATCH 01/11] chore(deps): Upgrade opentelemetry/http and k8s.io/apimachinery (#459) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix the following CVEs: - [CVE-2023-37788] github.com/elazarl/goproxy Denial of Service (DoS) - [CVE-2022-21698, CVE-2023-45142] Allocation of Resources Without Limits or Throttling ----- Signed-off-by: Spolti --- go.mod | 14 ++++++++-- go.sum | 85 +++++++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 76 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index ce63040a..86d21415 100644 --- a/go.mod +++ b/go.mod @@ -126,5 +126,15 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) -// Update Go Networking to avoid CVE-2023-44487 and CVE-2023-39325 -replace golang.org/x/net => golang.org/x/net v0.17.0 +replace ( + // Fixes CVE-2022-21698 and CVE-2023-45142 + // this dependency comes from k8s.io/component-base@v0.26.4 and k8s.io/apiextensions-apiserver@v0.26.4 + // before removing it make sure that the next version of the related k8s dependencies contains the fix + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 + // Update Go Networking to avoid CVE-2023-44487 and CVE-2023-39325 + golang.org/x/net => golang.org/x/net v0.17.0 + // remove when upgrade to controller-runtime 0.15.x or apimachinery to 0.27.x + // Fixes github.com/elazarl/goproxy Denial of Service (DoS) + // This dependency was removed from apimachinery 0.27.0 + k8s.io/apimachinery => k8s.io/apimachinery v0.27.0 +) diff --git a/go.sum b/go.sum index 96187b9e..af7c4b61 100644 --- a/go.sum +++ b/go.sum @@ -77,6 +77,7 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNg github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.44.264 h1:5klL62ebn6uv3oJ0ixF7K12hKItj8lV3QqWeQPlkFSs= @@ -135,14 +136,12 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -158,6 +157,7 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= @@ -193,6 +193,7 @@ github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU= @@ -218,6 +219,7 @@ github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3Hfo github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= @@ -295,6 +297,7 @@ github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Z github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -306,6 +309,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= @@ -383,7 +387,6 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -406,6 +409,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= @@ -462,7 +466,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= @@ -472,22 +475,39 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= +github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= +github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= +github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= +github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= +github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= +github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= +github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= +github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= +github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= +github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw= +github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= +github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -541,6 +561,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -606,6 +627,7 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1: github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -664,6 +686,7 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -698,8 +721,12 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= @@ -761,7 +788,6 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -770,30 +796,42 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -803,6 +841,7 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -845,6 +884,7 @@ golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -852,8 +892,12 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -941,19 +985,19 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI= @@ -994,12 +1038,8 @@ k8s.io/api v0.26.4/go.mod h1:WwKEXU3R1rgCZ77AYa7DFksd9/BAIKyOmRlbVxgvjCk= k8s.io/apiextensions-apiserver v0.19.2/go.mod h1:EYNjpqIAvNZe+svXVx9j4uBaVhTB4C94HkY3w058qcg= k8s.io/apiextensions-apiserver v0.26.4 h1:9D2RTxYGxrG5uYg6D7QZRcykXvavBvcA59j5kTaedQI= k8s.io/apiextensions-apiserver v0.26.4/go.mod h1:cd4uGFGIgzEqUghWpRsr9KE8j2KNTjY8Ji8pnMMazyw= -k8s.io/apimachinery v0.15.7/go.mod h1:Xc10RHc1U+F/e9GCloJ8QAeCGevSVP5xhOhqlE+e1kM= -k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= -k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= -k8s.io/apimachinery v0.26.4 h1:rZccKdBLg9vP6J09JD+z8Yr99Ce8gk3Lbi9TCx05Jzs= -k8s.io/apimachinery v0.26.4/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/apimachinery v0.27.0 h1:vEyy/PVMbPMCPutrssCVHCf0JNZ0Px+YqPi82K2ALlk= +k8s.io/apimachinery v0.27.0/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM= k8s.io/apiserver v0.19.2/go.mod h1:FreAq0bJ2vtZFj9Ago/X0oNGC51GfubKK/ViOKfVAOA= k8s.io/client-go v0.15.7/go.mod h1:QMNB76d3lKPvPQdOOnnxUF693C3hnCzUbC2umg70pWA= k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA= @@ -1013,6 +1053,7 @@ k8s.io/component-base v0.26.4/go.mod h1:lTuWL1Xz/a4e80gmIC3YZG2JCO4xNwtKWHJWeJms k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= @@ -1020,18 +1061,21 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20200204173128-addea2498afe/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= +k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo= k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ= k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0= k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/networking v0.0.0-20230511122402-33636d99d870 h1:OmpaXjgdpF6GNW5S6OV6JN19gbiDCzfkEQQb9TQp9gU= @@ -1051,7 +1095,6 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= From bba0cec8ca8c6c6f19958696f39b27b5b49cadd8 Mon Sep 17 00:00:00 2001 From: Rafael Vasquez Date: Fri, 24 Nov 2023 16:09:00 -0500 Subject: [PATCH 02/11] docs: Clarify TLS setup instructions (#457) Signed-off-by: Rafael Vasquez --- docs/configuration/tls.md | 190 ++++++++++++++++++++++---------------- 1 file changed, 112 insertions(+), 78 deletions(-) diff --git a/docs/configuration/tls.md b/docs/configuration/tls.md index 492db227..1a4ec916 100644 --- a/docs/configuration/tls.md +++ b/docs/configuration/tls.md @@ -4,120 +4,154 @@ TLS can be configured via the `tls.secretName` and `tls.clientAuth` parameters o When TLS is enabled for the external inferencing interface, all of the ModelMesh Serving internal (intra-Pod) communication will be secured using the same certificates. The internal links will use mutual TLS regardless of whether client authentication is required for the external connections. -There are various ways to generate TLS certificates, below are steps on how to do this using OpenSSL or CertManager. +There are various ways to generate TLS certificates. Below are steps on how to do this using OpenSSL or CertManager. ## Generating TLS Certificates for Dev/Test using OpenSSL -To create a SAN key/cert for TLS, use command: +First, define the variables that will be used in the commands below. Change the values to suit your environment: ```shell -openssl req -x509 -newkey rsa:4096 -sha256 -days 3560 -nodes -keyout example.key -out example.crt -subj '/CN=modelmesh-serving' -extensions san -config openssl-san.config +NAMESPACE="modelmesh-serving" # the controller namespace where ModelMesh Serving was deployed +SECRET_NAME="modelmesh-certificate" ``` -Where the contents of `openssl-san.config` look like: +Create an OpenSSL configuration file named `openssl-san.config`: -``` +```shell +cat > openssl-san.config << EOF [ req ] distinguished_name = req [ san ] subjectAltName = DNS:modelmesh-serving.${NAMESPACE},DNS:localhost,IP:0.0.0.0 +EOF +``` + +Use the following command to create a SAN key/cert: + +```shell +openssl req -x509 -newkey rsa:4096 -sha256 -days 3560 -nodes \ + -keyout server.key \ + -out server.crt \ + -subj "/CN=${NAMESPACE}" \ + -extensions san \ + -config openssl-san.config ``` -With the generated key/cert, create a kube secret with contents like: +From there, you can create a secret using the generated certificate and key: -```yaml +```shell +kubectl apply -f - < - tls.key: - ca.crt: + tls.crt: $(cat server.crt) + tls.key: $(cat server.key) + ca.crt: $(cat server.crt) +EOF ``` -For basic TLS, only the fields `tls.crt` and `tls.key` are needed in the kube secret. For mutual TLS, add `ca.crt` in the kube secret and set the configuration `tls.clientAuth` to `require` in the ConfigMap `model-serving-config`. - -## Creating TLS Certificates using CertManager +**Note:** For basic TLS, only the fields `tls.crt` and `tls.key` are required. For mutual TLS, `ca.crt` should be included and `tls.clientAuth` should be set to `require` in the [`model-serving-config` ConfigMap](./README.md). -1. If necessary, install `cert-manager` in the cluster - follow the steps here: https://cert-manager.io/docs/installation/. +Alternatively, you can create this secret imperatively using: -2. Create an `Issuer` CR - - kubectl apply -f - < ca.crt + ```shell + kubectl get secret ${SECRET_NAME} -o jsonpath="{.data.ca\.crt}" > ca.crt + ``` From 6c86da9473d50de63f9ea3af8a4d7c223849547e Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Fri, 29 Dec 2023 19:42:30 -0800 Subject: [PATCH 03/11] chore: Update golang.org/x/crypto to v0.17.0 (#467) To address security vulnerabilities: - CVE-2022-27191 - CVE-2021-43565 - CVE-2020-29652 - CVE-2023-48795 --------- Signed-off-by: Christian Kadner --- .golangci.yaml | 5 +---- .pre-commit-config.yaml | 2 +- go.mod | 8 +++++--- go.sum | 36 ++++++++---------------------------- 4 files changed, 15 insertions(+), 36 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 0db2b287..f325056a 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -93,16 +93,13 @@ linters: fast: false enable: # These are the defaults for golangci-lint - - deadcode - errcheck - gosimple - govet - ineffassign - staticcheck - - structcheck - typecheck - unused - - varcheck # Also enable these - goconst @@ -248,7 +245,7 @@ issues: - lll source: "^//go:generate " - # Independently from option `exclude` we use default exclude patterns, + # Independent of option `exclude` we use default exclude patterns, # it can be disabled by this option. To list all # excluded by default patterns execute `golangci-lint run --help`. # Default value for this option is true. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6b039d1f..b05f93f7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,7 +13,7 @@ # limitations under the License. repos: - repo: https://github.com/golangci/golangci-lint - rev: v1.48.0 + rev: v1.51.2 hooks: - id: golangci-lint - repo: https://github.com/pre-commit/mirrors-prettier diff --git a/go.mod b/go.mod index 86d21415..71c8c1dd 100644 --- a/go.mod +++ b/go.mod @@ -101,9 +101,9 @@ require ( golang.org/x/crypto v0.14.0 // indirect golang.org/x/net v0.14.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.9.1 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect @@ -131,6 +131,8 @@ replace ( // this dependency comes from k8s.io/component-base@v0.26.4 and k8s.io/apiextensions-apiserver@v0.26.4 // before removing it make sure that the next version of the related k8s dependencies contains the fix go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 + // Update Go Crypto to avoid CVE-2022-27191, CVE-2021-43565, CVE-2020-29652, CVE-2023-48795 + golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Update Go Networking to avoid CVE-2023-44487 and CVE-2023-39325 golang.org/x/net => golang.org/x/net v0.17.0 // remove when upgrade to controller-runtime 0.15.x or apimachinery to 0.27.x diff --git a/go.sum b/go.sum index af7c4b61..9a5086b4 100644 --- a/go.sum +++ b/go.sum @@ -670,25 +670,8 @@ go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -772,7 +755,6 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -795,7 +777,6 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -809,14 +790,13 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -824,7 +804,6 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -832,8 +811,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From fc40dee44927f2b1ab26ce225969b3bc4b77b55d Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Tue, 9 Jan 2024 13:06:44 -0800 Subject: [PATCH 04/11] chore: Update to Go 1.20, kserve v0.11.2 (#470) Updating dependencies for the v0.11.2 release: - Go: 1.19 -> 1.20 - UBI: 8.7 -> 8.9 - OCP: 4.9 -> 4.12 - kserve: v0.11.1 -> v0.11.2 - K8s: 1.23 -> 1.26 --- Signed-off-by: Christian Kadner --- .github/workflows/fvt-base.yml | 2 +- Dockerfile | 2 +- Dockerfile.develop | 6 +++--- .../crd/bases/serving.kserve.io_clusterservingruntimes.yaml | 2 +- config/crd/bases/serving.kserve.io_inferenceservices.yaml | 2 +- config/crd/bases/serving.kserve.io_servingruntimes.yaml | 2 +- go.mod | 6 +++--- go.sum | 4 ++-- scripts/deploy/iks/test-fvt.sh | 4 ++-- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/fvt-base.yml b/.github/workflows/fvt-base.yml index 472e9ed2..2707fcb8 100644 --- a/.github/workflows/fvt-base.yml +++ b/.github/workflows/fvt-base.yml @@ -38,7 +38,7 @@ jobs: - name: Setup go uses: actions/setup-go@v4 with: - go-version: '1.19' + go-version: '1.20' - name: Start Minikube uses: medyagh/setup-minikube@v0.0.13 diff --git a/Dockerfile b/Dockerfile index c9dd0c7b..b8335857 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,7 +46,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ ############################################################################### # Stage 2: Copy build assets to create the smallest final runtime image ############################################################################### -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 AS runtime +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 AS runtime ARG USER=2000 ARG IMAGE_VERSION diff --git a/Dockerfile.develop b/Dockerfile.develop index 46ee1356..bdd425bf 100644 --- a/Dockerfile.develop +++ b/Dockerfile.develop @@ -15,7 +15,7 @@ ############################################################################### # Create the develop, test, and build environment ############################################################################### -FROM registry.access.redhat.com/ubi8/go-toolset:1.19 +FROM registry.access.redhat.com/ubi8/go-toolset:1.20 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope # don't provide "default" values (e.g. 'ARG TARGETARCH=amd64') for non-buildx environments, @@ -23,7 +23,7 @@ FROM registry.access.redhat.com/ubi8/go-toolset:1.19 ARG TARGETOS ARG TARGETARCH -ARG OPENSHIFT_VERSION=4.9 +ARG OPENSHIFT_VERSION=4.12 ARG KUSTOMIZE_VERSION=4.5.2 ARG KUBEBUILDER_VERSION=v3.11.0 ARG CONTROLLER_GEN_VERSION=v0.11.4 @@ -110,7 +110,7 @@ RUN true \ # Use setup-envtest for kubebuilder to use K8s version 1.23+ for autoscaling/v2 (HPA) RUN true \ && go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest \ - && setup-envtest use 1.23 \ + && setup-envtest use 1.26 \ && true # For GitHub Action 'lint', work around error "detected dubious ownership in repository at '/workspace'" diff --git a/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml b/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml index 2b434b83..425a60b0 100644 --- a/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml +++ b/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_clusterservingruntimes.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_clusterservingruntimes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/bases/serving.kserve.io_inferenceservices.yaml b/config/crd/bases/serving.kserve.io_inferenceservices.yaml index d572d99c..9b981900 100644 --- a/config/crd/bases/serving.kserve.io_inferenceservices.yaml +++ b/config/crd/bases/serving.kserve.io_inferenceservices.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_inferenceservices.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_inferenceservices.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/bases/serving.kserve.io_servingruntimes.yaml b/config/crd/bases/serving.kserve.io_servingruntimes.yaml index 68083880..edf8d26b 100644 --- a/config/crd/bases/serving.kserve.io_servingruntimes.yaml +++ b/config/crd/bases/serving.kserve.io_servingruntimes.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_servingruntimes.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_servingruntimes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/go.mod b/go.mod index 71c8c1dd..a81ee15e 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,13 @@ module github.com/kserve/modelmesh-serving -go 1.19 +go 1.20 require ( github.com/dereklstinson/cifar v0.0.0-20200421171932-5722a3b6a0c7 github.com/go-logr/logr v1.2.4 github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 - github.com/kserve/kserve v0.11.1 + github.com/kserve/kserve v0.11.2 github.com/manifestival/controller-runtime-client v0.4.0 github.com/manifestival/manifestival v0.7.1 github.com/moverest/mnist v0.0.0-20160628192128-ec5d9d203b59 @@ -99,7 +99,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sys v0.15.0 // indirect golang.org/x/term v0.15.0 // indirect diff --git a/go.sum b/go.sum index 9a5086b4..d4149aa7 100644 --- a/go.sum +++ b/go.sum @@ -416,8 +416,8 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kserve/kserve v0.11.1 h1:3gh2mmCkw2tbzhbN2zKKxtqDjt71V1K2MwpaiXF4KJI= -github.com/kserve/kserve v0.11.1/go.mod h1:qCEKO7gXwWm8sx4LGrKHYjK+SKVWQ35gAEVaE1a0Wug= +github.com/kserve/kserve v0.11.2 h1:ZYwj3/04JrwIiqIrVjPhcX5umHFj3gHAhbtghfseoPo= +github.com/kserve/kserve v0.11.2/go.mod h1:x44/b0J4y8kqNUuxcHP386jN3BAk5DRoLvhebnF+VP8= github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4= github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= diff --git a/scripts/deploy/iks/test-fvt.sh b/scripts/deploy/iks/test-fvt.sh index 5dd14ef4..27025d82 100644 --- a/scripts/deploy/iks/test-fvt.sh +++ b/scripts/deploy/iks/test-fvt.sh @@ -41,8 +41,8 @@ run_fvt() { export KUBECONFIG=~/.kube/config rm -rf /usr/local/go - wget https://go.dev/dl/go1.19.9.linux-amd64.tar.gz - tar -C /usr/local -xzf go1.19.9.linux-amd64.tar.gz + wget https://go.dev/dl/go1.20.4.linux-amd64.tar.gz + tar -C /usr/local -xzf go1.20.4.linux-amd64.tar.gz go install github.com/onsi/ginkgo/v2/ginkgo export PATH=/root/go/bin/:$PATH From 739770c450e104d046cbb8866572e57ff24dc9d1 Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Tue, 9 Jan 2024 13:18:09 -0800 Subject: [PATCH 05/11] docs: Update release-process.md (#466) - Add paragraph on security fixes - Clarify release branch requirement - Correct repo links - Show linting changes --------- Signed-off-by: Christian Kadner --- docs/release-process.md | 22 ++++++++++++++++++++-- scripts/fmt.sh | 1 + 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/release-process.md b/docs/release-process.md index 203efebe..1878f6c8 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -17,6 +17,15 @@ on the [`#kserve` Kubeflow Slack channel](https://kubeflow.slack.com/archives/CH Before starting the actual release process, make sure that the features and bug fixes that were designated to be part of the release are completed and fully tested. +Check the _Security_ tab for each of the ModelMesh repositories and make sure all +outstanding vulnerabilities were addressed: + +- [ ] [`modelmesh`](https://github.com/kserve/modelmesh/security) +- [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/security) +- [ ] [`modelmesh-runtime-adapter`](https://github.com/kserve/modelmesh-runtime-adapter/security) +- [ ] [`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/security) +- [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/security) + Update the `go` dependency to `github.com/kserve/kserve` in `go.mod` and run `go mod tidy`. Since the KServe and ModelMesh releases are aligned, there should already be a `v...-rc0` (or `-rc1`) of KServe before the ModelMesh release process @@ -32,6 +41,8 @@ latest pre-release version: - [ ] `config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml` - [ ] `config/crd/bases/serving.kserve.io_servingruntimes.yaml` +These changes should be committed to `main`, before creating a release branch. + ## Create Release Branches A release branch should be substantially _feature complete_ with respect to the @@ -53,7 +64,7 @@ Release branches serve several purposes: particular release stream (e.g., producing a `v0.6.1` from `release-0.6`), when appropriate. -These 5 repositories need a (new) `release-*` branch: +Create a (new) `release-*` branch in these 5 repositories: - [ ] [`modelmesh`](https://github.com/kserve/modelmesh/branches) - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/branches) @@ -61,6 +72,13 @@ These 5 repositories need a (new) `release-*` branch: - [ ] [`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/branches) - [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/branches) +**Note**: Technically, it is only _required_ to create a release branch in the +[`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/branches) repository, +where configuration files have to be modified with specific image tags corresponding +to the new release being drafted. For the remaining repositories, a dedicated release +branch can be created from the release tag at a later time, should the need arise to +fix/patch a previous release. + ## Update Release Tags It's generally a good idea to search the entire repo for strings of the old version @@ -81,7 +99,7 @@ with KServe. 1. Create new (pre-)release tags (`v...-rc0`) in these repositories: - [ ] [`modelmesh`](https://github.com/kserve/modelmesh/releases) - - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-runtime-adapter/releases) + - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/releases) - [ ] [`modelmesh-runtime-adapter`](https://github.com/kserve/modelmesh-runtime-adapter/releases) - [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/releases) diff --git a/scripts/fmt.sh b/scripts/fmt.sh index cb87320b..2d7c77e4 100755 --- a/scripts/fmt.sh +++ b/scripts/fmt.sh @@ -44,6 +44,7 @@ elif [ "$RETURN_CODE" -ne 0 ]; then echoError 'fail, but may automatically format some files. Stage the changed files and' echoError 'manually correct any other issues before committing and building again.' fi + git diff -R --ws-error-highlight=all --color --exit-code fi exit $RETURN_CODE From 01a82687d81f7f852d69114905645fb8de20fcab Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Tue, 9 Jan 2024 18:08:57 -0800 Subject: [PATCH 06/11] Update fvt toolchain (#463) (#464) Updating the E2E and performance test toolchain running nightly on IKS --------- Signed-off-by: Christian Kadner --- .dockerignore | 13 +++++++ .pre-commit-config.yaml | 6 +++ .tekton/listener.yaml | 11 +----- .tekton/pipeline.yaml | 14 +------ .tekton/task.yaml | 39 ++++++------------- Dockerfile | 5 +++ Dockerfile.develop | 5 +++ controllers/suite_test.go | 15 ------- .../inferenceservice_registry.go | 28 +++++++------ scripts/deploy/iks/build-image-dind.sh | 16 +++++--- scripts/deploy/iks/deploy-mm-serving.sh | 4 +- scripts/deploy/iks/run-perf-test.sh | 2 +- scripts/deploy/iks/run-setup.sh | 10 +---- scripts/deploy/iks/test-fvt.sh | 8 ++-- scripts/deploy/iks/undeploy-mm-serving.sh | 4 +- scripts/fmt.sh | 8 ++++ 16 files changed, 82 insertions(+), 106 deletions(-) diff --git a/.dockerignore b/.dockerignore index 4c49bd78..bc978290 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,14 @@ +.DS_Store +.dev +.dockerignore .env +.github +.idea +.pre-commit.log +.tekton +.vscode +Dockerfile +devbuild +docs +fvt +temp diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b05f93f7..21ced579 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,6 +16,11 @@ repos: rev: v1.51.2 hooks: - id: golangci-lint + entry: golangci-lint run + exclude: ^(generated/) + args: + - --skip-dirs='^(generated/)' + log_file: .pre-commit.log - repo: https://github.com/pre-commit/mirrors-prettier rev: v2.4.1 hooks: @@ -23,3 +28,4 @@ repos: exclude: ^(.github/|.tekton/) args: - --no-bracket-spacing + log_file: .pre-commit.log diff --git a/.tekton/listener.yaml b/.tekton/listener.yaml index 946dcbd6..f5a58a59 100644 --- a/.tekton/listener.yaml +++ b/.tekton/listener.yaml @@ -17,14 +17,9 @@ spec: - name: region description: the ibmcloud registry region default: us-south - - name: org - description: organization - - name: space - description: space - default: dev - name: resource-group description: resource group - default: default + default: Default - name: docker-username description: ibm container registry username default: iamapikey @@ -112,10 +107,6 @@ spec: value: $(params.dockersandbox-namespace) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - - name: space - value: $(params.space) - name: kubernetes-cluster value: $(params.kubernetes-cluster) - name: serving-ns diff --git a/.tekton/pipeline.yaml b/.tekton/pipeline.yaml index 2aaca8b4..80f65f90 100644 --- a/.tekton/pipeline.yaml +++ b/.tekton/pipeline.yaml @@ -32,13 +32,9 @@ spec: description: dockersandbox namespace - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space - name: serving-ns description: modelmesh serving namespace default: modelmesh-serving @@ -80,12 +76,8 @@ spec: value: $(params.docker-password) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - name: region value: $(params.region) - - name: space - value: $(params.space) workspaces: - name: task-pvc workspace: pipeline-pvc @@ -260,12 +252,8 @@ spec: value: $(params.serving-ns) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - name: region value: $(params.region) - - name: space - value: $(params.space) - name: test-commands value: | kubectl get ns diff --git a/.tekton/task.yaml b/.tekton/task.yaml index 6f36cd83..65e4c71a 100644 --- a/.tekton/task.yaml +++ b/.tekton/task.yaml @@ -20,13 +20,10 @@ spec: description: iam api key - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space + default: us-south - name: archive-dir description: archive directory default: "." @@ -35,7 +32,7 @@ spec: mountPath: /artifacts steps: - name: run-setup-script - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -47,10 +44,6 @@ spec: value: $(params.repository) - name: REGION value: $(params.region) - - name: ORG - value: $(params.org) - - name: SPACE - value: $(params.space) - name: RESOURCE_GROUP value: $(params.resource-group) - name: GIT_BRANCH @@ -116,13 +109,12 @@ spec: description: docker sandbox namespace - name: publish-tag description: image publish tag - workspaces: - name: task-pvc mountPath: /artifacts steps: - name: process-image - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -243,7 +235,7 @@ spec: mountPath: /artifacts steps: - name: deploy-modelmesh-serving - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -295,7 +287,7 @@ spec: mountPath: /artifacts steps: - name: run-test - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: IBM_CLOUD_API_KEY value: $(params.apikey) @@ -347,7 +339,7 @@ spec: mountPath: /artifacts steps: - name: run-performance-test - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: SERVING_KUBERNETES_CLUSTER_NAME value: $(params.kubernetes-cluster) @@ -384,7 +376,7 @@ spec: mountPath: /artifacts steps: - name: undeploy-modelmesh-serving - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: SERVING_KUBERNETES_CLUSTER_NAME value: $(params.kubernetes-cluster) @@ -415,13 +407,10 @@ spec: default: kubeflow - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space + default: us-south - name: archive-dir description: archive directory default: "." @@ -433,7 +422,7 @@ spec: mountPath: /artifacts steps: - name: run-cleanup-script - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: IBM_CLOUD_API_KEY value: $(params.apikey) @@ -445,10 +434,6 @@ spec: value: $(params.serving-ns) - name: REGION value: $(params.region) - - name: ORG - value: $(params.org) - - name: SPACE - value: $(params.space) - name: RESOURCE_GROUP value: $(params.resource-group) - name: PIPELINE_URL @@ -481,7 +466,7 @@ spec: # Set up kubernetes config retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region - retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" + retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" $(params.test-commands) diff --git a/Dockerfile b/Dockerfile index b8335857..3ef1be91 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1.3 + # Copyright 2021 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable multi-arch build with mount option +# see https://hub.docker.com/r/docker/dockerfile (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0) + ############################################################################### # Stage 1: Run the go build with go compiler native to the build platform # https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/ diff --git a/Dockerfile.develop b/Dockerfile.develop index bdd425bf..5f02b696 100644 --- a/Dockerfile.develop +++ b/Dockerfile.develop @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1.3 + # Copyright 2021 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable multi-arch build with mount option +# see https://hub.docker.com/r/docker/dockerfile (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0) + ############################################################################### # Create the develop, test, and build environment ############################################################################### diff --git a/controllers/suite_test.go b/controllers/suite_test.go index e090467b..39075a83 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -11,21 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ package controllers diff --git a/pkg/predictor_source/inferenceservice_registry.go b/pkg/predictor_source/inferenceservice_registry.go index 726b6784..3c8bc21c 100644 --- a/pkg/predictor_source/inferenceservice_registry.go +++ b/pkg/predictor_source/inferenceservice_registry.go @@ -1,18 +1,16 @@ -/* -Copyright 2021 IBM Corporation - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// Copyright 2021 IBM Corporation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package predictor_source diff --git a/scripts/deploy/iks/build-image-dind.sh b/scripts/deploy/iks/build-image-dind.sh index 7248ad74..4b39f2bc 100644 --- a/scripts/deploy/iks/build-image-dind.sh +++ b/scripts/deploy/iks/build-image-dind.sh @@ -13,17 +13,15 @@ set -xe # The following envs could be loaded from `build.properties` that # `run-setup.sh` generates. # - REGION: cloud region (us-south as default) -# - ORG: target organization (dev-advo as default) -# - SPACE: target space (dev as default) # - GIT_BRANCH: git branch # - GIT_COMMIT: git commit hash # - GIT_COMMIT_SHORT: git commit hash short REGION=${REGION:-"us-south"} -ORG=${ORG:-"dev-advo"} -SPACE=${SPACE:-"dev"} RUN_TASK=${RUN_TASK:-"build"} +export DOCKER_BUILDKIT=1 + retry() { local max=$1; shift local interval=$1; shift @@ -39,19 +37,25 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" + ###################################################################################### # Build image # ###################################################################################### build_image() { - echo "=======================Build modelmesh controller image=======================" + echo "=======================Build ModelMesh controller image=======================" # Will build develop and then runtime images. + docker version + # docker pull docker/dockerfile:experimental # syntax=docker/dockerfile:experimental + docker pull docker/dockerfile:1.3 # syntax=docker/dockerfile:1.3 + echo "==============================Build dev image ================================" make build.develop docker images docker inspect "kserve/modelmesh-controller-develop:latest" + echo "==========================Build runtime image ================================" make build docker images diff --git a/scripts/deploy/iks/deploy-mm-serving.sh b/scripts/deploy/iks/deploy-mm-serving.sh index 7f7627b9..2e4cec84 100644 --- a/scripts/deploy/iks/deploy-mm-serving.sh +++ b/scripts/deploy/iks/deploy-mm-serving.sh @@ -18,8 +18,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -46,7 +44,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" kubectl create ns "$SERVING_NS" diff --git a/scripts/deploy/iks/run-perf-test.sh b/scripts/deploy/iks/run-perf-test.sh index c9616489..374676fe 100755 --- a/scripts/deploy/iks/run-perf-test.sh +++ b/scripts/deploy/iks/run-perf-test.sh @@ -23,7 +23,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" kubectl config set-context --current --namespace=${SERVING_NS} diff --git a/scripts/deploy/iks/run-setup.sh b/scripts/deploy/iks/run-setup.sh index 67798f01..90f7dd85 100644 --- a/scripts/deploy/iks/run-setup.sh +++ b/scripts/deploy/iks/run-setup.sh @@ -5,13 +5,9 @@ set -xe # Environment variables needed by this script: # - REGION: cloud region (us-south as default) -# - ORG: target organization (dev-advo as default) -# - SPACE: target space (dev as default) REGION=${REGION:-"us-south"} -ORG=${ORG:-"dev-advo"} -SPACE=${SPACE:-"dev"} -RESOURCE_GROUP=${RESOURCE_GROUP:-"default"} +RESOURCE_GROUP=${RESOURCE_GROUP:-"Default"} GIT_COMMIT_SHORT=$(git log -n1 --format=format:"%h") # Git repo cloned at $WORKING_DIR, copy into $ARCHIVE_DIR and @@ -33,8 +29,6 @@ fi echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "BUILD_NUMBER=${BUILD_NUMBER}" echo "REGION=${REGION}" - echo "ORG=${ORG}" - echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" } >> "${ARCHIVE_DIR}/build.properties" -grep -v -i password "${ARCHIVE_DIR}/build.properties" \ No newline at end of file +grep -v -i password "${ARCHIVE_DIR}/build.properties" diff --git a/scripts/deploy/iks/test-fvt.sh b/scripts/deploy/iks/test-fvt.sh index 27025d82..4b7e84b3 100644 --- a/scripts/deploy/iks/test-fvt.sh +++ b/scripts/deploy/iks/test-fvt.sh @@ -10,8 +10,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -49,12 +47,12 @@ run_fvt() { export NAMESPACE=${SERVING_NS} export NAMESPACESCOPEMODE=false - ginkgo -v --progress --fail-fast -p fvt/predictor fvt/scaleToZero --timeout 40m > fvt.out + ginkgo -v --procs=2 --compilers=2 --keep-going fvt/predictor fvt/scaleToZero fvt/storage fvt/hpa --timeout=50m --flake-attempts=3 > fvt.out cat fvt.out if [[ $(grep "Test Suite Passed" fvt.out) ]]; then export NAMESPACE="modelmesh-user" - ginkgo -v --progress --fail-fast -p fvt/predictor fvt/scaleToZero --timeout 40m > fvt.out + ginkgo -v --procs=2 --compilers=2 --keep-going fvt/predictor fvt/scaleToZero fvt/storage fvt/hpa --timeout=50m --flake-attempts=3 > fvt.out cat fvt.out if [[ $(grep "Test Suite Passed" fvt.out) ]]; then REV=0 @@ -65,7 +63,7 @@ run_fvt() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" RESULT=0 diff --git a/scripts/deploy/iks/undeploy-mm-serving.sh b/scripts/deploy/iks/undeploy-mm-serving.sh index 843b7f6e..8156bf4e 100644 --- a/scripts/deploy/iks/undeploy-mm-serving.sh +++ b/scripts/deploy/iks/undeploy-mm-serving.sh @@ -14,8 +14,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -37,7 +35,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" # Update kustomize diff --git a/scripts/fmt.sh b/scripts/fmt.sh index 2d7c77e4..f8d7ac6c 100755 --- a/scripts/fmt.sh +++ b/scripts/fmt.sh @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License.# +if [ -f .pre-commit.log ]; then + rm -f .pre-commit.log +fi + pre-commit run --all-files RETURN_CODE=$? @@ -35,6 +39,10 @@ if [ $RETURN_CODE -eq 127 ]; then echoError 'how to set up your dev environment. This will automatically format' echoError 'your code when you make a new commit.' elif [ "$RETURN_CODE" -ne 0 ]; then + # cat this file for helping on identifying the root cause when some issue happens + if [ -f .pre-commit.log ]; then + cat .pre-commit.log + fi if [ "${CI}" != "true" ]; then echoError 'Pre-commit linter failed, but it may have automatically formatted your files.' echoError 'Check your changed files and/or manually fix the errors above then stage and commit.' From 9002254e14a3c78030f74f6b90b0bd42fbf4028d Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Tue, 9 Jan 2024 21:51:35 -0800 Subject: [PATCH 07/11] docs: Update release-process.md Signed-off-by: Christian Kadner --- docs/release-process.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/release-process.md b/docs/release-process.md index 1878f6c8..9081085d 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -127,8 +127,9 @@ with KServe. The version tags should be updated in the following files: - - [ ] `.github/workflows/fvt.yml`: + - [ ] `.github/workflows/fvt-base.yml`: - [ ] `docker pull kserve/modelmesh:v...` + - [ ] `docker pull kserve/modelmesh-minio-examples:v...` - [ ] `docker pull kserve/modelmesh-minio-dev-examples:v...` - [ ] `docker pull kserve/modelmesh-runtime-adapter:v...` - [ ] `docker pull kserve/rest-proxy:v...` @@ -136,10 +137,17 @@ with KServe. - [ ] `kserve/modelmesh` - [ ] `kserve/rest-proxy` - [ ] `kserve/modelmesh-runtime-adapter` + - [ ] `config/dependencies/fvt.yaml`: + - [ ] `image: kserve/modelmesh-minio-dev-examples:v...` + - [ ] `image: kserve/modelmesh-minio-examples:v...` - [ ] `config/dependencies/quickstart.yaml`: - - [ ] `kserve/modelmesh-minio-examples` - - [ ] `config/manager/kustomization.yaml`: edit the `newTag` - - [ ] `docs/component-versions.md`: update the version and component versions + - [ ] `image: kserve/modelmesh-minio-examples:v...` + - [ ] `config/manager/kustomization.yaml`: update the `newTag` to `v...` + - [ ] `docs/component-versions.md`: update tags and repo links + - [ ] ModelMesh Serving release + - [ ] ModelMesh + - [ ] ModelMesh Runtime Adapter + - [ ] REST Proxy - [ ] `docs/install/install-script.md`: update the `RELEASE` variable in the `Installation` section to the new `release-*` branch name and remove the note pointing to the (old) `release-*` branch From a920d24debfe341c83205cf435ddf9f6bd3019e2 Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Tue, 9 Jan 2024 22:20:30 -0800 Subject: [PATCH 08/11] chore: Add .pre-commit.log to .gitignore Signed-off-by: Christian Kadner --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9da8cc76..a122835c 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,5 @@ bin devbuild .develop_image_name .dev/ +.pre-commit.log + From b3c8f08d3caa9aeae90009a9fbf1aa33c5f9cad0 Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Wed, 10 Jan 2024 16:21:58 -0800 Subject: [PATCH 09/11] docs: Update version tags after v0.11.2 release (#476) - docs/install/install-script.md - docs/component-versions.md - docs/quickstart.md - scripts/setup_user_namespaces.sh --------- Signed-off-by: Christian Kadner --- .gitignore | 1 - docs/component-versions.md | 13 +++++++------ docs/install/install-script.md | 4 ++-- docs/quickstart.md | 13 +++++++++---- docs/release-process.md | 10 ++++++---- scripts/setup_user_namespaces.sh | 2 +- 6 files changed, 25 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index a122835c..d1495d19 100644 --- a/.gitignore +++ b/.gitignore @@ -38,4 +38,3 @@ devbuild .develop_image_name .dev/ .pre-commit.log - diff --git a/docs/component-versions.md b/docs/component-versions.md index 890a2c53..0600dc84 100644 --- a/docs/component-versions.md +++ b/docs/component-versions.md @@ -1,8 +1,9 @@ # Component versions -The following table shows the component versions for the latest modelmesh-serving release (v0.11.0). -| Component | Description | Upstream Revision | -| - | - | - | -| ModelMesh | Serves as a general-purpose model serving management/routing layer | [v0.11.0](https://github.com/kserve/modelmesh/tree/v0.11.0) | -| ModelMesh Runtime Adapter | Contains the unified puller/runtime-adapter image | [v0.11.0](https://github.com/kserve/modelmesh-runtime-adapter/tree/v0.11.0) | -| REST Proxy | Supports inference requests using KServe V2 REST Predict Protocol | [v0.11.0](https://github.com/kserve/rest-proxy/tree/v0.11.0) | +The following table shows the component versions for the latest ModelMesh Serving release (v0.11.2). + +| Component | Description | Upstream Revision | +| ------------------------- | ------------------------------------------------------------------ | --------------------------------------------------------------------------- | +| ModelMesh | Serves as a general-purpose model serving management/routing layer | [v0.11.2](https://github.com/kserve/modelmesh/tree/v0.11.2) | +| ModelMesh Runtime Adapter | Contains the unified puller/runtime-adapter image | [v0.11.2](https://github.com/kserve/modelmesh-runtime-adapter/tree/v0.11.2) | +| REST Proxy | Supports inference requests using KServe V2 REST Predict Protocol | [v0.11.2](https://github.com/kserve/rest-proxy/tree/v0.11.2) | diff --git a/docs/install/install-script.md b/docs/install/install-script.md index 238b9274..572ff0d9 100644 --- a/docs/install/install-script.md +++ b/docs/install/install-script.md @@ -43,11 +43,11 @@ A secret named `model-serving-etcd` will be created and passed to the controller To install the most recent _stable release_ of [modelmesh-serving](https://github.com/kserve/modelmesh-serving/releases/latest) -follow the [Installation instructions](https://github.com/kserve/modelmesh-serving/blob/release-0.11/docs/install/install-script.md) for version `v0.11.0`. +follow the [Installation instructions](https://github.com/kserve/modelmesh-serving/blob/release-0.11.2/docs/install/install-script.md) for version `v0.11.2`. Start by cloning the [modelmesh-serving](https://github.com/kserve/modelmesh-serving.git) repository: - + ```shell RELEASE="main" diff --git a/docs/quickstart.md b/docs/quickstart.md index 75042dd6..34eb0355 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -4,19 +4,24 @@ To quickly get started using ModelMesh Serving, here is a brief guide. -> **Note**: This document describes how to install the _latest unreleased_ version of ModelMesh for developers and early adopters. To install the most recent _stable release_, please follow the [Quick Start Guide for version 0.11](https://github.com/kserve/modelmesh-serving/blob/release-0.11/docs/quickstart.md). +> **Note**: This document describes how to install the _latest unreleased_ +> version of ModelMesh for developers and early adopters. To install the +> most recent _stable release_, please follow the +> [Quick Start Guide for version 0.11.2](https://github.com/kserve/modelmesh-serving/blob/release-0.11.2/docs/quickstart.md). ## Prerequisites - A Kubernetes cluster v1.23+ with cluster administrative privileges -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) and [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) (v4.0+) -- At least 4 vCPU and 8 GB memory. For more details, please see [here](install/README.md#deployed-components). +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) and + [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) (v4.0+) +- At least 4 vCPU and 8 GB memory. For more details, please see + [here](install/README.md#deployed-components). ## 1. Install ModelMesh Serving ### Clone the ModelMesh repository - + ```shell RELEASE="main" diff --git a/docs/release-process.md b/docs/release-process.md index 9081085d..4ef85a05 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -113,6 +113,7 @@ with KServe. - [ ] [kserve/modelmesh](https://hub.docker.com/r/kserve/modelmesh/tags) - [ ] [kserve/modelmesh-minio-examples](https://hub.docker.com/r/kserve/modelmesh-minio-examples/tags) + - [ ] [kserve/modelmesh-minio-dev-examples](https://hub.docker.com/r/kserve/modelmesh-minio-dev-examples/tags) - [ ] [kserve/modelmesh-runtime-adapter](https://hub.docker.com/r/kserve/modelmesh-runtime-adapter/tags) - [ ] [kserve/rest-proxy](https://hub.docker.com/r/kserve/rest-proxy/tags) @@ -122,6 +123,7 @@ with KServe. - `kserve/modelmesh` - `kserve/modelmesh-controller` - `kserve/modelmesh-minio-examples` + - `kserve/modelmesh-minio-dev-examples` - `kserve/modelmesh-runtime-adapter` - `kserve/rest-proxy` @@ -129,8 +131,8 @@ with KServe. - [ ] `.github/workflows/fvt-base.yml`: - [ ] `docker pull kserve/modelmesh:v...` - - [ ] `docker pull kserve/modelmesh-minio-examples:v...` - [ ] `docker pull kserve/modelmesh-minio-dev-examples:v...` + - [ ] `docker pull kserve/modelmesh-minio-examples:v...` - [ ] `docker pull kserve/modelmesh-runtime-adapter:v...` - [ ] `docker pull kserve/rest-proxy:v...` - [ ] `config/default/config-defaults.yaml`: @@ -138,8 +140,8 @@ with KServe. - [ ] `kserve/rest-proxy` - [ ] `kserve/modelmesh-runtime-adapter` - [ ] `config/dependencies/fvt.yaml`: - - [ ] `image: kserve/modelmesh-minio-dev-examples:v...` - - [ ] `image: kserve/modelmesh-minio-examples:v...` + - [ ] `image: kserve/modelmesh-minio-dev-examples:v...` + - [ ] `image: kserve/modelmesh-minio-examples:v...` - [ ] `config/dependencies/quickstart.yaml`: - [ ] `image: kserve/modelmesh-minio-examples:v...` - [ ] `config/manager/kustomization.yaml`: update the `newTag` to `v...` @@ -166,9 +168,9 @@ with KServe. (e.g. `v0.11.0`) with the new release branch name or new version tags. Submit them in a PR to `main`, and wait for that PR to be merged: + - [ ] `docs/install/install-script.md` - [ ] `docs/component-versions.md` - [ ] `docs/quickstart.md` - - [ ] `docs/install/install-script.md` - [ ] `scripts/setup_user_namespaces.sh` ## Generate Release Artifacts and Publish the Release diff --git a/scripts/setup_user_namespaces.sh b/scripts/setup_user_namespaces.sh index c3b663fb..3dc0183a 100755 --- a/scripts/setup_user_namespaces.sh +++ b/scripts/setup_user_namespaces.sh @@ -31,7 +31,7 @@ EOF ctrl_ns="modelmesh-serving" user_ns_array=() -modelmesh_release="v0.11.0" # The latest release is the default +modelmesh_release="v0.11.2" # The latest release is the default create_storage_secret=false deploy_serving_runtimes=false dev_mode=false # Set to true to use locally cloned files instead of from a release From 5f9c6f7395b8fbc5be7f0cac92e2b7d981777c0e Mon Sep 17 00:00:00 2001 From: Christian Kadner Date: Wed, 10 Jan 2024 17:00:33 -0800 Subject: [PATCH 10/11] fix: Install fails with int commit hash (#473) Wrap commit short hash in quotes Resolves #472 --------- Signed-off-by: Christian Kadner --- .github/workflows/fvt-base.yml | 5 +++-- scripts/deploy/iks/deploy-mm-serving.sh | 3 ++- scripts/install.sh | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/fvt-base.yml b/.github/workflows/fvt-base.yml index 2707fcb8..8c20711a 100644 --- a/.github/workflows/fvt-base.yml +++ b/.github/workflows/fvt-base.yml @@ -56,7 +56,8 @@ jobs: kubectl get pods -n kube-system - name: Set controller image tag - run: echo "IMAGE_TAG=$(date +'%Y%m%dT%H%M%S%Z')" >> $GITHUB_ENV + run: | + echo "IMAGE_TAG=$(date +'%Y%m%dT%H%M%S%Z')" >> $GITHUB_ENV - name: Update configs # Update the image tag and reduce some resource request amounts to allow FVTs to run @@ -64,7 +65,7 @@ jobs: # is also adjusted for these environments. # Disable the torchserve ServingRuntime for now (insufficient resources to run them all). run: | - sed -i 's/newTag:.*$/newTag: '"${{ env.IMAGE_TAG }}"'/' config/manager/kustomization.yaml + sed -i 's/newTag:.*$/newTag: "'${{ env.IMAGE_TAG }}'"/' config/manager/kustomization.yaml sed -i '0,/cpu:.*$/s/cpu:.*$/cpu: 100m/' \ config/default/config-defaults.yaml \ config/runtimes/mlserver-1.x.yaml \ diff --git a/scripts/deploy/iks/deploy-mm-serving.sh b/scripts/deploy/iks/deploy-mm-serving.sh index 2e4cec84..36a416ce 100644 --- a/scripts/deploy/iks/deploy-mm-serving.sh +++ b/scripts/deploy/iks/deploy-mm-serving.sh @@ -74,7 +74,8 @@ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack mv kustomize /usr/local/bin/kustomize # Update target tag and namespace/organization -sed -i.bak 's/newTag:.*$/newTag: '"$GIT_COMMIT_SHORT"'/' config/manager/kustomization.yaml +# enclose commit short hash in quotes to avoid it being interpreted as an int +sed -i.bak 's/newTag:.*$/newTag: "'${GIT_COMMIT_SHORT}'"/' config/manager/kustomization.yaml sed -i.bak 's/newName:.*$/newName: '"$DOCKERSANDBOX_NAMESPACE\/modelmesh-controller"'/' config/manager/kustomization.yaml rm config/manager/kustomization.yaml.bak diff --git a/scripts/install.sh b/scripts/install.sh index aa09f9ba..b66facb0 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -338,6 +338,7 @@ if [[ $enable_self_signed_ca == "true" ]]; then rm default/kustomization.yaml.bak fi +info "kustomize build default" kustomize build default | kubectl apply -f - if [[ $dev_mode_logging == "true" ]]; then From a2ce947a75b602c1f0b2fa06da90d924252f6977 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edgar=20Hern=C3=A1ndez?= Date: Thu, 18 Jan 2024 12:50:53 -0600 Subject: [PATCH 11/11] fix: Replace "foo" string with a less generic one (#465) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If template parsing fails, the "foo" string would appear in pod logs. This should be very hard to happen, since the template is built-in. Changing, simply, to have more meaningful logs. Fixes opendatahub-io/modelmesh-serving#114 Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com> --- controllers/config/templating.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/config/templating.go b/controllers/config/templating.go index 6f4b4166..f124d35e 100644 --- a/controllers/config/templating.go +++ b/controllers/config/templating.go @@ -49,7 +49,7 @@ func templateSource(r io.Reader, context interface{}) mf.Source { if err != nil { panic(err) } - t, err := template.New("foo").Parse(string(b)) + t, err := template.New("ModelMeshTemplate").Parse(string(b)) if err != nil { panic(err) }