mesh
mesh copied to clipboard
traefik
Update to Traefik v2.10, go1.21 and alpine 3.18
What does this PR do?
This PR:
- Update to go 1.21
- Update direct dependencies (except k8s.io/api because it's a traefik requirement)
- Update to golangci-lint 1.55.1 (new excludes necessary)
- Update to k3s 1.21 (to sync integration tests with docs)
- Update to k3d 5.6.0
- Update to alpine 3.18
- Update to Semaphore machine ubuntu2004
- Update most versioned docker images
- Update to traefik 2.10 (second commit)
- Does not update k3s to 1.25 in integration tests (to stay in sync with docs)
- Does not add or update servicemeshinterface (one alpha update is available for all APIs)
- Fixes 14 high and 14 medium CVEs through Traefik, alpine and dependency updates (0 CVEs in new image)
How to test it
- Run all tests described in docs
Additional Notes
This PR updates everything to the latest versions, except:
- k3s should be updated to 1.25 in integration tests and docs adapted accordingly
- servicemeshinterface APIs should be updated
- Docs toolchain should be updated
- Tests should also cover coredns 1.10 and 1.11
Sure, I didn't see it in the build instructions, master is still the default branch. Makes integration testing easier 😄
You can update Traefik v2.10 inside this PR (in a separate commit).
The update of dependencies should be linked to the Traefik update. The indirect dependencies should not be updated (except those related to the update of Traefik)
Some notes:
- it's better not to create a PR based on another PR.
- it's better to open an issue before creating a PR to explain your changes.
I didn't see that, should I open an issue now? I will close the second PR.
I will remove the indirect updates and add Traefik 2.10 in a separate commit.
should I open an issue now?
the PR is already open, so you don't need it. The fact that opening an issue before creating a PR is a classic for any open source project: that allows us to talk before the PR and save time.
If I remove an unnecessary layer and use upx, I can shrink the image to 16 MB (58% smaller than v1.4.8). But it takes 97 seconds longer to build locally. I pushed a commit, the COPY certs command is still inside, I would suggest to remove it, it would only make a difference if you would rebuild daily and would be faster than the alpine rebuild.
When I use scratch instead of alpine, I can shrink the image by another 50% (8.4 MB) and also shrink the attack surface significantly (no binaries except traefik-mesh).
I added more versions to coredns_test.go according to https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md in a separate commit. 1.9.0 is replaced by 1.9.3 (k8s 1.25 and 1.26), 1.11.1 is included too (but not used in a k8s release yet).
https://www.freebsd.org/platforms/arm/#status states that freebsd/arm64 is fully supported since 2021, can I remove the goreleaser ignore? https://www.openbsd.org/arm64.html seems to be usable too.
Hello @reneleonhardt and thanks for your contribution,
As said by @ldez, it is better to open issues before opening a pull request and to address only one thing in it (see our contributing guide). As this pull request is already open, I would only address the dependency, image, and go version updates, and revert the other changes (and open issues accordingly).
Hello @reneleonhardt and thanks for your contribution,
As said by @ldez, it is better to open issues before opening a pull request and to address only one thing in it (see our contributing guide). As this pull request is already open, I would only address the dependency, image, and go version updates, and revert the other changes (and open issues accordingly).
Hello @kevinpollet okay I will try tonight, but as you know updating the images alone require many other updates like the whole docs toolchain.
I reverted what I understood that you don't want now. My work is finished, please run your CI for the first time.