Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 585: Upgrade Zookeeper to version 3.7.2 #586

Merged
merged 2 commits into from
Dec 19, 2023

Conversation

pandoscas
Copy link
Contributor

@pandoscas pandoscas commented Dec 15, 2023

Change log description

While running trivy to look for vulnerabilities in the latest 0.2.15 images, the report returned multiple CRITICAL CVEs in the zookeeper image that have been resolved in the latest stable 3.7.2.

Purpose of the change

Fixes #585.

What the code does

Upgrade version of Zookeeper to version 3.7.2

How to verify it

Build validation
make build-zk-image runs succesfully

Tests executed
ran make test

go test $(go list ./... | grep -v /vendor/ | grep -v /test/e2e) -race -coverprofile=coverage.txt -covermode=atomic
?   	github.com/pravega/zookeeper-operator	[no test files]
?   	github.com/pravega/zookeeper-operator/cmd/exporter	[no test files]
?   	github.com/pravega/zookeeper-operator/pkg/controller/config	[no test files]
?   	github.com/pravega/zookeeper-operator/pkg/version	[no test files]
ok  	github.com/pravega/zookeeper-operator/api/v1beta1	1.421s	coverage: 99.0% of statements
ok  	github.com/pravega/zookeeper-operator/controllers	15.710s	coverage: 78.3% of statements
ok  	github.com/pravega/zookeeper-operator/pkg/utils	1.135s	coverage: 68.6% of statements
ok  	github.com/pravega/zookeeper-operator/pkg/yamlexporter	1.093s	coverage: 72.2% of statements
ok  	github.com/pravega/zookeeper-operator/pkg/zk	6.184s	coverage: 96.2% of statements

ran make test-e2e-remote
0. Started minikube

  1. Pushed the built image to docker-hub (pandoscas/test-zk)
  2. Modified spec_util.go
 // NewDefaultCluster returns a cluster with an empty spec, which will be filled
 // with default values
 func NewDefaultCluster(namespace string) *api.ZookeeperCluster {
	 return &api.ZookeeperCluster{
		 TypeMeta: metav1.TypeMeta{
			 Kind:       "ZookeeperCluster",
			 APIVersion: "zookeeper.pravega.io/v1beta1",
		 },
		 ObjectMeta: metav1.ObjectMeta{
			 Name:      "zookeeper",
			 Namespace: namespace,
		 },
		 Spec: api.ZookeeperClusterSpec{
			 Image: api.ContainerImage{
				 Repository: "pandoscas/test-zk",
				 Tag: "latest",
		 },
		 },
	 }
 }
  1. Ran the command make test-e2e
make test-e2e

Ran 8 of 8 Specs in 3481.537 seconds
SUCCESS! -- 8 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestAPIs (3481.54s)
PASS

  Type     Reason            Age   From               Message
  ----     ------            ----  ----               -------
  Warning  FailedScheduling  49s   default-scheduler  0/1 nodes are available: pod has unbound immediate PersistentVolumeClaims. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling..
  Normal   Scheduled         47s   default-scheduler  Successfully assigned default/zk1-0 to test-profile
  Normal   Pulling           47s   kubelet            Pulling image "pandoscas/test-zk:latest"
  Normal   Pulled            34s   kubelet            Successfully pulled image "pandoscas/test-zk:latest" in 13.038s (13.038s including waiting)
  Normal   Created           33s   kubelet            Created container zookeeper
  Normal   Started           33s   kubelet            Started container zookeeper

Integration tests
Build my solution with the zookeeper-operator image.

@anishakj
Copy link
Contributor

@pandoscas Please sign-off your commit

Copy link

codecov bot commented Dec 15, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (2c8bfec) 85.91% compared to head (51946ac) 85.91%.

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #586   +/-   ##
=======================================
  Coverage   85.91%   85.91%           
=======================================
  Files          12       12           
  Lines        1633     1633           
=======================================
  Hits         1403     1403           
  Misses        145      145           
  Partials       85       85           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@anishakj
Copy link
Contributor

@pandoscas Please sign-off your commit

Also please let us know have you done testing with the new zookeeper image

@pandoscas
Copy link
Contributor Author

Updated with validations done.

@anishakj
Copy link
Contributor

@pandoscas Could you please update version as 3.7.2 in Readme (https://github.com/pravega/zookeeper-operator/blob/master/README.md)

@pandoscas
Copy link
Contributor Author

Hello I am commiting now the README, that was something I forgot to do when I submitted the commit. Apologies for the delay in the e2e validations but I am facing some issues on my local setup unrelated with the zookeeper-operator.

@anishakj
Copy link
Contributor

Hello I am commiting now the README, that was something I forgot to do when I submitted the commit. Apologies for the delay in the e2e validations but I am facing some issues on my local setup unrelated with the zookeeper-operator.

I have ran the sanity with your changes

@pandoscas
Copy link
Contributor Author

Updated README, and will also update the commit with the procedure for running the e2e testing.

@anishakj
Copy link
Contributor

@pandoscas DCO check is failing, please sign-off the commit

Copy link
Contributor

@anishakj anishakj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@anishakj anishakj merged commit 9fc6151 into pravega:master Dec 19, 2023
5 checks passed
pandoscas added a commit to pandoscas/zookeeper-operator that referenced this pull request Feb 9, 2024
Issue 585: Upgrade Zookeeper to version 3.7.2 (pravega#586)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Zookeeper needs to be bumped to 3.8.3 in order to fix a series of identified CRITICAL CVEs
2 participants