Merge remote-tracking branch 'origin/main' into laverya/sc-100503/cle…

…anup-outdated-helm-chart-files

.github/actions/e2e/action.yml

@@ -7,6 +7,9 @@ inputs:
   airgap-license-id:
     description: 'airgap-enabled license id to use for e2e tests'
     required: true
+  snapshot-license-id:
+    description: 'snapshot-enabled license id to use for e2e tests'
+    required: true
   license-id:
     description: 'license id to use for e2e tests'
     required: true
@@ -23,6 +26,12 @@ inputs:
 runs:
   using: composite
   steps:
+  - name: Remove MS repo
+    shell: bash
+    run: |
+      apt-add-repository --list
+      sudo apt-add-repository -y -r deb [arch=amd64,arm64,armhf] https://packages.microsoft.com/ubuntu/22.04/prod jammy main
+      apt-add-repository --list
   - name: Move Docker aside
     shell: bash
     run: |
@@ -51,13 +60,23 @@ runs:
       sudo rm -rf /usr/local/lib/android
       sudo rm -rf /opt/hostedtoolcache/CodeQL
       sudo rm -rf /opt/hostedtoolcache/Python
+  - name: Set AppArmor mode to complain
+    shell: bash
+    run: |
+      sudo apt-get update -y
+      sudo apt install apparmor-utils -y
+      sudo aa-complain /etc/apparmor.d/*
   - name: E2E
     shell: bash
     run: |
       export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
       export LICENSE_ID=${{ inputs.license-id }}
       export AIRGAP_LICENSE_ID=${{ inputs.airgap-license-id }}
+      export SNAPSHOT_LICENSE_ID=${{ inputs.snapshot-license-id }}
       echo "${{ inputs.license }}" | base64 --decode > e2e/license.yaml
       export TESTIM_ACCESS_TOKEN=${{ inputs.testim-access-token }}
       export TESTIM_BRANCH=${{ inputs.testim-branch }}
       make e2e-test TEST_NAME=${{ inputs.test-name }}
+#  - name: Setup upterm session (ssh)
+#    uses: lhotari/action-upterm@v1
+#    if: always()

.github/workflows/dependencies.yaml

@@ -47,6 +47,18 @@ jobs:
       run: |
         export VERSION=`curl https://api.github.com/repos/distribution/distribution/tags | jq -r '.[].name'  | tr -d v | grep -v alpha | grep -v beta | head -n 1`
         sed -i "/^REGISTRY_IMAGE_VERSION/c\REGISTRY_IMAGE_VERSION = $VERSION" Makefile
+    - name: Velero Chart
+      run: |
+        export VERSION=`curl https://api.github.com/repos/vmware-tanzu/helm-charts/tags | jq -r '.[].name' | grep velero | tr -d 'velero-' | head -n 1`
+        sed -i "/^VELERO_CHART_VERSION/c\VELERO_CHART_VERSION = $VERSION" Makefile
+    - name: Velero Image
+      run: |
+        export VERSION=`curl https://api.github.com/repos/vmware-tanzu/velero/tags | jq -r '.[].name' | grep -v 'rc' | head -n 1`
+        sed -i "/^VELERO_IMAGE_VERSION/c\VELERO_IMAGE_VERSION = $VERSION" Makefile
+    - name: Velero AWS Plugin Image
+      run: |
+        export VERSION=`curl https://api.github.com/repos/vmware-tanzu/velero-plugin-for-aws/tags | jq -r '.[].name' | grep -v 'rc' | head -n 1`
+        sed -i "/^VELERO_AWS_PLUGIN_IMAGE_VERSION/c\VELERO_AWS_PLUGIN_IMAGE_VERSION = $VERSION" Makefile
     - name: Kubectl
       run: |
         export VERSION=`curl -L -s https://dl.k8s.io/release/stable.txt`
@@ -59,7 +71,7 @@ jobs:
         if [ "$CURVERSION" != "$VERSION" ]; then
           sed -i "/^K0S_VERSION/c\K0S_VERSION = $VERSION" Makefile
           sed -i "/^K0S_BINARY_SOURCE_OVERRIDE/c\K0S_BINARY_SOURCE_OVERRIDE =" Makefile
-          go get github.com/k0sproject/k0s@${VERSION}
+          make go.mod
         fi
     - name: Troubleshoot
       run: |

.github/workflows/pull-request.yaml

@@ -41,20 +41,23 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
     - name: Checkout
       uses: actions/checkout@v4
     - name: Setup Go
       uses: actions/setup-go@v5
       with:
         go-version: "1.21.0"
-    - name: Build Linux AMD64
+    - name: Build Linux AMD64 and Output Metadata
       run: |
         export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
-        make embedded-cluster-linux-amd64 VERSION="${SHORT_SHA}"
+        make -B embedded-cluster-linux-amd64 K0S_VERSION=$(make print-PREVIOUS_K0S_VERSION) VERSION="${SHORT_SHA}-previous-k0s"
+        tar -C output/bin -czvf embedded-cluster-linux-amd64-previous-k0s.tgz embedded-cluster
+        ./output/bin/embedded-cluster version metadata > metadata-previous-k0s.json
+        make -B embedded-cluster-linux-amd64 VERSION="${SHORT_SHA}"
         tar -C output/bin -czvf embedded-cluster-linux-amd64.tgz embedded-cluster
-    - name: Output Metadata
-      run: |
         ./output/bin/embedded-cluster version metadata > metadata.json
     - name: Install Replicated CLI
       run: |
@@ -91,7 +94,9 @@ jobs:
         echo "versionLabel: \"appver-${SHORT_SHA}\"" >> e2e/kots-release-install/release.yaml
         cat e2e/kots-release-install/release.yaml
         cp output/bin/embedded-cluster output/bin/embedded-cluster-original
-        make embedded-release VERSION="${SHORT_SHA}" # this is done after the metadata.json is generated so as to not include additional charts
+        make -B embedded-release K0S_VERSION=$(make print-PREVIOUS_K0S_VERSION) VERSION="${SHORT_SHA}-previous-k0s"
+        mv output/bin/embedded-cluster output/bin/embedded-cluster-previous-k0s
+        make -B embedded-release VERSION="${SHORT_SHA}" # this is done after the metadata.json is generated so as to not include additional charts
     - name: Cache files for integration test
       env:
         S3_BUCKET: "tf-staging-embedded-cluster-bin"
@@ -103,6 +108,7 @@ jobs:
         export EC_VERSION="v${SHORT_SHA}"
         ./scripts/cache-files.sh
         ./scripts/create-upgrade-release.sh
+        ./scripts/create-previous-k0s-release.sh
 
     - name: Create Airgap Release
       env:
@@ -112,11 +118,34 @@ jobs:
       run: |
         export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
         echo "${SHORT_SHA}"
-        sed -i "s/__version_string__/${SHORT_SHA}/g" e2e/kots-release-install/cluster-config.yaml
-        sed -i "s/__version_string__/${SHORT_SHA}-upgrade/g" e2e/kots-release-upgrade/cluster-config.yaml
+        # airgap tests install the previous k0s version to ensure an upgrade occurs
+        sed -i "s/${SHORT_SHA}/${SHORT_SHA}-previous-k0s/g" e2e/kots-release-install/cluster-config.yaml
         
         rm e2e/kots-release-install/release.yaml
         replicated release create --yaml-dir e2e/kots-release-install --promote CI-airgap --version "appver-${SHORT_SHA}"
+        replicated release create --yaml-dir e2e/kots-release-upgrade --promote CI-airgap --version "appver-${SHORT_SHA}-upgrade"
+
+    - name: Create download link message text
+      run: |
+        export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
+        
+        echo "This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app [license ID](https://vendor.staging.replicated.com/apps/embedded-cluster-smoke-test-staging-app/customers?sort=name-asc)." > download-link.txt
+        echo "" >> download-link.txt
+        echo "Online Installer:" >> download-link.txt
+        echo "\`\`\`" >> download-link.txt
+        echo "curl \"https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci/appver-${SHORT_SHA}\" -H \"Authorization: \$EC_SMOKE_TEST_LICENSE_ID\" -o embedded-cluster-smoke-test-staging-app-ci.tgz" >> download-link.txt
+        echo "\`\`\`" >> download-link.txt
+        echo "Airgap Installer (may take a few minutes before the airgap bundle is built):" >> download-link.txt
+        echo "\`\`\`" >> download-link.txt
+        echo "curl \"https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci-airgap/appver-${SHORT_SHA}?airgap=true\" -H \"Authorization: \$EC_SMOKE_TEST_LICENSE_ID\" -o embedded-cluster-smoke-test-staging-app-ci.tgz" >> download-link.txt
+        echo "\`\`\`" >> download-link.txt
+        echo "Happy debugging!" >> download-link.txt
+        cat download-link.txt
+
+    - name: comment download link
+      uses: mshick/add-pr-comment@v2
+      with:
+        message-path: download-link.txt
 
     - name: upload binary
       uses: actions/upload-artifact@v4
@@ -125,6 +154,7 @@ jobs:
         path: |
           output/bin/embedded-cluster
           output/bin/embedded-cluster-original
+          output/bin/embedded-cluster-previous-k0s
           output/bin/embedded-cluster-release-builder
 
   e2e:
@@ -148,11 +178,13 @@ jobs:
           - TestInstallWithoutEmbed
           - TestInstallFromReplicatedApp
           - TestResetAndReinstall
+          - TestResetAndReinstallAirgap
           - TestCollectSupportBundle
           - TestOldVersionUpgrade
           - TestMaterialize
           - TestLocalArtifactMirror
-          - TestSingleNodeAirgapInstallationUbuntuJammy
+          - TestSingleNodeAirgapUpgradeUbuntuJammy
+          - TestInstallSnapshotFromReplicatedApp
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -161,10 +193,12 @@ jobs:
       with:
         name: embedded-release
         path: output/bin
+
     - uses: ./.github/actions/e2e
       with:
         test-name: '${{ matrix.tests }}'
         airgap-license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_AIRGAP_LICENSE_ID }}
+        snapshot-license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_SNAPSHOT_LICENSE_ID }}
         license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_LICENSE_ID }}
         license: ${{ secrets.STAGING_EMBEDDED_CLUSTER_LICENSE }}
         testim-access-token: ${{ secrets.TESTIM_ACCESS_TOKEN }}

.github/workflows/release-dev.yaml

@@ -17,13 +17,14 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: "1.21"
-      - name: Build Linux AMD64
+      - name: Build Linux AMD64 and Output Metadata
         run: |
           export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
-          make embedded-cluster-linux-amd64 VERSION="${SHORT_SHA}"
+          make -B embedded-cluster-linux-amd64 K0S_VERSION=$(make print-PREVIOUS_K0S_VERSION) VERSION="${SHORT_SHA}-previous-k0s"
+          tar -C output/bin -czvf embedded-cluster-linux-amd64-previous-k0s.tgz embedded-cluster
+          ./output/bin/embedded-cluster version metadata > metadata-previous-k0s.json
+          make -B embedded-cluster-linux-amd64 VERSION="${SHORT_SHA}"
           tar -C output/bin -czvf embedded-cluster-linux-amd64.tgz embedded-cluster
-      - name: Output Metadata
-        run: |
           ./output/bin/embedded-cluster version metadata > metadata.json
       - name: Publish development release
         uses: marvinpinto/action-automatic-releases@latest
@@ -70,7 +71,9 @@ jobs:
           echo "versionLabel: \"appver-${SHORT_SHA}\"" >> e2e/kots-release-install/release.yaml
           cat e2e/kots-release-install/release.yaml
           cp output/bin/embedded-cluster output/bin/embedded-cluster-original
-          make embedded-release VERSION="${SHORT_SHA}" # this is done after the metadata.json is generated so as to not include additional charts
+          make -B embedded-release K0S_VERSION=$(make print-PREVIOUS_K0S_VERSION) VERSION="${SHORT_SHA}-previous-k0s"
+          mv output/bin/embedded-cluster output/bin/embedded-cluster-previous-k0s
+          make -B embedded-release VERSION="${SHORT_SHA}" # this is done after the metadata.json is generated so as to not include additional charts
       - name: Cache files for integration test
         env:
           S3_BUCKET: "tf-staging-embedded-cluster-bin"
@@ -82,6 +85,7 @@ jobs:
           export EC_VERSION="v${SHORT_SHA}"
           ./scripts/cache-files.sh
           ./scripts/create-upgrade-release.sh
+          ./scripts/create-previous-k0s-release.sh
       - name: Create Airgap Release
         env:
           REPLICATED_APP: "embedded-cluster-smoke-test-staging-app"
@@ -90,11 +94,12 @@ jobs:
         run: |
           export SHORT_SHA=dev-$(git rev-parse --short=7 HEAD)
           echo "${SHORT_SHA}"
-          sed -i "s/__version_string__/${SHORT_SHA}/g" e2e/kots-release-install/cluster-config.yaml
-          sed -i "s/__version_string__/${SHORT_SHA}-upgrade/g" e2e/kots-release-upgrade/cluster-config.yaml
+          # airgap tests install the previous k0s version to ensure an upgrade occurs
+          sed -i "s/${SHORT_SHA}/${SHORT_SHA}-previous-k0s/g" e2e/kots-release-install/cluster-config.yaml
           
           rm e2e/kots-release-install/release.yaml
           replicated release create --yaml-dir e2e/kots-release-install --promote CI-airgap --version "appver-${SHORT_SHA}"
+          replicated release create --yaml-dir e2e/kots-release-upgrade --promote CI-airgap --version "appver-${SHORT_SHA}-upgrade"
 
       - name: upload binary
         uses: actions/upload-artifact@v4
@@ -103,6 +108,7 @@ jobs:
           path: |
             output/bin/embedded-cluster
             output/bin/embedded-cluster-original
+            output/bin/embedded-cluster-previous-k0s
             output/bin/embedded-cluster-release-builder
   e2e:
     runs-on: ubuntu-latest
@@ -125,11 +131,13 @@ jobs:
           - TestInstallWithoutEmbed
           - TestInstallFromReplicatedApp
           - TestResetAndReinstall
+          - TestResetAndReinstallAirgap
           - TestCollectSupportBundle
           - TestOldVersionUpgrade
           - TestMaterialize
           - TestLocalArtifactMirror
-          - TestSingleNodeAirgapInstallationUbuntuJammy
+          - TestSingleNodeAirgapUpgradeUbuntuJammy
+          - TestInstallSnapshotFromReplicatedApp
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -142,6 +150,7 @@ jobs:
         with:
           test-name: '${{ matrix.tests }}'
           airgap-license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_AIRGAP_LICENSE_ID }}
+          snapshot-license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_SNAPSHOT_LICENSE_ID }}
           license-id: ${{ secrets.STAGING_EMBEDDED_CLUSTER_LICENSE_ID }}
           license: ${{ secrets.STAGING_EMBEDDED_CLUSTER_LICENSE }}
           testim-access-token: ${{ secrets.TESTIM_ACCESS_TOKEN }}

Makefile

@@ -4,13 +4,14 @@ ARCH := $(shell uname -m)
 APP_NAME = embedded-cluster
 ADMIN_CONSOLE_CHART_URL = oci://registry.replicated.com/library
 ADMIN_CONSOLE_CHART_NAME = admin-console
-ADMIN_CONSOLE_CHART_VERSION = 1.108.3-build.1
+ADMIN_CONSOLE_CHART_VERSION = 1.108.9-build.1
 ADMIN_CONSOLE_IMAGE_OVERRIDE =
 ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE =
 EMBEDDED_OPERATOR_CHART_URL = oci://registry.replicated.com/library
 EMBEDDED_OPERATOR_CHART_NAME = embedded-cluster-operator
-EMBEDDED_OPERATOR_CHART_VERSION = 0.26.1
+EMBEDDED_OPERATOR_CHART_VERSION = 0.28.2
 EMBEDDED_OPERATOR_UTILS_IMAGE = busybox:1.36.1
+EMBEDDED_CLUSTER_OPERATOR_IMAGE_OVERRIDE =
 OPENEBS_CHART_URL = https://openebs.github.io/charts
 OPENEBS_CHART_NAME = openebs/openebs
 OPENEBS_CHART_VERSION = 3.10.0
@@ -19,10 +20,16 @@ REGISTRY_CHART_URL = https://helm.twun.io
 REGISTRY_CHART_NAME = twuni/docker-registry
 REGISTRY_CHART_VERSION = 2.2.3
 REGISTRY_IMAGE_VERSION = 2.8.3
-KUBECTL_VERSION = v1.29.3
-K0S_VERSION = v1.29.2+k0s.0
+VELERO_CHART_URL = https://vmware-tanzu.github.io/helm-charts
+VELERO_CHART_NAME = vmware-tanzu/velero
+VELERO_CHART_VERSION = 6.0.0
+VELERO_IMAGE_VERSION = v1.13.2
+VELERO_AWS_PLUGIN_IMAGE_VERSION = v1.9.2
+KUBECTL_VERSION = v1.30.0
+K0S_VERSION = v1.29.4+k0s.0
+PREVIOUS_K0S_VERSION ?= v1.28.9+k0s.0
 K0S_BINARY_SOURCE_OVERRIDE =
-TROUBLESHOOT_VERSION = v0.84.1
+TROUBLESHOOT_VERSION = v0.88.1
 KOTS_VERSION = v$(shell echo $(ADMIN_CONSOLE_CHART_VERSION) | sed 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/')
 LD_FLAGS = -X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$(K0S_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/defaults.Version=$(VERSION) \
@@ -38,14 +45,20 @@ LD_FLAGS = -X github.com/replicatedhq/embedded-cluster/pkg/defaults.K0sVersion=$
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.ChartName=$(EMBEDDED_OPERATOR_CHART_NAME) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.Version=$(EMBEDDED_OPERATOR_CHART_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.UtilsImage=$(EMBEDDED_OPERATOR_UTILS_IMAGE) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/embeddedclusteroperator.ImageOverride=$(EMBEDDED_CLUSTER_OPERATOR_IMAGE_OVERRIDE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.ChartURL=$(OPENEBS_CHART_URL) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.ChartName=$(OPENEBS_CHART_NAME) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.Version=$(OPENEBS_CHART_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/openebs.UtilsVersion=$(OPENEBS_UTILS_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.ChartURL=$(REGISTRY_CHART_URL) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.ChartName=$(REGISTRY_CHART_NAME) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.Version=$(REGISTRY_CHART_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.ImageVersion=$(REGISTRY_IMAGE_VERSION)
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/registry.ImageVersion=$(REGISTRY_IMAGE_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.ChartURL=$(VELERO_CHART_URL) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.ChartName=$(VELERO_CHART_NAME) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.Version=$(VELERO_CHART_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.VeleroTag=$(VELERO_IMAGE_VERSION) \
+	-X github.com/replicatedhq/embedded-cluster/pkg/addons/velero.AwsPluginTag=$(VELERO_AWS_PLUGIN_IMAGE_VERSION)
 
 .DEFAULT_GOAL := default
 default: embedded-cluster-linux-amd64
@@ -147,6 +160,7 @@ e2e-test:
 clean:
 	rm -rf output
 	rm -rf pkg/goods/bins
+	rm -rf pkg/goods/internal/bins
 
 .PHONY: lint
 lint:
@@ -164,3 +178,6 @@ scan:
 		--severity="HIGH,CRITICAL" \
 		--ignore-unfixed \
 		./
+
+print-%:
+	@echo -n $($*)

cmd/embedded-cluster/install.go

@@ -49,6 +49,35 @@ func installAndEnableLocalArtifactMirror() error {
 	return nil
 }
 
+// configureNetworkManager configures the network manager (if the host is using it) to ignore
+// the calico interfaces. This function restarts the NetworkManager service if the configuration
+// was changed.
+func configureNetworkManager(c *cli.Context) error {
+	if active, err := helpers.IsSystemdServiceActive(c.Context, "NetworkManager"); err != nil {
+		return fmt.Errorf("unable to check if NetworkManager is active: %w", err)
+	} else if !active {
+		logrus.Debugf("NetworkManager is not active, skipping configuration")
+		return nil
+	}
+
+	dir := "/etc/NetworkManager/conf.d"
+	if _, err := os.Stat(dir); err != nil {
+		logrus.Debugf("skiping NetworkManager config (%s): %v", dir, err)
+		return nil
+	}
+
+	logrus.Debugf("creating NetworkManager config file")
+	if err := goods.MaterializeCalicoNetworkManagerConfig(); err != nil {
+		return fmt.Errorf("unable to materialize configuration: %w", err)
+	}
+
+	logrus.Debugf("network manager config created, restarting the service")
+	if _, err := helpers.RunCommand("systemctl", "restart", "NetworkManager"); err != nil {
+		return fmt.Errorf("unable to restart network manager: %w", err)
+	}
+	return nil
+}
+
 // runPostInstall is a helper function that run things just after the k0s install
 // command ran.
 func runPostInstall() error {
@@ -417,6 +446,10 @@ var installCommand = &cli.Command{
 			return ErrNothingElseToAdd
 		}
 		metrics.ReportApplyStarted(c)
+		logrus.Debugf("configuring network manager")
+		if err := configureNetworkManager(c); err != nil {
+			return fmt.Errorf("unable to configure network manager: %w", err)
+		}
 		logrus.Debugf("checking license matches")
 		if err := checkLicenseMatches(c); err != nil {
 			metricErr := fmt.Errorf("unable to check license: %w", err)