From ecc5ea5ccddfbbc48d456efa04b6cf4ee80d2c9e Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 30 Apr 2025 17:30:37 -0400 Subject: [PATCH 1/9] Enable canary command --- charts/zrok/templates/controller-secrets-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/zrok/templates/controller-secrets-configmap.yaml b/charts/zrok/templates/controller-secrets-configmap.yaml index 5fab59cc..b16383d7 100644 --- a/charts/zrok/templates/controller-secrets-configmap.yaml +++ b/charts/zrok/templates/controller-secrets-configmap.yaml @@ -105,7 +105,7 @@ data: zrok enable --headless --description "{{ include "zrok.fullname" . }} test run" "${ZROK_ENABLE_TOKEN}" - zrok test canary public-proxy |& tee /tmp/test.out + ZROK_DANGEROUS_CANARY=1 zrok test canary public-proxy |& tee /tmp/test.out IGNORED_ERRORS='(' IGNORED_ERRORS+='0 errors' From 7c9673dddbcb3e8ef0c4e880badf5d35081af74c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 30 Apr 2025 17:32:04 -0400 Subject: [PATCH 2/9] Bump zrok version --- charts/zrok/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/zrok/Chart.yaml b/charts/zrok/Chart.yaml index 3b3bd27e..df7606c2 100644 --- a/charts/zrok/Chart.yaml +++ b/charts/zrok/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 1.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.0.0 +appVersion: 1.0.3 dependencies: [] From 520e602ffb50828b830aa0cfb70f702ec4310e02 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 30 Apr 2025 21:32:20 +0000 Subject: [PATCH 3/9] helm-docs: automated action --- charts/zrok/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/zrok/README.md b/charts/zrok/README.md index f2f01a70..4d60b583 100644 --- a/charts/zrok/README.md +++ b/charts/zrok/README.md @@ -2,7 +2,7 @@ # zrok -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) Run the zrok controller and zrok frontend components as a K8s deployment From 52b0e5e2e4e989ef05b388e5659e61670f3ac407 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 1 May 2025 23:41:50 -0400 Subject: [PATCH 4/9] bump to 1.0.4 anticipating bootstrapping fix --- charts/zrok/Chart.yaml | 2 +- charts/zrok/README.md | 2 +- charts/zrok/templates/frontend-deployment.yaml | 2 +- charts/zrok/templates/pre-delete-hook .yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/zrok/Chart.yaml b/charts/zrok/Chart.yaml index df7606c2..5d1f8873 100644 --- a/charts/zrok/Chart.yaml +++ b/charts/zrok/Chart.yaml @@ -21,6 +21,6 @@ version: 1.0.1 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.0.3 +appVersion: 1.0.4 dependencies: [] diff --git a/charts/zrok/README.md b/charts/zrok/README.md index 4d60b583..4833ab0c 100644 --- a/charts/zrok/README.md +++ b/charts/zrok/README.md @@ -2,7 +2,7 @@ # zrok -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.4](https://img.shields.io/badge/AppVersion-1.0.4-informational?style=flat-square) Run the zrok controller and zrok frontend components as a K8s deployment diff --git a/charts/zrok/templates/frontend-deployment.yaml b/charts/zrok/templates/frontend-deployment.yaml index a6102036..219d5626 100644 --- a/charts/zrok/templates/frontend-deployment.yaml +++ b/charts/zrok/templates/frontend-deployment.yaml @@ -54,7 +54,7 @@ spec: secretKeyRef: name: {{ include "zrok.fullname" . }}-ziti-mgmt-secret key: admin-password - # this is needed for ziti CLI to work because it assumes a writeable config dir + # this is needed for ziti CLI to work because it assumes a writable config dir - name: HOME value: /tmp volumeMounts: diff --git a/charts/zrok/templates/pre-delete-hook .yaml b/charts/zrok/templates/pre-delete-hook .yaml index 3df296a8..7c1fcca5 100644 --- a/charts/zrok/templates/pre-delete-hook .yaml +++ b/charts/zrok/templates/pre-delete-hook .yaml @@ -45,7 +45,7 @@ spec: secretKeyRef: name: {{ include "zrok.fullname" . }}-ziti-mgmt-secret key: admin-password - # this is needed for ziti CLI to work because it assumes a writeable config dir + # this is needed for ziti CLI to work because it assumes a writable config dir - name: HOME value: /tmp volumeMounts: From 22f55702b442ec4899db49ec6c9f25ad0db4454e Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 1 May 2025 23:56:35 -0400 Subject: [PATCH 5/9] try 1.0.3 again --- charts/zrok/Chart.yaml | 2 +- charts/zrok/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/zrok/Chart.yaml b/charts/zrok/Chart.yaml index 5d1f8873..df7606c2 100644 --- a/charts/zrok/Chart.yaml +++ b/charts/zrok/Chart.yaml @@ -21,6 +21,6 @@ version: 1.0.1 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.0.4 +appVersion: 1.0.3 dependencies: [] diff --git a/charts/zrok/README.md b/charts/zrok/README.md index 4833ab0c..4d60b583 100644 --- a/charts/zrok/README.md +++ b/charts/zrok/README.md @@ -2,7 +2,7 @@ # zrok -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.4](https://img.shields.io/badge/AppVersion-1.0.4-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) Run the zrok controller and zrok frontend components as a K8s deployment From 052fb095f833b93e77007c363a8c5d920410c56c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 2 May 2025 00:10:51 -0400 Subject: [PATCH 6/9] use the new unbootstrap command when uninstalling zrok --- charts/zrok/README.md | 1 - .../zrok/templates/controller-deployment.yaml | 8 +++--- .../templates/frontend-secrets-configmap.yaml | 6 ++--- charts/zrok/templates/pre-delete-hook .yaml | 26 +++++++++++++------ charts/zrok/values.yaml | 1 - 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/charts/zrok/README.md b/charts/zrok/README.md index 4d60b583..989bd450 100644 --- a/charts/zrok/README.md +++ b/charts/zrok/README.md @@ -163,7 +163,6 @@ zrok nginx api.zrok.192.168.49.2.sslip.io 192.168.49.2 80 8m41s | controller.service.type | string | `"ClusterIP"` | The service type to use for the zrok controller | | controller.specVersion | int | `4` | | | dnsZone | string | `"zrok.example.com"` | The DNS zone with a wildcard * A record to use for the zrok public frontend | -| frontend.deBootstrapScript | string | `"delete-identity.sh"` | | | frontend.extraConfig | object | `{}` | append additional frontend config | | frontend.homeDir | string | `"/var/lib/zrok"` | a read-only mountpoint for the frontend's Ziti identity is "homeDir" because zrok always looks in $HOME/.zrok/identities | | frontend.ingress.annotations | object | `{}` | The annotations to use for the frontend's ingress resource | diff --git a/charts/zrok/templates/controller-deployment.yaml b/charts/zrok/templates/controller-deployment.yaml index e3233953..573fd63e 100644 --- a/charts/zrok/templates/controller-deployment.yaml +++ b/charts/zrok/templates/controller-deployment.yaml @@ -39,7 +39,7 @@ spec: - name: HOME value: {{ .Values.controller.persistence.mount_dir }} volumeMounts: - - name: zrok-config + - name: zrok-controller-config mountPath: /etc/zrok readOnly: true - name: bootstrap-ziti @@ -72,7 +72,7 @@ spec: - name: HOME value: {{ .Values.controller.persistence.mount_dir }} volumeMounts: - - name: zrok-config + - name: zrok-controller-config mountPath: /etc/zrok readOnly: true - name: persistence @@ -94,7 +94,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }}z + {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: @@ -105,7 +105,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: zrok-config + - name: zrok-controller-config configMap: name: {{ include "zrok.fullname" . }}-config defaultMode: 0444 diff --git a/charts/zrok/templates/frontend-secrets-configmap.yaml b/charts/zrok/templates/frontend-secrets-configmap.yaml index d6defb73..5b2f843a 100644 --- a/charts/zrok/templates/frontend-secrets-configmap.yaml +++ b/charts/zrok/templates/frontend-secrets-configmap.yaml @@ -165,7 +165,7 @@ data: {{ toYaml .Values.frontend.extraConfig }} {{- end }} - {{ .Values.frontend.deBootstrapScript }}: |- + unbootstrap.bash: |- #!/usr/bin/env bash set -o errexit set -o nounset @@ -197,9 +197,7 @@ data: # expectation that the ziti controller is still reachable during zrok uninstall zitiLogin - # pending de-bootstrapping feature https://github.com/openziti/zrok/issues/290 - ziti edge delete identities where 'name="public"' - ziti edge delete edge-router-policies where 'name="public"' + zrok admin unbootstrap /etc/zrok/ctrl.yaml zitiLogin: |- #!/usr/bin/env bash diff --git a/charts/zrok/templates/pre-delete-hook .yaml b/charts/zrok/templates/pre-delete-hook .yaml index 7c1fcca5..9e60a0c5 100644 --- a/charts/zrok/templates/pre-delete-hook .yaml +++ b/charts/zrok/templates/pre-delete-hook .yaml @@ -49,18 +49,21 @@ spec: - name: HOME value: /tmp volumeMounts: - - name: zrok-config - mountPath: /usr/local/bin/{{ .Values.frontend.deBootstrapScript }} - subPath: {{ .Values.frontend.deBootstrapScript }} + - name: zrok-frontend-config + mountPath: /usr/local/bin/unbootstrap.bash + subPath: unbootstrap.bash # used by ziti CLI in zitiLogin + - name: zrok-controller-config + mountPath: /etc/zrok + readOnly: true - name: ziti-ctrl-plane-cas mountPath: {{ .Values.ziti.ca_cert_dir }}/{{ .Values.ziti.ca_cert_file }} subPath: {{ .Values.ziti.ca_cert_file }} readOnly: true - mountPath: /usr/local/bin/zitiLogin - name: zrok-config + name: zrok-frontend-config subPath: zitiLogin - command: ["{{ .Values.frontend.deBootstrapScript }}"] + command: ["unbootstrap.bash"] # command: ["sh", "-c", "while true; do sleep 86400; done"] {{- with .Values.affinity }} affinity: @@ -71,16 +74,23 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: zrok-config + - name: zrok-frontend-config configMap: name: {{ include "zrok.fullname" . }}-frontend-config items: - - key: {{ .Values.frontend.deBootstrapScript }} - path: {{ .Values.frontend.deBootstrapScript }} + - key: unbootstrap.bash + path: unbootstrap.bash mode: 0555 - key: zitiLogin path: zitiLogin mode: 0555 + - name: zrok-controller-config + configMap: + name: {{ include "zrok.fullname" . }}-config + defaultMode: 0444 + items: + - key: ctrl.yaml + path: ctrl.yaml - name: ziti-ctrl-plane-cas configMap: name: {{ .Values.ziti.ca_cert_configmap }} diff --git a/charts/zrok/values.yaml b/charts/zrok/values.yaml index 465a7154..b1cb6ff5 100644 --- a/charts/zrok/values.yaml +++ b/charts/zrok/values.yaml @@ -220,7 +220,6 @@ frontend: # -- a read-only mountpoint for the frontend's Ziti identity is "homeDir" # because zrok always looks in $HOME/.zrok/identities homeDir: /var/lib/zrok - deBootstrapScript: delete-identity.sh # -- append additional frontend config extraConfig: {} From b92eaddcf227a4c7561ed5ecc4ed6771497bb49b Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 2 May 2025 00:55:01 -0400 Subject: [PATCH 7/9] unbootstrap if bootstrap fails --- charts/zrok/templates/controller-secrets-configmap.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/zrok/templates/controller-secrets-configmap.yaml b/charts/zrok/templates/controller-secrets-configmap.yaml index b16383d7..62f365eb 100644 --- a/charts/zrok/templates/controller-secrets-configmap.yaml +++ b/charts/zrok/templates/controller-secrets-configmap.yaml @@ -77,7 +77,10 @@ data: # set -o xtrace # uses mounted zrok config YAML - zrok admin bootstrap /etc/zrok/ctrl.yaml + zrok admin bootstrap /etc/zrok/ctrl.yaml || { + zrok admin unbootstrap /etc/zrok/ctrl.yaml + exit 1 + } # granted permission to read secrets in namespace by SA managed by this chart if kubectl -n {{ .Release.Namespace }} get secret \ From 63a71dee88c97655eca91e025f3f037144e4a853 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 5 May 2025 11:41:34 -0400 Subject: [PATCH 8/9] use zrok 1.0.4 --- charts/zrok/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/zrok/Chart.yaml b/charts/zrok/Chart.yaml index df7606c2..5d1f8873 100644 --- a/charts/zrok/Chart.yaml +++ b/charts/zrok/Chart.yaml @@ -21,6 +21,6 @@ version: 1.0.1 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.0.3 +appVersion: 1.0.4 dependencies: [] From bbdb7eed9056cd0c890457a007bba3b6e5064352 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 May 2025 15:42:19 +0000 Subject: [PATCH 9/9] helm-docs: automated action --- charts/zrok/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/zrok/README.md b/charts/zrok/README.md index 989bd450..fe395a09 100644 --- a/charts/zrok/README.md +++ b/charts/zrok/README.md @@ -2,7 +2,7 @@ # zrok -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.4](https://img.shields.io/badge/AppVersion-1.0.4-informational?style=flat-square) Run the zrok controller and zrok frontend components as a K8s deployment