Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logviewer addon update:containerd log format support and some bugfixes #19546

Open
wants to merge 12 commits into
base: master
Choose a base branch
from

Conversation

ivans3
Copy link
Contributor

@ivans3 ivans3 commented Aug 30, 2024

Hi,

Thank you for considering the Pull request. I have an update for the Logviewer addon.

Addon Description: Added in 2018, logviewer addon is an alternative to installing the ELK stack for log aggregation and logviewing through a web-interface. It is a light in-memory application that tails the container log files on disk.

PR Description: adding support and auto-detection of containerd log format. Also some minor fixes for formatting and browser inconsistencies. My team has been testing it for over a month and seems OK

https://github.com/ivans3/minikube-log-viewer (Unilicense)

Thanks!
ivans3

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ivans3
Once this PR has been reviewed and has the lgtm label, please assign spowelljr for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 30, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @ivans3. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 30, 2024
@minikube-bot
Copy link
Collaborator

Can one of the admins verify this patch?

pkg/minikube/assets/addons.go Outdated Show resolved Hide resolved
@ivans3
Copy link
Contributor Author

ivans3 commented Sep 19, 2024

Hi @medyagh Sure sounds good. I changed the tag name to v1 and will use v2,v3,etc... for any subsequent updates

@ivans3 ivans3 requested a review from medyagh September 19, 2024 21:36
@spowelljr
Copy link
Member

Hi @ivans3, the new image has two critical CVEs, do you think you could resolve those?

   1C     6H     1M     0L     5?  stdlib 1.21.6
pkg:golang/stdlib@1.21.6

    ✗ CRITICAL CVE-2024-24790
      https://scout.docker.com/v/CVE-2024-24790
      Affected range : <1.21.11  
      Fixed version  : 1.21.11
      
   1C     4H    18M     0L     3?  openssl 3.0.7-r2
pkg:apk/alpine/openssl@3.0.7-r2?os_name=alpine&os_version=3.17

    ✗ CRITICAL CVE-2024-5535
      https://scout.docker.com/v/CVE-2024-5535
      Affected range : <3.0.14-r0  
      Fixed version  : 3.0.14-r0  

@ivans3
Copy link
Contributor Author

ivans3 commented Oct 2, 2024

Hi @spowelljr okay i updated the packages as requested to address the CVEs. Can you give it another scan and let me know?

Thanks!

@spowelljr
Copy link
Member

The critical ones are gone now, I still see some high for Go, would you be able to bump go to +1.22.7?

   0C     4H     0M     0L     1?  stdlib 1.21.11
pkg:golang/stdlib@1.21.11

    ✗ HIGH CVE-2024-34158
      https://scout.docker.com/v/CVE-2024-34158
      Affected range : <1.22.7  
      Fixed version  : 1.22.7   
    
    ✗ HIGH CVE-2024-34156
      https://scout.docker.com/v/CVE-2024-34156
      Affected range : <1.22.7  
      Fixed version  : 1.22.7   
    
    ✗ HIGH CVE-2024-24791
      https://scout.docker.com/v/CVE-2024-24791
      Affected range : <1.21.12  
      Fixed version  : 1.21.12   
    
    ✗ HIGH CVE-2022-30635
      https://scout.docker.com/v/CVE-2022-30635
      Affected range : <1.22.7  
      Fixed version  : 1.22.7   
    
    ✗ UNSPECIFIED CVE-2024-34155
      https://scout.docker.com/v/CVE-2024-34155
      Affected range : <1.22.7  
      Fixed version  : 1.22.7   

@ivans3
Copy link
Contributor Author

ivans3 commented Oct 2, 2024

Hi @spowelljr okay i rebuilt using golang 1.22.8 and it showing now with 0 vulnerabilites for me. Can you please take a look?

@spowelljr
Copy link
Member

Security wise it looks good @ivans3, two more things if you could:

  1. Could you add a small integration test for the addon, just to ensure the pods come up healthy, for reference:
    // validateInspektorGadgetAddon tests the inspektor-gadget addon by ensuring the pod has come up and addon disables
    func validateInspektorGadgetAddon(ctx context.Context, t *testing.T, profile string) {
    defer disableAddon(t, "inspektor-gadget", profile)
    defer PostMortemLogs(t, profile)
    if _, err := PodWait(ctx, t, profile, "gadget", "k8s-app=gadget", Minutes(8)); err != nil {
    t.Fatalf("failed waiting for inspektor-gadget pod: %v", err)
    }
    }
  2. Would you be able to build the image for more machine architectures? arm64 would be the most important (~25% of users use arm64), less important, but if possible s390x, arm, and ppc64le would be great as well. Feel free to copy what I do for another one of the images to easily build multi-arch.
    https://github.com/spowelljr/kube-registry-proxy/blob/main/Makefile

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 3, 2024
@ivans3
Copy link
Contributor Author

ivans3 commented Oct 3, 2024

Hi @spowelljr okay i added the multi-arch (for amd64 and arm64 platforms), and a unit test. I tested both amd64 and arm64 builds, can you please take a look?

Thanks!

@spowelljr
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 3, 2024
@spowelljr
Copy link
Member

/retest-this-please

1 similar comment
@spowelljr
Copy link
Member

/retest-this-please

@minikube-pr-bot

This comment has been minimized.

@minikube-pr-bot

This comment has been minimized.

@minikube-pr-bot

This comment has been minimized.

@minikube-pr-bot
Copy link

Here are the number of top 10 failed tests in each environments with lowest flake rate.

Environment Test Name Flake Rate
Docker_Linux (1 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
Docker_Linux_crio_arm64 (5 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
Docker_Linux_crio_arm64 (5 failed) TestPause/serial/SecondStartNoReconfiguration(gopogh) 3.41% (chart)
Docker_Linux_crio_arm64 (5 failed) TestMultiControlPlane/serial/RestartCluster(gopogh) 14.77% (chart)
none_Linux (1 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
Docker_Cloud_Shell (4 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
Docker_Linux_docker_arm64 (1 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
Docker_Linux_crio (3 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown
KVM_Linux (1 failed) TestAddons/serial/GCPAuth/PullSecret(gopogh) Unknown

Besides the following environments also have failed tests:

To see the flake rates of all tests by environment, click here.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 12, 2024
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 12, 2024
@minikube-pr-bot
Copy link

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 19546) |
+----------------+----------+---------------------+
| minikube start | 49.9s    | 50.8s               |
| enable ingress | 15.6s    | 16.9s               |
+----------------+----------+---------------------+

Times for minikube start: 48.9s 51.1s 48.5s 52.3s 48.6s
Times for minikube (PR 19546) start: 50.1s 50.4s 49.8s 51.7s 51.9s

Times for minikube ingress: 15.0s 15.0s 15.0s 18.5s 14.5s
Times for minikube (PR 19546) ingress: 15.0s 16.5s 19.0s 15.0s 19.0s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 19546) |
+----------------+----------+---------------------+
| minikube start | 21.6s    | 21.7s               |
| enable ingress | 12.9s    | 12.6s               |
+----------------+----------+---------------------+

Times for minikube start: 21.3s 21.4s 21.4s 21.1s 22.9s
Times for minikube (PR 19546) start: 24.7s 21.6s 20.4s 21.3s 20.7s

Times for minikube (PR 19546) ingress: 12.3s 12.3s 12.8s 12.3s 13.3s
Times for minikube ingress: 12.3s 12.8s 12.8s 13.3s 13.3s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 19546) |
+----------------+----------+---------------------+
| minikube start | 21.0s    | 20.1s               |
| enable ingress | 37.4s    | 37.3s               |
+----------------+----------+---------------------+

Times for minikube (PR 19546) start: 19.9s 18.7s 22.2s 19.7s 20.1s
Times for minikube start: 19.4s 20.5s 20.0s 21.9s 23.1s

Times for minikube ingress: 38.8s 38.8s 38.8s 31.8s 38.8s
Times for minikube (PR 19546) ingress: 39.3s 39.3s 39.3s 38.8s 29.8s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants