From a4103c5fa3738f0ec6e8cef3d73de9bbf9553c53 Mon Sep 17 00:00:00 2001 From: Tobia De Koninck Date: Fri, 5 Nov 2021 15:07:09 +0100 Subject: [PATCH 1/3] Update README and GH workflow --- .github/workflows/workflows.yaml | 6 +++--- README.md | 30 +++++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.github/workflows/workflows.yaml b/.github/workflows/workflows.yaml index 32c4b21..ea865c7 100644 --- a/.github/workflows/workflows.yaml +++ b/.github/workflows/workflows.yaml @@ -9,7 +9,7 @@ jobs: fail-fast: false matrix: java: [ 11 ] - kubernetes: [ '1.21.3', '1.20.9', 'v1.19.13', 'v1.18.20', 'v1.17.17', 'v1.16.15'] + kubernetes: [ 'v1.21.6', 'v1.20.12', 'v1.19.16', 'v1.18.20', 'v1.17.17', 'v1.16.15'] steps: - uses: actions/checkout@v2 @@ -29,9 +29,9 @@ jobs: minikube version: 'v1.16.0' kubernetes version: ${{ matrix.kubernetes }} - name: Build with Maven - run: mvn -U clean install -DskipTests + run: mvn -B -U clean install -DskipTests - name: Run Tests - run: mvn test + run: mvn -B test # dependency: # runs-on: ubuntu-latest diff --git a/README.md b/README.md index 7bf52b8..0b91c24 100644 --- a/README.md +++ b/README.md @@ -108,17 +108,18 @@ ShinyProxy and the operator for the best experience. ## Kubernetes versions -| | k8s 1.22.x | k8s >= v1.21.3 | k8s <= v1.21.2 | k8s >= 1.20.10 | k8s <= v1.20.9 | v1.19 | v1.18 | v1.17 | v1.16 | -|----------------|------------|----------------|----------------|----------------|----------------|-------|-------|-------|-------| -| 1.1.0³ | ✓ | ✓ | ✓² | ✓ | ✓² | ✓ | - | - | - | -| 1.0.0 | - | ✓ | ✓² | ✓ | ✓² | ✓ | ✓ | ✓¹ | ✓¹ | -| 0.0.1-SNAPSHOT | - | ✓ | ✓² | ✓ | ✓² | ✓ | ✓ | ✓¹ | ✓¹ | +| | k8s 1.22.x | k8s >= v1.21.3 | k8s <= v1.21.2 | k8s >= 1.20.10 | k8s <= v1.20.9 | v1.19 | v1.18 | v1.17 | v1.16 | v1.15 | v1.14 | +|----------------|------------|----------------|----------------|----------------|----------------|-------|-------|-------|-------| ----- | ----- | +| 1.1.0³ | ✓ | ✓ | ✓² | ✓ | ✓² | ✓ | - | - | - | - | - | +| 1.0.0 | - | ✓ | ✓² | ✓ | ✓² | ✓ | ✓ | ✓¹ | ✓¹ | -⁴ | -⁴ | +| 0.0.1-SNAPSHOT | - | ✓ | ✓² | ✓ | ✓² | ✓ | ✓ | ✓¹ | ✓¹ | ✓¹ | ✓¹ | **Note:** - ¹ requires the use of `SPO_PROBE_INITIAL_DELAY` and `SPO_PROBE_FAILURE_THRESHOL` due to lack of startup probes - ² requires a workaround, see below. - ³ not yet released; this version will use the `extensions/v1beta1` version of `Ingress` which is removed in k8s v1.22, but only available from v1.19 +- ⁴ version 1.0.0 uses version `apiextensions.k8s.io/v1` of the `CustomResourceDefinition` resource, which does not exists in versions before v1.16 ### Workaround for bug in Kubernetes @@ -136,6 +137,25 @@ only reasonable work-around is to regularly restart the Operator. Since version minutes), the operator stops. The corresponding Docker container then automatically restarts the Java process. +### Update to 1.0.0 + +Be aware of these changes when updating to version 1.0.0: + +- the ShinyProxy CRD now uses version `apiextensions.k8s.io/v1` of the + `CustomResourceDefinition` resource instead of version + `apiextensions.k8s.io/v1beta`. In our tests this update when smooth, but + please take into account that you may be required to re-create the CRD and + that therefore your ShinyProxy servers may have to be re-created (causing + downtime). +- because of this change, the operator requires at least version Kubernetes + v1.16. +- the ShinyProxy CRD now specifies version `openanalytics.eu/v1` instead of + `openanalytics.eu/v1alpha1`. Nevertheless, the operator is still able to + handle ShinyProxy resources using the `openanalytics.eu/v1alpha1` version. + When creating resources with version `openanalytics.eu/v1alpha1`, Kubernetes + will automatically convert these to use version `openanalytics.eu/v1`. + + ## Java Version This project requires JDK 11. From 2a1967cc9211636586471b6e08e9fbd83c49b42f Mon Sep 17 00:00:00 2001 From: Tobia De Koninck Date: Fri, 10 Dec 2021 10:18:18 +0100 Subject: [PATCH 2/3] Security Update of log4j https://github.com/advisories/GHSA-jfh8-c2jp-5v3q The operator is only vulnerable for ShinyProxy resources created through the Kubernetes API. This means that an attacker must be able to create ShinyProxy resources in order to exploit this vulnerability. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 8bf7eaa..3912bd0 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ eu.openanalytics shinyproxy-operator - 1.0.0 + 1.0.1-SNAPSHOT Open Analytics NV @@ -21,7 +21,7 @@ 1.5.20 true 5.6.0 - 2.14.1 + 2.15.0 From b00b0bfff4d66058c61e950e15f455f3b8306b72 Mon Sep 17 00:00:00 2001 From: Tobia De Koninck Date: Fri, 10 Dec 2021 10:30:10 +0100 Subject: [PATCH 3/3] Bump version to 1.0.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3912bd0..22c357d 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ eu.openanalytics shinyproxy-operator - 1.0.1-SNAPSHOT + 1.0.1 Open Analytics NV