Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release/3.2.x #10505

Closed
wants to merge 36 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
b30ce8a
chore(deps): bump resty.session from 4.0.0 to 4.0.1 (#10231)
bungle Feb 5, 2023
3ebf775
fix(patches): disable unneeded pointer alignment assertion in dynamic…
chronolaw Feb 3, 2023
c52e726
docs(changelog): add missing PR link for #9904
chronolaw Feb 6, 2023
b28347c
fix(*): prevent queues from growing without bounds (#10046) (#10253)
hanshuebner Feb 8, 2023
47b5921
fix(conf_loader): deprecate and alias otel properties (#10220)
flrgh Feb 2, 2023
f77de84
chore(deps): bump openssl from 1.1.1s to 1.1.1t
fffonion Feb 9, 2023
4e8a1f7
fix(manifest): sort version requirements
fffonion Feb 9, 2023
6c5e6fd
chore(deps): bump `resty.timerng` from `0.2.0` to `0.2.3` (#10265)
ADD-SP Feb 9, 2023
df4a0b8
feat(batchqueue): increase default maximum queue size and remove glob…
hanshuebner Feb 10, 2023
fefb5ad
fix(gha): ensure zlib installed for centos/rhel-7
curiositycasualty Feb 11, 2023
f2c9f36
chore(build): add `-c opt` flag for release profile
fffonion Feb 14, 2023
5f74a0d
chore(deps) bump resty.session from 4.0.1 to 4.0.2 (#10308)
bungle Feb 15, 2023
8fe41ac
chore(changelog): session breaking changes (#10313)
samugi Feb 16, 2023
0b09482
docs(changelog): add entry for renamed `kong.conf` properties (#10310…
flrgh Feb 20, 2023
3eef4b9
docs(changelog) update changelog for 3.2.0 release (#10337)
bungle Feb 21, 2023
469e6de
chore(deps) bump resty.session to 4.0.3
bungle Feb 21, 2023
3ec920c
fix(clustering/compat): compatibility for plugn fields (#10346)
StarlightIbuki Feb 22, 2023
bcbb12a
fix(actions): use `regctl` for (multiarch) image copy (#10335)
curiositycasualty Feb 22, 2023
2e08e60
feat(cd): Integrate container and cve scanning post publishing (#10275)
saisatishkarra Feb 23, 2023
6cbc7d9
fix(clustering): session renamed fields (#10354)
mashapedeployment Feb 23, 2023
c7d6e44
feat(meta): bump to 3.2.1 (#10351)
mashapedeployment Feb 23, 2023
4aa5113
chore(release): Boolean variables are passed as strings by Github Act…
tyler-ball Feb 23, 2023
d39e96c
fix(plugin): OTEL exporting with translate (#10332) (#10358)
mashapedeployment Feb 24, 2023
c40306d
fix(gha): Set Package Architecture when Uploading to Pulp (#10339) (#…
curiositycasualty Feb 24, 2023
0f77a1d
fix(build): add rpm signing related env var into repository rule envi…
windmgc Feb 27, 2023
c33859a
fix(db/migration): do migration before validation (#10348)
StarlightIbuki Feb 23, 2023
8d71a15
docs(changelog): update changelog for `3.2.1` (#10403)
kikito Mar 1, 2023
15549a4
fix(balancer) use local target cache (#10384) (#10410)
team-gateway-bot Mar 1, 2023
c9a9342
fix(bazel): fix intel detection (#10322)
curiositycasualty Feb 24, 2023
a125693
fix(build): fix intel detection with elif
fffonion Feb 27, 2023
1a1f2db
feat(*): Port kong-build-tools Package Smoke Tests [KAG-617]
curiositycasualty Feb 17, 2023
0092b4b
fix(bazel): add alt url for older zlib releases
curiositycasualty Mar 3, 2023
8942b1d
fix(build): add the missing endianness detection patch for Nginx (#10…
fffonion Mar 6, 2023
e67b8c4
chore(cd): add http2 smoke test (#10454) (#10459)
team-gateway-bot Mar 9, 2023
f9a332d
fix(dockerfiles): clean up dangling sockets on startup (#10468) (#10481)
locao Mar 15, 2023
e517284
release/3.2.2 (#10502)
kikito Mar 16, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .bazelrc
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ build:release --//:debug=false
build:release --//:licensing=true
build:release --action_env=BUILD_NAME=kong-dev
build:release --action_env=INSTALL_DESTDIR=/usr/local
build:release --compilation_mode=opt

build --spawn_strategy=local

1 change: 1 addition & 0 deletions .github/matrix-commitly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ smoke-tests:
- label: ubuntu

scan-vulnerabilities:
- label: ubuntu

release-packages:

Expand Down
132 changes: 97 additions & 35 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ jobs:
if: matrix.label == 'centos-7' || matrix.label == 'rhel-7'
run: |
echo "/usr/local/git/bin" >> $GITHUB_PATH
yum install -y which
yum install -y which zlib-devel

- name: Checkout Kong source code
uses: actions/checkout@v3
Expand Down Expand Up @@ -151,7 +151,7 @@ jobs:
if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true'
run: |
sudo apt-get update && sudo apt-get install libyaml-dev -y

- name: Install Ubuntu Cross Build Dependencies (arm64)
if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' && endsWith(matrix.label, 'arm64')
run: |
Expand Down Expand Up @@ -323,6 +323,70 @@ jobs:
Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}`
Artifacts available https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

scan:
name: Scan - ${{ matrix.label }}
needs: [metadata, build-images]
runs-on: ubuntu-22.04
if: |-
always()
&& fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != ''
&& needs.build-images.result == 'success'
&& (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]'))
strategy:
fail-fast: false
matrix:
include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}"
env:
IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
steps:
- name: Install regctl
uses: regclient/actions/regctl-installer@main

- name: Login to Docker Hub
if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN }}
uses: docker/login-action@bc135a1993a1d0db3e9debefa0cfcb70443cc94c
with:
username: ${{ secrets.GHA_DOCKERHUB_PUSH_USER }}
password: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUSH_TOKEN }}

# TODO: Refactor matrix file to support and parse platforms specific to distro
# Workaround: Look for specific amd64 and arm64 hardcooded architectures
- name: Parse Architecture Specific Image Manifest Digests
id: image_manifest_metadata
run: |
manifest_list_exists="$(
if regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic &> /dev/null; then
echo true
else
echo false
fi
)"
echo "manifest_list_exists=$manifest_list_exists"
echo "manifest_list_exists=$manifest_list_exists" >> $GITHUB_OUTPUT

amd64_sha="$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '')"
arm64_sha="$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '')"
echo "amd64_sha=$amd64_sha"
echo "amd64_sha=$amd64_sha" >> $GITHUB_OUTPUT
echo "arm64_sha=$arm64_sha"
echo "arm64_sha=$arm64_sha" >> $GITHUB_OUTPUT

- name: Scan AMD64 Image digest
id: sbom_action_amd64
if: steps.image_manifest_metadata.outputs.amd64_sha != ''
uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b
with:
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64
image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.amd64_sha }}

- name: Scan ARM64 Image digest
if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != ''
id: sbom_action_arm64
uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b
with:
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64
image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.arm64_sha }}

smoke-tests:
name: Smoke Tests - ${{ matrix.label }}
needs: [metadata, build-images]
Expand Down Expand Up @@ -350,6 +414,7 @@ jobs:

env:
KONG_ADMIN_URI: http://localhost:8001
KONG_ADMIN_HTTP2_URI: https://localhost:8444
KONG_PROXY_URI: http://localhost:8000

steps:
Expand All @@ -365,9 +430,9 @@ jobs:
# always pull the latest image to ensure we're testing the latest version.
run: |
docker run \
-p 8000:8000 -p 8001:8001 \
-p 8000:8000 -p 8001:8001 -p 8444:8444\
-e KONG_PG_PASSWORD=kong \
-e KONG_ADMIN_LISTEN=0.0.0.0:8001 \
-e KONG_ADMIN_LISTEN="0.0.0.0:8001, 0.0.0.0:8444 ssl http2" \
-e KONG_ANONYMOUS_REPORTS=off \
--name kong \
--restart always \
Expand All @@ -378,36 +443,20 @@ jobs:
sleep 3
docker logs kong

- name: Smoke Tests - Admin API
run: build/tests/01-admin-api.sh

scan-vulnerabilities:
name: Scan Vulnerabilities - ${{ matrix.label }}
needs: [metadata, build-images]
runs-on: ubuntu-22.04
if: |-
fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != ''
&& (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]'))

strategy:
# runs all jobs sequentially
max-parallel: 1
fail-fast: false
matrix:
include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}"
- name: Smoke Tests - Base Tests
env:
VERBOSE: ${{ runner.debug == '1' && '1' || '' }}
run: build/tests/01-base.sh

steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Smoke Tests - Admin API
env:
VERBOSE: ${{ runner.debug == '1' && '1' || '' }}
run: build/tests/02-admin-api.sh

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0
env:
TRIVY_USERNAME: ${{ secrets.GHA_DOCKERHUB_PUSH_USER }}
TRIVY_PASSWORD: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUSH_TOKEN }}
with:
image-ref: ${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
severity: 'CRITICAL,HIGH'
- name: Smoke Tests - HTTP2 Admin API
env:
VERBOSE: ${{ runner.debug == '1' && '1' || '' }}
run: build/tests/03-http2-admin-api.sh

release-packages:
name: Release Packages - ${{ matrix.label }} - ${{ needs.metadata.outputs.release-desc }}
Expand All @@ -433,9 +482,20 @@ jobs:
name: ${{ matrix.artifact-from }}-packages
path: bazel-bin/pkg

- name: Set package architecture
id: pkg-arch
run: |
arch='amd64'
if [[ '${{ matrix.label }}' == *'arm64' ]]; then
arch='arm64'
fi
echo "arch=$arch"
echo "arch=$arch" >> $GITHUB_OUTPUT

- name: Upload Packages to PULP
env:
OFFICIAL_RELEASE: ${{ github.event.inputs.official == true }}
ARCHITECTURE: ${{ steps.pkg-arch.outputs.arch }}
OFFICIAL_RELEASE: ${{ github.event.inputs.official }}
PULP_HOST: https://api.download.konghq.com
PULP_USERNAME: admin
# PULP_PASSWORD: ${{ secrets.PULP_DEV_PASSWORD }}
Expand Down Expand Up @@ -492,13 +552,15 @@ jobs:
latest=false
suffix=-${{ matrix.label }}

- name: Install regctl
uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc

- name: Push Images
env:
TAGS: "${{ steps.meta.outputs.tags }}"
run: |
PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
docker pull $PRERELEASE_IMAGE
for tag in $TAGS; do
docker tag $PRERELEASE_IMAGE $tag
docker push $tag
regctl -v debug image copy $PRERELEASE_IMAGE $tag
done
2 changes: 1 addition & 1 deletion .requirements
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ KONG_LICENSE="ASL 2.0"

RESTY_VERSION=1.21.4.1
RESTY_LUAROCKS_VERSION=3.9.2
RESTY_OPENSSL_VERSION=1.1.1s
RESTY_OPENSSL_VERSION=1.1.1t
RESTY_PCRE_VERSION=8.45
RESTY_LMDB_VERSION=1.0.0
RESTY_EVENTS_VERSION=0.1.3
Expand Down
74 changes: 69 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Table of Contents

- [3.2.2](#322)
- [3.2.1](#321)
- [3.2.0](#320)
- [3.1.0](#310)
- [3.0.1](#301)
- [3.0.0](#300)
Expand Down Expand Up @@ -67,7 +70,37 @@
- [0.9.9 and prior](#099---20170202)


## Unreleased
## 3.2.2

> Released 2023/03/16

### Dependencies

- Bumped lua-resty-session from 4.0.2 to 4.0.3
[#10338](https://github.com/Kong/kong/pull/10338)

### Fixes

#### Core

- Fixed an issue where dangling Unix sockets would prevent Kong from restarting in
Docker containers if it was not cleanly stopped.
[#10481](https://github.com/Kong/kong/pull/10481)

[Back to TOC](#table-of-contents)

### 3.2.1

#### Core

- Fix an issue where control plane does not downgrade config for `aws_lambda` and `zipkin` for older version of data planes.
[#10346](https://github.com/Kong/kong/pull/10346)
- Fix an issue where control plane does not rename fields correctly for `session` for older version of data planes.
[#10352](https://github.com/Kong/kong/pull/10352)
- Fix an issue where validation to regex routes may be skipped when the old-fashioned config is used for DB-less Kong.
[#10348](https://github.com/Kong/kong/pull/10348)

## 3.2.0

### Breaking Changes

Expand All @@ -79,6 +112,10 @@
For that reason it is advisable that during upgrades mixed versions of proxy nodes run for
as little as possible. During that time, the invalid sessions could cause failures and partial downtime.
All existing sessions are invalidated when upgrading to this version.
The parameter `idling_timeout` now has a default value of 900: unless configured differently,
sessions expire after 900 seconds (15 minutes) of idling.
The parameter `absolute_timeout` has a default value of 86400: unless configured differently,
sessions expire after 86400 seconds (24 hours).
[#10199](https://github.com/Kong/kong/pull/10199)

### Additions
Expand Down Expand Up @@ -146,7 +183,10 @@
- Fix an issue where after a valid declarative configuration is loaded,
the configuration hash is incorrectly set to the value: `00000000000000000000000000000000`.
[#9911](https://github.com/Kong/kong/pull/9911)
[#10046](https://github.com/Kong/kong/pull/10046)
- Update the batch queues module so that queues no longer grow without bounds if
their consumers fail to process the entries. Instead, old batches are now dropped
and an error is logged.
[#10247](https://github.com/Kong/kong/pull/10247)
- Fix an issue where 'X-Kong-Upstream-Status' cannot be emitted when response is buffered.
[#10056](https://github.com/Kong/kong/pull/10056)

Expand All @@ -167,11 +207,26 @@
[#10160](https://github.com/Kong/kong/pull/10160)
- For `http.flavor`. It should be a string value, not a double.
[#10160](https://github.com/Kong/kong/pull/10160)
- **OpenTelemetry**: Fix a bug that when getting the trace of other formats, the trace ID reported and propagated could be of incorrect length.
[#10332](https://github.com/Kong/kong/pull/10332)
- **OAuth2**: `refresh_token_ttl` is now limited between `0` and `100000000` by schema validator. Previously numbers that are too large causes requests to fail.
[#10068](https://github.com/Kong/kong/pull/10068)

### Changed

#### Core

- Improve error message for invalid JWK entities.
[#9904](https://github.com/Kong/kong/pull/9904)
- Renamed two configuration properties:
* `opentelemetry_tracing` => `tracing_instrumentations`
* `opentelemetry_tracing_sampling_rate` => `tracing_sampling_rate`

The old `opentelemetry_*` properties are considered deprecated and will be
fully removed in a future version of Kong.
[#10122](https://github.com/Kong/kong/pull/10122)
[#10220](https://github.com/Kong/kong/pull/10220)

#### Hybrid Mode

- Revert the removal of WebSocket protocol support for configuration sync,
Expand All @@ -191,13 +246,19 @@
[#10144](https://github.com/Kong/kong/pull/10144)
- Bumped lua-kong-nginx-module from 0.5.0 to 0.5.1
[#10181](https://github.com/Kong/kong/pull/10181)
- Bumped lua-resty-session from 3.10 to 4.0.0
- Bumped lua-resty-session from 3.10 to 4.0.2
[#10199](https://github.com/Kong/kong/pull/10199)
[#10230](https://github.com/Kong/kong/pull/10230)
[#10308](https://github.com/Kong/kong/pull/10308)
- Bumped OpenSSL from 1.1.1s to 1.1.1t
[#10266](https://github.com/Kong/kong/pull/10266)
- Bumped lua-resty-timer-ng from 0.2.0 to 0.2.3
[#10265](https://github.com/Kong/kong/pull/10265)

#### Core

- Improve error message for invalid jwk entries

- Improve error message for invalid jwk entries.
[#9904](https://github.com/Kong/kong/pull/9904)


## 3.1.0
Expand Down Expand Up @@ -7789,6 +7850,9 @@ First version running with Cassandra.

[Back to TOC](#table-of-contents)

[3.2.2]: https://github.com/Kong/kong/compare/3.2.1...3.2.2
[3.2.1]: https://github.com/Kong/kong/compare/3.2.0...3.2.1
[3.2.0]: https://github.com/Kong/kong/compare/3.1.0...3.2.0
[3.1.0]: https://github.com/Kong/kong/compare/3.0.1...3.1.0
[3.0.1]: https://github.com/Kong/kong/compare/3.0.0...3.0.1
[3.0.0]: https://github.com/Kong/kong/compare/2.8.1...3.0.0
Expand Down
5 changes: 4 additions & 1 deletion build/cross_deps/zlib/repositories.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ def zlib_repositories():

http_archive(
name = "cross_deps_zlib",
url = "https://zlib.net/zlib-1.2.13.tar.gz",
urls = [
"https://zlib.net/zlib-1.2.13.tar.gz",
"https://zlib.net/fossils/zlib-1.2.13.tar.gz",
],
sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30",
strip_prefix = "zlib-1.2.13",
build_file = "//build/cross_deps/zlib:BUILD.zlib.bazel",
Expand Down
16 changes: 16 additions & 0 deletions build/dockerfiles/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,22 @@ if [[ "$1" == "kong" ]]; then
if [[ "$2" == "docker-start" ]]; then
kong prepare -p "$PREFIX" "$@"

# remove all dangling sockets in $PREFIX dir before starting Kong
LOGGED_SOCKET_WARNING=0
for localfile in "$PREFIX"/*; do
if [ -S "$localfile" ]; then
if (( LOGGED_SOCKET_WARNING == 0 )); then
printf >&2 'WARN: found dangling unix sockets in the prefix directory '
printf >&2 '(%q) ' "$PREFIX"
printf >&2 'while preparing to start Kong. This may be a sign that Kong '
printf >&2 'was previously shut down uncleanly or is in an unknown state '
printf >&2 'and could require further investigation.\n'
LOGGED_SOCKET_WARNING=1
fi
rm -f "$localfile"
fi
done

ln -sfn /dev/stdout $PREFIX/logs/access.log
ln -sfn /dev/stdout $PREFIX/logs/admin_access.log
ln -sfn /dev/stderr $PREFIX/logs/error.log
Expand Down
2 changes: 2 additions & 0 deletions build/kong_bindings.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -74,5 +74,7 @@ load_bindings = repository_rule(
environ = [
"BUILD_NAME",
"INSTALL_DESTDIR",
"RPM_SIGNING_KEY_FILE",
"NFPM_RPM_PASSPHRASE",
],
)
Loading