peripli / service-broker-proxy-k8s Goto Github PK

There are some non-compatible changes in the proxy framework (mainly regarding configuration and environment loading).

The latest version of the proxy framework should be adopted by the K8S proxy.
For a reference, the CF proxy adoption may be used: Peripli/service-broker-proxy-cf#11

Could you provide README.md in chart directory or do a simlink to the README located at root.
If you don't do that the application who expose your chart such as Kubeapps or Monocular won't be able to expose it.
see https://docs.helm.sh/developing_charts/#chart-license-readme-and-notes

in file charts/service-broker-proxy-k8s/Chart.yaml
version set 0.0.0

after installation the pod reports an error fieldQuery broker_id requires right operand to be surrounded in [] and I have no idea how to fix this. e.g. by correct some misconfiguration

time="2019-10-24T07:15:45Z" level=info msg="FINISHED resync job bbcbbffc-7518-49f6-9ca3-55e16a7df4f1" component="reconcile/resyncer.go:45" correlation_id=-
time="2019-10-24T08:15:44Z" level=info msg="STARTING resync job 13471a79-f7ae-4236-8a13-e3c0550fc57f..." component="reconcile/resyncer.go:43" correlation_id=-
time="2019-10-24T08:15:44Z" level=info msg="resyncJob getting brokers from Service Manager..." component="reconcile/reconcile_brokers.go:78" correlation_id=13471a79-f7ae-4236-8a13-e3c0550fc57f
time="2019-10-24T08:15:45Z" level=info msg="resyncJob SUCCESSFULLY retrieved 0 brokers from Service Manager" component="reconcile/reconcile_brokers.go:94" correlation_id=13471a79-f7ae-4236-8a13-e3c0550fc57f
time="2019-10-24T08:15:45Z" level=info msg="resyncJob getting service offerings from Service Manager..." component="reconcile/reconcile_visibilities.go:92" correlation_id=13471a79-f7ae-4236-8a13-e3c0550fc57f
time="2019-10-24T08:15:45Z" level=error msg="an error occurred while obtaining service offerings from Service Manager: error getting service offerings from Service Manager: request GET https://service-manager.cfapps.eu10.hana.ondemand.com/v1/service_offerings?fieldQuery=broker_id+in+%28%27%27%29 failed: StatusCode: 400 Body: {\"error\":\"BadRequest\",\"description\":\"operator in for fieldQuery broker_id requires right operand to be surrounded in []\"}\n" component="reconcile/resyncer.go:72" correlation_id=13471a79-f7ae-4236-8a13-e3c0550fc57f
time="2019-10-24T08:15:45Z" level=info msg="FINISHED resync job 13471a79-f7ae-4236-8a13-e3c0550fc57f" component="reconcile/resyncer.go:45" correlation_id=-

The version in this line should be changed to "v0.2.0". There is no version "0.2.0" available for this repository.

https://github.com/Peripli/service-broker-proxy-k8s/blob/master/Gopkg.lock#L666

The proposal is not to refer "master" branch (as it can bring instabilities) but to refer a stable version. For instance version 1.10.9.

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-42836
Updating the dependency should fix the issue.

I already successfully installed this chart last week. After restarting my cluster today (hibernation), I noticed that the service-broker-proxy was in status CrashLoopBackOff. Since I found no straight-forward way to restart a pod (not sure if this is even intended in k8s), I ran helm del --purge on my broker proxy and reinstalled. Unfortunately, this didn't help. When looking at the pods immediately afterwards, it's in status Error, and then it again changes to status CrashLoopBackOff.
I tried getting logs from the pod, but the logs command returns nothing, so it seems like no logs are written.

Is there something I can do here? If you need more information, let me know! Thanks!

The service-broker-proxy is frequently crashing with error:

fatal error: concurrent map writes

we're using the v0.8.4 version of the sb-proxy

Since Kubernetes API version 1.22 rbac.authorization.k8s.io/v1beta1 API version of ClusterRole, ClusterRoleBinding, Role, and RoleBinding are removed. Therefore the corresponding resources should be migrated to rbac.authorization.k8s.io/v1. As documented here, there are no notable changes.

Hi there, currently getting
Error: looks like "https://peripli.github.io" is not a valid chart repository or cannot be reached: error converting YAML to JSON: yaml: line 138: did not find expected key
upon investigation https://peripli.github.io/index.yaml line 139 should have an additional two spaces?
Rob, UK

service-manager-proxy is using obtained broker_name directly as part of ClusterServiceBroker .metadata.name.
This could be error prone, as not all broker_name passes below regex validation

'[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'

Sample error in log (when broker name has upper case alphanumeric characters):

time="2020-09-23T21:02:45Z" level=error msg="Error during broker creation" broker_guid=5f97481e-8a2a-4f4b-b43b-2d158f230e31 broker_name=it-broker-rt-IAT-2f277b69-db54-49c2-92b9-e48a748a69e3 broker_url="https://it-broker-rt-iat.cfapps.eu20.hana.ondemand.com" component="reconcile/reconcile_brokers.go:210" correlation_id=9b4f1acc-8e84-4c87-9b0b-ee9914f99b01 error="ClusterServiceBroker.servicecatalog.k8s.io \"sm-it-broker-rt-IAT-2f277b69-db54-49c2-92b9-e48a748a69e3-5f97481e-8a2a-4f4b-b43b-2d158f230e31\" is invalid: metadata.name: Invalid value: \"sm-it-broker-rt-IAT-2f277b69-db54-49c2-92b9-e48a748a69e3-5f97481e-8a2a-4f4b-b43b-2d158f230e31\": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"

we're using the v0.8.4 version of the sb-proxy

The values.yaml in one release contains different values. This is not obvious
and ends in a lot of questions and support load.

This can be fixed very easy and helps the stakeholder a lot.

There are similar steps in the helm installatiation for the proxy and the service manager and currently they are done differently. It would be better to unify (use the same approach) on both places.

One example would be that service manager uses a configmap to setup the "application.yml" (https://github.com/Peripli/service-manager/blob/master/deployment/k8s/charts/service-manager/templates/sm02-configmap.yaml) and the location/name/format can be passed in as cmd flags (https://github.com/Peripli/service-manager/blob/master/deployment/k8s/charts/service-manager/templates/sm03-deployment.yaml#L40 ) whereas in the K8S proxy we use env variables to achieve the same thing.

As part of this issue the approach used for both helm charts should be unified.

If you want to be deployed in a K8S with PodSecurityPolicy enabled with RunAsNonRoot, you must add a securityContext in the spec of your container.
If you want I can propose a PR for That

Currently the deployment doesn't restart and changes in the secret (e.g. sm user/password) won't show any effect until the deployment is restarted manually.