Merge branch 'main' into merge_doc

clusterlink-net · Jun 17, 2024 · 7e94ecf · 7e94ecf
2 parents 9f8ca88 + f034f98
commit 7e94ecf
Show file tree

Hide file tree

Showing 239 changed files with 5,409 additions and 8,148 deletions.
diff --git a/.devcontainer/dev/post-create.sh b/.devcontainer/dev/post-create.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2023 The ClusterLink Authors.
+# Copyright (c) The ClusterLink Authors.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

diff --git a/.devcontainer/website/post-create.sh b/.devcontainer/website/post-create.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2023 The ClusterLink Authors.
+# Copyright (c) The ClusterLink Authors.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -32,10 +32,6 @@ updates:
     directory: "cmd/cl-go-dataplane"
     schedule:
       interval: "monthly"
-  - package-ecosystem: "docker"
-    directory: "cmd/gwctl"
-    schedule:
-      interval: "monthly"
   - package-ecosystem: "docker"
     directory: "cmd/cl-dataplane"
     schedule:

diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
@@ -7,11 +7,12 @@ on:
 
 jobs:
   broken-link-checker:
+    if: github.repository_owner == 'clusterlink-net' # do not run on forks
     name: Check broken links
     runs-on: ubuntu-latest
     steps:
     - name: Check
       uses: ruzickap/action-my-broken-link-checker@v2
       with:
         url: https://clusterlink.net
-        cmd_params: '--buffer-size=65536 --max-connections=16 --rate-limit=16 --timeout=20'  # muffet parameters
+        cmd_params: '--buffer-size=65536 --max-connections=2 --rate-limit=4 --timeout=20'  # muffet parameters
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
@@ -19,7 +19,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version-file: ./go.mod
       - name: Setup goimports
         run: go install golang.org/x/tools/cmd/[email protected]
       - name: Check go.mod and go.sum
@@ -31,27 +31,24 @@ jobs:
       - name: Run vet check
         run: go vet ./...
       - name: Run linters
-        uses: golangci/golangci-lint-action@v5
+        uses: golangci/golangci-lint-action@v6
         with:
           version: v1.54.2
           skip-pkg-cache: true
 
   unit-tests:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go: ['1.22']  
     steps:
-    - name: set up go 1.x
-      uses: actions/setup-go@v5
-      with:
-        go-version: ${{ matrix.go }}
-    - name: setup tparse
-      run:  go install github.com/mfridman/tparse@latest
     - name: checkout
       uses: actions/checkout@v4
       with:
         fetch-tags: true
+    - name: set up go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: ./go.mod
+    - name: setup tparse
+      run:  go install github.com/mfridman/tparse@latest
     - name: run build
       run: make build
     - name: run unit tests

diff --git a/.github/workflows/pr-e2e-test.yml b/.github/workflows/pr-e2e-test.yml
@@ -8,9 +8,6 @@ on:
 jobs:
   e2e-connectivity-test:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go: ['1.22']
 
     steps:
     - name: checkout
@@ -20,7 +17,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ matrix.go }}
+        go-version-file: ./go.mod
     - name: Install kind
       uses: helm/[email protected]
       with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -48,7 +48,9 @@ jobs:
         tag: ${{ github.ref }}
         overwrite: true
         file_glob: true
-    - name: Upload script
+    - name: Update script installation version
+      run: sed -i "s/VERSION=\"latest\"/VERSION=\"${{ github.ref_name }}\"/" hack/install_clusterlink.sh
+    - name: Upload script installation
       uses: svenstaro/upload-release-action@v2
       with:
         repo_token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.golangci.yaml b/.golangci.yaml
@@ -46,7 +46,7 @@ linters:
     - nakedret
     - nestif
     - nilerr
-    # - nilnil
+    - nilnil
     # - noctx
     - nolintlint
     - nonamedreturns

diff --git a/.licenserc.yaml b/.licenserc.yaml
@@ -2,10 +2,9 @@ header:
   license:
     spdx-id: Apache-2.0
     copyright-owner: Apache Software Foundation
-    copyright-year: "2023"
     software-name: ClusterLink
     content: |
-      Copyright 2023 The ClusterLink Authors.
+      Copyright (c) The ClusterLink Authors.
       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

diff --git a/LICENSE b/LICENSE
@@ -1,3 +1,17 @@
+Copyright 2022-present The ClusterLink Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use these files except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
@@ -172,30 +186,3 @@
       defend, and hold each Contributor harmless for any liability
       incurred by, or claims asserted against, such Contributor by reason
       of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/Makefile b/Makefile
@@ -116,7 +116,6 @@ codegen: controller-gen  ## Generate ClusterRole, CRDs and DeepCopyObject.
 
 cli-build:
 	@echo "Start go build phase"
-	$(GO) build -o $(BIN_DIR)/gwctl $(LD_FLAGS) ./cmd/gwctl
 	$(GO) build -o $(BIN_DIR)/clusterlink $(LD_FLAGS) ./cmd/clusterlink
 
 build: cli-build
@@ -129,19 +128,16 @@ docker-build: build
 	docker build --platform $(PLATFORMS) --progress=plain --rm --tag cl-controlplane -f ./cmd/cl-controlplane/Dockerfile .
 	docker build --platform $(PLATFORMS) --progress=plain --rm --tag cl-dataplane -f ./cmd/cl-dataplane/Dockerfile .
 	docker build --platform $(PLATFORMS) --progress=plain --rm --tag cl-go-dataplane -f ./cmd/cl-go-dataplane/Dockerfile .
-	docker build --platform $(PLATFORMS) --progress=plain --rm --tag gwctl -f ./cmd/gwctl/Dockerfile .
 	docker build --platform $(PLATFORMS) --progress=plain --rm --tag cl-operator -f ./cmd/cl-operator/Dockerfile .
 
 push-image: build
 	docker buildx build --platform $(PLATFORMS) --progress=plain --rm --tag $(IMAGE_BASE)/cl-controlplane:$(IMAGE_VERSION) --push -f ./cmd/cl-controlplane/Dockerfile .
 	docker buildx build --platform $(PLATFORMS) --progress=plain --rm --tag $(IMAGE_BASE)/cl-go-dataplane:$(IMAGE_VERSION) --push  -f ./cmd/cl-go-dataplane/Dockerfile .
 	docker buildx build --platform $(PLATFORMS) --progress=plain --rm --tag $(IMAGE_BASE)/cl-dataplane:$(IMAGE_VERSION) --push  -f ./cmd/cl-dataplane/Dockerfile .
 	docker buildx build --platform $(PLATFORMS) --progress=plain --rm --tag $(IMAGE_BASE)/cl-operator:$(IMAGE_VERSION) --push -f ./cmd/cl-operator/Dockerfile .
-	docker buildx build --platform $(PLATFORMS) --progress=plain --rm --tag $(IMAGE_BASE)/gwctl:$(IMAGE_VERSION) --push -f ./cmd/gwctl/Dockerfile .
 
 install:
 	mkdir -p ~/.local/bin
-	cp ./bin/gwctl ~/.local/bin/
 	cp ./bin/clusterlink ~/.local/bin/
 
 clean-tests:

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,51 @@
+# Security policy
+
+Thank you for your interest in the security of the ClusterLink project.
+ We created this project with security in mind - enabling simple, performant
+ **and** secure communication across boundaries in the hybrid cloud.
+
+We are in the **alpha** phase of this project and do not yet recommend using
+ ClusterLink in production. However, we would welcome your contributions to the
+ code base and/or documentation including pointing out potential security issues
+ so that collectively we can create a solid, robust solution that continuously
+ improves.
+
+## Security bulletins
+
+For information regarding the security of this project please join the
+ [users mailing list][].
+
+## Reporting a vulnerability
+
+We're extremely grateful for security researchers and users that report
+ vulnerabilities to the ClusterLink Open Source Community. All reports
+ are thoroughly investigated by a set of community volunteers.
+
+We use [GitHub private vulnerability reporting][] for ClusterLink. Private vulnerability
+ reporting provides an easy way for vulnerability reporters to privately disclose
+ security risks to repository maintainers, within GitHub, and in a way that immediately
+ notifies the repository maintainers of the issue.
+
+You will receive a reply from one of the maintainers within a week, acknowledging receipt
+ of the vulnerability report. You may be contacted to discuss the reported item further.
+ Please bear with us as we seek to understand the breadth and scope of the reported
+ problem, recreate it, and confirm if there is a vulnerability present.
+
+### When Should I Report a Vulnerability?
+
+- You think you discovered a potential security vulnerability in ClusterLink
+ components or features
+- You are unsure how a vulnerability affects ClusterLink
+- You think you discovered a vulnerability in another project that ClusterLink
+ depends on. For projects with their own vulnerability reporting and disclosure
+ process, please report the vulnerability directly there.
+
+### When Should I NOT Report a Vulnerability?
+
+- You need help tuning ClusterLink components for security (e.g., advice and help
+ on setting access control policies for specific use cases)
+- You need help applying security related updates
+- Your issue is not security related
+
+[users mailing list]: https://groups.google.com/g/clusterlink-users
+[GitHub private vulnerability reporting]: https://github.com/clusterlink-net/clusterlink/security/advisories/new
diff --git a/cmd/cl-controlplane/Dockerfile b/cmd/cl-controlplane/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 # Populated during the build process, for example, with 'arm64' or 'amd64'.
 ARG TARGETARCH