Vulnerability fixes, SEMP parse bug fix, Readiness Liveness probes to work with DR and migration from assert-master to assert-leader for readiness config-sync (#125)

- Updates and upgrades of dependencies
- Fix for SEMP parsing error bug
- Liveness and Startup probes now work with DR if it is set up
- Assert-master migration to assert-leader

Author: LewisKSaint

.github/workflows/build-test.yml

@@ -46,6 +46,15 @@ jobs:
         yaml-lint -n pubsubplus/*.yaml
         helm lint pubsubplus
 
+    - name: Run Whitesource Action
+      uses: SolaceDev/[email protected]
+      with:
+        wssURL: https://saas.whitesourcesoftware.com/agent
+        apiKey: ${{ secrets.WSS_API_KEY }}
+        productName: 'pubsubplus-kubernetes-helm'
+        projectName: 'pubsubplus-kubernetes-helm'
+        configFile: 'ci/whitesource/whitesource-agent.config'
+
     - name: Setup K8s env in GKE
       run: |
         gcloud components install gke-gcloud-auth-plugin --quiet
@@ -79,7 +88,7 @@ jobs:
         helm install my-release pubsubplus --set solace.size=dev,solace.redundancy=true,solace.podDisruptionBudgetForHA=true,solace.podModifierEnabled=true,tls.enabled=true,tls.serverCertificatesSecret=test-tls,solace.usernameAdminPassword=admin,image.repository=$REPO,image.tag=$TAG
         kubectl get statefulset,svc,pods,pvc,pv --show-labels
         echo "Waiting for broker to become active"
-        sleep 40; kubectl describe nodes
+        sleep 60; kubectl describe nodes
         until kubectl get pods --show-labels | grep pubsubplus-0 | grep -m 1 -E '1/1'; do sleep 10; done
         until kubectl get pods --show-labels | grep pubsubplus-1 | grep -m 1 -E '1/1'; do sleep 10; done
         until kubectl get pods --show-labels | grep pubsubplus-2 | grep -m 1 -E '1/1'; do sleep 10; done
@@ -110,6 +119,7 @@ jobs:
         helm upgrade my-release pubsubplus --set solace.size=dev,solace.redundancy=true,solace.podDisruptionBudgetForHA=true,solace.podModifierEnabled=true,tls.enabled=true,tls.serverCertificatesSecret=test-tls,solace.usernameAdminPassword=admin,image.repository=$REPO,image.tag=$UPGRADETAG,storage.useStorageGroup=true
         kubectl get statefulset,svc,pods,pvc,pv --show-labels
         echo "Waiting for broker to become active after upgrade"
+        sleep 20; kubectl describe nodes
         statefulset_name=$(kubectl get statefulset | grep pubsubplus |  awk '{print $1}')
         until kubectl rollout status statefulset $statefulset_name -w | grep "rolling update complete"; do sleep 10; done
         until kubectl get pods --show-labels | grep pubsubplus-0 | grep -m 1 -E '1/1'; do sleep 10; done
@@ -169,7 +179,7 @@ jobs:
           git push --quiet --set-upstream origin-pages gh-pages
           popd
           echo "Updated and pushed GH pages!"
-        elif [ ${{ github.ref }} != 'refs/heads/gh-pages' ] && [ ${{ github.repository_owner }} != 'SolaceProducts' ] ; then
+        elif [ ${{ github.ref }} != 'refs/heads/gh-pages' ] && [ ${{ github.repository_owner }} != 'SolaceProducts' ] && [[ ${{ github.ref }} =~ .*"refs/heads/v".* ]] ; then
           echo "Using $TESTRUNBRANCH on ${{ github.repository_owner }}"
           git clone --quiet --branch=gh-pages https://${{ secrets.GH_TOKEN }}@github.com/${{ github.repository }} gh-pages > /dev/null 2>&1
           rm -rf gh-pages/helm-charts-openshift; mkdir -p gh-pages/helm-charts-openshift

ci/whitesource/whitesource-agent.config

@@ -0,0 +1,72 @@
+####################################################################
+# WhiteSource FS-Agent configuration file
+####################################################################
+##########################################
+# GENERAL SCAN MODE: Files and Package Managers
+##########################################
+checkPolicies=true
+updateInventory=true
+forceCheckAllDependencies=true
+forceUpdate=false
+forceUpdate.failBuildOnPolicyViolation=true
+offline=false
+forceCheckAllDependencies=true
+enableLicenseViolations=true
+#dependenciesOnly=true
+
+wss.url=https://saas.whitesourcesoftware.com/agent
+
+npm.resolveDependencies=false
+bower.resolveDependencies=false
+nuget.resolveDependencies=false
+python.resolveDependencies=false
+maven.resolveDependencies=false
+gradle.resolveDependencies = true
+paket.resolveDependencies=false
+ruby.resolveDependencies = false
+sbt.resolveDependencies=false
+html.resolveDependencies=false
+
+
+##GO Configuration
+go.resolveDependencies=false
+go.collectDependenciesAtRuntime=true
+go.modules.resolveDependencies=true
+go.modules.ignoreSourceFiles=true
+go.modules.removeDuplicateDependencies=true
+go.modules.includeTestDependencies=true
+go.modules.includeTestDependencies=true
+
+#userKey is required if WhiteSource administrator has enabled "Enforce user level access" option
+#userKey=
+
+projectName=pubsubplus-kubernetes-helm
+projectVersion=
+projectToken=
+
+productName=pubsubplus-kubernetes-helm
+productVersion=v3.3.0
+productToken=
+updateType=OVERRIDE
+#[email protected]
+
+#########################################################################################
+# Includes/Excludes Glob patterns - PLEASE USE ONLY ONE EXCLUDE LINE AND ONE INCLUDE LINE
+#########################################################################################
+includes=**/*.go **/*.yaml
+
+case.sensitive.glob=false
+followSymbolicLinks=true
+
+
+##############################################
+# SCAN MODE: Linux package manager settings
+##############################################
+scanPackageManager=false
+
+##################################
+# SCAN MODE: Docker images
+##################################
+docker.includes=**/*
+#docker.excludes=.*.*
+#docker.scanImages=true

docs/PubSubPlusK8SDeployment.md

@@ -72,6 +72,7 @@ Contents:
       - [Modification example](#modification-example)
   * [**Re-installing a Deployment**](#re-installing-a-deployment)
   * [**Deleting a Deployment**](#deleting-a-deployment)
+  * [**Backing Up and Restore**](#backing-up-and-restore)
 
 
 
@@ -501,7 +502,8 @@ helm install my-release solacecharts/pubsubplus \
 --set tls.enabled=true,tls.serverCertificatesSecret=<my-tls-secret>
 ```
 
-Important: it is not possible to update an existing deployment to enable TLS that has been created without TLS enabled, by a simply using the [modify deployment](#modifying-or-upgrading-a-deployment) procedure. In this case, for the first time, certificates need to be [manually loaded and set up](//docs.solace.com/Configuring-and-Managing/Managing-Server-Certs.htm) on each broker node. After that it is possible to use `helm upgrade` with a secret specified.
+Important: it is not possible to update an existing deployment to enable TLS that has been created without TLS enabled, by simply using the [modify deployment](#modifying-or-upgrading-a-deployment) procedure. In this case, for the first time, certificates need to be [manually loaded and set up](//docs.solace.com/Configuring-and-Managing/Managing-Server-Certs.htm) on each broker node. After that it is possible to use `helm upgrade` with a secret specified.
+It is also important to note that because the TLS/SSL configuration are not included in the global [backup](https://docs.solace.com/Admin/Restoring-Config-Files.htm), this configuration can not be restored.
 
 #### Rotating the server key
 
@@ -1051,7 +1053,12 @@ kubectl get statefulsets,services,pods,pvc,pv
 
 > Note: Helm will not clean up PVCs and related PVs. Use `kubectl delete` to delete PVCs is associated data is no longer required.
 
+## Backing Up and Restore
 
+The preferred way of backing up and restoring your deployment is by backing up and restoring the message vpns. 
+This is because of certain limitations of the system-wide backup and restore. For example TLS/SSL configuration are not included in system-wide backup hence configurations related to it will be lost.
+
+A detailed guide to perform backing up and restore of message vpns can be found [here](https://docs.solace.com/Features/VPN/Backing-Up-and-Restoring-VPNs.htm).
 
 
 

pubsubplus/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 description: Deploy Solace PubSub+ Event Broker Singleton or HA redundancy group onto a Kubernetes Cluster
 name: pubsubplus
-version: 3.2.0
-icon: https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/images/PubSubPlus.png
+version: 3.3.0
+icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png
 kubeVersion: '>= 1.10.0-0'
 maintainers:
   - name: Solace Community Forum