feat: add aks ci, action yml and some fixes (#13)

* feat: add aks ci and some fixes

* ci: add Action to run AKS CI

* fix: check events in ns

.devcontainer/Dockerfile

@@ -1,6 +1,6 @@
 # This is a dockerfile specifically for running as a devcontainer
 FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-fips-cbl-mariner2.0
-RUN tdnf update -y && tdnf install make -y && tdnf install git -y && tdnf install gawk -y
+RUN tdnf update -y && tdnf install make -y && tdnf install git -y && tdnf install gawk -y && tdnf install jq -y
 
 RUN go install github.com/cweill/gotests/gotests@latest && \
     go install github.com/fatih/gomodifytags@latest && \

.github/workflows/release.yml

@@ -1,4 +1,4 @@
-name: Release Docker Image
+name: Release
 
 on:
   push:
@@ -49,3 +49,23 @@ jobs:
         if: ${{ success() }}
         run: |
           docker push ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ steps.get_image_tag.outputs.docker_tag }}
+
+  ci:
+    name: Run AKS CI
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # This is required for requesting the JWT from AAD.
+    env:
+      TAG: ${{ steps.publish.outputs.get_image_tag.outputs.docker_tag }}
+    steps:
+      - name: 'Az CLI login'
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: 'Make'
+        run: |
+          PEERD_IMAGE_TAG=${{ env.TAG }} make tests-ci-aks

README.md

@@ -2,9 +2,10 @@
 
 [![Build Status]][build-status]
 [![Kind CI Status]][kind-ci-status]
-[![Docker Release CI]][release-ci]
+[![Release CI]][release-ci]
 [![CodeQL]][code-ql]
 [![Go Report Card]][go-report-card]
+[![Scorecard supply-chain security]][scorecard-supply-chain-security]
 
 ![cluster-ops]
 
@@ -264,7 +265,7 @@ integration with [Overlaybd].
 [build-status]: https://github.com/azure/peerd/actions/workflows/build.yml
 [Kind CI Status]: https://github.com/azure/peerd/actions/workflows/kind.yml/badge.svg
 [kind-ci-status]: https://github.com/azure/peerd/actions/workflows/kind.yml
-[Docker Release CI]: https://github.com/azure/peerd/actions/workflows/release.yml/badge.svg
+[Release CI]: https://github.com/azure/peerd/actions/workflows/release.yml/badge.svg
 [release-ci]: https://github.com/azure/peerd/actions/workflows/release.yml
 [Code Coverage]: https://img.shields.io/badge/coverage-54.9%25-orange
 [node-arch]: ./assets/images/http-flow.png
@@ -288,3 +289,5 @@ integration with [Overlaybd].
 [white paper]: https://pdos.csail.mit.edu/~petar/papers/maymounkov-kademlia-lncs.pdf
 [design-doc]: ./docs/design.md
 [cluster-ops]: ./assets/images//cluster-ops.gif
+[Scorecard supply-chain security]: https://github.com/Azure/peerd/actions/workflows/scorecard.yml/badge.svg
+[scorecard-supply-chain-security]: https://github.com/Azure/peerd/actions/workflows/scorecard.yml

build/ci/k8s/azure-cli.yml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: azure-cli-daemonset
+  namespace: peerd-ns
+spec:
+  selector:
+    matchLabels:
+      app: peerd-test
+  template:
+    metadata:
+      labels:
+        app: peerd-test
+    spec:
+      initContainers:
+        - name: sleep
+          image: busybox
+          command: ["sh", "-c", "sleep $(shuf -i 1-10 -n 1)"]
+      containers:
+        - name: azure-cli
+          image: mcr.microsoft.com/azure-cli:latest
+          imagePullPolicy: Always

build/ci/scripts/kind.sh

@@ -180,10 +180,10 @@ wait_for_events() {
         for pod in $( echo "$pods" | tr -s " " "\012" ); do
             echo "checking pod '$pod' for event '$event'"
 
-            foundEvent=$(kubectl --context=$context get events --field-selector involvedObject.kind=Pod,involvedObject.name=$pod -o json | jq -r ".items[] | select(.reason == \"$event\")")
+            foundEvent=$(kubectl --context=$context -n $ns get events --field-selector involvedObject.kind=Pod,involvedObject.name=$pod -o json | jq -r ".items[] | select(.reason == \"$event\")")
             [[ "$foundEvent" == "" ]] && echo "Event '$event' not found for pod '$pod'" || found=$((found+1))
 
-            errorEvent=$(kubectl --context=$context get events --field-selector involvedObject.kind=Pod,involvedObject.name=$pod -o json | jq -r '.items[] | select(.reason == "P2PDisconnected" or .resosn == "P2PFailed")')
+            errorEvent=$(kubectl --context=$context -n $ns get events --field-selector involvedObject.kind=Pod,involvedObject.name=$pod -o json | jq -r '.items[] | select(.reason == "P2PDisconnected" or .resosn == "P2PFailed")')
             [[ "$errorEvent" == "" ]] || (echo "Error event found for pod '$pod': $errorEvent" && exit 1)
         done
 

internal/context/context.go

@@ -61,7 +61,7 @@ var (
 	NodeName, _ = os.Hostname()
 	Namespace   = "peerd-ns"
 
-	// KubeConfigPath is the path of the kubeconfig file, which is used if run in an environment outside a pod.
+	// KubeConfigPath is the path of the kubeconfig file.
 	KubeConfigPath = "/opt/peerd/kubeconfig"
 )
 

internal/k8s/events/events.go

@@ -54,21 +54,22 @@ func NewRecorder(ctx context.Context) (EventRecorder, error) {
 		objRef = &v1.ObjectReference{
 			Kind:       "Pod",
 			Name:       pod.Name,
+			Namespace:  pod.Namespace,
 			UID:        pod.UID,
 			APIVersion: pod.APIVersion,
 		}
 	}
 
 	broadcaster := record.NewBroadcaster()
 	broadcaster.StartStructuredLogging(4)
-	broadcaster.StartRecordingToSink(&typedv1core.EventSinkImpl{Interface: clientset.CoreV1().Events("")})
+	broadcaster.StartRecordingToSink(&typedv1core.EventSinkImpl{Interface: clientset.CoreV1().Events(p2pcontext.Namespace)})
 
 	return &eventRecorder{
 		recorder: broadcaster.NewRecorder(
 			scheme.Scheme,
 			v1.EventSource{},
 		),
-		nodeRef: objRef,
+		objRef: objRef,
 	}, nil
 }
 
@@ -89,32 +90,32 @@ func FromContext(ctx context.Context) EventRecorder {
 
 type eventRecorder struct {
 	recorder record.EventRecorder
-	nodeRef  *v1.ObjectReference
+	objRef   *v1.ObjectReference
 }
 
-// Active should be called to indicate that the node is active in the cluster.
+// Active should be called to indicate that the instance is active in the cluster.
 func (er *eventRecorder) Active() {
-	er.recorder.Eventf(er.nodeRef, v1.EventTypeNormal, "P2PActive", "P2P proxy is active on node %s", er.nodeRef.Name)
+	er.recorder.Eventf(er.objRef, v1.EventTypeNormal, "P2PActive", "P2P proxy is active on instance %s", er.objRef.Name)
 }
 
-// Connected should be called to indicate that the node is connected to the cluster.
+// Connected should be called to indicate that the instance is connected to the cluster.
 func (er *eventRecorder) Connected() {
-	er.recorder.Eventf(er.nodeRef, v1.EventTypeNormal, "P2PConnected", "P2P proxy is connected to cluster on node %s", er.nodeRef.Name)
+	er.recorder.Eventf(er.objRef, v1.EventTypeNormal, "P2PConnected", "P2P proxy is connected to cluster on instance %s", er.objRef.Name)
 }
 
-// Disconnected should be called to indicate that the node is disconnected from the cluster.
+// Disconnected should be called to indicate that the instance is disconnected from the cluster.
 func (er *eventRecorder) Disconnected() {
-	er.recorder.Eventf(er.nodeRef, v1.EventTypeWarning, "P2PDisconnected", "P2P proxy is disconnected from cluster on node %s", er.nodeRef.Name)
+	er.recorder.Eventf(er.objRef, v1.EventTypeWarning, "P2PDisconnected", "P2P proxy is disconnected from cluster on instance %s", er.objRef.Name)
 }
 
-// Failed should be called to indicate that the node has failed.
+// Failed should be called to indicate that the instance has failed.
 func (er *eventRecorder) Failed() {
-	er.recorder.Eventf(er.nodeRef, v1.EventTypeWarning, "P2PFailed", "P2P proxy failed on node %s", er.nodeRef.Name)
+	er.recorder.Eventf(er.objRef, v1.EventTypeWarning, "P2PFailed", "P2P proxy failed on instance %s", er.objRef.Name)
 }
 
-// Initializing should be called to indicate that the node is initializing.
+// Initializing should be called to indicate that the instance is initializing.
 func (er *eventRecorder) Initializing() {
-	er.recorder.Eventf(er.nodeRef, v1.EventTypeNormal, "P2PInitializing", "P2P proxy is initializing on node %s", er.nodeRef.Name)
+	er.recorder.Eventf(er.objRef, v1.EventTypeNormal, "P2PInitializing", "P2P proxy is initializing on instance %s", er.objRef.Name)
 }
 
 var _ EventRecorder = &eventRecorder{}

internal/k8s/events/events_test.go

@@ -14,7 +14,7 @@ import (
 func TestExpectedEvents(t *testing.T) {
 	er := &eventRecorder{
 		recorder: &testRecorder{t},
-		nodeRef: &v1.ObjectReference{
+		objRef: &v1.ObjectReference{
 			Kind:       "Node",
 			Name:       "node-name",
 			UID:        "node.UID",
@@ -32,7 +32,7 @@ func TestExpectedEvents(t *testing.T) {
 func TestFromContext(t *testing.T) {
 	er := &eventRecorder{
 		recorder: &testRecorder{t},
-		nodeRef: &v1.ObjectReference{
+		objRef: &v1.ObjectReference{
 			Kind:       "Node",
 			Name:       "node-name",
 			UID:        "node.UID",

internal/metrics/memory.go

@@ -12,7 +12,7 @@ import (
 
 var (
 	// Path is the default path to write metrics.
-	Path = "/var/log/p2pmetrics"
+	Path = "/var/log/peerdmetrics"
 
 	// ReportInterval is the interval to report metrics.
 	ReportInterval = 3 * time.Minute

internal/routing/router.go

@@ -210,7 +210,7 @@ func (r *router) Resolve(ctx context.Context, key string, allowSelf bool, count
 
 // Advertise advertises the given keys to the network.
 func (r *router) Advertise(ctx context.Context, keys []string) error {
-	zerolog.Ctx(ctx).Debug().Str("host", r.host.ID().String()).Strs("keys", keys).Msg("advertising keys")
+	zerolog.Ctx(ctx).Trace().Str("host", r.host.ID().String()).Strs("keys", keys).Msg("advertising keys")
 	for _, key := range keys {
 		c, err := createCid(key)
 		if err != nil {