Updated eks-distro-minimal-base image (#527)

Xray SamplingRate changes

Add service instance port to Cloud Map Service Discovery (#490)

Volume injection support (#488)

Introduce config variables for samplingRate & statsSocketPath (#512)

Use xray daemon from ecr public repo instead of dockerhub

Updated proxy-route-manager to v4-prod

Updated Dockerfile to support multi-arch
Updated Makefile to use docker buildx

Updated go version

Updated spire agent and server to 0.12.0 to be compatible with envoy v1.19.x

Dockerfile changes to support ARM

Bump Envoy image version to v1.20.0.1-prod (#538)

Co-authored-by: Shailesh Gupta <[email protected]>

Update Chart and App version for new patch release

Author: cgchinmay

Dockerfile

@@ -1,5 +1,7 @@
+# syntax=docker/dockerfile:experimental
+
 # Build the controller binary
-FROM golang:1.14 as builder
+FROM --platform=${TARGETPLATFORM} golang:1.16 as builder
 
 WORKDIR /workspace
 
@@ -8,16 +10,19 @@ COPY . ./
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
 
+ARG TARGETOS
+ARG TARGETARCH
+
 # Build
 ENV VERSION_PKG=github.com/aws/aws-app-mesh-controller-for-k8s/pkg/version
 RUN GIT_VERSION=$(git describe --tags --dirty --always) && \
     GIT_COMMIT=$(git rev-parse HEAD) && \
     BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) && \
-    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build \
     -ldflags="-X ${VERSION_PKG}.GitVersion=${GIT_VERSION} -X ${VERSION_PKG}.GitCommit=${GIT_COMMIT} -X ${VERSION_PKG}.BuildDate=${BUILD_DATE}" -a -o controller main.go
 
 # Build the container image
-FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base:2021-08-22-1629654770
+FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base:2021-10-19-1634675452
 
 WORKDIR /
 COPY --from=builder /workspace/controller .

Makefile

@@ -77,8 +77,10 @@ generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 # Build the docker image
+# Requires buildx to be installed: https://docs.docker.com/buildx/working-with-buildx/
+# By default the TARGETPLATFORM is set to linux/amd64, change the value if you are building for linux/arm64
 docker-build: check-env test
-	docker build . -t $(IMAGE)
+	docker buildx build --platform linux/amd64 -t $(IMAGE) . --load
 
 docker-push: check-env
 	docker push $(IMAGE)
@@ -132,7 +134,7 @@ endif
 check-env:
 	@:$(call check_var, AWS_ACCOUNT, AWS account ID for publishing docker images)
 	@:$(call check_var, AWS_REGION, AWS region for publishing docker images)
-
+	
 check_var = \
     $(strip $(foreach 1,$1, \
         $(call __check_var,$1,$(strip $(value 2)))))

config/helm/appmesh-controller/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: appmesh-controller
 description: App Mesh controller Helm chart for Kubernetes
-version: 1.4.1
-appVersion: 1.4.1
+version: 1.4.4
+appVersion: 1.4.2
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

config/helm/appmesh-controller/README.md

@@ -94,7 +94,7 @@ Make sure that the Envoy proxies have the following IAM policies attached for th
 
 There are **2 ways** you can attach the above policy to the Envoy Pod  
 #### With IRSA     
-Download the Envoy IAM polocy  
+Download the Envoy IAM policy
 ```
 curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
 ```
@@ -379,16 +379,18 @@ Parameter | Description | Default
 `init.image.tag` | Route manager image tag | `<VERSION>`
 `stats.tagsEnabled` |  If `true`, Envoy should include app-mesh tags | `false`
 `stats.statsdEnabled` |  If `true`, Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 | `false`
-`stats.statsdAddress` |  DogStatsD daemon IP address | `127.0.0.1`
-`stats.statsdPort` |  DogStatsD daemon port | `8125`
+`stats.statsdAddress` |  DogStatsD daemon IP address. This will be overridden if `stats.statsdSocketPath` is specified | `127.0.0.1`
+`stats.statsdPort` |  DogStatsD daemon port. This will be overridden if `stats.statsdSocketPath` is specified | `8125`
+`stats.statsdSocketPath` | DogStatsD Unix domain socket path. If statsd is enabled but this value is not specified then we will use combination of <statsAddress:statsPort> as the default | None
 `cloudMapCustomHealthCheck.enabled` |  If `true`, CustomHealthCheck will be enabled for CloudMap Services | `false`
 `cloudMapDNS.ttl` |  Sets CloudMap DNS TTL | `300`
 `tracing.enabled` |  If `true`, Envoy will be configured with tracing | `false`
 `tracing.provider` |  The tracing provider can be x-ray, jaeger or datadog | `x-ray`
 `tracing.address` |  Jaeger or Datadog agent server address (ignored for X-Ray) | `appmesh-jaeger.appmesh-system`
 `tracing.port` |  Jaeger or Datadog agent port (ignored for X-Ray) | `9411`
+`tracing.samplingRate` | X-Ray tracer sampling rate. Value can be a decimal number between 0 and 1.00 (100%)  | `0.05`
 `enableCertManager` |  Enable Cert-Manager | `false`
-`xray.image.repository` | X-Ray image repository | `amazon/aws-xray-daemon`
+`xray.image.repository` | X-Ray image repository | `public.ecr.aws/xray/aws-xray-daemon`
 `xray.image.tag` | X-Ray image tag | `latest`
 `accountId` | AWS Account ID for the Kubernetes cluster | None
 `env` |  environment variables to be injected into the appmesh-controller pod | `{}`

config/helm/appmesh-controller/templates/deployment.yaml

@@ -81,11 +81,13 @@ spec:
         - --enable-statsd=true
         - --statsd-address={{ .Values.stats.statsdAddress }}
         - --statsd-port={{ .Values.stats.statsdPort }}
+        - --statsd-socket-path={{ .Values.stats.statsdSocketPath }}
         {{- end }}
         {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }}
         - --enable-xray-tracing=true
         - --xray-image={{ .Values.xray.image.repository}}:{{ .Values.xray.image.tag }}
         - --xray-daemon-port={{ .Values.tracing.port }}
+        - --xray-sampling-rate={{ .Values.tracing.samplingRate }}
         {{- end }}
         {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }}
         - --enable-jaeger-tracing=true

config/helm/appmesh-controller/test.yaml

@@ -9,13 +9,13 @@ preview: false
 
 image:
   repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller
-  tag: v1.4.1
+  tag: v1.4.2
   pullPolicy: IfNotPresent
 
 sidecar:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy
-    tag: v1.16.1.1-prod
+    tag: v1.20.0.1-prod
     # sidecar.logLevel: Envoy log level can be info, warn, error or debug
   logLevel: info
   envoyAdminAccessPort: 9901
@@ -39,11 +39,11 @@ sidecar:
 init:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager
-    tag: v3-prod
+    tag: v4-prod
 
 xray:
   image:
-    repository: amazon/aws-xray-daemon
+    repository: public.ecr.aws/xray/aws-xray-daemon
     tag: latest
 
 nameOverride: ""
@@ -120,8 +120,10 @@ tracing:
   provider: x-ray
   # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray)
   address: appmesh-jaeger.appmesh-system
-  # tracing.port: Jaeger or Datadog agent server port
+  # tracing.port: X-Ray, Jaeger or Datadog agent server port
   port: 2000
+  # tracing.samplingRate: X-Ray tracer sampling rate
+  samplingRate: 0.05
 
 stats:
   # stats.tagsEnabled: `true` if Envoy should include app-mesh tags
@@ -132,6 +134,8 @@ stats:
   statsdAddress: 127.0.0.1
   #stats.statsdPort: DogStatsD daemon port
   statsdPort: 8125
+  #stats.statsdSocketPath: DogStatsD unix domain socket path
+  statsdSocketPath: ""
 
 # Enable cert-manager
 enableCertManager: false

config/helm/appmesh-controller/values.yaml

@@ -9,13 +9,13 @@ preview: false
 
 image:
   repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller
-  tag: v1.4.1
+  tag: v1.4.2
   pullPolicy: IfNotPresent
 
 sidecar:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy
-    tag: v1.16.1.1-prod
+    tag: v1.20.0.1-prod
     # sidecar.logLevel: Envoy log level can be info, warn, error or debug
   logLevel: info
   envoyAdminAccessPort: 9901
@@ -39,11 +39,11 @@ sidecar:
 init:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager
-    tag: v3-prod
+    tag: v4-prod
 
 xray:
   image:
-    repository: amazon/aws-xray-daemon
+    repository: public.ecr.aws/xray/aws-xray-daemon
     tag: latest
 
 nameOverride: ""
@@ -106,8 +106,10 @@ tracing:
   provider: x-ray
   # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray)
   address: appmesh-jaeger.appmesh-system
-  # tracing.port: Jaeger or Datadog agent server port
+  # tracing.port: X-Ray, Jaeger or Datadog agent server port
   port: 2000
+  # tracing.samplingRate: X-Ray tracer sampling rate
+  samplingRate: 0.05
 
 stats:
   # stats.tagsEnabled: `true` if Envoy should include app-mesh tags
@@ -118,6 +120,8 @@ stats:
   statsdAddress: 127.0.0.1
   #stats.statsdPort: DogStatsD daemon port
   statsdPort: 8125
+  #stats.statsdSocketPath: DogStatsD unix domain socket path
+  statsdSocketPath: ""
 
 # Enable cert-manager
 enableCertManager: false

docs/guide/tracing.md

@@ -13,8 +13,8 @@ AppMesh controller supports integration with multiple tracing solutions for data
 
     You can optionally use a specific X-Ray image by setting the following flags in addition to the above:
     ```sh
-        --set xray.image.repository=amazon/aws-xray-daemon \
-        --set xray.image.tag=3.2.0
+        --set xray.image.repository=public.ecr.aws/xray/aws-xray-daemon \
+        --set xray.image.tag=3.3.3
     ```
 
 **Note**: You should restart all pods running inside the mesh after enabling tracing.

go.mod

@@ -1,6 +1,6 @@
 module github.com/aws/aws-app-mesh-controller-for-k8s
 
-go 1.13
+go 1.16
 
 require (
 	github.com/aws/aws-sdk-go v1.38.59