feat: provider stability improvements

1. fix account sequence mismatch refs akash-network/akash-api#183
2. save manifest resource version into each generated kube object
   this prevents workloads being redeployed on provider restart

- only print workload check log if there is an warning or error

Signed-off-by: Artur Troian <[email protected]>

.env

@@ -1,4 +1,4 @@
-KINDEST_VERSION=v1.24.7
+KINDEST_VERSION=v1.32.0
 GO111MODULE=on
 REDIS_VERSION=7
 ROOT_DIR=${AP_ROOT}

.github/workflows/tests.yaml

@@ -138,31 +138,32 @@ jobs:
         with:
           files: .cache/tests/coverage.txt
 
-  codegen:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Detect required Go version
-        run: |
-          toolchain=$(./script/tools.sh gotoolchain | sed 's/go*//')
-          echo "GOVERSION=${toolchain}" >> $GITHUB_ENV
-      - uses: actions/setup-go@v5
-        with:
-          go-version: "${{ env.GOVERSION }}"
-      - name: Setup direnv
-        uses: HatsuneMiku3939/direnv-action@v1
-        with:
-          masks: ''
-      - name: Run codegen
-        run: make codegen
-      - name: Ensure no files changed/added/removed
-        run: |
-          if [[ -z "$(git status --short)" ]]; then
-              git status
-              exit 1
-          fi
+# todo refactor this test
+#  codegen:
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v4
+#        with:
+#          fetch-depth: 0
+#      - name: Detect required Go version
+#        run: |
+#          toolchain=$(./script/tools.sh gotoolchain | sed 's/go*//')
+#          echo "GOVERSION=${toolchain}" >> $GITHUB_ENV
+#      - uses: actions/setup-go@v5
+#        with:
+#          go-version: "${{ env.GOVERSION }}"
+#      - name: Setup direnv
+#        uses: HatsuneMiku3939/direnv-action@v1
+#        with:
+#          masks: ''
+#      - name: Run codegen
+#        run: make codegen
+#      - name: Ensure no files changed/added/removed
+#        run: |
+#          if [[ -z "$(git status --porcelain --untracked-files=yes)" ]]; then
+#              git status
+#              exit 1
+#          fi
 
   yamlcheck:
     runs-on: ubuntu-latest

.gitignore

@@ -22,6 +22,8 @@ dist
 .idea/
 *.iml
 .vscode
+*.code-workspace
+
 coverage.txt
 
 go.work

_run/common-kind.mk

@@ -2,7 +2,9 @@
 # KinD, it's fine to use other names locally, however in GH container name 
 # is configured by engineerd/setup-kind. `kind-control-plane` is the docker
 # image's name in GH Actions.
-export KIND_NAME ?= $(shell basename $$PWD)
+KIND_NAME ?= $(shell basename $$PWD)
+
+export KIND_NAME
 
 ifeq (, $(KINDEST_VERSION))
 $(error "KINDEST_VERSION is not set")

_run/metallb.yaml

@@ -5,87 +5,87 @@ metadata:
   labels:
     app: metallb
 
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: controller
-  namespace: metallb-system
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    ranges:
-      - max: 65535
-        min: 1
-    rule: MustRunAs
-  hostIPC: false
-  hostNetwork: false
-  hostPID: false
-  privileged: false
-  readOnlyRootFilesystem: true
-  requiredDropCapabilities:
-    - ALL
-  runAsUser:
-    ranges:
-      - max: 65535
-        min: 1
-    rule: MustRunAs
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    ranges:
-      - max: 65535
-        min: 1
-    rule: MustRunAs
-  volumes:
-    - configMap
-    - secret
-    - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: speaker
-  namespace: metallb-system
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities:
-    - NET_RAW
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    rule: RunAsAny
-  hostIPC: false
-  hostNetwork: true
-  hostPID: false
-  hostPorts:
-    - max: 7472
-      min: 7472
-    - max: 7946
-      min: 7946
-  privileged: true
-  readOnlyRootFilesystem: true
-  requiredDropCapabilities:
-    - ALL
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-    - configMap
-    - secret
-    - emptyDir
+#---
+#apiVersion: policy/v1beta1
+#kind: PodSecurityPolicy
+#metadata:
+#  labels:
+#    app: metallb
+#  name: controller
+#  namespace: metallb-system
+#spec:
+#  allowPrivilegeEscalation: false
+#  allowedCapabilities: []
+#  allowedHostPaths: []
+#  defaultAddCapabilities: []
+#  defaultAllowPrivilegeEscalation: false
+#  fsGroup:
+#    ranges:
+#      - max: 65535
+#        min: 1
+#    rule: MustRunAs
+#  hostIPC: false
+#  hostNetwork: false
+#  hostPID: false
+#  privileged: false
+#  readOnlyRootFilesystem: true
+#  requiredDropCapabilities:
+#    - ALL
+#  runAsUser:
+#    ranges:
+#      - max: 65535
+#        min: 1
+#    rule: MustRunAs
+#  seLinux:
+#    rule: RunAsAny
+#  supplementalGroups:
+#    ranges:
+#      - max: 65535
+#        min: 1
+#    rule: MustRunAs
+#  volumes:
+#    - configMap
+#    - secret
+#    - emptyDir
+#---
+#apiVersion: policy/v1beta1
+#kind: PodSecurityPolicy
+#metadata:
+#  labels:
+#    app: metallb
+#  name: speaker
+#  namespace: metallb-system
+#spec:
+#  allowPrivilegeEscalation: false
+#  allowedCapabilities:
+#    - NET_RAW
+#  allowedHostPaths: []
+#  defaultAddCapabilities: []
+#  defaultAllowPrivilegeEscalation: false
+#  fsGroup:
+#    rule: RunAsAny
+#  hostIPC: false
+#  hostNetwork: true
+#  hostPID: false
+#  hostPorts:
+#    - max: 7472
+#      min: 7472
+#    - max: 7946
+#      min: 7946
+#  privileged: true
+#  readOnlyRootFilesystem: true
+#  requiredDropCapabilities:
+#    - ALL
+#  runAsUser:
+#    rule: RunAsAny
+#  seLinux:
+#    rule: RunAsAny
+#  supplementalGroups:
+#    rule: RunAsAny
+#  volumes:
+#    - configMap
+#    - secret
+#    - emptyDir
 ---
 apiVersion: v1
 kind: ServiceAccount

balance_checker.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/boz/go-lifecycle"
 	sdk "github.com/cosmos/cosmos-sdk/types"
-	btypes "github.com/cosmos/cosmos-sdk/x/bank/types"
 	"github.com/tendermint/tendermint/libs/log"
 	tmrpc "github.com/tendermint/tendermint/rpc/core/types"
 
@@ -53,7 +52,6 @@ type balanceChecker struct {
 	lc      lifecycle.Lifecycle
 	bus     pubsub.Bus
 	ownAddr sdk.AccAddress
-	bqc     btypes.QueryClient
 	aqc     aclient.QueryClient
 	leases  map[mtypes.LeaseID]*leaseState
 	cfg     BalanceCheckerConfig
@@ -66,13 +64,14 @@ type leaseCheckResponse struct {
 	err        error
 }
 
-func newBalanceChecker(ctx context.Context,
-	bqc btypes.QueryClient,
+func newBalanceChecker(
+	ctx context.Context,
 	aqc aclient.QueryClient,
 	accAddr sdk.AccAddress,
 	clientSession session.Session,
 	bus pubsub.Bus,
-	cfg BalanceCheckerConfig) (*balanceChecker, error) {
+	cfg BalanceCheckerConfig,
+) (*balanceChecker, error) {
 
 	bc := &balanceChecker{
 		ctx:     ctx,
@@ -81,7 +80,6 @@ func newBalanceChecker(ctx context.Context,
 		bus:     bus,
 		lc:      lifecycle.New(),
 		ownAddr: accAddr,
-		bqc:     bqc,
 		aqc:     aqc,
 		leases:  make(map[mtypes.LeaseID]*leaseState),
 		cfg:     cfg,

cluster/inventory.go

@@ -655,13 +655,11 @@ loop:
 			// readjust inventory accordingly with pending leases
 			for _, r := range state.reservations {
 				if !r.allocated {
-					// FIXME check is call for Adjust actually needed to be here
 					if err := state.inventory.Adjust(r); err != nil {
 						is.log.Error("adjust inventory for pending reservation", "error", err.Error())
 					}
 				}
 			}
-			// updateInventory(inv)
 		case run := <-runch:
 			runch = nil
 			t.Reset(5 * time.Second)