Upgrade K8s libraries to v0.26.4 (#4935)

* k8s.io/apimachinery/pkg/util/sets.String was deprecated, and replaced with
  sets.Set[string]. sets.String.List() was replaced with sets.List(sets.Set[string]).
  Similar changes happened on sets.Int32, sets.Int64
* k8s.io/apiserver/pkg/registry/rest.Storage interface added requirement on
  implementation of Destroy() method
* k8s.io/component-base/metrics/prometheus/ratelimiter was removed as it was
  not doing anything. The call in third_party/ipam/nodeipam was removed
  accordingly. Refer to PR: kubernetes/kubernetes#113054
* upgraded ginkgo to v2 as required by sigs.k8s.io/controller-runtime@v0.14.6.
  timeout was removed from BeforeSuite, and was refactored referencing to
  onsi/ginkgo#882
* k8s.io/client-go/tools/remotecommand.Executor.Stream was deprecated, and
  replaced with StreamWithContext
* make codegen and manifests
* allow access from container users to git directories

Related to #4901

Signed-off-by: heanlan <hanlan@vmware.com>

build/images/codegen/Dockerfile

@@ -32,11 +32,11 @@ LABEL description="A Docker image based on the golang image, which includes code
 
 ENV GO111MODULE=on
 
-ARG K8S_VERSION=1.24.0
+ARG K8S_VERSION=1.26.4
 # The k8s.io/kube-openapi repo does not have tag, using a workable commit hash.
 # We use the version that is referenced in the Kubernetes go.mod (for the
 # correct K8s version).
-ARG KUBEOPENAPI_VERSION=v0.0.0-20220328201542-3ee0da9b0b42
+ARG KUBEOPENAPI_VERSION=v0.0.0-20221012153701-172d655c2280
 
 RUN go install k8s.io/code-generator/cmd/client-gen@kubernetes-$K8S_VERSION && \
     go install k8s.io/code-generator/cmd/deepcopy-gen@kubernetes-$K8S_VERSION && \

build/images/codegen/README.md

@@ -20,6 +20,7 @@ Here is the table of codegen images that have been uploaded:
 
 | Tag                            | Change                                  |
 | :----------------------------- | --------------------------------------- |
+| kubernetes-1.26.4              | Upgraded K8s libraries to v1.26.4       |
 | kubernetes-1.24.0-build.2      | Upgraded base image to ubuntu:22.04     |
 | kubernetes-1.24.0-build.1      | Upgraded Go to v1.19                    |
 | kubernetes-1.24.0-build.0      | Add controller-gen v0.9.0               |

cmd/antrea-agent/agent.go

@@ -760,7 +760,7 @@ func run(o *Options) error {
 			nodeConfig,
 			ifaceStore,
 			multicastSocket,
-			sets.NewString(append(o.config.Multicast.MulticastInterfaces, nodeConfig.NodeTransportInterfaceName)...),
+			sets.New[string](append(o.config.Multicast.MulticastInterfaces, nodeConfig.NodeTransportInterfaceName)...),
 			ovsBridgeClient,
 			podUpdateChannel,
 			o.igmpQueryInterval,

cmd/antrea-agent/options.go

@@ -590,7 +590,7 @@ func (o *Options) validatePolicyBypassRulesConfig() error {
 	if len(o.config.ExternalNode.PolicyBypassRules) == 0 {
 		return nil
 	}
-	allowedProtocols := sets.NewString("tcp", "udp", "icmp", "ip")
+	allowedProtocols := sets.New[string]("tcp", "udp", "icmp", "ip")
 	for _, rule := range o.config.ExternalNode.PolicyBypassRules {
 		if rule.Direction != "ingress" && rule.Direction != "egress" {
 			return fmt.Errorf("direction %s for policyBypassRule is invalid", rule.Direction)

docs/prometheus-integration.md

@@ -237,23 +237,22 @@ in seconds. Broken down by status code.
 partitioned by status code.
 - **apiserver_envelope_encryption_dek_cache_fill_percent:** Percent of the
 cache slots currently occupied by cached DEKs.
-- **apiserver_flowcontrol_read_vs_write_request_count_samples:** Periodic
-observations of the number of requests waiting or in regular stage of execution
-- **apiserver_flowcontrol_read_vs_write_request_count_watermarks:** Watermarks
-of the number of requests waiting or in regular stage of execution
-- **apiserver_longrunning_gauge:** Gauge of all active long-running apiserver
-requests broken out by verb, group, version, resource, scope and component. Not
-all requests are tracked this way.
+- **apiserver_flowcontrol_read_vs_write_current_requests:** EXPERIMENTAL:
+Observations, at the end of every nanosecond, of the number of requests
+(as a fraction of the relevant limit) waiting or in regular stage of execution
+- **apiserver_flowcontrol_seat_fair_frac:** Fair fraction of server's
+concurrency to allocate to each priority level that can use it
 - **apiserver_longrunning_requests:** Gauge of all active long-running
 apiserver requests broken out by verb, group, version, resource, scope and
 component. Not all requests are tracked this way.
-- **apiserver_registered_watchers:** Number of currently registered watchers
-for a given resources
 - **apiserver_request_duration_seconds:** Response latency distribution in
 seconds for each verb, dry run value, group, version, resource, subresource,
 scope and component.
 - **apiserver_request_filter_duration_seconds:** Request filter latency
 distribution in seconds, for each filter type
+- **apiserver_request_sli_duration_seconds:** Response latency distribution
+(not counting webhook duration) in seconds for each verb, group, version,
+resource, subresource, scope and component.
 - **apiserver_request_slo_duration_seconds:** Response latency distribution
 (not counting webhook duration) in seconds for each verb, group, version,
 resource, subresource, scope and component.
@@ -296,6 +295,10 @@ broken out by result.
 - **authentication_token_cache_request_duration_seconds:**
 - **authentication_token_cache_request_total:**
 
+#### Disabled Metrics
+
+- **disabled_metric_total:** The count of disabled metrics.
+
 #### Field Metrics
 
 - **field_validation_request_duration_seconds:** Response latency distribution
@@ -304,10 +307,86 @@ enabled or not
 
 #### Go Metrics
 
+- **go_cgo_go_to_c_calls_calls_total:** Count of calls made from Go to C by
+the current process.
+- **go_gc_cycles_automatic_gc_cycles_total:** Count of completed GC cycles
+generated by the Go runtime.
+- **go_gc_cycles_forced_gc_cycles_total:** Count of completed GC cycles
+forced by the application.
+- **go_gc_cycles_total_gc_cycles_total:** Count of all completed GC cycles.
 - **go_gc_duration_seconds:** A summary of the pause duration of garbage
 collection cycles.
+- **go_gc_heap_allocs_by_size_bytes:** Distribution of heap allocations by
+approximate size. Note that this does not include tiny objects as defined
+by /gc/heap/tiny/allocs:objects, only tiny blocks.
+- **go_gc_heap_allocs_bytes_total:** Cumulative sum of memory allocated to
+the heap by the application.
+- **go_gc_heap_allocs_objects_total:** Cumulative count of heap allocations
+triggered by the application. Note that this does not include tiny objects
+as defined by /gc/heap/tiny/allocs:objects, only tiny blocks.
+- **go_gc_heap_frees_by_size_bytes:** Distribution of freed heap allocations
+by approximate size. Note that this does not include tiny objects as defined
+by /gc/heap/tiny/allocs:objects, only tiny blocks.
+- **go_gc_heap_frees_bytes_total:** Cumulative sum of heap memory freed by
+the garbage collector.
+- **go_gc_heap_frees_objects_total:** Cumulative count of heap allocations
+whose storage was freed by the garbage collector. Note that this does
+not include tiny objects as defined by /gc/heap/tiny/allocs:objects, only
+tiny blocks.
+- **go_gc_heap_goal_bytes:** Heap size target for the end of the GC cycle.
+- **go_gc_heap_objects_objects:** Number of objects, live or unswept,
+occupying heap memory.
+- **go_gc_heap_tiny_allocs_objects_total:** Count of small allocations that
+are packed together into blocks. These allocations are counted separately
+from other allocations because each individual allocation is not tracked
+by the runtime, only their block. Each block is already accounted for in
+allocs-by-size and frees-by-size.
+- **go_gc_limiter_last_enabled_gc_cycle:** GC cycle the last time the GC CPU
+limiter was enabled. This metric is useful for diagnosing the root cause
+of an out-of-memory error, because the limiter trades memory for CPU time
+when the GC's CPU time gets too high. This is most likely to occur with use
+of SetMemoryLimit. The first GC cycle is cycle 1, so a value of 0 indicates
+that it was never enabled.
+- **go_gc_pauses_seconds:** Distribution individual GC-related stop-the-world
+pause latencies.
+- **go_gc_stack_starting_size_bytes:** The stack size of new goroutines.
 - **go_goroutines:** Number of goroutines that currently exist.
 - **go_info:** Information about the Go environment.
+- **go_memory_classes_heap_free_bytes:** Memory that is completely free and
+eligible to be returned to the underlying system, but has not been. This
+metric is the runtime's estimate of free address space that is backed by
+physical memory.
+- **go_memory_classes_heap_objects_bytes:** Memory occupied by live objects
+and dead objects that have not yet been marked free by the garbage collector.
+- **go_memory_classes_heap_released_bytes:** Memory that is completely free
+and has been returned to the underlying system. This metric is the runtime's
+estimate of free address space that is still mapped into the process, but
+is not backed by physical memory.
+- **go_memory_classes_heap_stacks_bytes:** Memory allocated from the heap
+that is reserved for stack space, whether or not it is currently in-use.
+- **go_memory_classes_heap_unused_bytes:** Memory that is reserved for heap
+objects but is not currently used to hold heap objects.
+- **go_memory_classes_metadata_mcache_free_bytes:** Memory that is reserved
+for runtime mcache structures, but not in-use.
+- **go_memory_classes_metadata_mcache_inuse_bytes:** Memory that is occupied
+by runtime mcache structures that are currently being used.
+- **go_memory_classes_metadata_mspan_free_bytes:** Memory that is reserved
+for runtime mspan structures, but not in-use.
+- **go_memory_classes_metadata_mspan_inuse_bytes:** Memory that is occupied
+by runtime mspan structures that are currently being used.
+- **go_memory_classes_metadata_other_bytes:** Memory that is reserved for
+or used to hold runtime metadata.
+- **go_memory_classes_os_stacks_bytes:** Stack memory allocated by the
+underlying operating system.
+- **go_memory_classes_other_bytes:** Memory used by execution trace buffers,
+structures for debugging the runtime, finalizer and profiler specials,
+and more.
+- **go_memory_classes_profiling_buckets_bytes:** Memory that is used by the
+stack trace hash map used for profiling.
+- **go_memory_classes_total_bytes:** All memory mapped by the Go runtime
+into the current process as read-write. Note that this does not include
+memory mapped by code called via cgo or via the syscall package. Sum of all
+metrics in /memory/classes.
 - **go_memstats_alloc_bytes:** Number of bytes allocated and still in use.
 - **go_memstats_alloc_bytes_total:** Total number of bytes allocated, even
 if freed.
@@ -344,8 +423,18 @@ allocator.
 - **go_memstats_stack_sys_bytes:** Number of bytes obtained from system for
 stack allocator.
 - **go_memstats_sys_bytes:** Number of bytes obtained from system.
+- **go_sched_gomaxprocs_threads:** The current runtime.GOMAXPROCS setting,
+or the number of operating system threads that can execute user-level Go
+code simultaneously.
+- **go_sched_goroutines_goroutines:** Count of live goroutines.
+- **go_sched_latencies_seconds:** Distribution of the time goroutines have
+spent in the scheduler in a runnable state before actually running.
 - **go_threads:** Number of OS threads created.
 
+#### Hidden Metrics
+
+- **hidden_metric_total:** The count of hidden metrics.
+
 #### Process Metrics
 
 - **process_cpu_seconds_total:** Total user and system CPU time spent
@@ -359,6 +448,11 @@ in seconds.
 - **process_virtual_memory_max_bytes:** Maximum amount of virtual memory
 available in bytes.
 
+#### Registered Metrics
+
+- **registered_metric_total:** The count of registered metrics broken by
+stability level and deprecation version.
+
 #### Workqueue Metrics
 
 - **workqueue_adds_total:** Total number of adds handled by workqueue

go.mod

@@ -41,7 +41,7 @@ require (
 	github.com/mdlayher/packet v1.0.0
 	github.com/miekg/dns v1.1.54
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
-	github.com/onsi/ginkgo v1.16.5
+	github.com/onsi/ginkgo/v2 v2.9.3
 	github.com/onsi/gomega v1.27.6
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/sftp v1.13.5
@@ -69,36 +69,27 @@ require (
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.24.9
-	k8s.io/apiextensions-apiserver v0.24.0
-	k8s.io/apimachinery v0.24.9
-	k8s.io/apiserver v0.24.0
-	k8s.io/client-go v0.24.9
-	k8s.io/component-base v0.24.9
+	k8s.io/api v0.26.4
+	k8s.io/apiextensions-apiserver v0.26.4
+	k8s.io/apimachinery v0.26.4
+	k8s.io/apiserver v0.26.4
+	k8s.io/client-go v0.26.4
+	k8s.io/component-base v0.26.4
 	k8s.io/klog/v2 v2.80.1
-	k8s.io/kube-aggregator v0.24.0
-	k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42
-	k8s.io/kubectl v0.24.0
-	k8s.io/kubelet v0.24.0
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
-	sigs.k8s.io/controller-runtime v0.12.1
+	k8s.io/kube-aggregator v0.26.4
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
+	k8s.io/kubectl v0.26.4
+	k8s.io/kubelet v0.26.4
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
+	sigs.k8s.io/controller-runtime v0.14.6
 	sigs.k8s.io/mcs-api v0.1.0
 	sigs.k8s.io/yaml v1.3.0
 )
 
 require (
-	cloud.google.com/go/compute v1.18.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
 	github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.12 // indirect
@@ -117,6 +108,7 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenk/hub v1.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/cenkalti/hub v1.0.1 // indirect
 	github.com/cenkalti/rpc2 v0.0.0-20180727162946-9642ea02d0aa // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -127,20 +119,24 @@ require (
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 // indirect
-	github.com/emicklei/go-restful v2.16.0+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.14.1 // indirect
-	github.com/felixge/httpsnoop v1.0.1 // indirect
-	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/cel-go v0.12.6 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.0.0 // indirect
 	github.com/hashicorp/go-msgpack v0.5.3 // indirect
@@ -166,7 +162,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/pion/dtls/v2 v2.2.4 // indirect
 	github.com/pion/logging v0.2.2 // indirect
 	github.com/pion/transport/v2 v2.0.0 // indirect
@@ -177,28 +172,28 @@ require (
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
+	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/streamrail/concurrent-map v0.0.0-20160823150647-8bf1e9bacbf6 // indirect
 	github.com/ti-mo/netfilter v0.3.1 // indirect
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 	gitlab.com/golang-commonmark/puny v0.0.0-20191124015043-9f83538fa04f // indirect
-	go.etcd.io/etcd/api/v3 v3.5.1 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect
-	go.etcd.io/etcd/client/v3 v3.5.1 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.5 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib v0.20.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 // indirect
-	go.opentelemetry.io/otel v0.20.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp v0.20.0 // indirect
-	go.opentelemetry.io/otel/metric v0.20.0 // indirect
-	go.opentelemetry.io/otel/sdk v0.20.0 // indirect
-	go.opentelemetry.io/otel/sdk/export/metric v0.20.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect
-	go.opentelemetry.io/otel/trace v0.20.0 // indirect
-	go.opentelemetry.io/proto/otlp v0.7.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 // indirect
+	go.opentelemetry.io/otel v1.10.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 // indirect
+	go.opentelemetry.io/otel/metric v0.31.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.10.0 // indirect
+	go.opentelemetry.io/otel/trace v1.10.0 // indirect
+	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.19.1 // indirect
+	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
@@ -207,8 +202,8 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	k8s.io/kms v0.26.4 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )