diff --git a/build/Dockerfile b/build/Dockerfile index b43a592a..c13c849c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 ############# builder ############# -FROM golang:1.20.3 AS builder +FROM golang:1.20.4 AS builder WORKDIR /build COPY . . diff --git a/go.mod b/go.mod index 74837563..9f610715 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/cert-manager/cert-manager v1.11.0 - github.com/gardener/controller-manager-library v0.2.1-0.20230104162714-c7c57096a522 - github.com/gardener/external-dns-management v0.13.0 + github.com/gardener/controller-manager-library v0.2.1-0.20230504074505-cf120e9a982d + github.com/gardener/external-dns-management v0.15.3 github.com/go-acme/lego/v4 v4.8.0 github.com/miekg/dns v1.1.51 github.com/onsi/ginkgo/v2 v2.8.3 @@ -15,13 +15,13 @@ require ( github.com/pavlo-v-chernykh/keystore-go/v4 v4.4.0 github.com/prometheus/client_golang v1.14.0 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 - k8s.io/api v0.26.1 - k8s.io/apimachinery v0.26.1 - k8s.io/client-go v0.26.1 - k8s.io/code-generator v0.26.1 + k8s.io/api v0.26.4 + k8s.io/apimachinery v0.26.4 + k8s.io/client-go v0.26.4 + k8s.io/code-generator v0.26.4 k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 - sigs.k8s.io/kind v0.17.0 + sigs.k8s.io/kind v0.18.0 software.sslmate.com/src/go-pkcs12 v0.2.0 ) @@ -90,12 +90,12 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.26.1 // indirect - k8s.io/component-base v0.26.1 // indirect + k8s.io/apiextensions-apiserver v0.26.4 // indirect + k8s.io/component-base v0.26.4 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.80.1 // indirect - k8s.io/kube-aggregator v0.26.1 // indirect + k8s.io/kube-aggregator v0.26.4 // indirect sigs.k8s.io/controller-tools v0.11.3 // indirect sigs.k8s.io/gateway-api v0.6.0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect diff --git a/go.sum b/go.sum index e2d9ae50..f4e1fb88 100644 --- a/go.sum +++ b/go.sum @@ -97,10 +97,10 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/gardener/controller-manager-library v0.2.1-0.20230104162714-c7c57096a522 h1:PaEng2Jvcv2ikd52+OPfA8C1zE5stSnNfrkh/8/iyiM= -github.com/gardener/controller-manager-library v0.2.1-0.20230104162714-c7c57096a522/go.mod h1:KX8LCQp3KK/U4842zwNfQM1ygSMrJTiGAMiinijv0Uo= -github.com/gardener/external-dns-management v0.13.0 h1:OSyv7fGTvBXbGpAT1hAlpKRrS99K1WQFUUdWpK8HCR0= -github.com/gardener/external-dns-management v0.13.0/go.mod h1:6/4pzYxQletFr0y4wJQt/TmcP3I7SAnNDVb9VSp8RUs= +github.com/gardener/controller-manager-library v0.2.1-0.20230504074505-cf120e9a982d h1:33JnE+FAR7/du36Fe+d2++AUUykhHAxb7C4zSjrjMOE= +github.com/gardener/controller-manager-library v0.2.1-0.20230504074505-cf120e9a982d/go.mod h1:1yoLG/k4iFo21caNycEa1FtG2/AOkpOPk/NTBJN2azY= +github.com/gardener/external-dns-management v0.15.3 h1:w7DSzUQY3iC4bKAy4RoP2Lmt/kKYAhpDEZDZr1lxluY= +github.com/gardener/external-dns-management v0.15.3/go.mod h1:8Bvwsirq6BsUiCL1wEE0i2yj+BALOCI6TPOru/+ozeU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-acme/lego/v4 v4.8.0 h1:XienkuT6ZKHe0DE/LXeGP4ZY+ft+7ZMlqtiJ7XJs2pI= github.com/go-acme/lego/v4 v4.8.0/go.mod h1:MXCdgHuQh25bfi/tPpyOV/9k2p1JVu6oxXcylAwkouI= @@ -707,18 +707,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= -k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= -k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= -k8s.io/code-generator v0.26.1 h1:dusFDsnNSKlMFYhzIM0jAO1OlnTN5WYwQQ+Ai12IIlo= -k8s.io/code-generator v0.26.1/go.mod h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I= -k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= -k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= +k8s.io/api v0.26.4 h1:qSG2PmtcD23BkYiWfoYAcak870eF/hE7NNYBYavTT94= +k8s.io/api v0.26.4/go.mod h1:WwKEXU3R1rgCZ77AYa7DFksd9/BAIKyOmRlbVxgvjCk= +k8s.io/apiextensions-apiserver v0.26.4 h1:9D2RTxYGxrG5uYg6D7QZRcykXvavBvcA59j5kTaedQI= +k8s.io/apiextensions-apiserver v0.26.4/go.mod h1:cd4uGFGIgzEqUghWpRsr9KE8j2KNTjY8Ji8pnMMazyw= +k8s.io/apimachinery v0.26.4 h1:rZccKdBLg9vP6J09JD+z8Yr99Ce8gk3Lbi9TCx05Jzs= +k8s.io/apimachinery v0.26.4/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/client-go v0.26.4 h1:/7P/IbGBuT73A+G97trf44NTPSNqvuBREpOfdLbHvD4= +k8s.io/client-go v0.26.4/go.mod h1:6qOItWm3EwxJdl/8p5t7FWtWUOwyMdA8N9ekbW4idpI= +k8s.io/code-generator v0.26.4 h1:zgDD0qX13p/jtrAoYRRiYeQ5ibnriwmo2cMkMZAtJxc= +k8s.io/code-generator v0.26.4/go.mod h1:ryaiIKwfxEJEaywEzx3dhWOydpVctKYbqLajJf0O8dI= +k8s.io/component-base v0.26.4 h1:Bg2xzyXNKL3eAuiTEu3XE198d6z22ENgFgGQv2GGOUk= +k8s.io/component-base v0.26.4/go.mod h1:lTuWL1Xz/a4e80gmIC3YZG2JCO4xNwtKWHJWeJmsq20= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -728,8 +728,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-aggregator v0.26.1 h1:TqDWwuaUJpyhWGWw4JrXR8ZAAaHa9qrsXxR41aR3igw= -k8s.io/kube-aggregator v0.26.1/go.mod h1:E6dnKoQ6f4eFl8QQXHxTASZKXBX6+XcjROWl7GRltl4= +k8s.io/kube-aggregator v0.26.4 h1:iGljhq5exQkbuc3bnkwUx95RPCBDExg7DkX9XaYhg6w= +k8s.io/kube-aggregator v0.26.4/go.mod h1:eWfg4tU0+l57ebWiS5THOANIJUrKRxudSVDJ+63bqvQ= k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s= k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= @@ -743,8 +743,8 @@ sigs.k8s.io/gateway-api v0.6.0 h1:v2FqrN2ROWZLrSnI2o91taHR8Sj3s+Eh3QU7gLNWIqA= sigs.k8s.io/gateway-api v0.6.0/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= -sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= +sigs.k8s.io/kind v0.18.0 h1:ahgZdVV1pdhXlYe1f+ztISakT23KdrBl/NFY9JMygzs= +sigs.k8s.io/kind v0.18.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/vendor/github.com/gardener/controller-manager-library/hack/run-in.sh b/vendor/github.com/gardener/controller-manager-library/hack/run-in.sh old mode 100755 new mode 100644 diff --git a/vendor/github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1/zz_generated.deepcopy.go index 7c21204f..6fc51998 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +Copyright (c) 2023 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/github.com/gardener/external-dns-management/pkg/dns/dnsset.go b/vendor/github.com/gardener/external-dns-management/pkg/dns/dnsset.go index d07a8109..e4a73220 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/dns/dnsset.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/dns/dnsset.go @@ -119,7 +119,6 @@ func (dnssets DNSSets) GetOwners() utils.StringSet { const ( ATTR_OWNER = "owner" ATTR_PREFIX = "prefix" - ATTR_CNAMES = "cnames" ATTR_KIND = "kind" ATTR_TIMESTAMP = "ts" diff --git a/vendor/github.com/gardener/external-dns-management/pkg/dns/mapping.go b/vendor/github.com/gardener/external-dns-management/pkg/dns/mapping.go index d7fef61a..d9501d3a 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/dns/mapping.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/dns/mapping.go @@ -68,6 +68,10 @@ func calcMetaRecordDomainName(name, prefix, base string) string { if name == base { prefix += "-base." } + } else if strings.HasPrefix(name, "@.") { + // special case: allow apex label for Azure + name = name[2:] + prefix += "---at." } return add + prefix + name } @@ -94,6 +98,9 @@ func MapFromProvider(name DNSSetName, rs *RecordSet) (DNSSetName, *RecordSet) { dns = dns[len(prefix):] if strings.HasPrefix(dns, "-base.") { dns = dns[6:] + } else if strings.HasPrefix(dns, "---at.") { + dns = dns[6:] + add = "@." } else if strings.HasPrefix(dns, ".") { // for backwards compatibility of form *.comment-.basedomain dns = dns[1:] diff --git a/vendor/github.com/gardener/external-dns-management/pkg/dns/routingpolicy.go b/vendor/github.com/gardener/external-dns-management/pkg/dns/routingpolicy.go index 4eac0699..add255a7 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/dns/routingpolicy.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/dns/routingpolicy.go @@ -21,7 +21,16 @@ import ( ) const ( + // RoutingPolicyWeighted is a weighted routing policy (supported for AWS Route 53 and Google CloudDNS) RoutingPolicyWeighted = "weighted" + // RoutingPolicyLatency is a latency based routing policy (supported for AWS Route 53) + RoutingPolicyLatency = "latency" + // RoutingPolicyGeoLocation is a geolocation based routing policy (supported for AWS Route 53 and Google CloudDNS) + RoutingPolicyGeoLocation = "geolocation" + // RoutingPolicyIPBased is an IP based routing policy (supported for AWS Route 53) + RoutingPolicyIPBased = "ip-based" + // RoutingPolicyFailover is failover routing policy (supported for AWS Route 53) + RoutingPolicyFailover = "failover" ) type RoutingPolicy struct { @@ -48,7 +57,7 @@ func (p *RoutingPolicy) Clone() *RoutingPolicy { return copy } -func (p *RoutingPolicy) CheckParameterKeys(keys []string) error { +func (p *RoutingPolicy) CheckParameterKeys(keys, optionalKeys []string) error { for _, k := range keys { if _, ok := p.Parameters[k]; !ok { return fmt.Errorf("Missing parameter key %s", k) @@ -62,6 +71,11 @@ func (p *RoutingPolicy) CheckParameterKeys(keys []string) error { continue outer } } + for _, k2 := range optionalKeys { + if k == k2 { + continue outer + } + } return fmt.Errorf("Unsupported parameter key %s", k) } } diff --git a/vendor/github.com/gardener/external-dns-management/pkg/dns/utils.go b/vendor/github.com/gardener/external-dns-management/pkg/dns/utils.go index b1922fdf..061170c0 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/dns/utils.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/dns/utils.go @@ -16,11 +16,6 @@ package dns -import ( - "github.com/gardener/controller-manager-library/pkg/resources" - api "github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1" -) - func SupportedRecordType(t string) bool { switch t { case RS_CNAME, RS_A, RS_AAAA, RS_TXT: @@ -28,9 +23,3 @@ func SupportedRecordType(t string) bool { } return false } - -func DNSNameMatcher(dnsname string) resources.ObjectMatcher { - return func(o resources.Object) bool { - return o.Data().(*api.DNSEntry).Spec.DNSName == dnsname - } -} diff --git a/vendor/github.com/gardener/external-dns-management/pkg/dns/validation.go b/vendor/github.com/gardener/external-dns-management/pkg/dns/validation.go index da5cc33e..6b61d2e8 100644 --- a/vendor/github.com/gardener/external-dns-management/pkg/dns/validation.go +++ b/vendor/github.com/gardener/external-dns-management/pkg/dns/validation.go @@ -33,6 +33,9 @@ func ValidateDomainName(name string) error { var errs []string if strings.HasPrefix(check, "*.") { errs = validation.IsWildcardDNS1123Subdomain(check) + } else if strings.HasPrefix(check, "@.") { + // special case: allow apex label for Azure + errs = validation.IsDNS1123Subdomain(check[2:]) } else { errs = validation.IsDNS1123Subdomain(check) } @@ -53,6 +56,10 @@ func ValidateDomainName(name string) error { labels := strings.Split(strings.TrimPrefix(check, "*."), ".") for i, label := range labels { + if i == 0 && label == "@" { + // special case: allow apex label for Azure + continue + } if errs = validation.IsDNS1123Label(label); len(errs) > 0 { return fmt.Errorf("%d. label %q of %q is not valid (%v)", i+1, label, name, errs) } diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 9264bfd9..416811e2 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -4512,7 +4512,7 @@ message ResourceRequirements { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 4be1df0c..0101e95d 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -2320,7 +2320,7 @@ type ResourceRequirements struct { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 6c6fe2e0..99391a42 100644 --- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{ "": "ResourceRequirements describes the compute resource requirements.", "limits": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", } func (ResourceRequirements) SwaggerDoc() map[string]string { diff --git a/vendor/k8s.io/api/resource/v1alpha1/generated.proto b/vendor/k8s.io/api/resource/v1alpha1/generated.proto index 5fc35e40..2e814d15 100644 --- a/vendor/k8s.io/api/resource/v1alpha1/generated.proto +++ b/vendor/k8s.io/api/resource/v1alpha1/generated.proto @@ -248,7 +248,8 @@ message ResourceClaimStatus { // There can be at most 32 such reservations. This may get increased in // the future, but not reduced. // - // +listType=set + // +listType=map + // +listMapKey=uid // +optional repeated ResourceClaimConsumerReference reservedFor = 3; diff --git a/vendor/k8s.io/api/resource/v1alpha1/types.go b/vendor/k8s.io/api/resource/v1alpha1/types.go index 9d7d4a19..af570384 100644 --- a/vendor/k8s.io/api/resource/v1alpha1/types.go +++ b/vendor/k8s.io/api/resource/v1alpha1/types.go @@ -112,7 +112,8 @@ type ResourceClaimStatus struct { // There can be at most 32 such reservations. This may get increased in // the future, but not reduced. // - // +listType=set + // +listType=map + // +listMapKey=uid // +optional ReservedFor []ResourceClaimConsumerReference `json:"reservedFor,omitempty" protobuf:"bytes,3,opt,name=reservedFor"` diff --git a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go index 4f3636b2..94dd2160 100644 --- a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go +++ b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go @@ -11661,6 +11661,8 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: io.k8s.api.resource.v1alpha1.ResourceClaimConsumerReference elementRelationship: associative + keys: + - uid - name: io.k8s.api.resource.v1alpha1.ResourceClaimTemplate map: fields: diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 033a4c8f..7470259d 100644 --- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -24,19 +24,36 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" ) +// StaleGroupVersionError encasulates failed GroupVersion marked "stale" +// in the returned AggregatedDiscovery format. +type StaleGroupVersionError struct { + gv schema.GroupVersion +} + +func (s StaleGroupVersionError) Error() string { + return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv) +} + // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into // the previous "unaggregated" discovery groups and resources. -func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) { +func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Aggregated group list will contain the entirety of discovery, including - // groups, versions, and resources. + // groups, versions, and resources. GroupVersions marked "stale" are failed. groups := []*metav1.APIGroup{} + failedGVs := map[schema.GroupVersion]error{} resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{} for _, aggGroup := range aggregatedGroups.Items { - group, resources := convertAPIGroup(aggGroup) + group, resources, failed := convertAPIGroup(aggGroup) groups = append(groups, group) for gv, resourceList := range resources { resourcesByGV[gv] = resourceList } + for gv, err := range failed { + failedGVs[gv] = err + } } // Transform slice of groups to group list before returning. groupList := &metav1.APIGroupList{} @@ -44,65 +61,94 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList for _, group := range groups { groupList.Groups = append(groupList.Groups, *group) } - return groupList, resourcesByGV + return groupList, resourcesByGV, failedGVs } // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup, // also returning the map of APIResourceList for resources within GroupVersions. -func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) { +func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( + *metav1.APIGroup, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Iterate through versions to convert to group and resources. group := &metav1.APIGroup{} gvResources := map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs := map[schema.GroupVersion]error{} group.Name = g.ObjectMeta.Name - for i, v := range g.Versions { - version := metav1.GroupVersionForDiscovery{} + for _, v := range g.Versions { gv := schema.GroupVersion{Group: g.Name, Version: v.Version} + if v.Freshness == apidiscovery.DiscoveryFreshnessStale { + failedGVs[gv] = StaleGroupVersionError{gv: gv} + continue + } + version := metav1.GroupVersionForDiscovery{} version.GroupVersion = gv.String() version.Version = v.Version group.Versions = append(group.Versions, version) - if i == 0 { + // PreferredVersion is first non-stale Version + if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) { group.PreferredVersion = version } resourceList := &metav1.APIResourceList{} resourceList.GroupVersion = gv.String() for _, r := range v.Resources { - resource := convertAPIResource(r) - resourceList.APIResources = append(resourceList.APIResources, resource) + resource, err := convertAPIResource(r) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, resource) + } // Subresources field in new format get transformed into full APIResources. + // It is possible a partial result with an error was returned to be used + // as the parent resource for the subresource. for _, subresource := range r.Subresources { - sr := convertAPISubresource(resource, subresource) - resourceList.APIResources = append(resourceList.APIResources, sr) + sr, err := convertAPISubresource(resource, subresource) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, sr) + } } } gvResources[gv] = resourceList } - return group, gvResources + return group, gvResources, failedGVs } -// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. -func convertAPIResource(in apidiscovery.APIResourceDiscovery) metav1.APIResource { - return metav1.APIResource{ +// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are +// resilient to missing GVK, since this resource might be the parent resource +// for a subresource. If the parent is missing a GVK, it is not returned in +// discovery, and the subresource MUST have the GVK. +func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{ Name: in.Resource, SingularName: in.SingularResource, Namespaced: in.Scope == apidiscovery.ScopeNamespace, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, Verbs: in.Verbs, ShortNames: in.ShortNames, Categories: in.Categories, } + var err error + if in.ResponseKind != nil { + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + } else { + err = fmt.Errorf("discovery resource %s missing GVK", in.Resource) + } + // Can return partial result with error, which can be the parent for a + // subresource. Do not add this result to the returned discovery resources. + return result, err } // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource. -func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) metav1.APIResource { - return metav1.APIResource{ - Name: fmt.Sprintf("%s/%s", parent.Name, in.Subresource), - SingularName: parent.SingularName, - Namespaced: parent.Namespaced, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, - Verbs: in.Verbs, +func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{} + if in.ResponseKind == nil { + return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource) } + result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource) + result.SingularName = parent.SingularName + result.Namespaced = parent.Namespaced + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + result.Verbs = in.Verbs + return result, nil } diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 43906190..64156800 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -86,7 +86,7 @@ type DiscoveryInterface interface { type AggregatedDiscoveryInterface interface { DiscoveryInterface - GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) + GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) } // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness. @@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API // and resources from /api and /apis (either aggregated or not). Legacy groups // must be ordered first. The server will either return both endpoints (/api, /apis) // as aggregated discovery format or legacy format. For safety, resources will only -// be returned if both endpoints returned resources. -func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// be returned if both endpoints returned resources. Returned "failedGVs" can be +// empty, but will only be nil in the case an error is returned. +func (d *DiscoveryClient) GroupsAndMaybeResources() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { // Legacy group ordered first (there is only one -- core/v1 group). Returned groups must // be non-nil, but it could be empty. Returned resources, apiResources map could be nil. - groups, resources, err := d.downloadLegacy() + groups, resources, failedGVs, err := d.downloadLegacy() if err != nil { - return nil, nil, err + return nil, nil, nil, err } // Discovery groups and (possibly) resources downloaded from /apis. - apiGroups, apiResources, aerr := d.downloadAPIs() + apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs() if aerr != nil { - return nil, nil, aerr + return nil, nil, nil, aerr } // Merge apis groups into the legacy groups. for _, group := range apiGroups.Groups { @@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s } else if resources != nil { resources = nil } - return groups, resources, err + // Merge failed GroupVersions from /api and /apis + for gv, err := range failedApisGVs { + failedGVs[gv] = err + } + return groups, resources, failedGVs, err } // downloadLegacy returns the discovery groups and possibly resources // for the legacy v1 GVR at /api, or an error if one occurred. It is // possible for the resource map to be nil if the server returned -// the unaggregated discovery. -func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// the unaggregated discovery. Returned "failedGVs" can be empty, but +// will only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadLegacy() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /apis. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} + if err != nil { + // Tolerate 404, since aggregated api servers can return it. + if errors.IsNotFound(err) { + // Return empty structures and no error. + emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{} + return apiGroupList, emptyGVMap, failedGVs, nil + } else { + return nil, nil, nil, err + } } - apiGroupList := &metav1.APIGroupList{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { @@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { - return nil, nil, err + return nil, nil, nil, err } apiGroup := metav1.APIGroup{} if len(v.Versions) != 0 { @@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // downloadAPIs returns the discovery groups and (if aggregated format) the // discovery resources. The returned groups will always exist, but the -// resources map may be nil. -func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// resources map may be nil. Returned "failedGVs" can be empty, but will +// only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadAPIs() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /api. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + if err != nil { + return nil, nil, nil, err } apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { case AcceptV1: err = json.Unmarshal(body, apiGroupList) if err != nil { - return nil, nil, err + return nil, nil, nil, err } case AcceptV2Beta1: var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r } err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources) if err != nil { - // ignore 403 or 404 error to be compatible with an v1.0 server. - if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) { + // Tolerate core/v1 not found response by returning empty resource list; + // this probably should not happen. But we should verify all callers are + // not depending on this toleration before removal. + if groupVersion == "v1" && errors.IsNotFound(err) { return resources, nil } return nil, err @@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool { func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) { var sgs *metav1.APIGroupList var resources []*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, // then attempt to retrieve aggregated discovery with both groups and the resources. if ad, ok := d.(AggregatedDiscoveryInterface); ok { var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList - sgs, resourcesByGV, err = ad.GroupsAndMaybeResources() + sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources() for _, resourceList := range resourcesByGV { resources = append(resources, resourceList) } @@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta for i := range sgs.Groups { resultGroups = append(resultGroups, &sgs.Groups[i]) } + // resources is non-nil if aggregated discovery succeeded. if resources != nil { - return resultGroups, resources, nil + // Any stale Group/Versions returned by aggregated discovery + // must be surfaced to the caller as failed Group/Versions. + var ferr error + if len(failedGVs) > 0 { + ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs} + } + return resultGroups, resources, ferr } groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs) @@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList, var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, - // then it is attempt to retrieve both the groups and the resources. + // then it is attempt to retrieve both the groups and the resources. "failedGroups" + // are Group/Versions returned as stale in AggregatedDiscovery format. ad, ok := d.(AggregatedDiscoveryInterface) if ok { - serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources() + serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources() } else { serverGroupList, err = d.ServerGroups() } if err != nil { return nil, err } + // Non-aggregated discovery must fetch resources from Groups. if groupVersionResources == nil { groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList) } diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go index 0762da3b..96005ff5 100644 --- a/vendor/k8s.io/client-go/tools/cache/controller.go +++ b/vendor/k8s.io/client-go/tools/cache/controller.go @@ -353,17 +353,6 @@ func NewIndexerInformer( return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil) } -// TransformFunc allows for transforming an object before it will be processed -// and put into the controller cache and before the corresponding handlers will -// be called on it. -// TransformFunc (similarly to ResourceEventHandler functions) should be able -// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown -// -// The most common usage pattern is to clean-up some parts of the object to -// reduce component memory usage if a given component doesn't care about them. -// given controller doesn't care for them -type TransformFunc func(interface{}) (interface{}, error) - // NewTransformingInformer returns a Store and a controller for populating // the store while also providing event notifications. You should only used // the returned Store for Get/List operations; Add/Modify/Deletes will cause @@ -411,19 +400,11 @@ func processDeltas( // Object which receives event notifications from the given deltas handler ResourceEventHandler, clientState Store, - transformer TransformFunc, deltas Deltas, ) error { // from oldest to newest for _, d := range deltas { obj := d.Object - if transformer != nil { - var err error - obj, err = transformer(obj) - if err != nil { - return err - } - } switch d.Type { case Sync, Replaced, Added, Updated: @@ -475,6 +456,7 @@ func newInformer( fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: clientState, EmitDeltaTypeReplaced: true, + Transformer: transformer, }) cfg := &Config{ @@ -486,7 +468,7 @@ func newInformer( Process: func(obj interface{}) error { if deltas, ok := obj.(Deltas); ok { - return processDeltas(h, clientState, transformer, deltas) + return processDeltas(h, clientState, deltas) } return errors.New("object given as Process argument is not Deltas") }, diff --git a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go index 0c13a41f..84f3ab9c 100644 --- a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go +++ b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go @@ -51,6 +51,10 @@ type DeltaFIFOOptions struct { // When true, `Replaced` events will be sent for items passed to a Replace() call. // When false, `Sync` events will be sent instead. EmitDeltaTypeReplaced bool + + // If set, will be called for objects before enqueueing them. Please + // see the comment on TransformFunc for details. + Transformer TransformFunc } // DeltaFIFO is like FIFO, but differs in two ways. One is that the @@ -129,8 +133,32 @@ type DeltaFIFO struct { // emitDeltaTypeReplaced is whether to emit the Replaced or Sync // DeltaType when Replace() is called (to preserve backwards compat). emitDeltaTypeReplaced bool + + // Called with every object if non-nil. + transformer TransformFunc } +// TransformFunc allows for transforming an object before it will be processed. +// TransformFunc (similarly to ResourceEventHandler functions) should be able +// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown. +// +// New in v1.27: In such cases, the contained object will already have gone +// through the transform object separately (when it was added / updated prior +// to the delete), so the TransformFunc can likely safely ignore such objects +// (i.e., just return the input object). +// +// The most common usage pattern is to clean-up some parts of the object to +// reduce component memory usage if a given component doesn't care about them. +// +// New in v1.27: unless the object is a DeletedFinalStateUnknown, TransformFunc +// sees the object before any other actor, and it is now safe to mutate the +// object in place instead of making a copy. +// +// Note that TransformFunc is called while inserting objects into the +// notification queue and is therefore extremely performance sensitive; please +// do not do anything that will take a long time. +type TransformFunc func(interface{}) (interface{}, error) + // DeltaType is the type of a change (addition, deletion, etc) type DeltaType string @@ -227,6 +255,7 @@ func NewDeltaFIFOWithOptions(opts DeltaFIFOOptions) *DeltaFIFO { knownObjects: opts.KnownObjects, emitDeltaTypeReplaced: opts.EmitDeltaTypeReplaced, + transformer: opts.Transformer, } f.cond.L = &f.lock return f @@ -411,6 +440,21 @@ func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) err if err != nil { return KeyError{obj, err} } + + // Every object comes through this code path once, so this is a good + // place to call the transform func. If obj is a + // DeletedFinalStateUnknown tombstone, then the containted inner object + // will already have gone through the transformer, but we document that + // this can happen. In cases involving Replace(), such an object can + // come through multiple times. + if f.transformer != nil { + var err error + obj, err = f.transformer(obj) + if err != nil { + return err + } + } + oldDeltas := f.items[id] newDeltas := append(oldDeltas, Delta{actionType, obj}) newDeltas = dedupDeltas(newDeltas) @@ -566,12 +610,11 @@ func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) { // using the Sync or Replace DeltaType and then (2) it does some deletions. // In particular: for every pre-existing key K that is not the key of // an object in `list` there is the effect of -// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object -// of K. If `f.knownObjects == nil` then the pre-existing keys are -// those in `f.items` and the current object of K is the `.Newest()` -// of the Deltas associated with K. Otherwise the pre-existing keys -// are those listed by `f.knownObjects` and the current object of K is -// what `f.knownObjects.GetByKey(K)` returns. +// `Delete(DeletedFinalStateUnknown{K, O})` where O is the latest known +// object of K. The pre-existing keys are those in the union set of the keys in +// `f.items` and `f.knownObjects` (if not nil). The last known object for key K is +// the one present in the last delta in `f.items`. If there is no delta for K +// in `f.items`, it is the object in `f.knownObjects` func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { f.lock.Lock() defer f.lock.Unlock() @@ -595,51 +638,23 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } - if f.knownObjects == nil { - // Do deletion detection against our own list. - queuedDeletions := 0 - for k, oldItem := range f.items { - if keys.Has(k) { - continue - } - // Delete pre-existing items not in the new list. - // This could happen if watch deletion event was missed while - // disconnected from apiserver. - var deletedObj interface{} - if n := oldItem.Newest(); n != nil { - deletedObj = n.Object - } - queuedDeletions++ - if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { - return err - } - } - - if !f.populated { - f.populated = true - // While there shouldn't be any queued deletions in the initial - // population of the queue, it's better to be on the safe side. - f.initialPopulationCount = keys.Len() + queuedDeletions - } - - return nil - } - - // Detect deletions not already in the queue. - knownKeys := f.knownObjects.ListKeys() + // Do deletion detection against objects in the queue queuedDeletions := 0 - for _, k := range knownKeys { + for k, oldItem := range f.items { if keys.Has(k) { continue } - - deletedObj, exists, err := f.knownObjects.GetByKey(k) - if err != nil { - deletedObj = nil - klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) - } else if !exists { - deletedObj = nil - klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + // Delete pre-existing items not in the new list. + // This could happen if watch deletion event was missed while + // disconnected from apiserver. + var deletedObj interface{} + if n := oldItem.Newest(); n != nil { + deletedObj = n.Object + + // if the previous object is a DeletedFinalStateUnknown, we have to extract the actual Object + if d, ok := deletedObj.(DeletedFinalStateUnknown); ok { + deletedObj = d.Obj + } } queuedDeletions++ if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { @@ -647,6 +662,32 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } + if f.knownObjects != nil { + // Detect deletions for objects not present in the queue, but present in KnownObjects + knownKeys := f.knownObjects.ListKeys() + for _, k := range knownKeys { + if keys.Has(k) { + continue + } + if len(f.items[k]) > 0 { + continue + } + + deletedObj, exists, err := f.knownObjects.GetByKey(k) + if err != nil { + deletedObj = nil + klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) + } else if !exists { + deletedObj = nil + klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + } + queuedDeletions++ + if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { + return err + } + } + } + if !f.populated { f.populated = true f.initialPopulationCount = keys.Len() + queuedDeletions diff --git a/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/vendor/k8s.io/client-go/tools/cache/shared_informer.go index f5c7316a..4979642c 100644 --- a/vendor/k8s.io/client-go/tools/cache/shared_informer.go +++ b/vendor/k8s.io/client-go/tools/cache/shared_informer.go @@ -198,10 +198,7 @@ type SharedInformer interface { // // Must be set before starting the informer. // - // Note: Since the object given to the handler may be already shared with - // other goroutines, it is advisable to copy the object being - // transform before mutating it at all and returning the copy to prevent - // data races. + // Please see the comment on TransformFunc for more details. SetTransform(handler TransformFunc) error // IsStopped reports whether the informer has already been stopped. @@ -422,6 +419,7 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) { fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: s.indexer, EmitDeltaTypeReplaced: true, + Transformer: s.transform, }) cfg := &Config{ @@ -585,7 +583,7 @@ func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error { defer s.blockDeltas.Unlock() if deltas, ok := obj.(Deltas); ok { - return processDeltas(s, s.indexer, s.transform, deltas) + return processDeltas(s, s.indexer, deltas) } return errors.New("object given as Process argument is not Deltas") } diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go index 9d2889d1..edcc6d1d 100644 --- a/vendor/k8s.io/client-go/transport/cache.go +++ b/vendor/k8s.io/client-go/transport/cache.go @@ -109,7 +109,7 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { // If we use are reloading files, we need to handle certificate rotation properly // TODO(jackkleeman): We can also add rotation here when config.HasCertCallback() is true - if config.TLS.ReloadTLSFiles { + if config.TLS.ReloadTLSFiles && tlsConfig != nil && tlsConfig.GetClientCertificate != nil { dynamicCertDialer := certRotatingDialer(tlsConfig.GetClientCertificate, dial) tlsConfig.GetClientCertificate = dynamicCertDialer.GetClientCertificate dial = dynamicCertDialer.connDialer.DialContext diff --git a/vendor/k8s.io/component-base/metrics/legacyregistry/registry.go b/vendor/k8s.io/component-base/metrics/legacyregistry/registry.go index ed0f1c34..79c806d8 100644 --- a/vendor/k8s.io/component-base/metrics/legacyregistry/registry.go +++ b/vendor/k8s.io/component-base/metrics/legacyregistry/registry.go @@ -42,6 +42,9 @@ var ( // Register registers a collectable metric but uses the global registry Register = defaultRegistry.Register + + // Registerer exposes the global registerer + Registerer = defaultRegistry.Registerer ) func init() { diff --git a/vendor/k8s.io/component-base/metrics/metric.go b/vendor/k8s.io/component-base/metrics/metric.go index cf5bccfa..87352e92 100644 --- a/vendor/k8s.io/component-base/metrics/metric.go +++ b/vendor/k8s.io/component-base/metrics/metric.go @@ -216,7 +216,6 @@ var noopCounterVec = &prometheus.CounterVec{} var noopHistogramVec = &prometheus.HistogramVec{} var noopTimingHistogramVec = &promext.TimingHistogramVec{} var noopGaugeVec = &prometheus.GaugeVec{} -var noopObserverVec = &noopObserverVector{} // just use a convenience struct for all the no-ops var noop = &noopMetric{} @@ -235,22 +234,3 @@ func (noopMetric) Desc() *prometheus.Desc { return nil } func (noopMetric) Write(*dto.Metric) error { return nil } func (noopMetric) Describe(chan<- *prometheus.Desc) {} func (noopMetric) Collect(chan<- prometheus.Metric) {} - -type noopObserverVector struct{} - -func (noopObserverVector) GetMetricWith(prometheus.Labels) (prometheus.Observer, error) { - return noop, nil -} -func (noopObserverVector) GetMetricWithLabelValues(...string) (prometheus.Observer, error) { - return noop, nil -} -func (noopObserverVector) With(prometheus.Labels) prometheus.Observer { return noop } -func (noopObserverVector) WithLabelValues(...string) prometheus.Observer { return noop } -func (noopObserverVector) CurryWith(prometheus.Labels) (prometheus.ObserverVec, error) { - return noopObserverVec, nil -} -func (noopObserverVector) MustCurryWith(prometheus.Labels) prometheus.ObserverVec { - return noopObserverVec -} -func (noopObserverVector) Describe(chan<- *prometheus.Desc) {} -func (noopObserverVector) Collect(chan<- prometheus.Metric) {} diff --git a/vendor/modules.txt b/vendor/modules.txt index d10c9271..cc55a275 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -70,8 +70,8 @@ github.com/evanphx/json-patch/v5 # github.com/fatih/color v1.13.0 ## explicit; go 1.13 github.com/fatih/color -# github.com/gardener/controller-manager-library v0.2.1-0.20230104162714-c7c57096a522 -## explicit; go 1.19 +# github.com/gardener/controller-manager-library v0.2.1-0.20230504074505-cf120e9a982d +## explicit; go 1.20 github.com/gardener/controller-manager-library/hack github.com/gardener/controller-manager-library/pkg/certmgmt github.com/gardener/controller-manager-library/pkg/certs @@ -112,8 +112,8 @@ github.com/gardener/controller-manager-library/pkg/server/healthz github.com/gardener/controller-manager-library/pkg/sync github.com/gardener/controller-manager-library/pkg/utils github.com/gardener/controller-manager-library/pkg/utils/pkiutil -# github.com/gardener/external-dns-management v0.13.0 -## explicit; go 1.18 +# github.com/gardener/external-dns-management v0.15.3 +## explicit; go 1.20 github.com/gardener/external-dns-management/pkg/apis/dns github.com/gardener/external-dns-management/pkg/apis/dns/v1alpha1 github.com/gardener/external-dns-management/pkg/dns @@ -464,7 +464,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 +# k8s.io/api v0.26.4 ## explicit; go 1.19 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1alpha1 @@ -517,12 +517,12 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 +# k8s.io/apiextensions-apiserver v0.26.4 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 -# k8s.io/apimachinery v0.26.1 +# k8s.io/apimachinery v0.26.4 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -567,7 +567,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/client-go v0.26.1 +# k8s.io/client-go v0.26.4 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -702,7 +702,7 @@ k8s.io/client-go/util/flowcontrol k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/code-generator v0.26.1 +# k8s.io/code-generator v0.26.4 ## explicit; go 1.19 k8s.io/code-generator k8s.io/code-generator/cmd/client-gen @@ -737,7 +737,7 @@ k8s.io/code-generator/cmd/set-gen k8s.io/code-generator/pkg/namer k8s.io/code-generator/pkg/util k8s.io/code-generator/third_party/forked/golang/reflect -# k8s.io/component-base v0.26.1 +# k8s.io/component-base v0.26.4 ## explicit; go 1.19 k8s.io/component-base/featuregate k8s.io/component-base/metrics @@ -769,7 +769,7 @@ k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity k8s.io/klog/v2/klogr -# k8s.io/kube-aggregator v0.26.1 +# k8s.io/kube-aggregator v0.26.4 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 @@ -826,7 +826,7 @@ sigs.k8s.io/gateway-api/apis/v1beta1 ## explicit; go 1.18 sigs.k8s.io/json sigs.k8s.io/json/internal/golang/encoding/json -# sigs.k8s.io/kind v0.17.0 +# sigs.k8s.io/kind v0.18.0 ## explicit; go 1.14 sigs.k8s.io/kind sigs.k8s.io/kind/cmd/kind/app diff --git a/vendor/sigs.k8s.io/kind/.go-version b/vendor/sigs.k8s.io/kind/.go-version index 836ae4ed..769e37e1 100644 --- a/vendor/sigs.k8s.io/kind/.go-version +++ b/vendor/sigs.k8s.io/kind/.go-version @@ -1 +1 @@ -1.19.2 +1.20.2 diff --git a/vendor/sigs.k8s.io/kind/README.md b/vendor/sigs.k8s.io/kind/README.md index 3d7a15fc..5bcab621 100644 --- a/vendor/sigs.k8s.io/kind/README.md +++ b/vendor/sigs.k8s.io/kind/README.md @@ -5,9 +5,9 @@ kind is a tool for running local Kubernetes clusters using Docker container "nodes". kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI. -If you have [go] \([1.17+][go-supported]) and [docker] installed `go install sigs.k8s.io/kind@{{< stableVersion >}} && kind create cluster` is all you need! +If you have [go] \([1.17+][go-supported]) and [docker] installed `go install sigs.k8s.io/kind@v0.17.0 && kind create cluster` is all you need! -For older versions use `GO111MODULE="on" go get sigs.k8s.io/kind@{{< stableVersion >}}`. +For older versions use `GO111MODULE="on" go get sigs.k8s.io/kind@v0.17.0`. ![](site/static/images/kind-create-cluster.png) @@ -25,13 +25,10 @@ kind bootstraps each "node" with [kubeadm][kubeadm]. For more details see [the d For a complete [install guide] see [the documentation here][install guide]. -You can install kind with `GO111MODULE="on" go get sigs.k8s.io/kind@v0.16.0`. +You can install kind with `go install sigs.k8s.io/kind@v0.17.0`. **NOTE**: please use the latest go to do this. KIND is developed with the latest stable go, see [`.go-version`](./.go-version) for the exact version we're using. -**NOTE**: `go get` should not be run from a Go [modules] enabled project directory, -as go get inside a modules enabled project updates dependencies / behaves differently. Try for example `cd $HOME` first. - This will put `kind` in `$(go env GOPATH)/bin`. If you encounter the error `kind: command not found` after installation then you may need to either add that directory to your `$PATH` as shown [here](https://golang.org/doc/code.html#GOPATH) or do a manual installation by cloning the repo and run @@ -47,7 +44,7 @@ into your `$PATH`: On Linux: ```console -curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.16.0/kind-$(uname)-amd64" +curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.17.0/kind-$(uname)-amd64" chmod +x ./kind sudo mv ./kind /usr/local/bin/kind ``` @@ -68,9 +65,9 @@ On macOS via Bash: ```console # for Intel Macs -[ $(uname -m) = x86_64 ]&& curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-darwin-amd64 +[ $(uname -m) = x86_64 ]&& curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.17.0/kind-darwin-amd64 # for M1 / ARM Macs -[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-darwin-arm64 +[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.17.0/kind-darwin-arm64 chmod +x ./kind mv ./kind /some-dir-in-your-PATH/kind ``` @@ -78,7 +75,7 @@ mv ./kind /some-dir-in-your-PATH/kind On Windows: ```powershell -curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.16.0/kind-windows-amd64 +curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.17.0/kind-windows-amd64 Move-Item .\kind-windows-amd64.exe c:\some-dir-in-your-PATH\kind.exe # OR via Chocolatey (https://chocolatey.org/packages/kind) diff --git a/vendor/sigs.k8s.io/kind/pkg/apis/config/defaults/image.go b/vendor/sigs.k8s.io/kind/pkg/apis/config/defaults/image.go index 38777a4e..d7a1d1c0 100644 --- a/vendor/sigs.k8s.io/kind/pkg/apis/config/defaults/image.go +++ b/vendor/sigs.k8s.io/kind/pkg/apis/config/defaults/image.go @@ -18,4 +18,4 @@ limitations under the License. package defaults // Image is the default for the Config.Image field, aka the default node image. -const Image = "kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1" +const Image = "kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f" diff --git a/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/types.go b/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/types.go index cdf07cf9..308a6853 100644 --- a/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/types.go +++ b/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/types.go @@ -189,6 +189,8 @@ type Networking struct { // KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode // Defaults to 'iptables' mode KubeProxyMode ProxyMode `yaml:"kubeProxyMode,omitempty" json:"kubeProxyMode,omitempty"` + // DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host. + DNSSearch *[]string `yaml:"dnsSearch,omitempty" json:"dnsSearch,omitempty"` } // ClusterIPFamily defines cluster network IP family diff --git a/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/zz_generated.deepcopy.go index c8662651..b210133d 100644 --- a/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/zz_generated.deepcopy.go +++ b/vendor/sigs.k8s.io/kind/pkg/apis/config/v1alpha4/zz_generated.deepcopy.go @@ -32,7 +32,7 @@ func (in *Cluster) DeepCopyInto(out *Cluster) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.Networking = in.Networking + in.Networking.DeepCopyInto(&out.Networking) if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) @@ -99,6 +99,15 @@ func (in *Mount) DeepCopy() *Mount { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Networking) DeepCopyInto(out *Networking) { *out = *in + if in.DNSSearch != nil { + in, out := &in.DNSSearch, &out.DNSSearch + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } return } diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/build.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/build.go index 00b00c22..34d68a81 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/build.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/build.go @@ -73,8 +73,6 @@ func supportedArch(arch string) bool { // currently we nominally support building node images for these case "amd64": case "arm64": - case "ppc64le": - case "s390x": } return true } diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/buildcontext.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/buildcontext.go index 51662396..ecbaf6b1 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/buildcontext.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/buildcontext.go @@ -48,10 +48,10 @@ type buildContext struct { builder kube.Builder } -// Build builds the cluster node image, the sourcedir must be set on +// Build builds the cluster node image, the source dir must be set on // the buildContext func (c *buildContext) Build() (err error) { - // ensure kubernetes build is up to date first + // ensure kubernetes build is up-to-date first c.logger.V(0).Info("Starting to build Kubernetes") bits, err := c.builder.Build() if err != nil { @@ -60,17 +60,17 @@ func (c *buildContext) Build() (err error) { } c.logger.V(0).Info("Finished building Kubernetes") - // then the perform the actual docker image build + // then perform the actual docker image build c.logger.V(0).Info("Building node image ...") return c.buildImage(bits) } func (c *buildContext) buildImage(bits kube.Bits) error { // create build container - // NOTE: we are using docker run + docker commit so we can install + // NOTE: we are using docker run + docker commit, so we can install // debian packages without permanently copying them into the image. // if docker gets proper squash support, we can rm them instead - // This also allows the KubeBit implementations to perform programmatic + // This also allows the KubeBit implementations to programmatically // install in the image containerID, err := c.createBuildContainer() cmder := docker.ContainerCmder(containerID) @@ -144,7 +144,7 @@ func (c *buildContext) buildImage(bits kube.Bits) error { return nil } -// returns a set of image tags that will be sideloaded +// returns a set of image tags that will be side-loaded func (c *buildContext) getBuiltImages(bits kube.Bits) (sets.String, error) { images := sets.NewString() for _, path := range bits.ImagePaths() { @@ -313,7 +313,7 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers func (c *buildContext) createBuildContainer() (id string, err error) { // attempt to explicitly pull the image if it doesn't exist locally - // we don't care if this errors, we'll still try to run which also pulls + // we don't care if this returns error, we'll still try to run which also pulls _ = docker.Pull(c.logger, c.baseImage, dockerBuildOsAndArch(c.arch), 4) // this should be good enough: a specific prefix, the current unix time, // and a little random bits in case we have multiple builds simultaneously @@ -323,7 +323,7 @@ func (c *buildContext) createBuildContainer() (id string, err error) { c.baseImage, []string{ "-d", // make the client exit while the container continues to run - // the container should hang forever so we can exec in it + // the container should hang forever, so we can exec in it "--entrypoint=sleep", "--name=" + id, "--platform=" + dockerBuildOsAndArch(c.arch), diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_cni.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_cni.go index 37adb001..9ec83a2d 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_cni.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_cni.go @@ -20,7 +20,7 @@ package nodeimage The default CNI manifest and images are our own tiny kindnet */ -const kindnetdImage = "docker.io/kindest/kindnetd:v20221004-44d545d1" +const kindnetdImage = "docker.io/kindest/kindnetd:v20230330-48f316cd@sha256:c19d6362a6a928139820761475a38c24c0cf84d507b9ddf414a078cf627497af" var defaultCNIImages = []string{kindnetdImage} @@ -91,6 +91,8 @@ spec: k8s-app: kindnet spec: hostNetwork: true + nodeSelector: + kubernetes.io/os: linux tolerations: - operator: Exists serviceAccountName: kindnet diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_storage.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_storage.go index f76ffbe2..a27726f3 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_storage.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/const_storage.go @@ -25,8 +25,8 @@ NOTE: we have customized it in the following ways: - install as the default storage class */ -const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v0.0.22-kind.0" -const storageHelperImage = "docker.io/kindest/local-path-helper:v20220607-9a4d8d2a" +const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v0.0.23-kind.0@sha256:f2d0a02831ff3a03cf51343226670d5060623b43a4cfc4808bd0875b2c4b9501" +const storageHelperImage = "docker.io/kindest/local-path-helper:v20230330-48f316cd@sha256:135203f2441f916fb13dad1561d27f60a6f11f50ec288b01a7d2ee9947c36270" // image we need to preload var defaultStorageImages = []string{storageProvisionerImage, storageHelperImage} diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/defaults.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/defaults.go index 2569975a..f480f56e 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/defaults.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/defaults.go @@ -20,4 +20,6 @@ package nodeimage const DefaultImage = "kindest/node:latest" // DefaultBaseImage is the default base image used -const DefaultBaseImage = "docker.io/kindest/base:v20221025-014d1502" +// TODO: come up with a reasonable solution to digest pinning +// https://github.com/moby/moby/issues/43188 +const DefaultBaseImage = "docker.io/kindest/base:v20230330-89a4b81b" diff --git a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.go b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.go index 11013df3..e139c7f3 100644 --- a/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.go +++ b/vendor/sigs.k8s.io/kind/pkg/build/nodeimage/internal/container/docker/archive.go @@ -53,7 +53,7 @@ func GetArchiveTags(path string) ([]string, error) { if err != nil { return nil, err } - if hdr.Name == "repositories" { + if hdr.Name == "manifest.json" || hdr.Name == "repositories" { break } } @@ -62,17 +62,25 @@ func GetArchiveTags(path string) ([]string, error) { if err != nil { return nil, err } - // parse - repoTags, err := parseRepositories(b) - if err != nil { - return nil, err - } - // convert to tags in the docker CLI sense res := []string{} - for repo, tags := range repoTags { - for tag := range tags { - res = append(res, fmt.Sprintf("%s:%s", repo, tag)) + // parse + if hdr.Name == "repositories" { + repoTags, err := parseRepositories(b) + if err != nil { + return nil, err + } + // convert to tags in the docker CLI sense + for repo, tags := range repoTags { + for tag := range tags { + res = append(res, fmt.Sprintf("%s:%s", repo, tag)) + } } + } else if hdr.Name == "manifest.json" { + manifest, err := parseDockerV1Manifest(b) + if err != nil { + return nil, err + } + res = append(res, manifest[0].RepoTags...) } return res, nil } @@ -215,3 +223,13 @@ func parseRepositories(data []byte) (archiveRepositories, error) { } return repoTags, nil } + +// parseDockerV1Manifest parses Docker Image Spec v1 manifest (not OCI Image Spec manifest) +// https://github.com/moby/moby/blob/v20.10.22/image/spec/v1.2.md#combined-image-json--filesystem-changeset-format +func parseDockerV1Manifest(data []byte) ([]metadataEntry, error) { + var entries []metadataEntry + if err := json.Unmarshal(data, &entries); err != nil { + return nil, err + } + return entries, nil +} diff --git a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/delete/delete.go b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/delete/delete.go index 550cc457..1a5e2d15 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/delete/delete.go +++ b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/delete/delete.go @@ -38,12 +38,17 @@ func Cluster(logger log.Logger, p providers.Provider, name, explicitKubeconfigPa logger.Errorf("failed to update kubeconfig: %v", kerr) } - err = p.DeleteNodes(n) - if err != nil { - return err + if len(n) > 0 { + err = p.DeleteNodes(n) + if err != nil { + return err + } + logger.V(0).Infof("Deleted nodes: %q", n) } + if kerr != nil { - return err + return kerr } + return nil } diff --git a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/config.go b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/config.go index 71e17388..185565f6 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/config.go +++ b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/config.go @@ -36,6 +36,8 @@ global log /dev/log local0 log /dev/log local1 notice daemon + # limit memory usage to approximately 18 MB + maxconn 100000 resolvers docker nameserver dns 127.0.0.11:53 diff --git a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/const.go b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/const.go index 121fc256..e3b11949 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/const.go +++ b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/loadbalancer/const.go @@ -17,7 +17,7 @@ limitations under the License. package loadbalancer // Image defines the loadbalancer image:tag -const Image = "kindest/haproxy:v20220607-9a4d8d2a" +const Image = "docker.io/kindest/haproxy:v20230227-d46f45b6" // ConfigPath defines the path to the config file in the image const ConfigPath = "/usr/local/etc/haproxy/haproxy.cfg" diff --git a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/docker/provision.go b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/docker/provision.go index 97b05594..51a2e334 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/docker/provision.go +++ b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/docker/provision.go @@ -199,6 +199,11 @@ func commonArgs(cluster string, cfg *config.Cluster, networkName string, nodeNam if mountFuse() { args = append(args, "--device", "/dev/fuse") } + + if cfg.Networking.DNSSearch != nil { + args = append(args, "-e", "KIND_DNS_SEARCH="+strings.Join(*cfg.Networking.DNSSearch, " ")) + } + return args, nil } diff --git a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provision.go b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provision.go index 0935b48d..a63cda33 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provision.go +++ b/vendor/sigs.k8s.io/kind/pkg/cluster/internal/providers/podman/provision.go @@ -164,6 +164,10 @@ func commonArgs(cfg *config.Cluster, networkName string, nodeNames []string) ([] args = append(args, "--device", "/dev/fuse") } + if cfg.Networking.DNSSearch != nil { + args = append(args, "-e", "KIND_DNS_SEARCH="+strings.Join(*cfg.Networking.DNSSearch, " ")) + } + return args, nil } diff --git a/vendor/sigs.k8s.io/kind/pkg/cmd/kind/load/docker-image/docker-image.go b/vendor/sigs.k8s.io/kind/pkg/cmd/kind/load/docker-image/docker-image.go index 421a704c..39fa4314 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cmd/kind/load/docker-image/docker-image.go +++ b/vendor/sigs.k8s.io/kind/pkg/cmd/kind/load/docker-image/docker-image.go @@ -130,13 +130,13 @@ func runE(logger log.Logger, flags *flagpole, args []string) error { } // pick only the nodes that don't have the image - selectedNodes := []nodes.Node{} + selectedNodes := map[string]nodes.Node{} fns := []func() error{} for i, imageName := range imageNames { imageID := imageIDs[i] processed := false for _, node := range candidateNodes { - exists, reTagRequired, imageName := checkIfImageReTagRequired(node, imageID, imageName, nodeutils.ImageTags) + exists, reTagRequired, sanitizedImageName := checkIfImageReTagRequired(node, imageID, imageName, nodeutils.ImageTags) if exists && !reTagRequired { continue } @@ -144,10 +144,10 @@ func runE(logger log.Logger, flags *flagpole, args []string) error { if reTagRequired { // We will try to re-tag the image. If the re-tag fails, we will fall back to the default behavior of loading // the images into the nodes again - logger.V(0).Infof("Image with ID: %s already present on the node %s but is missing the tag %s. re-tagging...", imageID, node.String(), imageName) - if err := nodeutils.ReTagImage(node, imageID, imageName); err != nil { + logger.V(0).Infof("Image with ID: %s already present on the node %s but is missing the tag %s. re-tagging...", imageID, node.String(), sanitizedImageName) + if err := nodeutils.ReTagImage(node, imageID, sanitizedImageName); err != nil { logger.Errorf("failed to re-tag image on the node %s due to an error %s. Will load it instead...", node.String(), err) - selectedNodes = append(selectedNodes, node) + selectedNodes[node.String()] = node } else { processed = true } @@ -155,7 +155,7 @@ func runE(logger log.Logger, flags *flagpole, args []string) error { } id, err := nodeutils.ImageID(node, imageName) if err != nil || id != imageID { - selectedNodes = append(selectedNodes, node) + selectedNodes[node.String()] = node logger.V(0).Infof("Image: %q with ID %q not yet present on node %q, loading...", imageName, imageID, node.String()) } continue diff --git a/vendor/sigs.k8s.io/kind/pkg/cmd/kind/version/version.go b/vendor/sigs.k8s.io/kind/pkg/cmd/kind/version/version.go index a2a03337..4bb7e808 100644 --- a/vendor/sigs.k8s.io/kind/pkg/cmd/kind/version/version.go +++ b/vendor/sigs.k8s.io/kind/pkg/cmd/kind/version/version.go @@ -54,7 +54,7 @@ func DisplayVersion() string { } // versionCore is the core portion of the kind CLI version per Semantic Versioning 2.0.0 -const versionCore = "0.17.0" +const versionCore = "0.18.0" // versionPreRelease is the base pre-release portion of the kind CLI version per // Semantic Versioning 2.0.0 diff --git a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/convert_v1alpha4.go b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/convert_v1alpha4.go index f37fe6c1..2df4b751 100644 --- a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/convert_v1alpha4.go +++ b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/convert_v1alpha4.go @@ -85,6 +85,7 @@ func convertv1alpha4Networking(in *v1alpha4.Networking, out *Networking) { out.KubeProxyMode = ProxyMode(in.KubeProxyMode) out.ServiceSubnet = in.ServiceSubnet out.DisableDefaultCNI = in.DisableDefaultCNI + out.DNSSearch = in.DNSSearch } func convertv1alpha4Mount(in *v1alpha4.Mount, out *Mount) { diff --git a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/types.go b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/types.go index 4c44a6ba..fed30007 100644 --- a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/types.go +++ b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/types.go @@ -150,6 +150,8 @@ type Networking struct { DisableDefaultCNI bool // KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode KubeProxyMode ProxyMode + // DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host. + DNSSearch *[]string } // ClusterIPFamily defines cluster network IP family diff --git a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/zz_generated.deepcopy.go index 14ecf090..6c86691f 100644 --- a/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/zz_generated.deepcopy.go +++ b/vendor/sigs.k8s.io/kind/pkg/internal/apis/config/zz_generated.deepcopy.go @@ -31,7 +31,7 @@ func (in *Cluster) DeepCopyInto(out *Cluster) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.Networking = in.Networking + in.Networking.DeepCopyInto(&out.Networking) if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) @@ -98,6 +98,15 @@ func (in *Mount) DeepCopy() *Mount { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Networking) DeepCopyInto(out *Networking) { *out = *in + if in.DNSSearch != nil { + in, out := &in.DNSSearch, &out.DNSSearch + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } return }