From 80bc4ac6a94d797790c9be21ed345cf5e857c0c6 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Thu, 7 Apr 2022 17:10:47 -0700 Subject: [PATCH] Add FelixConfiguration option for FloatingIPs (#5861) --- config/config_params.go | 3 + dataplane/driver.go | 6 +- dataplane/linux/endpoint_mgr.go | 11 +-- dataplane/linux/endpoint_mgr_test.go | 66 ++++++++++++++--- dataplane/linux/floating_ip_mgr.go | 34 +++++---- dataplane/linux/floating_ip_mgr_test.go | 94 ++++++++++++++++++++++++- dataplane/linux/int_dataplane.go | 20 +++--- dataplane/linux/int_dataplane_test.go | 12 ++-- go.mod | 6 +- go.sum | 13 ++-- 10 files changed, 208 insertions(+), 57 deletions(-) diff --git a/config/config_params.go b/config/config_params.go index c475a70969..71910c0347 100644 --- a/config/config_params.go +++ b/config/config_params.go @@ -266,6 +266,9 @@ type Config struct { IpInIpMtu int `config:"int;0"` IpInIpTunnelAddr net.IP `config:"ipv4;"` + // Feature enablement. Can be either "Enabled" or "Disabled". + FloatingIPs string `config:"oneof(Enabled,Disabled);Disabled"` + // Knobs provided to explicitly control whether we add rules to drop encap traffic // from workloads. We always add them unless explicitly requested not to add them. AllowVXLANPacketsFromWorkloads bool `config:"bool;false"` diff --git a/dataplane/driver.go b/dataplane/driver.go index 57b474129d..2869365456 100644 --- a/dataplane/driver.go +++ b/dataplane/driver.go @@ -23,6 +23,7 @@ import ( "os/exec" "runtime/debug" "strconv" + "strings" "time" log "github.com/sirupsen/logrus" @@ -174,7 +175,7 @@ func StartDataplaneDriver(configParams *config.Config, failsafeInboundHostPorts := configParams.FailsafeInboundHostPorts failsafeOutboundHostPorts := configParams.FailsafeOutboundHostPorts if configParams.WireguardEnabled { - var found = false + found := false for _, i := range failsafeInboundHostPorts { if i.Port == uint16(configParams.WireguardListeningPort) && i.Protocol == "udp" { log.WithFields(log.Fields{ @@ -220,7 +221,8 @@ func StartDataplaneDriver(configParams *config.Config, } dpConfig := intdataplane.Config{ - Hostname: configParams.FelixHostname, + Hostname: configParams.FelixHostname, + FloatingIPsEnabled: strings.EqualFold(configParams.FloatingIPs, string(apiv3.FloatingIPsEnabled)), IfaceMonitorConfig: ifacemonitor.Config{ InterfaceExcludes: configParams.InterfaceExclude, ResyncInterval: configParams.InterfaceRefreshInterval, diff --git a/dataplane/linux/endpoint_mgr.go b/dataplane/linux/endpoint_mgr.go index e8c74dadb0..c651287c88 100644 --- a/dataplane/linux/endpoint_mgr.go +++ b/dataplane/linux/endpoint_mgr.go @@ -135,6 +135,7 @@ type endpointManager struct { ipVersion uint8 wlIfacesRegexp *regexp.Regexp kubeIPVSSupportEnabled bool + floatingIPsEnabled bool // Our dependencies. rawTable iptablesTable @@ -221,6 +222,7 @@ func newEndpointManager( bpfEnabled bool, bpfEndpointManager hepListener, callbacks *callbacks, + floatingIPsEnabled bool, ) *endpointManager { return newEndpointManagerWithShims( rawTable, @@ -238,6 +240,7 @@ func newEndpointManager( bpfEnabled, bpfEndpointManager, callbacks, + floatingIPsEnabled, ) } @@ -257,6 +260,7 @@ func newEndpointManagerWithShims( bpfEnabled bool, bpfEndpointManager hepListener, callbacks *callbacks, + floatingIPsEnabled bool, ) *endpointManager { wlIfacesPattern := "^(" + strings.Join(wlInterfacePrefixes, "|") + ").*" wlIfacesRegexp := regexp.MustCompile(wlIfacesPattern) @@ -267,6 +271,7 @@ func newEndpointManagerWithShims( kubeIPVSSupportEnabled: kubeIPVSSupportEnabled, bpfEnabled: bpfEnabled, bpfEndpointManager: bpfEndpointManager, + floatingIPsEnabled: floatingIPsEnabled, rawTable: rawTable, mangleTable: mangleTable, @@ -387,7 +392,6 @@ func (m *endpointManager) ResolveUpdateBatch() error { } func (m *endpointManager) CompleteDeferredWork() error { - m.resolveWorkloadEndpoints() if m.hostEndpointsDirty { @@ -626,7 +630,8 @@ func (m *endpointManager) resolveWorkloadEndpoints() { natInfos = workload.Ipv6Nat addrSuffix = "/128" } - if len(natInfos) != 0 { + if m.floatingIPsEnabled && len(natInfos) != 0 { + // Include any floating IP NATs if the feature is enabled. old := ipStrings ipStrings = make([]string, len(old)+len(natInfos)) copy(ipStrings, old) @@ -743,7 +748,6 @@ func (m *endpointManager) resolveEndpointMarks() { } func (m *endpointManager) resolveHostEndpoints() map[string]proto.HostEndpointID { - // Host endpoint resolution // ------------------------ // @@ -866,7 +870,6 @@ func (m *endpointManager) resolveHostEndpoints() map[string]proto.HostEndpointID } func (m *endpointManager) updateHostEndpoints() { - // Calculate filtered name/id maps for untracked and pre-DNAT policy, and a reverse map from // each active host endpoint to the interfaces it is in use for. newIfaceNameToHostEpID := m.newIfaceNameToHostEpID diff --git a/dataplane/linux/endpoint_mgr_test.go b/dataplane/linux/endpoint_mgr_test.go index 210d71bac4..4935ae706b 100644 --- a/dataplane/linux/endpoint_mgr_test.go +++ b/dataplane/linux/endpoint_mgr_test.go @@ -704,6 +704,7 @@ func endpointManagerTests(ipVersion uint8) func() { false, hepListener, newCallbacks(), + true, ) }) @@ -1416,7 +1417,6 @@ func endpointManagerTests(ipVersion uint8) func() { })) }) }) - }) Context("with host endpoint configured before interface signaled", func() { @@ -1470,7 +1470,6 @@ func endpointManagerTests(ipVersion uint8) func() { } Describe("workload endpoints", func() { - Context("with a workload endpoint", func() { wlEPID1 := proto.WorkloadEndpointID{ OrchestratorId: "k8s", @@ -1514,7 +1513,6 @@ func endpointManagerTests(ipVersion uint8) func() { It("should have expected chains", expectWlChainsFor("cali12345-ab_policy1")) Context("with another endpoint with the same interface name and earlier workload ID, and no policy", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ Id: &proto.WorkloadEndpointID{ @@ -1541,7 +1539,6 @@ func endpointManagerTests(ipVersion uint8) func() { It("should have expected chains with no policy", expectWlChainsFor("cali12345-ab")) Context("with the first endpoint removed", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointRemove{ Id: &wlEPID1, @@ -1555,7 +1552,6 @@ func endpointManagerTests(ipVersion uint8) func() { It("should have expected chains with no policy", expectWlChainsFor("cali12345-ab")) Context("with the second endpoint removed", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointRemove{ Id: &proto.WorkloadEndpointID{ @@ -1576,7 +1572,6 @@ func endpointManagerTests(ipVersion uint8) func() { }) Context("with another endpoint with the same interface name and later workload ID, and no policy", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ Id: &proto.WorkloadEndpointID{ @@ -1603,7 +1598,6 @@ func endpointManagerTests(ipVersion uint8) func() { It("should have expected chains", expectWlChainsFor("cali12345-ab_policy1")) Context("with the first endpoint removed", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointRemove{ Id: &wlEPID1, @@ -1617,7 +1611,6 @@ func endpointManagerTests(ipVersion uint8) func() { It("should have expected chains with no policy", expectWlChainsFor("cali12345-ab")) Context("with the second endpoint removed", func() { - JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointRemove{ Id: &proto.WorkloadEndpointID{ @@ -1810,6 +1803,59 @@ func endpointManagerTests(ipVersion uint8) func() { }) }) + // Test that by disabling floatingIPs on the endpoint manager, even workload endpoints + // that have floating IP NAT addresses specified will not result in those routes being + // programmed. + Context("with floating IPs disasbled, but added to the endpoint", func() { + JustBeforeEach(func() { + epMgr.floatingIPsEnabled = false + epMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ + Id: &wlEPID1, + Endpoint: &proto.WorkloadEndpoint{ + State: "active", + Mac: "01:02:03:04:05:06", + Name: "cali12345-ab", + ProfileIds: []string{}, + Tiers: []*proto.TierInfo{}, + Ipv4Nets: []string{"10.0.240.2/24"}, + Ipv6Nets: []string{"2001:db8:2::2/128"}, + Ipv4Nat: []*proto.NatInfo{ + {ExtIp: "172.16.1.3", IntIp: "10.0.240.2"}, + {ExtIp: "172.18.1.4", IntIp: "10.0.240.2"}, + }, + Ipv6Nat: []*proto.NatInfo{ + {ExtIp: "2001:db8:3::2", IntIp: "2001:db8:2::2"}, + {ExtIp: "2001:db8:4::2", IntIp: "2001:db8:4::2"}, + }, + }, + }) + err := epMgr.ResolveUpdateBatch() + Expect(err).ToNot(HaveOccurred()) + err = epMgr.CompleteDeferredWork() + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have expected chains", expectWlChainsFor("cali12345-ab")) + + It("should set routes with no floating IPs", func() { + if ipVersion == 6 { + routeTable.checkRoutes("cali12345-ab", []routetable.Target{ + { + CIDR: ip.MustParseCIDROrIP("2001:db8:2::2/128"), + DestMAC: testutils.MustParseMAC("01:02:03:04:05:06"), + }, + }) + } else { + routeTable.checkRoutes("cali12345-ab", []routetable.Target{ + { + CIDR: ip.MustParseCIDROrIP("10.0.240.0/24"), + DestMAC: testutils.MustParseMAC("01:02:03:04:05:06"), + }, + }) + } + }) + }) + Context("with the endpoint removed", func() { JustBeforeEach(func() { epMgr.OnUpdate(&proto.WorkloadEndpointRemove{ @@ -1961,9 +2007,7 @@ type testProcSys struct { Fail bool } -var ( - procSysFail = errors.New("mock proc sys failure") -) +var procSysFail = errors.New("mock proc sys failure") func (t *testProcSys) write(path, value string) error { log.WithFields(log.Fields{ diff --git a/dataplane/linux/floating_ip_mgr.go b/dataplane/linux/floating_ip_mgr.go index 7f8b27f689..f99a0b08ec 100644 --- a/dataplane/linux/floating_ip_mgr.go +++ b/dataplane/linux/floating_ip_mgr.go @@ -76,12 +76,14 @@ type floatingIPManager struct { activeSNATChains []*iptables.Chain natInfo map[proto.WorkloadEndpointID][]*proto.NatInfo dirtyNATInfo bool + enabled bool } func newFloatingIPManager( natTable iptablesTable, ruleRenderer rules.RuleRenderer, ipVersion uint8, + enabled bool, ) *floatingIPManager { return &floatingIPManager{ natTable: natTable, @@ -92,6 +94,7 @@ func newFloatingIPManager( activeSNATChains: []*iptables.Chain{}, natInfo: map[proto.WorkloadEndpointID][]*proto.NatInfo{}, dirtyNATInfo: true, + enabled: enabled, } } @@ -114,23 +117,28 @@ func (m *floatingIPManager) CompleteDeferredWork() error { if m.dirtyNATInfo { // Collate required DNATs as a map from external IP to internal IP. dnats := map[string]string{} - for _, natInfos := range m.natInfo { - for _, natInfo := range natInfos { - log.WithFields(log.Fields{ - "ExtIP": natInfo.ExtIp, - "IntIP": natInfo.IntIp, - }).Debug("NAT mapping") + if m.enabled { + // We only perform nat if the feature is explicitly enabled, otherwise + // we will simply remove any programmed floating IP NAT fules. + for _, natInfos := range m.natInfo { + for _, natInfo := range natInfos { + log.WithFields(log.Fields{ + "ExtIP": natInfo.ExtIp, + "IntIP": natInfo.IntIp, + }).Debug("NAT mapping") - // We shouldn't ever have the same floating IP mapping to multiple - // workload IPs, but if we do we'll program the mapping to the - // alphabetically earlier one. - existingIntIP := dnats[natInfo.ExtIp] - if existingIntIP == "" || natInfo.IntIp < existingIntIP { - log.Debug("Wanted NAT mapping") - dnats[natInfo.ExtIp] = natInfo.IntIp + // We shouldn't ever have the same floating IP mapping to multiple + // workload IPs, but if we do we'll program the mapping to the + // alphabetically earlier one. + existingIntIP := dnats[natInfo.ExtIp] + if existingIntIP == "" || natInfo.IntIp < existingIntIP { + log.Debug("Wanted NAT mapping") + dnats[natInfo.ExtIp] = natInfo.IntIp + } } } } + // Collate required SNATs as a map from internal IP to external IP. snats := map[string]string{} for extIP, intIP := range dnats { diff --git a/dataplane/linux/floating_ip_mgr_test.go b/dataplane/linux/floating_ip_mgr_test.go index 610a2e0920..99975a31c1 100644 --- a/dataplane/linux/floating_ip_mgr_test.go +++ b/dataplane/linux/floating_ip_mgr_test.go @@ -87,14 +87,14 @@ func floatingIPManagerTests(ipVersion uint8) func() { JustBeforeEach(func() { renderer := rules.NewRenderer(rrConfigNormal) natTable = newMockTable("nat") - fipMgr = newFloatingIPManager(natTable, renderer, ipVersion) + fipMgr = newFloatingIPManager(natTable, renderer, ipVersion, true) }) It("should be constructable", func() { Expect(fipMgr).ToNot(BeNil()) }) - Context("with a workload endpoint", func() { + Context("with floatingIPs enabled", func() { JustBeforeEach(func() { fipMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ Id: &proto.WorkloadEndpointID{ @@ -199,6 +199,96 @@ func floatingIPManagerTests(ipVersion uint8) func() { }) }) }) + + Context("with floatingIPs disabled", func() { + JustBeforeEach(func() { + fipMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ + Id: &proto.WorkloadEndpointID{ + OrchestratorId: "k8s", + WorkloadId: "pod-11", + EndpointId: "endpoint-id-11", + }, + Endpoint: &proto.WorkloadEndpoint{ + State: "up", + Mac: "01:02:03:04:05:06", + Name: "cali12345-ab", + ProfileIds: []string{}, + Tiers: []*proto.TierInfo{}, + Ipv4Nets: []string{"10.0.240.2/24"}, + Ipv6Nets: []string{"2001:db8:2::2/128"}, + }, + }) + err := fipMgr.CompleteDeferredWork() + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have empty NAT chains", func() { + natTable.checkChains([][]*iptables.Chain{{ + expectedDNATChain(), + expectedSNATChain(), + }}) + }) + + Context("with floating IPs added to the endpoint", func() { + JustBeforeEach(func() { + fipMgr.enabled = false + fipMgr.OnUpdate(&proto.WorkloadEndpointUpdate{ + Id: &proto.WorkloadEndpointID{ + OrchestratorId: "k8s", + WorkloadId: "pod-11", + EndpointId: "endpoint-id-11", + }, + Endpoint: &proto.WorkloadEndpoint{ + State: "up", + Mac: "01:02:03:04:05:06", + Name: "cali12345-ab", + ProfileIds: []string{}, + Tiers: []*proto.TierInfo{}, + Ipv4Nets: []string{"10.0.240.2/24"}, + Ipv6Nets: []string{"2001:db8:2::2/128"}, + Ipv4Nat: []*proto.NatInfo{ + {ExtIp: "172.16.1.3", IntIp: "10.0.240.2"}, + {ExtIp: "172.18.1.4", IntIp: "10.0.240.2"}, + }, + Ipv6Nat: []*proto.NatInfo{ + {ExtIp: "2001:db8:3::2", IntIp: "2001:db8:2::2"}, + {ExtIp: "2001:db8:4::2", IntIp: "2001:db8:2::2"}, + }, + }, + }) + err := fipMgr.CompleteDeferredWork() + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have empty NAT chains", func() { + natTable.checkChains([][]*iptables.Chain{{ + expectedDNATChain(), + expectedSNATChain(), + }}) + }) + + Context("with the endpoint removed", func() { + JustBeforeEach(func() { + fipMgr.OnUpdate(&proto.WorkloadEndpointRemove{ + Id: &proto.WorkloadEndpointID{ + OrchestratorId: "k8s", + WorkloadId: "pod-11", + EndpointId: "endpoint-id-11", + }, + }) + err := fipMgr.CompleteDeferredWork() + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have empty NAT chains", func() { + natTable.checkChains([][]*iptables.Chain{{ + expectedDNATChain(), + expectedSNATChain(), + }}) + }) + }) + }) + }) } } diff --git a/dataplane/linux/int_dataplane.go b/dataplane/linux/int_dataplane.go index a09d235a1d..086033205c 100644 --- a/dataplane/linux/int_dataplane.go +++ b/dataplane/linux/int_dataplane.go @@ -139,6 +139,8 @@ type Config struct { IptablesLockProbeInterval time.Duration XDPRefreshInterval time.Duration + FloatingIPsEnabled bool + Wireguard wireguard.Config NetlinkTimeout time.Duration @@ -539,9 +541,7 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane { RepinningEnabled: config.BPFMapRepin, } - var ( - bpfEndpointManager *bpfEndpointManager - ) + var bpfEndpointManager *bpfEndpointManager if config.BPFEnabled { log.Info("BPF enabled, starting BPF endpoint manager and map manager.") @@ -713,10 +713,12 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane { dp.endpointStatusCombiner.OnEndpointStatusUpdate, config.BPFEnabled, bpfEndpointManager, - callbacks) + callbacks, + config.FloatingIPsEnabled, + ) dp.RegisterManager(epManager) dp.endpointsSourceV4 = epManager - dp.RegisterManager(newFloatingIPManager(natTableV4, ruleRenderer, 4)) + dp.RegisterManager(newFloatingIPManager(natTableV4, ruleRenderer, 4, config.FloatingIPsEnabled)) dp.RegisterManager(newMasqManager(ipSetsV4, natTableV4, ruleRenderer, config.MaxIPSetSize, 4)) if config.RulesConfig.IPIPEnabled { // Add a manger to keep the all-hosts IP set up to date. @@ -810,8 +812,10 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane { dp.endpointStatusCombiner.OnEndpointStatusUpdate, config.BPFEnabled, nil, - callbacks)) - dp.RegisterManager(newFloatingIPManager(natTableV6, ruleRenderer, 6)) + callbacks, + config.FloatingIPsEnabled, + )) + dp.RegisterManager(newFloatingIPManager(natTableV6, ruleRenderer, 6, config.FloatingIPsEnabled)) dp.RegisterManager(newMasqManager(ipSetsV6, natTableV6, ruleRenderer, config.MaxIPSetSize, 6)) dp.RegisterManager(newServiceLoopManager(filterTableV6, ruleRenderer, 6)) } @@ -1925,9 +1929,7 @@ func (d *InternalDataplane) reportHealth() { type dummyLock struct{} func (d dummyLock) Lock() { - } func (d dummyLock) Unlock() { - } diff --git a/dataplane/linux/int_dataplane_test.go b/dataplane/linux/int_dataplane_test.go index 46f8c8066a..ad9da25c44 100644 --- a/dataplane/linux/int_dataplane_test.go +++ b/dataplane/linux/int_dataplane_test.go @@ -34,8 +34,8 @@ var _ = Describe("Constructor test", func() { var configParams *config.Config var dpConfig intdataplane.Config var healthAggregator *health.HealthAggregator - var kubernetesProvider = config.ProviderNone - var routeSource = "CalicoIPAM" + kubernetesProvider := config.ProviderNone + routeSource := "CalicoIPAM" var wireguardEncryptHostTraffic bool JustBeforeEach(func() { @@ -43,6 +43,7 @@ var _ = Describe("Constructor test", func() { _, err := configParams.UpdateFrom(map[string]string{"InterfaceExclude": "/^kube.*/,/veth/,eth2"}, config.EnvironmentVariable) Expect(err).NotTo(HaveOccurred()) dpConfig = intdataplane.Config{ + FloatingIPsEnabled: true, IfaceMonitorConfig: ifacemonitor.Config{ InterfaceExcludes: configParams.InterfaceExclude, ResyncInterval: configParams.RouteRefreshInterval, @@ -98,24 +99,22 @@ var _ = Describe("Constructor test", func() { }) It("should be constructable", func() { - var dp = intdataplane.NewIntDataplaneDriver(dpConfig) + dp := intdataplane.NewIntDataplaneDriver(dpConfig) Expect(dp).ToNot(BeNil()) }) Context("with health aggregator", func() { - BeforeEach(func() { healthAggregator = health.NewHealthAggregator() }) It("should be constructable", func() { - var dp = intdataplane.NewIntDataplaneDriver(dpConfig) + dp := intdataplane.NewIntDataplaneDriver(dpConfig) Expect(dp).ToNot(BeNil()) }) }) Context("with Wireguard on AKS", func() { - BeforeEach(func() { kubernetesProvider = config.ProviderAKS routeSource = "WorkloadIPs" @@ -129,7 +128,6 @@ var _ = Describe("Constructor test", func() { }) Context("with Wireguard on non-managed provider", func() { - BeforeEach(func() { kubernetesProvider = config.ProviderNone routeSource = "CalicoIPAM" diff --git a/go.mod b/go.mod index dfd17ccf80..f4988b304c 100644 --- a/go.mod +++ b/go.mod @@ -24,10 +24,10 @@ require ( github.com/onsi/ginkgo v1.14.1 github.com/onsi/gomega v1.10.1 github.com/pkg/errors v0.9.1 - github.com/projectcalico/api v0.0.0-20210812153050-d56d8a62d55f - github.com/projectcalico/libcalico-go v1.7.2-0.20210812161418-8f238d1920a5 + github.com/projectcalico/api v0.0.0-20220411213543-effb8939528e + github.com/projectcalico/libcalico-go v1.7.2-0.20220411224106-e73d057e6c68 github.com/projectcalico/pod2daemon v0.0.0-20210816230834-b3a8b892d114 - github.com/projectcalico/typha v0.7.3-0.20211124002451-f4bc8be43ee1 + github.com/projectcalico/typha v0.7.3-0.20220411224225-d1bd0f720abb github.com/prometheus/client_golang v1.7.1 github.com/prometheus/common v0.10.0 github.com/sirupsen/logrus v1.7.0 diff --git a/go.sum b/go.sum index f8f0729414..e1de52bb23 100644 --- a/go.sum +++ b/go.sum @@ -289,6 +289,7 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3 h1:zN2lZNZRflqFyxVaTIU61KNKQ9C0055u9CAfpmqUvo4= github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3/go.mod h1:nPpo7qLxd6XL3hWJG/O60sR8ZKfMCiIoNap5GvD12KU= +github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -609,22 +610,22 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/projectcalico/api v0.0.0-20210812153050-d56d8a62d55f h1:SIzIwUwtGpC69Dc5tI3/p3Jy4nULpOxcT+Lr00NKo4w= -github.com/projectcalico/api v0.0.0-20210812153050-d56d8a62d55f/go.mod h1:8raLpE2oURN0I33JpEniA3LmAs5uPZ1kGnW/YunYEB0= +github.com/projectcalico/api v0.0.0-20220411213543-effb8939528e h1:eHJN1ndhes0D4CIiC4IieDF1U7EOYTXnNc4jBAtzNd0= +github.com/projectcalico/api v0.0.0-20220411213543-effb8939528e/go.mod h1:8raLpE2oURN0I33JpEniA3LmAs5uPZ1kGnW/YunYEB0= github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba h1:aaF2byUCZhzszHsfPEr2M3qcU4ibtD/yk/il2R7T1PU= github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba/go.mod h1:q8EdCgBdMQzgiX/uk4GXLWLk+gIHd1a7mWUAamJKDb4= github.com/projectcalico/go-yaml-wrapper v0.0.0-20191112210931-090425220c54 h1:Jt2Pic9dxgJisekm8q2WV9FaWxUJhhRfwHSP640drww= github.com/projectcalico/go-yaml-wrapper v0.0.0-20191112210931-090425220c54/go.mod h1:UgC0aTQ2KMDxlX3lU/stndk7DMUBJqzN40yFiILHgxc= github.com/projectcalico/hcsshim v0.8.9-calico h1:aRrOWouDTzKwaIoRGMV/I1QikR+ikwj1G9T9h3wD090= github.com/projectcalico/hcsshim v0.8.9-calico/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= -github.com/projectcalico/libcalico-go v1.7.2-0.20210812161418-8f238d1920a5 h1:NThMmuy54k0BufTP4s2MtbbuQl2cDKdigRXX3q19wqs= -github.com/projectcalico/libcalico-go v1.7.2-0.20210812161418-8f238d1920a5/go.mod h1:I8icsAeLCqGTKwS13K9kE4X+NH4/GmjruZhaP4SBQ2g= +github.com/projectcalico/libcalico-go v1.7.2-0.20220411224106-e73d057e6c68 h1:2hQ4HNpCaTi7HHVFEbMb0FDpMABQ8ieb5KBRsUsdjCM= +github.com/projectcalico/libcalico-go v1.7.2-0.20220411224106-e73d057e6c68/go.mod h1:b4dz5O1XRRMyVJfLP3uaDaaHZkJ77CRI71wb/10xhWA= github.com/projectcalico/logrus v0.0.0-20180701205716-fc9bbf2f5799 h1:9jp4YoHqZvEKDW3Z9464x/whSRCWEinIo4/JifaKR+g= github.com/projectcalico/logrus v0.0.0-20180701205716-fc9bbf2f5799/go.mod h1:DfgrchabbtEO9wjOz5lVae+XRvjFKKWEA9GTMme6A8g= github.com/projectcalico/pod2daemon v0.0.0-20210816230834-b3a8b892d114 h1:HtV3Xp2R4jKbnye08zkD4NzUIyTxxtoO3dcyM72LrY4= github.com/projectcalico/pod2daemon v0.0.0-20210816230834-b3a8b892d114/go.mod h1:96lk2GRh7Z5QdPGRmZMC6DRxEOToaAlS+emdl4WiMPM= -github.com/projectcalico/typha v0.7.3-0.20211124002451-f4bc8be43ee1 h1:F0evRbLrRd5pdfFJ8Y/NpuZqT0j2UXbIbsa4aXrXq84= -github.com/projectcalico/typha v0.7.3-0.20211124002451-f4bc8be43ee1/go.mod h1:YG8rhFn9RyPPeHvtWbwB8M8P3YcyzoyYiV8Pp84ubWk= +github.com/projectcalico/typha v0.7.3-0.20220411224225-d1bd0f720abb h1:JgWrT3SJdRqVKzIL1d0RzxcALWJYmGi9PVWtSUm2wco= +github.com/projectcalico/typha v0.7.3-0.20220411224225-d1bd0f720abb/go.mod h1:vs7lqHbcFAomvlYlqpUTrXQg72WV0azEHQAInJdWjWQ= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=