From f09362829fc0b53c996bbc80fe818679769de7cb Mon Sep 17 00:00:00 2001 From: David Date: Tue, 12 Sep 2023 13:47:27 -0400 Subject: [PATCH] operator: removed k8s pkg dependancy --- go.mod | 1 - go.sum | 2 - pkg/controller/common/helpers.go | 23 +- pkg/operator/sync.go | 6 +- vendor/k8s.io/apiserver/pkg/features/OWNERS | 4 - .../apiserver/pkg/features/kube_features.go | 283 ---- .../pkg/util/feature/feature_gate.go | 33 - vendor/k8s.io/kubernetes/LICENSE | 202 --- .../kubernetes/pkg/credentialprovider/OWNERS | 16 - .../pkg/credentialprovider/config.go | 320 ----- .../kubernetes/pkg/credentialprovider/doc.go | 19 - .../pkg/credentialprovider/keyring.go | 304 ----- .../pkg/credentialprovider/plugins.go | 79 -- .../pkg/credentialprovider/provider.go | 109 -- vendor/k8s.io/kubernetes/pkg/features/OWNERS | 4 - .../kubernetes/pkg/features/kube_features.go | 1199 ----------------- vendor/modules.txt | 6 - 17 files changed, 23 insertions(+), 2587 deletions(-) delete mode 100644 vendor/k8s.io/apiserver/pkg/features/OWNERS delete mode 100644 vendor/k8s.io/apiserver/pkg/features/kube_features.go delete mode 100644 vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go delete mode 100644 vendor/k8s.io/kubernetes/LICENSE delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/OWNERS delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/doc.go delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/plugins.go delete mode 100644 vendor/k8s.io/kubernetes/pkg/credentialprovider/provider.go delete mode 100644 vendor/k8s.io/kubernetes/pkg/features/OWNERS delete mode 100644 vendor/k8s.io/kubernetes/pkg/features/kube_features.go diff --git a/go.mod b/go.mod index 12077ddcd5..9c25fd7ac1 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,6 @@ require ( k8s.io/component-base v0.27.3 k8s.io/kubectl v0.27.3 k8s.io/kubelet v0.27.3 - k8s.io/kubernetes v1.27.3 k8s.io/utils v0.0.0-20230505201702-9f6742963106 sigs.k8s.io/controller-runtime v0.13.0 ) diff --git a/go.sum b/go.sum index e7dd32ebbb..a0f841bd4b 100644 --- a/go.sum +++ b/go.sum @@ -1667,8 +1667,6 @@ k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw= k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4= k8s.io/kubelet v0.27.3 h1:5WhTV1iiBu9q/rr+gvy65LQ+K/e7dmgcaYjys5ipLqY= k8s.io/kubelet v0.27.3/go.mod h1:Mz42qgZZgWgPmOJEYaR5evmh+EoSwFzEvPBozA2y9mg= -k8s.io/kubernetes v1.27.3 h1:gwufSj7y6X18Q2Gl8v4Ev+AJHdzWkG7A8VNFffS9vu0= -k8s.io/kubernetes v1.27.3/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM= k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= diff --git a/pkg/controller/common/helpers.go b/pkg/controller/common/helpers.go index b8e4825079..f0b04e308e 100644 --- a/pkg/controller/common/helpers.go +++ b/pkg/controller/common/helpers.go @@ -50,7 +50,6 @@ import ( "k8s.io/client-go/tools/record" "k8s.io/client-go/tools/reference" "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/credentialprovider" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" mcfgclientset "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned" @@ -1167,10 +1166,28 @@ func IsLayeredPool(pool *mcfgv1.MachineConfigPool) bool { return false } +// DockerConfigJSON represents ~/.docker/config.json file info +type DockerConfigJSON struct { + Auths DockerConfig `json:"auths"` +} + +// DockerConfig represents the config file used by the docker CLI. +// This config that represents the credentials that should be used +// when pulling images from specific image repositories. +type DockerConfig map[string]DockerConfigEntry + +// DockerConfigEntry wraps a docker config as a entry +type DockerConfigEntry struct { + Username string `json:"username"` + Password string `json:"password"` + Email string `json:"email"` + Auth string `json:"auth"` +} + // Merges kubernetes.io/dockercfg type secrets into a JSON map. // Returns an error on failure to marshal the incoming secret. -func MergeDockerConfigstoJSONMap(secretRaw []byte, auths map[string]credentialprovider.DockerConfigEntry) error { - var dockerConfig credentialprovider.DockerConfig +func MergeDockerConfigstoJSONMap(secretRaw []byte, auths map[string]DockerConfigEntry) error { + var dockerConfig DockerConfig // Unmarshal raw JSON err := json.Unmarshal(secretRaw, &dockerConfig) if err != nil { diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index 54c9ef65d7..a383e562cd 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -29,7 +29,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/tools/cache" "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/credentialprovider" configv1 "github.com/openshift/api/config/v1" "github.com/openshift/library-go/pkg/operator/resource/resourceapply" @@ -1519,9 +1518,10 @@ func (optr *Operator) getImageRegistryPullSecrets() ([]byte, error) { if err != nil { return nil, fmt.Errorf("failed to retrieve dns object") } + // Create the JSON map - dockerConfigJSON := credentialprovider.DockerConfigJSON{ - Auths: map[string]credentialprovider.DockerConfigEntry{}, + dockerConfigJSON := ctrlcommon.DockerConfigJSON{ + Auths: map[string]ctrlcommon.DockerConfigEntry{}, } // Get the list of image pull secrets from the designated service account diff --git a/vendor/k8s.io/apiserver/pkg/features/OWNERS b/vendor/k8s.io/apiserver/pkg/features/OWNERS deleted file mode 100644 index 3e1dd9f081..0000000000 --- a/vendor/k8s.io/apiserver/pkg/features/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - feature-approvers diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go deleted file mode 100644 index 72cd493758..0000000000 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ /dev/null @@ -1,283 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - "k8s.io/apimachinery/pkg/util/runtime" - - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/featuregate" -) - -const ( - // Every feature gate should add method here following this template: - // - // // owner: @username - // // alpha: v1.4 - // MyFeature featuregate.Feature = "MyFeature" - // - // Feature gates should be listed in alphabetical, case-sensitive - // (upper before any lower case character) order. This reduces the risk - // of code conflicts because changes are more likely to be scattered - // across the file. - - // owner: @ivelichkovich, @tallclair - // alpha: v1.27 - // kep: https://kep.k8s.io/3716 - // - // Enables usage of MatchConditions fields to use CEL expressions for matching on admission webhooks - AdmissionWebhookMatchConditions featuregate.Feature = "AdmissionWebhookMatchConditions" - - // owner: @jefftree @alexzielenski - // alpha: v1.26 - // beta: v1.27 - // - // Enables an single HTTP endpoint /discovery/ which supports native HTTP - // caching with ETags containing all APIResources known to the apiserver. - AggregatedDiscoveryEndpoint featuregate.Feature = "AggregatedDiscoveryEndpoint" - - // owner: @smarterclayton - // alpha: v1.8 - // beta: v1.9 - // - // Allow API clients to retrieve resource lists in chunks rather than - // all at once. - APIListChunking featuregate.Feature = "APIListChunking" - - // owner: @MikeSpreitzer @yue9944882 - // alpha: v1.18 - // beta: v1.20 - // - // Enables managing request concurrency with prioritization and fairness at each server. - // The FeatureGate was introduced in release 1.15 but the feature - // was not really implemented before 1.18. - APIPriorityAndFairness featuregate.Feature = "APIPriorityAndFairness" - - // owner: @ilackams - // alpha: v1.7 - // beta: v1.16 - // - // Enables compression of REST responses (GET and LIST only) - APIResponseCompression featuregate.Feature = "APIResponseCompression" - - // owner: @roycaihw - // alpha: v1.20 - // - // Assigns each kube-apiserver an ID in a cluster. - APIServerIdentity featuregate.Feature = "APIServerIdentity" - - // owner: @dashpole - // alpha: v1.22 - // beta: v1.27 - // - // Add support for distributed tracing in the API Server - APIServerTracing featuregate.Feature = "APIServerTracing" - - // owner: @tallclair - // alpha: v1.7 - // beta: v1.8 - // GA: v1.12 - // - // AdvancedAuditing enables a much more general API auditing pipeline, which includes support for - // pluggable output backends and an audit policy specifying how different requests should be - // audited. - AdvancedAuditing featuregate.Feature = "AdvancedAuditing" - - // owner: @cici37 @jpbetz - // kep: http://kep.k8s.io/3488 - // alpha: v1.26 - // - // Enables expression validation in Admission Control - ValidatingAdmissionPolicy featuregate.Feature = "ValidatingAdmissionPolicy" - - // owner: @cici37 - // kep: https://kep.k8s.io/2876 - // alpha: v1.23 - // beta: v1.25 - // - // Enables expression validation for Custom Resource - CustomResourceValidationExpressions featuregate.Feature = "CustomResourceValidationExpressions" - - // owner: @apelisse - // alpha: v1.12 - // beta: v1.13 - // stable: v1.18 - // - // Allow requests to be processed but not stored, so that - // validation, merging, mutation can be tested without - // committing. - DryRun featuregate.Feature = "DryRun" - - // owner: @wojtek-t - // alpha: v1.20 - // beta: v1.21 - // GA: v1.24 - // - // Allows for updating watchcache resource version with progress notify events. - EfficientWatchResumption featuregate.Feature = "EfficientWatchResumption" - - // owner: @aramase - // kep: https://kep.k8s.io/3299 - // alpha: v1.25 - // beta: v1.27 - // - // Enables KMS v2 API for encryption at rest. - KMSv2 featuregate.Feature = "KMSv2" - - // owner: @jiahuif - // kep: https://kep.k8s.io/2887 - // alpha: v1.23 - // beta: v1.24 - // - // Enables populating "enum" field of OpenAPI schemas - // in the spec returned from kube-apiserver. - OpenAPIEnums featuregate.Feature = "OpenAPIEnums" - - // owner: @jefftree - // kep: https://kep.k8s.io/2896 - // alpha: v1.23 - // beta: v1.24 - // stable: v1.27 - // - // Enables kubernetes to publish OpenAPI v3 - OpenAPIV3 featuregate.Feature = "OpenAPIV3" - - // owner: @caesarxuchao - // alpha: v1.15 - // beta: v1.16 - // - // Allow apiservers to show a count of remaining items in the response - // to a chunking list request. - RemainingItemCount featuregate.Feature = "RemainingItemCount" - - // owner: @wojtek-t - // alpha: v1.16 - // beta: v1.20 - // GA: v1.24 - // - // Deprecates and removes SelfLink from ObjectMeta and ListMeta. - RemoveSelfLink featuregate.Feature = "RemoveSelfLink" - - // owner: @apelisse, @lavalamp - // alpha: v1.14 - // beta: v1.16 - // stable: v1.22 - // - // Server-side apply. Merging happens on the server. - ServerSideApply featuregate.Feature = "ServerSideApply" - - // owner: @kevindelgado - // kep: https://kep.k8s.io/2885 - // alpha: v1.23 - // beta: v1.24 - // - // Enables server-side field validation. - ServerSideFieldValidation featuregate.Feature = "ServerSideFieldValidation" - - // owner: @caesarxuchao @roycaihw - // alpha: v1.20 - // - // Enable the storage version API. - StorageVersionAPI featuregate.Feature = "StorageVersionAPI" - - // owner: @caesarxuchao - // alpha: v1.14 - // beta: v1.15 - // - // Allow apiservers to expose the storage version hash in the discovery - // document. - StorageVersionHash featuregate.Feature = "StorageVersionHash" - - // owner: @wojtek-t - // alpha: v1.15 - // beta: v1.16 - // GA: v1.17 - // - // Enables support for watch bookmark events. - WatchBookmark featuregate.Feature = "WatchBookmark" - - // owner: @vinaykul - // kep: http://kep.k8s.io/1287 - // alpha: v1.27 - // - // Enables In-Place Pod Vertical Scaling - InPlacePodVerticalScaling featuregate.Feature = "InPlacePodVerticalScaling" - - // owner: @p0lyn0mial - // alpha: v1.27 - // - // Allow the API server to stream individual items instead of chunking - WatchList featuregate.Feature = "WatchList" -) - -func init() { - runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)) -} - -// defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. -// To add a new feature, define a key for it above and add it here. The features will be -// available throughout Kubernetes binaries. -var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - - AggregatedDiscoveryEndpoint: {Default: true, PreRelease: featuregate.Beta}, - - AdmissionWebhookMatchConditions: {Default: false, PreRelease: featuregate.Alpha}, - - APIListChunking: {Default: true, PreRelease: featuregate.Beta}, - - APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, - - APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, - - APIServerIdentity: {Default: true, PreRelease: featuregate.Beta}, - - APIServerTracing: {Default: true, PreRelease: featuregate.Beta}, - - AdvancedAuditing: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - ValidatingAdmissionPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - CustomResourceValidationExpressions: {Default: true, PreRelease: featuregate.Beta}, - - DryRun: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - EfficientWatchResumption: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - KMSv2: {Default: true, PreRelease: featuregate.Beta}, - - OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, - - OpenAPIV3: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - RemainingItemCount: {Default: true, PreRelease: featuregate.Beta}, - - RemoveSelfLink: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - StorageVersionAPI: {Default: false, PreRelease: featuregate.Alpha}, - - StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, - - WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - InPlacePodVerticalScaling: {Default: false, PreRelease: featuregate.Alpha}, - - WatchList: {Default: false, PreRelease: featuregate.Alpha}, -} diff --git a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go b/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go deleted file mode 100644 index 5911b7568c..0000000000 --- a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package feature - -import ( - "k8s.io/component-base/featuregate" -) - -var ( - // DefaultMutableFeatureGate is a mutable version of DefaultFeatureGate. - // Only top-level commands/options setup and the k8s.io/component-base/featuregate/testing package should make use of this. - // Tests that need to modify feature gates for the duration of their test should use: - // defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features., )() - DefaultMutableFeatureGate featuregate.MutableFeatureGate = featuregate.NewFeatureGate() - - // DefaultFeatureGate is a shared global FeatureGate. - // Top-level commands/options setup that needs to modify this feature gate should use DefaultMutableFeatureGate. - DefaultFeatureGate featuregate.FeatureGate = DefaultMutableFeatureGate -) diff --git a/vendor/k8s.io/kubernetes/LICENSE b/vendor/k8s.io/kubernetes/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/vendor/k8s.io/kubernetes/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/OWNERS b/vendor/k8s.io/kubernetes/pkg/credentialprovider/OWNERS deleted file mode 100644 index b5632399e5..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/OWNERS +++ /dev/null @@ -1,16 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - deads2k - - liggitt -reviewers: - - thockin - - smarterclayton - - yujuhong - - derekwaynecarr - - mikedanese - - dchen1107 - - justinsb - - dims - - andrewsykim - - andyzhangx diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go b/vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go deleted file mode 100644 index 86ce18542c..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go +++ /dev/null @@ -1,320 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package credentialprovider - -import ( - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "io" - "io/ioutil" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - - "k8s.io/klog/v2" -) - -const ( - maxReadLength = 10 * 1 << 20 // 10MB -) - -// DockerConfigJSON represents ~/.docker/config.json file info -// see https://github.com/docker/docker/pull/12009 -type DockerConfigJSON struct { - Auths DockerConfig `json:"auths"` - // +optional - HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"` -} - -// DockerConfig represents the config file used by the docker CLI. -// This config that represents the credentials that should be used -// when pulling images from specific image repositories. -type DockerConfig map[string]DockerConfigEntry - -// DockerConfigEntry wraps a docker config as a entry -type DockerConfigEntry struct { - Username string - Password string - Email string - Provider DockerConfigProvider -} - -var ( - preferredPathLock sync.Mutex - preferredPath = "" - workingDirPath = "" - homeDirPath, _ = os.UserHomeDir() - rootDirPath = "/" - homeJSONDirPath = filepath.Join(homeDirPath, ".docker") - rootJSONDirPath = filepath.Join(rootDirPath, ".docker") - - configFileName = ".dockercfg" - configJSONFileName = "config.json" -) - -// SetPreferredDockercfgPath set preferred docker config path -func SetPreferredDockercfgPath(path string) { - preferredPathLock.Lock() - defer preferredPathLock.Unlock() - preferredPath = path -} - -// GetPreferredDockercfgPath get preferred docker config path -func GetPreferredDockercfgPath() string { - preferredPathLock.Lock() - defer preferredPathLock.Unlock() - return preferredPath -} - -// DefaultDockercfgPaths returns default search paths of .dockercfg -func DefaultDockercfgPaths() []string { - return []string{GetPreferredDockercfgPath(), workingDirPath, homeDirPath, rootDirPath} -} - -// DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json -func DefaultDockerConfigJSONPaths() []string { - return []string{GetPreferredDockercfgPath(), workingDirPath, homeJSONDirPath, rootJSONDirPath} -} - -// ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. -// if searchPaths is empty, the default paths are used. -func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error) { - if len(searchPaths) == 0 { - searchPaths = DefaultDockercfgPaths() - } - - for _, configPath := range searchPaths { - absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configFileName)) - if err != nil { - klog.Errorf("while trying to canonicalize %s: %v", configPath, err) - continue - } - klog.V(4).Infof("looking for .dockercfg at %s", absDockerConfigFileLocation) - contents, err := ioutil.ReadFile(absDockerConfigFileLocation) - if os.IsNotExist(err) { - continue - } - if err != nil { - klog.V(4).Infof("while trying to read %s: %v", absDockerConfigFileLocation, err) - continue - } - cfg, err := ReadDockerConfigFileFromBytes(contents) - if err != nil { - klog.V(4).Infof("couldn't get the config from %q contents: %v", absDockerConfigFileLocation, err) - continue - } - - klog.V(4).Infof("found .dockercfg at %s", absDockerConfigFileLocation) - return cfg, nil - - } - return nil, fmt.Errorf("couldn't find valid .dockercfg after checking in %v", searchPaths) -} - -// ReadDockerConfigJSONFile attempts to read a docker config.json file from the given paths. -// if searchPaths is empty, the default paths are used. -func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error) { - if len(searchPaths) == 0 { - searchPaths = DefaultDockerConfigJSONPaths() - } - for _, configPath := range searchPaths { - absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configJSONFileName)) - if err != nil { - klog.Errorf("while trying to canonicalize %s: %v", configPath, err) - continue - } - klog.V(4).Infof("looking for %s at %s", configJSONFileName, absDockerConfigFileLocation) - cfg, err = ReadSpecificDockerConfigJSONFile(absDockerConfigFileLocation) - if err != nil { - if !os.IsNotExist(err) { - klog.V(4).Infof("while trying to read %s: %v", absDockerConfigFileLocation, err) - } - continue - } - klog.V(4).Infof("found valid %s at %s", configJSONFileName, absDockerConfigFileLocation) - return cfg, nil - } - return nil, fmt.Errorf("couldn't find valid %s after checking in %v", configJSONFileName, searchPaths) - -} - -// ReadSpecificDockerConfigJSONFile attempts to read docker configJSON from a given file path. -func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error) { - var contents []byte - - if contents, err = ioutil.ReadFile(filePath); err != nil { - return nil, err - } - return readDockerConfigJSONFileFromBytes(contents) -} - -// ReadDockerConfigFile read a docker config file from default path -func ReadDockerConfigFile() (cfg DockerConfig, err error) { - if cfg, err := ReadDockerConfigJSONFile(nil); err == nil { - return cfg, nil - } - // Can't find latest config file so check for the old one - return ReadDockercfgFile(nil) -} - -// HTTPError wraps a non-StatusOK error code as an error. -type HTTPError struct { - StatusCode int - URL string -} - -// Error implements error -func (he *HTTPError) Error() string { - return fmt.Sprintf("http status code: %d while fetching url %s", - he.StatusCode, he.URL) -} - -// ReadURL read contents from given url -func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error) { - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return nil, err - } - if header != nil { - req.Header = *header - } - resp, err := client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - klog.V(2).InfoS("Failed to read URL", "statusCode", resp.StatusCode, "URL", url) - return nil, &HTTPError{ - StatusCode: resp.StatusCode, - URL: url, - } - } - - limitedReader := &io.LimitedReader{R: resp.Body, N: maxReadLength} - contents, err := ioutil.ReadAll(limitedReader) - if err != nil { - return nil, err - } - - if limitedReader.N <= 0 { - return nil, errors.New("the read limit is reached") - } - - return contents, nil -} - -// ReadDockerConfigFileFromBytes read a docker config file from the given bytes -func ReadDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error) { - if err = json.Unmarshal(contents, &cfg); err != nil { - return nil, errors.New("error occurred while trying to unmarshal json") - } - return -} - -func readDockerConfigJSONFileFromBytes(contents []byte) (cfg DockerConfig, err error) { - var cfgJSON DockerConfigJSON - if err = json.Unmarshal(contents, &cfgJSON); err != nil { - return nil, errors.New("error occurred while trying to unmarshal json") - } - cfg = cfgJSON.Auths - return -} - -// dockerConfigEntryWithAuth is used solely for deserializing the Auth field -// into a dockerConfigEntry during JSON deserialization. -type dockerConfigEntryWithAuth struct { - // +optional - Username string `json:"username,omitempty"` - // +optional - Password string `json:"password,omitempty"` - // +optional - Email string `json:"email,omitempty"` - // +optional - Auth string `json:"auth,omitempty"` -} - -// UnmarshalJSON implements the json.Unmarshaler interface. -func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error { - var tmp dockerConfigEntryWithAuth - err := json.Unmarshal(data, &tmp) - if err != nil { - return err - } - - ident.Username = tmp.Username - ident.Password = tmp.Password - ident.Email = tmp.Email - - if len(tmp.Auth) == 0 { - return nil - } - - ident.Username, ident.Password, err = decodeDockerConfigFieldAuth(tmp.Auth) - return err -} - -// MarshalJSON implements the json.Marshaler interface. -func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) { - toEncode := dockerConfigEntryWithAuth{ident.Username, ident.Password, ident.Email, ""} - toEncode.Auth = encodeDockerConfigFieldAuth(ident.Username, ident.Password) - - return json.Marshal(toEncode) -} - -// decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a -// username and a password. The format of the auth field is base64(:). -func decodeDockerConfigFieldAuth(field string) (username, password string, err error) { - - var decoded []byte - - // StdEncoding can only decode padded string - // RawStdEncoding can only decode unpadded string - if strings.HasSuffix(strings.TrimSpace(field), "=") { - // decode padded data - decoded, err = base64.StdEncoding.DecodeString(field) - } else { - // decode unpadded data - decoded, err = base64.RawStdEncoding.DecodeString(field) - } - - if err != nil { - return - } - - parts := strings.SplitN(string(decoded), ":", 2) - if len(parts) != 2 { - err = fmt.Errorf("unable to parse auth field, must be formatted as base64(username:password)") - return - } - - username = parts[0] - password = parts[1] - - return -} - -func encodeDockerConfigFieldAuth(username, password string) string { - fieldValue := username + ":" + password - - return base64.StdEncoding.EncodeToString([]byte(fieldValue)) -} diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/doc.go b/vendor/k8s.io/kubernetes/pkg/credentialprovider/doc.go deleted file mode 100644 index 5acf6ef623..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package credentialprovider supplies interfaces and implementations for -// docker registry providers to expose their authentication scheme. -package credentialprovider // import "k8s.io/kubernetes/pkg/credentialprovider" diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go b/vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go deleted file mode 100644 index 0c5b3a0c93..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go +++ /dev/null @@ -1,304 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package credentialprovider - -import ( - "net" - "net/url" - "path/filepath" - "sort" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/klog/v2" -) - -// DockerKeyring tracks a set of docker registry credentials, maintaining a -// reverse index across the registry endpoints. A registry endpoint is made -// up of a host (e.g. registry.example.com), but it may also contain a path -// (e.g. registry.example.com/foo) This index is important for two reasons: -// - registry endpoints may overlap, and when this happens we must find the -// most specific match for a given image -// - iterating a map does not yield predictable results -type DockerKeyring interface { - Lookup(image string) ([]AuthConfig, bool) -} - -// BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring -type BasicDockerKeyring struct { - index []string - creds map[string][]AuthConfig -} - -// providersDockerKeyring is an implementation of DockerKeyring that -// materializes its dockercfg based on a set of dockerConfigProviders. -type providersDockerKeyring struct { - Providers []DockerConfigProvider -} - -// AuthConfig contains authorization information for connecting to a Registry -// This type mirrors "github.com/docker/docker/api/types.AuthConfig" -type AuthConfig struct { - Username string `json:"username,omitempty"` - Password string `json:"password,omitempty"` - Auth string `json:"auth,omitempty"` - - // Email is an optional value associated with the username. - // This field is deprecated and will be removed in a later - // version of docker. - Email string `json:"email,omitempty"` - - ServerAddress string `json:"serveraddress,omitempty"` - - // IdentityToken is used to authenticate the user and get - // an access token for the registry. - IdentityToken string `json:"identitytoken,omitempty"` - - // RegistryToken is a bearer token to be sent to a registry - RegistryToken string `json:"registrytoken,omitempty"` -} - -// Add add some docker config in basic docker keyring -func (dk *BasicDockerKeyring) Add(cfg DockerConfig) { - if dk.index == nil { - dk.index = make([]string, 0) - dk.creds = make(map[string][]AuthConfig) - } - for loc, ident := range cfg { - creds := AuthConfig{ - Username: ident.Username, - Password: ident.Password, - Email: ident.Email, - } - - value := loc - if !strings.HasPrefix(value, "https://") && !strings.HasPrefix(value, "http://") { - value = "https://" + value - } - parsed, err := url.Parse(value) - if err != nil { - klog.Errorf("Entry %q in dockercfg invalid (%v), ignoring", loc, err) - continue - } - - // The docker client allows exact matches: - // foo.bar.com/namespace - // Or hostname matches: - // foo.bar.com - // It also considers /v2/ and /v1/ equivalent to the hostname - // See ResolveAuthConfig in docker/registry/auth.go. - effectivePath := parsed.Path - if strings.HasPrefix(effectivePath, "/v2/") || strings.HasPrefix(effectivePath, "/v1/") { - effectivePath = effectivePath[3:] - } - var key string - if (len(effectivePath) > 0) && (effectivePath != "/") { - key = parsed.Host + effectivePath - } else { - key = parsed.Host - } - dk.creds[key] = append(dk.creds[key], creds) - dk.index = append(dk.index, key) - } - - eliminateDupes := sets.NewString(dk.index...) - dk.index = eliminateDupes.List() - - // Update the index used to identify which credentials to use for a given - // image. The index is reverse-sorted so more specific paths are matched - // first. For example, if for the given image "gcr.io/etcd-development/etcd", - // credentials for "quay.io/coreos" should match before "quay.io". - sort.Sort(sort.Reverse(sort.StringSlice(dk.index))) -} - -const ( - defaultRegistryHost = "index.docker.io" - defaultRegistryKey = defaultRegistryHost + "/v1/" -) - -// isDefaultRegistryMatch determines whether the given image will -// pull from the default registry (DockerHub) based on the -// characteristics of its name. -func isDefaultRegistryMatch(image string) bool { - parts := strings.SplitN(image, "/", 2) - - if len(parts[0]) == 0 { - return false - } - - if len(parts) == 1 { - // e.g. library/ubuntu - return true - } - - if parts[0] == "docker.io" || parts[0] == "index.docker.io" { - // resolve docker.io/image and index.docker.io/image as default registry - return true - } - - // From: http://blog.docker.com/2013/07/how-to-use-your-own-registry/ - // Docker looks for either a “.” (domain separator) or “:” (port separator) - // to learn that the first part of the repository name is a location and not - // a user name. - return !strings.ContainsAny(parts[0], ".:") -} - -// ParseSchemelessURL parses a schemeless url and returns a url.URL -// url.Parse require a scheme, but ours don't have schemes. Adding a -// scheme to make url.Parse happy, then clear out the resulting scheme. -func ParseSchemelessURL(schemelessURL string) (*url.URL, error) { - parsed, err := url.Parse("https://" + schemelessURL) - if err != nil { - return nil, err - } - // clear out the resulting scheme - parsed.Scheme = "" - return parsed, nil -} - -// SplitURL splits the host name into parts, as well as the port -func SplitURL(url *url.URL) (parts []string, port string) { - host, port, err := net.SplitHostPort(url.Host) - if err != nil { - // could not parse port - host, port = url.Host, "" - } - return strings.Split(host, "."), port -} - -// URLsMatchStr is wrapper for URLsMatch, operating on strings instead of URLs. -func URLsMatchStr(glob string, target string) (bool, error) { - globURL, err := ParseSchemelessURL(glob) - if err != nil { - return false, err - } - targetURL, err := ParseSchemelessURL(target) - if err != nil { - return false, err - } - return URLsMatch(globURL, targetURL) -} - -// URLsMatch checks whether the given target url matches the glob url, which may have -// glob wild cards in the host name. -// -// Examples: -// -// globURL=*.docker.io, targetURL=blah.docker.io => match -// globURL=*.docker.io, targetURL=not.right.io => no match -// -// Note that we don't support wildcards in ports and paths yet. -func URLsMatch(globURL *url.URL, targetURL *url.URL) (bool, error) { - globURLParts, globPort := SplitURL(globURL) - targetURLParts, targetPort := SplitURL(targetURL) - if globPort != targetPort { - // port doesn't match - return false, nil - } - if len(globURLParts) != len(targetURLParts) { - // host name does not have the same number of parts - return false, nil - } - if !strings.HasPrefix(targetURL.Path, globURL.Path) { - // the path of the credential must be a prefix - return false, nil - } - for k, globURLPart := range globURLParts { - targetURLPart := targetURLParts[k] - matched, err := filepath.Match(globURLPart, targetURLPart) - if err != nil { - return false, err - } - if !matched { - // glob mismatch for some part - return false, nil - } - } - // everything matches - return true, nil -} - -// Lookup implements the DockerKeyring method for fetching credentials based on image name. -// Multiple credentials may be returned if there are multiple potentially valid credentials -// available. This allows for rotation. -func (dk *BasicDockerKeyring) Lookup(image string) ([]AuthConfig, bool) { - // range over the index as iterating over a map does not provide a predictable ordering - ret := []AuthConfig{} - for _, k := range dk.index { - // both k and image are schemeless URLs because even though schemes are allowed - // in the credential configurations, we remove them in Add. - if matched, _ := URLsMatchStr(k, image); matched { - ret = append(ret, dk.creds[k]...) - } - } - - if len(ret) > 0 { - return ret, true - } - - // Use credentials for the default registry if provided, and appropriate - if isDefaultRegistryMatch(image) { - if auth, ok := dk.creds[defaultRegistryHost]; ok { - return auth, true - } - } - - return []AuthConfig{}, false -} - -// Lookup implements the DockerKeyring method for fetching credentials -// based on image name. -func (dk *providersDockerKeyring) Lookup(image string) ([]AuthConfig, bool) { - keyring := &BasicDockerKeyring{} - - for _, p := range dk.Providers { - keyring.Add(p.Provide(image)) - } - - return keyring.Lookup(image) -} - -// FakeKeyring a fake config credentials -type FakeKeyring struct { - auth []AuthConfig - ok bool -} - -// Lookup implements the DockerKeyring method for fetching credentials based on image name -// return fake auth and ok -func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) { - return f.auth, f.ok -} - -// UnionDockerKeyring delegates to a set of keyrings. -type UnionDockerKeyring []DockerKeyring - -// Lookup implements the DockerKeyring method for fetching credentials based on image name. -// return each credentials -func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool) { - authConfigs := []AuthConfig{} - for _, subKeyring := range k { - if subKeyring == nil { - continue - } - - currAuthResults, _ := subKeyring.Lookup(image) - authConfigs = append(authConfigs, currAuthResults...) - } - - return authConfigs, (len(authConfigs) > 0) -} diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/plugins.go b/vendor/k8s.io/kubernetes/pkg/credentialprovider/plugins.go deleted file mode 100644 index d8ac72ee36..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/plugins.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package credentialprovider - -import ( - "reflect" - "sort" - "sync" - - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/features" -) - -// All registered credential providers. -var providersMutex sync.Mutex -var providers = make(map[string]DockerConfigProvider) - -// RegisterCredentialProvider is called by provider implementations on -// initialization to register themselves, like so: -// -// func init() { -// RegisterCredentialProvider("name", &myProvider{...}) -// } -func RegisterCredentialProvider(name string, provider DockerConfigProvider) { - providersMutex.Lock() - defer providersMutex.Unlock() - _, found := providers[name] - if found { - klog.Fatalf("Credential provider %q was registered twice", name) - } - klog.V(4).Infof("Registered credential provider %q", name) - providers[name] = provider -} - -// AreLegacyCloudCredentialProvidersDisabled checks if the legacy in-tree cloud -// credential providers have been disabled. -func AreLegacyCloudCredentialProvidersDisabled() bool { - return utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) -} - -// NewDockerKeyring creates a DockerKeyring to use for resolving credentials, -// which draws from the set of registered credential providers. -func NewDockerKeyring() DockerKeyring { - keyring := &providersDockerKeyring{ - Providers: make([]DockerConfigProvider, 0), - } - - keys := reflect.ValueOf(providers).MapKeys() - stringKeys := make([]string, len(keys)) - for ix := range keys { - stringKeys[ix] = keys[ix].String() - } - sort.Strings(stringKeys) - - for _, key := range stringKeys { - provider := providers[key] - if provider.Enabled() { - klog.V(4).Infof("Registering credential provider: %v", key) - keyring.Providers = append(keyring.Providers, provider) - } - } - - return keyring -} diff --git a/vendor/k8s.io/kubernetes/pkg/credentialprovider/provider.go b/vendor/k8s.io/kubernetes/pkg/credentialprovider/provider.go deleted file mode 100644 index 8c9ad347b7..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/provider.go +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package credentialprovider - -import ( - "os" - "reflect" - "sync" - "time" - - "k8s.io/klog/v2" -) - -// DockerConfigProvider is the interface that registered extensions implement -// to materialize 'dockercfg' credentials. -type DockerConfigProvider interface { - // Enabled returns true if the config provider is enabled. - // Implementations can be blocking - e.g. metadata server unavailable. - Enabled() bool - // Provide returns docker configuration. - // Implementations can be blocking - e.g. metadata server unavailable. - // The image is passed in as context in the event that the - // implementation depends on information in the image name to return - // credentials; implementations are safe to ignore the image. - Provide(image string) DockerConfig -} - -// A DockerConfigProvider that simply reads the .dockercfg file -type defaultDockerConfigProvider struct{} - -// init registers our default provider, which simply reads the .dockercfg file. -func init() { - RegisterCredentialProvider(".dockercfg", - &CachingDockerConfigProvider{ - Provider: &defaultDockerConfigProvider{}, - Lifetime: 5 * time.Minute, - }) -} - -// CachingDockerConfigProvider implements DockerConfigProvider by composing -// with another DockerConfigProvider and caching the DockerConfig it provides -// for a pre-specified lifetime. -type CachingDockerConfigProvider struct { - Provider DockerConfigProvider - Lifetime time.Duration - - // ShouldCache is an optional function that returns true if the specific config should be cached. - // If nil, all configs are treated as cacheable. - ShouldCache func(DockerConfig) bool - - // cache fields - cacheDockerConfig DockerConfig - expiration time.Time - mu sync.Mutex -} - -// Enabled implements dockerConfigProvider -func (d *defaultDockerConfigProvider) Enabled() bool { - return true -} - -// Provide implements dockerConfigProvider -func (d *defaultDockerConfigProvider) Provide(image string) DockerConfig { - // Read the standard Docker credentials from .dockercfg - if cfg, err := ReadDockerConfigFile(); err == nil { - return cfg - } else if !os.IsNotExist(err) { - klog.V(2).Infof("Docker config file not found: %v", err) - } - return DockerConfig{} -} - -// Enabled implements dockerConfigProvider -func (d *CachingDockerConfigProvider) Enabled() bool { - return d.Provider.Enabled() -} - -// Provide implements dockerConfigProvider -func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig { - d.mu.Lock() - defer d.mu.Unlock() - - // If the cache hasn't expired, return our cache - if time.Now().Before(d.expiration) { - return d.cacheDockerConfig - } - - klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String()) - config := d.Provider.Provide(image) - if d.ShouldCache == nil || d.ShouldCache(config) { - d.cacheDockerConfig = config - d.expiration = time.Now().Add(d.Lifetime) - } - return config -} diff --git a/vendor/k8s.io/kubernetes/pkg/features/OWNERS b/vendor/k8s.io/kubernetes/pkg/features/OWNERS deleted file mode 100644 index 3e1dd9f081..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/features/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - feature-approvers diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go deleted file mode 100644 index bf641bfa8f..0000000000 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ /dev/null @@ -1,1199 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - "k8s.io/apimachinery/pkg/util/runtime" - genericfeatures "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/featuregate" -) - -const ( - // Every feature gate should add method here following this template: - // - // // owner: @username - // // kep: https://kep.k8s.io/NNN - // // alpha: v1.X - // MyFeature featuregate.Feature = "MyFeature" - // - // Feature gates should be listed in alphabetical, case-sensitive - // (upper before any lower case character) order. This reduces the risk - // of code conflicts because changes are more likely to be scattered - // across the file. - - // owner: @ttakahashi21 @mkimuram - // kep: https://kep.k8s.io/3294 - // alpha: v1.26 - // - // Enable usage of Provision of PVCs from snapshots in other namespaces - CrossNamespaceVolumeDataSource featuregate.Feature = "CrossNamespaceVolumeDataSource" - - // owner: @bswartz - // alpha: v1.18 - // beta: v1.24 - // - // Enables usage of any object for volume data source in PVCs - AnyVolumeDataSource featuregate.Feature = "AnyVolumeDataSource" - - // owner: @nabokihms - // alpha: v1.26 - // beta: v1.27 - // - // Enables API to get self subject attributes after authentication. - APISelfSubjectReview featuregate.Feature = "APISelfSubjectReview" - - // owner: @tallclair - // beta: v1.4 - AppArmor featuregate.Feature = "AppArmor" - - // owner: @danwinship - // alpha: v1.27 - // - // Enables dual-stack --node-ip in kubelet with external cloud providers - CloudDualStackNodeIPs featuregate.Feature = "CloudDualStackNodeIPs" - - // owner: @ahmedtd - // alpha: v1.26 - // - // Enable ClusterTrustBundle objects and Kubelet integration. - ClusterTrustBundle featuregate.Feature = "ClusterTrustBundle" - - // owner: @szuecs - // alpha: v1.12 - // - // Enable nodes to change CPUCFSQuotaPeriod - CPUCFSQuotaPeriod featuregate.Feature = "CustomCPUCFSQuotaPeriod" - - // owner: @ConnorDoyle, @fromanirh (only for GA graduation) - // alpha: v1.8 - // beta: v1.10 - // GA: v1.26 - // - // Alternative container-level CPU affinity policies. - CPUManager featuregate.Feature = "CPUManager" - - // owner: @fromanirh - // alpha: v1.23 - // beta: see below. - // - // Allow fine-tuning of cpumanager policies, experimental, alpha-quality options - // Per https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // We want to avoid a proliferation of feature gates. This feature gate: - // - will guard *a group* of cpumanager options whose quality level is alpha. - // - will never graduate to beta or stable. - // See https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // for details about the removal of this feature gate. - CPUManagerPolicyAlphaOptions featuregate.Feature = "CPUManagerPolicyAlphaOptions" - - // owner: @fromanirh - // beta: v1.23 - // beta: see below. - // - // Allow fine-tuning of cpumanager policies, experimental, beta-quality options - // Per https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // We want to avoid a proliferation of feature gates. This feature gate: - // - will guard *a group* of cpumanager options whose quality level is beta. - // - is thus *introduced* as beta - // - will never graduate to stable. - // See https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // for details about the removal of this feature gate. - CPUManagerPolicyBetaOptions featuregate.Feature = "CPUManagerPolicyBetaOptions" - - // owner: @fromanirh - // alpha: v1.22 - // beta: v1.23 - // - // Allow the usage of options to fine-tune the cpumanager policies. - CPUManagerPolicyOptions featuregate.Feature = "CPUManagerPolicyOptions" - - // owner: @andyzhangx - // alpha: v1.15 - // beta: v1.21 - // GA: v1.26 - // - // Enables the Azure File in-tree driver to Azure File Driver migration feature. - CSIMigrationAzureFile featuregate.Feature = "CSIMigrationAzureFile" - - // owner: @davidz627 - // alpha: v1.14 - // beta: v1.17 - // GA: 1.25 - // - // Enables the GCE PD in-tree driver to GCE CSI Driver migration feature. - CSIMigrationGCE featuregate.Feature = "CSIMigrationGCE" - - // owner: @trierra - // alpha: v1.23 - // - // Enables the Portworx in-tree driver to Portworx migration feature. - CSIMigrationPortworx featuregate.Feature = "CSIMigrationPortworx" - - // owner: @humblec - // alpha: v1.23 - // - // Enables the RBD in-tree driver to RBD CSI Driver migration feature. - CSIMigrationRBD featuregate.Feature = "CSIMigrationRBD" - - // owner: @divyenpatel - // beta: v1.19 (requires: vSphere vCenter/ESXi Version: 7.0u2, HW Version: VM version 15) - // GA: 1.26 - // Enables the vSphere in-tree driver to vSphere CSI Driver migration feature. - CSIMigrationvSphere featuregate.Feature = "CSIMigrationvSphere" - - // owner: @humblec, @zhucan - // kep: https://kep.k8s.io/3171 - // alpha: v1.25 - // beta: v1.27 - // - // Enables SecretRef field in CSI NodeExpandVolume request. - CSINodeExpandSecret featuregate.Feature = "CSINodeExpandSecret" - - // owner: @pohly - // alpha: v1.19 - // beta: v1.21 - // GA: v1.24 - // - // Enables tracking of available storage capacity that CSI drivers provide. - CSIStorageCapacity featuregate.Feature = "CSIStorageCapacity" - - // owner: @fengzixu - // alpha: v1.21 - // - // Enables kubelet to detect CSI volume condition and send the event of the abnormal volume to the corresponding pod that is using it. - CSIVolumeHealth featuregate.Feature = "CSIVolumeHealth" - - // owner: @nckturner - // kep: http://kep.k8s.io/2699 - // alpha: v1.27 - // Enable webhooks in cloud controller manager - CloudControllerManagerWebhook featuregate.Feature = "CloudControllerManagerWebhook" - - // owner: @adrianreber - // kep: https://kep.k8s.io/2008 - // alpha: v1.25 - // - // Enables container Checkpoint support in the kubelet - ContainerCheckpoint featuregate.Feature = "ContainerCheckpoint" - - // owner: @bhcleek @wzshiming - // GA: v1.25 - // - // Normalize HttpGet URL and Header passing for lifecycle handlers with probers. - ConsistentHTTPGetHandlers featuregate.Feature = "ConsistentHTTPGetHandlers" - - // owner: @deejross, @soltysh - // kep: https://kep.k8s.io/3140 - // alpha: v1.24 - // beta: v1.25 - // GA: 1.27 - // - // Enables support for time zones in CronJobs. - CronJobTimeZone featuregate.Feature = "CronJobTimeZone" - - // owner: @gnufied, @verult, @bertinatto - // alpha: v1.22 - // beta: v1.23 - // GA: v1.26 - // If supported by the CSI driver, delegates the role of applying FSGroup to - // the driver by passing FSGroup through the NodeStageVolume and - // NodePublishVolume calls. - DelegateFSGroupToCSIDriver featuregate.Feature = "DelegateFSGroupToCSIDriver" - - // owner: @jiayingz, @swatisehgal (for GA graduation) - // alpha: v1.8 - // beta: v1.10 - // GA: v1.26 - // - // Enables support for Device Plugins - DevicePlugins featuregate.Feature = "DevicePlugins" - - // owner: @RenaudWasTaken @dashpole - // alpha: v1.19 - // beta: v1.20 - // ga: v1.25 - // - // Disables Accelerator Metrics Collected by Kubelet - DisableAcceleratorUsageMetrics featuregate.Feature = "DisableAcceleratorUsageMetrics" - - // owner: @andrewsykim - // alpha: v1.22 - // - // Disable any functionality in kube-apiserver, kube-controller-manager and kubelet related to the `--cloud-provider` component flag. - DisableCloudProviders featuregate.Feature = "DisableCloudProviders" - - // owner: @andrewsykim - // alpha: v1.23 - // - // Disable in-tree functionality in kubelet to authenticate to cloud provider container registries for image pull credentials. - DisableKubeletCloudCredentialProviders featuregate.Feature = "DisableKubeletCloudCredentialProviders" - - // owner: @derekwaynecarr - // alpha: v1.20 - // beta: v1.21 (off by default until 1.22) - // ga: v1.27 - // - // Enables usage of hugepages- in downward API. - DownwardAPIHugePages featuregate.Feature = "DownwardAPIHugePages" - - // owner: @pohly - // kep: http://kep.k8s.io/3063 - // alpha: v1.26 - // - // Enables support for resources with custom parameters and a lifecycle - // that is independent of a Pod. - DynamicResourceAllocation featuregate.Feature = "DynamicResourceAllocation" - - // owner: @andrewsykim - // kep: https://kep.k8s.io/1672 - // alpha: v1.20 - // beta: v1.22 - // GA: v1.26 - // - // Enable Terminating condition in Endpoint Slices. - EndpointSliceTerminatingCondition featuregate.Feature = "EndpointSliceTerminatingCondition" - - // owner: @harche - // kep: http://kep.k8s.io/3386 - // alpha: v1.25 - // beta: v1.27 - // - // Allows using event-driven PLEG (pod lifecycle event generator) through kubelet - // which avoids frequent relisting of containers which helps optimize performance. - EventedPLEG featuregate.Feature = "EventedPLEG" - - // owner: @andrewsykim @SergeyKanzhelev - // GA: v1.20 - // - // Ensure kubelet respects exec probe timeouts. Feature gate exists in-case existing workloads - // may depend on old behavior where exec probe timeouts were ignored. - // Lock to default and remove after v1.22 based on user feedback that should be reflected in KEP #1972 update - ExecProbeTimeout featuregate.Feature = "ExecProbeTimeout" - - // owner: @gjkim42 - // kep: https://kep.k8s.io/2595 - // alpha: v1.22 - // beta: v1.26 - // - // Enables apiserver and kubelet to allow up to 32 DNSSearchPaths and up to 2048 DNSSearchListChars. - ExpandedDNSConfig featuregate.Feature = "ExpandedDNSConfig" - - // owner: @pweil- - // alpha: v1.5 - // - // Default userns=host for containers that are using other host namespaces, host mounts, the pod - // contains a privileged container, or specific non-namespaced capabilities (MKNOD, SYS_MODULE, - // SYS_TIME). This should only be enabled if user namespace remapping is enabled in the docker daemon. - ExperimentalHostUserNamespaceDefaultingGate featuregate.Feature = "ExperimentalHostUserNamespaceDefaulting" - - // owner: @yuzhiquan, @bowei, @PxyUp, @SergeyKanzhelev - // kep: https://kep.k8s.io/2727 - // alpha: v1.23 - // beta: v1.24 - // stable: v1.27 - // - // Enables GRPC probe method for {Liveness,Readiness,Startup}Probe. - GRPCContainerProbe featuregate.Feature = "GRPCContainerProbe" - - // owner: @bobbypage - // alpha: v1.20 - // beta: v1.21 - // Adds support for kubelet to detect node shutdown and gracefully terminate pods prior to the node being shutdown. - GracefulNodeShutdown featuregate.Feature = "GracefulNodeShutdown" - - // owner: @wzshiming - // alpha: v1.23 - // beta: v1.24 - // Make the kubelet use shutdown configuration based on pod priority values for graceful shutdown. - GracefulNodeShutdownBasedOnPodPriority featuregate.Feature = "GracefulNodeShutdownBasedOnPodPriority" - - // owner: @arjunrn @mwielgus @josephburnett @sanposhiho - // kep: https://kep.k8s.io/1610 - // alpha: v1.20 - // beta: v1.27 - // - // Add support for the HPA to scale based on metrics from individual containers - // in target pods - HPAContainerMetrics featuregate.Feature = "HPAContainerMetrics" - - // owner: @dxist - // alpha: v1.16 - // - // Enables support of HPA scaling to zero pods when an object or custom metric is configured. - HPAScaleToZero featuregate.Feature = "HPAScaleToZero" - - // owner: @deepakkinni @xing-yang - // kep: https://kep.k8s.io/2680 - // alpha: v1.23 - // - // Honor Persistent Volume Reclaim Policy when it is "Delete" irrespective of PV-PVC - // deletion ordering. - HonorPVReclaimPolicy featuregate.Feature = "HonorPVReclaimPolicy" - - // owner: @leakingtapan - // alpha: v1.21 - // - // Disables the AWS EBS in-tree driver. - InTreePluginAWSUnregister featuregate.Feature = "InTreePluginAWSUnregister" - - // owner: @andyzhangx - // alpha: v1.21 - // - // Disables the Azure Disk in-tree driver. - InTreePluginAzureDiskUnregister featuregate.Feature = "InTreePluginAzureDiskUnregister" - - // owner: @andyzhangx - // alpha: v1.21 - // - // Disables the Azure File in-tree driver. - InTreePluginAzureFileUnregister featuregate.Feature = "InTreePluginAzureFileUnregister" - - // owner: @Jiawei0227 - // alpha: v1.21 - // - // Disables the GCE PD in-tree driver. - InTreePluginGCEUnregister featuregate.Feature = "InTreePluginGCEUnregister" - - // owner: @adisky - // alpha: v1.21 - // - // Disables the OpenStack Cinder in-tree driver. - InTreePluginOpenStackUnregister featuregate.Feature = "InTreePluginOpenStackUnregister" - - // owner: @trierra - // alpha: v1.23 - // - // Disables the Portworx in-tree driver. - InTreePluginPortworxUnregister featuregate.Feature = "InTreePluginPortworxUnregister" - - // owner: @humblec - // alpha: v1.23 - // - // Disables the RBD in-tree driver. - InTreePluginRBDUnregister featuregate.Feature = "InTreePluginRBDUnregister" - - // owner: @divyenpatel - // alpha: v1.21 - // - // Disables the vSphere in-tree driver. - InTreePluginvSphereUnregister featuregate.Feature = "InTreePluginvSphereUnregister" - - // owner: @danwinship - // kep: https://kep.k8s.io/3178 - // alpha: v1.25 - // beta: v1.27 - // - // Causes kubelet to no longer create legacy IPTables rules - IPTablesOwnershipCleanup featuregate.Feature = "IPTablesOwnershipCleanup" - - // owner: @mimowo - // kep: https://kep.k8s.io/3329 - // alpha: v1.25 - // beta: v1.26 - // - // Allow users to specify handling of pod failures based on container exit codes - // and pod conditions. - JobPodFailurePolicy featuregate.Feature = "JobPodFailurePolicy" - - // owner: @ahg - // beta: v1.23 - // stable: v1.27 - // - // Allow updating node scheduling directives in the pod template of jobs. Specifically, - // node affinity, selector and tolerations. This is allowed only for suspended jobs - // that have never been unsuspended before. - JobMutableNodeSchedulingDirectives featuregate.Feature = "JobMutableNodeSchedulingDirectives" - - // owner: @alculquicondor - // alpha: v1.23 - // beta: v1.24 - // - // Track the number of pods with Ready condition in the Job status. - JobReadyPods featuregate.Feature = "JobReadyPods" - - // owner: @alculquicondor - // alpha: v1.22 - // beta: v1.23 - // stable: v1.26 - // - // Track Job completion without relying on Pod remaining in the cluster - // indefinitely. Pod finalizers, in addition to a field in the Job status - // allow the Job controller to keep track of Pods that it didn't account for - // yet. - JobTrackingWithFinalizers featuregate.Feature = "JobTrackingWithFinalizers" - - // owner: @andrewsykim @adisky @ndixita - // alpha: v1.20 - // beta: v1.24 - // GA: v1.26 - // - // Enable kubelet exec plugins for image pull credentials. - KubeletCredentialProviders featuregate.Feature = "KubeletCredentialProviders" - - // owner: @AkihiroSuda - // alpha: v1.22 - // - // Enables support for running kubelet in a user namespace. - // The user namespace has to be created before running kubelet. - // All the node components such as CRI need to be running in the same user namespace. - KubeletInUserNamespace featuregate.Feature = "KubeletInUserNamespace" - - // owner: @dashpole - // alpha: v1.13 - // beta: v1.15 - // - // Enables the kubelet's pod resources grpc endpoint - KubeletPodResources featuregate.Feature = "KubeletPodResources" - - // owner: @moshe010 - // alpha: v1.27 - // - // Enable POD resources API to return resources allocated by Dynamic Resource Allocation - KubeletPodResourcesDynamicResources featuregate.Feature = "KubeletPodResourcesDynamicResources" - - // owner: @moshe010 - // alpha: v1.27 - // - // Enable POD resources API with Get method - KubeletPodResourcesGet featuregate.Feature = "KubeletPodResourcesGet" - - // owner: @fromanirh - // alpha: v1.21 - // beta: v1.23 - // Enable POD resources API to return allocatable resources - KubeletPodResourcesGetAllocatable featuregate.Feature = "KubeletPodResourcesGetAllocatable" - - // owner: @sallyom - // kep: https://kep.k8s.io/2832 - // alpha: v1.25 - // beta: v1.27 - // - // Add support for distributed tracing in the kubelet - KubeletTracing featuregate.Feature = "KubeletTracing" - - // owner: @zshihang - // kep: https://kep.k8s.io/2800 - // beta: v1.24 - // ga: v1.26 - // - // Stop auto-generation of secret-based service account tokens. - LegacyServiceAccountTokenNoAutoGeneration featuregate.Feature = "LegacyServiceAccountTokenNoAutoGeneration" - - // owner: @zshihang - // kep: http://kep.k8s.io/2800 - // alpha: v1.26 - // beta: v1.27 - // - // Enables tracking of secret-based service account tokens usage. - LegacyServiceAccountTokenTracking featuregate.Feature = "LegacyServiceAccountTokenTracking" - - // owner: @RobertKrawitz - // alpha: v1.15 - // - // Allow use of filesystems for ephemeral storage monitoring. - // Only applies if LocalStorageCapacityIsolation is set. - LocalStorageCapacityIsolationFSQuotaMonitoring featuregate.Feature = "LocalStorageCapacityIsolationFSQuotaMonitoring" - - // owner: @damemi - // alpha: v1.21 - // beta: v1.22 - // - // Enables scaling down replicas via logarithmic comparison of creation/ready timestamps - LogarithmicScaleDown featuregate.Feature = "LogarithmicScaleDown" - - // owner: @denkensk - // kep: https://kep.k8s.io/3243 - // alpha: v1.25 - // beta: v1.27 - // - // Enable MatchLabelKeys in PodTopologySpread. - MatchLabelKeysInPodTopologySpread featuregate.Feature = "MatchLabelKeysInPodTopologySpread" - - // owner: @krmayankk - // alpha: v1.24 - // - // Enables maxUnavailable for StatefulSet - MaxUnavailableStatefulSet featuregate.Feature = "MaxUnavailableStatefulSet" - - // owner: @cynepco3hahue(alukiano) @cezaryzukowski @k-wiatrzyk - // alpha: v1.21 - // beta: v1.22 - // Allows setting memory affinity for a container based on NUMA topology - MemoryManager featuregate.Feature = "MemoryManager" - - // owner: @xiaoxubeii - // kep: https://kep.k8s.io/2570 - // alpha: v1.22 - // - // Enables kubelet to support memory QoS with cgroups v2. - MemoryQoS featuregate.Feature = "MemoryQoS" - - // owner: @sanposhiho - // kep: https://kep.k8s.io/3022 - // alpha: v1.24 - // beta: v1.25 - // - // Enable MinDomains in Pod Topology Spread. - MinDomainsInPodTopologySpread featuregate.Feature = "MinDomainsInPodTopologySpread" - - // owner: @danwinship - // kep: http://kep.k8s.io/3453 - // alpha: v1.26 - // beta: v1.27 - // - // Enables new performance-improving code in kube-proxy iptables mode - MinimizeIPTablesRestore featuregate.Feature = "MinimizeIPTablesRestore" - - // owner: @janosi @bridgetkromhout - // kep: https://kep.k8s.io/1435 - // alpha: v1.20 - // beta: v1.24 - // ga: v1.26 - // - // Enables the usage of different protocols in the same Service with type=LoadBalancer - MixedProtocolLBService featuregate.Feature = "MixedProtocolLBService" - - // owner: @sarveshr7 - // kep: https://kep.k8s.io/2593 - // alpha: v1.25 - // - // Enables the MultiCIDR Range allocator. - MultiCIDRRangeAllocator featuregate.Feature = "MultiCIDRRangeAllocator" - - // owner: @aojea - // kep: https://kep.k8s.io/1880 - // alpha: v1.27 - // - // Enables the dynamic configuration of Service IP ranges - MultiCIDRServiceAllocator featuregate.Feature = "MultiCIDRServiceAllocator" - - // owner: @rikatz - // kep: https://kep.k8s.io/2943 - // alpha: v1.24 - // - // Enables NetworkPolicy status subresource - NetworkPolicyStatus featuregate.Feature = "NetworkPolicyStatus" - - // owner: @jsafrane - // kep: https://kep.k8s.io/3756 - // alpha: v1.25 (as part of SELinuxMountReadWriteOncePod) - // beta: v1.27 - // Robust VolumeManager reconstruction after kubelet restart. - NewVolumeManagerReconstruction featuregate.Feature = "NewVolumeManagerReconstruction" - - // owner: @aravindhp @LorbusChris - // kep: http://kep.k8s.io/2271 - // alpha: v1.27 - // - // Enables querying logs of node services using the /logs endpoint - NodeLogQuery featuregate.Feature = "NodeLogQuery" - - // owner: @xing-yang @sonasingh46 - // kep: https://kep.k8s.io/2268 - // alpha: v1.24 - // beta: v1.26 - // - // Allow pods to failover to a different node in case of non graceful node shutdown - NodeOutOfServiceVolumeDetach featuregate.Feature = "NodeOutOfServiceVolumeDetach" - - // owner: @ehashman - // alpha: v1.22 - // - // Permits kubelet to run with swap enabled - NodeSwap featuregate.Feature = "NodeSwap" - - // owner: @mortent, @atiratree, @ravig - // kep: http://kep.k8s.io/3018 - // alpha: v1.26 - // beta: v1.27 - // - // Enables PDBUnhealthyPodEvictionPolicy for PodDisruptionBudgets - PDBUnhealthyPodEvictionPolicy featuregate.Feature = "PDBUnhealthyPodEvictionPolicy" - - // owner: @haircommander - // kep: https://kep.k8s.io/2364 - // alpha: v1.23 - // - // Configures the Kubelet to use the CRI to populate pod and container stats, instead of supplimenting with stats from cAdvisor. - // Requires the CRI implementation supports supplying the required stats. - PodAndContainerStatsFromCRI featuregate.Feature = "PodAndContainerStatsFromCRI" - - // owner: @ahg-g - // alpha: v1.21 - // beta: v1.22 - // - // Enables controlling pod ranking on replicaset scale-down. - PodDeletionCost featuregate.Feature = "PodDeletionCost" - - // owner: @mimowo - // kep: https://kep.k8s.io/3329 - // alpha: v1.25 - // beta: v1.26 - // - // Enables support for appending a dedicated pod condition indicating that - // the pod is being deleted due to a disruption. - PodDisruptionConditions featuregate.Feature = "PodDisruptionConditions" - - // owner: @ddebroy - // alpha: v1.25 - // - // Enables reporting of PodHasNetwork condition in pod status after pod - // sandbox creation and network configuration completes successfully - PodHasNetworkCondition featuregate.Feature = "PodHasNetworkCondition" - - // owner: @Huang-Wei - // kep: https://kep.k8s.io/3521 - // alpha: v1.26 - // beta: v1.27 - // - // Enable users to specify when a Pod is ready for scheduling. - PodSchedulingReadiness featuregate.Feature = "PodSchedulingReadiness" - - // owner: @liggitt, @tallclair, sig-auth - // alpha: v1.22 - // beta: v1.23 - // ga: v1.25 - // - // Enables the PodSecurity admission plugin - PodSecurity featuregate.Feature = "PodSecurity" - - // owner: @ehashman - // alpha: v1.21 - // beta: v1.22 - // - // Allows user to override pod-level terminationGracePeriod for probes - ProbeTerminationGracePeriod featuregate.Feature = "ProbeTerminationGracePeriod" - - // owner: @jessfraz - // alpha: v1.12 - // - // Enables control over ProcMountType for containers. - ProcMountType featuregate.Feature = "ProcMountType" - - // owner: @andrewsykim - // kep: https://kep.k8s.io/1669 - // alpha: v1.22 - // beta: v1.26 - // - // Enable kube-proxy to handle terminating ednpoints when externalTrafficPolicy=Local - ProxyTerminatingEndpoints featuregate.Feature = "ProxyTerminatingEndpoints" - - // owner: @sjenning - // alpha: v1.11 - // - // Allows resource reservations at the QoS level preventing pods at lower QoS levels from - // bursting into resources requested at higher QoS levels (memory only for now) - QOSReserved featuregate.Feature = "QOSReserved" - - // owner: @chrishenzie - // kep: https://kep.k8s.io/2485 - // alpha: v1.22 - // beta: v1.27 - // - // Enables usage of the ReadWriteOncePod PersistentVolume access mode. - ReadWriteOncePod featuregate.Feature = "ReadWriteOncePod" - - // owner: @gnufied - // kep: https://kep.k8s.io/1790 - // alpha: v1.23 - // - // Allow users to recover from volume expansion failure - RecoverVolumeExpansionFailure featuregate.Feature = "RecoverVolumeExpansionFailure" - - // owner: @RomanBednar - // kep: https://kep.k8s.io/3333 - // alpha: v1.25 - // - // Allow assigning StorageClass to unbound PVCs retroactively - RetroactiveDefaultStorageClass featuregate.Feature = "RetroactiveDefaultStorageClass" - - // owner: @mikedanese - // alpha: v1.7 - // beta: v1.12 - // - // Gets a server certificate for the kubelet from the Certificate Signing - // Request API instead of generating one self signed and auto rotates the - // certificate as expiration approaches. - RotateKubeletServerCertificate featuregate.Feature = "RotateKubeletServerCertificate" - - // owner: @danielvegamyhre - // kep: https://kep.k8s.io/2413 - // beta: v1.27 - // - // Allows mutating spec.completions for Indexed job when done in tandem with - // spec.parallelism. Specifically, spec.completions is mutable iff spec.completions - // equals to spec.parallelism before and after the update. - ElasticIndexedJob featuregate.Feature = "ElasticIndexedJob" - - // owner: @saschagrunert - // kep: https://kep.k8s.io/2413 - // alpha: v1.22 - // beta: v1.25 - // ga: v1.27 - // - // Enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. - SeccompDefault featuregate.Feature = "SeccompDefault" - - // owner: @mtardy - // alpha: v1.0 - // - // Putting this admission plugin behind a feature gate is part of the - // deprecation process. For details about the removal see: - // https://github.com/kubernetes/kubernetes/issues/111516 - SecurityContextDeny featuregate.Feature = "SecurityContextDeny" - - // owner: @maplain @andrewsykim - // kep: https://kep.k8s.io/2086 - // alpha: v1.21 - // beta: v1.22 - // GA: v1.26 - // - // Enables node-local routing for Service internal traffic - ServiceInternalTrafficPolicy featuregate.Feature = "ServiceInternalTrafficPolicy" - - // owner: @aojea - // kep: https://kep.k8s.io/3070 - // alpha: v1.24 - // beta: v1.25 - // ga: v1.26 - // - // Subdivide the ClusterIP range for dynamic and static IP allocation. - ServiceIPStaticSubrange featuregate.Feature = "ServiceIPStaticSubrange" - - // owner: @xuzhenglun - // kep: http://kep.k8s.io/3682 - // alpha: v1.27 - // - // Subdivide the NodePort range for dynamic and static port allocation. - ServiceNodePortStaticSubrange featuregate.Feature = "ServiceNodePortStaticSubrange" - - // owner: @derekwaynecarr - // alpha: v1.20 - // beta: v1.22 - // - // Enables kubelet support to size memory backed volumes - SizeMemoryBackedVolumes featuregate.Feature = "SizeMemoryBackedVolumes" - - // owner: @alexanderConstantinescu - // kep: http://kep.k8s.io/3458 - // beta: v1.27 - // - // Enables less load balancer re-configurations by the service controller - // (KCCM) as an effect of changing node state. - StableLoadBalancerNodeSet featuregate.Feature = "StableLoadBalancerNodeSet" - - // owner: @mattcary - // alpha: v1.22 - // beta: v1.27 - // - // Enables policies controlling deletion of PVCs created by a StatefulSet. - StatefulSetAutoDeletePVC featuregate.Feature = "StatefulSetAutoDeletePVC" - - // owner: @psch - // alpha: v1.26 - // beta: v1.27 - // - // Enables a StatefulSet to start from an arbitrary non zero ordinal - StatefulSetStartOrdinal featuregate.Feature = "StatefulSetStartOrdinal" - - // owner: @robscott - // kep: https://kep.k8s.io/2433 - // alpha: v1.21 - // beta: v1.23 - // - // Enables topology aware hints for EndpointSlices - TopologyAwareHints featuregate.Feature = "TopologyAwareHints" - - // owner: @lmdaly, @swatisehgal (for GA graduation) - // alpha: v1.16 - // beta: v1.18 - // GA: v1.27 - // - // Enable resource managers to make NUMA aligned decisions - TopologyManager featuregate.Feature = "TopologyManager" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow fine-tuning of topology manager policies with alpha options. - // This feature gate: - // - will guard *a group* of topology manager options whose quality level is alpha. - // - will never graduate to beta or stable. - TopologyManagerPolicyAlphaOptions featuregate.Feature = "TopologyManagerPolicyAlphaOptions" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow fine-tuning of topology manager policies with beta options. - // This feature gate: - // - will guard *a group* of topology manager options whose quality level is beta. - // - is thus *introduced* as beta - // - will never graduate to stable. - TopologyManagerPolicyBetaOptions featuregate.Feature = "TopologyManagerPolicyBetaOptions" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow the usage of options to fine-tune the topology manager policies. - TopologyManagerPolicyOptions featuregate.Feature = "TopologyManagerPolicyOptions" - - // owner: @rata, @giuseppe - // kep: https://kep.k8s.io/127 - // alpha: v1.25 - // - // Enables user namespace support for stateless pods. - UserNamespacesStatelessPodsSupport featuregate.Feature = "UserNamespacesStatelessPodsSupport" - - // owner: @cofyc - // alpha: v1.21 - VolumeCapacityPriority featuregate.Feature = "VolumeCapacityPriority" - - // owner: @ksubrmnn - // alpha: v1.14 - // - // Allows kube-proxy to create DSR loadbalancers for Windows - WinDSR featuregate.Feature = "WinDSR" - - // owner: @ksubrmnn - // alpha: v1.14 - // beta: v1.20 - // - // Allows kube-proxy to run in Overlay mode for Windows - WinOverlay featuregate.Feature = "WinOverlay" - - // owner: @marosset - // kep: https://kep.k8s.io/3503 - // alpha: v1.26 - // - // Enables support for joining Windows containers to a hosts' network namespace. - WindowsHostNetwork featuregate.Feature = "WindowsHostNetwork" - - // owner: @marosset - // alpha: v1.22 - // beta: v1.23 - // GA: v1.26 - // - // Enables support for 'HostProcess' containers on Windows nodes. - WindowsHostProcessContainers featuregate.Feature = "WindowsHostProcessContainers" - - // owner: @kerthcet - // kep: https://kep.k8s.io/3094 - // alpha: v1.25 - // beta: v1.26 - // - // Allow users to specify whether to take nodeAffinity/nodeTaint into consideration when - // calculating pod topology spread skew. - NodeInclusionPolicyInPodTopologySpread featuregate.Feature = "NodeInclusionPolicyInPodTopologySpread" - - // owner: @jsafrane - // kep: https://kep.k8s.io/1710 - // alpha: v1.25 - // beta: v1.27 - // Speed up container startup by mounting volumes with the correct SELinux label - // instead of changing each file on the volumes recursively. - // Initial implementation focused on ReadWriteOncePod volumes. - SELinuxMountReadWriteOncePod featuregate.Feature = "SELinuxMountReadWriteOncePod" - - // owner: @vinaykul - // kep: http://kep.k8s.io/1287 - // alpha: v1.27 - // - // Enables In-Place Pod Vertical Scaling - InPlacePodVerticalScaling featuregate.Feature = "InPlacePodVerticalScaling" -) - -func init() { - runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)) -} - -// defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. -// To add a new feature, define a key for it above and add it here. The features will be -// available throughout Kubernetes binaries. -// -// Entries are separated from each other with blank lines to avoid sweeping gofmt changes -// when adding or removing one entry. -var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - CrossNamespaceVolumeDataSource: {Default: false, PreRelease: featuregate.Alpha}, - - AnyVolumeDataSource: {Default: true, PreRelease: featuregate.Beta}, // on by default in 1.24 - - APISelfSubjectReview: {Default: true, PreRelease: featuregate.Beta}, // on by default in 1.27 - - AppArmor: {Default: true, PreRelease: featuregate.Beta}, - - CloudDualStackNodeIPs: {Default: false, PreRelease: featuregate.Alpha}, - - ClusterTrustBundle: {Default: false, PreRelease: featuregate.Alpha}, - - CPUCFSQuotaPeriod: {Default: false, PreRelease: featuregate.Alpha}, - - CPUManager: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.26 - - CPUManagerPolicyAlphaOptions: {Default: false, PreRelease: featuregate.Alpha}, - - CPUManagerPolicyBetaOptions: {Default: true, PreRelease: featuregate.Beta}, - - CPUManagerPolicyOptions: {Default: true, PreRelease: featuregate.Beta}, - - CSIMigrationAzureFile: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - CSIMigrationGCE: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - CSIMigrationPortworx: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires Portworx CSI driver) - - CSIMigrationRBD: {Default: false, PreRelease: featuregate.Alpha}, // Off by default (requires RBD CSI driver) - - CSIMigrationvSphere: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - CSINodeExpandSecret: {Default: true, PreRelease: featuregate.Beta}, - - CSIStorageCapacity: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.26 - - CSIVolumeHealth: {Default: false, PreRelease: featuregate.Alpha}, - - CloudControllerManagerWebhook: {Default: false, PreRelease: featuregate.Alpha}, - - ContainerCheckpoint: {Default: false, PreRelease: featuregate.Alpha}, - - ConsistentHTTPGetHandlers: {Default: true, PreRelease: featuregate.GA}, - - CronJobTimeZone: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - DelegateFSGroupToCSIDriver: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - DevicePlugins: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.26 - - DisableAcceleratorUsageMetrics: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - DisableCloudProviders: {Default: false, PreRelease: featuregate.Alpha}, - - DisableKubeletCloudCredentialProviders: {Default: false, PreRelease: featuregate.Alpha}, - - DownwardAPIHugePages: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in v1.29 - - EndpointSliceTerminatingCondition: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in v1.28 - - DynamicResourceAllocation: {Default: false, PreRelease: featuregate.Alpha}, - - EventedPLEG: {Default: false, PreRelease: featuregate.Beta}, // off by default, requires CRI Runtime support - - ExecProbeTimeout: {Default: true, PreRelease: featuregate.GA}, // lock to default and remove after v1.22 based on KEP #1972 update - - ExpandedDNSConfig: {Default: true, PreRelease: featuregate.Beta}, - - ExperimentalHostUserNamespaceDefaultingGate: {Default: false, PreRelease: featuregate.Beta}, - - GRPCContainerProbe: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, //remove in 1.29 - - GracefulNodeShutdown: {Default: true, PreRelease: featuregate.Beta}, - - GracefulNodeShutdownBasedOnPodPriority: {Default: true, PreRelease: featuregate.Beta}, - - HPAContainerMetrics: {Default: true, PreRelease: featuregate.Beta}, - - HonorPVReclaimPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginAWSUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginAzureDiskUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginAzureFileUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginGCEUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginOpenStackUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginPortworxUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginRBDUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginvSphereUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - IPTablesOwnershipCleanup: {Default: true, PreRelease: featuregate.Beta}, - - JobPodFailurePolicy: {Default: true, PreRelease: featuregate.Beta}, - - JobMutableNodeSchedulingDirectives: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - JobReadyPods: {Default: true, PreRelease: featuregate.Beta}, - - JobTrackingWithFinalizers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - KubeletCredentialProviders: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - KubeletInUserNamespace: {Default: false, PreRelease: featuregate.Alpha}, - - KubeletPodResources: {Default: true, PreRelease: featuregate.Beta}, - - KubeletPodResourcesDynamicResources: {Default: false, PreRelease: featuregate.Alpha}, - - KubeletPodResourcesGet: {Default: false, PreRelease: featuregate.Alpha}, - - KubeletPodResourcesGetAllocatable: {Default: true, PreRelease: featuregate.Beta}, - - KubeletTracing: {Default: true, PreRelease: featuregate.Beta}, - - LegacyServiceAccountTokenNoAutoGeneration: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - LegacyServiceAccountTokenTracking: {Default: true, PreRelease: featuregate.Beta}, - - LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha}, - - LogarithmicScaleDown: {Default: true, PreRelease: featuregate.Beta}, - - MatchLabelKeysInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta}, - - MaxUnavailableStatefulSet: {Default: false, PreRelease: featuregate.Alpha}, - - MemoryManager: {Default: true, PreRelease: featuregate.Beta}, - - MemoryQoS: {Default: false, PreRelease: featuregate.Alpha}, - - MinDomainsInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta}, - - MinimizeIPTablesRestore: {Default: true, PreRelease: featuregate.Beta}, - - MixedProtocolLBService: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - MultiCIDRRangeAllocator: {Default: false, PreRelease: featuregate.Alpha}, - - MultiCIDRServiceAllocator: {Default: false, PreRelease: featuregate.Alpha}, - - NetworkPolicyStatus: {Default: false, PreRelease: featuregate.Alpha}, - - NewVolumeManagerReconstruction: {Default: false, PreRelease: featuregate.Beta}, // disabled for https://github.com/kubernetes/kubernetes/issues/117745 - - NodeLogQuery: {Default: false, PreRelease: featuregate.Alpha}, - - NodeOutOfServiceVolumeDetach: {Default: true, PreRelease: featuregate.Beta}, - - NodeSwap: {Default: false, PreRelease: featuregate.Alpha}, - - PDBUnhealthyPodEvictionPolicy: {Default: true, PreRelease: featuregate.Beta}, - - PodAndContainerStatsFromCRI: {Default: false, PreRelease: featuregate.Alpha}, - - PodDeletionCost: {Default: true, PreRelease: featuregate.Beta}, - - PodDisruptionConditions: {Default: true, PreRelease: featuregate.Beta}, - - PodHasNetworkCondition: {Default: false, PreRelease: featuregate.Alpha}, - - PodSchedulingReadiness: {Default: true, PreRelease: featuregate.Beta}, - - PodSecurity: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - ProbeTerminationGracePeriod: {Default: true, PreRelease: featuregate.Beta}, // Default to true in beta 1.25 - - ProcMountType: {Default: false, PreRelease: featuregate.Alpha}, - - ProxyTerminatingEndpoints: {Default: true, PreRelease: featuregate.Beta}, - - QOSReserved: {Default: false, PreRelease: featuregate.Alpha}, - - ReadWriteOncePod: {Default: true, PreRelease: featuregate.Beta}, - - RecoverVolumeExpansionFailure: {Default: false, PreRelease: featuregate.Alpha}, - - RetroactiveDefaultStorageClass: {Default: true, PreRelease: featuregate.Beta}, - - RotateKubeletServerCertificate: {Default: true, PreRelease: featuregate.Beta}, - - ElasticIndexedJob: {Default: true, PreRelease: featuregate.Beta}, - - SeccompDefault: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - SecurityContextDeny: {Default: false, PreRelease: featuregate.Alpha}, - - ServiceIPStaticSubrange: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - ServiceInternalTrafficPolicy: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - ServiceNodePortStaticSubrange: {Default: false, PreRelease: featuregate.Alpha}, - - SizeMemoryBackedVolumes: {Default: true, PreRelease: featuregate.Beta}, - - StableLoadBalancerNodeSet: {Default: true, PreRelease: featuregate.Beta}, - - StatefulSetAutoDeletePVC: {Default: true, PreRelease: featuregate.Beta}, - - StatefulSetStartOrdinal: {Default: true, PreRelease: featuregate.Beta}, - - TopologyAwareHints: {Default: true, PreRelease: featuregate.Beta}, - - TopologyManager: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.27; remove in 1.29 - - TopologyManagerPolicyAlphaOptions: {Default: false, PreRelease: featuregate.Alpha}, - - TopologyManagerPolicyBetaOptions: {Default: false, PreRelease: featuregate.Beta}, - - TopologyManagerPolicyOptions: {Default: false, PreRelease: featuregate.Alpha}, - - VolumeCapacityPriority: {Default: false, PreRelease: featuregate.Alpha}, - - UserNamespacesStatelessPodsSupport: {Default: false, PreRelease: featuregate.Alpha}, - - WinDSR: {Default: false, PreRelease: featuregate.Alpha}, - - WinOverlay: {Default: true, PreRelease: featuregate.Beta}, - - WindowsHostNetwork: {Default: true, PreRelease: featuregate.Alpha}, - - WindowsHostProcessContainers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - NodeInclusionPolicyInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta}, - - SELinuxMountReadWriteOncePod: {Default: false, PreRelease: featuregate.Beta}, // disabled for https://github.com/kubernetes/kubernetes/issues/117745 - - InPlacePodVerticalScaling: {Default: false, PreRelease: featuregate.Alpha}, - - // inherited features from generic apiserver, relisted here to get a conflict if it is changed - // unintentionally on either side: - - genericfeatures.AdmissionWebhookMatchConditions: {Default: false, PreRelease: featuregate.Alpha}, - - genericfeatures.AggregatedDiscoveryEndpoint: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.APIListChunking: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.AdvancedAuditing: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - genericfeatures.ValidatingAdmissionPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - genericfeatures.CustomResourceValidationExpressions: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.DryRun: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - genericfeatures.OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.OpenAPIV3: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - genericfeatures.ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - // features that enable backwards compatibility but are scheduled to be removed - // ... - HPAScaleToZero: {Default: false, PreRelease: featuregate.Alpha}, -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 1b8f2bce49..88f6392db1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1685,8 +1685,6 @@ k8s.io/apimachinery/third_party/forked/golang/reflect # k8s.io/apiserver v0.27.3 ## explicit; go 1.20 k8s.io/apiserver/pkg/authentication/user -k8s.io/apiserver/pkg/features -k8s.io/apiserver/pkg/util/feature # k8s.io/cli-runtime v0.27.3 ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions @@ -2128,10 +2126,6 @@ k8s.io/kubectl/pkg/validation # k8s.io/kubelet v0.27.3 ## explicit; go 1.20 k8s.io/kubelet/config/v1beta1 -# k8s.io/kubernetes v1.27.3 -## explicit; go 1.20 -k8s.io/kubernetes/pkg/credentialprovider -k8s.io/kubernetes/pkg/features # k8s.io/utils v0.0.0-20230505201702-9f6742963106 ## explicit; go 1.18 k8s.io/utils/buffer