diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index d8eacfcb59..d9f3a52929 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 -KUBE_GIT_VERSION=v1.26.3 -KUBE_GIT_COMMIT=b40493584076fb1ab29f3bed1d05d16cbc5b17f1 +KUBE_GIT_VERSION=v1.26.4 +KUBE_GIT_COMMIT=0001a21b5c48ec2befb79e06949a0db8120ea413 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 3c1526dbd5..d1c176ed30 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-05-25-020408 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-05-27-113034 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 16f22c94eb..393401d2d3 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-05-25-001936 +OCP_VERSION := 4.13.0-0.nightly-2023-05-27-155444 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index cb5fe643db..b72c836add 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-05-25-020408" + "base": "4.13.0-0.nightly-arm64-2023-05-27-113034" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:12a7b9e5d6bb21667dcf8e87435f32e3249e8c519793b6e7909e61cd3878c47c", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa21d034ad8f9eacd82430b1d602338954bd2b675f9e5352a0e2a1c6160ac306", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b21d44f9b053592278a87f4dcd42ce35de5e66a4a0cbeb8e92cbe5f521285a2", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e1a0466f72cb947072aac6677d95706414c25bc5c1a2b35dc50ba0b440ece355", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:011ab195a192346c1af6012deff8651ffc51e293559d5ac99ee0f6a93a5976f4", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d55d026aaa5cf82c2d292fce43f3feb20b51a6cf92aaebf02f518325d7856e82", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2c95a513fea425ceb0cae260310d68973b8a78f9ebdf29e9547d8150eed174ba", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82ed057680997519cd3c09f2751c9dd7f2c377eb440afa5dec258b5bf72f64be", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2a89b27563e268eb3c5a16ff555fba061a9904abe5d65f5a39312e816a01776", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a89e4c39eeba38f2f48f8d40fd6cfbf3d2c407d1f6d9ea00be9e1456524e488a", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6a3ebfba1ded4c4b592bbd149dc69bccad8c8fa40153e8e23df0c9e4f22fbffb", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a50d765747a6d13e9d901a752f6c194b796f72ae7a71f3afabe8fd5f0694d5e", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d014970b365f388a53a81245ac0c7ce3d9aa4807e6cececa3486fc53638daac9", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index c71cfe4e66..aa6324b96f 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-05-25-001936" + "base": "4.13.0-0.nightly-2023-05-27-155444" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:800f0bb464dc9d622c3a670e503bee267670395c9bea0fb6247737b6f826ba7d", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef20b93c7bad79e4fa20cecaf85af5a897342aefd133b5d2c693d74a4813df2c", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7f755f27f5d363577d621ca03ac7de209af9333112a5daa9b4c2efd3448ed3ed", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2b2c89aedaa44964e4cf003ef94963da2e773ace08e601592078adefa482b52", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:995fc7930a7742118a7b7fc495ef289cd11968394946db1d899e6879a5e534b5", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6887eeea92da94a928ed5d4079767c7a821406ef4742ae96822e967f3d62a9cb", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2572af11342785cfe626632c098e6dadd7417cebceb1e14e8482b1f7c8ae3bb8", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2c996db015285504e1203f33beb5385e9efbe93c34cc4ea69bab6fe5f9df0e4", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a6a814546994be95c03d3d9cbebeac87133f6df0b3fd1138269d1aee251ba20", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:09d4bee015dd9cdd168968be3fd91106af558e82cb8975191fb905d9f8825418", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6ba8c66a65d8a7d32c7d6aec772d0cc88f65bf54b16664cfedf8e068c00689a4", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6c3c9534c97cb9247b4f630cd29f5fb08a9d2fa7d73fb885da20b99881e4cff7", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4964f9b316ef38d1755f1a51287f9cbe290d3762525e003ac872a4506545186f", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:53bb5a14c1d634a465b2a87e88a5746a808837d0e36f0c45dedd0a838ffd2f65", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/etcd/go.mod b/etcd/go.mod index 05bf22752b..60469ded9d 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419022048-b40493584076 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 0b3119b0a1..c2c9dd0b98 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 h1:18/Voa5HNjfoibC1gIg3QjJcnWfVG0kQV9/mYaXXbbg= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 h1:srSSgikrw23YDBcPZtHCMKyyibaLqvFuDSe2TIg9q4c= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 h1:4hQDX9bpYUvt6CrwP8z2CjKsPkv1BtD0LClIF8Uj7RE= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 h1:OCTHSwciGu2NssQXXo5LsNsU9+Fh4BlgKcySPf2xgKg= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 h1:LKX0ig/eDBZuMTKZKhYWSbJRTFnkWgYd0uvns2I8C04= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 h1:440vm7oAjxLeLs4miXBTHVypd+cI7YBK5+HMno4zr5o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 h1:6RjIiCa4GjAr/629mPuGYfXPl+GXTUCjtIN5yQY3zW0= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 h1:2Zmpi+EDBsILaXwDx+8JaWHcUzPixRqDxc4wf/H3aDw= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 h1:jwZDbCrZdVKjxsk+I+uXBuadEHTQOWAhgB7BI/DISUg= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 h1:W11kuy7UAV6PF6R67dNBKpbQ0UriFztleOPhK45SBew= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 h1:OBnNR17XY4dItGusmd90DFppjYEHibvUXKneVvffDHU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 h1:MRXNxLQYVriLtgFXPibRh+p8RlZ9QqbyNbvkrKavtbA= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/k8s.io/api/batch/v1/generated.proto b/etcd/vendor/k8s.io/api/batch/v1/generated.proto index 74ccac921f..09144d5867 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/batch/v1/generated.proto @@ -213,8 +213,8 @@ message JobSpec { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional optional PodFailurePolicy podFailurePolicy = 11; diff --git a/etcd/vendor/k8s.io/api/batch/v1/types.go b/etcd/vendor/k8s.io/api/batch/v1/types.go index dcb15728f9..f6361391b7 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/types.go +++ b/etcd/vendor/k8s.io/api/batch/v1/types.go @@ -240,8 +240,8 @@ type JobSpec struct { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional PodFailurePolicy *PodFailurePolicy `json:"podFailurePolicy,omitempty" protobuf:"bytes,11,opt,name=podFailurePolicy"` diff --git a/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go index 89470dcc67..ab33a974cd 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go @@ -115,7 +115,7 @@ var map_JobSpec = map[string]string{ "parallelism": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "completions": "Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "activeDeadlineSeconds": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", - "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", "backoffLimit": "Specifies the number of retries before marking this job failed. Defaults to 6", "selector": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "manualSelector": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", diff --git a/etcd/vendor/k8s.io/api/core/v1/generated.proto b/etcd/vendor/k8s.io/api/core/v1/generated.proto index 416811e291..22bc1c801b 100644 --- a/etcd/vendor/k8s.io/api/core/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/core/v1/generated.proto @@ -1791,7 +1791,8 @@ message HTTPGetAction { // HTTPHeader describes a custom header to be used in HTTP probes message HTTPHeader { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. optional string name = 1; // The header field value diff --git a/etcd/vendor/k8s.io/api/core/v1/types.go b/etcd/vendor/k8s.io/api/core/v1/types.go index 0101e95d91..257fde1abd 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types.go +++ b/etcd/vendor/k8s.io/api/core/v1/types.go @@ -2137,7 +2137,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // The header field value Value string `json:"value" protobuf:"bytes,2,opt,name=value"` diff --git a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 99391a423d..7676749775 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -818,7 +818,7 @@ func (HTTPGetAction) SwaggerDoc() map[string]string { var map_HTTPHeader = map[string]string{ "": "HTTPHeader describes a custom header to be used in HTTP probes", - "name": "The header field name", + "name": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "value": "The header field value", } diff --git a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 758b0a3ac8..7470259dc8 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -92,12 +92,18 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( resourceList := &metav1.APIResourceList{} resourceList.GroupVersion = gv.String() for _, r := range v.Resources { - resource := convertAPIResource(r) - resourceList.APIResources = append(resourceList.APIResources, resource) + resource, err := convertAPIResource(r) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, resource) + } // Subresources field in new format get transformed into full APIResources. + // It is possible a partial result with an error was returned to be used + // as the parent resource for the subresource. for _, subresource := range r.Subresources { - sr := convertAPISubresource(resource, subresource) - resourceList.APIResources = append(resourceList.APIResources, sr) + sr, err := convertAPISubresource(resource, subresource) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, sr) + } } } gvResources[gv] = resourceList @@ -105,30 +111,44 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( return group, gvResources, failedGVs } -// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. -func convertAPIResource(in apidiscovery.APIResourceDiscovery) metav1.APIResource { - return metav1.APIResource{ +// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are +// resilient to missing GVK, since this resource might be the parent resource +// for a subresource. If the parent is missing a GVK, it is not returned in +// discovery, and the subresource MUST have the GVK. +func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{ Name: in.Resource, SingularName: in.SingularResource, Namespaced: in.Scope == apidiscovery.ScopeNamespace, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, Verbs: in.Verbs, ShortNames: in.ShortNames, Categories: in.Categories, } + var err error + if in.ResponseKind != nil { + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + } else { + err = fmt.Errorf("discovery resource %s missing GVK", in.Resource) + } + // Can return partial result with error, which can be the parent for a + // subresource. Do not add this result to the returned discovery resources. + return result, err } // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource. -func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) metav1.APIResource { - return metav1.APIResource{ - Name: fmt.Sprintf("%s/%s", parent.Name, in.Subresource), - SingularName: parent.SingularName, - Namespaced: parent.Namespaced, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, - Verbs: in.Verbs, +func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{} + if in.ResponseKind == nil { + return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource) } + result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource) + result.SingularName = parent.SingularName + result.Namespaced = parent.Namespaced + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + result.Verbs = in.Verbs + return result, nil } diff --git a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go index 641568008b..1253fa1f44 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "mime" "net/http" "net/url" "sort" @@ -58,8 +59,9 @@ const ( defaultBurst = 300 AcceptV1 = runtime.ContentTypeJSON - // Aggregated discovery content-type (currently v2beta1). NOTE: Currently, we are assuming the order - // for "g", "v", and "as" from the server. We can only compare this string if we can make that assumption. + // Aggregated discovery content-type (v2beta1). NOTE: content-type parameters + // MUST be ordered (g, v, as) for server in "Accept" header (BUT we are resilient + // to ordering when comparing returned values in "Content-Type" header). AcceptV2Beta1 = runtime.ContentTypeJSON + ";" + "g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" // Prioritize aggregated discovery by placing first in the order of discovery accept types. acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1 @@ -259,8 +261,16 @@ func (d *DiscoveryClient) downloadLegacy() ( var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: + switch { + case isV2Beta1ContentType(responseContentType): + var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList + err = json.Unmarshal(body, &aggregatedDiscovery) + if err != nil { + return nil, nil, nil, err + } + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) + default: + // Default is unaggregated discovery v1. var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { @@ -271,15 +281,6 @@ func (d *DiscoveryClient) downloadLegacy() ( apiGroup = apiVersionsToAPIGroup(&v) } apiGroupList.Groups = []metav1.APIGroup{apiGroup} - case AcceptV2Beta1: - var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList - err = json.Unmarshal(body, &aggregatedDiscovery) - if err != nil { - return nil, nil, nil, err - } - apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) - default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } return apiGroupList, resourcesByGV, failedGVs, nil @@ -313,13 +314,8 @@ func (d *DiscoveryClient) downloadAPIs() ( failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: - err = json.Unmarshal(body, apiGroupList) - if err != nil { - return nil, nil, nil, err - } - case AcceptV2Beta1: + switch { + case isV2Beta1ContentType(responseContentType): var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { @@ -327,12 +323,38 @@ func (d *DiscoveryClient) downloadAPIs() ( } apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + // Default is unaggregated discovery v1. + err = json.Unmarshal(body, apiGroupList) + if err != nil { + return nil, nil, nil, err + } } return apiGroupList, resourcesByGV, failedGVs, nil } +// isV2Beta1ContentType checks of the content-type string is both +// "application/json" and contains the v2beta1 content-type params. +// NOTE: This function is resilient to the ordering of the +// content-type parameters, as well as parameters added by +// intermediaries such as proxies or gateways. Examples: +// +// "application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true +// "application/json" = false +// "application/json; charset=UTF-8" = false +func isV2Beta1ContentType(contentType string) bool { + base, params, err := mime.ParseMediaType(contentType) + if err != nil { + return false + } + return runtime.ContentTypeJSON == base && + params["g"] == "apidiscovery.k8s.io" && + params["v"] == "v2beta1" && + params["as"] == "APIGroupDiscoveryList" +} + // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { diff --git a/etcd/vendor/k8s.io/client-go/openapi/client.go b/etcd/vendor/k8s.io/client-go/openapi/client.go index 7b58762acf..6a43057187 100644 --- a/etcd/vendor/k8s.io/client-go/openapi/client.go +++ b/etcd/vendor/k8s.io/client-go/openapi/client.go @@ -19,6 +19,7 @@ package openapi import ( "context" "encoding/json" + "strings" "k8s.io/client-go/rest" "k8s.io/kube-openapi/pkg/handler3" @@ -58,7 +59,11 @@ func (c *client) Paths() (map[string]GroupVersion, error) { // Create GroupVersions for each element of the result result := map[string]GroupVersion{} for k, v := range discoMap.Paths { - result[k] = newGroupVersion(c, v) + // If the server returned a URL rooted at /openapi/v3, preserve any additional client-side prefix. + // If the server returned a URL not rooted at /openapi/v3, treat it as an actual server-relative URL. + // See https://github.com/kubernetes/kubernetes/issues/117463 for details + useClientPrefix := strings.HasPrefix(v.ServerRelativeURL, "/openapi/v3") + result[k] = newGroupVersion(c, v, useClientPrefix) } return result, nil } diff --git a/etcd/vendor/k8s.io/client-go/openapi/groupversion.go b/etcd/vendor/k8s.io/client-go/openapi/groupversion.go index 32133a29b8..601dcbe3cc 100644 --- a/etcd/vendor/k8s.io/client-go/openapi/groupversion.go +++ b/etcd/vendor/k8s.io/client-go/openapi/groupversion.go @@ -18,6 +18,7 @@ package openapi import ( "context" + "net/url" "k8s.io/kube-openapi/pkg/handler3" ) @@ -29,18 +30,41 @@ type GroupVersion interface { } type groupversion struct { - client *client - item handler3.OpenAPIV3DiscoveryGroupVersion + client *client + item handler3.OpenAPIV3DiscoveryGroupVersion + useClientPrefix bool } -func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion) *groupversion { - return &groupversion{client: client, item: item} +func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion, useClientPrefix bool) *groupversion { + return &groupversion{client: client, item: item, useClientPrefix: useClientPrefix} } func (g *groupversion) Schema(contentType string) ([]byte, error) { - return g.client.restClient.Get(). - RequestURI(g.item.ServerRelativeURL). - SetHeader("Accept", contentType). - Do(context.TODO()). - Raw() + if !g.useClientPrefix { + return g.client.restClient.Get(). + RequestURI(g.item.ServerRelativeURL). + SetHeader("Accept", contentType). + Do(context.TODO()). + Raw() + } + + locator, err := url.Parse(g.item.ServerRelativeURL) + if err != nil { + return nil, err + } + + path := g.client.restClient.Get(). + AbsPath(locator.Path). + SetHeader("Accept", contentType) + + // Other than root endpoints(openapiv3/apis), resources have hash query parameter to support etags. + // However, absPath does not support handling query parameters internally, + // so that hash query parameter is added manually + for k, value := range locator.Query() { + for _, v := range value { + path.Param(k, v) + } + } + + return path.Do(context.TODO()).Raw() } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 8a1f946cbc..227113da1c 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419022048-b40493584076 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419022048-b40493584076 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525151823-0001a21b5c48 diff --git a/go.mod b/go.mod index 5e931f72ac..be43a22a60 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 - github.com/openshift/cluster-policy-controller v0.0.0-20230522020023-4aa5ecd04fa2 + github.com/openshift/cluster-policy-controller v0.0.0-20230525174645-8d2af85d0b6d github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 github.com/openshift/route-controller-manager v0.0.0-20230205134410-d7a8e22db412 github.com/pkg/errors v0.9.1 @@ -221,7 +221,7 @@ require ( k8s.io/mount-utils v0.0.0 // indirect k8s.io/pod-security-admission v0.25.0 // indirect k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230419022048-b40493584076 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419022048-b40493584076 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419022048-b40493584076 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230525151823-0001a21b5c48 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525151823-0001a21b5c48 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525151823-0001a21b5c48 // from kubernetes ) diff --git a/go.sum b/go.sum index 1b7b7851c2..6a493d1e96 100644 --- a/go.sum +++ b/go.sum @@ -607,59 +607,59 @@ github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= -github.com/openshift/cluster-policy-controller v0.0.0-20230522020023-4aa5ecd04fa2 h1:N67Dfgok+tmD1TyaxKNey+yiuLAGQDgKWgYsiHt7hAY= -github.com/openshift/cluster-policy-controller v0.0.0-20230522020023-4aa5ecd04fa2/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230419022048-b40493584076 h1:u2AkkiDmxDq//dPFtBWKCr78vBInHHfg3WZB2Pbabyc= -github.com/openshift/kubernetes v0.0.0-20230419022048-b40493584076/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 h1:18/Voa5HNjfoibC1gIg3QjJcnWfVG0kQV9/mYaXXbbg= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 h1:GFNK2kIFthFvtXvV82/FQfbwQAivBEvfgwm6z7ZITiI= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 h1:srSSgikrw23YDBcPZtHCMKyyibaLqvFuDSe2TIg9q4c= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 h1:cW2HDlRka3PRCa/mw7V+2nxkx77qJ3aJI+/xhEBEodM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 h1:4hQDX9bpYUvt6CrwP8z2CjKsPkv1BtD0LClIF8Uj7RE= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 h1:OCTHSwciGu2NssQXXo5LsNsU9+Fh4BlgKcySPf2xgKg= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 h1:GDHLUY55KlRCh64Uj4O+2oQZRVZ1S3Zfbdq82RWSeK0= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 h1:LzUurq4ojEGeRxA14Gz1/oZ1yvYNMDCz6UbqRylFQCE= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419022048-b40493584076/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 h1:LKX0ig/eDBZuMTKZKhYWSbJRTFnkWgYd0uvns2I8C04= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 h1:N32bPQHDE7oDz/D7yRMGr9mFxVXpHz1JryjB8WxxaWM= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 h1:RY8oHqwGsiu4FjIWUh69kHN2ntkBK3CEGndT8fUl/OY= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 h1:s9BbTVn/zLb9TRxeyXEKWYSV64GfS1J4bJ8rg+Fc7JY= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 h1:Mzl9AmvXYZoVfVQegFK7hE4pLaXae5PyDEhVQTxFp5o= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 h1:HsNK0QOJR36MekEUK27r1IM5Hile8sLCudm5sivz8dc= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 h1:roaxAZZSuwagJwDPH0znq4z8319qmmEn5TipnscclF8= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 h1:roDp4Noq0kkbqNWtHX/WUm7MZd3IwXUpMIRcteQJ8QQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 h1:/qyaGAbmE5SRMzoxzBo/FexQi09FOJak6Jn1KAnM9Q8= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 h1:GYaB6KpHBIYZi9jcXBZhoQWjnMx0MMoQpvhXl5c/bzo= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 h1:440vm7oAjxLeLs4miXBTHVypd+cI7YBK5+HMno4zr5o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 h1:/5C20qEBMcNzZm+rKxJPQgTGw5G/yGAz9e8sJZXuLQE= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 h1:lukfJ/LUCod241UoV/2kaGDMJp1Mv7KzA5SQU88xMQo= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 h1:wAXNp/DglgA44NhvCPpn55NkXyhAAAJOnFAd6imOhP8= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 h1:R8lYTgG9Y31o7K0CUZDdfobXc8B5rBr21LSMplzFybg= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 h1:5Hml6+jaCJqLZy9F9F8SKc8qBjhffFMDYjn7glUMWoA= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo= +github.com/openshift/cluster-policy-controller v0.0.0-20230525174645-8d2af85d0b6d h1:PkL2Y+EWd8L3FE6tLWeS6iniDV3n/+q9yFeyUixBiDU= +github.com/openshift/cluster-policy-controller v0.0.0-20230525174645-8d2af85d0b6d/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= +github.com/openshift/kubernetes v0.0.0-20230525151823-0001a21b5c48 h1:JCDt1cIYSR8tmBg9ouyBec+49wI3w1Nxqa7/jdtpkto= +github.com/openshift/kubernetes v0.0.0-20230525151823-0001a21b5c48/go.mod h1:u3MeEImeHq5jZoHhKGKXg+Oxvurj9zOySrh4xQY+5v4= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 h1:6RjIiCa4GjAr/629mPuGYfXPl+GXTUCjtIN5yQY3zW0= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 h1:habVndiURaOlpVaIaeiIDPBmlFt4Grumb78jHMfURzo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48/go.mod h1:6nUDc49G5VCzbMIQmnSPzprEBPF/Ycz0MG2c0AYLBj4= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 h1:2Zmpi+EDBsILaXwDx+8JaWHcUzPixRqDxc4wf/H3aDw= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 h1:Yi4t8L3WToFGysBaQNl3BjxabKCeIM8ArzbwamZh0lQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48/go.mod h1:uUHmsJ+bXXAixL7p1LCqavjxw1wAisdJvZbwUDnJU0I= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 h1:jwZDbCrZdVKjxsk+I+uXBuadEHTQOWAhgB7BI/DISUg= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 h1:W11kuy7UAV6PF6R67dNBKpbQ0UriFztleOPhK45SBew= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 h1:mCXNjY3/EYBt9o7FFIYME5dlr9x380SIbywcRCkLtAo= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48/go.mod h1:z7eXWAQzxEU/ijBZNI9bJXjMR14CW23MNLzAj7XgW24= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 h1:/81FdjN0ruMPmjMcaZ98ovtNr3odQZaye3e5oM9iU0E= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525151823-0001a21b5c48/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 h1:OBnNR17XY4dItGusmd90DFppjYEHibvUXKneVvffDHU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 h1:EvQwG1JjudZLe/FBnEraX5Hyhs32zoxqYLwjmrDxy3A= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 h1:O/Z0toW0Uv61cMg6U+7kcCdnVFP9PRKM8toeV1tj60I= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48/go.mod h1:hffUS55x0rZKJgDDZgnJ0Mw0okh0hnLj7dVQL1V18ks= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 h1:C1kF50ZE0uo7FZjt7Mg16XsIwdCY35sGcn++HYFikUE= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 h1:f2OPVTLQqOwAAbkMnFwW/CvNdyiuKtg//vu8shbJj8A= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 h1:vUDUuZwOsMBhJxaUIwcH5GFaoWu0EdRNQHj50b5X1Oo= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 h1:4yHHVWEdJ/ShkpE74WCxO3NgtcFfKu43qCN91dIA+n0= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 h1:7GuYlM+xxCMR/wKotxldgm3TGGBL8UYVhIrvPYkps8o= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48/go.mod h1:0VVVUwvZ0teYPb8uxBiQDY3oXB0aCw96qBeMF2aizqk= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 h1:2kGnLShCm3b6B7lncyJoCL5hKSsiRpz0W1G3WtDbW/A= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 h1:iTVDkrLntFI+0isgX7sWevJ9d9Bxrt5Hu2vaDatW6TA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 h1:MRXNxLQYVriLtgFXPibRh+p8RlZ9QqbyNbvkrKavtbA= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 h1:efZKvteO3Hu8mpMFVhUP9MThP5xpxKR8eW0RISRcUlA= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 h1:xS7T7zVcCkQsU0yqHVHcpIW9GLFNe8KWi2fedwTqwaw= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 h1:X6cQ6UfxOwt3LGqsgsMiTTycIklG9e8eVjtv/m1+DL4= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 h1:IMT/+7ucjWTwa6Vk0JXKavYNIprDELKQ2UdFSdAOXJ4= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 h1:BPFTl7NjxHEhK0zfu7lgmXhGlqGo2whL0DhFnNY1rV0= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48/go.mod h1:UWqTwuGuunsOoC1xk4zvuSXWyFu62HoMafWgzVyxmbc= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= @@ -995,6 +995,7 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1439,8 +1440,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 h1:fAPTNEpzQMOLMGwOHNbUkR2xXTQwMJOZYNx+/mLlOh0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37/go.mod h1:vfnxT4FXNT8eGvO+xi/DsyC/qHmdujqwrUa1WSspCsk= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 8dbdce8697..b2d66c6438 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:09d4bee015dd9cdd168968be3fd91106af558e82cb8975191fb905d9f8825418" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4964f9b316ef38d1755f1a51287f9cbe290d3762525e003ac872a4506545186f" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 37fe56d208..3a9bcc5868 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2a89b27563e268eb3c5a16ff555fba061a9904abe5d65f5a39312e816a01776" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a50d765747a6d13e9d901a752f6c194b796f72ae7a71f3afabe8fd5f0694d5e" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e69de29bb2..9bb02d896f 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -0,0 +1,230 @@ +# cluster-policy-controller embedded-component 4aa5ecd04fa2a35a5ae07a13707bd2e0239432a9 to 8d2af85d0b6dcf09256bd9fecc5d36ac77bc41d1 +ea24e47c0b27899565bc055e06aa8ee00af4ce58 2023-05-25T17:08:54+02:00 go mod vendor +5d4bcdc1f9bc8bf03898732f9771f1a032463688 2023-05-25T17:08:28+02:00 fix ClusterResourceQuotas to work for all api resources +# kubernetes embedded-component b40493584076fb1ab29f3bed1d05d16cbc5b17f1 to 0001a21b5c48ec2befb79e06949a0db8120ea413 +0361c1eebc7cec2622877acbe0036469c167af8b 2023-05-25T00:29:28+00:00 UPSTREAM: : hack/update-vendor.sh, make update and update image +8d2c06f19e37d2ebb77ad9ca177d20dbfc7f7831 2023-05-25T00:02:56+00:00 UPSTREAM: : manually resolve conflicts +890a139214b4de1f01543d15003b5bda71aae9c7 2023-05-17T14:08:49+00:00 Release commit for Kubernetes v1.26.5 +b6ec911f35ac3a67f546c1e1c846dbe2ec302f5b 2023-05-05T14:54:44-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc +75a7887c18bc8348d24459ace52ac59cd90053e2 2023-05-05T14:53:30-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope +b486273e08592f93bed6502bd85ec3550c16d0cd 2023-05-06T00:23:57+08:00 Update podFailurePolicy comments from alpha-level to beta +1e1e86977e275496026c6873726ba88d1a8c3a9c 2023-05-04T10:51:10+02:00 releng/go: Update images, dependencies and version to Go 1.19.9 +c031391faf85125d4e73ced06a8df12a6d6b2622 2023-05-03T18:46:13+02:00 Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP +9c77d23697604226a94eb79aed18d175a4dba291 2023-05-03T11:59:53+01:00 node: device-plugin: e2e: Additional test cases +5ab0b8b80d3923d3c0d47ba824042b3625b2aadd 2023-05-03T11:59:49+01:00 node: device-plugin: add node reboot test scenario +ce301367eeea0ff12716888a4481d19d6a64628a 2023-05-03T11:58:56+01:00 node: device-plugin: e2e: Capture pod admission failure +b0711fb744a703efca7f88f93cc9021bb9e6d055 2023-05-03T11:58:28+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring +3618af71607bfcb7fa4292f468d7386ad8fa3def 2023-05-03T11:58:21+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595 +29cb3c1655c6a0e02cc2d095efc9d71650539e2a 2023-05-03T10:25:43+01:00 node: device-mgr: e2e: Implement End to end test +ab0f78ff5c1a1c11be5dbb3a0f6650a92ca87a2c 2023-05-03T10:25:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist +ca91b8c351b5307a96d30c9fb778f4de8e35b22e 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart +abf8ce414411b2ecfad70f99d9aa75dbc826a5b1 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Provide sleep intervals via constants +96b51806e7442600239749cf7bf7d38ebc5e0b71 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Update test description to make it explicit +fa07d28f8b559f3c988a1eca12631c0bc07dfffc 2023-05-03T10:25:39+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario +26ed893e4523675e45c913abb5450a66257d9a92 2023-05-02T19:41:53+01:00 node: device-plugin: e2e: Annotate device check with error message +a940a72b56f9a5e507a9f68e0ff5d0766d4b8b53 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount +1c77cdf342d7f070a3f3b03297e7ea7a0a26759e 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: Refactor parse log to return string and error +76076d5a4519507a038f7e1f72fd1789d1f39044 2023-05-02T19:41:53+01:00 test: Fix path to e2e node sample device plugin +2c38d14ea7c5e5ac8b47efca7bc824f5efb7582c 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: manifest to avoid registration +2c5c95da07f6843463184cdce7f064b7cb624979 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: control registration process +4ff7e0e66f214d03591be3cea849a7bbab7e1b79 2023-05-02T19:41:47+01:00 e2e: node: unify sample device plugin utilities +808ce27cae46bd31b2978875069eb7c77af21886 2023-04-29T22:27:41-04:00 Bump runc go module v1.1.4 -> v1.1.6 +e2bfa0db4441c58f53c64c4e3d9eb1dc494abfd2 2023-04-29T19:20:23+03:00 Use absolute path instead requestURI in openapiv3 discovery +8943f6ce7fac9bc81d4a585420d0c0ab7ba57142 2023-04-28T22:34:11+00:00 Correct the changelog for GlusterFS removal in 1.26. +2a17b5518c6ab9a1da749c930705b9512a480f02 2023-04-26T19:11:04+00:00 Refactors discovery content-type and helper functions +b0f1337200fd7f7f89b833848553eb0ed0f4c112 2023-04-25T12:35:12-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()` +2e100780a72b0e3ac3b5698d53dacafa4bb9871e 2023-04-20T10:44:11+02:00 Investigate and fix the handling of Succeeded pods in DaemonSet +d09792e3e28e7c13114ceba3c6317716e61f333a 2023-04-19T00:59:21+02:00 KCCM: add providerID predicate to service controller +7a96ba98b88e27a3bb83ab006082f9882c1e1590 2023-04-15T23:57:33+08:00 add log includes pod preemption details +401e8446a18b8b232bebee43acc1bc49f134982f 2023-04-14T08:26:35+00:00 fix: the volume is not detached after the pod and PVC objects are deleted +23b09f8d26cb6f7a9375c6d3bf23ffcc21dcbc62 2023-04-14T11:30:47+08:00 use case-insensitive header keys for http probes +83f6cb6be707f076cd0d7e545d2771e69059bbe3 2023-04-13T16:40:31-04:00 kube-aggregator: correctly use client-go TLS cache with custom dialer +77ea6a61bb854e66d9a75c3ef8d89b733846a637 2023-04-13T13:13:19+02:00 Do not look at VPC-related resources outside the cluster's network +005e664b239a05e67d6713680bdfa9f159a621ec 2023-04-12T23:46:38-07:00 Bump konnectivity-client to 0.0.37 +e28b77e3a9584f9ae36d588acda1ed27b24702e0 2023-04-12T16:56:13-04:00 kubelet: Do not mutate pods in the pod manager +bff161d4b7c41315b9cddf966cfb5fe888280b58 2023-04-12T11:38:34-04:00 Fix azure disk e2e after migration +818177ad1b6a5089537018f952a85a63953559d4 2023-04-12T12:35:20+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.4 +f89670c3aa4059d6999cb42e23ccb4f0b9a03979 2023-04-12T12:05:34+00:00 Release commit for Kubernetes v1.26.4 +44cb625fbf3ad6c7a4a60683d755519ead760a77 2023-04-06T09:41:46+02:00 releng/go: Update images, dependencies and version to Go 1.19.8 +fb31b19f37f4c07854891482d25bbc181a65f1f5 2023-04-05T15:13:43+00:00 Return error for localhost seccomp type with no localhost profile defined +b88bbb6c62af56563df5869358380091ea3577fa 2023-03-31T11:56:35-04:00 Clean up formatting +71118bbd21124b5313b57ff5bb343e7c60bcdaa8 2023-03-22T10:38:18-04:00 Drop development dependencies from test targets +f7493edc111803cf76670174b2aeebc64a883812 2023-03-21T11:39:51-04:00 Clear front proxy headers after authentication is complete +ea85764438607cca54aa7a6210a2b9ff5b2a8c9a 2023-03-21T09:28:34-04:00 Make prerelease tag optional in CI versions +093511c2050a64cab054e42651e8f48933934c1e 2023-03-21T08:54:19-04:00 Annotate CI version regexes +2799d70d6e4c5382b6be7dcaa46d14d28ff5b399 2023-03-21T08:50:24-04:00 Drop unused regex grouping +53352e8587783533bf366532659fab88b3483332 2023-03-21T08:48:39-04:00 Update comments +170f34b1941d566f7df5b2a08ff396e47917e0dc 2023-03-21T08:48:17-04:00 Delete unused version regex function +f3ecefc31b9f40407d5af333697dbd4b12b5f289 2023-03-21T15:01:05+08:00 kubelet: Fix fs quota monitoring on volumes +cbb9d5c8011ccdebcede4b98c2584d6644c1487b 2023-03-21T15:01:04+08:00 fsquota: only generate pod uuid is nil +e6d0bca08759dbea58fef6b984178e91b1f63e21 2023-03-20T13:53:06-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint +37f3890a9f87c2acfc2c77f0b4142be2ef3ca1d6 2023-03-20T11:45:33-04:00 Add integration test for DefaultBinder +02729593bac76d0d5154f0ab9e93788141d8ffb0 2023-03-20T11:19:40+01:00 API-initiated eviction: handle deleteOptions correctly +a8d2bc0ff7537bcb17e0b85333615dafd7c1e9a9 2023-03-17T13:57:06+00:00 Change where transformers are called. +67e6297764bdfc1377919b14175c3d20d97e639a 2023-03-15T17:56:04+00:00 Aggregated discovery resilient to nil GVK +475f9010f5faa7bdd439944a6f5f1ec206297602 2023-03-15T14:03:22+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.3 +4f8f98ba29db0cbf7304563218fceaf9ca0dd138 2023-03-15T09:10:12-04:00 Bump the timeout for volume expansion +0ef7c843c280cec76af44b3667f3ce08858288d6 2023-03-15T08:47:23-04:00 Wait for pod to be running before expanding +330ffd0486499e8225ed6824e9ffe75f0946db1c 2023-03-11T00:36:46+00:00 wait again on pending state +7e3936c573bc52bde01c4e7a1d87f652d2d9b67b 2023-03-11T00:36:45+00:00 cacher allow context cancellation if not ready +c79667f6de6b564d80df9e7ef3db79412cca697f 2023-03-08T22:50:27+00:00 Unlock CSIMigrationvSphere feature gate until there is a supported vSphere CSI driver available +454fb0d43be8a806e9abd6e8e78cbc4720b193c2 2023-03-08T07:17:15+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute(). +cd7deae436c328085bcb50681b06e1cc275801db 2023-02-20T09:57:13+00:00 client-go/cache: update Replace comment to be more clear +4f55d416f2e6b566eb397670b451d96712e638f1 2023-02-20T09:57:13+00:00 client-go/cache: rewrite Replace to check queue first +d7878cdf2d6a7ec82b589aa95fd83770ba3edf2d 2023-02-20T09:57:13+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests +8509d70d3c33a038f0b5111a5e5696c833f6685b 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace without knownObjects +bd4ec0acec8844bddc7780d322f8fc215d045046 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace +302d46d2fd32e0fbd00f01e3b0fd820445bdcc8c 2023-01-04T11:11:58+01:00 CHANGELOG-1.26: move OpenStack in-tree provider removal to urgent notes +# machine-config-operator embedded-component 1ae3805822dfee3263bfd553d49fd36c648fbd12 to 5c5a902aeb55c02b5abda80f90fae264a2d5ad69 +40f0e659d379ee3683033572f38626c413b56ce7 2023-05-23T16:56:49+00:00 vendor in ignition 3.4 and ign-converter +8bef69da9353891fc25be4d70989ae9130ef0c33 2023-05-23T16:56:48+00:00 Add ignition kargs to MachineConfig on downgrade +b747693b5c0e354ee6c5a9c45ed4f372e09dad3d 2023-05-23T16:56:48+00:00 Add ignition 3.4 support, still default to 3.2 +5903dae60da73062e4877a694cdc75a07f749697 2023-05-23T16:56:48+00:00 Add ignition 3.3 support, still default to 3.2 +# kubernetes image-amd64 b40493584076fb1ab29f3bed1d05d16cbc5b17f1 to 0001a21b5c48ec2befb79e06949a0db8120ea413 +0361c1eebc7cec2622877acbe0036469c167af8b 2023-05-25T00:29:28+00:00 UPSTREAM: : hack/update-vendor.sh, make update and update image +8d2c06f19e37d2ebb77ad9ca177d20dbfc7f7831 2023-05-25T00:02:56+00:00 UPSTREAM: : manually resolve conflicts +890a139214b4de1f01543d15003b5bda71aae9c7 2023-05-17T14:08:49+00:00 Release commit for Kubernetes v1.26.5 +b6ec911f35ac3a67f546c1e1c846dbe2ec302f5b 2023-05-05T14:54:44-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc +75a7887c18bc8348d24459ace52ac59cd90053e2 2023-05-05T14:53:30-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope +b486273e08592f93bed6502bd85ec3550c16d0cd 2023-05-06T00:23:57+08:00 Update podFailurePolicy comments from alpha-level to beta +1e1e86977e275496026c6873726ba88d1a8c3a9c 2023-05-04T10:51:10+02:00 releng/go: Update images, dependencies and version to Go 1.19.9 +c031391faf85125d4e73ced06a8df12a6d6b2622 2023-05-03T18:46:13+02:00 Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP +9c77d23697604226a94eb79aed18d175a4dba291 2023-05-03T11:59:53+01:00 node: device-plugin: e2e: Additional test cases +5ab0b8b80d3923d3c0d47ba824042b3625b2aadd 2023-05-03T11:59:49+01:00 node: device-plugin: add node reboot test scenario +ce301367eeea0ff12716888a4481d19d6a64628a 2023-05-03T11:58:56+01:00 node: device-plugin: e2e: Capture pod admission failure +b0711fb744a703efca7f88f93cc9021bb9e6d055 2023-05-03T11:58:28+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring +3618af71607bfcb7fa4292f468d7386ad8fa3def 2023-05-03T11:58:21+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595 +29cb3c1655c6a0e02cc2d095efc9d71650539e2a 2023-05-03T10:25:43+01:00 node: device-mgr: e2e: Implement End to end test +ab0f78ff5c1a1c11be5dbb3a0f6650a92ca87a2c 2023-05-03T10:25:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist +ca91b8c351b5307a96d30c9fb778f4de8e35b22e 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart +abf8ce414411b2ecfad70f99d9aa75dbc826a5b1 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Provide sleep intervals via constants +96b51806e7442600239749cf7bf7d38ebc5e0b71 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Update test description to make it explicit +fa07d28f8b559f3c988a1eca12631c0bc07dfffc 2023-05-03T10:25:39+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario +26ed893e4523675e45c913abb5450a66257d9a92 2023-05-02T19:41:53+01:00 node: device-plugin: e2e: Annotate device check with error message +a940a72b56f9a5e507a9f68e0ff5d0766d4b8b53 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount +1c77cdf342d7f070a3f3b03297e7ea7a0a26759e 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: Refactor parse log to return string and error +76076d5a4519507a038f7e1f72fd1789d1f39044 2023-05-02T19:41:53+01:00 test: Fix path to e2e node sample device plugin +2c38d14ea7c5e5ac8b47efca7bc824f5efb7582c 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: manifest to avoid registration +2c5c95da07f6843463184cdce7f064b7cb624979 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: control registration process +4ff7e0e66f214d03591be3cea849a7bbab7e1b79 2023-05-02T19:41:47+01:00 e2e: node: unify sample device plugin utilities +808ce27cae46bd31b2978875069eb7c77af21886 2023-04-29T22:27:41-04:00 Bump runc go module v1.1.4 -> v1.1.6 +e2bfa0db4441c58f53c64c4e3d9eb1dc494abfd2 2023-04-29T19:20:23+03:00 Use absolute path instead requestURI in openapiv3 discovery +8943f6ce7fac9bc81d4a585420d0c0ab7ba57142 2023-04-28T22:34:11+00:00 Correct the changelog for GlusterFS removal in 1.26. +2a17b5518c6ab9a1da749c930705b9512a480f02 2023-04-26T19:11:04+00:00 Refactors discovery content-type and helper functions +b0f1337200fd7f7f89b833848553eb0ed0f4c112 2023-04-25T12:35:12-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()` +2e100780a72b0e3ac3b5698d53dacafa4bb9871e 2023-04-20T10:44:11+02:00 Investigate and fix the handling of Succeeded pods in DaemonSet +d09792e3e28e7c13114ceba3c6317716e61f333a 2023-04-19T00:59:21+02:00 KCCM: add providerID predicate to service controller +7a96ba98b88e27a3bb83ab006082f9882c1e1590 2023-04-15T23:57:33+08:00 add log includes pod preemption details +401e8446a18b8b232bebee43acc1bc49f134982f 2023-04-14T08:26:35+00:00 fix: the volume is not detached after the pod and PVC objects are deleted +23b09f8d26cb6f7a9375c6d3bf23ffcc21dcbc62 2023-04-14T11:30:47+08:00 use case-insensitive header keys for http probes +83f6cb6be707f076cd0d7e545d2771e69059bbe3 2023-04-13T16:40:31-04:00 kube-aggregator: correctly use client-go TLS cache with custom dialer +77ea6a61bb854e66d9a75c3ef8d89b733846a637 2023-04-13T13:13:19+02:00 Do not look at VPC-related resources outside the cluster's network +005e664b239a05e67d6713680bdfa9f159a621ec 2023-04-12T23:46:38-07:00 Bump konnectivity-client to 0.0.37 +e28b77e3a9584f9ae36d588acda1ed27b24702e0 2023-04-12T16:56:13-04:00 kubelet: Do not mutate pods in the pod manager +bff161d4b7c41315b9cddf966cfb5fe888280b58 2023-04-12T11:38:34-04:00 Fix azure disk e2e after migration +818177ad1b6a5089537018f952a85a63953559d4 2023-04-12T12:35:20+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.4 +f89670c3aa4059d6999cb42e23ccb4f0b9a03979 2023-04-12T12:05:34+00:00 Release commit for Kubernetes v1.26.4 +44cb625fbf3ad6c7a4a60683d755519ead760a77 2023-04-06T09:41:46+02:00 releng/go: Update images, dependencies and version to Go 1.19.8 +fb31b19f37f4c07854891482d25bbc181a65f1f5 2023-04-05T15:13:43+00:00 Return error for localhost seccomp type with no localhost profile defined +b88bbb6c62af56563df5869358380091ea3577fa 2023-03-31T11:56:35-04:00 Clean up formatting +71118bbd21124b5313b57ff5bb343e7c60bcdaa8 2023-03-22T10:38:18-04:00 Drop development dependencies from test targets +f7493edc111803cf76670174b2aeebc64a883812 2023-03-21T11:39:51-04:00 Clear front proxy headers after authentication is complete +ea85764438607cca54aa7a6210a2b9ff5b2a8c9a 2023-03-21T09:28:34-04:00 Make prerelease tag optional in CI versions +093511c2050a64cab054e42651e8f48933934c1e 2023-03-21T08:54:19-04:00 Annotate CI version regexes +2799d70d6e4c5382b6be7dcaa46d14d28ff5b399 2023-03-21T08:50:24-04:00 Drop unused regex grouping +53352e8587783533bf366532659fab88b3483332 2023-03-21T08:48:39-04:00 Update comments +170f34b1941d566f7df5b2a08ff396e47917e0dc 2023-03-21T08:48:17-04:00 Delete unused version regex function +f3ecefc31b9f40407d5af333697dbd4b12b5f289 2023-03-21T15:01:05+08:00 kubelet: Fix fs quota monitoring on volumes +cbb9d5c8011ccdebcede4b98c2584d6644c1487b 2023-03-21T15:01:04+08:00 fsquota: only generate pod uuid is nil +e6d0bca08759dbea58fef6b984178e91b1f63e21 2023-03-20T13:53:06-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint +37f3890a9f87c2acfc2c77f0b4142be2ef3ca1d6 2023-03-20T11:45:33-04:00 Add integration test for DefaultBinder +02729593bac76d0d5154f0ab9e93788141d8ffb0 2023-03-20T11:19:40+01:00 API-initiated eviction: handle deleteOptions correctly +a8d2bc0ff7537bcb17e0b85333615dafd7c1e9a9 2023-03-17T13:57:06+00:00 Change where transformers are called. +67e6297764bdfc1377919b14175c3d20d97e639a 2023-03-15T17:56:04+00:00 Aggregated discovery resilient to nil GVK +475f9010f5faa7bdd439944a6f5f1ec206297602 2023-03-15T14:03:22+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.3 +4f8f98ba29db0cbf7304563218fceaf9ca0dd138 2023-03-15T09:10:12-04:00 Bump the timeout for volume expansion +0ef7c843c280cec76af44b3667f3ce08858288d6 2023-03-15T08:47:23-04:00 Wait for pod to be running before expanding +330ffd0486499e8225ed6824e9ffe75f0946db1c 2023-03-11T00:36:46+00:00 wait again on pending state +7e3936c573bc52bde01c4e7a1d87f652d2d9b67b 2023-03-11T00:36:45+00:00 cacher allow context cancellation if not ready +c79667f6de6b564d80df9e7ef3db79412cca697f 2023-03-08T22:50:27+00:00 Unlock CSIMigrationvSphere feature gate until there is a supported vSphere CSI driver available +454fb0d43be8a806e9abd6e8e78cbc4720b193c2 2023-03-08T07:17:15+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute(). +cd7deae436c328085bcb50681b06e1cc275801db 2023-02-20T09:57:13+00:00 client-go/cache: update Replace comment to be more clear +4f55d416f2e6b566eb397670b451d96712e638f1 2023-02-20T09:57:13+00:00 client-go/cache: rewrite Replace to check queue first +d7878cdf2d6a7ec82b589aa95fd83770ba3edf2d 2023-02-20T09:57:13+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests +8509d70d3c33a038f0b5111a5e5696c833f6685b 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace without knownObjects +bd4ec0acec8844bddc7780d322f8fc215d045046 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace +302d46d2fd32e0fbd00f01e3b0fd820445bdcc8c 2023-01-04T11:11:58+01:00 CHANGELOG-1.26: move OpenStack in-tree provider removal to urgent notes +# kubernetes image-arm64 b40493584076fb1ab29f3bed1d05d16cbc5b17f1 to 0001a21b5c48ec2befb79e06949a0db8120ea413 +0361c1eebc7cec2622877acbe0036469c167af8b 2023-05-25T00:29:28+00:00 UPSTREAM: : hack/update-vendor.sh, make update and update image +8d2c06f19e37d2ebb77ad9ca177d20dbfc7f7831 2023-05-25T00:02:56+00:00 UPSTREAM: : manually resolve conflicts +890a139214b4de1f01543d15003b5bda71aae9c7 2023-05-17T14:08:49+00:00 Release commit for Kubernetes v1.26.5 +b6ec911f35ac3a67f546c1e1c846dbe2ec302f5b 2023-05-05T14:54:44-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc +75a7887c18bc8348d24459ace52ac59cd90053e2 2023-05-05T14:53:30-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope +b486273e08592f93bed6502bd85ec3550c16d0cd 2023-05-06T00:23:57+08:00 Update podFailurePolicy comments from alpha-level to beta +1e1e86977e275496026c6873726ba88d1a8c3a9c 2023-05-04T10:51:10+02:00 releng/go: Update images, dependencies and version to Go 1.19.9 +c031391faf85125d4e73ced06a8df12a6d6b2622 2023-05-03T18:46:13+02:00 Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP +9c77d23697604226a94eb79aed18d175a4dba291 2023-05-03T11:59:53+01:00 node: device-plugin: e2e: Additional test cases +5ab0b8b80d3923d3c0d47ba824042b3625b2aadd 2023-05-03T11:59:49+01:00 node: device-plugin: add node reboot test scenario +ce301367eeea0ff12716888a4481d19d6a64628a 2023-05-03T11:58:56+01:00 node: device-plugin: e2e: Capture pod admission failure +b0711fb744a703efca7f88f93cc9021bb9e6d055 2023-05-03T11:58:28+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring +3618af71607bfcb7fa4292f468d7386ad8fa3def 2023-05-03T11:58:21+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595 +29cb3c1655c6a0e02cc2d095efc9d71650539e2a 2023-05-03T10:25:43+01:00 node: device-mgr: e2e: Implement End to end test +ab0f78ff5c1a1c11be5dbb3a0f6650a92ca87a2c 2023-05-03T10:25:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist +ca91b8c351b5307a96d30c9fb778f4de8e35b22e 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart +abf8ce414411b2ecfad70f99d9aa75dbc826a5b1 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Provide sleep intervals via constants +96b51806e7442600239749cf7bf7d38ebc5e0b71 2023-05-03T10:25:43+01:00 node: device-plugin: e2e: Update test description to make it explicit +fa07d28f8b559f3c988a1eca12631c0bc07dfffc 2023-05-03T10:25:39+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario +26ed893e4523675e45c913abb5450a66257d9a92 2023-05-02T19:41:53+01:00 node: device-plugin: e2e: Annotate device check with error message +a940a72b56f9a5e507a9f68e0ff5d0766d4b8b53 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount +1c77cdf342d7f070a3f3b03297e7ea7a0a26759e 2023-05-02T19:41:53+01:00 node: device-plugins: e2e: Refactor parse log to return string and error +76076d5a4519507a038f7e1f72fd1789d1f39044 2023-05-02T19:41:53+01:00 test: Fix path to e2e node sample device plugin +2c38d14ea7c5e5ac8b47efca7bc824f5efb7582c 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: manifest to avoid registration +2c5c95da07f6843463184cdce7f064b7cb624979 2023-05-02T19:41:53+01:00 node: device-mgr: sample device plugin: control registration process +4ff7e0e66f214d03591be3cea849a7bbab7e1b79 2023-05-02T19:41:47+01:00 e2e: node: unify sample device plugin utilities +808ce27cae46bd31b2978875069eb7c77af21886 2023-04-29T22:27:41-04:00 Bump runc go module v1.1.4 -> v1.1.6 +e2bfa0db4441c58f53c64c4e3d9eb1dc494abfd2 2023-04-29T19:20:23+03:00 Use absolute path instead requestURI in openapiv3 discovery +8943f6ce7fac9bc81d4a585420d0c0ab7ba57142 2023-04-28T22:34:11+00:00 Correct the changelog for GlusterFS removal in 1.26. +2a17b5518c6ab9a1da749c930705b9512a480f02 2023-04-26T19:11:04+00:00 Refactors discovery content-type and helper functions +b0f1337200fd7f7f89b833848553eb0ed0f4c112 2023-04-25T12:35:12-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()` +2e100780a72b0e3ac3b5698d53dacafa4bb9871e 2023-04-20T10:44:11+02:00 Investigate and fix the handling of Succeeded pods in DaemonSet +d09792e3e28e7c13114ceba3c6317716e61f333a 2023-04-19T00:59:21+02:00 KCCM: add providerID predicate to service controller +7a96ba98b88e27a3bb83ab006082f9882c1e1590 2023-04-15T23:57:33+08:00 add log includes pod preemption details +401e8446a18b8b232bebee43acc1bc49f134982f 2023-04-14T08:26:35+00:00 fix: the volume is not detached after the pod and PVC objects are deleted +23b09f8d26cb6f7a9375c6d3bf23ffcc21dcbc62 2023-04-14T11:30:47+08:00 use case-insensitive header keys for http probes +83f6cb6be707f076cd0d7e545d2771e69059bbe3 2023-04-13T16:40:31-04:00 kube-aggregator: correctly use client-go TLS cache with custom dialer +77ea6a61bb854e66d9a75c3ef8d89b733846a637 2023-04-13T13:13:19+02:00 Do not look at VPC-related resources outside the cluster's network +005e664b239a05e67d6713680bdfa9f159a621ec 2023-04-12T23:46:38-07:00 Bump konnectivity-client to 0.0.37 +e28b77e3a9584f9ae36d588acda1ed27b24702e0 2023-04-12T16:56:13-04:00 kubelet: Do not mutate pods in the pod manager +bff161d4b7c41315b9cddf966cfb5fe888280b58 2023-04-12T11:38:34-04:00 Fix azure disk e2e after migration +818177ad1b6a5089537018f952a85a63953559d4 2023-04-12T12:35:20+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.4 +f89670c3aa4059d6999cb42e23ccb4f0b9a03979 2023-04-12T12:05:34+00:00 Release commit for Kubernetes v1.26.4 +44cb625fbf3ad6c7a4a60683d755519ead760a77 2023-04-06T09:41:46+02:00 releng/go: Update images, dependencies and version to Go 1.19.8 +fb31b19f37f4c07854891482d25bbc181a65f1f5 2023-04-05T15:13:43+00:00 Return error for localhost seccomp type with no localhost profile defined +b88bbb6c62af56563df5869358380091ea3577fa 2023-03-31T11:56:35-04:00 Clean up formatting +71118bbd21124b5313b57ff5bb343e7c60bcdaa8 2023-03-22T10:38:18-04:00 Drop development dependencies from test targets +f7493edc111803cf76670174b2aeebc64a883812 2023-03-21T11:39:51-04:00 Clear front proxy headers after authentication is complete +ea85764438607cca54aa7a6210a2b9ff5b2a8c9a 2023-03-21T09:28:34-04:00 Make prerelease tag optional in CI versions +093511c2050a64cab054e42651e8f48933934c1e 2023-03-21T08:54:19-04:00 Annotate CI version regexes +2799d70d6e4c5382b6be7dcaa46d14d28ff5b399 2023-03-21T08:50:24-04:00 Drop unused regex grouping +53352e8587783533bf366532659fab88b3483332 2023-03-21T08:48:39-04:00 Update comments +170f34b1941d566f7df5b2a08ff396e47917e0dc 2023-03-21T08:48:17-04:00 Delete unused version regex function +f3ecefc31b9f40407d5af333697dbd4b12b5f289 2023-03-21T15:01:05+08:00 kubelet: Fix fs quota monitoring on volumes +cbb9d5c8011ccdebcede4b98c2584d6644c1487b 2023-03-21T15:01:04+08:00 fsquota: only generate pod uuid is nil +e6d0bca08759dbea58fef6b984178e91b1f63e21 2023-03-20T13:53:06-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint +37f3890a9f87c2acfc2c77f0b4142be2ef3ca1d6 2023-03-20T11:45:33-04:00 Add integration test for DefaultBinder +02729593bac76d0d5154f0ab9e93788141d8ffb0 2023-03-20T11:19:40+01:00 API-initiated eviction: handle deleteOptions correctly +a8d2bc0ff7537bcb17e0b85333615dafd7c1e9a9 2023-03-17T13:57:06+00:00 Change where transformers are called. +67e6297764bdfc1377919b14175c3d20d97e639a 2023-03-15T17:56:04+00:00 Aggregated discovery resilient to nil GVK +475f9010f5faa7bdd439944a6f5f1ec206297602 2023-03-15T14:03:22+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.3 +4f8f98ba29db0cbf7304563218fceaf9ca0dd138 2023-03-15T09:10:12-04:00 Bump the timeout for volume expansion +0ef7c843c280cec76af44b3667f3ce08858288d6 2023-03-15T08:47:23-04:00 Wait for pod to be running before expanding +330ffd0486499e8225ed6824e9ffe75f0946db1c 2023-03-11T00:36:46+00:00 wait again on pending state +7e3936c573bc52bde01c4e7a1d87f652d2d9b67b 2023-03-11T00:36:45+00:00 cacher allow context cancellation if not ready +c79667f6de6b564d80df9e7ef3db79412cca697f 2023-03-08T22:50:27+00:00 Unlock CSIMigrationvSphere feature gate until there is a supported vSphere CSI driver available +454fb0d43be8a806e9abd6e8e78cbc4720b193c2 2023-03-08T07:17:15+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute(). +cd7deae436c328085bcb50681b06e1cc275801db 2023-02-20T09:57:13+00:00 client-go/cache: update Replace comment to be more clear +4f55d416f2e6b566eb397670b451d96712e638f1 2023-02-20T09:57:13+00:00 client-go/cache: rewrite Replace to check queue first +d7878cdf2d6a7ec82b589aa95fd83770ba3edf2d 2023-02-20T09:57:13+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests +8509d70d3c33a038f0b5111a5e5696c833f6685b 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace without knownObjects +bd4ec0acec8844bddc7780d322f8fc215d045046 2023-02-20T09:57:13+00:00 client-go/cache: fix missing delete event on replace +302d46d2fd32e0fbd00f01e3b0fd820445bdcc8c 2023-01-04T11:11:58+01:00 CHANGELOG-1.26: move OpenStack in-tree provider removal to urgent notes diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 56812b18f5..40bec85abf 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -5,10 +5,10 @@ https://github.com/openshift/cluster-kube-controller-manager-operator embedded-c https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 https://github.com/openshift/cluster-network-operator embedded-component 3ed6bef191d49ede92ab8f7f684826a1b7967928 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 -https://github.com/openshift/cluster-policy-controller embedded-component 4aa5ecd04fa2a35a5ae07a13707bd2e0239432a9 +https://github.com/openshift/cluster-policy-controller embedded-component 8d2af85d0b6dcf09256bd9fecc5d36ac77bc41d1 https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component b40493584076fb1ab29f3bed1d05d16cbc5b17f1 -https://github.com/openshift/machine-config-operator embedded-component 1ae3805822dfee3263bfd553d49fd36c648fbd12 +https://github.com/openshift/kubernetes embedded-component 0001a21b5c48ec2befb79e06949a0db8120ea413 +https://github.com/openshift/machine-config-operator embedded-component 5c5a902aeb55c02b5abda80f90fae264a2d5ad69 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -17,12 +17,12 @@ https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce733 https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-amd64 db0dbadc1a409f40345e921e991bd3e22c55490a -https://github.com/openshift/kubernetes image-amd64 b40493584076fb1ab29f3bed1d05d16cbc5b17f1 +https://github.com/openshift/kubernetes image-amd64 0001a21b5c48ec2befb79e06949a0db8120ea413 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-arm64 db0dbadc1a409f40345e921e991bd3e22c55490a -https://github.com/openshift/kubernetes image-arm64 b40493584076fb1ab29f3bed1d05d16cbc5b17f1 +https://github.com/openshift/kubernetes image-arm64 0001a21b5c48ec2befb79e06949a0db8120ea413 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 233bc4b5f1..b18a83f52f 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-05-25-001936" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-05-25-020408" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-05-27-155444" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-05-27-113034" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go index 6f6fbaaec0..4f02c205d1 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go @@ -11,30 +11,20 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/metadata" + "k8s.io/client-go/metadata/metadatainformer" "k8s.io/client-go/rest" "k8s.io/controller-manager/app" "k8s.io/controller-manager/pkg/clientbuilder" openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1" - appsclient "github.com/openshift/client-go/apps/clientset/versioned" - appsinformer "github.com/openshift/client-go/apps/informers/externalversions" - buildclient "github.com/openshift/client-go/build/clientset/versioned" - buildinformer "github.com/openshift/client-go/build/informers/externalversions" - configclient "github.com/openshift/client-go/config/clientset/versioned" - configinformer "github.com/openshift/client-go/config/informers/externalversions" imageclient "github.com/openshift/client-go/image/clientset/versioned" imageinformer "github.com/openshift/client-go/image/informers/externalversions" - operatorclient "github.com/openshift/client-go/operator/clientset/versioned" - operatorinformer "github.com/openshift/client-go/operator/informers/externalversions" quotaclient "github.com/openshift/client-go/quota/clientset/versioned" quotainformer "github.com/openshift/client-go/quota/informers/externalversions" - routeclient "github.com/openshift/client-go/route/clientset/versioned" - routeinformer "github.com/openshift/client-go/route/informers/externalversions" securityclient "github.com/openshift/client-go/security/clientset/versioned" securityinformer "github.com/openshift/client-go/security/informers/externalversions" securityinternalclient "github.com/openshift/client-go/securityinternal/clientset/versioned" - templateclient "github.com/openshift/client-go/template/clientset/versioned" - templateinformer "github.com/openshift/client-go/template/informers/externalversions" "github.com/openshift/library-go/pkg/controller/controllercmd" "github.com/openshift/cluster-policy-controller/pkg/client/genericinformers" @@ -64,18 +54,11 @@ func NewControllerContext( clientConfig.Burst = clientConfig.Burst/10 + 1 } - appsClient, err := appsclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - buildClient, err := buildclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - configClient, err := configclient.NewForConfig(nonProtobufConfig(clientConfig)) + metadataClient, err := metadata.NewForConfig(clientConfig) if err != nil { return nil, err } + imageClient, err := imageclient.NewForConfig(clientConfig) if err != nil { return nil, err @@ -84,18 +67,6 @@ func NewControllerContext( if err != nil { return nil, err } - routerClient, err := routeclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - templateClient, err := templateclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - operatorClient, err := operatorclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } securityClient, err := securityclient.NewForConfig(clientConfig) if err != nil { return nil, err @@ -109,15 +80,10 @@ func NewControllerContext( ControllerClientBuilder: clientbuilder.NewDynamicClientBuilder(rest.AnonymousClientConfig(clientConfig), kubeClient.CoreV1(), defaultOpenShiftInfraNamespace), }, KubernetesInformers: informers.NewSharedInformerFactory(kubeClient, defaultInformerResyncPeriod), - AppsInformers: appsinformer.NewSharedInformerFactory(appsClient, defaultInformerResyncPeriod), - BuildInformers: buildinformer.NewSharedInformerFactory(buildClient, defaultInformerResyncPeriod), - ConfigInformers: configinformer.NewSharedInformerFactory(configClient, defaultInformerResyncPeriod), + MetadataInformers: metadatainformer.NewSharedInformerFactory(metadataClient, defaultInformerResyncPeriod), ImageInformers: imageinformer.NewSharedInformerFactory(imageClient, defaultInformerResyncPeriod), - OperatorInformers: operatorinformer.NewSharedInformerFactory(operatorClient, defaultInformerResyncPeriod), QuotaInformers: quotainformer.NewSharedInformerFactory(quotaClient, defaultInformerResyncPeriod), - RouteInformers: routeinformer.NewSharedInformerFactory(routerClient, defaultInformerResyncPeriod), SecurityInformers: securityinformer.NewSharedInformerFactory(securityClient, defaultInformerResyncPeriod), - TemplateInformers: templateinformer.NewSharedInformerFactory(templateClient, defaultInformerResyncPeriod), InformersStarted: make(chan struct{}), } openshiftControllerContext.GenericResourceInformer = openshiftControllerContext.ToGenericInformer() @@ -128,27 +94,17 @@ func NewControllerContext( func (c *EnhancedControllerContext) ToGenericInformer() genericinformers.GenericResourceInformer { return genericinformers.NewGenericInformers( c.StartInformers, + // first shared informers used by the controllers c.KubernetesInformers, - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.AppsInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.BuildInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.ConfigInformers.ForResource(resource) - }), genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { return c.ImageInformers.ForResource(resource) }), genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { return c.QuotaInformers.ForResource(resource) }), + // fallback to metadata shared informers genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.RouteInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.TemplateInformers.ForResource(resource) + return c.MetadataInformers.ForResource(resource), nil }), ) } @@ -161,16 +117,10 @@ type EnhancedControllerContext struct { ClientBuilder ControllerClientBuilder KubernetesInformers informers.SharedInformerFactory + MetadataInformers metadatainformer.SharedInformerFactory - TemplateInformers templateinformer.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory - RouteInformers routeinformer.SharedInformerFactory - - AppsInformers appsinformer.SharedInformerFactory - BuildInformers buildinformer.SharedInformerFactory - ConfigInformers configinformer.SharedInformerFactory ImageInformers imageinformer.SharedInformerFactory - OperatorInformers operatorinformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory GenericResourceInformer genericinformers.GenericResourceInformer @@ -185,16 +135,11 @@ type EnhancedControllerContext struct { func (c *EnhancedControllerContext) StartInformers(stopCh <-chan struct{}) { c.KubernetesInformers.Start(stopCh) - c.AppsInformers.Start(stopCh) - c.BuildInformers.Start(stopCh) - c.ConfigInformers.Start(stopCh) c.ImageInformers.Start(stopCh) c.SecurityInformers.Start(stopCh) - - c.TemplateInformers.Start(stopCh) c.QuotaInformers.Start(stopCh) - c.RouteInformers.Start(stopCh) - c.OperatorInformers.Start(stopCh) + + c.MetadataInformers.Start(stopCh) c.informersStartedLock.Lock() defer c.informersStartedLock.Unlock() @@ -211,30 +156,14 @@ func (c *EnhancedControllerContext) IsControllerEnabled(name string) bool { type ControllerClientBuilder interface { clientbuilder.ControllerClientBuilder - OpenshiftAppsClient(name string) (appsclient.Interface, error) - OpenshiftAppsClientOrDie(name string) appsclient.Interface - - OpenshiftBuildClient(name string) (buildclient.Interface, error) - OpenshiftBuildClientOrDie(name string) buildclient.Interface - - OpenshiftConfigClient(name string) (configclient.Interface, error) - OpenshiftConfigClientOrDie(name string) configclient.Interface - OpenshiftSecurityClient(name string) (securityinternalclient.Interface, error) OpenshiftSecurityClientOrDie(name string) securityinternalclient.Interface - // OpenShift clients based on generated internal clientsets - OpenshiftTemplateClient(name string) (templateclient.Interface, error) - OpenshiftTemplateClientOrDie(name string) templateclient.Interface - OpenshiftImageClient(name string) (imageclient.Interface, error) OpenshiftImageClientOrDie(name string) imageclient.Interface OpenshiftQuotaClient(name string) (quotaclient.Interface, error) OpenshiftQuotaClientOrDie(name string) quotaclient.Interface - - OpenshiftOperatorClient(name string) (operatorclient.Interface, error) - OpenshiftOperatorClientOrDie(name string) operatorclient.Interface } // InitFunc is used to launch a particular controller. It may run additional "should I activate checks". @@ -246,44 +175,6 @@ type OpenshiftControllerClientBuilder struct { clientbuilder.ControllerClientBuilder } -func (b OpenshiftControllerClientBuilder) OpenshiftOperatorClient(name string) (operatorclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return operatorclient.NewForConfig(clientConfig) -} - -func (b OpenshiftControllerClientBuilder) OpenshiftOperatorClientOrDie(name string) operatorclient.Interface { - client, err := b.OpenshiftOperatorClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftInternalTemplateClient provides a REST client for the template API. -// If the client cannot be created because of configuration error, this function -// will return an error. -func (b OpenshiftControllerClientBuilder) OpenshiftTemplateClient(name string) (templateclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return templateclient.NewForConfig(clientConfig) -} - -// OpenshiftInternalTemplateClientOrDie provides a REST client for the template API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftTemplateClientOrDie(name string) templateclient.Interface { - client, err := b.OpenshiftTemplateClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - // OpenshiftImageClient provides a REST client for the image API. // If the client cannot be created because of configuration error, this function // will error. @@ -306,72 +197,6 @@ func (b OpenshiftControllerClientBuilder) OpenshiftImageClientOrDie(name string) return client } -// OpenshiftAppsClient provides a REST client for the apps API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftAppsClient(name string) (appsclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return appsclient.NewForConfig(clientConfig) -} - -// OpenshiftAppsClientOrDie provides a REST client for the apps API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftAppsClientOrDie(name string) appsclient.Interface { - client, err := b.OpenshiftAppsClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftBuildClient provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftBuildClient(name string) (buildclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return buildclient.NewForConfig(clientConfig) -} - -// OpenshiftBuildClientOrDie provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftBuildClientOrDie(name string) buildclient.Interface { - client, err := b.OpenshiftBuildClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftConfigClient provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftConfigClient(name string) (configclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return configclient.NewForConfig(nonProtobufConfig(clientConfig)) -} - -// OpenshiftConfigClientOrDie provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftConfigClientOrDie(name string) configclient.Interface { - client, err := b.OpenshiftConfigClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - func (b OpenshiftControllerClientBuilder) OpenshiftQuotaClient(name string) (quotaclient.Interface, error) { clientConfig, err := b.Config(name) if err != nil { diff --git a/vendor/k8s.io/api/batch/v1/generated.proto b/vendor/k8s.io/api/batch/v1/generated.proto index 74ccac921f..09144d5867 100644 --- a/vendor/k8s.io/api/batch/v1/generated.proto +++ b/vendor/k8s.io/api/batch/v1/generated.proto @@ -213,8 +213,8 @@ message JobSpec { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional optional PodFailurePolicy podFailurePolicy = 11; diff --git a/vendor/k8s.io/api/batch/v1/types.go b/vendor/k8s.io/api/batch/v1/types.go index dcb15728f9..f6361391b7 100644 --- a/vendor/k8s.io/api/batch/v1/types.go +++ b/vendor/k8s.io/api/batch/v1/types.go @@ -240,8 +240,8 @@ type JobSpec struct { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional PodFailurePolicy *PodFailurePolicy `json:"podFailurePolicy,omitempty" protobuf:"bytes,11,opt,name=podFailurePolicy"` diff --git a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go index 89470dcc67..ab33a974cd 100644 --- a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go @@ -115,7 +115,7 @@ var map_JobSpec = map[string]string{ "parallelism": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "completions": "Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "activeDeadlineSeconds": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", - "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", "backoffLimit": "Specifies the number of retries before marking this job failed. Defaults to 6", "selector": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "manualSelector": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 416811e291..22bc1c801b 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -1791,7 +1791,8 @@ message HTTPGetAction { // HTTPHeader describes a custom header to be used in HTTP probes message HTTPHeader { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. optional string name = 1; // The header field value diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 0101e95d91..257fde1abd 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -2137,7 +2137,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // The header field value Value string `json:"value" protobuf:"bytes,2,opt,name=value"` diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 99391a423d..7676749775 100644 --- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -818,7 +818,7 @@ func (HTTPGetAction) SwaggerDoc() map[string]string { var map_HTTPHeader = map[string]string{ "": "HTTPHeader describes a custom header to be used in HTTP probes", - "name": "The header field name", + "name": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "value": "The header field value", } diff --git a/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go b/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go index abf509a97d..d027327398 100644 --- a/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go +++ b/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go @@ -163,17 +163,7 @@ func (a *requestHeaderAuthRequestHandler) AuthenticateRequest(req *http.Request) extra := newExtra(req.Header, a.extraHeaderPrefixes.Value()) // clear headers used for authentication - for _, headerName := range a.nameHeaders.Value() { - req.Header.Del(headerName) - } - for _, headerName := range a.groupHeaders.Value() { - req.Header.Del(headerName) - } - for k := range extra { - for _, prefix := range a.extraHeaderPrefixes.Value() { - req.Header.Del(prefix + k) - } - } + ClearAuthenticationHeaders(req.Header, a.nameHeaders, a.groupHeaders, a.extraHeaderPrefixes) return &authenticator.Response{ User: &user.DefaultInfo{ @@ -184,6 +174,26 @@ func (a *requestHeaderAuthRequestHandler) AuthenticateRequest(req *http.Request) }, true, nil } +func ClearAuthenticationHeaders(h http.Header, nameHeaders, groupHeaders, extraHeaderPrefixes StringSliceProvider) { + for _, headerName := range nameHeaders.Value() { + h.Del(headerName) + } + for _, headerName := range groupHeaders.Value() { + h.Del(headerName) + } + for _, prefix := range extraHeaderPrefixes.Value() { + for k := range h { + if hasPrefixIgnoreCase(k, prefix) { + delete(h, k) // we have the raw key so avoid relying on canonicalization + } + } + } +} + +func hasPrefixIgnoreCase(s, prefix string) bool { + return len(s) >= len(prefix) && strings.EqualFold(s[:len(prefix)], prefix) +} + func headerValue(h http.Header, headerNames []string) string { for _, headerName := range headerNames { headerValue := h.Get(headerName) @@ -226,7 +236,7 @@ func newExtra(h http.Header, headerPrefixes []string) map[string][]string { // we have to iterate over prefixes first in order to have proper ordering inside the value slices for _, prefix := range headerPrefixes { for headerName, vv := range h { - if !strings.HasPrefix(strings.ToLower(headerName), strings.ToLower(prefix)) { + if !hasPrefixIgnoreCase(headerName, prefix) { continue } diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go b/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go index d69cfef32d..d6741bf3a3 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go @@ -27,6 +27,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/authentication/authenticator" + "k8s.io/apiserver/pkg/authentication/authenticatorfactory" + "k8s.io/apiserver/pkg/authentication/request/headerrequest" "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/klog/v2" @@ -38,15 +40,20 @@ type recordMetrics func(context.Context, *authenticator.Response, bool, error, a // stores any such user found onto the provided context for the request. If authentication fails or returns an error // the failed handler is used. On success, "Authorization" header is removed from the request and handler // is invoked to serve the request. -func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences) http.Handler { - return withAuthentication(handler, auth, failed, apiAuds, recordAuthMetrics) +func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, requestHeaderConfig *authenticatorfactory.RequestHeaderConfig) http.Handler { + return withAuthentication(handler, auth, failed, apiAuds, requestHeaderConfig, recordAuthMetrics) } -func withAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, metrics recordMetrics) http.Handler { +func withAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, requestHeaderConfig *authenticatorfactory.RequestHeaderConfig, metrics recordMetrics) http.Handler { if auth == nil { klog.Warning("Authentication is disabled") return handler } + standardRequestHeaderConfig := &authenticatorfactory.RequestHeaderConfig{ + UsernameHeaders: headerrequest.StaticStringSlice{"X-Remote-User"}, + GroupHeaders: headerrequest.StaticStringSlice{"X-Remote-Group"}, + ExtraHeaderPrefixes: headerrequest.StaticStringSlice{"X-Remote-Extra-"}, + } return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { authenticationStart := time.Now() @@ -76,6 +83,24 @@ func withAuthentication(handler http.Handler, auth authenticator.Request, failed // authorization header is not required anymore in case of a successful authentication. req.Header.Del("Authorization") + // delete standard front proxy headers + headerrequest.ClearAuthenticationHeaders( + req.Header, + standardRequestHeaderConfig.UsernameHeaders, + standardRequestHeaderConfig.GroupHeaders, + standardRequestHeaderConfig.ExtraHeaderPrefixes, + ) + + // also delete any custom front proxy headers + if requestHeaderConfig != nil { + headerrequest.ClearAuthenticationHeaders( + req.Header, + requestHeaderConfig.UsernameHeaders, + requestHeaderConfig.GroupHeaders, + requestHeaderConfig.ExtraHeaderPrefixes, + ) + } + req = req.WithContext(genericapirequest.WithUser(req.Context(), resp.User)) handler.ServeHTTP(w, req) }) diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go index 71f4990a02..78c1d2f52a 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go @@ -162,8 +162,13 @@ func createHandler(r rest.NamedCreater, scope *RequestScope, admit admission.Int userInfo, _ := request.UserFrom(ctx) if objectMeta, err := meta.Accessor(obj); err == nil { - // Wipe fields which cannot take user-provided values - rest.WipeObjectMetaSystemFields(objectMeta) + preserveObjectMetaSystemFields := false + if c, ok := r.(rest.SubresourceObjectMetaPreserver); ok && len(scope.Subresource) > 0 { + preserveObjectMetaSystemFields = c.PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate() + } + if !preserveObjectMetaSystemFields { + rest.WipeObjectMetaSystemFields(objectMeta) + } // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object if err := rest.EnsureObjectNamespaceMatchesRequestNamespace(rest.ExpectedNamespaceForResource(namespace, scope.Resource), objectMeta); err != nil { diff --git a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go index 55b31a745a..e122248f86 100644 --- a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go +++ b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go @@ -199,7 +199,7 @@ func CalculateUsageStats(options quota.UsageStatsOptions, // need to verify that the item matches the set of scopes matchesScopes := true for _, scope := range options.Scopes { - innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope}, item) + innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope, Operator: corev1.ScopeSelectorOpExists}, item) if err != nil { return result, nil } diff --git a/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go b/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go index 6330ea8f53..7b8d90e60e 100644 --- a/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go +++ b/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go @@ -203,6 +203,13 @@ type NamedCreater interface { Create(ctx context.Context, name string, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) } +// SubresourceObjectMetaPreserver adds configuration options to a Creater for subresources. +type SubresourceObjectMetaPreserver interface { + // PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate indicates that a + // handler should preserve fields of ObjectMeta that are managed by the system. + PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate() bool +} + // UpdatedObjectInfo provides information about an updated object to an Updater. // It requires access to the old object in order to return the newly updated object. type UpdatedObjectInfo interface { diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go index cd4844dced..edeaea1c82 100644 --- a/vendor/k8s.io/apiserver/pkg/server/config.go +++ b/vendor/k8s.io/apiserver/pkg/server/config.go @@ -344,6 +344,8 @@ type AuthenticationInfo struct { APIAudiences authenticator.Audiences // Authenticator determines which subject is making the request Authenticator authenticator.Request + + RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig } type AuthorizationInfo struct { @@ -966,7 +968,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler { failedHandler = filterlatency.TrackCompleted(failedHandler) handler = filterlatency.TrackCompleted(handler) - handler = genericapifilters.WithAuthentication(handler, c.Authentication.Authenticator, failedHandler, c.Authentication.APIAudiences) + handler = genericapifilters.WithAuthentication(handler, c.Authentication.Authenticator, failedHandler, c.Authentication.APIAudiences, c.Authentication.RequestHeaderConfig) handler = filterlatency.TrackStarted(handler, c.TracerProvider, "authentication") handler = genericfilters.WithCORS(handler, c.CorsAllowedOriginList, nil, nil, nil, "true") diff --git a/vendor/k8s.io/apiserver/pkg/server/options/authentication.go b/vendor/k8s.io/apiserver/pkg/server/options/authentication.go index 296d8530e0..e9a61d30b9 100644 --- a/vendor/k8s.io/apiserver/pkg/server/options/authentication.go +++ b/vendor/k8s.io/apiserver/pkg/server/options/authentication.go @@ -76,6 +76,16 @@ func (s *RequestHeaderAuthenticationOptions) Validate() []error { allErrors = append(allErrors, err) } + if len(s.UsernameHeaders) > 0 && !caseInsensitiveHas(s.UsernameHeaders, "X-Remote-User") { + klog.Warningf("--requestheader-username-headers is set without specifying the standard X-Remote-User header - API aggregation will not work") + } + if len(s.GroupHeaders) > 0 && !caseInsensitiveHas(s.GroupHeaders, "X-Remote-Group") { + klog.Warningf("--requestheader-group-headers is set without specifying the standard X-Remote-Group header - API aggregation will not work") + } + if len(s.ExtraHeaderPrefixes) > 0 && !caseInsensitiveHas(s.ExtraHeaderPrefixes, "X-Remote-Extra-") { + klog.Warningf("--requestheader-extra-headers-prefix is set without specifying the standard X-Remote-Extra- header prefix - API aggregation will not work") + } + return allErrors } @@ -89,6 +99,15 @@ func checkForWhiteSpaceOnly(flag string, headerNames ...string) error { return nil } +func caseInsensitiveHas(headers []string, header string) bool { + for _, h := range headers { + if strings.EqualFold(h, header) { + return true + } + } + return false +} + func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { if s == nil { return @@ -357,6 +376,7 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut } if requestHeaderConfig != nil { cfg.RequestHeaderConfig = requestHeaderConfig + authenticationInfo.RequestHeaderConfig = requestHeaderConfig if err = authenticationInfo.ApplyClientCert(cfg.RequestHeaderConfig.CAContentProvider, servingInfo); err != nil { return fmt.Errorf("unable to load request-header-client-ca-file: %v", err) } diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go index dfa2115790..91db0804f8 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go +++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go @@ -487,7 +487,7 @@ func (c *Cacher) Watch(ctx context.Context, key string, opts storage.ListOptions return nil, err } - if err := c.ready.wait(); err != nil { + if err := c.ready.wait(ctx); err != nil { return nil, errors.NewServiceUnavailable(err.Error()) } @@ -586,7 +586,7 @@ func (c *Cacher) Get(ctx context.Context, key string, opts storage.GetOptions, o // Do not create a trace - it's not for free and there are tons // of Get requests. We can add it if it will be really needed. - if err := c.ready.wait(); err != nil { + if err := c.ready.wait(ctx); err != nil { return errors.NewServiceUnavailable(err.Error()) } @@ -676,7 +676,7 @@ func (c *Cacher) GetList(ctx context.Context, key string, opts storage.ListOptio attribute.Stringer("type", c.groupResource)) defer span.End(500 * time.Millisecond) - if err := c.ready.wait(); err != nil { + if err := c.ready.wait(ctx); err != nil { return errors.NewServiceUnavailable(err.Error()) } span.AddEvent("Ready") @@ -1085,7 +1085,7 @@ func filterWithAttrsFunction(key string, p storage.SelectionPredicate) filterWit // LastSyncResourceVersion returns resource version to which the underlying cache is synced. func (c *Cacher) LastSyncResourceVersion() (uint64, error) { - if err := c.ready.wait(); err != nil { + if err := c.ready.wait(context.Background()); err != nil { return 0, errors.NewServiceUnavailable(err.Error()) } diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go index 8278dd2b2f..47e03fe9e2 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go +++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go @@ -17,6 +17,7 @@ limitations under the License. package cacher import ( + "context" "fmt" "sync" ) @@ -30,67 +31,111 @@ const ( ) // ready is a three state condition variable that blocks until is Ready if is not Stopped. -// Its initial state is Pending. +// Its initial state is Pending and its state machine diagram is as follow. +// +// Pending <------> Ready -----> Stopped +// +// | ^ +// └---------------------------┘ type ready struct { - state status - c *sync.Cond + state status // represent the state of the variable + lock sync.RWMutex // protect the state variable + restartLock sync.Mutex // protect the transition from ready to pending where the channel is recreated + waitCh chan struct{} // blocks until is ready or stopped } func newReady() *ready { return &ready{ - c: sync.NewCond(&sync.RWMutex{}), - state: Pending, + waitCh: make(chan struct{}), + state: Pending, } } +// done close the channel once the state is Ready or Stopped +func (r *ready) done() chan struct{} { + r.restartLock.Lock() + defer r.restartLock.Unlock() + return r.waitCh +} + // wait blocks until it is Ready or Stopped, it returns an error if is Stopped. -func (r *ready) wait() error { - r.c.L.Lock() - defer r.c.L.Unlock() - for r.state == Pending { - r.c.Wait() - } - switch r.state { - case Ready: - return nil - case Stopped: - return fmt.Errorf("apiserver cacher is stopped") - default: - return fmt.Errorf("unexpected apiserver cache state: %v", r.state) +func (r *ready) wait(ctx context.Context) error { + for { + // r.done() only blocks if state is Pending + select { + case <-ctx.Done(): + return ctx.Err() + case <-r.done(): + } + + r.lock.RLock() + switch r.state { + case Pending: + // since we allow to switch between the states Pending and Ready + // if there is a quick transition from Pending -> Ready -> Pending + // a process that was waiting can get unblocked and see a Pending + // state again. If the state is Pending we have to wait again to + // avoid an inconsistent state on the system, with some processes not + // waiting despite the state moved back to Pending. + r.lock.RUnlock() + case Ready: + r.lock.RUnlock() + return nil + case Stopped: + r.lock.RUnlock() + return fmt.Errorf("apiserver cacher is stopped") + default: + r.lock.RUnlock() + return fmt.Errorf("unexpected apiserver cache state: %v", r.state) + } } } // check returns true only if it is Ready. func (r *ready) check() bool { - // TODO: Make check() function more sophisticated, in particular - // allow it to behave as "waitWithTimeout". - rwMutex := r.c.L.(*sync.RWMutex) - rwMutex.RLock() - defer rwMutex.RUnlock() + r.lock.RLock() + defer r.lock.RUnlock() return r.state == Ready } // set the state to Pending (false) or Ready (true), it does not have effect if the state is Stopped. func (r *ready) set(ok bool) { - r.c.L.Lock() - defer r.c.L.Unlock() + r.lock.Lock() + defer r.lock.Unlock() if r.state == Stopped { return } - if ok { + if ok && r.state == Pending { r.state = Ready - } else { + select { + case <-r.waitCh: + default: + close(r.waitCh) + } + } else if !ok && r.state == Ready { + // creating the waitCh can be racy if + // something enter the wait() method + select { + case <-r.waitCh: + r.restartLock.Lock() + r.waitCh = make(chan struct{}) + r.restartLock.Unlock() + default: + } r.state = Pending } - r.c.Broadcast() } // stop the condition variable and set it as Stopped. This state is irreversible. func (r *ready) stop() { - r.c.L.Lock() - defer r.c.L.Unlock() + r.lock.Lock() + defer r.lock.Unlock() if r.state != Stopped { r.state = Stopped - r.c.Broadcast() + } + select { + case <-r.waitCh: + default: + close(r.waitCh) } } diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 758b0a3ac8..7470259dc8 100644 --- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -92,12 +92,18 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( resourceList := &metav1.APIResourceList{} resourceList.GroupVersion = gv.String() for _, r := range v.Resources { - resource := convertAPIResource(r) - resourceList.APIResources = append(resourceList.APIResources, resource) + resource, err := convertAPIResource(r) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, resource) + } // Subresources field in new format get transformed into full APIResources. + // It is possible a partial result with an error was returned to be used + // as the parent resource for the subresource. for _, subresource := range r.Subresources { - sr := convertAPISubresource(resource, subresource) - resourceList.APIResources = append(resourceList.APIResources, sr) + sr, err := convertAPISubresource(resource, subresource) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, sr) + } } } gvResources[gv] = resourceList @@ -105,30 +111,44 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( return group, gvResources, failedGVs } -// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. -func convertAPIResource(in apidiscovery.APIResourceDiscovery) metav1.APIResource { - return metav1.APIResource{ +// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are +// resilient to missing GVK, since this resource might be the parent resource +// for a subresource. If the parent is missing a GVK, it is not returned in +// discovery, and the subresource MUST have the GVK. +func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{ Name: in.Resource, SingularName: in.SingularResource, Namespaced: in.Scope == apidiscovery.ScopeNamespace, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, Verbs: in.Verbs, ShortNames: in.ShortNames, Categories: in.Categories, } + var err error + if in.ResponseKind != nil { + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + } else { + err = fmt.Errorf("discovery resource %s missing GVK", in.Resource) + } + // Can return partial result with error, which can be the parent for a + // subresource. Do not add this result to the returned discovery resources. + return result, err } // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource. -func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) metav1.APIResource { - return metav1.APIResource{ - Name: fmt.Sprintf("%s/%s", parent.Name, in.Subresource), - SingularName: parent.SingularName, - Namespaced: parent.Namespaced, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, - Verbs: in.Verbs, +func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{} + if in.ResponseKind == nil { + return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource) } + result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource) + result.SingularName = parent.SingularName + result.Namespaced = parent.Namespaced + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + result.Verbs = in.Verbs + return result, nil } diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 641568008b..1253fa1f44 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "mime" "net/http" "net/url" "sort" @@ -58,8 +59,9 @@ const ( defaultBurst = 300 AcceptV1 = runtime.ContentTypeJSON - // Aggregated discovery content-type (currently v2beta1). NOTE: Currently, we are assuming the order - // for "g", "v", and "as" from the server. We can only compare this string if we can make that assumption. + // Aggregated discovery content-type (v2beta1). NOTE: content-type parameters + // MUST be ordered (g, v, as) for server in "Accept" header (BUT we are resilient + // to ordering when comparing returned values in "Content-Type" header). AcceptV2Beta1 = runtime.ContentTypeJSON + ";" + "g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" // Prioritize aggregated discovery by placing first in the order of discovery accept types. acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1 @@ -259,8 +261,16 @@ func (d *DiscoveryClient) downloadLegacy() ( var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: + switch { + case isV2Beta1ContentType(responseContentType): + var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList + err = json.Unmarshal(body, &aggregatedDiscovery) + if err != nil { + return nil, nil, nil, err + } + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) + default: + // Default is unaggregated discovery v1. var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { @@ -271,15 +281,6 @@ func (d *DiscoveryClient) downloadLegacy() ( apiGroup = apiVersionsToAPIGroup(&v) } apiGroupList.Groups = []metav1.APIGroup{apiGroup} - case AcceptV2Beta1: - var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList - err = json.Unmarshal(body, &aggregatedDiscovery) - if err != nil { - return nil, nil, nil, err - } - apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) - default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } return apiGroupList, resourcesByGV, failedGVs, nil @@ -313,13 +314,8 @@ func (d *DiscoveryClient) downloadAPIs() ( failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: - err = json.Unmarshal(body, apiGroupList) - if err != nil { - return nil, nil, nil, err - } - case AcceptV2Beta1: + switch { + case isV2Beta1ContentType(responseContentType): var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { @@ -327,12 +323,38 @@ func (d *DiscoveryClient) downloadAPIs() ( } apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + // Default is unaggregated discovery v1. + err = json.Unmarshal(body, apiGroupList) + if err != nil { + return nil, nil, nil, err + } } return apiGroupList, resourcesByGV, failedGVs, nil } +// isV2Beta1ContentType checks of the content-type string is both +// "application/json" and contains the v2beta1 content-type params. +// NOTE: This function is resilient to the ordering of the +// content-type parameters, as well as parameters added by +// intermediaries such as proxies or gateways. Examples: +// +// "application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true +// "application/json" = false +// "application/json; charset=UTF-8" = false +func isV2Beta1ContentType(contentType string) bool { + base, params, err := mime.ParseMediaType(contentType) + if err != nil { + return false + } + return runtime.ContentTypeJSON == base && + params["g"] == "apidiscovery.k8s.io" && + params["v"] == "v2beta1" && + params["as"] == "APIGroupDiscoveryList" +} + // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { diff --git a/vendor/k8s.io/client-go/openapi/client.go b/vendor/k8s.io/client-go/openapi/client.go index 7b58762acf..6a43057187 100644 --- a/vendor/k8s.io/client-go/openapi/client.go +++ b/vendor/k8s.io/client-go/openapi/client.go @@ -19,6 +19,7 @@ package openapi import ( "context" "encoding/json" + "strings" "k8s.io/client-go/rest" "k8s.io/kube-openapi/pkg/handler3" @@ -58,7 +59,11 @@ func (c *client) Paths() (map[string]GroupVersion, error) { // Create GroupVersions for each element of the result result := map[string]GroupVersion{} for k, v := range discoMap.Paths { - result[k] = newGroupVersion(c, v) + // If the server returned a URL rooted at /openapi/v3, preserve any additional client-side prefix. + // If the server returned a URL not rooted at /openapi/v3, treat it as an actual server-relative URL. + // See https://github.com/kubernetes/kubernetes/issues/117463 for details + useClientPrefix := strings.HasPrefix(v.ServerRelativeURL, "/openapi/v3") + result[k] = newGroupVersion(c, v, useClientPrefix) } return result, nil } diff --git a/vendor/k8s.io/client-go/openapi/groupversion.go b/vendor/k8s.io/client-go/openapi/groupversion.go index 32133a29b8..601dcbe3cc 100644 --- a/vendor/k8s.io/client-go/openapi/groupversion.go +++ b/vendor/k8s.io/client-go/openapi/groupversion.go @@ -18,6 +18,7 @@ package openapi import ( "context" + "net/url" "k8s.io/kube-openapi/pkg/handler3" ) @@ -29,18 +30,41 @@ type GroupVersion interface { } type groupversion struct { - client *client - item handler3.OpenAPIV3DiscoveryGroupVersion + client *client + item handler3.OpenAPIV3DiscoveryGroupVersion + useClientPrefix bool } -func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion) *groupversion { - return &groupversion{client: client, item: item} +func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion, useClientPrefix bool) *groupversion { + return &groupversion{client: client, item: item, useClientPrefix: useClientPrefix} } func (g *groupversion) Schema(contentType string) ([]byte, error) { - return g.client.restClient.Get(). - RequestURI(g.item.ServerRelativeURL). - SetHeader("Accept", contentType). - Do(context.TODO()). - Raw() + if !g.useClientPrefix { + return g.client.restClient.Get(). + RequestURI(g.item.ServerRelativeURL). + SetHeader("Accept", contentType). + Do(context.TODO()). + Raw() + } + + locator, err := url.Parse(g.item.ServerRelativeURL) + if err != nil { + return nil, err + } + + path := g.client.restClient.Get(). + AbsPath(locator.Path). + SetHeader("Accept", contentType) + + // Other than root endpoints(openapiv3/apis), resources have hash query parameter to support etags. + // However, absPath does not support handling query parameters internally, + // so that hash query parameter is added manually + for k, value := range locator.Query() { + for _, v := range value { + path.Param(k, v) + } + } + + return path.Do(context.TODO()).Raw() } diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go index 0762da3bef..96005ff585 100644 --- a/vendor/k8s.io/client-go/tools/cache/controller.go +++ b/vendor/k8s.io/client-go/tools/cache/controller.go @@ -353,17 +353,6 @@ func NewIndexerInformer( return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil) } -// TransformFunc allows for transforming an object before it will be processed -// and put into the controller cache and before the corresponding handlers will -// be called on it. -// TransformFunc (similarly to ResourceEventHandler functions) should be able -// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown -// -// The most common usage pattern is to clean-up some parts of the object to -// reduce component memory usage if a given component doesn't care about them. -// given controller doesn't care for them -type TransformFunc func(interface{}) (interface{}, error) - // NewTransformingInformer returns a Store and a controller for populating // the store while also providing event notifications. You should only used // the returned Store for Get/List operations; Add/Modify/Deletes will cause @@ -411,19 +400,11 @@ func processDeltas( // Object which receives event notifications from the given deltas handler ResourceEventHandler, clientState Store, - transformer TransformFunc, deltas Deltas, ) error { // from oldest to newest for _, d := range deltas { obj := d.Object - if transformer != nil { - var err error - obj, err = transformer(obj) - if err != nil { - return err - } - } switch d.Type { case Sync, Replaced, Added, Updated: @@ -475,6 +456,7 @@ func newInformer( fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: clientState, EmitDeltaTypeReplaced: true, + Transformer: transformer, }) cfg := &Config{ @@ -486,7 +468,7 @@ func newInformer( Process: func(obj interface{}) error { if deltas, ok := obj.(Deltas); ok { - return processDeltas(h, clientState, transformer, deltas) + return processDeltas(h, clientState, deltas) } return errors.New("object given as Process argument is not Deltas") }, diff --git a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go index 0c13a41f06..84f3ab9ca1 100644 --- a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go +++ b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go @@ -51,6 +51,10 @@ type DeltaFIFOOptions struct { // When true, `Replaced` events will be sent for items passed to a Replace() call. // When false, `Sync` events will be sent instead. EmitDeltaTypeReplaced bool + + // If set, will be called for objects before enqueueing them. Please + // see the comment on TransformFunc for details. + Transformer TransformFunc } // DeltaFIFO is like FIFO, but differs in two ways. One is that the @@ -129,8 +133,32 @@ type DeltaFIFO struct { // emitDeltaTypeReplaced is whether to emit the Replaced or Sync // DeltaType when Replace() is called (to preserve backwards compat). emitDeltaTypeReplaced bool + + // Called with every object if non-nil. + transformer TransformFunc } +// TransformFunc allows for transforming an object before it will be processed. +// TransformFunc (similarly to ResourceEventHandler functions) should be able +// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown. +// +// New in v1.27: In such cases, the contained object will already have gone +// through the transform object separately (when it was added / updated prior +// to the delete), so the TransformFunc can likely safely ignore such objects +// (i.e., just return the input object). +// +// The most common usage pattern is to clean-up some parts of the object to +// reduce component memory usage if a given component doesn't care about them. +// +// New in v1.27: unless the object is a DeletedFinalStateUnknown, TransformFunc +// sees the object before any other actor, and it is now safe to mutate the +// object in place instead of making a copy. +// +// Note that TransformFunc is called while inserting objects into the +// notification queue and is therefore extremely performance sensitive; please +// do not do anything that will take a long time. +type TransformFunc func(interface{}) (interface{}, error) + // DeltaType is the type of a change (addition, deletion, etc) type DeltaType string @@ -227,6 +255,7 @@ func NewDeltaFIFOWithOptions(opts DeltaFIFOOptions) *DeltaFIFO { knownObjects: opts.KnownObjects, emitDeltaTypeReplaced: opts.EmitDeltaTypeReplaced, + transformer: opts.Transformer, } f.cond.L = &f.lock return f @@ -411,6 +440,21 @@ func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) err if err != nil { return KeyError{obj, err} } + + // Every object comes through this code path once, so this is a good + // place to call the transform func. If obj is a + // DeletedFinalStateUnknown tombstone, then the containted inner object + // will already have gone through the transformer, but we document that + // this can happen. In cases involving Replace(), such an object can + // come through multiple times. + if f.transformer != nil { + var err error + obj, err = f.transformer(obj) + if err != nil { + return err + } + } + oldDeltas := f.items[id] newDeltas := append(oldDeltas, Delta{actionType, obj}) newDeltas = dedupDeltas(newDeltas) @@ -566,12 +610,11 @@ func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) { // using the Sync or Replace DeltaType and then (2) it does some deletions. // In particular: for every pre-existing key K that is not the key of // an object in `list` there is the effect of -// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object -// of K. If `f.knownObjects == nil` then the pre-existing keys are -// those in `f.items` and the current object of K is the `.Newest()` -// of the Deltas associated with K. Otherwise the pre-existing keys -// are those listed by `f.knownObjects` and the current object of K is -// what `f.knownObjects.GetByKey(K)` returns. +// `Delete(DeletedFinalStateUnknown{K, O})` where O is the latest known +// object of K. The pre-existing keys are those in the union set of the keys in +// `f.items` and `f.knownObjects` (if not nil). The last known object for key K is +// the one present in the last delta in `f.items`. If there is no delta for K +// in `f.items`, it is the object in `f.knownObjects` func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { f.lock.Lock() defer f.lock.Unlock() @@ -595,51 +638,23 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } - if f.knownObjects == nil { - // Do deletion detection against our own list. - queuedDeletions := 0 - for k, oldItem := range f.items { - if keys.Has(k) { - continue - } - // Delete pre-existing items not in the new list. - // This could happen if watch deletion event was missed while - // disconnected from apiserver. - var deletedObj interface{} - if n := oldItem.Newest(); n != nil { - deletedObj = n.Object - } - queuedDeletions++ - if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { - return err - } - } - - if !f.populated { - f.populated = true - // While there shouldn't be any queued deletions in the initial - // population of the queue, it's better to be on the safe side. - f.initialPopulationCount = keys.Len() + queuedDeletions - } - - return nil - } - - // Detect deletions not already in the queue. - knownKeys := f.knownObjects.ListKeys() + // Do deletion detection against objects in the queue queuedDeletions := 0 - for _, k := range knownKeys { + for k, oldItem := range f.items { if keys.Has(k) { continue } - - deletedObj, exists, err := f.knownObjects.GetByKey(k) - if err != nil { - deletedObj = nil - klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) - } else if !exists { - deletedObj = nil - klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + // Delete pre-existing items not in the new list. + // This could happen if watch deletion event was missed while + // disconnected from apiserver. + var deletedObj interface{} + if n := oldItem.Newest(); n != nil { + deletedObj = n.Object + + // if the previous object is a DeletedFinalStateUnknown, we have to extract the actual Object + if d, ok := deletedObj.(DeletedFinalStateUnknown); ok { + deletedObj = d.Obj + } } queuedDeletions++ if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { @@ -647,6 +662,32 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } + if f.knownObjects != nil { + // Detect deletions for objects not present in the queue, but present in KnownObjects + knownKeys := f.knownObjects.ListKeys() + for _, k := range knownKeys { + if keys.Has(k) { + continue + } + if len(f.items[k]) > 0 { + continue + } + + deletedObj, exists, err := f.knownObjects.GetByKey(k) + if err != nil { + deletedObj = nil + klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) + } else if !exists { + deletedObj = nil + klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + } + queuedDeletions++ + if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { + return err + } + } + } + if !f.populated { f.populated = true f.initialPopulationCount = keys.Len() + queuedDeletions diff --git a/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/vendor/k8s.io/client-go/tools/cache/shared_informer.go index f5c7316a1d..4979642ce1 100644 --- a/vendor/k8s.io/client-go/tools/cache/shared_informer.go +++ b/vendor/k8s.io/client-go/tools/cache/shared_informer.go @@ -198,10 +198,7 @@ type SharedInformer interface { // // Must be set before starting the informer. // - // Note: Since the object given to the handler may be already shared with - // other goroutines, it is advisable to copy the object being - // transform before mutating it at all and returning the copy to prevent - // data races. + // Please see the comment on TransformFunc for more details. SetTransform(handler TransformFunc) error // IsStopped reports whether the informer has already been stopped. @@ -422,6 +419,7 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) { fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: s.indexer, EmitDeltaTypeReplaced: true, + Transformer: s.transform, }) cfg := &Config{ @@ -585,7 +583,7 @@ func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error { defer s.blockDeltas.Unlock() if deltas, ok := obj.(Deltas); ok { - return processDeltas(s, s.indexer, s.transform, deltas) + return processDeltas(s, s.indexer, deltas) } return errors.New("object given as Process argument is not Deltas") } diff --git a/vendor/k8s.io/cloud-provider/cloud.go b/vendor/k8s.io/cloud-provider/cloud.go index 44c62ccc03..7e7bf9dfab 100644 --- a/vendor/k8s.io/cloud-provider/cloud.go +++ b/vendor/k8s.io/cloud-provider/cloud.go @@ -218,6 +218,11 @@ type Route struct { Name string // TargetNode is the NodeName of the target instance. TargetNode types.NodeName + // EnableNodeAddresses is a feature gate for TargetNodeAddresses. If false, ignore TargetNodeAddresses. + // Without this, if users haven't updated their cloud-provider, reconcile() will delete and create same route every time. + EnableNodeAddresses bool + // TargetNodeAddresses are the Node IPs of the target Node. + TargetNodeAddresses []v1.NodeAddress // DestinationCIDR is the CIDR format IP range that this routing rule // applies to. DestinationCIDR string diff --git a/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go b/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go index a2b51b7b3f..072e860b0f 100644 --- a/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go +++ b/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "net" + "reflect" "sync" "time" @@ -46,9 +47,9 @@ import ( ) const ( - // Maximal number of concurrent CreateRoute API calls. + // Maximal number of concurrent route operation API calls. // TODO: This should be per-provider. - maxConcurrentRouteCreations int = 200 + maxConcurrentRouteOperations int = 200 ) var updateNetworkConditionBackoff = wait.Backoff{ @@ -135,22 +136,56 @@ func (rc *RouteController) reconcileNodeRoutes(ctx context.Context) error { return rc.reconcile(ctx, nodes, routeList) } +type routeAction string + +var ( + keep routeAction = "keep" + add routeAction = "add" + remove routeAction = "remove" + update routeAction = "update" +) + +type routeNode struct { + name types.NodeName + addrs []v1.NodeAddress + routes []*cloudprovider.Route + cidrWithActions *map[string]routeAction +} + func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, routes []*cloudprovider.Route) error { var l sync.Mutex - // for each node a map of podCIDRs and their created status - nodeRoutesStatuses := make(map[types.NodeName]map[string]bool) - // routeMap maps routeTargetNode->route - routeMap := make(map[types.NodeName][]*cloudprovider.Route) + // routeMap includes info about a target Node and its addresses, routes and a map between Pod CIDRs and actions. + // If action is add/remove, the route will be added/removed. + // If action is keep, the route will not be touched. + // If action is update, the route will be deleted and then added. + routeMap := make(map[types.NodeName]routeNode) + + // Put current routes into routeMap. for _, route := range routes { - if route.TargetNode != "" { - routeMap[route.TargetNode] = append(routeMap[route.TargetNode], route) + if route.TargetNode == "" { + continue } + rn, ok := routeMap[route.TargetNode] + if !ok { + rn = routeNode{ + name: route.TargetNode, + addrs: []v1.NodeAddress{}, + routes: []*cloudprovider.Route{}, + cidrWithActions: &map[string]routeAction{}, + } + } else if rn.routes == nil { + rn.routes = []*cloudprovider.Route{} + } + rn.routes = append(rn.routes, route) + routeMap[route.TargetNode] = rn } wg := sync.WaitGroup{} - rateLimiter := make(chan struct{}, maxConcurrentRouteCreations) + rateLimiter := make(chan struct{}, maxConcurrentRouteOperations) // searches existing routes by node for a matching route + // Check Nodes and their Pod CIDRs. Then put expected route actions into nodePodCIDRActionMap. + // Add addresses of Nodes into routeMap. for _, node := range nodes { // Skip if the node hasn't been assigned a CIDR yet. if len(node.Spec.PodCIDRs) == 0 { @@ -158,26 +193,101 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout } nodeName := types.NodeName(node.Name) l.Lock() - nodeRoutesStatuses[nodeName] = make(map[string]bool) + rn, ok := routeMap[nodeName] + if !ok { + rn = routeNode{ + name: nodeName, + addrs: []v1.NodeAddress{}, + routes: []*cloudprovider.Route{}, + cidrWithActions: &map[string]routeAction{}, + } + } + rn.addrs = node.Status.Addresses + routeMap[nodeName] = rn l.Unlock() // for every node, for every cidr for _, podCIDR := range node.Spec.PodCIDRs { - // we add it to our nodeCIDRs map here because add and delete go routines run at the same time + // we add it to our nodeCIDRs map here because if we don't consider Node addresses change, + // add and delete go routines run simultaneously. l.Lock() - nodeRoutesStatuses[nodeName][podCIDR] = false + action := getRouteAction(rn.routes, podCIDR, nodeName, node.Status.Addresses) + (*routeMap[nodeName].cidrWithActions)[podCIDR] = action l.Unlock() - // ignore if already created - if hasRoute(routeMap, nodeName, podCIDR) { - l.Lock() - nodeRoutesStatuses[nodeName][podCIDR] = true // a route for this podCIDR is already created - l.Unlock() + klog.Infof("action for Node %q with CIDR %q: %q", nodeName, podCIDR, action) + } + } + + // searches our bag of node -> cidrs for a match + // If the action doesn't exist, action is remove or update, then the route should be deleted. + shouldDeleteRoute := func(nodeName types.NodeName, cidr string) bool { + l.Lock() + defer l.Unlock() + + cidrWithActions := routeMap[nodeName].cidrWithActions + if cidrWithActions == nil { + return true + } + action, exist := (*cidrWithActions)[cidr] + if !exist || action == remove || action == update { + klog.Infof("route should be deleted, spec: exist: %v, action: %q, Node %q, CIDR %q", exist, action, nodeName, cidr) + return true + } + return false + } + + // remove routes that are not in use or need to be updated. + for _, route := range routes { + if !rc.isResponsibleForRoute(route) { + continue + } + // Check if this route is a blackhole, or applies to a node we know about & CIDR status is created. + if route.Blackhole || shouldDeleteRoute(route.TargetNode, route.DestinationCIDR) { + wg.Add(1) + // Delete the route. + go func(route *cloudprovider.Route, startTime time.Time) { + defer wg.Done() + // respect the rate limiter + rateLimiter <- struct{}{} + klog.Infof("Deleting route %s %s", route.Name, route.DestinationCIDR) + if err := rc.routes.DeleteRoute(ctx, rc.clusterName, route); err != nil { + klog.Errorf("Could not delete route %s %s after %v: %v", route.Name, route.DestinationCIDR, time.Since(startTime), err) + } else { + klog.Infof("Deleted route %s %s after %v", route.Name, route.DestinationCIDR, time.Since(startTime)) + } + <-rateLimiter + }(route, time.Now()) + } + } + // https://github.com/kubernetes/kubernetes/issues/98359 + // When routesUpdated is true, Route addition and deletion cannot run simultaneously because if action is update, + // the same route may be added and deleted. + if len(routes) != 0 && routes[0].EnableNodeAddresses { + wg.Wait() + } + + // Now create new routes or update existing ones. + for _, node := range nodes { + // Skip if the node hasn't been assigned a CIDR yet. + if len(node.Spec.PodCIDRs) == 0 { + continue + } + nodeName := types.NodeName(node.Name) + + // for every node, for every cidr + for _, podCIDR := range node.Spec.PodCIDRs { + l.Lock() + action := (*routeMap[nodeName].cidrWithActions)[podCIDR] + l.Unlock() + if action == keep || action == remove { continue } // if we are here, then a route needs to be created for this node route := &cloudprovider.Route{ - TargetNode: nodeName, - DestinationCIDR: podCIDR, + TargetNode: nodeName, + TargetNodeAddresses: node.Status.Addresses, + DestinationCIDR: podCIDR, } + klog.Infof("route spec to be created: %v", route) // cloud providers that: // - depend on nameHint // - trying to support dual stack @@ -188,7 +298,7 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout defer wg.Done() err := clientretry.RetryOnConflict(updateNetworkConditionBackoff, func() error { startTime := time.Now() - // Ensure that we don't have more than maxConcurrentRouteCreations + // Ensure that we don't have more than maxConcurrentRouteOperations // CreateRoute calls in flight. rateLimiter <- struct{}{} klog.Infof("Creating route for node %s %s with hint %s, throttled %v", nodeName, route.DestinationCIDR, nameHint, time.Since(startTime)) @@ -209,7 +319,8 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout } } l.Lock() - nodeRoutesStatuses[nodeName][route.DestinationCIDR] = true + // Mark the route action as done (keep) + (*routeMap[nodeName].cidrWithActions)[route.DestinationCIDR] = keep l.Unlock() klog.Infof("Created route for node %s %s with hint %s after %v", nodeName, route.DestinationCIDR, nameHint, time.Since(startTime)) return nil @@ -220,64 +331,32 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout }(nodeName, nameHint, route) } } - - // searches our bag of node->cidrs for a match - nodeHasCidr := func(nodeName types.NodeName, cidr string) bool { - l.Lock() - defer l.Unlock() - - nodeRoutes := nodeRoutesStatuses[nodeName] - if nodeRoutes == nil { - return false - } - _, exist := nodeRoutes[cidr] - return exist - } - // delete routes that are not in use - for _, route := range routes { - if rc.isResponsibleForRoute(route) { - // Check if this route is a blackhole, or applies to a node we know about & has an incorrect CIDR. - if route.Blackhole || !nodeHasCidr(route.TargetNode, route.DestinationCIDR) { - wg.Add(1) - // Delete the route. - go func(route *cloudprovider.Route, startTime time.Time) { - defer wg.Done() - // respect the rate limiter - rateLimiter <- struct{}{} - klog.Infof("Deleting route %s %s", route.Name, route.DestinationCIDR) - if err := rc.routes.DeleteRoute(ctx, rc.clusterName, route); err != nil { - klog.Errorf("Could not delete route %s %s after %v: %v", route.Name, route.DestinationCIDR, time.Since(startTime), err) - } else { - klog.Infof("Deleted route %s %s after %v", route.Name, route.DestinationCIDR, time.Since(startTime)) - } - <-rateLimiter - }(route, time.Now()) - } - } - } wg.Wait() - // after all routes have been created (or not), we start updating + // after all route actions have been done (or not), we start updating // all nodes' statuses with the outcome for _, node := range nodes { - wg.Add(1) - nodeRoutes := nodeRoutesStatuses[types.NodeName(node.Name)] - allRoutesCreated := true + actions := routeMap[types.NodeName(node.Name)].cidrWithActions + if actions == nil { + continue + } - if len(nodeRoutes) == 0 { + wg.Add(1) + if len(*actions) == 0 { go func(n *v1.Node) { defer wg.Done() klog.Infof("node %v has no routes assigned to it. NodeNetworkUnavailable will be set to true", n.Name) if err := rc.updateNetworkingCondition(n, false); err != nil { - klog.Errorf("failed to update networking condition when no nodeRoutes: %v", err) + klog.Errorf("failed to update networking condition when no actions: %v", err) } }(node) continue } - // check if all routes were created. if so, then it should be ready - for _, created := range nodeRoutes { - if !created { + // check if all route actions were done. if so, then it should be ready + allRoutesCreated := true + for _, action := range *actions { + if action == add || action == update { allRoutesCreated = false break } @@ -365,14 +444,35 @@ func (rc *RouteController) isResponsibleForRoute(route *cloudprovider.Route) boo return false } -// checks if a node owns a route with a specific cidr -func hasRoute(rm map[types.NodeName][]*cloudprovider.Route, nodeName types.NodeName, cidr string) bool { - if routes, ok := rm[nodeName]; ok { - for _, route := range routes { - if route.DestinationCIDR == cidr { - return true +// getRouteAction returns an action according to if there's a route matches a specific cidr and target Node addresses. +func getRouteAction(routes []*cloudprovider.Route, cidr string, nodeName types.NodeName, realNodeAddrs []v1.NodeAddress) routeAction { + for _, route := range routes { + if route.DestinationCIDR == cidr { + if !route.EnableNodeAddresses || equalNodeAddrs(realNodeAddrs, route.TargetNodeAddresses) { + return keep } + klog.Infof("Node addresses have changed from %v to %v", route.TargetNodeAddresses, realNodeAddrs) + return update } } - return false + return add +} + +func equalNodeAddrs(addrs0 []v1.NodeAddress, addrs1 []v1.NodeAddress) bool { + if len(addrs0) != len(addrs1) { + return false + } + for _, ip0 := range addrs0 { + found := false + for _, ip1 := range addrs1 { + if reflect.DeepEqual(ip0, ip1) { + found = true + break + } + } + if !found { + return false + } + } + return true } diff --git a/vendor/k8s.io/cloud-provider/controllers/service/controller.go b/vendor/k8s.io/cloud-provider/controllers/service/controller.go index 2a67e5f716..c364083a72 100644 --- a/vendor/k8s.io/cloud-provider/controllers/service/controller.go +++ b/vendor/k8s.io/cloud-provider/controllers/service/controller.go @@ -659,18 +659,22 @@ func nodeNames(nodes []*v1.Node) sets.String { func shouldSyncUpdatedNode(oldNode, newNode *v1.Node) bool { // Evaluate the individual node exclusion predicate before evaluating the - // compounded result of all predicates. We don't sync ETP=local services - // for changes on the readiness condition, hence if a node remains NotReady - // and a user adds the exclusion label we will need to sync as to make sure - // this change is reflected correctly on ETP=local services. The sync - // function compares lastSyncedNodes with the new (existing) set of nodes - // for each service, so services which are synced with the same set of nodes - // should be skipped internally in the sync function. This is needed as to - // trigger a global sync for all services and make sure no service gets - // skipped due to a changing node predicate. + // compounded result of all predicates. We don't sync changes on the + // readiness condition for eTP:Local services is enabled, hence if a node + // remains NotReady and a user adds the exclusion label we will need to sync + // as to make sure this change is reflected correctly on ETP=local services. + // The sync function compares lastSyncedNodes with the new (existing) set of + // nodes for each service, so services which are synced with the same set of + // nodes should be skipped internally in the sync function. This is needed + // as to trigger a global sync for all services and make sure no service + // gets skipped due to a changing node predicate. if respectsPredicates(oldNode, nodeIncludedPredicate) != respectsPredicates(newNode, nodeIncludedPredicate) { return true } + // For the same reason as above, also check for changes to the providerID + if respectsPredicates(oldNode, nodeHasProviderIDPredicate) != respectsPredicates(newNode, nodeHasProviderIDPredicate) { + return true + } return respectsPredicates(oldNode, allNodePredicates...) != respectsPredicates(newNode, allNodePredicates...) } @@ -927,10 +931,12 @@ var ( nodeIncludedPredicate, nodeUnTaintedPredicate, nodeReadyPredicate, + nodeHasProviderIDPredicate, } etpLocalNodePredicates []NodeConditionPredicate = []NodeConditionPredicate{ nodeIncludedPredicate, nodeUnTaintedPredicate, + nodeHasProviderIDPredicate, } ) @@ -947,6 +953,10 @@ func nodeIncludedPredicate(node *v1.Node) bool { return !hasExcludeBalancerLabel } +func nodeHasProviderIDPredicate(node *v1.Node) bool { + return node.Spec.ProviderID != "" +} + // We consider the node for load balancing only when its not tainted for deletion by the cluster autoscaler. func nodeUnTaintedPredicate(node *v1.Node) bool { for _, taint := range node.Spec.Taints { diff --git a/vendor/k8s.io/controller-manager/app/serve.go b/vendor/k8s.io/controller-manager/app/serve.go index 0f6364b59e..2a99efbdda 100644 --- a/vendor/k8s.io/controller-manager/app/serve.go +++ b/vendor/k8s.io/controller-manager/app/serve.go @@ -44,7 +44,7 @@ func BuildHandlerChain(apiHandler http.Handler, authorizationInfo *apiserver.Aut handler = genericapifilters.WithAuthorization(apiHandler, authorizationInfo.Authorizer, scheme.Codecs) } if authenticationInfo != nil { - handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler, nil) + handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler, nil, nil) } handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver) handler = genericapifilters.WithCacheControl(handler) diff --git a/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go b/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go index 4ff7bfb4f3..d63f722e6b 100644 --- a/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go +++ b/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go @@ -257,7 +257,7 @@ func buildHandlerChain(handler http.Handler, authn authenticator.Request, authz failedHandler := genericapifilters.Unauthorized(scheme.Codecs) handler = genericapifilters.WithAuthorization(handler, authz, scheme.Codecs) - handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil) + handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil, nil) handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver) handler = genericapifilters.WithCacheControl(handler) handler = genericfilters.WithHTTPLogging(handler, nil) diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go index be71573e1c..a9afcbca33 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go @@ -2037,7 +2037,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string // The header field value Value string diff --git a/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go b/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go index e03928b013..a642737bc6 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go @@ -75,6 +75,8 @@ const ( FailedPlacementReason = "FailedPlacement" // FailedDaemonPodReason is added to an event when the status of a Pod of a DaemonSet is 'Failed'. FailedDaemonPodReason = "FailedDaemonPod" + // SucceededDaemonPodReason is added to an event when the status of a Pod of a DaemonSet is 'Succeeded'. + SucceededDaemonPodReason = "SucceededDaemonPod" ) // controllerKind contains the schema.GroupVersionKind for this controller type. @@ -827,6 +829,12 @@ func (dsc *DaemonSetsController) podsShouldBeOnNode( // Emit an event so that it's discoverable to users. dsc.eventRecorder.Eventf(ds, v1.EventTypeWarning, FailedDaemonPodReason, msg) podsToDelete = append(podsToDelete, pod.Name) + } else if pod.Status.Phase == v1.PodSucceeded { + msg := fmt.Sprintf("Found succeeded daemon pod %s/%s on node %s, will try to delete it", pod.Namespace, pod.Name, node.Name) + klog.V(2).Infof(msg) + // Emit an event so that it's discoverable to users. + dsc.eventRecorder.Eventf(ds, v1.EventTypeNormal, SucceededDaemonPodReason, msg) + podsToDelete = append(podsToDelete, pod.Name) } else { daemonPodsRunning = append(daemonPodsRunning, pod) } diff --git a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go index b14eabc207..2f95dd0806 100644 --- a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go +++ b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go @@ -14055,7 +14055,7 @@ func schema_k8sio_api_batch_v1_JobSpec(ref common.ReferenceCallback) common.Open }, "podFailurePolicy": { SchemaProps: spec.SchemaProps{ - Description: "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + Description: "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", Ref: ref("k8s.io/api/batch/v1.PodFailurePolicy"), }, }, @@ -19286,7 +19286,7 @@ func schema_k8sio_api_core_v1_HTTPHeader(ref common.ReferenceCallback) common.Op Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "The header field name", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Default: "", Type: []string{"string"}, Format: "", diff --git a/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go b/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go index cb5b586ce5..bcb1898d21 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go +++ b/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go @@ -237,6 +237,10 @@ func (o *BuiltInAuthenticationOptions) Validate() []error { } } + if o.RequestHeader != nil { + allErrors = append(allErrors, o.RequestHeader.Validate()...) + } + return allErrors } @@ -472,6 +476,7 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.Authen } } + authInfo.RequestHeaderConfig = authenticatorConfig.RequestHeaderConfig authInfo.APIAudiences = o.APIAudiences if o.ServiceAccounts != nil && len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 { authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers) diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go index 8cb57aa819..7499de4460 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go @@ -544,15 +544,29 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi return nil, fmt.Errorf("pod %q container %q changed request for resource %q from %d to %d", string(podUID), contName, resource, devices.Len(), required) } } + + klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) + healthyDevices, hasRegistered := m.healthyDevices[resource] + + // Check if resource registered with devicemanager + if !hasRegistered { + return nil, fmt.Errorf("cannot allocate unregistered device %s", resource) + } + + // Check if registered resource has healthy devices + if healthyDevices.Len() == 0 { + return nil, fmt.Errorf("no healthy devices present; cannot allocate unhealthy devices %s", resource) + } + + // Check if all the previously allocated devices are healthy + if !healthyDevices.IsSuperset(devices) { + return nil, fmt.Errorf("previously allocated devices are no longer healthy; cannot allocate unhealthy devices %s", resource) + } + if needed == 0 { // No change, no work. return nil, nil } - klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) - // Check if resource registered with devicemanager - if _, ok := m.healthyDevices[resource]; !ok { - return nil, fmt.Errorf("can't allocate unregistered device %s", resource) - } // Declare the list of allocated devices. // This will be populated and returned below. diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go index eed312ceb1..561d5201a3 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go @@ -176,11 +176,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod { pods := kl.podManager.GetPods() // a kubelet running without apiserver requires an additional // update of the static pod status. See #57106 - for _, p := range pods { + for i, p := range pods { if kubelettypes.IsStaticPod(p) { if status, ok := kl.statusManager.GetPodStatus(p.UID); ok { klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase) + // do not mutate the cache + p = p.DeepCopy() p.Status = status + pods[i] = p } } } diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go index c5db7c9a13..c48d6da4de 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go @@ -211,32 +211,36 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim return &kubecontainer.RuntimeStatus{Conditions: conditions} } -func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) string { +func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (string, error) { if scmp == nil { if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return v1.SeccompLocalhostProfileNamePrefix + fname + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return v1.SeccompLocalhostProfileNamePrefix + fname, nil + } else { + return "", fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") + } } if scmp.Type == v1.SeccompProfileTypeUnconfined { - return v1.SeccompProfileNameUnconfined + return v1.SeccompProfileNameUnconfined, nil } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) string { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (string, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -248,42 +252,46 @@ func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } -func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { +func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { if scmp == nil { if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return &runtimeapi.SecurityProfile{ - ProfileType: runtimeapi.SecurityProfile_Localhost, - LocalhostRef: fname, + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return &runtimeapi.SecurityProfile{ + ProfileType: runtimeapi.SecurityProfile_Localhost, + LocalhostRef: fname, + }, nil + } else { + return nil, fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") } } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -297,10 +305,10 @@ func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]str if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go index 5e6f05b4e1..d933a71042 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go @@ -37,9 +37,16 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po // TODO: Deprecated, remove after we switch to Seccomp field // set SeccompProfilePath. - synthesized.SeccompProfilePath = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + var err error + synthesized.SeccompProfilePath, err = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } - synthesized.Seccomp = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } // set ApparmorProfile. synthesized.ApparmorProfile = apparmor.GetProfileNameFromPodAnnotations(pod.Annotations, container.Name) diff --git a/vendor/k8s.io/kubernetes/pkg/probe/http/request.go b/vendor/k8s.io/kubernetes/pkg/probe/http/request.go index 4285c0a4cc..fb7f818b24 100644 --- a/vendor/k8s.io/kubernetes/pkg/probe/http/request.go +++ b/vendor/k8s.io/kubernetes/pkg/probe/http/request.go @@ -113,7 +113,7 @@ func formatURL(scheme string, host string, port int, path string) *url.URL { func v1HeaderToHTTPHeader(headerList []v1.HTTPHeader) http.Header { headers := make(http.Header) for _, header := range headerList { - headers[header.Name] = append(headers[header.Name], header.Value) + headers.Add(header.Name, header.Value) } return headers } diff --git a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go index f85fbde45d..d7ee78280e 100644 --- a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go +++ b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go @@ -321,6 +321,11 @@ func podMatchesScopeFunc(selector corev1.ScopedResourceSelectorRequirement, obje case corev1.ResourceQuotaScopeNotBestEffort: return !isBestEffort(pod), nil case corev1.ResourceQuotaScopePriorityClass: + if selector.Operator == corev1.ScopeSelectorOpExists { + // This is just checking for existence of a priorityClass on the pod, + // no need to take the overhead of selector parsing/evaluation. + return len(pod.Spec.PriorityClassName) != 0, nil + } return podMatchesSelector(pod, selector) case corev1.ResourceQuotaScopeCrossNamespacePodAffinity: return usesCrossNamespacePodAffinity(pod), nil diff --git a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go index ee8182c413..cbaeb92c9b 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go @@ -25,6 +25,7 @@ import ( policyv1 "k8s.io/api/policy/v1" policyv1beta1 "k8s.io/api/policy/v1beta1" "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" @@ -308,11 +309,30 @@ func (r *EvictionREST) Create(ctx context.Context, name string, obj runtime.Obje } func addConditionAndDeletePod(r *EvictionREST, ctx context.Context, name string, validation rest.ValidateObjectFunc, options *metav1.DeleteOptions) error { - if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { - pod, err := getPod(r, ctx, name) - if err != nil { - return err + if !dryrun.IsDryRun(options.DryRun) && feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { + getLatestPod := func(_ context.Context, _, oldObj runtime.Object) (runtime.Object, error) { + // Throwaway the newObj. We care only about the latest pod obtained from etcd (oldObj). + // So we can add DisruptionTarget condition in conditionAppender without conflicts. + latestPod := oldObj.(*api.Pod).DeepCopy() + if options.Preconditions != nil { + if uid := options.Preconditions.UID; uid != nil && len(*uid) > 0 && *uid != latestPod.UID { + return nil, errors.NewConflict( + schema.GroupResource{Group: "", Resource: "Pod"}, + latestPod.Name, + fmt.Errorf("the UID in the precondition (%s) does not match the UID in record (%s). The object might have been deleted and then recreated", *uid, latestPod.UID), + ) + } + if rv := options.Preconditions.ResourceVersion; rv != nil && len(*rv) > 0 && *rv != latestPod.ResourceVersion { + return nil, errors.NewConflict( + schema.GroupResource{Group: "", Resource: "Pod"}, + latestPod.Name, + fmt.Errorf("the ResourceVersion in the precondition (%s) does not match the ResourceVersion in record (%s). The object might have been modified", *rv, latestPod.ResourceVersion), + ) + } + } + return latestPod, nil } + conditionAppender := func(_ context.Context, newObj, _ runtime.Object) (runtime.Object, error) { podObj := newObj.(*api.Pod) podutil.UpdatePodCondition(&podObj.Status, &api.PodCondition{ @@ -324,11 +344,22 @@ func addConditionAndDeletePod(r *EvictionREST, ctx context.Context, name string, return podObj, nil } - podCopyUpdated := rest.DefaultUpdatedObjectInfo(pod, conditionAppender) + podUpdatedObjectInfo := rest.DefaultUpdatedObjectInfo(nil, getLatestPod, conditionAppender) // order important - if _, _, err = r.store.Update(ctx, name, podCopyUpdated, rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{}); err != nil { + updatedPodObject, _, err := r.store.Update(ctx, name, podUpdatedObjectInfo, rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{}) + if err != nil { return err } + + if !resourceVersionIsUnset(options) { + newResourceVersion, err := meta.NewAccessor().ResourceVersion(updatedPodObject) + if err != nil { + return err + } + // bump the resource version, since we are the one who modified it via the update + options = options.DeepCopy() + options.Preconditions.ResourceVersion = &newResourceVersion + } } _, _, err := r.store.Delete(ctx, name, rest.ValidateAllObjectFunc, options) return err diff --git a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go index 1f726afc39..482ba005a5 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go @@ -162,6 +162,7 @@ func (r *BindingREST) Destroy() { } var _ = rest.NamedCreater(&BindingREST{}) +var _ = rest.SubresourceObjectMetaPreserver(&BindingREST{}) // Create ensures a pod is bound to a specific host. func (r *BindingREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (out runtime.Object, err error) { @@ -190,6 +191,13 @@ func (r *BindingREST) Create(ctx context.Context, name string, obj runtime.Objec return } +// PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate indicates to a +// handler that this endpoint requires the UID and ResourceVersion to use as +// preconditions. Other fields, such as timestamp, are ignored. +func (r *BindingREST) PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate() bool { + return true +} + // setPodHostAndAnnotations sets the given pod's host to 'machine' if and only if // the pod is unassigned and merges the provided annotations with those of the pod. // Returns the current state of the pod, or an error. diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go index 26a5c20541..58e4f43b3f 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go @@ -355,6 +355,7 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. // Otherwise we should delete the victim. if waitingPod := fh.GetWaitingPod(victim.UID); waitingPod != nil { waitingPod.Reject(pluginName, "preempted") + klog.V(2).InfoS("Preemptor pod rejected a waiting pod", "preemptor", klog.KObj(pod), "waitingPod", klog.KObj(victim), "node", c.Name()) } else { if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { victimPodApply := corev1apply.Pod(victim.Name, victim.Namespace).WithStatus(corev1apply.PodStatus()) @@ -377,7 +378,9 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. errCh.SendErrorWithCancel(err, cancel) return } + klog.V(2).InfoS("Preemptor Pod preempted victim Pod", "preemptor", klog.KObj(pod), "victim", klog.KObj(victim), "node", c.Name()) } + fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by a pod on node %v", c.Name()) } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go b/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go index 0801982ffc..2e675a70d7 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go @@ -428,7 +428,7 @@ func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, mounterArgs volume.Mou } if !b.readOnly { - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.V(4).Infof("Successfully mounted %s", dir) diff --git a/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go index 0fe6eec523..789e751685 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go @@ -160,7 +160,7 @@ func (m *azureDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e } if volumeSource.ReadOnly == nil || !*volumeSource.ReadOnly { - volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec)) + volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec)) } klog.V(2).Infof("azureDisk - successfully mounted disk %s on %s", diskName, dir) diff --git a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go index cdfba9480c..181dd55fec 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go @@ -255,7 +255,7 @@ func (b *configMapVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go index 8ffb3acf49..ef3c98258a 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go @@ -595,14 +595,13 @@ func (c *csiAttacher) UnmountDevice(deviceMountPath string) error { driverName = data[volDataKey.driverName] volID = data[volDataKey.volHandle] } else { - klog.Error(log("UnmountDevice failed to load volume data file [%s]: %v", dataDir, err)) - - // The volume might have been mounted by old CSI volume plugin. Fall back to the old behavior: read PV from API server - driverName, volID, err = getDriverAndVolNameFromDeviceMountPath(c.k8s, deviceMountPath) - if err != nil { - klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) - return err + if errors.Is(err, os.ErrNotExist) { + klog.V(4).Info(log("attacher.UnmountDevice skipped because volume data file [%s] does not exist", dataDir)) + return nil } + + klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) + return err } if c.csiClient == nil { @@ -682,36 +681,6 @@ func makeDeviceMountPath(plugin *csiPlugin, spec *volume.Spec) (string, error) { return filepath.Join(plugin.host.GetPluginDir(plugin.GetPluginName()), driver, volSha, globalMountInGlobalPath), nil } -func getDriverAndVolNameFromDeviceMountPath(k8s kubernetes.Interface, deviceMountPath string) (string, string, error) { - // deviceMountPath structure: /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname}/globalmount - dir := filepath.Dir(deviceMountPath) - if file := filepath.Base(deviceMountPath); file != globalMountInGlobalPath { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, path did not end in %s", globalMountInGlobalPath)) - } - // dir is now /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname} - pvName := filepath.Base(dir) - - // Get PV and check for errors - pv, err := k8s.CoreV1().PersistentVolumes().Get(context.TODO(), pvName, metav1.GetOptions{}) - if err != nil { - return "", "", err - } - if pv == nil || pv.Spec.CSI == nil { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath could not find CSI Persistent Volume Source for pv: %s", pvName)) - } - - // Get VolumeHandle and PluginName from pv - csiSource := pv.Spec.CSI - if csiSource.Driver == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, driver name empty")) - } - if csiSource.VolumeHandle == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, VolumeHandle empty")) - } - - return csiSource.Driver, csiSource.VolumeHandle, nil -} - func verifyAttachmentStatus(attachment *storage.VolumeAttachment, volumeHandle string) (bool, error) { // when we received a deleted event during attachment, fail fast if attachment == nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go index 1974b03675..468f882b88 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go @@ -333,7 +333,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error // Driver doesn't support applying FSGroup. Kubelet must apply it instead. // fullPluginName helps to distinguish different driver from csi plugin - err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) + err := volume.SetVolumeOwnership(c, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) if err != nil { // At this point mount operation is successful: // 1. Since volume can not be used by the pod because of invalid permissions, we must return error diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go index ee2bdc193b..bb4d799ff3 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go @@ -79,7 +79,7 @@ func loadVolumeData(dir string, fileName string) (map[string]string, error) { file, err := os.Open(dataFileName) if err != nil { - return nil, errors.New(log("failed to open volume data file [%s]: %v", dataFileName, err)) + return nil, fmt.Errorf("%s: %w", log("failed to open volume data file [%s]", dataFileName), err) } defer file.Close() data := map[string]string{} diff --git a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go index 8338850ac4..3edd3090df 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go @@ -226,7 +226,7 @@ func (b *downwardAPIVolumeMounter) SetUpAt(dir string, mounterArgs volume.Mounte return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go index 3fcf447205..e75bccd492 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go @@ -280,7 +280,7 @@ func (ed *emptyDir) SetUpAt(dir string, mounterArgs volume.MounterArgs) error { err = fmt.Errorf("unknown storage medium %q", ed.medium) } - volume.SetVolumeOwnership(ed, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) + volume.SetVolumeOwnership(ed, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) // If setting up the quota fails, just log a message but don't actually error out. // We'll use the old du mechanism in this case, at least until we support @@ -302,11 +302,11 @@ func (ed *emptyDir) assignQuota(dir string, mounterSize *resource.Quantity) erro klog.V(3).Infof("Unable to check for quota support on %s: %s", dir, err.Error()) } else if hasQuotas { klog.V(4).Infof("emptydir trying to assign quota %v on %s", mounterSize, dir) - err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize) - if err != nil { + if err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize); err != nil { klog.V(3).Infof("Set quota on %s failed %s", dir, err.Error()) + return err } - return err + return nil } } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go index bb054ea166..02e15c4f85 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go @@ -91,7 +91,7 @@ func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mou } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go index 8098cfdb66..3821af7e92 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go @@ -95,7 +95,7 @@ func (f *flexVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !f.readOnly { if f.plugin.capabilities.FSGroup { // fullPluginName helps to distinguish different driver from flex volume plugin - volume.SetVolumeOwnership(f, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) + volume.SetVolumeOwnership(f, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) } } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go index 0df9ef10f5..372a8f6837 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go @@ -430,7 +430,7 @@ func (b *gcePersistentDiskMounter) SetUpAt(dir string, mounterArgs volume.Mounte klog.V(4).Infof("mount of disk %s succeeded", dir) if !b.readOnly { - if err := volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { + if err := volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { klog.Errorf("SetVolumeOwnership returns error %v", err) } } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go index fe890032e2..995018d900 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go @@ -235,7 +235,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg return fmt.Errorf("failed to exec 'git reset --hard': %s: %v", output, err) } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) volumeutil.SetReady(b.getMetaDir()) return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go index 6d60e44efa..6aa8652bd6 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go index c55a3502e7..f1192b9688 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go @@ -615,7 +615,7 @@ func (m *localVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !m.readOnly { // Volume owner will be written only once on the first volume mount if len(refs) == 0 { - return volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) + return volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) } } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go index 6cba503271..7be543a54e 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go @@ -335,7 +335,7 @@ func (b *portworxVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterAr return err } if !b.readOnly { - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir) return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go index a48567b2a6..27fa3f0fe0 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go @@ -236,7 +236,7 @@ func (s *projectedVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA return err } - err = volume.SetVolumeOwnership(s, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) + err = volume.SetVolumeOwnership(s, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go index edff33540f..2131c7eced 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount. klog.V(3).Infof("rbd: successfully bind mount %s to %s with options %v", globalPDPath, volPath, mountOptions) if !b.ReadOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go index fa06d87930..e12d5cf86b 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go @@ -250,7 +250,7 @@ func (b *secretVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go new file mode 100644 index 0000000000..4259442076 --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go @@ -0,0 +1,28 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package common + +// QuotaID is generic quota identifier. +// Data type based on quotactl(2). +type QuotaID int32 + +const ( + // UnknownQuotaID -- cannot determine whether a quota is in force + UnknownQuotaID QuotaID = -1 + // BadQuotaID -- Invalid quota + BadQuotaID QuotaID = 0 +) diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go similarity index 92% rename from vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go rename to vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go index 8275a7f1c8..77f845837b 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go @@ -23,17 +23,6 @@ import ( "regexp" ) -// QuotaID is generic quota identifier. -// Data type based on quotactl(2). -type QuotaID int32 - -const ( - // UnknownQuotaID -- cannot determine whether a quota is in force - UnknownQuotaID QuotaID = -1 - // BadQuotaID -- Invalid quota - BadQuotaID QuotaID = 0 -) - // QuotaType -- type of quota to be applied type QuotaType int diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go similarity index 100% rename from vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go rename to vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go index 3861f99059..8ebc006874 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go @@ -164,6 +164,9 @@ func readProjectFiles(projects *os.File, projid *os.File) projectsList { return projectsList{parseProjFile(projects, parseProject), parseProjFile(projid, parseProjid)} } +// findAvailableQuota finds the next available quota from the FirstQuota +// it returns error if QuotaIDIsInUse returns error when getting quota id in use; +// it searches at most maxUnusedQuotasToSearch(128) time func findAvailableQuota(path string, idMap map[common.QuotaID]bool) (common.QuotaID, error) { unusedQuotasSearched := 0 for id := common.FirstQuota; true; id++ { @@ -187,13 +190,13 @@ func addDirToProject(path string, id common.QuotaID, list *projectsList) (common idMap := make(map[common.QuotaID]bool) for _, project := range list.projects { if project.data == path { - if id != project.id { + if id != common.BadQuotaID && id != project.id { return common.BadQuotaID, false, fmt.Errorf("attempt to reassign project ID for %s", path) } // Trying to reassign a directory to the project it's // already in. Maybe this should be an error, but for // now treat it as an idempotent operation - return id, false, nil + return project.id, false, nil } idMap[project.id] = true } @@ -318,6 +321,7 @@ func writeProjectFiles(fProjects *os.File, fProjid *os.File, writeProjid bool, l return fmt.Errorf("unable to write project files: %v", err) } +// if ID is common.BadQuotaID, generate new project id if the dir is not in a project func createProjectID(path string, ID common.QuotaID) (common.QuotaID, error) { quotaIDLock.Lock() defer quotaIDLock.Unlock() diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go index fbd29fba73..eb0048d371 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go @@ -23,10 +23,15 @@ import ( "k8s.io/apimachinery/pkg/types" utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/kubernetes/pkg/features" + "k8s.io/kubernetes/pkg/volume/util/fsquota/common" ) // Interface -- quota interface type Interface interface { + // GetQuotaOnDir gets the quota ID (if any) that applies to + // this directory + GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) + // Does the path provided support quotas, and if so, what types SupportsQuotas(m mount.Interface, path string) (bool, error) // Assign a quota (picked by the quota mechanism) to a path, diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go index 85784204aa..240cc356ee 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go @@ -35,6 +35,9 @@ import ( "k8s.io/kubernetes/pkg/volume/util/fsquota/common" ) +// Pod -> External Pod UID +var podUidMap = make(map[types.UID]types.UID) + // Pod -> ID var podQuotaMap = make(map[types.UID]common.QuotaID) @@ -214,7 +217,7 @@ func setQuotaOnDir(path string, id common.QuotaID, bytes int64) error { return getApplier(path).SetQuotaOnDir(path, id, bytes) } -func getQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) { +func GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) { _, _, err := getFSInfo(m, path) if err != nil { return common.BadQuotaID, err @@ -235,7 +238,7 @@ func clearQuotaOnDir(m mount.Interface, path string) error { if !supportsQuotas { return nil } - projid, err := getQuotaOnDir(m, path) + projid, err := GetQuotaOnDir(m, path) if err == nil && projid != common.BadQuotaID { // This means that we have a quota on the directory but // we can't clear it. That's not good. @@ -304,7 +307,7 @@ func SupportsQuotas(m mount.Interface, path string) (bool, error) { // AssignQuota chooses the quota ID based on the pod UID and path. // If the pod UID is identical to another one known, it may (but presently // doesn't) choose the same quota ID as other volumes in the pod. -func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment below +func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck if bytes == nil { return fmt.Errorf("attempting to assign null quota to %s", path) } @@ -314,20 +317,32 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour } quotaLock.Lock() defer quotaLock.Unlock() - // Current policy is to set individual quotas on each volumes. + // Current policy is to set individual quotas on each volume, + // for each new volume we generate a random UUID and we use that as + // the internal pod uid. + // From fsquota point of view each volume is attached to a + // single unique pod. // If we decide later that we want to assign one quota for all - // volumes in a pod, we can simply remove this line of code. + // volumes in a pod, we can simply use poduid parameter directly // If and when we decide permanently that we're going to adopt // one quota per volume, we can rip all of the pod code out. - poduid = types.UID(uuid.NewUUID()) //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment above - if pod, ok := dirPodMap[path]; ok && pod != poduid { - return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, pod, poduid) + externalPodUid := poduid + internalPodUid, ok := dirPodMap[path] + if ok { + if podUidMap[internalPodUid] != externalPodUid { + return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, podUidMap[internalPodUid], externalPodUid) + } + } else { + internalPodUid = types.UID(uuid.NewUUID()) } - oid, ok := podQuotaMap[poduid] + oid, ok := podQuotaMap[internalPodUid] if ok { if quotaSizeMap[oid] != ibytes { return fmt.Errorf("requesting quota of different size: old %v new %v", quotaSizeMap[oid], bytes) } + if _, ok := dirPodMap[path]; ok { + return nil + } } else { oid = common.BadQuotaID } @@ -342,12 +357,13 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour ibytes = -1 } if err = setQuotaOnDir(path, id, ibytes); err == nil { - quotaPodMap[id] = poduid + quotaPodMap[id] = internalPodUid quotaSizeMap[id] = ibytes - podQuotaMap[poduid] = id + podQuotaMap[internalPodUid] = id dirQuotaMap[path] = id - dirPodMap[path] = poduid - podDirCountMap[poduid]++ + dirPodMap[path] = internalPodUid + podUidMap[internalPodUid] = externalPodUid + podDirCountMap[internalPodUid]++ klog.V(4).Infof("Assigning quota ID %d (%d) to %s", id, ibytes, path) return nil } @@ -415,7 +431,7 @@ func ClearQuota(m mount.Interface, path string) error { if !ok { return fmt.Errorf("clearQuota: No quota available for %s", path) } - projid, err := getQuotaOnDir(m, path) + projid, err := GetQuotaOnDir(m, path) if err != nil { // Log-and-continue instead of returning an error for now // due to unspecified backwards compatibility concerns (a subject to revise) @@ -436,6 +452,7 @@ func ClearQuota(m mount.Interface, path string) error { delete(quotaPodMap, podQuotaMap[poduid]) delete(podDirCountMap, poduid) delete(podQuotaMap, poduid) + delete(podUidMap, poduid) } else { err = removeProjectID(path, projid) podDirCountMap[poduid]-- diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go index 8579f53893..c5b89a6970 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go @@ -22,6 +22,7 @@ package fsquota import ( "errors" + "k8s.io/kubernetes/pkg/volume/util/fsquota/common" "k8s.io/mount-utils" "k8s.io/apimachinery/pkg/api/resource" @@ -33,6 +34,10 @@ import ( var errNotImplemented = errors.New("not implemented") +func GetQuotaOnDir(_ mount.Interface, _ string) (common.QuotaID, error) { + return common.BadQuotaID, errNotImplemented +} + // SupportsQuotas -- dummy implementation func SupportsQuotas(_ mount.Interface, _ string) (bool, error) { return false, errNotImplemented diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go index 57c0281502..ec7f6da4bf 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go @@ -40,22 +40,22 @@ const ( // SetVolumeOwnership modifies the given volume to be owned by // fsGroup, and sets SetGid so that newly created files are owned by // fsGroup. If fsGroup is nil nothing is done. -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { if fsGroup == nil { return nil } timer := time.AfterFunc(30*time.Second, func() { - klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", mounter.GetPath()) + klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", dir) }) defer timer.Stop() - if skipPermissionChange(mounter, fsGroup, fsGroupChangePolicy) { - klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", mounter.GetPath()) + if skipPermissionChange(mounter, dir, fsGroup, fsGroupChangePolicy) { + klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", dir) return nil } - err := walkDeep(mounter.GetPath(), func(path string, info os.FileInfo, err error) error { + err := walkDeep(dir, func(path string, info os.FileInfo, err error) error { if err != nil { return err } @@ -104,14 +104,12 @@ func changeFilePermission(filename string, fsGroup *int64, readonly bool, info o return nil } -func skipPermissionChange(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { - dir := mounter.GetPath() - +func skipPermissionChange(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { if fsGroupChangePolicy == nil || *fsGroupChangePolicy != v1.FSGroupChangeOnRootMismatch { klog.V(4).InfoS("Perform recursive ownership change for directory", "path", dir) return false } - return !requiresPermissionChange(mounter.GetPath(), fsGroup, mounter.GetAttributes().ReadOnly) + return !requiresPermissionChange(dir, fsGroup, mounter.GetAttributes().ReadOnly) } func requiresPermissionChange(rootDir string, fsGroup *int64, readonly bool) bool { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go index 20c56d4b63..3b5a200a61 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go @@ -24,6 +24,6 @@ import ( "k8s.io/kubernetes/pkg/volume/util/types" ) -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { return nil } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go index 329969b44d..887cf4d3a8 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go @@ -277,7 +277,7 @@ func (b *vsphereVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg os.Remove(dir) return err } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) klog.V(3).Infof("vSphere volume %s mounted to %s", b.volPath, dir) return nil diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go index f3f9a98c3a..5a3bb73889 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go @@ -116,13 +116,13 @@ func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string ts := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenSecretKey) if subtle.ConstantTimeCompare([]byte(ts), []byte(tokenSecret)) != 1 { - tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenSecretKey, tokenSecret) + tokenErrorf(secret, "has invalid value for key %s.", bootstrapapi.BootstrapTokenSecretKey) return nil, false, nil } id := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenIDKey) if id != tokenID { - tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenIDKey, tokenID) + tokenErrorf(secret, "has invalid value for key %s.", bootstrapapi.BootstrapTokenIDKey) return nil, false, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index c2de35c75b..50dbdecb3b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -808,7 +808,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/cluster-policy-controller v0.0.0-20230522020023-4aa5ecd04fa2 +# github.com/openshift/cluster-policy-controller v0.0.0-20230525174645-8d2af85d0b6d ## explicit; go 1.19 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230419022048-b40493584076 +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3049,7 +3049,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3092,7 +3092,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3107,10 +3107,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3143,7 +3143,7 @@ k8s.io/utils/pointer k8s.io/utils/strings k8s.io/utils/strings/slices k8s.io/utils/trace -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 +# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 ## explicit; go 1.17 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics @@ -3253,33 +3253,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419022048-b40493584076 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419022048-b40493584076 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419022048-b40493584076 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419022048-b40493584076 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419022048-b40493584076 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419022048-b40493584076 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419022048-b40493584076 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419022048-b40493584076 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230419022048-b40493584076 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419022048-b40493584076 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419022048-b40493584076 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419022048-b40493584076 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230419022048-b40493584076 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419022048-b40493584076 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419022048-b40493584076 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419022048-b40493584076 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419022048-b40493584076 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230419022048-b40493584076 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419022048-b40493584076 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419022048-b40493584076 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419022048-b40493584076 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419022048-b40493584076 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419022048-b40493584076 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525151823-0001a21b5c48 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525151823-0001a21b5c48 diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go index 68a3ebf12c..d9c151e983 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go @@ -515,11 +515,11 @@ func (t *grpcTunnel) Recv() (*client.Packet, error) { const segment = commonmetrics.SegmentToClient pkt, err := t.stream.Recv() - if err != nil && err != io.EOF { - metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) - } if err != nil { - return pkt, err + if err != io.EOF { + metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) + } + return nil, err } metrics.Metrics.ObservePacket(segment, pkt.Type) return pkt, nil