diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 3aa6135aa4..d85842aaa3 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=27 KUBE_GIT_VERSION=v1.27.1 -KUBE_GIT_COMMIT=38c64ac43b865b13e942ef3445db5d3aa95a7b7d +KUBE_GIT_COMMIT=15f19ea2dd700767e5337502aec753d2a6e26905 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 3205186035..62409986c7 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.14.0-0.nightly-arm64-2023-05-26-015447 +OCP_VERSION := 4.14.0-0.nightly-arm64-2023-05-28-204952 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index fcdf63d522..670b9b3612 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.14.0-0.nightly-2023-05-23-103225 +OCP_VERSION := 4.14.0-0.nightly-2023-05-28-215458 diff --git a/assets/controllers/route-controller-manager/informer-clusterrole.yaml b/assets/controllers/route-controller-manager/informer-clusterrole.yaml deleted file mode 100644 index ede55244bb..0000000000 --- a/assets/controllers/route-controller-manager/informer-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:openshift:openshift-controller-manager -rules: -# we run cluster resource quota, so we have to be able to see all resources -- apiGroups: - - "*" - resources: - - "*" - verbs: - - get - - list - - watch -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update diff --git a/assets/controllers/route-controller-manager/informer-clusterrolebinding.yaml b/assets/controllers/route-controller-manager/informer-clusterrolebinding.yaml deleted file mode 100644 index 90031f5ccf..0000000000 --- a/assets/controllers/route-controller-manager/informer-clusterrolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:openshift:openshift-controller-manager -roleRef: - kind: ClusterRole - name: system:openshift:openshift-controller-manager -subjects: -- kind: ServiceAccount - namespace: openshift-controller-manager - name: openshift-controller-manager-sa diff --git a/assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml b/assets/controllers/route-controller-manager/ingress-to-route-controller-clusterrole.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml rename to assets/controllers/route-controller-manager/ingress-to-route-controller-clusterrole.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml b/assets/controllers/route-controller-manager/ingress-to-route-controller-clusterrolebinding.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml rename to assets/controllers/route-controller-manager/ingress-to-route-controller-clusterrolebinding.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-informer-clusterrole.yaml b/assets/controllers/route-controller-manager/route-controller-informer-clusterrole.yaml new file mode 100644 index 0000000000..1e5383d9d5 --- /dev/null +++ b/assets/controllers/route-controller-manager/route-controller-informer-clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:openshift:openshift-route-controller-manager +rules: +- apiGroups: + - "" + resources: + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update diff --git a/assets/controllers/route-controller-manager/route-controller-informer-clusterrolebinding.yaml b/assets/controllers/route-controller-manager/route-controller-informer-clusterrolebinding.yaml new file mode 100644 index 0000000000..de3e5be8c3 --- /dev/null +++ b/assets/controllers/route-controller-manager/route-controller-informer-clusterrolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:openshift:openshift-route-controller-manager +roleRef: + kind: ClusterRole + name: system:openshift:openshift-route-controller-manager +subjects: +- kind: ServiceAccount + namespace: openshift-route-controller-manager + name: route-controller-manager-sa diff --git a/assets/controllers/route-controller-manager/route-controller-manager-leader-role.yaml b/assets/controllers/route-controller-manager/route-controller-leader-role.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-leader-role.yaml rename to assets/controllers/route-controller-manager/route-controller-leader-role.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-leader-rolebinding.yaml b/assets/controllers/route-controller-manager/route-controller-leader-rolebinding.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-leader-rolebinding.yaml rename to assets/controllers/route-controller-manager/route-controller-leader-rolebinding.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-sa.yaml b/assets/controllers/route-controller-manager/route-controller-sa.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-sa.yaml rename to assets/controllers/route-controller-manager/route-controller-sa.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-separate-sa-role.yaml b/assets/controllers/route-controller-manager/route-controller-separate-sa-role.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-separate-sa-role.yaml rename to assets/controllers/route-controller-manager/route-controller-separate-sa-role.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml b/assets/controllers/route-controller-manager/route-controller-separate-sa-rolebinding.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml rename to assets/controllers/route-controller-manager/route-controller-separate-sa-rolebinding.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml b/assets/controllers/route-controller-manager/route-controller-tokenreview-clusterrole.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml rename to assets/controllers/route-controller-manager/route-controller-tokenreview-clusterrole.yaml diff --git a/assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml b/assets/controllers/route-controller-manager/route-controller-tokenreview-clusterrolebinding.yaml similarity index 100% rename from assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml rename to assets/controllers/route-controller-manager/route-controller-tokenreview-clusterrolebinding.yaml diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index b66de11b97..d83b742ba2 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.14.0-0.nightly-arm64-2023-05-26-015447" + "base": "4.14.0-0.nightly-arm64-2023-05-28-204952" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:39d0a5736386c7186e324352260f24d71140790bafa4789c7ae331879db6b1eb", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e9d055dfe72422f8178aa8a028d71f4f0c1724c97ab889ec11aaeedf9ca320", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f35d160148b827669f270649c7e745ff9d593b4aeb4b0fc6ba6d1623370ba801", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eb7d055d6b386eb5a9e2244e6bd6e233968c748b1d6776fab6b06a695572c399", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da5c4030977a609c772df895d29dceb3cb7de04d79f562383e45bd5a3a11fbd7", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:08e1448760627a193fdce0cccc1f01c516555b890d9ddb816bb11704bd657040", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f0a6c89984beaf048a9f1bd3b0d1efb4c9b72a00c5e624e6f27a1658398588c6", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bdb4624ae6ca43927a96a0c45c14ea5653f9efefe0c68461a312c11993314de2", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:67de20d83f453da35da9439ef4dfbeb53d6d4a790d9586c228ddc359a67c2174", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:71e7ca1772bdb2baa6cc173fa8fe935f91cc8243dcc1241d3984175a833abf8c", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:88e1098f18b1a82c2a3f741f27621fc99875f1ac51a741d47a2bcafd9bc14ec2", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35f473711e299ff139531e42dd928db515e1fd4a7aba626020d05a0fc1382a0a", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb7cc3de4736623adeba1d648ebd24b4a45d904194151a49934b3e9f83d23321", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:18d52f0a34b818b2245398ba6b9003bbb320e8c4c36bd18db3f4399746a4b698", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 25857a0b97..596ef71471 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.14.0-0.nightly-2023-05-23-103225" + "base": "4.14.0-0.nightly-2023-05-28-215458" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d9bd777a01597f82c2790bc4457020f484b01cbed3cb7f0181a3a7275f35bb1f", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd5f22e812a592cb182ff60f64d4d0c0a35f044ce8be8c15be30bc0472b64024", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:516cffd80f757c4d3998ad237e99ee121aaf8849dc676695d41ea7cbb0df59e8", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:014cf1d1b17794ca550a80ce944666188cd3117f6dafb84d1107fa9bc108c82b", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:582002579baee453f78c25e43fce62f42a8161edc8c87daf966a9e957d03b42a", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d666db9fefcd003c718fe603e88a6b2c121cb7c4e684a0578788229b34280d42", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc12eae479f466f12180cef7945776ef3070e69eb3ef208d6f35f5b6c85a75de", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a95f62b191c4cb58eafe74fcef2fef4d1ffc31b40c10aa7bc6c89822a4016779", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c58504a1226b9fd8f96fe5bb96a5be67c5ee3ca8ca42a1ee5bfc00cf06df984f", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:78bc69f0481f61d465f1a82b3e59342dc00607f3a8c8d0f4bc9a4b4a301df690", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9d199c1fc8ead5293f91489cc6c6f906570943cb5df31a2e97fb1d943865bbe", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7bb90ad274b321742a415d445a3eac13d1bd33fb040dab92a1f87be3b8986026", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b052eb5fe1b675555cc9b536b00d1bb1aa78f7dfe1eaddd6c911509f55382a2", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ee80a539310fe3dcbd379bc0e07f6df9fdaeb601effb592abc10fd5db0093f67", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/etcd/go.mod b/etcd/go.mod index 96af2ff9d2..78e5eef9ae 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230323125716-53cdd6b0519f // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230323125716-53cdd6b0519f // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230323125716-53cdd6b0519f // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 367c18c877..2975da188e 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230323125716-53cdd6b0519f h1:rUkH7z github.com/openshift/etcd/raft/v3 v3.5.1-0.20230323125716-53cdd6b0519f/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230323125716-53cdd6b0519f h1:zgNwZ2ZOKkB1bhQFe3tvUqCpMbjqmp4U7kY7oXmuS7c= github.com/openshift/etcd/server/v3 v3.5.1-0.20230323125716-53cdd6b0519f/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 h1:gRZXwpVytFR76wQuPDfJQjImao7H+ys9oiQw8gU8n/g= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86/go.mod h1:saZKt9T5SsoviK6g0vQdgSf2Gk6VjK2NECZ5UHCpmr4= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 h1:/Ym/84n0tGkKCSr5k2SMNTf6OLoWZcoWsBy6cSvg2I8= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86/go.mod h1:6tnW/nnIEmt68uWWsNCihIhgtFza8+IUPAylHMjVFiA= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 h1:ggTBGJ1VIQkCm4KVno3MVDH7KQBnCHAG+L6uwjeevkg= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 h1:J4+/3svC+GOFmCF0Nm0smXcCsVSnm82mnn0GABBhMvg= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 h1:O3ZvXepoXVIc3BLgnG7tqv0sB9yps6a79LMNftGc3pY= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86/go.mod h1:aw2R8otz1/3IWKmZwVDvXtU9Cp0dnBXMOYtdpjtor00= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 h1:wM0knl3Jg6h/ttR7bHFQKcO42OhKnedQaIPoT0o8wwo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 h1:5ixvhVSaz9dEymLhKDqn8JYiClWhnYjtDY3UVvjPg3I= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:saZKt9T5SsoviK6g0vQdgSf2Gk6VjK2NECZ5UHCpmr4= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 h1:cQv3Pdrn7PbcKFh9uqrDnUifdPQeJV6gCg3BDl6h+rk= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:6tnW/nnIEmt68uWWsNCihIhgtFza8+IUPAylHMjVFiA= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 h1:fbjedwvTEr1EpdqKCIIAbLhWa7ItgwljRGDWFcLFmSY= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 h1:jTaI+rEC4K9ilrOtNtg3IdEtbAfd+uLr+ZAUjsLgmnQ= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 h1:aWIOBktXjCp6YALQkO0SUofDQE7+5oRFD8yj9ggEyS8= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:aw2R8otz1/3IWKmZwVDvXtU9Cp0dnBXMOYtdpjtor00= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 h1:+6rbdSMHP4N7n2O1i3XZRMBTAXUJ6/eSgFG+FSGfZig= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 h1:PftK9Q7BUD+wj8fNvxtJ+RhxYkcTtd8LcAo1Gk1H1HM= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/k8s.io/api/batch/v1/generated.proto b/etcd/vendor/k8s.io/api/batch/v1/generated.proto index 181c79597d..df4381c737 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/batch/v1/generated.proto @@ -213,8 +213,8 @@ message JobSpec { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional optional PodFailurePolicy podFailurePolicy = 11; diff --git a/etcd/vendor/k8s.io/api/batch/v1/types.go b/etcd/vendor/k8s.io/api/batch/v1/types.go index 346676b095..22cf9ee9cb 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/types.go +++ b/etcd/vendor/k8s.io/api/batch/v1/types.go @@ -252,8 +252,8 @@ type JobSpec struct { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional PodFailurePolicy *PodFailurePolicy `json:"podFailurePolicy,omitempty" protobuf:"bytes,11,opt,name=podFailurePolicy"` diff --git a/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go index 1f28f006cc..f6f3141f18 100644 --- a/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go @@ -115,7 +115,7 @@ var map_JobSpec = map[string]string{ "parallelism": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "completions": "Specifies the desired number of successfully finished pods the job should be run with. Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "activeDeadlineSeconds": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", - "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", "backoffLimit": "Specifies the number of retries before marking this job failed. Defaults to 6", "selector": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "manualSelector": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", diff --git a/etcd/vendor/k8s.io/api/core/v1/generated.proto b/etcd/vendor/k8s.io/api/core/v1/generated.proto index 94e0a71156..8ef67ca40b 100644 --- a/etcd/vendor/k8s.io/api/core/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/core/v1/generated.proto @@ -1853,7 +1853,8 @@ message HTTPGetAction { // HTTPHeader describes a custom header to be used in HTTP probes message HTTPHeader { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. optional string name = 1; // The header field value diff --git a/etcd/vendor/k8s.io/api/core/v1/types.go b/etcd/vendor/k8s.io/api/core/v1/types.go index c9bb18a2cc..c831d5961c 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types.go +++ b/etcd/vendor/k8s.io/api/core/v1/types.go @@ -2137,7 +2137,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // The header field value Value string `json:"value" protobuf:"bytes,2,opt,name=value"` diff --git a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index a2cf00db87..a01ae37173 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -832,7 +832,7 @@ func (HTTPGetAction) SwaggerDoc() map[string]string { var map_HTTPHeader = map[string]string{ "": "HTTPHeader describes a custom header to be used in HTTP probes", - "name": "The header field name", + "name": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "value": "The header field value", } diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go b/etcd/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go index 29fb4f950a..db18ce1ce2 100644 --- a/etcd/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go +++ b/etcd/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go @@ -41,7 +41,8 @@ func (n NamespacedName) String() string { // MarshalLog emits a struct containing required key/value pair func (n NamespacedName) MarshalLog() interface{} { return struct { - Name, Namespace string + Name string `json:"name"` + Namespace string `json:"namespace,omitempty"` }{ Name: n.Name, Namespace: n.Namespace, diff --git a/etcd/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go b/etcd/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go index 198d5c9d5d..05418801e8 100644 --- a/etcd/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go +++ b/etcd/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go @@ -17,7 +17,6 @@ limitations under the License. package resource import ( - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/klog/v2" ) @@ -44,12 +43,16 @@ func NewFallbackQueryParamVerifier(primary Verifier, secondary Verifier) Verifie // HasSupport returns an error if the passed GVK does not support the // query param (fieldValidation), as determined by the primary and // secondary OpenAPI endpoints. The primary endoint is checked first, -// but if it not found, the secondary attempts to determine support. -// If the GVK supports the query param, nil is returned. +// but if there is an error retrieving the OpenAPI V3 document, the +// secondary attempts to determine support. If the GVK supports the query param, +// nil is returned. func (f *fallbackQueryParamVerifier) HasSupport(gvk schema.GroupVersionKind) error { err := f.primary.HasSupport(gvk) - if errors.IsNotFound(err) { - klog.V(7).Infoln("openapi v3 endpoint not found...falling back to legacy") + // If an error was returned from the primary OpenAPI endpoint, + // we fallback to check the secondary OpenAPI endpoint for + // any error *except* "paramUnsupportedError". + if err != nil && !IsParamUnsupportedError(err) { + klog.V(7).Infof("openapi v3 error...falling back to legacy: %s", err) err = f.secondary.HasSupport(gvk) } return err diff --git a/etcd/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go b/etcd/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go index 82cd024c82..7b91d6d64b 100644 --- a/etcd/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go +++ b/etcd/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go @@ -17,6 +17,8 @@ limitations under the License. package resource import ( + "fmt" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" "k8s.io/client-go/openapi" @@ -62,10 +64,7 @@ func (v *queryParamVerifierV3) HasSupport(gvk schema.GroupVersionKind) error { } gvSpec, err := v.root.GVSpec(gvk.GroupVersion()) if err == nil { - if supports := supportsQueryParamV3(gvSpec, gvk, v.queryParam); supports { - return nil - } - return NewParamUnsupportedError(gvk, v.queryParam) + return supportsQueryParamV3(gvSpec, gvk, v.queryParam) } if _, isErr := err.(*openapi3.GroupVersionNotFoundError); !isErr { return err @@ -78,9 +77,7 @@ func (v *queryParamVerifierV3) HasSupport(gvk schema.GroupVersionKind) error { // If error retrieving Namespace spec, propagate error. return err } - if supports := supportsQueryParamV3(namespaceSpec, namespaceGVK, v.queryParam); supports { - return nil - } + return supportsQueryParamV3(namespaceSpec, namespaceGVK, v.queryParam) } return NewParamUnsupportedError(gvk, v.queryParam) } @@ -103,11 +100,19 @@ func hasGVKExtensionV3(extensions spec.Extensions, gvk schema.GroupVersionKind) // supportsQueryParam is a method that let's us look in the OpenAPI if the // specific group-version-kind supports the specific query parameter for -// the PATCH end-point. Returns true if the query param is supported by the -// spec for the passed GVK; false otherwise. -func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, queryParam VerifiableQueryParam) bool { +// the PATCH end-point. Returns nil if the passed GVK supports the passed +// query parameter; otherwise, a "paramUnsupportedError" is returned (except +// when an invalid document error is returned when an invalid OpenAPI V3 +// is passed in). +func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, queryParam VerifiableQueryParam) error { + if doc == nil || doc.Paths == nil { + return fmt.Errorf("Invalid OpenAPI V3 document") + } for _, path := range doc.Paths.Paths { // If operation is not PATCH, then continue. + if path == nil { + continue + } op := path.PathProps.Patch if op == nil { continue @@ -120,10 +125,10 @@ func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, query // for the PATCH operation. for _, param := range op.OperationProps.Parameters { if param.ParameterProps.Name == string(queryParam) { - return true + return nil } } - return false + return NewParamUnsupportedError(gvk, queryParam) } - return false + return fmt.Errorf("Path not found for GVK (%s) in OpenAPI V3 doc", gvk) } diff --git a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go index 641568008b..1253fa1f44 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "mime" "net/http" "net/url" "sort" @@ -58,8 +59,9 @@ const ( defaultBurst = 300 AcceptV1 = runtime.ContentTypeJSON - // Aggregated discovery content-type (currently v2beta1). NOTE: Currently, we are assuming the order - // for "g", "v", and "as" from the server. We can only compare this string if we can make that assumption. + // Aggregated discovery content-type (v2beta1). NOTE: content-type parameters + // MUST be ordered (g, v, as) for server in "Accept" header (BUT we are resilient + // to ordering when comparing returned values in "Content-Type" header). AcceptV2Beta1 = runtime.ContentTypeJSON + ";" + "g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" // Prioritize aggregated discovery by placing first in the order of discovery accept types. acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1 @@ -259,8 +261,16 @@ func (d *DiscoveryClient) downloadLegacy() ( var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: + switch { + case isV2Beta1ContentType(responseContentType): + var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList + err = json.Unmarshal(body, &aggregatedDiscovery) + if err != nil { + return nil, nil, nil, err + } + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) + default: + // Default is unaggregated discovery v1. var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { @@ -271,15 +281,6 @@ func (d *DiscoveryClient) downloadLegacy() ( apiGroup = apiVersionsToAPIGroup(&v) } apiGroupList.Groups = []metav1.APIGroup{apiGroup} - case AcceptV2Beta1: - var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList - err = json.Unmarshal(body, &aggregatedDiscovery) - if err != nil { - return nil, nil, nil, err - } - apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) - default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } return apiGroupList, resourcesByGV, failedGVs, nil @@ -313,13 +314,8 @@ func (d *DiscoveryClient) downloadAPIs() ( failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: - err = json.Unmarshal(body, apiGroupList) - if err != nil { - return nil, nil, nil, err - } - case AcceptV2Beta1: + switch { + case isV2Beta1ContentType(responseContentType): var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { @@ -327,12 +323,38 @@ func (d *DiscoveryClient) downloadAPIs() ( } apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + // Default is unaggregated discovery v1. + err = json.Unmarshal(body, apiGroupList) + if err != nil { + return nil, nil, nil, err + } } return apiGroupList, resourcesByGV, failedGVs, nil } +// isV2Beta1ContentType checks of the content-type string is both +// "application/json" and contains the v2beta1 content-type params. +// NOTE: This function is resilient to the ordering of the +// content-type parameters, as well as parameters added by +// intermediaries such as proxies or gateways. Examples: +// +// "application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true +// "application/json" = false +// "application/json; charset=UTF-8" = false +func isV2Beta1ContentType(contentType string) bool { + base, params, err := mime.ParseMediaType(contentType) + if err != nil { + return false + } + return runtime.ContentTypeJSON == base && + params["g"] == "apidiscovery.k8s.io" && + params["v"] == "v2beta1" && + params["as"] == "APIGroupDiscoveryList" +} + // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { diff --git a/etcd/vendor/k8s.io/client-go/openapi/client.go b/etcd/vendor/k8s.io/client-go/openapi/client.go index 7b58762acf..6a43057187 100644 --- a/etcd/vendor/k8s.io/client-go/openapi/client.go +++ b/etcd/vendor/k8s.io/client-go/openapi/client.go @@ -19,6 +19,7 @@ package openapi import ( "context" "encoding/json" + "strings" "k8s.io/client-go/rest" "k8s.io/kube-openapi/pkg/handler3" @@ -58,7 +59,11 @@ func (c *client) Paths() (map[string]GroupVersion, error) { // Create GroupVersions for each element of the result result := map[string]GroupVersion{} for k, v := range discoMap.Paths { - result[k] = newGroupVersion(c, v) + // If the server returned a URL rooted at /openapi/v3, preserve any additional client-side prefix. + // If the server returned a URL not rooted at /openapi/v3, treat it as an actual server-relative URL. + // See https://github.com/kubernetes/kubernetes/issues/117463 for details + useClientPrefix := strings.HasPrefix(v.ServerRelativeURL, "/openapi/v3") + result[k] = newGroupVersion(c, v, useClientPrefix) } return result, nil } diff --git a/etcd/vendor/k8s.io/client-go/openapi/groupversion.go b/etcd/vendor/k8s.io/client-go/openapi/groupversion.go index 32133a29b8..601dcbe3cc 100644 --- a/etcd/vendor/k8s.io/client-go/openapi/groupversion.go +++ b/etcd/vendor/k8s.io/client-go/openapi/groupversion.go @@ -18,6 +18,7 @@ package openapi import ( "context" + "net/url" "k8s.io/kube-openapi/pkg/handler3" ) @@ -29,18 +30,41 @@ type GroupVersion interface { } type groupversion struct { - client *client - item handler3.OpenAPIV3DiscoveryGroupVersion + client *client + item handler3.OpenAPIV3DiscoveryGroupVersion + useClientPrefix bool } -func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion) *groupversion { - return &groupversion{client: client, item: item} +func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion, useClientPrefix bool) *groupversion { + return &groupversion{client: client, item: item, useClientPrefix: useClientPrefix} } func (g *groupversion) Schema(contentType string) ([]byte, error) { - return g.client.restClient.Get(). - RequestURI(g.item.ServerRelativeURL). - SetHeader("Accept", contentType). - Do(context.TODO()). - Raw() + if !g.useClientPrefix { + return g.client.restClient.Get(). + RequestURI(g.item.ServerRelativeURL). + SetHeader("Accept", contentType). + Do(context.TODO()). + Raw() + } + + locator, err := url.Parse(g.item.ServerRelativeURL) + if err != nil { + return nil, err + } + + path := g.client.restClient.Get(). + AbsPath(locator.Path). + SetHeader("Accept", contentType) + + // Other than root endpoints(openapiv3/apis), resources have hash query parameter to support etags. + // However, absPath does not support handling query parameters internally, + // so that hash query parameter is added manually + for k, value := range locator.Query() { + for _, v := range value { + path.Param(k, v) + } + } + + return path.Do(context.TODO()).Raw() } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 8300de2cf3..c761d836f9 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -583,7 +583,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/api v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/apimachinery v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -691,12 +691,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/cli-runtime v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/client-go v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -842,7 +842,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -879,7 +879,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kubectl v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -1006,32 +1006,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230323125716-53cdd6b0519f # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230323125716-53cdd6b0519f # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230323125716-53cdd6b0519f -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525170236-15f19ea2dd70 diff --git a/go.mod b/go.mod index 39591a0835..259ee824a7 100644 --- a/go.mod +++ b/go.mod @@ -9,9 +9,9 @@ require ( github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb - github.com/openshift/cluster-policy-controller v0.0.0-20230522165024-f70fc1e84b78 + github.com/openshift/cluster-policy-controller v0.0.0-20230524145357-cc787e1b1e17 github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb - github.com/openshift/route-controller-manager v0.0.0-20230509091526-ee49bd6f1873 + github.com/openshift/route-controller-manager v0.0.0-20230524200047-38d9ec83ce46 github.com/pkg/errors v0.9.1 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 @@ -216,7 +216,7 @@ require ( k8s.io/mount-utils v0.0.0 // indirect k8s.io/pod-security-admission v0.27.1 // indirect k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.1 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect sigs.k8s.io/kustomize/api v0.13.2 // indirect @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230521153343-38c64ac43b86 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230521153343-38c64ac43b86 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230521153343-38c64ac43b86 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230525170236-15f19ea2dd70 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525170236-15f19ea2dd70 // from kubernetes ) diff --git a/go.sum b/go.sum index 05efc18ac1..50f29a1d6f 100644 --- a/go.sum +++ b/go.sum @@ -600,66 +600,66 @@ github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 h1:mh github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI= github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs= -github.com/openshift/cluster-policy-controller v0.0.0-20230522165024-f70fc1e84b78 h1:uy4LrX44ftssB/o3mYWJEcWrOL7zHYFkuR6SCkAGYrQ= -github.com/openshift/cluster-policy-controller v0.0.0-20230522165024-f70fc1e84b78/go.mod h1:aT2kl3fRiSSElTibdfFs3MQnyLtviMcB7lZt9rdy46g= -github.com/openshift/kubernetes v0.0.0-20230521153343-38c64ac43b86 h1:FBymFrOBcIi5iWwn+ZsukEpNoKa243a7742yp7mpysA= -github.com/openshift/kubernetes v0.0.0-20230521153343-38c64ac43b86/go.mod h1:DDSNPBfpwGnwkzjn3IUSydmd0MSq+PG73bHFE9QY398= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 h1:gRZXwpVytFR76wQuPDfJQjImao7H+ys9oiQw8gU8n/g= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86/go.mod h1:saZKt9T5SsoviK6g0vQdgSf2Gk6VjK2NECZ5UHCpmr4= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 h1:XyhZ6ALEeOZ+mwvNTVlztkLM5LtoGdVGDUBJ44jKX00= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86/go.mod h1:HdrGYxwfAuwvj4fKLgpSs4FvPO5NNRheRnlTdfHZEYU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 h1:/Ym/84n0tGkKCSr5k2SMNTf6OLoWZcoWsBy6cSvg2I8= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86/go.mod h1:6tnW/nnIEmt68uWWsNCihIhgtFza8+IUPAylHMjVFiA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 h1:HlvoE2GyDufm8OixHWRQainQpBmIhkZJ+g/RJQtItBA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86/go.mod h1:G2WChZVrJphZmHr+dfMhDn7pQL7XDFTY/l1yBzF5fMY= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 h1:ggTBGJ1VIQkCm4KVno3MVDH7KQBnCHAG+L6uwjeevkg= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 h1:J4+/3svC+GOFmCF0Nm0smXcCsVSnm82mnn0GABBhMvg= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 h1:rdB//wfsZUEqXpUWqsyNZR6hG+qqTOM7OVeQWQ/RY0s= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86/go.mod h1:ypSLMfAdW4uzXwn392ff6PlRsRgP+9gcewSYWATlkXY= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 h1:R4+nv+XBf3zjLyoo+RqRLlFw87LEjHHABXb05foftMw= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86/go.mod h1:knkmpkfoPcOyPbx6II8E7bPCBPWWb+qTnp9lYeRLmcM= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230521153343-38c64ac43b86/go.mod h1:380P61ZbSq+rXgjrZJxMlOaGkGcEX6D+1068u0Y5PiA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 h1:O3ZvXepoXVIc3BLgnG7tqv0sB9yps6a79LMNftGc3pY= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86/go.mod h1:aw2R8otz1/3IWKmZwVDvXtU9Cp0dnBXMOYtdpjtor00= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 h1:gJjMwi+RaQP6hQCT0t7pCHKvI0DZW5WAjBgjCx5YQIM= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86/go.mod h1:cb2Rq5C4I0+gXg8M+PYuvZndVdIr37Nm1DBe5T5dhDA= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 h1:o9i3AawPwF56gXI+jwrWG/LIdtkT9qGUt+HX9dsYyzc= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86/go.mod h1:8t2DYIph1VEgiOkNIu3lhQ3L7eUda2bj4tOdbi5AOTQ= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 h1:N1jZM6xvTQiBpwrZ91ZikR5oVT/RnuyRXQBE+qRV2Zw= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86/go.mod h1:NU+xm9Do1kkehQ/P9v7PlkU1nKpWRBGsZI0fiZhdjpA= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 h1:tLsNoX3g/1pFqptj2tjEZlhghUtxiBhIf07pUjhqVH4= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86/go.mod h1:uTgJpRtV5WrbgrBwtkdJLjDE7LqmLKTyox+GfDljAME= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 h1:8mrnmw0Euw98HORv0Lo6yduRWYc8EeNZVG18xMFlkjU= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86/go.mod h1:aH+7wzuRuYXC6z7CmIPJBxT6zht3KiOF5PC6DCiILR0= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 h1:pTRFyC6EiNctZGxym8+I5caACNsMywajiDTWW5Fdnj8= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86/go.mod h1:68PrB9gP9pYKDeGkDR8fZicmzCD/093czqtSVRhJjJg= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 h1:P9xi3jJll+5ceBgHMszvy9B5YYGLC/HWXvgJn+K8Vsk= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86/go.mod h1:7ZR7TlZqyvZjXmnz1ei3P3fzjfhoqJZLpmUQtPYzPm8= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 h1:2Tx2vSCmu5ZK1dgRO7unTi7yFVucrT+h8gHgN1ER3kQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86/go.mod h1:kPirESyKa0ONUvOJqFwUgvUq5M42RuJ/RILdsJg6PeA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 h1:N+jDGkOY6mPWhB2ziOHTXE2LxcPNiIJ0LU5eQLyAyrU= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86/go.mod h1:shBqEF96lVjyKcgxtOYySo0emacqvwz4nuhU/P7+g04= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 h1:wM0knl3Jg6h/ttR7bHFQKcO42OhKnedQaIPoT0o8wwo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 h1:H5MqT51TjghFHuQ71L4Y6jobTCcorC3risawbVJQK1U= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86/go.mod h1:yicHj+CceeKtoQ1SmvBrbdQTBvuisww0e9CzWrd4WV8= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 h1:uVh9GfNEvJEwAjGVnIY7wXin8hKAKZXnvDA3NxlMeds= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86/go.mod h1:U4zxFrED8NcXCRBau4PUNnNZacAu0ElxVLYuL/wkqW0= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 h1:f0N9UXf6RepbHq+VfpPqgLnFdE0xGKQzMH1x2CEHn6I= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86/go.mod h1:bJFJUWsPSj8ps/bUM9Scdnw4h6FWadbe4SRzFVUgdOE= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 h1:KDd1gYQ9QhICSTFisXnXQHLPAXnXqrs3ldz9DUmRvJ8= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86/go.mod h1:AWlsrDgQ1Q6k/3ZST9uvU8kuaCegLz73nmLjGBJE0go= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 h1:YVQFVdIqcWXE7eIE00LI/EJ/Vqj3hiPHcC+aWGG2maw= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86/go.mod h1:HlQt2MKdN4BJFwJ0VsNVJRvmt/WtUGLo2YQwpuH7RGg= +github.com/openshift/cluster-policy-controller v0.0.0-20230524145357-cc787e1b1e17 h1:O64VIXF1g9CdA+dIibNVk/aFo4TdLrzjGVT5EYN8sDw= +github.com/openshift/cluster-policy-controller v0.0.0-20230524145357-cc787e1b1e17/go.mod h1:aT2kl3fRiSSElTibdfFs3MQnyLtviMcB7lZt9rdy46g= +github.com/openshift/kubernetes v0.0.0-20230525170236-15f19ea2dd70 h1:ayTBJTizOup/LE/oZMUTvvw+w6+52d3+UOzYWMmOqAQ= +github.com/openshift/kubernetes v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:CMSHiseYninZM+/cDQ0AT2GVALbvZSYvVXMhSvp1Bfw= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 h1:5ixvhVSaz9dEymLhKDqn8JYiClWhnYjtDY3UVvjPg3I= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:saZKt9T5SsoviK6g0vQdgSf2Gk6VjK2NECZ5UHCpmr4= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 h1:SyZOmm2G0rFFKfEQbLvt0H7NE65QyrHb36EDIdVY/A0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:cDTppKWhV926JjtdHpS6git534pn4Fd06S23Z6q9+zI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 h1:cQv3Pdrn7PbcKFh9uqrDnUifdPQeJV6gCg3BDl6h+rk= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:6tnW/nnIEmt68uWWsNCihIhgtFza8+IUPAylHMjVFiA= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 h1:TrS8t0UWCuiJcH4UgxnzWIXRxK9htEwBELqW46Hxw0E= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:icIR+sy0XffrWMZm0IsdS7pIKljUOn8o3040z0IlEVE= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 h1:fbjedwvTEr1EpdqKCIIAbLhWa7ItgwljRGDWFcLFmSY= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 h1:jTaI+rEC4K9ilrOtNtg3IdEtbAfd+uLr+ZAUjsLgmnQ= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 h1:53v/sRSg1Gxnih/A8xERR834UdMCSa9C4Lc09dlPaOc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:/P4BjJew2WLdnbi3+0tyO8sDLZydilvJ41dTkFLgfIA= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 h1:CPu6DFs2CKmWAY0gtyReGICWbKGtho1DImHeGmuuq0g= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:knkmpkfoPcOyPbx6II8E7bPCBPWWb+qTnp9lYeRLmcM= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:380P61ZbSq+rXgjrZJxMlOaGkGcEX6D+1068u0Y5PiA= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 h1:aWIOBktXjCp6YALQkO0SUofDQE7+5oRFD8yj9ggEyS8= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:aw2R8otz1/3IWKmZwVDvXtU9Cp0dnBXMOYtdpjtor00= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 h1:whezFtMDajwhAD954UWvaPA+6P1k5XwCksG43qOUDX0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:cb2Rq5C4I0+gXg8M+PYuvZndVdIr37Nm1DBe5T5dhDA= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 h1:KFVJjlNZ9OLZdRuK4z6j8nU6Bggwi7be8AaUSVBJMqE= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:vZ9u2TSfQdJzEf1CLpfxGtELRx75PCMXvuBhV3437Mw= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 h1:0sGKARVAoaTiMbpAlD97wdvYI32pUCaXne0LQEKcIzU= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:NU+xm9Do1kkehQ/P9v7PlkU1nKpWRBGsZI0fiZhdjpA= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 h1:pTcLWizUgcmaodmN3FkWfKlNeDCnYHXaiV5jb8blwJw= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:uTgJpRtV5WrbgrBwtkdJLjDE7LqmLKTyox+GfDljAME= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 h1:bKnJcc2UR83qqKUPOXiaYBbqor06PJVW0abI/xgBL6k= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:aH+7wzuRuYXC6z7CmIPJBxT6zht3KiOF5PC6DCiILR0= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 h1:Ouk+940p0TtXowYdYj4pg+2DlCvn0TjB3Ew7WOfuGRY= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:68PrB9gP9pYKDeGkDR8fZicmzCD/093czqtSVRhJjJg= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 h1:gcLcVPahnPopTF0W2E+JeV7DYI9hlqU2LRsYo7H76X8= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:OpDY6v8iOpHpLd9PujeMw4sgaAn0PGjNtoOQFI2AIbA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 h1:9CvnLwJFfPwszPMnjOegM1jDImTBfidKQNQBukCz8kI= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:kPirESyKa0ONUvOJqFwUgvUq5M42RuJ/RILdsJg6PeA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 h1:ewuDIQ8/v5egwzCnNS3QFgvdIREarthcEHCZ03TvMiU= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:shBqEF96lVjyKcgxtOYySo0emacqvwz4nuhU/P7+g04= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 h1:+6rbdSMHP4N7n2O1i3XZRMBTAXUJ6/eSgFG+FSGfZig= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 h1:cn2yzwnx1WoqbKt3D7895KJWdXgvg9KTox/76Sz8FFw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:yicHj+CceeKtoQ1SmvBrbdQTBvuisww0e9CzWrd4WV8= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 h1:cga0qYrWiawARIYdQ1nCDO/qjlBh2Zw29RFc73yDaZc= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:U4zxFrED8NcXCRBau4PUNnNZacAu0ElxVLYuL/wkqW0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 h1:X1sKZNt9c+2TSjd9hzMuIaQqbNcyP1KlXHepfM1zZ1U= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:bJFJUWsPSj8ps/bUM9Scdnw4h6FWadbe4SRzFVUgdOE= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 h1:kbHXV/t0HXxHNr2wBvrBsYvEu3SSTFP6l4HMeRortxI= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:AWlsrDgQ1Q6k/3ZST9uvU8kuaCegLz73nmLjGBJE0go= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 h1:Qo9619mhvnjS2yjknzl5YxwprtjEsAAYSX7kT102P18= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70/go.mod h1:avu3AaWDIk2l9Ip/rt8oWZmsQ2oYibJzble98CyL9uk= github.com/openshift/library-go v0.0.0-20230503173034-95ca3c14e50a/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb h1:B1VhZf/XTcInahu7XmosGLDGlKgJHj9eYtNBq+tA2dY= github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 h1:PftK9Q7BUD+wj8fNvxtJ+RhxYkcTtd8LcAo1Gk1H1HM= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= -github.com/openshift/route-controller-manager v0.0.0-20230509091526-ee49bd6f1873 h1:4tJUO+1Pey/AY/FtX7T7KS7JiIgQhDLGi7droDWgnUQ= -github.com/openshift/route-controller-manager v0.0.0-20230509091526-ee49bd6f1873/go.mod h1:/RPC3vrYYiXcwaiz5YsV8YNAEKaT2FsUdPuJiZnT9fI= +github.com/openshift/route-controller-manager v0.0.0-20230524200047-38d9ec83ce46 h1:v2RYLXaxw20f96Br7tdwkJShuf5BHnzJb7fQ1pVOh08= +github.com/openshift/route-controller-manager v0.0.0-20230524200047-38d9ec83ce46/go.mod h1:/RPC3vrYYiXcwaiz5YsV8YNAEKaT2FsUdPuJiZnT9fI= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -1442,8 +1442,9 @@ k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.1 h1:MB1zkK+WMOmfLxEpjr1wEmkpcIhZC7kfTkZ0stg5bog= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.1/go.mod h1:/4NLd21PQY0B+H+X0aDZdwUiVXYJQl/2NXA5KVtDiP4= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index a2375af9db..1eb22ece35 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:78bc69f0481f61d465f1a82b3e59342dc00607f3a8c8d0f4bc9a4b4a301df690" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b052eb5fe1b675555cc9b536b00d1bb1aa78f7dfe1eaddd6c911509f55382a2" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 4902826cfe..5d88fa633e 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:71e7ca1772bdb2baa6cc173fa8fe935f91cc8243dcc1241d3984175a833abf8c" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb7cc3de4736623adeba1d648ebd24b4a45d904194151a49934b3e9f83d23321" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/pkg/controllers/openshift-route-controller-manager.go b/pkg/controllers/openshift-route-controller-manager.go index 235792aace..a17495881c 100644 --- a/pkg/controllers/openshift-route-controller-manager.go +++ b/pkg/controllers/openshift-route-controller-manager.go @@ -114,37 +114,37 @@ func (s *OCPRouteControllerManager) Run(ctx context.Context, ready chan<- struct klog.Fatalf("failed to apply openshift namespaces %v", err) } if err := assets.ApplyClusterRoles(ctx, []string{ - "controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml", - "controllers/route-controller-manager/informer-clusterrole.yaml", - "controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml", + "controllers/route-controller-manager/ingress-to-route-controller-clusterrole.yaml", + "controllers/route-controller-manager/route-controller-informer-clusterrole.yaml", + "controllers/route-controller-manager/route-controller-tokenreview-clusterrole.yaml", }, s.kubeadmconfig); err != nil { klog.Fatalf("failed to apply route controller manager cluster roles %v", err) } if err := assets.ApplyClusterRoleBindings(ctx, []string{ - "controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml", - "controllers/route-controller-manager/informer-clusterrolebinding.yaml", - "controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml", + "controllers/route-controller-manager/ingress-to-route-controller-clusterrolebinding.yaml", + "controllers/route-controller-manager/route-controller-informer-clusterrolebinding.yaml", + "controllers/route-controller-manager/route-controller-tokenreview-clusterrolebinding.yaml", }, s.kubeadmconfig); err != nil { klog.Fatalf("failed to apply route controller manager cluster role bindings %v", err) } if err := assets.ApplyRoles(ctx, []string{ - "controllers/route-controller-manager/route-controller-manager-leader-role.yaml", - "controllers/route-controller-manager/route-controller-manager-separate-sa-role.yaml", + "controllers/route-controller-manager/route-controller-leader-role.yaml", + "controllers/route-controller-manager/route-controller-separate-sa-role.yaml", }, s.kubeadmconfig); err != nil { klog.Fatalf("failed to apply route controller manager roles %v", err) } if err := assets.ApplyRoleBindings(ctx, []string{ - "controllers/route-controller-manager/route-controller-manager-leader-rolebinding.yaml", - "controllers/route-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml", + "controllers/route-controller-manager/route-controller-leader-rolebinding.yaml", + "controllers/route-controller-manager/route-controller-separate-sa-rolebinding.yaml", }, s.kubeadmconfig); err != nil { klog.Fatalf("failed to apply route controller manager role bindings %v", err) } if err := assets.ApplyServiceAccounts(ctx, []string{ - "controllers/route-controller-manager/route-controller-manager-sa.yaml", + "controllers/route-controller-manager/route-controller-sa.yaml", }, s.kubeadmconfig); err != nil { klog.Fatalf("failed to apply route controller manager service account %v", err) } diff --git a/scripts/auto-rebase/assets.yaml b/scripts/auto-rebase/assets.yaml index f021da74dd..0f214d4452 100644 --- a/scripts/auto-rebase/assets.yaml +++ b/scripts/auto-rebase/assets.yaml @@ -170,18 +170,18 @@ assets: src: cluster-openshift-controller-manager-operator/bindata/v3.11.0/openshift-controller-manager/ files: - file: 0000_50_cluster-openshift-route-controller-manager_00_namespace.yaml - src: route-controller-manager-ns.yaml - - file: route-controller-manager-ingress-to-route-controller-clusterrole.yaml - - file: route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml - - file: informer-clusterrole.yaml - - file: informer-clusterrolebinding.yaml - - file: route-controller-manager-leader-role.yaml - - file: route-controller-manager-leader-rolebinding.yaml - - file: route-controller-manager-sa.yaml - - file: route-controller-manager-separate-sa-role.yaml - - file: route-controller-manager-separate-sa-rolebinding.yaml - - file: route-controller-manager-tokenreview-clusterrole.yaml - - file: route-controller-manager-tokenreview-clusterrolebinding.yaml + src: route-controller-ns.yaml + - file: ingress-to-route-controller-clusterrole.yaml + - file: ingress-to-route-controller-clusterrolebinding.yaml + - file: route-controller-informer-clusterrole.yaml + - file: route-controller-informer-clusterrolebinding.yaml + - file: route-controller-leader-role.yaml + - file: route-controller-leader-rolebinding.yaml + - file: route-controller-sa.yaml + - file: route-controller-separate-sa-role.yaml + - file: route-controller-separate-sa-rolebinding.yaml + - file: route-controller-tokenreview-clusterrole.yaml + - file: route-controller-tokenreview-clusterrolebinding.yaml - dir: core/ no_clean: True diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index c8b8b69b22..2d5ac2deec 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,4 +1,109 @@ -- kubernetes image-arm64 8515bd48dd92bde6db7a51e305a1084a9b20cb84 to 15f19ea2dd700767e5337502aec753d2a6e26905 +- cluster-dns-operator embedded-component f827fb9d32f4dcd3e5d5cd0f7b8e2350af3d0c31 to 8d84af3ad3ebd7462c26b86eceb218a1cc8ae845 + - 53e4a48 2023-05-25T17:47:19-04:00 OCPBUGS-13965: Bump openshift-api, client-go, controller-runtime, kubectl for k8s 0.27.2 + +- cluster-ingress-operator embedded-component 960d4104d25f60e077dedb08d423cb7fe1900c0c to 90d2feaaf3b4e657ce46098077e894aec053f7ca + - 274bc1d 2023-05-24T08:35:13-03:00 Revert "OCPBUGS-6661, OCPBUGS-9464: Move mTLS CRL handling into the router, and fix accidental duplication of CRLs" + - 210072a 2023-05-19T15:19:32-04:00 Add test case to test CRL updates + - 11f234f 2023-05-19T15:19:32-04:00 Remove CRL management code from ingress operator + +- cluster-kube-apiserver-operator embedded-component cb42b1c56dd3761bb19e586356ba95fbda6d962f to dbe789b8b0c0354e8094267d904b966e430104ed + - b940546 2023-05-24T14:23:14+02:00 Update APIRemovedInNextRelease alerts + - 39c546d 2023-05-16T12:27:02+02:00 pkg/operator/startupmonitor: skip openshift-apiserver readiness check for kube-api's readyz + +- cluster-network-operator embedded-component 7df32ec5213e2abfcff18cd22a63e7f20a5cccdc to f68e72f6cf4315646e2baecf2f2e2370b012f2b8 + - c296a7c 2023-05-24T12:53:25+02:00 Revert "Do not set the operator as available before updating the network config" + +- cluster-openshift-controller-manager-operator embedded-component 05d6f18acbe72e3850eb783091dfa5cded9ebf3a to cb01e0b306daedbe42d50d9b0e88ce2618863647 + - a8a56f1 2023-05-24T15:38:13-04:00 Revert "OCPBUGS-13895: [WRKLDS-730] route-controller-manager deployment updates" + +- cluster-policy-controller embedded-component f70fc1e84b784b047695c5f139e5f2b38aaf0214 to cc787e1b1e177696817b66689a03471914083a67 + - 7780ea3 2023-05-22T23:20:06+02:00 go mod vendor + - a35445f 2023-05-22T23:19:34+02:00 fix ClusterResourceQuotas to work for all api resources + +- kubernetes embedded-component 38c64ac43b865b13e942ef3445db5d3aa95a7b7d to 15f19ea2dd700767e5337502aec753d2a6e26905 + - f753472ab 2023-05-24T18:18:30+02:00 UPSTREAM: : make update + - 8bd5514be 2023-05-24T18:17:46+02:00 UPSTREAM: : Create minimal wrapper needed to run k8s e2e tests + - de87f8fe7 2023-05-24T12:50:24+02:00 UPSTREAM: : update rebase doc + - 81d75f951 2023-05-24T11:55:54+02:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 9cc7158c8 2023-05-24T11:45:58+02:00 UPSTREAM: : manually resolve conflicts + - 9362c4bfa 2023-05-23T17:21:31+02:00 UPSTREAM: 117785: Don't use Nodes.ExternalIPs to verify the NodePorts connectivity + - 7f6f68fda 2023-05-17T14:13:27+00:00 Release commit for Kubernetes v1.27.2 + - 89bdf52a1 2023-05-15T11:29:54+02:00 UPSTREAM: 117893: When expecting pods count only active ones + - 2eccb77b2 2023-05-12T10:15:45-07:00 OpenAPI V3 invalid document checks + - 642ea8961 2023-05-10T21:14:19+00:00 update for feedback + - 0457fbc83 2023-05-10T21:14:18+00:00 QueryParamVerifier falls back on invalid v3 document + - 4cd33af14 2023-05-10T21:14:18+00:00 QueryParamVerifierV3 resilient to minimal OpenAPI V3 documents + - ce458add6 2023-05-10T21:28:23+08:00 kubeadm: fix a bug where file copy(backup) could not be executed correctly on Windows platform during upgrade + - 3a56c1e95 2023-05-08T17:30:58+08:00 Fix CHANGELOG-1.27 correct + - fa86f2dce 2023-05-05T14:46:23-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc + - 4a2e6971f 2023-05-05T14:46:23-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope + - c041924dd 2023-05-06T00:25:25+08:00 Update podFailurePolicy comments from alpha-level to beta + - 7f9b3cb85 2023-05-04T16:42:50-04:00 Disable NewVolumeManagerReconstruction feature gate + - 3324649c1 2023-05-04T10:47:48+02:00 releng/go: Update images, dependencies and version to Go 1.20.4 + - ae2f576d0 2023-05-03T13:08:22-07:00 Bump konnectivity-client to v0.1.2 + - 8af1ce586 2023-05-03T18:38:42+02:00 Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP + - 940b6892a 2023-05-02T11:23:32+01:00 node: device-plugin: e2e: Additional test cases + - 4cf566e32 2023-05-02T11:23:31+01:00 node: device-plugin: add node reboot test scenario + - d67481c47 2023-05-02T11:23:31+01:00 node: device-plugin: e2e: Capture pod admission failure + - 6f5e29e26 2023-05-02T11:23:31+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring + - 367e3d7c4 2023-05-02T11:23:31+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595 + - d241f58d8 2023-05-02T11:23:31+01:00 node: device-mgr: e2e: Implement End to end test + - aac4c15e6 2023-05-02T11:23:31+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist + - b157e1741 2023-05-02T11:23:12+01:00 node: device-plugin: e2e: Add test case for kubelet restart + - 5278e9c02 2023-05-02T11:23:12+01:00 node: device-plugin: e2e: Provide sleep intervals via constants + - b3c58acde 2023-05-02T11:23:12+01:00 node: device-plugin: e2e: Update test description to make it explicit + - 0cd0fe70a 2023-05-02T11:23:11+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario + - ed8d4e1d6 2023-05-02T11:23:11+01:00 node: device-plugin: e2e: Annotate device check with error message + - 4899dc75d 2023-05-02T11:23:11+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount + - c81ec1ae5 2023-05-02T11:23:11+01:00 node: device-plugins: e2e: Refactor parse log to return string and error + - 86904a7c5 2023-05-01T21:28:35+00:00 Update kube-openapi to fix race + - ee1d7eb5d 2023-04-29T19:18:22+03:00 Use absolute path instead requestURI in openapiv3 discovery + - bbca939c6 2023-04-29T16:45:31+02:00 proxy/ipvs: don't bind nodeips to the dummy device + - ca1e56314 2023-04-29T16:45:31+02:00 proxy/ipvs: add a GetAllLocalAddressesExcept() function + - 3ce0c108f 2023-04-26T19:05:06+00:00 Refactors discovery content-type and helper functions + - 574829867 2023-04-26T15:43:52+02:00 Fix scheduler performance regression after adding plugin metrics + - 192e9dae3 2023-04-25T17:48:26-04:00 Update staging/src/k8s.io/apiserver/pkg/cel/common/values.go + - 8d0ac2f6f 2023-04-25T17:48:19-04:00 Fix bug where CEL listOfString.join() results in unexpected error + - 57e67a91e 2023-04-24T19:10:23-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()` + - d0514936f 2023-04-19T09:31:28+02:00 Fix stomping os env in kubectl e2e tests + - 7a6640798 2023-04-19T00:19:34+02:00 KCCM: add providerID predicate to service controller + - 8221a54e1 2023-04-19T00:19:34+02:00 Re-work logic in shouldSyncUpdatedNode + - a9d07f4e9 2023-04-18T22:48:58+08:00 add log includes pod preemption details + - 9ef90afb4 2023-04-18T11:30:37+02:00 verifyVolumeNoStatusUpdateNeeded may cause flake and so only keep the last ones + - b598ea5c3 2023-04-18T11:30:37+02:00 deflake: Add retry with timeout to wait for final conditions + - 2eb94fa83 2023-04-18T01:22:51-07:00 kubelet: Mark new terminal pods as non-finished in pod worker + - ae07535c8 2023-04-18T01:22:51-07:00 test: Add node e2e to restart kubelet while pod is terminating + - 861e1935e 2023-04-14T14:30:14-04:00 kubelet: Ensure pods that have not started track a pendingUpdate + - ae92fd280 2023-04-14T22:12:36+05:30 changelog: fix formatting issue with v1.27 change log + - 95feac526 2023-04-14T13:38:32+00:00 Update CHANGELOG/CHANGELOG-1.27.md for v1.27.1 + - 2c81ecc2e 2023-04-14T11:33:13+08:00 use case-insensitive header keys for http probes + - fddf859d6 2023-04-13T16:39:56-04:00 kube-aggregator: correctly use client-go TLS cache with custom dialer + - f564f7a35 2023-04-13T16:41:36+02:00 api: encode NamespacedName with lower case in JSON + - e827a4b61 2023-04-13T13:12:34+02:00 Do not look at VPC-related resources outside the cluster's network + - d977e7e0d 2023-04-12T11:38:23-04:00 Fix azure disk e2e after migration + - e599722bc 2023-04-12T09:27:40-04:00 vendor: bump runc to 1.1.6 + - 25b061d82 2023-04-12T09:27:25-04:00 CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 + - 854c72766 2023-04-12T09:43:00+00:00 fix: the volume is not detached after the pod and PVC objects are deleted + - 951f8dcc9 2023-04-06T16:57:07+00:00 Return error for localhost seccomp type with no localhost profile defined + +- machine-config-operator embedded-component 655ba3328198fa6d2439706cf435b056fcd74b9b to 5843b7a4b27f15bc3313ce8a41ef6de792081fcb + - 4083f75e 2023-05-22T17:38:34-05:00 Fix missing apiVersion and kind fields for embeds + - cf172ffe 2023-05-08T10:20:53-04:00 Add ip forwarding service for on-prem deployments + - d9b70fbe 2023-05-08T10:20:53-04:00 Trim data when checking if there is anything to render + - 4e2501ad 2023-05-08T10:20:53-04:00 Disable global ipv4 and ipv6 forwarding for OVN deployments + +- route-controller-manager embedded-component ee49bd6f1873d0a830fffbd11a9191b09ff617e3 to 38d9ec83ce464e9198af05918ab03a7995a11866 + - a08b4c5 2023-05-24T15:38:06-04:00 Revert "[WRKLDS-730] refactor route controller manager to use library-go server and ControlerCommand for generic setup" + - ad0217c 2023-05-09T17:42:03+02:00 simplify directory structure and rename openshiftcontrolplane_default.go + - cbe4ba9 2023-05-09T17:42:03+02:00 go mod tidy + vendor + - d2f883a 2023-05-09T17:42:03+02:00 refactor route controller manager to use library-go server and ControllerCommand for generic setup + +- oc image-amd64 68c710f5c29d795a8706d1e40de9099d278c059b to 943559197d1a94253672e26dbc356e062df7a66d + - a299a62 2023-05-25T16:23:56+03:00 Remove closed centos7 registry from newapp unit tests + - 6bfe6e5 2023-05-25T15:10:39+03:00 rename getEventsRecursive to better reflect best-effort + - 8088f9e 2023-05-25T13:55:16+03:00 Skip invalid events yamls and continue + +- kubernetes image-amd64 38c64ac43b865b13e942ef3445db5d3aa95a7b7d to 15f19ea2dd700767e5337502aec753d2a6e26905 - f753472ab 2023-05-24T18:18:30+02:00 UPSTREAM: : make update - 8bd5514be 2023-05-24T18:17:46+02:00 UPSTREAM: : Create minimal wrapper needed to run k8s e2e tests - de87f8fe7 2023-05-24T12:50:24+02:00 UPSTREAM: : update rebase doc @@ -6,6 +111,7 @@ - 9cc7158c8 2023-05-24T11:45:58+02:00 UPSTREAM: : manually resolve conflicts - 9362c4bfa 2023-05-23T17:21:31+02:00 UPSTREAM: 117785: Don't use Nodes.ExternalIPs to verify the NodePorts connectivity - 7f6f68fda 2023-05-17T14:13:27+00:00 Release commit for Kubernetes v1.27.2 + - 89bdf52a1 2023-05-15T11:29:54+02:00 UPSTREAM: 117893: When expecting pods count only active ones - 2eccb77b2 2023-05-12T10:15:45-07:00 OpenAPI V3 invalid document checks - 642ea8961 2023-05-10T21:14:19+00:00 update for feedback - 0457fbc83 2023-05-10T21:14:18+00:00 QueryParamVerifier falls back on invalid v3 document @@ -63,3 +169,8 @@ - 854c72766 2023-04-12T09:43:00+00:00 fix: the volume is not detached after the pod and PVC objects are deleted - 951f8dcc9 2023-04-06T16:57:07+00:00 Return error for localhost seccomp type with no localhost profile defined +- oc image-arm64 68c710f5c29d795a8706d1e40de9099d278c059b to 943559197d1a94253672e26dbc356e062df7a66d + - a299a62 2023-05-25T16:23:56+03:00 Remove closed centos7 registry from newapp unit tests + - 6bfe6e5 2023-05-25T15:10:39+03:00 rename getEventsRecursive to better reflect best-effort + - 8088f9e 2023-05-25T13:55:16+03:00 Skip invalid events yamls and continue + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 257e57e806..3490882ad1 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,25 +1,25 @@ -https://github.com/openshift/cluster-dns-operator embedded-component f827fb9d32f4dcd3e5d5cd0f7b8e2350af3d0c31 -https://github.com/openshift/cluster-ingress-operator embedded-component 960d4104d25f60e077dedb08d423cb7fe1900c0c -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component cb42b1c56dd3761bb19e586356ba95fbda6d962f +https://github.com/openshift/cluster-dns-operator embedded-component 8d84af3ad3ebd7462c26b86eceb218a1cc8ae845 +https://github.com/openshift/cluster-ingress-operator embedded-component 90d2feaaf3b4e657ce46098077e894aec053f7ca +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component dbe789b8b0c0354e8094267d904b966e430104ed https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component c27b0e585ff6c7d68f72ce8a74ab90dd9567ed19 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component d67fd0782ff7060e548446815f460d6c9e10e057 -https://github.com/openshift/cluster-network-operator embedded-component 7df32ec5213e2abfcff18cd22a63e7f20a5cccdc -https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 05d6f18acbe72e3850eb783091dfa5cded9ebf3a -https://github.com/openshift/cluster-policy-controller embedded-component f70fc1e84b784b047695c5f139e5f2b38aaf0214 +https://github.com/openshift/cluster-network-operator embedded-component f68e72f6cf4315646e2baecf2f2e2370b012f2b8 +https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component cb01e0b306daedbe42d50d9b0e88ce2618863647 +https://github.com/openshift/cluster-policy-controller embedded-component cc787e1b1e177696817b66689a03471914083a67 https://github.com/openshift/etcd embedded-component 53cdd6b0519f0e57da9032b473465799bba4b1a0 -https://github.com/openshift/kubernetes embedded-component 38c64ac43b865b13e942ef3445db5d3aa95a7b7d -https://github.com/openshift/machine-config-operator embedded-component 655ba3328198fa6d2439706cf435b056fcd74b9b +https://github.com/openshift/kubernetes embedded-component 15f19ea2dd700767e5337502aec753d2a6e26905 +https://github.com/openshift/machine-config-operator embedded-component 5843b7a4b27f15bc3313ce8a41ef6de792081fcb https://github.com/openshift/openshift-controller-manager embedded-component 76ef4f658ee7a5e6e4038f2860ef2bb9bc36e579 -https://github.com/openshift/route-controller-manager embedded-component ee49bd6f1873d0a830fffbd11a9191b09ff617e3 +https://github.com/openshift/route-controller-manager embedded-component 38d9ec83ce464e9198af05918ab03a7995a11866 https://github.com/openshift/service-ca-operator embedded-component f0bd313003d3d79593b44936fb7cf0bab2a6daae -https://github.com/openshift/oc image-amd64 68c710f5c29d795a8706d1e40de9099d278c059b +https://github.com/openshift/oc image-amd64 943559197d1a94253672e26dbc356e062df7a66d https://github.com/openshift/coredns image-amd64 a2c62dd3976b27d6a45e273532c63ba914700917 https://github.com/openshift/router image-amd64 5426a9b1597b9afd70b9d49caebe00cee6cc433f https://github.com/openshift/kube-rbac-proxy image-amd64 27c255551673ba529ac6c9419abe13451afa3e4d https://github.com/openshift/ovn-kubernetes image-amd64 0f2fbd9d43d2681ad4bffb2f4a7b85a195fc989b -https://github.com/openshift/kubernetes image-amd64 38c64ac43b865b13e942ef3445db5d3aa95a7b7d +https://github.com/openshift/kubernetes image-amd64 15f19ea2dd700767e5337502aec753d2a6e26905 https://github.com/openshift/service-ca-operator image-amd64 f0bd313003d3d79593b44936fb7cf0bab2a6daae -https://github.com/openshift/oc image-arm64 68c710f5c29d795a8706d1e40de9099d278c059b +https://github.com/openshift/oc image-arm64 943559197d1a94253672e26dbc356e062df7a66d https://github.com/openshift/coredns image-arm64 a2c62dd3976b27d6a45e273532c63ba914700917 https://github.com/openshift/router image-arm64 5426a9b1597b9afd70b9d49caebe00cee6cc433f https://github.com/openshift/kube-rbac-proxy image-arm64 27c255551673ba529ac6c9419abe13451afa3e4d diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 8392e87f6b..03b3f8252e 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2023-05-23-103225" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.14.0-0.nightly-arm64-2023-05-26-015447" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2023-05-28-215458" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.14.0-0.nightly-arm64-2023-05-28-204952" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go index 6f6fbaaec0..4f02c205d1 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go @@ -11,30 +11,20 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/metadata" + "k8s.io/client-go/metadata/metadatainformer" "k8s.io/client-go/rest" "k8s.io/controller-manager/app" "k8s.io/controller-manager/pkg/clientbuilder" openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1" - appsclient "github.com/openshift/client-go/apps/clientset/versioned" - appsinformer "github.com/openshift/client-go/apps/informers/externalversions" - buildclient "github.com/openshift/client-go/build/clientset/versioned" - buildinformer "github.com/openshift/client-go/build/informers/externalversions" - configclient "github.com/openshift/client-go/config/clientset/versioned" - configinformer "github.com/openshift/client-go/config/informers/externalversions" imageclient "github.com/openshift/client-go/image/clientset/versioned" imageinformer "github.com/openshift/client-go/image/informers/externalversions" - operatorclient "github.com/openshift/client-go/operator/clientset/versioned" - operatorinformer "github.com/openshift/client-go/operator/informers/externalversions" quotaclient "github.com/openshift/client-go/quota/clientset/versioned" quotainformer "github.com/openshift/client-go/quota/informers/externalversions" - routeclient "github.com/openshift/client-go/route/clientset/versioned" - routeinformer "github.com/openshift/client-go/route/informers/externalversions" securityclient "github.com/openshift/client-go/security/clientset/versioned" securityinformer "github.com/openshift/client-go/security/informers/externalversions" securityinternalclient "github.com/openshift/client-go/securityinternal/clientset/versioned" - templateclient "github.com/openshift/client-go/template/clientset/versioned" - templateinformer "github.com/openshift/client-go/template/informers/externalversions" "github.com/openshift/library-go/pkg/controller/controllercmd" "github.com/openshift/cluster-policy-controller/pkg/client/genericinformers" @@ -64,18 +54,11 @@ func NewControllerContext( clientConfig.Burst = clientConfig.Burst/10 + 1 } - appsClient, err := appsclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - buildClient, err := buildclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - configClient, err := configclient.NewForConfig(nonProtobufConfig(clientConfig)) + metadataClient, err := metadata.NewForConfig(clientConfig) if err != nil { return nil, err } + imageClient, err := imageclient.NewForConfig(clientConfig) if err != nil { return nil, err @@ -84,18 +67,6 @@ func NewControllerContext( if err != nil { return nil, err } - routerClient, err := routeclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - templateClient, err := templateclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } - operatorClient, err := operatorclient.NewForConfig(clientConfig) - if err != nil { - return nil, err - } securityClient, err := securityclient.NewForConfig(clientConfig) if err != nil { return nil, err @@ -109,15 +80,10 @@ func NewControllerContext( ControllerClientBuilder: clientbuilder.NewDynamicClientBuilder(rest.AnonymousClientConfig(clientConfig), kubeClient.CoreV1(), defaultOpenShiftInfraNamespace), }, KubernetesInformers: informers.NewSharedInformerFactory(kubeClient, defaultInformerResyncPeriod), - AppsInformers: appsinformer.NewSharedInformerFactory(appsClient, defaultInformerResyncPeriod), - BuildInformers: buildinformer.NewSharedInformerFactory(buildClient, defaultInformerResyncPeriod), - ConfigInformers: configinformer.NewSharedInformerFactory(configClient, defaultInformerResyncPeriod), + MetadataInformers: metadatainformer.NewSharedInformerFactory(metadataClient, defaultInformerResyncPeriod), ImageInformers: imageinformer.NewSharedInformerFactory(imageClient, defaultInformerResyncPeriod), - OperatorInformers: operatorinformer.NewSharedInformerFactory(operatorClient, defaultInformerResyncPeriod), QuotaInformers: quotainformer.NewSharedInformerFactory(quotaClient, defaultInformerResyncPeriod), - RouteInformers: routeinformer.NewSharedInformerFactory(routerClient, defaultInformerResyncPeriod), SecurityInformers: securityinformer.NewSharedInformerFactory(securityClient, defaultInformerResyncPeriod), - TemplateInformers: templateinformer.NewSharedInformerFactory(templateClient, defaultInformerResyncPeriod), InformersStarted: make(chan struct{}), } openshiftControllerContext.GenericResourceInformer = openshiftControllerContext.ToGenericInformer() @@ -128,27 +94,17 @@ func NewControllerContext( func (c *EnhancedControllerContext) ToGenericInformer() genericinformers.GenericResourceInformer { return genericinformers.NewGenericInformers( c.StartInformers, + // first shared informers used by the controllers c.KubernetesInformers, - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.AppsInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.BuildInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.ConfigInformers.ForResource(resource) - }), genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { return c.ImageInformers.ForResource(resource) }), genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { return c.QuotaInformers.ForResource(resource) }), + // fallback to metadata shared informers genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.RouteInformers.ForResource(resource) - }), - genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) { - return c.TemplateInformers.ForResource(resource) + return c.MetadataInformers.ForResource(resource), nil }), ) } @@ -161,16 +117,10 @@ type EnhancedControllerContext struct { ClientBuilder ControllerClientBuilder KubernetesInformers informers.SharedInformerFactory + MetadataInformers metadatainformer.SharedInformerFactory - TemplateInformers templateinformer.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory - RouteInformers routeinformer.SharedInformerFactory - - AppsInformers appsinformer.SharedInformerFactory - BuildInformers buildinformer.SharedInformerFactory - ConfigInformers configinformer.SharedInformerFactory ImageInformers imageinformer.SharedInformerFactory - OperatorInformers operatorinformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory GenericResourceInformer genericinformers.GenericResourceInformer @@ -185,16 +135,11 @@ type EnhancedControllerContext struct { func (c *EnhancedControllerContext) StartInformers(stopCh <-chan struct{}) { c.KubernetesInformers.Start(stopCh) - c.AppsInformers.Start(stopCh) - c.BuildInformers.Start(stopCh) - c.ConfigInformers.Start(stopCh) c.ImageInformers.Start(stopCh) c.SecurityInformers.Start(stopCh) - - c.TemplateInformers.Start(stopCh) c.QuotaInformers.Start(stopCh) - c.RouteInformers.Start(stopCh) - c.OperatorInformers.Start(stopCh) + + c.MetadataInformers.Start(stopCh) c.informersStartedLock.Lock() defer c.informersStartedLock.Unlock() @@ -211,30 +156,14 @@ func (c *EnhancedControllerContext) IsControllerEnabled(name string) bool { type ControllerClientBuilder interface { clientbuilder.ControllerClientBuilder - OpenshiftAppsClient(name string) (appsclient.Interface, error) - OpenshiftAppsClientOrDie(name string) appsclient.Interface - - OpenshiftBuildClient(name string) (buildclient.Interface, error) - OpenshiftBuildClientOrDie(name string) buildclient.Interface - - OpenshiftConfigClient(name string) (configclient.Interface, error) - OpenshiftConfigClientOrDie(name string) configclient.Interface - OpenshiftSecurityClient(name string) (securityinternalclient.Interface, error) OpenshiftSecurityClientOrDie(name string) securityinternalclient.Interface - // OpenShift clients based on generated internal clientsets - OpenshiftTemplateClient(name string) (templateclient.Interface, error) - OpenshiftTemplateClientOrDie(name string) templateclient.Interface - OpenshiftImageClient(name string) (imageclient.Interface, error) OpenshiftImageClientOrDie(name string) imageclient.Interface OpenshiftQuotaClient(name string) (quotaclient.Interface, error) OpenshiftQuotaClientOrDie(name string) quotaclient.Interface - - OpenshiftOperatorClient(name string) (operatorclient.Interface, error) - OpenshiftOperatorClientOrDie(name string) operatorclient.Interface } // InitFunc is used to launch a particular controller. It may run additional "should I activate checks". @@ -246,44 +175,6 @@ type OpenshiftControllerClientBuilder struct { clientbuilder.ControllerClientBuilder } -func (b OpenshiftControllerClientBuilder) OpenshiftOperatorClient(name string) (operatorclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return operatorclient.NewForConfig(clientConfig) -} - -func (b OpenshiftControllerClientBuilder) OpenshiftOperatorClientOrDie(name string) operatorclient.Interface { - client, err := b.OpenshiftOperatorClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftInternalTemplateClient provides a REST client for the template API. -// If the client cannot be created because of configuration error, this function -// will return an error. -func (b OpenshiftControllerClientBuilder) OpenshiftTemplateClient(name string) (templateclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return templateclient.NewForConfig(clientConfig) -} - -// OpenshiftInternalTemplateClientOrDie provides a REST client for the template API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftTemplateClientOrDie(name string) templateclient.Interface { - client, err := b.OpenshiftTemplateClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - // OpenshiftImageClient provides a REST client for the image API. // If the client cannot be created because of configuration error, this function // will error. @@ -306,72 +197,6 @@ func (b OpenshiftControllerClientBuilder) OpenshiftImageClientOrDie(name string) return client } -// OpenshiftAppsClient provides a REST client for the apps API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftAppsClient(name string) (appsclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return appsclient.NewForConfig(clientConfig) -} - -// OpenshiftAppsClientOrDie provides a REST client for the apps API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftAppsClientOrDie(name string) appsclient.Interface { - client, err := b.OpenshiftAppsClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftBuildClient provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftBuildClient(name string) (buildclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return buildclient.NewForConfig(clientConfig) -} - -// OpenshiftBuildClientOrDie provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftBuildClientOrDie(name string) buildclient.Interface { - client, err := b.OpenshiftBuildClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - -// OpenshiftConfigClient provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will error. -func (b OpenshiftControllerClientBuilder) OpenshiftConfigClient(name string) (configclient.Interface, error) { - clientConfig, err := b.Config(name) - if err != nil { - return nil, err - } - return configclient.NewForConfig(nonProtobufConfig(clientConfig)) -} - -// OpenshiftConfigClientOrDie provides a REST client for the build API. -// If the client cannot be created because of configuration error, this function -// will panic. -func (b OpenshiftControllerClientBuilder) OpenshiftConfigClientOrDie(name string) configclient.Interface { - client, err := b.OpenshiftConfigClient(name) - if err != nil { - klog.Fatal(err) - } - return client -} - func (b OpenshiftControllerClientBuilder) OpenshiftQuotaClient(name string) (quotaclient.Interface, error) { clientConfig, err := b.Config(name) if err != nil { diff --git a/vendor/k8s.io/api/batch/v1/generated.proto b/vendor/k8s.io/api/batch/v1/generated.proto index 181c79597d..df4381c737 100644 --- a/vendor/k8s.io/api/batch/v1/generated.proto +++ b/vendor/k8s.io/api/batch/v1/generated.proto @@ -213,8 +213,8 @@ message JobSpec { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional optional PodFailurePolicy podFailurePolicy = 11; diff --git a/vendor/k8s.io/api/batch/v1/types.go b/vendor/k8s.io/api/batch/v1/types.go index 346676b095..22cf9ee9cb 100644 --- a/vendor/k8s.io/api/batch/v1/types.go +++ b/vendor/k8s.io/api/batch/v1/types.go @@ -252,8 +252,8 @@ type JobSpec struct { // checked against the backoffLimit. This field cannot be used in combination // with restartPolicy=OnFailure. // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). // +optional PodFailurePolicy *PodFailurePolicy `json:"podFailurePolicy,omitempty" protobuf:"bytes,11,opt,name=podFailurePolicy"` diff --git a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go index 1f28f006cc..f6f3141f18 100644 --- a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go @@ -115,7 +115,7 @@ var map_JobSpec = map[string]string{ "parallelism": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "completions": "Specifies the desired number of successfully finished pods the job should be run with. Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", "activeDeadlineSeconds": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", - "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + "podFailurePolicy": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", "backoffLimit": "Specifies the number of retries before marking this job failed. Defaults to 6", "selector": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "manualSelector": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 94e0a71156..8ef67ca40b 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -1853,7 +1853,8 @@ message HTTPGetAction { // HTTPHeader describes a custom header to be used in HTTP probes message HTTPHeader { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. optional string name = 1; // The header field value diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index c9bb18a2cc..c831d5961c 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -2137,7 +2137,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // The header field value Value string `json:"value" protobuf:"bytes,2,opt,name=value"` diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index a2cf00db87..a01ae37173 100644 --- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -832,7 +832,7 @@ func (HTTPGetAction) SwaggerDoc() map[string]string { var map_HTTPHeader = map[string]string{ "": "HTTPHeader describes a custom header to be used in HTTP probes", - "name": "The header field name", + "name": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "value": "The header field value", } diff --git a/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go b/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go index 29fb4f950a..db18ce1ce2 100644 --- a/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go +++ b/vendor/k8s.io/apimachinery/pkg/types/namespacedname.go @@ -41,7 +41,8 @@ func (n NamespacedName) String() string { // MarshalLog emits a struct containing required key/value pair func (n NamespacedName) MarshalLog() interface{} { return struct { - Name, Namespace string + Name string `json:"name"` + Namespace string `json:"namespace,omitempty"` }{ Name: n.Name, Namespace: n.Namespace, diff --git a/vendor/k8s.io/apiserver/pkg/cel/common/values.go b/vendor/k8s.io/apiserver/pkg/cel/common/values.go index e6d7b99757..d9034a80fb 100644 --- a/vendor/k8s.io/apiserver/pkg/cel/common/values.go +++ b/vendor/k8s.io/apiserver/pkg/cel/common/values.go @@ -26,9 +26,10 @@ import ( "github.com/google/cel-go/common/types/ref" "github.com/google/cel-go/common/types/traits" + "k8s.io/kube-openapi/pkg/validation/strfmt" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apiserver/pkg/cel" - "k8s.io/kube-openapi/pkg/validation/strfmt" ) // UnstructuredToVal converts a Kubernetes unstructured data element to a CEL Val. @@ -425,7 +426,22 @@ var _ = traits.Lister(&unstructuredList{}) func (t *unstructuredList) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { switch typeDesc.Kind() { case reflect.Slice: - return t.elements, nil + switch t.itemsSchema.Type() { + // Workaround for https://github.com/kubernetes/kubernetes/issues/117590 until we + // resolve the desired behavior in cel-go via https://github.com/google/cel-go/issues/688 + case "string": + var result []string + for _, e := range t.elements { + s, ok := e.(string) + if !ok { + return nil, fmt.Errorf("expected all elements to be of type string, but got %T", e) + } + result = append(result, s) + } + return result, nil + default: + return t.elements, nil + } } return nil, fmt.Errorf("type conversion error from '%s' to '%s'", t.Type(), typeDesc) } diff --git a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go index 55b31a745a..e122248f86 100644 --- a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go +++ b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go @@ -199,7 +199,7 @@ func CalculateUsageStats(options quota.UsageStatsOptions, // need to verify that the item matches the set of scopes matchesScopes := true for _, scope := range options.Scopes { - innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope}, item) + innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope, Operator: corev1.ScopeSelectorOpExists}, item) if err != nil { return result, nil } diff --git a/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go b/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go index 198d5c9d5d..05418801e8 100644 --- a/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go +++ b/vendor/k8s.io/cli-runtime/pkg/resource/fallback_query_param_verifier.go @@ -17,7 +17,6 @@ limitations under the License. package resource import ( - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/klog/v2" ) @@ -44,12 +43,16 @@ func NewFallbackQueryParamVerifier(primary Verifier, secondary Verifier) Verifie // HasSupport returns an error if the passed GVK does not support the // query param (fieldValidation), as determined by the primary and // secondary OpenAPI endpoints. The primary endoint is checked first, -// but if it not found, the secondary attempts to determine support. -// If the GVK supports the query param, nil is returned. +// but if there is an error retrieving the OpenAPI V3 document, the +// secondary attempts to determine support. If the GVK supports the query param, +// nil is returned. func (f *fallbackQueryParamVerifier) HasSupport(gvk schema.GroupVersionKind) error { err := f.primary.HasSupport(gvk) - if errors.IsNotFound(err) { - klog.V(7).Infoln("openapi v3 endpoint not found...falling back to legacy") + // If an error was returned from the primary OpenAPI endpoint, + // we fallback to check the secondary OpenAPI endpoint for + // any error *except* "paramUnsupportedError". + if err != nil && !IsParamUnsupportedError(err) { + klog.V(7).Infof("openapi v3 error...falling back to legacy: %s", err) err = f.secondary.HasSupport(gvk) } return err diff --git a/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go b/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go index 82cd024c82..7b91d6d64b 100644 --- a/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go +++ b/vendor/k8s.io/cli-runtime/pkg/resource/query_param_verifier_v3.go @@ -17,6 +17,8 @@ limitations under the License. package resource import ( + "fmt" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" "k8s.io/client-go/openapi" @@ -62,10 +64,7 @@ func (v *queryParamVerifierV3) HasSupport(gvk schema.GroupVersionKind) error { } gvSpec, err := v.root.GVSpec(gvk.GroupVersion()) if err == nil { - if supports := supportsQueryParamV3(gvSpec, gvk, v.queryParam); supports { - return nil - } - return NewParamUnsupportedError(gvk, v.queryParam) + return supportsQueryParamV3(gvSpec, gvk, v.queryParam) } if _, isErr := err.(*openapi3.GroupVersionNotFoundError); !isErr { return err @@ -78,9 +77,7 @@ func (v *queryParamVerifierV3) HasSupport(gvk schema.GroupVersionKind) error { // If error retrieving Namespace spec, propagate error. return err } - if supports := supportsQueryParamV3(namespaceSpec, namespaceGVK, v.queryParam); supports { - return nil - } + return supportsQueryParamV3(namespaceSpec, namespaceGVK, v.queryParam) } return NewParamUnsupportedError(gvk, v.queryParam) } @@ -103,11 +100,19 @@ func hasGVKExtensionV3(extensions spec.Extensions, gvk schema.GroupVersionKind) // supportsQueryParam is a method that let's us look in the OpenAPI if the // specific group-version-kind supports the specific query parameter for -// the PATCH end-point. Returns true if the query param is supported by the -// spec for the passed GVK; false otherwise. -func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, queryParam VerifiableQueryParam) bool { +// the PATCH end-point. Returns nil if the passed GVK supports the passed +// query parameter; otherwise, a "paramUnsupportedError" is returned (except +// when an invalid document error is returned when an invalid OpenAPI V3 +// is passed in). +func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, queryParam VerifiableQueryParam) error { + if doc == nil || doc.Paths == nil { + return fmt.Errorf("Invalid OpenAPI V3 document") + } for _, path := range doc.Paths.Paths { // If operation is not PATCH, then continue. + if path == nil { + continue + } op := path.PathProps.Patch if op == nil { continue @@ -120,10 +125,10 @@ func supportsQueryParamV3(doc *spec3.OpenAPI, gvk schema.GroupVersionKind, query // for the PATCH operation. for _, param := range op.OperationProps.Parameters { if param.ParameterProps.Name == string(queryParam) { - return true + return nil } } - return false + return NewParamUnsupportedError(gvk, queryParam) } - return false + return fmt.Errorf("Path not found for GVK (%s) in OpenAPI V3 doc", gvk) } diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 641568008b..1253fa1f44 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "mime" "net/http" "net/url" "sort" @@ -58,8 +59,9 @@ const ( defaultBurst = 300 AcceptV1 = runtime.ContentTypeJSON - // Aggregated discovery content-type (currently v2beta1). NOTE: Currently, we are assuming the order - // for "g", "v", and "as" from the server. We can only compare this string if we can make that assumption. + // Aggregated discovery content-type (v2beta1). NOTE: content-type parameters + // MUST be ordered (g, v, as) for server in "Accept" header (BUT we are resilient + // to ordering when comparing returned values in "Content-Type" header). AcceptV2Beta1 = runtime.ContentTypeJSON + ";" + "g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" // Prioritize aggregated discovery by placing first in the order of discovery accept types. acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1 @@ -259,8 +261,16 @@ func (d *DiscoveryClient) downloadLegacy() ( var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: + switch { + case isV2Beta1ContentType(responseContentType): + var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList + err = json.Unmarshal(body, &aggregatedDiscovery) + if err != nil { + return nil, nil, nil, err + } + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) + default: + // Default is unaggregated discovery v1. var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { @@ -271,15 +281,6 @@ func (d *DiscoveryClient) downloadLegacy() ( apiGroup = apiVersionsToAPIGroup(&v) } apiGroupList.Groups = []metav1.APIGroup{apiGroup} - case AcceptV2Beta1: - var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList - err = json.Unmarshal(body, &aggregatedDiscovery) - if err != nil { - return nil, nil, nil, err - } - apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) - default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } return apiGroupList, resourcesByGV, failedGVs, nil @@ -313,13 +314,8 @@ func (d *DiscoveryClient) downloadAPIs() ( failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: - err = json.Unmarshal(body, apiGroupList) - if err != nil { - return nil, nil, nil, err - } - case AcceptV2Beta1: + switch { + case isV2Beta1ContentType(responseContentType): var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { @@ -327,12 +323,38 @@ func (d *DiscoveryClient) downloadAPIs() ( } apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + // Default is unaggregated discovery v1. + err = json.Unmarshal(body, apiGroupList) + if err != nil { + return nil, nil, nil, err + } } return apiGroupList, resourcesByGV, failedGVs, nil } +// isV2Beta1ContentType checks of the content-type string is both +// "application/json" and contains the v2beta1 content-type params. +// NOTE: This function is resilient to the ordering of the +// content-type parameters, as well as parameters added by +// intermediaries such as proxies or gateways. Examples: +// +// "application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true +// "application/json" = false +// "application/json; charset=UTF-8" = false +func isV2Beta1ContentType(contentType string) bool { + base, params, err := mime.ParseMediaType(contentType) + if err != nil { + return false + } + return runtime.ContentTypeJSON == base && + params["g"] == "apidiscovery.k8s.io" && + params["v"] == "v2beta1" && + params["as"] == "APIGroupDiscoveryList" +} + // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { diff --git a/vendor/k8s.io/client-go/openapi/client.go b/vendor/k8s.io/client-go/openapi/client.go index 7b58762acf..6a43057187 100644 --- a/vendor/k8s.io/client-go/openapi/client.go +++ b/vendor/k8s.io/client-go/openapi/client.go @@ -19,6 +19,7 @@ package openapi import ( "context" "encoding/json" + "strings" "k8s.io/client-go/rest" "k8s.io/kube-openapi/pkg/handler3" @@ -58,7 +59,11 @@ func (c *client) Paths() (map[string]GroupVersion, error) { // Create GroupVersions for each element of the result result := map[string]GroupVersion{} for k, v := range discoMap.Paths { - result[k] = newGroupVersion(c, v) + // If the server returned a URL rooted at /openapi/v3, preserve any additional client-side prefix. + // If the server returned a URL not rooted at /openapi/v3, treat it as an actual server-relative URL. + // See https://github.com/kubernetes/kubernetes/issues/117463 for details + useClientPrefix := strings.HasPrefix(v.ServerRelativeURL, "/openapi/v3") + result[k] = newGroupVersion(c, v, useClientPrefix) } return result, nil } diff --git a/vendor/k8s.io/client-go/openapi/groupversion.go b/vendor/k8s.io/client-go/openapi/groupversion.go index 32133a29b8..601dcbe3cc 100644 --- a/vendor/k8s.io/client-go/openapi/groupversion.go +++ b/vendor/k8s.io/client-go/openapi/groupversion.go @@ -18,6 +18,7 @@ package openapi import ( "context" + "net/url" "k8s.io/kube-openapi/pkg/handler3" ) @@ -29,18 +30,41 @@ type GroupVersion interface { } type groupversion struct { - client *client - item handler3.OpenAPIV3DiscoveryGroupVersion + client *client + item handler3.OpenAPIV3DiscoveryGroupVersion + useClientPrefix bool } -func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion) *groupversion { - return &groupversion{client: client, item: item} +func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion, useClientPrefix bool) *groupversion { + return &groupversion{client: client, item: item, useClientPrefix: useClientPrefix} } func (g *groupversion) Schema(contentType string) ([]byte, error) { - return g.client.restClient.Get(). - RequestURI(g.item.ServerRelativeURL). - SetHeader("Accept", contentType). - Do(context.TODO()). - Raw() + if !g.useClientPrefix { + return g.client.restClient.Get(). + RequestURI(g.item.ServerRelativeURL). + SetHeader("Accept", contentType). + Do(context.TODO()). + Raw() + } + + locator, err := url.Parse(g.item.ServerRelativeURL) + if err != nil { + return nil, err + } + + path := g.client.restClient.Get(). + AbsPath(locator.Path). + SetHeader("Accept", contentType) + + // Other than root endpoints(openapiv3/apis), resources have hash query parameter to support etags. + // However, absPath does not support handling query parameters internally, + // so that hash query parameter is added manually + for k, value := range locator.Query() { + for _, v := range value { + path.Param(k, v) + } + } + + return path.Do(context.TODO()).Raw() } diff --git a/vendor/k8s.io/cloud-provider/controllers/service/controller.go b/vendor/k8s.io/cloud-provider/controllers/service/controller.go index 7aa76bf19c..ffd2929539 100644 --- a/vendor/k8s.io/cloud-provider/controllers/service/controller.go +++ b/vendor/k8s.io/cloud-provider/controllers/service/controller.go @@ -660,15 +660,10 @@ func nodeNames(nodes []*v1.Node) sets.String { } func shouldSyncUpdatedNode(oldNode, newNode *v1.Node) bool { - if utilfeature.DefaultFeatureGate.Enabled(features.StableLoadBalancerNodeSet) { - // Only Nodes with changes to the label - // "node.kubernetes.io/exclude-from-external-load-balancers" will - // trigger a load balancer re-sync. - return respectsPredicates(oldNode, nodeIncludedPredicate) != respectsPredicates(newNode, nodeIncludedPredicate) - } // Evaluate the individual node exclusion predicate before evaluating the - // compounded result of all predicates. We don't sync ETP=local services - // for changes on the readiness condition, hence if a node remains NotReady + // compounded result of all predicates. We don't sync changes on the + // readiness condition for eTP:Local services or when + // StableLoadBalancerNodeSet is enabled, hence if a node remains NotReady // and a user adds the exclusion label we will need to sync as to make sure // this change is reflected correctly on ETP=local services. The sync // function compares lastSyncedNodes with the new (existing) set of nodes @@ -679,7 +674,14 @@ func shouldSyncUpdatedNode(oldNode, newNode *v1.Node) bool { if respectsPredicates(oldNode, nodeIncludedPredicate) != respectsPredicates(newNode, nodeIncludedPredicate) { return true } - return respectsPredicates(oldNode, allNodePredicates...) != respectsPredicates(newNode, allNodePredicates...) + // For the same reason as above, also check for changes to the providerID + if respectsPredicates(oldNode, nodeHasProviderIDPredicate) != respectsPredicates(newNode, nodeHasProviderIDPredicate) { + return true + } + if !utilfeature.DefaultFeatureGate.Enabled(features.StableLoadBalancerNodeSet) { + return respectsPredicates(oldNode, allNodePredicates...) != respectsPredicates(newNode, allNodePredicates...) + } + return false } // syncNodes handles updating the hosts pointed to by all load @@ -937,14 +939,17 @@ var ( nodeIncludedPredicate, nodeUnTaintedPredicate, nodeReadyPredicate, + nodeHasProviderIDPredicate, } etpLocalNodePredicates []NodeConditionPredicate = []NodeConditionPredicate{ nodeIncludedPredicate, nodeUnTaintedPredicate, + nodeHasProviderIDPredicate, } stableNodeSetPredicates []NodeConditionPredicate = []NodeConditionPredicate{ nodeNotDeletedPredicate, nodeIncludedPredicate, + nodeHasProviderIDPredicate, // This is not perfect, but probably good enough. We won't update the // LBs just because the taint was added (see shouldSyncUpdatedNode) but // if any other situation causes an LB sync, tainted nodes will be @@ -970,6 +975,10 @@ func nodeIncludedPredicate(node *v1.Node) bool { return !hasExcludeBalancerLabel } +func nodeHasProviderIDPredicate(node *v1.Node) bool { + return node.Spec.ProviderID != "" +} + // We consider the node for load balancing only when its not tainted for deletion by the cluster autoscaler. func nodeUnTaintedPredicate(node *v1.Node) bool { for _, taint := range node.Spec.Taints { diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go index d8f657b742..5d5b51b1bc 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go @@ -2037,7 +2037,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string // The header field value Value string diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index 4cc4127f98..9f7ba5c2d7 100644 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -1078,7 +1078,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS NetworkPolicyStatus: {Default: false, PreRelease: featuregate.Alpha}, - NewVolumeManagerReconstruction: {Default: true, PreRelease: featuregate.Beta}, + NewVolumeManagerReconstruction: {Default: false, PreRelease: featuregate.Beta}, // disabled for https://github.com/kubernetes/kubernetes/issues/117745 NodeLogQuery: {Default: true, PreRelease: featuregate.Alpha}, @@ -1160,7 +1160,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS NodeInclusionPolicyInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta}, - SELinuxMountReadWriteOncePod: {Default: true, PreRelease: featuregate.Beta}, + SELinuxMountReadWriteOncePod: {Default: false, PreRelease: featuregate.Beta}, // disabled for https://github.com/kubernetes/kubernetes/issues/117745 InPlacePodVerticalScaling: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go index 9a7dd5d672..f7a97fb8e6 100644 --- a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go +++ b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go @@ -14545,7 +14545,7 @@ func schema_k8sio_api_batch_v1_JobSpec(ref common.ReferenceCallback) common.Open }, "podFailurePolicy": { SchemaProps: spec.SchemaProps{ - Description: "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + Description: "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).", Ref: ref("k8s.io/api/batch/v1.PodFailurePolicy"), }, }, @@ -19979,7 +19979,7 @@ func schema_k8sio_api_core_v1_HTTPHeader(ref common.ReferenceCallback) common.Op Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "The header field name", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Default: "", Type: []string{"string"}, Format: "", diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go index 8cb57aa819..7499de4460 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go @@ -544,15 +544,29 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi return nil, fmt.Errorf("pod %q container %q changed request for resource %q from %d to %d", string(podUID), contName, resource, devices.Len(), required) } } + + klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) + healthyDevices, hasRegistered := m.healthyDevices[resource] + + // Check if resource registered with devicemanager + if !hasRegistered { + return nil, fmt.Errorf("cannot allocate unregistered device %s", resource) + } + + // Check if registered resource has healthy devices + if healthyDevices.Len() == 0 { + return nil, fmt.Errorf("no healthy devices present; cannot allocate unhealthy devices %s", resource) + } + + // Check if all the previously allocated devices are healthy + if !healthyDevices.IsSuperset(devices) { + return nil, fmt.Errorf("previously allocated devices are no longer healthy; cannot allocate unhealthy devices %s", resource) + } + if needed == 0 { // No change, no work. return nil, nil } - klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) - // Check if resource registered with devicemanager - if _, ok := m.healthyDevices[resource]; !ok { - return nil, fmt.Errorf("can't allocate unregistered device %s", resource) - } // Declare the list of allocated devices. // This will be populated and returned below. diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go index 0605ab4d32..1e6359f568 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go @@ -212,32 +212,36 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim return &kubecontainer.RuntimeStatus{Conditions: conditions} } -func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) string { +func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (string, error) { if scmp == nil { if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return v1.SeccompLocalhostProfileNamePrefix + fname + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return v1.SeccompLocalhostProfileNamePrefix + fname, nil + } else { + return "", fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") + } } if scmp.Type == v1.SeccompProfileTypeUnconfined { - return v1.SeccompProfileNameUnconfined + return v1.SeccompProfileNameUnconfined, nil } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) string { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (string, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -249,42 +253,46 @@ func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } -func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { +func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { if scmp == nil { if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return &runtimeapi.SecurityProfile{ - ProfileType: runtimeapi.SecurityProfile_Localhost, - LocalhostRef: fname, + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return &runtimeapi.SecurityProfile{ + ProfileType: runtimeapi.SecurityProfile_Localhost, + LocalhostRef: fname, + }, nil + } else { + return nil, fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") } } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -298,10 +306,10 @@ func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]str if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go index 5e6f05b4e1..d933a71042 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go @@ -37,9 +37,16 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po // TODO: Deprecated, remove after we switch to Seccomp field // set SeccompProfilePath. - synthesized.SeccompProfilePath = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + var err error + synthesized.SeccompProfilePath, err = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } - synthesized.Seccomp = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } // set ApparmorProfile. synthesized.ApparmorProfile = apparmor.GetProfileNameFromPodAnnotations(pod.Annotations, container.Name) diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/pod_workers.go b/vendor/k8s.io/kubernetes/pkg/kubelet/pod_workers.go index c6b7f33b00..82e7cb93c2 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/pod_workers.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/pod_workers.go @@ -775,16 +775,23 @@ func (p *podWorkers) UpdatePod(options UpdatePodOptions) { } // if this pod is being synced for the first time, we need to make sure it is an active pod if options.Pod != nil && (options.Pod.Status.Phase == v1.PodFailed || options.Pod.Status.Phase == v1.PodSucceeded) { - // check to see if the pod is not running and the pod is terminal. - // If this succeeds then record in the podWorker that it is terminated. + // Check to see if the pod is not running and the pod is terminal; if this succeeds then record in the podWorker that it is terminated. + // This is needed because after a kubelet restart, we need to ensure terminal pods will NOT be considered active in Pod Admission. See http://issues.k8s.io/105523 + // However, `filterOutInactivePods`, considers pods that are actively terminating as active. As a result, `IsPodKnownTerminated()` needs to return true and thus `terminatedAt` needs to be set. if statusCache, err := p.podCache.Get(uid); err == nil { if isPodStatusCacheTerminal(statusCache) { + // At this point we know: + // (1) The pod is terminal based on the config source. + // (2) The pod is terminal based on the runtime cache. + // This implies that this pod had already completed `SyncTerminatingPod` sometime in the past. The pod is likely being synced for the first time due to a kubelet restart. + // These pods need to complete SyncTerminatedPod to ensure that all resources are cleaned and that the status manager makes the final status updates for the pod. + // As a result, set finished: false, to ensure a Terminated event will be sent and `SyncTerminatedPod` will run. status = &podSyncStatus{ terminatedAt: now, terminatingAt: now, syncedAt: now, startedTerminating: true, - finished: true, + finished: false, fullname: kubecontainer.BuildPodFullName(name, ns), } } diff --git a/vendor/k8s.io/kubernetes/pkg/probe/http/request.go b/vendor/k8s.io/kubernetes/pkg/probe/http/request.go index 4285c0a4cc..fb7f818b24 100644 --- a/vendor/k8s.io/kubernetes/pkg/probe/http/request.go +++ b/vendor/k8s.io/kubernetes/pkg/probe/http/request.go @@ -113,7 +113,7 @@ func formatURL(scheme string, host string, port int, path string) *url.URL { func v1HeaderToHTTPHeader(headerList []v1.HTTPHeader) http.Header { headers := make(http.Header) for _, header := range headerList { - headers[header.Name] = append(headers[header.Name], header.Value) + headers.Add(header.Name, header.Value) } return headers } diff --git a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink.go b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink.go index ab0b9eaaa1..cc173eae5c 100644 --- a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink.go +++ b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink.go @@ -40,4 +40,9 @@ type NetLinkHandle interface { // Only the addresses of the current family are returned. // IPv6 link-local and loopback addresses are excluded. GetLocalAddresses(dev string) (sets.Set[string], error) + // GetAllLocalAddressesExcept return all local addresses on the node, except from the passed dev. + // This is not the same as to take the diff between GetAllLocalAddresses and GetLocalAddresses + // since an address can be assigned to many interfaces. This problem raised + // https://github.com/kubernetes/kubernetes/issues/114815 + GetAllLocalAddressesExcept(dev string) (sets.Set[string], error) } diff --git a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_linux.go b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_linux.go index f4d2368885..1c0f8c2b34 100644 --- a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_linux.go @@ -24,6 +24,7 @@ import ( "net" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/klog/v2" utilproxy "k8s.io/kubernetes/pkg/proxy/util" netutils "k8s.io/utils/net" @@ -164,3 +165,30 @@ func (h *netlinkHandle) isValidForSet(ip net.IP) bool { } return true } + +// GetAllLocalAddressesExcept return all local addresses on the node, +// except from the passed dev. This is not the same as to take the +// diff between GetAllLocalAddresses and GetLocalAddresses since an +// address can be assigned to many interfaces. This problem raised +// https://github.com/kubernetes/kubernetes/issues/114815 +func (h *netlinkHandle) GetAllLocalAddressesExcept(dev string) (sets.Set[string], error) { + ifaces, err := net.Interfaces() + if err != nil { + return nil, err + } + var addr []net.Addr + for _, iface := range ifaces { + if iface.Name == dev { + continue + } + ifadr, err := iface.Addrs() + if err != nil { + // This may happen if the interface was deleted. Ignore + // but log the error. + klog.ErrorS(err, "Reading addresses", "interface", iface.Name) + continue + } + addr = append(addr, ifadr...) + } + return utilproxy.AddressSet(h.isValidForSet, addr), nil +} diff --git a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_unsupported.go b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_unsupported.go index 31f3fb7406..1cb38d3fb8 100644 --- a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_unsupported.go +++ b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/netlink_unsupported.go @@ -71,6 +71,11 @@ func (h *netlinkHandle) GetLocalAddresses(dev string) (sets.Set[string], error) return nil, fmt.Errorf("netlink is not supported in this platform") } +// GetAllLocalAddressesExcept is part of interface. +func (h *netlinkHandle) GetAllLocalAddressesExcept(dev string) (sets.Set[string], error) { + return nil, fmt.Errorf("netlink is not supported in this platform") +} + // Must match the one in proxier_test.go func (h *netlinkHandle) isValidForSet(ip net.IP) bool { return false diff --git a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go index cf52b2fcdc..4b67610186 100644 --- a/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go +++ b/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go @@ -1013,11 +1013,10 @@ func (proxier *Proxier) syncProxyRules() { klog.ErrorS(err, "Error listing addresses binded to dummy interface") } // nodeAddressSet All addresses *except* those on the dummy interface - nodeAddressSet, err := proxier.netlinkHandle.GetAllLocalAddresses() + nodeAddressSet, err := proxier.netlinkHandle.GetAllLocalAddressesExcept(defaultDummyDevice) if err != nil { klog.ErrorS(err, "Error listing node addresses") } - nodeAddressSet = nodeAddressSet.Difference(alreadyBoundAddrs) hasNodePort := false for _, svc := range proxier.svcPortMap { @@ -1193,9 +1192,13 @@ func (proxier *Proxier) syncProxyRules() { if proxier.ipvsScheduler == "mh" { serv.Flags |= utilipvs.FlagSourceHash } - if err := proxier.syncService(svcPortNameString, serv, true, alreadyBoundAddrs); err == nil { + // We must not add the address to the dummy device if it exist on another interface + shouldBind := !nodeAddressSet.Has(serv.Address.String()) + if err := proxier.syncService(svcPortNameString, serv, shouldBind, alreadyBoundAddrs); err == nil { activeIPVSServices.Insert(serv.String()) - activeBindAddrs.Insert(serv.Address.String()) + if shouldBind { + activeBindAddrs.Insert(serv.Address.String()) + } if err := proxier.syncEndpoint(svcPortName, svcInfo.ExternalPolicyLocal(), serv); err != nil { klog.ErrorS(err, "Failed to sync endpoint for service", "servicePortName", svcPortName, "virtualServer", serv) } @@ -1296,9 +1299,13 @@ func (proxier *Proxier) syncProxyRules() { if proxier.ipvsScheduler == "mh" { serv.Flags |= utilipvs.FlagSourceHash } - if err := proxier.syncService(svcPortNameString, serv, true, alreadyBoundAddrs); err == nil { + // We must not add the address to the dummy device if it exist on another interface + shouldBind := !nodeAddressSet.Has(serv.Address.String()) + if err := proxier.syncService(svcPortNameString, serv, shouldBind, alreadyBoundAddrs); err == nil { activeIPVSServices.Insert(serv.String()) - activeBindAddrs.Insert(serv.Address.String()) + if shouldBind { + activeBindAddrs.Insert(serv.Address.String()) + } if err := proxier.syncEndpoint(svcPortName, svcInfo.ExternalPolicyLocal(), serv); err != nil { klog.ErrorS(err, "Failed to sync endpoint for service", "servicePortName", svcPortName, "virtualServer", serv) } @@ -1726,6 +1733,9 @@ func (proxier *Proxier) writeIptablesRules() { proxier.filterRules.Write( "-A", string(kubeIPVSFilterChain), "-m", "set", "--match-set", proxier.ipsetList[kubeExternalIPSet].Name, "dst,dst", "-j", "RETURN") + proxier.filterRules.Write( + "-A", string(kubeIPVSFilterChain), + "-m", "set", "--match-set", proxier.ipsetList[kubeHealthCheckNodePortSet].Name, "dst", "-j", "RETURN") proxier.filterRules.Write( "-A", string(kubeIPVSFilterChain), "-m", "conntrack", "--ctstate", "NEW", diff --git a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go index d3c51139cd..a201c58383 100644 --- a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go +++ b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go @@ -328,6 +328,11 @@ func podMatchesScopeFunc(selector corev1.ScopedResourceSelectorRequirement, obje case corev1.ResourceQuotaScopeNotBestEffort: return !isBestEffort(pod), nil case corev1.ResourceQuotaScopePriorityClass: + if selector.Operator == corev1.ScopeSelectorOpExists { + // This is just checking for existence of a priorityClass on the pod, + // no need to take the overhead of selector parsing/evaluation. + return len(pod.Spec.PriorityClassName) != 0, nil + } return podMatchesSelector(pod, selector) case corev1.ResourceQuotaScopeCrossNamespacePodAffinity: return usesCrossNamespacePodAffinity(pod), nil diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go index 68e215dd2a..933ee0ff68 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go @@ -355,6 +355,7 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. // Otherwise we should delete the victim. if waitingPod := fh.GetWaitingPod(victim.UID); waitingPod != nil { waitingPod.Reject(pluginName, "preempted") + klog.V(2).InfoS("Preemptor pod rejected a waiting pod", "preemptor", klog.KObj(pod), "waitingPod", klog.KObj(victim), "node", c.Name()) } else { if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { victimPodApply := corev1apply.Pod(victim.Name, victim.Namespace).WithStatus(corev1apply.PodStatus()) @@ -377,7 +378,9 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. errCh.SendErrorWithCancel(err, cancel) return } + klog.V(2).InfoS("Preemptor Pod preempted victim Pod", "preemptor", klog.KObj(pod), "victim", klog.KObj(victim), "node", c.Name()) } + fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by a pod on node %v", c.Name()) } diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go index d8684f5ae0..8c5e9518ab 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go @@ -358,6 +358,20 @@ func NewFramework(r Registry, profile *config.KubeSchedulerProfile, stopCh <-cha options.captureProfile(outputProfile) } + // Cache metric streams for prefilter and filter plugins. + for i, pl := range f.preFilterPlugins { + f.preFilterPlugins[i] = &instrumentedPreFilterPlugin{ + PreFilterPlugin: f.preFilterPlugins[i], + metric: metrics.PluginEvaluationTotal.WithLabelValues(pl.Name(), metrics.PreFilter, f.profileName), + } + } + for i, pl := range f.filterPlugins { + f.filterPlugins[i] = &instrumentedFilterPlugin{ + FilterPlugin: f.filterPlugins[i], + metric: metrics.PluginEvaluationTotal.WithLabelValues(pl.Name(), metrics.Filter, f.profileName), + } + } + return f, nil } @@ -614,7 +628,6 @@ func (f *frameworkImpl) RunPreFilterPlugins(ctx context.Context, state *framewor skipPlugins.Insert(pl.Name()) continue } - metrics.PluginEvaluationTotal.WithLabelValues(pl.Name(), metrics.PreFilter, f.profileName).Inc() if !s.IsSuccess() { s.SetFailedPlugin(pl.Name()) if s.IsUnschedulable() { @@ -732,7 +745,6 @@ func (f *frameworkImpl) RunFilterPlugins( if state.SkipFilterPlugins.Has(pl.Name()) { continue } - metrics.PluginEvaluationTotal.WithLabelValues(pl.Name(), metrics.Filter, f.profileName).Inc() if status := f.runFilterPlugin(ctx, pl, state, pod, nodeInfo); !status.IsSuccess() { if !status.IsUnschedulable() { // Filter plugins are not supposed to return any status other than diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/instrumented_plugins.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/instrumented_plugins.go new file mode 100644 index 0000000000..152d6788a9 --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/instrumented_plugins.go @@ -0,0 +1,54 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package runtime + +import ( + "context" + + v1 "k8s.io/api/core/v1" + compbasemetrics "k8s.io/component-base/metrics" + "k8s.io/kubernetes/pkg/scheduler/framework" +) + +type instrumentedFilterPlugin struct { + framework.FilterPlugin + + metric compbasemetrics.CounterMetric +} + +var _ framework.FilterPlugin = &instrumentedFilterPlugin{} + +func (p *instrumentedFilterPlugin) Filter(ctx context.Context, state *framework.CycleState, pod *v1.Pod, nodeInfo *framework.NodeInfo) *framework.Status { + p.metric.Inc() + return p.FilterPlugin.Filter(ctx, state, pod, nodeInfo) +} + +type instrumentedPreFilterPlugin struct { + framework.PreFilterPlugin + + metric compbasemetrics.CounterMetric +} + +var _ framework.PreFilterPlugin = &instrumentedPreFilterPlugin{} + +func (p *instrumentedPreFilterPlugin) PreFilter(ctx context.Context, state *framework.CycleState, pod *v1.Pod) (*framework.PreFilterResult, *framework.Status) { + result, status := p.PreFilterPlugin.PreFilter(ctx, state, pod) + if !status.IsSkip() { + p.metric.Inc() + } + return result, status +} diff --git a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go index 7a1e5e5817..ae71511497 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go @@ -252,7 +252,7 @@ func (b *configMapVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA setPerms := func(_ string) error { // This may be the first time writing and new files get created outside the timestamp subdirectory: // change the permissions on the whole volume and not only in the timestamp directory. - return volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) } err = writer.Write(payload, setPerms) if err != nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go index 8ffb3acf49..ef3c98258a 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go @@ -595,14 +595,13 @@ func (c *csiAttacher) UnmountDevice(deviceMountPath string) error { driverName = data[volDataKey.driverName] volID = data[volDataKey.volHandle] } else { - klog.Error(log("UnmountDevice failed to load volume data file [%s]: %v", dataDir, err)) - - // The volume might have been mounted by old CSI volume plugin. Fall back to the old behavior: read PV from API server - driverName, volID, err = getDriverAndVolNameFromDeviceMountPath(c.k8s, deviceMountPath) - if err != nil { - klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) - return err + if errors.Is(err, os.ErrNotExist) { + klog.V(4).Info(log("attacher.UnmountDevice skipped because volume data file [%s] does not exist", dataDir)) + return nil } + + klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) + return err } if c.csiClient == nil { @@ -682,36 +681,6 @@ func makeDeviceMountPath(plugin *csiPlugin, spec *volume.Spec) (string, error) { return filepath.Join(plugin.host.GetPluginDir(plugin.GetPluginName()), driver, volSha, globalMountInGlobalPath), nil } -func getDriverAndVolNameFromDeviceMountPath(k8s kubernetes.Interface, deviceMountPath string) (string, string, error) { - // deviceMountPath structure: /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname}/globalmount - dir := filepath.Dir(deviceMountPath) - if file := filepath.Base(deviceMountPath); file != globalMountInGlobalPath { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, path did not end in %s", globalMountInGlobalPath)) - } - // dir is now /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname} - pvName := filepath.Base(dir) - - // Get PV and check for errors - pv, err := k8s.CoreV1().PersistentVolumes().Get(context.TODO(), pvName, metav1.GetOptions{}) - if err != nil { - return "", "", err - } - if pv == nil || pv.Spec.CSI == nil { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath could not find CSI Persistent Volume Source for pv: %s", pvName)) - } - - // Get VolumeHandle and PluginName from pv - csiSource := pv.Spec.CSI - if csiSource.Driver == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, driver name empty")) - } - if csiSource.VolumeHandle == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, VolumeHandle empty")) - } - - return csiSource.Driver, csiSource.VolumeHandle, nil -} - func verifyAttachmentStatus(attachment *storage.VolumeAttachment, volumeHandle string) (bool, error) { // when we received a deleted event during attachment, fail fast if attachment == nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go index 1974b03675..468f882b88 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go @@ -333,7 +333,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error // Driver doesn't support applying FSGroup. Kubelet must apply it instead. // fullPluginName helps to distinguish different driver from csi plugin - err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) + err := volume.SetVolumeOwnership(c, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) if err != nil { // At this point mount operation is successful: // 1. Since volume can not be used by the pod because of invalid permissions, we must return error diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go index ee2bdc193b..bb4d799ff3 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go @@ -79,7 +79,7 @@ func loadVolumeData(dir string, fileName string) (map[string]string, error) { file, err := os.Open(dataFileName) if err != nil { - return nil, errors.New(log("failed to open volume data file [%s]: %v", dataFileName, err)) + return nil, fmt.Errorf("%s: %w", log("failed to open volume data file [%s]", dataFileName), err) } defer file.Close() data := map[string]string{} diff --git a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go index b13e6ea601..54364009d0 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go @@ -223,7 +223,7 @@ func (b *downwardAPIVolumeMounter) SetUpAt(dir string, mounterArgs volume.Mounte setPerms := func(_ string) error { // This may be the first time writing and new files get created outside the timestamp subdirectory: // change the permissions on the whole volume and not only in the timestamp directory. - return volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) } err = writer.Write(data, setPerms) if err != nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go index 9ad981c54b..e75bccd492 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go @@ -280,7 +280,7 @@ func (ed *emptyDir) SetUpAt(dir string, mounterArgs volume.MounterArgs) error { err = fmt.Errorf("unknown storage medium %q", ed.medium) } - volume.SetVolumeOwnership(ed, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) + volume.SetVolumeOwnership(ed, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) // If setting up the quota fails, just log a message but don't actually error out. // We'll use the old du mechanism in this case, at least until we support diff --git a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go index bb054ea166..02e15c4f85 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go @@ -91,7 +91,7 @@ func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mou } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go index 8098cfdb66..3821af7e92 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go @@ -95,7 +95,7 @@ func (f *flexVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !f.readOnly { if f.plugin.capabilities.FSGroup { // fullPluginName helps to distinguish different driver from flex volume plugin - volume.SetVolumeOwnership(f, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) + volume.SetVolumeOwnership(f, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) } } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go index 7bbeade0ef..8dd63cf623 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go @@ -430,7 +430,7 @@ func (b *gcePersistentDiskMounter) SetUpAt(dir string, mounterArgs volume.Mounte klog.V(4).Infof("mount of disk %s succeeded", dir) if !b.readOnly { - if err := volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { + if err := volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { klog.Errorf("SetVolumeOwnership returns error %v", err) } } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go index fe890032e2..995018d900 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go @@ -235,7 +235,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg return fmt.Errorf("failed to exec 'git reset --hard': %s: %v", output, err) } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) volumeutil.SetReady(b.getMetaDir()) return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go index 6d60e44efa..6aa8652bd6 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go index ca0bc30400..0c8fe07539 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go @@ -615,7 +615,7 @@ func (m *localVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !m.readOnly { // Volume owner will be written only once on the first volume mount if len(refs) == 0 { - return volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) + return volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) } } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go index e0eaf94495..6b9243f523 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go @@ -335,7 +335,7 @@ func (b *portworxVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterAr return err } if !b.readOnly { - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir) return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go index c82b38653e..deb7728168 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go @@ -233,7 +233,7 @@ func (s *projectedVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA setPerms := func(_ string) error { // This may be the first time writing and new files get created outside the timestamp subdirectory: // change the permissions on the whole volume and not only in the timestamp directory. - return volume.SetVolumeOwnership(s, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) + return volume.SetVolumeOwnership(s, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) } err = writer.Write(data, setPerms) if err != nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go index edff33540f..2131c7eced 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount. klog.V(3).Infof("rbd: successfully bind mount %s to %s with options %v", globalPDPath, volPath, mountOptions) if !b.ReadOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go index f43f1bffa3..f1d2c9c59f 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go @@ -247,7 +247,7 @@ func (b *secretVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs setPerms := func(_ string) error { // This may be the first time writing and new files get created outside the timestamp subdirectory: // change the permissions on the whole volume and not only in the timestamp directory. - return volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) } err = writer.Write(payload, setPerms) if err != nil { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go index 57c0281502..ec7f6da4bf 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go @@ -40,22 +40,22 @@ const ( // SetVolumeOwnership modifies the given volume to be owned by // fsGroup, and sets SetGid so that newly created files are owned by // fsGroup. If fsGroup is nil nothing is done. -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { if fsGroup == nil { return nil } timer := time.AfterFunc(30*time.Second, func() { - klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", mounter.GetPath()) + klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", dir) }) defer timer.Stop() - if skipPermissionChange(mounter, fsGroup, fsGroupChangePolicy) { - klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", mounter.GetPath()) + if skipPermissionChange(mounter, dir, fsGroup, fsGroupChangePolicy) { + klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", dir) return nil } - err := walkDeep(mounter.GetPath(), func(path string, info os.FileInfo, err error) error { + err := walkDeep(dir, func(path string, info os.FileInfo, err error) error { if err != nil { return err } @@ -104,14 +104,12 @@ func changeFilePermission(filename string, fsGroup *int64, readonly bool, info o return nil } -func skipPermissionChange(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { - dir := mounter.GetPath() - +func skipPermissionChange(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { if fsGroupChangePolicy == nil || *fsGroupChangePolicy != v1.FSGroupChangeOnRootMismatch { klog.V(4).InfoS("Perform recursive ownership change for directory", "path", dir) return false } - return !requiresPermissionChange(mounter.GetPath(), fsGroup, mounter.GetAttributes().ReadOnly) + return !requiresPermissionChange(dir, fsGroup, mounter.GetAttributes().ReadOnly) } func requiresPermissionChange(rootDir string, fsGroup *int64, readonly bool) bool { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go index 20c56d4b63..3b5a200a61 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go @@ -24,6 +24,6 @@ import ( "k8s.io/kubernetes/pkg/volume/util/types" ) -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { return nil } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go index 0660eed66b..9d5dd3a4a7 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go @@ -277,7 +277,7 @@ func (b *vsphereVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg os.Remove(dir) return err } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) klog.V(3).Infof("vSphere volume %s mounted to %s", b.volPath, dir) return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 51e80fa107..3ec35122eb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -754,7 +754,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/cluster-policy-controller v0.0.0-20230522165024-f70fc1e84b78 +# github.com/openshift/cluster-policy-controller v0.0.0-20230524145357-cc787e1b1e17 ## explicit; go 1.20 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller @@ -810,7 +810,7 @@ github.com/openshift/library-go/pkg/route/validation github.com/openshift/library-go/pkg/security/ldaputil github.com/openshift/library-go/pkg/security/uid github.com/openshift/library-go/pkg/serviceability -# github.com/openshift/route-controller-manager v0.0.0-20230509091526-ee49bd6f1873 +# github.com/openshift/route-controller-manager v0.0.0-20230524200047-38d9ec83ce46 ## explicit; go 1.20 github.com/openshift/route-controller-manager/pkg/cmd/controller/route github.com/openshift/route-controller-manager/pkg/cmd/route-controller-manager @@ -1309,7 +1309,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/api v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1366,7 +1366,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/apiextensions-apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1410,7 +1410,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/apimachinery v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1475,7 +1475,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1633,12 +1633,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/cli-runtime v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/client-go v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1975,7 +1975,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1997,14 +1997,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2038,7 +2038,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/component-helpers v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2051,7 +2051,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/controller-manager v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2068,16 +2068,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2096,13 +2096,13 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kms v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kube-aggregator v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2133,7 +2133,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f @@ -2166,13 +2166,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kubectl v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2207,7 +2207,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2224,7 +2224,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.27.1 => github.com/openshift/kubernetes v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/kubernetes v1.27.1 => github.com/openshift/kubernetes v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3028,7 +3028,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/legacy-cloud-providers/azure k8s.io/legacy-cloud-providers/azure/auth @@ -3070,7 +3070,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3085,10 +3085,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/pod-security-admission v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 ## explicit; go 1.20 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3121,7 +3121,7 @@ k8s.io/utils/pointer k8s.io/utils/strings k8s.io/utils/strings/slices k8s.io/utils/trace -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.1 +# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 ## explicit; go 1.17 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics @@ -3231,33 +3231,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230521153343-38c64ac43b86 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230521153343-38c64ac43b86 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230525170236-15f19ea2dd70 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230525170236-15f19ea2dd70 diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go index 68a3ebf12c..541e6a5aa1 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go @@ -132,6 +132,11 @@ type grpcTunnel struct { // serving. done chan struct{} + // started is an atomic bool represented as a 0 or 1, and set to true when a single-use tunnel has been started (dialed). + // started should only be accessed through atomic methods. + // TODO: switch this to an atomic.Bool once the client is exclusively buit with go1.19+ + started uint32 + // closing is an atomic bool represented as a 0 or 1, and set to true when the tunnel is being closed. // closing should only be accessed through atomic methods. // TODO: switch this to an atomic.Bool once the client is exclusively buit with go1.19+ @@ -197,6 +202,7 @@ func newUnstartedTunnel(stream client.ProxyService_ProxyClient, c clientConn) *g conns: connectionManager{conns: make(map[int64]*conn)}, readTimeoutSeconds: 10, done: make(chan struct{}), + started: 0, } s := metrics.ClientConnectionStatusCreated t.prevStatus.Store(s) @@ -393,6 +399,11 @@ func (t *grpcTunnel) DialContext(requestCtx context.Context, protocol, address s } func (t *grpcTunnel) dialContext(requestCtx context.Context, protocol, address string) (net.Conn, error) { + prevStarted := atomic.SwapUint32(&t.started, 1) + if prevStarted != 0 { + return nil, &dialFailure{"single-use dialer already dialed", metrics.DialFailureAlreadyStarted} + } + select { case <-t.done: return nil, errors.New("tunnel is closed") @@ -515,11 +526,11 @@ func (t *grpcTunnel) Recv() (*client.Packet, error) { const segment = commonmetrics.SegmentToClient pkt, err := t.stream.Recv() - if err != nil && err != io.EOF { - metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) - } if err != nil { - return pkt, err + if err != io.EOF { + metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) + } + return nil, err } metrics.Metrics.ObservePacket(segment, pkt.Type) return pkt, nil diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go index 03e9d94da8..ce942e3ebb 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go @@ -62,6 +62,8 @@ const ( // DialFailureTunnelClosed indicates that the client connection was closed before the dial could // complete. DialFailureTunnelClosed DialFailureReason = "tunnelclosed" + // DialFailureAlreadyStarted indicates that a single-use tunnel dialer was already used once. + DialFailureAlreadyStarted DialFailureReason = "tunnelstarted" ) type ClientConnectionStatus string