From 05afcc8f490db665a834b333d66cbf843985a67f Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:08:03 +0000 Subject: [PATCH 1/9] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 87695842c4..f473a3babc 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2023-08-11-055332" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.14.0-0.nightly-arm64-2023-08-28-154011" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2023-08-28-154013" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.14.0-0.nightly-arm64-2023-08-29-102228" From 98d77ee79c3be7e6c70de6da58f1a56aaf659a64 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:08:03 +0000 Subject: [PATCH 2/9] update changelog --- scripts/auto-rebase/changelog.txt | 207 +++++++++++++++++++++++++++++- scripts/auto-rebase/commits.txt | 30 ++--- 2 files changed, 221 insertions(+), 16 deletions(-) diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index de7090577b..36c297b8e0 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,3 +1,208 @@ -- oc image-arm64 70d3cc5896928402fa962d4b728bae2ab2174e00 to 795bf1a6260847ecfc612da2ab11ea2d6e07da16 +- cluster-csi-snapshot-controller-operator embedded-component 4670bf64fb29fbe0fbd78368de63d9f88451fb23 to 9a67364ca9b2761f9bfffd7f600018788f94a5dd + - 1ab653a 2023-08-10T18:46:40+02:00 add allow-guest-webhooks label to csi-snapshot-webhook service + - 518837d 2023-08-09T17:14:08-04:00 Set readOnlyRootFilesystem to false + +- cluster-dns-operator embedded-component 6cfee191de08cede60bed8cea6f8e17f730adf61 to f5f12b76e1d19ca9c98013158a0a5aae278a4d57 + - 944f87d 2023-08-16T11:38:20-04:00 OCPBUGS-15605: Update bufsize to 1232 bytes + - 1f7ac36 2023-08-11T10:41:41-04:00 Revert "Set DNS DaemonSet's maxSurge value to 10%" + - 7c65c37 2023-07-26T13:06:01-07:00 pkg/operator/controller: Only bump lastTransitionTime on 'status' changes + +- cluster-ingress-operator embedded-component 8f2f0352a02be251a9fa118fe1297ee3e90b58be to cd9777112490675bcb38d1aaff13e6082965eeb5 + - 5578044 2023-08-15T19:15:12-04:00 Check public DNS zone when reporting status + - 7230a6c 2023-08-11T19:54:27+10:00 Set/Delete HTTP Request/Response Headers via Ingress Controller API pkg/operator/controller/ingress/deployment.go Fetches the headers from the ingress controller CR and then sets the router deployment with environment vars with the header value and action. pkg/operator/controller/ingress/deployment_test.go Units tests for setting enviroment var in thr router deployment. + - 481f811 2023-08-11T13:09:29+10:00 `go.mod` Adds openshift/api containing IngressController API which is used to set the HTTP header request/reponse in Ingress Controller CR's spec. The other files are generated files after running `go mod tidy` followed by `go mod vendor`. + - 42c4f82 2023-08-10T10:59:58-04:00 TestHstsPolicyWorks: Wait for NS to be provisioned + - e32c79f 2023-08-10T10:59:45-04:00 TestHstsPolicyWorks: Dump events if test fails + - 962c699 2023-08-09T11:14:14-04:00 test/e2e: Don't use openshift/origin-node + +- cluster-kube-apiserver-operator embedded-component 71f29f6df5edbc47aeb666de399a960685241e29 to b91ed030be338fc0effd30d6586974dced35c164 + - ce02c6f 2023-08-23T10:31:02-04:00 Revert "Revert "Merge pull request #1538 from bertinatto/runtime-config-dra"" + - 189ce0e 2023-08-23T10:30:58-04:00 Revert "Revert "Merge pull request #1536 from benluddy/runtime-config"" + - 04846d9 2023-08-22T08:34:17-05:00 Revert "Merge pull request #1536 from benluddy/runtime-config" + - a0ae1f0 2023-08-22T08:34:15-05:00 Revert "Merge pull request #1538 from bertinatto/runtime-config-dra" + - 3742d3c 2023-08-21T13:50:41-03:00 Enable DRA API in kube-apiserver + - 24ccf54 2023-08-14T14:09:55-04:00 Set runtime-config in lockstep with feature-gates, if needed. + - 58e3e25 2023-08-10T18:38:34+02:00 go mode vendor + - 0581bd0 2023-08-10T18:38:13+02:00 bump(api) + +- cluster-kube-controller-manager-operator embedded-component 5f49f59c88c963d97dd90643e7c9fb7ef1820d0c to d95b0c25ba55c4ef8e09e56461562ee60b22d51c + - c2bf60f 2023-08-10T12:43:23+02:00 replace deprecated ioutil func from render_test.go + - bce6bf1 2023-08-10T12:43:02+02:00 add roles for the new podsecurity-admission-label-privileged-namespaces-syncer-controller + +- cluster-network-operator embedded-component d8c28d4fbb6d4b4ab1242417d893b130e1dce30c to 2005bcd8c93de5bffc05c9c943b51386007f6b9a + - db8478f 2023-08-25T17:43:32-04:00 Join ovnkube-controller and ovnkube-node container for multizone setup + - 9bfd272 2023-08-22T14:57:47+02:00 ovn-k, managed: Align join subnet configuration + - e77c0f6 2023-08-18T13:52:03-04:00 Enables IP Forwarding config in CNO + - 78f9b5e 2023-08-16T17:44:22+02:00 Add RBAC and CRDs + - 4a572d3 2023-08-16T17:44:14+02:00 Add support for ANP feature gate + - 0f4c9dd 2023-08-15T12:41:46+02:00 Vendor openshift/api for ANP feature gate + - 313e22a 2023-08-14T11:18:38-04:00 OCPBUGS-17677: [Azure] Add granular permission for assigning egressIP to NIC to Azure CredentialsRequest for workload identity. + - 4e2d023 2023-08-11T11:30:34+02:00 introduce OVN_CONTROL_PLANE_IMAGE env variable for hypershift + - 2dc1fd9 2023-08-11T11:01:53+02:00 Remove certificatesigningrequests/update permission from ovnkubenode + - 88c6cf1 2023-08-10T15:56:33+02:00 Add rolling update for managed ovnkube-control-plane + - 661e425 2023-08-08T10:47:14+02:00 CVE-2023-3978: golang.org/x/net/html: Cross site scripting + +- cluster-openshift-controller-manager-operator embedded-component e004b58bcbe1e592746ee1dabee60d41234da3d8 to d6eca58c0b87ef2e85a0c262492bff24aa5676b0 + - d6eca58 2023-08-14T15:50:16-02:30 WRKLDS-727: Capabilities: avoid running controllers when capabilities are not enabled (#291) + +- cluster-policy-controller embedded-component 8501bc8c4084b57cfa8978afd533cc912f17cf31 to b3cb22fa48308962b4b520cd3ae694967c769bae + - 86fb17f 2023-08-22T15:33:01+02:00 pkg/psalabelsyncer: enforce syncing in case label is set + - f5ce53d 2023-08-15T17:03:30+02:00 ps syncer: don't mutate NS client cache between tests + - df62a40 2023-08-15T17:03:30+02:00 address comments + - 5485d35 2023-08-15T17:03:30+02:00 review comments + simplify isNSControlled() logic + - b49f55e 2023-08-15T17:03:30+02:00 ps syncer: add unit tests + - f3b7734 2023-08-15T17:03:30+02:00 ps syncer: own PSa labels previously owned by CPC + - bf80f8c 2023-08-15T17:03:29+02:00 ps syncer: only sync labels if noone else is managing them + - bd14bf4 2023-08-14T11:21:55+02:00 ps syncer: add a controller for run-level 0 namespaces + +- kubernetes embedded-component deb2c6012264c4b300833165e51134de25441985 to d424288c25bfee0d82e799dbce1113c9f18f77b7 + - 92131cabb 2023-08-23T13:19:36+02:00 UPSTREAM: 117245: Fix TopologyAwareHint not working when zone label is added after Node creation + - cb8f9c1f6 2023-08-21T14:30:13+02:00 UPSTREAM: 118189: TopologyAwareHints: Take lock in HasPopulatedHints + - 4cc600b2e 2023-08-21T14:27:27+02:00 UPSTREAM: 117249: Fix a data race in TopologyCache + - 961b759e9 2023-08-15T11:32:11+02:00 UPSTREAM: : selfsubjectaccessreview: grant user:full scope to self-SARs that have user:check-access + - 27c192b45 2023-08-14T11:07:02+02:00 UPSTREAM: 118280: e2e tests: set all PSa labels instead of just enforcing + - cc6bd4371 2023-08-10T09:43:59+02:00 UPSTREAM: 118280: e2e framework: allow setting all PSa labels at once + +- machine-config-operator embedded-component 40571adccaa3ef49a823abe8d7494bcdc48f2021 to 2b31b5b58f0d7d9fe6c3e331e4b3f01c9a1bd00c + - be48bfd5 2023-08-24T13:00:25-04:00 Revert "fix nodeStatusUpdateFrequency" + - 4d5c7565 2023-08-24T11:14:47-04:00 controller: Drop noisy BaseOSContainerImage log message + - d724c496 2023-08-24T11:13:25-04:00 controller: Drop noisy log message about certificates + - 1212a769 2023-08-24T16:41:38+02:00 daemon: create /etc/systemd/network directory on node + - 3c70c4bb 2023-08-21T13:19:49-04:00 fix nodeStatusUpdateFrequency + - 9ecb448c 2023-08-17T12:00:04-05:00 storagemigration for certificate strings + - 1b239350 2023-08-17T12:00:04-05:00 temporarily remove certificate date strings + - 99580127 2023-08-16T17:05:07-04:00 soften config drift e2e assertion + - d8a59eb8 2023-08-16T15:49:27-05:00 Wire up Machine OS Builder entrypoint + - e39b1ca8 2023-08-16T14:23:09-04:00 Check whether /home/core/.ssh already exists before creating a new dir for the sshkey in func createSSHKeyDir; delete if owned by the wrong user and let the MCD create it again + - 88fffa23 2023-08-16T18:31:33+02:00 OCPBUGS-17787: Fix sysctl breaking dots in paths + - b36f4511 2023-08-16T12:11:54-04:00 make the MCD aware of images built by buildcontroller + - 24cc37f8 2023-08-15T17:20:46-04:00 controller: add verbose bootstrap logs & mem bump + - 4c4de75a 2023-08-15T16:28:19-04:00 make NodeController aware of BuildController + - d8318949 2023-08-15T15:58:36-04:00 daemon: make rpm-ostree use merged pull secret + - 945e9619 2023-08-15T15:58:36-04:00 operator: add merging image registry secrets + - c2bb862b 2023-08-15T13:10:34-04:00 Remove Certificates from MachineConfig + - e5b64682 2023-08-15T15:23:06+02:00 daemon: igmore mounting MCD pod content when target is "/" + - ea77ba19 2023-08-15T13:04:00+02:00 OPNET-343: Restore node-ip for kubelet in dual-stack vSphere + - 67f323d2 2023-08-14T16:49:24-04:00 enables a custom Dockerfile to be injected from a ConfigMap + - 3facf3d0 2023-08-14T13:54:12-04:00 operator: remove metrics related log + - cafa7d73 2023-08-14T15:24:16+02:00 replace .. with : on registry CA file paths + - 126c1642 2023-08-11T12:49:20-05:00 remove kargs when mcs downconverts + - edaecd9c 2023-08-11T12:49:20-05:00 ignition to 3.4, fix references and translation + - 7b6396fb 2023-08-11T12:49:20-05:00 bump ignition api version to 3.4 in mcs + - 2c032047 2023-08-11T12:49:20-05:00 clean 4.13 downconvert hacks out of helpers + - f0608ea8 2023-08-11T07:41:35-04:00 make go-deps + - 497097a9 2023-08-11T07:41:35-04:00 add pull secret to controllerconfig & test sigs + - ce5857fa 2023-08-11T07:41:35-04:00 add machine-os-puller SA & role binding + - 107aef9d 2023-08-09T18:08:42-05:00 On-cluster build opt-in function, building machine-os-builder stub, RBAC and service acct inclusions. Deletes deployment rather than scale down to 0 without label + - 1b56ad75 2023-08-09T12:26:50+05:30 Sync featuregate controller during the node config controller sync + - dc5f7965 2023-08-08T15:02:58-04:00 forcefile should always trigger an OS update + - 8b930616 2023-08-04T11:06:46-04:00 add HostToContainer propagation to all hostPath volume mounts + - 48f157a8 2023-08-04T14:41:53+02:00 OCPBUGS-16733: on-prem: run resolv-prepender on NM reapply event + - 69667ec3 2023-08-01T11:51:02-05:00 Revert "Merge pull request #3830 from dgoodwin/revert-3763-mco-565b" + - 718de160 2023-08-01T10:51:37-04:00 kube-rbac-proxy addition + - cfbe1678 2023-06-29T11:18:37-04:00 mcs: Use certwatcher + +- openshift-controller-manager embedded-component 80c4923e0b2014ec8b8a6845c21078e6cc036f91 to 66b616997963132f90abd5dfdb11c75e82bdabde + - 9774f25 2023-08-11T18:29:51+02:00 use const controller names from o/api + - 0bfcf82 2023-08-11T18:15:30+02:00 bump o/api + +- oc image-amd64 d41ffdcce90ec9d382b77af14d8a2deecfa897cf to 795bf1a6260847ecfc612da2ab11ea2d6e07da16 - f2a96575 2023-08-22T11:23:51+02:00 pkg/cli/admin/prune/images: omit not found error for deployment configs + - 19279a34 2023-08-16T15:18:52+03:00 Bump go x/net library to 0.13.0 + - 98204c8e 2023-08-15T13:39:21-07:00 Revert-ish "Revert "pkg/cli/admin/release/extract: Add --included and --install-config"" + - 5b0080c7 2023-08-15T11:08:48+02:00 Revert "pkg/cli/admin/release/extract: Add --included and --install-config" + - 9ec4f46e 2023-08-11T14:22:44-07:00 pkg/cli/admin/release/extract: Add --included and --install-config + - 624af8e0 2023-08-11T20:46:20+03:00 Update openshift/api + +- router image-amd64 44a5304cf8972d235468e813fe228ce36b1532e8 to 80e2d999242203ad62c39ce758966531ba59dd2c + - 90966d7 2023-08-15T16:14:19+01:00 OCPBUGS-17653: haproxy/template: mitigate CVE-2023-40225 + +- ovn-kubernetes image-amd64 06c951cae81fb24ad437f78deaad111785dceeab to d54b88982138864d2163a9b68e535fd2b798d092 + - 4085d7b 2023-08-25T09:44:23+00:00 kind: allow custom encap port configuration + - 22ac6c7 2023-08-25T09:32:12+00:00 Fix encap port configuration for remote chassis + - a707301 2023-08-24T13:53:53+00:00 Revert "kubevirt: pre pull fedora coreos image" + - bead1f5 2023-08-24T11:53:24+02:00 kubevirt: pre pull fedora coreos image + - 7f1cdd9 2023-08-24T10:40:19+02:00 Update apbroute Status check to allow notFound errors between retries, since it fetches the object from the informer cache which is not guaranteed to contain the object immediately after Create() call. + - 088c1ac 2023-08-24T10:40:19+02:00 NetworkControllerManager doesn't use given identity, remove. + - b2b25af 2023-08-24T10:40:19+02:00 After changing apbroute controller startup sequence, one test started failing. The problem is annotation-based and CR-based configs had different BFD settings. Before the change external_gw code always handled annotations before apbroute controller handled CRD, and annotation-based config took place, now with the change CR-based config is applied before. Add 2 explicit test cases for both handling orders to make sure the config will be the same. + - 2792d74 2023-08-24T10:40:19+02:00 Add APBRoute factory to the WatchFactory to share it between ovnkube-controller and ovnkube-node. + - bc8997f 2023-08-24T10:40:15+02:00 Add ovnkube-controller-with-node mode. ovnkube-controller and ovnkube-node depend on each other to start up, therefore they are run in parallel (but also to speed up the startup) + - 2c252f1 2023-08-22T17:13:16+02:00 Create egress firewall with one db transaction. Update cleanup test to have dns-based address set as a leftover, since all acls are commited in one transaction now. + - 7257515 2023-08-22T16:54:04+02:00 Fix DPU Mgnt port data race test regression + - 2577b7b 2023-08-22T15:35:30+02:00 Sort flags in ovnkube.sh + - 18f8966 2023-08-21T15:42:46+02:00 Fif Network Policy event handler: add AddressSetPodSelectorType to the types that have update function. Move network policy related functionality to the network_controller_policy_event_handler.go. + - 1a64e6a 2023-08-21T15:42:46+02:00 Add DefaultEventHandler to not duplicate the default implementations + - 3befb59 2023-08-21T12:45:43+02:00 e2e, multihoming: Add localnet MultiNetworkPolicy test + - 31d302b 2023-08-17T14:15:31+02:00 Register resource max retry failed metric for cluster manager + - 24d0130 2023-08-17T07:01:10-04:00 CARRY: Removes restriction for ip scope universe on node ips + - 35296dd 2023-08-16T23:50:03+01:00 Always init link manager for both IP families + - 6275b07 2023-08-16T23:50:03+01:00 Skip flaking EIP retry following an update + - 60e81e1 2023-08-16T22:03:51+01:00 Util: generate ipnet directly instead of needless parsing of CIDR + - 7253ac4 2023-08-16T22:03:51+01:00 Skip unit tests that require root due to error creating netns + - 18879cc 2023-08-16T22:03:51+01:00 Disable impl of EIP for non-ovn managed networks in cloud envs + - 05945c8 2023-08-16T22:03:51+01:00 Skip iptables unit tests if iptables not in PATH + - 59d6048 2023-08-16T22:03:51+01:00 Update servive e2e test to account for new host-address format + - a49a979 2023-08-16T22:03:50+01:00 Add documentation for EIP multi NIC/network + - 1946c09 2023-08-16T22:03:50+01:00 Add pkgs that require root to list + - bc61056 2023-08-16T22:03:50+01:00 Add EIP multi nic support to ovnkube controller + - 92e4a7a 2023-08-16T22:03:50+01:00 Prevent gateway tests from escaping netns + - 90911dd 2023-08-16T22:03:50+01:00 Convert ovn test to also populate EIP network + - db38f13 2023-08-16T22:03:50+01:00 Update go modules and vendor directory + - 205963c 2023-08-16T22:03:50+01:00 Expand node definition to inc zone info + - b648256 2023-08-16T22:03:50+01:00 Add ovnkube node controller for egress IP + - ab2e5d8 2023-08-16T22:03:50+01:00 Fixup node ip handler following host-address format change + - 8847618 2023-08-16T22:03:50+01:00 Include the network mask in k8s.ovn.org/host-addresses + - ec84e0c 2023-08-16T22:03:50+01:00 Enhance EIP status map to consider keys without networks assigned + - 7ea90f2 2023-08-16T22:03:50+01:00 Fix egress services to account for new host-addresses format + - 146c3fe 2023-08-16T22:03:50+01:00 Add EIP context to egress svc priority level + - 91a4533 2023-08-16T22:03:49+01:00 Update factory to account for node requiring eip informer support + - ed8842c 2023-08-16T22:03:49+01:00 Add multi network support to CM EIP controller + - f0010ff 2023-08-16T22:03:49+01:00 Add iptables controller + - 5716dcc 2023-08-16T22:03:49+01:00 Add rule manager + - 570c79f 2023-08-16T22:03:49+01:00 Add link manager + - 4f1addb 2023-08-16T22:03:49+01:00 Update Egress IP CRD to include a new field called network in a status item + - 8b41e6f 2023-08-16T22:03:49+01:00 Ensure no race condition for cluster manager tests + - cc0de3c 2023-08-16T22:03:49+01:00 Refactor route manager and fix default 'blackhole' route + - ba78a87 2023-08-16T22:03:49+01:00 Move and export route manager + - 90009c2 2023-08-14T20:28:27+02:00 Fix encap port deadlock + - de5c4d7 2023-08-14T08:25:04+00:00 Fix duplicate routes after HO route sync + - 3748606 2023-08-14T08:06:10+00:00 Fix BANP unit test flake + - 4bfacf9 2023-08-11T17:14:22+02:00 Remove unregister metrics from cluster manager + - 98f193e 2023-08-11T14:46:57+02:00 typo fix: s/tiemout/timeout + - 03e7bb2 2023-08-10T19:19:37+02:00 Docs: Add docs for ANP/BANP + - 4a84704 2023-08-10T19:19:37+02:00 Docs: Add networkpolicies folder + - 945517b 2023-08-10T19:19:37+02:00 Add repair functions for ANP&BANP + - 33b5729 2023-08-10T19:19:37+02:00 Enable ANP&BANP e2e tests in CI + - 2c5fd51 2023-08-10T19:19:37+02:00 Add e2e tests for ANP&BANP + - 095648d 2023-08-10T19:19:37+02:00 Add unit tests for baseline admin network policy + - 924d22f 2023-08-10T19:19:37+02:00 Add unit tests for admin network policy + - b846f26 2023-08-10T19:19:37+02:00 BANP: Add status support + - 47e4988 2023-08-10T19:19:37+02:00 ANP: Add status support + - a55e63e 2023-08-10T19:19:37+02:00 Add support for zones + - 806777a 2023-08-10T19:19:37+02:00 BANP: Implement syncAdminNetworkPolicyPod + - 3b0d7da 2023-08-10T19:19:37+02:00 BANP: Implement syncAdminNetworkPolicyNamespace + - ac0c617 2023-08-10T19:19:37+02:00 BANP: Implement syncBaselineAdminNetworkPolicy + - 2d14e0e 2023-08-10T19:19:37+02:00 ANP: Implement syncAdminNetworkPolicyPod + - 81d00ec 2023-08-10T19:19:37+02:00 ANP: Implement syncAdminNetworkPolicyNamespace + - 0276831 2023-08-10T19:19:37+02:00 ANP: Implement syncAdminNetworkPolicy + - 2929b75 2023-08-10T19:19:37+02:00 Add UpdatePortGroupSetACLsOps utility + - 431d5fe 2023-08-10T19:19:37+02:00 Add NewAddressSetOps utility + - 718a011 2023-08-10T19:19:37+02:00 Vendor in admin-network-policy v0.1.0 + - a8f2d0b 2023-08-10T19:19:37+02:00 Add controller for (B)ANP + - e67fdc9 2023-08-10T19:19:37+02:00 Add factory, handlers, clients for ANP & BANP + - 1a0954a 2023-08-10T19:19:37+02:00 Install CRDs on the KIND cluster + - 0e3d7bb 2023-08-10T19:19:37+02:00 Add flag to enable the feature + - 9ae057f 2023-08-10T17:00:05+02:00 Move the UnidledAt controller to cluster-manager + - 7825b68 2023-08-09T09:38:48-04:00 Make v4 and v6 masquerade subnet configurable + - 9a8fea3 2023-08-08T13:07:50+02:00 kind: Add support for separate libovsdb logs + - ffb1ce3 2023-08-08T13:07:50+02:00 libovsdb: Introduce separate logfile support + - e2e4421 2023-08-08T13:07:50+02:00 Optimize logging: Silence chatty logs (cont.) + +- kubernetes image-amd64 deb2c6012264c4b300833165e51134de25441985 to d424288c25bfee0d82e799dbce1113c9f18f77b7 + - 92131cabb 2023-08-23T13:19:36+02:00 UPSTREAM: 117245: Fix TopologyAwareHint not working when zone label is added after Node creation + - cb8f9c1f6 2023-08-21T14:30:13+02:00 UPSTREAM: 118189: TopologyAwareHints: Take lock in HasPopulatedHints + - 4cc600b2e 2023-08-21T14:27:27+02:00 UPSTREAM: 117249: Fix a data race in TopologyCache + - 961b759e9 2023-08-15T11:32:11+02:00 UPSTREAM: : selfsubjectaccessreview: grant user:full scope to self-SARs that have user:check-access + - 27c192b45 2023-08-14T11:07:02+02:00 UPSTREAM: 118280: e2e tests: set all PSa labels instead of just enforcing + - cc6bd4371 2023-08-10T09:43:59+02:00 UPSTREAM: 118280: e2e framework: allow setting all PSa labels at once diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index c630e376e1..4cb282abf7 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,29 +1,29 @@ -https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 4670bf64fb29fbe0fbd78368de63d9f88451fb23 -https://github.com/openshift/cluster-dns-operator embedded-component 6cfee191de08cede60bed8cea6f8e17f730adf61 -https://github.com/openshift/cluster-ingress-operator embedded-component 8f2f0352a02be251a9fa118fe1297ee3e90b58be -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 71f29f6df5edbc47aeb666de399a960685241e29 -https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 5f49f59c88c963d97dd90643e7c9fb7ef1820d0c +https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 9a67364ca9b2761f9bfffd7f600018788f94a5dd +https://github.com/openshift/cluster-dns-operator embedded-component f5f12b76e1d19ca9c98013158a0a5aae278a4d57 +https://github.com/openshift/cluster-ingress-operator embedded-component cd9777112490675bcb38d1aaff13e6082965eeb5 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component b91ed030be338fc0effd30d6586974dced35c164 +https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component d95b0c25ba55c4ef8e09e56461562ee60b22d51c https://github.com/openshift/cluster-kube-scheduler-operator embedded-component db92b6d9fcf410aa24efc4a70c4114925bb7b797 -https://github.com/openshift/cluster-network-operator embedded-component d8c28d4fbb6d4b4ab1242417d893b130e1dce30c -https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component e004b58bcbe1e592746ee1dabee60d41234da3d8 -https://github.com/openshift/cluster-policy-controller embedded-component 8501bc8c4084b57cfa8978afd533cc912f17cf31 +https://github.com/openshift/cluster-network-operator embedded-component 2005bcd8c93de5bffc05c9c943b51386007f6b9a +https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component d6eca58c0b87ef2e85a0c262492bff24aa5676b0 +https://github.com/openshift/cluster-policy-controller embedded-component b3cb22fa48308962b4b520cd3ae694967c769bae https://github.com/openshift/csi-external-snapshotter embedded-component 712bf7c316adfa0a3c8afc56d1db23abfadad58e https://github.com/openshift/etcd embedded-component 5a36b9b6b329d92d7c26d1c944e6b1192f9d1523 -https://github.com/openshift/kubernetes embedded-component deb2c6012264c4b300833165e51134de25441985 +https://github.com/openshift/kubernetes embedded-component d424288c25bfee0d82e799dbce1113c9f18f77b7 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 8558e14a116804168506d06e96eac5a79913a6eb -https://github.com/openshift/machine-config-operator embedded-component 40571adccaa3ef49a823abe8d7494bcdc48f2021 -https://github.com/openshift/openshift-controller-manager embedded-component 80c4923e0b2014ec8b8a6845c21078e6cc036f91 +https://github.com/openshift/machine-config-operator embedded-component 2b31b5b58f0d7d9fe6c3e331e4b3f01c9a1bd00c +https://github.com/openshift/openshift-controller-manager embedded-component 66b616997963132f90abd5dfdb11c75e82bdabde https://github.com/openshift/route-controller-manager embedded-component 0a976ea8bb9f7bf1d0b22730dc0825f976b27ccc https://github.com/openshift/service-ca-operator embedded-component 5e9dfaadeb46f3ca7ff4343ed4f76f1186ea3003 -https://github.com/openshift/oc image-amd64 d41ffdcce90ec9d382b77af14d8a2deecfa897cf +https://github.com/openshift/oc image-amd64 795bf1a6260847ecfc612da2ab11ea2d6e07da16 https://github.com/openshift/coredns image-amd64 a2c62dd3976b27d6a45e273532c63ba914700917 https://github.com/openshift/csi-external-snapshotter image-amd64 712bf7c316adfa0a3c8afc56d1db23abfadad58e https://github.com/openshift/csi-external-snapshotter image-amd64 712bf7c316adfa0a3c8afc56d1db23abfadad58e https://github.com/openshift/csi-external-snapshotter image-amd64 712bf7c316adfa0a3c8afc56d1db23abfadad58e -https://github.com/openshift/router image-amd64 44a5304cf8972d235468e813fe228ce36b1532e8 +https://github.com/openshift/router image-amd64 80e2d999242203ad62c39ce758966531ba59dd2c https://github.com/openshift/kube-rbac-proxy image-amd64 86f31e2de5221ed4acd6509fa7a010a286089f1f -https://github.com/openshift/ovn-kubernetes image-amd64 06c951cae81fb24ad437f78deaad111785dceeab -https://github.com/openshift/kubernetes image-amd64 deb2c6012264c4b300833165e51134de25441985 +https://github.com/openshift/ovn-kubernetes image-amd64 d54b88982138864d2163a9b68e535fd2b798d092 +https://github.com/openshift/kubernetes image-amd64 d424288c25bfee0d82e799dbce1113c9f18f77b7 https://github.com/openshift/service-ca-operator image-amd64 5e9dfaadeb46f3ca7ff4343ed4f76f1186ea3003 https://github.com/openshift/oc image-arm64 795bf1a6260847ecfc612da2ab11ea2d6e07da16 https://github.com/openshift/coredns image-arm64 a2c62dd3976b27d6a45e273532c63ba914700917 From ca9977560b211edb938e75c4adf3e7aa0cd180f6 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:08:39 +0000 Subject: [PATCH 3/9] update microshift/go.mod --- go.mod | 62 +++++++++++++++++----------------- go.sum | 104 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 83 insertions(+), 83 deletions(-) diff --git a/go.mod b/go.mod index 44ef8c2eaf..3d9a9f9d36 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/openshift/api v0.0.0-20230703134140-1c2204a0195c github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb - github.com/openshift/cluster-policy-controller v0.0.0-20230724103459-8501bc8c4084 + github.com/openshift/cluster-policy-controller v0.0.0-20230823075520-b3cb22fa4830 github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb github.com/openshift/route-controller-manager v0.0.0-20230809110842-0a976ea8bb9f github.com/pkg/errors v0.9.1 // indirect @@ -231,36 +231,36 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230810140522-deb2c6012264 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230810140522-deb2c6012264 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230823203748-d424288c25bf // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230823203748-d424288c25bf // from kubernetes ) replace sigs.k8s.io/kube-storage-version-migrator => github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20230724151845-8558e14a1168 // release kube-storage-version-migrator via kubernetes-kube-storage-version-migrator diff --git a/go.sum b/go.sum index 3e7d72dabd..703af170f7 100644 --- a/go.sum +++ b/go.sum @@ -513,60 +513,60 @@ github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 h1:mh github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI= github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs= -github.com/openshift/cluster-policy-controller v0.0.0-20230724103459-8501bc8c4084 h1:CjBZbphEb/DshnvH7Ms/aY/FpewUqFWnD17BURRQtgs= -github.com/openshift/cluster-policy-controller v0.0.0-20230724103459-8501bc8c4084/go.mod h1:aT2kl3fRiSSElTibdfFs3MQnyLtviMcB7lZt9rdy46g= -github.com/openshift/kubernetes v0.0.0-20230810140522-deb2c6012264 h1:cKmEdt8M2MDWgOA//OfPCFnAhNBGpzhBb8+/doUEnUo= -github.com/openshift/kubernetes v0.0.0-20230810140522-deb2c6012264/go.mod h1:7dq7uIM4QKpzEpR505o8Y9uco8Xy2oFOLJPkSA7POMc= +github.com/openshift/cluster-policy-controller v0.0.0-20230823075520-b3cb22fa4830 h1:Ifh6SocKMU/WxQPPz8dh0/a0mDirZNrBxJKrsnVOANo= +github.com/openshift/cluster-policy-controller v0.0.0-20230823075520-b3cb22fa4830/go.mod h1:aT2kl3fRiSSElTibdfFs3MQnyLtviMcB7lZt9rdy46g= +github.com/openshift/kubernetes v0.0.0-20230823203748-d424288c25bf h1:Dhd/QggfX22uEB0GaV/LfV3+8wEFCSFAcpM7NN8ASo0= +github.com/openshift/kubernetes v0.0.0-20230823203748-d424288c25bf/go.mod h1:7dq7uIM4QKpzEpR505o8Y9uco8Xy2oFOLJPkSA7POMc= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20230724151845-8558e14a1168 h1:gjPs80PVnSOjK7oBizuGNphNNYBdaevQBw0EvQ5/fsQ= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20230724151845-8558e14a1168/go.mod h1:nc9vh1Bd8i4OnTM+uoZeFbRaJJ9uOs1AzaN69SdVnd8= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 h1:d0ETNTP0IayKYaSlAElStTXw4n4HI2O1dp5eC2Ae1Gc= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264/go.mod h1:HS+D2l4KQPtUswcaoAlFe4qPsy2Go7C4xL5rFyxTrnQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 h1:SwhVb/UYvB5Vicpp5/ZnZBjiozXbmWYOB8IGfPv1yG8= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264/go.mod h1:f8aYFmjcutDkqhOnlQAUvQ79oyCCMKLoqvOgo7YfFpI= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 h1:Dwr54cMVUYPrFQMfR43e+Oy3vhD0dZMGXpn7yikqHlQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264/go.mod h1:NxjwHbUzQh5X2AIEseAOwyA8y/cbDyAX4b/lRMP4KUM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 h1:QIpzEEe39bAoYpnir3x34CaYLHNRbE3XTFtQ3gXr920= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264/go.mod h1:JC4dA6xOdRtPv8CB8ycP1zRRmgAWtyXWLhjwXKDLt1Y= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 h1:A47FyyRmeTktyT/9AJDxcYUCOr4QamnLT5c3r4oGuBE= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 h1:XEt24j/SotuyHVOnZXADvbSHHel3QZTYdri6SC5bwR4= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 h1:SE6QMJByzUvoJ051P0W5aA//rWnUkVKgwko+3Fblqfw= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264/go.mod h1:/P4BjJew2WLdnbi3+0tyO8sDLZydilvJ41dTkFLgfIA= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 h1:EbB8IrDXqeFGXx1UVPKJCEXO2vZYR9soxGQt+HvsmsA= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264/go.mod h1:knkmpkfoPcOyPbx6II8E7bPCBPWWb+qTnp9lYeRLmcM= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 h1:oWKHyTuDmi2qodjxwoBptSkSGtu3CtMvBvpx2jXaCSU= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264/go.mod h1:wAcKQiyH7O5X535pb0/RamfWxga+4e/opQZJKl2C1c0= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 h1:SXgD9FsIUnqD8anFurZL5IFJs+fZkNzgjJS9shIEyoQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264/go.mod h1:h+VG9kJL2rXABC0yOx5gki+dGMYbadntmeyMviy0sqg= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 h1:ndg4yPqmLOErQuotxPlzTcD12hc2DhWMGHNHc/qdwZ4= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264/go.mod h1:vZ9u2TSfQdJzEf1CLpfxGtELRx75PCMXvuBhV3437Mw= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 h1:fBB2oHBt1jiU69LZfopoJoBkp5MSop1ps1jfJCStInc= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264/go.mod h1:Nxi+NZdx+GIo+PyIcwbaUOeYxqlFCNUg9rIMcqTCRhQ= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 h1:0Wqjpw8308z22aum71AXbnRKDRGsWgVudmVL8GB+5z8= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264/go.mod h1:uTgJpRtV5WrbgrBwtkdJLjDE7LqmLKTyox+GfDljAME= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 h1:2twG3TmYuNeBYzJKFFyfUZYgT800wbJXqjQdXLPf2Vs= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264/go.mod h1:aH+7wzuRuYXC6z7CmIPJBxT6zht3KiOF5PC6DCiILR0= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 h1:ztYUdg1Q8Br1T2MxACZS6Wmp81eLZ9rDIFTmk009Aw4= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264/go.mod h1:koRYt7cYiktjZ8iwukGCc5dUVGyOcavTgKH7Kef/70g= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 h1:cChaqg83hfTiRUB64P8cBI6bqG7BPnnnAoXrd3lwtXI= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264/go.mod h1:NfmOLWP3K4iaM6aevbssmwGS4AKCi/pN77hlU9NJXW0= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 h1:88gkALzIHZVK5rIlYJJ8/qnNEh0Qrn27blfnMlAFAhM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264/go.mod h1:kPirESyKa0ONUvOJqFwUgvUq5M42RuJ/RILdsJg6PeA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 h1:KNG0+wQFnappC85zMN4jzJaSgl5ALgskBNdjU2uegEU= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264/go.mod h1:shBqEF96lVjyKcgxtOYySo0emacqvwz4nuhU/P7+g04= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 h1:Ry0r7HamJd+EhpZ+DEdouEIAu30zJT9PNFgXnSrqYII= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 h1:f42PidkCNYPHwbvS/I0bLP/rNe0Jy5Ex+XjcT6+JI1E= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264/go.mod h1:yicHj+CceeKtoQ1SmvBrbdQTBvuisww0e9CzWrd4WV8= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 h1:TeABK0hlI47xQZVRQ5sILrsK+DD9NTEZzPpvEqy0p7w= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264/go.mod h1:U4zxFrED8NcXCRBau4PUNnNZacAu0ElxVLYuL/wkqW0= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 h1:7LMmPD9oINqNFHsJT9J2ui7nryaKp+dq0xtZeAlCXGc= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264/go.mod h1:bJFJUWsPSj8ps/bUM9Scdnw4h6FWadbe4SRzFVUgdOE= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 h1:OvZ/XQgfCPx/ZZWXyszut/j9NFaiRcPqRi5KHgY4VdA= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264/go.mod h1:FKR/pGAN4OT9lUvsUrbcBup8FdVXo2FxTF3MiZZjJWw= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 h1:gGD3mBxduTCdoWvKlbMLNKzkOxPs1PJZVKXVYR+SjLg= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264/go.mod h1:avu3AaWDIk2l9Ip/rt8oWZmsQ2oYibJzble98CyL9uk= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf h1:+cTghF8WGxvkmjXeeNu+OO5DHw19MafyALkzn4lMKfM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf/go.mod h1:HS+D2l4KQPtUswcaoAlFe4qPsy2Go7C4xL5rFyxTrnQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf h1:rfTNHyU+ffRsNLFyU8VuM+Eg5lriZglfxyA4HOn68+s= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf/go.mod h1:f8aYFmjcutDkqhOnlQAUvQ79oyCCMKLoqvOgo7YfFpI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf h1:hFeDDS0yo1bD0QIxXd7WMQ+UlFWQc+7cN8mrQdq75Bk= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf/go.mod h1:NxjwHbUzQh5X2AIEseAOwyA8y/cbDyAX4b/lRMP4KUM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf h1:11FYNtm7ccHQ5jx3bTI/GGo/3BfROnP5WIPJwsf47S4= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf/go.mod h1:JC4dA6xOdRtPv8CB8ycP1zRRmgAWtyXWLhjwXKDLt1Y= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf h1:wv4xl/vnwh2Cu20kfT3yL76YhltEIaXMgPHEscT48pg= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf h1:NIf3lIAUAniZZHJAIptQtodB4ZF4LjqzdasSZuBIv6U= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf h1:hBzjr7jsAwHiGhW94yaFryD0xmIsBnLVApVIaWIRIi8= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf/go.mod h1:/P4BjJew2WLdnbi3+0tyO8sDLZydilvJ41dTkFLgfIA= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf h1:Q+6skP3uuBXOzmc91fo2mpUDUrs2m+W1XpKOxpXF82w= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf/go.mod h1:knkmpkfoPcOyPbx6II8E7bPCBPWWb+qTnp9lYeRLmcM= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf h1:8wawlRfxCuR8+0F3DbKYi7xC8O+uMH0xRmLAA1J+kZU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf/go.mod h1:wAcKQiyH7O5X535pb0/RamfWxga+4e/opQZJKl2C1c0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf h1:4uBfl3Y5CtibWWgJCrT2mJbR22DCW1cxxiJTcdK9XV8= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf/go.mod h1:h+VG9kJL2rXABC0yOx5gki+dGMYbadntmeyMviy0sqg= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf h1:5/fsSwh3ipd2cOJqLgv+q0GT33PP6UCgKx3xyw/3T1Q= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf/go.mod h1:vZ9u2TSfQdJzEf1CLpfxGtELRx75PCMXvuBhV3437Mw= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf h1:r1cHH6eR37uV29QChJ0dzd7JKazX0pLKnc7M7lBFBqw= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf/go.mod h1:Nxi+NZdx+GIo+PyIcwbaUOeYxqlFCNUg9rIMcqTCRhQ= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf h1:DZZ2kL5X3D3BhkhuKEFQKSDvOVrZdK7YyhH+spl2NrQ= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf/go.mod h1:uTgJpRtV5WrbgrBwtkdJLjDE7LqmLKTyox+GfDljAME= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf h1:QdwICCxvT5+stvuXeWogPaWnYZWgv3ksRyorcHbvLHY= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf/go.mod h1:aH+7wzuRuYXC6z7CmIPJBxT6zht3KiOF5PC6DCiILR0= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf h1:nLUMvv6PyK3+SYo66q+jp6+lixK4AJze3ciuvY0OLTo= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf/go.mod h1:koRYt7cYiktjZ8iwukGCc5dUVGyOcavTgKH7Kef/70g= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf h1:W6cg4QvuuIePu5jf4sXfef3crbjqsTOTJL92ZkmRKUI= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf/go.mod h1:NfmOLWP3K4iaM6aevbssmwGS4AKCi/pN77hlU9NJXW0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf h1:5BT6wJIa9BVR7JZKcgTbam4LnxMq7VJegqVAtSVBCiQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf/go.mod h1:kPirESyKa0ONUvOJqFwUgvUq5M42RuJ/RILdsJg6PeA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf h1:oomRh2cDG9iyN36xcV6Y759brjg2pCONUJUvWjBasbQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf/go.mod h1:shBqEF96lVjyKcgxtOYySo0emacqvwz4nuhU/P7+g04= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf h1:7zCNbVM1jjTr6F9+vJDFiF6k8six79WIn1qQV0tM7n0= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf h1:pLGkdb7KHYYBxpnoiDOB9RIxg4ubVfwdRvjMhEwD9IE= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf/go.mod h1:yicHj+CceeKtoQ1SmvBrbdQTBvuisww0e9CzWrd4WV8= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf h1:Fi15xE59+0jGuJaihX6si1rCrHXGeDmmQVS1NMb6Dk0= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf/go.mod h1:U4zxFrED8NcXCRBau4PUNnNZacAu0ElxVLYuL/wkqW0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf h1:reSnjv4C7qjMjknqCuGrh7db69MVZZDb6QNeWUOjiQ4= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf/go.mod h1:bJFJUWsPSj8ps/bUM9Scdnw4h6FWadbe4SRzFVUgdOE= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf h1:t7smvQfF3QQeg+vTgnJW6jAfZzUErHes5QwaB2FD18s= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf/go.mod h1:FKR/pGAN4OT9lUvsUrbcBup8FdVXo2FxTF3MiZZjJWw= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf h1:7sx2VNhA1chcgz6wzVWFZFj+8aoR9+cOVier/Q85740= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf/go.mod h1:avu3AaWDIk2l9Ip/rt8oWZmsQ2oYibJzble98CyL9uk= github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb h1:B1VhZf/XTcInahu7XmosGLDGlKgJHj9eYtNBq+tA2dY= github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 h1:PftK9Q7BUD+wj8fNvxtJ+RhxYkcTtd8LcAo1Gk1H1HM= From 3d2ab2714223e16bf50bd1cdaa94e11ec5c5bdbf Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:08 +0000 Subject: [PATCH 4/9] update microshift/vendor --- .../pkg/cmd/controller/config.go | 23 +- .../pkg/cmd/controller/psalabelsyncer.go | 18 ++ .../podsecurity_label_sync_controller.go | 265 ++++++++++++++---- .../privileged_namespaces_controller.go | 148 ++++++++++ .../endpointslice/endpointslice_controller.go | 5 +- .../topologycache/topologycache.go | 23 +- .../selfsubjectaccessreview/rest.go | 3 + .../selfsubjectaccessreview/rest_patch.go | 55 ++++ vendor/modules.txt | 112 ++++---- 9 files changed, 531 insertions(+), 121 deletions(-) create mode 100644 vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/privileged_namespaces_controller.go create mode 100644 vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest_patch.go diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/config.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/config.go index a665945775..ef17175274 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/config.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/config.go @@ -1,17 +1,20 @@ package controller var ControllerInitializers = map[string]InitFunc{ - "openshift.io/namespace-security-allocation": RunNamespaceSecurityAllocationController, - "openshift.io/resourcequota": RunResourceQuotaManager, - "openshift.io/cluster-quota-reconciliation": RunClusterQuotaReconciliationController, - "openshift.io/cluster-csr-approver": RunCSRApproverController, - "openshift.io/podsecurity-admission-label-syncer": runPodSecurityAdmissionLabelSynchronizationController, + "openshift.io/namespace-security-allocation": RunNamespaceSecurityAllocationController, + "openshift.io/resourcequota": RunResourceQuotaManager, + "openshift.io/cluster-quota-reconciliation": RunClusterQuotaReconciliationController, + "openshift.io/cluster-csr-approver": RunCSRApproverController, + "openshift.io/podsecurity-admission-label-syncer": runPodSecurityAdmissionLabelSynchronizationController, + "openshift.io/privileged-namespaces-psa-label-syncer": runPrivilegedNamespacesPSALabelSyncer, } const ( - infraClusterQuotaReconciliationControllerServiceAccountName = "cluster-quota-reconciliation-controller" - infraClusterCSRApproverControllerServiceAccountName = "cluster-csr-approver-controller" - infraNamespaceSecurityAllocationControllerServiceAccountName = "namespace-security-allocation-controller" - podSecurityAdmissionLabelSyncerControllerServiceAccountName = "podsecurity-admission-label-syncer-controller" - defaultOpenShiftInfraNamespace = "openshift-infra" + infraClusterQuotaReconciliationControllerServiceAccountName = "cluster-quota-reconciliation-controller" + infraClusterCSRApproverControllerServiceAccountName = "cluster-csr-approver-controller" + infraNamespaceSecurityAllocationControllerServiceAccountName = "namespace-security-allocation-controller" + podSecurityAdmissionLabelSyncerControllerServiceAccountName = "podsecurity-admission-label-syncer-controller" + privilegedNamespacesPodSecurityAdmissionLabelSyncerServiceAccountName = "privileged-namespaces-psa-label-syncer" + + defaultOpenShiftInfraNamespace = "openshift-infra" ) diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go index 6896b48109..504e93b748 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go @@ -51,3 +51,21 @@ func runPodSecurityAdmissionLabelSynchronizationController(ctx context.Context, return true, nil } + +func runPrivilegedNamespacesPSALabelSyncer(ctx context.Context, controllerCtx *EnhancedControllerContext) (bool, error) { + kubeClient, err := controllerCtx.ClientBuilder.Client(privilegedNamespacesPodSecurityAdmissionLabelSyncerServiceAccountName) + if err != nil { + return true, err + } + + controller := psalabelsyncer.NewPrivilegedNamespacesPSALabelSyncer( + ctx, + kubeClient.CoreV1().Namespaces(), + controllerCtx.KubernetesInformers.Core().V1().Namespaces(), + controllerCtx.EventRecorder.ForComponent("privileged-namespaces-psa-label-syncer"), + ) + + go controller.Run(ctx, 1) + + return true, nil +} diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/podsecurity_label_sync_controller.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/podsecurity_label_sync_controller.go index af360db751..685563893e 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/podsecurity_label_sync_controller.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/podsecurity_label_sync_controller.go @@ -2,6 +2,7 @@ package psalabelsyncer import ( "context" + "encoding/json" "fmt" "strings" @@ -9,10 +10,12 @@ import ( corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/util/sets" + corev1apply "k8s.io/client-go/applyconfigurations/core/v1" corev1informers "k8s.io/client-go/informers/core/v1" rbacv1informers "k8s.io/client-go/informers/rbac/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" @@ -36,12 +39,24 @@ const ( currentPSaVersion = "v1.24" ) +var ( + allPSaLabels = map[string]string{ + psapi.EnforceLevelLabel: psapi.EnforceVersionLabel, + psapi.WarnLevelLabel: psapi.WarnVersionLabel, + psapi.AuditLevelLabel: psapi.AuditVersionLabel, + } + loggingLabels = map[string]string{ + psapi.WarnLevelLabel: psapi.WarnVersionLabel, + psapi.AuditLevelLabel: psapi.AuditVersionLabel, + } +) + // PodSecurityAdmissionLabelSynchronizationController watches over namespaces labelled with // "security.openshift.io/scc.podSecurityLabelSync: true" and configures the PodSecurity // admission namespace label to match the user account privileges in terms of being able // to use SCCs type PodSecurityAdmissionLabelSynchronizationController struct { - shouldEnforce bool + syncedLabels map[string]string namespaceClient corev1client.NamespaceInterface @@ -64,7 +79,7 @@ func NewEnforcingPodSecurityAdmissionLabelSynchronizationController( eventRecorder events.Recorder, ) (factory.Controller, error) { return newPodSecurityAdmissionLabelSynchronizationController( - true, + allPSaLabels, namespaceClient, namespaceInformer, rbacInformers, @@ -83,7 +98,7 @@ func NewAdvisingPodSecurityAdmissionLabelSynchronizationController( eventRecorder events.Recorder, ) (factory.Controller, error) { return newPodSecurityAdmissionLabelSynchronizationController( - false, + loggingLabels, namespaceClient, namespaceInformer, rbacInformers, @@ -94,7 +109,7 @@ func NewAdvisingPodSecurityAdmissionLabelSynchronizationController( } func newPodSecurityAdmissionLabelSynchronizationController( - shouldEnforce bool, + syncedLabels map[string]string, namespaceClient corev1client.NamespaceInterface, namespaceInformer corev1informers.NamespaceInformer, rbacInformers rbacv1informers.Interface, @@ -123,7 +138,7 @@ func newPodSecurityAdmissionLabelSynchronizationController( syncCtx := factory.NewSyncContext(controllerName, eventRecorder.WithComponentSuffix(controllerName)) c := &PodSecurityAdmissionLabelSynchronizationController{ - shouldEnforce: shouldEnforce, + syncedLabels: syncedLabels, namespaceClient: namespaceClient, @@ -191,6 +206,11 @@ func (c *PodSecurityAdmissionLabelSynchronizationController) sync(ctx context.Co return nil } + ns, err = forceHistoricalLabelsOwnership(ctx, c.namespaceClient, ns) + if err != nil { + return fmt.Errorf("failed to force ownership from cluster-policy-controller to %s: %w", controllerName, err) + } + if err := c.syncNamespace(ctx, controllerContext, ns); err != nil { return fmt.Errorf(errFmt, qKey, err) } @@ -198,6 +218,71 @@ func (c *PodSecurityAdmissionLabelSynchronizationController) sync(ctx context.Co return nil } +func forceHistoricalLabelsOwnership(ctx context.Context, nsClient corev1client.NamespaceInterface, ns *corev1.Namespace) (*corev1.Namespace, error) { + cpcOwnedLabelKeys := sets.New[string]() + for _, f := range ns.ManagedFields { + if f.Manager != "cluster-policy-controller" { + continue + } + + newCPCLabels, err := managedLabels(f) + if err != nil { + return nil, err + } + + cpcOwnedLabelKeys = cpcOwnedLabelKeys.Union(newCPCLabels) + } + + if cpcOwnedLabelKeys.Len() == 0 { + return ns, nil + } + + cpcOwnedPSaLabels := map[string]string{} + // filter out all the labels not owned by this controller + for labelType, labelVersion := range allPSaLabels { + if cpcOwnedLabelKeys.Has(labelType) { + cpcOwnedPSaLabels[labelType] = ns.Labels[labelType] + } + if cpcOwnedLabelKeys.Has(labelVersion) { + cpcOwnedPSaLabels[labelVersion] = ns.Labels[labelVersion] + } + } + + // none of the labels CPC is managing are interesting to us + if len(cpcOwnedPSaLabels) == 0 { + return ns, nil + } + + // we need to extract all our managed fields not to delete them on the apply below + ourOwned, err := corev1apply.ExtractNamespace(ns, controllerName) + if err != nil { + return nil, err + } + + // add the PSa labels that were previously owned by CPC under this manager + ourOwned.WithLabels(cpcOwnedPSaLabels) + + nsCopy := ns.DeepCopy() + for labelKey := range cpcOwnedPSaLabels { + delete(nsCopy.Labels, labelKey) + } + + // previously, we were using Update to set the labels, Kube does not consider that as actually owning the fields, even + // though it shows up in managedFields and would cause conflicts on value change. Eh. Ugly. + // + // Writing custom logic that checks which fields are _really_ managed by a manager, caches the unstructured object and then + // conditionally removes the label from all those unstructured fields and shoves them back in the proper place + // in the object managedFields is tedious, ugly and super error-prone. + // + // Just remove the fields as the previous owner and quickly readd them as the new one. + if _, err = nsClient.Update(ctx, nsCopy, metav1.UpdateOptions{FieldManager: "cluster-policy-controller"}); err != nil { + return nil, fmt.Errorf("failed to share PSa label ownership with the previous owner: %w", err) + } + + // take ownership of the fields since they should all be clear now + return nsClient.Apply(ctx, ourOwned, metav1.ApplyOptions{FieldManager: controllerName}) +} + func (c *PodSecurityAdmissionLabelSynchronizationController) syncNamespace(ctx context.Context, controllerContext factory.SyncContext, ns *corev1.Namespace) error { // We cannot safely determine the SCC level for an NS until it gets the UID annotation. // No need to care about re-queueing the key, we should get the NS once it is updated @@ -250,59 +335,50 @@ func (c *PodSecurityAdmissionLabelSynchronizationController) syncNamespace(ctx c return fmt.Errorf("unknown PSa level for namespace %q", ns.Name) } - nsCopy := ns.DeepCopy() + managedNamespaces, err := extractNSFieldsPerManager(ns) + if err != nil { + return fmt.Errorf("ns extraction failed: %w", err) + } - var changed bool + // we must extract the NS in case only some of the labels we're setting need + // updating to avoid hotlo + nsApplyConfig := corev1apply.Namespace(ns.Name) + if err != nil { + return fmt.Errorf("failed to extract field ownership for NS %q: %w", ns.Name, err) + } - if c.shouldEnforce { - if nsCopy.Labels[psapi.EnforceLevelLabel] != string(psaLevel) || nsCopy.Labels[psapi.EnforceVersionLabel] != currentPSaVersion { - changed = true - if nsCopy.Labels == nil { - nsCopy.Labels = map[string]string{} + var shouldUpdate bool + mustSync := ns.Labels[labelSyncControlLabel] == "true" + for typeLabel, versionLabel := range c.syncedLabels { + if manager := managedNamespaces.getManagerForLabel(typeLabel); len(manager) == 0 || manager == controllerName || mustSync { + nsApplyConfig.WithLabels(map[string]string{ + typeLabel: string(psaLevel), + }) + if ns.Labels[typeLabel] != string(psaLevel) { + shouldUpdate = true } - - nsCopy.Labels[psapi.EnforceLevelLabel] = string(psaLevel) - nsCopy.Labels[psapi.EnforceVersionLabel] = currentPSaVersion } - - // cleanup audit and warn labels from version 4.11 - // TODO: This can be removed in 4.13 and allow users set these as they wish - for typeLabel, versionLabel := range map[string]string{ - psapi.WarnLevelLabel: psapi.WarnVersionLabel, - psapi.AuditLevelLabel: psapi.AuditVersionLabel, - } { - if _, ok := nsCopy.Labels[typeLabel]; ok { - delete(nsCopy.Labels, typeLabel) - changed = true - } - if _, ok := nsCopy.Labels[versionLabel]; ok { - delete(nsCopy.Labels, versionLabel) - changed = true + if manager := managedNamespaces.getManagerForLabel(versionLabel); len(manager) == 0 || manager == controllerName || mustSync { + nsApplyConfig.WithLabels(map[string]string{ + versionLabel: currentPSaVersion, + }) + if ns.Labels[versionLabel] != currentPSaVersion { + shouldUpdate = true } } - } else { - for typeLabel, versionLabel := range map[string]string{ - psapi.WarnLevelLabel: psapi.WarnVersionLabel, - psapi.AuditLevelLabel: psapi.AuditVersionLabel, - } { - if ns.Labels[typeLabel] != string(psaLevel) || ns.Labels[versionLabel] != currentPSaVersion { - changed = true - if nsCopy.Labels == nil { - nsCopy.Labels = map[string]string{} - } - - nsCopy.Labels[typeLabel] = string(psaLevel) - nsCopy.Labels[versionLabel] = currentPSaVersion + } - } - } + if !shouldUpdate { + return nil } - if changed { - _, err := c.namespaceClient.Update(ctx, nsCopy, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("failed to update the namespace: %w", err) + _, err = c.namespaceClient.Apply(ctx, nsApplyConfig, metav1.ApplyOptions{FieldManager: controllerName, Force: mustSync}) + if err != nil { + if apierrors.IsConflict(err) { + klog.Warning("someone else is already managing the PSa labels: %v", err) + return nil } + return fmt.Errorf("failed to update the namespace: %w", err) } return nil @@ -394,12 +470,43 @@ func isNSControlled(ns *corev1.Namespace) bool { return false } + if ns.Labels[labelSyncControlLabel] == "true" { + return true + } + // while "openshift-" namespaces should be considered controlled, there are some // edge cases where users can also create them. Consider these a special case // and delegate the decision to sync on the user who should know what they are // doing when creating a NS that appears to be system-controlled. if strings.HasPrefix(nsName, "openshift-") { - return ns.Labels[labelSyncControlLabel] == "true" + return false + } + + extractedPerManager, err := extractNSFieldsPerManager(ns) + if err != nil { + klog.Errorf("ns extraction failed: %v", err) + return false + } + + var owningAtLeastOneLabel bool + for _, labelName := range []string{ + psapi.EnforceLevelLabel, psapi.EnforceVersionLabel, + psapi.WarnLevelLabel, psapi.WarnVersionLabel, + psapi.AuditLevelLabel, psapi.AuditVersionLabel, + } { + if _, ok := ns.Labels[labelName]; ok { + manager := extractedPerManager.getManagerForLabel(labelName) + if len(manager) > 0 && manager != "cluster-policy-controller" && manager != controllerName { + continue + } + } + // a label is either not set or is directly owned by us + owningAtLeastOneLabel = true + + } + + if !owningAtLeastOneLabel { + return false } return ns.Labels[labelSyncControlLabel] != "false" @@ -415,3 +522,63 @@ func controlledNamespacesLabelSelector() (labels.Selector, error) { return labels.NewSelector().Add(*labelRequirement), nil } + +// extractedNamespaces serves as a cache so that we don't have to re-extract the namespaces +// for each label. It helps us prevent performance overhead from multiple deserializations. +// +// Maps a set of managed metadata.labels to their manager name. +type extractedNamespaces map[string]sets.Set[string] + +// extractNSFieldsPerManager parses all the FieldsV1 in a Namespace `ns`, +// extracts the information about label ownership and returns a structure that +// maps all these labels in a set to their manager +func extractNSFieldsPerManager(ns *corev1.Namespace) (extractedNamespaces, error) { + ret := extractedNamespaces{} + for _, fieldEntry := range ns.ManagedFields { + managedLabels, err := managedLabels(fieldEntry) + if err != nil { + return nil, fmt.Errorf("failed to extract managed fields for NS %q: %v", ns.Name, err) + } + if current, ok := ret[fieldEntry.Manager]; ok { + ret[fieldEntry.Manager] = current.Union(managedLabels) + } else { + ret[fieldEntry.Manager] = managedLabels + } + } + return ret, nil +} + +func (n extractedNamespaces) getManagerForLabel(labelName string) string { + for manager, extractedNS := range n { + if _, managed := extractedNS[labelName]; managed { + return manager + } + } + return "" +} + +// managedLabels extract the metadata.labels from the JSON in the managedEntry.FieldsV1 +// that describes the object's field ownership +func managedLabels(fieldsEntry metav1.ManagedFieldsEntry) (sets.Set[string], error) { + managedUnstructured := map[string]interface{}{} + err := json.Unmarshal(fieldsEntry.FieldsV1.Raw, &managedUnstructured) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal managed fields: %w", err) + } + + labels, found, err := unstructured.NestedMap(managedUnstructured, "f:metadata", "f:labels") + if err != nil { + return nil, fmt.Errorf("failed to get labels from the managed fields: %w", err) + } + + ret := sets.New[string]() + if !found { + return ret, nil + } + + for l := range labels { + ret.Insert(strings.Replace(l, "f:", "", 1)) + } + + return ret, nil +} diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/privileged_namespaces_controller.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/privileged_namespaces_controller.go new file mode 100644 index 0000000000..1ea16149fa --- /dev/null +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/privileged_namespaces_controller.go @@ -0,0 +1,148 @@ +package psalabelsyncer + +import ( + "context" + "fmt" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apimachinery/pkg/util/wait" + corev1apply "k8s.io/client-go/applyconfigurations/core/v1" + corev1informers "k8s.io/client-go/informers/core/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + corev1listers "k8s.io/client-go/listers/core/v1" + "k8s.io/client-go/tools/cache" + "k8s.io/client-go/util/workqueue" + "k8s.io/klog/v2" + "k8s.io/kubernetes/pkg/controller" + psapi "k8s.io/pod-security-admission/api" + + "github.com/openshift/library-go/pkg/controller/factory" + "github.com/openshift/library-go/pkg/operator/events" +) + +const privilegedControllerName = "privileged-namespaces-psa-label-syncer" + +type privilegedNamespacesPSALabelSyncer struct { + nsClient corev1client.NamespaceInterface + nsLister corev1listers.NamespaceLister + nsCacheSynced cache.InformerSynced + + workqueue workqueue.RateLimitingInterface +} + +func NewPrivilegedNamespacesPSALabelSyncer( + ctx context.Context, + namespaceClient corev1client.NamespaceInterface, + namespaceInformer corev1informers.NamespaceInformer, + eventRecorder events.Recorder, +) *privilegedNamespacesPSALabelSyncer { + c := &privilegedNamespacesPSALabelSyncer{ + nsClient: namespaceClient, + nsLister: namespaceInformer.Lister(), + + nsCacheSynced: namespaceInformer.Informer().HasSynced, + + workqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), privilegedControllerName), + } + + logger := klog.FromContext(ctx) + + namespaceInformer.Informer().AddEventHandler( + cache.FilteringResourceEventHandler{ + FilterFunc: factory.NamesFilter("default", "kube-system", "kube-public"), + Handler: cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { + c.enqueueNS(logger, obj) + }, + UpdateFunc: func(_, newObj interface{}) { + c.enqueueNS(logger, newObj) + }, + DeleteFunc: nil, + }, + }, + ) + + return c +} + +func (c *privilegedNamespacesPSALabelSyncer) Run(ctx context.Context, _ int) { + defer utilruntime.HandleCrash() + defer c.workqueue.ShutDown() + + logger := klog.FromContext(ctx) + logger.Info("Starting", "controller", privilegedControllerName) + defer logger.Info("Shutting down", "controller", privilegedControllerName) + + if !cache.WaitForNamedCacheSync(privilegedControllerName, ctx.Done(), c.nsCacheSynced) { + return + } + + go wait.UntilWithContext(ctx, c.worker, time.Second) + + <-ctx.Done() +} + +func (c *privilegedNamespacesPSALabelSyncer) worker(ctx context.Context) { + workerFunc := func(ctx context.Context) bool { + key, quit := c.workqueue.Get() + if quit { + return true + } + defer c.workqueue.Done(key) + + logger := klog.FromContext(ctx) + logger = klog.LoggerWithValues(logger, "queueKey", key) + ctx = klog.NewContext(ctx, logger) + + err := c.sync(ctx, key.(string)) + if err == nil { + c.workqueue.Forget(key) + return false + } + + utilruntime.HandleError(err) + c.workqueue.AddRateLimited(key) + + return false + } + + for { + if quit := workerFunc(ctx); quit { + return + } + } +} + +func (c *privilegedNamespacesPSALabelSyncer) sync(ctx context.Context, nsName string) error { + ns, err := c.nsLister.Get(nsName) + if err != nil { + return fmt.Errorf("failed to retrieve ns %q: %w", nsName, err) + } + + if ns.Labels[psapi.EnforceLevelLabel] == "privileged" && + ns.Labels[psapi.WarnLevelLabel] == "privileged" && + ns.Labels[psapi.AuditLevelLabel] == "privileged" { + return nil + } + + nsApplyConfig := corev1apply.Namespace(ns.Name).WithLabels(map[string]string{ + psapi.EnforceLevelLabel: "privileged", + psapi.WarnLevelLabel: "privileged", + psapi.AuditLevelLabel: "privileged", + }) + + _, err = c.nsClient.Apply(ctx, nsApplyConfig, v1.ApplyOptions{FieldManager: privilegedControllerName, Force: true}) + + return err +} + +func (c *privilegedNamespacesPSALabelSyncer) enqueueNS(logger klog.Logger, obj interface{}) { + key, err := controller.KeyFunc(obj) + if err != nil { + logger.Error(err, "Couldn't get key", "object", obj) + return + } + c.workqueue.Add(key) +} diff --git a/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/endpointslice_controller.go b/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/endpointslice_controller.go index 5910d6cd3b..425f8fb57a 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/endpointslice_controller.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/endpointslice_controller.go @@ -520,7 +520,10 @@ func (c *Controller) updateNode(old, cur interface{}) { oldNode := old.(*v1.Node) curNode := cur.(*v1.Node) - if topologycache.NodeReady(oldNode.Status) != topologycache.NodeReady(curNode.Status) { + // LabelTopologyZone may be added by cloud provider asynchronously after the Node is created. + // The topology cache should be updated in this case. + if topologycache.NodeReady(oldNode.Status) != topologycache.NodeReady(curNode.Status) || + oldNode.Labels[v1.LabelTopologyZone] != curNode.Labels[v1.LabelTopologyZone] { c.checkNodeTopologyDistribution() } } diff --git a/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/topologycache/topologycache.go b/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/topologycache/topologycache.go index fa49979528..dadd360458 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/topologycache/topologycache.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/endpointslice/topologycache/topologycache.go @@ -154,8 +154,10 @@ func (t *TopologyCache) AddHints(si *SliceInfo) ([]*discovery.EndpointSlice, []* return slicesToCreate, slicesToUpdate, events } - hintsEnabled := t.hintsPopulatedByService.Has(si.ServiceKey) - t.SetHints(si.ServiceKey, si.AddressType, allocatedHintsByZone) + t.lock.Lock() + defer t.lock.Unlock() + hintsEnabled := t.hasPopulatedHintsLocked(si.ServiceKey) + t.setHintsLocked(si.ServiceKey, si.AddressType, allocatedHintsByZone) // if hints were not enabled before, we publish an event to indicate we enabled them. if !hintsEnabled { @@ -175,6 +177,10 @@ func (t *TopologyCache) SetHints(serviceKey string, addrType discovery.AddressTy t.lock.Lock() defer t.lock.Unlock() + t.setHintsLocked(serviceKey, addrType, allocatedHintsByZone) +} + +func (t *TopologyCache) setHintsLocked(serviceKey string, addrType discovery.AddressType, allocatedHintsByZone EndpointZoneInfo) { _, ok := t.endpointsByService[serviceKey] if !ok { t.endpointsByService[serviceKey] = map[discovery.AddressType]EndpointZoneInfo{} @@ -263,6 +269,13 @@ func (t *TopologyCache) SetNodes(nodes []*v1.Node) { // HasPopulatedHints checks whether there are populated hints for a given service in the cache. func (t *TopologyCache) HasPopulatedHints(serviceKey string) bool { + t.lock.Lock() + defer t.lock.Unlock() + + return t.hasPopulatedHintsLocked(serviceKey) +} + +func (t *TopologyCache) hasPopulatedHintsLocked(serviceKey string) bool { return t.hintsPopulatedByService.Has(serviceKey) } @@ -270,6 +283,9 @@ func (t *TopologyCache) HasPopulatedHints(serviceKey string) bool { // it is not possible to provide allocations that are below the overload // threshold, a nil value will be returned. func (t *TopologyCache) getAllocations(numEndpoints int) (map[string]Allocation, *EventBuilder) { + t.lock.Lock() + defer t.lock.Unlock() + // it is similar to checking !t.sufficientNodeInfo if t.cpuRatiosByZone == nil { return nil, &EventBuilder{ @@ -293,9 +309,6 @@ func (t *TopologyCache) getAllocations(numEndpoints int) (map[string]Allocation, } } - t.lock.Lock() - defer t.lock.Unlock() - remainingMinEndpoints := numEndpoints minTotal := 0 allocations := map[string]Allocation{} diff --git a/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go b/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go index f5e6be5227..4558f21c81 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go @@ -78,6 +78,9 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation } } + // when using a scoped token, set the required scopes to perform the self SAR if any is missing + userToCheck = userWithRequiredScopes(userToCheck) + var authorizationAttributes authorizer.AttributesRecord if selfSAR.Spec.ResourceAttributes != nil { authorizationAttributes = authorizationutil.ResourceAttributesFrom(userToCheck, *selfSAR.Spec.ResourceAttributes) diff --git a/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest_patch.go b/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest_patch.go new file mode 100644 index 0000000000..1b13327285 --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest_patch.go @@ -0,0 +1,55 @@ +package selfsubjectaccessreview + +import ( + "reflect" + "sort" + + "k8s.io/apiserver/pkg/authentication/user" + + authorizationv1 "github.com/openshift/api/authorization/v1" + authorizationscope "github.com/openshift/apiserver-library-go/pkg/authorization/scope" +) + +func userWithRequiredScopes(userToCheck user.Info) user.Info { + userExtra := userToCheck.GetExtra() + if userExtra == nil || !scopesNeedUserFull(userExtra[authorizationv1.ScopesKey]) { + return userToCheck + } + + userExtraCopy := make(map[string][]string) + for k, v := range userExtra { + userExtraCopy[k] = v + } + userExtraCopy[authorizationv1.ScopesKey] = append(userExtraCopy[authorizationv1.ScopesKey], authorizationscope.UserFull) + + userWithFullScope := &user.DefaultInfo{ + Name: userToCheck.GetName(), + UID: userToCheck.GetUID(), + Groups: userToCheck.GetGroups(), + Extra: userExtraCopy, + } + + return userWithFullScope +} + +// a self-SAR request must be authorized as if it has either the full user's permissions +// or the permissions of the user's role set on the request (if applicable) in order +// to be able to perform the access review +func scopesNeedUserFull(scopes []string) bool { + if len(scopes) == 0 { + return false + } + + sort.Strings(scopes) + switch { + case + // all scope slices used here must be sorted + reflect.DeepEqual(scopes, []string{authorizationscope.UserAccessCheck}), + reflect.DeepEqual(scopes, []string{authorizationscope.UserAccessCheck, authorizationscope.UserInfo}), + reflect.DeepEqual(scopes, []string{authorizationscope.UserAccessCheck, authorizationscope.UserListAllProjects}), + reflect.DeepEqual(scopes, []string{authorizationscope.UserAccessCheck, authorizationscope.UserInfo, authorizationscope.UserListAllProjects}): + return true + } + + return false +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 045cad75bd..88ff564b9d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -744,7 +744,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/cluster-policy-controller v0.0.0-20230724103459-8501bc8c4084 +# github.com/openshift/cluster-policy-controller v0.0.0-20230823075520-b3cb22fa4830 ## explicit; go 1.20 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller @@ -1298,7 +1298,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 +# k8s.io/api v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1355,7 +1355,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 +# k8s.io/apiextensions-apiserver v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1399,7 +1399,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 +# k8s.io/apimachinery v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1464,7 +1464,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 +# k8s.io/apiserver v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1622,12 +1622,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 +# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 +# k8s.io/client-go v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1964,7 +1964,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1986,14 +1986,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 +# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2027,7 +2027,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 +# k8s.io/component-helpers v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2040,7 +2040,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 +# k8s.io/controller-manager v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2057,16 +2057,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220913193501-391367153a38 @@ -2085,13 +2085,13 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kms v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kube-aggregator v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2122,7 +2122,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f @@ -2155,13 +2155,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2196,7 +2196,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2213,7 +2213,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.27.1 => github.com/openshift/kubernetes v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kubernetes v1.27.1 => github.com/openshift/kubernetes v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3018,7 +3018,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/legacy-cloud-providers/azure k8s.io/legacy-cloud-providers/azure/auth @@ -3060,7 +3060,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3075,10 +3075,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 +# k8s.io/pod-security-admission v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3228,34 +3228,34 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230810140522-deb2c6012264 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230810140522-deb2c6012264 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230810140522-deb2c6012264 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230823203748-d424288c25bf +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230823203748-d424288c25bf +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230823203748-d424288c25bf # sigs.k8s.io/kube-storage-version-migrator => github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20230724151845-8558e14a1168 From 293bf75400aa3a047970c75e235a4235644c953b Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:08 +0000 Subject: [PATCH 5/9] update etcd/go.mod --- etcd/go.mod | 58 ++++++++++++++++++++++++++--------------------------- etcd/go.sum | 24 +++++++++++----------- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/etcd/go.mod b/etcd/go.mod index 8b15fa106b..f77398eb54 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230706085316-5a36b9b6b329 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230706085316-5a36b9b6b329 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230706085316-5a36b9b6b329 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230810140522-deb2c6012264 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230810140522-deb2c6012264 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230823203748-d424288c25bf // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230823203748-d424288c25bf // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 1aff514bd0..8db579111b 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -300,18 +300,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230706085316-5a36b9b6b329 h1:KNPL8L github.com/openshift/etcd/raft/v3 v3.5.1-0.20230706085316-5a36b9b6b329/go.mod h1:WnFkqzFdZua4LVlVXQEGhmooLeyS7mqzS4Pf4BCVqXg= github.com/openshift/etcd/server/v3 v3.5.1-0.20230706085316-5a36b9b6b329 h1:eZbiPOm+IsSpPUUIrfBx3kpRg9JLH+KQmUKhsiIeSSo= github.com/openshift/etcd/server/v3 v3.5.1-0.20230706085316-5a36b9b6b329/go.mod h1:GgI1fQClQCFIzuVjlvdbMxNbnISt90gdfYyqiAIt65g= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 h1:d0ETNTP0IayKYaSlAElStTXw4n4HI2O1dp5eC2Ae1Gc= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264/go.mod h1:HS+D2l4KQPtUswcaoAlFe4qPsy2Go7C4xL5rFyxTrnQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 h1:Dwr54cMVUYPrFQMfR43e+Oy3vhD0dZMGXpn7yikqHlQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264/go.mod h1:NxjwHbUzQh5X2AIEseAOwyA8y/cbDyAX4b/lRMP4KUM= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 h1:A47FyyRmeTktyT/9AJDxcYUCOr4QamnLT5c3r4oGuBE= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 h1:XEt24j/SotuyHVOnZXADvbSHHel3QZTYdri6SC5bwR4= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 h1:oWKHyTuDmi2qodjxwoBptSkSGtu3CtMvBvpx2jXaCSU= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264/go.mod h1:wAcKQiyH7O5X535pb0/RamfWxga+4e/opQZJKl2C1c0= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 h1:Ry0r7HamJd+EhpZ+DEdouEIAu30zJT9PNFgXnSrqYII= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf h1:+cTghF8WGxvkmjXeeNu+OO5DHw19MafyALkzn4lMKfM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf/go.mod h1:HS+D2l4KQPtUswcaoAlFe4qPsy2Go7C4xL5rFyxTrnQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf h1:hFeDDS0yo1bD0QIxXd7WMQ+UlFWQc+7cN8mrQdq75Bk= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf/go.mod h1:NxjwHbUzQh5X2AIEseAOwyA8y/cbDyAX4b/lRMP4KUM= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf h1:wv4xl/vnwh2Cu20kfT3yL76YhltEIaXMgPHEscT48pg= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf/go.mod h1:KlG3TyDN82d8p0dpJDMyY/s4PZNec0LHAmgoIzVGARE= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf h1:NIf3lIAUAniZZHJAIptQtodB4ZF4LjqzdasSZuBIv6U= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf/go.mod h1:I0XLN7RRr89r6VksWi0xZ+MJRL/WIKixVSBTXXXX394= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf h1:8wawlRfxCuR8+0F3DbKYi7xC8O+uMH0xRmLAA1J+kZU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf/go.mod h1:wAcKQiyH7O5X535pb0/RamfWxga+4e/opQZJKl2C1c0= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf h1:7zCNbVM1jjTr6F9+vJDFiF6k8six79WIn1qQV0tM7n0= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf/go.mod h1:VR1Bz32opPHJ3xZNCoS4FjfUnJYnsgN0cxQAubCHbb4= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20230317131656-c62d9de5a460 h1:PftK9Q7BUD+wj8fNvxtJ+RhxYkcTtd8LcAo1Gk1H1HM= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= From a9449541edd21987b28b12b70976244a9dedbbf3 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:13 +0000 Subject: [PATCH 6/9] update etcd/vendor --- .../openshift/microshift/pkg/util/net.go | 12 +++- etcd/vendor/modules.txt | 70 +++++++++---------- 2 files changed, 45 insertions(+), 37 deletions(-) diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go b/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go index 0887dcede6..251ae41b74 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go @@ -34,15 +34,23 @@ import ( var previousGatewayIP string = "" +// Remember whether we have successfully found the hard-coded nodeIP +// on this host. +var foundHardCodedNodeIP bool + func GetHostIP(nodeIP string) (string, error) { var hostIP string var err error if nodeIP != "" { - klog.Infof("try to find nodeIP %s on host", nodeIP) + if !foundHardCodedNodeIP { + foundHardCodedNodeIP = true + klog.Infof("trying to find configured nodeIP %q on host", nodeIP) + } hostIP, err = selectV4IPFromHostInterface(nodeIP) if err != nil { - return "", fmt.Errorf("failed to find nodeIP %s on host: %v", nodeIP, err) + foundHardCodedNodeIP = false + return "", fmt.Errorf("failed to find the configured nodeIP %q on host: %v", nodeIP, err) } goto found } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 715125699f..734dd85822 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -582,7 +582,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 +# k8s.io/api v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -639,7 +639,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 +# k8s.io/apimachinery v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -690,12 +690,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 +# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 +# k8s.io/client-go v0.27.4 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -841,7 +841,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 +# k8s.io/component-base v0.27.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -878,7 +878,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 +# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf ## explicit; go 1.20 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -1005,32 +1005,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230706085316-5a36b9b6b329 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230706085316-5a36b9b6b329 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230706085316-5a36b9b6b329 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230810140522-deb2c6012264 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230810140522-deb2c6012264 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230810140522-deb2c6012264 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230810140522-deb2c6012264 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230810140522-deb2c6012264 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230810140522-deb2c6012264 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230810140522-deb2c6012264 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230810140522-deb2c6012264 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230810140522-deb2c6012264 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230810140522-deb2c6012264 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230810140522-deb2c6012264 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230810140522-deb2c6012264 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230810140522-deb2c6012264 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230810140522-deb2c6012264 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230810140522-deb2c6012264 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230810140522-deb2c6012264 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230823203748-d424288c25bf +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230823203748-d424288c25bf +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230823203748-d424288c25bf +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230823203748-d424288c25bf +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230823203748-d424288c25bf +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230823203748-d424288c25bf +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230823203748-d424288c25bf +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230823203748-d424288c25bf +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230823203748-d424288c25bf +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230823203748-d424288c25bf +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230823203748-d424288c25bf +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230823203748-d424288c25bf +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230823203748-d424288c25bf +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230823203748-d424288c25bf +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230823203748-d424288c25bf +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230823203748-d424288c25bf +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230823203748-d424288c25bf +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230823203748-d424288c25bf +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230823203748-d424288c25bf +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230823203748-d424288c25bf +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230823203748-d424288c25bf +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230823203748-d424288c25bf From 35607eddf04b88263ff0b914ea2b0be59d0c92bb Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:13 +0000 Subject: [PATCH 7/9] update component images --- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 620efbd52b..686e24087f 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:93f38aad78f10009eaaae8baaec8052e5a0183202d73305d3b7763ab050182e4" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ec00bd1af356a028460259ef1e2f3479a928ffef1e8bce06712271f528a1f509" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 5d2a632651..502396c2fd 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:764516632616789b75f9e1f2d814bab02563d7c6149826e62c21df4b2a4782c4" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4e79ef87369575106e7a21c999c5034803940f081c4a8ad43ea370a88b024092" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" From 441e1a74bfac003659528d96131f41eae1b22fc5 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:14 +0000 Subject: [PATCH 8/9] update manifests --- .../webhook_service.yaml | 1 + .../openshift-dns/dns/daemonset.yaml | 17 +++++--------- .../kube-apiserver/defaultconfig.yaml | 1 + assets/release/release-aarch64.json | 16 +++++++------- assets/release/release-x86_64.json | 22 +++++++++---------- 5 files changed, 27 insertions(+), 30 deletions(-) diff --git a/assets/components/csi-snapshot-controller/webhook_service.yaml b/assets/components/csi-snapshot-controller/webhook_service.yaml index 6135008dbd..ddd576182d 100644 --- a/assets/components/csi-snapshot-controller/webhook_service.yaml +++ b/assets/components/csi-snapshot-controller/webhook_service.yaml @@ -5,6 +5,7 @@ metadata: namespace: kube-system labels: app: csi-snapshot-webhook + hypershift.openshift.io/allow-guest-webhooks: "true" annotations: service.beta.openshift.io/serving-cert-secret-name: csi-snapshot-webhook-secret capability.openshift.io/name: CSISnapshot diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml index fa1fa220a7..7bd4077cd4 100644 --- a/assets/components/openshift-dns/dns/daemonset.yaml +++ b/assets/components/openshift-dns/dns/daemonset.yaml @@ -1,8 +1,6 @@ kind: DaemonSet apiVersion: apps/v1 spec: - # minReadySeconds should be 3x the readiness probe's polling interval (i.e. periodSeconds). - minReadySeconds: 9 template: metadata: annotations: @@ -35,7 +33,7 @@ spec: port: 8181 scheme: HTTP initialDelaySeconds: 10 - periodSeconds: 3 # Update the daemonset's spec.minReadySeconds above if you change this value! + periodSeconds: 3 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 3 @@ -94,14 +92,11 @@ spec: updateStrategy: type: RollingUpdate rollingUpdate: - # Set maxSurge to a positive value so that each node that has a pod - # continues to have a local ready pod during a rolling update. This is - # important for topology-aware hints as well as for similar logic in - # openshift-sdn and ovn-kubernetes that prefers to use a local ready DNS - # pod whenever one exists. - maxSurge: 10% - # maxUnavailable must be zero when maxSurge is nonzero. - maxUnavailable: 0 + # TODO: Consider setting maxSurge to a positive value. + maxSurge: 0 + # Note: The daemon controller rounds the percentage up + # (unlike the deployment controller, which rounds down). + maxUnavailable: 10% selector: matchLabels: dns.operator.openshift.io/daemonset-dns: default diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml index e93b3ec541..af45236c52 100644 --- a/assets/controllers/kube-apiserver/defaultconfig.yaml +++ b/assets/controllers/kube-apiserver/defaultconfig.yaml @@ -75,6 +75,7 @@ apiServerArguments: - StorageObjectInUseProtection - TaintNodesByCondition - ValidatingAdmissionWebhook + - ValidatingAdmissionPolicy - authorization.openshift.io/RestrictSubjectBindings - authorization.openshift.io/ValidateRoleBindingRestriction - config.openshift.io/DenyDeleteClusterConfiguration diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index b9eac01b26..a0e2e1d0b1 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,23 +1,23 @@ { "release": { - "base": "4.14.0-0.nightly-arm64-2023-08-28-154011" + "base": "4.14.0-0.nightly-arm64-2023-08-29-102228" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7fbd6b87b7107a12762f8021b7d06f8739f972e324aa8c680a5893daf2e94f10", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4e2a9ddbbb74b6952385e6424e18843d6d304ca179f1a84dee7857b0406cb377", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da22bd5a846e424d3da6e7f3d8d849cd23fd95a765ca70648f90e1c1f0b229be", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2bb62efc25b4bcfe3251984857cf920da5ed06d58bf2a7bd03e5f15745107e4", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8639ec30631d2565904051665a6923c94cbfcea3da14d2118ebb32efa2ef2871", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:04c5341df8cff9258b028a65821e4e6eef278b216006b25b52ab2d52ba4ae5a4", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aca1a77d62638473bef51085191c152ad5943b60ba57b844356ef7284164117a", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:812e0a7a488f452c4e7ca11aea84f54d388f28b32861e84f4c62e798b59c514e", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:764516632616789b75f9e1f2d814bab02563d7c6149826e62c21df4b2a4782c4", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:968907fb7cea31c832d9b9a3ec9e18801ef8ee55d2d8f30f2e13a7e5e399fe1d", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4e79ef87369575106e7a21c999c5034803940f081c4a8ad43ea370a88b024092", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4de7243ca2c711097e581f516cda8232402eb5cd864906702f7a8a80289cf72d", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:f676e20b8ecdbe9f5fc994e2ff236a02d2afe666bf325e8ac02cd3a043df107e", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:71d42a2b26fca9690036c95e54aa3641702c4dc7ba1912f8804d777320f9fbf8", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:3c63c06561f20f5ead423946c6cc22030c397f0fe190004e6b5ccdb3bfaccdc4", "topolvm_csi_resizer": "registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:837b32a0c432123e2605ad6d029e7f3b4489d9c52a9d272c7a133d41ad10db87", "topolvm_csi_provisioner": "registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:778aa6e5ea046bfcd865e665679c30362dc8c00cfb33a0cdcc56b2395e8ab504", "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0280958f2c2815b9b7d94d0b445ad587a11a827f2facc592305c0332bb03bd24", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f32758c79361cec8d5066f7cdcfb37afa09575e15d513fee9c46c269274f6aef", - "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b3eda325a57a00204c478bc089d2d9f1d3aa018536bc89c40405976203b00f29" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8cda5f355001a6c9534c195fd2e31b73f56059dc27b2d338be2f55557ec4c2de", + "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3880894bcef26a3a78ac89eef33d522e2415a45e98ab62494adea64324f4526" } } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 754c602731..89e9b523fc 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,23 +1,23 @@ { "release": { - "base": "4.14.0-0.nightly-2023-08-11-055332" + "base": "4.14.0-0.nightly-2023-08-28-154013" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1c88f8e6c3813a3aeef0b065fd30ab3a1c66fbffb5805c49f9d9b8b86da5b8d0", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3dd4c36c4cc5576a23fe6ec1da6ba6c25810641a216cf900320fce5d7a70614e", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:73762a889c6799c3ce3f849422ab5dfa82a5ab1bc8d2dcbd578bc03922b5ef9d", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c0b8dbf7535e346f41612a1d2ebf20fb2171f241567f82b20e87ee980c9e2df6", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5e7060e18e1d7e3df1589b1295aeef91942f87c072239984d544e265ffe36012", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77fe1762e254233b5f057f8596f3053eabc6eb187fac53da19382370b79a09e5", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dc3e9a80def3da74a3db612a92259c13aa48266ca58e9f97c00a8588a2b8031c", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1bc7ae4c03491cfdbbd8b6cbba5e23fca28e1a291cbe167c6e2d3591e61da22b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:972dde8970af0364607a623a5f5ab397945db067f9cf652d512d4fc07d5fec8a", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:93f38aad78f10009eaaae8baaec8052e5a0183202d73305d3b7763ab050182e4", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b8c327e371d2336efd2405a85eb1391ce90815886ea75d42d5464b7b02f4990d", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a2b33d6afb7e659a89f1b86815d8bd94455ef9806476a5bf8159cd7e82e0c91f", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ec00bd1af356a028460259ef1e2f3479a928ffef1e8bce06712271f528a1f509", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:02d75f892a54184b1fed02da142720771386f389d6ded45bb2d43816c4bc3226", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:f676e20b8ecdbe9f5fc994e2ff236a02d2afe666bf325e8ac02cd3a043df107e", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:71d42a2b26fca9690036c95e54aa3641702c4dc7ba1912f8804d777320f9fbf8", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:3c63c06561f20f5ead423946c6cc22030c397f0fe190004e6b5ccdb3bfaccdc4", "topolvm_csi_resizer": "registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:837b32a0c432123e2605ad6d029e7f3b4489d9c52a9d272c7a133d41ad10db87", "topolvm_csi_provisioner": "registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:778aa6e5ea046bfcd865e665679c30362dc8c00cfb33a0cdcc56b2395e8ab504", - "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4b0109251a95fa40411273da0d2ab03dbda61e32d300bcadb7d17fc52d354cc2", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:60736683f5dbfc0a177ef182cd5534e12dcc22bea30da6be1ef8f8a86fd47059", - "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294f6cccd6577bffcab306761de78af6766471a2ba07e6cbc1f5c7d67aacfc98" + "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a37e31b3e4a66cdd83cac07139e99e5c5408568012fc835ae96d7d58e6d64c9f", + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:db128fc57d7cfc30b2079a06c04bf2ba7ee213678c276b2b1a40a68db959e760", + "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ffa9084a39743370a670c841626412d996ee178d7f10cbd2be47a20ea6897d69" } } From 4d2bda61c7eab82a14c4508034c2601f7a497539 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 30 Aug 2023 05:09:18 +0000 Subject: [PATCH 9/9] update buildfiles --- Makefile.kube_git.var | 2 +- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index c3597f3d08..ae1a63f652 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=27 KUBE_GIT_VERSION=v1.27.4 -KUBE_GIT_COMMIT=deb2c6012264c4b300833165e51134de25441985 +KUBE_GIT_COMMIT=d424288c25bfee0d82e799dbce1113c9f18f77b7 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 17eb2f386f..d65c991ebb 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.14.0-0.nightly-arm64-2023-08-28-154011 +OCP_VERSION := 4.14.0-0.nightly-arm64-2023-08-29-102228 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 2fc376571a..e520d968fe 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.14.0-0.nightly-2023-08-11-055332 +OCP_VERSION := 4.14.0-0.nightly-2023-08-28-154013