From 50026b32e9f2a4b8ec5b3fea116620256ed161d9 Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 09:59:09 +0530 Subject: [PATCH 1/8] Vendor `gardener@1.74-dev` --- go.mod | 3 +- go.sum | 5 +- .../controlplane/genericactuator/actuator.go | 43 ++- .../pkg/controller/controlplane/utils.go | 2 +- .../extensions/pkg/predicate/predicate.go | 47 --- .../gardener/gardener/hack/kind-up.sh | 40 +++ .../gardener/pkg/apis/core/helper/helpers.go | 11 +- .../gardener/pkg/apis/core/types_seed.go | 6 +- .../gardener/pkg/apis/core/types_shoot.go | 14 +- .../core/v1beta1/constants/types_constants.go | 21 +- .../pkg/apis/core/v1beta1/conversions.go | 2 +- .../pkg/apis/core/v1beta1/defaults.go | 18 +- .../pkg/apis/core/v1beta1/generated.proto | 20 +- .../pkg/apis/core/v1beta1/helper/helper.go | 22 +- .../pkg/apis/core/v1beta1/types_seed.go | 3 +- .../pkg/apis/core/v1beta1/types_shoot.go | 17 +- .../pkg/apis/resources/v1alpha1/types.go | 7 + .../machine_controller_manager.go | 39 +-- .../pkg/controllerutils/miscellaneous.go | 2 +- .../pkg/gardenlet/apis/config/types.go | 30 +- .../apis/config/v1alpha1/defaults.go | 32 +- .../gardenlet/apis/config/v1alpha1/types.go | 33 +- .../v1alpha1/zz_generated.conversion.go | 90 +++--- .../config/v1alpha1/zz_generated.deepcopy.go | 53 ++-- .../config/v1alpha1/zz_generated.defaults.go | 8 +- .../apis/config/zz_generated.deepcopy.go | 53 ++-- .../gardener/pkg/utils/gardener/seed.go | 26 -- .../gardener/pkg/utils/gardener/shoot.go | 22 ++ .../pkg/utils/imagevector/imagevector.go | 2 +- .../pkg/utils/kubernetes/admissionplugins.go | 6 +- .../pkg/utils/kubernetes/tls_cipher_suites.go | 11 +- .../gardener/pkg/utils/miscellaneous.go | 4 +- .../gardener/pkg/utils/secrets/basic_auth.go | 2 +- .../pkg/utils/secrets/manager/generate.go | 64 ---- .../utils/validation/features/featuregates.go | 229 +++++--------- .../validation/kubernetesversion/version.go | 2 - .../gardener/pkg/utils/version/version.go | 28 -- .../test/framework/shootmigrationtest.go | 2 +- vendor/k8s.io/apiserver/LICENSE | 202 ------------ .../k8s.io/apiserver/pkg/apis/config/doc.go | 19 -- .../apiserver/pkg/apis/config/register.go | 53 ---- .../k8s.io/apiserver/pkg/apis/config/types.go | 103 ------ .../apiserver/pkg/apis/config/v1/defaults.go | 49 --- .../apiserver/pkg/apis/config/v1/doc.go | 23 -- .../apiserver/pkg/apis/config/v1/register.go | 53 ---- .../apiserver/pkg/apis/config/v1/types.go | 103 ------ .../apis/config/v1/zz_generated.conversion.go | 299 ------------------ .../apis/config/v1/zz_generated.deepcopy.go | 228 ------------- .../apis/config/v1/zz_generated.defaults.go | 46 --- .../pkg/apis/config/zz_generated.deepcopy.go | 228 ------------- vendor/modules.txt | 6 +- 51 files changed, 425 insertions(+), 2006 deletions(-) delete mode 100644 vendor/k8s.io/apiserver/LICENSE delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/doc.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/register.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/types.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go delete mode 100644 vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go diff --git a/go.mod b/go.mod index 9e7466882..b17dd12bf 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/aliyun/aliyun-oss-go-sdk v2.1.8+incompatible github.com/coreos/go-systemd/v22 v22.3.2 github.com/gardener/etcd-druid v0.18.1 - github.com/gardener/gardener v1.73.0 + github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 github.com/gardener/gardener-extension-networking-calico v1.30.1 github.com/gardener/gardener-extension-networking-cilium v1.18.0 github.com/gardener/machine-controller-manager v0.48.1 @@ -134,7 +134,6 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect istio.io/api v0.0.0-20230217221049-9d422bf48675 // indirect istio.io/client-go v1.17.1 // indirect - k8s.io/apiserver v0.26.3 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect k8s.io/helm v2.16.1+incompatible // indirect k8s.io/klog v1.0.0 // indirect diff --git a/go.sum b/go.sum index 6ee03fe16..89cfb8268 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/gardener/etcd-druid v0.18.1 h1:dcId4WayxlZiKvDMxLZHmmvWFXjTBFVqQWmqB5/8mdM= github.com/gardener/etcd-druid v0.18.1/go.mod h1:Bn4doVhryu6GWdXaYlVNy7TZMjUSMr5EjChei06KX0w= -github.com/gardener/gardener v1.73.0 h1:ZjYmv8GeLwh/kZ3Ou5+WrzGsyf9C/pgpSCDH8HKh0zo= -github.com/gardener/gardener v1.73.0/go.mod h1:uSkzPPoAEvdU1fvciTAsZFxPQ9vQpMbMFRJLMQgdfEQ= +github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 h1:W8PhoKl18vUTUJZNuUclTTNkfB/DXAZIU6IVSm4Nad8= +github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77/go.mod h1:uSkzPPoAEvdU1fvciTAsZFxPQ9vQpMbMFRJLMQgdfEQ= github.com/gardener/gardener-extension-networking-calico v1.30.1 h1:L8u8QB/QT7Dty25qZgFT47TnGhmpk6zutBXKhxnu9ns= github.com/gardener/gardener-extension-networking-calico v1.30.1/go.mod h1:DhaXVgUF4LAsS+6UlBK8kUKM8mhI+YHl/9/+WK3zfMk= github.com/gardener/gardener-extension-networking-cilium v1.18.0 h1:LNBMqVAkltHBDkP+C5Vq/dFgve/YOG8MIvTJJuWWCtU= @@ -974,7 +974,6 @@ k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlm k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4= -k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA= k8s.io/autoscaler/vertical-pod-autoscaler v0.9.0/go.mod h1:PwWTGRRCxefhAezrDbG/tRYSAW7etHjjMPAr8fXKVAA= k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0 h1:pH6AsxeBZcyX6KBqcnl7SPIJqbN1d59RrEBuIE6Rq6c= k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0/go.mod h1:LraL5kR2xX7jb4VMCG6/tUH4I75uRHlnzC0VWQHcyWk= diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go index 19411fd11..1a5c18a95 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator/actuator.go @@ -409,9 +409,23 @@ func (a *actuator) Delete( cp *extensionsv1alpha1.ControlPlane, cluster *extensionscontroller.Cluster, ) error { + sm, err := a.newSecretsManagerForControlPlane(ctx, log, cp, cluster, nil) + if err != nil { + return fmt.Errorf("failed to create secrets manager for ControlPlane: %w", err) + } + + if err := a.delete(ctx, log, cp, cluster); err != nil { + return err + } + + return sm.Cleanup(ctx) +} + +func (a *actuator) delete(ctx context.Context, log logr.Logger, cp *extensionsv1alpha1.ControlPlane, cluster *extensionscontroller.Cluster) error { if cp.Spec.Purpose != nil && *cp.Spec.Purpose == extensionsv1alpha1.Exposure { - return a.deleteControlPlaneExposure(ctx, log, cp, cluster) + return a.deleteControlPlaneExposure(ctx, log, cp) } + return a.deleteControlPlane(ctx, log, cp, cluster) } @@ -421,13 +435,7 @@ func (a *actuator) deleteControlPlaneExposure( ctx context.Context, log logr.Logger, cp *extensionsv1alpha1.ControlPlane, - cluster *extensionscontroller.Cluster, ) error { - sm, err := a.newSecretsManagerForControlPlane(ctx, log, cp, cluster, nil) - if err != nil { - return fmt.Errorf("failed to create secrets manager for ControlPlane: %w", err) - } - // Delete control plane objects if a.controlPlaneExposureChart != nil { log.Info("Deleting control plane exposure with objects") @@ -444,7 +452,7 @@ func (a *actuator) deleteControlPlaneExposure( } } - return sm.Cleanup(ctx) + return nil } // deleteControlPlane reconciles the given controlplane and cluster, deleting the additional Shoot @@ -455,9 +463,18 @@ func (a *actuator) deleteControlPlane( cp *extensionsv1alpha1.ControlPlane, cluster *extensionscontroller.Cluster, ) error { - sm, err := a.newSecretsManagerForControlPlane(ctx, log, cp, cluster, nil) - if err != nil { - return fmt.Errorf("failed to create secrets manager for ControlPlane: %w", err) + // Get config chart values + if a.configChart != nil { + values, err := a.vp.GetConfigChartValues(ctx, cp, cluster) + if err != nil { + return fmt.Errorf("failed to get configuration chart values before deletion of controlplane %s: %w", kubernetesutils.ObjectName(cp), err) + } + + // Apply config chart + log.Info("Applying configuration chart before deletion") + if err := a.configChart.Apply(ctx, a.chartApplier, cp.Namespace, nil, "", "", values); err != nil { + return fmt.Errorf("could not apply configuration chart before deletion of controlplane '%s': %w", kubernetesutils.ObjectName(cp), err) + } } // Delete the managed resources @@ -533,7 +550,7 @@ func (a *actuator) deleteControlPlane( } } - return sm.Cleanup(ctx) + return nil } // computeChecksums computes and returns all needed checksums. This includes the checksums for the given deployed secrets, @@ -603,7 +620,7 @@ func (a *actuator) Migrate( return fmt.Errorf("could not keep objects of managed resource containing storage classes chart for controlplane '%s': %w", kubernetesutils.ObjectName(cp), err) } - return a.Delete(ctx, log, cp, cluster) + return a.delete(ctx, log, cp, cluster) } func (a *actuator) newSecretsManagerForControlPlane(ctx context.Context, log logr.Logger, cp *extensionsv1alpha1.ControlPlane, cluster *extensionscontroller.Cluster, secretConfigs []extensionssecretsmanager.SecretConfigWithOptions) (secretsmanager.Interface, error) { diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/utils.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/utils.go index c8641cf95..f9fba1698 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/utils.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/controlplane/utils.go @@ -22,7 +22,7 @@ import ( // MergeSecretMaps merges the 2 given secret maps. func MergeSecretMaps(a, b map[string]*corev1.Secret) map[string]*corev1.Secret { - x := make(map[string]*corev1.Secret) + x := make(map[string]*corev1.Secret, len(a)) for _, m := range []map[string]*corev1.Secret{a, b} { for k, v := range m { x[k] = v diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/predicate/predicate.go b/vendor/github.com/gardener/gardener/extensions/pkg/predicate/predicate.go index 8352190e8..d8c6f7564 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/predicate/predicate.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/predicate/predicate.go @@ -24,7 +24,6 @@ import ( gardencore "github.com/gardener/gardener/pkg/api/core" "github.com/gardener/gardener/pkg/api/extensions" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener/pkg/utils/version" ) var logger = log.Log.WithName("predicate") @@ -148,49 +147,3 @@ func GardenCoreProviderType(providerType string) predicate.Predicate { }, } } - -// ClusterShootKubernetesVersionForCSIMigrationAtLeast is a predicate for the kubernetes version of the shoot in the cluster resource. -func ClusterShootKubernetesVersionForCSIMigrationAtLeast(kubernetesVersion string) predicate.Predicate { - f := func(obj client.Object) bool { - if obj == nil { - return false - } - - cluster, ok := obj.(*extensionsv1alpha1.Cluster) - if !ok { - return false - } - - shoot, err := extensionscontroller.ShootFromCluster(cluster) - if err != nil { - return false - } - - kubernetesVersionForCSIMigration := kubernetesVersion - if overwrite, ok := shoot.Annotations[extensionsv1alpha1.ShootAlphaCSIMigrationKubernetesVersion]; ok { - kubernetesVersionForCSIMigration = overwrite - } - - constraint, err := version.CompareVersions(shoot.Spec.Kubernetes.Version, ">=", kubernetesVersionForCSIMigration) - if err != nil { - return false - } - - return constraint - } - - return predicate.Funcs{ - CreateFunc: func(event event.CreateEvent) bool { - return f(event.Object) - }, - UpdateFunc: func(event event.UpdateEvent) bool { - return f(event.ObjectNew) - }, - GenericFunc: func(event event.GenericEvent) bool { - return f(event.Object) - }, - DeleteFunc: func(event event.DeleteEvent) bool { - return f(event.Object) - }, - } -} diff --git a/vendor/github.com/gardener/gardener/hack/kind-up.sh b/vendor/github.com/gardener/gardener/hack/kind-up.sh index 417b1c69a..0fbf3c543 100755 --- a/vendor/github.com/gardener/gardener/hack/kind-up.sh +++ b/vendor/github.com/gardener/gardener/hack/kind-up.sh @@ -118,6 +118,44 @@ setup_loopback_device() { echo "Setting up loopback device ${LOOPBACK_DEVICE} completed." } +# setup_containerd_registry_mirrors sets up all containerd registry mirrors. +# Resources: +# - https://github.com/containerd/containerd/blob/main/docs/hosts.md +# - https://kind.sigs.k8s.io/docs/user/local-registry/ +setup_containerd_registry_mirrors() { + REGISTRY_HOSTNAME="garden.local.gardener.cloud" + + for NODE in $(kind get nodes --name="$CLUSTER_NAME"); do + if [[ "$ENVIRONMENT" == "skaffold" ]]; then + setup_containerd_registry_mirror $NODE "localhost:5001" "http://localhost:5001" "http://${REGISTRY_HOSTNAME}:5001" + fi + + setup_containerd_registry_mirror $NODE "gcr.io" "https://gcr.io" "http://${REGISTRY_HOSTNAME}:5003" + setup_containerd_registry_mirror $NODE "eu.gcr.io" "https://eu.gcr.io" "http://${REGISTRY_HOSTNAME}:5004" + setup_containerd_registry_mirror $NODE "ghcr.io" "https://ghcr.io" "http://${REGISTRY_HOSTNAME}:5005" + setup_containerd_registry_mirror $NODE "registry.k8s.io" "https://registry.k8s.io" "http://${REGISTRY_HOSTNAME}:5006" + setup_containerd_registry_mirror $NODE "quay.io" "https://quay.io" "http://${REGISTRY_HOSTNAME}:5007" + done +} + +# setup_containerd_registry_mirror sets up a given contained registry mirror. +setup_containerd_registry_mirror() { + NODE=$1 + UPSTREAM_HOST=$2 + UPSTREAM_SERVER=$3 + MIRROR_HOST=$4 + + echo "Setting up containerd registry mirror for host ${UPSTREAM_HOST}."; + REGISTRY_DIR="/etc/containerd/certs.d/${UPSTREAM_HOST}" + docker exec "${NODE}" mkdir -p "${REGISTRY_DIR}" + cat <= 1.22 - SeedNginxIngressClass122 = "nginx-ingress-gardener" + SeedNginxIngressClass = "nginx-ingress-gardener" + // ShootNginxIngressClass defines the ingress class for the shoot nginx ingress controller addon. + ShootNginxIngressClass = "nginx" // IngressKindNginx defines nginx as kind as managed Seed ingress IngressKindNginx = "nginx" - // NginxIngressClass defines the ingress class for the seed nginx ingress controller if the seed cluster is a non Gardener managed cluster. - NginxIngressClass = "nginx" // SeedsGroup is the identity group for gardenlets when authenticating to the API server. SeedsGroup = "gardener.cloud:system:seeds" @@ -703,8 +708,6 @@ const ( DNSRecordInternalName = "internal" // DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name. DNSRecordExternalName = "external" - // DNSRecordOwnerName is a constant for DNSRecord objects used for the owner domain name. - DNSRecordOwnerName = "owner" // ArchitectureAMD64 is a constant for the 'amd64' architecture. ArchitectureAMD64 = "amd64" diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go index 1e2182c59..72306fd54 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/conversions.go @@ -120,7 +120,7 @@ func Convert_v1beta1_InternalSecret_To_core_InternalSecret(in *InternalSecret, o // StringData overwrites Data if len(in.StringData) > 0 { if out.Data == nil { - out.Data = map[string][]byte{} + out.Data = make(map[string][]byte, len(in.StringData)) } for k, v := range in.StringData { out.Data[k] = []byte(v) diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go index 200711aad..dcbe24338 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults.go @@ -64,10 +64,6 @@ func SetDefaults_Seed(obj *Seed) { obj.Spec.Settings.VerticalPodAutoscaler = &SeedSettingVerticalPodAutoscaler{Enabled: true} } - if obj.Spec.Settings.OwnerChecks == nil { - obj.Spec.Settings.OwnerChecks = &SeedSettingOwnerChecks{Enabled: false} - } - if obj.Spec.Settings.DependencyWatchdog == nil { obj.Spec.Settings.DependencyWatchdog = &SeedSettingDependencyWatchdog{} } @@ -132,21 +128,10 @@ func SetDefaults_Shoot(obj *Shoot) { } for i, worker := range obj.Spec.Provider.Workers { - kubernetesVersion := obj.Spec.Kubernetes.Version - if worker.Kubernetes != nil && worker.Kubernetes.Version != nil { - kubernetesVersion = *worker.Kubernetes.Version - } - if worker.Machine.Architecture == nil { obj.Spec.Provider.Workers[i].Machine.Architecture = pointer.String(v1beta1constants.ArchitectureAMD64) } - if k8sVersionGreaterOrEqualThan122, _ := versionutils.CompareVersions(kubernetesVersion, ">=", "1.22"); !k8sVersionGreaterOrEqualThan122 { - // Error is ignored here because we cannot do anything meaningful with it. - // k8sVersionGreaterOrEqualThan122 will default to `false`. - continue - } - if worker.CRI == nil { obj.Spec.Provider.Workers[i].CRI = &CRI{Name: CRINameContainerD} } @@ -233,8 +218,7 @@ func SetDefaults_Shoot(obj *Shoot) { obj.Spec.Kubernetes.Kubelet.FailSwapOn = pointer.Bool(true) } - k8sGreaterEquals122, _ := versionutils.CheckVersionMeetsConstraint(obj.Spec.Kubernetes.Version, ">= 1.22") - if nodeSwapFeatureGateEnabled, ok := obj.Spec.Kubernetes.Kubelet.FeatureGates["NodeSwap"]; k8sGreaterEquals122 && ok && nodeSwapFeatureGateEnabled && !*obj.Spec.Kubernetes.Kubelet.FailSwapOn { + if nodeSwapFeatureGateEnabled, ok := obj.Spec.Kubernetes.Kubelet.FeatureGates["NodeSwap"]; ok && nodeSwapFeatureGateEnabled && !*obj.Spec.Kubernetes.Kubelet.FailSwapOn { if obj.Spec.Kubernetes.Kubelet.MemorySwap == nil { obj.Spec.Kubernetes.Kubelet.MemorySwap = &MemorySwapConfiguration{} } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto index 9867c7c1e..5576e6ac6 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto @@ -2292,8 +2292,7 @@ message SeedSettingLoadBalancerServicesZones { // SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed. // // Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). -// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords. -// Finally, the field will be removed from the API in a future version of Gardener. +// The field is no-op and will be removed in a future version. message SeedSettingOwnerChecks { // Enabled controls whether owner checks are enabled for shoots scheduled on this seed. optional bool enabled = 1; @@ -2509,7 +2508,6 @@ message ServiceAccountConfig { // AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. // These values are not used to generate new service account tokens. Only useful when service account tokens are also // issued by another external system or a change of the current issuer that is used for generating tokens is being performed. - // This field is only available for Kubernetes v1.22 or later. // +optional repeated string acceptedIssuers = 5; } @@ -3001,7 +2999,7 @@ message Worker { optional string caBundle = 2; // CRI contains configurations of CRI support of every machine in the worker pool. - // Defaults to a CRI with name `containerd` when the Kubernetes version of the `Shoot` is >= 1.22. + // Defaults to a CRI with name `containerd`. // +optional optional CRI cri = 3; @@ -3019,17 +3017,21 @@ message Worker { // Machine contains information about the machine type and image. optional Machine machine = 7; - // Maximum is the maximum number of VMs to create. + // Maximum is the maximum number of machines to create. + // This value is divided by the number of configured zones for a fair distribution. optional int32 maximum = 8; - // Minimum is the minimum number of VMs to create. + // Minimum is the minimum number of machines to create. + // This value is divided by the number of configured zones for a fair distribution. optional int32 minimum = 9; - // MaxSurge is maximum number of VMs that are created during an update. + // MaxSurge is maximum number of machines that are created during an update. + // This value is divided by the number of configured zones for a fair distribution. // +optional optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 10; - // MaxUnavailable is the maximum number of VMs that can be unavailable during an update. + // MaxUnavailable is the maximum number of machines that can be unavailable during an update. + // This value is divided by the number of configured zones for a fair distribution. // +optional optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 11; @@ -3066,7 +3068,7 @@ message Worker { // +optional optional MachineControllerManagerSettings machineControllerManager = 19; - // Sysctls is a map of kernel settings to apply on all VMs in this worker pool. + // Sysctls is a map of kernel settings to apply on all machines in this worker pool. // +optional map sysctls = 20; } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go index 67bdaeae5..69bc30334 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go @@ -493,11 +493,6 @@ func SeedSettingVerticalPodAutoscalerEnabled(settings *gardencorev1beta1.SeedSet return settings == nil || settings.VerticalPodAutoscaler == nil || settings.VerticalPodAutoscaler.Enabled } -// SeedSettingOwnerChecksEnabled returns true if the 'ownerChecks' setting is enabled. -func SeedSettingOwnerChecksEnabled(settings *gardencorev1beta1.SeedSettings) bool { - return settings != nil && settings.OwnerChecks != nil && settings.OwnerChecks.Enabled -} - // SeedSettingDependencyWatchdogWeederEnabled returns true if the dependency-watchdog-weeder is enabled. func SeedSettingDependencyWatchdogWeederEnabled(settings *gardencorev1beta1.SeedSettings) bool { return settings == nil || settings.DependencyWatchdog == nil || settings.DependencyWatchdog.Weeder == nil || settings.DependencyWatchdog.Weeder.Enabled @@ -513,11 +508,6 @@ func SeedSettingTopologyAwareRoutingEnabled(settings *gardencorev1beta1.SeedSett return settings != nil && settings.TopologyAwareRouting != nil && settings.TopologyAwareRouting.Enabled } -// SeedUsesNginxIngressController returns true if the seed's specification requires an nginx ingress controller to be deployed. -func SeedUsesNginxIngressController(seed *gardencorev1beta1.Seed) bool { - return seed.Spec.DNS.Provider != nil && seed.Spec.Ingress != nil && seed.Spec.Ingress.Controller.Kind == v1beta1constants.IngressKindNginx -} - // DetermineMachineImageForName finds the cloud specific machine images in the for the given and // region. In case it does not find the machine image with the , it returns false. Otherwise, true and the // cloud-specific machine image will be returned. @@ -670,7 +660,7 @@ func IsAPIServerExposureManaged(obj metav1.Object) bool { } // FindPrimaryDNSProvider finds the primary provider among the given `providers`. -// It returns the first provider in case no primary provider is available or the first one if multiple candidates are found. +// It returns the first provider if multiple candidates are found. func FindPrimaryDNSProvider(providers []gardencorev1beta1.DNSProvider) *gardencorev1beta1.DNSProvider { for _, provider := range providers { if provider.Primary != nil && *provider.Primary { @@ -1408,13 +1398,13 @@ func GetFailureToleranceType(shoot *gardencorev1beta1.Shoot) *gardencorev1beta1. return nil } -// SeedWantsManagedIngress returns true in case the seed cluster wants its ingress controller to be managed by Gardener. -func SeedWantsManagedIngress(seed *gardencorev1beta1.Seed) bool { - return seed.Spec.DNS.Provider != nil && seed.Spec.Ingress != nil && seed.Spec.Ingress.Controller.Kind == v1beta1constants.IngressKindNginx -} - // IsTopologyAwareRoutingForShootControlPlaneEnabled returns whether the topology aware routing is enabled for the given Shoot control plane. // Topology-aware routing is enabled when the corresponding Seed setting is enabled and the Shoot has a multi-zonal control plane. func IsTopologyAwareRoutingForShootControlPlaneEnabled(seed *gardencorev1beta1.Seed, shoot *gardencorev1beta1.Shoot) bool { return SeedSettingTopologyAwareRoutingEnabled(seed.Spec.Settings) && IsMultiZonalShootControlPlane(shoot) } + +// ShootHasOperationType returns true when the 'type' in the last operation matches the provided type. +func ShootHasOperationType(lastOperation *gardencorev1beta1.LastOperation, lastOperationType gardencorev1beta1.LastOperationType) bool { + return lastOperation != nil && lastOperation.Type == lastOperationType +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_seed.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_seed.go index 3b443a0c9..f79448a38 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_seed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_seed.go @@ -321,8 +321,7 @@ type SeedSettingVerticalPodAutoscaler struct { // SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed. // // Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). -// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords. -// Finally, the field will be removed from the API in a future version of Gardener. +// The field is no-op and will be removed in a future version. type SeedSettingOwnerChecks struct { // Enabled controls whether owner checks are enabled for shoots scheduled on this seed. Enabled bool `json:"enabled" protobuf:"bytes,1,opt,name=enabled"` diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go index d91cf794f..69b86e39d 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go @@ -774,7 +774,6 @@ type ServiceAccountConfig struct { // AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. // These values are not used to generate new service account tokens. Only useful when service account tokens are also // issued by another external system or a change of the current issuer that is used for generating tokens is being performed. - // This field is only available for Kubernetes v1.22 or later. // +optional AcceptedIssuers []string `json:"acceptedIssuers,omitempty" protobuf:"bytes,5,opt,name=acceptedIssuers"` } @@ -1336,7 +1335,7 @@ type Worker struct { // +optional CABundle *string `json:"caBundle,omitempty" protobuf:"bytes,2,opt,name=caBundle"` // CRI contains configurations of CRI support of every machine in the worker pool. - // Defaults to a CRI with name `containerd` when the Kubernetes version of the `Shoot` is >= 1.22. + // Defaults to a CRI with name `containerd`. // +optional CRI *CRI `json:"cri,omitempty" protobuf:"bytes,3,opt,name=cri"` // Kubernetes contains configuration for Kubernetes components related to this worker pool. @@ -1349,14 +1348,18 @@ type Worker struct { Name string `json:"name" protobuf:"bytes,6,opt,name=name"` // Machine contains information about the machine type and image. Machine Machine `json:"machine" protobuf:"bytes,7,opt,name=machine"` - // Maximum is the maximum number of VMs to create. + // Maximum is the maximum number of machines to create. + // This value is divided by the number of configured zones for a fair distribution. Maximum int32 `json:"maximum" protobuf:"varint,8,opt,name=maximum"` - // Minimum is the minimum number of VMs to create. + // Minimum is the minimum number of machines to create. + // This value is divided by the number of configured zones for a fair distribution. Minimum int32 `json:"minimum" protobuf:"varint,9,opt,name=minimum"` - // MaxSurge is maximum number of VMs that are created during an update. + // MaxSurge is maximum number of machines that are created during an update. + // This value is divided by the number of configured zones for a fair distribution. // +optional MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,10,opt,name=maxSurge"` - // MaxUnavailable is the maximum number of VMs that can be unavailable during an update. + // MaxUnavailable is the maximum number of machines that can be unavailable during an update. + // This value is divided by the number of configured zones for a fair distribution. // +optional MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,11,opt,name=maxUnavailable"` // ProviderConfig is the provider-specific configuration for this worker pool. @@ -1384,7 +1387,7 @@ type Worker struct { // MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout. // +optional MachineControllerManagerSettings *MachineControllerManagerSettings `json:"machineControllerManager,omitempty" protobuf:"bytes,19,opt,name=machineControllerManager"` - // Sysctls is a map of kernel settings to apply on all VMs in this worker pool. + // Sysctls is a map of kernel settings to apply on all machines in this worker pool. // +optional Sysctls map[string]string `json:"sysctls,omitempty" protobuf:"bytes,20,rep,name=sysctls"` } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go b/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go index 3d3b410c2..65b5d79ad 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go @@ -83,6 +83,13 @@ const ( // LabelPurposeTokenInvalidation is a constant for a label value indicating that this secret should be considered by // the token-invalidator. LabelPurposeTokenInvalidation = "token-invalidator" + // ResourceManagerClass is a constant for the key in a label describing the class of the respective object. This can + // be used to differentiate between multiple instances of the same controller (e.g., token-requestor). + ResourceManagerClass = "resources.gardener.cloud/class" + // ResourceManagerClassGarden is a constant for the 'garden' class. + ResourceManagerClassGarden = "garden" + // ResourceManagerClassShoot is a constant for the 'shoot' class. + ResourceManagerClassShoot = "shoot" // ServiceAccountName is the key of an annotation of a secret whose value contains the service account name. ServiceAccountName = "serviceaccount.resources.gardener.cloud/name" diff --git a/vendor/github.com/gardener/gardener/pkg/component/machinecontrollermanager/machine_controller_manager.go b/vendor/github.com/gardener/gardener/pkg/component/machinecontrollermanager/machine_controller_manager.go index 5447beab7..eca4cf7f3 100644 --- a/vendor/github.com/gardener/gardener/pkg/component/machinecontrollermanager/machine_controller_manager.go +++ b/vendor/github.com/gardener/gardener/pkg/component/machinecontrollermanager/machine_controller_manager.go @@ -25,7 +25,6 @@ import ( corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" policyv1 "k8s.io/api/policy/v1" - policyv1beta1 "k8s.io/api/policy/v1beta1" rbacv1 "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" @@ -50,7 +49,6 @@ import ( "github.com/gardener/gardener/pkg/utils/managedresources" "github.com/gardener/gardener/pkg/utils/retry" secretsmanager "github.com/gardener/gardener/pkg/utils/secrets/manager" - versionutils "github.com/gardener/gardener/pkg/utils/version" ) const ( @@ -79,11 +77,10 @@ func New( values Values, ) Interface { return &machineControllerManager{ - client: client, - namespace: namespace, - secretsManager: secretsManager, - values: values, - runtimeVersionGreaterEqual121: versionutils.ConstraintK8sGreaterEqual121.Check(values.RuntimeKubernetesVersion), + client: client, + namespace: namespace, + secretsManager: secretsManager, + values: values, } } @@ -92,8 +89,6 @@ type machineControllerManager struct { namespace string secretsManager secretsmanager.Interface values Values - - runtimeVersionGreaterEqual121 bool } // Values is a set of configuration values for the machine-controller-manager component. @@ -262,19 +257,10 @@ func (m *machineControllerManager) Deploy(ctx context.Context) error { } if _, err := controllerutils.GetAndCreateOrMergePatch(ctx, m.client, podDisruptionBudget, func() error { - switch pdb := podDisruptionBudget.(type) { - case *policyv1.PodDisruptionBudget: - pdb.Labels = utils.MergeStringMaps(pdb.Labels, getLabels()) - pdb.Spec = policyv1.PodDisruptionBudgetSpec{ - MaxUnavailable: utils.IntStrPtrFromInt(1), - Selector: deployment.Spec.Selector, - } - case *policyv1beta1.PodDisruptionBudget: - pdb.Labels = utils.MergeStringMaps(pdb.Labels, getLabels()) - pdb.Spec = policyv1beta1.PodDisruptionBudgetSpec{ - MaxUnavailable: utils.IntStrPtrFromInt(1), - Selector: deployment.Spec.Selector, - } + podDisruptionBudget.Labels = utils.MergeStringMaps(podDisruptionBudget.Labels, getLabels()) + podDisruptionBudget.Spec = policyv1.PodDisruptionBudgetSpec{ + MaxUnavailable: utils.IntStrPtrFromInt(1), + Selector: deployment.Spec.Selector, } return nil }); err != nil { @@ -482,13 +468,8 @@ func (m *machineControllerManager) emptyDeployment() *appsv1.Deployment { return &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameMachineControllerManager, Namespace: m.namespace}} } -func (m *machineControllerManager) emptyPodDisruptionBudget() client.Object { - objectMeta := metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameMachineControllerManager, Namespace: m.namespace} - - if m.runtimeVersionGreaterEqual121 { - return &policyv1.PodDisruptionBudget{ObjectMeta: objectMeta} - } - return &policyv1beta1.PodDisruptionBudget{ObjectMeta: objectMeta} +func (m *machineControllerManager) emptyPodDisruptionBudget() *policyv1.PodDisruptionBudget { + return &policyv1.PodDisruptionBudget{ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameMachineControllerManager, Namespace: m.namespace}} } func (m *machineControllerManager) emptyVPA() *vpaautoscalingv1.VerticalPodAutoscaler { diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go index 56da039bf..fa5d55ab9 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go @@ -29,7 +29,7 @@ import ( ) // DefaultReconciliationTimeout is the default timeout for the context of reconciliation functions. -const DefaultReconciliationTimeout = 1 * time.Minute +const DefaultReconciliationTimeout = 3 * time.Minute const separator = "," diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go index 62bb74ebf..683dbccda 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/types.go @@ -151,14 +151,14 @@ type GardenletControllerConfiguration struct { Shoot *ShootControllerConfiguration // ShootCare defines the configuration of the ShootCare controller. ShootCare *ShootCareControllerConfiguration - // ShootStateSync defines the configuration of the ShootState controller. - ShootStateSync *ShootStateSyncControllerConfiguration + // ShootState defines the configuration of the ShootState controller. + ShootState *ShootStateControllerConfiguration // NetworkPolicy defines the configuration of the NetworkPolicy controller. NetworkPolicy *NetworkPolicyControllerConfiguration - // ManagedSeedControllerConfiguration defines the configuration of the ManagedSeed controller. + // ManagedSeed defines the configuration of the ManagedSeed controller. ManagedSeed *ManagedSeedControllerConfiguration - // ShootSecretControllerConfiguration defines the configuration of the ShootSecret controller. - ShootSecret *ShootSecretControllerConfiguration + // TokenRequestorControllerConfiguration defines the configuration of the TokenRequestor controller. + TokenRequestor *TokenRequestorControllerConfiguration } // BackupBucketControllerConfiguration defines the configuration of the BackupBucket @@ -289,10 +289,13 @@ type SeedCareControllerConfiguration struct { ConditionThresholds []ConditionThreshold } -// ShootSecretControllerConfiguration defines the configuration of the ShootSecret controller. -type ShootSecretControllerConfiguration struct { +// ShootStateControllerConfiguration defines the configuration of the ShootState controller. +type ShootStateControllerConfiguration struct { // ConcurrentSyncs is the number of workers used for the controller to work on events. ConcurrentSyncs *int + // SyncPeriod is the duration how often the existing resources are reconciled (how + // often the health check of Seed clusters is performed + SyncPeriod *metav1.Duration } // StaleExtensionHealthChecks defines the configuration of the check for stale extension health checks. @@ -314,13 +317,6 @@ type ConditionThreshold struct { Duration metav1.Duration } -// ShootStateSyncControllerConfiguration defines the configuration of the ShootState Sync controller. -type ShootStateSyncControllerConfiguration struct { - // ConcurrentSyncs is the number of workers used for the controller to work on - // events. - ConcurrentSyncs *int -} - // NetworkPolicyControllerConfiguration defines the configuration of the NetworkPolicy // controller. type NetworkPolicyControllerConfiguration struct { @@ -350,6 +346,12 @@ type ManagedSeedControllerConfiguration struct { JitterUpdates *bool } +// TokenRequestorControllerConfiguration defines the configuration of the TokenRequestor controller. +type TokenRequestorControllerConfiguration struct { + // ConcurrentSyncs is the number of workers used for the controller to work on events. + ConcurrentSyncs *int +} + // ResourcesConfiguration defines the total capacity for seed resources and the amount reserved for use by Gardener. type ResourcesConfiguration struct { // Capacity defines the total resources of a seed. diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go index 606824373..d4ba15388 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go @@ -165,11 +165,8 @@ func SetDefaults_GardenletControllerConfiguration(obj *GardenletControllerConfig if obj.SeedCare == nil { obj.SeedCare = &SeedCareControllerConfiguration{} } - if obj.ShootSecret == nil { - obj.ShootSecret = &ShootSecretControllerConfiguration{} - } - if obj.ShootStateSync == nil { - obj.ShootStateSync = &ShootStateSyncControllerConfiguration{} + if obj.ShootState == nil { + obj.ShootState = &ShootStateControllerConfiguration{} } if obj.NetworkPolicy == nil { obj.NetworkPolicy = &NetworkPolicyControllerConfiguration{} @@ -177,6 +174,9 @@ func SetDefaults_GardenletControllerConfiguration(obj *GardenletControllerConfig if obj.ManagedSeed == nil { obj.ManagedSeed = &ManagedSeedControllerConfiguration{} } + if obj.TokenRequestor == nil { + obj.TokenRequestor = &TokenRequestorControllerConfiguration{} + } } // SetDefaults_ClientConnectionConfiguration sets defaults for the client connection objects. @@ -364,20 +364,13 @@ func SetDefaults_StaleExtensionHealthChecks(obj *StaleExtensionHealthChecks) { } } -// SetDefaults_ShootSecretControllerConfiguration sets defaults for the shoot secret controller. -func SetDefaults_ShootSecretControllerConfiguration(obj *ShootSecretControllerConfiguration) { +// SetDefaults_ShootStateControllerConfiguration sets defaults for the shoot secret controller. +func SetDefaults_ShootStateControllerConfiguration(obj *ShootStateControllerConfiguration) { if obj.ConcurrentSyncs == nil { obj.ConcurrentSyncs = pointer.Int(5) } -} - -// SetDefaults_ShootStateSyncControllerConfiguration sets defaults for the shoot state controller. -func SetDefaults_ShootStateSyncControllerConfiguration(obj *ShootStateSyncControllerConfiguration) { - if obj.ConcurrentSyncs == nil { - // The controller actually starts one controller per extension resource per Seed. - // For one seed that is already 1 * 10 extension resources = 10 workers. - v := 1 - obj.ConcurrentSyncs = &v + if obj.SyncPeriod == nil { + obj.SyncPeriod = &metav1.Duration{Duration: 6 * time.Hour} } } @@ -416,6 +409,13 @@ func SetDefaults_ManagedSeedControllerConfiguration(obj *ManagedSeedControllerCo } } +// SetDefaults_TokenRequestorControllerConfiguration sets defaults for the TokenRequestor controller. +func SetDefaults_TokenRequestorControllerConfiguration(obj *TokenRequestorControllerConfiguration) { + if obj.ConcurrentSyncs == nil { + obj.ConcurrentSyncs = pointer.Int(5) + } +} + // SetDefaults_SNI sets defaults for SNI. func SetDefaults_SNI(obj *SNI) { if obj.Ingress == nil { diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go index dbad8a236..6d102ee11 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/types.go @@ -186,18 +186,18 @@ type GardenletControllerConfiguration struct { // ShootCare defines the configuration of the ShootCare controller. // +optional ShootCare *ShootCareControllerConfiguration `json:"shootCare,omitempty"` - // ShootStateSync defines the configuration of the ShootState controller + // ShootState defines the configuration of the ShootState controller. // +optional - ShootStateSync *ShootStateSyncControllerConfiguration `json:"shootStateSync,omitempty"` + ShootState *ShootStateControllerConfiguration `json:"shootState,omitempty"` // NetworkPolicy defines the configuration of the NetworkPolicy controller // +optional NetworkPolicy *NetworkPolicyControllerConfiguration `json:"networkPolicy,omitempty"` - // ManagedSeedControllerConfiguration defines the configuration of the ManagedSeed controller. + // ManagedSeed defines the configuration of the ManagedSeed controller. // +optional ManagedSeed *ManagedSeedControllerConfiguration `json:"managedSeed,omitempty"` - // ShootSecretControllerConfiguration defines the configuration of the ShootSecret controller. + // TokenRequestorControllerConfiguration defines the configuration of the TokenRequestor controller. // +optional - ShootSecret *ShootSecretControllerConfiguration `json:"shootSecret,omitempty"` + TokenRequestor *TokenRequestorControllerConfiguration `json:"tokenRequestor,omitempty"` } // BackupBucketControllerConfiguration defines the configuration of the BackupBucket @@ -355,11 +355,15 @@ type SeedCareControllerConfiguration struct { ConditionThresholds []ConditionThreshold `json:"conditionThresholds,omitempty"` } -// ShootSecretControllerConfiguration defines the configuration of the ShootSecret controller. -type ShootSecretControllerConfiguration struct { +// ShootStateControllerConfiguration defines the configuration of the ShootState controller. +type ShootStateControllerConfiguration struct { // ConcurrentSyncs is the number of workers used for the controller to work on events. // +optional ConcurrentSyncs *int `json:"concurrentSyncs,omitempty"` + // SyncPeriod is the duration how often the existing resources are reconciled (how + // often the health check of Seed clusters is performed + // +optional + SyncPeriod *metav1.Duration `json:"syncPeriod,omitempty"` } // StaleExtensionHealthChecks defines the configuration of the check for stale extension health checks. @@ -382,14 +386,6 @@ type ConditionThreshold struct { Duration metav1.Duration `json:"duration"` } -// ShootStateSyncControllerConfiguration defines the configuration of the ShootState Sync controller. -type ShootStateSyncControllerConfiguration struct { - // ConcurrentSyncs is the number of workers used for the controller to work on - // events. - // +optional - ConcurrentSyncs *int `json:"concurrentSyncs,omitempty"` -} - // NetworkPolicyControllerConfiguration defines the configuration of the NetworkPolicy // controller. type NetworkPolicyControllerConfiguration struct { @@ -425,6 +421,13 @@ type ManagedSeedControllerConfiguration struct { JitterUpdates *bool `json:"jitterUpdates,omitempty"` } +// TokenRequestorControllerConfiguration defines the configuration of the TokenRequestor controller. +type TokenRequestorControllerConfiguration struct { + // ConcurrentSyncs is the number of workers used for the controller to work on events. + // +optional + ConcurrentSyncs *int `json:"concurrentSyncs,omitempty"` +} + // ResourcesConfiguration defines the total capacity for seed resources and the amount reserved for use by Gardener. type ResourcesConfiguration struct { // Capacity defines the total resources of a seed. diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go index 94e86e4e7..2927e0ca9 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.conversion.go @@ -443,33 +443,33 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*ShootSecretControllerConfiguration)(nil), (*config.ShootSecretControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ShootSecretControllerConfiguration_To_config_ShootSecretControllerConfiguration(a.(*ShootSecretControllerConfiguration), b.(*config.ShootSecretControllerConfiguration), scope) + if err := s.AddGeneratedConversionFunc((*ShootStateControllerConfiguration)(nil), (*config.ShootStateControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ShootStateControllerConfiguration_To_config_ShootStateControllerConfiguration(a.(*ShootStateControllerConfiguration), b.(*config.ShootStateControllerConfiguration), scope) }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*config.ShootSecretControllerConfiguration)(nil), (*ShootSecretControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ShootSecretControllerConfiguration_To_v1alpha1_ShootSecretControllerConfiguration(a.(*config.ShootSecretControllerConfiguration), b.(*ShootSecretControllerConfiguration), scope) + if err := s.AddGeneratedConversionFunc((*config.ShootStateControllerConfiguration)(nil), (*ShootStateControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_ShootStateControllerConfiguration_To_v1alpha1_ShootStateControllerConfiguration(a.(*config.ShootStateControllerConfiguration), b.(*ShootStateControllerConfiguration), scope) }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*ShootStateSyncControllerConfiguration)(nil), (*config.ShootStateSyncControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ShootStateSyncControllerConfiguration_To_config_ShootStateSyncControllerConfiguration(a.(*ShootStateSyncControllerConfiguration), b.(*config.ShootStateSyncControllerConfiguration), scope) + if err := s.AddGeneratedConversionFunc((*StaleExtensionHealthChecks)(nil), (*config.StaleExtensionHealthChecks)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_StaleExtensionHealthChecks_To_config_StaleExtensionHealthChecks(a.(*StaleExtensionHealthChecks), b.(*config.StaleExtensionHealthChecks), scope) }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*config.ShootStateSyncControllerConfiguration)(nil), (*ShootStateSyncControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ShootStateSyncControllerConfiguration_To_v1alpha1_ShootStateSyncControllerConfiguration(a.(*config.ShootStateSyncControllerConfiguration), b.(*ShootStateSyncControllerConfiguration), scope) + if err := s.AddGeneratedConversionFunc((*config.StaleExtensionHealthChecks)(nil), (*StaleExtensionHealthChecks)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_StaleExtensionHealthChecks_To_v1alpha1_StaleExtensionHealthChecks(a.(*config.StaleExtensionHealthChecks), b.(*StaleExtensionHealthChecks), scope) }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*StaleExtensionHealthChecks)(nil), (*config.StaleExtensionHealthChecks)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StaleExtensionHealthChecks_To_config_StaleExtensionHealthChecks(a.(*StaleExtensionHealthChecks), b.(*config.StaleExtensionHealthChecks), scope) + if err := s.AddGeneratedConversionFunc((*TokenRequestorControllerConfiguration)(nil), (*config.TokenRequestorControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenRequestorControllerConfiguration_To_config_TokenRequestorControllerConfiguration(a.(*TokenRequestorControllerConfiguration), b.(*config.TokenRequestorControllerConfiguration), scope) }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*config.StaleExtensionHealthChecks)(nil), (*StaleExtensionHealthChecks)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_StaleExtensionHealthChecks_To_v1alpha1_StaleExtensionHealthChecks(a.(*config.StaleExtensionHealthChecks), b.(*StaleExtensionHealthChecks), scope) + if err := s.AddGeneratedConversionFunc((*config.TokenRequestorControllerConfiguration)(nil), (*TokenRequestorControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_TokenRequestorControllerConfiguration_To_v1alpha1_TokenRequestorControllerConfiguration(a.(*config.TokenRequestorControllerConfiguration), b.(*TokenRequestorControllerConfiguration), scope) }); err != nil { return err } @@ -1005,10 +1005,10 @@ func autoConvert_v1alpha1_GardenletControllerConfiguration_To_config_GardenletCo out.SeedCare = (*config.SeedCareControllerConfiguration)(unsafe.Pointer(in.SeedCare)) out.Shoot = (*config.ShootControllerConfiguration)(unsafe.Pointer(in.Shoot)) out.ShootCare = (*config.ShootCareControllerConfiguration)(unsafe.Pointer(in.ShootCare)) - out.ShootStateSync = (*config.ShootStateSyncControllerConfiguration)(unsafe.Pointer(in.ShootStateSync)) + out.ShootState = (*config.ShootStateControllerConfiguration)(unsafe.Pointer(in.ShootState)) out.NetworkPolicy = (*config.NetworkPolicyControllerConfiguration)(unsafe.Pointer(in.NetworkPolicy)) out.ManagedSeed = (*config.ManagedSeedControllerConfiguration)(unsafe.Pointer(in.ManagedSeed)) - out.ShootSecret = (*config.ShootSecretControllerConfiguration)(unsafe.Pointer(in.ShootSecret)) + out.TokenRequestor = (*config.TokenRequestorControllerConfiguration)(unsafe.Pointer(in.TokenRequestor)) return nil } @@ -1028,10 +1028,10 @@ func autoConvert_config_GardenletControllerConfiguration_To_v1alpha1_GardenletCo out.SeedCare = (*SeedCareControllerConfiguration)(unsafe.Pointer(in.SeedCare)) out.Shoot = (*ShootControllerConfiguration)(unsafe.Pointer(in.Shoot)) out.ShootCare = (*ShootCareControllerConfiguration)(unsafe.Pointer(in.ShootCare)) - out.ShootStateSync = (*ShootStateSyncControllerConfiguration)(unsafe.Pointer(in.ShootStateSync)) + out.ShootState = (*ShootStateControllerConfiguration)(unsafe.Pointer(in.ShootState)) out.NetworkPolicy = (*NetworkPolicyControllerConfiguration)(unsafe.Pointer(in.NetworkPolicy)) out.ManagedSeed = (*ManagedSeedControllerConfiguration)(unsafe.Pointer(in.ManagedSeed)) - out.ShootSecret = (*ShootSecretControllerConfiguration)(unsafe.Pointer(in.ShootSecret)) + out.TokenRequestor = (*TokenRequestorControllerConfiguration)(unsafe.Pointer(in.TokenRequestor)) return nil } @@ -1582,44 +1582,26 @@ func Convert_config_ShootNodeLogging_To_v1alpha1_ShootNodeLogging(in *config.Sho return autoConvert_config_ShootNodeLogging_To_v1alpha1_ShootNodeLogging(in, out, s) } -func autoConvert_v1alpha1_ShootSecretControllerConfiguration_To_config_ShootSecretControllerConfiguration(in *ShootSecretControllerConfiguration, out *config.ShootSecretControllerConfiguration, s conversion.Scope) error { - out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) - return nil -} - -// Convert_v1alpha1_ShootSecretControllerConfiguration_To_config_ShootSecretControllerConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_ShootSecretControllerConfiguration_To_config_ShootSecretControllerConfiguration(in *ShootSecretControllerConfiguration, out *config.ShootSecretControllerConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_ShootSecretControllerConfiguration_To_config_ShootSecretControllerConfiguration(in, out, s) -} - -func autoConvert_config_ShootSecretControllerConfiguration_To_v1alpha1_ShootSecretControllerConfiguration(in *config.ShootSecretControllerConfiguration, out *ShootSecretControllerConfiguration, s conversion.Scope) error { - out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) - return nil -} - -// Convert_config_ShootSecretControllerConfiguration_To_v1alpha1_ShootSecretControllerConfiguration is an autogenerated conversion function. -func Convert_config_ShootSecretControllerConfiguration_To_v1alpha1_ShootSecretControllerConfiguration(in *config.ShootSecretControllerConfiguration, out *ShootSecretControllerConfiguration, s conversion.Scope) error { - return autoConvert_config_ShootSecretControllerConfiguration_To_v1alpha1_ShootSecretControllerConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_ShootStateSyncControllerConfiguration_To_config_ShootStateSyncControllerConfiguration(in *ShootStateSyncControllerConfiguration, out *config.ShootStateSyncControllerConfiguration, s conversion.Scope) error { +func autoConvert_v1alpha1_ShootStateControllerConfiguration_To_config_ShootStateControllerConfiguration(in *ShootStateControllerConfiguration, out *config.ShootStateControllerConfiguration, s conversion.Scope) error { out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) + out.SyncPeriod = (*v1.Duration)(unsafe.Pointer(in.SyncPeriod)) return nil } -// Convert_v1alpha1_ShootStateSyncControllerConfiguration_To_config_ShootStateSyncControllerConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_ShootStateSyncControllerConfiguration_To_config_ShootStateSyncControllerConfiguration(in *ShootStateSyncControllerConfiguration, out *config.ShootStateSyncControllerConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_ShootStateSyncControllerConfiguration_To_config_ShootStateSyncControllerConfiguration(in, out, s) +// Convert_v1alpha1_ShootStateControllerConfiguration_To_config_ShootStateControllerConfiguration is an autogenerated conversion function. +func Convert_v1alpha1_ShootStateControllerConfiguration_To_config_ShootStateControllerConfiguration(in *ShootStateControllerConfiguration, out *config.ShootStateControllerConfiguration, s conversion.Scope) error { + return autoConvert_v1alpha1_ShootStateControllerConfiguration_To_config_ShootStateControllerConfiguration(in, out, s) } -func autoConvert_config_ShootStateSyncControllerConfiguration_To_v1alpha1_ShootStateSyncControllerConfiguration(in *config.ShootStateSyncControllerConfiguration, out *ShootStateSyncControllerConfiguration, s conversion.Scope) error { +func autoConvert_config_ShootStateControllerConfiguration_To_v1alpha1_ShootStateControllerConfiguration(in *config.ShootStateControllerConfiguration, out *ShootStateControllerConfiguration, s conversion.Scope) error { out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) + out.SyncPeriod = (*v1.Duration)(unsafe.Pointer(in.SyncPeriod)) return nil } -// Convert_config_ShootStateSyncControllerConfiguration_To_v1alpha1_ShootStateSyncControllerConfiguration is an autogenerated conversion function. -func Convert_config_ShootStateSyncControllerConfiguration_To_v1alpha1_ShootStateSyncControllerConfiguration(in *config.ShootStateSyncControllerConfiguration, out *ShootStateSyncControllerConfiguration, s conversion.Scope) error { - return autoConvert_config_ShootStateSyncControllerConfiguration_To_v1alpha1_ShootStateSyncControllerConfiguration(in, out, s) +// Convert_config_ShootStateControllerConfiguration_To_v1alpha1_ShootStateControllerConfiguration is an autogenerated conversion function. +func Convert_config_ShootStateControllerConfiguration_To_v1alpha1_ShootStateControllerConfiguration(in *config.ShootStateControllerConfiguration, out *ShootStateControllerConfiguration, s conversion.Scope) error { + return autoConvert_config_ShootStateControllerConfiguration_To_v1alpha1_ShootStateControllerConfiguration(in, out, s) } func autoConvert_v1alpha1_StaleExtensionHealthChecks_To_config_StaleExtensionHealthChecks(in *StaleExtensionHealthChecks, out *config.StaleExtensionHealthChecks, s conversion.Scope) error { @@ -1644,6 +1626,26 @@ func Convert_config_StaleExtensionHealthChecks_To_v1alpha1_StaleExtensionHealthC return autoConvert_config_StaleExtensionHealthChecks_To_v1alpha1_StaleExtensionHealthChecks(in, out, s) } +func autoConvert_v1alpha1_TokenRequestorControllerConfiguration_To_config_TokenRequestorControllerConfiguration(in *TokenRequestorControllerConfiguration, out *config.TokenRequestorControllerConfiguration, s conversion.Scope) error { + out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) + return nil +} + +// Convert_v1alpha1_TokenRequestorControllerConfiguration_To_config_TokenRequestorControllerConfiguration is an autogenerated conversion function. +func Convert_v1alpha1_TokenRequestorControllerConfiguration_To_config_TokenRequestorControllerConfiguration(in *TokenRequestorControllerConfiguration, out *config.TokenRequestorControllerConfiguration, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenRequestorControllerConfiguration_To_config_TokenRequestorControllerConfiguration(in, out, s) +} + +func autoConvert_config_TokenRequestorControllerConfiguration_To_v1alpha1_TokenRequestorControllerConfiguration(in *config.TokenRequestorControllerConfiguration, out *TokenRequestorControllerConfiguration, s conversion.Scope) error { + out.ConcurrentSyncs = (*int)(unsafe.Pointer(in.ConcurrentSyncs)) + return nil +} + +// Convert_config_TokenRequestorControllerConfiguration_To_v1alpha1_TokenRequestorControllerConfiguration is an autogenerated conversion function. +func Convert_config_TokenRequestorControllerConfiguration_To_v1alpha1_TokenRequestorControllerConfiguration(in *config.TokenRequestorControllerConfiguration, out *TokenRequestorControllerConfiguration, s conversion.Scope) error { + return autoConvert_config_TokenRequestorControllerConfiguration_To_v1alpha1_TokenRequestorControllerConfiguration(in, out, s) +} + func autoConvert_v1alpha1_Vali_To_config_Vali(in *Vali, out *config.Vali, s conversion.Scope) error { out.Enabled = (*bool)(unsafe.Pointer(in.Enabled)) out.Garden = (*config.GardenVali)(unsafe.Pointer(in.Garden)) diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go index 3691197c5..4bf8ce203 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -570,9 +570,9 @@ func (in *GardenletControllerConfiguration) DeepCopyInto(out *GardenletControlle *out = new(ShootCareControllerConfiguration) (*in).DeepCopyInto(*out) } - if in.ShootStateSync != nil { - in, out := &in.ShootStateSync, &out.ShootStateSync - *out = new(ShootStateSyncControllerConfiguration) + if in.ShootState != nil { + in, out := &in.ShootState, &out.ShootState + *out = new(ShootStateControllerConfiguration) (*in).DeepCopyInto(*out) } if in.NetworkPolicy != nil { @@ -585,9 +585,9 @@ func (in *GardenletControllerConfiguration) DeepCopyInto(out *GardenletControlle *out = new(ManagedSeedControllerConfiguration) (*in).DeepCopyInto(*out) } - if in.ShootSecret != nil { - in, out := &in.ShootSecret, &out.ShootSecret - *out = new(ShootSecretControllerConfiguration) + if in.TokenRequestor != nil { + in, out := &in.TokenRequestor, &out.TokenRequestor + *out = new(TokenRequestorControllerConfiguration) (*in).DeepCopyInto(*out) } return @@ -1247,64 +1247,69 @@ func (in *ShootNodeLogging) DeepCopy() *ShootNodeLogging { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ShootSecretControllerConfiguration) DeepCopyInto(out *ShootSecretControllerConfiguration) { +func (in *ShootStateControllerConfiguration) DeepCopyInto(out *ShootStateControllerConfiguration) { *out = *in if in.ConcurrentSyncs != nil { in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs *out = new(int) **out = **in } + if in.SyncPeriod != nil { + in, out := &in.SyncPeriod, &out.SyncPeriod + *out = new(v1.Duration) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootSecretControllerConfiguration. -func (in *ShootSecretControllerConfiguration) DeepCopy() *ShootSecretControllerConfiguration { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootStateControllerConfiguration. +func (in *ShootStateControllerConfiguration) DeepCopy() *ShootStateControllerConfiguration { if in == nil { return nil } - out := new(ShootSecretControllerConfiguration) + out := new(ShootStateControllerConfiguration) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ShootStateSyncControllerConfiguration) DeepCopyInto(out *ShootStateSyncControllerConfiguration) { +func (in *StaleExtensionHealthChecks) DeepCopyInto(out *StaleExtensionHealthChecks) { *out = *in - if in.ConcurrentSyncs != nil { - in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs - *out = new(int) + if in.Threshold != nil { + in, out := &in.Threshold, &out.Threshold + *out = new(v1.Duration) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootStateSyncControllerConfiguration. -func (in *ShootStateSyncControllerConfiguration) DeepCopy() *ShootStateSyncControllerConfiguration { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaleExtensionHealthChecks. +func (in *StaleExtensionHealthChecks) DeepCopy() *StaleExtensionHealthChecks { if in == nil { return nil } - out := new(ShootStateSyncControllerConfiguration) + out := new(StaleExtensionHealthChecks) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StaleExtensionHealthChecks) DeepCopyInto(out *StaleExtensionHealthChecks) { +func (in *TokenRequestorControllerConfiguration) DeepCopyInto(out *TokenRequestorControllerConfiguration) { *out = *in - if in.Threshold != nil { - in, out := &in.Threshold, &out.Threshold - *out = new(v1.Duration) + if in.ConcurrentSyncs != nil { + in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs + *out = new(int) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaleExtensionHealthChecks. -func (in *StaleExtensionHealthChecks) DeepCopy() *StaleExtensionHealthChecks { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestorControllerConfiguration. +func (in *TokenRequestorControllerConfiguration) DeepCopy() *TokenRequestorControllerConfiguration { if in == nil { return nil } - out := new(StaleExtensionHealthChecks) + out := new(TokenRequestorControllerConfiguration) in.DeepCopyInto(out) return out } diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.defaults.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.defaults.go index a100c42b3..33e04a180 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/zz_generated.defaults.go @@ -83,8 +83,8 @@ func SetObjectDefaults_GardenletConfiguration(in *GardenletConfiguration) { SetDefaults_StaleExtensionHealthChecks(in.Controllers.ShootCare.StaleExtensionHealthChecks) } } - if in.Controllers.ShootStateSync != nil { - SetDefaults_ShootStateSyncControllerConfiguration(in.Controllers.ShootStateSync) + if in.Controllers.ShootState != nil { + SetDefaults_ShootStateControllerConfiguration(in.Controllers.ShootState) } if in.Controllers.NetworkPolicy != nil { SetDefaults_NetworkPolicyControllerConfiguration(in.Controllers.NetworkPolicy) @@ -92,8 +92,8 @@ func SetObjectDefaults_GardenletConfiguration(in *GardenletConfiguration) { if in.Controllers.ManagedSeed != nil { SetDefaults_ManagedSeedControllerConfiguration(in.Controllers.ManagedSeed) } - if in.Controllers.ShootSecret != nil { - SetDefaults_ShootSecretControllerConfiguration(in.Controllers.ShootSecret) + if in.Controllers.TokenRequestor != nil { + SetDefaults_TokenRequestorControllerConfiguration(in.Controllers.TokenRequestor) } } if in.LeaderElection != nil { diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go index f07d79327..ce247d6fe 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/zz_generated.deepcopy.go @@ -570,9 +570,9 @@ func (in *GardenletControllerConfiguration) DeepCopyInto(out *GardenletControlle *out = new(ShootCareControllerConfiguration) (*in).DeepCopyInto(*out) } - if in.ShootStateSync != nil { - in, out := &in.ShootStateSync, &out.ShootStateSync - *out = new(ShootStateSyncControllerConfiguration) + if in.ShootState != nil { + in, out := &in.ShootState, &out.ShootState + *out = new(ShootStateControllerConfiguration) (*in).DeepCopyInto(*out) } if in.NetworkPolicy != nil { @@ -585,9 +585,9 @@ func (in *GardenletControllerConfiguration) DeepCopyInto(out *GardenletControlle *out = new(ManagedSeedControllerConfiguration) (*in).DeepCopyInto(*out) } - if in.ShootSecret != nil { - in, out := &in.ShootSecret, &out.ShootSecret - *out = new(ShootSecretControllerConfiguration) + if in.TokenRequestor != nil { + in, out := &in.TokenRequestor, &out.TokenRequestor + *out = new(TokenRequestorControllerConfiguration) (*in).DeepCopyInto(*out) } return @@ -1247,64 +1247,69 @@ func (in *ShootNodeLogging) DeepCopy() *ShootNodeLogging { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ShootSecretControllerConfiguration) DeepCopyInto(out *ShootSecretControllerConfiguration) { +func (in *ShootStateControllerConfiguration) DeepCopyInto(out *ShootStateControllerConfiguration) { *out = *in if in.ConcurrentSyncs != nil { in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs *out = new(int) **out = **in } + if in.SyncPeriod != nil { + in, out := &in.SyncPeriod, &out.SyncPeriod + *out = new(v1.Duration) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootSecretControllerConfiguration. -func (in *ShootSecretControllerConfiguration) DeepCopy() *ShootSecretControllerConfiguration { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootStateControllerConfiguration. +func (in *ShootStateControllerConfiguration) DeepCopy() *ShootStateControllerConfiguration { if in == nil { return nil } - out := new(ShootSecretControllerConfiguration) + out := new(ShootStateControllerConfiguration) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ShootStateSyncControllerConfiguration) DeepCopyInto(out *ShootStateSyncControllerConfiguration) { +func (in *StaleExtensionHealthChecks) DeepCopyInto(out *StaleExtensionHealthChecks) { *out = *in - if in.ConcurrentSyncs != nil { - in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs - *out = new(int) + if in.Threshold != nil { + in, out := &in.Threshold, &out.Threshold + *out = new(v1.Duration) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShootStateSyncControllerConfiguration. -func (in *ShootStateSyncControllerConfiguration) DeepCopy() *ShootStateSyncControllerConfiguration { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaleExtensionHealthChecks. +func (in *StaleExtensionHealthChecks) DeepCopy() *StaleExtensionHealthChecks { if in == nil { return nil } - out := new(ShootStateSyncControllerConfiguration) + out := new(StaleExtensionHealthChecks) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StaleExtensionHealthChecks) DeepCopyInto(out *StaleExtensionHealthChecks) { +func (in *TokenRequestorControllerConfiguration) DeepCopyInto(out *TokenRequestorControllerConfiguration) { *out = *in - if in.Threshold != nil { - in, out := &in.Threshold, &out.Threshold - *out = new(v1.Duration) + if in.ConcurrentSyncs != nil { + in, out := &in.ConcurrentSyncs, &out.ConcurrentSyncs + *out = new(int) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaleExtensionHealthChecks. -func (in *StaleExtensionHealthChecks) DeepCopy() *StaleExtensionHealthChecks { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestorControllerConfiguration. +func (in *TokenRequestorControllerConfiguration) DeepCopy() *TokenRequestorControllerConfiguration { if in == nil { return nil } - out := new(StaleExtensionHealthChecks) + out := new(TokenRequestorControllerConfiguration) in.DeepCopyInto(out) return out } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/gardener/seed.go b/vendor/github.com/gardener/gardener/pkg/utils/gardener/seed.go index 614b8549f..c59b8c77a 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/gardener/seed.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/gardener/seed.go @@ -34,7 +34,6 @@ import ( extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" operatorv1alpha1 "github.com/gardener/gardener/pkg/apis/operator/v1alpha1" kubernetesutils "github.com/gardener/gardener/pkg/utils/kubernetes" - "github.com/gardener/gardener/pkg/utils/version" ) const ( @@ -106,31 +105,6 @@ func hasExactUsages(usages, requiredUsages []certificatesv1.KeyUsage) bool { return true } -// ComputeNginxIngressClassForSeed returns the IngressClass for the Nginx Ingress controller. -func ComputeNginxIngressClassForSeed(seed *gardencorev1beta1.Seed, kubernetesVersion *string) (string, error) { - if kubernetesVersion == nil { - return "", fmt.Errorf("kubernetes version is missing for seed %q", seed.Name) - } - - // We need to use `versionutils.CompareVersions` because this function normalizes the seed version first. - // This is especially necessary if the seed cluster is a non Gardener managed cluster and thus might have some - // custom version suffix. - greaterEqual122, err := version.CompareVersions(*kubernetesVersion, ">=", "1.22") - if err != nil { - return "", err - } - - if managed := helper.SeedWantsManagedIngress(seed); managed { - if greaterEqual122 { - return v1beta1constants.SeedNginxIngressClass122, nil - } else { - return v1beta1constants.SeedNginxIngressClass, nil - } - } - - return v1beta1constants.NginxIngressClass, nil -} - // GetWildcardCertificate gets the wildcard certificate for the seed's ingress domain. // Nil is returned if no wildcard certificate is configured. func GetWildcardCertificate(ctx context.Context, c client.Client) (*corev1.Secret, error) { diff --git a/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go b/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go index 8e64b3450..c2c3011b2 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go @@ -209,6 +209,8 @@ const ( ShootProjectSecretSuffixKubeconfig = "kubeconfig" // ShootProjectSecretSuffixCACluster is a constant for a shoot project secret with suffix 'ca-cluster'. ShootProjectSecretSuffixCACluster = "ca-cluster" + // ShootProjectSecretSuffixCAClient is a constant for a shoot project secret with suffix 'ca-client'. + ShootProjectSecretSuffixCAClient = "ca-client" // ShootProjectSecretSuffixSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair'. ShootProjectSecretSuffixSSHKeypair = v1beta1constants.SecretNameSSHKeyPair // ShootProjectSecretSuffixOldSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair.old'. @@ -228,6 +230,13 @@ func GetShootProjectSecretSuffixes() []string { } } +// GetShootProjectInternalSecretSuffixes returns the list of shoot-related project internal secret suffixes. +func GetShootProjectInternalSecretSuffixes() []string { + return []string{ + ShootProjectSecretSuffixCAClient, + } +} + func shootProjectSecretSuffix(suffix string) string { return "." + suffix } @@ -249,6 +258,18 @@ func IsShootProjectSecret(secretName string) (string, bool) { return "", false } +// IsShootProjectInternalSecret checks if the given name matches the name of a shoot-related project internal secret. +// If no, it returns an empty string and . Otherwise, it returns the shoot name and . +func IsShootProjectInternalSecret(secretName string) (string, bool) { + for _, v := range GetShootProjectInternalSecretSuffixes() { + if suffix := shootProjectSecretSuffix(v); strings.HasSuffix(secretName, suffix) { + return strings.TrimSuffix(secretName, suffix), true + } + } + + return "", false +} + const ( // SecretNamePrefixShootAccess is the prefix of all secrets containing credentials for accessing shoot clusters. SecretNamePrefixShootAccess = "shoot-access-" @@ -334,6 +355,7 @@ func (s *ShootAccessSecret) Reconcile(ctx context.Context, c client.Client) erro _, err := controllerutils.GetAndCreateOrMergePatch(ctx, c, s.Secret, func() error { s.Secret.Type = corev1.SecretTypeOpaque metav1.SetMetaDataLabel(&s.Secret.ObjectMeta, resourcesv1alpha1.ResourceManagerPurpose, resourcesv1alpha1.LabelPurposeTokenRequest) + metav1.SetMetaDataLabel(&s.Secret.ObjectMeta, resourcesv1alpha1.ResourceManagerClass, resourcesv1alpha1.ResourceManagerClassShoot) metav1.SetMetaDataAnnotation(&s.Secret.ObjectMeta, resourcesv1alpha1.ServiceAccountName, s.ServiceAccountName) metav1.SetMetaDataAnnotation(&s.Secret.ObjectMeta, resourcesv1alpha1.ServiceAccountNamespace, metav1.NamespaceSystem) diff --git a/vendor/github.com/gardener/gardener/pkg/utils/imagevector/imagevector.go b/vendor/github.com/gardener/gardener/pkg/utils/imagevector/imagevector.go index d6187186b..8bf657b15 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/imagevector/imagevector.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/imagevector/imagevector.go @@ -349,7 +349,7 @@ func (v ImageVector) FindImage(name string, opts ...FindOptionFunc) (*Image, err // In case multiple images match the search, the first which was found is returned. // In case no image was found, an error is returned. func FindImages(v ImageVector, names []string, opts ...FindOptionFunc) (map[string]*Image, error) { - images := map[string]*Image{} + images := make(map[string]*Image, len(names)) for _, imageName := range names { image, err := v.FindImage(imageName, opts...) if err != nil { diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/admissionplugins.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/admissionplugins.go index 745137590..3e5bf3d16 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/admissionplugins.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/admissionplugins.go @@ -23,11 +23,11 @@ import ( ) var ( - lowestSupportedKubernetesVersionMajorMinor = "1.20" + lowestSupportedKubernetesVersionMajorMinor = "1.22" lowestSupportedKubernetesVersion, _ = semver.NewVersion(lowestSupportedKubernetesVersionMajorMinor) admissionPlugins = map[string][]gardencorev1beta1.AdmissionPlugin{ - "1.20": getDefaultPlugins("1.20"), + "1.22": getDefaultPlugins("1.22"), "1.23": getDefaultPlugins("1.23"), "1.25": getDefaultPlugins("1.25"), } @@ -65,7 +65,7 @@ func getAdmissionPluginsForVersionInternal(v string) []gardencorev1beta1.Admissi func getDefaultPlugins(version string) []gardencorev1beta1.AdmissionPlugin { var admissionPlugins []gardencorev1beta1.AdmissionPlugin switch version { - case "1.20": + case "1.22": admissionPlugins = append(admissionPlugins, []gardencorev1beta1.AdmissionPlugin{ {Name: "Priority"}, {Name: "NamespaceLifecycle"}, diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/tls_cipher_suites.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/tls_cipher_suites.go index b77e3707d..0e0c24cdb 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/tls_cipher_suites.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/tls_cipher_suites.go @@ -35,18 +35,9 @@ func TLSCipherSuites(k8sVersion *semver.Version) []string { ) ) - if version.ConstraintK8sLessEqual121.Check(k8sVersion) { - return append(commonSuites, - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", - "TLS_RSA_WITH_AES_128_CBC_SHA", - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - ) - } - // For Kubernetes 1.22 Gardener only allows suites permissible for TLS 1.3 // see https://github.com/gardener/gardener/issues/4300#issuecomment-885498872 - if version.ConstraintK8sLessEqual122.Check(k8sVersion) { + if version.ConstraintK8sEqual122.Check(k8sVersion) { return tlsV13Suites } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go b/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go index a987a0d6b..73d5ef3c6 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go @@ -40,7 +40,7 @@ func ValueExists(value string, list []string) bool { // MergeMaps takes two maps , and merges them. If defines a value with a key // already existing in the map, the value for that key will be overwritten. func MergeMaps(a, b map[string]interface{}) map[string]interface{} { - var values = map[string]interface{}{} + var values = make(map[string]interface{}, len(b)) for i, v := range b { existing, ok := a[i] @@ -73,7 +73,7 @@ func MergeStringMaps[T any](oldMap map[string]T, newMaps ...map[string]T) map[st var out map[string]T if oldMap != nil { - out = make(map[string]T) + out = make(map[string]T, len(oldMap)) } for k, v := range oldMap { out[k] = v diff --git a/vendor/github.com/gardener/gardener/pkg/utils/secrets/basic_auth.go b/vendor/github.com/gardener/gardener/pkg/utils/secrets/basic_auth.go index 35ee79d01..faee10a0f 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/secrets/basic_auth.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/secrets/basic_auth.go @@ -80,7 +80,7 @@ func (s *BasicAuthSecretConfig) Generate() (DataInterface, error) { // SecretData computes the data map which can be used in a Kubernetes secret. func (b *BasicAuth) SecretData() map[string][]byte { - data := map[string][]byte{} + data := make(map[string][]byte, 3) data[DataKeyUserName] = []byte(b.Username) data[DataKeyPassword] = []byte(b.Password) diff --git a/vendor/github.com/gardener/gardener/pkg/utils/secrets/manager/generate.go b/vendor/github.com/gardener/gardener/pkg/utils/secrets/manager/generate.go index e0ae50b72..60c111556 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/secrets/manager/generate.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/secrets/manager/generate.go @@ -24,11 +24,6 @@ import ( corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/runtime/serializer/json" - apiserverconfigv1 "k8s.io/apiserver/pkg/apis/config/v1" "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" @@ -149,65 +144,6 @@ func (m *manager) keepExistingSecretsIfNeeded(ctx context.Context, configName st return existingSecrets.Items[0].Data, nil } - // For backwards-compatibility, we need to keep some of the existing secrets (cluster-admin token, basic auth - // password, etc.). - // TODO(rfranzke): Remove this switch statement in the future. - existingSecret := &corev1.Secret{} - switch configName { - case "kube-apiserver-etcd-encryption-key": - if err := m.client.Get(ctx, kubernetesutils.Key(m.namespace, "etcd-encryption-secret"), existingSecret); err != nil { - if !apierrors.IsNotFound(err) { - return nil, err - } - return newData, nil - } - - scheme := runtime.NewScheme() - if err := apiserverconfigv1.AddToScheme(scheme); err != nil { - return nil, err - } - - ser := json.NewSerializerWithOptions(json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{Yaml: true, Pretty: false, Strict: false}) - versions := schema.GroupVersions([]schema.GroupVersion{apiserverconfigv1.SchemeGroupVersion}) - codec := serializer.NewCodecFactory(scheme).CodecForVersions(ser, ser, versions, versions) - - encryptionConfiguration := &apiserverconfigv1.EncryptionConfiguration{} - if _, _, err := codec.Decode(existingSecret.Data["encryption-configuration.yaml"], nil, encryptionConfiguration); err != nil { - return nil, err - } - - var existingEncryptionKey, existingEncryptionSecret []byte - - if len(encryptionConfiguration.Resources) != 0 { - for _, provider := range encryptionConfiguration.Resources[0].Providers { - if provider.AESCBC != nil && len(provider.AESCBC.Keys) != 0 { - existingEncryptionKey = []byte(provider.AESCBC.Keys[0].Name) - existingEncryptionSecret = []byte(provider.AESCBC.Keys[0].Secret) - break - } - } - } - - if existingEncryptionKey == nil || existingEncryptionSecret == nil { - return nil, fmt.Errorf("old etcd encryption key or secret was not found") - } - - return map[string][]byte{ - secretsutils.DataKeyEncryptionKeyName: existingEncryptionKey, - secretsutils.DataKeyEncryptionSecret: existingEncryptionSecret, - }, nil - - case "service-account-key": - if err := m.client.Get(ctx, kubernetesutils.Key(m.namespace, "service-account-key"), existingSecret); err != nil { - if !apierrors.IsNotFound(err) { - return nil, err - } - return newData, nil - } - - return existingSecret.Data, nil - } - return newData, nil } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/validation/features/featuregates.go b/vendor/github.com/gardener/gardener/pkg/utils/validation/features/featuregates.go index e2d7cb707..93326b0d7 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/validation/features/featuregates.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/validation/features/featuregates.go @@ -39,19 +39,16 @@ var featureGateVersionRanges = map[string]*FeatureGateVersionRange{ "AdmissionWebhookMatchConditions": {AddedInVersion: "1.27"}, "APIListChunking": {}, - "APIPriorityAndFairness": {AddedInVersion: "1.17"}, + "APIPriorityAndFairness": {}, "APIResponseCompression": {}, "APISelfSubjectReview": {AddedInVersion: "1.26"}, - "APIServerIdentity": {AddedInVersion: "1.20"}, - "APIServerTracing": {AddedInVersion: "1.22"}, + "APIServerIdentity": {}, + "APIServerTracing": {}, "AdvancedAuditing": {LockedToDefaultInVersion: "1.27"}, "AggregatedDiscoveryEndpoint": {AddedInVersion: "1.26"}, - "AllowInsecureBackendProxy": {AddedInVersion: "1.17", RemovedInVersion: "1.23"}, - "AnyVolumeDataSource": {AddedInVersion: "1.18"}, + "AllowInsecureBackendProxy": {RemovedInVersion: "1.23"}, + "AnyVolumeDataSource": {}, "AppArmor": {}, - "AttachVolumeLimit": {RemovedInVersion: "1.21"}, - "BalanceAttachedNodeVolumes": {RemovedInVersion: "1.22"}, - "BlockVolume": {RemovedInVersion: "1.21"}, "BoundServiceAccountTokenVolume": {RemovedInVersion: "1.23"}, "CloudControllerManagerWebhook": {AddedInVersion: "1.27"}, "CloudDualStackNodeIPs": {AddedInVersion: "1.27"}, @@ -59,245 +56,187 @@ var featureGateVersionRanges = map[string]*FeatureGateVersionRange{ "CPUManager": {LockedToDefaultInVersion: "1.26"}, "CPUManagerPolicyAlphaOptions": {AddedInVersion: "1.23"}, "CPUManagerPolicyBetaOptions": {AddedInVersion: "1.23"}, - "CPUManagerPolicyOptions": {AddedInVersion: "1.22"}, - "CRIContainerLogRotation": {RemovedInVersion: "1.22"}, + "CPUManagerPolicyOptions": {}, "CronJobTimeZone": {AddedInVersion: "1.24", LockedToDefaultInVersion: "1.27"}, - "CSIBlockVolume": {RemovedInVersion: "1.21"}, - "CSIDriverRegistry": {RemovedInVersion: "1.21"}, "CSIInlineVolume": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "CSIMigration": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "CSIMigrationAWS": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, - "CSIMigrationAWSComplete": {AddedInVersion: "1.17", RemovedInVersion: "1.21"}, "CSIMigrationAzureDisk": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, - "CSIMigrationAzureDiskComplete": {AddedInVersion: "1.17", RemovedInVersion: "1.21"}, "CSIMigrationAzureFile": {LockedToDefaultInVersion: "1.27"}, - "CSIMigrationAzureFileComplete": {AddedInVersion: "1.17", RemovedInVersion: "1.21"}, "CSIMigrationGCE": {Default: true, LockedToDefaultInVersion: "1.25"}, - "CSIMigrationGCEComplete": {AddedInVersion: "1.17", RemovedInVersion: "1.21"}, - "CSIMigrationOpenStack": {Default: true, AddedInVersion: "1.14", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "CSIMigrationOpenStackComplete": {AddedInVersion: "1.17", RemovedInVersion: "1.21"}, + "CSIMigrationOpenStack": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, "CSIMigrationPortworx": {AddedInVersion: "1.23"}, "CSIMigrationRBD": {AddedInVersion: "1.24"}, - "CSIMigrationvSphere": {AddedInVersion: "1.19", LockedToDefaultInVersion: "1.27"}, - "CSIMigrationvSphereComplete": {AddedInVersion: "1.19", RemovedInVersion: "1.22"}, + "CSIMigrationvSphere": {LockedToDefaultInVersion: "1.27"}, "CSINodeExpandSecret": {AddedInVersion: "1.25"}, - "CSINodeInfo": {RemovedInVersion: "1.21"}, - "CSIPersistentVolume": {RemovedInVersion: "1.16"}, - "CSIServiceAccountToken": {Default: true, AddedInVersion: "1.20", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, - "CSIStorageCapacity": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.24"}, - "CSIVolumeFSGroupPolicy": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, - "CSIVolumeHealth": {AddedInVersion: "1.21"}, - "CSRDuration": {Default: true, AddedInVersion: "1.22", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "ConfigurableFSGroupPolicy": {Default: true, AddedInVersion: "1.18", LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, + "CSIServiceAccountToken": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, + "CSIStorageCapacity": {Default: true, LockedToDefaultInVersion: "1.24"}, + "CSIVolumeFSGroupPolicy": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, + "CSIVolumeHealth": {}, + "CSRDuration": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "ConfigurableFSGroupPolicy": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, "ConsistentHTTPGetHandlers": {AddedInVersion: "1.26"}, "ContainerCheckpoint": {AddedInVersion: "1.25"}, - "ControllerManagerLeaderMigration": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.27"}, // Missing from docu? - "CronJobControllerV2": {AddedInVersion: "1.20", RemovedInVersion: "1.23"}, + "ControllerManagerLeaderMigration": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.27"}, // Missing from docu? + "CronJobControllerV2": {RemovedInVersion: "1.23"}, "CrossNamespaceVolumeDataSource": {AddedInVersion: "1.26"}, "CustomCPUCFSQuotaPeriod": {}, - "CustomPodDNS": {RemovedInVersion: "1.16"}, - "CustomResourceDefaulting": {RemovedInVersion: "1.18"}, - "CustomResourcePublishOpenAPI": {RemovedInVersion: "1.18"}, - "CustomResourceSubresources": {RemovedInVersion: "1.18"}, - "CustomResourceValidation": {RemovedInVersion: "1.18"}, "CustomResourceValidationExpressions": {AddedInVersion: "1.23"}, - "CustomResourceWebhookConversion": {RemovedInVersion: "1.18"}, - "DaemonSetUpdateSurge": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, // Missing from docu? - "DebugContainers": {RemovedInVersion: "1.16"}, // Missing from docu? - "DefaultIngressClass": {AddedInVersion: "1.18", RemovedInVersion: "1.20"}, // Missing from docu? - "DefaultPodTopologySpread": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "DelegateFSGroupToCSIDriver": {AddedInVersion: "1.22", LockedToDefaultInVersion: "1.26"}, + "DaemonSetUpdateSurge": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, // Missing from docu? + "DefaultPodTopologySpread": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "DelegateFSGroupToCSIDriver": {LockedToDefaultInVersion: "1.26"}, "DevicePlugins": {LockedToDefaultInVersion: "1.26"}, - "DisableAcceleratorUsageMetrics": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.25"}, - "DisableCloudProviders": {AddedInVersion: "1.22"}, + "DisableAcceleratorUsageMetrics": {Default: true, LockedToDefaultInVersion: "1.25"}, + "DisableCloudProviders": {}, "DisableKubeletCloudCredentialProviders": {AddedInVersion: "1.23"}, - "DownwardAPIHugePages": {AddedInVersion: "1.20", LockedToDefaultInVersion: "1.27"}, + "DownwardAPIHugePages": {LockedToDefaultInVersion: "1.27"}, "DryRun": {LockedToDefaultInVersion: "1.26"}, - "DynamicAuditing": {RemovedInVersion: "1.19"}, "DynamicKubeletConfig": {RemovedInVersion: "1.26"}, "DynamicResourceAllocation": {AddedInVersion: "1.26"}, - "EfficientWatchResumption": {Default: true, AddedInVersion: "1.20", LockedToDefaultInVersion: "1.24"}, + "EfficientWatchResumption": {Default: true, LockedToDefaultInVersion: "1.24"}, "ElasticIndexedJob": {AddedInVersion: "1.27"}, - "EnableAggregatedDiscoveryTimeout": {AddedInVersion: "1.16", RemovedInVersion: "1.17"}, - "EndpointSlice": {Default: true, AddedInVersion: "1.16", LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, - "EndpointSliceNodeName": {Default: true, AddedInVersion: "1.20", LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, - "EndpointSliceProxying": {Default: true, AddedInVersion: "1.18", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, - "EndpointSliceTerminatingCondition": {AddedInVersion: "1.20", LockedToDefaultInVersion: "1.26"}, - "EphemeralContainers": {Default: true, AddedInVersion: "1.16", LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, - "EvenPodsSpread": {AddedInVersion: "1.16", RemovedInVersion: "1.21"}, + "EndpointSlice": {Default: true, LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, + "EndpointSliceNodeName": {Default: true, LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, + "EndpointSliceProxying": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, + "EndpointSliceTerminatingCondition": {LockedToDefaultInVersion: "1.26"}, + "EphemeralContainers": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "EventedPLEG": {AddedInVersion: "1.26"}, - "ExecProbeTimeout": {AddedInVersion: "1.20"}, + "ExecProbeTimeout": {}, "ExpandCSIVolumes": {RemovedInVersion: "1.27"}, - "ExpandedDNSConfig": {AddedInVersion: "1.22"}, + "ExpandedDNSConfig": {}, "ExpandInUsePersistentVolumes": {RemovedInVersion: "1.27"}, "ExpandPersistentVolumes": {RemovedInVersion: "1.27"}, - "ExperimentalCriticalPodAnnotation": {RemovedInVersion: "1.16"}, "ExperimentalHostUserNamespaceDefaulting": {}, - "ExternalPolicyForExternalIP": {AddedInVersion: "1.18", RemovedInVersion: "1.22"}, // Missing from docu? - "GCERegionalPersistentDisk": {RemovedInVersion: "1.17"}, "GRPCContainerProbe": {AddedInVersion: "1.23", LockedToDefaultInVersion: "1.27"}, - "GenericEphemeralVolume": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, - "GracefulNodeShutdown": {AddedInVersion: "1.20"}, + "GenericEphemeralVolume": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, + "GracefulNodeShutdown": {}, "GracefulNodeShutdownBasedOnPodPriority": {AddedInVersion: "1.23"}, "HonorPVReclaimPolicy": {AddedInVersion: "1.23"}, - "HPAContainerMetrics": {AddedInVersion: "1.20"}, - "HPAScaleToZero": {AddedInVersion: "1.16"}, - "HugePageStorageMediumSize": {Default: true, AddedInVersion: "1.18", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, - "HugePages": {RemovedInVersion: "1.16"}, - "HyperVContainer": {RemovedInVersion: "1.21"}, - "IPv6DualStack": {Default: true, AddedInVersion: "1.16", LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.27"}, + "HPAContainerMetrics": {}, + "HPAScaleToZero": {}, + "HugePageStorageMediumSize": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, + "IPv6DualStack": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.27"}, "IPTablesOwnershipCleanup": {AddedInVersion: "1.25"}, "IdentifyPodOS": {Default: true, AddedInVersion: "1.23", LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, - "ImmutableEphemeralVolumes": {Default: true, AddedInVersion: "1.18", LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.24"}, + "ImmutableEphemeralVolumes": {Default: true, LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.24"}, "InPlacePodVerticalScaling": {AddedInVersion: "1.27"}, - "InTreePluginAWSUnregister": {AddedInVersion: "1.21"}, // Missing from docu? - "InTreePluginAzureDiskUnregister": {AddedInVersion: "1.21"}, // Missing from docu? - "InTreePluginAzureFileUnregister": {AddedInVersion: "1.21"}, // Missing from docu? - "InTreePluginGCEUnregister": {AddedInVersion: "1.21"}, // Missing from docu? - "InTreePluginOpenStackUnregister": {AddedInVersion: "1.21"}, // Missing from docu? + "InTreePluginAWSUnregister": {}, // Missing from docu? + "InTreePluginAzureDiskUnregister": {}, // Missing from docu? + "InTreePluginAzureFileUnregister": {}, // Missing from docu? + "InTreePluginGCEUnregister": {}, // Missing from docu? + "InTreePluginOpenStackUnregister": {}, // Missing from docu? "InTreePluginPortworxUnregister": {AddedInVersion: "1.23"}, "InTreePluginRBDUnregister": {AddedInVersion: "1.23"}, - "InTreePluginvSphereUnregister": {AddedInVersion: "1.21"}, // Missing from docu? - "IndexedJob": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "IngressClassNamespacedParams": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, + "InTreePluginvSphereUnregister": {}, // Missing from docu? + "IndexedJob": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "IngressClassNamespacedParams": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, "JobMutableNodeSchedulingDirectives": {AddedInVersion: "1.23", LockedToDefaultInVersion: "1.27"}, "JobPodFailurePolicy": {AddedInVersion: "1.25"}, "JobReadyPods": {AddedInVersion: "1.23"}, - "JobTrackingWithFinalizers": {AddedInVersion: "1.22", LockedToDefaultInVersion: "1.26"}, + "JobTrackingWithFinalizers": {LockedToDefaultInVersion: "1.26"}, "KMSv2": {AddedInVersion: "1.25"}, - "KubeletCredentialProviders": {AddedInVersion: "1.20", LockedToDefaultInVersion: "1.26"}, - "KubeletInUserNamespace": {AddedInVersion: "1.22"}, - "KubeletPluginsWatcher": {RemovedInVersion: "1.16"}, + "KubeletCredentialProviders": {LockedToDefaultInVersion: "1.26"}, + "KubeletInUserNamespace": {}, "KubeletPodResources": {}, "KubeletPodResourcesDynamicResources": {AddedInVersion: "1.27"}, "KubeletPodResourcesGet": {AddedInVersion: "1.27"}, - "KubeletPodResourcesGetAllocatable": {AddedInVersion: "1.21"}, + "KubeletPodResourcesGetAllocatable": {}, "KubeletTracing": {AddedInVersion: "1.25"}, - "LegacyNodeRoleBehavior": {AddedInVersion: "1.16", RemovedInVersion: "1.22"}, "LegacyServiceAccountTokenNoAutoGeneration": {AddedInVersion: "1.24", LockedToDefaultInVersion: "1.27"}, "LegacyServiceAccountTokenTracking": {AddedInVersion: "1.26"}, "LocalStorageCapacityIsolation": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "LocalStorageCapacityIsolationFSQuotaMonitoring": {}, - "LogarithmicScaleDown": {AddedInVersion: "1.21"}, + "LogarithmicScaleDown": {}, "MatchLabelKeysInPodTopologySpread": {AddedInVersion: "1.25"}, "MaxUnavailableStatefulSet": {AddedInVersion: "1.24"}, - "MemoryManager": {AddedInVersion: "1.21"}, // Missing from docu? - "MemoryQoS": {AddedInVersion: "1.22"}, + "MemoryManager": {}, // Missing from docu? + "MemoryQoS": {}, "MigrationRBD": {AddedInVersion: "1.23", RemovedInVersion: "1.24"}, "MinDomainsInPodTopologySpread": {AddedInVersion: "1.24"}, "MinimizeIPTablesRestore": {AddedInVersion: "1.26"}, - "MixedProtocolLBService": {AddedInVersion: "1.20", LockedToDefaultInVersion: "1.26"}, - "MountContainers": {RemovedInVersion: "1.17"}, + "MixedProtocolLBService": {LockedToDefaultInVersion: "1.26"}, "MultiCIDRRangeAllocator": {AddedInVersion: "1.25"}, "MultiCIDRServiceAllocator": {AddedInVersion: "1.27"}, - "NamespaceDefaultLabelName": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, - "NetworkPolicyEndPort": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, + "NamespaceDefaultLabelName": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, + "NetworkPolicyEndPort": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "NetworkPolicyStatus": {AddedInVersion: "1.24"}, "NewVolumeManagerReconstruction": {AddedInVersion: "1.27"}, - "NodeDisruptionExclusion": {AddedInVersion: "1.16", RemovedInVersion: "1.22"}, "NodeInclusionPolicyInPodTopologySpread": {AddedInVersion: "1.25"}, "NodeLogQuery": {AddedInVersion: "1.27"}, "NodeLease": {RemovedInVersion: "1.23"}, "NodeOutOfServiceVolumeDetach": {AddedInVersion: "1.24"}, "NonPreemptingPriority": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "NodeSwap": {AddedInVersion: "1.22"}, + "NodeSwap": {}, "OpenAPIEnums": {AddedInVersion: "1.23"}, "OpenAPIV3": {AddedInVersion: "1.23", LockedToDefaultInVersion: "1.27"}, "PDBUnhealthyPodEvictionPolicy": {AddedInVersion: "1.26"}, - "PersistentLocalVolumes": {RemovedInVersion: "1.17"}, "PodAndContainerStatsFromCRI": {AddedInVersion: "1.23"}, - "PodAffinityNamespaceSelector": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "PodDeletionCost": {AddedInVersion: "1.21"}, - "PodDisruptionBudget": {Default: true, AddedInVersion: "1.17", LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, // Docu says 1.3? + "PodAffinityNamespaceSelector": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "PodDeletionCost": {}, + "PodDisruptionBudget": {Default: true, LockedToDefaultInVersion: "1.21", RemovedInVersion: "1.25"}, // Docu says 1.3? "PodDisruptionConditions": {AddedInVersion: "1.25"}, "PodHasNetworkCondition": {AddedInVersion: "1.25"}, - "PodOverhead": {Default: true, AddedInVersion: "1.16", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "PodPriority": {RemovedInVersion: "1.18"}, - "PodReadinessGates": {RemovedInVersion: "1.16"}, + "PodOverhead": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, "PodSchedulingReadiness": {AddedInVersion: "1.26"}, - "PodSecurity": {Default: true, AddedInVersion: "1.22", LockedToDefaultInVersion: "1.25"}, - "PodShareProcessNamespace": {RemovedInVersion: "1.19"}, - "PreferNominatedNode": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, // Missing from docu? - "ProbeTerminationGracePeriod": {AddedInVersion: "1.21"}, + "PodSecurity": {Default: true, LockedToDefaultInVersion: "1.25"}, + "PreferNominatedNode": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, // Missing from docu? + "ProbeTerminationGracePeriod": {}, "ProcMountType": {}, - "ProxyTerminatingEndpoints": {AddedInVersion: "1.22"}, + "ProxyTerminatingEndpoints": {}, "QOSReserved": {}, - "ReadWriteOncePod": {AddedInVersion: "1.22"}, + "ReadWriteOncePod": {}, "RecoverVolumeExpansionFailure": {AddedInVersion: "1.23"}, "RemainingItemCount": {}, - "RemoveSelfLink": {Default: true, AddedInVersion: "1.16", LockedToDefaultInVersion: "1.24"}, - "RequestManagement": {RemovedInVersion: "1.17"}, - "ResourceLimitsPriorityFunction": {RemovedInVersion: "1.19"}, - "ResourceQuotaScopeSelectors": {RemovedInVersion: "1.18"}, + "RemoveSelfLink": {Default: true, LockedToDefaultInVersion: "1.24"}, "RetroactiveDefaultStorageClass": {AddedInVersion: "1.25"}, - "RootCAConfigMap": {AddedInVersion: "1.20", RemovedInVersion: "1.22"}, // Docu says 1.13? - "RotateKubeletClientCertificate": {RemovedInVersion: "1.21"}, "RotateKubeletServerCertificate": {}, - "RunAsGroup": {RemovedInVersion: "1.22"}, "RuntimeClass": {Default: true, LockedToDefaultInVersion: "1.20", RemovedInVersion: "1.24"}, - "SCTPSupport": {RemovedInVersion: "1.22"}, - "ScheduleDaemonSetPods": {RemovedInVersion: "1.18"}, - "SeccompDefault": {AddedInVersion: "1.22", LockedToDefaultInVersion: "1.27"}, + "SeccompDefault": {LockedToDefaultInVersion: "1.27"}, "SecurityContextDeny": {AddedInVersion: "1.27"}, - "SelectorIndex": {Default: true, AddedInVersion: "1.18", LockedToDefaultInVersion: "1.20", RemovedInVersion: "1.25"}, // Missing from docu? + "SelectorIndex": {Default: true, LockedToDefaultInVersion: "1.20", RemovedInVersion: "1.25"}, // Missing from docu? "SELinuxMountReadWriteOncePod": {AddedInVersion: "1.25"}, "ServerSideApply": {LockedToDefaultInVersion: "1.26"}, "ServerSideFieldValidation": {AddedInVersion: "1.23", LockedToDefaultInVersion: "1.27"}, - "ServiceAccountIssuerDiscovery": {AddedInVersion: "1.18", RemovedInVersion: "1.23"}, - "ServiceAppProtocol": {AddedInVersion: "1.18", RemovedInVersion: "1.22"}, - "ServiceInternalTrafficPolicy": {AddedInVersion: "1.21", LockedToDefaultInVersion: "1.26"}, + "ServiceAccountIssuerDiscovery": {RemovedInVersion: "1.23"}, + "ServiceInternalTrafficPolicy": {LockedToDefaultInVersion: "1.26"}, "ServiceIPStaticSubrange": {AddedInVersion: "1.24", LockedToDefaultInVersion: "1.26"}, - "ServiceLBNodePortControl": {Default: true, AddedInVersion: "1.20", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "ServiceLoadBalancerClass": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, - "ServiceLoadBalancerFinalizer": {RemovedInVersion: "1.20"}, - "ServiceNodeExclusion": {RemovedInVersion: "1.22"}, + "ServiceLBNodePortControl": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "ServiceLoadBalancerClass": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, "ServiceNodePortStaticSubrange": {AddedInVersion: "1.27"}, - "ServiceTopology": {AddedInVersion: "1.17", RemovedInVersion: "1.22"}, - "SetHostnameAsFQDN": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, - "SizeMemoryBackedVolumes": {AddedInVersion: "1.20"}, + "SetHostnameAsFQDN": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, + "SizeMemoryBackedVolumes": {}, "StableLoadBalancerNodeSet": {AddedInVersion: "1.27"}, - "StartupProbe": {AddedInVersion: "1.16", RemovedInVersion: "1.23"}, + "StartupProbe": {RemovedInVersion: "1.23"}, "StatefulSetAutoDeletePVC": {AddedInVersion: "1.23"}, - "StatefulSetMinReadySeconds": {Default: true, AddedInVersion: "1.22", LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, + "StatefulSetMinReadySeconds": {Default: true, LockedToDefaultInVersion: "1.25", RemovedInVersion: "1.27"}, "StatefulSetStartOrdinal": {AddedInVersion: "1.26"}, "StorageObjectInUseProtection": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, - "StorageVersionAPI": {AddedInVersion: "1.20"}, + "StorageVersionAPI": {}, "StorageVersionHash": {}, "StreamingProxyRedirects": {RemovedInVersion: "1.24"}, - "SupportIPVSProxyMode": {RemovedInVersion: "1.20"}, "SupportNodePidsLimit": {RemovedInVersion: "1.23"}, "SupportPodPidsLimit": {RemovedInVersion: "1.23"}, - "SuspendJob": {Default: true, AddedInVersion: "1.21", LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, + "SuspendJob": {Default: true, LockedToDefaultInVersion: "1.24", RemovedInVersion: "1.26"}, "Sysctls": {RemovedInVersion: "1.23"}, "TTLAfterFinished": {Default: true, LockedToDefaultInVersion: "1.23", RemovedInVersion: "1.25"}, - "TaintBasedEvictions": {RemovedInVersion: "1.20"}, - "TaintNodesByCondition": {RemovedInVersion: "1.18"}, - "TokenRequest": {RemovedInVersion: "1.21"}, - "TokenRequestProjection": {RemovedInVersion: "1.21"}, - "TopologyAwareHints": {AddedInVersion: "1.21"}, - "TopologyManager": {AddedInVersion: "1.16", LockedToDefaultInVersion: "1.27"}, + "TopologyAwareHints": {}, + "TopologyManager": {LockedToDefaultInVersion: "1.27"}, "TopologyManagerPolicyAlphaOptions": {AddedInVersion: "1.26"}, "TopologyManagerPolicyBetaOptions": {AddedInVersion: "1.26"}, "TopologyManagerPolicyOptions": {AddedInVersion: "1.26"}, "UserNamespacesStatelessPodsSupport": {AddedInVersion: "1.25"}, "ValidateProxyRedirects": {RemovedInVersion: "1.24"}, "ValidatingAdmissionPolicy": {AddedInVersion: "1.26"}, - "VolumeCapacityPriority": {AddedInVersion: "1.21"}, - "VolumePVCDataSource": {RemovedInVersion: "1.21"}, - "VolumeScheduling": {RemovedInVersion: "1.16"}, - "VolumeSnapshotDataSource": {RemovedInVersion: "1.22"}, + "VolumeCapacityPriority": {}, "VolumeSubpath": {RemovedInVersion: "1.25"}, - "VolumeSubpathEnvExpansion": {RemovedInVersion: "1.19"}, - "WarningHeaders": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, + "WarningHeaders": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.24"}, "WatchBookmark": {Default: true, LockedToDefaultInVersion: "1.17"}, "WatchList": {AddedInVersion: "1.27"}, "WinDSR": {}, "WinOverlay": {}, - "WindowsEndpointSliceProxying": {Default: true, AddedInVersion: "1.19", LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, - "WindowsGMSA": {RemovedInVersion: "1.21"}, + "WindowsEndpointSliceProxying": {Default: true, LockedToDefaultInVersion: "1.22", RemovedInVersion: "1.25"}, "WindowsHostNetwork": {AddedInVersion: "1.26"}, - "WindowsHostProcessContainers": {AddedInVersion: "1.22", LockedToDefaultInVersion: "1.26"}, - "WindowsRunAsUserName": {AddedInVersion: "1.16", RemovedInVersion: "1.21"}, + "WindowsHostProcessContainers": {LockedToDefaultInVersion: "1.26"}, } // IsFeatureGateSupported returns true if the given feature gate is supported for the given Kubernetes version. diff --git a/vendor/github.com/gardener/gardener/pkg/utils/validation/kubernetesversion/version.go b/vendor/github.com/gardener/gardener/pkg/utils/validation/kubernetesversion/version.go index 11f5c5821..c3523ccc1 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/validation/kubernetesversion/version.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/validation/kubernetesversion/version.go @@ -23,8 +23,6 @@ import ( // SupportedVersions is the list of supported Kubernetes versions for all runtime and target clusters, i.e. all gardens, // seeds, and shoots. var SupportedVersions = []string{ - "1.20", - "1.21", "1.22", "1.23", "1.24", diff --git a/vendor/github.com/gardener/gardener/pkg/utils/version/version.go b/vendor/github.com/gardener/gardener/pkg/utils/version/version.go index 83342916d..a7930f855 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/version/version.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/version/version.go @@ -23,22 +23,8 @@ import ( ) var ( - // ConstraintK8sEqual120 is a version constraint for versions == 1.20. - ConstraintK8sEqual120 *semver.Constraints - // ConstraintK8sGreaterEqual120 is a version constraint for versions >= 1.20. - ConstraintK8sGreaterEqual120 *semver.Constraints - // ConstraintK8sLessEqual121 is a version constraint for versions <= 1.21. - ConstraintK8sLessEqual121 *semver.Constraints - // ConstraintK8sEqual121 is a version constraint for versions == 1.21. - ConstraintK8sEqual121 *semver.Constraints - // ConstraintK8sGreaterEqual121 is a version constraint for versions >= 1.21. - ConstraintK8sGreaterEqual121 *semver.Constraints - // ConstraintK8sLessEqual122 is a version constraint for versions <= 1.22. - ConstraintK8sLessEqual122 *semver.Constraints // ConstraintK8sEqual122 is a version constraint for versions == 1.22. ConstraintK8sEqual122 *semver.Constraints - // ConstraintK8sGreaterEqual122 is a version constraint for versions >= 1.22. - ConstraintK8sGreaterEqual122 *semver.Constraints // ConstraintK8sEqual123 is a version constraint for versions == 1.23. ConstraintK8sEqual123 *semver.Constraints // ConstraintK8sGreaterEqual123 is a version constraint for versions >= 1.23. @@ -65,22 +51,8 @@ var ( func init() { var err error - ConstraintK8sEqual120, err = semver.NewConstraint("~ 1.20.x-0") - utilruntime.Must(err) - ConstraintK8sGreaterEqual120, err = semver.NewConstraint(">= 1.20-0") - utilruntime.Must(err) - ConstraintK8sLessEqual121, err = semver.NewConstraint("<= 1.21.x-0") - utilruntime.Must(err) - ConstraintK8sEqual121, err = semver.NewConstraint("~ 1.21.x-0") - utilruntime.Must(err) - ConstraintK8sGreaterEqual121, err = semver.NewConstraint(">= 1.21-0") - utilruntime.Must(err) - ConstraintK8sLessEqual122, err = semver.NewConstraint("<= 1.22.x-0") - utilruntime.Must(err) ConstraintK8sEqual122, err = semver.NewConstraint("~ 1.22.x-0") utilruntime.Must(err) - ConstraintK8sGreaterEqual122, err = semver.NewConstraint(">= 1.22-0") - utilruntime.Must(err) ConstraintK8sEqual123, err = semver.NewConstraint("~ 1.23.x-0") utilruntime.Must(err) ConstraintK8sGreaterEqual123, err = semver.NewConstraint(">= 1.23-0") diff --git a/vendor/github.com/gardener/gardener/test/framework/shootmigrationtest.go b/vendor/github.com/gardener/gardener/test/framework/shootmigrationtest.go index a21426b58..0e55e9116 100644 --- a/vendor/github.com/gardener/gardener/test/framework/shootmigrationtest.go +++ b/vendor/github.com/gardener/gardener/test/framework/shootmigrationtest.go @@ -254,7 +254,7 @@ func (t *ShootMigrationTest) GetPersistedSecrets(ctx context.Context, seedClient return nil, err } - secretsMap := map[string]corev1.Secret{} + secretsMap := make(map[string]corev1.Secret, len(secretList.Items)) for _, secret := range secretList.Items { secretsMap[secret.Name] = secret } diff --git a/vendor/k8s.io/apiserver/LICENSE b/vendor/k8s.io/apiserver/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/vendor/k8s.io/apiserver/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/doc.go b/vendor/k8s.io/apiserver/pkg/apis/config/doc.go deleted file mode 100644 index 338d4cebf..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package config // import "k8s.io/apiserver/pkg/apis/config" diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/register.go b/vendor/k8s.io/apiserver/pkg/apis/config/register.go deleted file mode 100644 index 6a0aae8e5..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme adds this group to a scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package. -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind. -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource. -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this will get cleaned up with the scheme types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &EncryptionConfiguration{}, - ) - return nil -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/types.go b/vendor/k8s.io/apiserver/pkg/apis/config/types.go deleted file mode 100644 index 72107fe66..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/types.go +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EncryptionConfiguration stores the complete configuration for encryption providers. -type EncryptionConfiguration struct { - metav1.TypeMeta - // resources is a list containing resources, and their corresponding encryption providers. - Resources []ResourceConfiguration -} - -// ResourceConfiguration stores per resource configuration. -type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. - Resources []string - // providers is a list of transformers to be used for reading and writing the resources to disk. - // eg: aesgcm, aescbc, secretbox, identity. - Providers []ProviderConfiguration -} - -// ProviderConfiguration stores the provided configuration for an encryption provider. -type ProviderConfiguration struct { - // aesgcm is the configuration for the AES-GCM transformer. - AESGCM *AESConfiguration - // aescbc is the configuration for the AES-CBC transformer. - AESCBC *AESConfiguration - // secretbox is the configuration for the Secretbox based transformer. - Secretbox *SecretboxConfiguration - // identity is the (empty) configuration for the identity transformer. - Identity *IdentityConfiguration - // kms contains the name, cache size and path to configuration file for a KMS based envelope transformer. - KMS *KMSConfiguration -} - -// AESConfiguration contains the API configuration for an AES transformer. -type AESConfiguration struct { - // keys is a list of keys to be used for creating the AES transformer. - // Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM. - Keys []Key -} - -// SecretboxConfiguration contains the API configuration for an Secretbox transformer. -type SecretboxConfiguration struct { - // keys is a list of keys to be used for creating the Secretbox transformer. - // Each key has to be 32 bytes long. - Keys []Key -} - -// Key contains name and secret of the provided key for a transformer. -type Key struct { - // name is the name of the key to be used while storing data to disk. - Name string - // secret is the actual key, encoded in base64. - Secret string -} - -// String implements Stringer interface in a log safe way. -func (k Key) String() string { - return fmt.Sprintf("Name: %s, Secret: [REDACTED]", k.Name) -} - -// IdentityConfiguration is an empty struct to allow identity transformer in provider configuration. -type IdentityConfiguration struct{} - -// KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer. -type KMSConfiguration struct { - // apiVersion of KeyManagementService - // +optional - APIVersion string - // name is the name of the KMS plugin to be used. - Name string - // cachesize is the maximum number of secrets which are cached in memory. The default value is 1000. - // Set to a negative value to disable caching. - // +optional - CacheSize *int32 - // endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock". - Endpoint string - // timeout for gRPC calls to kms-plugin (ex. 5s). The default is 3 seconds. - // +optional - Timeout *metav1.Duration -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go deleted file mode 100644 index 8666022a9..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -var ( - defaultTimeout = &metav1.Duration{Duration: 3 * time.Second} - defaultCacheSize int32 = 1000 - defaultAPIVersion = "v1" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_KMSConfiguration applies defaults to KMSConfiguration. -func SetDefaults_KMSConfiguration(obj *KMSConfiguration) { - if obj.Timeout == nil { - obj.Timeout = defaultTimeout - } - - if obj.CacheSize == nil { - obj.CacheSize = &defaultCacheSize - } - - if obj.APIVersion == "" { - obj.APIVersion = defaultAPIVersion - } -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go deleted file mode 100644 index b1a18ccab..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/config -// +k8s:deepcopy-gen=package -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.config.k8s.io - -// Package v1 is the v1 version of the API. -package v1 diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go deleted file mode 100644 index 32b5634c4..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package. -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme adds this group to a scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) - localSchemeBuilder.Register(addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &EncryptionConfiguration{}, - ) - // also register into the v1 group as EncryptionConfig (due to a docs bug) - scheme.AddKnownTypeWithName(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "EncryptionConfig"}, &EncryptionConfiguration{}) - return nil -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go deleted file mode 100644 index 23dab942e..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EncryptionConfiguration stores the complete configuration for encryption providers. -type EncryptionConfiguration struct { - metav1.TypeMeta - // resources is a list containing resources, and their corresponding encryption providers. - Resources []ResourceConfiguration `json:"resources"` -} - -// ResourceConfiguration stores per resource configuration. -type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. - Resources []string `json:"resources"` - // providers is a list of transformers to be used for reading and writing the resources to disk. - // eg: aesgcm, aescbc, secretbox, identity. - Providers []ProviderConfiguration `json:"providers"` -} - -// ProviderConfiguration stores the provided configuration for an encryption provider. -type ProviderConfiguration struct { - // aesgcm is the configuration for the AES-GCM transformer. - AESGCM *AESConfiguration `json:"aesgcm,omitempty"` - // aescbc is the configuration for the AES-CBC transformer. - AESCBC *AESConfiguration `json:"aescbc,omitempty"` - // secretbox is the configuration for the Secretbox based transformer. - Secretbox *SecretboxConfiguration `json:"secretbox,omitempty"` - // identity is the (empty) configuration for the identity transformer. - Identity *IdentityConfiguration `json:"identity,omitempty"` - // kms contains the name, cache size and path to configuration file for a KMS based envelope transformer. - KMS *KMSConfiguration `json:"kms,omitempty"` -} - -// AESConfiguration contains the API configuration for an AES transformer. -type AESConfiguration struct { - // keys is a list of keys to be used for creating the AES transformer. - // Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM. - Keys []Key `json:"keys"` -} - -// SecretboxConfiguration contains the API configuration for an Secretbox transformer. -type SecretboxConfiguration struct { - // keys is a list of keys to be used for creating the Secretbox transformer. - // Each key has to be 32 bytes long. - Keys []Key `json:"keys"` -} - -// Key contains name and secret of the provided key for a transformer. -type Key struct { - // name is the name of the key to be used while storing data to disk. - Name string `json:"name"` - // secret is the actual key, encoded in base64. - Secret string `json:"secret"` -} - -// String implements Stringer interface in a log safe way. -func (k Key) String() string { - return fmt.Sprintf("Name: %s, Secret: [REDACTED]", k.Name) -} - -// IdentityConfiguration is an empty struct to allow identity transformer in provider configuration. -type IdentityConfiguration struct{} - -// KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer. -type KMSConfiguration struct { - // apiVersion of KeyManagementService - // +optional - APIVersion string `json:"apiVersion"` - // name is the name of the KMS plugin to be used. - Name string `json:"name"` - // cachesize is the maximum number of secrets which are cached in memory. The default value is 1000. - // Set to a negative value to disable caching. - // +optional - CacheSize *int32 `json:"cachesize,omitempty"` - // endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock". - Endpoint string `json:"endpoint"` - // timeout for gRPC calls to kms-plugin (ex. 5s). The default is 3 seconds. - // +optional - Timeout *metav1.Duration `json:"timeout,omitempty"` -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go deleted file mode 100644 index 858542863..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go +++ /dev/null @@ -1,299 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - config "k8s.io/apiserver/pkg/apis/config" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AESConfiguration)(nil), (*config.AESConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AESConfiguration_To_config_AESConfiguration(a.(*AESConfiguration), b.(*config.AESConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.AESConfiguration)(nil), (*AESConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_AESConfiguration_To_v1_AESConfiguration(a.(*config.AESConfiguration), b.(*AESConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*EncryptionConfiguration)(nil), (*config.EncryptionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(a.(*EncryptionConfiguration), b.(*config.EncryptionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.EncryptionConfiguration)(nil), (*EncryptionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(a.(*config.EncryptionConfiguration), b.(*EncryptionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*IdentityConfiguration)(nil), (*config.IdentityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration(a.(*IdentityConfiguration), b.(*config.IdentityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.IdentityConfiguration)(nil), (*IdentityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration(a.(*config.IdentityConfiguration), b.(*IdentityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*KMSConfiguration)(nil), (*config.KMSConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_KMSConfiguration_To_config_KMSConfiguration(a.(*KMSConfiguration), b.(*config.KMSConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.KMSConfiguration)(nil), (*KMSConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_KMSConfiguration_To_v1_KMSConfiguration(a.(*config.KMSConfiguration), b.(*KMSConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Key)(nil), (*config.Key)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Key_To_config_Key(a.(*Key), b.(*config.Key), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.Key)(nil), (*Key)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_Key_To_v1_Key(a.(*config.Key), b.(*Key), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ProviderConfiguration)(nil), (*config.ProviderConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration(a.(*ProviderConfiguration), b.(*config.ProviderConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ProviderConfiguration)(nil), (*ProviderConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration(a.(*config.ProviderConfiguration), b.(*ProviderConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ResourceConfiguration)(nil), (*config.ResourceConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration(a.(*ResourceConfiguration), b.(*config.ResourceConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ResourceConfiguration)(nil), (*ResourceConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration(a.(*config.ResourceConfiguration), b.(*ResourceConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*SecretboxConfiguration)(nil), (*config.SecretboxConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(a.(*SecretboxConfiguration), b.(*config.SecretboxConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.SecretboxConfiguration)(nil), (*SecretboxConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(a.(*config.SecretboxConfiguration), b.(*SecretboxConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AESConfiguration_To_config_AESConfiguration(in *AESConfiguration, out *config.AESConfiguration, s conversion.Scope) error { - out.Keys = *(*[]config.Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_v1_AESConfiguration_To_config_AESConfiguration is an autogenerated conversion function. -func Convert_v1_AESConfiguration_To_config_AESConfiguration(in *AESConfiguration, out *config.AESConfiguration, s conversion.Scope) error { - return autoConvert_v1_AESConfiguration_To_config_AESConfiguration(in, out, s) -} - -func autoConvert_config_AESConfiguration_To_v1_AESConfiguration(in *config.AESConfiguration, out *AESConfiguration, s conversion.Scope) error { - out.Keys = *(*[]Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_config_AESConfiguration_To_v1_AESConfiguration is an autogenerated conversion function. -func Convert_config_AESConfiguration_To_v1_AESConfiguration(in *config.AESConfiguration, out *AESConfiguration, s conversion.Scope) error { - return autoConvert_config_AESConfiguration_To_v1_AESConfiguration(in, out, s) -} - -func autoConvert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in *EncryptionConfiguration, out *config.EncryptionConfiguration, s conversion.Scope) error { - out.Resources = *(*[]config.ResourceConfiguration)(unsafe.Pointer(&in.Resources)) - return nil -} - -// Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration is an autogenerated conversion function. -func Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in *EncryptionConfiguration, out *config.EncryptionConfiguration, s conversion.Scope) error { - return autoConvert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in, out, s) -} - -func autoConvert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in *config.EncryptionConfiguration, out *EncryptionConfiguration, s conversion.Scope) error { - out.Resources = *(*[]ResourceConfiguration)(unsafe.Pointer(&in.Resources)) - return nil -} - -// Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration is an autogenerated conversion function. -func Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in *config.EncryptionConfiguration, out *EncryptionConfiguration, s conversion.Scope) error { - return autoConvert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in, out, s) -} - -func autoConvert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in *IdentityConfiguration, out *config.IdentityConfiguration, s conversion.Scope) error { - return nil -} - -// Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration is an autogenerated conversion function. -func Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in *IdentityConfiguration, out *config.IdentityConfiguration, s conversion.Scope) error { - return autoConvert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in, out, s) -} - -func autoConvert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in *config.IdentityConfiguration, out *IdentityConfiguration, s conversion.Scope) error { - return nil -} - -// Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration is an autogenerated conversion function. -func Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in *config.IdentityConfiguration, out *IdentityConfiguration, s conversion.Scope) error { - return autoConvert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in, out, s) -} - -func autoConvert_v1_KMSConfiguration_To_config_KMSConfiguration(in *KMSConfiguration, out *config.KMSConfiguration, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Name = in.Name - out.CacheSize = (*int32)(unsafe.Pointer(in.CacheSize)) - out.Endpoint = in.Endpoint - out.Timeout = (*metav1.Duration)(unsafe.Pointer(in.Timeout)) - return nil -} - -// Convert_v1_KMSConfiguration_To_config_KMSConfiguration is an autogenerated conversion function. -func Convert_v1_KMSConfiguration_To_config_KMSConfiguration(in *KMSConfiguration, out *config.KMSConfiguration, s conversion.Scope) error { - return autoConvert_v1_KMSConfiguration_To_config_KMSConfiguration(in, out, s) -} - -func autoConvert_config_KMSConfiguration_To_v1_KMSConfiguration(in *config.KMSConfiguration, out *KMSConfiguration, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Name = in.Name - out.CacheSize = (*int32)(unsafe.Pointer(in.CacheSize)) - out.Endpoint = in.Endpoint - out.Timeout = (*metav1.Duration)(unsafe.Pointer(in.Timeout)) - return nil -} - -// Convert_config_KMSConfiguration_To_v1_KMSConfiguration is an autogenerated conversion function. -func Convert_config_KMSConfiguration_To_v1_KMSConfiguration(in *config.KMSConfiguration, out *KMSConfiguration, s conversion.Scope) error { - return autoConvert_config_KMSConfiguration_To_v1_KMSConfiguration(in, out, s) -} - -func autoConvert_v1_Key_To_config_Key(in *Key, out *config.Key, s conversion.Scope) error { - out.Name = in.Name - out.Secret = in.Secret - return nil -} - -// Convert_v1_Key_To_config_Key is an autogenerated conversion function. -func Convert_v1_Key_To_config_Key(in *Key, out *config.Key, s conversion.Scope) error { - return autoConvert_v1_Key_To_config_Key(in, out, s) -} - -func autoConvert_config_Key_To_v1_Key(in *config.Key, out *Key, s conversion.Scope) error { - out.Name = in.Name - out.Secret = in.Secret - return nil -} - -// Convert_config_Key_To_v1_Key is an autogenerated conversion function. -func Convert_config_Key_To_v1_Key(in *config.Key, out *Key, s conversion.Scope) error { - return autoConvert_config_Key_To_v1_Key(in, out, s) -} - -func autoConvert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in *ProviderConfiguration, out *config.ProviderConfiguration, s conversion.Scope) error { - out.AESGCM = (*config.AESConfiguration)(unsafe.Pointer(in.AESGCM)) - out.AESCBC = (*config.AESConfiguration)(unsafe.Pointer(in.AESCBC)) - out.Secretbox = (*config.SecretboxConfiguration)(unsafe.Pointer(in.Secretbox)) - out.Identity = (*config.IdentityConfiguration)(unsafe.Pointer(in.Identity)) - out.KMS = (*config.KMSConfiguration)(unsafe.Pointer(in.KMS)) - return nil -} - -// Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration is an autogenerated conversion function. -func Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in *ProviderConfiguration, out *config.ProviderConfiguration, s conversion.Scope) error { - return autoConvert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in, out, s) -} - -func autoConvert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in *config.ProviderConfiguration, out *ProviderConfiguration, s conversion.Scope) error { - out.AESGCM = (*AESConfiguration)(unsafe.Pointer(in.AESGCM)) - out.AESCBC = (*AESConfiguration)(unsafe.Pointer(in.AESCBC)) - out.Secretbox = (*SecretboxConfiguration)(unsafe.Pointer(in.Secretbox)) - out.Identity = (*IdentityConfiguration)(unsafe.Pointer(in.Identity)) - out.KMS = (*KMSConfiguration)(unsafe.Pointer(in.KMS)) - return nil -} - -// Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration is an autogenerated conversion function. -func Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in *config.ProviderConfiguration, out *ProviderConfiguration, s conversion.Scope) error { - return autoConvert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in, out, s) -} - -func autoConvert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in *ResourceConfiguration, out *config.ResourceConfiguration, s conversion.Scope) error { - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Providers = *(*[]config.ProviderConfiguration)(unsafe.Pointer(&in.Providers)) - return nil -} - -// Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration is an autogenerated conversion function. -func Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in *ResourceConfiguration, out *config.ResourceConfiguration, s conversion.Scope) error { - return autoConvert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in, out, s) -} - -func autoConvert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in *config.ResourceConfiguration, out *ResourceConfiguration, s conversion.Scope) error { - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Providers = *(*[]ProviderConfiguration)(unsafe.Pointer(&in.Providers)) - return nil -} - -// Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration is an autogenerated conversion function. -func Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in *config.ResourceConfiguration, out *ResourceConfiguration, s conversion.Scope) error { - return autoConvert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in, out, s) -} - -func autoConvert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in *SecretboxConfiguration, out *config.SecretboxConfiguration, s conversion.Scope) error { - out.Keys = *(*[]config.Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration is an autogenerated conversion function. -func Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in *SecretboxConfiguration, out *config.SecretboxConfiguration, s conversion.Scope) error { - return autoConvert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in, out, s) -} - -func autoConvert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in *config.SecretboxConfiguration, out *SecretboxConfiguration, s conversion.Scope) error { - out.Keys = *(*[]Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration is an autogenerated conversion function. -func Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in *config.SecretboxConfiguration, out *SecretboxConfiguration, s conversion.Scope) error { - return autoConvert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in, out, s) -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go deleted file mode 100644 index 3d2ac484b..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,228 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AESConfiguration) DeepCopyInto(out *AESConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AESConfiguration. -func (in *AESConfiguration) DeepCopy() *AESConfiguration { - if in == nil { - return nil - } - out := new(AESConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EncryptionConfiguration) DeepCopyInto(out *EncryptionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfiguration. -func (in *EncryptionConfiguration) DeepCopy() *EncryptionConfiguration { - if in == nil { - return nil - } - out := new(EncryptionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EncryptionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityConfiguration) DeepCopyInto(out *IdentityConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityConfiguration. -func (in *IdentityConfiguration) DeepCopy() *IdentityConfiguration { - if in == nil { - return nil - } - out := new(IdentityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfiguration) DeepCopyInto(out *KMSConfiguration) { - *out = *in - if in.CacheSize != nil { - in, out := &in.CacheSize, &out.CacheSize - *out = new(int32) - **out = **in - } - if in.Timeout != nil { - in, out := &in.Timeout, &out.Timeout - *out = new(metav1.Duration) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfiguration. -func (in *KMSConfiguration) DeepCopy() *KMSConfiguration { - if in == nil { - return nil - } - out := new(KMSConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Key) DeepCopyInto(out *Key) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key. -func (in *Key) DeepCopy() *Key { - if in == nil { - return nil - } - out := new(Key) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderConfiguration) DeepCopyInto(out *ProviderConfiguration) { - *out = *in - if in.AESGCM != nil { - in, out := &in.AESGCM, &out.AESGCM - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.AESCBC != nil { - in, out := &in.AESCBC, &out.AESCBC - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Secretbox != nil { - in, out := &in.Secretbox, &out.Secretbox - *out = new(SecretboxConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Identity != nil { - in, out := &in.Identity, &out.Identity - *out = new(IdentityConfiguration) - **out = **in - } - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfiguration) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfiguration. -func (in *ProviderConfiguration) DeepCopy() *ProviderConfiguration { - if in == nil { - return nil - } - out := new(ProviderConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceConfiguration) DeepCopyInto(out *ResourceConfiguration) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]ProviderConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceConfiguration. -func (in *ResourceConfiguration) DeepCopy() *ResourceConfiguration { - if in == nil { - return nil - } - out := new(ResourceConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretboxConfiguration) DeepCopyInto(out *SecretboxConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretboxConfiguration. -func (in *SecretboxConfiguration) DeepCopy() *SecretboxConfiguration { - if in == nil { - return nil - } - out := new(SecretboxConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go b/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go deleted file mode 100644 index 82fec0111..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go +++ /dev/null @@ -1,46 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&EncryptionConfiguration{}, func(obj interface{}) { SetObjectDefaults_EncryptionConfiguration(obj.(*EncryptionConfiguration)) }) - return nil -} - -func SetObjectDefaults_EncryptionConfiguration(in *EncryptionConfiguration) { - for i := range in.Resources { - a := &in.Resources[i] - for j := range a.Providers { - b := &a.Providers[j] - if b.KMS != nil { - SetDefaults_KMSConfiguration(b.KMS) - } - } - } -} diff --git a/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go b/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go deleted file mode 100644 index 13e5cffca..000000000 --- a/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go +++ /dev/null @@ -1,228 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package config - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AESConfiguration) DeepCopyInto(out *AESConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AESConfiguration. -func (in *AESConfiguration) DeepCopy() *AESConfiguration { - if in == nil { - return nil - } - out := new(AESConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EncryptionConfiguration) DeepCopyInto(out *EncryptionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfiguration. -func (in *EncryptionConfiguration) DeepCopy() *EncryptionConfiguration { - if in == nil { - return nil - } - out := new(EncryptionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EncryptionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityConfiguration) DeepCopyInto(out *IdentityConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityConfiguration. -func (in *IdentityConfiguration) DeepCopy() *IdentityConfiguration { - if in == nil { - return nil - } - out := new(IdentityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfiguration) DeepCopyInto(out *KMSConfiguration) { - *out = *in - if in.CacheSize != nil { - in, out := &in.CacheSize, &out.CacheSize - *out = new(int32) - **out = **in - } - if in.Timeout != nil { - in, out := &in.Timeout, &out.Timeout - *out = new(v1.Duration) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfiguration. -func (in *KMSConfiguration) DeepCopy() *KMSConfiguration { - if in == nil { - return nil - } - out := new(KMSConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Key) DeepCopyInto(out *Key) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key. -func (in *Key) DeepCopy() *Key { - if in == nil { - return nil - } - out := new(Key) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderConfiguration) DeepCopyInto(out *ProviderConfiguration) { - *out = *in - if in.AESGCM != nil { - in, out := &in.AESGCM, &out.AESGCM - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.AESCBC != nil { - in, out := &in.AESCBC, &out.AESCBC - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Secretbox != nil { - in, out := &in.Secretbox, &out.Secretbox - *out = new(SecretboxConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Identity != nil { - in, out := &in.Identity, &out.Identity - *out = new(IdentityConfiguration) - **out = **in - } - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfiguration) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfiguration. -func (in *ProviderConfiguration) DeepCopy() *ProviderConfiguration { - if in == nil { - return nil - } - out := new(ProviderConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceConfiguration) DeepCopyInto(out *ResourceConfiguration) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]ProviderConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceConfiguration. -func (in *ResourceConfiguration) DeepCopy() *ResourceConfiguration { - if in == nil { - return nil - } - out := new(ResourceConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretboxConfiguration) DeepCopyInto(out *SecretboxConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretboxConfiguration. -func (in *SecretboxConfiguration) DeepCopy() *SecretboxConfiguration { - if in == nil { - return nil - } - out := new(SecretboxConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/modules.txt b/vendor/modules.txt index b4a4beb4b..62f7cb223 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -97,7 +97,7 @@ github.com/fsnotify/fsnotify # github.com/gardener/etcd-druid v0.18.1 ## explicit; go 1.20 github.com/gardener/etcd-druid/api/v1alpha1 -# github.com/gardener/gardener v1.73.0 +# github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 ## explicit; go 1.20 github.com/gardener/gardener/.github github.com/gardener/gardener/.github/ISSUE_TEMPLATE @@ -867,10 +867,6 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.3 -## explicit; go 1.19 -k8s.io/apiserver/pkg/apis/config -k8s.io/apiserver/pkg/apis/config/v1 # k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0 ## explicit; go 1.19 k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1 From 6f899047889b47ce101d73c4cbf551206489b7b8 Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 09:59:31 +0530 Subject: [PATCH 2/8] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 2c0d4d746..d928b5f40 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,6 @@ This extension controller supports the following Kubernetes versions: | Kubernetes 1.24 | 1.24.0+ | [![Gardener v1.24 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.24%20Alibaba%20Cloud/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.24%20Alibaba%20Cloud) | | Kubernetes 1.23 | 1.23.0+ | [![Gardener v1.23 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.23%20Alibaba%20Cloud/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.23%20Alibaba%20Cloud) | | Kubernetes 1.22 | 1.22.0+ | [![Gardener v1.22 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.22%20Alibaba%20Cloud/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.22%20Alibaba%20Cloud) | -| Kubernetes 1.21 | 1.21.0+ | [![Gardener v1.21 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.21%20Alibaba%20Cloud/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.21%20Alibaba%20Cloud) | -| Kubernetes 1.20 | 1.20.0+ | [![Gardener v1.20 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.20%20Alibaba%20Cloud/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.20%20Alibaba%20Cloud) | Please take a look [here](https://github.com/gardener/gardener/blob/master/docs/usage/supported_k8s_versions.md) to see which versions are supported by Gardener in general. From edc0dd30411014db50503fc987f104e37e476ab8 Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 10:00:40 +0530 Subject: [PATCH 3/8] Drop v1.21 handling for PDBs --- .../charts/runtime/templates/poddisruptionbudget.yaml | 4 ---- .../templates/poddisruptionbudget.yaml | 4 ---- .../seed/templates/poddisruptionbudget.yaml | 4 ---- .../templates/poddisruptionbudget.yaml | 4 ---- .../templates/csi-plugin-controller-poddisruptionbudget.yaml | 4 ---- .../csi-snapshot-controller-poddisruptionbudget.yaml | 4 ---- .../csi-snapshot-validation-webhook-poddisruptionbudget.yaml | 4 ---- 7 files changed, 28 deletions(-) diff --git a/charts/gardener-extension-admission-alicloud/charts/runtime/templates/poddisruptionbudget.yaml b/charts/gardener-extension-admission-alicloud/charts/runtime/templates/poddisruptionbudget.yaml index 2dc2edccc..7f4c3ee2f 100644 --- a/charts/gardener-extension-admission-alicloud/charts/runtime/templates/poddisruptionbudget.yaml +++ b/charts/gardener-extension-admission-alicloud/charts/runtime/templates/poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "name" . }} diff --git a/charts/gardener-extension-provider-alicloud/templates/poddisruptionbudget.yaml b/charts/gardener-extension-provider-alicloud/templates/poddisruptionbudget.yaml index 2dc2edccc..7f4c3ee2f 100644 --- a/charts/gardener-extension-provider-alicloud/templates/poddisruptionbudget.yaml +++ b/charts/gardener-extension-provider-alicloud/templates/poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "name" . }} diff --git a/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml b/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml index 83a925c2e..5c5ad6ae9 100644 --- a/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml +++ b/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: machine-controller-manager diff --git a/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/templates/poddisruptionbudget.yaml b/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/templates/poddisruptionbudget.yaml index 84b197b74..82b24cc59 100644 --- a/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/templates/poddisruptionbudget.yaml +++ b/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/templates/poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: cloud-controller-manager diff --git a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-plugin-controller-poddisruptionbudget.yaml b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-plugin-controller-poddisruptionbudget.yaml index 285d37e59..88f195a87 100644 --- a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-plugin-controller-poddisruptionbudget.yaml +++ b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-plugin-controller-poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: csi-plugin-controller diff --git a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-controller-poddisruptionbudget.yaml b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-controller-poddisruptionbudget.yaml index 160503863..c5b2bfa59 100644 --- a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-controller-poddisruptionbudget.yaml +++ b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-controller-poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: csi-snapshot-controller diff --git a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-validation-webhook-poddisruptionbudget.yaml b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-validation-webhook-poddisruptionbudget.yaml index 1ec7abf0e..b77401e83 100644 --- a/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-validation-webhook-poddisruptionbudget.yaml +++ b/charts/internal/seed-controlplane/charts/csi-alicloud/templates/csi-snapshot-validation-webhook-poddisruptionbudget.yaml @@ -1,8 +1,4 @@ -{{- if semverCompare ">= 1.21-0" .Capabilities.KubeVersion.GitVersion }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: csi-snapshot-validation From 408e93d4d9cd1eec915b5f4ee647fcbfc431f71c Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 10:03:01 +0530 Subject: [PATCH 4/8] Adapt tests --- .../controlplane/valuesprovider_test.go | 2 +- pkg/webhook/controlplane/ensurer_test.go | 20 +++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/controller/controlplane/valuesprovider_test.go b/pkg/controller/controlplane/valuesprovider_test.go index 25f96b8d6..ad12d213c 100644 --- a/pkg/controller/controlplane/valuesprovider_test.go +++ b/pkg/controller/controlplane/valuesprovider_test.go @@ -210,7 +210,7 @@ var _ = Describe("ValuesProvider", func() { Pods: &cidr, }, Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.20.0", + Version: "1.22.0", VerticalPodAutoscaler: &gardencorev1beta1.VerticalPodAutoscaler{ Enabled: true, }, diff --git a/pkg/webhook/controlplane/ensurer_test.go b/pkg/webhook/controlplane/ensurer_test.go index 1471e17f8..264d09e6d 100644 --- a/pkg/webhook/controlplane/ensurer_test.go +++ b/pkg/webhook/controlplane/ensurer_test.go @@ -50,12 +50,12 @@ func TestController(t *testing.T) { var _ = Describe("Ensurer", func() { var ( ctrl *gomock.Controller - eContext20 = gcontext.NewInternalGardenContext( + eContext22 = gcontext.NewInternalGardenContext( &extensionscontroller.Cluster{ Shoot: &gardencorev1beta1.Shoot{ Spec: gardencorev1beta1.ShootSpec{ Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.20.0", + Version: "1.22.0", }, }, }, @@ -97,7 +97,7 @@ var _ = Describe("Ensurer", func() { // Call EnsureKubeAPIServerDeployment method and check the result dep := apidep() - err := ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContext20, dep, nil) + err := ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContext22, dep, nil) Expect(err).To(Not(HaveOccurred())) checkKubeAPIServerDeployment(dep, []string{}) @@ -133,7 +133,7 @@ var _ = Describe("Ensurer", func() { // Call EnsureKubeAPIServerDeployment method and check the result dep := apidep() - err := ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContext20, dep, nil) + err := ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContext22, dep, nil) Expect(err).To(Not(HaveOccurred())) checkKubeAPIServerDeployment(dep, []string{}) }) @@ -162,7 +162,7 @@ var _ = Describe("Ensurer", func() { ensurer := NewEnsurer(logger, false) // Call EnsureKubeControllerManagerDeployment method and check the result - err := ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContext20, dep, nil) + err := ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContext22, dep, nil) Expect(err).To(Not(HaveOccurred())) checkKubeControllerManagerDeployment(dep) }) @@ -192,7 +192,7 @@ var _ = Describe("Ensurer", func() { ensurer := NewEnsurer(logger, false) // Call EnsureKubeControllerManagerDeployment method and check the result - err := ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContext20, dep, nil) + err := ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContext22, dep, nil) Expect(err).To(Not(HaveOccurred())) checkKubeControllerManagerDeployment(dep) }) @@ -253,8 +253,8 @@ var _ = Describe("Ensurer", func() { Expect(opts).To(Equal(newUnitOptions)) }, - Entry("kubelet version < 1.23", eContext20, semver.MustParse("1.20.0"), "external", false), - Entry("kubelet version >= 1.23", eContext20, semver.MustParse("1.23.0"), "external", true), + Entry("kubelet version < 1.23", eContext22, semver.MustParse("1.22.0"), "external", false), + Entry("kubelet version >= 1.23", eContext22, semver.MustParse("1.23.0"), "external", true), ) }) @@ -302,8 +302,8 @@ var _ = Describe("Ensurer", func() { Expect(&kubeletConfig).To(Equal(newKubeletConfig)) }, - Entry("kubelet < 1.23", eContext20, semver.MustParse("1.20.0"), "", false), - Entry("kubelet >= 1.23", eContext20, semver.MustParse("1.23.0"), "", true), + Entry("kubelet < 1.23", eContext22, semver.MustParse("1.22.0"), "", false), + Entry("kubelet >= 1.23", eContext22, semver.MustParse("1.23.0"), "", true), ) }) From 04ec143fd2ccfc846fa27af94ba9c2ca56654eb4 Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 10:03:38 +0530 Subject: [PATCH 5/8] Drop `CustomResourceValidation ` usages --- .../charts/alicloud-cloud-controller-manager/values.yaml | 1 - docs/usage-as-end-user.md | 2 +- example/30-controlplane.yaml | 2 +- pkg/apis/alicloud/validation/controlplane_test.go | 9 ++------- pkg/controller/controlplane/valuesprovider_test.go | 4 ++-- 5 files changed, 6 insertions(+), 12 deletions(-) diff --git a/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/values.yaml b/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/values.yaml index a9c9b062f..489e55218 100644 --- a/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/values.yaml +++ b/charts/internal/seed-controlplane/charts/alicloud-cloud-controller-manager/values.yaml @@ -4,7 +4,6 @@ podNetwork: 192.168.0.0/16 podAnnotations: {} podLabels: {} featureGates: {} - # CustomResourceValidation: true # RotateKubeletServerCertificate: false images: alicloud-controller-manager: image-repository diff --git a/docs/usage-as-end-user.md b/docs/usage-as-end-user.md index 2eaf8ca10..4875eecab 100644 --- a/docs/usage-as-end-user.md +++ b/docs/usage-as-end-user.md @@ -161,7 +161,7 @@ csi: enableADController: true cloudControllerManager: featureGates: - CustomResourceValidation: true + RotateKubeletServerCertificate: true ``` The `csi.enableADController` is used as the value of environment [DISK_AD_CONTROLLER](https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/cd0788a0a440926d504d8f8fb7f6e738fe96f3ae/pkg/disk/nodeserver.go#L80), which is used for AliCloud csi-disk-plugin. This field is optional. When a new shoot is creatd, this field is automatically set true. For an existing shoot created in previous versions, it remains unchanged. If there are persistent volumes created before year 2021, please be cautious to set this field _true_ because they may fail to mount to nodes. diff --git a/example/30-controlplane.yaml b/example/30-controlplane.yaml index 14658e502..8fe31d73f 100644 --- a/example/30-controlplane.yaml +++ b/example/30-controlplane.yaml @@ -59,7 +59,7 @@ spec: kind: ControlPlaneConfig cloudControllerManager: featureGates: - CustomResourceValidation: true + RotateKubeletServerCertificate: true infrastructureProviderStatus: apiVersion: alicloud.provider.extensions.gardener.cloud/v1alpha1 kind: InfrastructureStatus diff --git a/pkg/apis/alicloud/validation/controlplane_test.go b/pkg/apis/alicloud/validation/controlplane_test.go index 5010b4e8c..f7b85f674 100644 --- a/pkg/apis/alicloud/validation/controlplane_test.go +++ b/pkg/apis/alicloud/validation/controlplane_test.go @@ -42,19 +42,14 @@ var _ = Describe("ControlPlaneConfig validation", func() { It("should fail with invalid CCM feature gates", func() { controlPlane.CloudControllerManager = &apisalicloud.CloudControllerManagerConfig{ FeatureGates: map[string]bool{ - "AnyVolumeDataSource": true, - "CustomResourceValidation": true, - "Foo": true, + "AnyVolumeDataSource": true, + "Foo": true, }, } errorList := ValidateControlPlaneConfig(controlPlane, "1.24.8", fldPath) Expect(errorList).To(ConsistOf( - PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeForbidden), - "Field": Equal("cloudControllerManager.featureGates.CustomResourceValidation"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeInvalid), "Field": Equal("cloudControllerManager.featureGates.Foo"), diff --git a/pkg/controller/controlplane/valuesprovider_test.go b/pkg/controller/controlplane/valuesprovider_test.go index ad12d213c..4fea41a83 100644 --- a/pkg/controller/controlplane/valuesprovider_test.go +++ b/pkg/controller/controlplane/valuesprovider_test.go @@ -78,7 +78,7 @@ var _ = Describe("ValuesProvider", func() { Raw: encode(&apisalicloud.ControlPlaneConfig{ CloudControllerManager: &apisalicloud.CloudControllerManagerConfig{ FeatureGates: map[string]bool{ - "CustomResourceValidation": true, + "RotateKubeletServerCertificate": true, }, }, CSI: &apisalicloud.CSI{ @@ -137,7 +137,7 @@ var _ = Describe("ValuesProvider", func() { }, "cloudConfig": "{\"Global\":{\"KubernetesClusterTag\":\"test\",\"clusterID\":\"test\",\"uid\":\"\",\"vpcid\":\"vpc-1234\",\"region\":\"eu-central-1\",\"zoneid\":\"eu-central-1a\",\"vswitchid\":\"vswitch-acbd1234\",\"accessKeyID\":\"Zm9v\",\"accessKeySecret\":\"YmFy\"}}", "featureGates": map[string]bool{ - "CustomResourceValidation": true, + "RotateKubeletServerCertificate": true, }, }, "csi-alicloud": map[string]interface{}{ From 19370cc006f03fe4e5bd4d53f64fbadab9a63f4a Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Fri, 23 Jun 2023 10:06:08 +0530 Subject: [PATCH 6/8] Run `make generate` --- example/controller-registration.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index dc4654877..dc054e334 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,7 +5,7 @@ metadata: name: provider-alicloud type: helm providerConfig: - chart: H4sIAAAAAAAAA+09a3PbtrL9rF+BYU6nbSaknnZ6dCd3jmM7iaeJ7Wu5ye09cyYDUbDEmiIZgrSjpv3vdxcAQfChB53USVpiMrEEYBcLYLHYXSygOY1nLGCxzd4nLOBeGNhRHN54M8iivuf6YTrrfvNxqQfp8d6e+Aup/Fd87g9H/cHeYH8f8/v7jx/vf0P2PrLdnVLKExoT8k0chsmmetvKv9I032X+Dxc0TpwVXfp3agMneH80Wjv/g9GgOP+D3uNB/xvS+8R9rU1/8/mnkfeaxTjvY3LT79Ao0l+tvtOzOjPG3diLEpF1QF4wf0lc5AdyFcYkWTDyXLEQOVD8Qs4VBxHNVJ2ALtmY7MJtnZuMgJ4DFHQ+9wj9tdNO638Wus48vHMbW9b/YLDXL69/EADt+r+P1O2SwzBaxd58kZDv3R/IoNf/J5kcnJPJMYEFTgPxhV5deb5HE0bccBnRYOXAaveJAOMkZpzFN2zmkMuFxwlUZQT+AvsAS7EZSQMUBigrDiLqwp9JeJXc0piRl7LKI3LjkAGIC5dFCaGcBGECcCGAxLceB2yBAH95cnh8CoRhC51uF/5lGGoa0biVRCMDp0e+xwqWKrJ++C9EsQpTsqQrbJSk0FiiO6EIgtax2zAAgcvIrZcsJDUSi4M4flE4wmlCoToFgAi+XZkVCU0U0SItkiQad7u3t7cOFRQ7YTzvqkHjXdVXG6hWUD8HPuM42u9SL4YeT1cE5DUA0CnQ6tNbMWHzmEFZEiLVt7GXeMH8EeFqwBHNzONJ7E3TpDBoGY3QdbMCDBuwgHUwIScTizw9mJxMHiGSNyeXL85+viRvDi4uDk4vT44n5OyCHJ6dHp1cnpydwrdn5OD0F/LTyenRI8I8nEkYzijGHgCZHg4ncAzimjBWICHbWHjEXO/Kc6FrwTylc0bmIWwOAfSIRCxeehynlQOBM0Tje0svoYnIqvTL6UCVeTieo7BDPuYLYrvEcpwu/LthwSyMu3MgM506MNfdTC7mHxbUve5m4LYbBkkc+j6IyZjNccBEyw6grchP4pB/fO/ShMjGXh9fTGCIflBf2XsKY8G66zCi2kWeQuNp9DR1r1ky1nhl7jHArcxMLjZrnXEoEZ/DKLI89+h0csHcMJ7pLHsGA3cSXMWAIE7dJI2N6m/C+JrF+ruFw0nOoX2cFqkPsAD5kJPCKKdRFCpdQWXi7OHEQNsxcxOS95sU+t2JTOytGvDnpJ32/4QBh8J08rtZgo3tP9D/H49a++8+UsP5f7tgPohe7iTR7rbgFv2vPxiW53847Lf6372kDx9sMmNXXgBaEdpoFrH/+KOzk52GoLBvCoCOicenU+ZzUGoi55qtJEbxJZ3C7s2Ajxwv7GJrBRxrUNxQP1VkffgASo3rpzNNrEMU4AZCqrBlAhHLmKypodoXLVV74QXAP6AVCnDngvmMgrJxCsTVUqZJ85awtUnKCMES74osKD+Pofw9sfiCDvb2x9Dsa2wemsL6TkLnRENEsRckV8T6lv/rW16uGbMo5F4SxqtNKKCPrA7h+M4IobNGv8sTMmORH66WLEiUka+Zg3dv+uZwfe518XdJDeU/LA+esBiMI/if2344n4M+t8U1uEX+Dx8PhyX5vz/cH7Xy/z6S6f+7glUdJFMvceQnlG83fepHIIw6114wG5NDOf/PxPx3liyhM5rQMax+KTHxEzEQaespWUUgIy0Otqm1po6jmK1YUzoOpYFimEhLGoDwyXnUXlejg1YkkqV4Fj+CqKMxB3OmIy1x2ARORTPAzypLVSAo7W0YJOHgiG2Zreoot8cRjgABk4lB/pIm7kKCqU3i4TrKHm6l/WHHtu3OVzJFS+ouQMhvnKT1dT7/NK2n7eEO9P9VpmpDUVUD/JLnrElHvqrJc7lnR34K+67Zt1yWcO/zz0stjQ9NGr+6IecBjfgiTL7Akc5IKw3wTvt/U/0vDK68+ZJGtlD+b5gLFoGNXll0NbN6RXDb+e9ov6T/DXv9vb1W/7uPpEzPgkn3WszqWTap0vAtHBOr5SiY4RWNCktRLpl6U72eaxQQj2idHS2ypYWZrfKqpY7of4dM4OWEjLB2Ro5okb8tsuiY/I5INva6iM6waD/3lH3SdNf13yQaZJv9N+yNyv6//cGwXf/3kT7VwtaM8acuZtmKXsK4T6IagX/NjmSM62Ss7Gju5o7CUdr3labRF7j0KCjNRY5HKg+mOiWRqfC5vgfkQs0A5AieNotOAsml/EwtoC4eLWMbUHwJWgcXo6UPd60t+J0qAjy7zeCtbfTVwSuSxThnuQ2pMiCbkWMCajreRU1HBSCatYsAur1pGvOkYYsCplmbEqS4q9RzlbJiTnCDOrsFdp0wN2ZJRvGa4gt2lbGZXrS7IXYC5bnOobetZKMPCIJaqwcA2YhS9xpKX4Z09pT66CmPJ6gz15CkIJ01IOsHKQmfssmCwtCL7pwc6Rmtlki6EE9MgznbHZUtKAa59C4NEz1E9T7vNRKCe1oocC8bIHlqfnCUS5u6sQEAp1qzZvhZ4s4y1Bz0GehE9hVlEeX8dA1HIKSjQBxdM+cFAMcwFS9ZbYdWFdePhag+FeELshJM1S8Y6LChnt4S9v/KCtk9p4b6X36A00AB3Kz/9Ue94X5J/xv1Rq3//15SQW1Sx3BS/TnSU72zFrij7icOQk2jcx6EMbtgPExjN1NDaBCEKppLCrA4Ky+rbhJ8TCz0klhFgdhEycRGFt58YdMb6kElzwcRphRbZ23r0mEkPTjaHRSzGw/H9IWHInH1EiPTxqQnSkTAHi/IUJV5GKaB2to5jBuao2O1zSfu4uVuXdlXCDCMis1Xauxgu/CC+c8RzKLeD5b0/c+B6qtf3BKKRfkeAPmTNJ5XKotMWS2TFYpyg3OE1lue1WwT3cEHobehBXOvebo0nFHa8VXrXyiw6/filJv8w7lUhDpPgUHPabIg1k7uLesHMdzyhB7IMEkrbcZrqN1oQt2B2J3IMgYYJiX2XK4UiokbgxAI5iYAbAFQacFSHakBy6smwMFaA8ERZ74ks0oPMBCApn5CFAk4WFGIXRQhtnkAJCwEb8nWYMeIQkVPsUfnGGpoUlWZD9NPjClgyW0YX+MZdnldhxkVuYcWLUs/vGWz3eBnwOTNIKJ0CpxsqzqNoWPvBmNTdwJfL9BCWE6+zRew4XG75KJO3MgejYY55i3S6EdtFijJKGfTC2E5rQ5zdVSrIXzFQYLY/+z1MiVWWgUHrovS8XTz7iMWHLARBdMm1tNsb9u0ZBJLvlhLRelUq52nvn8ewlwVlWEZERPpwoIgCJdLGsxy3rNJd6c4q7y+bcPqwzKxO2DtbBZtP3SvnxiUyIrHqp6e7ZdQzSQKcUr1eipii20Q5iiI3DSOYf4AP37xfMafFHV+tVK5Y0I7OeRkFbi8viWG8cp3bUgAb29HhEDfpQ2eOSM24ZeS18YrAk+6YKJ06zlLSeiu4bUqo8GWIwzMbk6rCb2NYJBEsQj2bt6MBt29Dc3C0vFhv4t2wJ4BHQqY/zmf7I5fuFOatvA088Hs1sYt9RIbd4MwbdzUG4C9lKDlBr1CuH3z2SnCb5siqSnbYcSkK9PO1bG1DQiQswziQAOUcS8Y9ZOF0Haad8MA3tYHqBonU0YTW5saT9ZZGmQNJCBntzD2CewtFLY6pG+2iTgJ5wi4EwU2kVCVZm7FTYnmYyDhtnX/lk1hY77ORND2MdgErfZWGxUqkyxV7bDgl1PK1TZ8eI69FR2L67DNPI4KqREyUBgsVZy7vzjoGb+C9kisR9Y6XKrtOkRvVNEaLPVKcx3dqsiegtJj09kM7zg9Ga9VTzdZC/lKWo9NltcRotUJFV1rdlpreapsQ1d1VfnBh439CtgfBMxzdAI5r6TvOJ+IVzKwJvcY1BPmC/0Cq3J76S5rqfskTdYMLAtuTM1LKoQvjw+Oji/eHr88PsRLa29PD14dT84PDo91TUJE+PczsD/GRiYGfDB/ZvjZC/looI217evoRXpXizej9+TVwfPj10Ds2cXbs9fHF28uTi4rtI5JV9yYMs68u7WH4JuGy/duYDo4P4/DKTP7iJcWn7Ok2O1I9LcrGfO3YpGw1bZyLyYO8h97+eLy8two8AIv8ah/xHy6UjJ3TPo9XSMGTddrTCtCre6F1L2O2QCvcmEmRJUPKUenLZnzMmW7SFRhNSehG/pjcnl4XnbEx0V3WzaWKnNc45LPIX4ngbLv+r2aMwhMN6GfLtkrtNlquiz3C4PUJVaUy2a7Qv2xy2hdEEodMZWlZNRDHjoL/JWOz8qpKowGXp4O8NzE4ITZQZB4B5UCok8Rj9IYzPQJMNosRd/diVDEVPbxe+am5mmy7J4wwCcF16HRK3QiHssbuEX/WwZ+zVZrb8HoezIlKEKkNgntkZOgUigkUqUpdZq27baNCZCEUeiH89VPSKNVvIOzCHkimERBSN6rmP8l5nGzIAeTup1jHLKkHFqvwhnAjQaZWGrEmbvxZXN6t/H5Btrbk7W/SWp4/geCC7TnOBXvwUzT2ZztcBC4Lf5zv1e+/7P3uI3/vJ+kBBVnyxuMc1pG+CqH9d9PSN8Z9O0eSJJDGsmzMA8E2U8geNV5ofPcS17ntoR5kBgJ56e+0acuGdbWmIKS3DcVCHn4eB7OjjSfPRV89qlPIZsdDmb+6/KhWf/jD+s+6/w3XP/xlLqNHwLbsv5H/f5eaf2DAOi16/8+UvkWhphgmiaLMPZ+kw9xXP/I5V2M4i2Mi9BnTdZkk9UWpz7qbzZGdT6PwzRSNyuMMM7iqVWnYLtgVfNcgldzujDtSWoW4MkCiLhqTrGqOCAofjErqAuy6ovhoq/JMeG077j81axU9PbW5pnVpUex8DkvBnE/VUOFwlWYDx6XH25RhHXkVZbsUypiB6pTsu4csToj0vUz07lFIqyHVhW5G8IQeIHJh1W8QraXsLlgmwldV/aK5N0iH9tKli82E3Xhpywxy+d0cpirola7lkn9jKwbdMsSfzBgR3FiNk1r168EmKlHkwov7ZgVIs9YY0aBcXK8boT0pstLX7tg5cLI/JbxItgkgVqTXESd6rUhzStVS4UGqAWhHX2V713uUp8pdMJVzc0vVJ4cF5YnLEFWyUCHK/RP5uc1KkW/hlP5AZTh/ENXXu8CNk8T8ciR8tG4Zuy4ahOaDJfZ6Im3Eby8VI200JC8nVaJiuV1OI1k2Hvd7CDkdlTAOSEO56Z5BhyJB3Wg11l1ObPbkEulr4qwxqhYv5ybCCvJKD7DJfRR+9xTOf9/2nYHTShfcjZkGyjs6AsKxka8hR6eTn8FUST2VAk8KcRVfBqV+nMrM21qnBrq/1JeN7QAttn/e3tl/X/Y32vff7qX1PjaSe2FMVlcLx4bXzzZRdJkreAlJs5/YquToyaNGWAq2jjLkBXuhCsfIxkTfBbRdyn7wi8qNF7/8o5OIwGw7f7n/uOy/284HLbvf99LWrOcxSx/eo9bJfx7l4DUqzhcYlSNP7MxyFUcopLv/v3Bys43rbF1eXhuPbKwzBrvdk76x3++a0aBCIplbGbL4GYb2AYVVVtFwhYIK9NRDAB5VKb8TrRkx8ab6LivAdKzb2e+UEWB4QyFdkvndoUACaBRIrVggCqApfZQYQYAEaNsNaIUbA1bqOGa0jyGCgUe3szILeBO3Vle3W2V3a+nlE7YahrQ8MhtDjqe4VOCJiV3smPQA3zM+SJMMVfF8ZfR1br0Hzdx6SOyTOAXZy4jw16Ks0ML7UCja/pVwa3wFPthL9DMr6IpjpDx9QG5PDs6G8vXxsVsoiskDmGHFu9XsyhmLsXnqykABSHxw2DOYmAQsLZn2WPiV6mImSQXbBneiBeol/j0OA/xzWuu3TU6SPtfN33n8R6+0kimjAUw40LGzZxma1dawXaVEUVQfZ2IuRP+TyaWml6h+sTcnLmBbI4vo0tWWT8CoKtx1F3WLbfsGEdqaMqAPsEYnvwQZ7cLVjqYx64GDm2NnyxG5oj4BjHVjQJ9Psn+fzf9T/nUdlQDt9l/w17Z/huhStjqf/eQNul/mW/osx684p4gArKKRF2G1wwfDaOw13yJdtXXkpquf3nDXzwPsLMRuGX994f75d9/Gg332vvf95LUbs3erdmwM2YA5Sz76YeyFyh79aHsP5/IfHHLbyfX0KYXKJppIbtfHpfHAzawvRfcQBdntjw7KFwn3zRAMthQ/+KV9cxn71+LPDFQYvxwnOTt0ewHlTx+3ZGQ6mhBBuFtGZMKhGiBxjBK2euDUrERrbzlHE9hWeDGqwiU4eINeaWjF+hDsuSzjeLBESB3SqdUnim54fLPoRhbKrHQFZfdAJk0qu1THnlriR3AWt/PyuMsn3vFfVmpofy/iWjz3wHcJv/7Ff/fYLTXxv/cSypZazi/ygArSXmrejQMot5Ssv61OhM+D2cH+kx499fjoNkdlcfMgKuhO5Px5tXrYp7cC4xrFfKIPQ8U10Xynvl3D7/rZMHSSy84kCa1GX+9ZMswXq15MaxKlJNjcSRo/cNhO0H+UfrRhcyI1LeS6t52wfzK+y7bIsmhgtwVzWGUOZVdAEk3Kzt5vVYQf3lpJ/kvb3Hc+Qdgt8V/Dh+Xf/+x39/fb+X/fST56IWQlNnvu4DelTpzN0YJr9kDmAIDSPKfw8ud5N26JysSOh8ToTOgeImM5zJOrk7D5ByftwbJ0zGfPsJo6mp8df7m0F7vWwTIYofIhz86IG3GnewRvZm+iFUn9qsCPBPe+6NX3lYRZx0I53TH8JmOyY+9H3ud/JqgyOh3OsYFZkRkBp7qLci85C0vCRoPXGysxfOLX7U1zBjTDdV0iOmGOoRUnmUYk0FdyVP5cma/psh4/gCA0ZttXPff0LgOjhwTZcNVb9+PybCHpcUo2A1IZRzshgprHzzInE2d6j30Mfn3fzqlW+Uir3RWpFE8IHU3wvBJ2wcke7J6LD5nd8MimnJ5M17oJ6KMEIn3wli6xk9Y5kcu5sepH067S4p+7+409fxZV6DuHoXAnrH4YVWJ2xQImTQIw7nP3uYv7EhYmy5n+yMFJha+NcSfjpYZ+uec+06/77z/unvVr/RKHqz1B7LAcZxOp+C0H3f0IZgUEaPRUGVlF3v7vcFer9MpPtkzNsQYvtozziKQOw8ekOwERfyuppJIjwhz5g7h2XNe0xURZ0n521mZ7ELUgEQKTf0UVwaoxWn2MJiSqh1X96f+TeO6F43V79Nipe6vPAy0Aq5fF66tId797as3oNSjvP0hfs3fNy29bupWH5OSLh77ivIkq6RfMB3sPfdUZo1XA0XWszB+5kHL0CEO5YI518QAyaVa+nEVsYrt8FbzdSFW6f9evE6m/3v9pFSUhR+Zxfg7Ew/kUVj1qVgxNQ/qX7p9IO4HCDK8Wb/4dYBfkVtLL/aufa+X+1OH9x2+pL7f0T8QOO6YSwHdMPoBB/VjHMYrDmLHJoIrx4V9IveMdfIJOdeFOABixo03xLIVkBtjdYeJpqmmdYT2zKBNbWpTm9rUpja1qU1talOb2tSmNrWpTW1qU5va1KY2talNbWrTXzL9P5zLLlgAoAAA + chart: H4sIAAAAAAAAA+09a3PbtrL9rF+BYU6nbSaknnZ6dCd3jmM7iaeJ7Wu5ye09cyYDUbDEmiIZgrSjpv3vdxcAQfChB53USVpiMrEEYBcLYLHYXSygOY1nLGCxzd4nLOBeGNhRHN54M8iivuf6YTrrfvNxqQfp8d6e+Aup/Fd87g9H/cHeYH8f8/v7jx/vf0P2PrLdnVLKExoT8k0chsmmetvKv9I032X+Dxc0TpwVXfp3agMneH80Wjv/g9GgOP+D3uNB/xvS+8R9rU1/8/mnkfeaxTjvY3LT79Ao0l+tvtOzOjPG3diLEpF1QF4wf0lc5AdyFcYkWTDyXLEQOVD8Qs4VBxHNVJ2ALtmY7MJtnZuMgJ4DFHQ+9wj9tdNO638Wus48vHMbW9b/YLDXL69/EADt+r+P1O2SwzBaxd58kZDv3R/IoNf/J5kcnJPJMYEFTgPxhV5deb5HE0bccBnRYOXAaveJAOMkZpzFN2zmkMuFxwlUZQT+AvsAS7EZSQMUBigrDiLqwp9JeJXc0piRl7LKI3LjkAGIC5dFCaGcBGECcCGAxLceB2yBAH95cnh8CoRhC51uF/5lGGoa0biVRCMDp0e+xwqWKrJ++C9EsQpTsqQrbJSk0FiiO6EIgtax2zAAgcvIrZcsJDUSi4M4flE4wmlCoToFgAi+XZkVCU0U0SItkiQad7u3t7cOFRQ7YTzvqkHjXdVXG6hWUD8HPuM42u9SL4YeT1cE5DUA0CnQ6tNbMWHzmEFZEiLVt7GXeMH8EeFqwBHNzONJ7E3TpDBoGY3QdbMCDBuwgHUwIScTizw9mJxMHiGSNyeXL85+viRvDi4uDk4vT44n5OyCHJ6dHp1cnpydwrdn5OD0F/LTyenRI8I8nEkYzijGHgCZHg4ncAzimjBWICHbWHjEXO/Kc6FrwTylc0bmIWwOAfSIRCxeehynlQOBM0Tje0svoYnIqvTL6UCVeTieo7BDPuYLYrvEcpwu/LthwSyMu3MgM506MNfdTC7mHxbUve5m4LYbBkkc+j6IyZjNccBEyw6grchP4pB/fO/ShMjGXh9fTGCIflBf2XsKY8G66zCi2kWeQuNp9DR1r1ky1nhl7jHArcxMLjZrnXEoEZ/DKLI89+h0csHcMJ7pLHsGA3cSXMWAIE7dJI2N6m/C+JrF+ruFw0nOoX2cFqkPsAD5kJPCKKdRFCpdQWXi7OHEQNsxcxOS95sU+t2JTOytGvDnpJ32/4QBh8J08rtZgo3tP9D/H49a++8+UsP5f7tgPohe7iTR7rbgFv2vPxiW53847Lf6372kDx9sMmNXXgBaEdpoFrH/+KOzk52GoLBvCoCOicenU+ZzUGoi55qtJEbxJZ3C7s2Ajxwv7GJrBRxrUNxQP1VkffgASo3rpzNNrEMU4AZCqrBlAhHLmKypodoXLVV74QXAP6AVCnDngvmMgrJxCsTVUqZJ85awtUnKCMES74osKD+Pofw9sfiCDvb2x9Dsa2wemsL6TkLnRENEsRckV8T6lv/rW16uGbMo5F4SxqtNKKCPrA7h+M4IobNGv8sTMmORH66WLEiUka+Zg3dv+uZwfe518XdJDeU/LA+esBiMI/if2344n4M+t8U1uEX+Dx8PhyX5vz/cH7Xy/z6S6f+7glUdJFMvceQnlG83fepHIIw6114wG5NDOf/PxPx3liyhM5rQMax+KTHxEzEQaespWUUgIy0Otqm1po6jmK1YUzoOpYFimEhLGoDwyXnUXlejg1YkkqV4Fj+CqKMxB3OmIy1x2ARORTPAzypLVSAo7W0YJOHgiG2Zreoot8cRjgABk4lB/pIm7kKCqU3i4TrKHm6l/WHHtu3OVzJFS+ouQMhvnKT1dT7/NK2n7eEO9P9VpmpDUVUD/JLnrElHvqrJc7lnR34K+67Zt1yWcO/zz0stjQ9NGr+6IecBjfgiTL7Akc5IKw3wTvt/U/0vDK68+ZJGtlD+b5gLFoGNXll0NbN6RXDb+e9ov6T/DXv9vb1W/7uPpEzPgkn3WszqWTap0vAtHBOr5SiY4RWNCktRLpl6U72eaxQQj2idHS2ypYWZrfKqpY7of4dM4OWEjLB2Ro5okb8tsuiY/I5INva6iM6waD/3lH3SdNf13yQaZJv9N+yNyv6//cGwXf/3kT7VwtaM8acuZtmKXsK4T6IagX/NjmSM62Ss7Gju5o7CUdr3labRF7j0KCjNRY5HKg+mOiWRqfC5vgfkQs0A5AieNotOAsml/EwtoC4eLWMbUHwJWgcXo6UPd60t+J0qAjy7zeCtbfTVwSuSxThnuQ2pMiCbkWMCajreRU1HBSCatYsAur1pGvOkYYsCplmbEqS4q9RzlbJiTnCDOrsFdp0wN2ZJRvGa4gt2lbGZXrS7IXYC5bnOobetZKMPCIJaqwcA2YhS9xpKX4Z09pT66CmPJ6gz15CkIJ01IOsHKQmfssmCwtCL7pwc6Rmtlki6EE9MgznbHZUtKAa59C4NEz1E9T7vNRKCe1oocC8bIHlqfnCUS5u6sQEAp1qzZvhZ4s4y1Bz0GehE9hVlEeX8dA1HIKSjQBxdM+cFAMcwFS9ZbYdWFdePhag+FeELshJM1S8Y6LChnt4S9v/KCtk9p4b6X36A00AB3Kz/9Ue94X5J/xv1Rq3//15SQW1Sx3BS/TnSU72zFrij7icOQk2jcx6EMbtgPExjN1NDaBCEKppLCrA4Ky+rbhJ8TCz0klhFgdhEycRGFt58YdMb6kElzwcRphRbZ23r0mEkPTjaHRSzGw/H9IWHInH1EiPTxqQnSkTAHi/IUJV5GKaB2to5jBuao2O1zSfu4uVuXdlXCDCMis1Xauxgu/CC+c8RzKLeD5b0/c+B6qtf3BKKRfkeAPmTNJ5XKotMWS2TFYpyg3OE1lue1WwT3cEHobehBXOvebo0nFHa8VXrXyiw6/filJv8w7lUhDpPgUHPabIg1k7uLesHMdzyhB7IMEkrbcZrqN1oQt2B2J3IMgYYJiX2XK4UiokbgxAI5iYAbAFQacFSHakBy6smwMFaA8ERZ74ks0oPMBCApn5CFAk4WFGIXRQhtnkAJCwEb8nWYMeIQkVPsUfnGGpoUlWZD9NPjClgyW0YX+MZdnldhxkVuYcWLUs/vGWz3eBnwOTNIKJ0CpxsqzqNoWPvBmNTdwJfL9BCWE6+zRew4XG75KJO3MgejYY55i3S6EdtFijJKGfTC2E5rQ5zdVSrIXzFQYLY/+z1MiVWWgUHrovS8XTz7iMWHLARBdMm1tNsb9u0ZBJLvlhLRelUq52nvn8ewlwVlWEZERPpwoIgCJdLGsxy3rNJd6c4q7y+bcPqwzKxO2DtbBZtP3SvnxiUyIrHqp6e7ZdQzSQKcUr1eipii20Q5iiI3DSOYf4AP37xfMafFHV+tVK5Y0I7OeRkFbi8viWG8cp3bUgAb29HhEDfpQ2eOSM24ZeS18YrAk+6YKJ06zlLSeiu4bUqo8GWIwzMbk6rCb2NYJBEsQj2bt6MBt29Dc3C0vFhv4t2wJ4BHQqY/zmf7I5fuFOatvA088Hs1sYt9RIbd4MwbdzUG4C9lKDlBr1CuH3z2SnCb5siqSnbYcSkK9PO1bG1DQiQswziQAOUcS8Y9ZOF0Haad8MA3tYHqBonU0YTW5saT9ZZGmQNJCBntzD2CewtFLY6pG+2iTgJ5wi4EwU2kVCVZm7FTYnmYyDhtnX/lk1hY77ORND2MdgErfZWGxUqkyxV7bDgl1PK1TZ8eI69FR2L67DNPI4KqREyUBgsVZy7vzjoGb+C9kisR9Y6XKrtOkRvVNEaLPVKcx3dqsiegtJj09kM7zg9Ga9VTzdZC/lKWo9NltcRotUJFV1rdlpreapsQ1d1VfnBh439CtgfBMxzdAI5r6TvOJ+IVzKwJvcY1BPmC/0Cq3J76S5rqfskTdYMLAtuTM1LKoQvjw+Oji/eHr88PsRLa29PD14dT84PDo91TUJE+PczsD/GRiYGfDB/ZvjZC/looI217evoRXpXizej9+TVwfPj10Ds2cXbs9fHF28uTi4rtI5JV9yYMs68u7WH4JuGy/duYDo4P4/DKTP7iJcWn7Ok2O1I9LcrGfO3YpGw1bZyLyYO8h97+eLy8two8AIv8ah/xHy6UjJ3TPo9XSMGTddrTCtCre6F1L2O2QCvcmEmRJUPKUenLZnzMmW7SFRhNSehG/pjcnl4XnbEx0V3WzaWKnNc45LPIX4ngbLv+r2aMwhMN6GfLtkrtNlquiz3C4PUJVaUy2a7Qv2xy2hdEEodMZWlZNRDHjoL/JWOz8qpKowGXp4O8NzE4ITZQZB4B5UCok8Rj9IYzPQJMNosRd/diVDEVPbxe+am5mmy7J4wwCcF16HRK3QiHssbuEX/WwZ+zVZrb8HoezIlKEKkNgntkZOgUigkUqUpdZq27baNCZCEUeiH89VPSKNVvIOzCHkimERBSN6rmP8l5nGzIAeTup1jHLKkHFqvwhnAjQaZWGrEmbvxZXN6t/H5Btrbk7W/SWp4/geCC7TnOBXvwUzT2ZztcBC4Nf6zX77/ufd4r33/516Sef4XCZ9lfgJ4Hs6O9GQ/FZP9qY8Cm53QZU7k8slV/+NPzD73PHyu1HD9x1PqNn4IbMv6H/X7e6X1DwKg167/+0jlWxhigmmaLMLY+00+xHH9I5d3MYq3MC5CnzURB00Wepz6qL/ZGNX5PA7TSN2sMMI4i6dWnYLtglXNcwlezenCtCepWYAnCx6rySlWFQcExS9mBXVBVn0xXPQ1OSac9h2Xv5qVit7e2jyzuvQoFj7nxaAPTtVQoVwX5oPH5YdblJ4deZUl+5SK2IHqlKw7R6zOiHT9zHRukQjroVVF7oYwBF5g8mEVr9hWSthcsM2Erit7RfJukY9tJcsX+5i68FOWmOVzOjnMVVGrXcukfkbWDbpliT8YsKM4MZumtetXAszUo0mFl3bMCpFnrDGjwDg5XjdCer/npa9dsHJhZH7LeBFskkCtSS6iTvXakOaVqqVCA9SC0I6+yvcud6nPFDrhqubmFypPjgvLE5Ygq2SgwxX6J/PzGpWiX8Op/ADKcP6hK693AZuniXjkSPloXDN2XLUJTYbLbPTE2wheXqpGWihj3k6rRMXyOpxGMuy9bnYQcjsq4JwQh3PTPAOOxIM60OusupzZbcilfllFWGNUrF/OTYSVZBSf4RL6qH3uqZz/P227gyaULzkbsg0UdvQFBWMj3kIPT6e/gigSe6oEnhTiKj6NNv+5lZk2NU4N9X8prxtaANvs/729sv4/7O+17z/dS2p87aT2wpgsrhePjS+e7CJpslbwEhPnP7HVyVGTxgwwFW2cZcgKd8KVj5GMCT6L6LuUfeEXFRqvf3lHp5EA2Hb/c/9x+f2f4XDY+v/uJa1ZzmKWP72zrxL+vUtA6lUcLjGqxp/ZGOQqDlHJd//+YGXnm9bYujw8tx5ZWGaNdzsn/eM/3zWjQATFMjazZXCzDWyDiqqtImELhJXpKAaAPCpTfidasmPjTXTc1wDp2bczN6yiwPDDQrulc7tCgATQKJFaMEAVwFJ7qDADgIhRthpRCraGLdRwTWkeQ4UCD29m5BZwp+4sr+62yu7XU0onbDUNaHjkNgd93vApQZOSO9kx6AE+5nwRppir4vjL6Dhb3uDV5WWED21b//2E9J3BY7sHS/aQRvJ6C9iXzk8wJ0oEOM+95HUxPCgT+MWZy8iwl+Ls0EI70OiaflVwKzzFftgLNPOraIojZHx9QC7Pjs7G8rVxMZvoColD2KHF+9UsiplL8flqCkBBSPwwmLMYGASs7Vn2mPhVKmImyQVbhjfiBeolPj3OQ3zzmmt3jQ7S/tdN33m8h680kiljAcy4kHEzp9nalVawXWVEEVRfJ2LuhP+TiaWmV6g+MTdnbiCb48voklXWjwDoahx1l3XLLTtBkhqaMqBPMIYnPz/a7YKVDuaxq4FDW+Mni5E5Ir5BTHWjQJ9Psv/fTf9TPrUd1cBt9t+wV7b/RqgStvrfPaRN+l/mG/qsZ764J4iArCJRl+E1w0fDKOw1X6Jd9bWkputf3vAXzwPsbARuWf/94X75959Gw732/ve9JLVbs3drNuyMGUA5y376oewFyl59KPvPJzJf3PLbyTW06QWKZlrI7pfH5fGADWzvBTfQxZktzw4K18k3DZAMNtS/eGU989n71yJPDJQYPxwneXs0+0Elj193JKQ6WpBBeFvGpAIhWqAxjFL2+qBUbEQrbznHU1gWuPEqAmW4eENe6egF+pAs+WyjeHAEyJ3SKZVnSm64/HMoxpZKLHTFZTdAJo1q+5RH3lpiB7DW97PyOMvnXnFfVmoo/28i2vx3ALfJ/37F/zcY7bXxP/eSStYazq8ywEpS3qoeDYOot5Ssf63OhM/D2YE+E9799ThodkflMTPgaujOZLx59bqYJ/cC41qFPGLPA8V1kbxn/t3D7zpZsPTSCw6kSW3GXy/ZMoxXa14MqxLl5FgcCVr/cNhOkH+UfnQhMyL1raS6t10wv/K+y7ZIcqggd0VzGGVOZRdA0s3KTl6vFcRfXtpJ/stbHHf+Adht8Z/Dx+Xff+z39/db+X8fST56ISRl9vsuoHelztyNUcJr9gCmwACS/Ofwcid5t+7JioTOx0ToDCheIuO5jJOr0zA5x+etQfJ0zKePMJC7Gtqdvzm01/sWAbLYIfLhjw5Im3Ene0Rvpi9i1Yn9qgDPhPf+6JW3VcRZB8I53TF8pmPyY+/HXie/Jigy+p2OcYEZEZmBp3oLMi95y0uCxgMXG2vx/OJXbQ0zxnRDNR1iuqEOIZVnGcZkUFfyVL6c2a8pMp4/AGD0ZhvX/Tc0roMjx0TZcNXb92My7GFpMQp2A1IZB7uhwtoHDzJnU6d6D31M/v2fTulWucgrnRVpFA9I3Y0wfNL2AcmerB6Lz9ndsIimXN6MF/qJKCNE4r0wlq7xE5b5kYv5ceqH0+6Sot+7O009f9YVqLtHIbBnLH5YVeI2BUImDcJw7rO3+Qs7Etamy9n+SIGJhW8N8aejZYb+Oee+0+8777/uXvUrvZIHa/2BLHAcp9MpOO3HHX0IJkXEaDRUWdnF3n5vsNfrdIpP9owNMYav9oyzCOTOgwckO0ERv6upJNIjwpy5Q3j2nNd0RcRZUv52Via7EDUgkUJTP8WVAWpxmj0MpqRqx9X9qX/TuO5FY/X7tFip+ysPA62A69eFa2uId3/76g0o9Shvf4hf8/dNS6+butXHpKSLx76iPMkq6RdMB3vPPZVZ49VAkfUsjJ950DJ0iEO5YM41MUByqZZ+XEWsYju81XxdiFX6vxevk+n/Xj8pFWXhR2Yx/s7EA3kUVn0qVkzNg/qXbh+I+wGCDG/WL34d4Ffk1tKLvWvf6+X+1OF9hy+p73f0DwSOO+ZSQDeMfsBB/RiH8YqD2LGJ4MpxYZ/IPWOdfELOdSEOgJhx4w2xbAXkxljdYaJpqmkdoT0zaFOb2tSmNrWpTW1qU5va1KY2talNbWpTm9rUpja1qU1talOb2vSXTP8PCqi6LgCgAAA= values: image: tag: v1.48.0-dev From 0d4a5374e4962c5391849aa0e7fac8ec8ace4a3f Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Mon, 3 Jul 2023 07:40:54 +0530 Subject: [PATCH 7/8] Vendor `gardener@1.74.0` --- go.mod | 2 +- go.sum | 4 +- .../genericactuator/actuator_migrate.go | 18 ++++++++- .../genericactuator/actuator_restore.go | 5 +++ .../pkg/controller/worker/state_reconciler.go | 40 +++++++++++-------- .../gardener/hack/kind-extensions-up.sh | 2 +- .../gardener/gardener/hack/kind-up.sh | 11 +---- .../core/v1beta1/constants/types_constants.go | 3 ++ .../pkg/apis/operator/v1alpha1/types.go | 12 ++++-- .../v1alpha1/zz_generated.deepcopy.go | 12 +++++- vendor/modules.txt | 2 +- 11 files changed, 75 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index b17dd12bf..23b4b0806 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/aliyun/aliyun-oss-go-sdk v2.1.8+incompatible github.com/coreos/go-systemd/v22 v22.3.2 github.com/gardener/etcd-druid v0.18.1 - github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 + github.com/gardener/gardener v1.74.0 github.com/gardener/gardener-extension-networking-calico v1.30.1 github.com/gardener/gardener-extension-networking-cilium v1.18.0 github.com/gardener/machine-controller-manager v0.48.1 diff --git a/go.sum b/go.sum index 89cfb8268..5a1346aa5 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/gardener/etcd-druid v0.18.1 h1:dcId4WayxlZiKvDMxLZHmmvWFXjTBFVqQWmqB5/8mdM= github.com/gardener/etcd-druid v0.18.1/go.mod h1:Bn4doVhryu6GWdXaYlVNy7TZMjUSMr5EjChei06KX0w= -github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 h1:W8PhoKl18vUTUJZNuUclTTNkfB/DXAZIU6IVSm4Nad8= -github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77/go.mod h1:uSkzPPoAEvdU1fvciTAsZFxPQ9vQpMbMFRJLMQgdfEQ= +github.com/gardener/gardener v1.74.0 h1:ckiij8W5F8LZSaycRDAZsL9PFt6mWuG8AhJOo54twno= +github.com/gardener/gardener v1.74.0/go.mod h1:uSkzPPoAEvdU1fvciTAsZFxPQ9vQpMbMFRJLMQgdfEQ= github.com/gardener/gardener-extension-networking-calico v1.30.1 h1:L8u8QB/QT7Dty25qZgFT47TnGhmpk6zutBXKhxnu9ns= github.com/gardener/gardener-extension-networking-calico v1.30.1/go.mod h1:DhaXVgUF4LAsS+6UlBK8kUKM8mhI+YHl/9/+WK3zfMk= github.com/gardener/gardener-extension-networking-cilium v1.18.0 h1:LNBMqVAkltHBDkP+C5Vq/dFgve/YOG8MIvTJJuWWCtU= diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_migrate.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_migrate.go index 7d761d105..45cc62b49 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_migrate.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_migrate.go @@ -20,8 +20,10 @@ import ( machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" "github.com/go-logr/logr" + "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gardener/gardener/extensions/pkg/controller" + extensionsworkercontroller "github.com/gardener/gardener/extensions/pkg/controller/worker" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" kubernetesutils "github.com/gardener/gardener/pkg/utils/kubernetes" "github.com/gardener/gardener/pkg/utils/managedresources" @@ -53,6 +55,20 @@ func (a *genericActuator) Migrate(ctx context.Context, log logr.Logger, worker * } } + // TODO(rfranzke): Instead of checking for machine objects, we could also only persist the state when it is nil. + // This is only to prevent that subsequent executions of Migrate don't overwrite/delete previously persisted state. + // We cannot do it this way yet since gardenlet does not persist the ShootState after all extension resources have + // been migrated. It is planned to do so after v1.79 has been released, hence we have to wait a bit longer. + machineObjectsExist, err := kubernetesutils.ResourcesExist(ctx, a.client, machinev1alpha1.SchemeGroupVersion.WithKind("MachineList"), client.InNamespace(worker.Namespace)) + if err != nil { + return fmt.Errorf("failed checking whether machine objects exist: %w", err) + } + if machineObjectsExist { + if err := extensionsworkercontroller.PersistState(ctx, log, a.client, worker); err != nil { + return fmt.Errorf("failed persisting worker state: %w", err) + } + } + if err := a.shallowDeleteAllObjects(ctx, log, worker.Namespace, &machinev1alpha1.MachineList{}); err != nil { return fmt.Errorf("shallow deletion of all machine failed: %w", err) } @@ -79,7 +95,7 @@ func (a *genericActuator) Migrate(ctx context.Context, log logr.Logger, worker * // Wait until all machine resources have been properly deleted. if err := a.waitUntilMachineResourcesDeleted(ctx, log, worker, workerDelegate); err != nil { - return fmt.Errorf("Failed while waiting for all machine resources to be deleted: %w", err) + return fmt.Errorf("failed while waiting for all machine resources to be deleted: %w", err) } return nil diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go index 625a8cede..d4a1d9259 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator/actuator_restore.go @@ -111,6 +111,11 @@ func (a *genericActuator) Restore(ctx context.Context, log logr.Logger, worker * return err } return a.Reconcile(ctx, log, worker, cluster) + // TODO(rfranzke): Uncomment these lines after the stateReconciler has been dropped (probably after v1.79 has been + // released). + // patch := client.MergeFromWithOptions(worker.DeepCopy(), client.MergeFromWithOptimisticLock{}) + // worker.Status.State = nil + // return a.client.Status().Patch(ctx, worker, patch) } func addStateToMachineDeployment(worker *extensionsv1alpha1.Worker, wantedMachineDeployments extensionsworkercontroller.MachineDeployments) error { diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/state_reconciler.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/state_reconciler.go index 14fe27dc5..d11a49fcd 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/state_reconciler.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/worker/state_reconciler.go @@ -22,6 +22,7 @@ import ( "sort" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" + "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -33,9 +34,11 @@ import ( gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - reconcilerutils "github.com/gardener/gardener/pkg/controllerutils/reconciler" ) +// TODO(rfranzke): Drop this stateReconciler after a few releases as soon as the shoot migrate flow persists the Shoot +// state only after all extension resources have been migrated. + type stateReconciler struct { client client.Client } @@ -75,43 +78,48 @@ func (r *stateReconciler) Reconcile(ctx context.Context, request reconcile.Reque return reconcile.Result{}, nil } - state, err := r.computeState(ctx, worker.Namespace) + return reconcile.Result{}, PersistState(ctx, log, r.client, worker) +} + +// PersistState persists the worker state into the .status.state field. +func PersistState(ctx context.Context, log logr.Logger, c client.Client, worker *extensionsv1alpha1.Worker) error { + state, err := computeState(ctx, c, worker.Namespace) if err != nil { - return reconcile.Result{}, err + return err } rawState, err := json.Marshal(state) if err != nil { - return reconcile.Result{}, err + return err } // If the state did not change, do not even try to send an empty PATCH request. if worker.Status.State != nil && bytes.Equal(rawState, worker.Status.State.Raw) { - return reconcile.Result{}, nil + return nil } patch := client.MergeFromWithOptions(worker.DeepCopy(), client.MergeFromWithOptimisticLock{}) worker.Status.State = &runtime.RawExtension{Raw: rawState} - if err := r.client.Status().Patch(ctx, worker, patch); err != nil { - return reconcilerutils.ReconcileErr(fmt.Errorf("error updating Worker state: %w", err)) + if err := c.Status().Patch(ctx, worker, patch); err != nil { + return fmt.Errorf("error updating Worker state: %w", err) } log.Info("Successfully updated Worker state") - return reconcile.Result{}, nil + return nil } -func (r *stateReconciler) computeState(ctx context.Context, namespace string) (*State, error) { +func computeState(ctx context.Context, c client.Client, namespace string) (*State, error) { existingMachineDeployments := &machinev1alpha1.MachineDeploymentList{} - if err := r.client.List(ctx, existingMachineDeployments, client.InNamespace(namespace)); err != nil { + if err := c.List(ctx, existingMachineDeployments, client.InNamespace(namespace)); err != nil { return nil, err } - machineSets, err := r.getExistingMachineSetsMap(ctx, namespace) + machineSets, err := getExistingMachineSetsMap(ctx, c, namespace) if err != nil { return nil, err } - machines, err := r.getExistingMachinesMap(ctx, namespace) + machines, err := getExistingMachinesMap(ctx, c, namespace) if err != nil { return nil, err } @@ -147,9 +155,9 @@ func (r *stateReconciler) computeState(ctx context.Context, namespace string) (* } // getExistingMachineSetsMap returns a map of existing MachineSets as values and their owners as keys -func (r *stateReconciler) getExistingMachineSetsMap(ctx context.Context, namespace string) (map[string][]machinev1alpha1.MachineSet, error) { +func getExistingMachineSetsMap(ctx context.Context, c client.Client, namespace string) (map[string][]machinev1alpha1.MachineSet, error) { existingMachineSets := &machinev1alpha1.MachineSetList{} - if err := r.client.List(ctx, existingMachineSets, client.InNamespace(namespace)); err != nil { + if err := c.List(ctx, existingMachineSets, client.InNamespace(namespace)); err != nil { return nil, err } @@ -163,9 +171,9 @@ func (r *stateReconciler) getExistingMachineSetsMap(ctx context.Context, namespa // no matter of being machineSet or MachineDeployment. If a Machine has a ownerReference the key(owner) // will be the MachineSet if not the key will be the name of the MachineDeployment which is stored as // a label. We assume that there is no MachineDeployment and MachineSet with the same names. -func (r *stateReconciler) getExistingMachinesMap(ctx context.Context, namespace string) (map[string][]machinev1alpha1.Machine, error) { +func getExistingMachinesMap(ctx context.Context, c client.Client, namespace string) (map[string][]machinev1alpha1.Machine, error) { existingMachines := &machinev1alpha1.MachineList{} - if err := r.client.List(ctx, existingMachines, client.InNamespace(namespace)); err != nil { + if err := c.List(ctx, existingMachines, client.InNamespace(namespace)); err != nil { return nil, err } diff --git a/vendor/github.com/gardener/gardener/hack/kind-extensions-up.sh b/vendor/github.com/gardener/gardener/hack/kind-extensions-up.sh index 094be499d..88f933815 100755 --- a/vendor/github.com/gardener/gardener/hack/kind-extensions-up.sh +++ b/vendor/github.com/gardener/gardener/hack/kind-extensions-up.sh @@ -21,5 +21,5 @@ set -o pipefail if [[ -n "$(docker ps -aq -f name=gardener-extensions-control-plane)" ]]; then docker start gardener-extensions-control-plane else - ./hack/kind-up.sh --cluster-name gardener-extensions --environment "$KIND_ENV" --path-kubeconfig "${REPO_ROOT}/example/provider-extensions/garden/kubeconfig" --path-cluster-values "${REPO_ROOT}/example/gardener-local/kind/extensions/values.yaml" + ./hack/kind-up.sh --cluster-name gardener-extensions --path-kubeconfig "${REPO_ROOT}/example/provider-extensions/garden/kubeconfig" --path-cluster-values "${REPO_ROOT}/example/gardener-local/kind/extensions/values.yaml" fi diff --git a/vendor/github.com/gardener/gardener/hack/kind-up.sh b/vendor/github.com/gardener/gardener/hack/kind-up.sh index 0fbf3c543..472bdb494 100755 --- a/vendor/github.com/gardener/gardener/hack/kind-up.sh +++ b/vendor/github.com/gardener/gardener/hack/kind-up.sh @@ -21,7 +21,6 @@ set -o pipefail CLUSTER_NAME="" PATH_CLUSTER_VALUES="" PATH_KUBECONFIG="" -ENVIRONMENT="skaffold" DEPLOY_REGISTRY=true MULTI_ZONAL=false CHART=$(dirname "$0")/../example/gardener-local/kind/cluster @@ -46,9 +45,6 @@ parse_flags() { --path-kubeconfig) shift; PATH_KUBECONFIG="$1" ;; - --environment) - shift; ENVIRONMENT="$1" - ;; --skip-registry) DEPLOY_REGISTRY=false ;; @@ -126,10 +122,7 @@ setup_containerd_registry_mirrors() { REGISTRY_HOSTNAME="garden.local.gardener.cloud" for NODE in $(kind get nodes --name="$CLUSTER_NAME"); do - if [[ "$ENVIRONMENT" == "skaffold" ]]; then - setup_containerd_registry_mirror $NODE "localhost:5001" "http://localhost:5001" "http://${REGISTRY_HOSTNAME}:5001" - fi - + setup_containerd_registry_mirror $NODE "localhost:5001" "http://localhost:5001" "http://${REGISTRY_HOSTNAME}:5001" setup_containerd_registry_mirror $NODE "gcr.io" "https://gcr.io" "http://${REGISTRY_HOSTNAME}:5003" setup_containerd_registry_mirror $NODE "eu.gcr.io" "https://eu.gcr.io" "http://${REGISTRY_HOSTNAME}:5004" setup_containerd_registry_mirror $NODE "ghcr.io" "https://ghcr.io" "http://${REGISTRY_HOSTNAME}:5005" @@ -179,7 +172,7 @@ fi kind create cluster \ --name "$CLUSTER_NAME" \ --image "kindest/node:v1.27.1" \ - --config <(helm template $CHART --values "$PATH_CLUSTER_VALUES" $ADDITIONAL_ARGS --set "environment=$ENVIRONMENT" --set "gardener.repositoryRoot"=$(dirname "$0")/..) + --config <(helm template $CHART --values "$PATH_CLUSTER_VALUES" $ADDITIONAL_ARGS --set "gardener.repositoryRoot"=$(dirname "$0")/..) # adjust Kind's CRI default OCI runtime spec for new containers to include the cgroup namespace # this is required for nesting kubelets on cgroupsv2, as the kindest-node entrypoint script assumes an existing cgroupns when the host kernel uses cgroupsv2 diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go index e0999bf28..72b808670 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go @@ -383,6 +383,9 @@ const ( // OperationRotateETCDEncryptionKeyComplete is a constant for an annotation on a Shoot indicating that the // rotation of the ETCD encryption key shall be completed. OperationRotateETCDEncryptionKeyComplete = "rotate-etcd-encryption-key-complete" + // SeedOperationRenewGardenAccessSecrets is a constant for an annotation on a Seed indicating that the + // all garden access secrets on the seed shall be renewed. + SeedOperationRenewGardenAccessSecrets = "renew-garden-access-secrets" // SeedResourceManagerClass is the resource-class managed by the Gardener-Resource-Manager // instance in the garden namespace on the seeds. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/types.go b/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/types.go index 16a07c8c9..84970d946 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/types.go @@ -166,10 +166,14 @@ type VirtualCluster struct { // DNS holds information about DNS settings. type DNS struct { - // Domain is the external domain of the virtual garden cluster. This field is immutable. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" - Domain string `json:"domain"` + // Deprecated: This field is deprecated and will be removed soon. Please use `Domains` instead. + // TODO(timuthy): Drop this after v1.74 has been released. + // +optional + Domain *string `json:"domain,omitempty"` + // Domains are the external domains of the virtual garden cluster. + // The first given domain in this list is immutable. + // +optional + Domains []string `json:"domains,omitempty"` } // ETCD contains configuration for the etcds of the virtual garden cluster. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go index da5cd75d1..23755747c 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go @@ -245,6 +245,16 @@ func (in *CredentialsRotation) DeepCopy() *CredentialsRotation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNS) DeepCopyInto(out *DNS) { *out = *in + if in.Domain != nil { + in, out := &in.Domain, &out.Domain + *out = new(string) + **out = **in + } + if in.Domains != nil { + in, out := &in.Domains, &out.Domains + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -822,7 +832,7 @@ func (in *VirtualCluster) DeepCopyInto(out *VirtualCluster) { *out = new(ControlPlane) (*in).DeepCopyInto(*out) } - out.DNS = in.DNS + in.DNS.DeepCopyInto(&out.DNS) if in.ETCD != nil { in, out := &in.ETCD, &out.ETCD *out = new(ETCD) diff --git a/vendor/modules.txt b/vendor/modules.txt index 62f7cb223..71caa4f2c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -97,7 +97,7 @@ github.com/fsnotify/fsnotify # github.com/gardener/etcd-druid v0.18.1 ## explicit; go 1.20 github.com/gardener/etcd-druid/api/v1alpha1 -# github.com/gardener/gardener v1.73.1-0.20230622175055-703970e3ea77 +# github.com/gardener/gardener v1.74.0 ## explicit; go 1.20 github.com/gardener/gardener/.github github.com/gardener/gardener/.github/ISSUE_TEMPLATE From 970d1b0d93946f65c91015ab5b318ac3ed08f3ae Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Mon, 3 Jul 2023 14:14:34 +0530 Subject: [PATCH 8/8] Set effective version when building images Similar to https://github.com/gardener/gardener-extension-provider-openstack/pull/638 --- Dockerfile | 5 ++++- Makefile | 11 ++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c01708ea..631df0faf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,10 @@ FROM golang:1.19.3 AS builder WORKDIR /go/src/github.com/gardener/gardener-extension-provider-alicloud COPY . . -RUN make install + +ARG EFFECTIVE_VERSION + +RUN make install EFFECTIVE_VERSION=$EFFECTIVE_VERSION ############# base FROM gcr.io/distroless/static-debian11:nonroot AS base diff --git a/Makefile b/Makefile index d644b8f8a..136fd1065 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,7 @@ IMAGE_PREFIX := $(REGISTRY)/extensions REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) HACK_DIR := $(REPO_ROOT)/hack VERSION := $(shell cat "$(REPO_ROOT)/VERSION") +EFFECTIVE_VERSION := $(VERSION)-$(shell git rev-parse HEAD) LD_FLAGS := "-w $(shell $(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/get-build-ld-flags.sh k8s.io/component-base $(REPO_ROOT)/VERSION $(EXTENSION_PREFIX))" VERIFY := true LEADER_ELECTION := false @@ -40,6 +41,10 @@ ACCESS_KEY_ID_FILE := .kube-secrets/alicloud/access_key_id.secret ACCESS_KEY_SECRET_FILE := .kube-secrets/alicloud/access_key_secret.secret VPC_ID_FILE := .kube-secrets/alicloud/vpc_id.secret +ifneq ($(strip $(shell git status --porcelain 2>/dev/null)),) + EFFECTIVE_VERSION := $(EFFECTIVE_VERSION)-dirty +endif + ######################################### # Tools # ######################################### @@ -82,7 +87,7 @@ start-admission: .PHONY: install install: - @LD_FLAGS=$(LD_FLAGS) \ + @LD_FLAGS=$(LD_FLAGS) EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) \ $(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/install.sh ./... .PHONY: docker-login @@ -91,8 +96,8 @@ docker-login: .PHONY: docker-images docker-images: - @docker build -t $(IMAGE_PREFIX)/$(NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(NAME) . - @docker build -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(ADMISSION_NAME) . + @docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) -t $(IMAGE_PREFIX)/$(NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(NAME) . + @docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(ADMISSION_NAME) . ##################################################################### # Rules for verification, formatting, linting, testing and cleaning #