diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 113c4e95f25a..de2fc4115e53 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -136,6 +136,9 @@ const ( // instead of being a source of truth for eventual consistency. // This annotation can be used to inform MachinePool status during in-progress scaling scenarios. ReplicasManagedByAnnotation = "cluster.x-k8s.io/replicas-managed-by" + + // TakeOverCluster is the label used to mark the nodes that run on takeover-cluster instances. + TakeOverCluster = "cluster.x-k8s.io/takeover-cluster" ) const ( diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index d46246b453c6..2178b82aa615 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -19,6 +19,7 @@ package controllers import ( "context" "fmt" + "log" "strconv" "time" @@ -277,8 +278,12 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques return ctrl.Result{}, nil } + // TODO: PCP-22 check (annotation to skip handleClusterNotInitialized and go for join ) + // how to make this condition true for new cluster as kubeadm cluster is already initialized // Note: can't use IsFalse here because we need to handle the absence of the condition as well as false. - if !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { + log.Info("TESTING... skip handleClusterNotInitialized and push cluster for join") + + if !annotations.IsTakeOverCluster(cluster.GetObjectMeta()) && !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { return r.handleClusterNotInitialized(ctx, scope) } @@ -296,10 +301,12 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques // it's a control plane join if configOwner.IsControlPlaneMachine() { + log.Info("TESTING.... joinControlplane") return r.joinControlplane(ctx, scope) } // It's a worker join + log.Info("TESTING.... It's a worker join") return r.joinWorker(ctx, scope) } @@ -520,8 +527,12 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex } func (r *KubeadmConfigReconciler) joinWorker(ctx context.Context, scope *Scope) (ctrl.Result, error) { + scope.Info("Creating BootstrapData for the worker node") + scope.Info("TESTING.... joinWorker") + log.Println("TESTING.... joinWorker") + certificates := secret.NewCertificatesForWorker(scope.Config.Spec.JoinConfiguration.CACertPath) err := certificates.Lookup( ctx, diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index 33603f5931a2..7a909f99f178 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -110,25 +110,23 @@ func (in *KubeadmControlPlane) ValidateCreate() error { } const ( - spec = "spec" - kubeadmConfigSpec = "kubeadmConfigSpec" - clusterConfiguration = "clusterConfiguration" - initConfiguration = "initConfiguration" - joinConfiguration = "joinConfiguration" - nodeRegistration = "nodeRegistration" - skipPhases = "skipPhases" - patches = "patches" - directory = "directory" - preKubeadmCommands = "preKubeadmCommands" - postKubeadmCommands = "postKubeadmCommands" - files = "files" - users = "users" - apiServer = "apiServer" - controllerManager = "controllerManager" - scheduler = "scheduler" - ntp = "ntp" - ignition = "ignition" - diskSetup = "diskSetup" + spec = "spec" + kubeadmConfigSpec = "kubeadmConfigSpec" + // clusterConfiguration = "clusterConfiguration" + // initConfiguration = "initConfiguration" + // joinConfiguration = "joinConfiguration" + // nodeRegistration = "nodeRegistration" + // patches = "patches" + // directory = "directory" + // preKubeadmCommands = "preKubeadmCommands" + // postKubeadmCommands = "postKubeadmCommands" + // files = "files" + // users = "users" + // apiServer = "apiServer" + // controllerManager = "controllerManager" + // scheduler = "scheduler" + // ntp = "ntp" + // ignition = "ignition" ) const minimumCertificatesExpiryDays = 7 @@ -139,26 +137,26 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) error { // For example, {"spec", "*"} will allow any path under "spec" to change. allowedPaths := [][]string{ {"metadata", "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, apiServer, "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"}, - //{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"}, - //{spec, kubeadmConfigSpec, initConfiguration, patches, directory}, - //{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"}, - //{spec, kubeadmConfigSpec, joinConfiguration, patches, directory}, - //{spec, kubeadmConfigSpec, preKubeadmCommands}, - //{spec, kubeadmConfigSpec, postKubeadmCommands}, - //{spec, kubeadmConfigSpec, files}, - //{spec, kubeadmConfigSpec, "verbosity"}, - //{spec, kubeadmConfigSpec, users}, - //{spec, kubeadmConfigSpec, ntp, "*"}, - //{spec, kubeadmConfigSpec, ignition, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, apiServer, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"}, + // {spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"}, + // {spec, kubeadmConfigSpec, initConfiguration, patches, directory}, + // {spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"}, + // {spec, kubeadmConfigSpec, joinConfiguration, patches, directory}, + // {spec, kubeadmConfigSpec, preKubeadmCommands}, + // {spec, kubeadmConfigSpec, postKubeadmCommands}, + // {spec, kubeadmConfigSpec, files}, + // {spec, kubeadmConfigSpec, "verbosity"}, + // {spec, kubeadmConfigSpec, users}, + // {spec, kubeadmConfigSpec, ntp, "*"}, + // {spec, kubeadmConfigSpec, ignition, "*"}, // allow all fields to be modified {spec, kubeadmConfigSpec, "*"}, {spec, "machineTemplate", "metadata", "*"}, diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 05d69b52b00b..7e9c09f2d941 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -394,12 +394,19 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * switch { // We are creating the first replica case numMachines < desiredReplicas && numMachines == 0: + + if annotations.IsTakeOverCluster(controlPlane.Cluster.GetObjectMeta()) { + // Create a new Machine w/ join + log.Info("Scaling up control plane", "Desired", desiredReplicas, "Existing", numMachines) + return r.scaleUpControlPlane(ctx, cluster, kcp, controlPlane) + } + // Create new Machine w/ init log.Info("Initializing control plane", "Desired", desiredReplicas, "Existing", numMachines) conditions.MarkFalse(controlPlane.KCP, controlplanev1.AvailableCondition, controlplanev1.WaitingForKubeadmInitReason, clusterv1.ConditionSeverityInfo, "") return r.initializeControlPlane(ctx, cluster, kcp, controlPlane) // We are scaling up - case numMachines < desiredReplicas && numMachines > 0: + case numMachines < desiredReplicas && numMachines >= 0: // Create a new Machine w/ join log.Info("Scaling up control plane", "Desired", desiredReplicas, "Existing", numMachines) return r.scaleUpControlPlane(ctx, cluster, kcp, controlPlane) @@ -568,7 +575,7 @@ func (r *KubeadmControlPlaneReconciler) reconcileEtcdMembers(ctx context.Context log := ctrl.LoggerFrom(ctx) // If etcd is not managed by KCP this is a no-op. - if !controlPlane.IsEtcdManaged() { + if annotations.IsTakeOverCluster(controlPlane.Cluster.GetObjectMeta()) || !controlPlane.IsEtcdManaged() { return ctrl.Result{}, nil } diff --git a/controlplane/kubeadm/internal/controllers/helpers.go b/controlplane/kubeadm/internal/controllers/helpers.go index 3355f942409c..91de00582399 100644 --- a/controlplane/kubeadm/internal/controllers/helpers.go +++ b/controlplane/kubeadm/internal/controllers/helpers.go @@ -74,8 +74,12 @@ func (r *KubeadmControlPlaneReconciler) reconcileKubeconfig(ctx context.Context, return ctrl.Result{}, errors.Wrap(err, "failed to retrieve kubeconfig Secret") } - if err := r.adoptKubeconfigSecret(ctx, cluster, configSecret, kcp); err != nil { - return ctrl.Result{}, err + // check if the kubeconfig secret was created by v1alpha2 controllers, and thus it has the Cluster as the owner instead of KCP; + // if yes, adopt it. + if util.IsOwnedByObject(configSecret, cluster) && !util.IsControlledBy(configSecret, kcp) { + if err := r.adoptKubeconfigSecret(ctx, cluster, configSecret, kcp); err != nil { + return ctrl.Result{}, err + } } // only do rotation on owned secrets diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 454ad6e5ccc3..6dac23f896bd 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -7,14 +7,14 @@ replace sigs.k8s.io/cluster-api => ../../ replace sigs.k8s.io/cluster-api/test => ../../test require ( - cloud.google.com/go/storage v1.22.1 + cloud.google.com/go/storage v1.30.1 github.com/blang/semver v3.5.1+incompatible github.com/hashicorp/go-multierror v1.1.1 github.com/pkg/errors v0.9.1 github.com/spf13/pflag v1.0.5 github.com/valyala/fastjson v1.6.3 - golang.org/x/tools v0.1.12 - google.golang.org/api v0.84.0 + golang.org/x/tools v0.6.0 + google.golang.org/api v0.126.0 helm.sh/helm/v3 v3.9.4 k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.25.0 @@ -33,9 +33,9 @@ require ( ) require ( - cloud.google.com/go v0.102.0 // indirect - cloud.google.com/go/compute v1.7.0 // indirect - cloud.google.com/go/iam v0.3.0 // indirect + cloud.google.com/go v0.110.4 // indirect + cloud.google.com/go/compute v1.21.0 // indirect + cloud.google.com/go/iam v1.1.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -46,7 +46,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/containerd/containerd v1.6.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/cli v20.10.17+incompatible // indirect @@ -69,7 +69,7 @@ require ( github.com/gobuffalo/flect v0.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/cel-go v0.12.4 // indirect github.com/google/gnostic v0.6.9 // indirect @@ -79,8 +79,8 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa // indirect - github.com/googleapis/gax-go/v2 v2.4.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect @@ -126,23 +126,23 @@ require ( github.com/stoewer/go-strcase v1.2.0 // indirect github.com/subosito/gotenv v1.4.1 // indirect github.com/xlab/treeprint v1.1.0 // indirect - go.opencensus.io v0.23.0 // indirect + go.opencensus.io v0.24.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/crypto v0.3.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sync v0.3.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect - golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect - google.golang.org/grpc v1.47.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect + google.golang.org/grpc v1.58.3 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 6d272c1e66ee..845b51e0b5b3 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -31,6 +31,7 @@ cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2Z cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go v0.102.0 h1:DAq3r8y4mDgyB/ZPJ9v/5VJNqjgJAxTn6ZYLlUywOu8= cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= +cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -44,10 +45,12 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -60,6 +63,7 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.22.1 h1:F6IlQJZrZM++apn9V5/VfS3gbTUYg98PS3EMQAzqtfg= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -106,6 +110,7 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -239,6 +244,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -302,6 +308,7 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa h1:7MYGT2XEMam7Mtzv1yDUYXANedWvwk3HKkR3MyGowy8= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -310,6 +317,7 @@ github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/Oth github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= @@ -491,6 +499,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -500,6 +509,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/valyala/fastjson v1.6.3 h1:tAKFnnwmeMGPbwJ7IwxcTPCNr3uIzoIj3/Fh90ra4xc= @@ -526,6 +536,7 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= @@ -544,6 +555,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -581,6 +593,7 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -631,6 +644,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -653,6 +667,7 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -667,6 +682,7 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -744,11 +760,13 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -761,6 +779,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -823,6 +842,7 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -831,6 +851,7 @@ golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -873,6 +894,7 @@ google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6r google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= google.golang.org/api v0.84.0 h1:NMB9J4cCxs9xEm+1Z9QiO3eFvn7EnQj3Eo3hN6ugVlg= google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -963,6 +985,7 @@ google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -995,6 +1018,7 @@ google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1012,6 +1036,7 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index 741a423cb244..31553db35f30 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -245,7 +245,10 @@ func (r *Reconciler) reconcileControlPlane(ctx context.Context, cluster *cluster if err != nil { return ctrl.Result{}, err } - if initialized { + + // TODO: PCP-22 set controlPlaneInitializedCondition to true for takeOver cluster + // as CP are already initialized in existing cluster + if annotations.IsTakeOverCluster(cluster.GetObjectMeta()) || initialized { conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) } else { conditions.MarkFalse(cluster, clusterv1.ControlPlaneInitializedCondition, clusterv1.WaitingForControlPlaneProviderInitializedReason, clusterv1.ConditionSeverityInfo, "Waiting for control plane provider to indicate the control plane has been initialized") @@ -270,11 +273,16 @@ func (r *Reconciler) reconcileKubeconfig(ctx context.Context, cluster *clusterv1 } _, err := secret.Get(ctx, r.Client, util.ObjectKey(cluster), secret.Kubeconfig) + + if err != nil { + log.Info("TESTING.... error getting kubeconfig", "err", err) + } + switch { case apierrors.IsNotFound(err): if err := kubeconfig.CreateSecret(ctx, r.Client, cluster); err != nil { if err == kubeconfig.ErrDependentCertificateNotFound { - log.Info("Could not find secret for cluster, requeuing", "Secret", secret.ClusterCA) + log.Info("could not find secret for cluster, requeuing", "secret", secret.ClusterCA) return ctrl.Result{RequeueAfter: 30 * time.Second}, nil } return ctrl.Result{}, err diff --git a/spectro/generated/bootstrap-base.yaml b/spectro/generated/bootstrap-base.yaml index 558d42de5217..99333d16ad7f 100644 --- a/spectro/generated/bootstrap-base.yaml +++ b/spectro/generated/bootstrap-base.yaml @@ -26,7 +26,7 @@ spec: - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-bootstrap-controller-amd64:20220805 + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-bootstrap-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/bootstrap-global.yaml b/spectro/generated/bootstrap-global.yaml index 90de902d0bb1..d0eea2271f67 100644 --- a/spectro/generated/bootstrap-global.yaml +++ b/spectro/generated/bootstrap-global.yaml @@ -3,7 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -1272,12 +1273,12 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry to pull - images from. If empty, `k8s.gcr.io` will be used by default; + images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for - kube-proxy, while `k8s.gcr.io` will be used for all the other - images. + kube-proxy, while `registry.k8s.io` will be used for all the + other images. type: string kind: description: 'Kind is a string value representing the REST resource @@ -2259,13 +2260,19 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry to pull - images from. If empty, `k8s.gcr.io` will be used by default; - in case of kubernetes version is a CI build (kubernetes version - starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` - will be used as a default for control plane components and for - kube-proxy, while `k8s.gcr.io` will be used for all the other - images. + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' type: string kind: description: 'Kind is a string value representing the REST resource @@ -2633,7 +2640,7 @@ spec: nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this - field to an empty slice, i.e. `taints: {}` in the YAML file. + field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the @@ -2844,7 +2851,7 @@ spec: nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this - field to an empty slice, i.e. `taints: {}` in the YAML file. + field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the @@ -2944,7 +2951,10 @@ spec: joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata \n For more information, - refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -3098,19 +3108,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -4388,12 +4393,13 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will be - used by default; in case of kubernetes version is a - CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default - for control plane components and for kube-proxy, while - `k8s.gcr.io` will be used for all the other images. + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. type: string kind: description: 'Kind is a string value representing the @@ -5368,13 +5374,21 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will be - used by default; in case of kubernetes version is a - CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default - for control plane components and for kube-proxy, while - `k8s.gcr.io` will be used for all the other images. + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' type: string kind: description: 'Kind is a string value representing the @@ -5767,7 +5781,7 @@ spec: it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: - {}` in the YAML file. This field is solely used + []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to @@ -5993,7 +6007,7 @@ spec: it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: - {}` in the YAML file. This field is solely used + []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to @@ -6100,7 +6114,11 @@ spec: environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata - \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -6192,12 +6210,6 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -6241,7 +6253,7 @@ spec: - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-bootstrap-controller-amd64:20220805 + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-bootstrap-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -6308,6 +6320,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: bootstrap-kubeadm name: capi-kubeadm-bootstrap-mutating-webhook-configuration @@ -6360,6 +6373,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: bootstrap-kubeadm name: capi-kubeadm-bootstrap-validating-webhook-configuration diff --git a/spectro/generated/controlplane-base.yaml b/spectro/generated/controlplane-base.yaml index 5cd9f6869892..bcc2b24e28f5 100644 --- a/spectro/generated/controlplane-base.yaml +++ b/spectro/generated/controlplane-base.yaml @@ -25,7 +25,20 @@ spec: - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-control-plane-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-control-plane-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/controlplane-global.yaml b/spectro/generated/controlplane-global.yaml index 6adf5b04b649..b58e30149fd8 100644 --- a/spectro/generated/controlplane-global.yaml +++ b/spectro/generated/controlplane-global.yaml @@ -3,7 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -125,6 +126,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic kubeadmConfigSpec: description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. @@ -1497,12 +1499,12 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry to - pull images from. If empty, `k8s.gcr.io` will be used by - default; in case of kubernetes version is a CI build (kubernetes - version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and - for kube-proxy, while `k8s.gcr.io` will be used for all - the other images. + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. type: string kind: description: 'Kind is a string value representing the REST @@ -2225,6 +2227,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: @@ -2715,13 +2718,20 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry to - pull images from. If empty, `k8s.gcr.io` will be used by - default; in case of kubernetes version is a CI build (kubernetes - version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and - for kube-proxy, while `k8s.gcr.io` will be used for all - the other images. + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' type: string kind: description: 'Kind is a string value representing the REST @@ -3103,7 +3113,7 @@ spec: i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, - set this field to an empty slice, i.e. `taints: {}` + set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: @@ -3323,7 +3333,7 @@ spec: i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, - set this field to an empty slice, i.e. `taints: {}` + set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: @@ -3428,7 +3438,10 @@ spec: environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata - \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -3552,6 +3565,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: @@ -3588,6 +3602,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string required: - infrastructureRef type: object @@ -3603,6 +3623,17 @@ spec: made to the KubeadmControlPlane. format: date-time type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object rolloutStrategy: default: rollingUpdate: @@ -3632,7 +3663,13 @@ spec: type: string type: object version: - description: Version defines the desired Kubernetes version. + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' type: string required: - kubeadmConfigSpec @@ -3753,19 +3790,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -4082,13 +4114,13 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will - be used by default; in case of kubernetes version + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `k8s.gcr.io` will be used - for all the other images. + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. type: string kind: description: 'Kind is a string value representing @@ -4860,6 +4892,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -5243,14 +5276,21 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will - be used by default; in case of kubernetes version - is a CI build (kubernetes version starts with `ci/` - or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will - be used as a default for control plane components - and for kube-proxy, while `k8s.gcr.io` will be used - for all the other images. + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' type: string kind: description: 'Kind is a string value representing @@ -5659,7 +5699,7 @@ spec: init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. - `taints: {}` in the YAML file. This field is + `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached @@ -5895,7 +5935,7 @@ spec: init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. - `taints: {}` in the YAML file. This field is + `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached @@ -6006,7 +6046,11 @@ spec: to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata \n For more - information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -6112,6 +6156,13 @@ spec: be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string type: object rolloutAfter: description: RolloutAfter is a field to indicate a rollout @@ -6119,6 +6170,17 @@ spec: changes have been made to the KubeadmControlPlane. format: date-time type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object rolloutStrategy: default: rollingUpdate: @@ -6161,12 +6223,6 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -6209,7 +6265,20 @@ spec: - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-control-plane-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-control-plane-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -6276,6 +6345,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: control-plane-kubeadm name: capi-kubeadm-control-plane-mutating-webhook-configuration @@ -6329,6 +6399,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: control-plane-kubeadm name: capi-kubeadm-control-plane-validating-webhook-configuration diff --git a/spectro/generated/core-base.yaml b/spectro/generated/core-base.yaml index 3096a97a49fd..74479ce3a216 100644 --- a/spectro/generated/core-base.yaml +++ b/spectro/generated/core-base.yaml @@ -25,7 +25,20 @@ spec: - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/cluster-api-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/cluster-api-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml index 28ab7d47c1fb..2309cd952031 100644 --- a/spectro/generated/core-global.yaml +++ b/spectro/generated/core-global.yaml @@ -11,7 +11,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterclasses.cluster.x-k8s.io @@ -114,6 +115,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -179,6 +181,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -226,6 +229,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -303,6 +307,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -357,6 +362,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -491,6 +497,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The @@ -523,6 +530,7 @@ spec: over MaxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object machineInfrastructure: @@ -569,6 +577,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -597,6 +606,28 @@ spec: More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string ref: description: Ref is a required reference to a custom resource offered by a provider. @@ -634,6 +665,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -681,6 +713,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -693,8 +726,9 @@ spec: to customize the referenced templates. properties: definitions: - description: 'Definitions define the patches inline. Note: Patches - will be applied in the order of the array.' + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' items: description: PatchDefinition defines a patch which is applied to customize the referenced templates. @@ -815,11 +849,23 @@ spec: will be disabled. If EnabledIf is not set, the patch will be enabled per default. type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object name: description: Name of the patch. type: string required: - - definitions - name type: object type: array @@ -962,6 +1008,13 @@ spec: description: 'UniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array.' type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean required: - type type: object @@ -993,6 +1046,13 @@ spec: and can be referenced in the Cluster to create a managed MachineDeployment. type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string machineHealthCheck: description: MachineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. @@ -1057,6 +1117,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered @@ -1092,6 +1153,107 @@ spec: This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete type: string type: object template: @@ -1149,6 +1311,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -1203,6 +1366,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -1241,23 +1405,68 @@ spec: type: array type: object type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object type: object served: true storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesetbindings.addons.cluster.x-k8s.io @@ -1543,19 +1752,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesets.addons.cluster.x-k8s.io @@ -2066,19 +2270,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusters.cluster.x-k8s.io @@ -2217,6 +2416,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2255,6 +2455,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. @@ -2476,6 +2677,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2514,6 +2716,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. @@ -2864,6 +3067,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2902,6 +3106,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. @@ -2919,6 +3124,119 @@ spec: controlPlane: description: ControlPlane describes the cluster control plane. properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object metadata: description: "Metadata is the metadata applied to the machines of the ControlPlane. At runtime this metadata is merged @@ -2945,6 +3263,12 @@ spec: More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -2952,6 +3276,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string replicas: description: Replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created @@ -3022,6 +3352,128 @@ spec: machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object metadata: description: Metadata is the metadata applied to the machines of the MachineDeployment. At runtime this @@ -3046,6 +3498,12 @@ spec: controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer name: description: Name is the unique identifier for this MachineDeploymentTopology. The value is used with @@ -3054,6 +3512,13 @@ spec: is greater than the allowed maximum length, the values are hashed together. type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a @@ -3062,6 +3527,13 @@ spec: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string replicas: description: Replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment @@ -3071,6 +3543,75 @@ spec: of this value. format: int32 type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object variables: description: Variables can be used to customize the MachineDeployment through patches. @@ -3215,18 +3756,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api @@ -3270,18 +3805,19 @@ spec: description: ExtensionConfigSpec is the desired state of the ExtensionConfig properties: clientConfig: - description: ClientConfig defines how to communicate with ExtensionHandlers. + description: ClientConfig defines how to communicate with the Extension + server. properties: caBundle: description: CABundle is a PEM encoded CA bundle which will be - used to validate the ExtensionHandler's server certificate. + used to validate the Extension server's server certificate. format: byte type: string service: description: "Service is a reference to the Kubernetes service - for the ExtensionHandler. Either `service` or `url` must be - specified. \n If the ExtensionHandler is running within a cluster, - then you should use `service`." + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." properties: name: description: Name is the name of the service. @@ -3290,13 +3826,13 @@ spec: description: Namespace is the namespace of the service. type: string path: - description: Path is an optional URL path which will be sent - in any request to this service. If a path is set it will - be used as prefix and the hook-specific path will be appended. + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. type: string port: description: Port is the port on the service that's hosting - the ExtensionHandler. Default to 443. `port` should be a + the Extension server. Defaults to 443. Port should be a valid port number (1-65535, inclusive). format: int32 type: integer @@ -3305,25 +3841,23 @@ spec: - namespace type: object url: - description: "URL gives the location of the ExtensionHandler, - in standard URL form (`scheme://host:port/path`). Exactly one - of `url` or `service` must be specified. \n The `host` should - not refer to a service running in the cluster; use the `service` - field instead. \n The scheme should be \"https\"; the URL should - begin with \"https://\". \"http\" is supported for insecure - development purposes only. \n A path is optional, and if present - may be any string permissible in a URL. If a path is set it - will be used as prefix and the hook-specific path will be appended. - \n Attempting to use a user or basic auth e.g. \"user:password@\" + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed either." type: string type: object namespaceSelector: - description: NamespaceSelector decides whether to run the webhook - on an object based on whether the namespace for that object matches - the selector. Default to the empty LabelSelector, which matches - everything. + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -3437,7 +3971,8 @@ spec: which this ExtensionHandler serves. properties: apiVersion: - description: APIVersion is the Version of the Hook. + description: APIVersion is the group and version of the + Hook. type: string hook: description: Hook is the name of the hook. @@ -3448,7 +3983,8 @@ spec: type: object timeoutSeconds: description: TimeoutSeconds defines the timeout duration for - client calls to the ExtensionHandler. + client calls to the ExtensionHandler. Defaults to 10 is not + set. format: int32 type: integer required: @@ -3465,19 +4001,258 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + required: + - addressRef + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - gateway + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinedeployments.cluster.x-k8s.io @@ -3628,6 +4403,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -3786,6 +4562,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -3839,6 +4616,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -3899,6 +4677,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -4124,6 +4903,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -4259,6 +5039,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -4313,6 +5094,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -4591,6 +5373,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -4726,6 +5509,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -4780,6 +5564,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -4793,6 +5578,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -4925,19 +5716,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinehealthchecks.cluster.x-k8s.io @@ -5058,6 +5844,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5103,6 +5890,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5318,6 +6106,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5363,6 +6152,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5587,6 +6377,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5632,6 +6423,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5756,19 +6548,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinepools.cluster.x-k8s.io @@ -6019,6 +6806,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -6072,6 +6860,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -6132,6 +6921,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -6243,7 +7033,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -6251,10 +7041,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -6262,12 +7052,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -6483,6 +7273,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -6537,6 +7328,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -6648,7 +7440,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -6656,10 +7448,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -6667,12 +7459,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -6897,6 +7689,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -6951,6 +7744,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -6964,6 +7758,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -7069,7 +7869,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -7077,10 +7877,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -7088,12 +7888,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -7166,19 +7966,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machines.cluster.x-k8s.io @@ -7288,6 +8083,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending @@ -7346,6 +8142,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, @@ -7521,6 +8318,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -7631,6 +8429,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain @@ -7684,6 +8483,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, @@ -7912,6 +8712,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -8021,6 +8822,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain @@ -8074,6 +8876,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine @@ -8086,6 +8889,12 @@ spec: meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on @@ -8136,6 +8945,11 @@ spec: bootstrapReady: description: BootstrapReady is the state of the bootstrap provider. type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string conditions: description: Conditions defines current service state of the Machine. items: @@ -8309,6 +9123,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -8324,19 +9139,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinesets.cluster.x-k8s.io @@ -8471,10 +9281,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -8583,6 +9394,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -8636,6 +9448,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -8696,6 +9509,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -8913,10 +9727,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -8990,6 +9805,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -9044,6 +9860,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -9314,10 +10131,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -9391,6 +10209,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -9445,6 +10264,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -9458,6 +10278,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -9598,12 +10424,6 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -9646,7 +10466,20 @@ spec: - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/cluster-api-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/cluster-api-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -9713,6 +10546,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api name: capi-mutating-webhook-configuration @@ -9812,10 +10646,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + path: /mutate-cluster-x-k8s-io-v1beta1-cluster failurePolicy: Fail matchPolicy: Equivalent - name: default.machinepool.cluster.x-k8s.io + name: default.cluster.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -9825,7 +10659,7 @@ webhooks: - CREATE - UPDATE resources: - - machinepools + - clusters sideEffects: None - admissionReviewVersions: - v1 @@ -9834,10 +10668,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-cluster + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass failurePolicy: Fail matchPolicy: Equivalent - name: default.cluster.cluster.x-k8s.io + name: default.clusterclass.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -9847,7 +10681,7 @@ webhooks: - CREATE - UPDATE resources: - - clusters + - clusterclasses sideEffects: None - admissionReviewVersions: - v1 @@ -9856,20 +10690,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig failurePolicy: Fail matchPolicy: Equivalent - name: default.clusterclass.cluster.x-k8s.io + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - runtime.cluster.x-k8s.io apiVersions: - - v1beta1 + - v1alpha1 operations: - CREATE - UPDATE resources: - - clusterclasses + - extensionconfigs sideEffects: None - admissionReviewVersions: - v1 @@ -9878,20 +10712,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool failurePolicy: Fail matchPolicy: Equivalent - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + name: default.machinepool.cluster.x-k8s.io rules: - apiGroups: - - runtime.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - - v1alpha1 + - v1beta1 operations: - CREATE - UPDATE resources: - - extensionconfigs + - machinepools sideEffects: None - admissionReviewVersions: - v1 @@ -9921,6 +10755,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api name: capi-validating-webhook-configuration @@ -10020,10 +10855,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-machinepool + path: /validate-cluster-x-k8s-io-v1beta1-cluster failurePolicy: Fail matchPolicy: Equivalent - name: validation.machinepool.cluster.x-k8s.io + name: validation.cluster.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -10032,8 +10867,9 @@ webhooks: operations: - CREATE - UPDATE + - DELETE resources: - - machinepools + - clusters sideEffects: None - admissionReviewVersions: - v1 @@ -10042,10 +10878,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-cluster + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass failurePolicy: Fail matchPolicy: Equivalent - name: validation.cluster.cluster.x-k8s.io + name: validation.clusterclass.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -10056,7 +10892,7 @@ webhooks: - UPDATE - DELETE resources: - - clusters + - clusterclasses sideEffects: None - admissionReviewVersions: - v1 @@ -10065,21 +10901,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig failurePolicy: Fail matchPolicy: Equivalent - name: validation.clusterclass.cluster.x-k8s.io + name: validation.extensionconfig.runtime.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - runtime.cluster.x-k8s.io apiVersions: - - v1beta1 + - v1alpha1 operations: - CREATE - UPDATE - - DELETE resources: - - clusterclasses + - extensionconfigs sideEffects: None - admissionReviewVersions: - v1 @@ -10088,20 +10923,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + path: /validate-cluster-x-k8s-io-v1beta1-machinepool failurePolicy: Fail matchPolicy: Equivalent - name: validation.extensionconfig.runtime.cluster.x-k8s.io + name: validation.machinepool.cluster.x-k8s.io rules: - apiGroups: - - runtime.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - - v1alpha1 + - v1beta1 operations: - CREATE - UPDATE resources: - - extensionconfigs + - machinepools sideEffects: None - admissionReviewVersions: - v1 @@ -10125,3 +10960,49 @@ webhooks: resources: - clusterresourcesets sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-webhook-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-webhook-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None diff --git a/test/go.mod b/test/go.mod index e07521ef09ba..5a15655be1cd 100644 --- a/test/go.mod +++ b/test/go.mod @@ -29,7 +29,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.7.0 // indirect + cloud.google.com/go/compute v1.21.0 // indirect github.com/BurntSushi/toml v1.0.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -41,9 +41,9 @@ require ( github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coredns/caddy v1.1.0 // indirect - github.com/coredns/corefile-migration v1.0.18 // indirect + github.com/coredns/corefile-migration v1.0.20 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -61,7 +61,7 @@ require ( github.com/gobuffalo/flect v0.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/cel-go v0.12.4 // indirect github.com/google/gnostic v0.6.9 // indirect github.com/google/go-cmp v0.5.9 // indirect @@ -108,17 +108,17 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect - golang.org/x/crypto v0.3.0 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/test/go.sum b/test/go.sum index 35e9d5cd0031..1479489a0e02 100644 --- a/test/go.sum +++ b/test/go.sum @@ -43,6 +43,7 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -110,6 +111,7 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -127,6 +129,7 @@ github.com/coredns/caddy v1.1.0 h1:ezvsPrT/tA/7pYDBZxu0cT0VmWk75AfIaf6GSYCNMf0= github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= github.com/coredns/corefile-migration v1.0.18 h1:zs5PJm/VGZVje1ESRj6ZqyUuVsVfagExkbLU2QKV5mI= github.com/coredns/corefile-migration v1.0.18/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= +github.com/coredns/corefile-migration v1.0.20/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.1.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -252,6 +255,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -606,6 +610,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -696,6 +701,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -718,6 +724,7 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -810,11 +817,13 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -827,6 +836,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1029,6 +1039,7 @@ google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1077,6 +1088,7 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/util/annotations/helpers.go b/util/annotations/helpers.go index 0ec9ef9388ac..072dbd119e1c 100644 --- a/util/annotations/helpers.go +++ b/util/annotations/helpers.go @@ -38,6 +38,11 @@ func IsExternallyManaged(o metav1.Object) bool { return hasAnnotation(o, clusterv1.ManagedByAnnotation) } +// IsTakeOverCluster returns true if the object has the `managed-by` annotation. +func IsTakeOverCluster(o metav1.Object) bool { + return hasAnnotation(o, clusterv1.TakeOverCluster) +} + // HasPaused returns true if the object has the `paused` annotation. func HasPaused(o metav1.Object) bool { return hasAnnotation(o, clusterv1.PausedAnnotation) diff --git a/util/secret/certificates.go b/util/secret/certificates.go index e3aadfbc7a37..c017f5ea6f9c 100644 --- a/util/secret/certificates.go +++ b/util/secret/certificates.go @@ -24,6 +24,7 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/hex" + "fmt" "math/big" "path/filepath" "strings" @@ -238,6 +239,7 @@ func (c Certificates) EnsureAllExist() error { func (c Certificates) Generate() error { for _, certificate := range c { if certificate.KeyPair == nil { + fmt.Println("TESTING.... Generate new certificates") err := certificate.Generate() if err != nil { return err @@ -268,6 +270,7 @@ func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Cl return err } + fmt.Println("TESTING.... Generate new certificates if that don't exist") // Generate the certificates that don't exist if err := c.Generate(); err != nil { return err