From bc5425332fe82a3cd7f8301eb583f6ce31aab65b Mon Sep 17 00:00:00 2001 From: Lan Date: Sat, 16 Mar 2024 04:32:07 +0800 Subject: [PATCH 01/10] Remove deprecated v1alpha2 ClusterGroup API (#6049) Signed-off-by: Lan Luo --- build/charts/antrea/crds/clustergroup.yaml | 131 ------------- build/yamls/antrea-aks.yml | 131 ------------- build/yamls/antrea-crds.yml | 131 ------------- build/yamls/antrea-eks.yml | 131 ------------- build/yamls/antrea-gke.yml | 131 ------------- build/yamls/antrea-ipsec.yml | 131 ------------- build/yamls/antrea.yml | 131 ------------- docs/api.md | 155 +-------------- pkg/apis/crd/v1alpha2/register.go | 2 - pkg/apis/crd/v1alpha2/types.go | 88 --------- .../crd/v1alpha2/zz_generated.deepcopy.go | 155 +-------------- pkg/apiserver/apiserver.go | 3 - .../typed/crd/v1alpha2/clustergroup.go | 182 ------------------ .../typed/crd/v1alpha2/crd_client.go | 7 +- .../crd/v1alpha2/fake/fake_clustergroup.go | 131 ------------- .../crd/v1alpha2/fake/fake_crd_client.go | 6 +- .../typed/crd/v1alpha2/generated_expansion.go | 4 +- .../crd/v1alpha2/clustergroup.go | 87 --------- .../crd/v1alpha2/interface.go | 9 +- .../informers/externalversions/generic.go | 4 +- .../listers/crd/v1alpha2/clustergroup.go | 66 ------- .../crd/v1alpha2/expansion_generated.go | 6 +- pkg/controller/networkpolicy/convert.go | 69 ------- 23 files changed, 8 insertions(+), 1883 deletions(-) delete mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/clustergroup.go delete mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_clustergroup.go delete mode 100644 pkg/client/informers/externalversions/crd/v1alpha2/clustergroup.go delete mode 100644 pkg/client/listers/crd/v1alpha2/clustergroup.go delete mode 100644 pkg/controller/networkpolicy/convert.go diff --git a/build/charts/antrea/crds/clustergroup.yaml b/build/charts/antrea/crds/clustergroup.yaml index 34734c27668..4ff7eaf5b9d 100644 --- a/build/charts/antrea/crds/clustergroup.yaml +++ b/build/charts/antrea/crds/clustergroup.yaml @@ -4,131 +4,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -372,15 +250,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 37e6d72090a..0995e0d35af 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -308,131 +308,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -676,15 +554,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml index 8add48f23b2..584c14ad030 100644 --- a/build/yamls/antrea-crds.yml +++ b/build/yamls/antrea-crds.yml @@ -303,131 +303,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -671,15 +549,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 042e024bd51..5d15e3393cc 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -308,131 +308,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -676,15 +554,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 1b99926c067..5aadc9f617f 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -308,131 +308,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -676,15 +554,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 8c57461c306..928683a4a9a 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -308,131 +308,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -676,15 +554,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index d7807bd6018..e921a844e6e 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -308,131 +308,9 @@ metadata: name: clustergroups.crd.antrea.io labels: app: antrea - served-by: antrea-controller spec: group: crd.antrea.io versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string - status: - type: object - properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - name: v1alpha3 served: true storage: false @@ -676,15 +554,6 @@ spec: type: string subresources: status: { } - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: "antrea" - namespace: "kube-system" - path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups diff --git a/docs/api.md b/docs/api.md index b0eceb221f5..6d039cea37e 100644 --- a/docs/api.md +++ b/docs/api.md @@ -28,7 +28,6 @@ These are the CRDs currently available in `crd.antrea.io`. |---|---|---|---|---| | `AntreaAgentInfo` | v1beta1 | v1.0.0 | N/A | N/A | | `AntreaControllerInfo` | v1beta1 | v1.0.0 | N/A | N/A | -| `ClusterGroup` | v1alpha2 | v1.0.0 | v1.1.0 | v2.0.0 | | `ClusterGroup` | v1alpha3 | v1.1.0 | v1.13.0 | N/A | | `ClusterGroup` | v1beta1 | v1.13.0 | N/A | N/A | | `ClusterNetworkPolicy` | v1alpha1 | v1.0.0 | v1.13.0 | N/A | @@ -81,156 +80,4 @@ These are the API group versions which are currently available when using Antrea | CRD | CRD version | Introduced in | Deprecated in | Removed in | |---|---|---|---|---| - -## API renaming from `*.antrea.tanzu.vmware.com` to `*.antrea.io` - -For the v1.0 release, we undertook to rename all Antrea APIs to use the -`antrea.io` suffix instead of the `antrea.tanzu.vmware.com` suffix. For more -information about the motivations behind this undertaking, please refer to -[Github issue #1715](https://github.com/antrea-io/antrea/issues/1715). - -From the v1.6 release, all legacy APIs (ending with the -`antrea.tanzu.vmware.com` suffix) have been completely removed. If you are -running an Antrea version older than v1.0 and you want to upgrade to Antrea v1.6 -or greater and migrate your API resources, you will first need to do an -intermediate upgrade to an Antrea version >= v1.0 and <= v1.5. You will then be -able to migrate all your API resources to the new (`*.antrea.io`) API, by -following the steps below. Finally, you will be able to upgrade to your desired -Antrea version (>= v1.6). - -As part of the API renaming, and to avoid proliferation of API groups, we have -decided to group all the Custom Resource Definitions (CRDs) defined by Antrea in -a single API group: `crd.antrea.io`. - -To avoid disruptions to existing Antrea users, our requirements for this -renaming process were as follows: - -1. As per our [upgrade - policy](versioning.md#antrea-upgrade-and-supported-version-skew), older - Agents need to be able to communicate with a new upgraded Controller, using - the old `controlplane.antrea.tanzu.vmware.com` API. Once both the Controller - and the Agent are upgraded, they communicate using `controlplane.antrea.io`. -2. API Services can be accessed using either API version. -3. After upgrade, Custom Resources can be managed using either API - version. Resources created using the old API (before or after upgrade) can be - accessed using the new API (or the old one). -4. For each resource in each API group, the new resource type should be - backward-compatible with the old resource type, and, whenever possible, - forward-compatible. This simplifies the upgrade of existing client - applications which leverage the Antrea API. These applications can be easily - upgraded to use the new API version, with no change to the business - logic. Custom Resources created before upgrading the application can be - accessed through the new API with no loss of information. - -To achieve our 3rd goal, we introduced a new Kubernetes controller in the Antrea -Controller, in charge of mirroring "old" Custom Resources (created using the -`*.antrea.tanzu.vmware.com` API groups) to the new (`*.antrea.io`) API. This new -mirroring controller is enabled by default, but can be disabled by setting -`legacyCRDMirroring` to `false` in the `antrea-controller` configuration -options. Thanks to this controller, the Antrea components (Agent and Controller) -only need to watch Custom Resources created with the new API group. If any -client still uses the old (or "legacy") API groups, these Custom Resources will -be mirrored to the new API group and handled as expected. - -The mirroring controller behaves as follows: - -* If a Custom Resource is created with the legacy API, it will create a new - Custom Resource with the same `Spec` and `Labels` as the legacy one. -* Any update to the `Spec` and / or `Labels` of the legacy Custom Resource will - be reflected identically in the new Custom Resource. -* Any update to the `Status` of the new mirrored Custom Resource (assuming it - has a `Status` field) will be reflected back identically in the legacy Custom - Resource. -* If the legacy Custom Resource is deleted, the mirrored one will be deleted - automatically as well. -* Manual updates to new mirrored Custom Resources will be overwritten by the - controller. -* If a legacy Custom Resource is annotated with `"crd.antrea.io/stop-mirror"`, - it will then be ignored, and updates to the corresponding new Custom - Resource will no longer be overwritten. - -This gives us the following upgrade sequence for a client application which uses -the legacy Antrea CRDs: - -1. Ensure that Antrea has been upgraded in the cluster to a version greater than - or equal to v1.0, and that legacy CRD mirroring is enabled (this is the case - by default). - -2. Check that all Custom Resources have been mirrored. All the new ones should - be annotated with `"crd.antrea.io/managed-by": - "crdmirroring-controller"`. The first command below will display all the - legacy AntreaNetworkPolicies (ANPs). The second one will display all the ones - which exist in the new `crd.antrea.io` API group. You can then compare the - two lists. - - ```bash - kubectl get lanp.security.antrea.tanzu.vmware.com -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' - kubectl get anp.crd.antrea.io -o jsonpath='{range .items[?(@.metadata.annotations.crd\.antrea\.io/managed-by=="crdmirroring-controller")]}{.metadata.name}{"\n"}{end}' - ``` - -3. Stop the old version of the application, which uses the legacy CRDs. - -4. Annotate all existing Custom Resources managed by the application with - `"crd.antrea.io/stop-mirror"`. From now on, the mirroring controller will - ignore these legacy resources: updates to the legacy resources (including - deletions) are not applied to the corresponding new resource any more, and - changes to the new resources are now possible (they will not be overwritten - by the controller). As an example, the command below will annotate *all* ANPs - in the current Namespace with `"crd.antrea.io/stop-mirror"`. - - ```bash - kubectl annotate lanp.security.antrea.tanzu.vmware.com --all crd.antrea.io/stop-mirror='' - ``` - -5. Check that none of the new Custom Resources still have the - `"crd.antrea.io/managed-by": "crdmirroring-controller"` annotation. Running - the same command as before should return an empty list: - - ```bash - kubectl get anp.crd.antrea.io -o jsonpath='{range .items[?(@.metadata.annotations.crd\.antrea\.io/managed-by=="crdmirroring-controller")]}{.metadata.name}{"\n"}{end}' - ``` - - If you remove the filter, all your ANPs should still exist: - - ```bash - kubectl get anp.crd.antrea.io -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' - ``` - -6. Safely delete all legacy CRDs previously managed by the application. As an - example, the command below will delete *all* legacy ANPs in the current - Namespace: - - ```bash - kubectl delete lanp.security.antrea.tanzu.vmware.com - ``` - - Once again, all new ANPs should still exist, which can be confirmed with: - - ```bash - kubectl get anp.crd.antrea.io -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' - ``` - -7. Start the new version of the application, which uses the new CRDs. All - mirrored Custom Resources should be available for the application to access. - -8. At this stage, if all applications have been updated, legacy CRD mirroring - can be disabled in the Antrea Controller configuration. - -Note that for CRDs which are "owned" by Antrea, `AntreaAgentInfo` and -`AntreaControllerInfo`, resources are automatically created by the Antrea -components using both API versions. - -### Deleting legacy Kubernetes resources after an upgrade - -After a successful upgrade from Antrea < v1.6 to Antrea >= v1.6, you may want to -manually clean up legacy Kubernetes resources which were created by an old -Antrea version but are no longer needed. Note that keeping these resource will -not impact any Antrea functions. - -To delete these legacy resources (CRDs and webhooks), run: - -```bash -kubectl get crds -o=name --no-headers=true | grep "antrea\.tanzu\.vmware\.com" | xargs -r kubectl delete -kubectl get mutatingwebhookconfigurations -o=name --no-headers=true | grep "antrea\.tanzu\.vmware\.com" | xargs -r kubectl delete -kubectl get validatingwebhookconfigurations -o=name --no-headers=true | grep "antrea\.tanzu\.vmware\.com" | xargs -r kubectl delete -``` +| `ClusterGroup` | v1alpha2 | v1.0.0 | v1.1.0 | v2.0.0 | diff --git a/pkg/apis/crd/v1alpha2/register.go b/pkg/apis/crd/v1alpha2/register.go index 0ea568f710f..56e0777d2f7 100644 --- a/pkg/apis/crd/v1alpha2/register.go +++ b/pkg/apis/crd/v1alpha2/register.go @@ -46,8 +46,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &ExternalEntity{}, &ExternalEntityList{}, - &ClusterGroup{}, - &ClusterGroupList{}, &Egress{}, &EgressList{}, &ExternalIPPool{}, diff --git a/pkg/apis/crd/v1alpha2/types.go b/pkg/apis/crd/v1alpha2/types.go index 6de016631b1..ad67d8004bd 100644 --- a/pkg/apis/crd/v1alpha2/types.go +++ b/pkg/apis/crd/v1alpha2/types.go @@ -17,8 +17,6 @@ package v1alpha2 import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "antrea.io/antrea/pkg/apis/crd/v1alpha1" ) // +genclient @@ -77,92 +75,6 @@ type ExternalEntityList struct { Items []ExternalEntity `json:"items,omitempty"` } -// ClusterGroupReference represent reference to a ClusterGroup. -type ClusterGroupReference string - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ClusterGroup struct { - metav1.TypeMeta `json:",inline"` - // Standard metadata of the object. - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Desired state of the group. - Spec GroupSpec `json:"spec"` - // Most recently observed status of the group. - Status GroupStatus `json:"status"` -} - -type GroupSpec struct { - // Select Pods matching the labels set in the PodSelector in - // AppliedTo/To/From fields. If set with NamespaceSelector, Pods are - // matched from Namespaces matched by the NamespaceSelector. - // Cannot be set with any other selector except NamespaceSelector. - // +optional - PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"` - // Select all Pods from Namespaces matched by this selector, as - // workloads in AppliedTo/To/From fields. If set with PodSelector, - // Pods are matched from Namespaces matched by the NamespaceSelector. - // Cannot be set with any other selector except PodSelector. - // +optional - NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` - // IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. - // IPBlock cannot be set as part of the AppliedTo field. - // Cannot be set with any other selector or ServiceReference. - // Cannot be set with IPBlocks. - // +optional - IPBlock *v1alpha1.IPBlock `json:"ipBlock,omitempty"` - // IPBlocks is a list of IPAddresses/IPBlocks that is matched in to/from. - // IPBlock cannot be set as part of the AppliedTo field. - // Cannot be set with any other selector or ServiceReference. - // Cannot be set with IPBlock. - // +optional - IPBlocks []v1alpha1.IPBlock `json:"ipBlocks,omitempty"` - // Select backend Pods of the referred Service. - // Cannot be set with any other selector or ipBlock. - // +optional - ServiceReference *v1alpha1.NamespacedName `json:"serviceReference,omitempty"` - // Select ExternalEntities from all Namespaces as workloads - // in AppliedTo/To/From fields. If set with NamespaceSelector, - // ExternalEntities are matched from Namespaces matched by the - // NamespaceSelector. - // Cannot be set with any other selector except NamespaceSelector. - // +optional - ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"` - // Select other ClusterGroups by name. The ClusterGroups must already - // exist and must not contain ChildGroups themselves. - // Cannot be set with any selector/IPBlock/ServiceReference. - // +optional - ChildGroups []ClusterGroupReference `json:"childGroups,omitempty"` -} - -type GroupConditionType string - -const GroupMembersComputed GroupConditionType = "GroupMembersComputed" - -type GroupCondition struct { - Type GroupConditionType `json:"type"` - Status v1.ConditionStatus `json:"status"` - LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` -} - -// GroupStatus represents information about the status of a Group. -type GroupStatus struct { - Conditions []GroupCondition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ClusterGroupList struct { - metav1.TypeMeta `json:",inline"` - // +optional - metav1.ListMeta `json:"metadata,omitempty"` - - Items []ClusterGroup `json:"items,omitempty"` -} - // AppliedTo selects the entities to which a policy is applied. type AppliedTo struct { // Select Pods matched by this selector. If set with NamespaceSelector, diff --git a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go index 737aa9fb1c8..faacef4a4f1 100644 --- a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ package v1alpha2 import ( - v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -56,67 +55,6 @@ func (in *AppliedTo) DeepCopy() *AppliedTo { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterGroup) DeepCopyInto(out *ClusterGroup) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGroup. -func (in *ClusterGroup) DeepCopy() *ClusterGroup { - if in == nil { - return nil - } - out := new(ClusterGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterGroup) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterGroupList) DeepCopyInto(out *ClusterGroupList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterGroup, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGroupList. -func (in *ClusterGroupList) DeepCopy() *ClusterGroupList { - if in == nil { - return nil - } - out := new(ClusterGroupList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterGroupList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ERSPANTunnel) DeepCopyInto(out *ERSPANTunnel) { *out = *in @@ -504,97 +442,6 @@ func (in *GRETunnel) DeepCopy() *GRETunnel { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupCondition) DeepCopyInto(out *GroupCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupCondition. -func (in *GroupCondition) DeepCopy() *GroupCondition { - if in == nil { - return nil - } - out := new(GroupCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { - *out = *in - if in.PodSelector != nil { - in, out := &in.PodSelector, &out.PodSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.IPBlock != nil { - in, out := &in.IPBlock, &out.IPBlock - *out = new(v1alpha1.IPBlock) - **out = **in - } - if in.IPBlocks != nil { - in, out := &in.IPBlocks, &out.IPBlocks - *out = make([]v1alpha1.IPBlock, len(*in)) - copy(*out, *in) - } - if in.ServiceReference != nil { - in, out := &in.ServiceReference, &out.ServiceReference - *out = new(v1alpha1.NamespacedName) - **out = **in - } - if in.ExternalEntitySelector != nil { - in, out := &in.ExternalEntitySelector, &out.ExternalEntitySelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ChildGroups != nil { - in, out := &in.ChildGroups, &out.ChildGroups - *out = make([]ClusterGroupReference, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec. -func (in *GroupSpec) DeepCopy() *GroupSpec { - if in == nil { - return nil - } - out := new(GroupSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupStatus) DeepCopyInto(out *GroupStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]GroupCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus. -func (in *GroupStatus) DeepCopy() *GroupStatus { - if in == nil { - return nil - } - out := new(GroupStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPAddressOwner) DeepCopyInto(out *IPAddressOwner) { *out = *in diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 7056f7945de..b87cd9d524c 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -317,9 +317,6 @@ func installHandlers(c *ExtraConfig, s *genericapiserver.GenericAPIServer) { s.Handler.NonGoRestfulMux.HandleFunc("/validate/clustergroup", webhook.HandlerForValidateFunc(v.Validate)) s.Handler.NonGoRestfulMux.HandleFunc("/validate/group", webhook.HandlerForValidateFunc(v.Validate)) - // Install handlers for CRD conversion between versions - s.Handler.NonGoRestfulMux.HandleFunc("/convert/clustergroup", webhook.HandleCRDConversion(controllernetworkpolicy.ConvertClusterGroupCRD)) - // Install a post start hook to initialize Tiers on start-up s.AddPostStartHook("initialize-tiers", func(context genericapiserver.PostStartHookContext) error { go c.networkPolicyController.InitializeTiers() diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/clustergroup.go deleted file mode 100644 index 16fbad832f2..00000000000 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/clustergroup.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2021 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - "context" - "time" - - v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" - scheme "antrea.io/antrea/pkg/client/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// ClusterGroupsGetter has a method to return a ClusterGroupInterface. -// A group's client should implement this interface. -type ClusterGroupsGetter interface { - ClusterGroups() ClusterGroupInterface -} - -// ClusterGroupInterface has methods to work with ClusterGroup resources. -type ClusterGroupInterface interface { - Create(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.CreateOptions) (*v1alpha2.ClusterGroup, error) - Update(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (*v1alpha2.ClusterGroup, error) - UpdateStatus(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (*v1alpha2.ClusterGroup, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ClusterGroup, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ClusterGroupList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterGroup, err error) - ClusterGroupExpansion -} - -// clusterGroups implements ClusterGroupInterface -type clusterGroups struct { - client rest.Interface -} - -// newClusterGroups returns a ClusterGroups -func newClusterGroups(c *CrdV1alpha2Client) *clusterGroups { - return &clusterGroups{ - client: c.RESTClient(), - } -} - -// Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. -func (c *clusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterGroup, err error) { - result = &v1alpha2.ClusterGroup{} - err = c.client.Get(). - Resource("clustergroups"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ClusterGroups that match those selectors. -func (c *clusterGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterGroupList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha2.ClusterGroupList{} - err = c.client.Get(). - Resource("clustergroups"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested clusterGroups. -func (c *clusterGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("clustergroups"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a clusterGroup and creates it. Returns the server's representation of the clusterGroup, and an error, if there is any. -func (c *clusterGroups) Create(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.CreateOptions) (result *v1alpha2.ClusterGroup, err error) { - result = &v1alpha2.ClusterGroup{} - err = c.client.Post(). - Resource("clustergroups"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterGroup). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a clusterGroup and updates it. Returns the server's representation of the clusterGroup, and an error, if there is any. -func (c *clusterGroups) Update(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha2.ClusterGroup, err error) { - result = &v1alpha2.ClusterGroup{} - err = c.client.Put(). - Resource("clustergroups"). - Name(clusterGroup.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterGroup). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *clusterGroups) UpdateStatus(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha2.ClusterGroup, err error) { - result = &v1alpha2.ClusterGroup{} - err = c.client.Put(). - Resource("clustergroups"). - Name(clusterGroup.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterGroup). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the clusterGroup and deletes it. Returns an error if one occurs. -func (c *clusterGroups) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("clustergroups"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *clusterGroups) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("clustergroups"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched clusterGroup. -func (c *clusterGroups) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterGroup, err error) { - result = &v1alpha2.ClusterGroup{} - err = c.client.Patch(pt). - Resource("clustergroups"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go index b486fca3717..a688d2d2816 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -26,7 +26,6 @@ import ( type CrdV1alpha2Interface interface { RESTClient() rest.Interface - ClusterGroupsGetter EgressesGetter ExternalEntitiesGetter ExternalIPPoolsGetter @@ -39,10 +38,6 @@ type CrdV1alpha2Client struct { restClient rest.Interface } -func (c *CrdV1alpha2Client) ClusterGroups() ClusterGroupInterface { - return newClusterGroups(c) -} - func (c *CrdV1alpha2Client) Egresses() EgressInterface { return newEgresses(c) } diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_clustergroup.go deleted file mode 100644 index 750a9492a2b..00000000000 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_clustergroup.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright 2022 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeClusterGroups implements ClusterGroupInterface -type FakeClusterGroups struct { - Fake *FakeCrdV1alpha2 -} - -var clustergroupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "clustergroups"} - -var clustergroupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "ClusterGroup"} - -// Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. -func (c *FakeClusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterGroup, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(clustergroupsResource, name), &v1alpha2.ClusterGroup{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha2.ClusterGroup), err -} - -// List takes label and field selectors, and returns the list of ClusterGroups that match those selectors. -func (c *FakeClusterGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterGroupList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(clustergroupsResource, clustergroupsKind, opts), &v1alpha2.ClusterGroupList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha2.ClusterGroupList{ListMeta: obj.(*v1alpha2.ClusterGroupList).ListMeta} - for _, item := range obj.(*v1alpha2.ClusterGroupList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested clusterGroups. -func (c *FakeClusterGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(clustergroupsResource, opts)) -} - -// Create takes the representation of a clusterGroup and creates it. Returns the server's representation of the clusterGroup, and an error, if there is any. -func (c *FakeClusterGroups) Create(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.CreateOptions) (result *v1alpha2.ClusterGroup, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(clustergroupsResource, clusterGroup), &v1alpha2.ClusterGroup{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha2.ClusterGroup), err -} - -// Update takes the representation of a clusterGroup and updates it. Returns the server's representation of the clusterGroup, and an error, if there is any. -func (c *FakeClusterGroups) Update(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha2.ClusterGroup, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(clustergroupsResource, clusterGroup), &v1alpha2.ClusterGroup{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha2.ClusterGroup), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeClusterGroups) UpdateStatus(ctx context.Context, clusterGroup *v1alpha2.ClusterGroup, opts v1.UpdateOptions) (*v1alpha2.ClusterGroup, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(clustergroupsResource, "status", clusterGroup), &v1alpha2.ClusterGroup{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha2.ClusterGroup), err -} - -// Delete takes name of the clusterGroup and deletes it. Returns an error if one occurs. -func (c *FakeClusterGroups) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteActionWithOptions(clustergroupsResource, name, opts), &v1alpha2.ClusterGroup{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeClusterGroups) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(clustergroupsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha2.ClusterGroupList{}) - return err -} - -// Patch applies the patch and returns the patched clusterGroup. -func (c *FakeClusterGroups) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterGroup, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(clustergroupsResource, name, pt, data, subresources...), &v1alpha2.ClusterGroup{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha2.ClusterGroup), err -} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go index 9e616b87e44..37c4d039032 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -26,10 +26,6 @@ type FakeCrdV1alpha2 struct { *testing.Fake } -func (c *FakeCrdV1alpha2) ClusterGroups() v1alpha2.ClusterGroupInterface { - return &FakeClusterGroups{c} -} - func (c *FakeCrdV1alpha2) Egresses() v1alpha2.EgressInterface { return &FakeEgresses{c} } diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go index 83ac45a1e33..fab8277a83c 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,8 +16,6 @@ package v1alpha2 -type ClusterGroupExpansion interface{} - type EgressExpansion interface{} type ExternalEntityExpansion interface{} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/clustergroup.go b/pkg/client/informers/externalversions/crd/v1alpha2/clustergroup.go deleted file mode 100644 index 14bc4344bf2..00000000000 --- a/pkg/client/informers/externalversions/crd/v1alpha2/clustergroup.go +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2021 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - "context" - time "time" - - crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" - versioned "antrea.io/antrea/pkg/client/clientset/versioned" - internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" - v1alpha2 "antrea.io/antrea/pkg/client/listers/crd/v1alpha2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterGroupInformer provides access to a shared informer and lister for -// ClusterGroups. -type ClusterGroupInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha2.ClusterGroupLister -} - -type clusterGroupInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterGroupInformer constructs a new informer for ClusterGroup type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterGroupInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterGroupInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterGroupInformer constructs a new informer for ClusterGroup type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterGroupInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CrdV1alpha2().ClusterGroups().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CrdV1alpha2().ClusterGroups().Watch(context.TODO(), options) - }, - }, - &crdv1alpha2.ClusterGroup{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterGroupInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterGroupInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterGroupInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&crdv1alpha2.ClusterGroup{}, f.defaultInformer) -} - -func (f *clusterGroupInformer) Lister() v1alpha2.ClusterGroupLister { - return v1alpha2.NewClusterGroupLister(f.Informer().GetIndexer()) -} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go index a15d69484b0..9422cd985f1 100644 --- a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go +++ b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,8 +22,6 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // ClusterGroups returns a ClusterGroupInformer. - ClusterGroups() ClusterGroupInformer // Egresses returns a EgressInformer. Egresses() EgressInformer // ExternalEntities returns a ExternalEntityInformer. @@ -47,11 +45,6 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// ClusterGroups returns a ClusterGroupInformer. -func (v *version) ClusterGroups() ClusterGroupInformer { - return &clusterGroupInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // Egresses returns a EgressInformer. func (v *version) Egresses() EgressInformer { return &egressInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index b5e7ce3c762..e3f7e903ce7 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -68,8 +68,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha1().Traceflows().Informer()}, nil // Group=crd.antrea.io, Version=v1alpha2 - case v1alpha2.SchemeGroupVersion.WithResource("clustergroups"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().ClusterGroups().Informer()}, nil case v1alpha2.SchemeGroupVersion.WithResource("egresses"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().Egresses().Informer()}, nil case v1alpha2.SchemeGroupVersion.WithResource("externalentities"): diff --git a/pkg/client/listers/crd/v1alpha2/clustergroup.go b/pkg/client/listers/crd/v1alpha2/clustergroup.go deleted file mode 100644 index 68be2b49da5..00000000000 --- a/pkg/client/listers/crd/v1alpha2/clustergroup.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright 2021 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha2 - -import ( - v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterGroupLister helps list ClusterGroups. -// All objects returned here must be treated as read-only. -type ClusterGroupLister interface { - // List lists all ClusterGroups in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha2.ClusterGroup, err error) - // Get retrieves the ClusterGroup from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha2.ClusterGroup, error) - ClusterGroupListerExpansion -} - -// clusterGroupLister implements the ClusterGroupLister interface. -type clusterGroupLister struct { - indexer cache.Indexer -} - -// NewClusterGroupLister returns a new ClusterGroupLister. -func NewClusterGroupLister(indexer cache.Indexer) ClusterGroupLister { - return &clusterGroupLister{indexer: indexer} -} - -// List lists all ClusterGroups in the indexer. -func (s *clusterGroupLister) List(selector labels.Selector) (ret []*v1alpha2.ClusterGroup, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha2.ClusterGroup)) - }) - return ret, err -} - -// Get retrieves the ClusterGroup from the index for a given name. -func (s *clusterGroupLister) Get(name string) (*v1alpha2.ClusterGroup, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha2.Resource("clustergroup"), name) - } - return obj.(*v1alpha2.ClusterGroup), nil -} diff --git a/pkg/client/listers/crd/v1alpha2/expansion_generated.go b/pkg/client/listers/crd/v1alpha2/expansion_generated.go index 6cc05d345cb..be752c2fa33 100644 --- a/pkg/client/listers/crd/v1alpha2/expansion_generated.go +++ b/pkg/client/listers/crd/v1alpha2/expansion_generated.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,10 +16,6 @@ package v1alpha2 -// ClusterGroupListerExpansion allows custom methods to be added to -// ClusterGroupLister. -type ClusterGroupListerExpansion interface{} - // EgressListerExpansion allows custom methods to be added to // EgressLister. type EgressListerExpansion interface{} diff --git a/pkg/controller/networkpolicy/convert.go b/pkg/controller/networkpolicy/convert.go deleted file mode 100644 index 50ca307d7f6..00000000000 --- a/pkg/controller/networkpolicy/convert.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2021 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package networkpolicy - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/klog/v2" -) - -func statusErrorWithMessage(msg string, params ...interface{}) metav1.Status { - return metav1.Status{ - Message: fmt.Sprintf(msg, params...), - Status: metav1.StatusFailure, - } -} - -func ConvertClusterGroupCRD(Object *unstructured.Unstructured, toVersion string) (*unstructured.Unstructured, metav1.Status) { - klog.V(2).Infof("Converting CRD for ClusterGroup %s", Object.GetName()) - convertedObject := Object.DeepCopy() - fromVersion := Object.GetAPIVersion() - if toVersion == fromVersion { - return nil, statusErrorWithMessage("conversion from a version to itself should not call the webhook: %s", toVersion) - } - switch Object.GetAPIVersion() { - case "crd.antrea.io/v1alpha2": - switch toVersion { - case "crd.antrea.io/v1alpha3", "crd.antrea.io/v1beta1": - ipb, found, err := unstructured.NestedMap(convertedObject.Object, "spec", "ipBlock") - if err == nil && found && len(ipb) > 0 { - unstructured.RemoveNestedField(convertedObject.Object, "spec", "ipBlock") - // unstructured.SetNestedSlice expects a slice of interface as value - ipBlocks := make([]interface{}, 1) - ipBlocks[0] = ipb - unstructured.SetNestedSlice(convertedObject.Object, ipBlocks, "spec", "ipBlocks") - } - default: - return nil, statusErrorWithMessage("unexpected conversion version %q", toVersion) - } - case "crd.antrea.io/v1alpha3", "crd.antrea.io/v1beta1": - switch toVersion { - case "crd.antrea.io/v1alpha2", "crd.antrea.io/v1alpha3", "crd.antrea.io/v1beta1": - return convertedObject, metav1.Status{ - Status: metav1.StatusSuccess, - } - default: - return nil, statusErrorWithMessage("unexpected conversion version %q", toVersion) - } - default: - return nil, statusErrorWithMessage("unexpected conversion version %q", fromVersion) - } - return convertedObject, metav1.Status{ - Status: metav1.StatusSuccess, - } -} From 59f642a27a786c683dddaab7a9c1bd1b4a1f477a Mon Sep 17 00:00:00 2001 From: Dyanngg Date: Tue, 19 Mar 2024 01:42:53 -0700 Subject: [PATCH 02/10] SameLabels support for ACNP peer Namespace selection (#4537) This PR adds the `sameLabels` field in ACNP peer's namespaces. The usecase for this field is to allow cluster admins to create ACNPs that isolate Namespaces based on their label values. For example, if there are numerous Namespaces in the cluster that has label tier=production and other Namespaces with label tier=dev, admins can create a single ACNP that says the production Namespaces can only communicate within themselves, and same for the dev Namespaces. Signed-off-by: Dyanngg --- .../antrea/crds/clusternetworkpolicy.yaml | 16 +- build/yamls/antrea-aks.yml | 16 +- build/yamls/antrea-crds.yml | 16 +- build/yamls/antrea-eks.yml | 16 +- build/yamls/antrea-gke.yml | 16 +- build/yamls/antrea-ipsec.yml | 16 +- build/yamls/antrea.yml | 16 +- .../antrea-multicluster-leader-global.yml | 96 +- .../yamls/antrea-multicluster-leader.yml | 96 +- ...cluster.crd.antrea.io_resourceexports.yaml | 48 +- ...cluster.crd.antrea.io_resourceimports.yaml | 48 +- multicluster/test/e2e/antreapolicy_test.go | 14 +- pkg/apis/crd/v1beta1/types.go | 6 + pkg/apis/crd/v1beta1/zz_generated.deepcopy.go | 7 +- pkg/apiserver/openapi/zz_generated.openapi.go | 23 +- .../networkpolicy/clusternetworkpolicy.go | 268 ++- .../clusternetworkpolicy_test.go | 229 +- .../networkpolicy/networkpolicy_controller.go | 17 +- pkg/controller/networkpolicy/validate.go | 10 + pkg/controller/networkpolicy/validate_test.go | 59 + test/e2e/antreaipam_anp_test.go | 60 +- test/e2e/antreapolicy_test.go | 2106 +++++++++-------- test/e2e/clustergroup_test.go | 14 +- test/e2e/group_test.go | 40 +- test/e2e/k8s_util.go | 54 +- test/e2e/nodenetworkpolicy_test.go | 444 ++-- test/e2e/reachability.go | 20 + test/e2e/utils/cnp_spec_builder.go | 17 +- 28 files changed, 2305 insertions(+), 1483 deletions(-) diff --git a/build/charts/antrea/crds/clusternetworkpolicy.yaml b/build/charts/antrea/crds/clusternetworkpolicy.yaml index 44236e82f32..a6e2cca2530 100644 --- a/build/charts/antrea/crds/clusternetworkpolicy.yaml +++ b/build/charts/antrea/crds/clusternetworkpolicy.yaml @@ -1076,11 +1076,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1352,11 +1358,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 0995e0d35af..f4bc9bb2162 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -1642,11 +1642,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1918,11 +1924,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml index 584c14ad030..e0497dcf8b2 100644 --- a/build/yamls/antrea-crds.yml +++ b/build/yamls/antrea-crds.yml @@ -1635,11 +1635,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1911,11 +1917,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 5d15e3393cc..bec701d3056 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -1642,11 +1642,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1918,11 +1924,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 5aadc9f617f..a4ae810f7b0 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -1642,11 +1642,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1918,11 +1924,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 928683a4a9a..393cb59da0a 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -1642,11 +1642,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1918,11 +1924,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index e921a844e6e..2451670ca39 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -1642,11 +1642,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1918,11 +1924,17 @@ spec: type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: diff --git a/multicluster/build/yamls/antrea-multicluster-leader-global.yml b/multicluster/build/yamls/antrea-multicluster-leader-global.yml index ca5fcd07e5b..7cb1e1ab4a1 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader-global.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader-global.yml @@ -1143,9 +1143,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1550,9 +1558,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2107,9 +2123,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2514,9 +2538,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -4054,9 +4086,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -4461,9 +4501,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -5018,9 +5066,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -5425,9 +5481,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the diff --git a/multicluster/build/yamls/antrea-multicluster-leader.yml b/multicluster/build/yamls/antrea-multicluster-leader.yml index 8c8a4c10ad8..38f2c43342c 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader.yml @@ -1143,9 +1143,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1550,9 +1558,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2107,9 +2123,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2514,9 +2538,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -4054,9 +4086,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -4461,9 +4501,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -5018,9 +5066,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -5425,9 +5481,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml index 9140f80d34f..4bd6104aace 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml @@ -733,9 +733,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1140,9 +1148,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1697,9 +1713,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2104,9 +2128,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml index fafe9bec89f..4c5fe68f0a6 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml @@ -731,9 +731,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1138,9 +1146,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -1695,9 +1711,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the @@ -2102,9 +2126,17 @@ spec: ingress/egress rules. Cannot be set with NamespaceSelector.' properties: match: - description: NamespaceMatchType describes Namespace - matching strategy. + description: Selects from the same Namespace of + the appliedTo workloads. type: string + sameLabels: + description: Selects Namespaces that share the + same values for the given set of label keys + with the appliedTo Namespace. Namespaces must + have all the label keys. + items: + type: string + type: array type: object nodeSelector: description: Select certain Nodes which match the diff --git a/multicluster/test/e2e/antreapolicy_test.go b/multicluster/test/e2e/antreapolicy_test.go index e35d6b8e5a0..9bb2f5ad79b 100644 --- a/multicluster/test/e2e/antreapolicy_test.go +++ b/multicluster/test/e2e/antreapolicy_test.go @@ -35,7 +35,7 @@ const ( var ( allPodsPerCluster []antreae2e.Pod perNamespacePods []string - perClusterNamespaces map[string]string + perClusterNamespaces map[string]antreae2e.TestNamespaceMeta podsByNamespace map[string][]antreae2e.Pod clusterK8sUtilsMap map[string]*antreae2e.KubernetesUtils ) @@ -53,10 +53,10 @@ func failOnError(err error, t *testing.T) { // initializeForPolicyTest creates three Pods in three test Namespaces for each test cluster. func initializeForPolicyTest(t *testing.T, data *MCTestData) { perNamespacePods = []string{"a", "b", "c"} - perClusterNamespaces = make(map[string]string) - perClusterNamespaces["x"] = "x" - perClusterNamespaces["y"] = "y" - perClusterNamespaces["z"] = "z" + perClusterNamespaces = make(map[string]antreae2e.TestNamespaceMeta) + for _, ns := range []string{"x", "y", "z"} { + perClusterNamespaces[ns] = antreae2e.TestNamespaceMeta{Name: ns} + } allPodsPerCluster = []antreae2e.Pod{} podsByNamespace = make(map[string][]antreae2e.Pod) @@ -64,8 +64,8 @@ func initializeForPolicyTest(t *testing.T, data *MCTestData) { for _, podName := range perNamespacePods { for _, ns := range perClusterNamespaces { - allPodsPerCluster = append(allPodsPerCluster, antreae2e.NewPod(ns, podName)) - podsByNamespace[ns] = append(podsByNamespace[ns], antreae2e.NewPod(ns, podName)) + allPodsPerCluster = append(allPodsPerCluster, antreae2e.NewPod(ns.Name, podName)) + podsByNamespace[ns.Name] = append(podsByNamespace[ns.Name], antreae2e.NewPod(ns.Name, podName)) } } for clusterName := range data.clusterTestDataMap { diff --git a/pkg/apis/crd/v1beta1/types.go b/pkg/apis/crd/v1beta1/types.go index 46c1280d883..cdee4779428 100644 --- a/pkg/apis/crd/v1beta1/types.go +++ b/pkg/apis/crd/v1beta1/types.go @@ -626,8 +626,14 @@ type AppliedTo struct { NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"` } +// PeerNamespaces describes criteria for selecting Pod/ExternalEntity +// from matched Namespaces. Only one of the criteria can be set. type PeerNamespaces struct { + // Selects from the same Namespace of the appliedTo workloads. Match NamespaceMatchType `json:"match,omitempty"` + // Selects Namespaces that share the same values for the given set of label keys + // with the appliedTo Namespace. Namespaces must have all the label keys. + SameLabels []string `json:"sameLabels,omitempty"` } // NamespaceMatchType describes Namespace matching strategy. diff --git a/pkg/apis/crd/v1beta1/zz_generated.deepcopy.go b/pkg/apis/crd/v1beta1/zz_generated.deepcopy.go index 7cde65971e8..219658c1ed8 100644 --- a/pkg/apis/crd/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/crd/v1beta1/zz_generated.deepcopy.go @@ -1153,7 +1153,7 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) { if in.Namespaces != nil { in, out := &in.Namespaces, &out.Namespaces *out = new(PeerNamespaces) - **out = **in + (*in).DeepCopyInto(*out) } if in.ExternalEntitySelector != nil { in, out := &in.ExternalEntitySelector, &out.ExternalEntitySelector @@ -1400,6 +1400,11 @@ func (in *Packet) DeepCopy() *Packet { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PeerNamespaces) DeepCopyInto(out *PeerNamespaces) { *out = *in + if in.SameLabels != nil { + in, out := &in.SameLabels, &out.SameLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } return } diff --git a/pkg/apiserver/openapi/zz_generated.openapi.go b/pkg/apiserver/openapi/zz_generated.openapi.go index 22779c68457..9ba7fb82404 100644 --- a/pkg/apiserver/openapi/zz_generated.openapi.go +++ b/pkg/apiserver/openapi/zz_generated.openapi.go @@ -5221,12 +5221,29 @@ func schema_pkg_apis_crd_v1beta1_PeerNamespaces(ref common.ReferenceCallback) co return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "PeerNamespaces describes criteria for selecting Pod/ExternalEntity from matched Namespaces. Only one of the criteria can be set.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "match": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Selects from the same Namespace of the appliedTo workloads.", + Type: []string{"string"}, + Format: "", + }, + }, + "sameLabels": { + SchemaProps: spec.SchemaProps{ + Description: "Selects Namespaces that share the same values for the given set of label keys with the appliedTo Namespace. Namespaces must have all the label keys.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, diff --git a/pkg/controller/networkpolicy/clusternetworkpolicy.go b/pkg/controller/networkpolicy/clusternetworkpolicy.go index f711232bfa0..6e83f2a2f8c 100644 --- a/pkg/controller/networkpolicy/clusternetworkpolicy.go +++ b/pkg/controller/networkpolicy/clusternetworkpolicy.go @@ -16,6 +16,8 @@ package networkpolicy import ( "reflect" + "sort" + "strings" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -33,6 +35,10 @@ import ( utilsets "antrea.io/antrea/pkg/util/sets" ) +const ( + labelValueSeparator = "," +) + func getACNPReference(cnp *crdv1beta1.ClusterNetworkPolicy) *controlplane.NetworkPolicyReference { return &controlplane.NetworkPolicyReference{ Type: controlplane.AntreaClusterNetworkPolicy, @@ -111,7 +117,7 @@ func (n *NetworkPolicyController) filterPerNamespaceRuleACNPsByNSLabels(nsLabels peerNamespacesSelectorExists := func(peers []crdv1beta1.NetworkPolicyPeer) bool { for _, peer := range peers { - if peer.Namespaces != nil && peer.Namespaces.Match == crdv1beta1.NamespaceMatchSelf { + if peer.Namespaces != nil { return true } } @@ -119,16 +125,13 @@ func (n *NetworkPolicyController) filterPerNamespaceRuleACNPsByNSLabels(nsLabels } affectedPolicies := sets.New[string]() - objs, _ := n.acnpInformer.Informer().GetIndexer().ByIndex(perNamespaceRuleIndex, HasPerNamespaceRule) + objs, _ := n.acnpInformer.Informer().GetIndexer().ByIndex(perNamespaceRuleIndex, indexValueTrue) for _, obj := range objs { cnp := obj.(*crdv1beta1.ClusterNetworkPolicy) if affected := func() bool { if len(cnp.Spec.AppliedTo) > 0 { // The policy has only spec level AppliedTo. - if namespaceLabelMatches(cnp.Spec.AppliedTo) { - return true - } - return false + return namespaceLabelMatches(cnp.Spec.AppliedTo) } // The policy has rule level AppliedTo. // It needs to check each rule's peers. If any peer of the rule has PeerNamespaces selector and its @@ -151,6 +154,36 @@ func (n *NetworkPolicyController) filterPerNamespaceRuleACNPsByNSLabels(nsLabels return affectedPolicies } +// getACNPsWithRulesMatchingAnyLabelKey gets all ACNPs that have relevant rules based on Namespace label keys. +func (n *NetworkPolicyController) getACNPsWithRulesMatchingAnyLabelKey(labelKeys sets.Set[string]) sets.Set[string] { + matchedPolicyNames := sets.New[string]() + for k := range labelKeys { + objs, _ := n.acnpInformer.Informer().GetIndexer().ByIndex(namespaceRuleLabelKeyIndex, k) + for _, obj := range objs { + cnp := obj.(*crdv1beta1.ClusterNetworkPolicy) + matchedPolicyNames.Insert(cnp.Name) + } + } + return matchedPolicyNames +} + +// getACNPsWithRulesMatchingAnyUpdatedLabels gets all ACNPs that have rules based on Namespace +// label keys, which have changes in value across Namespace update. +func (n *NetworkPolicyController) getACNPsWithRulesMatchingAnyUpdatedLabels(oldNSLabels, newNSLabels map[string]string) sets.Set[string] { + updatedLabelKeys := sets.New[string]() + for k, v := range oldNSLabels { + if v2, ok := newNSLabels[k]; !ok || v2 != v { + updatedLabelKeys.Insert(k) + } + } + for k, v2 := range newNSLabels { + if v, ok := oldNSLabels[k]; !ok || v != v2 { + updatedLabelKeys.Insert(k) + } + } + return n.getACNPsWithRulesMatchingAnyLabelKey(updatedLabelKeys) +} + // addNamespace receives Namespace ADD events and triggers all ClusterNetworkPolicies that have a // per-namespace rule applied to this Namespace to be re-processed. func (n *NetworkPolicyController) addNamespace(obj interface{}) { @@ -179,6 +212,10 @@ func (n *NetworkPolicyController) updateNamespace(oldObj, curObj interface{}) { affectedACNPsByOldLabels := n.filterPerNamespaceRuleACNPsByNSLabels(oldNamespace.Labels) affectedACNPsByCurLabels := n.filterPerNamespaceRuleACNPsByNSLabels(curNamespace.Labels) affectedACNPs := utilsets.SymmetricDifferenceString(affectedACNPsByOldLabels, affectedACNPsByCurLabels) + // Any ACNPs that has Namespace label rules that refers to the label key set that has + // changed during the Namespace update will need to be re-processed. + acnpsWithRulesMatchingNSLabelKeys := n.getACNPsWithRulesMatchingAnyUpdatedLabels(oldNamespace.Labels, curNamespace.Labels) + affectedACNPs = affectedACNPs.Union(acnpsWithRulesMatchingNSLabelKeys) for cnpName := range affectedACNPs { // Ignore the ClusterNetworkPolicy if it has been removed during the process. if cnp, err := n.acnpLister.Get(cnpName); err == nil { @@ -336,9 +373,10 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl addressGroups := map[string]*antreatypes.AddressGroup{} // If appliedTo is set at spec level and the ACNP has per-namespace rules, then each appliedTo needs // to be split into appliedToGroups for each of its affected Namespace. - var clusterAppliedToAffectedNS []string - // atgForNamespace is the appliedToGroups split by Namespaces. - var atgForNamespace []*antreatypes.AppliedToGroup + atgPerAffectedNS := map[string]*antreatypes.AppliedToGroup{} + // When appliedTo is set at spec level and the ACNP has rules that select peer Namespaces by sameLabels, + // this field tracks the labels of all Namespaces selected by the appliedTo. + labelsPerAffectedNS := map[string]labels.Set{} // clusterSetScopeSelectorKeys keeps track of all the ClusterSet-scoped selector keys of the policy. // During policy peer processing, any ClusterSet-scoped selector will be registered with the // labelIdentityInterface and added to this set. By the end of the function, this set will @@ -349,15 +387,14 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl if at.ServiceAccount != nil { atg := n.createAppliedToGroup(at.ServiceAccount.Namespace, serviceAccountNameToPodSelector(at.ServiceAccount.Name), nil, nil, nil) appliedToGroups = mergeAppliedToGroups(appliedToGroups, atg) - clusterAppliedToAffectedNS = append(clusterAppliedToAffectedNS, at.ServiceAccount.Namespace) - atgForNamespace = append(atgForNamespace, atg) + atgPerAffectedNS[at.ServiceAccount.Namespace] = atg + labelsPerAffectedNS[at.ServiceAccount.Namespace] = n.getNamespaceLabels(at.ServiceAccount.Namespace) } else { - affectedNS := n.getAffectedNamespacesForAppliedTo(at) - for _, ns := range affectedNS { + labelsPerAffectedNS = n.getAffectedNamespacesForAppliedTo(at) + for ns := range labelsPerAffectedNS { atg := n.createAppliedToGroup(ns, at.PodSelector, nil, at.ExternalEntitySelector, nil) appliedToGroups = mergeAppliedToGroups(appliedToGroups, atg) - clusterAppliedToAffectedNS = append(clusterAppliedToAffectedNS, ns) - atgForNamespace = append(atgForNamespace, atg) + atgPerAffectedNS[ns] = atg } } } @@ -366,7 +403,7 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl processRules := func(cnpRules []crdv1beta1.Rule, direction controlplane.Direction) { for idx, cnpRule := range cnpRules { services, namedPortExists := toAntreaServicesForCRD(cnpRule.Ports, cnpRule.Protocols) - clusterPeers, perNSPeers := splitPeersByScope(cnpRule, direction) + clusterPeers, perNSPeers, nsLabelPeers := splitPeersByScope(cnpRule, direction) addRule := func(peer *controlplane.NetworkPolicyPeer, ruleAddressGroups []*antreatypes.AddressGroup, dir controlplane.Direction, ruleAppliedTos []*antreatypes.AppliedToGroup) { rule := controlplane.NetworkPolicyRule{ Direction: dir, @@ -390,7 +427,7 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl } // When a rule's NetworkPolicyPeer is empty, a cluster level rule should be created // with an Antrea peer matching all addresses. - if len(clusterPeers) > 0 || len(perNSPeers) == 0 { + if len(clusterPeers) > 0 || len(perNSPeers)+len(nsLabelPeers) == 0 { ruleAppliedTos := cnpRule.AppliedTo // For ACNPs that have per-namespace rules, cluster-level rules will be created with appliedTo // set as the spec appliedTo for each rule. @@ -412,11 +449,11 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl if len(perNSPeers) > 0 { if len(cnp.Spec.AppliedTo) > 0 { // Create a rule for each affected Namespace of appliedTo at spec level - for i := range clusterAppliedToAffectedNS { - klog.V(4).Infof("Adding a new per-namespace rule with appliedTo %v for rule %d of %s", clusterAppliedToAffectedNS[i], idx, cnp.Name) - peer, ags, selKeys := n.toNamespacedPeerForCRD(perNSPeers, cnp, clusterAppliedToAffectedNS[i]) + for ns, atg := range atgPerAffectedNS { + klog.V(4).Infof("Adding a new per-namespace rule with appliedTo %v for rule %d of %s", atg, idx, cnp.Name) + peer, ags, selKeys := n.toNamespacedPeerForCRD(perNSPeers, cnp, ns) clusterSetScopeSelectorKeys = clusterSetScopeSelectorKeys.Union(selKeys) - addRule(peer, ags, direction, []*antreatypes.AppliedToGroup{atgForNamespace[i]}) + addRule(peer, ags, direction, []*antreatypes.AppliedToGroup{atg}) } } else { // Create a rule for each affected Namespace of appliedTo at rule level @@ -429,7 +466,7 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl addRule(peer, ags, direction, []*antreatypes.AppliedToGroup{atg}) } else { affectedNS := n.getAffectedNamespacesForAppliedTo(at) - for _, ns := range affectedNS { + for ns := range affectedNS { atg := n.createAppliedToGroup(ns, at.PodSelector, nil, at.ExternalEntitySelector, nil) klog.V(4).Infof("Adding a new per-namespace rule with appliedTo %v for rule %d of %s", atg, idx, cnp.Name) peer, ags, selKeys := n.toNamespacedPeerForCRD(perNSPeers, cnp, ns) @@ -440,6 +477,43 @@ func (n *NetworkPolicyController) processClusterNetworkPolicy(cnp *crdv1beta1.Cl } } } + if len(nsLabelPeers) > 0 { + if len(cnp.Spec.AppliedTo) > 0 { + // All affected Namespaces and their labels are already stored in labelsPerAffectedNS + for _, peer := range nsLabelPeers { + nsGroupByLabelVal := groupNamespacesByLabelValue(labelsPerAffectedNS, peer.Namespaces.SameLabels) + for labelValues, groupedNamespaces := range nsGroupByLabelVal { + peer, atgs, ags, selKeys := n.toAntreaPeerForSameLabelNamespaces(peer, cnp, atgPerAffectedNS, labelValues, groupedNamespaces) + clusterSetScopeSelectorKeys = clusterSetScopeSelectorKeys.Union(selKeys) + addRule(peer, ags, direction, atgs) + } + } + } else { + atgPerRuleAffectedNS := map[string]*antreatypes.AppliedToGroup{} + labelsPerRuleAffectedNS := map[string]labels.Set{} + for _, at := range cnpRule.AppliedTo { + if at.ServiceAccount != nil { + atg := n.createAppliedToGroup(at.ServiceAccount.Namespace, serviceAccountNameToPodSelector(at.ServiceAccount.Name), nil, nil, nil) + atgPerRuleAffectedNS[at.ServiceAccount.Namespace] = atg + labelsPerRuleAffectedNS[at.ServiceAccount.Namespace] = n.getNamespaceLabels(at.ServiceAccount.Namespace) + } else { + labelsPerRuleAffectedNS = n.getAffectedNamespacesForAppliedTo(at) + for ns := range labelsPerRuleAffectedNS { + atg := n.createAppliedToGroup(ns, at.PodSelector, nil, at.ExternalEntitySelector, nil) + atgPerRuleAffectedNS[ns] = atg + } + } + } + for _, peer := range nsLabelPeers { + nsGroupByLabelVal := groupNamespacesByLabelValue(labelsPerRuleAffectedNS, peer.Namespaces.SameLabels) + for labelValues, groupedNamespaces := range nsGroupByLabelVal { + peer, atgs, ags, selKeys := n.toAntreaPeerForSameLabelNamespaces(peer, cnp, atgPerRuleAffectedNS, labelValues, groupedNamespaces) + clusterSetScopeSelectorKeys = clusterSetScopeSelectorKeys.Union(selKeys) + addRule(peer, ags, direction, atgs) + } + } + } + } } } // Compute NetworkPolicyRules for Ingress Rules. @@ -484,14 +558,14 @@ func serviceAccountNameToPodSelector(saName string) *metav1.LabelSelector { func hasPerNamespaceRule(cnp *crdv1beta1.ClusterNetworkPolicy) bool { for _, ingress := range cnp.Spec.Ingress { for _, peer := range ingress.From { - if peer.Namespaces != nil && peer.Namespaces.Match == crdv1beta1.NamespaceMatchSelf { + if peer.Namespaces != nil { return true } } } for _, egress := range cnp.Spec.Egress { for _, peer := range egress.To { - if peer.Namespaces != nil && peer.Namespaces.Match == crdv1beta1.NamespaceMatchSelf { + if peer.Namespaces != nil { return true } } @@ -499,6 +573,126 @@ func hasPerNamespaceRule(cnp *crdv1beta1.ClusterNetworkPolicy) bool { return false } +func namespaceRuleLabelKeys(cnp *crdv1beta1.ClusterNetworkPolicy) sets.Set[string] { + keys := sets.New[string]() + for _, ingress := range cnp.Spec.Ingress { + for _, peer := range ingress.From { + if peer.Namespaces != nil { + for _, k := range peer.Namespaces.SameLabels { + keys.Insert(k) + } + } + } + } + for _, egress := range cnp.Spec.Egress { + for _, peer := range egress.To { + if peer.Namespaces != nil { + for _, k := range peer.Namespaces.SameLabels { + keys.Insert(k) + } + } + } + } + return keys +} + +func (n *NetworkPolicyController) getNamespaceLabels(ns string) labels.Set { + namespace, err := n.namespaceLister.Get(ns) + if err != nil { + // The Namespace referred to (by ServiceAccount etc.) does not exist yet. + // ACNP will be re-queued once that Namespace event is received. + return labels.Set{} + } + return namespace.Labels +} + +// groupNamespaceByLabelValue groups Namespaces if they have the same label value for all the +// label keys listed. If a Namespace is missing at least one of the label keys, it will not +// be grouped. Example: +// +// ns1: app=web, tier=test, tenant=t1 +// ns2: app=web, tier=test, tenant=t2 +// ns3: app=web, tier=production, tenant=t1 +// ns4: app=web, tier=production, tenant=t2 +// ns5: app=db, tenant=t1 +// labelKeys = [app, tier] +// Result after grouping: +// "web,test,": [ns1, ns2] +// "web,production,": [ns3, ns4] +func groupNamespacesByLabelValue(affectedNSAndLabels map[string]labels.Set, labelKeys []string) map[string][]string { + nsGroupedByLabelVal := map[string][]string{} + for ns, nsLabels := range affectedNSAndLabels { + if groupKey := getLabelValues(nsLabels, labelKeys); groupKey != "" { + nsGroupedByLabelVal[groupKey] = append(nsGroupedByLabelVal[groupKey], ns) + } + } + return nsGroupedByLabelVal +} + +func getLabelValues(labels map[string]string, labelKeys []string) string { + key := "" + for _, k := range labelKeys { + if v, ok := labels[k]; !ok { + return "" + } else { + key += v + labelValueSeparator + } + } + return key +} + +// convertSameLabelsToSelector creates a LabelSelector based on a list of label keys +// and their expected values. +func convertSameLabelsToSelector(labelKeys []string, labelValues string) *metav1.LabelSelector { + labelValuesSep := strings.Split(labelValues, labelValueSeparator) + labelMatchCriteria := map[string]string{} + for i := range labelKeys { + labelMatchCriteria[labelKeys[i]] = labelValuesSep[i] + } + return &metav1.LabelSelector{ + MatchLabels: labelMatchCriteria, + } +} + +// toAntreaPeerForSameLabelNamespaces computes the appliedToGroups and addressGroups for each +// group of Namespaces who have the same values for the sameLabels keys. +func (n *NetworkPolicyController) toAntreaPeerForSameLabelNamespaces(peer crdv1beta1.NetworkPolicyPeer, + np metav1.Object, atgPerAffectedNS map[string]*antreatypes.AppliedToGroup, + labelValues string, + namespacesByLabelValues []string) (*controlplane.NetworkPolicyPeer, []*antreatypes.AppliedToGroup, []*antreatypes.AddressGroup, sets.Set[string]) { + labelKeys := peer.Namespaces.SameLabels + var labelIdentities []uint32 + uniqueLabelIDs := sets.New[uint32]() + clusterSetScopeSelectorKeys := sets.New[string]() + // select Namespaces who, for specific label keys, have the same values as the appliedTo Namespaces. + nsSelForSameLabels := convertSameLabelsToSelector(labelKeys, labelValues) + addressGroups := []*antreatypes.AddressGroup{n.createAddressGroup("", peer.PodSelector, nsSelForSameLabels, peer.ExternalEntitySelector, nil)} + if n.stretchNPEnabled && peer.Scope == crdv1beta1.ScopeClusterSet { + newClusterSetScopeSelector := antreatypes.NewGroupSelector("", peer.PodSelector, nsSelForSameLabels, peer.ExternalEntitySelector, nil) + clusterSetScopeSelectorKeys.Insert(newClusterSetScopeSelector.NormalizedName) + // In addition to getting the matched Label Identity IDs, AddSelector also registers the selector + // with the labelIdentityInterface. + matchedLabelIDs := n.labelIdentityInterface.AddSelector(newClusterSetScopeSelector, internalNetworkPolicyKeyFunc(np)) + for _, id := range matchedLabelIDs { + uniqueLabelIDs.Insert(id) + } + } + for id := range uniqueLabelIDs { + labelIdentities = append(labelIdentities, id) + } + antreaPeer := &controlplane.NetworkPolicyPeer{ + AddressGroups: getAddressGroupNames(addressGroups), + LabelIdentities: labelIdentities, + } + var atgs []*antreatypes.AppliedToGroup + sort.Strings(namespacesByLabelValues) + for _, ns := range namespacesByLabelValues { + atgForNamespace, _ := atgPerAffectedNS[ns] + atgs = append(atgs, atgForNamespace) + } + return antreaPeer, atgs, addressGroups, clusterSetScopeSelectorKeys +} + // processClusterAppliedTo processes appliedTo groups in Antrea ClusterNetworkPolicy set // at cluster level (appliedTo groups which will not need to be split by Namespaces). func (n *NetworkPolicyController) processClusterAppliedTo(appliedTo []crdv1beta1.AppliedTo) []*antreatypes.AppliedToGroup { @@ -525,32 +719,36 @@ func (n *NetworkPolicyController) processClusterAppliedTo(appliedTo []crdv1beta1 // splitPeersByScope splits the ClusterNetworkPolicy peers in the rule by whether the peer // is cluster-scoped or per-namespace. -func splitPeersByScope(rule crdv1beta1.Rule, dir controlplane.Direction) ([]crdv1beta1.NetworkPolicyPeer, []crdv1beta1.NetworkPolicyPeer) { - var clusterPeers, perNSPeers []crdv1beta1.NetworkPolicyPeer +func splitPeersByScope(rule crdv1beta1.Rule, dir controlplane.Direction) ([]crdv1beta1.NetworkPolicyPeer, []crdv1beta1.NetworkPolicyPeer, []crdv1beta1.NetworkPolicyPeer) { + var clusterPeers, perNSPeers, nsLabelPeers []crdv1beta1.NetworkPolicyPeer peers := rule.From if dir == controlplane.DirectionOut { peers = rule.To } for _, peer := range peers { - if peer.Namespaces != nil && peer.Namespaces.Match == crdv1beta1.NamespaceMatchSelf { - perNSPeers = append(perNSPeers, peer) + if peer.Namespaces != nil { + if peer.Namespaces.Match == crdv1beta1.NamespaceMatchSelf { + perNSPeers = append(perNSPeers, peer) + } else if len(peer.Namespaces.SameLabels) > 0 { + nsLabelPeers = append(nsLabelPeers, peer) + } } else { clusterPeers = append(clusterPeers, peer) } } - return clusterPeers, perNSPeers + return clusterPeers, perNSPeers, nsLabelPeers } // getAffectedNamespacesForAppliedTo computes the Namespaces currently affected by the appliedTo -// Namespace selectors. -func (n *NetworkPolicyController) getAffectedNamespacesForAppliedTo(appliedTo crdv1beta1.AppliedTo) []string { - var affectedNS []string +// Namespace selectors, and returns these Namespaces along with their labels. +func (n *NetworkPolicyController) getAffectedNamespacesForAppliedTo(appliedTo crdv1beta1.AppliedTo) map[string]labels.Set { + affectedNSAndLabels := map[string]labels.Set{} nsLabelSelector := appliedTo.NamespaceSelector if appliedTo.Group != "" { cg, err := n.cgLister.Get(appliedTo.Group) if err != nil { - return affectedNS + return affectedNSAndLabels } if cg.Spec.NamespaceSelector != nil || cg.Spec.PodSelector != nil { nsLabelSelector = cg.Spec.NamespaceSelector @@ -563,9 +761,9 @@ func (n *NetworkPolicyController) getAffectedNamespacesForAppliedTo(appliedTo cr } namespaces, _ := n.namespaceLister.List(nsSel) for _, ns := range namespaces { - affectedNS = append(affectedNS, ns.Name) + affectedNSAndLabels[ns.Name] = ns.Labels } - return affectedNS + return affectedNSAndLabels } // processInternalGroupForRule examines the internal group (and its childGroups if applicable) diff --git a/pkg/controller/networkpolicy/clusternetworkpolicy_test.go b/pkg/controller/networkpolicy/clusternetworkpolicy_test.go index 3562c861196..3241723ec1a 100644 --- a/pkg/controller/networkpolicy/clusternetworkpolicy_test.go +++ b/pkg/controller/networkpolicy/clusternetworkpolicy_test.go @@ -24,6 +24,7 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" "antrea.io/antrea/multicluster/controllers/multicluster/common" @@ -55,6 +56,12 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { Labels: map[string]string{"foo2": "bar2"}, }, } + nsC := v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nsC", + Labels: map[string]string{"foo2": "bar2"}, + }, + } svcA := v1.Service{ ObjectMeta: metav1.ObjectMeta{ @@ -796,6 +803,21 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { Priority: 0, Action: &allowAction, }, + { + Direction: controlplane.DirectionIn, + AppliedToGroups: []string{getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName)}, + From: controlplane.NetworkPolicyPeer{ + AddressGroups: []string{getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName)}, + }, + Services: []controlplane.Service{ + { + Protocol: &protocolTCP, + Port: &int80, + }, + }, + Priority: 0, + Action: &allowAction, + }, { Direction: controlplane.DirectionIn, AppliedToGroups: []string{getNormalizedUID(antreatypes.NewGroupSelector("", nil, &metav1.LabelSelector{}, nil, nil).NormalizedName)}, @@ -815,12 +837,13 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { AppliedToGroups: []string{ getNormalizedUID(antreatypes.NewGroupSelector("nsA", nil, nil, nil, nil).NormalizedName), getNormalizedUID(antreatypes.NewGroupSelector("nsB", nil, nil, nil, nil).NormalizedName), + getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName), getNormalizedUID(antreatypes.NewGroupSelector("", nil, &metav1.LabelSelector{}, nil, nil).NormalizedName), }, AppliedToPerRule: true, }, - expectedAppliedToGroups: 3, - expectedAddressGroups: 3, + expectedAppliedToGroups: 4, + expectedAddressGroups: 4, }, { name: "with-per-namespace-rule-applied-to-per-rule", @@ -915,15 +938,103 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { Priority: 1, Action: &dropAction, }, + { + Direction: controlplane.DirectionIn, + AppliedToGroups: []string{getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName)}, + From: controlplane.NetworkPolicyPeer{ + AddressGroups: []string{getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName)}, + }, + Services: []controlplane.Service{ + { + Protocol: &protocolTCP, + Port: &int81, + }, + }, + Priority: 1, + Action: &dropAction, + }, }, AppliedToGroups: []string{ getNormalizedUID(antreatypes.NewGroupSelector("nsA", &selectorA, nil, nil, nil).NormalizedName), getNormalizedUID(antreatypes.NewGroupSelector("nsB", nil, nil, nil, nil).NormalizedName), + getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName), }, AppliedToPerRule: true, }, - expectedAppliedToGroups: 2, - expectedAddressGroups: 2, + expectedAppliedToGroups: 3, + expectedAddressGroups: 3, + }, + { + name: "with-same-labels-namespace-rule", + inputPolicy: &crdv1beta1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{Name: "cnpS", UID: "uidS"}, + Spec: crdv1beta1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1beta1.AppliedTo{ + { + NamespaceSelector: &metav1.LabelSelector{}, + }, + }, + Priority: p10, + Ingress: []crdv1beta1.Rule{ + { + Ports: []crdv1beta1.NetworkPolicyPort{ + { + Port: &int80, + }, + }, + From: []crdv1beta1.NetworkPolicyPeer{ + { + Namespaces: &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"foo2"}, + }, + }, + }, + Action: &allowAction, + }, + }, + }, + }, + expectedPolicy: &antreatypes.NetworkPolicy{ + UID: "uidS", + Name: "uidS", + SourceRef: &controlplane.NetworkPolicyReference{ + Type: controlplane.AntreaClusterNetworkPolicy, + Name: "cnpS", + UID: "uidS", + }, + Priority: &p10, + TierPriority: &DefaultTierPriority, + Rules: []controlplane.NetworkPolicyRule{ + { + Direction: controlplane.DirectionIn, + AppliedToGroups: []string{ + getNormalizedUID(antreatypes.NewGroupSelector("nsB", nil, nil, nil, nil).NormalizedName), + getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName), + }, + From: controlplane.NetworkPolicyPeer{ + AddressGroups: []string{ + getNormalizedUID(antreatypes.NewGroupSelector("", nil, &selectorB, nil, nil).NormalizedName), + }, + }, + Services: []controlplane.Service{ + { + Protocol: &protocolTCP, + Port: &int80, + }, + }, + Priority: 0, + Action: &allowAction, + }, + }, + AppliedToGroups: []string{ + getNormalizedUID(antreatypes.NewGroupSelector("nsA", nil, nil, nil, nil).NormalizedName), + getNormalizedUID(antreatypes.NewGroupSelector("nsB", nil, nil, nil, nil).NormalizedName), + getNormalizedUID(antreatypes.NewGroupSelector("nsC", nil, nil, nil, nil).NormalizedName), + }, + AppliedToPerRule: true, + }, + expectedAppliedToGroups: 3, + expectedAddressGroups: 1, }, { name: "rule-with-to-service", @@ -1782,6 +1893,7 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { c.cgStore.Add(&cgA) c.namespaceStore.Add(&nsA) c.namespaceStore.Add(&nsB) + c.namespaceStore.Add(&nsC) c.serviceStore.Add(&svcA) c.tierStore.Add(&tierA) actualPolicy, actualAppliedToGroups, actualAddressGroups := c.processClusterNetworkPolicy(tt.inputPolicy) @@ -1799,9 +1911,9 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { } } -func TestAddCNP(t *testing.T) { +func TestAddACNP(t *testing.T) { _, npc := newController(nil, nil) - cnp := getCNP() + cnp := getACNP() npc.addCNP(cnp) require.Equal(t, 1, npc.internalNetworkPolicyQueue.Len()) key, done := npc.internalNetworkPolicyQueue.Get() @@ -1810,9 +1922,9 @@ func TestAddCNP(t *testing.T) { assert.False(t, done) } -func TestUpdateCNP(t *testing.T) { +func TestUpdateACNP(t *testing.T) { _, npc := newController(nil, nil) - cnp := getCNP() + cnp := getACNP() newCNP := cnp.DeepCopy() // Make a change to the CNP. newCNP.Annotations = map[string]string{"foo": "bar"} @@ -1824,9 +1936,9 @@ func TestUpdateCNP(t *testing.T) { assert.False(t, done) } -func TestDeleteCNP(t *testing.T) { +func TestDeleteACNP(t *testing.T) { _, npc := newController(nil, nil) - cnp := getCNP() + cnp := getACNP() npc.deleteCNP(cnp) require.Equal(t, 1, npc.internalNetworkPolicyQueue.Len()) key, done := npc.internalNetworkPolicyQueue.Get() @@ -2060,7 +2172,7 @@ func TestProcessRefGroupOrClusterGroup(t *testing.T) { // util functions for testing. -func getCNP() *crdv1beta1.ClusterNetworkPolicy { +func getACNP() *crdv1beta1.ClusterNetworkPolicy { p10 := float64(10) allowAction := crdv1beta1.RuleActionAllow selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} @@ -2214,3 +2326,98 @@ func TestFilterPerNamespaceRuleACNPsByNSLabels(t *testing.T) { }) } } + +func TestGetACNPsWithRulesMatchingLabelKeysAcrossNSUpdate(t *testing.T) { + acnp1 := &crdv1beta1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{Name: "acnp-with-tier-label-rule"}, + Spec: crdv1beta1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1beta1.AppliedTo{ + { + NamespaceSelector: &metav1.LabelSelector{}, + }, + }, + Ingress: []crdv1beta1.Rule{ + { + From: []crdv1beta1.NetworkPolicyPeer{ + { + Namespaces: &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"tier"}, + }, + }, + }, + }, + }, + }, + } + acnp2 := &crdv1beta1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{Name: "acnp-with-tier-and-purpose-label-rule"}, + Spec: crdv1beta1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1beta1.AppliedTo{ + { + NamespaceSelector: &metav1.LabelSelector{}, + }, + }, + Ingress: []crdv1beta1.Rule{ + { + From: []crdv1beta1.NetworkPolicyPeer{ + { + Namespaces: &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"tier", "purpose"}, + }, + }, + }, + }, + }, + }, + } + tests := []struct { + name string + oldNSLabels labels.Set + newNSLabels labels.Set + want sets.Set[string] + }{ + { + name: "Namespace updated to have tier label", + oldNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns1", + }, + newNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns1", + "tier": "production", + }, + want: sets.New[string](acnp1.Name, acnp2.Name), + }, + { + name: "Namespace updated to have purpose label", + oldNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns2", + }, + newNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns2", + "purpose": "test", + }, + want: sets.New[string](acnp2.Name), + }, + { + name: "Namespace updated for irrelevant label", + oldNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns3", + "tier": "production", + }, + newNSLabels: map[string]string{ + "kubernetes.io/metadata.name": "ns2", + "tier": "production", + "owned-by": "dev-team", + }, + want: sets.New[string](), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _, c := newController(nil, []runtime.Object{acnp1, acnp2}) + c.acnpStore.Add(acnp1) + c.acnpStore.Add(acnp2) + assert.Equal(t, tt.want, c.getACNPsWithRulesMatchingAnyUpdatedLabels(tt.oldNSLabels, tt.newNSLabels)) + }) + } +} diff --git a/pkg/controller/networkpolicy/networkpolicy_controller.go b/pkg/controller/networkpolicy/networkpolicy_controller.go index af1edbcf773..ca5458900e2 100644 --- a/pkg/controller/networkpolicy/networkpolicy_controller.go +++ b/pkg/controller/networkpolicy/networkpolicy_controller.go @@ -93,8 +93,9 @@ const ( addressGroupType grouping.GroupType = "addressGroup" internalGroupType grouping.GroupType = "internalGroup" - perNamespaceRuleIndex = "hasPerNamespaceRule" - HasPerNamespaceRule = "true" + perNamespaceRuleIndex = "hasPerNamespaceRule" + namespaceRuleLabelKeyIndex = "namespaceRuleLabelKeys" + indexValueTrue = "true" ) var ( @@ -333,12 +334,18 @@ var acnpIndexers = cache.Indexers{ if !ok { return []string{}, nil } - has := hasPerNamespaceRule(acnp) - if has { - return []string{HasPerNamespaceRule}, nil + if hasPerNamespaceRule(acnp) { + return []string{indexValueTrue}, nil } return []string{}, nil }, + namespaceRuleLabelKeyIndex: func(obj interface{}) ([]string, error) { + cnp, ok := obj.(*secv1beta1.ClusterNetworkPolicy) + if !ok { + return []string{}, nil + } + return namespaceRuleLabelKeys(cnp).UnsortedList(), nil + }, } var annpIndexers = cache.Indexers{ diff --git a/pkg/controller/networkpolicy/validate.go b/pkg/controller/networkpolicy/validate.go index 5cd0e01071c..5639866e452 100644 --- a/pkg/controller/networkpolicy/validate.go +++ b/pkg/controller/networkpolicy/validate.go @@ -656,6 +656,16 @@ func (v *antreaPolicyValidator) validatePeers(ingress, egress []crdv1beta1.Rule) if peer.NamespaceSelector != nil && peer.Namespaces != nil { return "namespaces and namespaceSelector cannot be set at the same time for a single NetworkPolicyPeer", false } + if peer.Namespaces != nil { + if numFieldsSetInStruct(*peer.Namespaces) > 1 { + return "only one matching criteria can be specified in a single peer namespaces field", false + } + for _, k := range peer.Namespaces.SameLabels { + if err := validation.IsQualifiedName(k); err != nil { + return fmt.Sprintf("Invalid label key in sameLabels rule: %s", k), false + } + } + } peerFieldsNum := numFieldsSetInStruct(peer) if peer.Group != "" && peerFieldsNum > 1 { return "group cannot be set with other peers in rules", false diff --git a/pkg/controller/networkpolicy/validate_test.go b/pkg/controller/networkpolicy/validate_test.go index 43b20fe13ca..271da1e06c1 100644 --- a/pkg/controller/networkpolicy/validate_test.go +++ b/pkg/controller/networkpolicy/validate_test.go @@ -703,6 +703,65 @@ func TestValidateAntreaClusterNetworkPolicy(t *testing.T) { operation: admv1.Create, expectedReason: "namespaces and namespaceSelector cannot be set at the same time for a single NetworkPolicyPeer", }, + { + name: "acnp-double-peer-namespace-field", + policy: &crdv1beta1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "acnp-double-peer-namespace-field", + }, + Spec: crdv1beta1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1beta1.AppliedTo{ + { + NamespaceSelector: &metav1.LabelSelector{}, + }, + }, + Ingress: []crdv1beta1.Rule{ + { + Action: &allowAction, + From: []crdv1beta1.NetworkPolicyPeer{ + { + Namespaces: &crdv1beta1.PeerNamespaces{ + Match: crdv1beta1.NamespaceMatchSelf, + SameLabels: []string{"test"}, + }, + }, + }, + }, + }, + }, + }, + operation: admv1.Create, + expectedReason: "only one matching criteria can be specified in a single peer namespaces field", + }, + { + name: "acnp-invalid-rule-samelabels-key", + policy: &crdv1beta1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "acnp-invalid-rule-samelabels-key", + }, + Spec: crdv1beta1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1beta1.AppliedTo{ + { + NamespaceSelector: &metav1.LabelSelector{}, + }, + }, + Ingress: []crdv1beta1.Rule{ + { + Action: &allowAction, + From: []crdv1beta1.NetworkPolicyPeer{ + { + Namespaces: &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"&illegalKey"}, + }, + }, + }, + }, + }, + }, + }, + operation: admv1.Update, + expectedReason: "Invalid label key in sameLabels rule: &illegalKey", + }, { name: "acnp-toservice-set-with-to", policy: &crdv1beta1.ClusterNetworkPolicy{ diff --git a/test/e2e/antreaipam_anp_test.go b/test/e2e/antreaipam_anp_test.go index 11d6cd14866..7e6e191cca8 100644 --- a/test/e2e/antreaipam_anp_test.go +++ b/test/e2e/antreaipam_anp_test.go @@ -28,32 +28,26 @@ import ( // initializeAntreaIPAM must be called after Namespace in antreaIPAMNamespaces created func initializeAntreaIPAM(t *testing.T, data *TestData) { - p80 = 80 - p81 = 81 - p8080 = 8080 - p8081 = 8081 - p8082 = 8082 - p8085 = 8085 - pods = []string{"a", "b", "c"} - namespaces = make(map[string]string) - regularNamespaces := make(map[string]string) + podsPerNamespace = []string{"a", "b", "c"} + namespaces = make(map[string]TestNamespaceMeta) + regularNamespaces := make(map[string]TestNamespaceMeta) suffix := randName("") - namespaces["x"] = "antrea-x-" + suffix + namespaces["x"] = TestNamespaceMeta{ + Name: "antrea-x-" + suffix, + } regularNamespaces["x"] = namespaces["x"] // This function "initializeAntreaIPAM" will be used more than once, and variable "allPods" is global. // It should be empty every time when "initializeAntreaIPAM" is performed, otherwise there will be unexpected // results. allPods = []Pod{} podsByNamespace = make(map[string][]Pod) - for _, ns := range antreaIPAMNamespaces { - namespaces[ns] = ns + namespaces[ns] = TestNamespaceMeta{Name: ns} } - - for _, podName := range pods { + for _, podName := range podsPerNamespace { for _, ns := range namespaces { - allPods = append(allPods, NewPod(ns, podName)) - podsByNamespace[ns] = append(podsByNamespace[ns], NewPod(ns, podName)) + allPods = append(allPods, NewPod(ns.Name, podName)) + podsByNamespace[ns.Name] = append(podsByNamespace[ns.Name], NewPod(ns.Name, podName)) } } @@ -61,9 +55,9 @@ func initializeAntreaIPAM(t *testing.T, data *TestData) { // k8sUtils is a global var k8sUtils, err = NewKubernetesUtils(data) failOnError(err, t) - _, err = k8sUtils.Bootstrap(regularNamespaces, pods, true, nil, nil) + _, err = k8sUtils.Bootstrap(regularNamespaces, podsPerNamespace, true, nil, nil) failOnError(err, t) - ips, err := k8sUtils.Bootstrap(namespaces, pods, false, nil, nil) + ips, err := k8sUtils.Bootstrap(namespaces, podsPerNamespace, false, nil, nil) failOnError(err, t) podIPs = ips } @@ -195,35 +189,29 @@ func testAntreaIPAMACNP(t *testing.T, protocol e2eutils.AntreaPolicyProtocol, ac SetAppliedToGroup([]e2eutils.ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "c"}}}) if isIngress { builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) builder2.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) builder3.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) } else { builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) builder2.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) builder3.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, - nil, nil, nil, nil, false, nil, ruleAction, "", "", nil) + nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil) } reachability := NewReachability(allPods, action) - for _, ns := range namespaces { - for _, pod := range []string{"/a", "/b", "/c"} { - reachability.Expect(Pod(ns+pod), Pod(ns+pod), Connected) - } - } + reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), builder2.Get(), builder3.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), builder2.Get(), builder3.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index cef8e0b4639..ffcd5d0ca1e 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -45,15 +45,22 @@ import ( // common for all tests. var ( - allPods []Pod - podsByNamespace map[string][]Pod - k8sUtils *KubernetesUtils - allTestList []*TestCase - pods []string - namespaces map[string]string - podIPs map[string][]string - p80, p81, p8080, p8081, p8082, p8085, p6443 int32 - nodes map[string]string + p80 int32 = 80 + p81 int32 = 81 + p6443 int32 = 6443 + p8080 int32 = 8080 + p8081 int32 = 8081 + p8082 int32 = 8082 + p8085 int32 = 8085 + allPods []Pod + podsByNamespace map[string][]Pod + k8sUtils *KubernetesUtils + allTestList []*TestCase + podsPerNamespace []string + namespaces map[string]TestNamespaceMeta + podIPs map[string][]string + nodes map[string]string + selfNamespace *crdv1beta1.PeerNamespaces ) const ( @@ -70,27 +77,6 @@ const ( defaultTierName = "application" ) -// TestAntreaPolicyStats is the top-level test which contains all subtests for -// AntreaPolicyStats related test cases so they can share setup, teardown. -func TestAntreaPolicyStats(t *testing.T) { - skipIfHasWindowsNodes(t) - skipIfAntreaPolicyDisabled(t) - skipIfNetworkPolicyStatsDisabled(t) - - data, err := setupTest(t) - if err != nil { - t.Fatalf("Error when setting up test: %v", err) - } - defer teardownTest(t, data) - - t.Run("testANNPNetworkPolicyStatsWithDropAction", func(t *testing.T) { - testANNPNetworkPolicyStatsWithDropAction(t, data) - }) - t.Run("testAntreaClusterNetworkPolicyStats", func(t *testing.T) { - testAntreaClusterNetworkPolicyStats(t, data) - }) -} - func failOnError(err error, t *testing.T) { if err != nil { log.Errorf("%+v", err) @@ -108,29 +94,46 @@ type podToAddrTestStep struct { expectedConnectivity PodConnectivityMark } -func initialize(t *testing.T, data *TestData) { - p80 = 80 - p81 = 81 - p8080 = 8080 - p8081 = 8081 - p8082 = 8082 - p8085 = 8085 - pods = []string{"a", "b", "c"} - namespaces = make(map[string]string) - suffix := randName("") - namespaces["x"] = "x-" + suffix - namespaces["y"] = "y-" + suffix - namespaces["z"] = "z-" + suffix +// Util function to get the runtime name of a test Namespace. +func getNS(ns string) string { + return namespaces[ns].Name +} + +// Util function to get the runtime Pod struct of a test Pod. +func getPod(ns, po string) Pod { + return Pod(namespaces[ns].Name + "/" + po) +} + +// Util function to get the runtime Pod name of a test Pod. +func getPodName(ns, po string) string { + return namespaces[ns].Name + "/" + po +} + +func initialize(t *testing.T, data *TestData, customNamespaces map[string]TestNamespaceMeta) { + selfNamespace = &crdv1beta1.PeerNamespaces{ + Match: crdv1beta1.NamespaceMatchSelf, + } + namespaces = make(map[string]TestNamespaceMeta) + if customNamespaces != nil { + namespaces = customNamespaces + } else { + suffix := randName("") + for _, ns := range []string{"x", "y", "z"} { + namespaces[ns] = TestNamespaceMeta{ + Name: ns + "-" + suffix, + } + } + } // This function "initialize" will be used more than once, and variable "allPods" is global. // It should be empty every time when "initialize" is performed, otherwise there will be unexpected // results. allPods = []Pod{} podsByNamespace = make(map[string][]Pod) - - for _, podName := range pods { + podsPerNamespace = []string{"a", "b", "c"} + for _, podName := range podsPerNamespace { for _, ns := range namespaces { - allPods = append(allPods, NewPod(ns, podName)) - podsByNamespace[ns] = append(podsByNamespace[ns], NewPod(ns, podName)) + allPods = append(allPods, NewPod(ns.Name, podName)) + podsByNamespace[ns.Name] = append(podsByNamespace[ns.Name], NewPod(ns.Name, podName)) } } skipIfAntreaPolicyDisabled(t) @@ -139,7 +142,7 @@ func initialize(t *testing.T, data *TestData) { // k8sUtils is a global var k8sUtils, err = NewKubernetesUtils(data) failOnError(err, t) - ips, err := k8sUtils.Bootstrap(namespaces, pods, true, nil, nil) + ips, err := k8sUtils.Bootstrap(namespaces, podsPerNamespace, true, nil, nil) failOnError(err, t) podIPs = ips } @@ -148,13 +151,13 @@ func skipIfAntreaPolicyDisabled(tb testing.TB) { skipIfFeatureDisabled(tb, features.AntreaPolicy, true, true) } -func applyDefaultDenyToAllNamespaces(k8s *KubernetesUtils, namespaces map[string]string) error { +func applyDefaultDenyToAllNamespaces(k8s *KubernetesUtils, namespaces map[string]TestNamespaceMeta) error { if err := k8s.CleanNetworkPolicies(namespaces); err != nil { return err } for _, ns := range namespaces { builder := &NetworkPolicySpecBuilder{} - builder = builder.SetName(ns, "default-deny-namespace") + builder = builder.SetName(ns.Name, "default-deny-namespace") builder.SetTypeIngress() if _, err := k8s.CreateOrUpdateNetworkPolicy(builder.Get()); err != nil { return err @@ -170,7 +173,7 @@ func applyDefaultDenyToAllNamespaces(k8s *KubernetesUtils, namespaces map[string return nil } -func cleanupDefaultDenyNPs(k8s *KubernetesUtils, namespaces map[string]string) error { +func cleanupDefaultDenyNPs(k8s *KubernetesUtils, namespaces map[string]TestNamespaceMeta) error { if err := k8s.CleanNetworkPolicies(namespaces); err != nil { return err } @@ -191,7 +194,6 @@ func testMutateACNPNoTier(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}). SetPriority(10.0) acnp := builder.Get() - log.Debugf("creating ACNP %v", acnp.Name) acnp, err := k8sUtils.CreateOrUpdateACNP(acnp) if err != nil { failOnError(fmt.Errorf("ACNP create failed %v", err), t) @@ -205,11 +207,10 @@ func testMutateACNPNoTier(t *testing.T) { func testMutateANNPNoTier(t *testing.T) { invalidNpErr := fmt.Errorf("ANNP tier not mutated to default tier") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-no-tier"). + builder = builder.SetName(getNS("x"), "annp-no-tier"). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}). SetPriority(10.0) annp := builder.Get() - log.Debugf("creating ANNP %v", annp.Name) annp, err := k8sUtils.CreateOrUpdateANNP(annp) if err != nil { failOnError(fmt.Errorf("ANNP create failed %v", err), t) @@ -228,7 +229,6 @@ func testCreateValidationInvalidACNP(t *testing.T) { SetPriority(1.0). SetTier("no-exist") acnp := builder.Get() - log.Debugf("creating ACNP %v", acnp.Name) if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil { // Above creation of ACNP must fail as it is an invalid spec. failOnError(invalidNpErr, t) @@ -242,14 +242,14 @@ func testUpdateValidationInvalidACNP(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}). SetPriority(1.0) builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, - nil, nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) acnp := builder.Get() if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err != nil { failOnError(fmt.Errorf("create ACNP acnp-applied-to-update failed: %v", err), t) } builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, nil, - nil, nil, nil, nil, false, []ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "b"}}}, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, []ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "b"}}}, crdv1beta1.RuleActionAllow, "", "", nil) acnp = builder.Get() if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil { // Above update of ACNP must fail as it is an invalid spec. @@ -261,7 +261,7 @@ func testUpdateValidationInvalidACNP(t *testing.T) { func testCreateValidationInvalidANNP(t *testing.T) { invalidNpErr := fmt.Errorf("invalid Antrea NetworkPolicy with non-exist tier accepted") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-no-priority"). + builder = builder.SetName(getNS("x"), "annp-no-priority"). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}). SetPriority(1.0). SetTier("non-exist") @@ -276,7 +276,7 @@ func testCreateValidationInvalidANNP(t *testing.T) { func testUpdateValidationInvalidANNP(t *testing.T) { invalidNpErr := fmt.Errorf("invalid Antrea NetworkPolicy appliedTo set in both spec and rules accepted") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-applied-to-update"). + builder = builder.SetName(getNS("x"), "annp-applied-to-update"). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}). SetPriority(1.0) builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, nil, nil, @@ -343,7 +343,7 @@ func testCreateValidationInvalidCG(t *testing.T) { cgBuilder := &ClusterGroupSpecBuilder{} cgBuilder = cgBuilder.SetName("cg-mix-peer"). SetPodSelector(map[string]string{"pod": "a"}, nil). - SetServiceReference("svc", namespaces["x"]) + SetServiceReference("svc", getNS("x")) cg := cgBuilder.Get() if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { // Above creation of ClusterGroup must fail as it is an invalid spec. @@ -360,7 +360,7 @@ func testUpdateValidationInvalidCG(t *testing.T) { if _, err := k8sUtils.CreateOrUpdateCG(cg); err != nil { failOnError(fmt.Errorf("create ClusterGroup %s failed: %v", cg.Name, err), t) } - cgBuilder.SetServiceReference("svc", namespaces["x"]) + cgBuilder.SetServiceReference("svc", getNS("x")) cg = cgBuilder.Get() if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { // Above update of ClusterGroup must fail as it is an invalid spec. @@ -372,9 +372,9 @@ func testUpdateValidationInvalidCG(t *testing.T) { func testCreateValidationInvalidGroup(t *testing.T) { invalidErr := fmt.Errorf("Group using podSelecter and serviceReference together created") gBuilder := &GroupSpecBuilder{} - gBuilder = gBuilder.SetName("g-mix-peer").SetNamespace(namespaces["x"]). + gBuilder = gBuilder.SetName("g-mix-peer").SetNamespace(getNS("x")). SetPodSelector(map[string]string{"pod": "a"}, nil). - SetServiceReference("svc", namespaces["x"]) + SetServiceReference("svc", getNS("x")) g := gBuilder.Get() if _, err := k8sUtils.CreateOrUpdateGroup(g); err == nil { // Above creation of Group must fail as it is an invalid spec. @@ -385,13 +385,13 @@ func testCreateValidationInvalidGroup(t *testing.T) { func testUpdateValidationInvalidGroup(t *testing.T) { invalidErr := fmt.Errorf("Group using podSelecter and serviceReference together updated") gBuilder := &GroupSpecBuilder{} - gBuilder = gBuilder.SetName("g-mix-peer").SetNamespace(namespaces["x"]). + gBuilder = gBuilder.SetName("g-mix-peer").SetNamespace(getNS("x")). SetPodSelector(map[string]string{"pod": "a"}, nil) g := gBuilder.Get() if _, err := k8sUtils.CreateOrUpdateGroup(g); err != nil { failOnError(fmt.Errorf("create Group %s/%s failed: %v", g.Namespace, g.Name, err), t) } - gBuilder.SetServiceReference("svc", namespaces["x"]) + gBuilder.SetServiceReference("svc", getNS("x")) g = gBuilder.Get() if _, err := k8sUtils.CreateOrUpdateGroup(g); err == nil { // Above update of Group must fail as it is an invalid spec. @@ -407,24 +407,22 @@ func testACNPAllowXBtoA(t *testing.T) { builder = builder.SetName("acnp-allow-xb-to-a"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachability := NewReachability(allPods, Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["z"]+"/a"), Connected) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Connected) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Connected) + reachability.Expect(getPod("x", "b"), getPod("z", "a"), Connected) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -439,33 +437,33 @@ func testACNPAllowXBtoA(t *testing.T) { // the client Pod and uses it in sourcePort and sourceEndPort of an ACNP rule to verify that // packets can be matched by source port. func testACNPSourcePort(t *testing.T) { - portStart, portEnd, err := k8sUtils.getTCPv4SourcePortRangeFromPod(namespaces["x"], "a") + portStart, portEnd, err := k8sUtils.getTCPv4SourcePortRangeFromPod(getNS("x"), "a") failOnError(err, t) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-source-port"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngressForSrcPort(ProtocolTCP, nil, nil, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, + builder.AddIngressForSrcPort(ProtocolTCP, nil, nil, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-source-port"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder2.AddIngressForSrcPort(ProtocolTCP, &p80, nil, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, + builder2.AddIngressForSrcPort(ProtocolTCP, &p80, nil, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder3 := &ClusterNetworkPolicySpecBuilder{} builder3 = builder3.SetName("acnp-source-port"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder3.AddIngressForSrcPort(ProtocolTCP, &p80, &p81, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, + builder3.AddIngressForSrcPort(ProtocolTCP, &p80, &p81, &portStart, &portEnd, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["z"]+"/a"), Dropped) + reachability.Expect(Pod(getNS("x")+"/b"), Pod(getNS("x")+"/a"), Dropped) + reachability.Expect(Pod(getNS("x")+"/b"), Pod(getNS("y")+"/a"), Dropped) + reachability.Expect(Pod(getNS("x")+"/b"), Pod(getNS("z")+"/a"), Dropped) // After adding the dst port constraint of port 80, traffic on port 81 should not be affected. updatedReachability := NewReachability(allPods, Connected) @@ -478,6 +476,8 @@ func testACNPSourcePort(t *testing.T) { ProtocolTCP, 0, nil, + nil, + nil, }, { "Port 81", @@ -487,6 +487,8 @@ func testACNPSourcePort(t *testing.T) { ProtocolTCP, 0, nil, + nil, + nil, }, { "Port range 80-81", @@ -496,6 +498,8 @@ func testACNPSourcePort(t *testing.T) { ProtocolTCP, 0, nil, + nil, + nil, }, } testCase := []*TestCase{ @@ -511,23 +515,21 @@ func testACNPAllowXBtoYA(t *testing.T) { builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-allow-xb-to-ya"). SetPriority(2.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["y"]}}}) - builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("y")}}}) + builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachability := NewReachability(allPods, Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Connected) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Connected) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "NamedPort 81", - reachability, - []metav1.Object{builder.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + Name: "NamedPort 81", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -543,36 +545,34 @@ func testACNPPriorityOverrideDefaultDeny(t *testing.T) { builder1 := &ClusterNetworkPolicySpecBuilder{} builder1 = builder1.SetName("acnp-priority2"). SetPriority(2). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-priority1"). SetPriority(1). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) // Ingress from ns:z to x/a will be dropped since acnp-priority1 has higher precedence. reachabilityBothACNP := NewReachability(allPods, Dropped) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Connected) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Connected) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Connected) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Connected) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Connected) - reachabilityBothACNP.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Connected) + reachabilityBothACNP.Expect(getPod("z", "a"), getPod("x", "b"), Connected) + reachabilityBothACNP.Expect(getPod("z", "a"), getPod("x", "c"), Connected) + reachabilityBothACNP.Expect(getPod("z", "b"), getPod("x", "b"), Connected) + reachabilityBothACNP.Expect(getPod("z", "b"), getPod("x", "c"), Connected) + reachabilityBothACNP.Expect(getPod("z", "c"), getPod("x", "b"), Connected) + reachabilityBothACNP.Expect(getPod("z", "c"), getPod("x", "c"), Connected) reachabilityBothACNP.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "Both ACNP", - reachabilityBothACNP, - []metav1.Object{builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Both ACNP", + Reachability: reachabilityBothACNP, + TestResources: []metav1.Object{builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -594,22 +594,20 @@ func testACNPAllowNoDefaultIsolation(t *testing.T, protocol AntreaPolicyProtocol builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-allow-x-ingress-y-egress-z"). SetPriority(1.1). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder.AddIngress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["y"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) - builder.AddEgress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder.AddIngress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("y")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder.AddEgress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachability := NewReachability(allPods, Connected) testStep := []*TestStep{ { - "Port 81", - reachability, - []metav1.Object{builder.Get()}, - []int32{81}, - protocol, - 0, - nil, + Name: "Port 81", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{81}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -632,23 +630,21 @@ func testACNPDropEgress(t *testing.T, protocol AntreaPolicyProtocol) { builder = builder.SetName("acnp-deny-a-to-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -664,24 +660,22 @@ func testACNPDropIngressInSelectedNamespace(t *testing.T) { builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-ingress-to-x"). SetPriority(1.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, false, nil, + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "drop-all-ingress", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectAllIngress(Pod(namespaces["x"]+"/a"), Dropped) - reachability.ExpectAllIngress(Pod(namespaces["x"]+"/b"), Dropped) - reachability.ExpectAllIngress(Pod(namespaces["x"]+"/c"), Dropped) + reachability.ExpectAllIngress(getPod("x", "a"), Dropped) + reachability.ExpectAllIngress(getPod("x", "b"), Dropped) + reachability.ExpectAllIngress(getPod("x", "c"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -696,39 +690,35 @@ func testACNPNoEffectOnOtherProtocols(t *testing.T) { builder = builder.SetName("acnp-deny-a-to-z-ingress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability1 := NewReachability(allPods, Connected) - reachability1.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["y"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["z"]+"/a"), Dropped) - reachability1.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["z"]+"/a"), Dropped) + reachability1.Expect(getPod("z", "a"), getPod("x", "a"), Dropped) + reachability1.Expect(getPod("z", "b"), getPod("x", "a"), Dropped) + reachability1.Expect(getPod("z", "c"), getPod("x", "a"), Dropped) + reachability1.Expect(getPod("z", "a"), getPod("y", "a"), Dropped) + reachability1.Expect(getPod("z", "b"), getPod("y", "a"), Dropped) + reachability1.Expect(getPod("z", "c"), getPod("y", "a"), Dropped) + reachability1.Expect(getPod("z", "b"), getPod("z", "a"), Dropped) + reachability1.Expect(getPod("z", "c"), getPod("z", "a"), Dropped) reachability2 := NewReachability(allPods, Connected) testStep := []*TestStep{ { - "Port 80", - reachability1, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability1, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 80", - reachability2, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolUDP, - 0, - nil, + Name: "Port 80", + Reachability: reachability2, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolUDP, }, } testCase := []*TestCase{ @@ -742,30 +732,28 @@ func testACNPAppliedToDenyXBtoCGWithYA(t *testing.T) { cgName := "cg-pods-ya" cgBuilder := &ClusterGroupSpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). - SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil). SetPodSelector(map[string]string{"pod": "a"}, nil) port81Name := "serve-81" builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-ya-from-xb"). SetPriority(2.0). SetAppliedToGroup([]ACNPAppliedToSpec{{Group: cgName}}) - builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "NamedPort 81", - reachability, + Name: "NamedPort 81", + Reachability: reachability, // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), cgBuilder.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -779,29 +767,27 @@ func testACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) { cgName := "cg-pods-xb" cgBuilder := &ClusterGroupSpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). - SetNamespaceSelector(map[string]string{"ns": namespaces["x"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("x")}, nil). SetPodSelector(map[string]string{"pod": "b"}, nil) port81Name := "serve-81" builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-xb-to-ya"). SetPriority(2.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["y"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("y")}}}) builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "NamedPort 81", - reachability, - []metav1.Object{cgBuilder.Get(), builder.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + Name: "NamedPort 81", + Reachability: reachability, + TestResources: []metav1.Object{cgBuilder.Get(), builder.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -818,24 +804,22 @@ func testACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-a-to-z"). SetPriority(1.0) - builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, []ACNPAppliedToSpec{{Group: cgName}}, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, []ACNPAppliedToSpec{{Group: cgName}}, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), cgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -848,29 +832,27 @@ func testACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { func testACNPEgressRulePodsAToCGWithNsZ(t *testing.T) { cgName := "cg-ns-z" cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil) + cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-a-to-cg-with-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), cgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -890,38 +872,34 @@ func testACNPClusterGroupUpdateAppliedTo(t *testing.T) { builder = builder.SetName("acnp-deny-cg-with-a-to-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{Group: cgName}}) - builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) updatedReachability := NewReachability(allPods, Connected) - updatedReachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/c"), namespaces["z"], Dropped) - updatedReachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/c"), namespaces["z"], Dropped) - updatedReachability.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["z"]+"/a"), Dropped) - updatedReachability.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["z"]+"/b"), Dropped) + updatedReachability.ExpectEgressToNamespace(getPod("x", "c"), getNS("z"), Dropped) + updatedReachability.ExpectEgressToNamespace(getPod("y", "c"), getNS("z"), Dropped) + updatedReachability.Expect(getPod("z", "c"), getPod("z", "a"), Dropped) + updatedReachability.Expect(getPod("z", "c"), getPod("z", "b"), Dropped) testStep := []*TestStep{ { - "CG Pods A", - reachability, - []metav1.Object{cgBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "CG Pods A", + Reachability: reachability, + TestResources: []metav1.Object{cgBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "CG Pods C - update", - updatedReachability, - []metav1.Object{updatedCgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "CG Pods C - update", + Reachability: updatedReachability, + TestResources: []metav1.Object{updatedCgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -933,46 +911,42 @@ func testACNPClusterGroupUpdateAppliedTo(t *testing.T) { func testACNPClusterGroupUpdate(t *testing.T) { cgName := "cg-ns-z-then-y" cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil) + cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil) // Update CG NS selector to group Pods from Namespace Y updatedCgBuilder := &ClusterGroupSpecBuilder{} - updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil) + updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-a-to-cg-with-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) updatedReachability := NewReachability(allPods, Connected) - updatedReachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["y"], Dropped) - updatedReachability.ExpectEgressToNamespace(Pod(namespaces["z"]+"/a"), namespaces["y"], Dropped) - updatedReachability.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["y"]+"/b"), Dropped) - updatedReachability.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["y"]+"/c"), Dropped) + updatedReachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("y"), Dropped) + updatedReachability.ExpectEgressToNamespace(getPod("z", "a"), getNS("y"), Dropped) + updatedReachability.Expect(getPod("y", "a"), getPod("y", "b"), Dropped) + updatedReachability.Expect(getPod("y", "a"), getPod("y", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{cgBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{cgBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 80 - update", - updatedReachability, - []metav1.Object{updatedCgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 - update", + Reachability: updatedReachability, + TestResources: []metav1.Object{updatedCgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -985,22 +959,22 @@ func testACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zj" cgBuilder := &ClusterGroupSpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). - SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil). SetPodSelector(map[string]string{"pod": "j"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-zj-to-xj-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{Group: cgName}}) - builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "j"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "j"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["z"], "j"), + Pod: NewPod(getNS("z"), "j"), Labels: map[string]string{"pod": "j"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["x"], "j"), + Pod: NewPod(getNS("x"), "j"), Labels: map[string]string{"pod": "j"}, }, ExpectConnectivity: Dropped, @@ -1009,13 +983,11 @@ func testACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { } testStep := []*TestStep{ { - "Port 80", - nil, - []metav1.Object{cgBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80", + TestResources: []metav1.Object{cgBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, }, } testCase := []*TestCase{ @@ -1028,7 +1000,7 @@ func testACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zk" cgBuilder := &ClusterGroupSpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). - SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil). SetPodSelector(map[string]string{"pod": "k"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-xk-to-cg-with-zk-egress"). @@ -1036,19 +1008,19 @@ func testACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { SetAppliedToGroup([]ACNPAppliedToSpec{ { PodSelector: map[string]string{"pod": "k"}, - NSSelector: map[string]string{"ns": namespaces["x"]}, + NSSelector: map[string]string{"ns": getNS("x")}, }, }) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["x"], "k"), + Pod: NewPod(getNS("x"), "k"), Labels: map[string]string{"pod": "k"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["z"], "k"), + Pod: NewPod(getNS("z"), "k"), Labels: map[string]string{"pod": "k"}, }, ExpectConnectivity: Dropped, @@ -1057,14 +1029,12 @@ func testACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { } testStep := []*TestStep{ { - "Port 80", - nil, + Name: "Port 80", // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), cgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, }, } testCase := []*TestCase{ @@ -1074,10 +1044,10 @@ func testACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { } func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { - podXAIP, _ := podIPs[namespaces["x"]+"/a"] - podXBIP, _ := podIPs[namespaces["x"]+"/b"] - podXCIP, _ := podIPs[namespaces["x"]+"/c"] - podZAIP, _ := podIPs[namespaces["z"]+"/a"] + podXAIP, _ := podIPs[getPodName("x", "a")] + podXBIP, _ := podIPs[getPodName("x", "b")] + podXCIP, _ := podIPs[getPodName("x", "c")] + podZAIP, _ := podIPs[getPodName("z", "a")] // There are three situations of a Pod's IP(s): // 1. Only one IPv4 address. // 2. Only one IPv6 address. @@ -1112,28 +1082,26 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{ { PodSelector: map[string]string{"pod": "a"}, - NSSelector: map[string]string{"ns": namespaces["y"]}, + NSSelector: map[string]string{"ns": getNS("y")}, }, }) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName2, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName2, "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/c"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "c"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("y", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), cgBuilder.Get(), cgBuilder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get(), cgBuilder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1146,26 +1114,24 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { func testANNPEgressRulePodsAToGrpWithPodsC(t *testing.T) { grpName := "grp-xc" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "c"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "c"}, nil) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-xa-to-grp-xc-egress"). + builder = builder.SetName(getNS("x"), "annp-deny-xa-to-grp-xc-egress"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grpName, "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("x", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the Group is created after the ANNP - []metav1.Object{builder.Get(), grpBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), grpBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1178,28 +1144,26 @@ func testANNPEgressRulePodsAToGrpWithPodsC(t *testing.T) { func testANNPIngressRuleDenyGrpWithXCtoXA(t *testing.T) { grpName := "grp-pods-xb" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "b"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "b"}, nil) port81Name := "serve-81" builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-grp-with-xb-to-xa"). + builder = builder.SetName(getNS("x"), "annp-deny-grp-with-xb-to-xa"). SetPriority(2.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grpName, "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "NamedPort 81", - reachability, - []metav1.Object{grpBuilder.Get(), builder.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + Name: "NamedPort 81", + Reachability: reachability, + TestResources: []metav1.Object{grpBuilder.Get(), builder.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1211,40 +1175,36 @@ func testANNPIngressRuleDenyGrpWithXCtoXA(t *testing.T) { func testANNPGroupUpdate(t *testing.T) { grpName := "grp-pod-xc-then-pod-xb" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "c"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "c"}, nil) // Update Group Pod selector from X/C to X/B updatedGrpBuilder := &GroupSpecBuilder{} - updatedGrpBuilder = updatedGrpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "b"}, nil) + updatedGrpBuilder = updatedGrpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "b"}, nil) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-xa-to-grp-with-xc-egress"). + builder = builder.SetName(getNS("x"), "annp-deny-xa-to-grp-with-xc-egress"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grpName, "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("x", "c"), Dropped) updatedReachability := NewReachability(allPods, Connected) - updatedReachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) + updatedReachability.Expect(getPod("x", "a"), getPod("x", "b"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{grpBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{grpBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 80 - update", - updatedReachability, - []metav1.Object{updatedGrpBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 - update", + Reachability: updatedReachability, + TestResources: []metav1.Object{updatedGrpBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1257,29 +1217,27 @@ func testANNPGroupUpdate(t *testing.T) { func testANNPAppliedToDenyXBtoGrpWithXA(t *testing.T) { grpName := "grp-pods-ya" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "a"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "a"}, nil) port81Name := "serve-81" builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-grp-with-xa-from-xb"). + builder = builder.SetName(getNS("x"), "annp-deny-grp-with-xa-from-xb"). SetPriority(2.0). SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grpName}}) builder.AddIngress(ProtocolTCP, nil, &port81Name, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep := []*TestStep{ { - "NamedPort 81", - reachability, + Name: "NamedPort 81", + Reachability: reachability, // Note in this testcase the Group is created after the ANNP - []metav1.Object{builder.Get(), grpBuilder.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), grpBuilder.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1292,25 +1250,23 @@ func testANNPAppliedToDenyXBtoGrpWithXA(t *testing.T) { func testANNPAppliedToRuleGrpWithPodsAToPodsC(t *testing.T) { grpName := "grp-pods-a" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "a"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "a"}, nil) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-grp-with-a-to-c"). + builder = builder.SetName(getNS("x"), "annp-deny-grp-with-a-to-c"). SetPriority(1.0) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, nil, nil, nil, nil, nil, []ANNPAppliedToSpec{{Group: grpName}}, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("x", "c"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the Group is created after the ANNP - []metav1.Object{builder.Get(), grpBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), grpBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1322,40 +1278,36 @@ func testANNPAppliedToRuleGrpWithPodsAToPodsC(t *testing.T) { func testANNPGroupUpdateAppliedTo(t *testing.T) { grpName := "grp-pods-xa-then-xb" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "a"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "a"}, nil) // Update GRP Pod selector to group Pods x/b updatedGrpBuilder := &GroupSpecBuilder{} - updatedGrpBuilder = updatedGrpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "b"}, nil) + updatedGrpBuilder = updatedGrpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "b"}, nil) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-grp-xc-to-xa-egress"). + builder = builder.SetName(getNS("x"), "annp-deny-grp-xc-to-xa-egress"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grpName}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("x", "c"), Dropped) updatedReachability := NewReachability(allPods, Connected) - updatedReachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) + updatedReachability.Expect(getPod("x", "b"), getPod("x", "c"), Dropped) testStep := []*TestStep{ { - "GRP Pods X/C", - reachability, - []metav1.Object{grpBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "GRP Pods X/C", + Reachability: reachability, + TestResources: []metav1.Object{grpBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "GRP Pods X/B - update", - updatedReachability, - []metav1.Object{updatedGrpBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "GRP Pods X/B - update", + Reachability: updatedReachability, + TestResources: []metav1.Object{updatedGrpBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1367,9 +1319,9 @@ func testANNPGroupUpdateAppliedTo(t *testing.T) { func testANNPGroupAppliedToPodAdd(t *testing.T, data *TestData) { grpName := "grp-pod-custom-pod-xj" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "j"}, nil) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "j"}, nil) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-grp-with-xj-to-xd-egress"). + builder = builder.SetName(getNS("x"), "annp-deny-grp-with-xj-to-xd-egress"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grpName}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "d"}, nil, nil, @@ -1377,11 +1329,11 @@ func testANNPGroupAppliedToPodAdd(t *testing.T, data *TestData) { cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["x"], "j"), + Pod: NewPod(getNS("x"), "j"), Labels: map[string]string{"pod": "j"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["x"], "d"), + Pod: NewPod(getNS("x"), "d"), Labels: map[string]string{"pod": "d"}, }, ExpectConnectivity: Dropped, @@ -1390,13 +1342,11 @@ func testANNPGroupAppliedToPodAdd(t *testing.T, data *TestData) { } testStep := []*TestStep{ { - "Port 80", - nil, - []metav1.Object{grpBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80", + TestResources: []metav1.Object{grpBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, }, } testCase := []*TestCase{ @@ -1406,17 +1356,17 @@ func testANNPGroupAppliedToPodAdd(t *testing.T, data *TestData) { } func testANNPGroupServiceRefPodAdd(t *testing.T, data *TestData) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) - svc2 := k8sUtils.BuildService("svc2", namespaces["x"], 80, 80, map[string]string{"app": "b"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) + svc2 := k8sUtils.BuildService("svc2", getNS("x"), 80, 80, map[string]string{"app": "b"}, nil) grp1Name, grp2Name := "grp-svc1", "grp-svc2" grpBuilder1 := &GroupSpecBuilder{} - grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc1") + grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc1") grpBuilder2 := &GroupSpecBuilder{} - grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc2") + grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc2") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) + builder = builder.SetName(getNS("x"), "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grp2Name, "") @@ -1425,11 +1375,11 @@ func testANNPGroupServiceRefPodAdd(t *testing.T, data *TestData) { cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["x"], svc2PodName), + Pod: NewPod(getNS("x"), svc2PodName), Labels: map[string]string{"pod": svc2PodName, "app": "b"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["x"], svc1PodName), + Pod: NewPod(getNS("x"), svc1PodName), Labels: map[string]string{"pod": svc1PodName, "app": "a"}, }, ExpectConnectivity: Dropped, @@ -1438,15 +1388,14 @@ func testANNPGroupServiceRefPodAdd(t *testing.T, data *TestData) { } reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) testStep := &TestStep{ - "Port 80 updated", - reachability, - []metav1.Object{svc1, svc2, grpBuilder1.Get(), grpBuilder2.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80 updated", + Reachability: reachability, + TestResources: []metav1.Object{svc1, svc2, grpBuilder1.Get(), grpBuilder2.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, } testSteps := []*TestStep{testStep} @@ -1457,8 +1406,8 @@ func testANNPGroupServiceRefPodAdd(t *testing.T, data *TestData) { } func testANNPGroupServiceRefDelete(t *testing.T) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) - svc2 := k8sUtils.BuildService("svc2", namespaces["x"], 80, 80, map[string]string{"app": "b"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) + svc2 := k8sUtils.BuildService("svc2", getNS("x"), 80, 80, map[string]string{"app": "b"}, nil) k8sUtils.CreateOrUpdateService(svc1) failOnError(waitForResourceReady(t, timeout, svc1), t) k8sUtils.CreateOrUpdateService(svc2) @@ -1466,9 +1415,9 @@ func testANNPGroupServiceRefDelete(t *testing.T) { grp1Name, grp2Name := "grp-svc1", "grp-svc2" grpBuilder1 := &GroupSpecBuilder{} - grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc1") + grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc1") grpBuilder2 := &GroupSpecBuilder{} - grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc2") + grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc2") grp1 := grpBuilder1.Get() k8sUtils.CreateOrUpdateGroup(grp1) failOnError(waitForResourceReady(t, timeout, grp1), t) @@ -1477,7 +1426,7 @@ func testANNPGroupServiceRefDelete(t *testing.T) { failOnError(waitForResourceReady(t, timeout, grp2), t) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) + builder = builder.SetName(getNS("x"), "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grp2Name, "") annp := builder.Get() @@ -1485,7 +1434,7 @@ func testANNPGroupServiceRefDelete(t *testing.T) { failOnError(waitForResourceReady(t, timeout, annp), t) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) k8sUtils.Validate(allPods, reachability, []int32{80}, ProtocolTCP) _, wrong, _ := reachability.Summary() if wrong != 0 { @@ -1508,49 +1457,45 @@ func testANNPGroupServiceRefDelete(t *testing.T) { } func testANNPGroupServiceRefCreateAndUpdate(t *testing.T) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) - svc2 := k8sUtils.BuildService("svc2", namespaces["x"], 80, 80, map[string]string{"app": "b"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) + svc2 := k8sUtils.BuildService("svc2", getNS("x"), 80, 80, map[string]string{"app": "b"}, nil) grp1Name, grp2Name := "grp-svc1", "grp-svc2" grpBuilder1 := &GroupSpecBuilder{} - grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc1") + grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc1") grpBuilder2 := &GroupSpecBuilder{} - grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc2") + grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc2") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) + builder = builder.SetName(getNS("x"), "annp-grp-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ANNPAppliedToSpec{{Group: grp1Name}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grp2Name, "") // Pods backing svc1 (label pod=a) in Namespace x should not allow ingress from Pods backing svc2 (label pod=b) in Namespace x. reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) testStep1 := &TestStep{ - "Port 80", - reachability, - []metav1.Object{svc1, svc2, grpBuilder1.Get(), grpBuilder2.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{svc1, svc2, grpBuilder1.Get(), grpBuilder2.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } // Test update selector of Service referred in grp-svc1, and update serviceReference of grp-svc2. - svc1Updated := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "b"}, nil) - svc3 := k8sUtils.BuildService("svc3", namespaces["x"], 80, 80, map[string]string{"app": "c"}, nil) - grpBuilder2Updated := grpBuilder2.SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc3") + svc1Updated := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "b"}, nil) + svc3 := k8sUtils.BuildService("svc3", getNS("x"), 80, 80, map[string]string{"app": "c"}, nil) + grpBuilder2Updated := grpBuilder2.SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc3") // Pods backing svc1 (label pod=b) in namespace x should not allow ingress from Pods backing svc3 (label pod=d) in namespace x. reachability2 := NewReachability(allPods, Connected) - reachability2.Expect(Pod(namespaces["x"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) + reachability2.Expect(getPod("x", "c"), getPod("x", "b"), Dropped) testStep2 := &TestStep{ - "Port 80 updated", - reachability2, - []metav1.Object{svc1Updated, svc3, grpBuilder1.Get(), grpBuilder2Updated.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 updated", + Reachability: reachability2, + TestResources: []metav1.Object{svc1Updated, svc3, grpBuilder1.Get(), grpBuilder2Updated.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testSteps := []*TestStep{testStep1, testStep2} @@ -1561,8 +1506,8 @@ func testANNPGroupServiceRefCreateAndUpdate(t *testing.T) { } func testANNPGroupRefRuleIPBlocks(t *testing.T) { - podXBIP, _ := podIPs[namespaces["x"]+"/b"] - podXCIP, _ := podIPs[namespaces["x"]+"/c"] + podXBIP, _ := podIPs[getPodName("x", "b")] + podXCIP, _ := podIPs[getPodName("x", "c")] // There are three situations of a Pod's IP(s): // 1. Only one IPv4 address. // 2. Only one IPv6 address. @@ -1582,27 +1527,25 @@ func testANNPGroupRefRuleIPBlocks(t *testing.T) { grpName := "grp-ipblocks-pod-xb-xc" grpBuilder := &GroupSpecBuilder{} - grpBuilder = grpBuilder.SetName(grpName).SetNamespace(namespaces["x"]).SetIPBlocks(ipBlock) + grpBuilder = grpBuilder.SetName(grpName).SetNamespace(getNS("x")).SetIPBlocks(ipBlock) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-deny-xb-xc-ips-ingress-for-xa"). + builder = builder.SetName(getNS("x"), "annp-deny-xb-xc-ips-ingress-for-xa"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grpName, "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/c"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) + reachability.Expect(getPod("x", "c"), getPod("x", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), grpBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), grpBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1612,21 +1555,21 @@ func testANNPGroupRefRuleIPBlocks(t *testing.T) { } func testANNPNestedGroupCreateAndUpdate(t *testing.T, data *TestData) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) svc1PodName := randName("test-pod-svc1-") grp1Name, grp2Name, grp3Name := "grp-svc-x-a", "grp-select-x-b", "grp-select-x-c" grpBuilder1 := &GroupSpecBuilder{} - grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(namespaces["x"]).SetServiceReference(namespaces["x"], "svc1") + grpBuilder1 = grpBuilder1.SetName(grp1Name).SetNamespace(getNS("x")).SetServiceReference(getNS("x"), "svc1") grpBuilder2 := &GroupSpecBuilder{} - grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "b"}, nil) + grpBuilder2 = grpBuilder2.SetName(grp2Name).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "b"}, nil) grpBuilder3 := &GroupSpecBuilder{} - grpBuilder3 = grpBuilder3.SetName(grp3Name).SetNamespace(namespaces["x"]).SetPodSelector(map[string]string{"pod": "c"}, nil) + grpBuilder3 = grpBuilder3.SetName(grp3Name).SetNamespace(getNS("x")).SetPodSelector(map[string]string{"pod": "c"}, nil) grpNestedName := "grp-nested" grpBuilderNested := &GroupSpecBuilder{} - grpBuilderNested = grpBuilderNested.SetName(grpNestedName).SetNamespace(namespaces["x"]).SetChildGroups([]string{grp1Name, grp3Name}) + grpBuilderNested = grpBuilderNested.SetName(grpNestedName).SetNamespace(getNS("x")).SetChildGroups([]string{grp1Name, grp3Name}) builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["x"], "annp-nested-grp").SetPriority(1.0). + builder = builder.SetName(getNS("x"), "annp-nested-grp").SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{}}). AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, grpNestedName, "") @@ -1635,36 +1578,34 @@ func testANNPNestedGroupCreateAndUpdate(t *testing.T, data *TestData) { // Note that in this testStep grp3 will not be created yet, so even though grp-nested selects grp1 and // grp3 as childGroups, only members of grp1 will be included as this time. reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["x"], Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("x"), Dropped) reachability.ExpectSelf(allPods, Connected) testStep1 := &TestStep{ - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the Group is created after the ANNP - []metav1.Object{builder.Get(), svc1, grpBuilder1.Get(), grpBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), svc1, grpBuilder1.Get(), grpBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } // Test update "grp-nested" to include "grp-select-x-b" as well. grpBuilderNested = grpBuilderNested.SetChildGroups([]string{grp1Name, grp2Name, grp3Name}) // In addition to x/a, all traffic from x/b to Namespace x should also be denied. reachability2 := NewReachability(allPods, Connected) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["x"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/b"), namespaces["x"], Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "a"), getNS("x"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "b"), getNS("x"), Dropped) reachability2.ExpectSelf(allPods, Connected) // New member in grp-svc-x-a should be reflected in grp-nested as well. cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["x"], svc1PodName), + Pod: NewPod(getNS("x"), svc1PodName), Labels: map[string]string{"pod": svc1PodName, "app": "a"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["x"], "test-add-pod-ns-x"), + Pod: NewPod(getNS("x"), "test-add-pod-ns-x"), Labels: map[string]string{"pod": "test-add-pod-ns-x"}, }, ExpectConnectivity: Dropped, @@ -1672,30 +1613,27 @@ func testANNPNestedGroupCreateAndUpdate(t *testing.T, data *TestData) { }, } testStep2 := &TestStep{ - "Port 80 updated", - reachability2, - []metav1.Object{grpBuilder2.Get(), grpBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80 updated", + Reachability: reachability2, + TestResources: []metav1.Object{grpBuilder2.Get(), grpBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, } // In this testStep grp3 is created. It's members should reflect in grp-nested // and as a result, all traffic from x/c to Namespace x should be denied as well. reachability3 := NewReachability(allPods, Connected) - reachability3.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["x"], Dropped) - reachability3.ExpectEgressToNamespace(Pod(namespaces["x"]+"/b"), namespaces["x"], Dropped) - reachability3.ExpectEgressToNamespace(Pod(namespaces["x"]+"/c"), namespaces["x"], Dropped) + reachability3.ExpectEgressToNamespace(getPod("x", "a"), getNS("x"), Dropped) + reachability3.ExpectEgressToNamespace(getPod("x", "b"), getNS("x"), Dropped) + reachability3.ExpectEgressToNamespace(getPod("x", "c"), getNS("x"), Dropped) reachability3.ExpectSelf(allPods, Connected) testStep3 := &TestStep{ - "Port 80 updated", - reachability3, - []metav1.Object{grpBuilder3.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 updated", + Reachability: reachability3, + TestResources: []metav1.Object{grpBuilder3.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testSteps := []*TestStep{testStep1, testStep2, testStep3} @@ -1712,45 +1650,43 @@ func testBaselineNamespaceIsolation(t *testing.T) { nsExpOtherThanX := metav1.LabelSelectorRequirement{ Key: "ns", Operator: metav1.LabelSelectorOpNotIn, - Values: []string{namespaces["x"]}, + Values: []string{getNS("x")}, } builder = builder.SetName("acnp-baseline-isolate-ns-x"). SetTier("baseline"). SetPriority(1.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, []metav1.LabelSelectorRequirement{nsExpOtherThanX}, false, - nil, crdv1beta1.RuleActionDrop, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, + nil, nil, []metav1.LabelSelectorRequirement{nsExpOtherThanX}, nil, + nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) // create a K8s NetworkPolicy for Pods in namespace x to allow ingress traffic from Pods in the same namespace, // as well as from the y/a Pod. It should open up ingress from y/a since it's evaluated before the baseline tier. k8sNPBuilder := &NetworkPolicySpecBuilder{} - k8sNPBuilder = k8sNPBuilder.SetName(namespaces["x"], "allow-ns-x-and-y-a"). + k8sNPBuilder = k8sNPBuilder.SetName(getNS("x"), "allow-ns-x-and-y-a"). SetTypeIngress(). AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, - nil, map[string]string{"ns": namespaces["x"]}, nil, nil). + nil, map[string]string{"ns": getNS("x")}, nil, nil). AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, - map[string]string{"pod": "a"}, map[string]string{"ns": namespaces["y"]}, nil, nil) + map[string]string{"pod": "a"}, map[string]string{"ns": getNS("y")}, nil, nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["y"]+"/c"), Pod(namespaces["x"]+"/a"), Dropped) - reachability.ExpectIngressFromNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["y"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["y"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachability.ExpectIngressFromNamespace(Pod(namespaces["x"]+"/b"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["y"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachability.Expect(Pod(namespaces["y"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) - reachability.ExpectIngressFromNamespace(Pod(namespaces["x"]+"/c"), namespaces["z"], Dropped) + reachability.Expect(getPod("y", "b"), getPod("x", "a"), Dropped) + reachability.Expect(getPod("y", "c"), getPod("x", "a"), Dropped) + reachability.ExpectIngressFromNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("y", "b"), getPod("x", "b"), Dropped) + reachability.Expect(getPod("y", "c"), getPod("x", "b"), Dropped) + reachability.ExpectIngressFromNamespace(getPod("x", "b"), getNS("z"), Dropped) + reachability.Expect(getPod("y", "b"), getPod("x", "c"), Dropped) + reachability.Expect(getPod("y", "c"), getPod("x", "c"), Dropped) + reachability.ExpectIngressFromNamespace(getPod("x", "c"), getNS("z"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), k8sNPBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), k8sNPBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1758,7 +1694,7 @@ func testBaselineNamespaceIsolation(t *testing.T) { } executeTests(t, testCase) // Cleanup the K8s NetworkPolicy created for this test. - failOnError(k8sUtils.CleanNetworkPolicies(map[string]string{"x": namespaces["x"]}), t) + failOnError(k8sUtils.CleanNetworkPolicies(map[string]TestNamespaceMeta{"x": {Name: getNS("x")}}), t) time.Sleep(networkPolicyDelay) } @@ -1768,65 +1704,61 @@ func testACNPPriorityOverride(t *testing.T) { builder1 := &ClusterNetworkPolicySpecBuilder{} builder1 = builder1.SetName("acnp-priority1"). SetPriority(1.001). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Highest priority. Drops traffic from z/b to x/a. - builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-priority2"). SetPriority(1.002). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Medium priority. Allows traffic from z to x/a. - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder3 := &ClusterNetworkPolicySpecBuilder{} builder3 = builder3.SetName("acnp-priority3"). SetPriority(1.003). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) // Lowest priority. Drops traffic from z to x. - builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityTwoACNPs := NewReachability(allPods, Connected) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "c"), Dropped) reachabilityAllACNPs := NewReachability(allPods, Connected) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "a"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "a"), getPod("x", "c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "a"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "c"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "c"), getPod("x", "c"), Dropped) testStepTwoACNP := []*TestStep{ { - "Two Policies with different priorities", - reachabilityTwoACNPs, - []metav1.Object{builder3.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies with different priorities", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder3.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } // Create the Policies in specific order to make sure that priority re-assignments work as expected. testStepAll := []*TestStep{ { - "All three Policies", - reachabilityAllACNPs, - []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "All three Policies", + Reachability: reachabilityAllACNPs, + TestResources: []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1843,66 +1775,62 @@ func testACNPTierOverride(t *testing.T) { builder1 = builder1.SetName("acnp-tier-emergency"). SetTier("emergency"). SetPriority(100). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Highest priority tier. Drops traffic from z/b to x/a. - builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-tier-securityops"). SetTier("securityops"). SetPriority(10). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Medium priority tier. Allows traffic from z to x/a. - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder3 := &ClusterNetworkPolicySpecBuilder{} builder3 = builder3.SetName("acnp-tier-application"). SetTier("application"). SetPriority(1). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) // Lowest priority tier. Drops traffic from z to x. - builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityTwoACNPs := NewReachability(allPods, Connected) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "c"), Dropped) reachabilityAllACNPs := NewReachability(allPods, Connected) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityAllACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "a"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "a"), getPod("x", "c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "a"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "b"), getPod("x", "c"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "c"), getPod("x", "b"), Dropped) + reachabilityAllACNPs.Expect(getPod("z", "c"), getPod("x", "c"), Dropped) testStepTwoACNP := []*TestStep{ { - "Two Policies in different tiers", - reachabilityTwoACNPs, - []metav1.Object{builder3.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies in different tiers", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder3.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testStepAll := []*TestStep{ { - "All three Policies in different tiers", - reachabilityAllACNPs, - []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "All three Policies in different tiers", + Reachability: reachabilityAllACNPs, + TestResources: []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1927,36 +1855,34 @@ func testACNPCustomTiers(t *testing.T) { builder1 = builder1.SetName("acnp-tier-high"). SetTier("high-priority"). SetPriority(100). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Medium priority tier. Allows traffic from z to x/a. - builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-tier-low"). SetTier("low-priority"). SetPriority(1). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) // Lowest priority tier. Drops traffic from z to x. - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityTwoACNPs := NewReachability(allPods, Connected) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/b"), Dropped) - reachabilityTwoACNPs.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["x"]+"/c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "a"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "b"), getPod("x", "c"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "b"), Dropped) + reachabilityTwoACNPs.Expect(getPod("z", "c"), getPod("x", "c"), Dropped) testStepTwoACNP := []*TestStep{ { - "Two Policies in different tiers", - reachabilityTwoACNPs, - []metav1.Object{builder2.Get(), builder1.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies in different tiers", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder2.Get(), builder1.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -1975,32 +1901,30 @@ func testACNPPriorityConflictingRule(t *testing.T) { builder1 := &ClusterNetworkPolicySpecBuilder{} builder1 = builder1.SetName("acnp-drop"). SetPriority(1). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-allow"). SetPriority(2). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) // The following ingress rule will take no effect as it is exactly the same as ingress rule of cnp-drop, // but cnp-allow has lower priority. - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachabilityBothACNP := NewReachability(allPods, Connected) - reachabilityBothACNP.ExpectEgressToNamespace(Pod(namespaces["z"]+"/a"), namespaces["x"], Dropped) - reachabilityBothACNP.ExpectEgressToNamespace(Pod(namespaces["z"]+"/b"), namespaces["x"], Dropped) - reachabilityBothACNP.ExpectEgressToNamespace(Pod(namespaces["z"]+"/c"), namespaces["x"], Dropped) + reachabilityBothACNP.ExpectEgressToNamespace(getPod("z", "a"), getNS("x"), Dropped) + reachabilityBothACNP.ExpectEgressToNamespace(getPod("z", "b"), getNS("x"), Dropped) + reachabilityBothACNP.ExpectEgressToNamespace(getPod("z", "c"), getNS("x"), Dropped) testStep := []*TestStep{ { - "Both ACNP", - reachabilityBothACNP, - []metav1.Object{builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Both ACNP", + Reachability: reachabilityBothACNP, + TestResources: []metav1.Object{builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -2016,38 +1940,36 @@ func testACNPRulePriority(t *testing.T) { // acnp-deny will apply to all pods in namespace x builder1 = builder1.SetName("acnp-deny"). SetPriority(5). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["y"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("y")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) // This rule should take no effect as it will be overridden by the first rule of cnp-allow - builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} // acnp-allow will also apply to all pods in namespace x builder2 = builder2.SetName("acnp-allow"). SetPriority(5). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder2.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) - // This rule should take no effect as it will be overridden by the first rule of cnp-deny - builder2.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["y"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) + builder2.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) + // This rule should take no effect as it will be overridden by the first rule of cnp-drop + builder2.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("y")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) // Only egress from pods in namespace x to namespace y should be denied reachabilityBothACNP := NewReachability(allPods, Connected) - reachabilityBothACNP.ExpectIngressFromNamespace(Pod(namespaces["y"]+"/a"), namespaces["x"], Dropped) - reachabilityBothACNP.ExpectIngressFromNamespace(Pod(namespaces["y"]+"/b"), namespaces["x"], Dropped) - reachabilityBothACNP.ExpectIngressFromNamespace(Pod(namespaces["y"]+"/c"), namespaces["x"], Dropped) + reachabilityBothACNP.ExpectIngressFromNamespace(getPod("y", "a"), getNS("x"), Dropped) + reachabilityBothACNP.ExpectIngressFromNamespace(getPod("y", "b"), getNS("x"), Dropped) + reachabilityBothACNP.ExpectIngressFromNamespace(getPod("y", "c"), getNS("x"), Dropped) testStep := []*TestStep{ { - "Both ACNP", - reachabilityBothACNP, - []metav1.Object{builder2.Get(), builder1.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Both ACNP", + Reachability: reachabilityBothACNP, + TestResources: []metav1.Object{builder2.Get(), builder1.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -2062,23 +1984,21 @@ func testACNPPortRange(t *testing.T) { builder = builder.SetName("acnp-deny-a-to-z-egress-port-range"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddEgress(ProtocolTCP, &p8080, nil, &p8082, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "acnp-port-range", nil) + builder.AddEgress(ProtocolTCP, &p8080, nil, &p8082, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "acnp-port-range", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Dropped) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Dropped) testSteps := []*TestStep{ { - fmt.Sprintf("ACNP Drop Ports 8080:8082"), - reachability, - []metav1.Object{builder.Get()}, - []int32{8080, 8081, 8082}, - ProtocolTCP, - 0, - nil, + Name: fmt.Sprintf("ACNP Drop Ports 8080:8082"), + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{8080, 8081, 8082}, + Protocol: ProtocolTCP, }, } @@ -2094,23 +2014,21 @@ func testACNPRejectEgress(t *testing.T) { builder = builder.SetName("acnp-reject-a-to-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Rejected) - reachability.ExpectEgressToNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Rejected) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/b"), Rejected) - reachability.Expect(Pod(namespaces["z"]+"/a"), Pod(namespaces["z"]+"/c"), Rejected) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Rejected) + reachability.ExpectEgressToNamespace(getPod("y", "a"), getNS("z"), Rejected) + reachability.Expect(getPod("z", "a"), getPod("z", "b"), Rejected) + reachability.Expect(getPod("z", "a"), getPod("z", "c"), Rejected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -2125,23 +2043,21 @@ func testACNPRejectIngress(t *testing.T, protocol AntreaPolicyProtocol) { builder = builder.SetName("acnp-reject-a-from-z-ingress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectIngressFromNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Rejected) - reachability.ExpectIngressFromNamespace(Pod(namespaces["y"]+"/a"), namespaces["z"], Rejected) - reachability.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["z"]+"/a"), Rejected) - reachability.Expect(Pod(namespaces["z"]+"/c"), Pod(namespaces["z"]+"/a"), Rejected) + reachability.ExpectIngressFromNamespace(getPod("x", "a"), getNS("z"), Rejected) + reachability.ExpectIngressFromNamespace(getPod("y", "a"), getNS("z"), Rejected) + reachability.Expect(getPod("z", "b"), getPod("z", "a"), Rejected) + reachability.Expect(getPod("z", "c"), getPod("z", "a"), Rejected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -2183,10 +2099,10 @@ func testRejectServiceTraffic(t *testing.T, data *TestData, clientNamespace, ser builder1 = builder1.SetName("acnp-reject-egress-svc-traffic"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": "agnhost-client"}}}) - builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, svc1.Spec.Selector, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) - builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, svc2.Spec.Selector, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "s1"}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "s2"}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) acnpEgress := builder1.Get() k8sUtils.CreateOrUpdateACNP(acnpEgress) @@ -2210,8 +2126,8 @@ func testRejectServiceTraffic(t *testing.T, data *TestData, clientNamespace, ser builder2 = builder2.SetName("acnp-reject-ingress-svc-traffic"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: svc1.Spec.Selector}, {PodSelector: svc2.Spec.Selector}}) - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "agnhost-client"}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "agnhost-client"}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) acnpIngress := builder2.Get() k8sUtils.CreateOrUpdateACNP(acnpIngress) @@ -2301,10 +2217,10 @@ func testRejectNoInfiniteLoop(t *testing.T, data *TestData, clientNamespace, ser builder1 := &ClusterNetworkPolicySpecBuilder{} builder1 = builder1.SetName("acnp-reject-ingress-double-dir"). SetPriority(1.0) - builder1.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, nil, - nil, nil, nil, false, []ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}, crdv1beta1.RuleActionReject, "", "", nil) - builder1.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, nil, - nil, nil, nil, false, []ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}, crdv1beta1.RuleActionReject, "", "", nil) + builder1.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, + nil, nil, nil, nil, nil, []ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}, crdv1beta1.RuleActionReject, "", "", nil) + builder1.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, + nil, nil, nil, nil, nil, []ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}, crdv1beta1.RuleActionReject, "", "", nil) runTestsWithACNP(builder1.Get(), testcases) @@ -2312,10 +2228,10 @@ func testRejectNoInfiniteLoop(t *testing.T, data *TestData, clientNamespace, ser builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-reject-egress-double-dir"). SetPriority(1.0) - builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, nil, - nil, nil, nil, false, []ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}, crdv1beta1.RuleActionReject, "", "", nil) - builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, nil, - nil, nil, nil, false, []ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}, crdv1beta1.RuleActionReject, "", "", nil) + builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, + nil, nil, nil, nil, nil, []ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}, crdv1beta1.RuleActionReject, "", "", nil) + builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, + nil, nil, nil, nil, nil, []ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}, crdv1beta1.RuleActionReject, "", "", nil) runTestsWithACNP(builder2.Get(), testcases) @@ -2324,10 +2240,10 @@ func testRejectNoInfiniteLoop(t *testing.T, data *TestData, clientNamespace, ser builder3 = builder3.SetName("acnp-reject-server-double-dir"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}) - builder3.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) - builder3.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder3.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder3.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": clientName}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) runTestsWithACNP(builder3.Get(), testcases) @@ -2336,10 +2252,10 @@ func testRejectNoInfiniteLoop(t *testing.T, data *TestData, clientNamespace, ser builder4 = builder4.SetName("acnp-reject-client-double-dir"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}) - builder4.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) - builder4.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder4.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) + builder4.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"app": "nginx"}, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) runTestsWithACNP(builder4.Get(), testcases) } @@ -2347,24 +2263,22 @@ func testRejectNoInfiniteLoop(t *testing.T, data *TestData, clientNamespace, ser // testANNPPortRange tests the port range in a ANNP can work. func testANNPPortRange(t *testing.T) { builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["y"], "annp-deny-yb-to-xc-egress-port-range"). + builder = builder.SetName(getNS("y"), "annp-deny-yb-to-xc-egress-port-range"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "b"}}}) - builder.AddEgress(ProtocolTCP, &p8080, nil, &p8082, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddEgress(ProtocolTCP, &p8080, nil, &p8082, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "c"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "annp-port-range") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/b"), Pod(namespaces["x"]+"/c"), Dropped) + reachability.Expect(getPod("y", "b"), getPod("x", "c"), Dropped) var testSteps []*TestStep testSteps = append(testSteps, &TestStep{ - fmt.Sprintf("ANNP Drop Ports 8080:8082"), - reachability, - []metav1.Object{builder.Get()}, - []int32{8080, 8081, 8082}, - ProtocolTCP, - 0, - nil, + Name: fmt.Sprintf("ANNP Drop Ports 8080:8082"), + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{8080, 8081, 8082}, + Protocol: ProtocolTCP, }) testCase := []*TestCase{ @@ -2377,40 +2291,36 @@ func testANNPPortRange(t *testing.T) { // that specifies that. Also it tests that a K8s NetworkPolicy with same appliedTo will not affect its behavior. func testANNPBasic(t *testing.T) { builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["y"], "np-same-name"). + builder = builder.SetName(getNS("y"), "np-same-name"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } // build a K8s NetworkPolicy that has the same appliedTo but allows all traffic. k8sNPBuilder := &NetworkPolicySpecBuilder{} - k8sNPBuilder = k8sNPBuilder.SetName(namespaces["y"], "np-same-name"). + k8sNPBuilder = k8sNPBuilder.SetName(getNS("y"), "np-same-name"). SetPodSelector(map[string]string{"pod": "a"}) k8sNPBuilder.AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil) testStep2 := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), k8sNPBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), k8sNPBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -2424,14 +2334,14 @@ func testANNPBasic(t *testing.T) { // update on the Antrea NetworkPolicy allows traffic from X/B to Y/A on port 80. func testANNPUpdate(t *testing.T, data *TestData) { builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["y"], "np-before-update"). + builder = builder.SetName(getNS("y"), "np-before-update"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) annp, err := k8sUtils.CreateOrUpdateANNP(builder.Get()) failOnError(err, t) failOnError(data.waitForANNPRealized(t, annp.Namespace, annp.Name, policyRealizedTimeout), t) @@ -2443,10 +2353,10 @@ func testANNPUpdate(t *testing.T, data *TestData) { } updatedBuilder := &AntreaNetworkPolicySpecBuilder{} - updatedBuilder = updatedBuilder.SetName(namespaces["y"], "np-before-update"). + updatedBuilder = updatedBuilder.SetName(getNS("y"), "np-before-update"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}) - updatedBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + updatedBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "") updatedReachability := NewReachability(allPods, Connected) annp, err = k8sUtils.CreateOrUpdateANNP(updatedBuilder.Get()) @@ -2467,22 +2377,22 @@ func testANNPUpdate(t *testing.T, data *TestData) { func testANNPMultipleAppliedTo(t *testing.T, data *TestData, singleRule bool) { tempLabel := randName("temp-") builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["y"], "np-multiple-appliedto").SetPriority(1.0) + builder = builder.SetName(getNS("y"), "np-multiple-appliedto").SetPriority(1.0) // Make it apply to an extra dummy AppliedTo to ensure it handles multiple AppliedToGroups correctly. // See https://github.com/antrea-io/antrea/issues/2083. if singleRule { builder.SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}, {PodSelector: map[string]string{tempLabel: ""}}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "") } else { - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, []ANNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}}}, crdv1beta1.RuleActionDrop, "", "") - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, []ANNPAppliedToSpec{{PodSelector: map[string]string{tempLabel: ""}}}, crdv1beta1.RuleActionDrop, "", "") } reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) annp, err := k8sUtils.CreateOrUpdateANNP(builder.Get()) failOnError(err, t) @@ -2495,7 +2405,7 @@ func testANNPMultipleAppliedTo(t *testing.T, data *TestData, singleRule bool) { } t.Logf("Making the Policy apply to y/c by labeling it with the temporary label that matches the dummy AppliedTo") - podYC, err := k8sUtils.GetPodByLabel(namespaces["y"], "c") + podYC, err := k8sUtils.GetPodByLabel(getNS("y"), "c") if err != nil { t.Errorf("Failed to get Pod in Namespace y with label 'pod=c': %v", err) } @@ -2503,8 +2413,8 @@ func testANNPMultipleAppliedTo(t *testing.T, data *TestData, singleRule bool) { podYC, err = k8sUtils.clientset.CoreV1().Pods(podYC.Namespace).Update(context.TODO(), podYC, metav1.UpdateOptions{}) assert.NoError(t, err) reachability = NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/c"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "c"), Dropped) time.Sleep(networkPolicyDelay) k8sUtils.Validate(allPods, reachability, []int32{80}, ProtocolTCP) _, wrong, _ = reachability.Summary() @@ -2518,7 +2428,7 @@ func testANNPMultipleAppliedTo(t *testing.T, data *TestData, singleRule bool) { _, err = k8sUtils.clientset.CoreV1().Pods(podYC.Namespace).Update(context.TODO(), podYC, metav1.UpdateOptions{}) assert.NoError(t, err) reachability = NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) time.Sleep(networkPolicyDelay) k8sUtils.Validate(allPods, reachability, []int32{80}, ProtocolTCP) _, wrong, _ = reachability.Summary() @@ -2621,9 +2531,9 @@ func testAuditLoggingBasic(t *testing.T, data *TestData) { builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName(npName). SetPriority(1.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", ruleName, nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) + builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", ruleName, nil) builder.AddEgressLogging(logLabel) npRef := fmt.Sprintf("AntreaClusterNetworkPolicy:%s", npName) @@ -2631,7 +2541,7 @@ func testAuditLoggingBasic(t *testing.T, data *TestData) { failOnError(err, t) failOnError(data.waitForACNPRealized(t, acnp.Name, policyRealizedTimeout), t) - podXA, err := k8sUtils.GetPodByLabel(namespaces["x"], "a") + podXA, err := k8sUtils.GetPodByLabel(getNS("x"), "a") if err != nil { t.Errorf("Failed to get Pod in Namespace x with label 'pod=a': %v", err) } @@ -2649,9 +2559,9 @@ func testAuditLoggingBasic(t *testing.T, data *TestData) { k8sUtils.Probe(ns1, pod1, ns2, pod2, p80, ProtocolTCP, nil, nil) }() } - oneProbe(namespaces["x"], "a", namespaces["z"], "a") - oneProbe(namespaces["x"], "a", namespaces["z"], "b") - oneProbe(namespaces["x"], "a", namespaces["z"], "c") + oneProbe(getNS("x"), "a", getNS("z"), "a") + oneProbe(getNS("x"), "a", getNS("z"), "b") + oneProbe(getNS("x"), "a", getNS("z"), "c") wg.Wait() // nodeName is guaranteed to be set at this stage, since the framework waits for all Pods to be in Running phase @@ -2664,23 +2574,23 @@ func testAuditLoggingBasic(t *testing.T, data *TestData) { // testAuditLoggingEnableK8s tests that audit logs are generated when K8s NP is applied // tests both Allow traffic by K8s NP and Drop traffic by implicit K8s policy drop func testAuditLoggingEnableK8s(t *testing.T, data *TestData) { - failOnError(data.updateNamespaceWithAnnotations(namespaces["x"], map[string]string{networkpolicy.EnableNPLoggingAnnotationKey: "true"}), t) + failOnError(data.updateNamespaceWithAnnotations(getNS("x"), map[string]string{networkpolicy.EnableNPLoggingAnnotationKey: "true"}), t) // Add a K8s namespaced NetworkPolicy in ns x that allow ingress traffic from // Pod x/b to x/a which default denies other ingress including from Pod x/c to x/a npName := "allow-x-b-to-x-a" k8sNPBuilder := &NetworkPolicySpecBuilder{} - k8sNPBuilder = k8sNPBuilder.SetName(namespaces["x"], npName). + k8sNPBuilder = k8sNPBuilder.SetName(getNS("x"), npName). SetPodSelector(map[string]string{"pod": "a"}). SetTypeIngress(). AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, map[string]string{"pod": "b"}, nil, nil, nil) - npRef := fmt.Sprintf("K8sNetworkPolicy:%s/%s", namespaces["x"], npName) + npRef := fmt.Sprintf("K8sNetworkPolicy:%s/%s", getNS("x"), npName) knp, err := k8sUtils.CreateOrUpdateNetworkPolicy(k8sNPBuilder.Get()) failOnError(err, t) failOnError(waitForResourceReady(t, timeout, knp), t) - podXA, err := k8sUtils.GetPodByLabel(namespaces["x"], "a") + podXA, err := k8sUtils.GetPodByLabel(getNS("x"), "a") if err != nil { t.Errorf("Failed to get Pod in Namespace x with label 'pod=a': %v", err) } @@ -2702,16 +2612,16 @@ func testAuditLoggingEnableK8s(t *testing.T, data *TestData) { k8sUtils.Probe(ns1, pod1, ns2, pod2, p80, ProtocolTCP, nil, nil) }() } - oneProbe(namespaces["x"], "b", namespaces["x"], "a", matcher1) - oneProbe(namespaces["x"], "c", namespaces["x"], "a", matcher2) + oneProbe(getNS("x"), "b", getNS("x"), "a", matcher1) + oneProbe(getNS("x"), "c", getNS("x"), "a", matcher2) wg.Wait() // nodeName is guaranteed to be set at this stage, since the framework waits for all Pods to be in Running phase nodeName := podXA.Spec.NodeName checkAuditLoggingResult(t, data, nodeName, "K8sNetworkPolicy", append(matcher1.Matchers(), matcher2.Matchers()...)) - failOnError(k8sUtils.DeleteNetworkPolicy(namespaces["x"], "allow-x-b-to-x-a"), t) - failOnError(data.UpdateNamespace(namespaces["x"], func(namespace *v1.Namespace) { + failOnError(k8sUtils.DeleteNetworkPolicy(getNS("x"), "allow-x-b-to-x-a"), t) + failOnError(data.UpdateNamespace(getNS("x"), func(namespace *v1.Namespace) { delete(namespace.Annotations, networkpolicy.EnableNPLoggingAnnotationKey) }), t) } @@ -2719,23 +2629,23 @@ func testAuditLoggingEnableK8s(t *testing.T, data *TestData) { // testAuditLoggingK8sService tests that audit logs are generated for K8s Service access // tests both Allow traffic by K8s NP and Drop traffic by implicit K8s policy drop func testAuditLoggingK8sService(t *testing.T, data *TestData) { - failOnError(data.updateNamespaceWithAnnotations(namespaces["x"], map[string]string{networkpolicy.EnableNPLoggingAnnotationKey: "true"}), t) + failOnError(data.updateNamespaceWithAnnotations(getNS("x"), map[string]string{networkpolicy.EnableNPLoggingAnnotationKey: "true"}), t) // Create and expose nginx service on the same node as pod x/a - podXA, err := k8sUtils.GetPodByLabel(namespaces["x"], "a") + podXA, err := k8sUtils.GetPodByLabel(getNS("x"), "a") if err != nil { t.Errorf("Failed to get Pod in Namespace x with label 'pod=a': %v", err) } serverNode := podXA.Spec.NodeName serviceName := "nginx" - serverPodName, serverIP, nginxCleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "test-server-", serverNode, namespaces["x"], false) + serverPodName, serverIP, nginxCleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "test-server-", serverNode, getNS("x"), false) defer nginxCleanupFunc() serverPort := int32(80) ipFamily := v1.IPv4Protocol - if IPFamily(podIPs[namespaces["x"]+"/a"][0]) == "v6" { + if IPFamily(podIPs[getPodName("x", "a")][0]) == "v6" { ipFamily = v1.IPv6Protocol } - service, err := data.CreateService(serviceName, namespaces["x"], serverPort, serverPort, map[string]string{"app": "nginx"}, false, false, v1.ServiceTypeClusterIP, &ipFamily) + service, err := data.CreateService(serviceName, getNS("x"), serverPort, serverPort, map[string]string{"app": "nginx"}, false, false, v1.ServiceTypeClusterIP, &ipFamily) if err != nil { t.Fatalf("Error when creating nginx service: %v", err) } @@ -2745,12 +2655,12 @@ func testAuditLoggingK8sService(t *testing.T, data *TestData) { // Pod x/a to service nginx which default denies other ingress including from Pod x/b to service nginx npName := "allow-xa-to-service" k8sNPBuilder := &NetworkPolicySpecBuilder{} - k8sNPBuilder = k8sNPBuilder.SetName(namespaces["x"], npName). + k8sNPBuilder = k8sNPBuilder.SetName(getNS("x"), npName). SetPodSelector(map[string]string{"app": serviceName}). SetTypeIngress(). AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, map[string]string{"pod": "a"}, nil, nil, nil) - npRef := fmt.Sprintf("K8sNetworkPolicy:%s/%s", namespaces["x"], npName) + npRef := fmt.Sprintf("K8sNetworkPolicy:%s/%s", getNS("x"), npName) knp, err := k8sUtils.CreateOrUpdateNetworkPolicy(k8sNPBuilder.Get()) failOnError(err, t) @@ -2761,7 +2671,7 @@ func testAuditLoggingK8sService(t *testing.T, data *TestData) { // matcher2 is for connections dropped by the isolated behavior of the K8s NP matcher2 := NewAuditLogMatcher("K8sNetworkPolicy", "", "Ingress", "Drop") - appliedToRef := fmt.Sprintf("%s/%s", namespaces["x"], serverPodName) + appliedToRef := fmt.Sprintf("%s/%s", getNS("x"), serverPodName) // generate some traffic that wget the nginx service var wg sync.WaitGroup @@ -2776,40 +2686,38 @@ func testAuditLoggingK8sService(t *testing.T, data *TestData) { }() } } - oneProbe(namespaces["x"], "a", matcher1) - oneProbe(namespaces["x"], "b", matcher2) + oneProbe(getNS("x"), "a", matcher1) + oneProbe(getNS("x"), "b", matcher2) wg.Wait() checkAuditLoggingResult(t, data, serverNode, "K8sNetworkPolicy", append(matcher1.Matchers(), matcher2.Matchers()...)) - failOnError(k8sUtils.DeleteNetworkPolicy(namespaces["x"], npName), t) - failOnError(data.UpdateNamespace(namespaces["x"], func(namespace *v1.Namespace) { + failOnError(k8sUtils.DeleteNetworkPolicy(getNS("x"), npName), t) + failOnError(data.UpdateNamespace(getNS("x"), func(namespace *v1.Namespace) { delete(namespace.Annotations, networkpolicy.EnableNPLoggingAnnotationKey) }), t) } func testAppliedToPerRule(t *testing.T) { builder := &AntreaNetworkPolicySpecBuilder{} - builder = builder.SetName(namespaces["y"], "np1").SetPriority(1.0) + builder = builder.SetName(getNS("y"), "np1").SetPriority(1.0) annpATGrp1 := ANNPAppliedToSpec{PodSelector: map[string]string{"pod": "a"}, PodSelectorMatchExp: nil} annpATGrp2 := ANNPAppliedToSpec{PodSelector: map[string]string{"pod": "b"}, PodSelectorMatchExp: nil} - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, []ANNPAppliedToSpec{annpATGrp1}, crdv1beta1.RuleActionDrop, "", "") - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["z"]}, nil, + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("z")}, nil, nil, nil, nil, []ANNPAppliedToSpec{annpATGrp2}, crdv1beta1.RuleActionDrop, "", "") reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["y"]+"/b"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("z", "b"), getPod("y", "b"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } @@ -2817,30 +2725,27 @@ func testAppliedToPerRule(t *testing.T) { builder2 = builder2.SetName("cnp1").SetPriority(1.0) cnpATGrp1 := ACNPAppliedToSpec{PodSelector: map[string]string{"pod": "a"}, PodSelectorMatchExp: nil} cnpATGrp2 := ACNPAppliedToSpec{ - PodSelector: map[string]string{"pod": "b"}, NSSelector: map[string]string{"ns": namespaces["y"]}, + PodSelector: map[string]string{"pod": "b"}, NSSelector: map[string]string{"ns": getNS("y")}, PodSelectorMatchExp: nil, NSSelectorMatchExp: nil} - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, []ACNPAppliedToSpec{cnpATGrp1}, crdv1beta1.RuleActionDrop, "", "", nil) - builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["z"]}, - nil, nil, nil, false, []ACNPAppliedToSpec{cnpATGrp2}, crdv1beta1.RuleActionDrop, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, []ACNPAppliedToSpec{cnpATGrp1}, crdv1beta1.RuleActionDrop, "", "", nil) + builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("z")}, + nil, nil, nil, nil, []ACNPAppliedToSpec{cnpATGrp2}, crdv1beta1.RuleActionDrop, "", "", nil) reachability2 := NewReachability(allPods, Connected) - reachability2.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) - reachability2.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) - reachability2.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["z"]+"/a"), Dropped) - reachability2.Expect(Pod(namespaces["z"]+"/b"), Pod(namespaces["y"]+"/b"), Dropped) + reachability2.Expect(getPod("x", "b"), getPod("x", "a"), Dropped) + reachability2.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) + reachability2.Expect(getPod("x", "b"), getPod("z", "a"), Dropped) + reachability2.Expect(getPod("z", "b"), getPod("y", "b"), Dropped) testStep2 := []*TestStep{ { - "Port 80", - reachability2, - []metav1.Object{builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability2, + TestResources: []metav1.Object{builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } - testCase := []*TestCase{ {"ANNP AppliedTo per rule", testStep}, {"ACNP AppliedTo per rule", testStep2}, @@ -2849,47 +2754,45 @@ func testAppliedToPerRule(t *testing.T) { } func testACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *TestData) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) - svc2 := k8sUtils.BuildService("svc2", namespaces["y"], 80, 80, map[string]string{"app": "b"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) + svc2 := k8sUtils.BuildService("svc2", getNS("y"), 80, 80, map[string]string{"app": "b"}, nil) cg1Name, cg2Name := "cg-svc1", "cg-svc2" cgBuilder1 := &ClusterGroupSpecBuilder{} - cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference(namespaces["x"], "svc1") + cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference(getNS("x"), "svc1") cgBuilder2 := &ClusterGroupSpecBuilder{} - cgBuilder2 = cgBuilder2.SetName(cg2Name).SetServiceReference(namespaces["y"], "svc2") + cgBuilder2 = cgBuilder2.SetName(cg2Name).SetServiceReference(getNS("y"), "svc2") builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("cnp-cg-svc-ref").SetPriority(1.0).SetAppliedToGroup([]ACNPAppliedToSpec{{Group: cg1Name}}) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, cg2Name, "", nil) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, + nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cg2Name, "", nil) // Pods backing svc1 (label pod=a) in Namespace x should not allow ingress from Pods backing svc2 (label pod=b) in Namespace y. reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/b"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("y", "b"), getPod("x", "a"), Dropped) testStep1 := &TestStep{ - "Port 80", - reachability, - []metav1.Object{svc1, svc2, cgBuilder1.Get(), cgBuilder2.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{svc1, svc2, cgBuilder1.Get(), cgBuilder2.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } // Test update selector of Service referred in cg-svc1, and update serviceReference of cg-svc2. - svc1Updated := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "b"}, nil) - svc3 := k8sUtils.BuildService("svc3", namespaces["y"], 80, 80, map[string]string{"app": "a"}, nil) + svc1Updated := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "b"}, nil) + svc3 := k8sUtils.BuildService("svc3", getNS("y"), 80, 80, map[string]string{"app": "a"}, nil) svc1PodName := randName("test-pod-svc1-") svc3PodName := randName("test-pod-svc3-") - cgBuilder2Updated := cgBuilder2.SetServiceReference(namespaces["y"], "svc3") + cgBuilder2Updated := cgBuilder2.SetServiceReference(getNS("y"), "svc3") cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["y"], svc3PodName), + Pod: NewPod(getNS("y"), svc3PodName), Labels: map[string]string{"pod": svc3PodName, "app": "a"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["x"], svc1PodName), + Pod: NewPod(getNS("x"), svc1PodName), Labels: map[string]string{"pod": svc1PodName, "app": "b"}, }, ExpectConnectivity: Dropped, @@ -2899,32 +2802,29 @@ func testACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *TestData) // Pods backing svc1 (label pod=b) in namespace x should not allow ingress from Pods backing svc3 (label pod=a) in namespace y. reachability2 := NewReachability(allPods, Connected) - reachability2.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/b"), Dropped) + reachability2.Expect(getPod("y", "a"), getPod("x", "b"), Dropped) testStep2 := &TestStep{ - "Port 80 updated", - reachability2, - []metav1.Object{svc1Updated, svc3, cgBuilder1.Get(), cgBuilder2Updated.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80 updated", + Reachability: reachability2, + TestResources: []metav1.Object{svc1Updated, svc3, cgBuilder1.Get(), cgBuilder2Updated.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, } builderUpdated := &ClusterNetworkPolicySpecBuilder{} builderUpdated = builderUpdated.SetName("cnp-cg-svc-ref").SetPriority(1.0) - builderUpdated.SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) - builderUpdated.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["y"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builderUpdated.SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) + builderUpdated.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("y")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) // Pod x/a should not allow ingress from y/b per the updated ACNP spec. testStep3 := &TestStep{ - "Port 80 ACNP spec updated to selector", - reachability, - []metav1.Object{builderUpdated.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 ACNP spec updated to selector", + Reachability: reachability, + TestResources: []metav1.Object{builderUpdated.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testSteps := []*TestStep{testStep1, testStep2, testStep3} @@ -2935,18 +2835,18 @@ func testACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *TestData) } func testACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { - svc1 := k8sUtils.BuildService("svc1", namespaces["x"], 80, 80, map[string]string{"app": "a"}, nil) + svc1 := k8sUtils.BuildService("svc1", getNS("x"), 80, 80, map[string]string{"app": "a"}, nil) svc1PodName := randName("test-pod-svc1-") cg1Name, cg2Name, cg3Name := "cg-svc-x-a", "cg-select-y-b", "cg-select-y-c" cgBuilder1 := &ClusterGroupSpecBuilder{} - cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference(namespaces["x"], "svc1") + cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference(getNS("x"), "svc1") cgBuilder2 := &ClusterGroupSpecBuilder{} cgBuilder2 = cgBuilder2.SetName(cg2Name). - SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil). SetPodSelector(map[string]string{"pod": "b"}, nil) cgBuilder3 := &ClusterGroupSpecBuilder{} cgBuilder3 = cgBuilder3.SetName(cg3Name). - SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil). SetPodSelector(map[string]string{"pod": "c"}, nil) cgNestedName := "cg-nested" cgBuilderNested := &ClusterGroupSpecBuilder{} @@ -2954,42 +2854,40 @@ func testACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("cnp-nested-cg").SetPriority(1.0). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["z"]}}}). - AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, cgNestedName, "", nil) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("z")}}}). + AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, + nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgNestedName, "", nil) // Pods in Namespace z should not allow traffic from Pods backing svc1 (label pod=a) in Namespace x. // Note that in this testStep cg3 will not be created yet, so even though cg-nested selects cg1 and // cg3 as childGroups, only members of cg1 will be included as this time. reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) testStep1 := &TestStep{ - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), svc1, cgBuilder1.Get(), cgBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), svc1, cgBuilder1.Get(), cgBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } // Test update "cg-nested" to include "cg-select-y-b" as well. cgBuilderNested = cgBuilderNested.SetChildGroups([]string{cg1Name, cg2Name, cg3Name}) // In addition to x/a, all traffic from y/b to Namespace z should also be denied. reachability2 := NewReachability(allPods, Connected) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["y"]+"/b"), namespaces["z"], Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("y", "b"), getNS("z"), Dropped) // New member in cg-svc-x-a should be reflected in cg-nested as well. cp := []*CustomProbe{ { SourcePod: CustomPod{ - Pod: NewPod(namespaces["x"], svc1PodName), + Pod: NewPod(getNS("x"), svc1PodName), Labels: map[string]string{"pod": svc1PodName, "app": "a"}, }, DestPod: CustomPod{ - Pod: NewPod(namespaces["z"], "test-add-pod-ns-z"), + Pod: NewPod(getNS("z"), "test-add-pod-ns-z"), Labels: map[string]string{"pod": "test-add-pod-ns-z"}, }, ExpectConnectivity: Dropped, @@ -2997,29 +2895,26 @@ func testACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { }, } testStep2 := &TestStep{ - "Port 80 updated", - reachability2, - []metav1.Object{cgBuilder2.Get(), cgBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - cp, + Name: "Port 80 updated", + Reachability: reachability2, + TestResources: []metav1.Object{cgBuilder2.Get(), cgBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomProbes: cp, } // In this testStep cg3 is created. It's members should reflect in cg-nested // and as a result, all traffic from y/c to Namespace z should be denied as well. reachability3 := NewReachability(allPods, Connected) - reachability3.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability3.ExpectEgressToNamespace(Pod(namespaces["y"]+"/b"), namespaces["z"], Dropped) - reachability3.ExpectEgressToNamespace(Pod(namespaces["y"]+"/c"), namespaces["z"], Dropped) + reachability3.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability3.ExpectEgressToNamespace(getPod("y", "b"), getNS("z"), Dropped) + reachability3.ExpectEgressToNamespace(getPod("y", "c"), getNS("z"), Dropped) testStep3 := &TestStep{ - "Port 80 updated", - reachability3, - []metav1.Object{cgBuilder3.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 updated", + Reachability: reachability3, + TestResources: []metav1.Object{cgBuilder3.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testSteps := []*TestStep{testStep1, testStep2, testStep3} @@ -3030,8 +2925,8 @@ func testACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { } func testACNPNestedIPBlockClusterGroupCreateAndUpdate(t *testing.T) { - podXAIP, _ := podIPs[namespaces["x"]+"/a"] - podXBIP, _ := podIPs[namespaces["x"]+"/b"] + podXAIP, _ := podIPs[getPodName("x", "a")] + podXBIP, _ := podIPs[getPodName("x", "b")] genCIDR := func(ip string) string { switch IPFamily(ip) { case "v4": @@ -3062,43 +2957,39 @@ func testACNPNestedIPBlockClusterGroupCreateAndUpdate(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{ { PodSelector: map[string]string{"pod": "a"}, - NSSelector: map[string]string{"ns": namespaces["y"]}, + NSSelector: map[string]string{"ns": getNS("y")}, }, }) - builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgParentName, "", nil) + builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, + nil, nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgParentName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/b"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "b"), getPod("y", "a"), Dropped) testStep := &TestStep{ - "Port 80", - reachability, - []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilder2.Get(), cgParent.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilder2.Get(), cgParent.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } cgBuilder3 := &ClusterGroupSpecBuilder{} cgBuilder3 = cgBuilder3.SetName(cg3Name). - SetNamespaceSelector(map[string]string{"ns": namespaces["x"]}, nil). + SetNamespaceSelector(map[string]string{"ns": getNS("x")}, nil). SetPodSelector(map[string]string{"pod": "c"}, nil) updatedCGParent := &ClusterGroupSpecBuilder{} updatedCGParent = updatedCGParent.SetName(cgParentName).SetChildGroups([]string{cg1Name, cg3Name}) reachability2 := NewReachability(allPods, Connected) - reachability2.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability2.Expect(Pod(namespaces["x"]+"/c"), Pod(namespaces["y"]+"/a"), Dropped) + reachability2.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) + reachability2.Expect(getPod("x", "c"), getPod("y", "a"), Dropped) testStep2 := &TestStep{ - "Port 80, updated", - reachability2, - []metav1.Object{cgBuilder3.Get(), updatedCGParent.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80, updated", + Reachability: reachability2, + TestResources: []metav1.Object{cgBuilder3.Get(), updatedCGParent.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testCase := []*TestCase{ @@ -3114,21 +3005,19 @@ func testACNPNamespaceIsolation(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{}}}) // deny ingress traffic except from own namespace, which is always allowed. - builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - true, nil, crdv1beta1.RuleActionAllow, "", "", nil) - builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, + nil, nil, selfNamespace, nil, crdv1beta1.RuleActionAllow, "", "", nil) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, + nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Dropped) reachability.ExpectAllSelfNamespace(Connected) testStep1 := &TestStep{ - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } builder2 := &ClusterNetworkPolicySpecBuilder{} @@ -3136,25 +3025,23 @@ func testACNPNamespaceIsolation(t *testing.T) { SetTier("baseline"). SetPriority(1.0) builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - true, []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}, crdv1beta1.RuleActionAllow, "", "", nil) + selfNamespace, []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}, crdv1beta1.RuleActionAllow, "", "", nil) builder2.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, nil, nil, - false, []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}, crdv1beta1.RuleActionDrop, "", "", nil) + nil, []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}, crdv1beta1.RuleActionDrop, "", "", nil) reachability2 := NewReachability(allPods, Connected) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["y"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/b"), namespaces["y"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/b"), namespaces["z"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/c"), namespaces["y"], Dropped) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/c"), namespaces["z"], Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "a"), getNS("y"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "b"), getNS("y"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "b"), getNS("z"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "c"), getNS("y"), Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "c"), getNS("z"), Dropped) testStep2 := &TestStep{ - "Port 80", - reachability2, - []metav1.Object{builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability2, + TestResources: []metav1.Object{builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testCase := []*TestCase{ @@ -3171,51 +3058,164 @@ func testACNPStrictNamespacesIsolation(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{}}}) builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - true, nil, crdv1beta1.RuleActionPass, "", "", nil) + selfNamespace, nil, crdv1beta1.RuleActionPass, "", "", nil) builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) // deny ingress traffic except from own namespace, which is delegated to Namespace owners (who can create K8s // NetworkPolicies to regulate intra-Namespace traffic) reachability := NewReachability(allPods, Dropped) reachability.ExpectAllSelfNamespace(Connected) testStep1 := &TestStep{ - "Namespace isolation, Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Namespace isolation, Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } // Add a K8s namespaced NetworkPolicy in ns x that isolates all Pods in that namespace. builder2 := &NetworkPolicySpecBuilder{} - builder2 = builder2.SetName(namespaces["x"], "default-deny-in-namespace-x") + builder2 = builder2.SetName(getNS("x"), "default-deny-in-namespace-x") builder2.SetTypeIngress() reachability2 := NewReachability(allPods, Dropped) reachability2.ExpectAllSelfNamespace(Connected) - reachability2.ExpectSelfNamespace(namespaces["x"], Dropped) + reachability2.ExpectSelfNamespace(getNS("x"), Dropped) reachability2.ExpectSelf(allPods, Connected) testStep2 := &TestStep{ - "Namespace isolation with K8s NP, Port 80", - reachability2, - []metav1.Object{builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Namespace isolation with K8s NP, Port 80", + Reachability: reachability2, + TestResources: []metav1.Object{builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testCase := []*TestCase{ - {"ACNP strict Namespace isolation for all namespaces", []*TestStep{testStep1, testStep2}}, + {"ACNP strict Namespace isolation for all Namespaces", []*TestStep{testStep1, testStep2}}, } executeTests(t, testCase) } +func testACNPStrictNamespacesIsolationByLabels(t *testing.T) { + samePurposeTierLabels := &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"purpose", "tier"}, + } + builder := &ClusterNetworkPolicySpecBuilder{} + builder = builder.SetName("test-acnp-strict-ns-isolation-by-labels"). + SetTier("securityops"). + SetPriority(1.0). + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{}}}) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, + samePurposeTierLabels, nil, crdv1beta1.RuleActionPass, "", "", nil) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, nil, nil, + nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) + // prod1 and prod2 Namespaces should be able to connect to each other. The same goes for dev1 and + // dev2 Namespaces. However, any prod Namespace should not be able to connect to any dev Namespace + // due to different "tier" label values. For the "no-tier" Namespace, the first ingress rule will + // have no effect because the Namespace does not have a "tier" label. So every Pod in that Namespace + // will be isolated according to the second rule of the ACNP. + reachability := NewReachability(allPods, Dropped) + reachability.ExpectNamespaceIngressFromNamespace(getNS("prod1"), getNS("prod2"), Connected) + reachability.ExpectNamespaceEgressToNamespace(getNS("prod1"), getNS("prod2"), Connected) + reachability.ExpectNamespaceIngressFromNamespace(getNS("prod2"), getNS("prod1"), Connected) + reachability.ExpectNamespaceEgressToNamespace(getNS("prod2"), getNS("prod1"), Connected) + reachability.ExpectNamespaceIngressFromNamespace(getNS("dev1"), getNS("dev2"), Connected) + reachability.ExpectNamespaceEgressToNamespace(getNS("dev1"), getNS("dev2"), Connected) + reachability.ExpectNamespaceIngressFromNamespace(getNS("dev2"), getNS("dev1"), Connected) + reachability.ExpectNamespaceEgressToNamespace(getNS("dev2"), getNS("dev1"), Connected) + reachability.ExpectAllSelfNamespace(Connected) + reachability.ExpectSelfNamespace(getNS("no-tier"), Dropped) + reachability.ExpectSelf(allPods, Connected) + + testStep := &TestStep{ + Name: "Namespace isolation by label, Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + } + testCase := []*TestCase{ + {"ACNP strict Namespace isolation by Namespace purpose and tier labels", []*TestStep{testStep}}, + } + executeTests(t, testCase) +} + +func testACNPStrictNamespacesIsolationBySingleLabel(t *testing.T, data *TestData) { + samePurposeTierLabels := &crdv1beta1.PeerNamespaces{ + SameLabels: []string{"purpose"}, + } + builder := &ClusterNetworkPolicySpecBuilder{} + builder = builder.SetName("test-acnp-strict-ns-isolation-by-single-purpose-label"). + SetTier("securityops"). + SetPriority(1.0). + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{}}}) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, + samePurposeTierLabels, nil, crdv1beta1.RuleActionPass, "", "", nil) + builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil, nil, nil, + nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) + // Namespaces are split into two logical groups, purpose=test (prod1,2 and dev1,2) and purpose=test-exclusion + // (no-tier). The two groups of Namespace should not be able to connect to each other. + reachability := NewReachability(allPods, Connected) + reachability.ExpectNamespaceEgressToNamespace(getNS("prod1"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceEgressToNamespace(getNS("prod2"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceEgressToNamespace(getNS("dev1"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceEgressToNamespace(getNS("dev2"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceIngressFromNamespace(getNS("prod1"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceIngressFromNamespace(getNS("prod2"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceIngressFromNamespace(getNS("dev1"), getNS("no-tier"), Dropped) + reachability.ExpectNamespaceIngressFromNamespace(getNS("dev2"), getNS("no-tier"), Dropped) + + testStep := &TestStep{ + Name: "Namespace isolation by single label, Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, + } + + labelNoTierNS := func() { + nsReturned, err := data.clientset.CoreV1().Namespaces().Get(context.TODO(), getNS("no-tier"), metav1.GetOptions{}) + if err != nil { + t.Errorf("failed to get the Namespace that has no tier label") + } + nsReturned.Labels = map[string]string{ + "purpose": "test", + } + log.Infof("Updating no-tier Namespace purpose label") + if _, err = data.clientset.CoreV1().Namespaces().Update(context.TODO(), nsReturned, metav1.UpdateOptions{}); err != nil { + t.Errorf("failed to update the no-tier Namespace with purpose=test label") + } + } + revertLabel := func() { + nsReturned, err := data.clientset.CoreV1().Namespaces().Get(context.TODO(), getNS("no-tier"), metav1.GetOptions{}) + if err != nil { + t.Errorf("failed to get the no-tier Namespace") + } + nsReturned.Labels = map[string]string{ + "purpose": "test-exclusion", + } + if _, err = data.clientset.CoreV1().Namespaces().Update(context.TODO(), nsReturned, metav1.UpdateOptions{}); err != nil { + t.Errorf("failed to revert the purpose label for the no-tier Namespace") + } + } + newReachability := NewReachability(allPods, Connected) + testSetp2 := &TestStep{ + Name: "Namespace isolation after Namespace label update, Port 80", + Reachability: newReachability, + Ports: []int32{80}, + Protocol: ProtocolTCP, + CustomSetup: labelNoTierNS, + CustomTeardown: revertLabel, + } + testCase := []*TestCase{ + {"ACNP strict Namespace isolation by Namespace purpose label", []*TestStep{testStep, testSetp2}}, + } + executeTestsWithData(t, testCase, data) +} + func testFQDNPolicy(t *testing.T) { // The ipv6-only test env doesn't have IPv6 access to the web. skipIfNotIPv4Cluster(t) - // It is convenient to have higher log verbosity for FQDNtests for troubleshooting failures. + // It is convenient to have higher log verbosity for FQDN tests for troubleshooting failures. logLevel := log.GetLevel() log.SetLevel(log.TraceLevel) defer log.SetLevel(logLevel) @@ -3240,31 +3240,31 @@ func testFQDNPolicy(t *testing.T) { // All client Pods below are randomly chosen from test Namespaces. testcases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/a"), + getPod("x", "a"), "docs.github.com", 80, Rejected, }, { - Pod(namespaces["x"] + "/b"), + getPod("x", "b"), "api.github.com", 80, Rejected, }, { - Pod(namespaces["y"] + "/a"), + getPod("y", "a"), "wayfair.com", 80, Dropped, }, { - Pod(namespaces["y"] + "/b"), + getPod("y", "b"), "stackoverflow.com", 80, Dropped, }, { - Pod(namespaces["z"] + "/a"), + getPod("z", "a"), "facebook.com", 80, Connected, @@ -3292,7 +3292,7 @@ func testFQDNPolicy(t *testing.T) { // policies, to avoid having a dependency on external connectivity. The reason we // use headless Service is that FQDN will use the IP from DNS A/AAAA records to // implement flows in the egress policy table. For a non-headless Service, the DNS -// name resolves to the ClusterIP for the Service. But when traffic arrives to the +// Name resolves to the ClusterIP for the Service. But when traffic arrives to the // egress table, the dstIP has already been DNATed to the Endpoints IP by // AntreaProxy Service Load-Balancing, and the policies are not enforced correctly. // For a headless Service, the Endpoints IP will be directly returned by the DNS @@ -3303,13 +3303,13 @@ func testFQDNPolicyInClusterService(t *testing.T) { defer log.SetLevel(logLevel) var services []*v1.Service if clusterInfo.podV4NetworkCIDR != "" { - ipv4Svc := k8sUtils.BuildService("ipv4-svc", namespaces["x"], 80, 80, map[string]string{"pod": "a"}, nil) + ipv4Svc := k8sUtils.BuildService("ipv4-svc", getNS("x"), 80, 80, map[string]string{"pod": "a"}, nil) ipv4Svc.Spec.ClusterIP = "None" ipv4Svc.Spec.IPFamilies = []v1.IPFamily{v1.IPv4Protocol} services = append(services, ipv4Svc) } if clusterInfo.podV6NetworkCIDR != "" { - ipv6Svc := k8sUtils.BuildService("ipv6-svc", namespaces["x"], 80, 80, map[string]string{"pod": "b"}, nil) + ipv6Svc := k8sUtils.BuildService("ipv6-svc", getNS("x"), 80, 80, map[string]string{"pod": "b"}, nil) ipv6Svc.Spec.ClusterIP = "None" ipv6Svc.Spec.IPFamilies = []v1.IPFamily{v1.IPv6Protocol} services = append(services, ipv6Svc) @@ -3329,8 +3329,8 @@ func testFQDNPolicyInClusterService(t *testing.T) { SetTier("application"). SetPriority(1.0) for idx, service := range services { - builder.AddFQDNRule(svcDNSName(service), ProtocolTCP, nil, nil, nil, fmt.Sprintf("r%d", idx*2), []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["y"]}, PodSelector: map[string]string{"pod": "b"}}}, crdv1beta1.RuleActionReject) - builder.AddFQDNRule(svcDNSName(service), ProtocolTCP, nil, nil, nil, fmt.Sprintf("r%d", idx*2+1), []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["z"]}, PodSelector: map[string]string{"pod": "c"}}}, crdv1beta1.RuleActionDrop) + builder.AddFQDNRule(svcDNSName(service), ProtocolTCP, nil, nil, nil, fmt.Sprintf("r%d", idx*2), []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("y")}, PodSelector: map[string]string{"pod": "b"}}}, crdv1beta1.RuleActionReject) + builder.AddFQDNRule(svcDNSName(service), ProtocolTCP, nil, nil, nil, fmt.Sprintf("r%d", idx*2+1), []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("z")}, PodSelector: map[string]string{"pod": "c"}}}, crdv1beta1.RuleActionDrop) } acnp := builder.Get() k8sUtils.CreateOrUpdateACNP(acnp) @@ -3340,8 +3340,8 @@ func testFQDNPolicyInClusterService(t *testing.T) { for _, service := range services { eachServiceCases := []podToAddrTestStep{ { - Pod(namespaces["y"] + "/b"), - // To indicate the server name is a FQDN, end it with a dot. Then DNS resolver won't attempt to append + getPod("y", "b"), + // To indicate the server Name is a FQDN, end it with a dot. Then DNS resolver won't attempt to append // domain names (e.g. svc.cluster.local, cluster.local) when resolving it, making it get resolution // result more quickly. svcDNSName(service) + ".", @@ -3349,13 +3349,13 @@ func testFQDNPolicyInClusterService(t *testing.T) { Rejected, }, { - Pod(namespaces["z"] + "/c"), + getPod("z", "c"), svcDNSName(service) + ".", 80, Dropped, }, { - Pod(namespaces["x"] + "/c"), + getPod("x", "c"), svcDNSName(service) + ".", 80, Connected, @@ -3386,7 +3386,7 @@ func testFQDNPolicyInClusterService(t *testing.T) { func testFQDNPolicyTCP(t *testing.T) { // The ipv6-only test env doesn't have IPv6 access to the web. skipIfNotIPv4Cluster(t) - // It is convenient to have higher log verbosity for FQDNtests for troubleshooting failures. + // It is convenient to have higher log verbosity for FQDN tests for troubleshooting failures. logLevel := log.GetLevel() log.SetLevel(log.TraceLevel) defer log.SetLevel(logLevel) @@ -3398,7 +3398,7 @@ func testFQDNPolicyTCP(t *testing.T) { builder.AddFQDNRule("github.com", ProtocolTCP, nil, nil, nil, "", nil, crdv1beta1.RuleActionDrop) testcases := []podToAddrTestStep{ { - Pod(namespaces["y"] + "/a"), + getPod("y", "a"), "github.com", 80, Dropped, @@ -3431,12 +3431,12 @@ func testToServices(t *testing.T, data *TestData) { skipIfProxyDisabled(t, data) var services []*v1.Service if clusterInfo.podV4NetworkCIDR != "" { - ipv4Svc := k8sUtils.BuildService("ipv4-svc", namespaces["x"], 81, 81, map[string]string{"pod": "a"}, nil) + ipv4Svc := k8sUtils.BuildService("ipv4-svc", getNS("x"), 81, 81, map[string]string{"pod": "a"}, nil) ipv4Svc.Spec.IPFamilies = []v1.IPFamily{v1.IPv4Protocol} services = append(services, ipv4Svc) } if clusterInfo.podV6NetworkCIDR != "" { - ipv6Svc := k8sUtils.BuildService("ipv6-svc", namespaces["x"], 80, 80, map[string]string{"pod": "a"}, nil) + ipv6Svc := k8sUtils.BuildService("ipv6-svc", getNS("x"), 80, 80, map[string]string{"pod": "a"}, nil) ipv6Svc.Spec.IPFamilies = []v1.IPFamily{v1.IPv6Protocol} services = append(services, ipv6Svc) } @@ -3457,8 +3457,8 @@ func testToServices(t *testing.T, data *TestData) { builder = builder.SetName("test-acnp-to-services"). SetTier("application"). SetPriority(1.0) - builder.AddToServicesRule(svcRefs, "x-to-svc", []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}, crdv1beta1.RuleActionDrop) - builder.AddToServicesRule(svcRefs, "y-to-svc", []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["y"]}}}, crdv1beta1.RuleActionDrop) + builder.AddToServicesRule(svcRefs, "x-to-svc", []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}, crdv1beta1.RuleActionDrop) + builder.AddToServicesRule(svcRefs, "y-to-svc", []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("y")}}}, crdv1beta1.RuleActionDrop) time.Sleep(networkPolicyDelay) acnp := builder.Get() @@ -3469,19 +3469,19 @@ func testToServices(t *testing.T, data *TestData) { for _, service := range builtSvcs { eachServiceCases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/a"), + getPod("x", "a"), service.Spec.ClusterIP, service.Spec.Ports[0].Port, Dropped, }, { - Pod(namespaces["y"] + "/b"), + getPod("y", "b"), service.Spec.ClusterIP, service.Spec.Ports[0].Port, Dropped, }, { - Pod(namespaces["z"] + "/c"), + Pod(getNS("z") + "/c"), service.Spec.ClusterIP, service.Spec.Ports[0].Port, Connected, @@ -3509,21 +3509,21 @@ func testToServices(t *testing.T, data *TestData) { } func testServiceAccountSelector(t *testing.T, data *TestData) { - k8sUtils.CreateOrUpdateServiceAccount(k8sUtils.BuildServiceAccount("test-sa", namespaces["x"], nil)) - defer k8sUtils.DeleteServiceAccount(namespaces["x"], "test-sa") + k8sUtils.CreateOrUpdateServiceAccount(k8sUtils.BuildServiceAccount("test-sa", getNS("x"), nil)) + defer k8sUtils.DeleteServiceAccount(getNS("x"), "test-sa") serverName, serverIP, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "server", controlPlaneNodeName(), data.testNamespace, false) defer cleanupFunc() - client0Name, _, cleanupFunc := createAndWaitForPodWithServiceAccount(t, data, data.createAgnhostPodWithSAOnNode, "client", controlPlaneNodeName(), namespaces["x"], false, "test-sa") + client0Name, _, cleanupFunc := createAndWaitForPodWithServiceAccount(t, data, data.createAgnhostPodWithSAOnNode, "client", controlPlaneNodeName(), getNS("x"), false, "test-sa") defer cleanupFunc() - client1Name, _, cleanupFunc := createAndWaitForPodWithServiceAccount(t, data, data.createAgnhostPodWithSAOnNode, "client", controlPlaneNodeName(), namespaces["x"], false, "default") + client1Name, _, cleanupFunc := createAndWaitForPodWithServiceAccount(t, data, data.createAgnhostPodWithSAOnNode, "client", controlPlaneNodeName(), getNS("x"), false, "default") defer cleanupFunc() sa := &crdv1beta1.NamespacedName{ Name: "test-sa", - Namespace: namespaces["x"], + Namespace: getNS("x"), } builder := &ClusterNetworkPolicySpecBuilder{} @@ -3531,7 +3531,7 @@ func testServiceAccountSelector(t *testing.T, data *TestData) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": serverName}}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", sa) + nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", sa) acnp := builder.Get() _, err := k8sUtils.CreateOrUpdateACNP(acnp) @@ -3544,13 +3544,13 @@ func testServiceAccountSelector(t *testing.T, data *TestData) { if clusterInfo.podV4NetworkCIDR != "" { ipv4Testcases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/" + client0Name), + getPod("x", client0Name), serverIP.IPv4.String(), 80, Dropped, }, { - Pod(namespaces["x"] + "/" + client1Name), + getPod("x", client1Name), serverIP.IPv4.String(), 80, Connected, @@ -3562,13 +3562,13 @@ func testServiceAccountSelector(t *testing.T, data *TestData) { if clusterInfo.podV6NetworkCIDR != "" { ipv6Testcases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/" + client0Name), + getPod("x", client0Name), serverIP.IPv6.String(), 80, Dropped, }, { - Pod(namespaces["x"] + "/" + client1Name), + getPod("x", client1Name), serverIP.IPv6.String(), 80, Connected, @@ -3597,20 +3597,20 @@ func testACNPNodeSelectorEgress(t *testing.T) { SetPriority(1.0) nodeSelector := metav1.LabelSelector{MatchLabels: map[string]string{"kubernetes.io/hostname": controlPlaneNodeName()}} builder.AddNodeSelectorRule(&nodeSelector, ProtocolTCP, &p6443, "egress-control-plane-drop", - []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}, PodSelector: map[string]string{"pod": "a"}}}, + []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}, PodSelector: map[string]string{"pod": "a"}}}, crdv1beta1.RuleActionDrop, true) var testcases []podToAddrTestStep if clusterInfo.podV4NetworkCIDR != "" { ipv4Testcases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/a"), + getPod("x", "a"), controlPlaneNodeIPv4(), 6443, Dropped, }, { - Pod(namespaces["x"] + "/b"), + getPod("x", "b"), controlPlaneNodeIPv4(), 6443, Connected, @@ -3622,13 +3622,13 @@ func testACNPNodeSelectorEgress(t *testing.T) { if clusterInfo.podV6NetworkCIDR != "" { ipv6Testcases := []podToAddrTestStep{ { - Pod(namespaces["x"] + "/a"), + getPod("x", "a"), controlPlaneNodeIPv6(), 6443, Dropped, }, { - Pod(namespaces["x"] + "/b"), + getPod("x", "b"), controlPlaneNodeIPv6(), 6443, Connected, @@ -3655,16 +3655,16 @@ func testACNPNodeSelectorEgress(t *testing.T) { } func testACNPNodeSelectorIngress(t *testing.T, data *TestData) { - _, serverIP0, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "server0", nodeName(1), namespaces["x"], false) + _, serverIP0, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "server0", nodeName(1), getNS("x"), false) defer cleanupFunc() - _, serverIP1, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "server1", nodeName(1), namespaces["y"], false) + _, serverIP1, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "server1", nodeName(1), getNS("y"), false) defer cleanupFunc() clientName := "agnhost-client" - require.NoError(t, data.createAgnhostPodOnNode(clientName, namespaces["z"], controlPlaneNodeName(), true)) - defer data.DeletePodAndWait(defaultTimeout, clientName, namespaces["z"]) - _, err := data.podWaitForIPs(defaultTimeout, clientName, namespaces["z"]) + require.NoError(t, data.createAgnhostPodOnNode(clientName, getNS("z"), controlPlaneNodeName(), true)) + defer data.DeletePodAndWait(defaultTimeout, clientName, getNS("z")) + _, err := data.podWaitForIPs(defaultTimeout, clientName, getNS("z")) require.NoError(t, err) builder := &ClusterNetworkPolicySpecBuilder{} @@ -3672,20 +3672,20 @@ func testACNPNodeSelectorIngress(t *testing.T, data *TestData) { SetPriority(1.0) nodeSelector := metav1.LabelSelector{MatchLabels: map[string]string{"kubernetes.io/hostname": controlPlaneNodeName()}} builder.AddNodeSelectorRule(&nodeSelector, ProtocolTCP, &p80, "ingress-control-plane-drop", - []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}, + []ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}, crdv1beta1.RuleActionDrop, false) testcases := []podToAddrTestStep{} if clusterInfo.podV4NetworkCIDR != "" { ipv4TestCases := []podToAddrTestStep{ { - Pod(namespaces["z"] + "/" + clientName), + getPod("z", clientName), serverIP0.IPv4.String(), 80, Dropped, }, { - Pod(namespaces["z"] + "/" + clientName), + getPod("z", clientName), serverIP1.IPv4.String(), 80, Connected, @@ -3696,13 +3696,13 @@ func testACNPNodeSelectorIngress(t *testing.T, data *TestData) { if clusterInfo.podV6NetworkCIDR != "" { ipv6TestCases := []podToAddrTestStep{ { - Pod(namespaces["z"] + "/" + clientName), + getPod("z", clientName), serverIP0.IPv6.String(), 80, Dropped, }, { - Pod(namespaces["z"] + "/" + clientName), + getPod("z", clientName), serverIP1.IPv6.String(), 80, Connected, @@ -3745,9 +3745,9 @@ func testACNPICMPSupport(t *testing.T, data *TestData) { builder = builder.SetName("test-acnp-icmp"). SetPriority(1.0).SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": clientName}}}) builder.AddEgress(ProtocolICMP, nil, nil, nil, &icmpType, &icmpCode, nil, nil, nil, map[string]string{"antrea-e2e": server0Name}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) builder.AddEgress(ProtocolICMP, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": server1Name}, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) testcases := []podToAddrTestStep{} if clusterInfo.podV4NetworkCIDR != "" { @@ -3848,7 +3848,7 @@ func testACNPNodePortServiceSupport(t *testing.T, data *TestData, serverNamespac }, }) builder.AddIngress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, &cidr, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) acnp, err := k8sUtils.CreateOrUpdateACNP(builder.Get()) failOnError(err, t) @@ -3940,7 +3940,7 @@ func testACNPIGMPQuery(t *testing.T, data *TestData, acnpName, caseName, groupAd // create acnp with ingress rule for IGMP query igmpType := crdv1beta1.IGMPQuery builder.AddIngress(ProtocolIGMP, nil, nil, nil, nil, nil, &igmpType, &queryGroupAddress, nil, nil, nil, nil, - nil, nil, nil, false, nil, action, "", "", nil) + nil, nil, nil, nil, nil, action, "", "", nil) acnp := builder.Get() _, err = k8sUtils.CreateOrUpdateACNP(acnp) defer data.crdClient.CrdV1beta1().ClusterNetworkPolicies().Delete(context.TODO(), acnp.Name, metav1.DeleteOptions{}) @@ -4021,7 +4021,7 @@ func testACNPMulticastEgress(t *testing.T, data *TestData, acnpName, caseName, g SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": label}}}) cidr := mc.group.String() + "/32" builder.AddEgress(ProtocolUDP, nil, nil, nil, nil, nil, nil, nil, &cidr, nil, nil, nil, - nil, nil, nil, false, nil, action, "", "", nil) + nil, nil, nil, nil, nil, action, "", "", nil) acnp := builder.Get() _, err = k8sUtils.CreateOrUpdateACNP(acnp) if err != nil { @@ -4122,7 +4122,9 @@ func executeTestsWithData(t *testing.T, testList []*TestCase, data *TestData) { for _, step := range testCase.Steps { log.Infof("running step %s of test case %s", step.Name, testCase.Name) applyTestStepResources(t, step) - + if step.CustomSetup != nil { + step.CustomSetup() + } reachability := step.Reachability if reachability != nil { start := time.Now() @@ -4142,6 +4144,9 @@ func executeTestsWithData(t *testing.T, testList []*TestCase, data *TestData) { for _, p := range step.CustomProbes { doProbe(t, data, p, step.Protocol) } + if step.CustomTeardown != nil { + step.CustomTeardown() + } } log.Debug("Cleaning-up all policies and groups created by this Testcase") cleanupTestCaseResources(t, testCase) @@ -4315,7 +4320,7 @@ func waitForResourcesReady(t *testing.T, timeout time.Duration, objs ...metav1.O } // TestAntreaPolicy is the top-level test which contains all subtests for -// AntreaPolicy related test cases so they can share setup, teardown. +// AntreaPolicy related test cases so that they can share setup and teardown. func TestAntreaPolicy(t *testing.T) { skipIfHasWindowsNodes(t) skipIfAntreaPolicyDisabled(t) @@ -4326,7 +4331,7 @@ func TestAntreaPolicy(t *testing.T) { } defer teardownTest(t, data) - initialize(t, data) + initialize(t, data, nil) // This test group only provides one case for each CR, including ACNP, ANNP, Tier, // ClusterGroup and Group to make sure the corresponding validation webhooks is @@ -4457,6 +4462,54 @@ func testMulticastNP(t *testing.T, data *TestData, testNamespace string) { t.Run("Case=MulticastNPPolicyEgressDrop", func(t *testing.T) { testACNPMulticastEgressDrop(t, data, testNamespace) }) } +func TestAntreaPolicyExtendedNamespaces(t *testing.T) { + skipIfHasWindowsNodes(t) + skipIfAntreaPolicyDisabled(t) + + data, err := setupTest(t) + if err != nil { + t.Fatalf("Error when setting up test: %v", err) + } + defer teardownTest(t, data) + + extendedNamespaces := make(map[string]TestNamespaceMeta) + suffix := randName("") + // two "prod" Namespaces labeled purpose=test and tier=prod. + // two "dev" Namespaces labeled purpose=test and tier=dev. + // one "no-tier-label" Namespace labeled purpose=test. + for i := 1; i <= 2; i++ { + prodNS := TestNamespaceMeta{ + Name: "prod" + strconv.Itoa(i) + "-" + suffix, + Labels: map[string]string{ + "purpose": "test", + "tier": "prod", + }, + } + extendedNamespaces["prod"+strconv.Itoa(i)] = prodNS + devNS := TestNamespaceMeta{ + Name: "dev" + strconv.Itoa(i) + "-" + suffix, + Labels: map[string]string{ + "purpose": "test", + "tier": "dev", + }, + } + extendedNamespaces["dev"+strconv.Itoa(i)] = devNS + } + extendedNamespaces["no-tier"] = TestNamespaceMeta{ + Name: "no-tier-" + suffix, + Labels: map[string]string{ + "purpose": "test-exclusion", + }, + } + initialize(t, data, extendedNamespaces) + + t.Run("TestGroupACNPNamespaceLabelSelections", func(t *testing.T) { + t.Run("Case=ACNPStrictNamespacesIsolationByLabels", func(t *testing.T) { testACNPStrictNamespacesIsolationByLabels(t) }) + t.Run("Case=ACNPStrictNamespacesIsolationBySingleLabel", func(t *testing.T) { testACNPStrictNamespacesIsolationBySingleLabel(t, data) }) + }) + k8sUtils.Cleanup(namespaces) +} + func TestAntreaPolicyStatus(t *testing.T) { skipIfHasWindowsNodes(t) skipIfAntreaPolicyDisabled(t) @@ -4476,7 +4529,7 @@ func TestAntreaPolicyStatus(t *testing.T) { annpBuilder = annpBuilder.SetName(data.testNamespace, "annp-applied-to-two-nodes"). SetPriority(1.0). SetAppliedToGroup([]ANNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}) - annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "") annp := annpBuilder.Get() log.Debugf("creating ANNP %v", annp.Name) @@ -4488,8 +4541,8 @@ func TestAntreaPolicyStatus(t *testing.T) { acnpBuilder = acnpBuilder.SetName("acnp-applied-to-two-nodes"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"app": "nginx"}}}) - acnpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": namespaces["x"]}, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + acnpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, nil, map[string]string{"ns": getNS("x")}, + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) acnp := acnpBuilder.Get() log.Debugf("creating ACNP %v", acnp.Name) _, err = data.crdClient.CrdV1beta1().ClusterNetworkPolicies().Create(context.TODO(), acnp, metav1.CreateOptions{}) @@ -4525,9 +4578,9 @@ func TestAntreaPolicyStatusWithAppliedToPerRule(t *testing.T) { annpBuilder := &AntreaNetworkPolicySpecBuilder{} annpBuilder = annpBuilder.SetName(data.testNamespace, "annp-applied-to-per-rule"). SetPriority(1.0) - annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, []ANNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": server0Name}}}, crdv1beta1.RuleActionAllow, "", "") - annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": namespaces["x"]}, nil, + annpBuilder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"pod": "b"}, map[string]string{"ns": getNS("x")}, nil, nil, nil, nil, []ANNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": server1Name}}}, crdv1beta1.RuleActionAllow, "", "") annp := annpBuilder.Get() log.Debugf("creating ANNP %v", annp.Name) @@ -4592,15 +4645,15 @@ func TestAntreaPolicyStatusWithAppliedToUnsupportedGroup(t *testing.T) { } defer teardownTest(t, data) - initialize(t, data) + initialize(t, data, nil) - testNamespace := namespaces["x"] + testNamespace := getNS("x") // Build a Group with namespaceSelector selecting namespaces outside testNamespace. grpName := "grp-with-ns-selector" grpBuilder := &GroupSpecBuilder{} grpBuilder = grpBuilder.SetName(grpName).SetNamespace(testNamespace). SetPodSelector(map[string]string{"pod": "b"}, nil). - SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil) + SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil) grp, err := k8sUtils.CreateOrUpdateGroup(grpBuilder.Get()) failOnError(err, t) failOnError(waitForResourceReady(t, timeout, grp), t) @@ -4711,7 +4764,28 @@ func (data *TestData) waitForACNPRealized(t *testing.T, name string, timeout tim return nil } -// testANNPNetworkPolicyStatsWithDropAction tests antreanetworkpolicystats can correctly collect dropped packets stats from ANNP if +// TestAntreaPolicyStats is the top-level test which contains all subtests for +// AntreaPolicyStats related test cases so they can share setup, teardown. +func TestAntreaPolicyStats(t *testing.T) { + skipIfHasWindowsNodes(t) + skipIfAntreaPolicyDisabled(t) + skipIfNetworkPolicyStatsDisabled(t) + + data, err := setupTest(t) + if err != nil { + t.Fatalf("Error when setting up test: %v", err) + } + defer teardownTest(t, data) + + t.Run("testANNPNetworkPolicyStatsWithDropAction", func(t *testing.T) { + testANNPNetworkPolicyStatsWithDropAction(t, data) + }) + t.Run("testAntreaClusterNetworkPolicyStats", func(t *testing.T) { + testAntreaClusterNetworkPolicyStats(t, data) + }) +} + +// testANPNetworkPolicyStatsWithDropAction tests antreanetworkpolicystats can correctly collect dropped packets stats from ANP if // networkpolicystats feature is enabled func testANNPNetworkPolicyStatsWithDropAction(t *testing.T, data *TestData) { serverName, serverIPs, cleanupFunc := createAndWaitForPod(t, data, data.createNginxPodOnNode, "test-server-", "", data.testNamespace, false) diff --git a/test/e2e/clustergroup_test.go b/test/e2e/clustergroup_test.go index 17267ba788d..6576546b1ae 100644 --- a/test/e2e/clustergroup_test.go +++ b/test/e2e/clustergroup_test.go @@ -49,7 +49,7 @@ func testInvalidCGIPBlockWithPodSelector(t *testing.T) { func testInvalidCGIPBlockWithNSSelector(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with ipblock and namespaceSelector") cgName := "ipb-ns" - nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": namespaces["y"]}} + nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": getNS("y")}} cidr := "10.0.0.10/32" ipb := []crdv1beta1.IPBlock{{CIDR: cidr}} cg := &crdv1beta1.ClusterGroup{ @@ -72,7 +72,7 @@ func testInvalidCGServiceRefWithPodSelector(t *testing.T) { cgName := "svcref-pod-selector" pSel := &metav1.LabelSelector{MatchLabels: map[string]string{"pod": "x"}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } cg := &crdv1beta1.ClusterGroup{ @@ -93,9 +93,9 @@ func testInvalidCGServiceRefWithPodSelector(t *testing.T) { func testInvalidCGServiceRefWithNSSelector(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with serviceReference and namespaceSelector") cgName := "svcref-ns-selector" - nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": namespaces["y"]}} + nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": getNS("y")}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } cg := &crdv1beta1.ClusterGroup{ @@ -119,7 +119,7 @@ func testInvalidCGServiceRefWithIPBlock(t *testing.T) { cidr := "10.0.0.10/32" ipb := []crdv1beta1.IPBlock{{CIDR: cidr}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } cg := &crdv1beta1.ClusterGroup{ @@ -182,7 +182,7 @@ func testInvalidCGChildGroupWithServiceReference(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with childGroups and ServiceReference") cgName := "child-group-svcref" svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } cg := &crdv1beta1.ClusterGroup{ @@ -320,7 +320,7 @@ func TestClusterGroup(t *testing.T) { } defer teardownTest(t, data) - initialize(t, data) + initialize(t, data, nil) t.Run("TestGroupClusterGroupValidate", func(t *testing.T) { t.Run("Case=IPBlockWithPodSelectorDenied", func(t *testing.T) { testInvalidCGIPBlockWithPodSelector(t) }) diff --git a/test/e2e/group_test.go b/test/e2e/group_test.go index a35651c7b8f..121c1a46627 100644 --- a/test/e2e/group_test.go +++ b/test/e2e/group_test.go @@ -32,7 +32,7 @@ func testInvalidGroupIPBlockWithPodSelector(t *testing.T) { g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces["x"], + Namespace: getNS("x"), }, Spec: crdv1beta1.GroupSpec{ PodSelector: pSel, @@ -48,13 +48,13 @@ func testInvalidGroupIPBlockWithPodSelector(t *testing.T) { func testInvalidGroupIPBlockWithNSSelector(t *testing.T) { invalidErr := fmt.Errorf("group created with ipblock and namespaceSelector") gName := "ipb-ns" - nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": namespaces["y"]}} + nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": getNS("y")}} cidr := "10.0.0.10/32" ipb := []crdv1beta1.IPBlock{{CIDR: cidr}} g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces["x"], + Namespace: getNS("x"), }, Spec: crdv1beta1.GroupSpec{ NamespaceSelector: nSel, @@ -72,13 +72,13 @@ func testInvalidGroupServiceRefWithPodSelector(t *testing.T) { gName := "svcref-pod-selector" pSel := &metav1.LabelSelector{MatchLabels: map[string]string{"pod": "x"}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces["y"], + Namespace: getNS("y"), }, Spec: crdv1beta1.GroupSpec{ PodSelector: pSel, @@ -94,15 +94,15 @@ func testInvalidGroupServiceRefWithPodSelector(t *testing.T) { func testInvalidGroupServiceRefWithNSSelector(t *testing.T) { invalidErr := fmt.Errorf("group created with serviceReference and namespaceSelector") gName := "svcref-ns-selector" - nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": namespaces["y"]}} + nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": getNS("y")}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces["y"], + Namespace: getNS("y"), }, Spec: crdv1beta1.GroupSpec{ NamespaceSelector: nSel, @@ -121,13 +121,13 @@ func testInvalidGroupServiceRefWithIPBlock(t *testing.T) { cidr := "10.0.0.10/32" ipb := []crdv1beta1.IPBlock{{CIDR: cidr}} svcRef := &crdv1beta1.NamespacedName{ - Namespace: namespaces["y"], + Namespace: getNS("y"), Name: "test-svc", } g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces["y"], + Namespace: getNS("y"), }, Spec: crdv1beta1.GroupSpec{ ServiceReference: svcRef, @@ -149,7 +149,7 @@ func createChildGroupForTest(t *testing.T) { g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: testChildGroupName, - Namespace: namespaces[testChildGroupNamespace], + Namespace: getNS(testChildGroupNamespace), }, Spec: crdv1beta1.GroupSpec{ PodSelector: &metav1.LabelSelector{}, @@ -161,7 +161,7 @@ func createChildGroupForTest(t *testing.T) { } func cleanupChildGroupForTest(t *testing.T) { - if err := k8sUtils.DeleteGroup(namespaces[testChildGroupNamespace], testChildGroupName); err != nil { + if err := k8sUtils.DeleteGroup(getNS(testChildGroupNamespace), testChildGroupName); err != nil { failOnError(err, t) } } @@ -173,7 +173,7 @@ func testInvalidGroupChildGroupWithPodSelector(t *testing.T) { g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces[testChildGroupNamespace], + Namespace: getNS(testChildGroupNamespace), }, Spec: crdv1beta1.GroupSpec{ PodSelector: pSel, @@ -191,12 +191,12 @@ func testInvalidGroupChildGroupWithServiceReference(t *testing.T) { gName := "child-group-svcref" svcRef := &crdv1beta1.NamespacedName{ Name: "test-svc", - Namespace: namespaces[testChildGroupNamespace], + Namespace: getNS(testChildGroupNamespace), } g := &crdv1beta1.Group{ ObjectMeta: metav1.ObjectMeta{ Name: gName, - Namespace: namespaces[testChildGroupNamespace], + Namespace: getNS(testChildGroupNamespace), }, Spec: crdv1beta1.GroupSpec{ ServiceReference: svcRef, @@ -213,13 +213,13 @@ func testInvalidGroupMaxNestedLevel(t *testing.T) { invalidErr := fmt.Errorf("group created with childGroup which has childGroups itself") gName1, gName2 := "g-nested-1", "g-nested-2" g1 := &crdv1beta1.Group{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespaces[testChildGroupNamespace], Name: gName1}, + ObjectMeta: metav1.ObjectMeta{Namespace: getNS(testChildGroupNamespace), Name: gName1}, Spec: crdv1beta1.GroupSpec{ ChildGroups: []crdv1beta1.ClusterGroupReference{crdv1beta1.ClusterGroupReference(testChildGroupName)}, }, } g2 := &crdv1beta1.Group{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespaces[testChildGroupNamespace], Name: gName2}, + ObjectMeta: metav1.ObjectMeta{Namespace: getNS(testChildGroupNamespace), Name: gName2}, Spec: crdv1beta1.GroupSpec{ ChildGroups: []crdv1beta1.ClusterGroupReference{crdv1beta1.ClusterGroupReference(gName1)}, }, @@ -235,7 +235,7 @@ func testInvalidGroupMaxNestedLevel(t *testing.T) { failOnError(invalidErr, t) } // cleanup g-nested-1 - if err := k8sUtils.DeleteGroup(namespaces[testChildGroupNamespace], gName1); err != nil { + if err := k8sUtils.DeleteGroup(getNS(testChildGroupNamespace), gName1); err != nil { failOnError(err, t) } // Try to create g-nested-2 first and then g-nested-1. @@ -249,7 +249,7 @@ func testInvalidGroupMaxNestedLevel(t *testing.T) { failOnError(invalidErr, t) } // cleanup g-nested-2 - if err := k8sUtils.DeleteGroup(namespaces[testChildGroupNamespace], gName2); err != nil { + if err := k8sUtils.DeleteGroup(getNS(testChildGroupNamespace), gName2); err != nil { failOnError(err, t) } } @@ -263,7 +263,7 @@ func TestGroup(t *testing.T) { t.Fatalf("Error when setting up test: %v", err) } defer teardownTest(t, data) - initialize(t, data) + initialize(t, data, nil) t.Run("TestGroupNamespacedGroupValidate", func(t *testing.T) { t.Run("Case=IPBlockWithPodSelectorDenied", func(t *testing.T) { testInvalidGroupIPBlockWithPodSelector(t) }) diff --git a/test/e2e/k8s_util.go b/test/e2e/k8s_util.go index ef0720afc6d..7f1570822a6 100644 --- a/test/e2e/k8s_util.go +++ b/test/e2e/k8s_util.go @@ -38,6 +38,8 @@ import ( "antrea.io/antrea/test/e2e/utils" ) +var ErrPodNotFound = errors.New("pod not found") + type KubernetesUtils struct { *TestData podCache map[string][]v1.Pod @@ -60,13 +62,15 @@ type TestCase struct { // TestStep is a single unit of testing spec. It includes the policy specs that need to be // applied for this test, the port to test traffic on and the expected Reachability matrix. type TestStep struct { - Name string - Reachability *Reachability - TestResources []metav1.Object - Ports []int32 - Protocol utils.AntreaPolicyProtocol - Duration time.Duration - CustomProbes []*CustomProbe + Name string + Reachability *Reachability + TestResources []metav1.Object + Ports []int32 + Protocol utils.AntreaPolicyProtocol + Duration time.Duration + CustomProbes []*CustomProbe + CustomSetup func() + CustomTeardown func() } // CustomProbe will spin up (or update) SourcePod and DestPod such that Add event of Pods @@ -89,7 +93,11 @@ type probeResult struct { err error } -var ErrPodNotFound = errors.New("Pod not found") +// TestNamespaceMeta holds the relevant metadata of a test Namespace during initialization. +type TestNamespaceMeta struct { + Name string + Labels map[string]string +} // GetPodByLabel returns a Pod with the matching Namespace and "pod" label if it's found. // If the pod is not found, GetPodByLabel returns "ErrPodNotFound". @@ -736,9 +744,9 @@ func (data *TestData) DeleteNetworkPolicy(ns, name string) error { } // CleanNetworkPolicies is a convenience function for deleting NetworkPolicies in the provided namespaces. -func (data *TestData) CleanNetworkPolicies(namespaces map[string]string) error { +func (data *TestData) CleanNetworkPolicies(namespaces map[string]TestNamespaceMeta) error { for _, ns := range namespaces { - if err := data.clientset.NetworkingV1().NetworkPolicies(ns).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{}); err != nil { + if err := data.clientset.NetworkingV1().NetworkPolicies(ns.Name).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{}); err != nil { return fmt.Errorf("unable to delete NetworkPolicies in Namespace '%s': %w", ns, err) } } @@ -1101,11 +1109,15 @@ func (k *KubernetesUtils) ValidateRemoteCluster(remoteCluster *KubernetesUtils, } } -func (k *KubernetesUtils) Bootstrap(namespaces map[string]string, pods []string, createNamespaces bool, nodeNames map[string]string, hostNetworks map[string]bool) (map[string][]string, error) { +func (k *KubernetesUtils) Bootstrap(namespaces map[string]TestNamespaceMeta, podsPerNamespace []string, createNamespaces bool, nodeNames map[string]string, hostNetworks map[string]bool) (map[string][]string, error) { for key, ns := range namespaces { if createNamespaces { - _, err := k.CreateOrUpdateNamespace(ns, map[string]string{"ns": ns}) - if err != nil { + if ns.Labels == nil { + ns.Labels = make(map[string]string) + } + // convenience label for testing + ns.Labels["ns"] = ns.Name + if _, err := k.CreateOrUpdateNamespace(ns.Name, ns.Labels); err != nil { return nil, fmt.Errorf("unable to create/update ns %s: %w", ns, err) } } @@ -1117,20 +1129,20 @@ func (k *KubernetesUtils) Bootstrap(namespaces map[string]string, pods []string, if hostNetworks != nil { hostNetwork = hostNetworks[key] } - for _, pod := range pods { + for _, pod := range podsPerNamespace { log.Infof("Creating/updating Pod '%s/%s'", ns, pod) - deployment := ns + pod - _, err := k.CreateOrUpdateDeployment(ns, deployment, 1, map[string]string{"pod": pod, "app": pod}, nodeName, hostNetwork) + deployment := ns.Name + pod + _, err := k.CreateOrUpdateDeployment(ns.Name, deployment, 1, map[string]string{"pod": pod, "app": pod}, nodeName, hostNetwork) if err != nil { return nil, fmt.Errorf("unable to create/update Deployment '%s/%s': %w", ns, pod, err) } } } var allPods []Pod - podIPs := make(map[string][]string, len(pods)*len(namespaces)) - for _, podName := range pods { + podIPs := make(map[string][]string, len(podsPerNamespace)*len(namespaces)) + for _, podName := range podsPerNamespace { for _, ns := range namespaces { - allPods = append(allPods, NewPod(ns, podName)) + allPods = append(allPods, NewPod(ns.Name, podName)) } } for _, pod := range allPods { @@ -1150,7 +1162,7 @@ func (k *KubernetesUtils) Bootstrap(namespaces map[string]string, pods []string, return podIPs, nil } -func (k *KubernetesUtils) Cleanup(namespaces map[string]string) { +func (k *KubernetesUtils) Cleanup(namespaces map[string]TestNamespaceMeta) { // Cleanup any cluster-scoped resources. if err := k.CleanACNPs(); err != nil { log.Errorf("Error when cleaning up ACNPs: %v", err) @@ -1161,7 +1173,7 @@ func (k *KubernetesUtils) Cleanup(namespaces map[string]string) { for _, ns := range namespaces { log.Infof("Deleting test Namespace %s", ns) - if err := k.DeleteNamespace(ns, defaultTimeout); err != nil { + if err := k.DeleteNamespace(ns.Name, defaultTimeout); err != nil { log.Errorf("Error when deleting Namespace '%s': %v", ns, err) } } diff --git a/test/e2e/nodenetworkpolicy_test.go b/test/e2e/nodenetworkpolicy_test.go index be9cb945ecd..5564fd37329 100644 --- a/test/e2e/nodenetworkpolicy_test.go +++ b/test/e2e/nodenetworkpolicy_test.go @@ -36,11 +36,14 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo p8081 = 8081 p8082 = 8082 p8085 = 8085 - pods = []string{"a"} + podsPerNamespace = []string{"a"} suffix := randName("") - namespaces = make(map[string]string) - namespaces["x"] = "x-" + suffix - namespaces["y"] = "y-" + suffix + namespaces = make(map[string]TestNamespaceMeta) + for _, ns := range []string{"x", "y", "z"} { + namespaces[ns] = TestNamespaceMeta{ + Name: ns + "-" + suffix, + } + } nodes = make(map[string]string) nodes["x"] = controlPlaneNodeName() nodes["y"] = workerNodeName(1) @@ -50,15 +53,14 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo hostNetworks["y"] = true } else { hostNetworks["y"] = false - namespaces["z"] = "z-" + suffix nodes["z"] = workerNodeName(1) hostNetworks["z"] = false } allPods = []Pod{} - for _, podName := range pods { + for _, podName := range podsPerNamespace { for _, ns := range namespaces { - allPods = append(allPods, NewPod(ns, podName)) + allPods = append(allPods, NewPod(ns.Name, podName)) } } @@ -66,7 +68,7 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo // k8sUtils is a global var k8sUtils, err = NewKubernetesUtils(data) failOnError(err, t) - ips, err := k8sUtils.Bootstrap(namespaces, pods, true, nodes, hostNetworks) + ips, err := k8sUtils.Bootstrap(namespaces, podsPerNamespace, true, nodes, hostNetworks) failOnError(err, t) podIPs = ips } @@ -139,25 +141,23 @@ func testNodeACNPAllowNoDefaultIsolation(t *testing.T, protocol AntreaPolicyProt SetPriority(1.1). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder1.AddIngress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-allow-x-to-y-egress"). SetPriority(1.1). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder2.AddEgress(protocol, &p81, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachability := NewReachability(allPods, Connected) testStep := []*TestStep{ { - "Port 81", - reachability, - []metav1.Object{builder1.Get(), builder2.Get()}, - []int32{81}, - protocol, - 0, - nil, + Name: "Port 81", + Reachability: reachability, + TestResources: []metav1.Object{builder1.Get(), builder2.Get()}, + Ports: []int32{81}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -189,19 +189,17 @@ func testNodeACNPDropEgress(t *testing.T, protocol AntreaPolicyProtocol) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -225,19 +223,17 @@ func testNodeACNPDropIngress(t *testing.T, protocol AntreaPolicyProtocol) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -253,19 +249,17 @@ func testNodeACNPPortRange(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(ProtocolTCP, &p8080, nil, &p8082, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "acnp-port-range", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "acnp-port-range", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) testSteps := []*TestStep{ { - fmt.Sprintf("ACNP Drop Ports 8080:8082"), - reachability, - []metav1.Object{builder.Get()}, - []int32{8080, 8081, 8082}, - ProtocolTCP, - 0, - nil, + Name: fmt.Sprintf("ACNP Drop Ports 8080:8082"), + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{8080, 8081, 8082}, + Protocol: ProtocolTCP, }, } @@ -280,7 +274,7 @@ func testNodeACNPPortRange(t *testing.T) { // This test retrieves the port range from the client Pod and uses it in sourcePort and sourceEndPort of an ACNP rule to // verify that packets can be matched by source port. func testNodeACNPSourcePort(t *testing.T) { - portStart, portEnd, err := k8sUtils.getTCPv4SourcePortRangeFromPod(namespaces["x"], "a") + portStart, portEnd, err := k8sUtils.getTCPv4SourcePortRangeFromPod(getNS("x"), "a") failOnError(err, t) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-source-port"). @@ -304,37 +298,31 @@ func testNodeACNPSourcePort(t *testing.T) { nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachability.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) // After adding the dst port constraint of port 80, traffic on port 81 should not be affected. updatedReachability := NewReachability(allPods, Connected) testSteps := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 81", - updatedReachability, - []metav1.Object{builder2.Get()}, - []int32{81}, - ProtocolTCP, - 0, - nil, + Name: "Port 81", + Reachability: updatedReachability, + TestResources: []metav1.Object{builder2.Get()}, + Ports: []int32{81}, + Protocol: ProtocolTCP, }, { - "Port range 80-81", - reachability, - []metav1.Object{builder3.Get()}, - []int32{80, 81}, - ProtocolTCP, - 0, - nil, + Name: "Port range 80-81", + Reachability: reachability, + TestResources: []metav1.Object{builder3.Get()}, + Ports: []int32{80, 81}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -367,7 +355,7 @@ func testNodeACNPRejectEgress(t *testing.T, protocol AntreaPolicyProtocol) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) reachability := NewReachability(allPods, Connected) @@ -376,16 +364,14 @@ func testNodeACNPRejectEgress(t *testing.T, protocol AntreaPolicyProtocol) { if protocol == ProtocolSCTP { expectedResult = Dropped } - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), expectedResult) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), expectedResult) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -401,19 +387,17 @@ func testNodeACNPRejectIngress(t *testing.T, protocol AntreaPolicyProtocol) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionReject, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionReject, "", "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Rejected) + reachability.Expect(getPod("y", "a"), getPod("x", "a"), Rejected) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get()}, - []int32{80}, - protocol, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: protocol, }, } testCase := []*TestCase{ @@ -429,31 +413,27 @@ func testNodeACNPNoEffectOnOtherProtocols(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability1 := NewReachability(allPods, Connected) - reachability1.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachability1.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) reachability2 := NewReachability(allPods, Connected) testStep := []*TestStep{ { - "Port 80", - reachability1, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability1, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 80", - reachability2, - []metav1.Object{builder.Get()}, - []int32{80}, - ProtocolUDP, - 0, - nil, + Name: "Port 80", + Reachability: reachability2, + TestResources: []metav1.Object{builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolUDP, }, } testCase := []*TestCase{ @@ -471,7 +451,7 @@ func testNodeACNPPriorityOverride(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Highest priority. Drops traffic from y to x. builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-priority2"). @@ -479,7 +459,7 @@ func testNodeACNPPriorityOverride(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Medium priority. Allows traffic from y to x. builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder3 := &ClusterNetworkPolicySpecBuilder{} builder3 = builder3.SetName("acnp-priority3"). @@ -487,34 +467,30 @@ func testNodeACNPPriorityOverride(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Lowest priority. Drops traffic from y to x. builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityTwoACNPs := NewReachability(allPods, Connected) reachabilityAllACNPs := NewReachability(allPods, Connected) - reachabilityAllACNPs.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachabilityAllACNPs.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) testStepTwoACNP := []*TestStep{ { - "Two Policies with different priorities", - reachabilityTwoACNPs, - []metav1.Object{builder3.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies with different priorities", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder3.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } // Create the Policies in specific order to make sure that priority re-assignments work as expected. testStepAll := []*TestStep{ { - "All three Policies", - reachabilityAllACNPs, - []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "All three Policies", + Reachability: reachabilityAllACNPs, + TestResources: []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -534,51 +510,47 @@ func testNodeACNPTierOverride(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Highest priority tier. Drops traffic from y to x. builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-tier-securityops"). SetTier("securityops"). SetPriority(10). - SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "a"}, NSSelector: map[string]string{"ns": getNS("x")}}}) // Medium priority tier. Allows traffic from y to x. builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder3 := &ClusterNetworkPolicySpecBuilder{} builder3 = builder3.SetName("acnp-tier-application"). SetTier("application"). SetPriority(1). - SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": namespaces["x"]}}}) + SetAppliedToGroup([]ACNPAppliedToSpec{{NSSelector: map[string]string{"ns": getNS("x")}}}) // Lowest priority tier. Drops traffic from y to x. builder3.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityTwoACNPs := NewReachability(allPods, Connected) reachabilityAllACNPs := NewReachability(allPods, Connected) - reachabilityAllACNPs.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachabilityAllACNPs.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) testStepTwoACNP := []*TestStep{ { - "Two Policies in different tiers", - reachabilityTwoACNPs, - []metav1.Object{builder3.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies in different tiers", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder3.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testStepAll := []*TestStep{ { - "All three Policies in different tiers", - reachabilityAllACNPs, - []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "All three Policies in different tiers", + Reachability: reachabilityAllACNPs, + TestResources: []metav1.Object{builder3.Get(), builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -606,7 +578,7 @@ func testNodeACNPCustomTiers(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Medium priority tier. Allows traffic from y to x. builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-tier-low"). @@ -615,32 +587,28 @@ func testNodeACNPCustomTiers(t *testing.T) { SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) // Lowest priority tier. Drops traffic from y to x. builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachabilityOneACNP := NewReachability(allPods, Connected) - reachabilityOneACNP.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachabilityOneACNP.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) testStepOneACNP := []*TestStep{ { - "One Policy", - reachabilityOneACNP, - []metav1.Object{builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "One Policy", + Reachability: reachabilityOneACNP, + TestResources: []metav1.Object{builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } reachabilityTwoACNPs := NewReachability(allPods, Connected) testStepTwoACNP := []*TestStep{ { - "Two Policies in different tiers", - reachabilityTwoACNPs, - []metav1.Object{builder2.Get(), builder1.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Two Policies in different tiers", + Reachability: reachabilityTwoACNPs, + TestResources: []metav1.Object{builder2.Get(), builder1.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -663,7 +631,7 @@ func testNodeACNPPriorityConflictingRule(t *testing.T) { SetPriority(1). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder1.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) builder2 := &ClusterNetworkPolicySpecBuilder{} builder2 = builder2.SetName("acnp-allow"). @@ -672,19 +640,17 @@ func testNodeACNPPriorityConflictingRule(t *testing.T) { // The following ingress rule will take no effect as it is exactly the same as ingress rule of cnp-drop, // but cnp-allow has lower priority. builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{labelNodeHostname: nodes["y"]}, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionAllow, "", "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionAllow, "", "", nil) reachabilityBothACNP := NewReachability(allPods, Connected) - reachabilityBothACNP.Expect(Pod(namespaces["y"]+"/a"), Pod(namespaces["x"]+"/a"), Dropped) + reachabilityBothACNP.Expect(getPod("y", "a"), getPod("x", "a"), Dropped) testStep := []*TestStep{ { - "Both ACNP", - reachabilityBothACNP, - []metav1.Object{builder1.Get(), builder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Both ACNP", + Reachability: reachabilityBothACNP, + TestResources: []metav1.Object{builder1.Get(), builder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -699,19 +665,17 @@ func testNodeACNPNamespaceIsolation(t *testing.T) { SetTier("baseline"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) - builder1.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": namespaces["y"]}, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, "", "", nil) + builder1.AddEgress(ProtocolTCP, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, map[string]string{"ns": getNS("y")}, nil, nil, nil, + nil, nil, crdv1beta1.RuleActionDrop, "", "", nil) reachability1 := NewReachability(allPods, Connected) - reachability1.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["y"], Dropped) + reachability1.ExpectEgressToNamespace(getPod("x", "a"), getNS("y"), Dropped) testStep1 := &TestStep{ - "Port 80", - reachability1, - []metav1.Object{builder1.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability1, + TestResources: []metav1.Object{builder1.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testCase := []*TestCase{ @@ -723,40 +687,36 @@ func testNodeACNPNamespaceIsolation(t *testing.T) { func testNodeACNPClusterGroupUpdate(t *testing.T) { cgName := "cg-ns-z-then-y" cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil) + cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil) // Update CG NS selector to group Pods from Namespace Y updatedCgBuilder := &ClusterGroupSpecBuilder{} - updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil) + updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-a-to-cg-with-z-egress"). SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) updatedReachability := NewReachability(allPods, Connected) - updatedReachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["y"], Dropped) + updatedReachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("y"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{cgBuilder.Get(), builder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{cgBuilder.Get(), builder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, { - "Port 80 - update", - updatedReachability, - []metav1.Object{updatedCgBuilder.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 - update", + Reachability: updatedReachability, + TestResources: []metav1.Object{updatedCgBuilder.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -766,8 +726,8 @@ func testNodeACNPClusterGroupUpdate(t *testing.T) { } func testNodeACNPClusterGroupRefRuleIPBlocks(t *testing.T) { - podYAIP, _ := podIPs[namespaces["y"]+"/a"] - podZAIP, _ := podIPs[namespaces["z"]+"/a"] + podYAIP, _ := podIPs[getNS("y")+"/a"] + podZAIP, _ := podIPs[getNS("z")+"/a"] // There are three situations of a Pod's IP(s): // 1. Only one IPv4 address. // 2. Only one IPv6 address. @@ -799,22 +759,20 @@ func testNodeACNPClusterGroupRefRuleIPBlocks(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName, "", nil) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgName2, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgName2, "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["z"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("z", "a"), Dropped) testStep := []*TestStep{ { - "Port 80", - reachability, - []metav1.Object{builder.Get(), cgBuilder.Get(), cgBuilder2.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), cgBuilder.Get(), cgBuilder2.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, }, } testCase := []*TestCase{ @@ -826,7 +784,7 @@ func testNodeACNPClusterGroupRefRuleIPBlocks(t *testing.T) { func testNodeACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { cg1Name := "cg-1" cgBuilder1 := &ClusterGroupSpecBuilder{} - cgBuilder1 = cgBuilder1.SetName(cg1Name).SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil) + cgBuilder1 = cgBuilder1.SetName(cg1Name).SetNamespaceSelector(map[string]string{"ns": getNS("y")}, nil) cgNestedName := "cg-nested" cgBuilderNested := &ClusterGroupSpecBuilder{} cgBuilderNested = cgBuilderNested.SetName(cgNestedName).SetChildGroups([]string{cg1Name}) @@ -835,35 +793,31 @@ func testNodeACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) builder = builder.SetName("cnp-nested-cg").SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}). AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - false, nil, crdv1beta1.RuleActionDrop, cgNestedName, "", nil) + nil, nil, crdv1beta1.RuleActionDrop, cgNestedName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["y"], Dropped) + reachability.ExpectEgressToNamespace(getPod("x", "a"), getNS("y"), Dropped) testStep1 := &TestStep{ - "Port 80", - reachability, + Name: "Port 80", + Reachability: reachability, // Note in this testcase the ClusterGroup is created after the ACNP - []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + TestResources: []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } cg2Name := "cg-2" cgBuilder2 := &ClusterGroupSpecBuilder{} - cgBuilder2 = cgBuilder2.SetName(cg2Name).SetNamespaceSelector(map[string]string{"ns": namespaces["z"]}, nil) + cgBuilder2 = cgBuilder2.SetName(cg2Name).SetNamespaceSelector(map[string]string{"ns": getNS("z")}, nil) cgBuilderNested = cgBuilderNested.SetChildGroups([]string{cg2Name}) reachability2 := NewReachability(allPods, Connected) - reachability2.ExpectEgressToNamespace(Pod(namespaces["x"]+"/a"), namespaces["z"], Dropped) + reachability2.ExpectEgressToNamespace(getPod("x", "a"), getNS("z"), Dropped) testStep2 := &TestStep{ - "Port 80 updated", - reachability2, - []metav1.Object{cgBuilder2.Get(), cgBuilderNested.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80 updated", + Reachability: reachability2, + TestResources: []metav1.Object{cgBuilder2.Get(), cgBuilderNested.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testSteps := []*TestStep{testStep1, testStep2} @@ -874,8 +828,8 @@ func testNodeACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) } func testNodeACNPNestedIPBlockClusterGroupCreateAndUpdate(t *testing.T) { - podYAIP, _ := podIPs[namespaces["y"]+"/a"] - podZAIP, _ := podIPs[namespaces["z"]+"/a"] + podYAIP, _ := podIPs[getPodName("y", "a")] + podZAIP, _ := podIPs[getPodName("z", "a")] genCIDR := func(ip string) string { switch IPFamily(ip) { case "v4": @@ -905,33 +859,29 @@ func testNodeACNPNestedIPBlockClusterGroupCreateAndUpdate(t *testing.T) { SetPriority(1.0). SetAppliedToGroup([]ACNPAppliedToSpec{{NodeSelector: map[string]string{labelNodeHostname: nodes["x"]}}}) builder.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, - nil, nil, nil, false, nil, crdv1beta1.RuleActionDrop, cgParentName, "", nil) + nil, nil, nil, nil, nil, crdv1beta1.RuleActionDrop, cgParentName, "", nil) reachability := NewReachability(allPods, Connected) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) - reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["z"]+"/a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) + reachability.Expect(getPod("x", "a"), getPod("z", "a"), Dropped) testStep := &TestStep{ - "Port 80", - reachability, - []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilder2.Get(), cgParent.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80", + Reachability: reachability, + TestResources: []metav1.Object{builder.Get(), cgBuilder1.Get(), cgBuilder2.Get(), cgParent.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } cgParent = cgParent.SetChildGroups([]string{cg1Name}) reachability2 := NewReachability(allPods, Connected) - reachability2.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped) + reachability2.Expect(getPod("x", "a"), getPod("y", "a"), Dropped) testStep2 := &TestStep{ - "Port 80, updated", - reachability2, - []metav1.Object{cgParent.Get()}, - []int32{80}, - ProtocolTCP, - 0, - nil, + Name: "Port 80, updated", + Reachability: reachability2, + TestResources: []metav1.Object{cgParent.Get()}, + Ports: []int32{80}, + Protocol: ProtocolTCP, } testCase := []*TestCase{ diff --git a/test/e2e/reachability.go b/test/e2e/reachability.go index 0bf04418db5..48166588a4c 100644 --- a/test/e2e/reachability.go +++ b/test/e2e/reachability.go @@ -325,6 +325,26 @@ func (r *Reachability) ExpectEgressToNamespace(pod Pod, namespace string, connec } } +func (r *Reachability) ExpectNamespaceIngressFromNamespace(dstNamespace, srcNamespace string, connectivity PodConnectivityMark) { + dstPods, ok := r.PodsByNamespace[dstNamespace] + if !ok { + panic(fmt.Errorf("destination Namespace %s is not found", dstNamespace)) + } + for _, p := range dstPods { + r.ExpectIngressFromNamespace(p, srcNamespace, connectivity) + } +} + +func (r *Reachability) ExpectNamespaceEgressToNamespace(srcNamespace, dstNamespace string, connectivity PodConnectivityMark) { + srcPods, ok := r.PodsByNamespace[srcNamespace] + if !ok { + panic(fmt.Errorf("src Namespace %s is not found", srcNamespace)) + } + for _, p := range srcPods { + r.ExpectEgressToNamespace(p, dstNamespace, connectivity) + } +} + func (r *Reachability) Observe(pod1 Pod, pod2 Pod, connectivity PodConnectivityMark) { r.Observed.Set(string(pod1), string(pod2), connectivity) } diff --git a/test/e2e/utils/cnp_spec_builder.go b/test/e2e/utils/cnp_spec_builder.go index 0c6acdc7585..708826754aa 100644 --- a/test/e2e/utils/cnp_spec_builder.go +++ b/test/e2e/utils/cnp_spec_builder.go @@ -130,15 +130,13 @@ func (b *ClusterNetworkPolicySpecBuilder) GetAppliedToPeer(podSelector map[strin func (b *ClusterNetworkPolicySpecBuilder) AddIngress(protoc AntreaPolicyProtocol, port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32, groupAddress, cidr *string, podSelector map[string]string, nodeSelector map[string]string, nsSelector map[string]string, - podSelectorMatchExp []metav1.LabelSelectorRequirement, nodeSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, selfNS bool, + podSelectorMatchExp []metav1.LabelSelectorRequirement, nodeSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, namespaces *crdv1beta1.PeerNamespaces, ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1beta1.RuleAction, ruleClusterGroup, name string, serviceAccount *crdv1beta1.NamespacedName) *ClusterNetworkPolicySpecBuilder { var podSel *metav1.LabelSelector var nodeSel *metav1.LabelSelector var nsSel *metav1.LabelSelector - var ns *crdv1beta1.PeerNamespaces var appliedTos []crdv1beta1.AppliedTo - matchSelf := crdv1beta1.NamespaceMatchSelf if b.Spec.Ingress == nil { b.Spec.Ingress = []crdv1beta1.Rule{} @@ -162,11 +160,6 @@ func (b *ClusterNetworkPolicySpecBuilder) AddIngress(protoc AntreaPolicyProtocol MatchExpressions: nsSelectorMatchExp, } } - if selfNS == true { - ns = &crdv1beta1.PeerNamespaces{ - Match: matchSelf, - } - } var ipBlock *crdv1beta1.IPBlock if cidr != nil { ipBlock = &crdv1beta1.IPBlock{ @@ -185,12 +178,12 @@ func (b *ClusterNetworkPolicySpecBuilder) AddIngress(protoc AntreaPolicyProtocol } // An empty From/To in ACNP rules evaluates to match all addresses. policyPeer := make([]crdv1beta1.NetworkPolicyPeer, 0) - if podSel != nil || nodeSel != nil || nsSel != nil || ns != nil || ipBlock != nil || ruleClusterGroup != "" || serviceAccount != nil { + if podSel != nil || nodeSel != nil || nsSel != nil || namespaces != nil || ipBlock != nil || ruleClusterGroup != "" || serviceAccount != nil { policyPeer = []crdv1beta1.NetworkPolicyPeer{{ PodSelector: podSel, NodeSelector: nodeSel, NamespaceSelector: nsSel, - Namespaces: ns, + Namespaces: namespaces, IPBlock: ipBlock, Group: ruleClusterGroup, ServiceAccount: serviceAccount, @@ -297,14 +290,14 @@ func (b *ClusterNetworkPolicySpecBuilder) AddIngressForSrcPort(protoc AntreaPoli func (b *ClusterNetworkPolicySpecBuilder) AddEgress(protoc AntreaPolicyProtocol, port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32, groupAddress, cidr *string, podSelector map[string]string, nodeSelector map[string]string, nsSelector map[string]string, - podSelectorMatchExp []metav1.LabelSelectorRequirement, nodeSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, selfNS bool, + podSelectorMatchExp []metav1.LabelSelectorRequirement, nodeSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, namespaces *crdv1beta1.PeerNamespaces, ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1beta1.RuleAction, ruleClusterGroup, name string, serviceAccount *crdv1beta1.NamespacedName) *ClusterNetworkPolicySpecBuilder { // For simplicity, we just reuse the Ingress code here. The underlying data model for ingress/egress is identical // With the exception of calling the rule `To` vs. `From`. c := &ClusterNetworkPolicySpecBuilder{} c.AddIngress(protoc, port, portName, endPort, icmpType, icmpCode, igmpType, groupAddress, cidr, podSelector, nodeSelector, nsSelector, - podSelectorMatchExp, nodeSelectorMatchExp, nsSelectorMatchExp, selfNS, ruleAppliedToSpecs, action, ruleClusterGroup, name, serviceAccount) + podSelectorMatchExp, nodeSelectorMatchExp, nsSelectorMatchExp, namespaces, ruleAppliedToSpecs, action, ruleClusterGroup, name, serviceAccount) theRule := c.Get().Spec.Ingress[0] b.Spec.Egress = append(b.Spec.Egress, crdv1beta1.Rule{ From 01694eea53ffdb9fe7a2576ea6e4ca475ee11e9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 18:15:07 -0700 Subject: [PATCH 03/10] Bump github.com/onsi/ginkgo/v2 from 2.16.0 to 2.17.0 (#6118) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.16.0 to 2.17.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.16.0...v2.17.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7ffdb4059e7..7aa4a10ef55 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( github.com/mdlayher/packet v1.1.2 github.com/miekg/dns v1.1.58 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 - github.com/onsi/ginkgo/v2 v2.16.0 + github.com/onsi/ginkgo/v2 v2.17.0 github.com/onsi/gomega v1.31.1 github.com/pkg/sftp v1.13.6 github.com/prometheus/client_golang v1.18.0 diff --git a/go.sum b/go.sum index 9f226ee4710..75cb0266eb4 100644 --- a/go.sum +++ b/go.sum @@ -599,8 +599,8 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= -github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.0 h1:kdnunFXpBjbzN56hcJHrXZ8M+LOkenKA7NnBzTNigTI= +github.com/onsi/ginkgo/v2 v2.17.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= From bf06790d4e960d2c2e07c00a737e549ecdf872e9 Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Tue, 19 Mar 2024 18:15:37 -0700 Subject: [PATCH 04/10] Fix ci/test-e2e-kind.sh script on macOS (#6117) The script was failing with: ``` Deleting VLAN subnets Option "-br" is unknown, try "ip help". ``` when cleaning-up a test cluster. This is because the ip command on macOS only supports a subset of the command-line options supported on Linux. In any case, on macOS, the command needs be wrapped with docker_run_with_host_net, since we are looking for VLAN interfaces running in the Docker Linux VM. As a minor improvement, we also add the "antrea" prefix to the external server container we create, along with a short random suffix ($RANDOM is sufficient for this) to avoid possible conflicts. Fixes #6022 Signed-off-by: Antonin Bas --- ci/kind/kind-setup.sh | 11 ++++++----- ci/kind/test-e2e-kind.sh | 4 +++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ci/kind/kind-setup.sh b/ci/kind/kind-setup.sh index 27dd529f418..26a8fae1a1f 100755 --- a/ci/kind/kind-setup.sh +++ b/ci/kind/kind-setup.sh @@ -270,7 +270,7 @@ function delete_vlan_subnets { bridge_interface="br-${bridge_id:0:12}" vlan_interface_prefix="br-${bridge_id:0:7}." - found_vlan_interfaces=$(ip -br link show type vlan | cut -d " " -f 1) + found_vlan_interfaces=$(docker_run_with_host_net ip -br link show type vlan | cut -d " " -f 1) for interface in $found_vlan_interfaces ; do if [[ $interface =~ ${vlan_interface_prefix}[0-9]+@${bridge_interface} ]]; then interface_name=${interface%@*} @@ -441,9 +441,9 @@ function destroy { else kind delete cluster --name $CLUSTER_NAME fi + destroy_external_server delete_networks delete_vlan_subnets - destroy_external_server } function printUnixTimestamp { @@ -457,13 +457,14 @@ function printUnixTimestamp { function setup_external_server { if [[ $DEPLOY_EXTERNAL_SERVER == true ]]; then - docker run -d --name external-server --network kind -it --rm registry.k8s.io/e2e-test-images/agnhost:2.29 netexec &> /dev/null + docker run -d --name antrea-external-server-$RANDOM --network kind -it --rm registry.k8s.io/e2e-test-images/agnhost:2.29 netexec &> /dev/null fi } function destroy_external_server { echo "Deleting external server" - docker rm -f external-server &> /dev/null || true + cid=$(docker ps -f name="^antrea-external-server" --format '{{.ID}}') + docker rm -f $cid &> /dev/null || true } function clean_kind { @@ -643,7 +644,7 @@ fi if [[ $ACTION == "destroy" ]]; then destroy - exit 0 + exit fi if [[ -n "$VLAN_SUBNETS" || -n "$VLAN_ID" ]]; then diff --git a/ci/kind/test-e2e-kind.sh b/ci/kind/test-e2e-kind.sh index 0376449d664..417e29e2776 100755 --- a/ci/kind/test-e2e-kind.sh +++ b/ci/kind/test-e2e-kind.sh @@ -364,7 +364,9 @@ function run_test { RUN_OPT="-run $run" fi - EXTRA_ARGS="$vlan_args --external-server-ips $(docker inspect external-server -f '{{.NetworkSettings.Networks.kind.IPAddress}},{{.NetworkSettings.Networks.kind.GlobalIPv6Address}}')" + external_server_cid=$(docker ps -f name="^antrea-external-server" --format '{{.ID}}') + external_server_ips=$(docker inspect $external_server_cid -f '{{.NetworkSettings.Networks.kind.IPAddress}},{{.NetworkSettings.Networks.kind.GlobalIPv6Address}}') + EXTRA_ARGS="$vlan_args --external-server-ips $external_server_ips" go test -v -timeout=$timeout $RUN_OPT antrea.io/antrea/test/e2e $flow_visibility_args -provider=kind --logs-export-dir=$ANTREA_LOG_DIR --skip-cases=$skiplist $coverage_args $EXTRA_ARGS } From ae8fdcf9ff1906d35d4819493050cbe77f466664 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 19:41:55 -0700 Subject: [PATCH 05/10] Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 (#6119) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.32.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.31.1...v1.32.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7aa4a10ef55..949fe82da12 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/miekg/dns v1.1.58 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/onsi/ginkgo/v2 v2.17.0 - github.com/onsi/gomega v1.31.1 + github.com/onsi/gomega v1.32.0 github.com/pkg/sftp v1.13.6 github.com/prometheus/client_golang v1.18.0 github.com/prometheus/common v0.47.0 diff --git a/go.sum b/go.sum index 75cb0266eb4..dbce8099c9a 100644 --- a/go.sum +++ b/go.sum @@ -607,8 +607,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c= github.com/orcaman/concurrent-map/v2 v2.0.1/go.mod h1:9Eq3TG2oBe5FirmYWQfYO5iH1q0Jv47PLaNK++uCdOM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5QCWA8o6BtfL6mDH5rQgM4/fX3avOs= From 2aafb2e6c0b8765fedf463e3b7d3a3a5294e4cd6 Mon Sep 17 00:00:00 2001 From: Jiajing Hu Date: Thu, 21 Mar 2024 01:40:20 +0800 Subject: [PATCH 06/10] Upgrade k8s libraries to v0.29.2 (#5843) 1. Upgrade k8s libraries to v0.29.2 2. Upgrade controller-runtime to v0.16.3 Signed-off-by: hjiajing --- build/images/codegen/Dockerfile | 4 +- build/images/codegen/README.md | 1 + cmd/antrea-agent-simulator/simulator.go | 4 +- cmd/antrea-agent/agent.go | 4 +- cmd/antrea-agent/options.go | 8 +- cmd/antrea-agent/options_test.go | 12 +- cmd/antrea-controller/controller.go | 3 + docs/prometheus-integration.md | 36 +- go.mod | 101 +- go.sum | 321 +++---- hack/update-codegen.sh | 2 +- .../v1alpha1/multiclusterconfig_types.go | 37 +- .../v1alpha1/zz_generated.deepcopy.go | 56 +- .../antrea-multicluster-leader-global.yml | 113 ++- .../antrea-multicluster-leader-namespaced.yml | 4 +- .../yamls/antrea-multicluster-leader.yml | 117 +-- .../yamls/antrea-multicluster-member.yml | 4 +- .../clusterset_webhook_test.go | 6 +- .../cmd/multicluster-controller/controller.go | 46 +- .../gateway_webhook_test.go | 6 +- .../cmd/multicluster-controller/leader.go | 2 +- .../multicluster-controller/leader_test.go | 10 +- .../memberclusterannounce_webhook_test.go | 6 +- .../cmd/multicluster-controller/options.go | 46 +- .../antrea-mc-config-with-empty-podcidrs.yml | 2 - ...-mc-config-with-invalid-endpointiptype.yml | 2 - ...antrea-mc-config-with-invalid-podcidrs.yml | 2 - .../antrea-mc-config-with-valid-podcidrs.yml | 2 - ...cluster.crd.antrea.io_resourceexports.yaml | 71 +- ...cluster.crd.antrea.io_resourceimports.yaml | 42 +- .../configmap/controller_manager_config.yaml | 2 - .../commonarea/remote_common_area.go | 14 +- .../leader/clusterset_controller_test.go | 2 +- .../leader/resourceexport_controller_test.go | 7 +- .../multicluster/leader/stale_controller.go | 2 +- .../leader/stale_controller_test.go | 4 +- .../member/clusterset_controller_test.go | 4 +- .../multicluster/member/gateway_controller.go | 6 +- .../member/gateway_controller_test.go | 16 +- .../member/labelidentity_controller.go | 10 +- .../member/labelidentity_controller_test.go | 9 +- .../multicluster/member/node_controller.go | 6 +- .../member/node_controller_test.go | 9 +- .../member/serviceexport_controller.go | 20 +- .../member/serviceexport_controller_test.go | 28 +- .../multicluster/member/stale_controller.go | 2 +- multicluster/hack/update-codegen.sh | 2 +- .../v1alpha1/fake/fake_clusterinfoimport.go | 7 +- .../v1alpha1/fake/fake_clusterset.go | 7 +- .../v1alpha1/fake/fake_gateway.go | 7 +- .../v1alpha1/fake/fake_labelidentity.go | 7 +- .../fake/fake_memberclusterannounce.go | 7 +- .../v1alpha1/fake/fake_resourceexport.go | 7 +- .../v1alpha1/fake/fake_resourceimport.go | 7 +- .../v1alpha2/fake/fake_clusterclaim.go | 7 +- .../v1alpha2/fake/fake_clusterset.go | 7 +- .../informers/externalversions/factory.go | 16 +- multicluster/test/integration/suite_test.go | 2 +- .../mocks/mock_controller_runtime_manager.go | 142 ++- pkg/agent/agent.go | 79 +- pkg/agent/agent_linux.go | 24 +- pkg/agent/agent_test.go | 2 +- pkg/agent/apiserver/apiserver.go | 6 + .../interface_configuration_windows.go | 42 +- pkg/agent/cniserver/ipam/antrea_ipam.go | 3 +- pkg/agent/cniserver/ipam/antrea_ipam_test.go | 24 +- pkg/agent/cniserver/server_windows_test.go | 15 +- .../egress/egress_controller_test.go | 40 +- .../l7_flow_export_controller_test.go | 7 +- .../networkpolicy/allocator_test.go | 10 +- .../networkpolicy/l7engine/reconciler.go | 3 +- .../networkpolicy/networkpolicy_controller.go | 4 +- .../networkpolicy/status_controller_test.go | 16 +- pkg/agent/controller/traceflow/packetin.go | 4 +- .../controller/traceflow/packetin_test.go | 4 +- .../traceflow/traceflow_controller_test.go | 4 +- .../controller/trafficcontrol/controller.go | 22 +- .../trafficcontrol/controller_test.go | 7 +- .../externalnode/external_node_controller.go | 7 +- pkg/agent/multicast/mcast_controller_test.go | 2 +- .../multicluster/pod_route_controller_test.go | 4 +- .../stretched_networkpolicy_controller.go | 2 +- ...stretched_networkpolicy_controller_test.go | 8 +- pkg/agent/nodeportlocal/npl_agent_test.go | 4 +- pkg/agent/proxy/proxier_test.go | 14 +- pkg/agent/proxy/topology.go | 2 +- .../podwatch/controller_test.go | 37 +- pkg/agent/util/iptables/lock.go | 14 +- pkg/agent/util/net_linux.go | 18 +- pkg/agent/util/net_windows.go | 9 +- pkg/antctl/raw/multicluster/common/common.go | 5 +- pkg/antctl/raw/multicluster/join.go | 5 +- pkg/antctl/raw/traceflow/command.go | 4 +- .../transform/networkpolicy/response_test.go | 14 +- pkg/apiserver/certificate/certificate.go | 22 +- pkg/apiserver/certificate/certificate_test.go | 2 +- pkg/apiserver/openapi/zz_generated.openapi.go | 862 ++++++++++++++---- .../registry/controlplane/egressgroup/rest.go | 15 +- .../controlplane/nodestatssummary/rest.go | 9 +- .../supportbundlecollection/rest.go | 15 +- .../networkpolicy/addressgroup/rest.go | 15 +- .../networkpolicy/appliedtogroup/rest.go | 15 +- .../networkpolicy/clustergroupmember/rest.go | 11 +- .../networkpolicy/groupassociation/rest.go | 11 +- .../networkpolicy/groupmember/rest.go | 11 +- .../networkpolicy/ipgroupassociation/rest.go | 11 +- .../networkpolicy/networkpolicy/rest.go | 15 +- .../networkpolicyevaluation/rest.go | 11 +- .../antreaclusternetworkpolicystats/rest.go | 13 +- .../stats/antreanetworkpolicystats/rest.go | 13 +- .../registry/stats/multicastgroup/rest.go | 13 +- .../registry/stats/networkpolicystats/rest.go | 13 +- .../registry/system/controllerinfo/rest.go | 11 +- .../registry/system/supportbundle/rest.go | 13 +- pkg/client/clientset/versioned/doc.go | 18 - .../v1beta2/fake/fake_addressgroup.go | 7 +- .../v1beta2/fake/fake_appliedtogroup.go | 7 +- .../v1beta2/fake/fake_clustergroupmembers.go | 7 +- .../v1beta2/fake/fake_egressgroup.go | 7 +- .../v1beta2/fake/fake_groupassociation.go | 7 +- .../v1beta2/fake/fake_groupmembers.go | 7 +- .../v1beta2/fake/fake_ipgroupassociation.go | 7 +- .../v1beta2/fake/fake_networkpolicy.go | 7 +- .../fake/fake_networkpolicyevaluation.go | 5 +- .../v1beta2/fake/fake_nodestatssummary.go | 7 +- .../fake/fake_supportbundlecollection.go | 7 +- .../fake/fake_clusternetworkpolicy.go | 7 +- .../crd/v1alpha1/fake/fake_externalnode.go | 7 +- .../crd/v1alpha1/fake/fake_networkpolicy.go | 7 +- .../fake/fake_supportbundlecollection.go | 7 +- .../typed/crd/v1alpha1/fake/fake_tier.go | 7 +- .../typed/crd/v1alpha1/fake/fake_traceflow.go | 7 +- .../typed/crd/v1alpha2/fake/fake_egress.go | 7 +- .../crd/v1alpha2/fake/fake_externalentity.go | 7 +- .../crd/v1alpha2/fake/fake_externalippool.go | 7 +- .../typed/crd/v1alpha2/fake/fake_ippool.go | 7 +- .../crd/v1alpha2/fake/fake_trafficcontrol.go | 7 +- .../crd/v1alpha3/fake/fake_clustergroup.go | 7 +- .../typed/crd/v1alpha3/fake/fake_group.go | 7 +- .../crd/v1beta1/fake/fake_antreaagentinfo.go | 7 +- .../v1beta1/fake/fake_antreacontrollerinfo.go | 7 +- .../crd/v1beta1/fake/fake_clustergroup.go | 7 +- .../v1beta1/fake/fake_clusternetworkpolicy.go | 7 +- .../typed/crd/v1beta1/fake/fake_egress.go | 7 +- .../crd/v1beta1/fake/fake_externalippool.go | 7 +- .../typed/crd/v1beta1/fake/fake_group.go | 7 +- .../crd/v1beta1/fake/fake_networkpolicy.go | 7 +- .../typed/crd/v1beta1/fake/fake_tier.go | 7 +- .../typed/crd/v1beta1/fake/fake_traceflow.go | 7 +- .../fake_antreaclusternetworkpolicystats.go | 7 +- .../fake/fake_antreanetworkpolicystats.go | 7 +- .../v1alpha1/fake/fake_multicastgroup.go | 7 +- .../v1alpha1/fake/fake_networkpolicystats.go | 7 +- .../system/v1beta1/fake/fake_supportbundle.go | 7 +- .../informers/externalversions/factory.go | 16 +- .../ipsec_csr_signing_controller_test.go | 23 +- pkg/controller/egress/controller_test.go | 15 +- .../externalippool/controller_test.go | 2 +- .../externalnode/controller_test.go | 8 +- pkg/controller/grouping/controller.go | 5 +- pkg/controller/grouping/controller_test.go | 7 +- .../ipam/antrea_ipam_controller_test.go | 38 +- pkg/controller/labelidentity/controller.go | 5 +- .../labelidentity/controller_test.go | 7 +- .../networkpolicy_controller_test.go | 16 +- pkg/controller/stats/aggregator_test.go | 6 +- .../controller_test.go | 4 +- pkg/controller/traceflow/controller_test.go | 4 +- .../clickhouseclient/clickhouseclient.go | 2 +- .../clickhouseclient/clickhouseclient_test.go | 13 +- pkg/flowaggregator/exporter/clickhouse.go | 3 +- pkg/flowaggregator/exporter/utils.go | 3 +- pkg/ipam/poolallocator/allocator_test.go | 10 +- pkg/monitor/controller.go | 4 +- pkg/ovs/ovsctl/ovsctl_others.go | 2 +- pkg/util/channel/channel_test.go | 9 +- test/e2e/antreaipam_test.go | 4 +- test/e2e/antreapolicy_test.go | 18 +- test/e2e/basic_test.go | 17 +- test/e2e/batch_test.go | 9 +- test/e2e/connectivity_test.go | 2 +- test/e2e/egress_test.go | 120 +-- test/e2e/flowaggregator_test.go | 8 +- test/e2e/framework.go | 52 +- test/e2e/ipsec_test.go | 9 +- test/e2e/k8s_util.go | 4 +- test/e2e/l7networkpolicy_test.go | 39 +- test/e2e/multicast_test.go | 6 +- test/e2e/networkpolicy_test.go | 4 +- test/e2e/nodeportlocal_test.go | 7 +- test/e2e/performance_test.go | 2 +- test/e2e/prometheus_test.go | 4 +- test/e2e/security_test.go | 6 +- test/e2e/service_externalip_test.go | 35 +- test/e2e/supportbundle_test.go | 4 +- test/e2e/traceflow_test.go | 6 +- test/e2e/vmagent_test.go | 18 +- test/integration/agent/route_test.go | 5 +- test/integration/ovs/ofctrl_test.go | 107 +-- test/integration/ovs/openflow_test_utils.go | 40 +- .../ipam/nodeipam/ipam/cidr_allocator.go | 27 +- third_party/proxy/service.go | 7 +- third_party/proxy/types.go | 2 +- 203 files changed, 2401 insertions(+), 1654 deletions(-) delete mode 100644 pkg/client/clientset/versioned/doc.go diff --git a/build/images/codegen/Dockerfile b/build/images/codegen/Dockerfile index a195c6b5306..4455efe4b3c 100644 --- a/build/images/codegen/Dockerfile +++ b/build/images/codegen/Dockerfile @@ -32,11 +32,11 @@ LABEL description="A Docker image based on the golang image, which includes code ENV GO111MODULE=on -ARG K8S_VERSION=1.26.4 +ARG K8S_VERSION=1.29.2 # The k8s.io/kube-openapi repo does not have tag, using a workable commit hash. # We use the version that is referenced in the Kubernetes go.mod (for the # correct K8s version). -ARG KUBEOPENAPI_VERSION=v0.0.0-20221012153701-172d655c2280 +ARG KUBEOPENAPI_VERSION=v0.0.0-20231010175941-2dd684a91f00 RUN go install k8s.io/code-generator/cmd/client-gen@kubernetes-$K8S_VERSION && \ go install k8s.io/code-generator/cmd/deepcopy-gen@kubernetes-$K8S_VERSION && \ diff --git a/build/images/codegen/README.md b/build/images/codegen/README.md index cfd31cefcd9..738873cfeeb 100644 --- a/build/images/codegen/README.md +++ b/build/images/codegen/README.md @@ -20,6 +20,7 @@ Here is the table of codegen images that have been uploaded: | Tag | Change | | :----------------------------- | ---------------------------------------------------- | +| kubernetes-1.29.2 | Upgraded K8s libraries to v1.29.2 | | kubernetes-1.26.4-build.1 | Replace github.com/golang/mock with go.uber.org/mock | | kubernetes-1.26.4-build.0 | Upgraded Go to v1.21 | | kubernetes-1.26.4 | Upgraded K8s libraries to v1.26.4 | diff --git a/cmd/antrea-agent-simulator/simulator.go b/cmd/antrea-agent-simulator/simulator.go index ec9ce22edf1..755642e6ac3 100644 --- a/cmd/antrea-agent-simulator/simulator.go +++ b/cmd/antrea-agent-simulator/simulator.go @@ -67,7 +67,7 @@ func run() error { // Add loop to check whether client is ready attempts := 0 - if err := wait.PollImmediateUntil(200*time.Millisecond, func() (bool, error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), 200*time.Millisecond, true, func(ctx context.Context) (bool, error) { if attempts%10 == 0 { klog.Info("Waiting for Antrea client to be ready") } @@ -76,7 +76,7 @@ func run() error { return false, nil } return true, nil - }, stopCh); err != nil { + }); err != nil { klog.Info("Stopped waiting for Antrea client") return err } diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go index dbefa8530ba..7c663f57e89 100644 --- a/cmd/antrea-agent/agent.go +++ b/cmd/antrea-agent/agent.go @@ -778,10 +778,10 @@ func run(o *Options) error { // Service would fail. if o.config.AntreaProxy.ProxyAll { klog.InfoS("Waiting for AntreaProxy to be ready") - if err := wait.PollUntil(time.Second, func() (bool, error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), time.Second, false, func(ctx context.Context) (bool, error) { klog.V(2).InfoS("Checking if AntreaProxy is ready") return proxier.GetProxyProvider().SyncedOnce(), nil - }, stopCh); err != nil { + }); err != nil { return fmt.Errorf("error when waiting for AntreaProxy to be ready: %v", err) } klog.InfoS("AntreaProxy is ready") diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go index faaa1934428..ec5dfaed79c 100644 --- a/cmd/antrea-agent/options.go +++ b/cmd/antrea-agent/options.go @@ -27,7 +27,7 @@ import ( cliflag "k8s.io/component-base/cli/flag" "k8s.io/component-base/featuregate" "k8s.io/klog/v2" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/config" "antrea.io/antrea/pkg/apis" @@ -411,10 +411,10 @@ func (o *Options) setK8sNodeDefaultOptions() { o.config.HostProcPathPrefix = defaultHostProcPathPrefix } if o.config.AntreaProxy.Enable == nil { - o.config.AntreaProxy.Enable = pointer.Bool(true) + o.config.AntreaProxy.Enable = ptr.To(true) } if o.config.AntreaProxy.ProxyLoadBalancerIPs == nil { - o.config.AntreaProxy.ProxyLoadBalancerIPs = pointer.Bool(true) + o.config.AntreaProxy.ProxyLoadBalancerIPs = ptr.To(true) } if o.config.ServiceCIDR == "" { //It's okay to set the default value of this field even when AntreaProxy is enabled and the field is not used. @@ -427,7 +427,7 @@ func (o *Options) setK8sNodeDefaultOptions() { o.config.ClusterMembershipPort = apis.AntreaAgentClusterMembershipPort } if o.config.EnablePrometheusMetrics == nil { - o.config.EnablePrometheusMetrics = pointer.Bool(true) + o.config.EnablePrometheusMetrics = ptr.To(true) } if o.config.WireGuard.Port == 0 { o.config.WireGuard.Port = apis.WireGuardListenPort diff --git a/cmd/antrea-agent/options_test.go b/cmd/antrea-agent/options_test.go index 4b62f775800..919d1af8a7f 100644 --- a/cmd/antrea-agent/options_test.go +++ b/cmd/antrea-agent/options_test.go @@ -21,7 +21,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" featuregatetesting "k8s.io/component-base/featuregate/testing" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/config" agentconfig "antrea.io/antrea/pkg/config/agent" @@ -93,7 +93,7 @@ func TestOptionsValidateAntreaProxyConfig(t *testing.T) { name: "default", trafficEncapMode: config.TrafficEncapModeEncap, antreaProxyConfig: agentconfig.AntreaProxyConfig{ - Enable: pointer.Bool(true), + Enable: ptr.To(true), DefaultLoadBalancerMode: config.LoadBalancerModeNAT.String(), }, expectedDefaultLoadBalancerMode: config.LoadBalancerModeNAT, @@ -103,7 +103,7 @@ func TestOptionsValidateAntreaProxyConfig(t *testing.T) { enabledDSR: true, trafficEncapMode: config.TrafficEncapModeEncap, antreaProxyConfig: agentconfig.AntreaProxyConfig{ - Enable: pointer.Bool(true), + Enable: ptr.To(true), DefaultLoadBalancerMode: config.LoadBalancerModeDSR.String(), }, expectedDefaultLoadBalancerMode: config.LoadBalancerModeDSR, @@ -111,7 +111,7 @@ func TestOptionsValidateAntreaProxyConfig(t *testing.T) { { name: "LoadBalancerModeDSR disabled", antreaProxyConfig: agentconfig.AntreaProxyConfig{ - Enable: pointer.Bool(true), + Enable: ptr.To(true), DefaultLoadBalancerMode: config.LoadBalancerModeDSR.String(), }, trafficEncapMode: config.TrafficEncapModeEncap, @@ -121,7 +121,7 @@ func TestOptionsValidateAntreaProxyConfig(t *testing.T) { name: "unsupported encap mode", enabledDSR: true, antreaProxyConfig: agentconfig.AntreaProxyConfig{ - Enable: pointer.Bool(true), + Enable: ptr.To(true), DefaultLoadBalancerMode: config.LoadBalancerModeDSR.String(), }, trafficEncapMode: config.TrafficEncapModeNoEncap, @@ -131,7 +131,7 @@ func TestOptionsValidateAntreaProxyConfig(t *testing.T) { name: "invalid LoadBalancerMode", trafficEncapMode: config.TrafficEncapModeEncap, antreaProxyConfig: agentconfig.AntreaProxyConfig{ - Enable: pointer.Bool(true), + Enable: ptr.To(true), DefaultLoadBalancerMode: "drs", }, expectedErr: "LoadBalancerMode drs is unknown", diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go index 36390568d09..5e3f041f50e 100644 --- a/cmd/antrea-controller/controller.go +++ b/cmd/antrea-controller/controller.go @@ -542,6 +542,9 @@ func createAPIServerConfig(kubeconfig string, serverConfig.OpenAPIConfig = genericapiserver.DefaultOpenAPIConfig( openapi.GetOpenAPIDefinitions, genericopenapi.NewDefinitionNamer(apiserver.Scheme)) + serverConfig.OpenAPIV3Config = genericapiserver.DefaultOpenAPIV3Config( + openapi.GetOpenAPIDefinitions, + genericopenapi.NewDefinitionNamer(apiserver.Scheme)) serverConfig.OpenAPIConfig.Info.Title = "Antrea" serverConfig.EnableMetrics = enableMetrics serverConfig.MinRequestTimeout = int(serverMinWatchTimeout.Seconds()) diff --git a/docs/prometheus-integration.md b/docs/prometheus-integration.md index 53a7480b304..dc9ab9345fa 100644 --- a/docs/prometheus-integration.md +++ b/docs/prometheus-integration.md @@ -219,6 +219,11 @@ updates received by AntreaProxy ### Common Metrics Provided by Infrastructure +#### Aggregator Metrics + +- **aggregator_discovery_aggregation_count_total:** Counter of number of +times discovery was aggregated + #### Apiserver Metrics - **apiserver_audit_event_total:** Counter of audit events generated and @@ -253,11 +258,13 @@ scope and component. - **apiserver_request_filter_duration_seconds:** Request filter latency distribution in seconds, for each filter type - **apiserver_request_sli_duration_seconds:** Response latency distribution -(not counting webhook duration) in seconds for each verb, group, version, -resource, subresource, scope and component. +(not counting webhook duration and priority & fairness queue wait times) +in seconds for each verb, group, version, resource, subresource, scope +and component. - **apiserver_request_slo_duration_seconds:** Response latency distribution -(not counting webhook duration) in seconds for each verb, group, version, -resource, subresource, scope and component. +(not counting webhook duration and priority & fairness queue wait times) +in seconds for each verb, group, version, resource, subresource, scope +and component. - **apiserver_request_total:** Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response code. @@ -297,15 +304,26 @@ broken out by result. - **authentication_token_cache_request_duration_seconds:** - **authentication_token_cache_request_total:** +#### Authorization Metrics + +- **authorization_attempts_total:** Counter of authorization attempts broken +down by result. It can be either 'allowed', 'denied', 'no-opinion' or 'error'. +- **authorization_duration_seconds:** Authorization duration in seconds +broken out by result. + +#### Cardinality Metrics + +- **cardinality_enforcement_unexpected_categorizations_total:** The count +of unexpected categorizations during cardinality enforcement. + #### Disabled Metrics -- **disabled_metric_total:** The count of disabled metrics. +- **disabled_metrics_total:** The count of disabled metrics. #### Field Metrics - **field_validation_request_duration_seconds:** Response latency distribution -in seconds for each field validation value and whether field validation is -enabled or not +in seconds for each field validation value #### Go Metrics @@ -576,7 +594,7 @@ contention data. #### Hidden Metrics -- **hidden_metric_total:** The count of hidden metrics. +- **hidden_metrics_total:** The count of hidden metrics. #### Process Metrics @@ -593,7 +611,7 @@ available in bytes. #### Registered Metrics -- **registered_metric_total:** The count of registered metrics broken by +- **registered_metrics_total:** The count of registered metrics broken by stability level and deprecation version. #### Workqueue Metrics diff --git a/go.mod b/go.mod index 949fe82da12..eba99c21361 100644 --- a/go.mod +++ b/go.mod @@ -67,19 +67,19 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.26.4 - k8s.io/apiextensions-apiserver v0.26.4 - k8s.io/apimachinery v0.26.4 - k8s.io/apiserver v0.26.4 - k8s.io/client-go v0.26.4 - k8s.io/component-base v0.26.4 - k8s.io/klog/v2 v2.100.1 - k8s.io/kube-aggregator v0.26.4 - k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 - k8s.io/kubectl v0.26.4 - k8s.io/kubelet v0.26.4 - k8s.io/utils v0.0.0-20230209194617-a36077c30491 - sigs.k8s.io/controller-runtime v0.14.6 + k8s.io/api v0.29.2 + k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/apiserver v0.29.2 + k8s.io/client-go v0.29.2 + k8s.io/component-base v0.29.2 + k8s.io/klog/v2 v2.110.1 + k8s.io/kube-aggregator v0.29.2 + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 + k8s.io/kubectl v0.29.2 + k8s.io/kubelet v0.29.2 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b + sigs.k8s.io/controller-runtime v0.16.3 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/network-policy-api v0.1.1 sigs.k8s.io/yaml v1.3.0 @@ -93,8 +93,9 @@ require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/alexflint/go-filemutex v1.2.0 // indirect github.com/andybalholm/brotli v1.0.4 // indirect - github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect + github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect + github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.12.12 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.11 // indirect @@ -120,31 +121,31 @@ require ( github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/containerd v1.6.26 // indirect github.com/contiv/libovsdb v0.0.0-20170227191248-d0061a53e358 // indirect - github.com/coreos/go-semver v0.3.0 // indirect - github.com/coreos/go-systemd/v22 v22.3.2 // indirect - github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 // indirect - github.com/emicklei/go-restful/v3 v3.10.1 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/coreos/go-semver v0.3.1 // indirect + github.com/coreos/go-systemd/v22 v22.5.0 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.15.0 // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fvbommel/sortorder v1.0.1 // indirect - github.com/go-errors/errors v1.0.1 // indirect + github.com/felixge/httpsnoop v1.0.3 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-faster/city v1.0.1 // indirect github.com/go-faster/errors v0.6.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/cel-go v0.12.6 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/cel-go v0.17.7 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect + github.com/gorilla/websocket v1.5.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect @@ -170,9 +171,9 @@ require ( github.com/mdlayher/genetlink v1.0.0 // indirect github.com/mdlayher/netlink v1.7.2 // indirect github.com/mdlayher/socket v0.4.1 // indirect - github.com/mitchellh/go-wordwrap v1.0.0 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect + github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect @@ -198,40 +199,40 @@ require ( github.com/stoewer/go-strcase v1.2.0 // indirect github.com/ti-mo/netfilter v0.5.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect - github.com/xlab/treeprint v1.1.0 // indirect + github.com/xlab/treeprint v1.2.0 // indirect gitlab.com/golang-commonmark/puny v0.0.0-20191124015043-9f83538fa04f // indirect - go.etcd.io/etcd/api/v3 v3.5.5 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.5 // indirect - go.etcd.io/etcd/client/v3 v3.5.5 // indirect + go.etcd.io/etcd/api/v3 v3.5.10 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect + go.etcd.io/etcd/client/v3 v3.5.10 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 // indirect - go.opentelemetry.io/otel v1.20.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0 // indirect - go.opentelemetry.io/otel/metric v1.20.0 // indirect - go.opentelemetry.io/otel/sdk v1.20.0 // indirect - go.opentelemetry.io/otel/trace v1.20.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/sdk v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect go.opentelemetry.io/proto/otlp v1.0.0 // indirect - go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - go.uber.org/atomic v1.10.0 // indirect - go.uber.org/multierr v1.9.0 // indirect - go.uber.org/zap v1.24.0 // indirect + go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.25.0 // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.zx2c4.com/wireguard v0.0.0-20210427022245-097af6e1351b // indirect - gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/cli-runtime v0.26.4 // indirect - k8s.io/kms v0.26.4 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect + k8s.io/cli-runtime v0.29.2 // indirect + k8s.io/kms v0.29.2 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.12.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index dbce8099c9a..db0badd7c06 100644 --- a/go.sum +++ b/go.sum @@ -50,25 +50,22 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alessio/shellescape v1.2.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alexflint/go-filemutex v1.2.0 h1:1v0TJPDtlhgpW4nJ+GvxCLSlUDC3+gW0CQQvlmfDR/s= github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves= -github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da h1:8GUt8eRujhVEGZFFEjBj46YV4rDjvGrNxb0KMWYkL2I= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go-v2 v1.16.10 h1:+yDD0tcuHRQZgqONkpDwzepqmElQaSlFPymHRHR9mrc= github.com/aws/aws-sdk-go-v2 v1.16.10/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo= @@ -107,8 +104,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.16.12 h1:YU9UHPukkCCnETHEExOptF/BxPv github.com/aws/aws-sdk-go-v2/service/sts v1.16.12/go.mod h1:b53qpmhHk7mTL2J/tfG6f38neZiyBQSiNXGCuNKq4+4= github.com/aws/smithy-go v1.12.1 h1:yQRC55aXN/y1W10HgwHle01DRuV9Dpf31iGkotjt3Ag= github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -129,7 +126,6 @@ github.com/cenkalti/rpc2 v0.0.0-20180727162946-9642ea02d0aa h1:t+iWhuJE2aropY4ux github.com/cenkalti/rpc2 v0.0.0-20180727162946-9642ea02d0aa/go.mod h1:v2npkhrXyk5BCnkNIiPdRI23Uq6uWPUQGL2hnRcRr/M= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= @@ -141,8 +137,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= @@ -165,12 +159,13 @@ github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsa github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -179,8 +174,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -196,27 +191,20 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik= -github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= -github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= @@ -225,44 +213,39 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= -github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= -github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= +github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw= +github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/gammazero/deque v0.1.2 h1:WvbDJ3YaT4ELf9+Cq9lv4Ef0aPRyZeEpIoVkjOw9kes= github.com/gammazero/deque v0.1.2/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw= github.com/go-faster/city v1.0.1/go.mod h1:jKcUJId49qdW3L1qKHH/3wPeUstCVpVSXTM6vO3VcTw= github.com/go-faster/errors v0.6.1 h1:nNIPOBkprlKzkThvS/0YaX8Zs9KewLCOSFQS5BU06FI= github.com/go-faster/errors v0.6.1/go.mod h1:5MGV2/2T9yvlrbhe9pD9LO5Z/2zCSq2T8j+Jpi2LAyY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= -github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= -github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= +github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= +github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -283,8 +266,8 @@ github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3Hfo github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= @@ -323,6 +306,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= @@ -337,7 +322,6 @@ github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -354,16 +338,17 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M= -github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= +github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -371,6 +356,7 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -396,8 +382,9 @@ github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1a github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -457,7 +444,6 @@ github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/rasw github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= @@ -469,12 +455,10 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.3.0 h1:MjRRgZyTGo90G+UrwlDQjU+uG4Z7By65qvQxGoILT/8= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.3.0/go.mod h1:nqCI7aelBJU61wiBeeZWJ6oi4bJy5nrjkM6lWIMA4j0= github.com/k8snetworkplumbingwg/sriov-cni v2.1.0+incompatible h1:5comk9qUB9j99Oc+rvnm92RWWe9urdJ1TP3cXM3fmmc= @@ -489,12 +473,10 @@ github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCy github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -562,13 +544,13 @@ github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPk github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -582,7 +564,6 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -644,8 +625,6 @@ github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prY github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -657,24 +636,18 @@ github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -695,7 +668,6 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -748,8 +720,8 @@ github.com/ti-mo/netfilter v0.5.0/go.mod h1:nt+8B9hx/QpqHr7Hazq+2qMCCA8u2OTkyc/7 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -764,79 +736,72 @@ github.com/vmware/go-ipfix v0.9.0 h1:4/N5eFliqULEaCUQV0lafOpN/1bItPE9OTAPGhrIXus github.com/vmware/go-ipfix v0.9.0/go.mod h1:MYEdL6Uel2ufOZyVCKvIAaw9hwnewK8aPr7rnwRbxMY= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= -github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= gitlab.com/golang-commonmark/puny v0.0.0-20191124015043-9f83538fa04f h1:Wku8eEdeJqIOFHtrfkYUByc4bCaTeA6fL0UJgfEiFMI= gitlab.com/golang-commonmark/puny v0.0.0-20191124015043-9f83538fa04f/go.mod h1:Tiuhl+njh/JIg0uS/sOJVYi0x2HEa5rc1OAaVsb5tAs= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0= -go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= -go.etcd.io/etcd/client/pkg/v3 v3.5.5 h1:9S0JUVvmrVl7wCF39iTQthdaaNIiAaQbmK75ogO6GU8= -go.etcd.io/etcd/client/pkg/v3 v3.5.5/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= -go.etcd.io/etcd/client/v2 v2.305.5 h1:DktRP60//JJpnPC0VBymAN/7V71GHMdjDCBt4ZPXDjI= -go.etcd.io/etcd/client/v2 v2.305.5/go.mod h1:zQjKllfqfBVyVStbt4FaosoX2iYd8fV/GRy/PbowgP4= -go.etcd.io/etcd/client/v3 v3.5.5 h1:q++2WTJbUgpQu4B6hCuT7VkdwaTP7Qz6Daak3WzbrlI= -go.etcd.io/etcd/client/v3 v3.5.5/go.mod h1:aApjR4WGlSumpnJ2kloS75h6aHUmAyaPLjHMxpc7E7c= -go.etcd.io/etcd/pkg/v3 v3.5.5 h1:Ablg7T7OkR+AeeeU32kdVhw/AGDsitkKPl7aW73ssjU= -go.etcd.io/etcd/pkg/v3 v3.5.5/go.mod h1:6ksYFxttiUGzC2uxyqiyOEvhAiD0tuIqSZkX3TyPdaE= -go.etcd.io/etcd/raft/v3 v3.5.5 h1:Ibz6XyZ60OYyRopu73lLM/P+qco3YtlZMOhnXNS051I= -go.etcd.io/etcd/raft/v3 v3.5.5/go.mod h1:76TA48q03g1y1VpTue92jZLr9lIHKUNcYdZOOGyx8rI= -go.etcd.io/etcd/server/v3 v3.5.5 h1:jNjYm/9s+f9A9r6+SC4RvNaz6AqixpOvhrFdT0PvIj0= -go.etcd.io/etcd/server/v3 v3.5.5/go.mod h1:rZ95vDw/jrvsbj9XpTqPrTAB9/kzchVdhRirySPkUBc= +go.etcd.io/etcd/api/v3 v3.5.10 h1:szRajuUUbLyppkhs9K6BRtjY37l66XQQmw7oZRANE4k= +go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI= +go.etcd.io/etcd/client/pkg/v3 v3.5.10 h1:kfYIdQftBnbAq8pUWFXfpuuxFSKzlmM5cSn76JByiT0= +go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U= +go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= +go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= +go.etcd.io/etcd/client/v3 v3.5.10 h1:W9TXNZ+oB3MCd/8UjxHTWK5J9Nquw9fQBLJd5ne5/Ao= +go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc= +go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= +go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= +go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= +go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= +go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg= +go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 h1:PzIubN4/sjByhDRHLviCjJuweBXWFZWhghjg7cS28+M= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0/go.mod h1:Ct6zzQEuGK3WpJs2n4dn+wfJYzd/+hNnxMRTWjGn30M= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 h1:1eHu3/pUSWaOgltNK3WJFaywKsTIr/PwvHyDmi0lQA0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0/go.mod h1:HyABWq60Uy1kjJSa2BVOxUVao8Cdick5AWSKPutqy6U= -go.opentelemetry.io/otel v1.20.0 h1:vsb/ggIY+hUjD/zCAQHpzTmndPqv/ml2ArbsbfBYTAc= -go.opentelemetry.io/otel v1.20.0/go.mod h1:oUIGj3D77RwJdM6PPZImDpSZGDvkD9fhesHny69JFrs= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 h1:DeFD0VgTZ+Cj6hxravYYZE2W4GlneVH81iAOPjZkzk8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0/go.mod h1:GijYcYmNpX1KazD5JmWGsi4P7dDTTTnfv1UbGn84MnU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0 h1:gvmNvqrPYovvyRmCSygkUDyL8lC5Tl845MLEwqpxhEU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0/go.mod h1:vNUq47TGFioo+ffTSnKNdob241vePmtNZnAODKapKd0= -go.opentelemetry.io/otel/metric v1.20.0 h1:ZlrO8Hu9+GAhnepmRGhSU7/VkpjrNowxRN9GyKR4wzA= -go.opentelemetry.io/otel/metric v1.20.0/go.mod h1:90DRw3nfK4D7Sm/75yQ00gTJxtkBxX+wu6YaNymbpVM= -go.opentelemetry.io/otel/sdk v1.20.0 h1:5Jf6imeFZlZtKv9Qbo6qt2ZkmWtdWx/wzcCbNUlAWGM= -go.opentelemetry.io/otel/sdk v1.20.0/go.mod h1:rmkSx1cZCm/tn16iWDn1GQbLtsW/LvsdEEFzCSRM6V0= -go.opentelemetry.io/otel/trace v1.20.0 h1:+yxVAPZPbQhbC3OfAkeIVTky6iTFpcr4SiY9om7mXSQ= -go.opentelemetry.io/otel/trace v1.20.0/go.mod h1:HJSK7F/hA5RlzpZ0zKDCHCDHm556LCDtKaAo6JmBFUU= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= +go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= -go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= -go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= -go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= +go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -857,15 +822,14 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= @@ -895,8 +859,6 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -904,7 +866,6 @@ golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210504132125-bbd867fde50d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -915,7 +876,6 @@ golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -926,7 +886,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= @@ -951,7 +910,6 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -965,8 +923,6 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602100848-8d3cce7afc34/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -979,12 +935,8 @@ golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309040221-94ec62e08169/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503173754-0981d6026fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1003,6 +955,7 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= @@ -1012,7 +965,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= @@ -1037,15 +989,12 @@ golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= @@ -1058,8 +1007,8 @@ golang.zx2c4.com/wireguard v0.0.0-20210427022245-097af6e1351b/go.mod h1:a057zjmo golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210506160403-92e472f520a5 h1:LpEwXnbN4q2EIPkqbG9KHBUrducJYDOOdL+eMcJAlFo= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210506160403-92e472f520a5/go.mod h1:+1XihzyZUBJcSc5WO9SwNA7v26puQwOEDwanaxfNXPQ= gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= -gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1070,10 +1019,7 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= @@ -1087,11 +1033,7 @@ google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -1102,7 +1044,6 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= @@ -1129,9 +1070,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1140,92 +1079,86 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= -k8s.io/api v0.26.4 h1:qSG2PmtcD23BkYiWfoYAcak870eF/hE7NNYBYavTT94= -k8s.io/api v0.26.4/go.mod h1:WwKEXU3R1rgCZ77AYa7DFksd9/BAIKyOmRlbVxgvjCk= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio= -k8s.io/apiextensions-apiserver v0.26.4 h1:9D2RTxYGxrG5uYg6D7QZRcykXvavBvcA59j5kTaedQI= -k8s.io/apiextensions-apiserver v0.26.4/go.mod h1:cd4uGFGIgzEqUghWpRsr9KE8j2KNTjY8Ji8pnMMazyw= +k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= +k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= -k8s.io/apimachinery v0.26.4 h1:rZccKdBLg9vP6J09JD+z8Yr99Ce8gk3Lbi9TCx05Jzs= -k8s.io/apimachinery v0.26.4/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8= -k8s.io/apiserver v0.26.4 h1:3Oq4mnJv0mzVX7BR/Nod+8KjlELf/3Ljvu9ZWDyLUoA= -k8s.io/apiserver v0.26.4/go.mod h1:yAY3O1vBM4/0OIGAGeWcdfzQvgdwJ188VirLcuSAVnw= -k8s.io/cli-runtime v0.26.4 h1:MgSU871KDzBDX7V9GtuqS6Ai9lhQCHgRzkurnXOWtZ0= -k8s.io/cli-runtime v0.26.4/go.mod h1:MjJ2DXMChw2zcG0/agzm17xwKpfVxOfuoCdfY9iOCOE= +k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= +k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= +k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= +k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g= -k8s.io/client-go v0.26.4 h1:/7P/IbGBuT73A+G97trf44NTPSNqvuBREpOfdLbHvD4= -k8s.io/client-go v0.26.4/go.mod h1:6qOItWm3EwxJdl/8p5t7FWtWUOwyMdA8N9ekbW4idpI= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= k8s.io/component-base v0.18.4/go.mod h1:7jr/Ef5PGmKwQhyAz/pjByxJbC58mhKAhiaDu0vXfPk= -k8s.io/component-base v0.26.4 h1:Bg2xzyXNKL3eAuiTEu3XE198d6z22ENgFgGQv2GGOUk= -k8s.io/component-base v0.26.4/go.mod h1:lTuWL1Xz/a4e80gmIC3YZG2JCO4xNwtKWHJWeJmsq20= +k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= +k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.26.4 h1:mQ+DeOvgAHC6+heZcozPkEd3rWtP4DVVjo1hLSih9w4= -k8s.io/kms v0.26.4/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= -k8s.io/kube-aggregator v0.26.4 h1:iGljhq5exQkbuc3bnkwUx95RPCBDExg7DkX9XaYhg6w= -k8s.io/kube-aggregator v0.26.4/go.mod h1:eWfg4tU0+l57ebWiS5THOANIJUrKRxudSVDJ+63bqvQ= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kms v0.29.2 h1:MDsbp98gSlEQs7K7dqLKNNTwKFQRYYvO4UOlBOjNy6Y= +k8s.io/kms v0.29.2/go.mod h1:s/9RC4sYRZ/6Tn6yhNjbfJuZdb8LzlXhdlBnKizeFDo= +k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= +k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kubectl v0.26.4 h1:A0Oa0u/po4KxXnXsNCOwLojAe9cQR3TJNJabEIf7U1w= -k8s.io/kubectl v0.26.4/go.mod h1:cWtp/+I4p+h5En3s2zO1zCry9v3/6h37EQ2tF3jNRnM= -k8s.io/kubelet v0.26.4 h1:SEQPfjN4lu4uL9O8NdeN7Aum3liQ4kOnp/yC3jMRMUo= -k8s.io/kubelet v0.26.4/go.mod h1:ZMPGTCnrQ5UOlC7igXhbW9cgna1LtTRWLaHub4dA2FU= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kubectl v0.29.2 h1:uaDYaBhumvkwz0S2XHt36fK0v5IdNgL7HyUniwb2IUo= +k8s.io/kubectl v0.29.2/go.mod h1:BhizuYBGcKaHWyq+G7txGw2fXg576QbPrrnQdQDZgqI= +k8s.io/kubelet v0.29.2 h1:bQ2StqkUqPCFNLtGLsb3v3O2LKQHXNMju537zOGboRg= +k8s.io/kubelet v0.29.2/go.mod h1:i5orNPqW/fAMrqptbCXFW/vLBBP12TZZc41IrrvF7SY= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.14.6 h1:oxstGVvXGNnMvY7TAESYk+lzr6S3V5VFxQ6d92KcwQA= -sigs.k8s.io/controller-runtime v0.14.6/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= +sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= +sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.8.1/go.mod h1:oNKTxUVPYkV9lWzY6CVMNluVq8cBsyq+UgPJdvA3uu4= -sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= -sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= -sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= -sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= sigs.k8s.io/mcs-api v0.1.0 h1:edDbg0oRGfXw8TmZjKYep06LcJLv/qcYLidejnUp0PM= sigs.k8s.io/mcs-api v0.1.0/go.mod h1:gGiAryeFNB4GBsq2LBmVqSgKoobLxt+p7ii/WG5QYYw= sigs.k8s.io/network-policy-api v0.1.1 h1:KDW+AkvCCQI3h8yH8j0hurhvPLNtLeVvmZoqtMaG9ew= sigs.k8s.io/network-policy-api v0.1.1/go.mod h1:F7S5fsb7QEzlLjuMgTGfUT4LRHylRbx2xDDpHfJKKEs= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 719d6b549c4..d5d66efb1f8 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -18,7 +18,7 @@ set -o errexit set -o pipefail ANTREA_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )" -IMAGE_NAME="antrea/codegen:kubernetes-1.26.4-build.1" +IMAGE_NAME="antrea/codegen:kubernetes-1.29.2" # Recent versions of Git will not access .git directories which are owned by # another user (as a security measure), unless the directories are explicitly diff --git a/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go b/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go index af0ed8c8c3c..b66ce52639a 100644 --- a/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go +++ b/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go @@ -18,7 +18,6 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - config "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" ) // Precedence defines the precedence of Node IP type. @@ -37,8 +36,12 @@ const ( // +kubebuilder:printcolumn:name="Service CIDR",type=string,JSONPath=`.serviceCIDR`,description="Manually specified Service CIDR" type MultiClusterConfig struct { metav1.TypeMeta `json:",inline"` - // ControllerManagerConfigurationSpec defines the contfigurations for controllers. - config.ControllerManagerConfigurationSpec `json:",inline"` + // Metrics contains the controller metrics configuration + Metrics ControllerMetrics `json:"metrics,omitempty"` + // Health contains the controller health configuration + Health ControllerHealth `json:"health,omitempty"` + // Webhook contains the controllers webhook configuration + Webhook ControllerWebhook `json:"webhook,omitempty"` // ServiceCIDR allows user to set the ClusterIP range of the cluster manually. ServiceCIDR string `json:"serviceCIDR,omitempty"` // PodCIDRs is the Pod IP address CIDRs. @@ -59,6 +62,34 @@ type MultiClusterConfig struct { EnableStretchedNetworkPolicy bool `json:"enableStretchedNetworkPolicy,omitempty"` } +type ControllerMetrics struct { + // BindAddress is the TCP address that the controller should bind to + // for serving prometheus metrics. + // It can be set to "0" to disable the metrics serving. + BindAddress string `json:"bindAddress,omitempty"` +} + +type ControllerWebhook struct { + // Port is the port that the webhook server serves at. + // It is used to set webhook.Server.Port. + Port *int `json:"port,omitempty"` + // Host is the hostname that the webhook server binds to. + // It is used to set webhook.Server.Host. + Host string `json:"host,omitempty"` + // CertDir is the directory that contains the server key and certificate. + // if not set, webhook server would look up the server key and certificate in + // {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + // must be named tls.key and tls.crt, respectively. + CertDir string `json:"certDir,omitempty"` +} + +type ControllerHealth struct { + // HealthProbeBindAddress is the TCP address that the controller should bind to + // for serving health probes + // It can be set to "0" or "" to disable serving the health probe. + HealthProbeBindAddress string `json:"healthProbeBindAddress,omitempty"` +} + func init() { SchemeBuilder.Register(&MultiClusterConfig{}) } diff --git a/multicluster/apis/multicluster/v1alpha1/zz_generated.deepcopy.go b/multicluster/apis/multicluster/v1alpha1/zz_generated.deepcopy.go index ebebbdea7eb..60a07c018b7 100644 --- a/multicluster/apis/multicluster/v1alpha1/zz_generated.deepcopy.go +++ b/multicluster/apis/multicluster/v1alpha1/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -305,6 +305,56 @@ func (in *ClusterStatus) DeepCopy() *ClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerHealth) DeepCopyInto(out *ControllerHealth) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerHealth. +func (in *ControllerHealth) DeepCopy() *ControllerHealth { + if in == nil { + return nil + } + out := new(ControllerHealth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerMetrics) DeepCopyInto(out *ControllerMetrics) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerMetrics. +func (in *ControllerMetrics) DeepCopy() *ControllerMetrics { + if in == nil { + return nil + } + out := new(ControllerMetrics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerWebhook) DeepCopyInto(out *ControllerWebhook) { + *out = *in + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerWebhook. +func (in *ControllerWebhook) DeepCopy() *ControllerWebhook { + if in == nil { + return nil + } + out := new(ControllerWebhook) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EndpointsExport) DeepCopyInto(out *EndpointsExport) { *out = *in @@ -626,7 +676,9 @@ func (in *MemberClusterAnnounceList) DeepCopyObject() runtime.Object { func (in *MultiClusterConfig) DeepCopyInto(out *MultiClusterConfig) { *out = *in out.TypeMeta = in.TypeMeta - in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec) + out.Metrics = in.Metrics + out.Health = in.Health + in.Webhook.DeepCopyInto(&out.Webhook) if in.PodCIDRs != nil { in, out := &in.PodCIDRs, &out.PodCIDRs *out = make([]string, len(*in)) diff --git a/multicluster/build/yamls/antrea-multicluster-leader-global.yml b/multicluster/build/yamls/antrea-multicluster-leader-global.yml index 7cb1e1ab4a1..d48efd8f64e 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader-global.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader-global.yml @@ -2735,13 +2735,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2809,13 +2806,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2877,12 +2871,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match @@ -3168,11 +3172,10 @@ spec: supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was - under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific annotations - when available. This field may be removed in a future API - version.' + under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations + when available.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -3191,12 +3194,22 @@ spec: port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names (as + per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as + described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port within the service. @@ -5678,13 +5691,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -5752,13 +5762,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -5820,12 +5827,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match diff --git a/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml b/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml index c1c8bb56785..b9f7e243bd8 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml @@ -298,8 +298,6 @@ data: bindAddress: "0" webhook: port: 9443 - leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "" @@ -356,7 +354,7 @@ spec: template: metadata: annotations: - checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2 + checksum/config: 81ec1a33aace39ae40ac2f5d909b5d1d0208bbe6a1e8d1d9ada232bcc583b76a labels: app: antrea component: antrea-mc-controller diff --git a/multicluster/build/yamls/antrea-multicluster-leader.yml b/multicluster/build/yamls/antrea-multicluster-leader.yml index 38f2c43342c..52af7d58209 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader.yml @@ -2735,13 +2735,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2809,13 +2806,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2877,12 +2871,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match @@ -3168,11 +3172,10 @@ spec: supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was - under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific annotations - when available. This field may be removed in a future API - version.' + under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations + when available.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -3191,12 +3194,22 @@ spec: port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names (as + per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as + described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port within the service. @@ -5678,13 +5691,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -5752,13 +5762,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -5820,12 +5827,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match @@ -6398,8 +6415,6 @@ data: bindAddress: "0" webhook: port: 9443 - leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "" @@ -6456,7 +6471,7 @@ spec: template: metadata: annotations: - checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2 + checksum/config: 81ec1a33aace39ae40ac2f5d909b5d1d0208bbe6a1e8d1d9ada232bcc583b76a labels: app: antrea component: antrea-mc-controller diff --git a/multicluster/build/yamls/antrea-multicluster-member.yml b/multicluster/build/yamls/antrea-multicluster-member.yml index 47f0adfc8c7..5642c80ac57 100644 --- a/multicluster/build/yamls/antrea-multicluster-member.yml +++ b/multicluster/build/yamls/antrea-multicluster-member.yml @@ -1152,8 +1152,6 @@ data: bindAddress: "0" webhook: port: 9443 - leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "" @@ -1199,7 +1197,7 @@ spec: template: metadata: annotations: - checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2 + checksum/config: 81ec1a33aace39ae40ac2f5d909b5d1d0208bbe6a1e8d1d9ada232bcc583b76a labels: app: antrea component: antrea-mc-controller diff --git a/multicluster/cmd/multicluster-controller/clusterset_webhook_test.go b/multicluster/cmd/multicluster-controller/clusterset_webhook_test.go index e8de60a93f6..8e23f008544 100644 --- a/multicluster/cmd/multicluster-controller/clusterset_webhook_test.go +++ b/multicluster/cmd/multicluster-controller/clusterset_webhook_test.go @@ -25,7 +25,6 @@ import ( v1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/klog/v2" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -181,10 +180,7 @@ func TestWebhookClusterSetEvents(t *testing.T) { }, } - decoder, err := admission.NewDecoder(common.TestScheme) - if err != nil { - klog.ErrorS(err, "Error constructing a decoder") - } + decoder := admission.NewDecoder(common.TestScheme) for _, tt := range tests { objects := []client.Object{} diff --git a/multicluster/cmd/multicluster-controller/controller.go b/multicluster/cmd/multicluster-controller/controller.go index bf86deb45be..00c39a4145b 100644 --- a/multicluster/cmd/multicluster-controller/controller.go +++ b/multicluster/cmd/multicluster-controller/controller.go @@ -35,8 +35,10 @@ import ( aggregatorclientset "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" + controllerruntimeclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/webhook" k8smcsv1alpha1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" @@ -148,7 +150,7 @@ func setupManagerAndCertController(isLeader bool, o *Options) (manager.Manager, secureServing := genericoptions.NewSecureServingOptions().WithLoopback() caCertController, err := certificate.ApplyServerCert(o.SelfSignedCert, client, aggregatorClient, apiExtensionClient, - secureServing, getCaConfig(isLeader, o.options.Namespace)) + secureServing, getCaConfig(isLeader, o.Namespace)) if err != nil { return nil, fmt.Errorf("error applying server cert: %v", err) } @@ -157,25 +159,31 @@ func setupManagerAndCertController(isLeader bool, o *Options) (manager.Manager, } if o.SelfSignedCert { - o.options.CertDir = selfSignedCertDir + o.options.Metrics.CertDir = selfSignedCertDir + o.WebhookConfig.CertDir = selfSignedCertDir } else { - o.options.CertDir = certDir + o.options.Metrics.CertDir = certDir + o.WebhookConfig.CertDir = certDir } + o.options.WebhookServer = webhook.NewServer(webhook.Options{ + Port: *o.WebhookConfig.Port, + Host: o.WebhookConfig.Host, + CertDir: o.WebhookConfig.CertDir, + }) namespaceFieldSelector := fields.SelectorFromSet(fields.Set{"metadata.namespace": env.GetPodNamespace()}) - o.options.NewCache = cache.BuilderWithOptions(cache.Options{ - SelectorsByObject: cache.SelectorsByObject{ - &mcv1alpha1.Gateway{}: { - Field: namespaceFieldSelector, - }, - &mcv1alpha2.ClusterSet{}: { - Field: namespaceFieldSelector, - }, - &mcv1alpha1.MemberClusterAnnounce{}: { - Field: namespaceFieldSelector, - }, + o.options.Cache.DefaultFieldSelector = namespaceFieldSelector + o.options.Cache.ByObject = map[controllerruntimeclient.Object]cache.ByObject{ + &mcv1alpha1.Gateway{}: { + Field: namespaceFieldSelector, }, - }) + &mcv1alpha2.ClusterSet{}: { + Field: namespaceFieldSelector, + }, + &mcv1alpha1.MemberClusterAnnounce{}: { + Field: namespaceFieldSelector, + }, + } // EndpointSlice is enabled in AntreaProxy by default since v1.11, so Antrea MC // will use EndpointSlice API by default to keep consistent with AntreaProxy. @@ -198,9 +206,13 @@ func setupManagerAndCertController(isLeader bool, o *Options) (manager.Manager, } o.ClusterCalimCRDAvailable = clusterClaimCRDAvailable - mgr, err := ctrl.NewManager(k8sConfig, o.options) + mgr, err := ctrl.NewManager(k8sConfig, manager.Options{ + Scheme: o.options.Scheme, + Metrics: o.options.Metrics, + HealthProbeBindAddress: o.options.HealthProbeBindAddress, + }) if err != nil { - return nil, fmt.Errorf("error starting manager: %v", err) + return nil, fmt.Errorf("error creating manager: %v", err) } //+kubebuilder:scaffold:builder diff --git a/multicluster/cmd/multicluster-controller/gateway_webhook_test.go b/multicluster/cmd/multicluster-controller/gateway_webhook_test.go index 210eb67e71f..b2bec75ca66 100644 --- a/multicluster/cmd/multicluster-controller/gateway_webhook_test.go +++ b/multicluster/cmd/multicluster-controller/gateway_webhook_test.go @@ -26,7 +26,6 @@ import ( authenticationv1 "k8s.io/api/authentication/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/klog/v2" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -173,10 +172,7 @@ func TestWebhookGatewayEvents(t *testing.T) { }, } - decoder, err := admission.NewDecoder(common.TestScheme) - if err != nil { - klog.ErrorS(err, "Error constructing a decoder") - } + decoder := admission.NewDecoder(common.TestScheme) for _, tt := range tests { fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects().Build() if tt.existingGateway != nil { diff --git a/multicluster/cmd/multicluster-controller/leader.go b/multicluster/cmd/multicluster-controller/leader.go index 2fee6958c43..a9ad3a01cf4 100644 --- a/multicluster/cmd/multicluster-controller/leader.go +++ b/multicluster/cmd/multicluster-controller/leader.go @@ -52,7 +52,7 @@ func newLeaderCommand() *cobra.Command { func runLeader(o *Options) error { // on the leader we want the reconciler to run for a given Namespace instead of cluster scope podNamespace := env.GetPodNamespace() - o.options.Namespace = podNamespace + o.Namespace = podNamespace stopCh := signals.RegisterSignalHandlers() mgr, err := setupManagerAndCertControllerFunc(true, o) diff --git a/multicluster/cmd/multicluster-controller/leader_test.go b/multicluster/cmd/multicluster-controller/leader_test.go index 26660b139f6..bdf73b033dc 100644 --- a/multicluster/cmd/multicluster-controller/leader_test.go +++ b/multicluster/cmd/multicluster-controller/leader_test.go @@ -29,7 +29,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache/informertest" "sigs.k8s.io/controller-runtime/pkg/client/fake" - "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/config" "sigs.k8s.io/controller-runtime/pkg/webhook" "antrea.io/antrea/multicluster/controllers/multicluster/common" @@ -39,13 +39,13 @@ import ( func initMockManager(mockManager *mocks.MockManager) { fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects().Build() - mockManager.EXPECT().GetWebhookServer().Return(&webhook.Server{}).AnyTimes() - mockManager.EXPECT().GetWebhookServer().Return(&webhook.Server{}).AnyTimes() + mockManager.EXPECT().GetWebhookServer().Return(&webhook.DefaultServer{}).AnyTimes() + mockManager.EXPECT().GetWebhookServer().Return(&webhook.DefaultServer{}).AnyTimes() mockManager.EXPECT().GetClient().Return(fakeClient).AnyTimes() mockManager.EXPECT().GetScheme().Return(common.TestScheme).AnyTimes() - mockManager.EXPECT().GetControllerOptions().Return(v1alpha1.ControllerConfigurationSpec{}).AnyTimes() + mockManager.EXPECT().GetControllerOptions().Return(config.Controller{}).AnyTimes() + mockManager.EXPECT().GetCache().Return(&informertest.FakeInformers{}).AnyTimes() mockManager.EXPECT().GetLogger().Return(klog.NewKlogr()).AnyTimes() - mockManager.EXPECT().SetFields(gomock.Any()).Return(nil).AnyTimes() mockManager.EXPECT().Add(gomock.Any()).Return(nil).AnyTimes() mockManager.EXPECT().Start(gomock.Any()).Return(nil).AnyTimes() mockManager.EXPECT().GetConfig().Return(&rest.Config{}).AnyTimes() diff --git a/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook_test.go b/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook_test.go index 3d5bb19f7df..640e8e0b129 100644 --- a/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook_test.go +++ b/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook_test.go @@ -27,7 +27,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/klog/v2" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -252,10 +251,7 @@ func TestMemberClusterAnnounceWebhook(t *testing.T) { }, } - decoder, err := admission.NewDecoder(common.TestScheme) - if err != nil { - klog.ErrorS(err, "Error constructing a decoder") - } + decoder := admission.NewDecoder(common.TestScheme) for _, tt := range tests { fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects().WithLists(existingServiceAccounts).Build() if tt.existingClusterSet != nil { diff --git a/multicluster/cmd/multicluster-controller/options.go b/multicluster/cmd/multicluster-controller/options.go index f5b8358a489..f28e6439e52 100644 --- a/multicluster/cmd/multicluster-controller/options.go +++ b/multicluster/cmd/multicluster-controller/options.go @@ -17,10 +17,15 @@ package main import ( "fmt" "net" + "os" "github.com/spf13/pflag" + "gopkg.in/yaml.v2" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" mcsv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" "antrea.io/antrea/multicluster/controllers/multicluster/common" @@ -31,6 +36,7 @@ type Options struct { configFile string SelfSignedCert bool options ctrl.Options + Namespace string // The Service ClusterIP range used in the member cluster. ServiceCIDR string // PodCIDRs is the Pod IP address CIDRs of the member cluster. @@ -49,6 +55,8 @@ type Options struct { // ClusterCalimCRDAvailable indicates if the ClusterClaim CRD is available or not // in the cluster. ClusterCalimCRDAvailable bool + // WebhookConfig contains the controllers webhook configuration + WebhookConfig mcsv1alpha1.ControllerWebhook } func newOptions() *Options { @@ -64,10 +72,8 @@ func (o *Options) complete(args []string) error { ctrlConfig := &mcsv1alpha1.MultiClusterConfig{} if len(o.configFile) > 0 { klog.InfoS("Loading config", "file", o.configFile) - options, err = options.AndFrom(ctrl.ConfigFile().AtPath(o.configFile).OfKind(ctrlConfig)) - if err != nil { - klog.ErrorS(err, "Failed to load options") - return fmt.Errorf("failed to load options from configuration file %s", o.configFile) + if err = o.loadConfigFromFile(ctrlConfig); err != nil { + return err } o.options = options if ctrlConfig.ServiceCIDR != "" { @@ -87,6 +93,7 @@ func (o *Options) complete(args []string) error { o.ServiceCIDR = ctrlConfig.ServiceCIDR o.PodCIDRs = cidrs o.GatewayIPPrecedence = ctrlConfig.GatewayIPPrecedence + o.WebhookConfig = ctrlConfig.Webhook if ctrlConfig.EndpointIPType == "" { o.EndpointIPType = common.EndpointIPTypeClusterIP } else { @@ -110,10 +117,33 @@ func (o *Options) addFlags(fs *pflag.FlagSet) { func (o *Options) setDefaults() { o.options = ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: "0", - Port: 9443, + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: "0", + }, HealthProbeBindAddress: ":8080", - LeaderElection: false, } } + +func (o *Options) loadConfigFromFile(multiclusterConfig *mcsv1alpha1.MultiClusterConfig) error { + data, err := os.ReadFile(o.configFile) + if err != nil { + return err + } + codecs := serializer.NewCodecFactory(scheme) + if err := yaml.Unmarshal(data, multiclusterConfig); err != nil { + return err + } + if err = runtime.DecodeInto(codecs.UniversalDecoder(), data, multiclusterConfig); err != nil { + return err + } + + if multiclusterConfig.Metrics.BindAddress != "" { + o.options.Metrics.BindAddress = multiclusterConfig.Metrics.BindAddress + } + if multiclusterConfig.Health.HealthProbeBindAddress != "" { + o.options.HealthProbeBindAddress = multiclusterConfig.Health.HealthProbeBindAddress + } + + return nil +} diff --git a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-empty-podcidrs.yml b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-empty-podcidrs.yml index decbb468ccb..a3fe15cadf3 100644 --- a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-empty-podcidrs.yml +++ b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-empty-podcidrs.yml @@ -6,8 +6,6 @@ metrics: bindAddress: "0" webhook: port: 9443 -leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "" diff --git a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml index ccaeb9a2c25..de97c067924 100644 --- a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml +++ b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml @@ -6,8 +6,6 @@ metrics: bindAddress: "0" webhook: port: 9443 -leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "10.10.0.0/16" diff --git a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-podcidrs.yml b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-podcidrs.yml index 5a84017356e..18d827dcac4 100644 --- a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-podcidrs.yml +++ b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-podcidrs.yml @@ -6,8 +6,6 @@ metrics: bindAddress: "0" webhook: port: 9443 -leaderElection: - leaderElect: false serviceCIDR: "10.100.0.0/16" podCIDRs: - "10.10a.0.0/16" diff --git a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-valid-podcidrs.yml b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-valid-podcidrs.yml index 0638f8f284f..539ece2c0a7 100644 --- a/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-valid-podcidrs.yml +++ b/multicluster/cmd/multicluster-controller/testdata/antrea-mc-config-with-valid-podcidrs.yml @@ -6,8 +6,6 @@ metrics: bindAddress: "0" webhook: port: 9443 -leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "10.10.0.0/16" diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml index 4bd6104aace..06e0249cf57 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml @@ -2325,13 +2325,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2399,13 +2396,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2467,12 +2461,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match @@ -2758,11 +2762,10 @@ spec: supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was - under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific annotations - when available. This field may be removed in a future API - version.' + under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations + when available.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -2781,12 +2784,22 @@ spec: port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names (as + per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as + described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port within the service. diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml index 4c5fe68f0a6..70b1ae126c2 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml @@ -2323,13 +2323,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2397,13 +2394,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be - loopback (127.0.0.0/8), link-local (169.254.0.0/16), - or link-local multicast ((224.0.0.0/24). IPv6 is - also accepted but not fully supported on all platforms. - Also, certain kubernetes components, like kube-proxy, - are not IPv6 ready. TODO: This should allow hostname - or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 + or fe80::/10), or link-local multicast (224.0.0.0/24 + or ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. @@ -2465,12 +2459,22 @@ spec: single port. properties: appProtocol: - description: The application protocol for this port. + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 prior knowledge over cleartext as described + in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." type: string name: description: The name of this port. This must match diff --git a/multicluster/config/default/configmap/controller_manager_config.yaml b/multicluster/config/default/configmap/controller_manager_config.yaml index 853e3d117a2..f811380d396 100644 --- a/multicluster/config/default/configmap/controller_manager_config.yaml +++ b/multicluster/config/default/configmap/controller_manager_config.yaml @@ -6,8 +6,6 @@ metrics: bindAddress: "0" webhook: port: 9443 -leaderElection: - leaderElect: false serviceCIDR: "" podCIDRs: - "" diff --git a/multicluster/controllers/multicluster/commonarea/remote_common_area.go b/multicluster/controllers/multicluster/commonarea/remote_common_area.go index 82d7e88df28..3f6384035d8 100644 --- a/multicluster/controllers/multicluster/commonarea/remote_common_area.go +++ b/multicluster/controllers/multicluster/commonarea/remote_common_area.go @@ -31,8 +31,10 @@ import ( "k8s.io/client-go/tools/clientcmd" "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" mcv1alpha2 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha2" @@ -153,9 +155,15 @@ func GetRemoteConfigAndClient(secretObj *v1.Secret, url string, clusterID common config.QPS = common.ResourceExchangeQPS config.Burst = common.ResourceExchangeBurst remoteCommonAreaMgr, err := ctrl.NewManager(config, ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: "0", - Namespace: clusterSet.Spec.Namespace, + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: "0", + }, + Cache: cache.Options{ + DefaultNamespaces: map[string]cache.Config{ + clusterSet.Spec.Namespace: {}, + }, + }, }) if err != nil { klog.ErrorS(err, "Error creating manager for RemoteCommonArea", "cluster", clusterID) diff --git a/multicluster/controllers/multicluster/leader/clusterset_controller_test.go b/multicluster/controllers/multicluster/leader/clusterset_controller_test.go index 0c6a0045264..c2d79465cff 100644 --- a/multicluster/controllers/multicluster/leader/clusterset_controller_test.go +++ b/multicluster/controllers/multicluster/leader/clusterset_controller_test.go @@ -81,7 +81,7 @@ var ( func createMockClients(t *testing.T, objects ...client.Object) (client.Client, *MockMemberClusterStatusManager) { fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme). - WithObjects(objects...).Build() + WithObjects(objects...).WithStatusSubresource(objects...).Build() mockCtrl := gomock.NewController(t) mockStatusManager := NewMockMemberClusterStatusManager(mockCtrl) diff --git a/multicluster/controllers/multicluster/leader/resourceexport_controller_test.go b/multicluster/controllers/multicluster/leader/resourceexport_controller_test.go index bc720ccf35b..c678eb270b2 100644 --- a/multicluster/controllers/multicluster/leader/resourceexport_controller_test.go +++ b/multicluster/controllers/multicluster/leader/resourceexport_controller_test.go @@ -167,7 +167,8 @@ func TestResourceExportReconciler_handleEndpointsExportDeleteEvent(t *testing.T) } expectedSubsets := common.EPNginxSubset2 namespacedName := types.NamespacedName{Namespace: "default", Name: "default-nginx-endpoints"} - fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingResExport1, existingResExport2, existResImport).Build() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingResExport1, existingResExport2, existResImport). + WithStatusSubresource(existingResExport1, existingResExport2, existResImport).Build() r := NewResourceExportReconciler(fakeClient, common.TestScheme) if _, err := r.Reconcile(common.TestCtx, epResReq); err != nil { t.Errorf("ResourceExport Reconciler should handle Endpoints ResourceExport delete event successfully but got error = %v", err) @@ -383,7 +384,7 @@ func TestResourceExportReconciler_handleSingleServiceUpdateEvent(t *testing.T) { } namespacedName := types.NamespacedName{Namespace: "default", Name: "default-nginx-service"} fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme). - WithObjects(newResExport, existResImport).Build() + WithObjects(newResExport, existResImport).WithStatusSubresource(newResExport, existResImport).Build() r := NewResourceExportReconciler(fakeClient, common.TestScheme) if _, err := r.Reconcile(common.TestCtx, svcResReq); err != nil { t.Errorf("ResourceExport Reconciler should handle Service ResourceExport update event successfully but got error = %v", err) @@ -419,7 +420,7 @@ func TestResourceExportReconciler_handleServiceUpdateEvent(t *testing.T) { } fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme). - WithObjects(newResExport, existingResExport2, existResImport).Build() + WithObjects(newResExport, existingResExport2, existResImport).WithStatusSubresource(newResExport, existingResExport2, existResImport).Build() r := NewResourceExportReconciler(fakeClient, common.TestScheme) if _, err := r.Reconcile(common.TestCtx, svcResReq); err != nil { if !assert.Contains(t, err.Error(), "don't match existing") { diff --git a/multicluster/controllers/multicluster/leader/stale_controller.go b/multicluster/controllers/multicluster/leader/stale_controller.go index 6b4fd9892a7..cf4ef7bee3c 100644 --- a/multicluster/controllers/multicluster/leader/stale_controller.go +++ b/multicluster/controllers/multicluster/leader/stale_controller.go @@ -97,7 +97,7 @@ func (c *StaleResCleanupController) Run(stopCh <-chan struct{}) { klog.InfoS("Starting StaleResCleanupController") defer klog.InfoS("Shutting down StaleResCleanupController") - ctx, _ := wait.ContextForChannel(stopCh) + ctx := wait.ContextForChannel(stopCh) go wait.UntilWithContext(ctx, c.cleanUpExpiredMemberClusterAnnounces, memberClusterAnnounceStaleTime/2) <-stopCh } diff --git a/multicluster/controllers/multicluster/leader/stale_controller_test.go b/multicluster/controllers/multicluster/leader/stale_controller_test.go index a16a66aaefc..8b54dc17879 100644 --- a/multicluster/controllers/multicluster/leader/stale_controller_test.go +++ b/multicluster/controllers/multicluster/leader/stale_controller_test.go @@ -76,6 +76,7 @@ func TestReconcile(t *testing.T) { Name: "member-announce-from-cluster-1", Namespace: "default", DeletionTimestamp: &now, + Finalizers: []string{"test-membercluster-announce-finalizer"}, }, ClusterID: "cluster-1", } @@ -120,7 +121,8 @@ func TestReconcile(t *testing.T) { defer func() { getResourceExportsByClusterIDFunc = getResourceExportsByClusterID }() - fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithLists(tt.existingResExports).WithObjects(tt.existingMemberAnnounce).Build() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithLists(tt.existingResExports). + WithObjects(tt.existingMemberAnnounce).WithStatusSubresource(tt.existingMemberAnnounce).Build() c := NewStaleResCleanupController(fakeClient, common.TestScheme) ctx := context.Background() _, err := c.Reconcile(ctx, ctrl.Request{ diff --git a/multicluster/controllers/multicluster/member/clusterset_controller_test.go b/multicluster/controllers/multicluster/member/clusterset_controller_test.go index f4abea90432..e4440ee8818 100644 --- a/multicluster/controllers/multicluster/member/clusterset_controller_test.go +++ b/multicluster/controllers/multicluster/member/clusterset_controller_test.go @@ -114,8 +114,8 @@ func TestMemberClusterStatus(t *testing.T) { ObservedGeneration: 1, }, } - fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingClusterSet).Build() - fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingClusterSet).Build() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingClusterSet).WithStatusSubresource(existingClusterSet).Build() + fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(existingClusterSet).WithStatusSubresource(existingClusterSet).Build() conditions := []mcv1alpha2.ClusterCondition{ { Message: "Member Connected", diff --git a/multicluster/controllers/multicluster/member/gateway_controller.go b/multicluster/controllers/multicluster/member/gateway_controller.go index a2e561f20f3..7c2ed5f5ef7 100644 --- a/multicluster/controllers/multicluster/member/gateway_controller.go +++ b/multicluster/controllers/multicluster/member/gateway_controller.go @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" "antrea.io/antrea/multicluster/apis/multicluster/constants" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" @@ -186,7 +185,7 @@ func (r *GatewayReconciler) createResourceExport(ctx context.Context, req ctrl.R func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&mcv1alpha1.Gateway{}). - Watches(&source.Kind{Type: &mcv1alpha2.ClusterSet{}}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), + Watches(&mcv1alpha2.ClusterSet{}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), builder.WithPredicates(statusReadyPredicate)). WithOptions(controller.Options{ // TODO: add a lock for r.serviceCIDR and r.localClusterID if @@ -196,13 +195,12 @@ func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager) error { Complete(r) } -func (r *GatewayReconciler) clusterSetMapFunc(a client.Object) []reconcile.Request { +func (r *GatewayReconciler) clusterSetMapFunc(ctx context.Context, a client.Object) []reconcile.Request { clusterSet := &mcv1alpha2.ClusterSet{} requests := []reconcile.Request{} if a.GetNamespace() != r.namespace { return requests } - ctx := context.TODO() err := r.Client.Get(ctx, types.NamespacedName{Namespace: a.GetNamespace(), Name: a.GetName()}, clusterSet) if err == nil { if len(clusterSet.Status.Conditions) > 0 && clusterSet.Status.Conditions[0].Status == v1.ConditionTrue { diff --git a/multicluster/controllers/multicluster/member/gateway_controller_test.go b/multicluster/controllers/multicluster/member/gateway_controller_test.go index d8b11f28b35..95361c0a328 100644 --- a/multicluster/controllers/multicluster/member/gateway_controller_test.go +++ b/multicluster/controllers/multicluster/member/gateway_controller_test.go @@ -17,6 +17,7 @@ limitations under the License. package member import ( + "context" "reflect" "testing" "time" @@ -81,6 +82,7 @@ func TestGatewayReconciler(t *testing.T) { gwNode1New.GatewayIP = "10.10.10.12" staleExistingResExport := existingResExport.DeepCopy() staleExistingResExport.DeletionTimestamp = &metav1.Time{Time: time.Now()} + staleExistingResExport.Finalizers = append(staleExistingResExport.Finalizers, constants.ResourceExportFinalizer) tests := []struct { name string namespacedName types.NamespacedName @@ -148,10 +150,10 @@ func TestGatewayReconciler(t *testing.T) { node := n obj = append(obj, &node) } - fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(obj...).Build() - fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects().Build() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(obj...).WithStatusSubresource(obj...).Build() + fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects().WithStatusSubresource().Build() if tt.resExport != nil { - fakeRemoteClient = fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(tt.resExport).Build() + fakeRemoteClient = fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(tt.resExport).WithStatusSubresource(tt.resExport).Build() } commonArea := commonarea.NewFakeRemoteCommonArea(fakeRemoteClient, "leader-cluster", common.LocalClusterID, common.LeaderNamespace, nil) mcReconciler := NewMemberClusterSetReconciler(fakeClient, common.TestScheme, "default", false, false, make(chan struct{})) @@ -254,15 +256,17 @@ func TestClusterSetMapFunc_Gateway(t *testing.T) { }, }, } + ctx := context.Background() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(clusterSet, gw1).Build() r := NewGatewayReconciler(fakeClient, common.TestScheme, "default", []string{"10.200.1.1/16"}, nil) - requests := r.clusterSetMapFunc(clusterSet) + requests := r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, expectedReqs, requests) - requests = r.clusterSetMapFunc(deletedClusterSet) + requests = r.clusterSetMapFunc(ctx, deletedClusterSet) assert.Equal(t, []reconcile.Request{}, requests) r = NewGatewayReconciler(fakeClient, common.TestScheme, "mismatch_ns", []string{"10.200.1.1/16"}, nil) - requests = r.clusterSetMapFunc(clusterSet) + requests = r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, []reconcile.Request{}, requests) } diff --git a/multicluster/controllers/multicluster/member/labelidentity_controller.go b/multicluster/controllers/multicluster/member/labelidentity_controller.go index 6d333e25021..254287d5af3 100644 --- a/multicluster/controllers/multicluster/member/labelidentity_controller.go +++ b/multicluster/controllers/multicluster/member/labelidentity_controller.go @@ -38,7 +38,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" "antrea.io/antrea/multicluster/apis/multicluster/constants" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" @@ -135,10 +134,10 @@ func (r *LabelIdentityReconciler) checkRemoteCommonArea() bool { func (r *LabelIdentityReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&v1.Pod{}, builder.WithPredicates(predicate.LabelChangedPredicate{})). - Watches(&source.Kind{Type: &v1.Namespace{}}, + Watches(&v1.Namespace{}, handler.EnqueueRequestsFromMapFunc(r.namespaceMapFunc), builder.WithPredicates(predicate.LabelChangedPredicate{})). - Watches(&source.Kind{Type: &mcv1alpha2.ClusterSet{}}, + Watches(&mcv1alpha2.ClusterSet{}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), builder.WithPredicates(statusReadyPredicate)). WithOptions(controller.Options{ @@ -147,13 +146,12 @@ func (r *LabelIdentityReconciler) SetupWithManager(mgr ctrl.Manager) error { Complete(r) } -func (r *LabelIdentityReconciler) clusterSetMapFunc(a client.Object) []reconcile.Request { +func (r *LabelIdentityReconciler) clusterSetMapFunc(ctx context.Context, a client.Object) []reconcile.Request { clusterSet := &mcv1alpha2.ClusterSet{} requests := []reconcile.Request{} if a.GetNamespace() != r.namespace { return requests } - ctx := context.TODO() err := r.Client.Get(ctx, types.NamespacedName{Namespace: a.GetNamespace(), Name: a.GetName()}, clusterSet) if err == nil { if len(clusterSet.Status.Conditions) > 0 && clusterSet.Status.Conditions[0].Status == v1.ConditionTrue { @@ -181,7 +179,7 @@ func (r *LabelIdentityReconciler) clusterSetMapFunc(a client.Object) []reconcile // namespaceMapFunc handles Namespace update events (Namespace label change) by enqueuing // all Pods in the Namespace into the reconciler processing queue. -func (r *LabelIdentityReconciler) namespaceMapFunc(ns client.Object) []reconcile.Request { +func (r *LabelIdentityReconciler) namespaceMapFunc(ctx context.Context, ns client.Object) []reconcile.Request { podList := &v1.PodList{} r.Client.List(context.TODO(), podList, client.InNamespace(ns.GetName())) requests := make([]reconcile.Request, len(podList.Items)) diff --git a/multicluster/controllers/multicluster/member/labelidentity_controller_test.go b/multicluster/controllers/multicluster/member/labelidentity_controller_test.go index 98b63ec22e2..f1169a59af5 100644 --- a/multicluster/controllers/multicluster/member/labelidentity_controller_test.go +++ b/multicluster/controllers/multicluster/member/labelidentity_controller_test.go @@ -17,6 +17,7 @@ limitations under the License. package member import ( + "context" "reflect" "testing" "time" @@ -246,7 +247,7 @@ func TestNamespaceMapFunc(t *testing.T) { mcReconciler.SetRemoteCommonArea(commonArea) r := NewLabelIdentityReconciler(fakeClient, common.TestScheme, mcReconciler, "default") - actualReq := r.namespaceMapFunc(ns) + actualReq := r.namespaceMapFunc(context.Background(), ns) assert.ElementsMatch(t, expReq, actualReq) } @@ -342,18 +343,18 @@ func TestClusterSetMapFunc_LabelIdentity(t *testing.T) { } fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(clusterSet).WithLists(pods).Build() r := NewLabelIdentityReconciler(fakeClient, common.TestScheme, nil, clusterSet.Namespace) - requests := r.clusterSetMapFunc(clusterSet) + requests := r.clusterSetMapFunc(context.Background(), clusterSet) assert.Equal(t, expectedReqs, requests) r = NewLabelIdentityReconciler(fakeClient, common.TestScheme, nil, "mismatch_ns") - requests = r.clusterSetMapFunc(clusterSet) + requests = r.clusterSetMapFunc(context.Background(), clusterSet) assert.Equal(t, []reconcile.Request{}, requests) // non-existing ClusterSet r = NewLabelIdentityReconciler(fakeClient, common.TestScheme, nil, "default") r.labelToPodsCache["label"] = sets.New[string]("default/nginx") r.podLabelCache["default/nginx"] = "label" - requests = r.clusterSetMapFunc(clusterSet2) + requests = r.clusterSetMapFunc(context.Background(), clusterSet2) assert.Equal(t, []reconcile.Request{}, requests) assert.Equal(t, 0, len(r.labelToPodsCache)) assert.Equal(t, 0, len(r.labelToPodsCache)) diff --git a/multicluster/controllers/multicluster/member/node_controller.go b/multicluster/controllers/multicluster/member/node_controller.go index 52a1eb14884..2a883943b67 100644 --- a/multicluster/controllers/multicluster/member/node_controller.go +++ b/multicluster/controllers/multicluster/member/node_controller.go @@ -36,7 +36,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" mcv1alpha2 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha2" @@ -373,7 +372,7 @@ func (r *NodeReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). For(&corev1.Node{}). - Watches(&source.Kind{Type: &mcv1alpha2.ClusterSet{}}, + Watches(&mcv1alpha2.ClusterSet{}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), builder.WithPredicates(statusReadyPredicate)). WithOptions(controller.Options{ @@ -382,13 +381,12 @@ func (r *NodeReconciler) SetupWithManager(mgr ctrl.Manager) error { Complete(r) } -func (r *NodeReconciler) clusterSetMapFunc(a client.Object) []reconcile.Request { +func (r *NodeReconciler) clusterSetMapFunc(ctx context.Context, a client.Object) []reconcile.Request { clusterSet := &mcv1alpha2.ClusterSet{} requests := []reconcile.Request{} if a.GetNamespace() != r.namespace { return requests } - ctx := context.TODO() err := r.Client.Get(ctx, types.NamespacedName{Namespace: a.GetNamespace(), Name: a.GetName()}, clusterSet) if err == nil { if len(clusterSet.Status.Conditions) > 0 && clusterSet.Status.Conditions[0].Status == corev1.ConditionTrue { diff --git a/multicluster/controllers/multicluster/member/node_controller_test.go b/multicluster/controllers/multicluster/member/node_controller_test.go index 0484498960d..e8ac2c3a68f 100644 --- a/multicluster/controllers/multicluster/member/node_controller_test.go +++ b/multicluster/controllers/multicluster/member/node_controller_test.go @@ -17,6 +17,7 @@ limitations under the License. package member import ( + "context" "testing" "github.com/stretchr/testify/assert" @@ -373,16 +374,18 @@ func TestClusterSetMapFunc(t *testing.T) { }, }, } + ctx := context.Background() + fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(clusterSet, node1).Build() r := NewNodeReconciler(fakeClient, common.TestScheme, "default", "10.200.1.1/16", "", nil) - requests := r.clusterSetMapFunc(clusterSet) + requests := r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, expectedReqs, requests) - requests = r.clusterSetMapFunc(deletedClusterSet) + requests = r.clusterSetMapFunc(ctx, deletedClusterSet) assert.Equal(t, []reconcile.Request{}, requests) r = NewNodeReconciler(fakeClient, common.TestScheme, "mismatch_ns", "10.200.1.1/16", "", nil) - requests = r.clusterSetMapFunc(clusterSet) + requests = r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, []reconcile.Request{}, requests) } diff --git a/multicluster/controllers/multicluster/member/serviceexport_controller.go b/multicluster/controllers/multicluster/member/serviceexport_controller.go index 3f8635008a8..557ad9faeb7 100644 --- a/multicluster/controllers/multicluster/member/serviceexport_controller.go +++ b/multicluster/controllers/multicluster/member/serviceexport_controller.go @@ -39,7 +39,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" k8smcsv1alpha1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" "antrea.io/antrea/multicluster/apis/multicluster/constants" @@ -506,9 +505,9 @@ func (r *ServiceExportReconciler) SetupWithManager(mgr ctrl.Manager) error { if r.endpointSliceEnabled { return ctrl.NewControllerManagedBy(mgr). For(&k8smcsv1alpha1.ServiceExport{}, versionChangePredicates). - Watches(&source.Kind{Type: &corev1.Service{}}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). - Watches(&source.Kind{Type: &discovery.EndpointSlice{}}, handler.EnqueueRequestsFromMapFunc(endpointSliceMapFunc), versionChangePredicates). - Watches(&source.Kind{Type: &mcv1alpha2.ClusterSet{}}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), + Watches(&corev1.Service{}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). + Watches(&discovery.EndpointSlice{}, handler.EnqueueRequestsFromMapFunc(endpointSliceMapFunc), versionChangePredicates). + Watches(&mcv1alpha2.ClusterSet{}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), builder.WithPredicates(statusReadyPredicate)). WithOptions(controller.Options{ MaxConcurrentReconciles: common.DefaultWorkerCount, @@ -517,9 +516,9 @@ func (r *ServiceExportReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). For(&k8smcsv1alpha1.ServiceExport{}, versionChangePredicates). - Watches(&source.Kind{Type: &corev1.Service{}}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). - Watches(&source.Kind{Type: &corev1.Endpoints{}}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). - Watches(&source.Kind{Type: &mcv1alpha2.ClusterSet{}}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), + Watches(&corev1.Service{}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). + Watches(&corev1.Endpoints{}, handler.EnqueueRequestsFromMapFunc(objectMapFunc), versionChangePredicates). + Watches(&mcv1alpha2.ClusterSet{}, handler.EnqueueRequestsFromMapFunc(r.clusterSetMapFunc), builder.WithPredicates(statusReadyPredicate)). WithOptions(controller.Options{ MaxConcurrentReconciles: common.DefaultWorkerCount, @@ -529,14 +528,13 @@ func (r *ServiceExportReconciler) SetupWithManager(mgr ctrl.Manager) error { // clusterSetMapFunc handles ClusterSet events by enqueuing all ServiceExports // into the reconciler processing queue. -func (r *ServiceExportReconciler) clusterSetMapFunc(a client.Object) []reconcile.Request { +func (r *ServiceExportReconciler) clusterSetMapFunc(ctx context.Context, a client.Object) []reconcile.Request { clusterSet := &mcv1alpha2.ClusterSet{} requests := []reconcile.Request{} if a.GetNamespace() != r.namespace { return requests } - ctx := context.TODO() err := r.Client.Get(ctx, types.NamespacedName{Namespace: a.GetNamespace(), Name: a.GetName()}, clusterSet) if err == nil { if len(clusterSet.Status.Conditions) > 0 && clusterSet.Status.Conditions[0].Status == corev1.ConditionTrue { @@ -566,7 +564,7 @@ func (r *ServiceExportReconciler) clusterSetMapFunc(a client.Object) []reconcile // When there are any Service or Endpoints changes, it might be reflected in ResourceExport // in leader cluster as well, so ServiceExportReconciler also needs to watch // Service and Endpoints events. -func objectMapFunc(a client.Object) []reconcile.Request { +func objectMapFunc(ctx context.Context, a client.Object) []reconcile.Request { return []reconcile.Request{ { NamespacedName: types.NamespacedName{ @@ -577,7 +575,7 @@ func objectMapFunc(a client.Object) []reconcile.Request { } } -func endpointSliceMapFunc(a client.Object) []reconcile.Request { +func endpointSliceMapFunc(ctx context.Context, a client.Object) []reconcile.Request { labels := a.GetLabels() svcName := labels[discovery.LabelServiceName] mappedObject := types.NamespacedName{} diff --git a/multicluster/controllers/multicluster/member/serviceexport_controller_test.go b/multicluster/controllers/multicluster/member/serviceexport_controller_test.go index 9ec9a6c2a8f..91e2027c8ea 100644 --- a/multicluster/controllers/multicluster/member/serviceexport_controller_test.go +++ b/multicluster/controllers/multicluster/member/serviceexport_controller_test.go @@ -17,6 +17,7 @@ limitations under the License. package member import ( + "context" "reflect" "testing" @@ -271,7 +272,9 @@ func TestServiceExportReconciler_CheckExportStatus(t *testing.T) { } fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(mcsSvc, nginx0Svc, nginx1Svc, nginx3Svc, svcNoClusterIP, nginx1EP, svcNoClusterIPEP, - nginx2Svc, existSvcExport, nginx0SvcExport, nginx1SvcExportWithStatus, nginx2SvcExportWithStatus, nginx3SvcExport, mcsSvcExport, svcExpNoClusterIP).Build() + nginx2Svc, existSvcExport, nginx0SvcExport, nginx1SvcExportWithStatus, nginx2SvcExportWithStatus, nginx3SvcExport, mcsSvcExport, svcExpNoClusterIP). + WithStatusSubresource(mcsSvc, nginx0Svc, nginx1Svc, nginx3Svc, svcNoClusterIP, nginx1EP, svcNoClusterIPEP, nginx0SvcExport, nginx1SvcExportWithStatus, nginx2SvcExportWithStatus, nginx3SvcExport, mcsSvcExport, svcExpNoClusterIP). + Build() fakeRemoteClient := fake.NewClientBuilder().WithScheme(common.TestScheme).Build() commonArea := commonarea.NewFakeRemoteCommonArea(fakeRemoteClient, "leader-cluster", common.LocalClusterID, "default", nil) @@ -335,13 +338,15 @@ func TestServiceExportReconciler_handleServiceExportCreateEvent(t *testing.T) { fakeClient client.WithWatch }{ { - name: "with Endpoint API", - fakeClient: fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(common.SvcNginx, common.EPNginx, existSvcExport).Build(), + name: "with Endpoint API", + fakeClient: fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(common.SvcNginx, common.EPNginx, existSvcExport). + WithStatusSubresource(common.SvcNginx, common.EPNginx, existSvcExport).Build(), endpointIPType: "ClusterIP", }, { - name: "with EndpointSlice API", - fakeClient: fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(common.SvcNginx, epsNginx, existSvcExport).Build(), + name: "with EndpointSlice API", + fakeClient: fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(common.SvcNginx, epsNginx, existSvcExport). + WithStatusSubresource(common.SvcNginx, epsNginx, existSvcExport).Build(), endpointIPType: "PodIP", endpointSliceEnabled: true, }, @@ -568,6 +573,7 @@ func TestServiceExportReconciler_handleUpdateEvent(t *testing.T) { } func Test_objectMapFunc(t *testing.T) { + ctx := context.Background() tests := []struct { name string obj client.Object @@ -593,7 +599,7 @@ func Test_objectMapFunc(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := objectMapFunc(tt.obj); !reflect.DeepEqual(got, tt.want) { + if got := objectMapFunc(ctx, tt.obj); !reflect.DeepEqual(got, tt.want) { t.Errorf("Test_objectMapFunc() = %v, want %v", got, tt.want) } }) @@ -601,6 +607,7 @@ func Test_objectMapFunc(t *testing.T) { } func Test_endpointSliceMapFunc(t *testing.T) { + ctx := context.Background() tests := []struct { name string obj client.Object @@ -637,7 +644,7 @@ func Test_endpointSliceMapFunc(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := endpointSliceMapFunc(tt.obj); !reflect.DeepEqual(got, tt.want) { + if got := endpointSliceMapFunc(ctx, tt.obj); !reflect.DeepEqual(got, tt.want) { t.Errorf("Test_endpointSliceMapFunc() = %v, want %v", got, tt.want) } }) @@ -696,20 +703,21 @@ func TestClusterSetMapFunc_ServiceExport(t *testing.T) { }, }, } + ctx := context.Background() fakeClient := fake.NewClientBuilder().WithScheme(common.TestScheme).WithObjects(clusterSet).WithLists(serviceExports).Build() r := NewServiceExportReconciler(fakeClient, common.TestScheme, nil, "PodIP", true, clusterSet.Namespace) - requests := r.clusterSetMapFunc(clusterSet) + requests := r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, expectedReqs, requests) r = NewServiceExportReconciler(fakeClient, common.TestScheme, nil, "PodIP", true, "mismatch_ns") - requests = r.clusterSetMapFunc(clusterSet) + requests = r.clusterSetMapFunc(ctx, clusterSet) assert.Equal(t, []reconcile.Request{}, requests) // non-existing ClusterSet r = NewServiceExportReconciler(fakeClient, common.TestScheme, nil, "PodIP", true, "default") r.installedSvcs.Add(&svcInfo{name: "nginx-stale", namespace: "default"}) r.installedEps.Add(&epInfo{name: "nginx-stale", namespace: "default"}) - requests = r.clusterSetMapFunc(clusterSet2) + requests = r.clusterSetMapFunc(ctx, clusterSet2) assert.Equal(t, []reconcile.Request{}, requests) assert.Equal(t, 0, len(r.installedSvcs.List())) assert.Equal(t, 0, len(r.installedEps.List())) diff --git a/multicluster/controllers/multicluster/member/stale_controller.go b/multicluster/controllers/multicluster/member/stale_controller.go index cc1a62444c8..fcd4d0482df 100644 --- a/multicluster/controllers/multicluster/member/stale_controller.go +++ b/multicluster/controllers/multicluster/member/stale_controller.go @@ -371,7 +371,7 @@ func (c *StaleResCleanupController) Run(stopCh <-chan struct{}) { klog.InfoS("Starting StaleResCleanupController") defer klog.InfoS("Shutting down StaleResCleanupController") - ctx, _ := wait.ContextForChannel(stopCh) + ctx := wait.ContextForChannel(stopCh) go func() { retry.OnError(common.CleanUpRetry, func(err error) bool { return true }, diff --git a/multicluster/hack/update-codegen.sh b/multicluster/hack/update-codegen.sh index 2aff4bdbe22..35a9c3ff230 100755 --- a/multicluster/hack/update-codegen.sh +++ b/multicluster/hack/update-codegen.sh @@ -18,7 +18,7 @@ set -o errexit set -o pipefail ANTREA_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../" && pwd )" -IMAGE_NAME="antrea/codegen:kubernetes-1.26.4-build.1" +IMAGE_NAME="antrea/codegen:kubernetes-1.29.2" # Recent versions of Git will not access .git directories which are owned by # another user (as a security measure), unless the directories are explicitly diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterinfoimport.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterinfoimport.go index f45b880a86f..0be5abde9ef 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterinfoimport.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterinfoimport.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeClusterInfoImports struct { ns string } -var clusterinfoimportsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "clusterinfoimports"} +var clusterinfoimportsResource = v1alpha1.SchemeGroupVersion.WithResource("clusterinfoimports") -var clusterinfoimportsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "ClusterInfoImport"} +var clusterinfoimportsKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterInfoImport") // Get takes name of the clusterInfoImport, and returns the corresponding clusterInfoImport object, and an error if there is any. func (c *FakeClusterInfoImports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterInfoImport, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterset.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterset.go index 39b5b83317a..d1a57eee98e 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterset.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_clusterset.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeClusterSets struct { ns string } -var clustersetsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "clustersets"} +var clustersetsResource = v1alpha1.SchemeGroupVersion.WithResource("clustersets") -var clustersetsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "ClusterSet"} +var clustersetsKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterSet") // Get takes name of the clusterSet, and returns the corresponding clusterSet object, and an error if there is any. func (c *FakeClusterSets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterSet, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_gateway.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_gateway.go index e0d409c984c..d3e26888ad6 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_gateway.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_gateway.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeGateways struct { ns string } -var gatewaysResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "gateways"} +var gatewaysResource = v1alpha1.SchemeGroupVersion.WithResource("gateways") -var gatewaysKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "Gateway"} +var gatewaysKind = v1alpha1.SchemeGroupVersion.WithKind("Gateway") // Get takes name of the gateway, and returns the corresponding gateway object, and an error if there is any. func (c *FakeGateways) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Gateway, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_labelidentity.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_labelidentity.go index 571d5d8847c..6849c9c60e3 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_labelidentity.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_labelidentity.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeLabelIdentities struct { Fake *FakeMulticlusterV1alpha1 } -var labelidentitiesResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "labelidentities"} +var labelidentitiesResource = v1alpha1.SchemeGroupVersion.WithResource("labelidentities") -var labelidentitiesKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "LabelIdentity"} +var labelidentitiesKind = v1alpha1.SchemeGroupVersion.WithKind("LabelIdentity") // Get takes name of the labelIdentity, and returns the corresponding labelIdentity object, and an error if there is any. func (c *FakeLabelIdentities) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LabelIdentity, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_memberclusterannounce.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_memberclusterannounce.go index 1f44f731eb5..e63629048cc 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_memberclusterannounce.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_memberclusterannounce.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeMemberClusterAnnounces struct { ns string } -var memberclusterannouncesResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "memberclusterannounces"} +var memberclusterannouncesResource = v1alpha1.SchemeGroupVersion.WithResource("memberclusterannounces") -var memberclusterannouncesKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "MemberClusterAnnounce"} +var memberclusterannouncesKind = v1alpha1.SchemeGroupVersion.WithKind("MemberClusterAnnounce") // Get takes name of the memberClusterAnnounce, and returns the corresponding memberClusterAnnounce object, and an error if there is any. func (c *FakeMemberClusterAnnounces) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.MemberClusterAnnounce, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceexport.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceexport.go index b0853da39ad..e54aa17f715 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceexport.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceexport.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeResourceExports struct { ns string } -var resourceexportsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "resourceexports"} +var resourceexportsResource = v1alpha1.SchemeGroupVersion.WithResource("resourceexports") -var resourceexportsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "ResourceExport"} +var resourceexportsKind = v1alpha1.SchemeGroupVersion.WithKind("ResourceExport") // Get takes name of the resourceExport, and returns the corresponding resourceExport object, and an error if there is any. func (c *FakeResourceExports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ResourceExport, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceimport.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceimport.go index cf98358d37a..d60bd0a1c66 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceimport.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha1/fake/fake_resourceimport.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeResourceImports struct { ns string } -var resourceimportsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Resource: "resourceimports"} +var resourceimportsResource = v1alpha1.SchemeGroupVersion.WithResource("resourceimports") -var resourceimportsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha1", Kind: "ResourceImport"} +var resourceimportsKind = v1alpha1.SchemeGroupVersion.WithKind("ResourceImport") // Get takes name of the resourceImport, and returns the corresponding resourceImport object, and an error if there is any. func (c *FakeResourceImports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ResourceImport, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterclaim.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterclaim.go index 7b2f7f5c7a6..8d1a2969c92 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterclaim.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterclaim.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeClusterClaims struct { ns string } -var clusterclaimsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha2", Resource: "clusterclaims"} +var clusterclaimsResource = v1alpha2.SchemeGroupVersion.WithResource("clusterclaims") -var clusterclaimsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha2", Kind: "ClusterClaim"} +var clusterclaimsKind = v1alpha2.SchemeGroupVersion.WithKind("ClusterClaim") // Get takes name of the clusterClaim, and returns the corresponding clusterClaim object, and an error if there is any. func (c *FakeClusterClaims) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterClaim, err error) { diff --git a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterset.go b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterset.go index fbdba69bb5e..1bd409d02f8 100644 --- a/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterset.go +++ b/multicluster/pkg/client/clientset/versioned/typed/multicluster/v1alpha2/fake/fake_clusterset.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeClusterSets struct { ns string } -var clustersetsResource = schema.GroupVersionResource{Group: "multicluster.crd.antrea.io", Version: "v1alpha2", Resource: "clustersets"} +var clustersetsResource = v1alpha2.SchemeGroupVersion.WithResource("clustersets") -var clustersetsKind = schema.GroupVersionKind{Group: "multicluster.crd.antrea.io", Version: "v1alpha2", Kind: "ClusterSet"} +var clustersetsKind = v1alpha2.SchemeGroupVersion.WithKind("ClusterSet") // Get takes name of the clusterSet, and returns the corresponding clusterSet object, and an error if there is any. func (c *FakeClusterSets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterSet, err error) { diff --git a/multicluster/pkg/client/informers/externalversions/factory.go b/multicluster/pkg/client/informers/externalversions/factory.go index aeec2a2bd59..5aed620f6de 100644 --- a/multicluster/pkg/client/informers/externalversions/factory.go +++ b/multicluster/pkg/client/informers/externalversions/factory.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -40,6 +40,7 @@ type sharedInformerFactory struct { lock sync.Mutex defaultResync time.Duration customResync map[reflect.Type]time.Duration + transform cache.TransformFunc informers map[reflect.Type]cache.SharedIndexInformer // startedInformers is used for tracking which informers have been started. @@ -78,6 +79,14 @@ func WithNamespace(namespace string) SharedInformerOption { } } +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { return NewSharedInformerFactoryWithOptions(client, defaultResync) @@ -164,7 +173,7 @@ func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[ref return res } -// InternalInformerFor returns the SharedIndexInformer for obj using an internal +// InformerFor returns the SharedIndexInformer for obj using an internal // client. func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { f.lock.Lock() @@ -182,6 +191,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal } informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) f.informers[informerType] = informer return informer @@ -237,7 +247,7 @@ type SharedInformerFactory interface { // ForResource gives generic access to a shared informer of the matching type. ForResource(resource schema.GroupVersionResource) (GenericInformer, error) - // InternalInformerFor returns the SharedIndexInformer for obj using an internal + // InformerFor returns the SharedIndexInformer for obj using an internal // client. InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer diff --git a/multicluster/test/integration/suite_test.go b/multicluster/test/integration/suite_test.go index fa795fc0802..a36fc8ff71e 100644 --- a/multicluster/test/integration/suite_test.go +++ b/multicluster/test/integration/suite_test.go @@ -134,7 +134,7 @@ var _ = BeforeSuite(func() { k8sServerURL = testEnv.Config.Host stopCh := signals.RegisterSignalHandlers() - ctx, _ := wait.ContextForChannel(stopCh) + ctx := wait.ContextForChannel(stopCh) By("Creating MemberClusterSetReconciler") k8sClient.Create(ctx, leaderNS) diff --git a/multicluster/test/mocks/mock_controller_runtime_manager.go b/multicluster/test/mocks/mock_controller_runtime_manager.go index 193198fea01..b1af80f9eec 100644 --- a/multicluster/test/mocks/mock_controller_runtime_manager.go +++ b/multicluster/test/mocks/mock_controller_runtime_manager.go @@ -32,7 +32,7 @@ import ( record "k8s.io/client-go/tools/record" cache "sigs.k8s.io/controller-runtime/pkg/cache" client "sigs.k8s.io/controller-runtime/pkg/client" - v1alpha1 "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" + config "sigs.k8s.io/controller-runtime/pkg/config" healthz "sigs.k8s.io/controller-runtime/pkg/healthz" manager "sigs.k8s.io/controller-runtime/pkg/manager" webhook "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -70,51 +70,37 @@ func (m *MockManager) Add(arg0 manager.Runnable) error { } // Add indicates an expected call of Add. -func (mr *MockManagerMockRecorder) Add(arg0 interface{}) *gomock.Call { +func (mr *MockManagerMockRecorder) Add(arg0 any) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Add", reflect.TypeOf((*MockManager)(nil).Add), arg0) } // AddHealthzCheck mocks base method. -func (m *MockManager) AddHealthzCheck(arg0 string, arg1 healthz.Checker) error { +func (m *MockManager) AddHealthzCheck(name string, check healthz.Checker) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "AddHealthzCheck", arg0, arg1) + ret := m.ctrl.Call(m, "AddHealthzCheck", name, check) ret0, _ := ret[0].(error) return ret0 } // AddHealthzCheck indicates an expected call of AddHealthzCheck. -func (mr *MockManagerMockRecorder) AddHealthzCheck(arg0, arg1 interface{}) *gomock.Call { +func (mr *MockManagerMockRecorder) AddHealthzCheck(name, check any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddHealthzCheck", reflect.TypeOf((*MockManager)(nil).AddHealthzCheck), arg0, arg1) -} - -// AddMetricsExtraHandler mocks base method. -func (m *MockManager) AddMetricsExtraHandler(arg0 string, arg1 http.Handler) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "AddMetricsExtraHandler", arg0, arg1) - ret0, _ := ret[0].(error) - return ret0 -} - -// AddMetricsExtraHandler indicates an expected call of AddMetricsExtraHandler. -func (mr *MockManagerMockRecorder) AddMetricsExtraHandler(arg0, arg1 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddMetricsExtraHandler", reflect.TypeOf((*MockManager)(nil).AddMetricsExtraHandler), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddHealthzCheck", reflect.TypeOf((*MockManager)(nil).AddHealthzCheck), name, check) } // AddReadyzCheck mocks base method. -func (m *MockManager) AddReadyzCheck(arg0 string, arg1 healthz.Checker) error { +func (m *MockManager) AddReadyzCheck(name string, check healthz.Checker) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "AddReadyzCheck", arg0, arg1) + ret := m.ctrl.Call(m, "AddReadyzCheck", name, check) ret0, _ := ret[0].(error) return ret0 } // AddReadyzCheck indicates an expected call of AddReadyzCheck. -func (mr *MockManagerMockRecorder) AddReadyzCheck(arg0, arg1 interface{}) *gomock.Call { +func (mr *MockManagerMockRecorder) AddReadyzCheck(name, check any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddReadyzCheck", reflect.TypeOf((*MockManager)(nil).AddReadyzCheck), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddReadyzCheck", reflect.TypeOf((*MockManager)(nil).AddReadyzCheck), name, check) } // Elected mocks base method. @@ -188,10 +174,10 @@ func (mr *MockManagerMockRecorder) GetConfig() *gomock.Call { } // GetControllerOptions mocks base method. -func (m *MockManager) GetControllerOptions() v1alpha1.ControllerConfigurationSpec { +func (m *MockManager) GetControllerOptions() config.Controller { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetControllerOptions") - ret0, _ := ret[0].(v1alpha1.ControllerConfigurationSpec) + ret0, _ := ret[0].(config.Controller) return ret0 } @@ -202,17 +188,17 @@ func (mr *MockManagerMockRecorder) GetControllerOptions() *gomock.Call { } // GetEventRecorderFor mocks base method. -func (m *MockManager) GetEventRecorderFor(arg0 string) record.EventRecorder { +func (m *MockManager) GetEventRecorderFor(name string) record.EventRecorder { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetEventRecorderFor", arg0) + ret := m.ctrl.Call(m, "GetEventRecorderFor", name) ret0, _ := ret[0].(record.EventRecorder) return ret0 } // GetEventRecorderFor indicates an expected call of GetEventRecorderFor. -func (mr *MockManagerMockRecorder) GetEventRecorderFor(arg0 interface{}) *gomock.Call { +func (mr *MockManagerMockRecorder) GetEventRecorderFor(name any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetEventRecorderFor", reflect.TypeOf((*MockManager)(nil).GetEventRecorderFor), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetEventRecorderFor", reflect.TypeOf((*MockManager)(nil).GetEventRecorderFor), name) } // GetFieldIndexer mocks base method. @@ -229,6 +215,20 @@ func (mr *MockManagerMockRecorder) GetFieldIndexer() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetFieldIndexer", reflect.TypeOf((*MockManager)(nil).GetFieldIndexer)) } +// GetHTTPClient mocks base method. +func (m *MockManager) GetHTTPClient() *http.Client { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetHTTPClient") + ret0, _ := ret[0].(*http.Client) + return ret0 +} + +// GetHTTPClient indicates an expected call of GetHTTPClient. +func (mr *MockManagerMockRecorder) GetHTTPClient() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetHTTPClient", reflect.TypeOf((*MockManager)(nil).GetHTTPClient)) +} + // GetLogger mocks base method. func (m *MockManager) GetLogger() logr.Logger { m.ctrl.T.Helper() @@ -272,10 +272,10 @@ func (mr *MockManagerMockRecorder) GetScheme() *gomock.Call { } // GetWebhookServer mocks base method. -func (m *MockManager) GetWebhookServer() *webhook.Server { +func (m *MockManager) GetWebhookServer() webhook.Server { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetWebhookServer") - ret0, _ := ret[0].(*webhook.Server) + ret0, _ := ret[0].(webhook.Server) return ret0 } @@ -285,22 +285,45 @@ func (mr *MockManagerMockRecorder) GetWebhookServer() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetWebhookServer", reflect.TypeOf((*MockManager)(nil).GetWebhookServer)) } -// SetFields mocks base method. -func (m *MockManager) SetFields(arg0 interface{}) error { +// Start mocks base method. +func (m *MockManager) Start(ctx context.Context) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "SetFields", arg0) + ret := m.ctrl.Call(m, "Start", ctx) ret0, _ := ret[0].(error) return ret0 } -// SetFields indicates an expected call of SetFields. -func (mr *MockManagerMockRecorder) SetFields(arg0 interface{}) *gomock.Call { +// Start indicates an expected call of Start. +func (mr *MockManagerMockRecorder) Start(ctx any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetFields", reflect.TypeOf((*MockManager)(nil).SetFields), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockManager)(nil).Start), ctx) +} + +// MockRunnable is a mock of Runnable interface. +type MockRunnable struct { + ctrl *gomock.Controller + recorder *MockRunnableMockRecorder +} + +// MockRunnableMockRecorder is the mock recorder for MockRunnable. +type MockRunnableMockRecorder struct { + mock *MockRunnable +} + +// NewMockRunnable creates a new mock instance. +func NewMockRunnable(ctrl *gomock.Controller) *MockRunnable { + mock := &MockRunnable{ctrl: ctrl} + mock.recorder = &MockRunnableMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockRunnable) EXPECT() *MockRunnableMockRecorder { + return m.recorder } // Start mocks base method. -func (m *MockManager) Start(arg0 context.Context) error { +func (m *MockRunnable) Start(arg0 context.Context) error { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "Start", arg0) ret0, _ := ret[0].(error) @@ -308,7 +331,44 @@ func (m *MockManager) Start(arg0 context.Context) error { } // Start indicates an expected call of Start. -func (mr *MockManagerMockRecorder) Start(arg0 interface{}) *gomock.Call { +func (mr *MockRunnableMockRecorder) Start(arg0 any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockManager)(nil).Start), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockRunnable)(nil).Start), arg0) +} + +// MockLeaderElectionRunnable is a mock of LeaderElectionRunnable interface. +type MockLeaderElectionRunnable struct { + ctrl *gomock.Controller + recorder *MockLeaderElectionRunnableMockRecorder +} + +// MockLeaderElectionRunnableMockRecorder is the mock recorder for MockLeaderElectionRunnable. +type MockLeaderElectionRunnableMockRecorder struct { + mock *MockLeaderElectionRunnable } + +// NewMockLeaderElectionRunnable creates a new mock instance. +func NewMockLeaderElectionRunnable(ctrl *gomock.Controller) *MockLeaderElectionRunnable { + mock := &MockLeaderElectionRunnable{ctrl: ctrl} + mock.recorder = &MockLeaderElectionRunnableMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockLeaderElectionRunnable) EXPECT() *MockLeaderElectionRunnableMockRecorder { + return m.recorder +} + +// NeedLeaderElection mocks base method. +func (m *MockLeaderElectionRunnable) NeedLeaderElection() bool { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "NeedLeaderElection") + ret0, _ := ret[0].(bool) + return ret0 +} + +// NeedLeaderElection indicates an expected call of NeedLeaderElection. +func (mr *MockLeaderElectionRunnableMockRecorder) NeedLeaderElection() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NeedLeaderElection", reflect.TypeOf((*MockLeaderElectionRunnable)(nil).NeedLeaderElection)) +} \ No newline at end of file diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go index 350770574bc..57db78cae5c 100644 --- a/pkg/agent/agent.go +++ b/pkg/agent/agent.go @@ -606,12 +606,13 @@ func (i *Initializer) initOpenFlowPipeline() error { // happen that ovsBridgeClient's connection is not ready when ofClient completes flow replay. We retry it // with a timeout that is longer time than ovsBridgeClient's maximum connecting retry interval (8 seconds) // to ensure the flag can be removed successfully. - err = wait.PollImmediate(200*time.Millisecond, 10*time.Second, func() (done bool, err error) { - if err := i.FlowRestoreComplete(); err != nil { - return false, nil - } - return true, nil - }) + err = wait.PollUntilContextTimeout(context.TODO(), 200*time.Millisecond, 10*time.Second, true, + func(ctx context.Context) (done bool, err error) { + if err := i.FlowRestoreComplete(); err != nil { + return false, nil + } + return true, nil + }) // This shouldn't happen unless OVS is disconnected again after replaying flows. If it happens, we will try // to clean up the config again so an error log should be fine. if err != nil { @@ -639,21 +640,22 @@ func (i *Initializer) FlowRestoreComplete() error { } // "flow-restore-wait" is supposed to be true here. - err := wait.PollImmediate(200*time.Millisecond, 2*time.Second, func() (done bool, err error) { - flowRestoreWait, err := getFlowRestoreWait() - if err != nil { - return false, err - } - if !flowRestoreWait { - // If the log is seen and the config becomes true later, we should look at why "ovs-vsctl set --no-wait" - // doesn't take effect on ovsdb immediately. - klog.Warning("flow-restore-wait was not true before the delete call was made, will retry") - return false, nil - } - return true, nil - }) + err := wait.PollUntilContextTimeout(context.TODO(), 200*time.Millisecond, 2*time.Second, true, + func(ctx context.Context) (done bool, err error) { + flowRestoreWait, err := getFlowRestoreWait() + if err != nil { + return false, err + } + if !flowRestoreWait { + // If the log is seen and the config becomes true later, we should look at why "ovs-vsctl set --no-wait" + // doesn't take effect on ovsdb immediately. + klog.Warning("flow-restore-wait was not true before the delete call was made, will retry") + return false, nil + } + return true, nil + }) if err != nil { - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { // This could happen if the method is triggered by OVS disconnection event, in which OVS doesn't restart. klog.Info("flow-restore-wait was not true, skip cleaning it up") return nil @@ -913,24 +915,25 @@ func (i *Initializer) setTunnelCsum(tunnelPortName string, enable bool) error { // host gateway interface. func (i *Initializer) initK8sNodeLocalConfig(nodeName string) error { var node *v1.Node - if err := wait.PollImmediate(5*time.Second, getNodeTimeout, func() (bool, error) { - var err error - node, err = i.client.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{}) - if err != nil { - return false, fmt.Errorf("failed to get Node with name %s from K8s: %w", nodeName, err) - } + if err := wait.PollUntilContextTimeout(context.TODO(), 5*time.Second, getNodeTimeout, true, + func(ctx context.Context) (bool, error) { + var err error + node, err = i.client.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{}) + if err != nil { + return false, fmt.Errorf("failed to get Node with name %s from K8s: %w", nodeName, err) + } - // Except in networkPolicyOnly mode, we need a PodCIDR for the Node. - if !i.networkConfig.TrafficEncapMode.IsNetworkPolicyOnly() { - // Validate that PodCIDR has been configured. - if node.Spec.PodCIDRs == nil && node.Spec.PodCIDR == "" { - klog.InfoS("Waiting for Node PodCIDR configuration to complete", "nodeName", nodeName) - return false, nil + // Except in networkPolicyOnly mode, we need a PodCIDR for the Node. + if !i.networkConfig.TrafficEncapMode.IsNetworkPolicyOnly() { + // Validate that PodCIDR has been configured. + if node.Spec.PodCIDRs == nil && node.Spec.PodCIDR == "" { + klog.InfoS("Waiting for Node PodCIDR configuration to complete", "nodeName", nodeName) + return false, nil + } } - } - return true, nil - }); err != nil { - if err == wait.ErrWaitTimeout { + return true, nil + }); err != nil { + if wait.Interrupted(err) { klog.ErrorS(err, "Spec.PodCIDR is empty for Node. Please make sure --allocate-node-cidrs is enabled "+ "for kube-controller-manager and --cluster-cidr specifies a sufficient CIDR range, or nodeIPAM is "+ "enabled for antrea-controller", "nodeName", nodeName) @@ -1313,13 +1316,13 @@ func (i *Initializer) initNodeLocalConfig() error { func (i *Initializer) initVMLocalConfig(nodeName string) error { var en *v1alpha1.ExternalNode klog.InfoS("Initializing VM config", "ExternalNode", nodeName) - if err := wait.PollImmediateUntil(10*time.Second, func() (done bool, err error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(i.stopCh), 10*time.Second, true, func(ctx context.Context) (done bool, err error) { en, err = i.crdClient.CrdV1alpha1().ExternalNodes(i.externalNodeNamespace).Get(context.TODO(), nodeName, metav1.GetOptions{}) if err != nil { return false, nil } return true, nil - }, i.stopCh); err != nil { + }); err != nil { klog.Info("Stopped waiting for ExternalNode") return err } diff --git a/pkg/agent/agent_linux.go b/pkg/agent/agent_linux.go index cc150fa5f24..bc0b4fbeca9 100644 --- a/pkg/agent/agent_linux.go +++ b/pkg/agent/agent_linux.go @@ -18,6 +18,7 @@ package agent import ( + "context" "fmt" "net" "time" @@ -236,16 +237,17 @@ func (i *Initializer) ConnectUplinkToOVSBridge() error { // Move network configuration of uplink interface to OVS bridge local interface. // The net configuration of uplink will be restored by RestoreOVSBridge when shutting down. - wait.PollImmediate(100*time.Millisecond, 10000*time.Millisecond, func() (bool, error) { - // Wait a few seconds for OVS bridge local port. - link, err := netlink.LinkByName(uplinkName) - if err != nil { - klog.V(4).InfoS("OVS bridge local port is not ready", "port", uplinkName, "err", err) - return false, nil - } - klog.InfoS("OVS bridge local port is ready", "type", link.Type(), "attrs", link.Attrs()) - return true, nil - }) + wait.PollUntilContextTimeout(context.TODO(), 100*time.Millisecond, 10000*time.Millisecond, true, + func(ctx context.Context) (bool, error) { + // Wait a few seconds for OVS bridge local port. + link, err := netlink.LinkByName(uplinkName) + if err != nil { + klog.V(4).InfoS("OVS bridge local port is not ready", "port", uplinkName, "err", err) + return false, nil + } + klog.InfoS("OVS bridge local port is ready", "type", link.Type(), "attrs", link.Attrs()) + return true, nil + }) localLink, err := netlink.LinkByName(uplinkName) if err != nil { return err @@ -359,7 +361,7 @@ func (i *Initializer) prepareL7EngineInterfaces() error { if err != nil { return err } - if pollErr := wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { + if pollErr := wait.PollUntilContextTimeout(context.TODO(), time.Second, 5*time.Second, true, func(ctx context.Context) (bool, error) { _, _, err := util.SetLinkUp(portName) if err == nil { return true, nil diff --git a/pkg/agent/agent_test.go b/pkg/agent/agent_test.go index 27968c1f0da..9495c77593b 100644 --- a/pkg/agent/agent_test.go +++ b/pkg/agent/agent_test.go @@ -951,7 +951,7 @@ func TestInitVMLocalConfig(t *testing.T) { name: "provided external Node unavailable", nodeName: "testNode", crdClient: fakeversioned.NewSimpleClientset(), - expectedErr: "timed out waiting for the condition", + expectedErr: "context canceled", }, } diff --git a/pkg/agent/apiserver/apiserver.go b/pkg/agent/apiserver/apiserver.go index d07cb43823a..ab16057f9cb 100644 --- a/pkg/agent/apiserver/apiserver.go +++ b/pkg/agent/apiserver/apiserver.go @@ -26,6 +26,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/serializer" k8sversion "k8s.io/apimachinery/pkg/version" + genericopenapi "k8s.io/apiserver/pkg/endpoints/openapi" "k8s.io/apiserver/pkg/registry/rest" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/apiserver/pkg/server/healthz" @@ -45,7 +46,9 @@ import ( agentquerier "antrea.io/antrea/pkg/agent/querier" systeminstall "antrea.io/antrea/pkg/apis/system/install" systemv1beta1 "antrea.io/antrea/pkg/apis/system/v1beta1" + "antrea.io/antrea/pkg/apiserver" "antrea.io/antrea/pkg/apiserver/handlers/loglevel" + "antrea.io/antrea/pkg/apiserver/openapi" "antrea.io/antrea/pkg/apiserver/registry/system/supportbundle" "antrea.io/antrea/pkg/ovs/ovsctl" "antrea.io/antrea/pkg/querier" @@ -199,6 +202,9 @@ func newConfig(aq agentquerier.AgentQuerier, return fmt.Errorf("disconnected from OFSwitch") }) serverConfig.LivezChecks = append(serverConfig.LivezChecks, ovsConnCheck) + serverConfig.OpenAPIV3Config = genericapiserver.DefaultOpenAPIV3Config( + openapi.GetOpenAPIDefinitions, + genericopenapi.NewDefinitionNamer(apiserver.Scheme)) completedServerCfg := serverConfig.Complete(nil) return &completedServerCfg, nil diff --git a/pkg/agent/cniserver/interface_configuration_windows.go b/pkg/agent/cniserver/interface_configuration_windows.go index a083354369d..1c83c6a4032 100644 --- a/pkg/agent/cniserver/interface_configuration_windows.go +++ b/pkg/agent/cniserver/interface_configuration_windows.go @@ -18,6 +18,7 @@ package cniserver import ( + "context" "errors" "fmt" "net" @@ -505,27 +506,28 @@ func (ic *ifConfigurator) addPostInterfaceCreateHook(containerID, endpointName s go func() { ifaceName := fmt.Sprintf("vEthernet (%s)", endpointName) var err error - pollErr := wait.PollImmediate(100*time.Millisecond, 60*time.Second, func() (bool, error) { - containerAccess.lockContainer(containerID) - defer containerAccess.unlockContainer(containerID) - currentEP, ok := ic.getEndpoint(endpointName) - if !ok { - klog.InfoS("HNSEndpoint doesn't exist in cache, exit current goroutine", "HNSEndpoint", endpointName) + pollErr := wait.PollUntilContextTimeout(context.TODO(), 100*time.Millisecond, 60*time.Second, true, + func(ctx context.Context) (bool, error) { + containerAccess.lockContainer(containerID) + defer containerAccess.unlockContainer(containerID) + currentEP, ok := ic.getEndpoint(endpointName) + if !ok { + klog.InfoS("HNSEndpoint doesn't exist in cache, exit current goroutine", "HNSEndpoint", endpointName) + return true, nil + } + if currentEP.Id != expectedEP.Id { + klog.InfoS("Detected HNSEndpoint change, exit current goroutine", "HNSEndpoint", endpointName) + return true, nil + } + if !hostInterfaceExistsFunc(ifaceName) { + klog.V(2).InfoS("Waiting for interface to be created", "interface", ifaceName) + return false, nil + } + if err = hook(); err != nil { + return false, err + } return true, nil - } - if currentEP.Id != expectedEP.Id { - klog.InfoS("Detected HNSEndpoint change, exit current goroutine", "HNSEndpoint", endpointName) - return true, nil - } - if !hostInterfaceExistsFunc(ifaceName) { - klog.V(2).InfoS("Waiting for interface to be created", "interface", ifaceName) - return false, nil - } - if err = hook(); err != nil { - return false, err - } - return true, nil - }) + }) if pollErr != nil { if err != nil { diff --git a/pkg/agent/cniserver/ipam/antrea_ipam.go b/pkg/agent/cniserver/ipam/antrea_ipam.go index 3aa3cfc1298..7172df15aab 100644 --- a/pkg/agent/cniserver/ipam/antrea_ipam.go +++ b/pkg/agent/cniserver/ipam/antrea_ipam.go @@ -15,6 +15,7 @@ package ipam import ( + "context" "fmt" "net" "sync" @@ -353,7 +354,7 @@ func (d *AntreaIPAM) owns(k8sArgs *types.K8sArgs) (mineType, *poolallocator.IPPo } func (d *AntreaIPAM) waitForControllerReady() error { - err := wait.PollImmediate(500*time.Millisecond, 5*time.Second, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, 5*time.Second, true, func(ctx context.Context) (bool, error) { d.controllerMutex.RLock() defer d.controllerMutex.RUnlock() if d.controller == nil { diff --git a/pkg/agent/cniserver/ipam/antrea_ipam_test.go b/pkg/agent/cniserver/ipam/antrea_ipam_test.go index df517bce395..042a6dd0cf0 100644 --- a/pkg/agent/cniserver/ipam/antrea_ipam_test.go +++ b/pkg/agent/cniserver/ipam/antrea_ipam_test.go @@ -15,6 +15,7 @@ package ipam import ( + "context" "fmt" "regexp" "sync" @@ -376,7 +377,7 @@ func TestAntreaIPAMDriver(t *testing.T) { podNamespace := string(k8sArgsMap[test].K8S_POD_NAMESPACE) podName := string(k8sArgsMap[test].K8S_POD_NAME) - err = wait.Poll(time.Millisecond*200, time.Second, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*200, time.Second, false, func(ctx context.Context) (bool, error) { ipPool, _ := antreaIPAMController.ipPoolLister.Get(podNamespace) found := false for _, ipAddress := range ipPool.Status.IPAddresses { @@ -410,7 +411,7 @@ func TestAntreaIPAMDriver(t *testing.T) { podNamespace := string(k8sArgsMap[test].K8S_POD_NAMESPACE) podName := string(k8sArgsMap[test].K8S_POD_NAME) - err = wait.Poll(time.Millisecond*200, time.Second, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*200, time.Second, false, func(ctx context.Context) (bool, error) { ipPool, _ := antreaIPAMController.ipPoolLister.Get(podNamespace) found := false for _, ipAddress := range ipPool.Status.IPAddresses { @@ -492,14 +493,15 @@ func TestAntreaIPAMDriver(t *testing.T) { testDel("pear10", false) // Verify last update was propagated to informer - err = wait.PollImmediate(100*time.Millisecond, 1*time.Second, func() (bool, error) { - owns, err := testDriver.Check(cniArgsMap["orange2"], k8sArgsMap["orange2"], networkConfig) - if err != nil { - // container already relelased - return true, nil - } - return !owns, nil - }) + err = wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 1*time.Second, true, + func(ctx context.Context) (bool, error) { + owns, err := testDriver.Check(cniArgsMap["orange2"], k8sArgsMap["orange2"], networkConfig) + if err != nil { + // container already relelased + return true, nil + } + return !owns, nil + }) require.NoError(t, err, "orange2 pod was not released") @@ -575,7 +577,7 @@ func TestSecondaryNetworkAdd(t *testing.T) { }, }, }, - expectedRes: fmt.Errorf("Antrea IPAM driver not ready: timed out waiting for the condition"), + expectedRes: fmt.Errorf("Antrea IPAM driver not ready: context deadline exceeded"), }, { name: "Add secondary network successfully", diff --git a/pkg/agent/cniserver/server_windows_test.go b/pkg/agent/cniserver/server_windows_test.go index ba562bae762..0a3ffbf7c33 100644 --- a/pkg/agent/cniserver/server_windows_test.go +++ b/pkg/agent/cniserver/server_windows_test.go @@ -540,13 +540,14 @@ func TestCmdAdd(t *testing.T) { waiter.wait() // Wait for the completion of async function "setInterfaceMTUFunc", otherwise it may lead to the // race condition failure. - wait.PollImmediate(time.Millisecond*10, time.Second, func() (done bool, err error) { - mtuSet, exist := hostIfaces.Load(ovsPortName) - if !exist { - return false, nil - } - return mtuSet.(bool), nil - }) + wait.PollUntilContextTimeout(context.Background(), time.Millisecond*10, time.Second, true, + func(ctx context.Context) (done bool, err error) { + mtuSet, exist := hostIfaces.Load(ovsPortName) + if !exist { + return false, nil + } + return mtuSet.(bool), nil + }) } waiter.close() }) diff --git a/pkg/agent/controller/egress/egress_controller_test.go b/pkg/agent/controller/egress/egress_controller_test.go index 8c66a0f2a1b..7e91d2e53ca 100644 --- a/pkg/agent/controller/egress/egress_controller_test.go +++ b/pkg/agent/controller/egress/egress_controller_test.go @@ -30,7 +30,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes/fake" k8stesting "k8s.io/client-go/testing" @@ -1118,16 +1117,17 @@ func TestSyncEgress(t *testing.T) { if tt.newLocalIPs != nil { c.localIPDetector = &fakeLocalIPDetector{localIPs: tt.newLocalIPs} } - assert.NoError(t, wait.Poll(time.Millisecond*100, time.Second, func() (done bool, err error) { + assert.Eventually(t, func() bool { if tt.newExternalIPPool != nil { pool, _ := c.externalIPPoolLister.Get(tt.newExternalIPPool.Name) if !reflect.DeepEqual(pool, tt.newExternalIPPool) { - return false, nil + return false } } egress, _ := c.egressLister.Get(tt.newEgress.Name) - return reflect.DeepEqual(egress, tt.newEgress), nil - })) + return reflect.DeepEqual(egress, tt.newEgress) + }, time.Second, 100*time.Millisecond) + c.egressIPScheduler.schedule() err = c.syncEgress(tt.newEgress.Name) assert.NoError(t, err) @@ -1184,9 +1184,9 @@ func TestPodUpdateShouldSyncEgress(t *testing.T) { PodNamespace: "ns1", } c.podUpdateChannel.Notify(ev) - require.NoError(t, wait.PollImmediate(10*time.Millisecond, time.Second, func() (done bool, err error) { - return c.queue.Len() == 1, nil - })) + require.Eventually(t, func() bool { + return c.queue.Len() == 1 + }, time.Second, 10*time.Millisecond) item, _ = c.queue.Get() require.Equal(t, egress.Name, item) require.NoError(t, c.syncEgress(item.(string))) @@ -1216,9 +1216,9 @@ func TestExternalIPPoolUpdateShouldSyncEgress(t *testing.T) { c.informerFactory.WaitForCacheSync(stopCh) assertItemsInQueue := func(items ...string) { - require.NoError(t, wait.Poll(10*time.Millisecond, time.Second, func() (done bool, err error) { - return c.queue.Len() == len(items), nil - })) + require.Eventually(t, func() bool { + return c.queue.Len() == len(items) + }, time.Second, 10*time.Millisecond) expectedItems := sets.New[string](items...) for i := 0; i < len(items); i++ { item, _ := c.queue.Get() @@ -1325,10 +1325,10 @@ func TestSyncOverlappingEgress(t *testing.T) { c.mockOFClient.EXPECT().UninstallPodSNATFlows(uint32(1)) c.mockOFClient.EXPECT().UninstallPodSNATFlows(uint32(2)) c.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress1.Name, metav1.DeleteOptions{}) - assert.NoError(t, wait.Poll(time.Millisecond*100, time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, err := c.egressLister.Get(egress1.Name) - return err != nil, nil - })) + return err != nil + }, time.Second, time.Millisecond*100) checkQueueItemExistence(t, c.queue, egress1.Name) c.mockIPAssigner.EXPECT().UnassignIP(fakeLocalEgressIP1) err = c.syncEgress(egress1.Name) @@ -1352,10 +1352,10 @@ func TestSyncOverlappingEgress(t *testing.T) { c.mockOFClient.EXPECT().UninstallPodSNATFlows(uint32(3)) c.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress2.Name, metav1.DeleteOptions{}) c.mockIPAssigner.EXPECT().UnassignIP(fakeRemoteEgressIP1) - assert.NoError(t, wait.Poll(time.Millisecond*100, time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, err := c.egressLister.Get(egress2.Name) - return err != nil, nil - })) + return err != nil + }, time.Second, time.Millisecond*100) checkQueueItemExistence(t, c.queue, egress2.Name) err = c.syncEgress(egress2.Name) assert.NoError(t, err) @@ -1368,10 +1368,10 @@ func TestSyncOverlappingEgress(t *testing.T) { c.mockOFClient.EXPECT().UninstallPodSNATFlows(uint32(4)) c.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress3.Name, metav1.DeleteOptions{}) c.mockIPAssigner.EXPECT().UnassignIP(fakeLocalEgressIP1) - assert.NoError(t, wait.Poll(time.Millisecond*100, time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, err := c.egressLister.Get(egress3.Name) - return err != nil, nil - })) + return err != nil + }, time.Second, time.Millisecond*100) checkQueueItemExistence(t, c.queue, egress3.Name) err = c.syncEgress(egress3.Name) assert.NoError(t, err) diff --git a/pkg/agent/controller/l7flowexporter/l7_flow_export_controller_test.go b/pkg/agent/controller/l7flowexporter/l7_flow_export_controller_test.go index 27429df4a0a..5f400e7b1a2 100644 --- a/pkg/agent/controller/l7flowexporter/l7_flow_export_controller_test.go +++ b/pkg/agent/controller/l7flowexporter/l7_flow_export_controller_test.go @@ -28,7 +28,6 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/informers" coreinformers "k8s.io/client-go/informers/core/v1" "k8s.io/client-go/kubernetes/fake" @@ -159,9 +158,9 @@ func newPodInterface(podName, podNamespace string, ofPort int32) *interfacestore } func waitEvents(t *testing.T, expectedEvents int, c *fakeController) { - require.NoError(t, wait.Poll(10*time.Millisecond, 5*time.Second, func() (done bool, err error) { - return c.queue.Len() == expectedEvents, nil - })) + require.Eventually(t, func() bool { + return c.queue.Len() == expectedEvents + }, 5*time.Second, 10*time.Millisecond) } func TestPodAdd(t *testing.T) { diff --git a/pkg/agent/controller/networkpolicy/allocator_test.go b/pkg/agent/controller/networkpolicy/allocator_test.go index 15b12033718..8bed6634ca0 100644 --- a/pkg/agent/controller/networkpolicy/allocator_test.go +++ b/pkg/agent/controller/networkpolicy/allocator_test.go @@ -15,6 +15,7 @@ package networkpolicy import ( + "context" "fmt" "testing" "time" @@ -234,7 +235,7 @@ func TestIdAllocatorWorker(t *testing.T) { fakeClock.SetTime(expectedDeleteTime.Add(-10 * time.Millisecond)) // We wait for a small duration and ensure that the rule is not deleted. - err := wait.PollImmediate(10*time.Millisecond, 100*time.Millisecond, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 100*time.Millisecond, true, func(ctx context.Context) (bool, error) { return ruleHasBeenDeleted(), nil }) require.Error(t, err, "Rule ID was unexpectedly released") @@ -244,9 +245,10 @@ func TestIdAllocatorWorker(t *testing.T) { fakeClock.SetTime(expectedDeleteTime.Add(10 * time.Millisecond)) - err = wait.PollImmediate(10*time.Millisecond, 1*time.Second, func() (bool, error) { - return ruleHasBeenDeleted(), nil - }) + err = wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 1*time.Second, true, + func(ctx context.Context) (bool, error) { + return ruleHasBeenDeleted(), nil + }) require.NoError(t, err, "Rule ID was not released") _, exists, err = a.getRuleFromAsyncCache(tt.expectedID) require.NoError(t, err) diff --git a/pkg/agent/controller/networkpolicy/l7engine/reconciler.go b/pkg/agent/controller/networkpolicy/l7engine/reconciler.go index 1eb6b132f03..4d489199fdd 100644 --- a/pkg/agent/controller/networkpolicy/l7engine/reconciler.go +++ b/pkg/agent/controller/networkpolicy/l7engine/reconciler.go @@ -16,6 +16,7 @@ package l7engine import ( "bytes" + "context" "encoding/json" "fmt" "os" @@ -494,7 +495,7 @@ func (r *Reconciler) startSuricata() { r.startSuricataFn() // Wait Suricata command socket file to be ready. - err = wait.PollImmediate(100*time.Millisecond, 5*time.Second, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.TODO(), 100*time.Millisecond, 5*time.Second, true, func(ctx context.Context) (bool, error) { if _, err = defaultFS.Stat(suricataCommandSocket); err != nil { return false, nil } diff --git a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go index 5565dad1f2a..c4f22e5d8a7 100644 --- a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go +++ b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go @@ -594,7 +594,7 @@ func (c *Controller) SetDenyConnStore(denyConnStore *connections.DenyConnectionS // Run will not return until stopCh is closed. func (c *Controller) Run(stopCh <-chan struct{}) { attempts := 0 - if err := wait.PollImmediateUntil(200*time.Millisecond, func() (bool, error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), 200*time.Millisecond, true, func(ctx context.Context) (bool, error) { if attempts%10 == 0 { klog.Info("Waiting for Antrea client to be ready") } @@ -603,7 +603,7 @@ func (c *Controller) Run(stopCh <-chan struct{}) { return false, nil } return true, nil - }, stopCh); err != nil { + }); err != nil { klog.Info("Stopped waiting for Antrea client") return } diff --git a/pkg/agent/controller/networkpolicy/status_controller_test.go b/pkg/agent/controller/networkpolicy/status_controller_test.go index 2aa778edd7f..6e06d915549 100644 --- a/pkg/agent/controller/networkpolicy/status_controller_test.go +++ b/pkg/agent/controller/networkpolicy/status_controller_test.go @@ -15,6 +15,7 @@ package networkpolicy import ( + "context" "fmt" "sync" "testing" @@ -138,13 +139,14 @@ func TestSyncStatusUpForUpdatedPolicy(t *testing.T) { statusController.SetRuleRealization(rule1.ID, policy.UID) matchGeneration := func(generation int64) error { - return wait.PollImmediate(100*time.Millisecond, 1*time.Second, func() (done bool, err error) { - status := statusControl.getNetworkPolicyStatus() - if status == nil { - return false, nil - } - return status.Nodes[0].Generation == generation, nil - }) + return wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 1*time.Second, true, + func(ctx context.Context) (done bool, err error) { + status := statusControl.getNetworkPolicyStatus() + if status == nil { + return false, nil + } + return status.Nodes[0].Generation == generation, nil + }) } assert.NoError(t, matchGeneration(policy.Generation), "The generation should be updated to %v but was not updated", policy.Generation) diff --git a/pkg/agent/controller/traceflow/packetin.go b/pkg/agent/controller/traceflow/packetin.go index c60ec7b639b..f67b8fdac3d 100644 --- a/pkg/agent/controller/traceflow/packetin.go +++ b/pkg/agent/controller/traceflow/packetin.go @@ -28,7 +28,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "k8s.io/klog/v2" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/openflow" crdv1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" @@ -477,7 +477,7 @@ func parseCapturedPacket(pktIn *ofctrl.PacketIn) *crdv1beta1.Packet { capturedPacket.IPHeader = &crdv1beta1.IPHeader{Protocol: int32(pkt.IPProto), TTL: int32(pkt.TTL), Flags: int32(pkt.IPFlags)} } if pkt.IPProto == protocol.Type_TCP { - capturedPacket.TransportHeader.TCP = &crdv1beta1.TCPHeader{SrcPort: int32(pkt.SourcePort), DstPort: int32(pkt.DestinationPort), Flags: pointer.Int32(int32(pkt.TCPFlags))} + capturedPacket.TransportHeader.TCP = &crdv1beta1.TCPHeader{SrcPort: int32(pkt.SourcePort), DstPort: int32(pkt.DestinationPort), Flags: ptr.To(int32(pkt.TCPFlags))} } else if pkt.IPProto == protocol.Type_UDP { capturedPacket.TransportHeader.UDP = &crdv1beta1.UDPHeader{SrcPort: int32(pkt.SourcePort), DstPort: int32(pkt.DestinationPort)} } else if pkt.IPProto == protocol.Type_ICMP || pkt.IPProto == protocol.Type_IPv6ICMP { diff --git a/pkg/agent/controller/traceflow/packetin_test.go b/pkg/agent/controller/traceflow/packetin_test.go index 9cf6748da13..bd6e97d30dc 100644 --- a/pkg/agent/controller/traceflow/packetin_test.go +++ b/pkg/agent/controller/traceflow/packetin_test.go @@ -28,7 +28,7 @@ import ( "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/config" "antrea.io/antrea/pkg/agent/openflow" @@ -145,7 +145,7 @@ func TestParseCapturedPacket(t *testing.T) { SrcIP: tcpPktIn.NWSrc.String(), DstIP: tcpPktIn.NWDst.String(), Length: int32(tcpPktIn.Length), IPHeader: &crdv1beta1.IPHeader{Protocol: int32(tcpPktIn.Protocol), TTL: int32(tcpPktIn.TTL), Flags: int32(tcpPktIn.Flags)}, TransportHeader: crdv1beta1.TransportHeader{ - TCP: &crdv1beta1.TCPHeader{SrcPort: int32(tcp.PortSrc), DstPort: int32(tcp.PortDst), Flags: pointer.Int32(int32(tcp.Code))}, + TCP: &crdv1beta1.TCPHeader{SrcPort: int32(tcp.PortSrc), DstPort: int32(tcp.PortDst), Flags: ptr.To(int32(tcp.Code))}, }, } diff --git a/pkg/agent/controller/traceflow/traceflow_controller_test.go b/pkg/agent/controller/traceflow/traceflow_controller_test.go index f82afe0132e..7e9dd211736 100644 --- a/pkg/agent/controller/traceflow/traceflow_controller_test.go +++ b/pkg/agent/controller/traceflow/traceflow_controller_test.go @@ -31,7 +31,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/util/workqueue" "k8s.io/klog/v2" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/config" "antrea.io/antrea/pkg/agent/interfacestore" @@ -227,7 +227,7 @@ func TestPreparePacket(t *testing.T) { TCP: &crdv1beta1.TCPHeader{ SrcPort: 80, DstPort: 81, - Flags: pointer.Int32(11), + Flags: ptr.To[int32](11), }, }, }, diff --git a/pkg/agent/controller/trafficcontrol/controller.go b/pkg/agent/controller/trafficcontrol/controller.go index e084b0e162f..745c173be4e 100644 --- a/pkg/agent/controller/trafficcontrol/controller.go +++ b/pkg/agent/controller/trafficcontrol/controller.go @@ -15,6 +15,7 @@ package trafficcontrol import ( + "context" "crypto/sha1" // #nosec G505: not used for security purposes "encoding/binary" "encoding/hex" @@ -589,16 +590,17 @@ func (c *Controller) createOVSInternalPort(portName string) (string, error) { if err != nil { return "", err } - if pollErr := wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { - _, _, err := util.SetLinkUp(portName) - if err == nil { - return true, nil - } - if _, ok := err.(util.LinkNotFound); ok { - return false, nil - } - return false, err - }); pollErr != nil { + if pollErr := wait.PollUntilContextTimeout(context.TODO(), time.Second, 5*time.Second, true, + func(ctx context.Context) (bool, error) { + _, _, err := util.SetLinkUp(portName) + if err == nil { + return true, nil + } + if _, ok := err.(util.LinkNotFound); ok { + return false, nil + } + return false, err + }); pollErr != nil { return "", pollErr } return portUUID, nil diff --git a/pkg/agent/controller/trafficcontrol/controller_test.go b/pkg/agent/controller/trafficcontrol/controller_test.go index 0c5e67bbe1a..84c77b7ddb6 100644 --- a/pkg/agent/controller/trafficcontrol/controller_test.go +++ b/pkg/agent/controller/trafficcontrol/controller_test.go @@ -28,7 +28,6 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/informers" coreinformers "k8s.io/client-go/informers/core/v1" "k8s.io/client-go/kubernetes/fake" @@ -288,9 +287,9 @@ func generateTrafficControlState(direction v1alpha2.Direction, } func waitEvents(t *testing.T, expectedEvents int, c *fakeController) { - require.NoError(t, wait.Poll(10*time.Millisecond, 5*time.Second, func() (done bool, err error) { - return c.queue.Len() == expectedEvents, nil - })) + require.Eventually(t, func() bool { + return c.queue.Len() == expectedEvents + }, 5*time.Second, 10*time.Millisecond) } func TestTrafficControlAdd(t *testing.T) { diff --git a/pkg/agent/externalnode/external_node_controller.go b/pkg/agent/externalnode/external_node_controller.go index ae28d103c84..559e9bbfcd6 100644 --- a/pkg/agent/externalnode/external_node_controller.go +++ b/pkg/agent/externalnode/external_node_controller.go @@ -15,6 +15,7 @@ package externalnode import ( + "context" "fmt" "net" "reflect" @@ -126,13 +127,13 @@ func (c *ExternalNodeController) Run(stopCh <-chan struct{}) { klog.InfoS("Starting controller", "name", controllerName) defer klog.InfoS("Shutting down controller", "name", controllerName) - if err := wait.PollImmediateUntil(5*time.Second, func() (done bool, err error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), 5*time.Second, true, func(ctx context.Context) (done bool, err error) { if err = c.reconcile(); err != nil { klog.ErrorS(err, "ExternalNodeController failed during reconciliation") return false, nil } return true, nil - }, stopCh); err != nil { + }); err != nil { klog.Info("Stopped ExternalNodeController reconciliation") return } @@ -600,7 +601,7 @@ func (c *ExternalNodeController) removeOVSPortsAndFlows(interfaceConfig *interfa }() // Wait until the host interface created by OVS is removed. - if err = wait.PollImmediate(50*time.Millisecond, 2*time.Second, func() (bool, error) { + if err = wait.PollUntilContextTimeout(context.TODO(), 50*time.Millisecond, 2*time.Second, true, func(ctx context.Context) (bool, error) { return !hostInterfaceExists(hostIFName), nil }); err != nil { return fmt.Errorf("failed to wait for host interface %s deletion in 2s, err %v", hostIFName, err) diff --git a/pkg/agent/multicast/mcast_controller_test.go b/pkg/agent/multicast/mcast_controller_test.go index a322a657a58..2956e6d1ea7 100644 --- a/pkg/agent/multicast/mcast_controller_test.go +++ b/pkg/agent/multicast/mcast_controller_test.go @@ -831,7 +831,7 @@ func TestEncapLocalReportAndNotifyRemote(t *testing.T) { mockController.addOrUpdateGroupEvent(tc.e) if tc.groupChanged { - err := wait.PollImmediate(time.Millisecond*100, time.Second*3, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Millisecond*100, time.Second*3, true, func(ctx context.Context) (done bool, err error) { if tc.e.eType == groupJoin { return mockController.localGroupHasInstalled(groupKey) && mockController.groupHasInstalled(groupKey), nil } else { diff --git a/pkg/agent/multicluster/pod_route_controller_test.go b/pkg/agent/multicluster/pod_route_controller_test.go index ca76f6209ea..41dcf74dfed 100644 --- a/pkg/agent/multicluster/pod_route_controller_test.go +++ b/pkg/agent/multicluster/pod_route_controller_test.go @@ -319,7 +319,7 @@ func TestPodEvent(t *testing.T) { } func waitForGatewayRealized(gwLister mclisters.GatewayLister, gateway *mcv1alpha1.Gateway) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { _, err := gwLister.Gateways(gateway.Namespace).Get(gateway.Name) if err != nil { return false, nil @@ -329,7 +329,7 @@ func waitForGatewayRealized(gwLister mclisters.GatewayLister, gateway *mcv1alpha } func waitForPodIPUpdate(podLister v1.PodLister, pod *corev1.Pod) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { getPod, err := podLister.Pods(pod.Namespace).Get(pod.Name) if err != nil || pod.Status.PodIP != getPod.Status.PodIP || pod.Status.HostIP != getPod.Status.HostIP { return false, nil diff --git a/pkg/agent/multicluster/stretched_networkpolicy_controller.go b/pkg/agent/multicluster/stretched_networkpolicy_controller.go index 560ece18a61..8b455d64389 100644 --- a/pkg/agent/multicluster/stretched_networkpolicy_controller.go +++ b/pkg/agent/multicluster/stretched_networkpolicy_controller.go @@ -184,7 +184,7 @@ func (s *StretchedNetworkPolicyController) processNextWorkItem() bool { if podRef, ok := obj.(types.NamespacedName); !ok { s.queue.Forget(obj) - klog.Errorf("Expected type 'NamespacedName' in work queue but got object", "object", obj) + klog.ErrorS(nil, "Expected type 'NamespacedName' in work queue but got object", "object", obj) } else if err := s.syncPodClassifierFlow(podRef); err == nil { s.queue.Forget(podRef) } else { diff --git a/pkg/agent/multicluster/stretched_networkpolicy_controller_test.go b/pkg/agent/multicluster/stretched_networkpolicy_controller_test.go index f00d4a0beac..6d6fb65824b 100644 --- a/pkg/agent/multicluster/stretched_networkpolicy_controller_test.go +++ b/pkg/agent/multicluster/stretched_networkpolicy_controller_test.go @@ -558,7 +558,7 @@ func toPodAddEvent(pod *corev1.Pod) antreatypes.PodUpdate { } func waitForPodRealized(podLister v1.PodLister, pod *corev1.Pod) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { _, err := podLister.Pods(pod.Namespace).Get(pod.Name) if err != nil { return false, nil @@ -568,7 +568,7 @@ func waitForPodRealized(podLister v1.PodLister, pod *corev1.Pod) error { } func waitForPodLabelUpdate(podLister v1.PodLister, pod *corev1.Pod) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { getPod, err := podLister.Pods(pod.Namespace).Get(pod.Name) if err != nil || !reflect.DeepEqual(pod.Labels, getPod.Labels) { return false, nil @@ -578,7 +578,7 @@ func waitForPodLabelUpdate(podLister v1.PodLister, pod *corev1.Pod) error { } func waitForNSRealized(c *fakeStretchedNetworkPolicyController, ns *corev1.Namespace) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { _, err := c.namespaceLister.Get(ns.Name) if err != nil { return false, nil @@ -588,7 +588,7 @@ func waitForNSRealized(c *fakeStretchedNetworkPolicyController, ns *corev1.Names } func waitForLabelIdentityRealized(c *fakeStretchedNetworkPolicyController, labelIdentity *v1alpha1.LabelIdentity) error { - return wait.Poll(interval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), interval, timeout, false, func(ctx context.Context) (bool, error) { _, err := c.labelIdentityLister.Get(labelIdentity.Name) if err != nil { return false, nil diff --git a/pkg/agent/nodeportlocal/npl_agent_test.go b/pkg/agent/nodeportlocal/npl_agent_test.go index 6d9e91ab946..a3bcdb43b86 100644 --- a/pkg/agent/nodeportlocal/npl_agent_test.go +++ b/pkg/agent/nodeportlocal/npl_agent_test.go @@ -310,7 +310,7 @@ func (t *testData) pollForPodAnnotation(podName string, found bool) ([]types.NPL var exists bool // do not use PollImmediate: 1 second is reserved for the controller to do his job and // update Pod NPL annotations as needed. - err := wait.Poll(time.Second, 20*time.Second, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, 20*time.Second, false, func(ctx context.Context) (bool, error) { updatedPod, err := t.k8sClient.CoreV1().Pods(defaultNS).Get(context.TODO(), podName, metav1.GetOptions{}) require.NoError(t, err, "Failed to get Pod") annotation := updatedPod.GetAnnotations() @@ -489,7 +489,7 @@ func TestPodDelete(t *testing.T) { require.NoError(t, err, "Pod deletion failed") t.Logf("Successfully deleted Pod: %s", testPod.Name) - err = wait.Poll(time.Second, 20*time.Second, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Second, 20*time.Second, false, func(ctx context.Context) (bool, error) { return !testData.portTable.RuleExists(defaultPodIP, defaultPort, protocolTCP), nil }) assert.NoError(t, err, "Error when polling for port table update") diff --git a/pkg/agent/proxy/proxier_test.go b/pkg/agent/proxy/proxier_test.go index 81065124f87..4ee213d00a5 100644 --- a/pkg/agent/proxy/proxier_test.go +++ b/pkg/agent/proxy/proxier_test.go @@ -36,7 +36,7 @@ import ( featuregatetesting "k8s.io/component-base/featuregate/testing" "k8s.io/component-base/metrics/legacyregistry" "k8s.io/component-base/metrics/testutil" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" mccommon "antrea.io/antrea/multicluster/controllers/multicluster/common" agentconfig "antrea.io/antrea/pkg/agent/config" @@ -1080,9 +1080,9 @@ func TestLoadBalancerServiceWithMultiplePorts(t *testing.T) { endpoint1Address, }, Conditions: discovery.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, NodeName: &endpoint1NodeName, }, @@ -1091,9 +1091,9 @@ func TestLoadBalancerServiceWithMultiplePorts(t *testing.T) { endpoint2Address, }, Conditions: discovery.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, NodeName: &endpoint2NodeName, }, diff --git a/pkg/agent/proxy/topology.go b/pkg/agent/proxy/topology.go index 4589c1d727f..7460082c201 100644 --- a/pkg/agent/proxy/topology.go +++ b/pkg/agent/proxy/topology.go @@ -127,7 +127,7 @@ func (p *proxier) canUseTopology(endpoints map[string]k8sproxy.Endpoint, svcInfo hintsAnnotation := svcInfo.HintsAnnotation() if hintsAnnotation != "Auto" && hintsAnnotation != "auto" { if hintsAnnotation != "" && hintsAnnotation != "Disabled" && hintsAnnotation != "disabled" { - klog.InfoS("Skipping topology aware Endpoint filtering since Service has unexpected value", "annotationTopologyAwareHints", v1.AnnotationTopologyAwareHints, "hints", hintsAnnotation) + klog.InfoS("Skipping topology aware Endpoint filtering since Service has unexpected value", "annotationTopologyAwareHints", v1.DeprecatedAnnotationTopologyAwareHints, "hints", hintsAnnotation) } return false } diff --git a/pkg/agent/secondarynetwork/podwatch/controller_test.go b/pkg/agent/secondarynetwork/podwatch/controller_test.go index feb1b61154a..41e14eef512 100644 --- a/pkg/agent/secondarynetwork/podwatch/controller_test.go +++ b/pkg/agent/secondarynetwork/podwatch/controller_test.go @@ -39,7 +39,6 @@ import ( "go.uber.org/mock/gomock" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/util/workqueue" @@ -280,9 +279,9 @@ func TestPodControllerRun(t *testing.T) { require.NoError(t, err, "error when creating test Pod") // Wait for ConfigureSriovSecondaryInterface is called. - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { - return atomic.LoadInt32(&interfaceConfigured) == 1, nil - })) + assert.Eventually(t, func() bool { + return atomic.LoadInt32(&interfaceConfigured) == 1 + }, 1*time.Second, 10*time.Millisecond) _, exists := podController.vfDeviceIDUsageMap.Load(podKey) assert.True(t, exists) @@ -306,9 +305,9 @@ func TestPodControllerRun(t *testing.T) { // Since interface is not saved to the interface store, interface creation should be // triggered again. podController.processCNIUpdate(event) - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { - return atomic.LoadInt32(&interfaceConfigured) == 2, nil - })) + assert.Eventually(t, func() bool { + return atomic.LoadInt32(&interfaceConfigured) == 2 + }, 1*time.Second, 10*time.Millisecond) interfaceConfigurator.EXPECT().DeleteSriovSecondaryInterface(containerConfig). Do(func(*interfacestore.InterfaceConfig) { @@ -318,9 +317,9 @@ func TestPodControllerRun(t *testing.T) { require.NoError(t, client.CoreV1().Pods(testNamespace).Delete(context.Background(), podName, metav1.DeleteOptions{}), "error when deleting test Pod") - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { - return atomic.LoadInt32(&interfaceConfigured) == 1, nil - })) + assert.Eventually(t, func() bool { + return atomic.LoadInt32(&interfaceConfigured) == 1 + }, 1*time.Second, 10*time.Millisecond) _, exists = podController.vfDeviceIDUsageMap.Load(podKey) assert.False(t, exists) @@ -336,9 +335,9 @@ func TestPodControllerRun(t *testing.T) { podController.processCNIUpdate(event) _, exists = cniCache.Load(podKey) assert.False(t, exists) - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { - return atomic.LoadInt32(&interfaceConfigured) == 0, nil - })) + assert.Eventually(t, func() bool { + return atomic.LoadInt32(&interfaceConfigured) == 0 + }, 1*time.Second, 10*time.Millisecond) interfaceStore.DeleteInterface(containerConfig) podController.processCNIUpdate(event) @@ -593,18 +592,18 @@ func TestPodControllerAddPod(t *testing.T) { _, err := pc.kubeClient.CoreV1().Pods(testNamespace).Create(context.Background(), pod, metav1.CreateOptions{}) require.NoError(t, err, "error when creating test Pod") - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, ok, err := pc.podInformer.GetIndexer().GetByKey(podKey) - return ok, err - })) + return ok == true && err == nil + }, 1*time.Second, 10*time.Millisecond) } deletePodFn := func(pc *podController, podName string) { require.NoError(t, pc.kubeClient.CoreV1().Pods(testNamespace).Delete(context.Background(), podName, metav1.DeleteOptions{}), "error when deleting test Pod") - assert.NoError(t, wait.Poll(10*time.Millisecond, 1*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, ok, err := pc.podInformer.GetIndexer().GetByKey(podKey) - return !ok, err - })) + return !ok && err == nil + }, 1*time.Second, 10*time.Millisecond) } t.Run("multiple network interfaces", func(t *testing.T) { diff --git a/pkg/agent/util/iptables/lock.go b/pkg/agent/util/iptables/lock.go index 3b17e5bef66..1b8e890ca93 100644 --- a/pkg/agent/util/iptables/lock.go +++ b/pkg/agent/util/iptables/lock.go @@ -18,6 +18,7 @@ package iptables import ( + "context" "fmt" "os" "time" @@ -40,12 +41,13 @@ func Lock(lockFilePath string, timeout time.Duration) (func() error, error) { } // Check whether the lock is available every 200ms. - if err := wait.PollImmediate(waitIntervalMicroSeconds*time.Microsecond, timeout, func() (bool, error) { - if err := unix.Flock(int(lockFile.Fd()), unix.LOCK_EX|unix.LOCK_NB); err != nil { - return false, nil - } - return true, nil - }); err != nil { + if err := wait.PollUntilContextTimeout(context.TODO(), waitIntervalMicroSeconds*time.Microsecond, timeout, true, + func(ctx context.Context) (bool, error) { + if err := unix.Flock(int(lockFile.Fd()), unix.LOCK_EX|unix.LOCK_NB); err != nil { + return false, nil + } + return true, nil + }); err != nil { lockFile.Close() return nil, fmt.Errorf("error acquiring xtables lock: %v", err) } diff --git a/pkg/agent/util/net_linux.go b/pkg/agent/util/net_linux.go index db1c5d8de8a..301691fb717 100644 --- a/pkg/agent/util/net_linux.go +++ b/pkg/agent/util/net_linux.go @@ -18,6 +18,7 @@ package util import ( + "context" "fmt" "net" "os" @@ -276,14 +277,15 @@ func GetInterfaceConfig(ifName string) (*net.Interface, []*net.IPNet, []interfac func RenameInterface(from, to string) error { klog.InfoS("Renaming interface", "oldName", from, "newName", to) var renameErr error - pollErr := wait.Poll(time.Millisecond*100, time.Second, func() (done bool, err error) { - renameErr = renameHostInterface(from, to) - if renameErr != nil { - klog.InfoS("Unable to rename host interface name with error, retrying", "oldName", from, "newName", to, "err", renameErr) - return false, nil - } - return true, nil - }) + pollErr := wait.PollUntilContextTimeout(context.TODO(), time.Millisecond*100, time.Second, false, + func(ctx context.Context) (done bool, err error) { + renameErr = renameHostInterface(from, to) + if renameErr != nil { + klog.InfoS("Unable to rename host interface name with error, retrying", "oldName", from, "newName", to, "err", renameErr) + return false, nil + } + return true, nil + }) if pollErr != nil { return fmt.Errorf("failed to rename host interface name %s to %s", from, to) } diff --git a/pkg/agent/util/net_windows.go b/pkg/agent/util/net_windows.go index 1848c2e9ac4..dc57c0a2dbf 100644 --- a/pkg/agent/util/net_windows.go +++ b/pkg/agent/util/net_windows.go @@ -20,6 +20,7 @@ package util import ( "bufio" "bytes" + "context" "encoding/json" "errors" "fmt" @@ -180,7 +181,7 @@ func EnableHostInterface(ifaceName string) error { // Enable-NetAdapter is not a blocking operation based on our testing. // It returns immediately no matter whether the interface has been enabled or not. // So we need to check the interface status to ensure it is up before returning. - if err := wait.PollImmediate(commandRetryInterval, commandRetryTimeout, func() (done bool, err error) { + if err := wait.PollUntilContextTimeout(context.TODO(), commandRetryInterval, commandRetryTimeout, true, func(ctx context.Context) (done bool, err error) { if _, err := runCommand(cmd); err != nil { klog.Errorf("Failed to run command %s: %v", cmd, err) return false, nil @@ -468,7 +469,7 @@ func PrepareHNSNetwork(subnetCIDR *net.IPNet, nodeIPNet *net.IPNet, uplinkAdapte var ipFound bool // On the current Windows testbed, it takes a maximum of 1.8 seconds to obtain a valid IP. // Therefore, we set the timeout limit to triple of that value, allowing a maximum wait of 6 seconds here. - err = wait.PollImmediate(1*time.Second, 6*time.Second, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 6*time.Second, true, func(ctx context.Context) (bool, error) { var checkErr error adapter, ipFound, checkErr = adapterIPExists(nodeIPNet.IP, uplinkAdapter.HardwareAddr, ContainerVNICPrefix) if checkErr != nil { @@ -477,7 +478,7 @@ func PrepareHNSNetwork(subnetCIDR *net.IPNet, nodeIPNet *net.IPNet, uplinkAdapte return ipFound, nil }) if err != nil { - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { dhcpStatus, err := InterfaceIPv4DhcpEnabled(uplinkAdapter.Name) if err != nil { klog.ErrorS(err, "Failed to get IPv4 DHCP status on the network adapter", "adapter", uplinkAdapter.Name) @@ -1015,7 +1016,7 @@ func GetInterfaceConfig(ifName string) (*net.Interface, []*net.IPNet, []interfac func RenameInterface(from, to string) error { var renameErr error - pollErr := wait.Poll(time.Millisecond*100, time.Second, func() (done bool, err error) { + pollErr := wait.PollUntilContextTimeout(context.TODO(), time.Millisecond*100, time.Second, false, func(ctx context.Context) (done bool, err error) { renameErr = renameHostInterface(from, to) if renameErr != nil { klog.ErrorS(renameErr, "Failed to rename adapter, retrying") diff --git a/pkg/antctl/raw/multicluster/common/common.go b/pkg/antctl/raw/multicluster/common/common.go index 90ad241b770..b3be75559e3 100644 --- a/pkg/antctl/raw/multicluster/common/common.go +++ b/pkg/antctl/raw/multicluster/common/common.go @@ -328,10 +328,11 @@ func DeleteMemberToken(cmd *cobra.Command, k8sClient client.Client, name string, } func waitForSecretReady(client client.Client, secretName string, namespace string) error { - return wait.PollImmediate( + return wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 5*time.Second, - func() (bool, error) { + true, + func(ctx context.Context) (bool, error) { secret := &corev1.Secret{} if err := client.Get(context.TODO(), types.NamespacedName{Name: secretName, Namespace: namespace}, secret); err != nil { if apierrors.IsNotFound(err) { diff --git a/pkg/antctl/raw/multicluster/join.go b/pkg/antctl/raw/multicluster/join.go index cc1dfb90f47..bff278a97fe 100644 --- a/pkg/antctl/raw/multicluster/join.go +++ b/pkg/antctl/raw/multicluster/join.go @@ -276,10 +276,11 @@ func waitForMemberClusterReady(cmd *cobra.Command, k8sClient client.Client) erro } func waitForClusterSetReady(client client.Client, name string, namespace string, clusterID string) error { - return wait.PollImmediate( + return wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 1*time.Minute, - func() (bool, error) { + true, + func(ctx context.Context) (bool, error) { clusterSet := &mcv1alpha2.ClusterSet{} if err := client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, clusterSet); err != nil { if apierrors.IsNotFound(err) { diff --git a/pkg/antctl/raw/traceflow/command.go b/pkg/antctl/raw/traceflow/command.go index 1893835e00f..3dcc6c93497 100644 --- a/pkg/antctl/raw/traceflow/command.go +++ b/pkg/antctl/raw/traceflow/command.go @@ -184,7 +184,7 @@ func runE(cmd *cobra.Command, _ []string) error { } var res *v1beta1.Traceflow - err = wait.Poll(1*time.Second, option.timeout, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, option.timeout, false, func(ctx context.Context) (bool, error) { res, err = client.CrdV1beta1().Traceflows().Get(context.TODO(), tf.Name, metav1.GetOptions{}) if err != nil { return false, err @@ -194,7 +194,7 @@ func runE(cmd *cobra.Command, _ []string) error { } return true, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { err = errors.New("timeout waiting for Traceflow done") // Still output the Traceflow results if any. if res == nil { diff --git a/pkg/antctl/transform/networkpolicy/response_test.go b/pkg/antctl/transform/networkpolicy/response_test.go index 728185000da..3720f366c55 100644 --- a/pkg/antctl/transform/networkpolicy/response_test.go +++ b/pkg/antctl/transform/networkpolicy/response_test.go @@ -20,7 +20,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" cpv1beta "antrea.io/antrea/pkg/apis/controlplane/v1beta2" ) @@ -35,8 +35,8 @@ func TestListTransform(t *testing.T) { SourceRef: &cpv1beta.NetworkPolicyReference{ Name: "a", }, - TierPriority: pointer.Int32(260), - Priority: pointer.Float64(5.7), + TierPriority: ptr.To[int32](260), + Priority: ptr.To(5.7), } var npB = cpv1beta.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ @@ -47,8 +47,8 @@ func TestListTransform(t *testing.T) { SourceRef: &cpv1beta.NetworkPolicyReference{ Name: "b", }, - TierPriority: pointer.Int32(260), - Priority: pointer.Float64(7.8), + TierPriority: ptr.To[int32](260), + Priority: ptr.To(7.8), } var npC = cpv1beta.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ @@ -59,8 +59,8 @@ func TestListTransform(t *testing.T) { SourceRef: &cpv1beta.NetworkPolicyReference{ Name: "c", }, - TierPriority: pointer.Int32(200), - Priority: pointer.Float64(8), + TierPriority: ptr.To[int32](200), + Priority: ptr.To[float64](8), } var npD = cpv1beta.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/apiserver/certificate/certificate.go b/pkg/apiserver/certificate/certificate.go index 517547bf547..130b9ec2be6 100644 --- a/pkg/apiserver/certificate/certificate.go +++ b/pkg/apiserver/certificate/certificate.go @@ -15,6 +15,7 @@ package certificate import ( + "context" "fmt" "os" "path/filepath" @@ -67,17 +68,18 @@ func ApplyServerCert(selfSignedCert bool, tlsKeyPath := filepath.Join(caConfig.CertDir, TLSKeyFile) // The secret may be created after the Pod is created, for example, when cert-manager is used the secret // is created asynchronously. It waits for a while before it's considered to be failed. - if err = wait.PollImmediate(2*time.Second, caConfig.CertReadyTimeout, func() (bool, error) { - for _, path := range []string{caCertPath, tlsCertPath, tlsKeyPath} { - f, err := os.Open(path) - if err != nil { - klog.Warningf("Couldn't read %s when applying server certificate, retrying", path) - return false, nil + if err = wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, caConfig.CertReadyTimeout, true, + func(ctx context.Context) (bool, error) { + for _, path := range []string{caCertPath, tlsCertPath, tlsKeyPath} { + f, err := os.Open(path) + if err != nil { + klog.Warningf("Couldn't read %s when applying server certificate, retrying", path) + return false, nil + } + f.Close() } - f.Close() - } - return true, nil - }); err != nil { + return true, nil + }); err != nil { return nil, fmt.Errorf("error reading TLS certificate and/or key. Please make sure the TLS CA (%s), cert (%s), and key (%s) files are present in \"%s\", when selfSignedCert is set to false", CACertFile, TLSCertFile, TLSKeyFile, caConfig.CertDir) } // Since 1.17.0 (https://github.com/kubernetes/kubernetes/commit/3f5fbfbfac281f40c11de2f57d58cc332affc37b), diff --git a/pkg/apiserver/certificate/certificate_test.go b/pkg/apiserver/certificate/certificate_test.go index 26d6c3b707d..988f230e595 100644 --- a/pkg/apiserver/certificate/certificate_test.go +++ b/pkg/apiserver/certificate/certificate_test.go @@ -203,7 +203,7 @@ func TestApplyServerCert(t *testing.T) { if tt.selfSignedCert && tt.testRotate { oldCertKeyContent := got.getCertificate() go got.Run(ctx, 1) - err := wait.Poll(time.Second, 8*time.Second, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, 8*time.Second, false, func(ctx context.Context) (bool, error) { newCertKeyContent := got.getCertificate() equal := bytes.Equal(oldCertKeyContent, newCertKeyContent) return !equal, nil diff --git a/pkg/apiserver/openapi/zz_generated.openapi.go b/pkg/apiserver/openapi/zz_generated.openapi.go index 9ba7fb82404..7b5279470f9 100644 --- a/pkg/apiserver/openapi/zz_generated.openapi.go +++ b/pkg/apiserver/openapi/zz_generated.openapi.go @@ -176,6 +176,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.CinderVolumeSource": schema_k8sio_api_core_v1_CinderVolumeSource(ref), "k8s.io/api/core/v1.ClaimSource": schema_k8sio_api_core_v1_ClaimSource(ref), "k8s.io/api/core/v1.ClientIPConfig": schema_k8sio_api_core_v1_ClientIPConfig(ref), + "k8s.io/api/core/v1.ClusterTrustBundleProjection": schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref), "k8s.io/api/core/v1.ComponentCondition": schema_k8sio_api_core_v1_ComponentCondition(ref), "k8s.io/api/core/v1.ComponentStatus": schema_k8sio_api_core_v1_ComponentStatus(ref), "k8s.io/api/core/v1.ComponentStatusList": schema_k8sio_api_core_v1_ComponentStatusList(ref), @@ -189,6 +190,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.Container": schema_k8sio_api_core_v1_Container(ref), "k8s.io/api/core/v1.ContainerImage": schema_k8sio_api_core_v1_ContainerImage(ref), "k8s.io/api/core/v1.ContainerPort": schema_k8sio_api_core_v1_ContainerPort(ref), + "k8s.io/api/core/v1.ContainerResizePolicy": schema_k8sio_api_core_v1_ContainerResizePolicy(ref), "k8s.io/api/core/v1.ContainerState": schema_k8sio_api_core_v1_ContainerState(ref), "k8s.io/api/core/v1.ContainerStateRunning": schema_k8sio_api_core_v1_ContainerStateRunning(ref), "k8s.io/api/core/v1.ContainerStateTerminated": schema_k8sio_api_core_v1_ContainerStateTerminated(ref), @@ -227,6 +229,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.HTTPGetAction": schema_k8sio_api_core_v1_HTTPGetAction(ref), "k8s.io/api/core/v1.HTTPHeader": schema_k8sio_api_core_v1_HTTPHeader(ref), "k8s.io/api/core/v1.HostAlias": schema_k8sio_api_core_v1_HostAlias(ref), + "k8s.io/api/core/v1.HostIP": schema_k8sio_api_core_v1_HostIP(ref), "k8s.io/api/core/v1.HostPathVolumeSource": schema_k8sio_api_core_v1_HostPathVolumeSource(ref), "k8s.io/api/core/v1.ISCSIPersistentVolumeSource": schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref), "k8s.io/api/core/v1.ISCSIVolumeSource": schema_k8sio_api_core_v1_ISCSIVolumeSource(ref), @@ -242,6 +245,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.LoadBalancerStatus": schema_k8sio_api_core_v1_LoadBalancerStatus(ref), "k8s.io/api/core/v1.LocalObjectReference": schema_k8sio_api_core_v1_LocalObjectReference(ref), "k8s.io/api/core/v1.LocalVolumeSource": schema_k8sio_api_core_v1_LocalVolumeSource(ref), + "k8s.io/api/core/v1.ModifyVolumeStatus": schema_k8sio_api_core_v1_ModifyVolumeStatus(ref), "k8s.io/api/core/v1.NFSVolumeSource": schema_k8sio_api_core_v1_NFSVolumeSource(ref), "k8s.io/api/core/v1.Namespace": schema_k8sio_api_core_v1_Namespace(ref), "k8s.io/api/core/v1.NamespaceCondition": schema_k8sio_api_core_v1_NamespaceCondition(ref), @@ -296,6 +300,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.PodProxyOptions": schema_k8sio_api_core_v1_PodProxyOptions(ref), "k8s.io/api/core/v1.PodReadinessGate": schema_k8sio_api_core_v1_PodReadinessGate(ref), "k8s.io/api/core/v1.PodResourceClaim": schema_k8sio_api_core_v1_PodResourceClaim(ref), + "k8s.io/api/core/v1.PodResourceClaimStatus": schema_k8sio_api_core_v1_PodResourceClaimStatus(ref), "k8s.io/api/core/v1.PodSchedulingGate": schema_k8sio_api_core_v1_PodSchedulingGate(ref), "k8s.io/api/core/v1.PodSecurityContext": schema_k8sio_api_core_v1_PodSecurityContext(ref), "k8s.io/api/core/v1.PodSignature": schema_k8sio_api_core_v1_PodSignature(ref), @@ -353,6 +358,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.ServiceSpec": schema_k8sio_api_core_v1_ServiceSpec(ref), "k8s.io/api/core/v1.ServiceStatus": schema_k8sio_api_core_v1_ServiceStatus(ref), "k8s.io/api/core/v1.SessionAffinityConfig": schema_k8sio_api_core_v1_SessionAffinityConfig(ref), + "k8s.io/api/core/v1.SleepAction": schema_k8sio_api_core_v1_SleepAction(ref), "k8s.io/api/core/v1.StorageOSPersistentVolumeSource": schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref), "k8s.io/api/core/v1.StorageOSVolumeSource": schema_k8sio_api_core_v1_StorageOSVolumeSource(ref), "k8s.io/api/core/v1.Sysctl": schema_k8sio_api_core_v1_Sysctl(ref), @@ -369,6 +375,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/api/core/v1.VolumeMount": schema_k8sio_api_core_v1_VolumeMount(ref), "k8s.io/api/core/v1.VolumeNodeAffinity": schema_k8sio_api_core_v1_VolumeNodeAffinity(ref), "k8s.io/api/core/v1.VolumeProjection": schema_k8sio_api_core_v1_VolumeProjection(ref), + "k8s.io/api/core/v1.VolumeResourceRequirements": schema_k8sio_api_core_v1_VolumeResourceRequirements(ref), "k8s.io/api/core/v1.VolumeSource": schema_k8sio_api_core_v1_VolumeSource(ref), "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource": schema_k8sio_api_core_v1_VsphereVirtualDiskVolumeSource(ref), "k8s.io/api/core/v1.WeightedPodAffinityTerm": schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref), @@ -2530,8 +2537,7 @@ func schema_pkg_apis_controlplane_v1beta2_SupportBundleCollection(ref common.Ref }, "expiredAt": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "sinceTime": { @@ -2750,7 +2756,6 @@ func schema_pkg_apis_crd_v1beta1_AgentCondition(ref common.ReferenceCallback) co "lastHeartbeatTime": { SchemaProps: spec.SchemaProps{ Description: "The timestamp when AntreaAgentInfo is created/updated, ideally heartbeat interval is 60s", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -3476,7 +3481,6 @@ func schema_pkg_apis_crd_v1beta1_ControllerCondition(ref common.ReferenceCallbac "lastHeartbeatTime": { SchemaProps: spec.SchemaProps{ Description: "The timestamp when AntreaControllerInfo is created/updated, ideally heartbeat interval is 60s", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -3615,8 +3619,7 @@ func schema_pkg_apis_crd_v1beta1_EgressCondition(ref common.ReferenceCallback) c }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -4039,8 +4042,7 @@ func schema_pkg_apis_crd_v1beta1_GroupCondition(ref common.ReferenceCallback) co }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -4576,7 +4578,6 @@ func schema_pkg_apis_crd_v1beta1_NetworkPolicyCondition(ref common.ReferenceCall "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -4768,9 +4769,10 @@ func schema_pkg_apis_crd_v1beta1_NetworkPolicyPort(ref common.ReferenceCallback) Properties: map[string]spec.Schema{ "protocol": { SchemaProps: spec.SchemaProps{ - Description: "The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + Description: "The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"SCTP", "TCP", "UDP"}, }, }, "port": { @@ -6655,9 +6657,10 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback }, "cachingMode": { SchemaProps: spec.SchemaProps{ - Description: "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + Description: "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", Type: []string{"string"}, Format: "", + Enum: []interface{}{"None", "ReadOnly", "ReadWrite"}, }, }, "fsType": { @@ -6676,9 +6679,10 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback }, "kind": { SchemaProps: spec.SchemaProps{ - Description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + Description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Dedicated", "Managed", "Shared"}, }, }, }, @@ -6886,13 +6890,13 @@ func schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref common.ReferenceCall }, "controllerExpandSecretRef": { SchemaProps: spec.SchemaProps{ - Description: "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an beta field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + Description: "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "nodeExpandSecretRef": { SchemaProps: spec.SchemaProps{ - Description: "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is an alpha field and requires enabling CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + Description: "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, @@ -7242,7 +7246,7 @@ func schema_k8sio_api_core_v1_ClaimSource(ref common.ReferenceCallback) common.O }, "resourceClaimTemplateName": { SchemaProps: spec.SchemaProps{ - Description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be -, where is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).\n\nAn existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.", + Description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.", Type: []string{"string"}, Format: "", }, @@ -7273,6 +7277,57 @@ func schema_k8sio_api_core_v1_ClientIPConfig(ref common.ReferenceCallback) commo } } +func schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", + Type: []string{"string"}, + Format: "", + }, + }, + "signerName": { + SchemaProps: spec.SchemaProps{ + Description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", + Type: []string{"string"}, + Format: "", + }, + }, + "labelSelector": { + SchemaProps: spec.SchemaProps{ + Description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + }, + }, + "optional": { + SchemaProps: spec.SchemaProps{ + Description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "path": { + SchemaProps: spec.SchemaProps{ + Description: "Relative path from the volume root to write the bundle.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"path"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + } +} + func schema_k8sio_api_core_v1_ComponentCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -7887,6 +7942,32 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "resizePolicy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Resources resize policy for the container.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + }, + }, + }, + }, + }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + Type: []string{"string"}, + Format: "", + }, + }, "volumeMounts": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -7963,14 +8044,16 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"FallbackToLogsOnError", "File"}}, + Enum: []interface{}{"FallbackToLogsOnError", "File"}, + }, }, "imagePullPolicy": { SchemaProps: spec.SchemaProps{ Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Always", "IfNotPresent", "Never"}}, + Enum: []interface{}{"Always", "IfNotPresent", "Never"}, + }, }, "securityContext": { SchemaProps: spec.SchemaProps{ @@ -8004,7 +8087,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -8078,7 +8161,8 @@ func schema_k8sio_api_core_v1_ContainerPort(ref common.ReferenceCallback) common Default: "TCP", Type: []string{"string"}, Format: "", - Enum: []interface{}{"SCTP", "TCP", "UDP"}}, + Enum: []interface{}{"SCTP", "TCP", "UDP"}, + }, }, "hostIP": { SchemaProps: spec.SchemaProps{ @@ -8094,6 +8178,36 @@ func schema_k8sio_api_core_v1_ContainerPort(ref common.ReferenceCallback) common } } +func schema_k8sio_api_core_v1_ContainerResizePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ContainerResizePolicy represents resource resize policy for the container.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "resourceName": { + SchemaProps: spec.SchemaProps{ + Description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"resourceName", "restartPolicy"}, + }, + }, + } +} + func schema_k8sio_api_core_v1_ContainerState(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -8137,7 +8251,6 @@ func schema_k8sio_api_core_v1_ContainerStateRunning(ref common.ReferenceCallback "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container was last (re-)started", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -8188,14 +8301,12 @@ func schema_k8sio_api_core_v1_ContainerStateTerminated(ref common.ReferenceCallb "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which previous execution of the container started", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "finishedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container last terminated", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -8251,7 +8362,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.", + Description: "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", Default: "", Type: []string{"string"}, Format: "", @@ -8259,21 +8370,21 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, "state": { SchemaProps: spec.SchemaProps{ - Description: "Details about the container's current condition.", + Description: "State holds details about the container's current condition.", Default: map[string]interface{}{}, Ref: ref("k8s.io/api/core/v1.ContainerState"), }, }, "lastState": { SchemaProps: spec.SchemaProps{ - Description: "Details about the container's last termination condition.", + Description: "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", Default: map[string]interface{}{}, Ref: ref("k8s.io/api/core/v1.ContainerState"), }, }, "ready": { SchemaProps: spec.SchemaProps{ - Description: "Specifies whether the container has passed its readiness probe.", + Description: "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", Default: false, Type: []string{"boolean"}, Format: "", @@ -8281,7 +8392,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, "restartCount": { SchemaProps: spec.SchemaProps{ - Description: "The number of times the container has been restarted.", + Description: "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", Default: 0, Type: []string{"integer"}, Format: "int32", @@ -8289,7 +8400,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, "image": { SchemaProps: spec.SchemaProps{ - Description: "The image the container is running. More info: https://kubernetes.io/docs/concepts/containers/images.", + Description: "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", Default: "", Type: []string{"string"}, Format: "", @@ -8297,7 +8408,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, "imageID": { SchemaProps: spec.SchemaProps{ - Description: "ImageID of the container's image.", + Description: "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", Default: "", Type: []string{"string"}, Format: "", @@ -8305,24 +8416,44 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, "containerID": { SchemaProps: spec.SchemaProps{ - Description: "Container's ID in the format '://'.", + Description: "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", Type: []string{"string"}, Format: "", }, }, "started": { SchemaProps: spec.SchemaProps{ - Description: "Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.", + Description: "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", Type: []string{"boolean"}, Format: "", }, }, + "allocatedResources": { + SchemaProps: spec.SchemaProps{ + Description: "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + }, + }, + }, + }, + }, + "resources": { + SchemaProps: spec.SchemaProps{ + Description: "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + }, + }, }, Required: []string{"name", "ready", "restartCount", "image", "imageID"}, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerState"}, + "k8s.io/api/core/v1.ContainerState", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -8472,7 +8603,7 @@ func schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref common.ReferenceCallback) }, "sizeLimit": { SchemaProps: spec.SchemaProps{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, @@ -8493,7 +8624,7 @@ func schema_k8sio_api_core_v1_EndpointAddress(ref common.ReferenceCallback) comm Properties: map[string]spec.Schema{ "ip": { SchemaProps: spec.SchemaProps{ - Description: "The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready.", + Description: "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", Default: "", Type: []string{"string"}, Format: "", @@ -8560,11 +8691,12 @@ func schema_k8sio_api_core_v1_EndpointPort(ref common.ReferenceCallback) common. Description: "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"SCTP", "TCP", "UDP"}}, + Enum: []interface{}{"SCTP", "TCP", "UDP"}, + }, }, "appProtocol": { SchemaProps: spec.SchemaProps{ - Description: "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.", + Description: "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", Type: []string{"string"}, Format: "", }, @@ -8974,6 +9106,32 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "resizePolicy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Resources resize policy for the container.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + }, + }, + }, + }, + }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.", + Type: []string{"string"}, + Format: "", + }, + }, "volumeMounts": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -9050,14 +9208,16 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"FallbackToLogsOnError", "File"}}, + Enum: []interface{}{"FallbackToLogsOnError", "File"}, + }, }, "imagePullPolicy": { SchemaProps: spec.SchemaProps{ Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Always", "IfNotPresent", "Never"}}, + Enum: []interface{}{"Always", "IfNotPresent", "Never"}, + }, }, "securityContext": { SchemaProps: spec.SchemaProps{ @@ -9098,7 +9258,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -9227,6 +9387,32 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "resizePolicy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Resources resize policy for the container.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + }, + }, + }, + }, + }, + "restartPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.", + Type: []string{"string"}, + Format: "", + }, + }, "volumeMounts": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -9303,14 +9489,16 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"FallbackToLogsOnError", "File"}}, + Enum: []interface{}{"FallbackToLogsOnError", "File"}, + }, }, "imagePullPolicy": { SchemaProps: spec.SchemaProps{ Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Always", "IfNotPresent", "Never"}}, + Enum: []interface{}{"Always", "IfNotPresent", "Never"}, + }, }, "securityContext": { SchemaProps: spec.SchemaProps{ @@ -9344,7 +9532,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -9428,14 +9616,12 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "firstTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the most recent occurrence of this event was recorded.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -9456,7 +9642,6 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "eventTime": { SchemaProps: spec.SchemaProps{ Description: "Time when this Event was first observed.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), }, }, @@ -9572,7 +9757,6 @@ func schema_k8sio_api_core_v1_EventSeries(ref common.ReferenceCallback) common.O "lastObservedTime": { SchemaProps: spec.SchemaProps{ Description: "Time of the last occurrence observed", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), }, }, @@ -10056,7 +10240,6 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common "port": { SchemaProps: spec.SchemaProps{ Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, @@ -10072,7 +10255,8 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common Description: "Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - `\"HTTP\"` means that the scheme used will be http://\n - `\"HTTPS\"` means that the scheme used will be https://", Type: []string{"string"}, Format: "", - Enum: []interface{}{"HTTP", "HTTPS"}}, + Enum: []interface{}{"HTTP", "HTTPS"}, + }, }, "httpHeaders": { SchemaProps: spec.SchemaProps{ @@ -10106,7 +10290,7 @@ func schema_k8sio_api_core_v1_HTTPHeader(ref common.ReferenceCallback) common.Op Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "The header field name", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Default: "", Type: []string{"string"}, Format: "", @@ -10162,6 +10346,26 @@ func schema_k8sio_api_core_v1_HostAlias(ref common.ReferenceCallback) common.Ope } } +func schema_k8sio_api_core_v1_HostIP(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HostIP represents a single IP address allocated to the host.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ip": { + SchemaProps: spec.SchemaProps{ + Description: "IP is the IP address assigned to the host", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_k8sio_api_core_v1_HostPathVolumeSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -10179,9 +10383,10 @@ func schema_k8sio_api_core_v1_HostPathVolumeSource(ref common.ReferenceCallback) }, "type": { SchemaProps: spec.SchemaProps{ - Description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + Description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", Type: []string{"string"}, Format: "", + Enum: []interface{}{"", "BlockDevice", "CharDevice", "Directory", "DirectoryOrCreate", "File", "FileOrCreate", "Socket"}, }, }, }, @@ -10486,11 +10691,17 @@ func schema_k8sio_api_core_v1_LifecycleHandler(ref common.ReferenceCallback) com Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), }, }, + "sleep": { + SchemaProps: spec.SchemaProps{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + Ref: ref("k8s.io/api/core/v1.SleepAction"), + }, + }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.TCPSocketAction"}, + "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.SleepAction", "k8s.io/api/core/v1.TCPSocketAction"}, } } @@ -10560,8 +10771,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -10575,8 +10785,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -10590,8 +10799,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -10605,8 +10813,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -10620,8 +10827,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -10752,8 +10958,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -10789,6 +10994,13 @@ func schema_k8sio_api_core_v1_LoadBalancerIngress(ref common.ReferenceCallback) Format: "", }, }, + "ipMode": { + SchemaProps: spec.SchemaProps{ + Description: "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", + Type: []string{"string"}, + Format: "", + }, + }, "ports": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -10899,6 +11111,36 @@ func schema_k8sio_api_core_v1_LocalVolumeSource(ref common.ReferenceCallback) co } } +func schema_k8sio_api_core_v1_ModifyVolumeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetVolumeAttributesClassName": { + SchemaProps: spec.SchemaProps{ + Description: "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.\n\nPossible enum values:\n - `\"InProgress\"` InProgress indicates that the volume is being modified\n - `\"Infeasible\"` Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified\n - `\"Pending\"` Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing", + Default: "", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"InProgress", "Infeasible", "Pending"}, + }, + }, + }, + Required: []string{"status"}, + }, + }, + } +} + func schema_k8sio_api_core_v1_NFSVolumeSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -11011,8 +11253,7 @@ func schema_k8sio_api_core_v1_NamespaceCondition(ref common.ReferenceCallback) c }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -11127,7 +11368,8 @@ func schema_k8sio_api_core_v1_NamespaceStatus(ref common.ReferenceCallback) comm Description: "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Active", "Terminating"}}, + Enum: []interface{}{"Active", "Terminating"}, + }, }, "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -11298,14 +11540,12 @@ func schema_k8sio_api_core_v1_NodeCondition(ref common.ReferenceCallback) common "lastHeartbeatTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we got an update on a given condition.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transit from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -11515,8 +11755,7 @@ func schema_k8sio_api_core_v1_NodeResources(ref common.ReferenceCallback) common Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -11587,7 +11826,8 @@ func schema_k8sio_api_core_v1_NodeSelectorRequirement(ref common.ReferenceCallba Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"DoesNotExist", "Exists", "Gt", "In", "Lt", "NotIn"}}, + Enum: []interface{}{"DoesNotExist", "Exists", "Gt", "In", "Lt", "NotIn"}, + }, }, "values": { SchemaProps: spec.SchemaProps{ @@ -11757,8 +11997,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -11772,8 +12011,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -11784,7 +12022,8 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Description: "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.\n\nPossible enum values:\n - `\"Pending\"` means the node has been created/added by the system, but not configured.\n - `\"Running\"` means the node has been configured and has Kubernetes components running.\n - `\"Terminated\"` means the node has been removed from the cluster.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Pending", "Running", "Terminated"}}, + Enum: []interface{}{"Pending", "Running", "Terminated"}, + }, }, "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -11814,7 +12053,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op }, }, SchemaProps: spec.SchemaProps{ - Description: "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example.", + Description: "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -12196,7 +12435,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PersistentVolumeClaimCondition contails details about state of pvc", + Description: "PersistentVolumeClaimCondition contains details about state of pvc", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { @@ -12216,14 +12455,12 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "lastProbeTime is the time we probed the condition.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time the condition transitioned from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -12333,7 +12570,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref("k8s.io/api/core/v1.VolumeResourceRequirements"), }, }, "volumeName": { @@ -12352,9 +12589,10 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall }, "volumeMode": { SchemaProps: spec.SchemaProps{ - Description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + Description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Block", "Filesystem"}, }, }, "dataSource": { @@ -12369,11 +12607,18 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall Ref: ref("k8s.io/api/core/v1.TypedObjectReference"), }, }, + "volumeAttributesClassName": { + SchemaProps: spec.SchemaProps{ + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.TypedLocalObjectReference", "k8s.io/api/core/v1.TypedObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "k8s.io/api/core/v1.TypedLocalObjectReference", "k8s.io/api/core/v1.TypedObjectReference", "k8s.io/api/core/v1.VolumeResourceRequirements", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -12389,7 +12634,8 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Description: "phase represents the current phase of PersistentVolumeClaim.\n\nPossible enum values:\n - `\"Bound\"` used for PersistentVolumeClaims that are bound\n - `\"Lost\"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.\n - `\"Pending\"` used for PersistentVolumeClaims that are not yet bound", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Bound", "Lost", "Pending"}}, + Enum: []interface{}{"Bound", "Lost", "Pending"}, + }, }, "accessModes": { SchemaProps: spec.SchemaProps{ @@ -12414,8 +12660,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -12443,31 +12688,57 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa }, "allocatedResources": { SchemaProps: spec.SchemaProps{ - Description: "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + Description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + }, + }, + }, + }, + }, + "allocatedResourceStatuses": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "granular", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "resizeStatus": { + "currentVolumeAttributesClassName": { SchemaProps: spec.SchemaProps{ - Description: "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + Description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.", Type: []string{"string"}, Format: "", }, }, + "modifyVolumeStatus": { + SchemaProps: spec.SchemaProps{ + Description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature.", + Ref: ref("k8s.io/api/core/v1.ModifyVolumeStatus"), + }, + }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeClaimCondition", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + "k8s.io/api/core/v1.ModifyVolumeStatus", "k8s.io/api/core/v1.PersistentVolumeClaimCondition", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -12743,8 +13014,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -12913,7 +13183,8 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) Description: "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Delete", "Recycle", "Retain"}}, + Enum: []interface{}{"Delete", "Recycle", "Retain"}, + }, }, "storageClassName": { SchemaProps: spec.SchemaProps{ @@ -12939,9 +13210,10 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, "volumeMode": { SchemaProps: spec.SchemaProps{ - Description: "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.", + Description: "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Block", "Filesystem"}, }, }, "nodeAffinity": { @@ -12950,6 +13222,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) Ref: ref("k8s.io/api/core/v1.VolumeNodeAffinity"), }, }, + "volumeAttributesClassName": { + SchemaProps: spec.SchemaProps{ + Description: "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is an alpha field and requires enabling VolumeAttributesClass feature.", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, @@ -12970,7 +13249,8 @@ func schema_k8sio_api_core_v1_PersistentVolumeStatus(ref common.ReferenceCallbac Description: "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase\n\nPossible enum values:\n - `\"Available\"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims\n - `\"Bound\"` used for PersistentVolumes that are bound\n - `\"Failed\"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim\n - `\"Pending\"` used for PersistentVolumes that are not available\n - `\"Released\"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Available", "Bound", "Failed", "Pending", "Released"}}, + Enum: []interface{}{"Available", "Bound", "Failed", "Pending", "Released"}, + }, }, "message": { SchemaProps: spec.SchemaProps{ @@ -12986,9 +13266,17 @@ func schema_k8sio_api_core_v1_PersistentVolumeStatus(ref common.ReferenceCallbac Format: "", }, }, + "lastPhaseTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is a beta field and requires the PersistentVolumeLastPhaseTransitionTime feature to be enabled (enabled by default).", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, }, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -13123,7 +13411,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm Properties: map[string]spec.Schema{ "labelSelector": { SchemaProps: spec.SchemaProps{ - Description: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, @@ -13156,6 +13444,46 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, + "matchLabelKeys": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "mismatchLabelKeys": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"topologyKey"}, }, @@ -13296,14 +13624,12 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we probed the condition.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -13497,12 +13823,12 @@ func schema_k8sio_api_core_v1_PodIP(ref common.ReferenceCallback) common.OpenAPI return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.", + Description: "PodIP represents a single IP address allocated to the pod.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "ip": { SchemaProps: spec.SchemaProps{ - Description: "ip is an IP address (IPv4 or IPv6) assigned to the pod", + Description: "IP is the IP address assigned to the pod", Type: []string{"string"}, Format: "", }, @@ -13806,6 +14132,35 @@ func schema_k8sio_api_core_v1_PodResourceClaim(ref common.ReferenceCallback) com } } +func schema_k8sio_api_core_v1_PodResourceClaimStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "resourceClaimName": { + SchemaProps: spec.SchemaProps{ + Description: "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + func schema_k8sio_api_core_v1_PodSchedulingGate(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -13906,9 +14261,10 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c }, "fsGroupChangePolicy": { SchemaProps: spec.SchemaProps{ - Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", + Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Always\"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.\n - `\"OnRootMismatch\"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Always", "OnRootMismatch"}, }, }, "seccompProfile": { @@ -14035,10 +14391,11 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA }, "restartPolicy": { SchemaProps: spec.SchemaProps{ - Description: "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", + Description: "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Always", "Never", "OnFailure"}}, + Enum: []interface{}{"Always", "Never", "OnFailure"}, + }, }, "terminationGracePeriodSeconds": { SchemaProps: spec.SchemaProps{ @@ -14059,7 +14416,8 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Description: "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\nPossible enum values:\n - `\"ClusterFirst\"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"ClusterFirstWithHostNet\"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"Default\"` indicates that the pod should use the default (as determined by kubelet) DNS settings.\n - `\"None\"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"ClusterFirst", "ClusterFirstWithHostNet", "Default", "None"}}, + Enum: []interface{}{"ClusterFirst", "ClusterFirstWithHostNet", "Default", "None"}, + }, }, "nodeSelector": { VendorExtensible: spec.VendorExtensible{ @@ -14275,9 +14633,10 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA }, "preemptionPolicy": { SchemaProps: spec.SchemaProps{ - Description: "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", + Description: "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Never", "PreemptLowerPriority"}, }, }, "overhead": { @@ -14288,8 +14647,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -14352,7 +14710,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA }, }, SchemaProps: spec.SchemaProps{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.\n\nThis is an alpha-level feature enabled by PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.\n\nThis is a beta feature enabled by the PodSchedulingReadiness feature gate.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -14409,7 +14767,8 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Description: "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase\n\nPossible enum values:\n - `\"Failed\"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).\n - `\"Pending\"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.\n - `\"Running\"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.\n - `\"Succeeded\"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.\n - `\"Unknown\"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Failed", "Pending", "Running", "Succeeded", "Unknown"}}, + Enum: []interface{}{"Failed", "Pending", "Running", "Succeeded", "Unknown"}, + }, }, "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -14454,14 +14813,35 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope }, "hostIP": { SchemaProps: spec.SchemaProps{ - Description: "IP address of the host to which the pod is assigned. Empty if not yet scheduled.", + Description: "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", Type: []string{"string"}, Format: "", }, }, + "hostIPs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.HostIP"), + }, + }, + }, + }, + }, "podIP": { SchemaProps: spec.SchemaProps{ - Description: "IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + Description: "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", Type: []string{"string"}, Format: "", }, @@ -14522,10 +14902,11 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope }, "qosClass": { SchemaProps: spec.SchemaProps{ - Description: "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", + Description: "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"BestEffort", "Burstable", "Guaranteed"}}, + Enum: []interface{}{"BestEffort", "Burstable", "Guaranteed"}, + }, }, "ephemeralContainerStatuses": { SchemaProps: spec.SchemaProps{ @@ -14541,11 +14922,42 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope }, }, }, + "resize": { + SchemaProps: spec.SchemaProps{ + Description: "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\"", + Type: []string{"string"}, + Format: "", + }, + }, + "resourceClaimStatuses": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Status of resource claims.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.PodResourceClaimStatus"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerStatus", "k8s.io/api/core/v1.PodCondition", "k8s.io/api/core/v1.PodIP", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "k8s.io/api/core/v1.ContainerStatus", "k8s.io/api/core/v1.HostIP", "k8s.io/api/core/v1.PodCondition", "k8s.io/api/core/v1.PodIP", "k8s.io/api/core/v1.PodResourceClaimStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -14735,7 +15147,8 @@ func schema_k8sio_api_core_v1_PortStatus(ref common.ReferenceCallback) common.Op Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"SCTP", "TCP", "UDP"}}, + Enum: []interface{}{"SCTP", "TCP", "UDP"}, + }, }, "error": { SchemaProps: spec.SchemaProps{ @@ -14804,7 +15217,6 @@ func schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref common.ReferenceCallback) "evictionTime": { SchemaProps: spec.SchemaProps{ Description: "Time at which this entry was added to the list.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -14889,7 +15301,7 @@ func schema_k8sio_api_core_v1_Probe(ref common.ReferenceCallback) common.OpenAPI }, "grpc": { SchemaProps: spec.SchemaProps{ - Description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + Description: "GRPC specifies an action involving a GRPC port.", Ref: ref("k8s.io/api/core/v1.GRPCAction"), }, }, @@ -14970,7 +15382,7 @@ func schema_k8sio_api_core_v1_ProbeHandler(ref common.ReferenceCallback) common. }, "grpc": { SchemaProps: spec.SchemaProps{ - Description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + Description: "GRPC specifies an action involving a GRPC port.", Ref: ref("k8s.io/api/core/v1.GRPCAction"), }, }, @@ -15364,7 +15776,6 @@ func schema_k8sio_api_core_v1_ReplicationControllerCondition(ref common.Referenc "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -15486,7 +15897,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerSpec(ref common.ReferenceCall }, "template": { SchemaProps: spec.SchemaProps{ - Description: "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", + Description: "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, @@ -15617,7 +16028,6 @@ func schema_k8sio_api_core_v1_ResourceFieldSelector(ref common.ReferenceCallback "divisor": { SchemaProps: spec.SchemaProps{ Description: "Specifies the output format of the exposed resources, defaults to \"1\"", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, @@ -15751,8 +16161,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaSpec(ref common.ReferenceCallback) co Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -15802,8 +16211,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -15817,8 +16225,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -15847,8 +16254,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -15856,14 +16262,13 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, "requests": { SchemaProps: spec.SchemaProps{ - Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -16161,7 +16566,8 @@ func schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref common.Refer Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"BestEffort", "CrossNamespacePodAffinity", "NotBestEffort", "NotTerminating", "PriorityClass", "Terminating"}}, + Enum: []interface{}{"BestEffort", "CrossNamespacePodAffinity", "NotBestEffort", "NotTerminating", "PriorityClass", "Terminating"}, + }, }, "operator": { SchemaProps: spec.SchemaProps{ @@ -16169,7 +16575,8 @@ func schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref common.Refer Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"DoesNotExist", "Exists", "In", "NotIn"}}, + Enum: []interface{}{"DoesNotExist", "Exists", "In", "NotIn"}, + }, }, "values": { SchemaProps: spec.SchemaProps{ @@ -16206,11 +16613,12 @@ func schema_k8sio_api_core_v1_SeccompProfile(ref common.ReferenceCallback) commo Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Localhost", "RuntimeDefault", "Unconfined"}}, + Enum: []interface{}{"Localhost", "RuntimeDefault", "Unconfined"}, + }, }, "localhostProfile": { SchemaProps: spec.SchemaProps{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", Type: []string{"string"}, Format: "", }, @@ -16628,9 +17036,10 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm }, "procMount": { SchemaProps: spec.SchemaProps{ - Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Default\"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.\n - `\"Unmasked\"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Default", "Unmasked"}, }, }, "seccompProfile": { @@ -16968,11 +17377,12 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O Default: "TCP", Type: []string{"string"}, Format: "", - Enum: []interface{}{"SCTP", "TCP", "UDP"}}, + Enum: []interface{}{"SCTP", "TCP", "UDP"}, + }, }, "appProtocol": { SchemaProps: spec.SchemaProps{ - Description: "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.", + Description: "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", Type: []string{"string"}, Format: "", }, @@ -16988,7 +17398,6 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O "targetPort": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, @@ -17127,7 +17536,8 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O Description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\nPossible enum values:\n - `\"ClusterIP\"` means a service will only be accessible inside the cluster, via the cluster IP.\n - `\"ExternalName\"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.\n - `\"LoadBalancer\"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.\n - `\"NodePort\"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"ClusterIP", "ExternalName", "LoadBalancer", "NodePort"}}, + Enum: []interface{}{"ClusterIP", "ExternalName", "LoadBalancer", "NodePort"}, + }, }, "externalIPs": { SchemaProps: spec.SchemaProps{ @@ -17149,11 +17559,12 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O Description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\nPossible enum values:\n - `\"ClientIP\"` is the Client IP based.\n - `\"None\"` - no session affinity.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"ClientIP", "None"}}, + Enum: []interface{}{"ClientIP", "None"}, + }, }, "loadBalancerIP": { SchemaProps: spec.SchemaProps{ - Description: "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.", + Description: "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", Type: []string{"string"}, Format: "", }, @@ -17182,10 +17593,11 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O }, "externalTrafficPolicy": { SchemaProps: spec.SchemaProps{ - Description: "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", + Description: "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"`\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"`\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Cluster", "Local"}}, + Enum: []interface{}{"Cluster", "Cluster", "Local", "Local"}, + }, }, "healthCheckNodePort": { SchemaProps: spec.SchemaProps{ @@ -17229,9 +17641,10 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O }, "ipFamilyPolicy": { SchemaProps: spec.SchemaProps{ - Description: "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.", + Description: "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.\n\nPossible enum values:\n - `\"PreferDualStack\"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster\n - `\"RequireDualStack\"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver\n - `\"SingleStack\"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field", Type: []string{"string"}, Format: "", + Enum: []interface{}{"PreferDualStack", "RequireDualStack", "SingleStack"}, }, }, "allocateLoadBalancerNodePorts": { @@ -17250,9 +17663,10 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O }, "internalTrafficPolicy": { SchemaProps: spec.SchemaProps{ - Description: "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", + Description: "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Cluster", "Local"}, }, }, }, @@ -17330,6 +17744,28 @@ func schema_k8sio_api_core_v1_SessionAffinityConfig(ref common.ReferenceCallback } } +func schema_k8sio_api_core_v1_SleepAction(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SleepAction describes a \"sleep\" action.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "seconds": { + SchemaProps: spec.SchemaProps{ + Description: "Seconds is the number of seconds to sleep.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, + }, + Required: []string{"seconds"}, + }, + }, + } +} + func schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -17468,7 +17904,6 @@ func schema_k8sio_api_core_v1_TCPSocketAction(ref common.ReferenceCallback) comm "port": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, @@ -17516,7 +17951,8 @@ func schema_k8sio_api_core_v1_Taint(ref common.ReferenceCallback) common.OpenAPI Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"NoExecute", "NoSchedule", "PreferNoSchedule"}}, + Enum: []interface{}{"NoExecute", "NoSchedule", "PreferNoSchedule"}, + }, }, "timeAdded": { SchemaProps: spec.SchemaProps{ @@ -17552,7 +17988,8 @@ func schema_k8sio_api_core_v1_Toleration(ref common.ReferenceCallback) common.Op Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Equal", "Exists"}}, + Enum: []interface{}{"Equal", "Exists"}, + }, }, "value": { SchemaProps: spec.SchemaProps{ @@ -17566,7 +18003,8 @@ func schema_k8sio_api_core_v1_Toleration(ref common.ReferenceCallback) common.Op Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"NoExecute", "NoSchedule", "PreferNoSchedule"}}, + Enum: []interface{}{"NoExecute", "NoSchedule", "PreferNoSchedule"}, + }, }, "tolerationSeconds": { SchemaProps: spec.SchemaProps{ @@ -17681,7 +18119,8 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"DoNotSchedule", "ScheduleAnyway"}}, + Enum: []interface{}{"DoNotSchedule", "ScheduleAnyway"}, + }, }, "labelSelector": { SchemaProps: spec.SchemaProps{ @@ -17698,16 +18137,18 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb }, "nodeAffinityPolicy": { SchemaProps: spec.SchemaProps{ - Description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + Description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Honor", "Ignore"}, }, }, "nodeTaintsPolicy": { SchemaProps: spec.SchemaProps{ - Description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + Description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Honor", "Ignore"}, }, }, "matchLabelKeys": { @@ -17717,7 +18158,7 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb }, }, SchemaProps: spec.SchemaProps{ - Description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.", + Description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -18091,9 +18532,10 @@ func schema_k8sio_api_core_v1_VolumeMount(ref common.ReferenceCallback) common.O }, "mountPropagation": { SchemaProps: spec.SchemaProps{ - Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Bidirectional", "HostToContainer", "None"}, }, }, "subPathExpr": { @@ -18162,11 +18604,60 @@ func schema_k8sio_api_core_v1_VolumeProjection(ref common.ReferenceCallback) com Ref: ref("k8s.io/api/core/v1.ServiceAccountTokenProjection"), }, }, + "clusterTrustBundle": { + SchemaProps: spec.SchemaProps{ + Description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", + Ref: ref("k8s.io/api/core/v1.ClusterTrustBundleProjection"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/api/core/v1.ClusterTrustBundleProjection", "k8s.io/api/core/v1.ConfigMapProjection", "k8s.io/api/core/v1.DownwardAPIProjection", "k8s.io/api/core/v1.SecretProjection", "k8s.io/api/core/v1.ServiceAccountTokenProjection"}, + } +} + +func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VolumeResourceRequirements describes the storage resource requirements for a volume.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "limits": { + SchemaProps: spec.SchemaProps{ + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + }, + }, + }, + }, + }, + "requests": { + SchemaProps: spec.SchemaProps{ + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMapProjection", "k8s.io/api/core/v1.DownwardAPIProjection", "k8s.io/api/core/v1.SecretProjection", "k8s.io/api/core/v1.ServiceAccountTokenProjection"}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -18463,7 +18954,7 @@ func schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref common.Reference }, "hostProcess": { SchemaProps: spec.SchemaProps{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Type: []string{"boolean"}, Format: "", }, @@ -18906,7 +19397,6 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -18980,7 +19470,7 @@ func schema_pkg_apis_meta_v1_CreateOptions(ref common.ReferenceCallback) common. }, "fieldValidation": { SchemaProps: spec.SchemaProps{ - Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", Type: []string{"string"}, Format: "", }, @@ -19390,12 +19880,6 @@ func schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref common.ReferenceCallba Type: []string{"object"}, Properties: map[string]spec.Schema{ "key": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "key", - "x-kubernetes-patch-strategy": "merge", - }, - }, SchemaProps: spec.SchemaProps{ Description: "key is the label key that the selector applies to.", Default: "", @@ -19468,8 +19952,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -19609,6 +20092,13 @@ func schema_pkg_apis_meta_v1_ListOptions(ref common.ReferenceCallback) common.Op Format: "", }, }, + "sendInitialEvents": { + SchemaProps: spec.SchemaProps{ + Description: "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, @@ -19698,7 +20188,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + Description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", Type: []string{"string"}, Format: "", }, @@ -19712,7 +20202,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, "namespace": { SchemaProps: spec.SchemaProps{ - Description: "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + Description: "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", Type: []string{"string"}, Format: "", }, @@ -19726,7 +20216,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, "uid": { SchemaProps: spec.SchemaProps{ - Description: "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + Description: "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", Type: []string{"string"}, Format: "", }, @@ -19748,7 +20238,6 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "creationTimestamp": { SchemaProps: spec.SchemaProps{ Description: "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -19767,7 +20256,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, "labels": { SchemaProps: spec.SchemaProps{ - Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -19783,7 +20272,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, "annotations": { SchemaProps: spec.SchemaProps{ - Description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + Description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -19884,7 +20373,7 @@ func schema_pkg_apis_meta_v1_OwnerReference(ref common.ReferenceCallback) common }, "name": { SchemaProps: spec.SchemaProps{ - Description: "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", Default: "", Type: []string{"string"}, Format: "", @@ -19892,7 +20381,7 @@ func schema_pkg_apis_meta_v1_OwnerReference(ref common.ReferenceCallback) common }, "uid": { SchemaProps: spec.SchemaProps{ - Description: "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + Description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", Default: "", Type: []string{"string"}, Format: "", @@ -20074,7 +20563,7 @@ func schema_pkg_apis_meta_v1_PatchOptions(ref common.ReferenceCallback) common.O }, "fieldValidation": { SchemaProps: spec.SchemaProps{ - Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", Type: []string{"string"}, Format: "", }, @@ -20305,7 +20794,7 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. }, "uid": { SchemaProps: spec.SchemaProps{ - Description: "UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + Description: "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", Type: []string{"string"}, Format: "", }, @@ -20530,7 +21019,6 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA "object": { SchemaProps: spec.SchemaProps{ Description: "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, @@ -20701,7 +21189,7 @@ func schema_pkg_apis_meta_v1_UpdateOptions(ref common.ReferenceCallback) common. }, "fieldValidation": { SchemaProps: spec.SchemaProps{ - Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + Description: "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", Type: []string{"string"}, Format: "", }, @@ -20729,7 +21217,6 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope "object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, @@ -20797,13 +21284,6 @@ func schema_k8sio_apimachinery_pkg_runtime_Unknown(ref common.ReferenceCallback) Format: "", }, }, - "Raw": { - SchemaProps: spec.SchemaProps{ - Description: "Raw will hold the complete serialized object which couldn't be matched with a registered type. Most likely, nothing should be done with this except for passing it through the system.", - Type: []string{"string"}, - Format: "byte", - }, - }, "ContentEncoding": { SchemaProps: spec.SchemaProps{ Description: "ContentEncoding is encoding used to encode 'Raw' data. Unspecified means no encoding.", @@ -20821,7 +21301,7 @@ func schema_k8sio_apimachinery_pkg_runtime_Unknown(ref common.ReferenceCallback) }, }, }, - Required: []string{"Raw", "ContentEncoding", "ContentType"}, + Required: []string{"ContentEncoding", "ContentType"}, }, }, } diff --git a/pkg/apiserver/registry/controlplane/egressgroup/rest.go b/pkg/apiserver/registry/controlplane/egressgroup/rest.go index b644d4367c5..de11db3069c 100644 --- a/pkg/apiserver/registry/controlplane/egressgroup/rest.go +++ b/pkg/apiserver/registry/controlplane/egressgroup/rest.go @@ -38,11 +38,12 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Watcher = &REST{} - _ rest.Scoper = &REST{} - _ rest.Lister = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -104,3 +105,7 @@ func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(controlplane.Resource("egressgroup")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "egressgroup" +} diff --git a/pkg/apiserver/registry/controlplane/nodestatssummary/rest.go b/pkg/apiserver/registry/controlplane/nodestatssummary/rest.go index 99e1a2d2e2b..a81d83425ef 100644 --- a/pkg/apiserver/registry/controlplane/nodestatssummary/rest.go +++ b/pkg/apiserver/registry/controlplane/nodestatssummary/rest.go @@ -34,8 +34,9 @@ type REST struct { } var ( - _ rest.Creater = &REST{} - _ rest.Scoper = &REST{} + _ rest.Creater = &REST{} + _ rest.Scoper = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -60,3 +61,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation func (r *REST) NamespaceScoped() bool { return false } + +func (r *REST) GetSingularName() string { + return "nodestatssummary" +} diff --git a/pkg/apiserver/registry/controlplane/supportbundlecollection/rest.go b/pkg/apiserver/registry/controlplane/supportbundlecollection/rest.go index cccc08de861..b4b507694e0 100644 --- a/pkg/apiserver/registry/controlplane/supportbundlecollection/rest.go +++ b/pkg/apiserver/registry/controlplane/supportbundlecollection/rest.go @@ -38,11 +38,12 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Watcher = &REST{} - _ rest.Scoper = &REST{} - _ rest.Lister = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -104,3 +105,7 @@ func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(controlplane.Resource("supportbundlecollection")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "supportbundlecollection" +} diff --git a/pkg/apiserver/registry/networkpolicy/addressgroup/rest.go b/pkg/apiserver/registry/networkpolicy/addressgroup/rest.go index 755e6263091..f1782f97d84 100644 --- a/pkg/apiserver/registry/networkpolicy/addressgroup/rest.go +++ b/pkg/apiserver/registry/networkpolicy/addressgroup/rest.go @@ -38,11 +38,12 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Watcher = &REST{} - _ rest.Scoper = &REST{} - _ rest.Lister = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -104,3 +105,7 @@ func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(controlplane.Resource("addressgroup")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "addressgroup" +} diff --git a/pkg/apiserver/registry/networkpolicy/appliedtogroup/rest.go b/pkg/apiserver/registry/networkpolicy/appliedtogroup/rest.go index 7f1aba56a2b..c8b90cd2392 100644 --- a/pkg/apiserver/registry/networkpolicy/appliedtogroup/rest.go +++ b/pkg/apiserver/registry/networkpolicy/appliedtogroup/rest.go @@ -38,11 +38,12 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Watcher = &REST{} - _ rest.Scoper = &REST{} - _ rest.Lister = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -104,3 +105,7 @@ func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(controlplane.Resource("appliedtogroup")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "appliedtogroup" +} diff --git a/pkg/apiserver/registry/networkpolicy/clustergroupmember/rest.go b/pkg/apiserver/registry/networkpolicy/clustergroupmember/rest.go index 566b2a5b407..a5e6536ad8b 100644 --- a/pkg/apiserver/registry/networkpolicy/clustergroupmember/rest.go +++ b/pkg/apiserver/registry/networkpolicy/clustergroupmember/rest.go @@ -31,9 +31,10 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.GetterWithOptions = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.GetterWithOptions = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -69,6 +70,10 @@ func (r *REST) NamespaceScoped() bool { return false } +func (r *REST) GetSingularName() string { + return "clustergroupmembers" +} + func GetPaginatedMembers(querier GroupMembershipQuerier, name string, options runtime.Object) (members []controlplane.GroupMember, ipNets []controlplane.IPNet, totalMembers, totalPages, currentPage int64, err error) { groupMembers, ipBlocks, err := querier.GetGroupMembers(name) if err != nil { diff --git a/pkg/apiserver/registry/networkpolicy/groupassociation/rest.go b/pkg/apiserver/registry/networkpolicy/groupassociation/rest.go index 72bd955be59..5bf7e8c454b 100644 --- a/pkg/apiserver/registry/networkpolicy/groupassociation/rest.go +++ b/pkg/apiserver/registry/networkpolicy/groupassociation/rest.go @@ -32,9 +32,10 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -76,3 +77,7 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) func (r *REST) NamespaceScoped() bool { return true } + +func (r *REST) GetSingularName() string { + return "groupassociation" +} diff --git a/pkg/apiserver/registry/networkpolicy/groupmember/rest.go b/pkg/apiserver/registry/networkpolicy/groupmember/rest.go index 8e2c3d53447..bac37ee410f 100644 --- a/pkg/apiserver/registry/networkpolicy/groupmember/rest.go +++ b/pkg/apiserver/registry/networkpolicy/groupmember/rest.go @@ -32,9 +32,10 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.GetterWithOptions = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.GetterWithOptions = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -71,3 +72,7 @@ func (r *REST) NewGetOptions() (runtime.Object, bool, string) { func (r *REST) NamespaceScoped() bool { return true } + +func (r *REST) GetSingularName() string { + return "groupmembers" +} diff --git a/pkg/apiserver/registry/networkpolicy/ipgroupassociation/rest.go b/pkg/apiserver/registry/networkpolicy/ipgroupassociation/rest.go index 71f379a0364..f61c914bf75 100644 --- a/pkg/apiserver/registry/networkpolicy/ipgroupassociation/rest.go +++ b/pkg/apiserver/registry/networkpolicy/ipgroupassociation/rest.go @@ -42,9 +42,10 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -137,3 +138,7 @@ func (r *REST) getAssociatedExternalEntities(ip string) []*v1alpha2.ExternalEnti func (r *REST) NamespaceScoped() bool { return false } + +func (r *REST) GetSingularName() string { + return "ipgroupassociation" +} diff --git a/pkg/apiserver/registry/networkpolicy/networkpolicy/rest.go b/pkg/apiserver/registry/networkpolicy/networkpolicy/rest.go index 2b2db670107..0fd1dd5c4d0 100644 --- a/pkg/apiserver/registry/networkpolicy/networkpolicy/rest.go +++ b/pkg/apiserver/registry/networkpolicy/networkpolicy/rest.go @@ -38,11 +38,12 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Watcher = &REST{} - _ rest.Scoper = &REST{} - _ rest.Lister = &REST{} - _ rest.Getter = &REST{} + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -104,3 +105,7 @@ func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(controlplane.Resource("networkpolicy")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "networkpolicy" +} diff --git a/pkg/apiserver/registry/networkpolicy/networkpolicyevaluation/rest.go b/pkg/apiserver/registry/networkpolicy/networkpolicyevaluation/rest.go index c005a9aeb6d..af3fca3248f 100644 --- a/pkg/apiserver/registry/networkpolicy/networkpolicyevaluation/rest.go +++ b/pkg/apiserver/registry/networkpolicy/networkpolicyevaluation/rest.go @@ -32,9 +32,10 @@ type REST struct { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Creater = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Creater = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -65,3 +66,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation func (r *REST) NamespaceScoped() bool { return false } + +func (r *REST) GetSingularName() string { + return "networkpolicyevaluation" +} diff --git a/pkg/apiserver/registry/stats/antreaclusternetworkpolicystats/rest.go b/pkg/apiserver/registry/stats/antreaclusternetworkpolicystats/rest.go index 4a840cfc60f..8926314a7ad 100644 --- a/pkg/apiserver/registry/stats/antreaclusternetworkpolicystats/rest.go +++ b/pkg/apiserver/registry/stats/antreaclusternetworkpolicystats/rest.go @@ -51,10 +51,11 @@ func NewREST(p statsProvider) *REST { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} - _ rest.Lister = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.SingularNameProvider = &REST{} ) type statsProvider interface { @@ -143,3 +144,7 @@ func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOpti func (r *REST) NamespaceScoped() bool { return false } + +func (r *REST) GetSingularName() string { + return "antreaclusternetworkpolicystats" +} diff --git a/pkg/apiserver/registry/stats/antreanetworkpolicystats/rest.go b/pkg/apiserver/registry/stats/antreanetworkpolicystats/rest.go index 76d1a49c1da..5621511fd5c 100644 --- a/pkg/apiserver/registry/stats/antreanetworkpolicystats/rest.go +++ b/pkg/apiserver/registry/stats/antreanetworkpolicystats/rest.go @@ -52,10 +52,11 @@ func NewREST(p statsProvider) *REST { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} - _ rest.Lister = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.SingularNameProvider = &REST{} ) type statsProvider interface { @@ -149,3 +150,7 @@ func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOpti func (r *REST) NamespaceScoped() bool { return true } + +func (r *REST) GetSingularName() string { + return "antreanetworkpolicystats" +} diff --git a/pkg/apiserver/registry/stats/multicastgroup/rest.go b/pkg/apiserver/registry/stats/multicastgroup/rest.go index cdae23704d7..4289184fd54 100644 --- a/pkg/apiserver/registry/stats/multicastgroup/rest.go +++ b/pkg/apiserver/registry/stats/multicastgroup/rest.go @@ -49,10 +49,11 @@ func NewREST(p statsProvider) *REST { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} - _ rest.Lister = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.SingularNameProvider = &REST{} ) type statsProvider interface { @@ -139,3 +140,7 @@ func formatPodReferenceList(pods []statsv1alpha1.PodReference, max int) string { func (r *REST) NamespaceScoped() bool { return false } + +func (r *REST) GetSingularName() string { + return "multicastgroup" +} diff --git a/pkg/apiserver/registry/stats/networkpolicystats/rest.go b/pkg/apiserver/registry/stats/networkpolicystats/rest.go index bab3183d58b..44737e2ca13 100644 --- a/pkg/apiserver/registry/stats/networkpolicystats/rest.go +++ b/pkg/apiserver/registry/stats/networkpolicystats/rest.go @@ -52,10 +52,11 @@ func NewREST(p statsProvider) *REST { } var ( - _ rest.Storage = &REST{} - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} - _ rest.Lister = &REST{} + _ rest.Storage = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.SingularNameProvider = &REST{} ) type statsProvider interface { @@ -143,3 +144,7 @@ func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOpti func (r *REST) NamespaceScoped() bool { return true } + +func (r *REST) GetSingularName() string { + return "networkpolicystats" +} diff --git a/pkg/apiserver/registry/system/controllerinfo/rest.go b/pkg/apiserver/registry/system/controllerinfo/rest.go index eeb83745069..e25d72943d1 100644 --- a/pkg/apiserver/registry/system/controllerinfo/rest.go +++ b/pkg/apiserver/registry/system/controllerinfo/rest.go @@ -38,9 +38,10 @@ type REST struct { const ControllerInfoResourceName = "antrea-controller" var ( - _ rest.Scoper = &REST{} - _ rest.Getter = &REST{} - _ rest.Lister = &REST{} + _ rest.Scoper = &REST{} + _ rest.Getter = &REST{} + _ rest.Lister = &REST{} + _ rest.SingularNameProvider = &REST{} ) // NewREST returns a REST object that will work against API services. @@ -96,3 +97,7 @@ func (r *REST) NamespaceScoped() bool { func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { return rest.NewDefaultTableConvertor(system.Resource("controllerinfos")).ConvertToTable(ctx, obj, tableOptions) } + +func (r *REST) GetSingularName() string { + return "controllerinfo" +} diff --git a/pkg/apiserver/registry/system/supportbundle/rest.go b/pkg/apiserver/registry/system/supportbundle/rest.go index b62ef81f20a..ad1610ed22f 100644 --- a/pkg/apiserver/registry/system/supportbundle/rest.go +++ b/pkg/apiserver/registry/system/supportbundle/rest.go @@ -99,10 +99,11 @@ type Storage struct { } var ( - _ rest.Scoper = &supportBundleREST{} - _ rest.Getter = &supportBundleREST{} - _ rest.Creater = &supportBundleREST{} - _ rest.GracefulDeleter = &supportBundleREST{} + _ rest.Scoper = &supportBundleREST{} + _ rest.Getter = &supportBundleREST{} + _ rest.Creater = &supportBundleREST{} + _ rest.GracefulDeleter = &supportBundleREST{} + _ rest.SingularNameProvider = &supportBundleREST{} ) // supportBundleREST implements REST interfaces for bundle status querying. @@ -308,6 +309,10 @@ func (r *supportBundleREST) clean(ctx context.Context, bundlePath string, durati defaultFS.Remove(bundlePath) } +func (r *supportBundleREST) GetSingularName() string { + return "supportbundle" +} + var ( _ rest.Storage = new(downloadREST) _ rest.Getter = new(downloadREST) diff --git a/pkg/client/clientset/versioned/doc.go b/pkg/client/clientset/versioned/doc.go deleted file mode 100644 index 03053156dc6..00000000000 --- a/pkg/client/clientset/versioned/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2021 Antrea Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by client-gen. DO NOT EDIT. - -// This package has the automatically generated clientset. -package versioned diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_addressgroup.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_addressgroup.go index e6415d245cb..9f651e12307 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_addressgroup.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_addressgroup.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeAddressGroups struct { Fake *FakeControlplaneV1beta2 } -var addressgroupsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "addressgroups"} +var addressgroupsResource = v1beta2.SchemeGroupVersion.WithResource("addressgroups") -var addressgroupsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "AddressGroup"} +var addressgroupsKind = v1beta2.SchemeGroupVersion.WithKind("AddressGroup") // Get takes name of the addressGroup, and returns the corresponding addressGroup object, and an error if there is any. func (c *FakeAddressGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.AddressGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_appliedtogroup.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_appliedtogroup.go index f5e49789d57..db6d027ba01 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_appliedtogroup.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_appliedtogroup.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeAppliedToGroups struct { Fake *FakeControlplaneV1beta2 } -var appliedtogroupsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "appliedtogroups"} +var appliedtogroupsResource = v1beta2.SchemeGroupVersion.WithResource("appliedtogroups") -var appliedtogroupsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "AppliedToGroup"} +var appliedtogroupsKind = v1beta2.SchemeGroupVersion.WithKind("AppliedToGroup") // Get takes name of the appliedToGroup, and returns the corresponding appliedToGroup object, and an error if there is any. func (c *FakeAppliedToGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.AppliedToGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_clustergroupmembers.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_clustergroupmembers.go index a41eff18a3a..bc05c15d7d7 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_clustergroupmembers.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_clustergroupmembers.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -30,9 +29,9 @@ type FakeClusterGroupMembers struct { Fake *FakeControlplaneV1beta2 } -var clustergroupmembersResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "clustergroupmembers"} +var clustergroupmembersResource = v1beta2.SchemeGroupVersion.WithResource("clustergroupmembers") -var clustergroupmembersKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "ClusterGroupMembers"} +var clustergroupmembersKind = v1beta2.SchemeGroupVersion.WithKind("ClusterGroupMembers") // Get takes name of the clusterGroupMembers, and returns the corresponding clusterGroupMembers object, and an error if there is any. func (c *FakeClusterGroupMembers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterGroupMembers, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_egressgroup.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_egressgroup.go index 8f1cbc2fadb..da62d07f498 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_egressgroup.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_egressgroup.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeEgressGroups struct { Fake *FakeControlplaneV1beta2 } -var egressgroupsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "egressgroups"} +var egressgroupsResource = v1beta2.SchemeGroupVersion.WithResource("egressgroups") -var egressgroupsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "EgressGroup"} +var egressgroupsKind = v1beta2.SchemeGroupVersion.WithKind("EgressGroup") // Get takes name of the egressGroup, and returns the corresponding egressGroup object, and an error if there is any. func (c *FakeEgressGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.EgressGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupassociation.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupassociation.go index 24e413cdf87..bfdd6ba1adb 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupassociation.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupassociation.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -31,9 +30,9 @@ type FakeGroupAssociations struct { ns string } -var groupassociationsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "groupassociations"} +var groupassociationsResource = v1beta2.SchemeGroupVersion.WithResource("groupassociations") -var groupassociationsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "GroupAssociation"} +var groupassociationsKind = v1beta2.SchemeGroupVersion.WithKind("GroupAssociation") // Get takes name of the groupAssociation, and returns the corresponding groupAssociation object, and an error if there is any. func (c *FakeGroupAssociations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.GroupAssociation, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupmembers.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupmembers.go index 2805f704965..b3425ff5016 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupmembers.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_groupmembers.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -31,9 +30,9 @@ type FakeGroupMembers struct { ns string } -var groupmembersResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "groupmembers"} +var groupmembersResource = v1beta2.SchemeGroupVersion.WithResource("groupmembers") -var groupmembersKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "GroupMembers"} +var groupmembersKind = v1beta2.SchemeGroupVersion.WithKind("GroupMembers") // Get takes name of the groupMembers, and returns the corresponding groupMembers object, and an error if there is any. func (c *FakeGroupMembers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.GroupMembers, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_ipgroupassociation.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_ipgroupassociation.go index d0d63132ef4..b693dd78149 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_ipgroupassociation.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_ipgroupassociation.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -30,9 +29,9 @@ type FakeIPGroupAssociations struct { Fake *FakeControlplaneV1beta2 } -var ipgroupassociationsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "ipgroupassociations"} +var ipgroupassociationsResource = v1beta2.SchemeGroupVersion.WithResource("ipgroupassociations") -var ipgroupassociationsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "IPGroupAssociation"} +var ipgroupassociationsKind = v1beta2.SchemeGroupVersion.WithKind("IPGroupAssociation") // Get takes name of the iPGroupAssociation, and returns the corresponding iPGroupAssociation object, and an error if there is any. func (c *FakeIPGroupAssociations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.IPGroupAssociation, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicy.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicy.go index bad56b06270..9c4a85a4506 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicy.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicy.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeNetworkPolicies struct { Fake *FakeControlplaneV1beta2 } -var networkpoliciesResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "networkpolicies"} +var networkpoliciesResource = v1beta2.SchemeGroupVersion.WithResource("networkpolicies") -var networkpoliciesKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "NetworkPolicy"} +var networkpoliciesKind = v1beta2.SchemeGroupVersion.WithKind("NetworkPolicy") // Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. func (c *FakeNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.NetworkPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicyevaluation.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicyevaluation.go index 74ea3b78c39..f3f53270b75 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicyevaluation.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_networkpolicyevaluation.go @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -30,9 +29,9 @@ type FakeNetworkPolicyEvaluations struct { Fake *FakeControlplaneV1beta2 } -var networkpolicyevaluationsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "networkpolicyevaluations"} +var networkpolicyevaluationsResource = v1beta2.SchemeGroupVersion.WithResource("networkpolicyevaluations") -var networkpolicyevaluationsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "NetworkPolicyEvaluation"} +var networkpolicyevaluationsKind = v1beta2.SchemeGroupVersion.WithKind("NetworkPolicyEvaluation") // Create takes the representation of a networkPolicyEvaluation and creates it. Returns the server's representation of the networkPolicyEvaluation, and an error, if there is any. func (c *FakeNetworkPolicyEvaluations) Create(ctx context.Context, networkPolicyEvaluation *v1beta2.NetworkPolicyEvaluation, opts v1.CreateOptions) (result *v1beta2.NetworkPolicyEvaluation, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_nodestatssummary.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_nodestatssummary.go index 186929fc99c..92a41f11cde 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_nodestatssummary.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_nodestatssummary.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -30,9 +29,9 @@ type FakeNodeStatsSummaries struct { Fake *FakeControlplaneV1beta2 } -var nodestatssummariesResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "nodestatssummaries"} +var nodestatssummariesResource = v1beta2.SchemeGroupVersion.WithResource("nodestatssummaries") -var nodestatssummariesKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "NodeStatsSummary"} +var nodestatssummariesKind = v1beta2.SchemeGroupVersion.WithKind("NodeStatsSummary") // Create takes the representation of a nodeStatsSummary and creates it. Returns the server's representation of the nodeStatsSummary, and an error, if there is any. func (c *FakeNodeStatsSummaries) Create(ctx context.Context, nodeStatsSummary *v1beta2.NodeStatsSummary, opts v1.CreateOptions) (result *v1beta2.NodeStatsSummary, err error) { diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_supportbundlecollection.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_supportbundlecollection.go index 061fe9ccb65..a62aa85076e 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_supportbundlecollection.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta2/fake/fake_supportbundlecollection.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeSupportBundleCollections struct { Fake *FakeControlplaneV1beta2 } -var supportbundlecollectionsResource = schema.GroupVersionResource{Group: "controlplane.antrea.io", Version: "v1beta2", Resource: "supportbundlecollections"} +var supportbundlecollectionsResource = v1beta2.SchemeGroupVersion.WithResource("supportbundlecollections") -var supportbundlecollectionsKind = schema.GroupVersionKind{Group: "controlplane.antrea.io", Version: "v1beta2", Kind: "SupportBundleCollection"} +var supportbundlecollectionsKind = v1beta2.SchemeGroupVersion.WithKind("SupportBundleCollection") // Get takes name of the supportBundleCollection, and returns the corresponding supportBundleCollection object, and an error if there is any. func (c *FakeSupportBundleCollections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.SupportBundleCollection, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_clusternetworkpolicy.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_clusternetworkpolicy.go index e68734a3567..6e799c0079c 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_clusternetworkpolicy.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_clusternetworkpolicy.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeClusterNetworkPolicies struct { Fake *FakeCrdV1alpha1 } -var clusternetworkpoliciesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "clusternetworkpolicies"} +var clusternetworkpoliciesResource = v1alpha1.SchemeGroupVersion.WithResource("clusternetworkpolicies") -var clusternetworkpoliciesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "ClusterNetworkPolicy"} +var clusternetworkpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterNetworkPolicy") // Get takes name of the clusterNetworkPolicy, and returns the corresponding clusterNetworkPolicy object, and an error if there is any. func (c *FakeClusterNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterNetworkPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_externalnode.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_externalnode.go index f4d219ba389..9355950577b 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_externalnode.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_externalnode.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeExternalNodes struct { ns string } -var externalnodesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "externalnodes"} +var externalnodesResource = v1alpha1.SchemeGroupVersion.WithResource("externalnodes") -var externalnodesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "ExternalNode"} +var externalnodesKind = v1alpha1.SchemeGroupVersion.WithKind("ExternalNode") // Get takes name of the externalNode, and returns the corresponding externalNode object, and an error if there is any. func (c *FakeExternalNodes) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ExternalNode, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_networkpolicy.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_networkpolicy.go index dbb2313822a..6732700ba51 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_networkpolicy.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_networkpolicy.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeNetworkPolicies struct { ns string } -var networkpoliciesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "networkpolicies"} +var networkpoliciesResource = v1alpha1.SchemeGroupVersion.WithResource("networkpolicies") -var networkpoliciesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "NetworkPolicy"} +var networkpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicy") // Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. func (c *FakeNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_supportbundlecollection.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_supportbundlecollection.go index 83e010cc806..2cb464500b0 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_supportbundlecollection.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_supportbundlecollection.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeSupportBundleCollections struct { Fake *FakeCrdV1alpha1 } -var supportbundlecollectionsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "supportbundlecollections"} +var supportbundlecollectionsResource = v1alpha1.SchemeGroupVersion.WithResource("supportbundlecollections") -var supportbundlecollectionsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "SupportBundleCollection"} +var supportbundlecollectionsKind = v1alpha1.SchemeGroupVersion.WithKind("SupportBundleCollection") // Get takes name of the supportBundleCollection, and returns the corresponding supportBundleCollection object, and an error if there is any. func (c *FakeSupportBundleCollections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.SupportBundleCollection, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_tier.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_tier.go index e4b60d99d04..76305519610 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_tier.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_tier.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeTiers struct { Fake *FakeCrdV1alpha1 } -var tiersResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "tiers"} +var tiersResource = v1alpha1.SchemeGroupVersion.WithResource("tiers") -var tiersKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "Tier"} +var tiersKind = v1alpha1.SchemeGroupVersion.WithKind("Tier") // Get takes name of the tier, and returns the corresponding tier object, and an error if there is any. func (c *FakeTiers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Tier, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_traceflow.go b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_traceflow.go index add08a136e4..2e0fa627ad8 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_traceflow.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake/fake_traceflow.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeTraceflows struct { Fake *FakeCrdV1alpha1 } -var traceflowsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha1", Resource: "traceflows"} +var traceflowsResource = v1alpha1.SchemeGroupVersion.WithResource("traceflows") -var traceflowsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha1", Kind: "Traceflow"} +var traceflowsKind = v1alpha1.SchemeGroupVersion.WithKind("Traceflow") // Get takes name of the traceflow, and returns the corresponding traceflow object, and an error if there is any. func (c *FakeTraceflows) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Traceflow, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_egress.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_egress.go index 4ff778d92c7..d860fcf738f 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_egress.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_egress.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeEgresses struct { Fake *FakeCrdV1alpha2 } -var egressesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "egresses"} +var egressesResource = v1alpha2.SchemeGroupVersion.WithResource("egresses") -var egressesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "Egress"} +var egressesKind = v1alpha2.SchemeGroupVersion.WithKind("Egress") // Get takes name of the egress, and returns the corresponding egress object, and an error if there is any. func (c *FakeEgresses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.Egress, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalentity.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalentity.go index 874b7917da4..d8c91d1c01a 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalentity.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalentity.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeExternalEntities struct { ns string } -var externalentitiesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "externalentities"} +var externalentitiesResource = v1alpha2.SchemeGroupVersion.WithResource("externalentities") -var externalentitiesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "ExternalEntity"} +var externalentitiesKind = v1alpha2.SchemeGroupVersion.WithKind("ExternalEntity") // Get takes name of the externalEntity, and returns the corresponding externalEntity object, and an error if there is any. func (c *FakeExternalEntities) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ExternalEntity, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalippool.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalippool.go index eef3998d402..c4c59f79043 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalippool.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_externalippool.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeExternalIPPools struct { Fake *FakeCrdV1alpha2 } -var externalippoolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "externalippools"} +var externalippoolsResource = v1alpha2.SchemeGroupVersion.WithResource("externalippools") -var externalippoolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "ExternalIPPool"} +var externalippoolsKind = v1alpha2.SchemeGroupVersion.WithKind("ExternalIPPool") // Get takes name of the externalIPPool, and returns the corresponding externalIPPool object, and an error if there is any. func (c *FakeExternalIPPools) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ExternalIPPool, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_ippool.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_ippool.go index 60b3e11f2c5..fb98ea8e866 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_ippool.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_ippool.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeIPPools struct { Fake *FakeCrdV1alpha2 } -var ippoolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "ippools"} +var ippoolsResource = v1alpha2.SchemeGroupVersion.WithResource("ippools") -var ippoolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "IPPool"} +var ippoolsKind = v1alpha2.SchemeGroupVersion.WithKind("IPPool") // Get takes name of the iPPool, and returns the corresponding iPPool object, and an error if there is any. func (c *FakeIPPools) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.IPPool, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go index e216d668ab1..d956cef9b43 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeTrafficControls struct { Fake *FakeCrdV1alpha2 } -var trafficcontrolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "trafficcontrols"} +var trafficcontrolsResource = v1alpha2.SchemeGroupVersion.WithResource("trafficcontrols") -var trafficcontrolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "TrafficControl"} +var trafficcontrolsKind = v1alpha2.SchemeGroupVersion.WithKind("TrafficControl") // Get takes name of the trafficControl, and returns the corresponding trafficControl object, and an error if there is any. func (c *FakeTrafficControls) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.TrafficControl, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go index 7df0e4fa0a6..7a2f9c174e2 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeClusterGroups struct { Fake *FakeCrdV1alpha3 } -var clustergroupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha3", Resource: "clustergroups"} +var clustergroupsResource = v1alpha3.SchemeGroupVersion.WithResource("clustergroups") -var clustergroupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha3", Kind: "ClusterGroup"} +var clustergroupsKind = v1alpha3.SchemeGroupVersion.WithKind("ClusterGroup") // Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. func (c *FakeClusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha3.ClusterGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_group.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_group.go index 2d82e25e0d9..433ad34dbb2 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_group.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_group.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeGroups struct { ns string } -var groupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha3", Resource: "groups"} +var groupsResource = v1alpha3.SchemeGroupVersion.WithResource("groups") -var groupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha3", Kind: "Group"} +var groupsKind = v1alpha3.SchemeGroupVersion.WithKind("Group") // Get takes name of the group, and returns the corresponding group object, and an error if there is any. func (c *FakeGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha3.Group, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreaagentinfo.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreaagentinfo.go index ebe0a3d2c70..efb9b127c20 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreaagentinfo.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreaagentinfo.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeAntreaAgentInfos struct { Fake *FakeCrdV1beta1 } -var antreaagentinfosResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "antreaagentinfos"} +var antreaagentinfosResource = v1beta1.SchemeGroupVersion.WithResource("antreaagentinfos") -var antreaagentinfosKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "AntreaAgentInfo"} +var antreaagentinfosKind = v1beta1.SchemeGroupVersion.WithKind("AntreaAgentInfo") // Get takes name of the antreaAgentInfo, and returns the corresponding antreaAgentInfo object, and an error if there is any. func (c *FakeAntreaAgentInfos) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.AntreaAgentInfo, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreacontrollerinfo.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreacontrollerinfo.go index 5592700a736..5d7717603dd 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreacontrollerinfo.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_antreacontrollerinfo.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeAntreaControllerInfos struct { Fake *FakeCrdV1beta1 } -var antreacontrollerinfosResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "antreacontrollerinfos"} +var antreacontrollerinfosResource = v1beta1.SchemeGroupVersion.WithResource("antreacontrollerinfos") -var antreacontrollerinfosKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "AntreaControllerInfo"} +var antreacontrollerinfosKind = v1beta1.SchemeGroupVersion.WithKind("AntreaControllerInfo") // Get takes name of the antreaControllerInfo, and returns the corresponding antreaControllerInfo object, and an error if there is any. func (c *FakeAntreaControllerInfos) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.AntreaControllerInfo, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clustergroup.go index 99e839507dd..7e588a5a72e 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clustergroup.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clustergroup.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeClusterGroups struct { Fake *FakeCrdV1beta1 } -var clustergroupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "clustergroups"} +var clustergroupsResource = v1beta1.SchemeGroupVersion.WithResource("clustergroups") -var clustergroupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "ClusterGroup"} +var clustergroupsKind = v1beta1.SchemeGroupVersion.WithKind("ClusterGroup") // Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. func (c *FakeClusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clusternetworkpolicy.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clusternetworkpolicy.go index d04d6544fbf..6d535fa435b 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clusternetworkpolicy.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_clusternetworkpolicy.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeClusterNetworkPolicies struct { Fake *FakeCrdV1beta1 } -var clusternetworkpoliciesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "clusternetworkpolicies"} +var clusternetworkpoliciesResource = v1beta1.SchemeGroupVersion.WithResource("clusternetworkpolicies") -var clusternetworkpoliciesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "ClusterNetworkPolicy"} +var clusternetworkpoliciesKind = v1beta1.SchemeGroupVersion.WithKind("ClusterNetworkPolicy") // Get takes name of the clusterNetworkPolicy, and returns the corresponding clusterNetworkPolicy object, and an error if there is any. func (c *FakeClusterNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterNetworkPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_egress.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_egress.go index 5a098af19da..22c8cb47e87 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_egress.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_egress.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeEgresses struct { Fake *FakeCrdV1beta1 } -var egressesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "egresses"} +var egressesResource = v1beta1.SchemeGroupVersion.WithResource("egresses") -var egressesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "Egress"} +var egressesKind = v1beta1.SchemeGroupVersion.WithKind("Egress") // Get takes name of the egress, and returns the corresponding egress object, and an error if there is any. func (c *FakeEgresses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Egress, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_externalippool.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_externalippool.go index 8688bcd963d..7380012b33c 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_externalippool.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_externalippool.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeExternalIPPools struct { Fake *FakeCrdV1beta1 } -var externalippoolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "externalippools"} +var externalippoolsResource = v1beta1.SchemeGroupVersion.WithResource("externalippools") -var externalippoolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "ExternalIPPool"} +var externalippoolsKind = v1beta1.SchemeGroupVersion.WithKind("ExternalIPPool") // Get takes name of the externalIPPool, and returns the corresponding externalIPPool object, and an error if there is any. func (c *FakeExternalIPPools) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ExternalIPPool, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_group.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_group.go index 2ee7d88a77c..2a4842270a7 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_group.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_group.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeGroups struct { ns string } -var groupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "groups"} +var groupsResource = v1beta1.SchemeGroupVersion.WithResource("groups") -var groupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "Group"} +var groupsKind = v1beta1.SchemeGroupVersion.WithKind("Group") // Get takes name of the group, and returns the corresponding group object, and an error if there is any. func (c *FakeGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Group, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_networkpolicy.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_networkpolicy.go index 9d9da2686b5..91204112417 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_networkpolicy.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_networkpolicy.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -34,9 +33,9 @@ type FakeNetworkPolicies struct { ns string } -var networkpoliciesResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "networkpolicies"} +var networkpoliciesResource = v1beta1.SchemeGroupVersion.WithResource("networkpolicies") -var networkpoliciesKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "NetworkPolicy"} +var networkpoliciesKind = v1beta1.SchemeGroupVersion.WithKind("NetworkPolicy") // Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. func (c *FakeNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.NetworkPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_tier.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_tier.go index 90f35333462..5b88ff4f367 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_tier.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_tier.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeTiers struct { Fake *FakeCrdV1beta1 } -var tiersResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "tiers"} +var tiersResource = v1beta1.SchemeGroupVersion.WithResource("tiers") -var tiersKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "Tier"} +var tiersKind = v1beta1.SchemeGroupVersion.WithKind("Tier") // Get takes name of the tier, and returns the corresponding tier object, and an error if there is any. func (c *FakeTiers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Tier, err error) { diff --git a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_traceflow.go b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_traceflow.go index 4e7e530ac73..065830f9a19 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_traceflow.go +++ b/pkg/client/clientset/versioned/typed/crd/v1beta1/fake/fake_traceflow.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -33,9 +32,9 @@ type FakeTraceflows struct { Fake *FakeCrdV1beta1 } -var traceflowsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1beta1", Resource: "traceflows"} +var traceflowsResource = v1beta1.SchemeGroupVersion.WithResource("traceflows") -var traceflowsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1beta1", Kind: "Traceflow"} +var traceflowsKind = v1beta1.SchemeGroupVersion.WithKind("Traceflow") // Get takes name of the traceflow, and returns the corresponding traceflow object, and an error if there is any. func (c *FakeTraceflows) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.Traceflow, err error) { diff --git a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreaclusternetworkpolicystats.go b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreaclusternetworkpolicystats.go index c89e39a944e..9a7c63f5acd 100644 --- a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreaclusternetworkpolicystats.go +++ b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreaclusternetworkpolicystats.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeAntreaClusterNetworkPolicyStats struct { Fake *FakeStatsV1alpha1 } -var antreaclusternetworkpolicystatsResource = schema.GroupVersionResource{Group: "stats.antrea.io", Version: "v1alpha1", Resource: "antreaclusternetworkpolicystats"} +var antreaclusternetworkpolicystatsResource = v1alpha1.SchemeGroupVersion.WithResource("antreaclusternetworkpolicystats") -var antreaclusternetworkpolicystatsKind = schema.GroupVersionKind{Group: "stats.antrea.io", Version: "v1alpha1", Kind: "AntreaClusterNetworkPolicyStats"} +var antreaclusternetworkpolicystatsKind = v1alpha1.SchemeGroupVersion.WithKind("AntreaClusterNetworkPolicyStats") // Get takes name of the antreaClusterNetworkPolicyStats, and returns the corresponding antreaClusterNetworkPolicyStats object, and an error if there is any. func (c *FakeAntreaClusterNetworkPolicyStats) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.AntreaClusterNetworkPolicyStats, err error) { diff --git a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreanetworkpolicystats.go b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreanetworkpolicystats.go index 9c09dcb1a26..dbd931186a4 100644 --- a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreanetworkpolicystats.go +++ b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_antreanetworkpolicystats.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -33,9 +32,9 @@ type FakeAntreaNetworkPolicyStats struct { ns string } -var antreanetworkpolicystatsResource = schema.GroupVersionResource{Group: "stats.antrea.io", Version: "v1alpha1", Resource: "antreanetworkpolicystats"} +var antreanetworkpolicystatsResource = v1alpha1.SchemeGroupVersion.WithResource("antreanetworkpolicystats") -var antreanetworkpolicystatsKind = schema.GroupVersionKind{Group: "stats.antrea.io", Version: "v1alpha1", Kind: "AntreaNetworkPolicyStats"} +var antreanetworkpolicystatsKind = v1alpha1.SchemeGroupVersion.WithKind("AntreaNetworkPolicyStats") // Get takes name of the antreaNetworkPolicyStats, and returns the corresponding antreaNetworkPolicyStats object, and an error if there is any. func (c *FakeAntreaNetworkPolicyStats) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.AntreaNetworkPolicyStats, err error) { diff --git a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_multicastgroup.go b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_multicastgroup.go index 81c8cfecf0e..1c7d87bdfa9 100644 --- a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_multicastgroup.go +++ b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_multicastgroup.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -32,9 +31,9 @@ type FakeMulticastGroups struct { Fake *FakeStatsV1alpha1 } -var multicastgroupsResource = schema.GroupVersionResource{Group: "stats.antrea.io", Version: "v1alpha1", Resource: "multicastgroups"} +var multicastgroupsResource = v1alpha1.SchemeGroupVersion.WithResource("multicastgroups") -var multicastgroupsKind = schema.GroupVersionKind{Group: "stats.antrea.io", Version: "v1alpha1", Kind: "MulticastGroup"} +var multicastgroupsKind = v1alpha1.SchemeGroupVersion.WithKind("MulticastGroup") // Get takes name of the multicastGroup, and returns the corresponding multicastGroup object, and an error if there is any. func (c *FakeMulticastGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.MulticastGroup, err error) { diff --git a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_networkpolicystats.go b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_networkpolicystats.go index 3b7a1b72abd..532b794518a 100644 --- a/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_networkpolicystats.go +++ b/pkg/client/clientset/versioned/typed/stats/v1alpha1/fake/fake_networkpolicystats.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,7 +22,6 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -33,9 +32,9 @@ type FakeNetworkPolicyStats struct { ns string } -var networkpolicystatsResource = schema.GroupVersionResource{Group: "stats.antrea.io", Version: "v1alpha1", Resource: "networkpolicystats"} +var networkpolicystatsResource = v1alpha1.SchemeGroupVersion.WithResource("networkpolicystats") -var networkpolicystatsKind = schema.GroupVersionKind{Group: "stats.antrea.io", Version: "v1alpha1", Kind: "NetworkPolicyStats"} +var networkpolicystatsKind = v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyStats") // Get takes name of the networkPolicyStats, and returns the corresponding networkPolicyStats object, and an error if there is any. func (c *FakeNetworkPolicyStats) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicyStats, err error) { diff --git a/pkg/client/clientset/versioned/typed/system/v1beta1/fake/fake_supportbundle.go b/pkg/client/clientset/versioned/typed/system/v1beta1/fake/fake_supportbundle.go index 027cb8e5e9b..bea73e9a3c2 100644 --- a/pkg/client/clientset/versioned/typed/system/v1beta1/fake/fake_supportbundle.go +++ b/pkg/client/clientset/versioned/typed/system/v1beta1/fake/fake_supportbundle.go @@ -1,4 +1,4 @@ -// Copyright 2022 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ import ( v1beta1 "antrea.io/antrea/pkg/apis/system/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" ) @@ -30,9 +29,9 @@ type FakeSupportBundles struct { Fake *FakeSystemV1beta1 } -var supportbundlesResource = schema.GroupVersionResource{Group: "system.antrea.io", Version: "v1beta1", Resource: "supportbundles"} +var supportbundlesResource = v1beta1.SchemeGroupVersion.WithResource("supportbundles") -var supportbundlesKind = schema.GroupVersionKind{Group: "system.antrea.io", Version: "v1beta1", Kind: "SupportBundle"} +var supportbundlesKind = v1beta1.SchemeGroupVersion.WithKind("SupportBundle") // Get takes name of the supportBundle, and returns the corresponding supportBundle object, and an error if there is any. func (c *FakeSupportBundles) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.SupportBundle, err error) { diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 011ad1f5b1d..09f1a888bb6 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -1,4 +1,4 @@ -// Copyright 2023 Antrea Authors +// Copyright 2024 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -40,6 +40,7 @@ type sharedInformerFactory struct { lock sync.Mutex defaultResync time.Duration customResync map[reflect.Type]time.Duration + transform cache.TransformFunc informers map[reflect.Type]cache.SharedIndexInformer // startedInformers is used for tracking which informers have been started. @@ -78,6 +79,14 @@ func WithNamespace(namespace string) SharedInformerOption { } } +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { return NewSharedInformerFactoryWithOptions(client, defaultResync) @@ -164,7 +173,7 @@ func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[ref return res } -// InternalInformerFor returns the SharedIndexInformer for obj using an internal +// InformerFor returns the SharedIndexInformer for obj using an internal // client. func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { f.lock.Lock() @@ -182,6 +191,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal } informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) f.informers[informerType] = informer return informer @@ -237,7 +247,7 @@ type SharedInformerFactory interface { // ForResource gives generic access to a shared informer of the matching type. ForResource(resource schema.GroupVersionResource) (GenericInformer, error) - // InternalInformerFor returns the SharedIndexInformer for obj using an internal + // InformerFor returns the SharedIndexInformer for obj using an internal // client. InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer diff --git a/pkg/controller/certificatesigningrequest/ipsec_csr_signing_controller_test.go b/pkg/controller/certificatesigningrequest/ipsec_csr_signing_controller_test.go index 5100f5bc63a..a996e051c9d 100644 --- a/pkg/controller/certificatesigningrequest/ipsec_csr_signing_controller_test.go +++ b/pkg/controller/certificatesigningrequest/ipsec_csr_signing_controller_test.go @@ -108,17 +108,18 @@ func TestIPsecCertificateApproverAndSigner(t *testing.T) { csr, err := clientset.CertificatesV1().CertificateSigningRequests().Create(context.TODO(), tt.csr, metav1.CreateOptions{}) require.NoError(t, err) - err = wait.PollImmediate(200*time.Millisecond, 10*time.Second, func() (done bool, err error) { - csr, err = clientset.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), tt.csr.Name, metav1.GetOptions{}) - require.NoError(t, err) - if !isCertificateRequestApproved(csr) { - return false, nil - } - if len(csr.Status.Certificate) == 0 { - return false, nil - } - return true, nil - }) + err = wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 10*time.Second, true, + func(ctx context.Context) (done bool, err error) { + csr, err = clientset.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), tt.csr.Name, metav1.GetOptions{}) + require.NoError(t, err) + if !isCertificateRequestApproved(csr) { + return false, nil + } + if len(csr.Status.Certificate) == 0 { + return false, nil + } + return true, nil + }) require.NoError(t, err) issued := csr.Status.Certificate parsed, err := certutil.ParseCertsPEM(issued) diff --git a/pkg/controller/egress/controller_test.go b/pkg/controller/egress/controller_test.go index 356774503aa..61303439d42 100644 --- a/pkg/controller/egress/controller_test.go +++ b/pkg/controller/egress/controller_test.go @@ -759,13 +759,14 @@ func TestSyncEgressIP(t *testing.T) { func checkExternalIPPoolUsed(t *testing.T, controller *egressController, poolName string, used int) { exists := controller.externalIPAllocator.IPPoolExists(poolName) require.True(t, exists) - err := wait.PollImmediate(50*time.Millisecond, 2*time.Second, func() (found bool, err error) { - eip, err := controller.crdClient.CrdV1beta1().ExternalIPPools().Get(context.TODO(), poolName, metav1.GetOptions{}) - if err != nil { - return false, err - } - return eip.Status.Usage.Used == used, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 50*time.Millisecond, 2*time.Second, true, + func(ctx context.Context) (found bool, err error) { + eip, err := controller.crdClient.CrdV1beta1().ExternalIPPools().Get(context.TODO(), poolName, metav1.GetOptions{}) + if err != nil { + return false, err + } + return eip.Status.Usage.Used == used, nil + }) assert.NoError(t, err) } diff --git a/pkg/controller/externalippool/controller_test.go b/pkg/controller/externalippool/controller_test.go index 3e8a3c594fc..d0e1052e316 100644 --- a/pkg/controller/externalippool/controller_test.go +++ b/pkg/controller/externalippool/controller_test.go @@ -458,7 +458,7 @@ func TestIPPoolHasIP(t *testing.T) { func checkExternalIPPoolStatus(t *testing.T, controller *controller, poolName string, expectedStatus antreacrds.IPPoolUsage) { exists := controller.IPPoolExists(poolName) require.True(t, exists) - err := wait.PollImmediate(50*time.Millisecond, 2*time.Second, func() (found bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 50*time.Millisecond, 2*time.Second, true, func(ctx context.Context) (found bool, err error) { eip, err := controller.crdClient.CrdV1beta1().ExternalIPPools().Get(context.TODO(), poolName, metav1.GetOptions{}) if err != nil { return false, err diff --git a/pkg/controller/externalnode/controller_test.go b/pkg/controller/externalnode/controller_test.go index fa615abb1a7..04f5789deab 100644 --- a/pkg/controller/externalnode/controller_test.go +++ b/pkg/controller/externalnode/controller_test.go @@ -147,7 +147,7 @@ func TestAddExternalNode(t *testing.T) { defer close(stopCh) informerFactory.Start(stopCh) go controller.Run(stopCh) - err := wait.PollImmediate(time.Millisecond*50, time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Second, true, func(ctx context.Context) (done bool, err error) { for _, ee := range tc.expectedEntities { ok, err := checkExternalEntityExists(controller.crdClient, ee) if err != nil { @@ -416,7 +416,7 @@ func TestUpdateExternalNode(t *testing.T) { defer close(stopCh) informerFactory.Start(stopCh) go controller.Run(stopCh) - err := wait.PollImmediate(time.Millisecond*50, time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Second, true, func(ctx context.Context) (done bool, err error) { entities, listErr := controller.crdClient.CrdV1alpha2().ExternalEntities(tc.externalNode.Namespace).List(context.TODO(), metav1.ListOptions{}) if listErr != nil { return false, listErr @@ -437,7 +437,7 @@ func TestUpdateExternalNode(t *testing.T) { _, err = controller.crdClient.CrdV1alpha1().ExternalNodes(tc.externalNode.Namespace).Update(context.TODO(), tc.updatedExternalNode, metav1.UpdateOptions{}) require.NoError(t, err) - err = wait.PollImmediate(time.Millisecond*50, time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Second, true, func(ctx context.Context) (done bool, err error) { return checkExternalEntityExists(controller.crdClient, tc.expectedEntity) }) assert.NoError(t, err) @@ -488,7 +488,7 @@ func TestDeleteExternalNode(t *testing.T) { err := controller.crdClient.CrdV1alpha1().ExternalNodes(externalNode.Namespace).Delete(context.TODO(), externalNode.Name, metav1.DeleteOptions{}) require.NoError(t, err) key, _ := keyFunc(externalNode) - err = wait.PollImmediate(time.Millisecond*50, time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Second, true, func(ctx context.Context) (done bool, err error) { entities, listErr := controller.crdClient.CrdV1alpha2().ExternalEntities(externalNode.Namespace).List(context.TODO(), metav1.ListOptions{}) if listErr != nil { return false, listErr diff --git a/pkg/controller/grouping/controller.go b/pkg/controller/grouping/controller.go index b974e42b4db..1b6d6a009f8 100644 --- a/pkg/controller/grouping/controller.go +++ b/pkg/controller/grouping/controller.go @@ -15,6 +15,7 @@ package grouping import ( + "context" "fmt" "sync/atomic" "time" @@ -184,7 +185,7 @@ func (c *GroupEntityController) Run(stopCh <-chan struct{}) { } // Wait until all event handlers process the initial resources before setting groupEntityIndex as synced. - if err := wait.PollImmediateUntil(100*time.Millisecond, func() (done bool, err error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), 100*time.Millisecond, true, func(ctx context.Context) (done bool, err error) { if uint64(initialPodCount) > c.podAddEvents.Load() { return false, nil } @@ -197,7 +198,7 @@ func (c *GroupEntityController) Run(stopCh <-chan struct{}) { } } return true, nil - }, stopCh); err == nil { + }); err == nil { c.groupEntityIndex.setSynced(true) } diff --git a/pkg/controller/grouping/controller_test.go b/pkg/controller/grouping/controller_test.go index 9fcc7f9e294..97d1c425e78 100644 --- a/pkg/controller/grouping/controller_test.go +++ b/pkg/controller/grouping/controller_test.go @@ -22,7 +22,6 @@ import ( "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes/fake" featuregatetesting "k8s.io/component-base/featuregate/testing" @@ -100,9 +99,9 @@ func TestGroupEntityControllerRun(t *testing.T) { go c.groupEntityIndex.Run(stopCh) go c.Run(stopCh) - assert.NoError(t, wait.Poll(10*time.Millisecond, time.Second, func() (done bool, err error) { - return index.HasSynced(), nil - }), "GroupEntityIndex hasn't been synced in 1 second after starting GroupEntityController") + assert.Eventually(t, func() bool { + return index.HasSynced() + }, time.Second, 10*time.Millisecond, "GroupEntityIndex hasn't been synced in 1 second after starting GroupEntityController") }) } } diff --git a/pkg/controller/ipam/antrea_ipam_controller_test.go b/pkg/controller/ipam/antrea_ipam_controller_test.go index 5b624285948..6fecc2a2624 100644 --- a/pkg/controller/ipam/antrea_ipam_controller_test.go +++ b/pkg/controller/ipam/antrea_ipam_controller_test.go @@ -125,17 +125,18 @@ func initTestObjects(annotateNamespace bool, annotateStatefulSet bool, replicas func verifyPoolAllocatedSize(t *testing.T, poolName string, poolLister listers.IPPoolLister, size int) { - err := wait.PollImmediate(100*time.Millisecond, 1*time.Second, func() (bool, error) { - pool, err := poolLister.Get(poolName) - if err != nil { - return false, nil - } - if len(pool.Status.IPAddresses) == size { - return true, nil - } + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 1*time.Second, true, + func(ctx context.Context) (bool, error) { + pool, err := poolLister.Get(poolName) + if err != nil { + return false, nil + } + if len(pool.Status.IPAddresses) == size { + return true, nil + } - return false, nil - }) + return false, nil + }) require.NoError(t, err) } @@ -189,13 +190,14 @@ func TestStatefulSetLifecycle(t *testing.T) { var allocator *poolallocator.IPPoolAllocator var err error // Wait until pool propagates to the informer - pollErr := wait.PollImmediate(100*time.Millisecond, 3*time.Second, func() (bool, error) { - allocator, err = poolallocator.NewIPPoolAllocator(pool.Name, controller.crdClient, controller.poolLister) - if err != nil { - return false, nil - } - return true, nil - }) + pollErr := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 3*time.Second, true, + func(ctx context.Context) (bool, error) { + allocator, err = poolallocator.NewIPPoolAllocator(pool.Name, controller.crdClient, controller.poolLister) + if err != nil { + return false, nil + } + return true, nil + }) require.NoError(t, pollErr) defer allocator.ReleaseStatefulSet(statefulSet.Namespace, statefulSet.Name) @@ -262,7 +264,7 @@ func TestReleaseStaleAddresses(t *testing.T) { go controller.Run(stopCh) // verify two stale entries were deleted, one updated to Reserved status - err := wait.PollImmediate(100*time.Millisecond, 2*time.Second, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 2*time.Second, true, func(ctx context.Context) (bool, error) { pool, err := controller.poolLister.Get(pool.Name) if err != nil { return false, nil diff --git a/pkg/controller/labelidentity/controller.go b/pkg/controller/labelidentity/controller.go index 3accad43e7a..2722fa492bd 100644 --- a/pkg/controller/labelidentity/controller.go +++ b/pkg/controller/labelidentity/controller.go @@ -15,6 +15,7 @@ package labelidentity import ( + "context" "sync/atomic" "time" @@ -96,12 +97,12 @@ func (c *Controller) Run(stopCh <-chan struct{}) { } initialLabelCount := len(c.labelInformer.Informer().GetStore().List()) // Wait until initial label identities are processed before setting labelIdentityIndex as synced. - if err := wait.PollImmediateUntil(100*time.Millisecond, func() (done bool, err error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), 100*time.Millisecond, true, func(ctx context.Context) (done bool, err error) { if uint64(initialLabelCount) > c.labelAddEvents.Load() { return false, nil } return true, nil - }, stopCh); err == nil { + }); err == nil { c.labelIdentityIndex.setSynced(true) } <-stopCh diff --git a/pkg/controller/labelidentity/controller_test.go b/pkg/controller/labelidentity/controller_test.go index bf091fc3ced..b3ed33a0d99 100644 --- a/pkg/controller/labelidentity/controller_test.go +++ b/pkg/controller/labelidentity/controller_test.go @@ -21,7 +21,6 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/wait" mcv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1" fakeversioned "antrea.io/antrea/multicluster/pkg/client/clientset/versioned/fake" @@ -78,7 +77,7 @@ func TestGroupEntityControllerRun(t *testing.T) { go c.labelIdentityIndex.Run(stopCh) go c.Run(stopCh) - assert.NoError(t, wait.Poll(10*time.Millisecond, time.Second, func() (done bool, err error) { - return index.HasSynced(), nil - }), "LabelIdentityIndex hasn't been synced in 1 second after starting LabelIdentityController") + assert.Eventually(t, func() bool { + return index.HasSynced() + }, 1*time.Second, 10*time.Millisecond, "LabelIdentityIndex hasn't been synced in 1 second after starting LabelIdentityController") } diff --git a/pkg/controller/networkpolicy/networkpolicy_controller_test.go b/pkg/controller/networkpolicy/networkpolicy_controller_test.go index 2ee35d67d12..74b12c182e0 100644 --- a/pkg/controller/networkpolicy/networkpolicy_controller_test.go +++ b/pkg/controller/networkpolicy/networkpolicy_controller_test.go @@ -41,7 +41,7 @@ import ( k8stesting "k8s.io/client-go/testing" "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/workqueue" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" fakepolicyversioned "sigs.k8s.io/network-policy-api/pkg/client/clientset/versioned/fake" policyv1a1informers "sigs.k8s.io/network-policy-api/pkg/client/informers/externalversions" @@ -2844,10 +2844,10 @@ func TestAddressGroupWithNodeSelector(t *testing.T) { if err != nil { return err } - assert.NoError(t, wait.Poll(time.Millisecond*100, time.Second, func() (done bool, err error) { + assert.Eventually(t, func() bool { newNode, err := c.nodeLister.Get(node.Name) - return reflect.DeepEqual(node, newNode), err - })) + return reflect.DeepEqual(node, newNode) && err == nil + }, time.Second, 100*time.Millisecond) return nil } fakeNode0.Labels = nodeSelectorA.MatchLabels @@ -3720,7 +3720,7 @@ func TestSyncInternalNetworkPolicyWithGroups(t *testing.T) { c.crdClient.CrdV1beta1().NetworkPolicies(tt.inputPolicy.Namespace).Create(context.TODO(), tt.inputPolicy, metav1.CreateOptions{}) var gotPolicy *antreatypes.NetworkPolicy - err := wait.PollImmediate(100*time.Millisecond, 3*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 3*time.Second, true, func(ctx context.Context) (done bool, err error) { obj, exists, _ := c.internalNetworkPolicyStore.Get(tt.expectedPolicy.Name) if !exists { return false, nil @@ -3939,7 +3939,7 @@ func TestClusterNetworkPolicyWithClusterGroup(t *testing.T) { UID: acnp.UID, Name: string(acnp.UID), SourceRef: &controlplane.NetworkPolicyReference{Type: controlplane.AntreaClusterNetworkPolicy, Name: acnp.Name, UID: acnp.UID}, - Priority: pointer.Float64(acnp.Spec.Priority), + Priority: ptr.To(acnp.Spec.Priority), Rules: []controlplane.NetworkPolicyRule{ { Direction: controlplane.DirectionIn, @@ -4010,7 +4010,7 @@ func TestClusterNetworkPolicyWithClusterGroup(t *testing.T) { UID: acnp.UID, Name: string(acnp.UID), SourceRef: &controlplane.NetworkPolicyReference{Type: controlplane.AntreaClusterNetworkPolicy, Name: acnp.Name, UID: acnp.UID}, - Priority: pointer.Float64(acnp.Spec.Priority), + Priority: ptr.To(acnp.Spec.Priority), Rules: []controlplane.NetworkPolicyRule{ {Direction: controlplane.DirectionIn, Action: &allowAction}, }, @@ -4027,7 +4027,7 @@ func TestClusterNetworkPolicyWithClusterGroup(t *testing.T) { UID: acnp.UID, Name: string(acnp.UID), SourceRef: &controlplane.NetworkPolicyReference{Type: controlplane.AntreaClusterNetworkPolicy, Name: acnp.Name, UID: acnp.UID}, - Priority: pointer.Float64(acnp.Spec.Priority), + Priority: ptr.To(acnp.Spec.Priority), Rules: []controlplane.NetworkPolicyRule{ {Direction: controlplane.DirectionIn, Action: &allowAction}, }, diff --git a/pkg/controller/stats/aggregator_test.go b/pkg/controller/stats/aggregator_test.go index 9ccc5b5d4a3..da135e72c79 100644 --- a/pkg/controller/stats/aggregator_test.go +++ b/pkg/controller/stats/aggregator_test.go @@ -68,7 +68,7 @@ var ( func runWrapper(t *testing.T, a *Aggregator, policyCount int, summaries []*controlplane.NodeStatsSummary) { stopCh := make(chan struct{}) doneCh := make(chan struct{}) - err := wait.PollImmediate(100*time.Millisecond, time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, time.Second, true, func(ctx context.Context) (done bool, err error) { count := len(a.ListNetworkPolicyStats("")) + len(a.ListAntreaNetworkPolicyStats("")) + len(a.ListAntreaClusterNetworkPolicyStats()) return (count >= policyCount), nil }) @@ -81,7 +81,7 @@ func runWrapper(t *testing.T, a *Aggregator, policyCount int, summaries []*contr a.Collect(summary) } // Wait for all summaries to be consumed. - err = wait.PollImmediate(100*time.Millisecond, time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, time.Second, true, func(ctx context.Context) (done bool, err error) { return len(a.dataCh) == 0, nil }) require.NoError(t, err, "Timeout while waiting for summaries to be consummed by Aggregator") @@ -622,7 +622,7 @@ func TestDeleteNetworkPolicy(t *testing.T) { crdClient.CrdV1beta1().ClusterNetworkPolicies().Delete(context.TODO(), acnp1.Name, metav1.DeleteOptions{}) crdClient.CrdV1beta1().NetworkPolicies(annp1.Namespace).Delete(context.TODO(), annp1.Name, metav1.DeleteOptions{}) // Event handlers are asynchronous, it's supposed to finish very soon. - err := wait.PollImmediate(100*time.Millisecond, time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, time.Second, true, func(ctx context.Context) (done bool, err error) { return len(a.ListNetworkPolicyStats("")) == 0 && len(a.ListAntreaClusterNetworkPolicyStats()) == 0 && len(a.ListAntreaNetworkPolicyStats("")) == 0, nil }) assert.NoError(t, err) diff --git a/pkg/controller/supportbundlecollection/controller_test.go b/pkg/controller/supportbundlecollection/controller_test.go index 0b9cefd871c..678215dadd5 100644 --- a/pkg/controller/supportbundlecollection/controller_test.go +++ b/pkg/controller/supportbundlecollection/controller_test.go @@ -865,7 +865,7 @@ func TestCreateAndDeleteInternalSupportBundleCollection(t *testing.T) { } bundle, err := testClient.crdClient.CrdV1alpha1().SupportBundleCollections().Create(context.TODO(), generateSupportBundleResource(bundleConfig), metav1.CreateOptions{}) require.Nil(t, err) - err = wait.PollImmediate(time.Millisecond*50, time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Second, true, func(ctx context.Context) (done bool, err error) { _, getErr := controller.supportBundleCollectionLister.Get(tc.bundleConfig.name) if getErr == nil { return true, nil @@ -1060,7 +1060,7 @@ func TestSyncSupportBundleCollection(t *testing.T) { go controller.worker() for _, tc := range testCases { - err := wait.PollImmediate(time.Millisecond*100, time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Millisecond*100, time.Second, true, func(ctx context.Context) (done bool, err error) { _, exists, err := controller.supportBundleCollectionStore.Get(tc.bundleConfig.name) if err != nil { return false, err diff --git a/pkg/controller/traceflow/controller_test.go b/pkg/controller/traceflow/controller_test.go index 661357a5c69..c40a37d2602 100644 --- a/pkg/controller/traceflow/controller_test.go +++ b/pkg/controller/traceflow/controller_test.go @@ -153,7 +153,7 @@ func TestTraceflow(t *testing.T) { func (tfc *traceflowController) waitForPodInNamespace(ns string, name string, timeout time.Duration) (*corev1.Pod, error) { var pod *corev1.Pod var err error - if err = wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err = wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { // Make sure dummy Pod is synced by informer pod, err = tfc.podLister.Pods(ns).Get(name) if err != nil { @@ -169,7 +169,7 @@ func (tfc *traceflowController) waitForPodInNamespace(ns string, name string, ti func (tfc *traceflowController) waitForTraceflow(name string, phase crdv1beta1.TraceflowPhase, timeout time.Duration) (*crdv1beta1.Traceflow, error) { var tf *crdv1beta1.Traceflow var err error - if err = wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err = wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { tf, err = tfc.client.CrdV1beta1().Traceflows().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil || tf.Status.Phase != phase { return false, nil diff --git a/pkg/flowaggregator/clickhouseclient/clickhouseclient.go b/pkg/flowaggregator/clickhouseclient/clickhouseclient.go index be21f777aaa..a53cd119973 100644 --- a/pkg/flowaggregator/clickhouseclient/clickhouseclient.go +++ b/pkg/flowaggregator/clickhouseclient/clickhouseclient.go @@ -427,7 +427,7 @@ func ConnectClickHouse(config *ClickHouseConfig) (*sql.DB, error) { connTimeout := 10 * time.Second // Connect to ClickHouse in a loop - if err := wait.PollImmediate(connRetryInterval, connTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), connRetryInterval, connTimeout, true, func(ctx context.Context) (bool, error) { // Open the database and ping it opt := clickhouse.Options{ Addr: []string{addr}, diff --git a/pkg/flowaggregator/clickhouseclient/clickhouseclient_test.go b/pkg/flowaggregator/clickhouseclient/clickhouseclient_test.go index ce17f73d656..164a55d09b9 100644 --- a/pkg/flowaggregator/clickhouseclient/clickhouseclient_test.go +++ b/pkg/flowaggregator/clickhouseclient/clickhouseclient_test.go @@ -31,7 +31,6 @@ import ( ipfixentitiestesting "github.com/vmware/go-ipfix/pkg/entities/testing" "github.com/vmware/go-ipfix/pkg/registry" "go.uber.org/mock/gomock" - "k8s.io/apimachinery/pkg/util/wait" "antrea.io/antrea/pkg/flowaggregator/flowrecord" flowrecordtesting "antrea.io/antrea/pkg/flowaggregator/flowrecord/testing" @@ -314,10 +313,10 @@ func TestUpdateCH(t *testing.T) { chExportProc.Start() defer chExportProc.Stop() - require.NoError(t, wait.Poll(commitInterval, time.Second, func() (bool, error) { + require.Eventually(t, func() bool { err := mock1.ExpectationsWereMet() - return (err == nil), nil - }), "timeout while waiting for first flow record to be committed (before DB connection update)") + return err == nil + }, time.Second, commitInterval, "timeout while waiting for first flow record to be committed (before DB connection update)") mock2.ExpectBegin() mock2.ExpectPrepare(insertQuery).ExpectExec().WillReturnResult(sqlmock.NewResult(0, 1)) @@ -332,10 +331,10 @@ func TestUpdateCH(t *testing.T) { chExportProc.deque.PushBack(recordRow) }() - require.NoError(t, wait.Poll(commitInterval, time.Second, func() (bool, error) { + require.Eventually(t, func() bool { err := mock2.ExpectationsWereMet() - return (err == nil), nil - }), "timeout while waiting for second flow record to be committed (after DB connection update)") + return err == nil + }, time.Second, commitInterval, "timeout while waiting for second flow record to be committed (after DB connection update)") } func TestParseDatabaseURL(t *testing.T) { diff --git a/pkg/flowaggregator/exporter/clickhouse.go b/pkg/flowaggregator/exporter/clickhouse.go index 7276b20f3b4..239ad3e3757 100644 --- a/pkg/flowaggregator/exporter/clickhouse.go +++ b/pkg/flowaggregator/exporter/clickhouse.go @@ -15,6 +15,7 @@ package exporter import ( + "context" "fmt" "os" "path" @@ -62,7 +63,7 @@ func NewClickHouseExporter(k8sClient kubernetes.Interface, opt *options.Options) "compress", *chConfig.Compress, "commitInterval", chConfig.CommitInterval, "insecureSkipVerify", chConfig.InsecureSkipVerify, "caCert", chConfig.CACert) var errMessage error if chConfig.CACert { - err := wait.Poll(DefaultInterval, Timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), DefaultInterval, Timeout, false, func(ctx context.Context) (bool, error) { caCertPath := path.Join(CertDir, CACertFile) certificate, err := os.ReadFile(caCertPath) if err != nil { diff --git a/pkg/flowaggregator/exporter/utils.go b/pkg/flowaggregator/exporter/utils.go index ced42593a41..7a1d0596323 100644 --- a/pkg/flowaggregator/exporter/utils.go +++ b/pkg/flowaggregator/exporter/utils.go @@ -15,6 +15,7 @@ package exporter import ( + "context" "fmt" "time" @@ -41,7 +42,7 @@ func getClusterUUID(k8sClient kubernetes.Interface) (uuid.UUID, error) { k8sClient, ) var clusterUUID uuid.UUID - if err := wait.PollImmediate(retryInterval, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), retryInterval, timeout, true, func(ctx context.Context) (bool, error) { clusterIdentity, _, err := clusterIdentityProvider.Get() if err != nil { return false, nil diff --git a/pkg/ipam/poolallocator/allocator_test.go b/pkg/ipam/poolallocator/allocator_test.go index 78faa87aab5..5c53c5ce161 100644 --- a/pkg/ipam/poolallocator/allocator_test.go +++ b/pkg/ipam/poolallocator/allocator_test.go @@ -15,6 +15,7 @@ package poolallocator import ( + "context" "fmt" "net" "testing" @@ -60,7 +61,7 @@ func newTestIPPoolAllocator(pool *crdv1a2.IPPool, stopCh <-chan struct{}) *IPPoo var allocator *IPPoolAllocator var err error - wait.PollImmediate(100*time.Millisecond, 1*time.Second, func() (bool, error) { + wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 1*time.Second, true, func(ctx context.Context) (bool, error) { allocator, err = NewIPPoolAllocator(pool.Name, crdClient, pools.Lister()) if err != nil { return false, nil @@ -377,11 +378,10 @@ func TestHas(t *testing.T) { _, _, err := allocator.AllocateNext(crdv1a2.IPAddressPhaseAllocated, owner) require.NoError(t, err) - err = wait.PollImmediate(100*time.Millisecond, 1*time.Second, func() (bool, error) { + require.Eventually(t, func() bool { has, _ := allocator.hasPod(testNamespace, "fakePod") - return has, nil - }) - require.NoError(t, err) + return has + }, 1*time.Second, 100*time.Millisecond) has, err := allocator.hasPod(testNamespace, "realPod") require.NoError(t, err) diff --git a/pkg/monitor/controller.go b/pkg/monitor/controller.go index e0436938b28..321f28d182f 100644 --- a/pkg/monitor/controller.go +++ b/pkg/monitor/controller.go @@ -390,7 +390,7 @@ func (monitor *controllerMonitor) antreaAgentInfoAPIAvailable(stopCh <-chan stru } found := false - if err := wait.PollImmediateUntil(time.Second*10, func() (done bool, err error) { + if err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), time.Second*10, true, func(ctx context.Context) (done bool, err error) { var checkErr error found, checkErr = checkFunc() if checkErr != nil { @@ -398,7 +398,7 @@ func (monitor *controllerMonitor) antreaAgentInfoAPIAvailable(stopCh <-chan stru return false, nil } return true, nil - }, stopCh); err != nil { + }); err != nil { klog.ErrorS(err, "Failed to get server resources for GroupVersion", "groupVersion", groupVersion) found = false } diff --git a/pkg/ovs/ovsctl/ovsctl_others.go b/pkg/ovs/ovsctl/ovsctl_others.go index c4a58ff2a39..26e55138fa5 100644 --- a/pkg/ovs/ovsctl/ovsctl_others.go +++ b/pkg/ovs/ovsctl/ovsctl_others.go @@ -53,7 +53,7 @@ func ovsVSwitchdUDS(ctx context.Context) (string, error) { var readErr error startTime := time.Now() hasFailure := false - err := wait.PollImmediateWithContext(ctx, 50*time.Millisecond, 5*time.Second, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, 50*time.Millisecond, 5*time.Second, true, func(ctx context.Context) (bool, error) { pid, readErr = readOVSVSwitchdPID() if readErr != nil { hasFailure = true diff --git a/pkg/util/channel/channel_test.go b/pkg/util/channel/channel_test.go index 12efc053e6c..2891e20030f 100644 --- a/pkg/util/channel/channel_test.go +++ b/pkg/util/channel/channel_test.go @@ -22,7 +22,6 @@ import ( "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" ) type eventReceiver struct { @@ -71,17 +70,17 @@ func TestSubscribe(t *testing.T) { var errReceiver int var errReceivedEvents sets.Set[string] - assert.NoError(t, wait.PollImmediate(10*time.Millisecond, 100*time.Millisecond, func() (done bool, err error) { + assert.Eventually(t, func() bool { for i, r := range eventReceivers { receivedEvents := r.received() if !receivedEvents.Equal(desiredEvents) { errReceiver = i errReceivedEvents = receivedEvents - return false, nil + return false } } - return true, nil - }), "Receiver %d failed to receive all events, expected %d events, got %d events", errReceiver, len(desiredEvents), len(errReceivedEvents)) + return true + }, 100*time.Millisecond, 10*time.Millisecond, "Receiver %d failed to receive all events, expected %d events, got %d events", errReceiver, len(desiredEvents), len(errReceivedEvents)) } func TestNotify(t *testing.T) { diff --git a/test/e2e/antreaipam_test.go b/test/e2e/antreaipam_test.go index da84884ed0f..db5fc8f2a9e 100644 --- a/test/e2e/antreaipam_test.go +++ b/test/e2e/antreaipam_test.go @@ -477,7 +477,7 @@ func checkStatefulSetIPPoolAllocation(tb testing.TB, data *TestData, name string expectedIPAddressJson, _ := json.Marshal(expectedIPAddressMap) tb.Logf("expectedIPAddressMap: %s", expectedIPAddressJson) - err = wait.Poll(time.Second*3, time.Second*15, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), time.Second*3, time.Second*15, false, func(ctx context.Context) (bool, error) { ipPool, err := data.crdClient.CrdV1alpha2().IPPools().Get(context.TODO(), ipPoolName, metav1.GetOptions{}) if err != nil { tb.Fatalf("Failed to get IPPool %s, err: %+v", ipPoolName, err) @@ -574,7 +574,7 @@ func deleteIPPoolWrapper(tb testing.TB, data *TestData, name string) { func checkIPPoolsEmpty(tb testing.TB, data *TestData, names []string) { count := 0 - err := wait.PollImmediate(3*time.Second, defaultTimeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 3*time.Second, defaultTimeout, true, func(ctx context.Context) (bool, error) { for _, name := range names { ipPool, _ := data.crdClient.CrdV1alpha2().IPPools().Get(context.TODO(), name, metav1.GetOptions{}) if len(ipPool.Status.IPAddresses) > 0 { diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index ffcd5d0ca1e..00bfc5ab4c4 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -3917,7 +3917,7 @@ func testACNPIGMPQuery(t *testing.T, data *TestData, acnpName, caseName, groupAd } // check if IGMP can be sent to Pod - if err := wait.Poll(3*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 3*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { captured, err := checkPacketCaptureResult(t, data, tcpdumpName, cmd) if captured { return true, nil @@ -4000,7 +4000,7 @@ func testACNPMulticastEgress(t *testing.T, data *TestData, acnpName, caseName, g t.Fatalf("failed to call generateConnCheckCmd: %v", err) } - if err := wait.Poll(3*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 3*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { captured, err := checkPacketCaptureResult(t, data, tcpdumpName, cmd) if captured { return true, nil @@ -4050,7 +4050,7 @@ func checkAuditLoggingResult(t *testing.T, data *TestData, nodeName, logLocator } cmd := []string{"cat", logDir + logfileName} - if err := wait.Poll(1*time.Second, 10*time.Second, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 1*time.Second, 10*time.Second, false, func(ctx context.Context) (bool, error) { stdout, stderr, err := data.RunCommandFromPod(antreaNamespace, antreaPodName, "antrea-agent", cmd) if err != nil || stderr != "" { // file may not exist yet @@ -4705,7 +4705,7 @@ func TestAntreaPolicyStatusWithAppliedToUnsupportedGroup(t *testing.T) { } func checkANNPStatus(t *testing.T, data *TestData, annp *crdv1beta1.NetworkPolicy, expectedStatus crdv1beta1.NetworkPolicyStatus) *crdv1beta1.NetworkPolicy { - err := wait.Poll(100*time.Millisecond, policyRealizedTimeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, policyRealizedTimeout, false, func(ctx context.Context) (bool, error) { var err error annp, err = data.crdClient.CrdV1beta1().NetworkPolicies(annp.Namespace).Get(context.TODO(), annp.Name, metav1.GetOptions{}) if err != nil { @@ -4718,7 +4718,7 @@ func checkANNPStatus(t *testing.T, data *TestData, annp *crdv1beta1.NetworkPolic } func checkACNPStatus(t *testing.T, data *TestData, acnp *crdv1beta1.ClusterNetworkPolicy, expectedStatus crdv1beta1.NetworkPolicyStatus) *crdv1beta1.ClusterNetworkPolicy { - err := wait.Poll(100*time.Millisecond, policyRealizedTimeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, policyRealizedTimeout, false, func(ctx context.Context) (bool, error) { var err error acnp, err = data.crdClient.CrdV1beta1().ClusterNetworkPolicies().Get(context.TODO(), acnp.Name, metav1.GetOptions{}) if err != nil { @@ -4735,7 +4735,7 @@ func checkACNPStatus(t *testing.T, data *TestData, acnp *crdv1beta1.ClusterNetwo // resource's Generation and the Phase is set to Realized. func (data *TestData) waitForANNPRealized(t *testing.T, namespace string, name string, timeout time.Duration) error { t.Logf("Waiting for ANNP '%s/%s' to be realized", namespace, name) - if err := wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { annp, err := data.crdClient.CrdV1beta1().NetworkPolicies(namespace).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return false, err @@ -4752,7 +4752,7 @@ func (data *TestData) waitForANNPRealized(t *testing.T, namespace string, name s // resource's Generation and the Phase is set to Realized. func (data *TestData) waitForACNPRealized(t *testing.T, name string, timeout time.Duration) error { t.Logf("Waiting for ACNP '%s' to be realized", name) - if err := wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { acnp, err := data.crdClient.CrdV1beta1().ClusterNetworkPolicies().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return false, err @@ -4894,7 +4894,7 @@ func testANNPNetworkPolicyStatsWithDropAction(t *testing.T, data *TestData) { totalSessionsPerRule += sessionsPerAddressFamily } - if err := wait.Poll(5*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { stats, err := data.crdClient.StatsV1alpha1().AntreaNetworkPolicyStats(data.testNamespace).Get(context.TODO(), "np1", metav1.GetOptions{}) if err != nil { return false, err @@ -5029,7 +5029,7 @@ func testAntreaClusterNetworkPolicyStats(t *testing.T, data *TestData) { totalSessionsPerRule += sessionsPerAddressFamily } - if err := wait.Poll(5*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { stats, err := data.crdClient.StatsV1alpha1().AntreaClusterNetworkPolicyStats().Get(context.TODO(), "cnp1", metav1.GetOptions{}) if err != nil { return false, err diff --git a/test/e2e/basic_test.go b/test/e2e/basic_test.go index 10f1ed3b6ff..21b4b0b0075 100644 --- a/test/e2e/basic_test.go +++ b/test/e2e/basic_test.go @@ -15,6 +15,7 @@ package e2e import ( + "context" "encoding/json" "fmt" "net" @@ -380,7 +381,7 @@ func testReconcileGatewayRoutesOnStartup(t *testing.T, data *TestData, isIPv6 bo t.Logf("Retrieving gateway routes on Node '%s'", nodeName) var routes []Route - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (found bool, err error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (found bool, err error) { var llRoute *Route routes, _, llRoute, err = getGatewayRoutes(t, data, antreaGWName, nodeName, isIPv6) if err != nil { @@ -397,7 +398,7 @@ func testReconcileGatewayRoutesOnStartup(t *testing.T, data *TestData, isIPv6 bo return false, fmt.Errorf("IPv6 link-local route not found") } return true, nil - }); err == wait.ErrWaitTimeout { + }); wait.Interrupted(err) { t.Fatalf("Not enough gateway routes after %v", defaultTimeout) } else if err != nil { t.Fatalf("Error while waiting for gateway routes: %v", err) @@ -478,7 +479,7 @@ func testReconcileGatewayRoutesOnStartup(t *testing.T, data *TestData, isIPv6 bo // We expect the agent to delete the extra route we added and add back the route we deleted t.Logf("Waiting for gateway routes to converge") - if err := wait.Poll(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, false, func(ctx context.Context) (bool, error) { var llRoute *Route newRoutes, _, llRoute, err := getGatewayRoutes(t, data, antreaGWName, nodeName, isIPv6) if err != nil { @@ -509,7 +510,7 @@ func testReconcileGatewayRoutesOnStartup(t *testing.T, data *TestData, isIPv6 bo } // We haven't found the deleted route, keep trying return false, nil - }); err == wait.ErrWaitTimeout { + }); wait.Interrupted(err) { t.Errorf("Gateway routes did not converge after %v", defaultTimeout) } else if err != nil { t.Fatalf("Error while waiting for gateway routes to converge: %v", err) @@ -567,7 +568,7 @@ func testCleanStaleClusterIPRoutes(t *testing.T, data *TestData, isIPv6 bool) { t.Fatalf("Failed to detect gateway interface name from ConfigMap: %v", err) } var routes []Route - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (bool, error) { _, routes, _, err = getGatewayRoutes(t, data, antreaGWName, nodeName, isIPv6) if err != nil { t.Logf("Failed to get Service gateway routes: %v", err) @@ -739,7 +740,7 @@ func testDeletePreviousRoundFlowsOnStartup(t *testing.T, data *TestData) { waitForNextRoundNum := func(roundNum uint64) uint64 { var nextRoundNum uint64 - if err := wait.Poll(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, false, func(ctx context.Context) (bool, error) { nextRoundNum = roundNumber(podName) if nextRoundNum != roundNum { return true, nil @@ -814,7 +815,7 @@ func testDeletePreviousRoundFlowsOnStartup(t *testing.T, data *TestData) { // In theory there should be no need to poll here because the agent only persists the new // round number after stale flows have been deleted, but it is probably better not to make // this assumption in an e2e test. - if err := wait.PollImmediate(defaultInterval, smallTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, smallTimeout, true, func(ctx context.Context) (bool, error) { return !checkFlow(), nil }); err != nil { @@ -880,7 +881,7 @@ func testClusterIdentity(t *testing.T, data *TestData) { const retryInterval = time.Second const timeout = 10 * time.Second var clusterUUID uuid.UUID - err := wait.PollImmediate(retryInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), retryInterval, timeout, true, func(ctx context.Context) (bool, error) { clusterIdentity, _, err := clusterIdentityProvider.Get() if err != nil { return false, nil diff --git a/test/e2e/batch_test.go b/test/e2e/batch_test.go index e076c300488..64d026e9e14 100644 --- a/test/e2e/batch_test.go +++ b/test/e2e/batch_test.go @@ -23,7 +23,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" ) // TestBatchCreatePods verifies there is no FD leak after batched Pod creation. @@ -67,10 +66,8 @@ func TestBatchCreatePods(t *testing.T) { // reasons (health probes, CNI invocations, ...). In that case, the new set of FDs can // contain additional entries compared to the old set of FDs. However, eventually, getFDs() // should return a subset of oldFDs. - // Most of the time, wait.PollImmediate will return immediately, after the first call to the - // condition function. - assert.NoError(t, wait.PollImmediate(100*time.Millisecond, 2*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { newFDs := getFDs() - return oldFDs.IsSuperset(newFDs), nil - }), "Batched Pod creation allocated new FDs") + return oldFDs.IsSuperset(newFDs) + }, 2*time.Second, 100*time.Millisecond, "Batched Pod creation allocated new FDs") } diff --git a/test/e2e/connectivity_test.go b/test/e2e/connectivity_test.go index 2c081b60803..87df12205af 100644 --- a/test/e2e/connectivity_test.go +++ b/test/e2e/connectivity_test.go @@ -236,7 +236,7 @@ func createPodsOnDifferentNodes(t *testing.T, data *TestData, namespace, tag str return fmt.Errorf("error deleting DaemonSet") } // Wait for all Pods managed by DaemonSet to be deleted to avoid affecting following tests. - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { pods, err := getDaemonSetPods() if err != nil { return false, fmt.Errorf("error getting Pods managed by DaemonSet") diff --git a/test/e2e/egress_test.go b/test/e2e/egress_test.go index fc674d1506d..d128598f778 100644 --- a/test/e2e/egress_test.go +++ b/test/e2e/egress_test.go @@ -167,13 +167,14 @@ func testEgressClientIP(t *testing.T, data *TestData) { assertClientIP(data, t, remotePod, toolboxContainerName, tt.serverIP, egressNodeIP) var err error - err = wait.Poll(time.Millisecond*100, time.Second, func() (bool, error) { - egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) - if err != nil { - return false, err - } - return egress.Status.EgressNode == egressNode, nil - }) + err = wait.PollUntilContextTimeout(context.Background(), time.Millisecond*100, time.Second, false, + func(ctx context.Context) (bool, error) { + egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) + if err != nil { + return false, err + } + return egress.Status.EgressNode == egressNode, nil + }) assert.NoError(t, err, "Egress failed to reach expected status") t.Log("Checking the client IP of a Pod whose Egress has been created in advance") @@ -313,7 +314,7 @@ func testEgressClientIPFromVLANSubnet(t *testing.T, data *TestData) { egress := data.createEgress(t, "egress-vlan", nil, map[string]string{"antrea-e2e": clientPod1}, pool.Name, "", nil) defer data.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress.Name, metav1.DeleteOptions{}) - err := wait.PollImmediate(500*time.Millisecond, 3*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 500*time.Millisecond, 3*time.Second, true, func(ctx context.Context) (done bool, err error) { egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) if err != nil { return false, err @@ -456,7 +457,7 @@ func testEgressCRUD(t *testing.T, data *TestData) { defer data.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress.Name, metav1.DeleteOptions{}) // Use Poll to wait the interval before the first run to detect the case that the IP is assigned to any Node // when it's not supposed to. - err := wait.Poll(500*time.Millisecond, 3*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 500*time.Millisecond, 3*time.Second, false, func(ctx context.Context) (done bool, err error) { egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) if err != nil { return false, err @@ -495,20 +496,21 @@ func testEgressCRUD(t *testing.T, data *TestData) { checkEIPStatus := func(expectedUsed int) { var gotUsed, gotTotal int - err := wait.PollImmediate(200*time.Millisecond, 2*time.Second, func() (done bool, err error) { - pool, err := data.crdClient.CrdV1beta1().ExternalIPPools().Get(context.TODO(), pool.Name, metav1.GetOptions{}) - if err != nil { - return false, fmt.Errorf("failed to get ExternalIPPool: %v", err) - } - gotUsed, gotTotal = pool.Status.Usage.Used, pool.Status.Usage.Total - if expectedUsed != pool.Status.Usage.Used { - return false, nil - } - if tt.expectedTotal != pool.Status.Usage.Total { - return false, nil - } - return true, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 2*time.Second, true, + func(ctx context.Context) (done bool, err error) { + pool, err := data.crdClient.CrdV1beta1().ExternalIPPools().Get(context.TODO(), pool.Name, metav1.GetOptions{}) + if err != nil { + return false, fmt.Errorf("failed to get ExternalIPPool: %v", err) + } + gotUsed, gotTotal = pool.Status.Usage.Used, pool.Status.Usage.Total + if expectedUsed != pool.Status.Usage.Used { + return false, nil + } + if tt.expectedTotal != pool.Status.Usage.Total { + return false, nil + } + return true, nil + }) require.NoError(t, err, "ExternalIPPool status not match: expectedTotal=%d, got=%d, expectedUsed=%d, got=%d", tt.expectedTotal, gotTotal, expectedUsed, gotUsed) } checkEIPStatus(1) @@ -516,13 +518,14 @@ func testEgressCRUD(t *testing.T, data *TestData) { err = data.crdClient.CrdV1beta1().Egresses().Delete(context.TODO(), egress.Name, metav1.DeleteOptions{}) require.NoError(t, err, "Failed to delete Egress") if egress.Status.EgressNode != "" { - err := wait.PollImmediate(200*time.Millisecond, timeout, func() (done bool, err error) { - exists, err := hasIP(data, egress.Status.EgressNode, egress.Spec.EgressIP) - if err != nil { - return false, fmt.Errorf("check ip error: %v", err) - } - return !exists, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, timeout, true, + func(ctx context.Context) (done bool, err error) { + exists, err := hasIP(data, egress.Status.EgressNode, egress.Spec.EgressIP) + if err != nil { + return false, fmt.Errorf("check ip error: %v", err) + } + return !exists, nil + }) require.NoError(t, err, "Found stale IP (%s) exists on Node (%s)", egress.Spec.EgressIP, egress.Status.EgressNode) } checkEIPStatus(0) @@ -600,13 +603,14 @@ func testEgressUpdateEgressIP(t *testing.T, data *TestData) { _, err = data.checkEgressState(egress.Name, tt.newEgressIP, tt.newNode, "", time.Second) require.NoError(t, err) - err = wait.PollImmediate(200*time.Millisecond, timeout, func() (done bool, err error) { - exists, err := hasIP(data, tt.originalNode, tt.originalEgressIP) - if err != nil { - return false, fmt.Errorf("check ip error: %v", err) - } - return !exists, nil - }) + err = wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, timeout, true, + func(ctx context.Context) (done bool, err error) { + exists, err := hasIP(data, tt.originalNode, tt.originalEgressIP) + if err != nil { + return false, fmt.Errorf("check ip error: %v", err) + } + return !exists, nil + }) require.NoError(t, err, "Found stale IP (%s) exists on Node (%s)", tt.originalEgressIP, tt.originalNode) }) } @@ -831,7 +835,7 @@ func testEgressUpdateBandwidth(t *testing.T, data *TestData) { func (data *TestData) checkEgressState(egressName, expectedIP, expectedNode, otherNode string, timeout time.Duration) (*v1beta1.Egress, error) { var egress *v1beta1.Egress var expectedNodeHasIP, otherNodeHasIP bool - pollErr := wait.PollImmediate(200*time.Millisecond, timeout, func() (bool, error) { + pollErr := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egressName, metav1.GetOptions{}) if err != nil { @@ -976,16 +980,17 @@ func (data *TestData) createEgress(t *testing.T, generateName string, matchExpre } func (data *TestData) waitForEgressRealized(egress *v1beta1.Egress) (*v1beta1.Egress, error) { - err := wait.PollImmediate(200*time.Millisecond, waitEgressRealizedTimeout, func() (done bool, err error) { - egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) - if err != nil { - return false, err - } - if egress.Spec.EgressIP == "" || egress.Status.EgressNode == "" { - return false, nil - } - return true, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, waitEgressRealizedTimeout, true, + func(ctx context.Context) (done bool, err error) { + egress, err = data.crdClient.CrdV1beta1().Egresses().Get(context.TODO(), egress.Name, metav1.GetOptions{}) + if err != nil { + return false, err + } + if egress.Spec.EgressIP == "" || egress.Status.EgressNode == "" { + return false, nil + } + return true, nil + }) if err != nil { return nil, fmt.Errorf("wait for Egress %#v realized failed: %v", egress, err) } @@ -996,7 +1001,7 @@ func (data *TestData) waitForEgressRealized(egress *v1beta1.Egress) (*v1beta1.Eg func assertClientIP(data *TestData, t *testing.T, pod, container, serverIP string, clientIPs ...string) { var exeErr error var stdout, stderr string - err := wait.Poll(100*time.Millisecond, 5*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 5*time.Second, false, func(ctx context.Context) (done bool, err error) { url := getHTTPURLFromIPPort(serverIP, 8080, "clientip") stdout, stderr, exeErr = data.runWgetCommandFromTestPodWithRetry(pod, data.testNamespace, container, url, 5) if exeErr != nil { @@ -1022,14 +1027,15 @@ func assertClientIP(data *TestData, t *testing.T, pod, container, serverIP strin func assertConnError(data *TestData, t *testing.T, pod, container, serverIP string) { var exeErr error var stdout, stderr string - err := wait.Poll(100*time.Millisecond, 2*time.Second, func() (done bool, err error) { - url := getHTTPURLFromIPPort(serverIP, 8080, "clientip") - stdout, stderr, exeErr = data.runWgetCommandFromTestPodWithRetry(pod, data.testNamespace, url, container, 5) - if exeErr != nil { - return true, nil - } - return false, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 2*time.Second, false, + func(ctx context.Context) (done bool, err error) { + url := getHTTPURLFromIPPort(serverIP, 8080, "clientip") + stdout, stderr, exeErr = data.runWgetCommandFromTestPodWithRetry(pod, data.testNamespace, url, container, 5) + if exeErr != nil { + return true, nil + } + return false, nil + }) require.NoError(t, err, "Failed to get expected error, stdout: %v, stderr: %v, err: %v", stdout, stderr, exeErr) } diff --git a/test/e2e/flowaggregator_test.go b/test/e2e/flowaggregator_test.go index 848b739b401..5c17f98067e 100644 --- a/test/e2e/flowaggregator_test.go +++ b/test/e2e/flowaggregator_test.go @@ -1437,7 +1437,7 @@ func getCollectorOutput(t *testing.T, srcIP, dstIP, srcPort string, isDstService var recordSlices []string // In the ToExternalFlows test, flow record will arrive 5.5s (exporterActiveFlowExportTimeout+aggregatorActiveFlowRecordTimeout) after executing wget command // We set the timeout to 9s (5.5s plus one more aggregatorActiveFlowRecordTimeout) to make the ToExternalFlows test more stable - err := wait.PollImmediate(500*time.Millisecond, exporterActiveFlowExportTimeout+aggregatorActiveFlowRecordTimeout*2, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 500*time.Millisecond, exporterActiveFlowExportTimeout+aggregatorActiveFlowRecordTimeout*2, true, func(ctx context.Context) (bool, error) { var rc int var err error var cmd string @@ -1499,7 +1499,7 @@ func getClickHouseOutput(t *testing.T, data *TestData, srcIP, dstIP, srcPort str } // ClickHouse output expected to be checked after IPFIX collector. // Waiting additional 4x commit interval to be adequate for 3 commit attempts. - err := wait.PollImmediate(500*time.Millisecond, aggregatorClickHouseCommitInterval*4, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 500*time.Millisecond, aggregatorClickHouseCommitInterval*4, true, func(ctx context.Context) (bool, error) { queryOutput, _, err := data.RunCommandFromPod(flowVisibilityNamespace, clickHousePodName, "clickhouse", cmd) if err != nil { return false, err @@ -1791,7 +1791,7 @@ func addLabelToTestPods(t *testing.T, data *TestData, label string, podNames []s testPod.Labels["targetLabel"] = label _, err = data.clientset.CoreV1().Pods(data.testNamespace).Update(context.TODO(), testPod, metav1.UpdateOptions{}) require.NoErrorf(t, err, "Error when adding label to %s", testPod.Name) - err = wait.Poll(defaultInterval, timeout, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { pod, err := data.clientset.CoreV1().Pods(data.testNamespace).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) if err != nil { if errors.IsNotFound(err) { @@ -1863,7 +1863,7 @@ func getAndCheckFlowAggregatorMetrics(t *testing.T, data *TestData) error { } podName := flowAggPod.Name command := []string{"antctl", "get", "recordmetrics", "-o", "json"} - if err := wait.Poll(defaultInterval, 2*defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, 2*defaultTimeout, false, func(ctx context.Context) (bool, error) { stdout, _, err := runAntctl(podName, command, data) if err != nil { t.Logf("Error when requesting recordmetrics, %v", err) diff --git a/test/e2e/framework.go b/test/e2e/framework.go index 4ec22253ca3..c3a5a342318 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -53,7 +53,7 @@ import ( aggregatorclientset "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" "k8s.io/kubectl/pkg/util/podutils" utilnet "k8s.io/utils/net" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "antrea.io/antrea/pkg/agent/config" crdclientset "antrea.io/antrea/pkg/client/clientset/versioned" @@ -801,7 +801,7 @@ func (data *TestData) DeleteNamespace(namespace string, timeout time.Duration) e return fmt.Errorf("error when deleting '%s' Namespace: %v", namespace, err) } if timeout >= 0 { - return wait.Poll(defaultInterval, timeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { if ns, err := data.clientset.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}); err != nil { if errors.IsNotFound(err) { // Success @@ -865,7 +865,7 @@ func (data *TestData) deployFlowVisibilityClickHouse(o flowVisibilityTestOptions if err != nil || rc != 0 { return "", fmt.Errorf("error when deploying the ClickHouse Operator YML; %s not available on the control-plane Node", chOperatorYML) } - if err := wait.Poll(2*time.Second, 10*time.Second, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, 10*time.Second, false, func(ctx context.Context) (bool, error) { rc, stdout, stderr, err := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl apply -f %s", visibilityYML)) if err != nil || rc != 0 { // ClickHouseInstallation CRD from ClickHouse Operator install bundle applied soon before @@ -888,7 +888,7 @@ func (data *TestData) deployFlowVisibilityClickHouse(o flowVisibilityTestOptions // check clickhouse service http port for service connectivity var chSvc *corev1.Service - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (bool, error) { chSvc, err = data.GetService(flowVisibilityNamespace, "clickhouse-clickhouse") if err != nil { return false, nil @@ -899,7 +899,7 @@ func (data *TestData) deployFlowVisibilityClickHouse(o flowVisibilityTestOptions return "", fmt.Errorf("timeout waiting for ClickHouse Service: %v", err) } - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (bool, error) { rc, stdout, stderr, err := testData.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("curl -Ss %s:%s", chSvc.Spec.ClusterIP, clickHouseHTTPPort)) if rc != 0 || err != nil { @@ -1075,7 +1075,7 @@ func (data *TestData) getAgentContainersRestartCount() (int, error) { // waitForAntreaDaemonSetPods waits for the K8s apiserver to report that all the Antrea Pods are // available, i.e. all the Nodes have one or more of the Antrea daemon Pod running and available. func (data *TestData) waitForAntreaDaemonSetPods(timeout time.Duration) error { - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { getDS := func(dsName string, os string) (*appsv1.DaemonSet, error) { ds, err := data.clientset.AppsV1().DaemonSets(antreaNamespace).Get(context.TODO(), dsName, metav1.GetOptions{}) if err != nil { @@ -1126,7 +1126,7 @@ func (data *TestData) waitForAntreaDaemonSetPods(timeout time.Duration) error { } return true, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { _, stdout, _, _ := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl -n %s describe pod", antreaNamespace)) return fmt.Errorf("antrea-agent DaemonSet not ready within %v; kubectl describe pod output: %v", defaultTimeout, stdout) } else if err != nil { @@ -1138,7 +1138,7 @@ func (data *TestData) waitForAntreaDaemonSetPods(timeout time.Duration) error { // waitForCoreDNSPods waits for the K8s apiserver to report that all the CoreDNS Pods are available. func (data *TestData) waitForCoreDNSPods(timeout time.Duration) error { - err := wait.PollImmediate(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, true, func(ctx context.Context) (bool, error) { deployment, err := data.clientset.AppsV1().Deployments("kube-system").Get(context.TODO(), "coredns", metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error when retrieving CoreDNS deployment: %v", err) @@ -1149,7 +1149,7 @@ func (data *TestData) waitForCoreDNSPods(timeout time.Duration) error { // Keep trying return false, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { return fmt.Errorf("some CoreDNS replicas are still unavailable after %v", defaultTimeout) } else if err != nil { return err @@ -1240,7 +1240,7 @@ func (data *TestData) deleteAntrea(timeout time.Duration) error { } return fmt.Errorf("error when trying to delete Antrea DaemonSet: %v", err) } - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { if _, err := data.clientset.AppsV1().DaemonSets(antreaNamespace).Get(context.TODO(), ds, metav1.GetOptions{}); err != nil { if errors.IsNotFound(err) { // Antrea DaemonSet does not exist any more, success @@ -1448,7 +1448,7 @@ func (b *PodBuilder) Create(data *TestData) error { HostNetwork: b.HostNetwork, ServiceAccountName: b.ServiceAccountName, // Set it to 1s for immediate shutdown to reduce test run time and to avoid affecting subsequent tests. - TerminationGracePeriodSeconds: pointer.Int64(1), + TerminationGracePeriodSeconds: ptr.To[int64](1), } if b.NodeName != "" { podSpec.NodeSelector = map[string]string{ @@ -1579,7 +1579,7 @@ func (data *TestData) DeletePodAndWait(timeout time.Duration, name string, ns st if err := data.DeletePod(ns, name); err != nil { return err } - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { if _, err := data.clientset.CoreV1().Pods(ns).Get(context.TODO(), name, metav1.GetOptions{}); err != nil { if errors.IsNotFound(err) { return true, nil @@ -1589,7 +1589,7 @@ func (data *TestData) DeletePodAndWait(timeout time.Duration, name string, ns st // Keep trying return false, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { return fmt.Errorf("Pod '%s' still visible to client after %v", name, timeout) } return err @@ -1601,7 +1601,7 @@ type PodCondition func(*corev1.Pod) (bool, error) // the condition predicate is met (or until the provided timeout expires). func (data *TestData) PodWaitFor(timeout time.Duration, name, namespace string, condition PodCondition) (*corev1.Pod, error) { var pod *corev1.Pod - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { var err error pod, err = data.clientset.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { @@ -1613,7 +1613,7 @@ func (data *TestData) PodWaitFor(timeout time.Duration, name, namespace string, return condition(pod) }) if err != nil { - if err == wait.ErrWaitTimeout && pod != nil { + if wait.Interrupted(err) && pod != nil { return nil, fmt.Errorf("timed out waiting for the condition, Pod.Status: %s", pod.Status.String()) } return nil, err @@ -1743,7 +1743,7 @@ func (data *TestData) deleteAntreaAgentOnNode(nodeName string, gracePeriodSecond return 0, fmt.Errorf("error when deleting antrea-agent Pods on Node '%s': %v", nodeName, err) } - if err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { for _, pod := range pods.Items { if _, err := data.clientset.CoreV1().Pods(antreaNamespace).Get(context.TODO(), pod.Name, metav1.GetOptions{}); err != nil { if errors.IsNotFound(err) { @@ -1762,7 +1762,7 @@ func (data *TestData) deleteAntreaAgentOnNode(nodeName string, gracePeriodSecond delay := time.Since(start) // wait for new antrea-agent Pod - if err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { pods, err := data.clientset.CoreV1().Pods(antreaNamespace).List(context.TODO(), listOptions) if err != nil { return false, fmt.Errorf("failed to list antrea-agent Pods on Node '%s': %v", nodeName, err) @@ -1857,7 +1857,7 @@ func (data *TestData) restartAntreaControllerPod(timeout time.Duration) (*corev1 var newPod *corev1.Pod // wait for new antrea-controller Pod - if err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { pods, err := data.clientset.CoreV1().Pods(antreaNamespace).List(context.TODO(), listOptions) if err != nil { return false, fmt.Errorf("failed to list antrea-controller Pods: %v", err) @@ -2075,7 +2075,7 @@ func (data *TestData) deleteServiceAndWait(timeout time.Duration, name, namespac if err := data.deleteService(namespace, name); err != nil { return err } - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { if _, err := data.clientset.CoreV1().Services(namespace).Get(context.TODO(), name, metav1.GetOptions{}); err != nil { if errors.IsNotFound(err) { return true, nil @@ -2085,7 +2085,7 @@ func (data *TestData) deleteServiceAndWait(timeout time.Duration, name, namespac // Keep trying return false, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { return fmt.Errorf("Service '%s' still visible to client after %v", name, timeout) } return err @@ -2660,7 +2660,7 @@ func (data *TestData) killProcessAndCollectCovFiles(namespace, podName, containe } log.Infof("Copying coverage files from Pod '%s'", podName) - if err := wait.PollImmediate(1*time.Second, 5*time.Second, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 5*time.Second, true, func(ctx context.Context) (bool, error) { if err = data.copyPodFiles(podName, containerName, namespace, covFile, covDir); err != nil { log.Infof("Coverage file not available yet for copy: %v", err) return false, nil @@ -2863,7 +2863,7 @@ func (data *TestData) createDaemonSet(name string, ns string, ctrName string, im podSpec := corev1.PodSpec{ Tolerations: controlPlaneNoScheduleTolerations(), // Set it to 1s for immediate shutdown to reduce test run time and to avoid affecting subsequent tests. - TerminationGracePeriodSeconds: pointer.Int64(1), + TerminationGracePeriodSeconds: ptr.To[int64](1), Containers: []corev1.Container{ { Name: ctrName, @@ -2917,7 +2917,7 @@ func (data *TestData) createDaemonSet(name string, ns string, ctrName string, im } func (data *TestData) waitForDaemonSetPods(timeout time.Duration, dsName string, namespace string) error { - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { ds, err := data.clientset.AppsV1().DaemonSets(namespace).Get(context.TODO(), dsName, metav1.GetOptions{}) if err != nil { return false, err @@ -2946,7 +2946,7 @@ func (data *TestData) createStatefulSet(name string, ns string, size int32, ctrN }, }, // Set it to 1s for immediate shutdown to reduce test run time and to avoid affecting subsequent tests. - TerminationGracePeriodSeconds: pointer.Int64(1), + TerminationGracePeriodSeconds: ptr.To[int64](1), } stsSpec := appsv1.StatefulSetSpec{ Selector: &metav1.LabelSelector{ @@ -3019,7 +3019,7 @@ func (data *TestData) restartStatefulSet(name string, ns string) (*appsv1.Statef } func (data *TestData) waitForStatefulSetPods(timeout time.Duration, stsName string, namespace string) error { - err := wait.Poll(defaultInterval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), defaultInterval, timeout, false, func(ctx context.Context) (bool, error) { sts, err := data.clientset.AppsV1().StatefulSets(namespace).Get(context.TODO(), stsName, metav1.GetOptions{}) if err != nil { return false, err @@ -3046,7 +3046,7 @@ func retryOnConnectionLostError(backoff wait.Backoff, fn func() error) error { } func (data *TestData) checkAntreaAgentInfo(interval time.Duration, timeout time.Duration, name string) error { - err := wait.PollImmediate(interval, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.TODO(), interval, timeout, true, func(ctx context.Context) (bool, error) { aai, err := data.crdClient.CrdV1beta1().AntreaAgentInfos().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { if errors.IsNotFound(err) { diff --git a/test/e2e/ipsec_test.go b/test/e2e/ipsec_test.go index 417a6e382a5..b972f18ecdf 100644 --- a/test/e2e/ipsec_test.go +++ b/test/e2e/ipsec_test.go @@ -15,6 +15,7 @@ package e2e import ( + "context" "fmt" "regexp" "strconv" @@ -180,9 +181,9 @@ func testIPSecDeleteStaleTunnelPorts(t *testing.T, data *TestData) { } t.Logf("Checking that tunnel port has been created") - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (found bool, err error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (found bool, err error) { return doesOVSPortExist(), nil - }); err == wait.ErrWaitTimeout { + }); wait.Interrupted(err) { t.Fatalf("Timed out while waiting for OVS tunnel port to be created") } else if err != nil { t.Fatalf("Error while waiting for OVS tunnel port to be created") @@ -192,9 +193,9 @@ func testIPSecDeleteStaleTunnelPorts(t *testing.T, data *TestData) { data.redeployAntrea(t, deployAntreaDefault) t.Logf("Checking that tunnel port has been deleted") - if err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (found bool, err error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (found bool, err error) { return !doesOVSPortExist(), nil - }); err == wait.ErrWaitTimeout { + }); wait.Interrupted(err) { t.Fatalf("Timed out while waiting for OVS tunnel port to be deleted") } else if err != nil { t.Fatalf("Error while waiting for OVS tunnel port to be deleted") diff --git a/test/e2e/k8s_util.go b/test/e2e/k8s_util.go index 7f1570822a6..2dc2261a1f2 100644 --- a/test/e2e/k8s_util.go +++ b/test/e2e/k8s_util.go @@ -946,7 +946,7 @@ func (data *TestData) CleanANNPs(namespaces []string) error { func (data *TestData) WaitForANNPCreationAndRealization(t *testing.T, namespace string, name string, timeout time.Duration) error { t.Logf("Waiting for ANNP '%s/%s' to be realized", namespace, name) - if err := wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { annp, err := data.crdClient.CrdV1beta1().NetworkPolicies(namespace).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return false, nil @@ -960,7 +960,7 @@ func (data *TestData) WaitForANNPCreationAndRealization(t *testing.T, namespace func (data *TestData) WaitForACNPCreationAndRealization(t *testing.T, name string, timeout time.Duration) error { t.Logf("Waiting for ACNP '%s' to be created and realized", name) - if err := wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.TODO(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { acnp, err := data.crdClient.CrdV1beta1().ClusterNetworkPolicies().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return false, nil diff --git a/test/e2e/l7networkpolicy_test.go b/test/e2e/l7networkpolicy_test.go index 378834c80f5..730a968070f 100644 --- a/test/e2e/l7networkpolicy_test.go +++ b/test/e2e/l7networkpolicy_test.go @@ -25,7 +25,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" crdv1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" agentconfig "antrea.io/antrea/pkg/config/agent" @@ -129,59 +128,59 @@ func probeL7NetworkPolicyHTTP(t *testing.T, data *TestData, serverPodName, clien baseURL := net.JoinHostPort(ip.String(), "8080") // Verify that access to path /clientip is as expected. - assert.NoError(t, wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { _, err := probeClientIPFromPod(data, clientPodName, agnhostContainerName, baseURL) if (allowHTTPPathClientIP && err != nil) || (!allowHTTPPathClientIP && err == nil) { - return false, nil + return false } - return true, nil - })) + return true + }, 5*time.Second, time.Second) // Verify that access to path /hostname is as expected. - assert.NoError(t, wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { hostname, err := probeHostnameFromPod(data, clientPodName, agnhostContainerName, baseURL) if (allowHTTPPathHostname && err != nil) || (!allowHTTPPathHostname && err == nil) { - return false, nil + return false } if allowHTTPPathHostname && serverPodName != hostname { - return false, nil + return false } - return true, nil - })) + return true + }, 5*time.Second, time.Second) // For IPv4, non-HTTP connections should be rejected by Suricata. For IPv6, there is an issue that reject // packet cannot be generated by Suricata and sent back to client. if ip.To4() != nil { cmd := []string{"bash", "-c", fmt.Sprintf("dig @%s google.com a +tcp -p 8080", ip)} - assert.NoError(t, wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { stdout, _, err := data.RunCommandFromPod(data.testNamespace, clientPodName, agnhostContainerName, cmd) // For the client Pod which is selected by the L7 NetworkPolicy, the expected output returned // from Suricata should contain "connection reset". if err != nil { - return false, nil + return false } if !strings.Contains(stdout, fmt.Sprintf("communications error to %s#8080: connection reset", ip)) { - return false, nil + return false } - return true, nil - })) + return true + }, 5*time.Second, time.Second) } } } func probeL7NetworkPolicyTLS(t *testing.T, data *TestData, clientPodName string, serverName string, canAccess bool) { url := fmt.Sprintf("https://%s", serverName) - assert.NoError(t, wait.PollImmediate(time.Second, 5*time.Second, func() (bool, error) { + assert.Eventually(t, func() bool { stdout, stderr, err := data.runWgetCommandFromTestPodWithRetry(clientPodName, data.testNamespace, agnhostContainerName, url, 5) if canAccess && err != nil { t.Logf("Failed to access %s: %v\nStdout: %s\nStderr: %s\n", url, err, stdout, stderr) - return false, err + return false } else if !canAccess && err == nil { t.Logf("Expected not to access the server, but the request succeeded.\nStdout: %s\nStderr: %s\n", stdout, stderr) - return false, fmt.Errorf("expected not to access the server %s, but the request succeeded", url) + return false } - return true, nil - })) + return true + }, 5*time.Second, time.Second) } func testL7NetworkPolicyHTTP(t *testing.T, data *TestData) { diff --git a/test/e2e/multicast_test.go b/test/e2e/multicast_test.go index 72f6bcf8666..8134467a4d7 100644 --- a/test/e2e/multicast_test.go +++ b/test/e2e/multicast_test.go @@ -465,7 +465,7 @@ func testMulticastStatsWithSendersReceivers(t *testing.T, data *TestData, testNa } wg.Wait() - if err := wait.Poll(5*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { for _, senderConfig := range mc.senderConfigs { stats := mc.antctlResults[senderConfig.name] t.Logf("Checking antctl get podmulticaststats result for %s", senderConfig.name) @@ -571,7 +571,7 @@ func testMulticastForwardToMultipleInterfaces(t *testing.T, data *TestData, send data.RunCommandFromPod(data.testNamespace, senderName, mcjoinContainerName, sendMulticastCommand) }() - if err := wait.Poll(5*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { // Check whether multicast interfaces can receive multicast traffic in the server side. // The check is needed for verifying external interfaces acting as multicast interfaces are able to forward multicast traffic. // If multicast traffic is sent from non-HostNetwork pods, all multicast interfaces in senders should receive multicast traffic. @@ -644,7 +644,7 @@ func runTestMulticastBetweenPods(t *testing.T, data *TestData, mc multicastTestc readyReceivers := sets.New[int]() senderReady := false - if err := wait.Poll(3*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 3*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { if checkSenderRoute && !senderReady { // Sender pods should add an outbound multicast route except when running as HostNetwork. mRoutesResult, err := getMroutes(nodeName(mc.senderConfig.nodeIdx), gatewayInterface, mc.group.String(), strings.Join(nodeMulticastInterfaces[mc.senderConfig.nodeIdx], " ")) diff --git a/test/e2e/networkpolicy_test.go b/test/e2e/networkpolicy_test.go index 24995915d26..1a5e3199752 100644 --- a/test/e2e/networkpolicy_test.go +++ b/test/e2e/networkpolicy_test.go @@ -193,7 +193,7 @@ func testNetworkPolicyStats(t *testing.T, data *TestData) { totalSessions += sessionsPerAddressFamily } - if err := wait.Poll(5*time.Second, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, defaultTimeout, false, func(ctx context.Context) (bool, error) { var ingressStats *v1alpha1.NetworkPolicyStats for _, np := range []string{"test-networkpolicy-ingress", "test-networkpolicy-egress"} { stats, err := data.crdClient.StatsV1alpha1().NetworkPolicyStats(data.testNamespace).Get(context.TODO(), np, metav1.GetOptions{}) @@ -1133,7 +1133,7 @@ func createAndWaitForPodWithLabels(t *testing.T, data *TestData, createFunc func } func waitForAgentCondition(t *testing.T, data *TestData, podName string, conditionType v1beta1.AgentConditionType, expectedStatus corev1.ConditionStatus) { - if err := wait.Poll(defaultInterval, defaultTimeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, false, func(ctx context.Context) (bool, error) { cmds := []string{"antctl", "get", "agentinfo", "-o", "json"} t.Logf("cmds: %s", cmds) diff --git a/test/e2e/nodeportlocal_test.go b/test/e2e/nodeportlocal_test.go index 3a95ed3bf96..6aa801c38c9 100644 --- a/test/e2e/nodeportlocal_test.go +++ b/test/e2e/nodeportlocal_test.go @@ -16,6 +16,7 @@ package e2e import ( "bufio" + "context" "encoding/json" "fmt" "regexp" @@ -207,7 +208,7 @@ func checkForNPLRuleInIPTables(t *testing.T, data *TestData, r *require.Assertio cmd := []string{"iptables", "-t", "nat", "-S"} t.Logf("Verifying iptables rules %v, present: %v", rules, present) const timeout = 60 * time.Second - err := wait.Poll(time.Second, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, timeout, false, func(ctx context.Context) (bool, error) { stdout, _, err := data.RunCommandFromPod(antreaNamespace, antreaPod, agentContainerName, cmd) if err != nil { t.Logf("Error while checking rules in iptables: %v", err) @@ -251,7 +252,7 @@ func checkForNPLRuleInNetNat(t *testing.T, data *TestData, r *require.Assertions defaultnodeIP := "0.0.0.0" t.Logf("Verifying NetNat rules %v, present: %v", rules, present) const timeout = 60 * time.Second - err := wait.Poll(time.Second, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, timeout, false, func(ctx context.Context) (bool, error) { _, _, _, err := data.RunCommandOnNode(nodeName, "Get-NetNatStaticMapping") if err != nil { t.Logf("Error while checking NPL rules on Windows Node: %v", err) @@ -294,7 +295,7 @@ func checkForNPLRuleInNetNat(t *testing.T, data *TestData, r *require.Assertions func checkForNPLListeningSockets(t *testing.T, data *TestData, r *require.Assertions, antreaPod string, rules []nplRuleData, present bool) { t.Logf("Verifying NPL listening sockets") const timeout = 30 * time.Second - err := wait.Poll(time.Second, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, timeout, false, func(ctx context.Context) (bool, error) { for _, rule := range rules { protocolOption := "--" + rule.protocol cmd := []string{"ss", "--listening", protocolOption, "-H", "-n"} diff --git a/test/e2e/performance_test.go b/test/e2e/performance_test.go index 947fe2395ac..da64de14754 100644 --- a/test/e2e/performance_test.go +++ b/test/e2e/performance_test.go @@ -278,7 +278,7 @@ func networkPolicyRealize(policyRules int, data *TestData, b *testing.B) { } func WaitNetworkPolicyRealize(nodeName string, table *openflow.Table, policyRules int, data *TestData) error { - return wait.PollImmediate(50*time.Millisecond, *realizeTimeout, func() (bool, error) { + return wait.PollUntilContextTimeout(context.Background(), 50*time.Millisecond, *realizeTimeout, true, func(ctx context.Context) (bool, error) { return checkRealize(nodeName, table, policyRules, data) }) } diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go index 577826bb960..bb607700c96 100644 --- a/test/e2e/prometheus_test.go +++ b/test/e2e/prometheus_test.go @@ -143,7 +143,7 @@ func getMetricsFromAPIServer(t *testing.T, url string, token string) string { } var body []byte - err = wait.PollImmediate(defaultInterval, defaultTimeout, func() (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (bool, error) { // Query metrics via HTTPS from Pod resp, err := client.Do(req) if err != nil { @@ -285,7 +285,7 @@ func testMetricsFromPrometheusServer(t *testing.T, data *TestData, prometheusJob client := &http.Client{} var output prometheusServerOutput - err := wait.PollImmediate(defaultInterval, defaultTimeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), defaultInterval, defaultTimeout, true, func(ctx context.Context) (bool, error) { resp, err := client.Get(queryURL) if err != nil { // Retry when accessing prometheus failed for flexible-ipam diff --git a/test/e2e/security_test.go b/test/e2e/security_test.go index 9401e5e4905..b8adff2a570 100644 --- a/test/e2e/security_test.go +++ b/test/e2e/security_test.go @@ -166,7 +166,7 @@ func testCert(t *testing.T, data *TestData, expectedCABundle string, restartPod var caBundle string var configMap *v1.ConfigMap - if err := wait.Poll(2*time.Second, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 2*time.Second, timeout, false, func(ctx context.Context) (bool, error) { var err error configMap, err = data.clientset.CoreV1().ConfigMaps(caConfigMapNamespace).Get(context.TODO(), certificate.AntreaCAConfigMapName, metav1.GetOptions{}) if err != nil { @@ -214,7 +214,7 @@ func testCert(t *testing.T, data *TestData, expectedCABundle string, restartPod require.NoError(t, NewPodBuilder(clientName, data.testNamespace, agnhostImage).WithContainerName(getImageName(agnhostImage)).MountConfigMap(configMapCopy.Name, "/etc/config/", "config-volume").WithHostNetwork(false).Create(data)) defer data.DeletePodAndWait(defaultTimeout, clientName, data.testNamespace) require.NoError(t, data.podWaitForRunning(defaultTimeout, clientName, data.testNamespace)) - if err := wait.Poll(2*time.Second, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 2*time.Second, timeout, false, func(ctx context.Context) (bool, error) { stdout, stderr, err := data.RunCommandFromPod(data.testNamespace, clientName, agnhostContainerName, cmd) if err != nil { t.Logf("error when running cmd: %v , stdout: <%v>, stderr: <%v>", err, stdout, stderr) @@ -241,7 +241,7 @@ func testCert(t *testing.T, data *TestData, expectedCABundle string, restartPod } // antrea-agents reconnect every 5 seconds, we expect their connections are restored in a few seconds. - if err := wait.Poll(2*time.Second, 30*time.Second, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 2*time.Second, 30*time.Second, false, func(ctx context.Context) (bool, error) { cmds := []string{"antctl", "get", "controllerinfo", "-o", "json"} stdout, _, err := runAntctl(antreaController.Name, cmds, data) if err != nil { diff --git a/test/e2e/service_externalip_test.go b/test/e2e/service_externalip_test.go index 57692e7ce6f..555c39592d3 100644 --- a/test/e2e/service_externalip_test.go +++ b/test/e2e/service_externalip_test.go @@ -343,20 +343,21 @@ func testServiceWithExternalIPCRUD(t *testing.T, data *TestData) { checkEIPStatus := func(expectedUsed int) { var gotUsed, gotTotal int - err := wait.PollImmediate(200*time.Millisecond, 2*time.Second, func() (done bool, err error) { - pool, err := data.crdClient.CrdV1alpha2().ExternalIPPools().Get(context.TODO(), ipPool.Name, metav1.GetOptions{}) - if err != nil { - return false, fmt.Errorf("failed to get ExternalIPPool: %v", err) - } - gotUsed, gotTotal = pool.Status.Usage.Used, pool.Status.Usage.Total - if expectedUsed != pool.Status.Usage.Used { - return false, nil - } - if tt.expectedTotal != pool.Status.Usage.Total { - return false, nil - } - return true, nil - }) + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 2*time.Second, true, + func(ctx context.Context) (done bool, err error) { + pool, err := data.crdClient.CrdV1alpha2().ExternalIPPools().Get(context.TODO(), ipPool.Name, metav1.GetOptions{}) + if err != nil { + return false, fmt.Errorf("failed to get ExternalIPPool: %v", err) + } + gotUsed, gotTotal = pool.Status.Usage.Used, pool.Status.Usage.Total + if expectedUsed != pool.Status.Usage.Used { + return false, nil + } + if tt.expectedTotal != pool.Status.Usage.Total { + return false, nil + } + return true, nil + }) require.NoError(t, err, "ExternalIPPool status not match: expectedTotal=%d, got=%d, expectedUsed=%d, got=%d", tt.expectedTotal, gotTotal, expectedUsed, gotUsed) } checkEIPStatus(1) @@ -520,7 +521,7 @@ func testServiceNodeFailure(t *testing.T, data *TestData) { expectedMigratedNode = nodeName(0) } // The Agent on the original Node is paused. Run antctl from the expected migrated Node instead. - err = wait.PollImmediate(200*time.Millisecond, 15*time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 15*time.Second, true, func(ctx context.Context) (done bool, err error) { assignedNode, err := data.getServiceAssignedNode(expectedMigratedNode, service) if err != nil { return false, nil @@ -600,7 +601,7 @@ func testExternalIPAccess(t *testing.T, data *TestData) { waitExternalIPConfigured := func(service *v1.Service) (string, string, error) { var ip string var assignedNode string - err := wait.PollImmediate(200*time.Millisecond, 5*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 5*time.Second, true, func(ctx context.Context) (done bool, err error) { service, err = data.clientset.CoreV1().Services(service.Namespace).Get(context.TODO(), service.Name, metav1.GetOptions{}) if err != nil { return false, err @@ -713,7 +714,7 @@ func (data *TestData) getServiceAssignedNode(node string, service *v1.Service) ( func (data *TestData) waitForServiceConfigured(service *v1.Service, expectedExternalIP string, expectedNodeName string) (*v1.Service, string, error) { var assignedNode string - err := wait.PollImmediate(200*time.Millisecond, 15*time.Second, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 15*time.Second, true, func(ctx context.Context) (done bool, err error) { service, err = data.clientset.CoreV1().Services(service.Namespace).Get(context.TODO(), service.Name, metav1.GetOptions{}) if err != nil { return false, err diff --git a/test/e2e/supportbundle_test.go b/test/e2e/supportbundle_test.go index a7a51e07cd0..08633112efb 100644 --- a/test/e2e/supportbundle_test.go +++ b/test/e2e/supportbundle_test.go @@ -111,7 +111,7 @@ func getAndCheckSupportBundle(t *testing.T, name, podIP string, podPort int, tok require.Equal(t, systemv1beta1.SupportBundleStatusCollecting, bundle.Status) // Waiting for the generation to be completed. ddl := time.After(defaultTimeout) - err = wait.PollImmediateUntil(200*time.Millisecond, func() (done bool, err error) { + err = wait.PollUntilContextCancel(context.TODO(), 200*time.Millisecond, true, func(ctx context.Context) (done bool, err error) { select { case <-ddl: return false, fmt.Errorf("collecting timeout") @@ -120,7 +120,7 @@ func getAndCheckSupportBundle(t *testing.T, name, podIP string, podPort int, tok bundle, err = clients.SystemV1beta1().SupportBundles().Get(context.TODO(), name, metav1.GetOptions{}) require.NoError(t, err) return bundle.Status == systemv1beta1.SupportBundleStatusCollected, nil - }, nil) + }) require.NoError(t, err) // Checking the complete status. bundle, err = clients.SystemV1beta1().SupportBundles().Get(context.TODO(), name, metav1.GetOptions{}) diff --git a/test/e2e/traceflow_test.go b/test/e2e/traceflow_test.go index 98bc03e52f4..f8df547836e 100644 --- a/test/e2e/traceflow_test.go +++ b/test/e2e/traceflow_test.go @@ -2315,7 +2315,7 @@ func (data *TestData) waitForTraceflow(t *testing.T, name string, phase v1beta1. var tf *v1beta1.Traceflow var err error timeout := 15 * time.Second - if err = wait.PollImmediate(defaultInterval, timeout, func() (bool, error) { + if err = wait.PollUntilContextTimeout(context.Background(), defaultInterval, timeout, true, func(ctx context.Context) (bool, error) { tf, err = data.crdClient.CrdV1beta1().Traceflows().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil || tf.Status.Phase != phase { return false, nil @@ -2442,7 +2442,7 @@ func (data *TestData) waitForNetworkpolicyRealized(pod string, node string, isWi if npType == v1beta2.AntreaNetworkPolicy { npOption = "ANNP" } - if err := wait.Poll(200*time.Millisecond, 5*time.Second, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 200*time.Millisecond, 5*time.Second, false, func(ctx context.Context) (bool, error) { var stdout, stderr string var err error if isWindows { @@ -2458,7 +2458,7 @@ func (data *TestData) waitForNetworkpolicyRealized(pod string, node string, isWi return false, fmt.Errorf("Error when executing antctl get NetworkPolicy, stdout: %s, stderr: %s, err: %v", stdout, stderr, err) } return strings.Contains(stdout, fmt.Sprintf("%s:%s/%s", npType, data.testNamespace, networkpolicy)), nil - }); err == wait.ErrWaitTimeout { + }); wait.Interrupted(err) { return fmt.Errorf("NetworkPolicy %s isn't realized in time", networkpolicy) } else if err != nil { return err diff --git a/test/e2e/vmagent_test.go b/test/e2e/vmagent_test.go index 9b5551d9007..94bbf55cd54 100644 --- a/test/e2e/vmagent_test.go +++ b/test/e2e/vmagent_test.go @@ -84,14 +84,14 @@ func TestVMAgent(t *testing.T) { func (data *TestData) waitForDeploymentReady(t *testing.T, namespace string, name string, timeout time.Duration) error { t.Logf("Waiting for Deployment '%s/%s' to be ready", namespace, name) - err := wait.Poll(1*time.Second, timeout, func() (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), 1*time.Second, timeout, false, func(ctx context.Context) (bool, error) { dp, err := data.clientset.AppsV1().Deployments(namespace).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return false, err } return dp.Status.ObservedGeneration == dp.Generation && dp.Status.ReadyReplicas == *dp.Spec.Replicas, nil }) - if err == wait.ErrWaitTimeout { + if wait.Interrupted(err) { _, stdout, _, _ := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl -n %s describe pod -l app=sftp", namespace)) return fmt.Errorf("some replicas for Deployment '%s/%s' are not ready after %v:\n%v", namespace, name, timeout, stdout) } else if err != nil { @@ -103,7 +103,7 @@ func (data *TestData) waitForDeploymentReady(t *testing.T, namespace string, nam func (data *TestData) waitForSupportBundleCollectionRealized(t *testing.T, name string, timeout time.Duration) error { t.Logf("Waiting for SupportBundleCollection '%s' to be realized", name) var sbc *crdv1alpha1.SupportBundleCollection - if err := wait.Poll(100*time.Millisecond, timeout, func() (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, timeout, false, func(ctx context.Context) (bool, error) { var getErr error sbc, getErr = data.crdClient.CrdV1alpha1().SupportBundleCollections().Get(context.TODO(), name, metav1.GetOptions{}) if getErr != nil { @@ -265,7 +265,7 @@ func setupVMAgentTest(t *testing.T, data *TestData) ([]vmInfo, error) { // and verifies uplink configuration is restored. func teardownVMAgentTest(t *testing.T, data *TestData, vmList []vmInfo) { verifyUpLinkAfterCleanup := func(vm vmInfo) { - err := wait.PollImmediate(10*time.Second, 1*time.Minute, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 10*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { var tempVM vmInfo if vm.osType == linuxOS { tempVM = getVMInfo(t, data, vm.nodeName) @@ -294,7 +294,7 @@ func teardownVMAgentTest(t *testing.T, data *TestData, vmList []vmInfo) { } func verifyExternalEntityExistence(t *testing.T, data *TestData, eeName string, vmNodeName string, expectExists bool) { - if err := wait.PollImmediate(10*time.Second, 1*time.Minute, func() (done bool, err error) { + if err := wait.PollUntilContextTimeout(context.Background(), 10*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { t.Logf("Verifying ExternalEntity %s, expectExists %t", eeName, expectExists) _, err = data.crdClient.CrdV1alpha2().ExternalEntities(namespace).Get(context.TODO(), eeName, metav1.GetOptions{}) if err != nil && !errors.IsNotFound(err) { @@ -325,7 +325,7 @@ func verifyExternalEntityExistence(t *testing.T, data *TestData, eeName string, func testExternalNode(t *testing.T, data *TestData, vmList []vmInfo) { verifyExternalNodeRealization := func(vm vmInfo) { - err := wait.PollImmediate(10*time.Second, 1*time.Minute, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), 10*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { t.Logf("Verify host interface configuration for VM: %s", vm.nodeName) exists, err := verifyInterfaceIsInOVS(t, data, vm) return exists, err @@ -665,7 +665,7 @@ func runPingCommandOnVM(data *TestData, dstVM vmInfo, connected bool) error { expOutput := fmt.Sprintf("%d packets transmitted, %d received", pingCount, expCount) // Use master Node to run ping command. pingClient := nodeName(0) - err := wait.PollImmediate(time.Second*5, time.Second*20, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second*5, time.Second*20, true, func(ctx context.Context) (done bool, err error) { if err := runCommandAndCheckResult(data, pingClient, cmdStr, expOutput, ""); err != nil { return false, nil } @@ -676,7 +676,7 @@ func runPingCommandOnVM(data *TestData, dstVM vmInfo, connected bool) error { func runIperfCommandOnVMs(t *testing.T, data *TestData, srcVM vmInfo, dstVM vmInfo, connected bool, isUDP bool, ruleAction crdv1beta1.RuleAction) error { svrIP := net.ParseIP(dstVM.ip) - err := wait.PollImmediate(time.Second*5, time.Second*20, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second*5, time.Second*20, true, func(ctx context.Context) (done bool, err error) { if err := runIperfClient(t, data, srcVM, svrIP, iperfPort, isUDP, connected, ruleAction); err != nil { return false, nil } @@ -769,7 +769,7 @@ func runCurlCommandOnVM(data *TestData, targetVM vmInfo, url string, action crdv case crdv1beta1.RuleActionReject: expectedErr = "Connection refused" } - err := wait.PollImmediate(time.Second*5, time.Second*20, func() (done bool, err error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second*5, time.Second*20, true, func(ctx context.Context) (done bool, err error) { if err := runCommandAndCheckResult(data, targetVM.nodeName, cmdStr, expectedOutput, expectedErr); err != nil { return false, nil } diff --git a/test/integration/agent/route_test.go b/test/integration/agent/route_test.go index 974fb3f7919..63ed6adcab8 100644 --- a/test/integration/agent/route_test.go +++ b/test/integration/agent/route_test.go @@ -18,6 +18,7 @@ package agent import ( + "context" "fmt" "net" "os" @@ -472,7 +473,7 @@ func TestSyncGatewayKernelRoute(t *testing.T) { listCmd := fmt.Sprintf("ip route show table 0 exact %s", podCIDR) - err = wait.PollImmediate(100*time.Millisecond, 2*time.Second, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), 100*time.Millisecond, 2*time.Second, true, func(ctx context.Context) (done bool, err error) { expOutput, err := exec.Command("bash", "-c", listCmd).Output() if err != nil { return false, err @@ -490,7 +491,7 @@ func TestSyncGatewayKernelRoute(t *testing.T) { route.SyncInterval = 2 * time.Second go routeClient.Run(stopCh) - err = wait.Poll(1*time.Second, 2*route.SyncInterval, func() (done bool, err error) { + err = wait.PollUntilContextTimeout(context.Background(), 1*time.Second, 2*route.SyncInterval, false, func(ctx context.Context) (done bool, err error) { expOutput, err := exec.Command("bash", "-c", listCmd).Output() if err != nil { return false, err diff --git a/test/integration/ovs/ofctrl_test.go b/test/integration/ovs/ofctrl_test.go index 0faa93f50d4..4b00fe5cbac 100644 --- a/test/integration/ovs/ofctrl_test.go +++ b/test/integration/ovs/ofctrl_test.go @@ -15,6 +15,7 @@ package ovs import ( + "context" "fmt" "net" "strings" @@ -222,7 +223,7 @@ func TestOFctrlFlow(t *testing.T) { // Test: DumpFlows dumpCookieID, dumpCookieMask := getCookieIDMask() flowStates, err := bridge.DumpFlows(dumpCookieID, dumpCookieMask) - require.Nil(t, err, "no error returns in DumpFlows") + require.NoError(t, err, "no error returns in DumpFlows") if len(flowStates) != len(flowList) { t.Errorf("Flow count in dump result is incorrect") } @@ -240,11 +241,11 @@ func TestOFctrlFlow(t *testing.T) { if err != nil { t.Errorf("Failed to DeleteFlowsByCookie: %v", err) } - require.NoError(t, wait.PollImmediate(time.Millisecond*100, time.Second, func() (done bool, err error) { - flowList, err = OfctlDumpTableFlowsWithoutName(ovsCtlClient, myTable.GetID()) - require.Nil(t, err) - return len(flowList) == 0, nil - }), "Failed to delete flows by CookieID") + require.Eventually(t, func() bool { + flowList, err := OfctlDumpTableFlowsWithoutName(ovsCtlClient, myTable.GetID()) + require.NoError(t, err) + return len(flowList) == 0 + }, time.Second, time.Millisecond*100, "Failed to delete flows by CookieID") } } @@ -310,13 +311,14 @@ func TestOFctrlGroup(t *testing.T) { group = bucketBuilder.Done() } // Check if the group could be added. - require.Nil(t, group.Add()) + require.NoError(t, group.Add()) var groups [][]string - require.NoError(t, wait.PollImmediate(openFlowCheckInterval, openFlowCheckTimeout, func() (done bool, err error) { - groups, err = OfCtlDumpGroups(ovsCtlClient) - require.Nil(t, err) - return len(groups) == 1, nil - }), "Failed to install group") + require.NoError(t, wait.PollUntilContextTimeout(context.Background(), openFlowCheckInterval, openFlowCheckTimeout, true, + func(ctx context.Context) (done bool, err error) { + groups, err = OfCtlDumpGroups(ovsCtlClient) + require.Nil(t, err) + return len(groups) == 1, nil + }), "Failed to install group") dumpedGroup := groups[0] for i, bucket := range buckets { if name == "Normal" { @@ -341,12 +343,12 @@ func TestOFctrlGroup(t *testing.T) { } } // Check if the group could be deleted. - require.Nil(t, group.Delete()) - require.NoError(t, wait.PollImmediate(openFlowCheckInterval, openFlowCheckTimeout, func() (done bool, err error) { - groups, err = OfCtlDumpGroups(ovsCtlClient) - require.Nil(t, err) - return len(groups) == 0, nil - }), "Failed to delete group") + require.NoError(t, group.Delete()) + require.Eventually(t, func() bool { + groups, err := OfCtlDumpGroups(ovsCtlClient) + require.NoError(t, err) + return len(groups) == 0 + }, openFlowCheckTimeout, openFlowCheckInterval, "Failed to delete group") }) id++ } @@ -355,24 +357,23 @@ func TestOFctrlGroup(t *testing.T) { func TestTransactions(t *testing.T) { br := "br04" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer func() { err = DeleteOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("error while deleting OVS bridge: %v", err)) + require.NoError(t, err, "error while deleting OVS bridge") }() bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) - err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, bridge.Connect(maxRetry, make(chan struct{})), "Failed to start OFService") defer bridge.Disconnect() ovsCtlClient := ovsctl.NewClient(br) flows, expectflows := prepareFlows(table) err = bridge.AddFlowsInBundle(openflow.GetFlowModMessages(flows, binding.AddMessage), nil, nil) - require.Nil(t, err, fmt.Sprintf("Failed to add flows in a transaction: %v", err)) + require.NoError(t, err, "Failed to add flows in a transaction") dumpTable := table.GetID() flowList := CheckFlowExists(t, ovsCtlClient, "", dumpTable, true, expectflows) @@ -387,7 +388,7 @@ func TestTransactions(t *testing.T) { // Delete flows in a bundle err = bridge.AddFlowsInBundle(nil, nil, openflow.GetFlowModMessages(flows, binding.DeleteMessage)) - require.Nil(t, err, fmt.Sprintf("Failed to delete flows in a transaction: %v", err)) + require.NoError(t, err, "Failed to delete flows in a transaction") dumpTable = table.GetID() flowList = CheckFlowExists(t, ovsCtlClient, "", dumpTable, false, expectflows) @@ -401,7 +402,7 @@ func TestTransactions(t *testing.T) { // Invoke AddFlowsInBundle with no Flow to add/modify/delete. err = bridge.AddFlowsInBundle(nil, nil, nil) - require.Nil(t, err, fmt.Sprintf("Not compatible with none flows in the request: %v", err)) + require.NoError(t, err, "Not compatible with none flows in the request") for _, tableStates := range bridge.DumpTableStatus() { if tableStates.ID == uint(dumpTable) { if int(tableStates.FlowCount) != len(flowList) { @@ -414,17 +415,17 @@ func TestTransactions(t *testing.T) { func TestBundleErrorWhenOVSRestart(t *testing.T) { br := "br06" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer func() { err = DeleteOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("error while deleting OVS bridge: %v", err)) + require.NoError(t, err, "Failed to delete bridge") }() bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() // Ensure OVS is connected before sending bundle messages. @@ -501,7 +502,7 @@ func TestBundleErrorWhenOVSRestart(t *testing.T) { func TestReconnectOFSwitch(t *testing.T) { br := "br07" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) @@ -513,7 +514,7 @@ func TestReconnectOFSwitch(t *testing.T) { } }() err = bridge.Connect(maxRetry, reconnectCh) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() require.Equal(t, connectCount, 1) @@ -523,11 +524,11 @@ func TestReconnectOFSwitch(t *testing.T) { DeleteOVSBridge(br) time.Sleep(8 * time.Second) err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") }() err = DeleteOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to delete bridge: %v", err)) + require.NoError(t, err, "Failed to delete bridge") time.Sleep(12 * time.Second) require.Equal(t, 2, connectCount) } @@ -536,14 +537,14 @@ func TestReconnectOFSwitch(t *testing.T) { func TestBundleWithGroupAndFlow(t *testing.T) { br := "br08" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() ovsCtlClient := ovsctl.NewClient(br) @@ -583,12 +584,12 @@ func TestBundleWithGroupAndFlow(t *testing.T) { bucket1 := "weight:100,actions=set_field:0xa0a0202->reg1,set_field:0x35->reg2,set_field:0xfff1->reg3,resubmit(,3)" expectedGroupBuckets := []string{bucket0, bucket1} err = bridge.AddOFEntriesInBundle([]binding.OFEntry{flow, group}, nil, nil) - require.Nil(t, err) + require.NoError(t, err) CheckFlowExists(t, ovsCtlClient, "", table.GetID(), true, expectedFlows) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, true) err = bridge.AddOFEntriesInBundle(nil, nil, []binding.OFEntry{flow, group}) - require.Nil(t, err) + require.NoError(t, err) CheckFlowExists(t, ovsCtlClient, "", table.GetID(), false, expectedFlows) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, false) } @@ -596,7 +597,7 @@ func TestBundleWithGroupAndFlow(t *testing.T) { func TestPacketOutIn(t *testing.T) { br := "br09" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) @@ -604,13 +605,13 @@ func TestPacketOutIn(t *testing.T) { table1 := bridge.NewTable(t1, t2.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() category := uint8(1) pktInQueue := binding.NewPacketInQueue(200, rate.Limit(100)) err = bridge.SubscribePacketIn(category, pktInQueue) - require.Nil(t, err) + require.NoError(t, err) srcMAC, _ := net.ParseMAC("11:11:11:11:11:11") dstcMAC, _ := net.ParseMAC("11:11:11:11:11:22") @@ -664,7 +665,7 @@ func TestPacketOutIn(t *testing.T) { SetTCPSrcPort(srcPort).SetTCPDstPort(dstPort). AddLoadRegMark(mark). Done() - require.Nil(t, err) + require.NoError(t, err) flow0 := table0.BuildFlow(100). MatchSrcMAC(srcMAC).MatchDstMAC(dstcMAC). MatchSrcIP(srcIP).MatchDstIP(dstIP).MatchProtocol(binding.ProtocolTCP). @@ -681,7 +682,7 @@ func TestPacketOutIn(t *testing.T) { Action().SendToController([]byte{0x1}, false). Done() err = bridge.AddFlowsInBundle(openflow.GetFlowModMessages([]binding.Flow{flow0, flow1}, binding.AddMessage), nil, nil) - require.Nil(t, err) + require.NoError(t, err) err = bridge.SendPacketOut(pkt) require.NoError(t, err) <-stopCh @@ -690,14 +691,14 @@ func TestPacketOutIn(t *testing.T) { func TestFlowWithCTMatchers(t *testing.T) { br := "br09" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() ofctlClient := ovsctl.NewClient(br) @@ -779,14 +780,14 @@ func TestFlowWithCTMatchers(t *testing.T) { func TestNoteAction(t *testing.T) { br := "br10" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() ofctlClient := ovsctl.NewClient(br) @@ -830,14 +831,14 @@ func TestNoteAction(t *testing.T) { func TestLoadToLabelFieldAction(t *testing.T) { br := "br13" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) table = bridge.NewTable(t2, t3.GetID(), binding.TableMissActionNext) err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() ovsCtlClient := ovsctl.NewClient(br) @@ -896,7 +897,7 @@ func TestLoadToLabelFieldAction(t *testing.T) { func TestBundleWithGroupInsertBucket(t *testing.T) { br := "br12" err := PrepareOVSBridge(br) - require.Nil(t, err, fmt.Sprintf("Failed to prepare OVS bridge: %v", err)) + require.NoError(t, err, "Failed to prepare OVS bridge") defer DeleteOVSBridge(br) bridge := newOFBridge(br) @@ -909,7 +910,7 @@ func TestBundleWithGroupInsertBucket(t *testing.T) { }() err = bridge.Connect(maxRetry, make(chan struct{})) - require.Nil(t, err, "Failed to start OFService") + require.NoError(t, err, "Failed to start OFService") defer bridge.Disconnect() ovsCtlClient := ovsctl.NewClient(br) @@ -918,7 +919,7 @@ func TestBundleWithGroupInsertBucket(t *testing.T) { group := bridge.NewGroup(groupID) expectedGroupBuckets := []string{} err = bridge.AddOFEntriesInBundle([]binding.OFEntry{group}, nil, nil) - require.Nil(t, err) + require.NoError(t, err) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, true) field1 := binding.NewRegField(1, 0, 31) @@ -946,7 +947,7 @@ func TestBundleWithGroupInsertBucket(t *testing.T) { bucket3 := "weight:100,actions=set_field:0xa0a0202->reg1,set_field:0x3->reg2,set_field:0xfff1->reg3,resubmit(,3)" expectedGroupBuckets = []string{bucket1, bucket2, bucket3} err = bridge.AddOFEntriesInBundle(nil, []binding.OFEntry{group}, nil) - require.Nil(t, err) + require.NoError(t, err) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, true) group = group. @@ -959,13 +960,13 @@ func TestBundleWithGroupInsertBucket(t *testing.T) { bucket4 := "weight:100,actions=set_field:0xa0a0202->reg1,set_field:0x4->reg2,set_field:0xfff1->reg3,resubmit(,3)" expectedGroupBuckets = []string{bucket1, bucket2, bucket3, bucket4} err = bridge.AddOFEntriesInBundle(nil, []binding.OFEntry{group}, nil) - require.Nil(t, err) + require.NoError(t, err) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, true) group.ResetBuckets() expectedGroupBuckets = []string{} err = bridge.AddOFEntriesInBundle(nil, []binding.OFEntry{group}, nil) - require.Nil(t, err) + require.NoError(t, err) CheckGroupExists(t, ovsCtlClient, groupID, "select", expectedGroupBuckets, true) } diff --git a/test/integration/ovs/openflow_test_utils.go b/test/integration/ovs/openflow_test_utils.go index 81b3abbc811..168cd42eab7 100644 --- a/test/integration/ovs/openflow_test_utils.go +++ b/test/integration/ovs/openflow_test_utils.go @@ -15,6 +15,7 @@ package ovs import ( + "context" "fmt" "os/exec" "strings" @@ -71,7 +72,7 @@ func CheckFlowExists(t *testing.T, ovsCtlClient ovsctl.OVSCtlClient, tableName s if table == "" { table = fmt.Sprintf("%d", tableID) } - if err := wait.PollImmediate(openFlowCheckInterval, openFlowCheckTimeout, func() (done bool, err error) { + if err := wait.PollUntilContextTimeout(context.TODO(), openFlowCheckInterval, openFlowCheckTimeout, true, func(ctx context.Context) (done bool, err error) { unexpectedFlows = unexpectedFlows[:0] if tableName != "" { flowList, err = OfctlDumpTableFlows(ovsCtlClient, tableName) @@ -108,25 +109,26 @@ func CheckGroupExists(t *testing.T, ovsCtlClient ovsctl.OVSCtlClient, groupID bi } groupStr := fmt.Sprintf("group_id=%d,type=%s,%s", groupID, groupType, strings.Join(bucketStrs, ",")) var groupList [][]string - if err := wait.PollImmediate(openFlowCheckInterval, openFlowCheckTimeout, func() (done bool, err error) { - groupList, err = OfCtlDumpGroups(ovsCtlClient) - require.NoError(t, err, "Error dumping groups") - found := false - for _, groupElems := range groupList { - groupEntry := fmt.Sprintf("%s,bucket=", groupElems[0]) - var groupElemStrs []string - for _, elem := range groupElems[1:] { - elemStr := strings.Join(strings.Split(elem, ",")[1:], ",") - groupElemStrs = append(groupElemStrs, elemStr) + if err := wait.PollUntilContextTimeout(context.TODO(), openFlowCheckInterval, openFlowCheckTimeout, true, + func(ctx context.Context) (done bool, err error) { + groupList, err = OfCtlDumpGroups(ovsCtlClient) + require.NoError(t, err, "Error dumping groups") + found := false + for _, groupElems := range groupList { + groupEntry := fmt.Sprintf("%s,bucket=", groupElems[0]) + var groupElemStrs []string + for _, elem := range groupElems[1:] { + elemStr := strings.Join(strings.Split(elem, ",")[1:], ",") + groupElemStrs = append(groupElemStrs, elemStr) + } + groupEntry = fmt.Sprintf("%s%s", groupEntry, strings.Join(groupElemStrs, ",bucket=")) + if strings.Contains(groupEntry, groupStr) { + found = true + break + } } - groupEntry = fmt.Sprintf("%s%s", groupEntry, strings.Join(groupElemStrs, ",bucket=")) - if strings.Contains(groupEntry, groupStr) { - found = true - break - } - } - return found == expectFound, nil - }); err != nil { + return found == expectFound, nil + }); err != nil { if expectFound { t.Errorf("Failed to install group: %s", groupStr) } else { diff --git a/third_party/ipam/nodeipam/ipam/cidr_allocator.go b/third_party/ipam/nodeipam/ipam/cidr_allocator.go index 06bab81ad10..4b0fa301fa9 100644 --- a/third_party/ipam/nodeipam/ipam/cidr_allocator.go +++ b/third_party/ipam/nodeipam/ipam/cidr_allocator.go @@ -41,7 +41,7 @@ import ( "net" "time" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" @@ -144,18 +144,19 @@ func listNodes(kubeClient clientset.Interface) (*v1.NodeList, error) { var nodeList *v1.NodeList // We must poll because apiserver might not be up. This error causes // controller manager to restart. - if pollErr := wait.Poll(nodePollInterval, apiserverStartupGracePeriod, func() (bool, error) { - var err error - nodeList, err = kubeClient.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ - FieldSelector: fields.Everything().String(), - LabelSelector: labels.Everything().String(), - }) - if err != nil { - klog.Errorf("Failed to list all nodes: %v", err) - return false, nil - } - return true, nil - }); pollErr != nil { + if pollErr := wait.PollUntilContextTimeout(context.TODO(), nodePollInterval, apiserverStartupGracePeriod, false, + func(ctx context.Context) (bool, error) { + var err error + nodeList, err = kubeClient.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ + FieldSelector: fields.Everything().String(), + LabelSelector: labels.Everything().String(), + }) + if err != nil { + klog.Errorf("Failed to list all nodes: %v", err) + return false, nil + } + return true, nil + }); pollErr != nil { return nil, fmt.Errorf("failed to list all nodes in %v, cannot proceed without updating CIDR map", apiserverStartupGracePeriod) } diff --git a/third_party/proxy/service.go b/third_party/proxy/service.go index 53c8c72c745..625a63804b5 100644 --- a/third_party/proxy/service.go +++ b/third_party/proxy/service.go @@ -244,12 +244,11 @@ func (sct *ServiceChangeTracker) newBaseServiceInfo(port *v1.ServicePort, servic internalPolicyLocal: internalPolicyLocal, internalTrafficPolicy: service.Spec.InternalTrafficPolicy, } - // TODO: Switch to v1.DeprecatedAnnotationTopologyAwareHints and v1.AnnotationTopologyMode after - // upgrading Antrea K8s API to at least 1.27 + var ok bool - info.hintsAnnotation, ok = service.Annotations[v1.AnnotationTopologyAwareHints] + info.hintsAnnotation, ok = service.Annotations[v1.DeprecatedAnnotationTopologyAwareHints] if !ok { - info.hintsAnnotation, _ = service.Annotations["service.kubernetes.io/topology-mode"] + info.hintsAnnotation = service.Annotations[v1.AnnotationTopologyMode] } loadBalancerSourceRanges := make([]string, len(service.Spec.LoadBalancerSourceRanges)) diff --git a/third_party/proxy/types.go b/third_party/proxy/types.go index 85632ee6425..4ac809e148b 100644 --- a/third_party/proxy/types.go +++ b/third_party/proxy/types.go @@ -108,7 +108,7 @@ type ServicePort interface { InternalPolicyLocal() bool // InternalTrafficPolicy returns service InternalTrafficPolicy InternalTrafficPolicy() *v1.ServiceInternalTrafficPolicyType - // HintsAnnotation returns the value of the v1.AnnotationTopologyAwareHints annotation or + // HintsAnnotation returns the value of the v1.DeprecatedAnnotationTopologyAwareHints annotation or // service.kubernetes.io/topology-mode annotation. HintsAnnotation() string // ExternallyAccessible returns true if the service port is reachable via something From 5843387422074f396f13b51a6cc1aa2d3c31ff6a Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Wed, 20 Mar 2024 19:20:26 -0700 Subject: [PATCH 07/10] [e2e test] Fix antctl coverage collection from CP Node on Kind (#6127) Signed-off-by: Antonin Bas --- test/e2e/framework.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/e2e/framework.go b/test/e2e/framework.go index c3a5a342318..f81bc17891d 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -2752,7 +2752,10 @@ func (data *TestData) collectAntctlCovFilesFromControlPlaneNode(covDir string) e // copy antctl coverage files from node to the coverage directory var cmd string if testOptions.providerName == "kind" { - cmd = fmt.Sprintf("/bin/sh -c find %s -maxdepth 1 -name 'antctl*.out'", cpNodeCoverageDir) + // Do not use single quotes here, as they will be interpreted literally. + // RunDockerExecCommand does not invoke a shell by default and it will split this + // string into a list of args. + cmd = fmt.Sprintf("find %s -maxdepth 1 -name antctl*.out", cpNodeCoverageDir) } else { cmd = fmt.Sprintf("find %s -maxdepth 1 -name 'antctl*.out'", cpNodeCoverageDir) } From 2ba8c5fb4e95e6a394e9835060ebfe441b9b36a8 Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Thu, 21 Mar 2024 09:14:44 -0700 Subject: [PATCH 08/10] Remove unnecessary code from UBI Dockerfiles (#6128) Because we are now disabling cgo when building all Antrea binaries, there is no need to install Go manually when building the UBI images. It was required before because of incompatibility between the glibc versions in the golang image and the ubi8 base image. We can now use the standard golang image to compile the Antrea binaries (without cgo, there is no dependency on glibc), then copy these binaries to the ubi8 image. PR https://github.com/antrea-io/antrea/pull/5988, which disabled cgo, removed the unnecessary code from Dockerfile.build.ubi, but not from the other Dockerfiles (Dockerfile.build.agent.ubi and Dockerfile.build.controller.ubi). Signed-off-by: Antonin Bas --- build/images/Dockerfile.build.agent.ubi | 25 ++------------------ build/images/Dockerfile.build.controller.ubi | 25 ++------------------ 2 files changed, 4 insertions(+), 46 deletions(-) diff --git a/build/images/Dockerfile.build.agent.ubi b/build/images/Dockerfile.build.agent.ubi index 634212d384f..3462ed1cd1e 100644 --- a/build/images/Dockerfile.build.agent.ubi +++ b/build/images/Dockerfile.build.agent.ubi @@ -12,30 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -ARG BUILD_TAG -FROM registry.access.redhat.com/ubi8 as antrea-build - -ADD https://go.dev/dl/?mode=json&include=all go-versions.json - -RUN yum install ca-certificates gcc git jq make wget -y - ARG GO_VERSION - -# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file -# to identify and install the latest patch release for this minor version. -RUN set -eux; \ - arch="$(uname -m)"; \ - case "${arch##*-}" in \ - x86_64) goArch='amd64' ;; \ - arm) goArch='armv6l' ;; \ - aarch64) goArch='arm64' ;; \ - *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \ - esac; \ - GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \ - wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/ - -# Using ENV makes the change persistent, but this is just a builder image. -ENV PATH /usr/local/go/bin:$PATH +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build WORKDIR /antrea diff --git a/build/images/Dockerfile.build.controller.ubi b/build/images/Dockerfile.build.controller.ubi index 5bb43b96c7b..9a2e03bfb21 100644 --- a/build/images/Dockerfile.build.controller.ubi +++ b/build/images/Dockerfile.build.controller.ubi @@ -12,30 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -ARG BUILD_TAG -FROM registry.access.redhat.com/ubi8 as antrea-build - -ADD https://go.dev/dl/?mode=json&include=all go-versions.json - -RUN yum install ca-certificates gcc git jq make wget -y - ARG GO_VERSION - -# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file -# to identify and install the latest patch release for this minor version. -RUN set -eux; \ - arch="$(uname -m)"; \ - case "${arch##*-}" in \ - x86_64) goArch='amd64' ;; \ - arm) goArch='armv6l' ;; \ - aarch64) goArch='arm64' ;; \ - *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \ - esac; \ - GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \ - wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/ - -# Using ENV makes the change persistent, but this is just a builder image. -ENV PATH /usr/local/go/bin:$PATH +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build WORKDIR /antrea From a177044cda8144f52d45a68ccefc944ffe22b9dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:34:46 -0700 Subject: [PATCH 09/10] Bump github.com/hashicorp/memberlist from 0.5.0 to 0.5.1 (#6124) Bumps [github.com/hashicorp/memberlist](https://github.com/hashicorp/memberlist) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/hashicorp/memberlist/releases) - [Commits](https://github.com/hashicorp/memberlist/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/memberlist dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 16 ++++------------ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index eba99c21361..0aaecaa2c33 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/btree v1.1.2 github.com/google/uuid v1.6.0 - github.com/hashicorp/memberlist v0.5.0 + github.com/hashicorp/memberlist v0.5.1 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.3.0 github.com/k8snetworkplumbingwg/sriov-cni v2.1.0+incompatible github.com/kevinburke/ssh_config v1.2.0 @@ -151,7 +151,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-immutable-radix v1.0.0 // indirect - github.com/hashicorp/go-msgpack v0.5.3 // indirect + github.com/hashicorp/go-msgpack/v2 v2.1.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-sockaddr v1.0.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect diff --git a/go.sum b/go.sum index db0badd7c06..81b844675e7 100644 --- a/go.sum +++ b/go.sum @@ -404,9 +404,8 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-msgpack/v2 v2.1.1 h1:xQEY9yB2wnHitoSzk/B9UjXWRQ67QKu5AOm8aFp8N3I= +github.com/hashicorp/go-msgpack/v2 v2.1.1/go.mod h1:upybraOAblm4S7rx0+jeNy+CWWhzywQsSRV5033mMu4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-sockaddr v1.0.0 h1:GeH6tui99pF4NJgfnhp+L6+FfobzVW3Ah46sLo0ICXs= @@ -419,8 +418,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM= -github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= +github.com/hashicorp/memberlist v0.5.1 h1:mk5dRuzeDNis2bi6LLoQIXfMH7JQvAzt3mQD0vNZZUo= +github.com/hashicorp/memberlist v0.5.1/go.mod h1:zGDXV6AqbDTKTM6yxW0I4+JtFzZAJVoIPvss4hV8F24= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -538,7 +537,6 @@ github.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL1CV+f0E= github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= -github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws= @@ -810,7 +808,6 @@ golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -852,7 +849,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -908,8 +904,6 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -944,7 +938,6 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -989,7 +982,6 @@ golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= From df82b76631a059d27b769fa0df5748bdac2d52e2 Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Thu, 21 Mar 2024 13:48:54 -0700 Subject: [PATCH 10/10] Update Protobuf dependencies for code generation (#6130) This removes our direct dependency on github.com/golang/protobuf, which has been superseded by google.golang.org/protobuf. Some notable changes since the last time we updated: * The versioning scheme for Protobuf has changed (see https://protobuf.dev/support/version-support/) * The Golang gRPC code generator is now a standalone tool (protoc-gen-go-grpc) and is no longer included as a plugin in protoc-gen-go. With protoc-gen-go-grpc, the service implementations must embed the corresponding `UnimplementedServer` for future compatibility (which we are now doing for `CNIServer`). A new codegen image is released: antrea/codegen:kubernetes-1.29.2-build.0 New versions: * protoc: v26.0 * protoc-gen-go: v1.33.0 * protoc-gen-go-grpc: v1.3.0 In our case, we don't have to worry about client-server compatibility, given that antrea-cni (client) is always reinstalled by the antrea-agent Pod. Even if it was a concern for us, there has been no change in the Protobuf wire format. Signed-off-by: Antonin Bas --- build/images/codegen/Dockerfile | 5 +- build/images/codegen/README.md | 3 + docs/contributors/code-generation.md | 4 +- go.mod | 2 +- hack/update-codegen-dockerized.sh | 2 +- hack/update-codegen.sh | 2 +- multicluster/hack/update-codegen.sh | 2 +- pkg/agent/cniserver/server.go | 5 + pkg/apis/cni/v1beta1/cni.pb.go | 172 ++--------------------- pkg/apis/cni/v1beta1/cni_grpc.pb.go | 197 +++++++++++++++++++++++++++ 10 files changed, 222 insertions(+), 172 deletions(-) create mode 100644 pkg/apis/cni/v1beta1/cni_grpc.pb.go diff --git a/build/images/codegen/Dockerfile b/build/images/codegen/Dockerfile index 4455efe4b3c..1f794c12431 100644 --- a/build/images/codegen/Dockerfile +++ b/build/images/codegen/Dockerfile @@ -18,7 +18,7 @@ FROM ubuntu:22.04 as protoc RUN apt-get update && \ apt-get install -y --no-install-recommends wget ca-certificates unzip -RUN PROTOBUF_VERSION=3.0.2; ZIPNAME="protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"; \ +RUN PROTOBUF_VERSION=26.0; ZIPNAME="protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"; \ mkdir /tmp/protoc && cd /tmp/protoc && \ wget "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/${ZIPNAME}" && \ unzip "${ZIPNAME}" && \ @@ -47,7 +47,8 @@ RUN go install k8s.io/code-generator/cmd/client-gen@kubernetes-$K8S_VERSION && \ go install k8s.io/code-generator/cmd/go-to-protobuf@kubernetes-$K8S_VERSION && \ go install k8s.io/code-generator/cmd/go-to-protobuf/protoc-gen-gogo@kubernetes-$K8S_VERSION && \ go install go.uber.org/mock/mockgen@v0.3.0 && \ - go install github.com/golang/protobuf/protoc-gen-go@v1.5.2 && \ + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.33.0 && \ + go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.3.0 && \ go install golang.org/x/tools/cmd/goimports@latest && \ go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0 diff --git a/build/images/codegen/README.md b/build/images/codegen/README.md index 738873cfeeb..aa1e06a3f82 100644 --- a/build/images/codegen/README.md +++ b/build/images/codegen/README.md @@ -16,10 +16,13 @@ docker push antrea/codegen: The `docker push` command will fail if you do not have permission to push to the `antrea` Dockerhub repository. +The image can only be built on an x86_64 machine (no arm support). + Here is the table of codegen images that have been uploaded: | Tag | Change | | :----------------------------- | ---------------------------------------------------- | +| kubernetes-1.29.2-build.0 | Upgraded protoc (v26.0), protoc-gen-go (v1.33.0), protoc-gen-go-grpc (v1.3.0) | | kubernetes-1.29.2 | Upgraded K8s libraries to v1.29.2 | | kubernetes-1.26.4-build.1 | Replace github.com/golang/mock with go.uber.org/mock | | kubernetes-1.26.4-build.0 | Upgraded Go to v1.21 | diff --git a/docs/contributors/code-generation.md b/docs/contributors/code-generation.md index c9b68acbc52..faf6b2c9701 100644 --- a/docs/contributors/code-generation.md +++ b/docs/contributors/code-generation.md @@ -2,8 +2,8 @@ ## CNI -Antrea uses [protoc](https://github.com/protocolbuffers/protobuf) and [protoc-gen-go]( -https://github.com/golang/protobuf) to generate CNI gRPC service code. +Antrea uses [protoc](https://github.com/protocolbuffers/protobuf), [protoc-gen-go](https://github.com/protocolbuffers/protobuf-go) +and [protoc-gen-go-grpc](https://github.com/grpc/grpc-go) to generate CNI gRPC service code. If you make any change to [cni.proto](../../pkg/apis/cni/v1beta1/cni.proto), you can re-generate the code by invoking `make codegen`. diff --git a/go.mod b/go.mod index 0aaecaa2c33..f1592fc884f 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,6 @@ require ( github.com/gammazero/deque v0.1.2 github.com/go-logr/logr v1.4.1 github.com/gogo/protobuf v1.3.2 - github.com/golang/protobuf v1.5.3 github.com/google/btree v1.1.2 github.com/google/uuid v1.6.0 github.com/hashicorp/memberlist v0.5.1 @@ -139,6 +138,7 @@ require ( github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/cel-go v0.17.7 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect diff --git a/hack/update-codegen-dockerized.sh b/hack/update-codegen-dockerized.sh index 9da35dc0e85..0ae6569eef0 100755 --- a/hack/update-codegen-dockerized.sh +++ b/hack/update-codegen-dockerized.sh @@ -85,7 +85,7 @@ fi function generate_antrea_client_code { # Generate protobuf code for CNI gRPC service with protoc. - protoc --go_out=plugins=grpc:. pkg/apis/cni/v1beta1/cni.proto + protoc --go_out=. --go-grpc_out=. pkg/apis/cni/v1beta1/cni.proto # Generate clientset and apis code with K8s codegen tools. $GOPATH/bin/client-gen \ diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index d5d66efb1f8..125545e340b 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -18,7 +18,7 @@ set -o errexit set -o pipefail ANTREA_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )" -IMAGE_NAME="antrea/codegen:kubernetes-1.29.2" +IMAGE_NAME="antrea/codegen:kubernetes-1.29.2-build.0" # Recent versions of Git will not access .git directories which are owned by # another user (as a security measure), unless the directories are explicitly diff --git a/multicluster/hack/update-codegen.sh b/multicluster/hack/update-codegen.sh index 35a9c3ff230..71b6da6f5b8 100755 --- a/multicluster/hack/update-codegen.sh +++ b/multicluster/hack/update-codegen.sh @@ -18,7 +18,7 @@ set -o errexit set -o pipefail ANTREA_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../" && pwd )" -IMAGE_NAME="antrea/codegen:kubernetes-1.29.2" +IMAGE_NAME="antrea/codegen:kubernetes-1.29.2-build.0" # Recent versions of Git will not access .git directories which are owned by # another user (as a security measure), unless the directories are explicitly diff --git a/pkg/agent/cniserver/server.go b/pkg/agent/cniserver/server.go index cec67536c14..17066a41ed0 100644 --- a/pkg/agent/cniserver/server.go +++ b/pkg/agent/cniserver/server.go @@ -102,6 +102,11 @@ func (arbitrator *containerAccessArbitrator) unlockContainer(containerKey string } type CNIServer struct { + // CNIServer must embed UnimplementedCniServer. It is required by the code generated by + // protoc-gen-go-grpc (although it is possible to opt-out). It technically enables + // forward-compatibility when new methods are added to the gRPC service but are not + // implemented yet. + cnipb.UnimplementedCniServer cniSocket string serverVersion string nodeConfig *config.NodeConfig diff --git a/pkg/apis/cni/v1beta1/cni.pb.go b/pkg/apis/cni/v1beta1/cni.pb.go index 4acc4b5302a..9e13ddb6b64 100644 --- a/pkg/apis/cni/v1beta1/cni.pb.go +++ b/pkg/apis/cni/v1beta1/cni.pb.go @@ -14,20 +14,16 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc (unknown) +// protoc-gen-go v1.33.0 +// protoc v5.26.0 // source: pkg/apis/cni/v1beta1/cni.proto package v1beta1 import ( - context "context" - any1 "github.com/golang/protobuf/ptypes/any" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + anypb "google.golang.org/protobuf/types/known/anypb" reflect "reflect" sync "sync" ) @@ -262,9 +258,9 @@ type Error struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Code ErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=antrea_io.antrea.pkg.apis.cni.v1beta1.ErrorCode" json:"code,omitempty"` - Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` - Details []*any1.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"` + Code ErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=antrea_io.antrea.pkg.apis.cni.v1beta1.ErrorCode" json:"code,omitempty"` + Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` + Details []*anypb.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"` } func (x *Error) Reset() { @@ -313,7 +309,7 @@ func (x *Error) GetMessage() string { return "" } -func (x *Error) GetDetails() []*any1.Any { +func (x *Error) GetDetails() []*anypb.Any { if x != nil { return x.Details } @@ -489,7 +485,7 @@ var file_pkg_apis_cni_v1beta1_cni_proto_goTypes = []interface{}{ (*CniCmdRequest)(nil), // 2: antrea_io.antrea.pkg.apis.cni.v1beta1.CniCmdRequest (*Error)(nil), // 3: antrea_io.antrea.pkg.apis.cni.v1beta1.Error (*CniCmdResponse)(nil), // 4: antrea_io.antrea.pkg.apis.cni.v1beta1.CniCmdResponse - (*any1.Any)(nil), // 5: google.protobuf.Any + (*anypb.Any)(nil), // 5: google.protobuf.Any } var file_pkg_apis_cni_v1beta1_cni_proto_depIdxs = []int32{ 1, // 0: antrea_io.antrea.pkg.apis.cni.v1beta1.CniCmdRequest.cni_args:type_name -> antrea_io.antrea.pkg.apis.cni.v1beta1.CniCmdArgs @@ -584,155 +580,3 @@ func file_pkg_apis_cni_v1beta1_cni_proto_init() { file_pkg_apis_cni_v1beta1_cni_proto_goTypes = nil file_pkg_apis_cni_v1beta1_cni_proto_depIdxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// CniClient is the client API for Cni service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type CniClient interface { - CmdAdd(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) - CmdCheck(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) - CmdDel(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) -} - -type cniClient struct { - cc grpc.ClientConnInterface -} - -func NewCniClient(cc grpc.ClientConnInterface) CniClient { - return &cniClient{cc} -} - -func (c *cniClient) CmdAdd(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { - out := new(CniCmdResponse) - err := c.cc.Invoke(ctx, "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdAdd", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cniClient) CmdCheck(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { - out := new(CniCmdResponse) - err := c.cc.Invoke(ctx, "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdCheck", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cniClient) CmdDel(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { - out := new(CniCmdResponse) - err := c.cc.Invoke(ctx, "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdDel", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CniServer is the server API for Cni service. -type CniServer interface { - CmdAdd(context.Context, *CniCmdRequest) (*CniCmdResponse, error) - CmdCheck(context.Context, *CniCmdRequest) (*CniCmdResponse, error) - CmdDel(context.Context, *CniCmdRequest) (*CniCmdResponse, error) -} - -// UnimplementedCniServer can be embedded to have forward compatible implementations. -type UnimplementedCniServer struct { -} - -func (*UnimplementedCniServer) CmdAdd(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CmdAdd not implemented") -} -func (*UnimplementedCniServer) CmdCheck(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CmdCheck not implemented") -} -func (*UnimplementedCniServer) CmdDel(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CmdDel not implemented") -} - -func RegisterCniServer(s *grpc.Server, srv CniServer) { - s.RegisterService(&_Cni_serviceDesc, srv) -} - -func _Cni_CmdAdd_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CniCmdRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CniServer).CmdAdd(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdAdd", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CniServer).CmdAdd(ctx, req.(*CniCmdRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Cni_CmdCheck_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CniCmdRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CniServer).CmdCheck(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdCheck", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CniServer).CmdCheck(ctx, req.(*CniCmdRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Cni_CmdDel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CniCmdRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CniServer).CmdDel(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdDel", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CniServer).CmdDel(ctx, req.(*CniCmdRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _Cni_serviceDesc = grpc.ServiceDesc{ - ServiceName: "antrea_io.antrea.pkg.apis.cni.v1beta1.Cni", - HandlerType: (*CniServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "CmdAdd", - Handler: _Cni_CmdAdd_Handler, - }, - { - MethodName: "CmdCheck", - Handler: _Cni_CmdCheck_Handler, - }, - { - MethodName: "CmdDel", - Handler: _Cni_CmdDel_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "pkg/apis/cni/v1beta1/cni.proto", -} diff --git a/pkg/apis/cni/v1beta1/cni_grpc.pb.go b/pkg/apis/cni/v1beta1/cni_grpc.pb.go new file mode 100644 index 00000000000..3c9854c4902 --- /dev/null +++ b/pkg/apis/cni/v1beta1/cni_grpc.pb.go @@ -0,0 +1,197 @@ +// Copyright 2019 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v5.26.0 +// source: pkg/apis/cni/v1beta1/cni.proto + +package v1beta1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + Cni_CmdAdd_FullMethodName = "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdAdd" + Cni_CmdCheck_FullMethodName = "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdCheck" + Cni_CmdDel_FullMethodName = "/antrea_io.antrea.pkg.apis.cni.v1beta1.Cni/CmdDel" +) + +// CniClient is the client API for Cni service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type CniClient interface { + CmdAdd(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) + CmdCheck(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) + CmdDel(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) +} + +type cniClient struct { + cc grpc.ClientConnInterface +} + +func NewCniClient(cc grpc.ClientConnInterface) CniClient { + return &cniClient{cc} +} + +func (c *cniClient) CmdAdd(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { + out := new(CniCmdResponse) + err := c.cc.Invoke(ctx, Cni_CmdAdd_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cniClient) CmdCheck(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { + out := new(CniCmdResponse) + err := c.cc.Invoke(ctx, Cni_CmdCheck_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cniClient) CmdDel(ctx context.Context, in *CniCmdRequest, opts ...grpc.CallOption) (*CniCmdResponse, error) { + out := new(CniCmdResponse) + err := c.cc.Invoke(ctx, Cni_CmdDel_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CniServer is the server API for Cni service. +// All implementations must embed UnimplementedCniServer +// for forward compatibility +type CniServer interface { + CmdAdd(context.Context, *CniCmdRequest) (*CniCmdResponse, error) + CmdCheck(context.Context, *CniCmdRequest) (*CniCmdResponse, error) + CmdDel(context.Context, *CniCmdRequest) (*CniCmdResponse, error) + mustEmbedUnimplementedCniServer() +} + +// UnimplementedCniServer must be embedded to have forward compatible implementations. +type UnimplementedCniServer struct { +} + +func (UnimplementedCniServer) CmdAdd(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CmdAdd not implemented") +} +func (UnimplementedCniServer) CmdCheck(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CmdCheck not implemented") +} +func (UnimplementedCniServer) CmdDel(context.Context, *CniCmdRequest) (*CniCmdResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CmdDel not implemented") +} +func (UnimplementedCniServer) mustEmbedUnimplementedCniServer() {} + +// UnsafeCniServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CniServer will +// result in compilation errors. +type UnsafeCniServer interface { + mustEmbedUnimplementedCniServer() +} + +func RegisterCniServer(s grpc.ServiceRegistrar, srv CniServer) { + s.RegisterService(&Cni_ServiceDesc, srv) +} + +func _Cni_CmdAdd_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CniCmdRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CniServer).CmdAdd(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Cni_CmdAdd_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CniServer).CmdAdd(ctx, req.(*CniCmdRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Cni_CmdCheck_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CniCmdRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CniServer).CmdCheck(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Cni_CmdCheck_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CniServer).CmdCheck(ctx, req.(*CniCmdRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Cni_CmdDel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CniCmdRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CniServer).CmdDel(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Cni_CmdDel_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CniServer).CmdDel(ctx, req.(*CniCmdRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Cni_ServiceDesc is the grpc.ServiceDesc for Cni service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Cni_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "antrea_io.antrea.pkg.apis.cni.v1beta1.Cni", + HandlerType: (*CniServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "CmdAdd", + Handler: _Cni_CmdAdd_Handler, + }, + { + MethodName: "CmdCheck", + Handler: _Cni_CmdCheck_Handler, + }, + { + MethodName: "CmdDel", + Handler: _Cni_CmdDel_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "pkg/apis/cni/v1beta1/cni.proto", +}