From 2c6f81eb91452a7672907aa25acd392ef0777941 Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Tue, 30 Nov 2021 14:51:31 +0300 Subject: [PATCH 1/6] moves ingress for vmauth from extensions beta to networking/v1 updates go kubernetes deps for 1.22.4 version --- api/v1beta1/vmauth_types.go | 6 +- api/v1beta1/zz_generated.deepcopy.go | 6 +- ...operator.victoriametrics.com_vmagents.yaml | 10 +- ...r.victoriametrics.com_vmalertmanagers.yaml | 63 ++++++++-- ...operator.victoriametrics.com_vmalerts.yaml | 10 +- .../operator.victoriametrics.com_vmauths.yaml | 71 +++++++---- ...erator.victoriametrics.com_vmclusters.yaml | 118 ++++++++++++------ ...perator.victoriametrics.com_vmsingles.yaml | 70 ++++++++--- ...operator.victoriametrics.com_vmagents.yaml | 10 +- ...r.victoriametrics.com_vmalertmanagers.yaml | 62 +++++++-- ...operator.victoriametrics.com_vmalerts.yaml | 10 +- .../operator.victoriametrics.com_vmauths.yaml | 74 +++++++---- ...erator.victoriametrics.com_vmclusters.yaml | 102 ++++++++++----- ...perator.victoriametrics.com_vmsingles.yaml | 69 +++++++--- controllers/factory/finalize/vmauth.go | 6 +- controllers/factory/vmauth.go | 32 ++--- go.mod | 20 +-- go.sum | 49 ++++---- 18 files changed, 545 insertions(+), 243 deletions(-) diff --git a/api/v1beta1/vmauth_types.go b/api/v1beta1/vmauth_types.go index 89f48d15..82ebecc5 100644 --- a/api/v1beta1/vmauth_types.go +++ b/api/v1beta1/vmauth_types.go @@ -6,7 +6,7 @@ import ( "github.com/VictoriaMetrics/operator/controllers/factory/crd" v1 "k8s.io/api/core/v1" - "k8s.io/api/extensions/v1beta1" + v12 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/utils/pointer" @@ -182,11 +182,11 @@ type EmbeddedIngress struct { // ExtraRules - additional rules for ingress, // must be checked for correctness by user. // +optional - ExtraRules []v1beta1.IngressRule `json:"extraRules,omitempty"` + ExtraRules []v12.IngressRule `json:"extraRules,omitempty"` // ExtraTLS - additional TLS configuration for ingress // must be checked for correctness by user. // +optional - ExtraTLS []v1beta1.IngressTLS `json:"extraTls,omitempty"` + ExtraTLS []v12.IngressTLS `json:"extraTls,omitempty"` } // VMAuthStatus defines the observed state of VMAuth diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 89969d71..00d57140 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -24,7 +24,7 @@ import ( appsv1 "k8s.io/api/apps/v1" "k8s.io/api/autoscaling/v2beta2" "k8s.io/api/core/v1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" + networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" @@ -222,14 +222,14 @@ func (in *EmbeddedIngress) DeepCopyInto(out *EmbeddedIngress) { } if in.ExtraRules != nil { in, out := &in.ExtraRules, &out.ExtraRules - *out = make([]extensionsv1beta1.IngressRule, len(*in)) + *out = make([]networkingv1.IngressRule, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.ExtraTLS != nil { in, out := &in.ExtraTLS, &out.ExtraTLS - *out = make([]extensionsv1beta1.IngressTLS, len(*in)) + *out = make([]networkingv1.IngressTLS, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/config/crd/bases/operator.victoriametrics.com_vmagents.yaml b/config/crd/bases/operator.victoriametrics.com_vmagents.yaml index 9462b1f5..5b281a8b 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmagents.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmagents.yaml @@ -314,12 +314,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' type: string required: - name diff --git a/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml b/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml index 469a8dd2..18494c4e 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml @@ -217,12 +217,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' type: string required: - name @@ -587,14 +589,51 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement - data population, the AnyVolumeDataSource feature gate - must be enabled. If the provisioner or an external controller - can support the specified data source, it will create - a new volume based on the contents of the specified - data source.' + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always have + the same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will be set + to the same value automatically if one of them is empty + and the other is non-empty. There are two important + differences between DataSource and DataSourceRef: * + While DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed value + is specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource diff --git a/config/crd/bases/operator.victoriametrics.com_vmalerts.yaml b/config/crd/bases/operator.victoriametrics.com_vmalerts.yaml index 5a3f627a..8bf83302 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmalerts.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmalerts.yaml @@ -279,12 +279,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' type: string required: - name diff --git a/config/crd/bases/operator.victoriametrics.com_vmauths.yaml b/config/crd/bases/operator.victoriametrics.com_vmauths.yaml index 75e558a0..5d67258f 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmauths.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmauths.yaml @@ -75,12 +75,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' type: string required: - name @@ -212,8 +214,9 @@ spec: description: Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, - serviceName and servicePort must not be - specified. + a service.Name and service.Port must not + be specified. This is a mutually exclusive + setting with "Service". properties: apiGroup: description: APIGroup is the group for @@ -235,25 +238,45 @@ spec: - kind - name type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true + service: + description: Service references a Service + as a Backend. This is a mutually exclusive + setting with "Resource". + properties: + name: + description: Name is the referenced service. + The service must exist in the same namespace + as the Ingress object. + type: string + port: + description: Port of the referenced service. + A port name or port number is required + for a IngressServiceBackend. + properties: + name: + description: Name is the name of the + port on the Service. This is a mutually + exclusive setting with "Number". + type: string + number: + description: Number is the numerical + port number (e.g. 80) on the Service. + This is a mutually exclusive setting + with "Name". + format: int32 + type: integer + type: object + required: + - name + type: object type: object path: description: Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. - Paths must begin with a '/'. When unspecified, - all paths from incoming requests are matched. + Paths must begin with a '/' and must be present + when using PathType with value "Exact" or "Prefix". type: string pathType: description: 'PathType determines the interpretation @@ -274,13 +297,14 @@ spec: IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations - are required to support all path types. Defaults - to ImplementationSpecific.' + are required to support all path types.' type: string required: - backend + - pathType type: object type: array + x-kubernetes-list-type: atomic required: - paths type: object @@ -302,10 +326,11 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic secretName: description: SecretName is the name of the secret used to - terminate SSL traffic on 443. Field is left optional to - allow SSL routing based on SNI hostname alone. If the + terminate TLS traffic on port 443. Field is left optional + to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. diff --git a/config/crd/bases/operator.victoriametrics.com_vmclusters.yaml b/config/crd/bases/operator.victoriametrics.com_vmclusters.yaml index 9c19d73e..826e69e6 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmclusters.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmclusters.yaml @@ -133,13 +133,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' type: string required: - name @@ -602,13 +603,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' type: string required: - name @@ -982,14 +984,56 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population - (Alpha) In order to use custom resource types that - implement data population, the AnyVolumeDataSource - feature gate must be enabled. If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on - the contents of the specified data source.' + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the other + is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource + only allows two specific types of objects, DataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + (Alpha) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -1328,13 +1372,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' type: string required: - name @@ -1766,14 +1811,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. + using the previously defined environment variables + in the container and any service environment variables. If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: description: Source for the environment variable's value. diff --git a/config/crd/bases/operator.victoriametrics.com_vmsingles.yaml b/config/crd/bases/operator.victoriametrics.com_vmsingles.yaml index 13bdea30..78b6a71b 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmsingles.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmsingles.yaml @@ -76,12 +76,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' type: string required: - name @@ -361,13 +363,48 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing custom - resource that implements data population (Alpha) In order to - use custom resource types that implement data population, the - AnyVolumeDataSource feature gate must be enabled. If the provisioner + * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source.' + data source. If the AnyVolumeDataSource feature gate is enabled, + this field will always have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate the + volume with data, if a non-empty volume is desired. This may + be any local object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, + volume binding will only succeed if the type of the specified + object matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource + field and as such if both fields are non-empty, they must have + the same value. For backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. There are + two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values (dropping + them), DataSourceRef preserves all values, and generates an + error if a disallowed value is specified. (Alpha) Using this + field requires the AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource being @@ -603,13 +640,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' type: string valueFrom: description: Source for the environment variable's value. diff --git a/config/crd/legacy/operator.victoriametrics.com_vmagents.yaml b/config/crd/legacy/operator.victoriametrics.com_vmagents.yaml index 42f72e4f..10661e5e 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmagents.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmagents.yaml @@ -304,12 +304,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. + Defaults to "".' type: string required: - name diff --git a/config/crd/legacy/operator.victoriametrics.com_vmalertmanagers.yaml b/config/crd/legacy/operator.victoriametrics.com_vmalertmanagers.yaml index 64b1baf7..4a4f9e18 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmalertmanagers.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmalertmanagers.yaml @@ -214,12 +214,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. + Defaults to "".' type: string required: - name @@ -580,14 +582,50 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement data - population, the AnyVolumeDataSource feature gate must - be enabled. If the provisioner or an external controller - can support the specified data source, it will create - a new volume based on the contents of the specified data - source.' + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always have the + same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only succeed + if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will + replace the functionality of the DataSource field and + as such if both fields are non-empty, they must have the + same value. For backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. There + are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed value + is specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource diff --git a/config/crd/legacy/operator.victoriametrics.com_vmalerts.yaml b/config/crd/legacy/operator.victoriametrics.com_vmalerts.yaml index 1c7eab5c..33d9a901 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmalerts.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmalerts.yaml @@ -271,12 +271,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. + Defaults to "".' type: string required: - name diff --git a/config/crd/legacy/operator.victoriametrics.com_vmauths.yaml b/config/crd/legacy/operator.victoriametrics.com_vmauths.yaml index 8051ec4f..13bbdb78 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmauths.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmauths.yaml @@ -75,12 +75,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. + Defaults to "".' type: string required: - name @@ -210,7 +212,9 @@ spec: description: Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, - serviceName and servicePort must not be specified. + a service.Name and service.Port must not be + specified. This is a mutually exclusive setting + with "Service". properties: apiGroup: description: APIGroup is the group for the @@ -231,25 +235,45 @@ spec: - kind - name type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true + service: + description: Service references a Service as + a Backend. This is a mutually exclusive setting + with "Resource". + properties: + name: + description: Name is the referenced service. + The service must exist in the same namespace + as the Ingress object. + type: string + port: + description: Port of the referenced service. + A port name or port number is required + for a IngressServiceBackend. + properties: + name: + description: Name is the name of the + port on the Service. This is a mutually + exclusive setting with "Number". + type: string + number: + description: Number is the numerical + port number (e.g. 80) on the Service. + This is a mutually exclusive setting + with "Name". + format: int32 + type: integer + type: object + required: + - name + type: object type: object path: description: Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must - begin with a '/'. When unspecified, all paths - from incoming requests are matched. + begin with a '/' and must be present when using + PathType with value "Exact" or "Prefix". type: string pathType: description: 'PathType determines the interpretation @@ -270,13 +294,14 @@ spec: IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations - are required to support all path types. Defaults - to ImplementationSpecific.' + are required to support all path types.' type: string required: - backend + - pathType type: object type: array + x-kubernetes-list-type: atomic required: - paths type: object @@ -298,12 +323,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic secretName: description: SecretName is the name of the secret used to - terminate SSL traffic on 443. Field is left optional to - allow SSL routing based on SNI hostname alone. If the SNI - host in a listener conflicts with the "Host" header field - used by an IngressRule, the SNI host is used for termination + terminate TLS traffic on port 443. Field is left optional + to allow TLS routing based on SNI hostname alone. If the + SNI host in a listener conflicts with the "Host" header + field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. type: string type: object diff --git a/config/crd/legacy/operator.victoriametrics.com_vmclusters.yaml b/config/crd/legacy/operator.victoriametrics.com_vmclusters.yaml index 107483df..ec951323 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmclusters.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmclusters.yaml @@ -132,13 +132,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the + using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' type: string required: - name @@ -594,13 +595,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the + using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' type: string required: - name @@ -970,14 +972,55 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement - data population, the AnyVolumeDataSource feature gate - must be enabled. If the provisioner or an external - controller can support the specified data source, - it will create a new volume based on the contents - of the specified data source.' + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. If the + AnyVolumeDataSource feature gate is enabled, this + field will always have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. + There are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + (Alpha) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -1308,13 +1351,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the + using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' type: string required: - name @@ -1739,13 +1783,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in + using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' type: string valueFrom: description: Source for the environment variable's value. diff --git a/config/crd/legacy/operator.victoriametrics.com_vmsingles.yaml b/config/crd/legacy/operator.victoriametrics.com_vmsingles.yaml index 7b8f7872..0bd856bf 100644 --- a/config/crd/legacy/operator.victoriametrics.com_vmsingles.yaml +++ b/config/crd/legacy/operator.victoriametrics.com_vmsingles.yaml @@ -75,12 +75,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container + the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. + Defaults to "".' type: string required: - name @@ -358,12 +360,48 @@ spec: dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing custom - resource that implements data population (Alpha) In order to use - custom resource types that implement data population, the AnyVolumeDataSource - feature gate must be enabled. If the provisioner or an external - controller can support the specified data source, it will create - a new volume based on the contents of the specified data source.' + * An existing PVC (PersistentVolumeClaim) If the provisioner or + an external controller can support the specified data source, + it will create a new volume based on the contents of the specified + data source. If the AnyVolumeDataSource feature gate is enabled, + this field will always have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate the volume + with data, if a non-empty volume is desired. This may be any local + object from a non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only + succeed if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will replace + the functionality of the DataSource field and as such if both + fields are non-empty, they must have the same value. For backwards + compatibility, both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of them is empty + and the other is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource only + allows two specific types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim objects. * While + DataSource ignores disallowed values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed value is specified. + (Alpha) Using this field requires the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. @@ -597,13 +635,14 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the + using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' type: string valueFrom: description: Source for the environment variable's value. diff --git a/controllers/factory/finalize/vmauth.go b/controllers/factory/finalize/vmauth.go index 7d8bcfe5..0f308224 100644 --- a/controllers/factory/finalize/vmauth.go +++ b/controllers/factory/finalize/vmauth.go @@ -6,7 +6,7 @@ import ( victoriametricsv1beta1 "github.com/VictoriaMetrics/operator/api/v1beta1" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" - "k8s.io/api/extensions/v1beta1" + v12 "k8s.io/api/networking/v1" policyv1beta1 "k8s.io/api/policy/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" @@ -14,7 +14,7 @@ import ( // VMAuthIngressDelete handles case, when user wants to remove spec.Ingress from vmauth config. func VMAuthIngressDelete(ctx context.Context, rclient client.Client, crd *victoriametricsv1beta1.VMAuth) error { - vmauthIngress := &v1beta1.Ingress{ + vmauthIngress := &v12.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: crd.PrefixedName(), Namespace: crd.Namespace, @@ -55,7 +55,7 @@ func OnVMAuthDelete(ctx context.Context, rclient client.Client, crd *victoriamet return err } // check ingress - if err := removeFinalizeObjByName(ctx, rclient, &v1beta1.Ingress{}, crd.PrefixedName(), crd.Namespace); err != nil { + if err := removeFinalizeObjByName(ctx, rclient, &v12.Ingress{}, crd.PrefixedName(), crd.Namespace); err != nil { return err } diff --git a/controllers/factory/vmauth.go b/controllers/factory/vmauth.go index 8f023d49..021c7165 100644 --- a/controllers/factory/vmauth.go +++ b/controllers/factory/vmauth.go @@ -15,7 +15,7 @@ import ( "github.com/VictoriaMetrics/operator/internal/config" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/api/extensions/v1beta1" + v12 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -367,7 +367,7 @@ func CreateOrUpdateVMAuthIngress(ctx context.Context, rclient client.Client, cr return nil } newIngress := buildIngressConfig(cr) - var existIngress v1beta1.Ingress + var existIngress v12.Ingress if err := rclient.Get(ctx, types.NamespacedName{Namespace: newIngress.Namespace, Name: newIngress.Name}, &existIngress); err != nil { if errors.IsNotFound(err) { return rclient.Create(ctx, newIngress) @@ -379,18 +379,20 @@ func CreateOrUpdateVMAuthIngress(ctx context.Context, rclient client.Client, cr return rclient.Update(ctx, newIngress) } -var defaultPt = v1beta1.PathTypePrefix +var defaultPt = v12.PathTypePrefix -func buildIngressConfig(cr *victoriametricsv1beta1.VMAuth) *v1beta1.Ingress { - defaultRule := v1beta1.IngressRule{ - IngressRuleValue: v1beta1.IngressRuleValue{ - HTTP: &v1beta1.HTTPIngressRuleValue{ - Paths: []v1beta1.HTTPIngressPath{ +func buildIngressConfig(cr *victoriametricsv1beta1.VMAuth) *v12.Ingress { + defaultRule := v12.IngressRule{ + IngressRuleValue: v12.IngressRuleValue{ + HTTP: &v12.HTTPIngressRuleValue{ + Paths: []v12.HTTPIngressPath{ { Path: "/", - Backend: v1beta1.IngressBackend{ - ServiceName: cr.PrefixedName(), - ServicePort: intstr.Parse("http"), + Backend: v12.IngressBackend{ + Service: &v12.IngressServiceBackend{ + Name: cr.PrefixedName(), + Port: v12.ServiceBackendPort{Name: "http"}, + }, }, PathType: &defaultPt, }, @@ -398,12 +400,12 @@ func buildIngressConfig(cr *victoriametricsv1beta1.VMAuth) *v1beta1.Ingress { }, }, } - spec := v1beta1.IngressSpec{ - Rules: []v1beta1.IngressRule{}, + spec := v12.IngressSpec{ + Rules: []v12.IngressRule{}, IngressClassName: cr.Spec.Ingress.ClassName, } if cr.Spec.Ingress.TlsSecretName != "" { - spec.TLS = []v1beta1.IngressTLS{ + spec.TLS = []v12.IngressTLS{ { SecretName: cr.Spec.Ingress.TlsSecretName, Hosts: cr.Spec.Ingress.TlsHosts, @@ -421,7 +423,7 @@ func buildIngressConfig(cr *victoriametricsv1beta1.VMAuth) *v1beta1.Ingress { spec.Rules = append(spec.Rules, cr.Spec.Ingress.ExtraRules...) spec.TLS = append(spec.TLS, cr.Spec.Ingress.ExtraTLS...) lbls := labels.Merge(cr.Spec.Ingress.Labels, cr.SelectorLabels()) - return &v1beta1.Ingress{ + return &v12.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: cr.PrefixedName(), Namespace: cr.Namespace, diff --git a/go.mod b/go.mod index aa5d5566..0eaaa218 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/hashicorp/go-version v1.3.0 github.com/kelseyhightower/envconfig v1.4.0 github.com/onsi/ginkgo v1.16.4 - github.com/onsi/gomega v1.14.0 + github.com/onsi/gomega v1.15.0 github.com/prometheus-operator/prometheus-operator v0.52.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.52.0 github.com/prometheus-operator/prometheus-operator/pkg/client v0.52.0 @@ -21,21 +21,21 @@ require ( golang.org/x/net v0.0.0-20211020060615-d418f374d309 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.22.3 - k8s.io/apiextensions-apiserver v0.22.3 - k8s.io/apimachinery v0.22.3 + k8s.io/api v0.22.4 + k8s.io/apiextensions-apiserver v0.22.4 + k8s.io/apimachinery v0.22.4 k8s.io/client-go v12.0.0+incompatible k8s.io/klog/v2 v2.10.0 k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b - sigs.k8s.io/controller-runtime v0.9.5 + sigs.k8s.io/controller-runtime v0.9.7 ) -// Pinned to kubernetes-1.21.0 +// Pinned to kubernetes-1.22.4 replace ( github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible // Required by OLM - k8s.io/api => k8s.io/api v0.21.6 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.6 - k8s.io/apimachinery => k8s.io/apimachinery v0.21.6 - k8s.io/client-go => k8s.io/client-go v0.21.6 + k8s.io/api => k8s.io/api v0.22.4 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.22.4 + k8s.io/client-go => k8s.io/client-go v0.22.4 ) diff --git a/go.sum b/go.sum index 90b1158d..5e652b92 100644 --- a/go.sum +++ b/go.sum @@ -95,7 +95,6 @@ github.com/Azure/go-autorest/autorest v0.11.4/go.mod h1:JFgpikqFJ/MleTTxwepExTKn github.com/Azure/go-autorest/autorest v0.11.9/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.11/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= @@ -713,7 +712,6 @@ github.com/go-openapi/spec v0.17.2/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsd github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.7/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= @@ -1052,7 +1050,6 @@ github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= @@ -1395,7 +1392,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= @@ -1414,8 +1410,8 @@ github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= -github.com/onsi/gomega v1.14.0 h1:ep6kpPVwmr/nTbklSx2nrLNSIO62DoYAhnPNIMhK8gI= -github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= +github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1924,7 +1920,7 @@ go.uber.org/zap v1.14.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.14.1/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= +go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2008,7 +2004,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -2073,7 +2068,6 @@ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210324051636-2c4c8ecb7826/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= @@ -2262,6 +2256,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2652,28 +2647,28 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -k8s.io/api v0.21.6 h1:c0z06G6aRgRiZjSy31mEN3+q7VwOs+BRWPNWuir7y/U= -k8s.io/api v0.21.6/go.mod h1:prsGo/DxHNAsmgzl60woqeI7zxN9X/BqqQHXLlobxWk= -k8s.io/apiextensions-apiserver v0.21.6 h1:IdKHoNmEQoGULlf0Eh6sumXiXqHHwPwlS1feRQJhU04= -k8s.io/apiextensions-apiserver v0.21.6/go.mod h1:FMs0W7cfrnDRm5zpP104SA25JtIXiHT2F3GTuniiny4= -k8s.io/apimachinery v0.21.6 h1:AjyfZonruLOfRK9MXQUMq5GFW1eeIGsI16N8rIlwStg= -k8s.io/apimachinery v0.21.6/go.mod h1:cIJZ64G7RXojne0VMbraJhyZENr8Bep45PAX1zJlfLQ= +k8s.io/api v0.22.4 h1:UvyHW0ezB2oIgHAxlYoo6UJQObYXU7awuNarwoHEOjw= +k8s.io/api v0.22.4/go.mod h1:Rgs+9gIGYC5laXQSZZ9JqT5NevNgoGiOdVWi1BAB3qk= +k8s.io/apiextensions-apiserver v0.22.4 h1:2iGpcVyw4MnAyyXVJU2Xg6ZsbIxAOfRHo0LF5A5J0RA= +k8s.io/apiextensions-apiserver v0.22.4/go.mod h1:kH9lxD8dbJ+k0ZizGET55lFgdGjO8t45fgZnCVdZEpw= +k8s.io/apimachinery v0.22.4 h1:9uwcvPpukBw/Ri0EUmWz+49cnFtaoiyEhQTK+xOe7Ck= +k8s.io/apimachinery v0.22.4/go.mod h1:yU6oA6Gnax9RrxGzVvPFFJ+mpnW6PBSqp0sx0I0HHW0= k8s.io/apiserver v0.19.2/go.mod h1:FreAq0bJ2vtZFj9Ago/X0oNGC51GfubKK/ViOKfVAOA= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= -k8s.io/apiserver v0.21.6/go.mod h1:SvITKLek5zazFbc772k5rfnDry96B1l084+5jbeYYBQ= -k8s.io/client-go v0.21.6 h1:yDfMIafW2DfADLSFkDTMfaq4e7y5e0p8cgMzEON21Uo= -k8s.io/client-go v0.21.6/go.mod h1:Rwt6iItW5kR+aUjbXfRg3Mqsx2KVc7XTLKs5HCtM8Rs= -k8s.io/code-generator v0.21.6/go.mod h1:1rjClMZOJxt64EX39Cxs1M60KWy6l9D716HBuy5eWfg= +k8s.io/apiserver v0.22.4/go.mod h1:38WmcUZiiy41A7Aty8/VorWRa8vDGqoUzDf2XYlku0E= +k8s.io/client-go v0.22.4 h1:aAQ1Wk+I3bjCNk35YWUqbaueqrIonkfDPJSPDDe8Kfg= +k8s.io/client-go v0.22.4/go.mod h1:Yzw4e5e7h1LNHA4uqnMVrpEpUs1hJOiuBsJKIlRCHDA= +k8s.io/code-generator v0.22.4/go.mod h1:qjYl54pQ/emhkT0UxbufbREYJMWsHNNV/jSVwhYZQGw= k8s.io/component-base v0.19.2/go.mod h1:g5LrsiTiabMLZ40AR6Hl45f088DevyGY+cCE2agEIVo= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= -k8s.io/component-base v0.21.3/go.mod h1:kkuhtfEHeZM6LkX0saqSK8PbdO7A0HigUngmhhrwfGQ= -k8s.io/component-base v0.21.6/go.mod h1:OT/tu5Zz0PdWInjIgXOEKLKxIgbkTFg6R2ncrGQks1M= -k8s.io/component-base v0.22.3 h1:/+hryAW03u3FpJQww+GSMsArJNUbGjH66lrgxaRynLU= +k8s.io/component-base v0.21.4/go.mod h1:ZKG0eHVX+tUDcaoIGpU3Vtk4TIjMddN9uhEWDmW6Nyg= k8s.io/component-base v0.22.3/go.mod h1:kuybv1miLCMoOk3ebrqF93GbQHQx6W2287FC0YEQY6s= +k8s.io/component-base v0.22.4 h1:7qwLJnua2ppGNZrRGDQ0vhsFebI39VGbZ4zdR5ArViI= +k8s.io/component-base v0.22.4/go.mod h1:MrSaQy4a3tFVViff8TZL6JHYSewNCLshZCwHYM58v5A= k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= @@ -2699,16 +2694,16 @@ k8s.io/kube-openapi v0.0.0-20190722073852-5e22f3d471e6/go.mod h1:RZvgC8MSN6DjiMV k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= -k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= +k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c h1:jvamsI1tn9V0S8jicyX82qaFC0H/NKxv2e5mbqsgR80= +k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20190809000727-6c36bc71fc4a/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20191114200735-6ca3b61696b6/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200414100711-2df71ebbae66/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b h1:wxEMGetGMur3J1xuGLQY7GEQYg9bZxKn3tKo5k/eYcs= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= @@ -2720,8 +2715,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9/go.mod h1:dzAXnQb sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/controller-runtime v0.9.5 h1:WThcFE6cqctTn2jCZprLICO6BaKZfhsT37uAapTNfxc= -sigs.k8s.io/controller-runtime v0.9.5/go.mod h1:q6PpkM5vqQubEKUKOM6qr06oXGzOBcCby1DA9FbyZeA= +sigs.k8s.io/controller-runtime v0.9.7 h1:DlHMlAyLpgEITVvNsuZqMbf8/sJl9HirmCZIeR5H9mQ= +sigs.k8s.io/controller-runtime v0.9.7/go.mod h1:nExcHcQ2zvLMeoO9K7rOesGCmgu32srN5SENvpAEbGA= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= From 04bab9c486babed100522ec12fce3967e4dd5a13 Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Tue, 30 Nov 2021 14:52:24 +0300 Subject: [PATCH 2/6] removes autoscaler from cache watch it should remove errors if hpa not availible at cluster api --- internal/manager/manager.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/manager/manager.go b/internal/manager/manager.go index 4f6efb7d..7aee043e 100644 --- a/internal/manager/manager.go +++ b/internal/manager/manager.go @@ -14,6 +14,7 @@ import ( "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned" "github.com/spf13/pflag" v12 "k8s.io/api/apps/v1" + "k8s.io/api/autoscaling/v2beta2" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" @@ -88,7 +89,7 @@ func RunManager(ctx context.Context) error { Port: 9443, LeaderElection: *enableLeaderElection, LeaderElectionID: "57410f0d.victoriametrics.com", - ClientDisableCacheFor: []client.Object{&v1.Secret{}, &v1.ConfigMap{}, &v1.Pod{}, &v12.Deployment{}, &v12.StatefulSet{}}, + ClientDisableCacheFor: []client.Object{&v1.Secret{}, &v1.ConfigMap{}, &v1.Pod{}, &v12.Deployment{}, &v12.StatefulSet{}, &v2beta2.HorizontalPodAutoscaler{}}, Namespace: config.MustGetWatchNamespace(), }) if err != nil { From ca026b92065d1f2865ad780bc3f9a0f6fa2ecc61 Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Tue, 30 Nov 2021 14:55:01 +0300 Subject: [PATCH 3/6] changes logic at VMUser config generation for empty paths at vminsert and vmselect https://github.com/VictoriaMetrics/operator/issues/379 it allows to use single tenant view for cluster --- config/examples/vmauth_cert_manager.yaml | 25 +++ config/examples/vmuser_cluster_tenant.yaml | 21 +++ controllers/factory/vmuser.go | 52 +++++- docs/auth.MD | 178 +++++++++++++++++++++ docs/basic-auth.MD | 42 ----- 5 files changed, 270 insertions(+), 48 deletions(-) create mode 100644 config/examples/vmauth_cert_manager.yaml create mode 100644 config/examples/vmuser_cluster_tenant.yaml create mode 100644 docs/auth.MD delete mode 100644 docs/basic-auth.MD diff --git a/config/examples/vmauth_cert_manager.yaml b/config/examples/vmauth_cert_manager.yaml new file mode 100644 index 00000000..6278b40b --- /dev/null +++ b/config/examples/vmauth_cert_manager.yaml @@ -0,0 +1,25 @@ +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: router-main +spec: + podMetadata: + labels: + component: vmauth + userSelector: {} + userNamespaceSelector: {} + replicaCount: 2 + resources: + requests: + cpu: "250m" + memory: "350Mi" + limits: + cpu: "500m" + memory: "850Mi" + ingress: + tlsSecretName: vmauth-tls + annotations: + cert-manager.io/cluster-issuer: base + class_name: nginx + tlsHosts: + - vm-access.example.com \ No newline at end of file diff --git a/config/examples/vmuser_cluster_tenant.yaml b/config/examples/vmuser_cluster_tenant.yaml new file mode 100644 index 00000000..174f3932 --- /dev/null +++ b/config/examples/vmuser_cluster_tenant.yaml @@ -0,0 +1,21 @@ +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: vmuser-tenant-1 +spec: + bearerToken: some-token + targetRefs: + - crd: + kind: VMCluster/vminsert + name: test-persistent + namespace: default + target_path_suffix: "/insert/1" + - crd: + kind: VMCluster/vmselect + name: test-persistent + namespace: default + target_path_suffix: "/select/1" + - static: + url: http://vmselect-test-persistent.default.svc:8481/ + paths: + - /internal/resetRollupResultCache \ No newline at end of file diff --git a/controllers/factory/vmuser.go b/controllers/factory/vmuser.go index 7f765638..4801df1e 100644 --- a/controllers/factory/vmuser.go +++ b/controllers/factory/vmuser.go @@ -365,6 +365,7 @@ func generateVMAuthConfig(users []*v1beta1.VMUser, crdCache map[string]string) ( return yaml.Marshal(cfg) } +// generates routing config for given target refs func genUrlMaps(userName string, refs []v1beta1.TargetRef, result yaml.MapSlice, crdUrlCache map[string]string) (yaml.MapSlice, error) { var urlMaps []yaml.MapSlice handleRef := func(ref v1beta1.TargetRef) (string, error) { @@ -406,6 +407,7 @@ func genUrlMaps(userName string, refs []v1beta1.TargetRef, result yaml.MapSlice, } return urlPrefix, nil } + // fast path for single or empty route if len(refs) == 1 && len(refs[0].Paths) < 2 { srcPaths := refs[0].Paths var isDefaultRoute bool @@ -419,7 +421,6 @@ func genUrlMaps(userName string, refs []v1beta1.TargetRef, result yaml.MapSlice, case "/", "/*", "/.*": isDefaultRoute = true } - } // special case, use different config syntax. if isDefaultRoute { @@ -438,7 +439,7 @@ func genUrlMaps(userName string, refs []v1beta1.TargetRef, result yaml.MapSlice, } for i := range refs { - urlMap := yaml.MapSlice{} + var urlMap yaml.MapSlice ref := refs[i] if ref.Static == nil && ref.CRD == nil { continue @@ -449,15 +450,27 @@ func genUrlMaps(userName string, refs []v1beta1.TargetRef, result yaml.MapSlice, } paths := ref.Paths - if len(paths) == 0 { - paths = append(paths, "/.*") - } - if len(paths) == 1 { + switch len(paths) { + case 0: + // special case for + // https://github.com/VictoriaMetrics/operator/issues/379 + switch { + case len(refs) > 1 && ref.CRD != nil && ref.CRD.Kind == "VMCluster/vminsert": + paths = addVMInsertPaths(paths) + case len(refs) > 1 && ref.CRD != nil && ref.CRD.Kind == "VMCluster/vmselect": + paths = addVMSelectPaths(paths) + default: + paths = append(paths, "/.*") + } + + case 1: switch paths[0] { case "/", "/*": paths = []string{"/.*"} } + default: } + urlMap = append(urlMap, yaml.MapItem{ Key: "url_prefix", Value: urlPrefix, @@ -632,3 +645,30 @@ func buildVMUserSecret(src *v1beta1.VMUser) v1.Secret { } return s } + +func addVMInsertPaths(src []string) []string { + return append(src, "/prometheus/api/v1/write", + "/prometheus/api/v1/import.*", + "/influx/.*", + "/datadog/.*") +} + +func addVMSelectPaths(src []string) []string { + return append(src, "/vmui", + "/vmui/vmui", + "/graph", + "/prometheus/graph", + "/prometheus/api/v1/label.*", + "/graphite.*", + "/prometheus/api/v1/query.*", + "/prometheus/api/v1/rules", + "/prometheus/api/v1/alerts", + "/prometheus/api/v1/metadata", + "/prometheus/api/v1/rules", + "/prometheus/api/v1/series.*", + "/prometheus/api/v1/status.*", + "/prometheus/api/v1/export.*", + "/prometheus/federate", + "/prometheus/api/v1/admin/tsdb/delete_series", + ) +} diff --git a/docs/auth.MD b/docs/auth.MD new file mode 100644 index 00000000..f831d146 --- /dev/null +++ b/docs/auth.MD @@ -0,0 +1,178 @@ +# Authorization and exposing components + +## Exposing components + + + CRD objects doesn't have `ingress` configuration. Instead, you can use `VMAuth` as proxy between ingress-controller and VM app components. + It adds missing authorization and access control features and enforces it. + + Access can be given with `VMUser` definition. It supports basic auth and bearer token authentication. + +```yaml +cat << EOF | kubectl apply -f - +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: main-router +spec: + userNamespaceSelector: {} + userSelector: {} + ingress: {} +EOF +``` + + Advanced configuration with cert-manager annotations: +```yaml +cat << EOF | kubectl apply -f - +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: router-main +spec: + podMetadata: + labels: + component: vmauth + userSelector: {} + userNamespaceSelector: {} + replicaCount: 2 + resources: + requests: + cpu: "250m" + memory: "350Mi" + limits: + cpu: "500m" + memory: "850Mi" + ingress: + tlsSecretName: vmauth-tls + annotations: + cert-manager.io/cluster-issuer: base + class_name: nginx + tlsHosts: + - vm-access.example.com +EOF +``` + + +simple static routing with read-only access to vmagent for username - `user-1` with password `Asafs124142` +```yaml +# curl vmauth:8427/metrics -u 'user-1:Asafs124142' +cat << EOF | kubectl apply -f +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: user-1 +spec: + password: Asafs124142 + targetRefs: + - static: + url: http://vmagent-base.default.svc:8429 + paths: ["/targets/api/v1","/targets","/metrics"] +EOF +``` + + With bearer token access: + +```yaml +# curl vmauth:8427/metrics -H 'Authorization: Bearer Asafs124142' +cat << EOF | kubectl apply -f +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: user-2 +spec: + bearerToken: Asafs124142 + targetRefs: + - static: + url: http://vmagent-base.default.svc:8429 + paths: ["/targets/api/v1","/targets","/metrics"] +EOF +``` + + It's also possible to use service discovery for objects: +```yaml +# curl vmauth:8427/metrics -H 'Authorization: Bearer Asafs124142' +cat << EOF | kubectl apply -f +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: user-3 +spec: + bearerToken: Asafs124142 + targetRefs: + - crd: + kind: VMAgent + name: base + namespace: default + paths: ["/targets/api/v1","/targets","/metrics"] +EOF +``` + + Cluster components supports auto path generation for single tenant view: +```yaml +cat << EOF | kubectl apply -f - +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: vmuser-tenant-1 +spec: + bearerToken: some-token + targetRefs: + - crd: + kind: VMCluster/vminsert + name: test-persistent + namespace: default + target_path_suffix: "/insert/1" + - crd: + kind: VMCluster/vmselect + name: test-persistent + namespace: default + target_path_suffix: "/select/1" + - static: + url: http://vmselect-test-persistent.default.svc:8481/ + paths: + - /internal/resetRollupResultCache +EOF +``` + + For each `VMUser` operator generates corresponding secret with username/password or bearer token at the same namespace as `VMUser`. + +## Basic auth for targets + +To authenticate a `VMServiceScrape`s over a metrics endpoint use [`basicAuth`](../api.md#basicauth) + +```yaml +cat < Date: Tue, 30 Nov 2021 15:22:49 +0300 Subject: [PATCH 4/6] updates alpine image --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e886370c..252f7439 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ CRD_PRESERVE=x-kubernetes-preserve-unknown-fields true # Current Operator version # Default bundle image tag BUNDLE_IMG ?= controller-bundle:$(VERSION) -ALPINE_IMAGE=alpine:3.14.2 +ALPINE_IMAGE=alpine:3.15.0 CHANNEL=beta DEFAULT_CHANNEL=beta BUNDLE_CHANNELS := --channels=$(CHANNEL) From 1441213683208aaa0a6a8bc64d3e51813b6b0711 Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Tue, 30 Nov 2021 15:24:27 +0300 Subject: [PATCH 5/6] updates go to 1.17 version --- .github/workflows/main.yaml | 2 +- .github/workflows/release.yaml | 2 +- go.mod | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 1161432d..203b622b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -20,7 +20,7 @@ jobs: - name: Setup Go uses: actions/setup-go@master with: - go-version: 1.16 + go-version: 1.17 id: go - name: Run Trivy vulnerability scanner in repo mode diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9fd517e7..e5f1c2c9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,7 +15,7 @@ jobs: - name: Setup Go uses: actions/setup-go@master with: - go-version: 1.16 + go-version: 1.17 id: go - name: Dependencies env: diff --git a/go.mod b/go.mod index 0eaaa218..17facf64 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/VictoriaMetrics/operator -go 1.16 +go 1.17 require ( github.com/VictoriaMetrics/VictoriaMetrics v1.68.0 From 44c6ced940427b536010b7c93d01cbfbf82fee4e Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Tue, 30 Nov 2021 15:36:09 +0300 Subject: [PATCH 6/6] rollback go update --- .github/workflows/main.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 203b622b..1161432d 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -20,7 +20,7 @@ jobs: - name: Setup Go uses: actions/setup-go@master with: - go-version: 1.17 + go-version: 1.16 id: go - name: Run Trivy vulnerability scanner in repo mode diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e5f1c2c9..9fd517e7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,7 +15,7 @@ jobs: - name: Setup Go uses: actions/setup-go@master with: - go-version: 1.17 + go-version: 1.16 id: go - name: Dependencies env: