cilium · aanm · May 6, 2020 · May 4, 2020 · May 4, 2020 · May 4, 2020
diff --git a/Makefile b/Makefile
@@ -47,6 +47,8 @@ UTC_DATE=$(shell date -u "+%Y-%m-%d")
 GO_VERSION := $(shell cat GO_VERSION)
 GOARCH := $(shell $(GO) env GOARCH)
 
+comma:= ,
+
 TEST_LDFLAGS=-ldflags "-X github.com/cilium/cilium/pkg/kvstore.consulDummyAddress=https://consul:8443 \
 	-X github.com/cilium/cilium/pkg/kvstore.etcdDummyAddress=http://etcd:4002 \
 	-X github.com/cilium/cilium/pkg/testutils.CiliumRootDir=$(ROOT_DIR) \
@@ -60,18 +62,39 @@ TEST_UNITTEST_LDFLAGS= -ldflags "-X github.com/cilium/cilium/pkg/kvstore.consulD
 define generate_k8s_api
 	cd "./vendor/k8s.io/code-generator" && \
 	GO111MODULE=off bash ./generate-groups.sh $(1) \
-	    github.com/cilium/cilium/pkg/k8s/client \
 	    $(2) \
 	    $(3) \
+	    $(4) \
 	    --go-header-file "$(PWD)/hack/custom-boilerplate.go.txt"
 endef
 
 define generate_k8s_api_all
-	$(call generate_k8s_api,all,$(1),$(2))
+	$(call generate_k8s_api,all,github.com/cilium/cilium/pkg/k8s/client,$(1),$(2))
 endef
 
 define generate_k8s_api_deepcopy
-	$(call generate_k8s_api,deepcopy,$(1),$(2))
+	$(call generate_k8s_api,deepcopy,github.com/cilium/cilium/pkg/k8s/client,$(1),$(2))
+endef
+
+define generate_k8s_api_deepcopy_client
+	$(call generate_k8s_api,deepcopy$(comma)client,github.com/cilium/cilium/pkg/k8s/slim/k8s/client,$(1),$(2))
+endef
+
+define generate_k8s_protobuf
+	PATH="$(PWD)/tools:$(PATH)" ./tools/go-to-protobuf \
+		--apimachinery-packages='-k8s.io/apimachinery/pkg/util/intstr,$\
+                                -k8s.io/apimachinery/pkg/api/resource,$\
+                                -k8s.io/apimachinery/pkg/runtime/schema,$\
+                                -k8s.io/apimachinery/pkg/runtime,$\
+                                -k8s.io/apimachinery/pkg/apis/meta/v1,$\
+                                -k8s.io/apimachinery/pkg/apis/meta/v1beta1,$\
+                                -k8s.io/apimachinery/pkg/apis/testapigroup/v1'\
+		--drop-embedded-fields="github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1.TypeMeta" \
+		--proto-import="$(PWD)" \
+		--proto-import="$(PWD)/vendor" \
+		--proto-import="$(PWD)/tools/protobuf" \
+		--packages=$(1) \
+	    --go-header-file "$(PWD)/hack/custom-boilerplate.go.txt"
 endef
 
 all: precheck build postcheck
@@ -334,6 +357,15 @@ generate-health-api: api/v1/health/openapi.yaml
 		-t api/v1 -t api/v1/health/ -f api/v1/health/openapi.yaml
 
 generate-k8s-api:
+	$(call generate_k8s_protobuf,$\
+	github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/core/v1$(comma)$\
+	github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1)
+	$(call generate_k8s_api_deepcopy_client,github.com/cilium/cilium/pkg/k8s/slim/k8s/apis,"\
+	core:v1\
+	")
+	$(call generate_k8s_api_deepcopy,github.com/cilium/cilium/pkg/k8s/slim/k8s/apis,"\
+	meta:v1\
+	")
 	$(call generate_k8s_api_deepcopy,github.com/cilium/cilium/pkg,"\
 	aws:types\
 	azure:types\

diff --git a/api/v1/Makefile b/api/v1/Makefile
@@ -12,9 +12,9 @@ HUBBLE_GO_TARGETS := $(HUBBLE_PROTO_SOURCES:.proto=.pb.go) $(HUBBLE_PROTO_SOURCE
 
 HUBBLE_PROTO_PATH := .
 
-HUBBLE_PROTOC_PLUGINS := --plugin=./protoc-gen-go
-HUBBLE_PROTOC_PLUGINS += --plugin=./protoc-gen-go-json
-HUBBLE_PROTOC_PLUGINS += --plugin=./protoc-gen-validate
+HUBBLE_PROTOC_PLUGINS := --plugin=../../tools/protoc-gen-go
+HUBBLE_PROTOC_PLUGINS += --plugin=../../tools/protoc-gen-go-json
+HUBBLE_PROTOC_PLUGINS += --plugin=../../tools/protoc-gen-validate
 
 PROTO_DEPS = \
 	-I external

diff --git a/api/v1/protoc-gen-go b/api/v1/protoc-gen-go
diff --git a/api/v1/protoc-gen-go-json b/api/v1/protoc-gen-go-json
diff --git a/api/v1/protoc-gen-validate b/api/v1/protoc-gen-validate
diff --git a/daemon/cmd/endpoint.go b/daemon/cmd/endpoint.go
@@ -30,7 +30,7 @@ import (
 	"github.com/cilium/cilium/pkg/endpoint/regeneration"
 	"github.com/cilium/cilium/pkg/k8s"
 	k8sConst "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
-	"github.com/cilium/cilium/pkg/k8s/types"
+	slim_corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/core/v1"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/labelsfilter"
 	"github.com/cilium/cilium/pkg/logging/logfields"
@@ -154,7 +154,7 @@ func NewPutEndpointIDHandler(d *Daemon) PutEndpointIDHandler {
 // endpoint metadata. It implements endpoint.MetadataResolverCB.
 // The returned pod is deepcopied which means the its fields can be written
 // into.
-func (d *Daemon) fetchK8sLabelsAndAnnotations(nsName, podName string) (*types.Pod, []types.ContainerPort, labels.Labels, labels.Labels, map[string]string, error) {
+func (d *Daemon) fetchK8sLabelsAndAnnotations(nsName, podName string) (*slim_corev1.Pod, []slim_corev1.ContainerPort, labels.Labels, labels.Labels, map[string]string, error) {
 	p, err := d.k8sWatcher.GetCachedPod(nsName, podName)
 	if err != nil {
 		return nil, nil, nil, nil, nil, err

diff --git a/go.mod b/go.mod
@@ -32,6 +32,7 @@ require (
 	github.com/go-openapi/strfmt v0.19.4
 	github.com/go-openapi/swag v0.19.7
 	github.com/go-openapi/validate v0.19.5
+	github.com/gogo/protobuf v1.3.1
 	github.com/golang/protobuf v1.3.2
 	github.com/google/go-cmp v0.3.1
 	github.com/google/gopacket v1.1.17
@@ -76,6 +77,7 @@ require (
 	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
 	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
 	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
+	golang.org/x/tools v0.0.0-20200131233409-575de47986ce
 	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55
 	google.golang.org/grpc v1.26.0
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127

diff --git a/go.sum b/go.sum
diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
@@ -41,7 +41,7 @@ import (
 	"github.com/cilium/cilium/pkg/identity/cache"
 	"github.com/cilium/cilium/pkg/identity/identitymanager"
 	ciliumio "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
-	"github.com/cilium/cilium/pkg/k8s/types"
+	slim_corev1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/core/v1"
 	"github.com/cilium/cilium/pkg/labels"
 	pkgLabels "github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/lock"
@@ -214,7 +214,7 @@ type Endpoint struct {
 	K8sNamespace string
 
 	// pod
-	pod *types.Pod
+	pod *slim_corev1.Pod
 
 	// k8sPorts contains container ports associated in the pod.
 	// It is used to enforce k8s network policies with port names.
@@ -1057,14 +1057,14 @@ func (e *Endpoint) GetK8sNamespace() string {
 }
 
 // SetPod sets the pod related to this endpoint.
-func (e *Endpoint) SetPod(pod *types.Pod) {
+func (e *Endpoint) SetPod(pod *slim_corev1.Pod) {
 	e.unconditionalLock()
 	e.pod = pod
 	e.unlock()
 }
 
 // GetPod retrieves the pod related to this endpoint
-func (e *Endpoint) GetPod() *types.Pod {
+func (e *Endpoint) GetPod() *slim_corev1.Pod {
 	e.unconditionalRLock()
 	pod := e.pod
 	e.runlock()
@@ -1086,13 +1086,13 @@ func (e *Endpoint) SetK8sNamespace(name string) {
 // so that the map can be used concurrently without keeping locks.
 // Reading the 'e.k8sPorts' member (the "map pointer") *itself* requires the endpoint lock!
 // Can't really error out as that might break backwards compatibility.
-func (e *Endpoint) SetNamedPorts(containerPorts []types.ContainerPort) error {
+func (e *Endpoint) SetNamedPorts(containerPorts []slim_corev1.ContainerPort) error {
 	k8sPorts := make(policy.NamedPortsMap, len(containerPorts))
 	for _, cp := range containerPorts {
 		if cp.Name == "" {
 			continue // silently skip unnamed ports
 		}
-		err := k8sPorts.AddPort(cp.Name, int(cp.ContainerPort), cp.Protocol)
+		err := k8sPorts.AddPort(cp.Name, int(cp.ContainerPort), string(cp.Protocol))
 		if err != nil {
 			e.getLogger().WithError(err).Warning("Adding named port failed")
 			continue
@@ -1509,7 +1509,7 @@ func APICanModify(e *Endpoint) error {
 
 // MetadataResolverCB provides an implementation for resolving the endpoint
 // metadata for an endpoint such as the associated labels and annotations.
-type MetadataResolverCB func(ns, podName string) (pod *types.Pod, _ []types.ContainerPort, identityLabels labels.Labels, infoLabels labels.Labels, annotations map[string]string, err error)
+type MetadataResolverCB func(ns, podName string) (pod *slim_corev1.Pod, _ []slim_corev1.ContainerPort, identityLabels labels.Labels, infoLabels labels.Labels, annotations map[string]string, err error)
 
 // RunMetadataResolver starts a controller associated with the received
 // endpoint which will periodically attempt to resolve the metadata for the

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
@@ -17,7 +17,6 @@ package k8s
 
 import (
 	"context"
-	goerrors "errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -27,6 +26,7 @@ import (
 	"github.com/cilium/cilium/api/v1/models"
 	clientset "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned"
 	k8smetrics "github.com/cilium/cilium/pkg/k8s/metrics"
+	watcher_client "github.com/cilium/cilium/pkg/k8s/slim/k8s/clientset"
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/version"
@@ -41,12 +41,12 @@ import (
 )
 
 var (
-	// ErrNilNode is returned when the Kubernetes API server has returned a nil node
-	ErrNilNode = goerrors.New("API server returned nil node")
-
 	// k8sCli is the default client.
 	k8sCli = &K8sClient{}
 
+	// k8sWatcherCli is the client dedicated k8s structure watchers.
+	k8sWatcherCli = &K8sClient{}
+
 	// k8sCiliumCli is the default Cilium client.
 	k8sCiliumCli = &K8sCiliumClient{}
 )
@@ -171,15 +171,11 @@ func runHeartbeat(heartBeat func(context.Context) error, timeout time.Duration,
 }
 
 // CreateClient creates a new client to access the Kubernetes API
-func CreateClient(config *rest.Config) (*kubernetes.Clientset, func(), error) {
-	closeAllConns := setDialer(config)
-	cs, err := kubernetes.NewForConfig(config)
-	if err != nil {
-		return nil, nil, err
-	}
+func CreateClient(config *rest.Config, cs kubernetes.Interface) error {
 	stop := make(chan struct{})
 	timeout := time.NewTimer(time.Minute)
 	defer timeout.Stop()
+	var err error
 	wait.Until(func() {
 		// FIXME: Use config.String() when we rebase to latest go-client
 		log.WithField("host", config.Host).Info("Establishing connection to apiserver")
@@ -198,7 +194,7 @@ func CreateClient(config *rest.Config) (*kubernetes.Clientset, func(), error) {
 	if err == nil {
 		log.Info("Connected to apiserver")
 	}
-	return cs, closeAllConns, err
+	return err
 }
 
 // isConnReady returns the err for the kube-system namespace get
@@ -212,20 +208,37 @@ func Client() *K8sClient {
 	return k8sCli
 }
 
+func WatcherCli() *K8sClient {
+	return k8sWatcherCli
+}
+
 func createDefaultClient() (rest.Interface, func(), error) {
 	restConfig, err := CreateConfig()
 	if err != nil {
 		return nil, nil, fmt.Errorf("unable to create k8s client rest configuration: %s", err)
 	}
 	restConfig.ContentConfig.ContentType = `application/vnd.kubernetes.protobuf`
 
-	createdK8sClient, closeAllConns, err := CreateClient(restConfig)
+	closeAllConns := setDialer(restConfig)
+
+	createdK8sClient, err := kubernetes.NewForConfig(restConfig)
+	if err != nil {
+		return nil, nil, err
+	}
+	err = CreateClient(restConfig, createdK8sClient)
 	if err != nil {
 		return nil, nil, fmt.Errorf("unable to create k8s client: %s", err)
 	}
 
 	k8sCli.Interface = createdK8sClient
 
+	createK8sWatcherCli, err := watcher_client.NewForConfig(restConfig)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	k8sWatcherCli.Interface = createK8sWatcherCli
+
 	return createdK8sClient.RESTClient(), closeAllConns, nil
 }