Merge linkerd2/cni-plugin history into linkerd2-proxy-init #139
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Export RootOptions and BuildFirewallConfiguration so that the cni-plugin can use them. * Created the cni-plugin based on istio-cni implementation * Create skeleton files that need to be filled out. * Create the install scripts and finish up plugin to write iptables * Added in an integration test around the install_cni.sh and updated the script to handle the case where it isn't the only plugin. Removed the istio kubernetes.go file in favor of pkg/k8s; initial usage of this package; found and fixed the typo in the ClusterRole and ClusterRoleBinding; found the docker-build-cni-plugin script * Corrected an incorrect name in the docker build file for cni-plugin * Rename linkerd2-cni to linkerd-cni * Fixup Dockerfile and clean up code a bit as well as logging statements. * Update Gopkg.lock after master merge. * Update test file to remove temporary tag. * Fixed the command to run during the test while building up the docker run. * Added attributions to applicable files; in the test file, use a different container for each test scenario and also print the docker logs to stdout when there is an error; * Add the --no-init-container flag to install and inject. This flag will not output the initContainer and will add an annotation assuming that the cni will be used in this case. * Update .travis.yml to build the cni-plugin docker image before running the tests. * Workaround golint warnings. * Create a new command to install the linkerd-cni plugin. * Add the --no-init-container option to linkerd inject * Use the setup ip tables annotation during the proxy auto inject webhook prevent/allow addition of an init container; move cni-plugin tests to the integration-test section of travis * gate the cni-plugin tests with the -integration-tests flag; remove unnecessary deployment .yaml file. * Incorporate PR Cleanup suggestions. * Remove the SetupIPTablesLabel annotation and use config flags and the presence of the init container to determine whether the cni-plugin writes ip tables. * Fix a logic bug in the cni-plugin code that prevented the iptables from being written; Address PR comments; make tests pass. * Update go deps shas * Changed the single file install-cni plugin filename to be .conf vs .conflist; Incorporated latest PR comments around spacing with the new renderer among others. * Fix an issue with renaming .conf to .conflist when needed. * Renamed some of the variables to try to make it more clear what is going on. * Address final PR comments. * Hide cni flags for the time being. Signed-off-by: Cody Vandermyn <cody.vandermyn@nordstrom.com>
Fixes #2042 Adds a new field to service profile routes called `timeout`. Any requests to that route which take longer than the given timeout will be aborted and a 504 response will be returned instead. If the timeout field is not specified, a default timeout of 10 seconds is used. Signed-off-by: Alex Leong <alex@buoyant.io>
… cni conf directories; fixed up spacing in template. (#2181) Signed-off-by: Cody Vandermyn <cody.vandermyn@nordstrom.com>
# Problem In order to switch Linkerd template rendering to use `.yaml` files, static assets must be bundled in the Go binary for use by `linkerd install`. # Solution The solution should not affect the local development process of building and testing. [vfsgen](https://github.com/shurcooL/vfsgen) generates Go code that statically implements the provided `http.FileSystem`. Paired with `go generate` and Go [build tags](https://golang.org/pkg/go/build/), we can continue to use the template files on disk when developing with no change required. In `!prod` Go builds, the `cli/static/templates.go` file provides a `http.FileSystem` to the local templates. In `prod` Go builds, `go generate ./cli` generates `cli/static/generated_templates.gogen.go` that statically provides the template files. When built with `-tags prod`, the executable will be built with the staticlly generated file instead of the local files. # Validation The binaries were compiled locally with `bin/docker-build`. The binaries were then tested with `bin/test-run (pwd)/target/cli/darwin/linkerd`. All tests passed. No change was required to successfully run `bin/go-run cli install`. No change was required to run `bin/linkerd install`. Fixes #2153 Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
The Proxy API service lacked introspection of its internal state. Introduce a new gRPC Discovery API, implemented by two servers: 1) Proxy API Server: returns a snapshot of discovery state 2) Public API Server: pass-through to the Proxy API Server Also wire up a new `linkerd endpoints` command. Fixes #2165 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
The `linkerd check` command was doing limited validation on ServiceProfiles. Make ServiceProfile validation more complete, specifically validate: - types of all fields - presence of required fields - presence of unknown fields - recursive fields Also move all validation code into a new `Validate` function in the profiles package. Validation of field types and required fields is handled via `yaml.UnmarshalStrict` in the `Validate` function. This motivated migrating from github.com/ghodss/yaml to a fork, sigs.k8s.io/yaml. Fixes #2190
…rol namespace (#2200) Fixes #2077 When looking up service profiles, Linkerd always looks for the service profile objects in the Linkerd control namespace. This is limiting because service owners who wish to create service profiles may not have write access to the Linkerd control namespace. Instead, we have the control plane look for the service profile in both the client namespace (as read from the proxy's `proxy_id` field from the GetProfiles request and from the service's namespace. If a service profile exists in both namespaces, the client namespace takes priority. In this way, clients may override the behavior dictated by the service. Signed-off-by: Alex Leong <alex@buoyant.io>
`golangci-lint` performs numerous checks on Go code, including golint, ineffassign, govet, and gofmt. This change modifies `bin/lint` to use `golangci-lint`, and replaces usage of golint and govet. Also perform a one-time gofmt cleanup: - `gofmt -s -w controller/` - `gofmt -s -w pkg/` Part of #217 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Fixes #2264 Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
* Generate CLI docs for usage by the website * Update description to match existing commands * Remove global
- `debian:jessie-slim` -> `stretch-20190204-slim` - `golang:1.10.3` -> `1.11.5` - `gcr.io/linkerd-io/base:2017-10-30.01` -> `2019-02-19.01` - bump `golangci-lint` to 1.15.0 - use `GOCACHE` in travis Signed-off-by: Andrew Seigner <siggy@buoyant.io>
`unused` checks Go code for unused constants, variables, functions, and types. Part of #217 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
goconst finds repeated strings that could be replaced by a constant: https://github.com/jgautheron/goconst Part of #217 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
The control-plane components relied on a `--single-namespace` param, passed from `linkerd install` into each individual component, to determine which namespaces they were authorized to access, and whether to support ServiceProfiles. This command-line flag was redundant given the authorization rules encoded in the parent `linkerd install` output, via [Cluster]Role[Binding]s. Modify the control-plane components to query Kubernetes at startup to determine which namespaces they are authorized to access, and whether ServiceProfile support is available. This allows removal of the `--single-namespace` flag on the components. Also update `bin/test-cleanup` to cleanup the ServiceProfile CRD. TODO: - Remove `--single-namespace` flag on `linkerd install`, part of #2164 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Support for Jobs in stat/tap/top cli commands Part of #2007 Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
- Created the pkg/inject package to hold the new injection shared lib. - Extracted from `/cli/cmd/inject.go` and `/cli/cmd/inject_util.go` the core methods doing the workload parsing and injection, and moved them into `/pkg/inject/inject.go`. The CLI files should now deal only with strictly CLI concerns, and applying the json patch returned by the new lib. - Proceeded analogously with `/cli/cmd/uninject.go` and `/pkg/inject/uninject.go`. - The `InjectReport` struct and helping methods were moved into `/pkg/inject/report.go` - Refactored webhook to use the new injection lib - Removed linkerd-proxy-injector-sidecar-config ConfigMap - Added the ability to add pod labels and annotations without having to specify the already existing ones Fixes #1748, #2289 Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
We were depending on an untagged version of prometheus/client_golang from Feb 2018. This bumps our dependency to v0.9.2, from Dec 2018. Also, this is a prerequisite to #1488. Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Signed-off-by: Cody Vandermyn <cody.vandermyn@nordstrom.com>
The proxy's TLS implementation has changed to use a new _Identity_ controller. In preparation for this, the `--tls=optional` CLI flag has been removed from install and inject; and the `ca` controller has been deleted. Metrics and UI treatments for TLS have **not** been removed, as they will continue to be valuable for the new Identity system. With the removal of the old identity scheme, the Destination service's proxy ID field is now set with an opaque string (e.g. `ns:emojivoto`) to enable locality awareness.
This change introduces a new Identity service implementation for the `io.linkerd.proxy.identity.Identity` gRPC service. The `pkg/identity` contains a core, abstract implementation of the service (generic over both the CA and (Kubernetes) Validator interfaces). `controller/identity` includes a concrete implementation that uses the Kubernetes TokenReview API to validate serviceaccount tokens when issuing certificates. This change does **NOT** alter installation or runtime to include the identity service. This will be included in a follow-up.
When installing Linkerd, a user may override default settings, or may explicitly configure defaults. Consider install options like `--ha --controller-replicas=4` -- the `--ha` flag sets a new default value for the controller-replicas, and then we override it. When we later upgrade this cluster, how can we know how to configure the cluster? We could store EnableHA and ControllerReplicas configurations in the config, but what if, in a later upgrade, the default value changes? How can we know whether the user specified an override or just used the default? To solve this, we add an `Install` message into a new config. This message includes (at least) the CLI flags used to invoke install. upgrade does not specify defaults for install/proxy-options fields and, instead, uses the persisted install flags to populate default values, before applying overrides from the upgrade invocation. This change breaks the protobuf compatibility by altering the `installation_uuid` field introduced in linkerd/linkerd2@9c442f6. Because this change was not yet released (even in an edge release), we feel that it is safe to break. Fixes linkerd/linkerd2#2574
Add validation webhook for service profiles Fixes #2075 Todo in a follow-up PRs: remove the SP check from the CLI check. Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
The UUID implementation we use to generate install IDs is technically not random enough for secure uses, which ours is not. To prevent security scanners like SNYK from flagging this false-positive, let's just switch to the other UUID implementation (Already in our dependencies).
In some non-tty environments, the `linkerd check` spinner can render unexpected control characters. Disable the spinner when run without a tty. Fixes #2700 Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Numerous codepaths have emerged that create k8s configs, k8s clients, and make k8s api requests. This branch consolidates k8s client creation and APIs. The primary change migrates most codepaths to call `k8s.NewAPI` to instantiate a `KubernetesAPI` struct from `pkg`. `KubernetesAPI` implements the `kubernetes.Interface` (clientset) interface, and also persists a `client-go` `rest.Config`. Specific list of changes: - removes manual GET requests from `k8s.KubernetesAPI`, in favor of clientsets - replaces most calls to `k8s.GetConfig`+`kubernetes.NewForConfig` with a single `k8s.NewAPI` - introduces a `timeout` param to `k8s.NewAPI`, currently only used by healthchecks - removes `NewClientSet` in `controller/k8s/clientset.go` in favor of `k8s.NewAPI` - removes `httpClient` and `clientset` from `HealthChecker`, use `KubernetesAPI` instead Signed-off-by: Andrew Seigner <siggy@buoyant.io>
CustomResourceDefinition parsing and retrieval is not available via client-go's `kubernetes.Interface`, but rather via a separate `k8s.io/apiextensions-apiserver` package. Introduce support for CustomResourceDefintion object parsing and retrieval. This change facilitates retrieval of CRDs from the k8s API server, and also provides CRD resources as mock objects. Also introduce a `NewFakeAPI` constructor, deprecating `NewFakeClientSets`. Callers need no longer be concerned with discreet clientsets (for k8s resources vs. CRDs vs. (eventually) ServiceProfiles), and can instead use the unified `KubernetesAPI`. Part of #2337, in service to multi-stage check. Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Signed-off-by: Cody Vandermyn <cody.vandermyn@nordstrom.com>
Split proxy-init into separate repo Fixes #2563 The new repo is https://github.com/linkerd/linkerd2-proxy-init, and I tagged the latest there `v1.0.0`. Here, I've removed the `/proxy-init` dir and pinned the injected proxy-init version to `v1.0.0` in the injector code and tests. `/cni-plugin` depends on proxy-init, so I updated the import paths there, and could verify CNI is still working (there is some flakiness but unrelated to this PR). For consistency, I added a `--init-image-version` flag to `linkerd inject` along with its corresponding override config annotation. Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
This is a major refactor of the destination service. The goals of this refactor are to simplify the code for improved maintainability. In particular: * Remove the "resolver" interfaces. These were a holdover from when our decision tree was more complex about how to handle different kinds of authorities. The current implementation only accepts fully qualified kubernetes service names and thus this was an unnecessary level of indirection. * Moved the endpoints and profile watchers into their own package for a more clear separation of concerns. These watchers deal only in Kubernetes primitives and are agnostic to how they are used. This allows a cleaner layering when we use them from our gRPC service. * Renamed the "listener" types to "translator" to make it more clear that the function of these structs is to translate kubernetes updates from the watcher to gRPC messages. Signed-off-by: Alex Leong <alex@buoyant.io>
Add support for querying TrafficSplit resources through the common API layer. This is done by depending on the TrafficSplit client bindings from smi-sdk-go. Signed-off-by: Alex Leong <alex@buoyant.io>
* build: upgrade to Go 1.17 This commit introduces three changes: 1. Update the `go` directive in `go.mod` to 1.17 2. Update all Dockerfiles from `golang:1.16.2` to `golang:1.17.3` 3. Update all CI to use Go 1.17 Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> * chore: run `go fmt ./...` This commit synchronizes `//go:build` lines with `// +build` lines. Reference: https://go.googlesource.com/proposal/+/master/design/draft-gobuild.md Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
We only run shellcheck for files that contain a #!/usr/bin/env shebang with either bash or sh. If a new shellscript file is added that has the .sh extension but either lacks shebang or has something other than that, shellcheck will not be run for that file. Then there is a risk that by mistake such a file slips into the repo under the radar. This patch adds a check for all .sh files to make sure they have a corresponding shebang in order for them to be passed to shellcheck. Change-Id: I24235e672dd82c7c73df6fe6c8beda2a579bd187 Signed-off-by: Joakim Roubert <joakimr@axis.com>
Reverts the change made to `env_vars.sh` in #7541 That file is consumed by `docker run --env-file` which requires the old format, as documented [here](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file). Also renamed it to `env_vars.list` to have it not mistaken to be a shell target. This broke the `ARM64 integration test` as seen here: https://github.com/linkerd/linkerd2/runs/4887813913?check_suite_focus=true#step:7:34
Since Go 1.13, errors may "wrap" other errors. [`errorlint`][el] checks that error formatting and inspection is wrapping-aware. This change enables `errorlint` in golangci-lint and updates all error handling code to pass the lint. Some comparisons in tests have been left unchanged (using `//nolint:errorlint` comments). [el]: https://github.com/polyfloyd/go-errorlint Signed-off-by: Oliver Gould <ver@buoyant.io>
Closes #7826 This adds the `gosec` and `errcheck` lints to the `golangci` configuration. Most significant lints have been fixed my individual changes, but this enables them by default so that all future changes are caught ahead of time. A significant amount of these lints are been exluced by the various `exclude-rules` rules added to `.golangci.yml`. These include operations are files that generally do not fail such as `Copy`, `Flush`, or `Write`. We also choose to ignore most errors when cleaning up functions via the `defer` keyword. Aside from those, there are several other rules added that all have comments explaining why it's okay to ignore the errors that they cover. Finally, several smaller fixes in the code have been made where it seems necessary to catch errors or at least log them. Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>
Several container images use `debian:buster-20210208-slim`. `bullseye` is now the default version (i.e., referenced by the `latest` tag). This change updates container images that use debian to reference `bullseye` instead of `buster`. The date tags have been dropped so that we pick up the latest patch version on each Linkerd release. Signed-off-by: Oliver Gould <ver@buoyant.io>
Introduce fs watch for cni installer Our CNI installer script is prone to race conditions, especially when a node is rebooted, or restarted. Order of configuration should not matter and our CNI plugin should attach to other plugins (i.e chain to them) or run standalone when applicable. In order to be more flexible, we introduce a filesystem watcher through inotifywait to react to changes in the cni config directory. We react to changes based on SHAs. Linkerd's CNI plugin should append configuration when at least one other file exists, but if multiple files exist, the CNI plugin should not have to make a decision on whether thats the current file to append itself to. As a result, most of the logic in this commit revolves around the assumption that whatever file we detect has been created should be injected with Linkerd's config -- the rest is up to the host. In addition, we also introduce a sleep in the cni preStop hook, changed to using bash and introduce procps to get access to ps and pgrep. Closes #8070 Signed-off-by: Matei David <matei@buoyant.io> Co-authored-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
- Replace simple awk commands with shell built-ins - Single quotes instead of double quotes for static strings - No need for -n operator to check that variables are not empty - Use single echo calls instead of several consecutive ones - No quotes are needed for variable assignments - Use the more lightweight echo instead of printf where applicable - No need to use bash's == comparison when there is the POSIX = Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
Our docker images hardcode a patch version, 1.17.3, which does not include a variety of important fixes that have been released: > go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, > runtime, and the go/types, net/http, and time packages. See the Go > 1.17.4 milestone on our issue tracker for details. > go1.17.5 (released 2021-12-09) includes security fixes to the net/http > and syscall packages. See the Go 1.17.5 milestone on our issue tracker > for details. > go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, > runtime, and the crypto/x509, net/http, and reflect packages. See the Go > 1.17.6 milestone on our issue tracker for details. > go1.17.7 (released 2022-02-10) includes security fixes to the go > command, and the crypto/elliptic and math/big packages, as well as bug > fixes to the compiler, linker, runtime, the go command, and the > debug/macho, debug/pe, and net/http/httptest packages. See the Go 1.17.7 > milestone on our issue tracker for details. > go1.17.8 (released 2022-03-03) includes a security fix to the > regexp/syntax package, as well as bug fixes to the compiler, runtime, > the go command, and the crypto/x509 and net packages. See the Go 1.17.8 > milestone on our issue tracker for details. > go1.17.9 (released 2022-04-12) includes security fixes to the > crypto/elliptic and encoding/pem packages, as well as bug fixes to the > linker and runtime. See the Go 1.17.9 milestone on our issue tracker for > details. > go1.17.10 (released 2022-05-10) includes security fixes to the syscall > package, as well as bug fixes to the compiler, runtime, and the > crypto/x509 and net/http/httptest packages. See the Go 1.17.10 milestone > on our issue tracker for details. > go1.17.11 (released 2022-06-01) includes security fixes to the > crypto/rand, crypto/tls, os/exec, and path/filepath packages, as well as > bug fixes to the crypto/tls package. See the Go 1.17.11 milestone on our > issue tracker for details. This changes our container configs to use the latest 1.17 release on each build so that these patch releases are picked up without manual intervention. Signed-off-by: Oliver Gould <ver@buoyant.io>
The CNI plugin watches for file changes and reacts accordingly. To append our CNI plugin configuration to an existing configuration file, we keep a watch on the config file directory, and whenever a new file is created (or modified) we append to it. To avoid redundancy and infinite loops, after a file has been processed, we save its SHA in-memory. Whenever a new update is received, we calculate the file's SHA, and if it differs from the previous one, we update it (since the file hasn't been 'seen' by our script yet). The in-memory SHA is continously overridden as updates are received and processed. In our processing logic, we override the SHA only if the file exists (in short, we want to avoid processing the SHA on 'DELETE' events). However, when a different CNI plugin deletes the file, it typically re-creates it immediately after. Since we do not check for the event type and instead rely only on file existence, we end up calculating the SHA for a new file before the file has had a chance to be processed when its associated 'CREATE' event is picked up. This means that new files will essentially be skipped from being updated, since the script considers them to have been processed already (since their SHA was calculated when the previous file was deleted). This change fixes the bug by introducing a type check for the event in addition to checking the file's existence. This allows us to be sure that new files are only processed when the 'CREATE' event is picked up, ensuring we do not skip them. Signed-off-by: Matei David <matei@buoyant.io>
Release v1.6.1 of proxy-init adds support for iptables-nft. This change bumps up the proxy-init version used in code, chart values, and golden files. * Update go.mod dep * Update CNI plugin with new opts * Update proxy-init ref in golden files and chart values * Update policy controller CI workflow Signed-off-by: Matei David <matei@buoyant.io>
Go 1.18 features a number of important chanages, notably removing client support for defunct TLS versions: https://tip.golang.org/doc/go1.18 This change updates our Go version in CI and development. Signed-off-by: Oliver Gould <ver@buoyant.io>
This PR allows Linkerd-CNI to be called in non-chained (stand-alone) mode. Together with a separate controller https://github.com/ErmakovDmitriy/linkerd-multus-attach-operator this PR should allow to run Linkerd-CNI in Kubernetes clusters with Multus CNI. The main issue with Multus-CNI clusters is that Multus does not handle "*.conflist" CNI configuration files, so Linkerd-CNI is ignored. Please, take a look at some details in issue #8553. Short summary about the aforementioned controller: it adds Multus NetworkAttachmentDefinitions to namespaces which have special annotation `linkerd.io/multus=enabled` and patches Pod definitions with `k8s.cni.cncf.io/v1=linkerd-cni`. The result is that Linkerd-CNI binary is called by Multus with configuration from the NetworkAttachmentDefinition. For using with Openshift, one should manually annotate a namespace or a Pod with config.linkerd.io/proxy-uid annotation with some value in the allowed range, for instance: ```yaml apiVersion: v1 kind: Namespace metadata: annotations: # I used UID in the end of the range "openshift.io/sa.scc.uid-range" config.linkerd.io/proxy-uid: "1000739999" linkerd.io/inject: enabled linkerd.io/multus: enabled openshift.io/sa.scc.mcs: s0:c27,c14 openshift.io/sa.scc.supplemental-groups: 1000730000/10000 openshift.io/sa.scc.uid-range: 1000730000/10000 labels: config.linkerd.io/admission-webhooks: enabled kubernetes.io/metadata.name: emojivoto name: emojivoto ``` Signed-off-by: Dmitrii Ermakov <demonihin@gmail.com>
…o .conflist (#9555) * Change the integration test to check that the CNI configuration directory only has a single configuration file * Change the install script to remove the old .conf file when it's rewritten into a .conflist
`io/ioutil` has been deprecated since go 1.16 and the linter started to complain about it.
added 2 commits
November 22, 2022 17:31
Signed-off-by: Steve Jenson <stevej@buoyant.io>
Signed-off-by: Steve Jenson <stevej@buoyant.io>
olix0r
reviewed
Nov 22, 2022
Signed-off-by: Steve Jenson <stevej@buoyant.io>
* modifying import paths and making a temporary copy of testutil/annotations.go Signed-off-by: Steve Jenson <stevej@buoyant.io> * removed testutil, dockerized cni installer tests now pass Signed-off-by: Steve Jenson <stevej@buoyant.io> * moving internal to pkg/linkerd-, removing Dockerfile until fixed, changining imports, removing linkerd2 k8s client with client-go Signed-off-by: Steve Jenson <stevej@buoyant.io> * gofmt install-cni_test.go Signed-off-by: Steve Jenson <stevej@buoyant.io> * go mod updates Signed-off-by: Steve Jenson <stevej@buoyant.io> * adding pkg to Docker image Signed-off-by: Steve Jenson <stevej@buoyant.io> * updating dev from v32 to v35 for go Signed-off-by: Steve Jenson <stevej@buoyant.io> * moving back to old dev image Signed-off-by: Steve Jenson <stevej@buoyant.io> * use dev:v32-go for go lint workflow Signed-off-by: Steve Jenson <stevej@buoyant.io> * fixing linter complaints Signed-off-by: Steve Jenson <stevej@buoyant.io> * fixing linter complaints Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #1 Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #2 Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #3 Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #4 Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #5 Signed-off-by: Steve Jenson <stevej@buoyant.io> * turning off noisy lint #6 Signed-off-by: Steve Jenson <stevej@buoyant.io> * Replace pkg/ with internal/ (#148) * Replace pkg/ with internal/ There's no need for a public library export. We can share code within this repo via the `internal` directory. * simplify package names Signed-off-by: Oliver Gould <ver@buoyant.io> * adding internal back. whoopsie Signed-off-by: Steve Jenson <stevej@buoyant.io> * bumping dev go version Signed-off-by: Steve Jenson <stevej@buoyant.io> * replace deprecated ioutil functions with io functions. Signed-off-by: Steve Jenson <stevej@buoyant.io> * increasing timeout to help with linter issues, adding verbose Signed-off-by: Steve Jenson <stevej@buoyant.io> * replace TODO with literals, wait for the linter to complain so we can give it the magic incantation to sleep now Signed-off-by: Steve Jenson <stevej@buoyant.io> * more linter Signed-off-by: Steve Jenson <stevej@buoyant.io> * gofmt Signed-off-by: Steve Jenson <stevej@buoyant.io> * swap position of comment and argument as the linter has an opinion here, too Signed-off-by: Steve Jenson <stevej@buoyant.io> * Update cni-plugin/main.go Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> * Update cni-plugin/main.go Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> * Update cni-plugin/main.go Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> * Update cni-plugin/main.go Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> * simplify lint call Signed-off-by: Steve Jenson <stevej@buoyant.io> * removed unneeded abstraction Signed-off-by: Steve Jenson <stevej@buoyant.io> * linter for cni-plugin and all go code Signed-off-by: Steve Jenson <stevej@buoyant.io> * giving flags to go linter Signed-off-by: Steve Jenson <stevej@buoyant.io> * run the test on the moved internal package Signed-off-by: Steve Jenson <stevej@buoyant.io> * adding keys back for annotation lookup Signed-off-by: Steve Jenson <stevej@buoyant.io> Signed-off-by: Steve Jenson <stevej@buoyant.io> Signed-off-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I wrote a small tool to move the commits of linkerd2/cni-plugin to this repository under the cni-plugin directory.
https://gist.github.com/stevej/aee58c1adedf8b3a0f7ba0db9b7ce8bd
I made a clone of
linkerd2, and usedgit-filter-repoto strip out all changes that weren't tocni-pluginand then visually verified withgit log --numstat --pretty=oneline. Afterwards, I addedlinkerd2as a remote oflinkerd2-proxy-initand merged in the newly slimmed down main branch.linkerd2 repo with only cni-plugin
linkerd2 % git log --pretty=oneline |wc -l
109
linkerd2-proxy-init repo on main
linkerd2-proxy-init % git log --pretty=oneline |wc -l
130
linkerd2-proxy-init in this branch
linkerd2-proxy-init % git log --pretty=oneline |wc -l
240
Total: 239 commits plus the merge
Signed-off-by: Steve Jenson stevej@buoyant.io