linkerd · stevej · Dec 29, 2022 · Nov 22, 2022 · Nov 23, 2022 · Dec 1, 2022
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -11,9 +11,10 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-20.04
+    container: ghcr.io/linkerd/dev:v38-go
     steps:
       - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376
+      - run: just go-lint --verbose --timeout=10m
 
   fmt:
     runs-on: ubuntu-20.04

diff --git a/Dockerfile b/Dockerfile
@@ -9,6 +9,7 @@ FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v38-go as go
 WORKDIR /build
 COPY --link go.mod go.sum .
 COPY --link ./proxy-init ./proxy-init
+COPY --link ./internal ./internal
 RUN go mod download
 ARG TARGETARCH
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \

diff --git a/cni-plugin/Dockerfile b/cni-plugin/Dockerfile
diff --git a/cni-plugin/main.go b/cni-plugin/main.go
@@ -30,12 +30,14 @@ import (
 	"github.com/containernetworking/cni/pkg/types"
 	cniv1 "github.com/containernetworking/cni/pkg/types/100"
 	"github.com/containernetworking/cni/pkg/version"
-	"github.com/linkerd/linkerd2-proxy-init/cmd"
-	"github.com/linkerd/linkerd2-proxy-init/iptables"
-	"github.com/linkerd/linkerd2/pkg/k8s"
+	"github.com/linkerd/linkerd2-proxy-init/internal/iptables"
+	"github.com/linkerd/linkerd2-proxy-init/proxy-init/cmd"
+
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
 )
 
 // ProxyInit is the configuration for the proxy-init binary
@@ -83,12 +85,12 @@ func main() {
 }
 
 func configureLogging(logLevel string) {
-	if strings.EqualFold(logLevel, "debug") {
+	switch strings.ToLower(logLevel) {
+	case "debug":
 		logrus.SetLevel(logrus.DebugLevel)
-	} else if strings.EqualFold(logLevel, "info") {
+	case "info":
 		logrus.SetLevel(logrus.InfoLevel)
-	} else {
-		// Default level
+	default:
 		logrus.SetLevel(logrus.WarnLevel)
 	}
 
@@ -164,7 +166,16 @@ func cmdAdd(args *skel.CmdArgs) error {
 
 	if namespace != "" && podName != "" {
 		ctx := context.Background()
-		client, err := k8s.NewAPI(conf.Kubernetes.Kubeconfig, "linkerd-cni-context", "", []string{}, 0)
+
+		configLoadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: conf.Kubernetes.Kubeconfig}
+		configOverrides := &clientcmd.ConfigOverrides{CurrentContext: "linkerd-cni-context"}
+
+		config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
+		if err != nil {
+			return err
+		}
+
+		client, err := kubernetes.NewForConfig(config)
 		if err != nil {
 			return err
 		}
@@ -176,15 +187,15 @@ func cmdAdd(args *skel.CmdArgs) error {
 
 		containsLinkerdProxy := false
 		for _, container := range pod.Spec.Containers {
-			if container.Name == k8s.ProxyContainerName {
+			if container.Name == "linkerd-proxy" {
 				containsLinkerdProxy = true
 				break
 			}
 		}
 
 		containsInitContainer := false
 		for _, container := range pod.Spec.InitContainers {
-			if container.Name == k8s.InitContainerName {
+			if container.Name == "linkerd-init" {
 				containsInitContainer = true
 				break
 			}
@@ -207,7 +218,7 @@ func cmdAdd(args *skel.CmdArgs) error {
 			}
 
 			// Check if there are any overridden ports to be skipped
-			outboundSkipOverride, err := getAnnotationOverride(ctx, client, pod, k8s.ProxyIgnoreOutboundPortsAnnotation)
+			outboundSkipOverride, err := getAnnotationOverride(ctx, client, pod, "config.linkerd.io/skip-outbound-ports")
 			if err != nil {
 				logEntry.Errorf("linkerd-cni: could not retrieve overridden annotations: %s", err)
 				return err
@@ -218,7 +229,7 @@ func cmdAdd(args *skel.CmdArgs) error {
 				options.OutboundPortsToIgnore = strings.Split(outboundSkipOverride, ",")
 			}
 
-			inboundSkipOverride, err := getAnnotationOverride(ctx, client, pod, k8s.ProxyIgnoreInboundPortsAnnotation)
+			inboundSkipOverride, err := getAnnotationOverride(ctx, client, pod, "config.linkerd.io/skip-inbound-ports")
 			if err != nil {
 				logEntry.Errorf("linkerd-cni: could not retrieve overridden annotations: %s", err)
 				return err
@@ -230,7 +241,7 @@ func cmdAdd(args *skel.CmdArgs) error {
 			}
 
 			// Override ProxyUID from annotations.
-			proxyUIDOverride, err := getAnnotationOverride(ctx, client, pod, k8s.ProxyUIDAnnotation)
+			proxyUIDOverride, err := getAnnotationOverride(ctx, client, pod, "config.linkerd.io/proxy-uid")
 			if err != nil {
 				logEntry.Errorf("linkerd-cni: could not retrieve overridden annotations: %s", err)
 				return err
@@ -248,7 +259,7 @@ func cmdAdd(args *skel.CmdArgs) error {
 				options.ProxyUserID = parsed
 			}
 
-			if pod.GetLabels()[k8s.ControllerComponentLabel] != "" {
+			if pod.GetLabels()["controller-component"] != "" {
 				// Skip 443 outbound port if its a control plane component
 				logEntry.Debug("linkerd-cni: adding 443 to OutboundPortsToIgnore as its a control plane component")
 				options.OutboundPortsToIgnore = append(options.OutboundPortsToIgnore, "443")
@@ -298,7 +309,7 @@ func cmdDel(args *skel.CmdArgs) error {
 	return nil
 }
 
-func getAnnotationOverride(ctx context.Context, api *k8s.KubernetesAPI, pod *v1.Pod, key string) (string, error) {
+func getAnnotationOverride(ctx context.Context, api *kubernetes.Clientset, pod *v1.Pod, key string) (string, error) {
 	// Check if the annotation is present on the pod
 	if override := pod.GetObjectMeta().GetAnnotations()[key]; override != "" {
 		return override, nil

diff --git a/cni-plugin/test/install-cni_test.go b/cni-plugin/test/install-cni_test.go
@@ -26,8 +26,6 @@ import (
 	"strings"
 	"testing"
 	"time"
-
-	"github.com/linkerd/linkerd2/testutil"
 )
 
 const (
@@ -51,16 +49,14 @@ func env(key, fallback string) string {
 func setEnv(key, value string, t *testing.T) {
 	err := os.Setenv(key, value)
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "couldn't set environment variable",
-			"couldn't set environment variable: %v", err)
+		t.Fatalf("couldn't set environment variable: %v", err)
 	}
 }
 
 func mktemp(dir, prefix string, t *testing.T) string {
 	tempDir, err := os.MkdirTemp(dir, prefix)
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "couldn't get current working directory",
-			"couldn't get current working directory: %v", err)
+		t.Fatalf("couldn't get current working directory: %v", err)
 	}
 	t.Logf("Created temporary dir: %v", tempDir)
 	return tempDir
@@ -69,17 +65,15 @@ func mktemp(dir, prefix string, t *testing.T) string {
 func pwd(t *testing.T) string {
 	wd, err := os.Getwd()
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "couldn't get current working directory",
-			"couldn't get current working directory: %v", err)
+		t.Fatalf("couldn't get current working directory: %v", err)
 	}
 	return wd + "/"
 }
 
 func ls(dir string, t *testing.T) []string {
 	files, err := os.ReadDir(dir)
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "failed to list files",
-			"failed to list files: %v", err)
+		t.Fatalf("failed to list files: %v", err)
 	}
 	fileNames := make([]string, len(files))
 	for i, f := range files {
@@ -89,22 +83,19 @@ func ls(dir string, t *testing.T) []string {
 }
 
 func cp(src, dest string, t *testing.T) {
-	data, err := os.ReadFile(src)
+	data, err := os.ReadFile(src) //nolint:gosec
 	if err != nil {
-		testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to read file %v", src),
-			"failed to read file %v: %v", src, err)
+		t.Fatalf("failed to read file %v: %v", src, err)
 	}
 	if err = os.WriteFile(dest, data, 0600); err != nil {
-		testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to write file %v", dest),
-			"failed to write file %v: %v", dest, err)
+		t.Fatalf("failed to write file %v: %v", dest, err)
 	}
 }
 
 func rm(dir string, t *testing.T) {
 	err := os.RemoveAll(dir)
 	if err != nil {
-		testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to remove dir %v", dir),
-			"failed to remove dir %v: %v", dir, err)
+		t.Fatalf("failed to remove dir %v: %v", dir, err)
 	}
 }
 
@@ -122,7 +113,6 @@ func checkOnlyOneConfFileExists(t *testing.T, directory string) {
 
 	if len(possibleConfigFiles) == 0 {
 		t.Log("FAIL: no files found ending with .conf or .conflist in the CNI configuration directory")
-		// TODO(stevej): testutil.AnnotatedFatal does not result in a Failed test
 		t.Fail()
 	} else if len(possibleConfigFiles) > 1 {
 		t.Logf("FAIL: CNI configuration conflict: multiple files found ending with .conf or .conflist %v", possibleConfigFiles)
@@ -172,16 +162,14 @@ func startDocker(testNum int, wd string, testWorkRootDir string, tempCNINetDir s
 	args = append(args, dockerImage, "install-cni.sh")
 
 	// Create a temporary log file to write docker command error log.
-	errFile, err := os.Create(errFileName)
+	errFile, err := os.Create(errFileName) //nolint:gosec
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "couldn't create docker stderr file",
-			"couldn't create docker stderr file: %v", err)
+		t.Fatalf("couldn't create docker stderr file: %v", err)
 	}
 	defer func() {
 		errClose := errFile.Close()
 		if errClose != nil {
-			testutil.AnnotatedFatalf(t, "couldn't close docker stderr file",
-				"couldn't close docker stderr file: %v", errClose)
+			t.Fatalf("couldn't close docker stderr file: %v", errClose)
 		}
 	}()
 
@@ -191,10 +179,10 @@ func startDocker(testNum int, wd string, testWorkRootDir string, tempCNINetDir s
 
 	containerID, err := cmd.Output()
 	if err != nil {
-		errFileContents, _ := os.ReadFile(errFileName)
+		errFileContents, _ := os.ReadFile(errFileName) //nolint:gosec
 		t.Logf("%v contents:\n\n%v\n\n", errFileName, string(errFileContents))
-		testutil.Fatalf(t,
-			"test %v ERROR: failed to start docker container '%v', see %v", testNum, dockerImage, errFileName)
+		t.Fatalf("test %v ERROR: failed to start docker container '%v', see %v",
+			testNum, dockerImage, errFileName)
 	}
 	t.Logf("Container ID: %s", containerID)
 	return strings.Trim(string(containerID), "\n")
@@ -204,34 +192,30 @@ func startDocker(testNum int, wd string, testWorkRootDir string, tempCNINetDir s
 func docker(cmd, containerID string, t *testing.T) {
 	out, err := exec.Command("docker", cmd, containerID).CombinedOutput()
 	if err != nil {
-		testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to execute 'docker %s %s'", cmd, containerID),
-			"failed to execute 'docker %s %s': %v", cmd, containerID, err)
+		t.Fatalf("failed to execute 'docker %s %s': %v", cmd, containerID, err)
 	}
 	t.Logf("docker %s %s - out: %s", cmd, containerID, out)
 }
 
 // compareConfResult does a string compare of 2 test files.
 func compareConfResult(testWorkRootDir string, tempCNINetDir string, result string, expected string, t *testing.T) {
 	tempResult := tempCNINetDir + "/" + result
-	resultFile, err := os.ReadFile(tempResult)
+	resultFile, err := os.ReadFile(tempResult) //nolint:gosec
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "failed to read file",
-			"failed to read file %v: %v", tempResult, err)
+		t.Fatalf("failed to read file %v: %v", tempResult, err)
 	}
 
-	expectedFile, err := os.ReadFile(expected)
+	expectedFile, err := os.ReadFile(expected) //nolint:gosec
 	if err != nil {
-		testutil.AnnotatedFatalf(t, fmt.Sprintf("failed to read file %v", expected),
-			"failed to read file %v, err: %v", expected, err)
+		t.Fatalf("failed to read file %v, err: %v", expected, err)
 	}
 
 	if bytes.Equal(resultFile, expectedFile) {
 		t.Logf("PASS: result matches expected: %v v. %v", tempResult, expected)
 	} else {
-		tempFail := mktemp(testWorkRootDir, result+".fail.XXXX", t)
+		tempFail := mktemp(testWorkRootDir, result+".fail.XXXX", t) //nolint:gosec
 		cp(tempResult, tempFail+"/"+result, t)
-		testutil.AnnotatedErrorf(t, "FAIL: result doesn't match expected",
-			"FAIL: result doesn't match expected: %v v. %v\nCheck %v for diff contents", tempResult, expected, tempFail)
+		t.Errorf("FAIL: result doesn't match expected: %v v. %v\nCheck %v for diff contents", tempResult, expected, tempFail)
 	}
 }
 
@@ -242,13 +226,11 @@ func checkBinDir(t *testing.T, tempCNIBinDir string, op string, files ...string)
 			if op == "add" {
 				t.Logf("PASS: File %v was added to %v", f, tempCNIBinDir)
 			} else if op == "del" {
-				testutil.AnnotatedFatalf(t, fmt.Sprintf("FAIL: File %v was not removed", f),
-					"FAIL: File %v was not removed from %v", f, tempCNIBinDir)
+				t.Fatalf("FAIL: File %v was not removed from %v", f, tempCNIBinDir)
 			}
 		} else {
 			if op == "add" {
-				testutil.AnnotatedFatalf(t, fmt.Sprintf("FAIL: File %v was not added", f),
-					"FAIL: File %v was not added to %v", f, tempCNIBinDir)
+				t.Fatalf("FAIL: File %v was not added to %v", f, tempCNIBinDir)
 			} else if op == "del" {
 				t.Logf("PASS: File %v was removed from %v", f, tempCNIBinDir)
 			}
@@ -264,10 +246,9 @@ func doTest(testNum int, wd string, initialNetConfFile string, finalNetConfFile
 	if initialNetConfFile != "NONE" {
 		setEnv(cniConfName, initialNetConfFile, t)
 	}
-	defaultData, err := os.ReadFile(wd + "../deployment/linkerd-cni.conf.default")
+	defaultData, err := os.ReadFile(wd + "../deployment/linkerd-cni.conf.default") //nolint:gosec
 	if err != nil {
-		testutil.AnnotatedFatalf(t, "failed to read file linkerd-cni.conf.default",
-			"failed to read file %v, err: %v", wd+"../deployment/linkerd-cni.conf.default", err)
+		t.Fatalf("failed to read file %v, err: %v", wd+"../deployment/linkerd-cni.conf.default", err)
 	}
 	setEnv(cniNetworkConfigName, string(defaultData), t)
 
@@ -288,8 +269,7 @@ func doTest(testNum int, wd string, initialNetConfFile string, finalNetConfFile
 	} else {
 		files := ls(tempCNINetDir, t)
 		if len(files) > 0 {
-			testutil.AnnotatedFatalf(t, "FAIL: CNI_CONF_DIR is not empty",
-				"FAIL: CNI_CONF_DIR is not empty: %v", files)
+			t.Fatalf("FAIL: CNI_CONF_DIR is not empty: %v", files)
 		} else {
 			t.Log("PASS: CNI_CONF_DIR is empty")
 		}