From ace82be9cb585e84fdd34f48b959037e8c2db91c Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe <33931378+AmitSahastra@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:19:33 +0530 Subject: [PATCH 01/13] Update kubeadm_control_plane_webhook.go --- .../v1beta1/kubeadm_control_plane_webhook.go | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index 33603f5931a2..521df9d213b5 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -139,26 +139,26 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) error { // For example, {"spec", "*"} will allow any path under "spec" to change. allowedPaths := [][]string{ {"metadata", "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, apiServer, "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"}, - //{spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"}, - //{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"}, - //{spec, kubeadmConfigSpec, initConfiguration, patches, directory}, - //{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"}, - //{spec, kubeadmConfigSpec, joinConfiguration, patches, directory}, - //{spec, kubeadmConfigSpec, preKubeadmCommands}, - //{spec, kubeadmConfigSpec, postKubeadmCommands}, - //{spec, kubeadmConfigSpec, files}, - //{spec, kubeadmConfigSpec, "verbosity"}, - //{spec, kubeadmConfigSpec, users}, - //{spec, kubeadmConfigSpec, ntp, "*"}, - //{spec, kubeadmConfigSpec, ignition, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, apiServer, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"}, + // {spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"}, + // {spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"}, + // {spec, kubeadmConfigSpec, initConfiguration, patches, directory}, + // {spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"}, + // {spec, kubeadmConfigSpec, joinConfiguration, patches, directory}, + // {spec, kubeadmConfigSpec, preKubeadmCommands}, + // {spec, kubeadmConfigSpec, postKubeadmCommands}, + // {spec, kubeadmConfigSpec, files}, + // {spec, kubeadmConfigSpec, "verbosity"}, + // {spec, kubeadmConfigSpec, users}, + // {spec, kubeadmConfigSpec, ntp, "*"}, + // {spec, kubeadmConfigSpec, ignition, "*"}, // allow all fields to be modified {spec, kubeadmConfigSpec, "*"}, {spec, "machineTemplate", "metadata", "*"}, From e47d186238351e749e16f7294b5f5f23866d1d5f Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Tue, 25 Oct 2022 12:49:49 +0530 Subject: [PATCH 02/13] [WIP] PCP-22: Boostrap and CAPI changes --- .../controllers/kubeadmconfig_controller.go | 22 +++- .../internal/controllers/controller.go | 16 ++- .../kubeadm/internal/controllers/helpers.go | 9 +- .../kubeadm/internal/controllers/status.go | 10 +- hack/tools/go.mod | 46 +++---- hack/tools/go.sum | 25 ++++ .../cluster/cluster_controller_phases.go | 45 +++++-- test/go.mod | 24 ++-- test/go.sum | 12 ++ util/kubeconfig/kubeconfig.go | 69 ++++++++++ util/secret/certificates.go | 122 +++++++++++++++++- util/secret/consts.go | 1 + util/secret/secret.go | 4 +- 13 files changed, 344 insertions(+), 61 deletions(-) diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index d46246b453c6..2438f78a48c5 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -19,6 +19,7 @@ package controllers import ( "context" "fmt" + "log" "strconv" "time" @@ -277,10 +278,13 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques return ctrl.Result{}, nil } + //TODO: PCP-22 check (annotation to skip handleClusterNotInitialized and go for join ) + //how to make this condition true for new cluster as kubeadm cluster is already initialized // Note: can't use IsFalse here because we need to handle the absence of the condition as well as false. - if !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { - return r.handleClusterNotInitialized(ctx, scope) - } + log.Info("TESTING... skip handx``leClusterNotInitialized and push cluster for join") + //if !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { + // return r.handleClusterNotInitialized(ctx, scope) + //} // Every other case it's a join scenario // Nb. in this case ClusterConfiguration and InitConfiguration should not be defined by users, but in case of misconfigurations, CABPK simply ignore them @@ -296,10 +300,12 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques // it's a control plane join if configOwner.IsControlPlaneMachine() { + log.Info("TESTING.... joinControlplane") return r.joinControlplane(ctx, scope) } // It's a worker join + log.Info("TESTING.... It's a worker join") return r.joinWorker(ctx, scope) } @@ -357,6 +363,9 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex // initialize the DataSecretAvailableCondition if missing. // this is required in order to avoid the condition's LastTransitionTime to flicker in case of errors surfacing // using the DataSecretGeneratedFailedReason + + scope.Info("TESTING.... In handleClusterNotInitialized") + if conditions.GetReason(scope.Config, bootstrapv1.DataSecretAvailableCondition) != bootstrapv1.DataSecretGenerationFailedReason { conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableCondition, clusterv1.WaitingForControlPlaneAvailableReason, clusterv1.ConditionSeverityInfo, "") } @@ -439,6 +448,7 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex return ctrl.Result{}, err } + scope.Info("TESTING.... LookupOrGenerate new certificates") certificates := secret.NewCertificatesForInitialControlPlane(scope.Config.Spec.ClusterConfiguration) // If the Cluster does not have a ControlPlane reference look up and generate the certificates. @@ -520,8 +530,12 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex } func (r *KubeadmConfigReconciler) joinWorker(ctx context.Context, scope *Scope) (ctrl.Result, error) { + scope.Info("Creating BootstrapData for the worker node") + scope.Info("TESTING.... joinWorker") + log.Println("TESTING.... joinWorker") + certificates := secret.NewCertificatesForWorker(scope.Config.Spec.JoinConfiguration.CACertPath) err := certificates.Lookup( ctx, @@ -627,6 +641,8 @@ func (r *KubeadmConfigReconciler) joinControlplane(ctx context.Context, scope *S scope.Config.Spec.JoinConfiguration.ControlPlane = &bootstrapv1.JoinControlPlane{} } + scope.Info("TESTING.... NewControlPlaneJoinCerts") + log.Println("TESTING.... joinControlplane") certificates := secret.NewControlPlaneJoinCerts(scope.Config.Spec.ClusterConfiguration) err := certificates.Lookup( ctx, diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 05d69b52b00b..1e968aa685f2 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -278,10 +278,15 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * if config.ClusterConfiguration == nil { config.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{} } + + //TODO: PCP-22 lookup or generate ca, sa, etcd certificates and key certificates := secret.NewCertificatesForInitialControlPlane(config.ClusterConfiguration) + //for _, certificate := range certificates { + // log.Info("TESTING.... lookup or generate ca, sa, etcd certificates and key: ", certificate) + //} controllerRef := metav1.NewControllerRef(kcp, controlplanev1.GroupVersion.WithKind("KubeadmControlPlane")) if err := certificates.LookupOrGenerate(ctx, r.Client, util.ObjectKey(cluster), *controllerRef); err != nil { - log.Error(err, "unable to lookup or create cluster certificates") + log.Error(err, "TESTING.... unable to lookup or create cluster certificates") conditions.MarkFalse(kcp, controlplanev1.CertificatesAvailableCondition, controlplanev1.CertificatesGenerationFailedReason, clusterv1.ConditionSeverityWarning, err.Error()) return ctrl.Result{}, err } @@ -293,6 +298,7 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * return ctrl.Result{}, nil } + //TODO: PCP-22 adopt kubeconfig instead of generating new // Generate Cluster Kubeconfig if needed if result, err := r.reconcileKubeconfig(ctx, cluster, kcp); !result.IsZero() || err != nil { if err != nil { @@ -392,6 +398,7 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * desiredReplicas := int(*kcp.Spec.Replicas) switch { + //TODO: PCP-22 skip creating new control plane // We are creating the first replica case numMachines < desiredReplicas && numMachines == 0: // Create new Machine w/ init @@ -399,7 +406,7 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * conditions.MarkFalse(controlPlane.KCP, controlplanev1.AvailableCondition, controlplanev1.WaitingForKubeadmInitReason, clusterv1.ConditionSeverityInfo, "") return r.initializeControlPlane(ctx, cluster, kcp, controlPlane) // We are scaling up - case numMachines < desiredReplicas && numMachines > 0: + case numMachines < desiredReplicas && numMachines >= 0: // Create a new Machine w/ join log.Info("Scaling up control plane", "Desired", desiredReplicas, "Existing", numMachines) return r.scaleUpControlPlane(ctx, cluster, kcp, controlPlane) @@ -568,6 +575,11 @@ func (r *KubeadmControlPlaneReconciler) reconcileEtcdMembers(ctx context.Context log := ctrl.LoggerFrom(ctx) // If etcd is not managed by KCP this is a no-op. + if true { + //TODO: PCP-22 + return ctrl.Result{}, nil + } + if !controlPlane.IsEtcdManaged() { return ctrl.Result{}, nil } diff --git a/controlplane/kubeadm/internal/controllers/helpers.go b/controlplane/kubeadm/internal/controllers/helpers.go index 3355f942409c..40c941cd71a3 100644 --- a/controlplane/kubeadm/internal/controllers/helpers.go +++ b/controlplane/kubeadm/internal/controllers/helpers.go @@ -74,8 +74,13 @@ func (r *KubeadmControlPlaneReconciler) reconcileKubeconfig(ctx context.Context, return ctrl.Result{}, errors.Wrap(err, "failed to retrieve kubeconfig Secret") } - if err := r.adoptKubeconfigSecret(ctx, cluster, configSecret, kcp); err != nil { - return ctrl.Result{}, err + // check if the kubeconfig secret was created by v1alpha2 controllers, and thus it has the Cluster as the owner instead of KCP; + // if yes, adopt it. + //TODO: PCP-22 Need to inject original Kubeconfig instead of generating new + if util.IsOwnedByObject(configSecret, cluster) && !util.IsControlledBy(configSecret, kcp) { + if err := r.adoptKubeconfigSecret(ctx, cluster, configSecret, kcp); err != nil { + return ctrl.Result{}, err + } } // only do rotation on owned secrets diff --git a/controlplane/kubeadm/internal/controllers/status.go b/controlplane/kubeadm/internal/controllers/status.go index c17d62c0cf7c..e5dee8f2f6b9 100644 --- a/controlplane/kubeadm/internal/controllers/status.go +++ b/controlplane/kubeadm/internal/controllers/status.go @@ -106,11 +106,13 @@ func (r *KubeadmControlPlaneReconciler) updateStatus(ctx context.Context, kcp *c kcp.Status.ReadyReplicas = status.ReadyNodes kcp.Status.UnavailableReplicas = replicas - status.ReadyNodes + //TODO: PCP-22 Initialized should be true to join new node to cluster or else it will try to init // This only gets initialized once and does not change if the kubeadm config map goes away. - if status.HasKubeadmConfig { - kcp.Status.Initialized = true - conditions.MarkTrue(kcp, controlplanev1.AvailableCondition) - } + //if status.HasKubeadmConfig { + log.Info("TESTING.... set kcp.Status.Initialized to true") + kcp.Status.Initialized = true + conditions.MarkTrue(kcp, controlplanev1.AvailableCondition) + //} if kcp.Status.ReadyReplicas > 0 { kcp.Status.Ready = true diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 454ad6e5ccc3..6dac23f896bd 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -7,14 +7,14 @@ replace sigs.k8s.io/cluster-api => ../../ replace sigs.k8s.io/cluster-api/test => ../../test require ( - cloud.google.com/go/storage v1.22.1 + cloud.google.com/go/storage v1.30.1 github.com/blang/semver v3.5.1+incompatible github.com/hashicorp/go-multierror v1.1.1 github.com/pkg/errors v0.9.1 github.com/spf13/pflag v1.0.5 github.com/valyala/fastjson v1.6.3 - golang.org/x/tools v0.1.12 - google.golang.org/api v0.84.0 + golang.org/x/tools v0.6.0 + google.golang.org/api v0.126.0 helm.sh/helm/v3 v3.9.4 k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.25.0 @@ -33,9 +33,9 @@ require ( ) require ( - cloud.google.com/go v0.102.0 // indirect - cloud.google.com/go/compute v1.7.0 // indirect - cloud.google.com/go/iam v0.3.0 // indirect + cloud.google.com/go v0.110.4 // indirect + cloud.google.com/go/compute v1.21.0 // indirect + cloud.google.com/go/iam v1.1.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -46,7 +46,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/containerd/containerd v1.6.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/cli v20.10.17+incompatible // indirect @@ -69,7 +69,7 @@ require ( github.com/gobuffalo/flect v0.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/cel-go v0.12.4 // indirect github.com/google/gnostic v0.6.9 // indirect @@ -79,8 +79,8 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa // indirect - github.com/googleapis/gax-go/v2 v2.4.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect @@ -126,23 +126,23 @@ require ( github.com/stoewer/go-strcase v1.2.0 // indirect github.com/subosito/gotenv v1.4.1 // indirect github.com/xlab/treeprint v1.1.0 // indirect - go.opencensus.io v0.23.0 // indirect + go.opencensus.io v0.24.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/crypto v0.3.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sync v0.3.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect - golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect - google.golang.org/grpc v1.47.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect + google.golang.org/grpc v1.58.3 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 6d272c1e66ee..845b51e0b5b3 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -31,6 +31,7 @@ cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2Z cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go v0.102.0 h1:DAq3r8y4mDgyB/ZPJ9v/5VJNqjgJAxTn6ZYLlUywOu8= cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= +cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -44,10 +45,12 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -60,6 +63,7 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.22.1 h1:F6IlQJZrZM++apn9V5/VfS3gbTUYg98PS3EMQAzqtfg= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -106,6 +110,7 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -239,6 +244,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -302,6 +308,7 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa h1:7MYGT2XEMam7Mtzv1yDUYXANedWvwk3HKkR3MyGowy8= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -310,6 +317,7 @@ github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/Oth github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= @@ -491,6 +499,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -500,6 +509,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/valyala/fastjson v1.6.3 h1:tAKFnnwmeMGPbwJ7IwxcTPCNr3uIzoIj3/Fh90ra4xc= @@ -526,6 +536,7 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= @@ -544,6 +555,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -581,6 +593,7 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -631,6 +644,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -653,6 +667,7 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -667,6 +682,7 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -744,11 +760,13 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -761,6 +779,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -823,6 +842,7 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -831,6 +851,7 @@ golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -873,6 +894,7 @@ google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6r google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= google.golang.org/api v0.84.0 h1:NMB9J4cCxs9xEm+1Z9QiO3eFvn7EnQj3Eo3hN6ugVlg= google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -963,6 +985,7 @@ google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -995,6 +1018,7 @@ google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1012,6 +1036,7 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index 741a423cb244..cb25a10a0eda 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -245,6 +245,9 @@ func (r *Reconciler) reconcileControlPlane(ctx context.Context, cluster *cluster if err != nil { return ctrl.Result{}, err } + + //TODO: PCP-22 + conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) if initialized { conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) } else { @@ -265,23 +268,45 @@ func (r *Reconciler) reconcileKubeconfig(ctx context.Context, cluster *clusterv1 // Do not generate the Kubeconfig if there is a ControlPlaneRef, since the Control Plane provider is // responsible for the management of the Kubeconfig. We continue to manage it here only for backward // compatibility when a Control Plane provider is not in use. + + log.Info("TESTING..... Do not generate the Kubeconfig if there is a ControlPlaneRef", "cluster.Spec.ControlPlaneRef", cluster.Spec.ControlPlaneRef) + //TODO: PCP-22 comment this to let secret generation for now, ControlPlaneRef is present already if cluster.Spec.ControlPlaneRef != nil { return ctrl.Result{}, nil } _, err := secret.Get(ctx, r.Client, util.ObjectKey(cluster), secret.Kubeconfig) - switch { - case apierrors.IsNotFound(err): - if err := kubeconfig.CreateSecret(ctx, r.Client, cluster); err != nil { - if err == kubeconfig.ErrDependentCertificateNotFound { - log.Info("Could not find secret for cluster, requeuing", "Secret", secret.ClusterCA) - return ctrl.Result{RequeueAfter: 30 * time.Second}, nil - } - return ctrl.Result{}, err + + if err != nil { + log.Info("TESTING.... error getting kubeconfig", "err", err) + } + + // TODO: PCP-22 read kubeconfig secrets from kube-system namespace + log.Error(nil, "TESTING..... Do not generate the Kubeconfig if there is a ControlPlaneRef") + if err := kubeconfig.ReadSecret(ctx, r.Client, cluster); err != nil { + if err == kubeconfig.ErrDependentCertificateNotFound { + log.Info("TESTING.... could not find secret for cluster, requesting", "secret", secret.ClusterCA) + return ctrl.Result{RequeueAfter: 30 * time.Second}, nil + } + if err == kubeconfig.ErrAlreadyExists { + log.Info("TESTING.... could not find secret for cluster, requesting", "secret", secret.ClusterCA) + return ctrl.Result{RequeueAfter: 30 * time.Second}, nil } - case err != nil: - return ctrl.Result{}, errors.Wrapf(err, "failed to retrieve Kubeconfig Secret for Cluster %q in namespace %q", cluster.Name, cluster.Namespace) + return ctrl.Result{}, err } + //switch { + //case apierrors.IsNotFound(err): + // if err := kubeconfig.CreateSecret(ctx, r.Client, cluster); err != nil { + // if err == kubeconfig.ErrDependentCertificateNotFound { + // log.Info("could not find secret for cluster, requeuing", "secret", secret.ClusterCA) + // return ctrl.Result{RequeueAfter: 30 * time.Second}, nil + // } + // return ctrl.Result{}, err + // } + //case err != nil: + // return ctrl.Result{}, errors.Wrapf(err, "failed to retrieve Kubeconfig Secret for Cluster %q in namespace %q", cluster.Name, cluster.Namespace) + //} + return ctrl.Result{}, nil } diff --git a/test/go.mod b/test/go.mod index e07521ef09ba..5a15655be1cd 100644 --- a/test/go.mod +++ b/test/go.mod @@ -29,7 +29,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.7.0 // indirect + cloud.google.com/go/compute v1.21.0 // indirect github.com/BurntSushi/toml v1.0.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -41,9 +41,9 @@ require ( github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coredns/caddy v1.1.0 // indirect - github.com/coredns/corefile-migration v1.0.18 // indirect + github.com/coredns/corefile-migration v1.0.20 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -61,7 +61,7 @@ require ( github.com/gobuffalo/flect v0.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/cel-go v0.12.4 // indirect github.com/google/gnostic v0.6.9 // indirect github.com/google/go-cmp v0.5.9 // indirect @@ -108,17 +108,17 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect - golang.org/x/crypto v0.3.0 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/test/go.sum b/test/go.sum index 35e9d5cd0031..1479489a0e02 100644 --- a/test/go.sum +++ b/test/go.sum @@ -43,6 +43,7 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -110,6 +111,7 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -127,6 +129,7 @@ github.com/coredns/caddy v1.1.0 h1:ezvsPrT/tA/7pYDBZxu0cT0VmWk75AfIaf6GSYCNMf0= github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= github.com/coredns/corefile-migration v1.0.18 h1:zs5PJm/VGZVje1ESRj6ZqyUuVsVfagExkbLU2QKV5mI= github.com/coredns/corefile-migration v1.0.18/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= +github.com/coredns/corefile-migration v1.0.20/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.1.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -252,6 +255,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -606,6 +610,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -696,6 +701,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -718,6 +724,7 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -810,11 +817,13 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -827,6 +836,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1029,6 +1039,7 @@ google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1077,6 +1088,7 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/util/kubeconfig/kubeconfig.go b/util/kubeconfig/kubeconfig.go index 2c8872bbb723..6e5332c0171e 100644 --- a/util/kubeconfig/kubeconfig.go +++ b/util/kubeconfig/kubeconfig.go @@ -22,6 +22,7 @@ import ( "crypto" "crypto/x509" "fmt" + "log" "time" "github.com/pkg/errors" @@ -41,6 +42,7 @@ import ( var ( // ErrDependentCertificateNotFound signals that a CA secret could not be found. ErrDependentCertificateNotFound = errors.New("could not find secret ca") + ErrAlreadyExists = errors.New("secrets \"t-cluster-kubeconfig\" already exists") ) // FromSecret fetches the Kubeconfig for a Cluster. @@ -107,6 +109,72 @@ func CreateSecret(ctx context.Context, c client.Client, cluster *clusterv1.Clust }) } +// ReadSecret reads the Kubeconfig secret from kube-system +func ReadSecret(ctx context.Context, c client.Client, cluster *clusterv1.Cluster) error { + log.Println("TESTING.... IN ReadSecret") + + name := util.ObjectKey(cluster) + return ReadSecretWithOwner(ctx, c, name, cluster.Spec.ControlPlaneEndpoint.String(), metav1.OwnerReference{ + APIVersion: clusterv1.GroupVersion.String(), + Kind: "Cluster", + Name: cluster.Name, + UID: cluster.UID, + }) +} + +// ReadSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. +func ReadSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { + //server := fmt.Sprintf("https://%s", endpoint) + //out, err := ReadExistingSecret(ctx, c, clusterName, server) + //if err != nil { + // return err + //} + log.Println("TESTING.... IN ReadSecretWithOwner") + + //clusterName := util.ObjectKey(clusterName) + configSecret, err := secret.GetFromNamespacedName(ctx, c, client.ObjectKey{Namespace: metav1.NamespaceDefault, Name: clusterName.Name}, secret.Kubeconfig) + if err != nil { + log.Println("TESTING....", "error in getting kubeconfig: ", err) + return err + } + + data, err := toKubeconfigBytes(configSecret) + if err != nil { + log.Println("TESTING....", "error in parsing kubeconfig: ", err) + return err + } + //if err := ReadExistingSecret(ctx, r.Client, configSecret); err != nil { + // return ctrl.Result{}, errors.Wrap(err, "failed to regenerate kubeconfig") + //} + + return c.Create(ctx, GenerateSecretWithOwner(clusterName, data, owner)) +} + +// ReadExistingSecret creates and stores a new Kubeconfig in the given secret. +func ReadExistingSecret(ctx context.Context, c client.Client, configSecret *corev1.Secret) error { + clusterName, _, err := secret.ParseSecretName(configSecret.Name) + if err != nil { + return errors.Wrap(err, "failed to parse secret name") + } + data, err := toKubeconfigBytes(configSecret) + if err != nil { + return err + } + + config, err := clientcmd.Load(data) + if err != nil { + return errors.Wrap(err, "failed to convert kubeconfig Secret into a clientcmdapi.Config") + } + endpoint := config.Clusters[clusterName].Server + key := client.ObjectKey{Name: clusterName, Namespace: configSecret.Namespace} + out, err := generateKubeconfig(ctx, c, key, endpoint) + if err != nil { + return err + } + configSecret.Data[secret.KubeconfigDataName] = out + return c.Update(ctx, configSecret) +} + // CreateSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. func CreateSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { server := fmt.Sprintf("https://%s", endpoint) @@ -237,6 +305,7 @@ func generateKubeconfig(ctx context.Context, c client.Client, clusterName client } func toKubeconfigBytes(out *corev1.Secret) ([]byte, error) { + //data, ok := out.Data[secret.KubeconfigDataName2] data, ok := out.Data[secret.KubeconfigDataName] if !ok { return nil, errors.Errorf("missing key %q in secret data", secret.KubeconfigDataName) diff --git a/util/secret/certificates.go b/util/secret/certificates.go index e3aadfbc7a37..06169e293d7b 100644 --- a/util/secret/certificates.go +++ b/util/secret/certificates.go @@ -24,6 +24,8 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/hex" + "fmt" + "log" "math/big" "path/filepath" "strings" @@ -207,12 +209,75 @@ func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clus return errors.WithStack(err) } // If a user has a badly formatted secret it will prevent the cluster from working. + //kp, err := secretToKeyPair(s, certificate.Purpose) kp, err := secretToKeyPair(s) if err != nil { return err } certificate.KeyPair = kp } + + //err := c.LookupKubeadm(ctx, ctrlclient, clusterName) + //if err != nil { + // log.Println("TESTING.... error:", err) + // return err + //} + return nil +} + +// LookupKubeadm looks up each certificate from secrets and populates the certificate with the secret data. +func (c Certificates) LookupKubeadm(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error { + // Look up each certificate as a secret and populate the certificate/key + + fmt.Println("TESTING.... LookupKubeadm") + for _, certificate := range c { + s := &corev1.Secret{} + key := client.ObjectKey{ + Name: Name(clusterName.Name, certificate.Purpose), + Namespace: clusterName.Namespace, + } + + //key := client.ObjectKey{ + // Name: "kubeadm-certs", + // Namespace: "kube-system", + //} + + if err := ctrlclient.Get(ctx, key, s); err != nil { + if apierrors.IsNotFound(err) { + if certificate.External { + //log.Println("TESTING.... ERROR external certificate not found: ", certificate.Purpose) + //fmt.Println("TESTING.... ERROR external certificate not found: ", certificate.Purpose) + return errors.WithMessage(err, "external certificate not found") + } + + //fmt.Println("TESTING..... err:", err) + continue + } + //log.Println("TESTING.... ERROR: ", certificate.Purpose) + //fmt.Println("TESTING.... ERROR: ", certificate.Purpose) + return errors.WithStack(err) + } + + // If a user has a badly formatted secret it will prevent the cluster from working. + //log.Println("TESTING.... secretToKeyPair for certificate.Purpose", certificate.Purpose) + //fmt.Println("TESTING.... secretToKeyPair for certificate.Purpose", certificate.Purpose) + + //for k, _ := range s.Data { + // log.Println("TESTING.... s.Data", k) + //} + //for k, _ := range s.StringData { + // log.Println("TESTING.... s.StringData", k) + //} + //kp, err := secretToKeyPair(s, certificate.Purpose) + + kp, err := secretToKeyPair(s) + if err != nil { + return err + } + + certificate.KeyPair = kp + //certificate.Generated = true + } return nil } @@ -220,6 +285,7 @@ func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clus func (c Certificates) EnsureAllExist() error { for _, certificate := range c { if certificate.KeyPair == nil { + log.Println("TESTING....", certificate) return ErrMissingCertificate } if len(certificate.KeyPair.Cert) == 0 { @@ -238,6 +304,9 @@ func (c Certificates) EnsureAllExist() error { func (c Certificates) Generate() error { for _, certificate := range c { if certificate.KeyPair == nil { + //TODO: Read existing certificate and create required secrets + log.Println("TESTING.... Certificate not present generate new for KeyPair", certificate.KeyFile) + fmt.Println("TESTING.... Certificate not present generate new for KeyPair", certificate.KeyFile) err := certificate.Generate() if err != nil { return err @@ -268,10 +337,10 @@ func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Cl return err } - // Generate the certificates that don't exist - if err := c.Generate(); err != nil { - return err - } + //// Generate the certificates that don't exist + //if err := c.Generate(); err != nil { + // return err + //} // Save any certificates that have been generated return c.SaveGenerated(ctx, ctrlclient, clusterName, owner) @@ -415,6 +484,51 @@ func secretToKeyPair(s *corev1.Secret) (*certs.KeyPair, error) { }, nil } +//func secretToKeyPair(s *corev1.Secret, purpose Purpose) (*certs.KeyPair, error) { +// +// var c, key []byte +// var exists bool +// var dataName, keyName string +// if purpose == ServiceAccount { +// dataName = string(purpose) + ".pub" +// keyName = string(purpose) + ".key" +// log.Println("TESTING.... secret name: ", dataName, keyName) +// +// } else if purpose == EtcdCA { +// dataName = "etcd-ca.crt" +// keyName = "etcd-ca.key" +// log.Println("TESTING.... secret name: ", dataName, keyName) +// +// } else if purpose == FrontProxyCA { +// dataName = "front-proxy-ca.crt" +// keyName = "front-proxy-ca.key" +// log.Println("TESTING.... secret name: ", dataName, keyName) +// +// } else { +// dataName = string(purpose) + ".crt" +// keyName = string(purpose) + ".key" +// log.Println("TESTING.... secret name: ", dataName, keyName) +// } +// +// c, exists = s.Data[dataName] +// if !exists { +// return nil, errors.Errorf("missing data for key %s", dataName) +// } +// //fmt.Println("TESTING.... c", c) +// // In some cases (external etcd) it's ok if the etcd.key does not exist. +// // TODO: some other function should ensure that the certificates we need exist. +// key, exists = s.Data[keyName] +// if !exists { +// key = []byte("") +// } +// //fmt.Println("TESTING.... key", key) +// +// return &certs.KeyPair{ +// Cert: c, +// Key: key, +// }, nil +//} + func generateCACert() (*certs.KeyPair, error) { x509Cert, privKey, err := newCertificateAuthority() if err != nil { diff --git a/util/secret/consts.go b/util/secret/consts.go index ccfe02ba2ab3..7ecd498cdfe2 100644 --- a/util/secret/consts.go +++ b/util/secret/consts.go @@ -22,6 +22,7 @@ type Purpose string const ( // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field. KubeconfigDataName = "value" + //KubeconfigDataName2 = "admin.conf" // TLSKeyDataName is the key used to store a TLS private key in the secret's data field. TLSKeyDataName = "tls.key" diff --git a/util/secret/secret.go b/util/secret/secret.go index 5af9fd9f5057..4face40a8529 100644 --- a/util/secret/secret.go +++ b/util/secret/secret.go @@ -38,7 +38,9 @@ func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName cli secret := &corev1.Secret{} secretKey := client.ObjectKey{ Namespace: clusterName.Namespace, - Name: Name(clusterName.Name, purpose), + //TODO: PCP-22 + //Name: string(purpose), + Name: Name(clusterName.Name, purpose), } if err := c.Get(ctx, secretKey, secret); err != nil { From 090623a8473c75a5dd3e60e9a798d335b02921e1 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Thu, 1 Dec 2022 18:21:06 +0530 Subject: [PATCH 03/13] PCP-22: CAPI changes --- .../controllers/kubeadmconfig_controller.go | 5 - .../internal/controllers/controller.go | 5 +- .../kubeadm/internal/controllers/helpers.go | 1 - .../kubeadm/internal/controllers/status.go | 13 +- .../cluster/cluster_controller_phases.go | 39 ++---- util/kubeconfig/kubeconfig.go | 69 ----------- util/secret/certificates.go | 113 ------------------ util/secret/consts.go | 1 - util/secret/secret.go | 4 +- 9 files changed, 19 insertions(+), 231 deletions(-) diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index 2438f78a48c5..d951e50e9e50 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -364,8 +364,6 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex // this is required in order to avoid the condition's LastTransitionTime to flicker in case of errors surfacing // using the DataSecretGeneratedFailedReason - scope.Info("TESTING.... In handleClusterNotInitialized") - if conditions.GetReason(scope.Config, bootstrapv1.DataSecretAvailableCondition) != bootstrapv1.DataSecretGenerationFailedReason { conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableCondition, clusterv1.WaitingForControlPlaneAvailableReason, clusterv1.ConditionSeverityInfo, "") } @@ -448,7 +446,6 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex return ctrl.Result{}, err } - scope.Info("TESTING.... LookupOrGenerate new certificates") certificates := secret.NewCertificatesForInitialControlPlane(scope.Config.Spec.ClusterConfiguration) // If the Cluster does not have a ControlPlane reference look up and generate the certificates. @@ -641,8 +638,6 @@ func (r *KubeadmConfigReconciler) joinControlplane(ctx context.Context, scope *S scope.Config.Spec.JoinConfiguration.ControlPlane = &bootstrapv1.JoinControlPlane{} } - scope.Info("TESTING.... NewControlPlaneJoinCerts") - log.Println("TESTING.... joinControlplane") certificates := secret.NewControlPlaneJoinCerts(scope.Config.Spec.ClusterConfiguration) err := certificates.Lookup( ctx, diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 1e968aa685f2..bc30cecdf571 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -281,12 +281,9 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * //TODO: PCP-22 lookup or generate ca, sa, etcd certificates and key certificates := secret.NewCertificatesForInitialControlPlane(config.ClusterConfiguration) - //for _, certificate := range certificates { - // log.Info("TESTING.... lookup or generate ca, sa, etcd certificates and key: ", certificate) - //} controllerRef := metav1.NewControllerRef(kcp, controlplanev1.GroupVersion.WithKind("KubeadmControlPlane")) if err := certificates.LookupOrGenerate(ctx, r.Client, util.ObjectKey(cluster), *controllerRef); err != nil { - log.Error(err, "TESTING.... unable to lookup or create cluster certificates") + log.Error(err, "unable to lookup or create cluster certificates") conditions.MarkFalse(kcp, controlplanev1.CertificatesAvailableCondition, controlplanev1.CertificatesGenerationFailedReason, clusterv1.ConditionSeverityWarning, err.Error()) return ctrl.Result{}, err } diff --git a/controlplane/kubeadm/internal/controllers/helpers.go b/controlplane/kubeadm/internal/controllers/helpers.go index 40c941cd71a3..91de00582399 100644 --- a/controlplane/kubeadm/internal/controllers/helpers.go +++ b/controlplane/kubeadm/internal/controllers/helpers.go @@ -76,7 +76,6 @@ func (r *KubeadmControlPlaneReconciler) reconcileKubeconfig(ctx context.Context, // check if the kubeconfig secret was created by v1alpha2 controllers, and thus it has the Cluster as the owner instead of KCP; // if yes, adopt it. - //TODO: PCP-22 Need to inject original Kubeconfig instead of generating new if util.IsOwnedByObject(configSecret, cluster) && !util.IsControlledBy(configSecret, kcp) { if err := r.adoptKubeconfigSecret(ctx, cluster, configSecret, kcp); err != nil { return ctrl.Result{}, err diff --git a/controlplane/kubeadm/internal/controllers/status.go b/controlplane/kubeadm/internal/controllers/status.go index e5dee8f2f6b9..ebee26c616fc 100644 --- a/controlplane/kubeadm/internal/controllers/status.go +++ b/controlplane/kubeadm/internal/controllers/status.go @@ -105,14 +105,11 @@ func (r *KubeadmControlPlaneReconciler) updateStatus(ctx context.Context, kcp *c } kcp.Status.ReadyReplicas = status.ReadyNodes kcp.Status.UnavailableReplicas = replicas - status.ReadyNodes - - //TODO: PCP-22 Initialized should be true to join new node to cluster or else it will try to init - // This only gets initialized once and does not change if the kubeadm config map goes away. - //if status.HasKubeadmConfig { - log.Info("TESTING.... set kcp.Status.Initialized to true") - kcp.Status.Initialized = true - conditions.MarkTrue(kcp, controlplanev1.AvailableCondition) - //} + + if status.HasKubeadmConfig { + kcp.Status.Initialized = true + conditions.MarkTrue(kcp, controlplanev1.AvailableCondition) + } if kcp.Status.ReadyReplicas > 0 { kcp.Status.Ready = true diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index cb25a10a0eda..ab92e220aac0 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -246,7 +246,8 @@ func (r *Reconciler) reconcileControlPlane(ctx context.Context, cluster *cluster return ctrl.Result{}, err } - //TODO: PCP-22 + // TODO: PCP-22 set controlPlaneInitializedCondition to true for takeOver cluster + // as CP are already initialized in existing cluster conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) if initialized { conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) @@ -269,8 +270,6 @@ func (r *Reconciler) reconcileKubeconfig(ctx context.Context, cluster *clusterv1 // responsible for the management of the Kubeconfig. We continue to manage it here only for backward // compatibility when a Control Plane provider is not in use. - log.Info("TESTING..... Do not generate the Kubeconfig if there is a ControlPlaneRef", "cluster.Spec.ControlPlaneRef", cluster.Spec.ControlPlaneRef) - //TODO: PCP-22 comment this to let secret generation for now, ControlPlaneRef is present already if cluster.Spec.ControlPlaneRef != nil { return ctrl.Result{}, nil } @@ -281,32 +280,18 @@ func (r *Reconciler) reconcileKubeconfig(ctx context.Context, cluster *clusterv1 log.Info("TESTING.... error getting kubeconfig", "err", err) } - // TODO: PCP-22 read kubeconfig secrets from kube-system namespace - log.Error(nil, "TESTING..... Do not generate the Kubeconfig if there is a ControlPlaneRef") - if err := kubeconfig.ReadSecret(ctx, r.Client, cluster); err != nil { - if err == kubeconfig.ErrDependentCertificateNotFound { - log.Info("TESTING.... could not find secret for cluster, requesting", "secret", secret.ClusterCA) - return ctrl.Result{RequeueAfter: 30 * time.Second}, nil - } - if err == kubeconfig.ErrAlreadyExists { - log.Info("TESTING.... could not find secret for cluster, requesting", "secret", secret.ClusterCA) - return ctrl.Result{RequeueAfter: 30 * time.Second}, nil + switch { + case apierrors.IsNotFound(err): + if err := kubeconfig.CreateSecret(ctx, r.Client, cluster); err != nil { + if err == kubeconfig.ErrDependentCertificateNotFound { + log.Info("could not find secret for cluster, requeuing", "secret", secret.ClusterCA) + return ctrl.Result{RequeueAfter: 30 * time.Second}, nil + } + return ctrl.Result{}, err } - return ctrl.Result{}, err + case err != nil: + return ctrl.Result{}, errors.Wrapf(err, "failed to retrieve Kubeconfig Secret for Cluster %q in namespace %q", cluster.Name, cluster.Namespace) } - //switch { - //case apierrors.IsNotFound(err): - // if err := kubeconfig.CreateSecret(ctx, r.Client, cluster); err != nil { - // if err == kubeconfig.ErrDependentCertificateNotFound { - // log.Info("could not find secret for cluster, requeuing", "secret", secret.ClusterCA) - // return ctrl.Result{RequeueAfter: 30 * time.Second}, nil - // } - // return ctrl.Result{}, err - // } - //case err != nil: - // return ctrl.Result{}, errors.Wrapf(err, "failed to retrieve Kubeconfig Secret for Cluster %q in namespace %q", cluster.Name, cluster.Namespace) - //} - return ctrl.Result{}, nil } diff --git a/util/kubeconfig/kubeconfig.go b/util/kubeconfig/kubeconfig.go index 6e5332c0171e..2c8872bbb723 100644 --- a/util/kubeconfig/kubeconfig.go +++ b/util/kubeconfig/kubeconfig.go @@ -22,7 +22,6 @@ import ( "crypto" "crypto/x509" "fmt" - "log" "time" "github.com/pkg/errors" @@ -42,7 +41,6 @@ import ( var ( // ErrDependentCertificateNotFound signals that a CA secret could not be found. ErrDependentCertificateNotFound = errors.New("could not find secret ca") - ErrAlreadyExists = errors.New("secrets \"t-cluster-kubeconfig\" already exists") ) // FromSecret fetches the Kubeconfig for a Cluster. @@ -109,72 +107,6 @@ func CreateSecret(ctx context.Context, c client.Client, cluster *clusterv1.Clust }) } -// ReadSecret reads the Kubeconfig secret from kube-system -func ReadSecret(ctx context.Context, c client.Client, cluster *clusterv1.Cluster) error { - log.Println("TESTING.... IN ReadSecret") - - name := util.ObjectKey(cluster) - return ReadSecretWithOwner(ctx, c, name, cluster.Spec.ControlPlaneEndpoint.String(), metav1.OwnerReference{ - APIVersion: clusterv1.GroupVersion.String(), - Kind: "Cluster", - Name: cluster.Name, - UID: cluster.UID, - }) -} - -// ReadSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. -func ReadSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { - //server := fmt.Sprintf("https://%s", endpoint) - //out, err := ReadExistingSecret(ctx, c, clusterName, server) - //if err != nil { - // return err - //} - log.Println("TESTING.... IN ReadSecretWithOwner") - - //clusterName := util.ObjectKey(clusterName) - configSecret, err := secret.GetFromNamespacedName(ctx, c, client.ObjectKey{Namespace: metav1.NamespaceDefault, Name: clusterName.Name}, secret.Kubeconfig) - if err != nil { - log.Println("TESTING....", "error in getting kubeconfig: ", err) - return err - } - - data, err := toKubeconfigBytes(configSecret) - if err != nil { - log.Println("TESTING....", "error in parsing kubeconfig: ", err) - return err - } - //if err := ReadExistingSecret(ctx, r.Client, configSecret); err != nil { - // return ctrl.Result{}, errors.Wrap(err, "failed to regenerate kubeconfig") - //} - - return c.Create(ctx, GenerateSecretWithOwner(clusterName, data, owner)) -} - -// ReadExistingSecret creates and stores a new Kubeconfig in the given secret. -func ReadExistingSecret(ctx context.Context, c client.Client, configSecret *corev1.Secret) error { - clusterName, _, err := secret.ParseSecretName(configSecret.Name) - if err != nil { - return errors.Wrap(err, "failed to parse secret name") - } - data, err := toKubeconfigBytes(configSecret) - if err != nil { - return err - } - - config, err := clientcmd.Load(data) - if err != nil { - return errors.Wrap(err, "failed to convert kubeconfig Secret into a clientcmdapi.Config") - } - endpoint := config.Clusters[clusterName].Server - key := client.ObjectKey{Name: clusterName, Namespace: configSecret.Namespace} - out, err := generateKubeconfig(ctx, c, key, endpoint) - if err != nil { - return err - } - configSecret.Data[secret.KubeconfigDataName] = out - return c.Update(ctx, configSecret) -} - // CreateSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. func CreateSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { server := fmt.Sprintf("https://%s", endpoint) @@ -305,7 +237,6 @@ func generateKubeconfig(ctx context.Context, c client.Client, clusterName client } func toKubeconfigBytes(out *corev1.Secret) ([]byte, error) { - //data, ok := out.Data[secret.KubeconfigDataName2] data, ok := out.Data[secret.KubeconfigDataName] if !ok { return nil, errors.Errorf("missing key %q in secret data", secret.KubeconfigDataName) diff --git a/util/secret/certificates.go b/util/secret/certificates.go index 06169e293d7b..f05926c61024 100644 --- a/util/secret/certificates.go +++ b/util/secret/certificates.go @@ -24,8 +24,6 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/hex" - "fmt" - "log" "math/big" "path/filepath" "strings" @@ -209,7 +207,6 @@ func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clus return errors.WithStack(err) } // If a user has a badly formatted secret it will prevent the cluster from working. - //kp, err := secretToKeyPair(s, certificate.Purpose) kp, err := secretToKeyPair(s) if err != nil { return err @@ -217,67 +214,6 @@ func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clus certificate.KeyPair = kp } - //err := c.LookupKubeadm(ctx, ctrlclient, clusterName) - //if err != nil { - // log.Println("TESTING.... error:", err) - // return err - //} - return nil -} - -// LookupKubeadm looks up each certificate from secrets and populates the certificate with the secret data. -func (c Certificates) LookupKubeadm(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error { - // Look up each certificate as a secret and populate the certificate/key - - fmt.Println("TESTING.... LookupKubeadm") - for _, certificate := range c { - s := &corev1.Secret{} - key := client.ObjectKey{ - Name: Name(clusterName.Name, certificate.Purpose), - Namespace: clusterName.Namespace, - } - - //key := client.ObjectKey{ - // Name: "kubeadm-certs", - // Namespace: "kube-system", - //} - - if err := ctrlclient.Get(ctx, key, s); err != nil { - if apierrors.IsNotFound(err) { - if certificate.External { - //log.Println("TESTING.... ERROR external certificate not found: ", certificate.Purpose) - //fmt.Println("TESTING.... ERROR external certificate not found: ", certificate.Purpose) - return errors.WithMessage(err, "external certificate not found") - } - - //fmt.Println("TESTING..... err:", err) - continue - } - //log.Println("TESTING.... ERROR: ", certificate.Purpose) - //fmt.Println("TESTING.... ERROR: ", certificate.Purpose) - return errors.WithStack(err) - } - - // If a user has a badly formatted secret it will prevent the cluster from working. - //log.Println("TESTING.... secretToKeyPair for certificate.Purpose", certificate.Purpose) - //fmt.Println("TESTING.... secretToKeyPair for certificate.Purpose", certificate.Purpose) - - //for k, _ := range s.Data { - // log.Println("TESTING.... s.Data", k) - //} - //for k, _ := range s.StringData { - // log.Println("TESTING.... s.StringData", k) - //} - //kp, err := secretToKeyPair(s, certificate.Purpose) - - kp, err := secretToKeyPair(s) - if err != nil { - return err - } - - certificate.KeyPair = kp - //certificate.Generated = true - } return nil } @@ -285,7 +221,6 @@ func (c Certificates) LookupKubeadm(ctx context.Context, ctrlclient client.Clien func (c Certificates) EnsureAllExist() error { for _, certificate := range c { if certificate.KeyPair == nil { - log.Println("TESTING....", certificate) return ErrMissingCertificate } if len(certificate.KeyPair.Cert) == 0 { @@ -304,9 +239,6 @@ func (c Certificates) EnsureAllExist() error { func (c Certificates) Generate() error { for _, certificate := range c { if certificate.KeyPair == nil { - //TODO: Read existing certificate and create required secrets - log.Println("TESTING.... Certificate not present generate new for KeyPair", certificate.KeyFile) - fmt.Println("TESTING.... Certificate not present generate new for KeyPair", certificate.KeyFile) err := certificate.Generate() if err != nil { return err @@ -484,51 +416,6 @@ func secretToKeyPair(s *corev1.Secret) (*certs.KeyPair, error) { }, nil } -//func secretToKeyPair(s *corev1.Secret, purpose Purpose) (*certs.KeyPair, error) { -// -// var c, key []byte -// var exists bool -// var dataName, keyName string -// if purpose == ServiceAccount { -// dataName = string(purpose) + ".pub" -// keyName = string(purpose) + ".key" -// log.Println("TESTING.... secret name: ", dataName, keyName) -// -// } else if purpose == EtcdCA { -// dataName = "etcd-ca.crt" -// keyName = "etcd-ca.key" -// log.Println("TESTING.... secret name: ", dataName, keyName) -// -// } else if purpose == FrontProxyCA { -// dataName = "front-proxy-ca.crt" -// keyName = "front-proxy-ca.key" -// log.Println("TESTING.... secret name: ", dataName, keyName) -// -// } else { -// dataName = string(purpose) + ".crt" -// keyName = string(purpose) + ".key" -// log.Println("TESTING.... secret name: ", dataName, keyName) -// } -// -// c, exists = s.Data[dataName] -// if !exists { -// return nil, errors.Errorf("missing data for key %s", dataName) -// } -// //fmt.Println("TESTING.... c", c) -// // In some cases (external etcd) it's ok if the etcd.key does not exist. -// // TODO: some other function should ensure that the certificates we need exist. -// key, exists = s.Data[keyName] -// if !exists { -// key = []byte("") -// } -// //fmt.Println("TESTING.... key", key) -// -// return &certs.KeyPair{ -// Cert: c, -// Key: key, -// }, nil -//} - func generateCACert() (*certs.KeyPair, error) { x509Cert, privKey, err := newCertificateAuthority() if err != nil { diff --git a/util/secret/consts.go b/util/secret/consts.go index 7ecd498cdfe2..ccfe02ba2ab3 100644 --- a/util/secret/consts.go +++ b/util/secret/consts.go @@ -22,7 +22,6 @@ type Purpose string const ( // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field. KubeconfigDataName = "value" - //KubeconfigDataName2 = "admin.conf" // TLSKeyDataName is the key used to store a TLS private key in the secret's data field. TLSKeyDataName = "tls.key" diff --git a/util/secret/secret.go b/util/secret/secret.go index 4face40a8529..5af9fd9f5057 100644 --- a/util/secret/secret.go +++ b/util/secret/secret.go @@ -38,9 +38,7 @@ func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName cli secret := &corev1.Secret{} secretKey := client.ObjectKey{ Namespace: clusterName.Namespace, - //TODO: PCP-22 - //Name: string(purpose), - Name: Name(clusterName.Name, purpose), + Name: Name(clusterName.Name, purpose), } if err := c.Get(ctx, secretKey, secret); err != nil { From c4bc8247eba09640d19f4bbf07fd0718f04d5c82 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Mon, 5 Dec 2022 14:47:03 +0530 Subject: [PATCH 04/13] Code cleanup --- .../internal/controllers/kubeadmconfig_controller.go | 1 - .../kubeadm/internal/controllers/controller.go | 3 --- controlplane/kubeadm/internal/controllers/status.go | 3 ++- .../controllers/cluster/cluster_controller_phases.go | 1 - util/secret/certificates.go | 12 +++++++----- 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index d951e50e9e50..0c70956d9907 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -363,7 +363,6 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex // initialize the DataSecretAvailableCondition if missing. // this is required in order to avoid the condition's LastTransitionTime to flicker in case of errors surfacing // using the DataSecretGeneratedFailedReason - if conditions.GetReason(scope.Config, bootstrapv1.DataSecretAvailableCondition) != bootstrapv1.DataSecretGenerationFailedReason { conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableCondition, clusterv1.WaitingForControlPlaneAvailableReason, clusterv1.ConditionSeverityInfo, "") } diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index bc30cecdf571..68a836f72a70 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -278,8 +278,6 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * if config.ClusterConfiguration == nil { config.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{} } - - //TODO: PCP-22 lookup or generate ca, sa, etcd certificates and key certificates := secret.NewCertificatesForInitialControlPlane(config.ClusterConfiguration) controllerRef := metav1.NewControllerRef(kcp, controlplanev1.GroupVersion.WithKind("KubeadmControlPlane")) if err := certificates.LookupOrGenerate(ctx, r.Client, util.ObjectKey(cluster), *controllerRef); err != nil { @@ -395,7 +393,6 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * desiredReplicas := int(*kcp.Spec.Replicas) switch { - //TODO: PCP-22 skip creating new control plane // We are creating the first replica case numMachines < desiredReplicas && numMachines == 0: // Create new Machine w/ init diff --git a/controlplane/kubeadm/internal/controllers/status.go b/controlplane/kubeadm/internal/controllers/status.go index ebee26c616fc..c17d62c0cf7c 100644 --- a/controlplane/kubeadm/internal/controllers/status.go +++ b/controlplane/kubeadm/internal/controllers/status.go @@ -105,7 +105,8 @@ func (r *KubeadmControlPlaneReconciler) updateStatus(ctx context.Context, kcp *c } kcp.Status.ReadyReplicas = status.ReadyNodes kcp.Status.UnavailableReplicas = replicas - status.ReadyNodes - + + // This only gets initialized once and does not change if the kubeadm config map goes away. if status.HasKubeadmConfig { kcp.Status.Initialized = true conditions.MarkTrue(kcp, controlplanev1.AvailableCondition) diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index ab92e220aac0..df58d6fd41c5 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -269,7 +269,6 @@ func (r *Reconciler) reconcileKubeconfig(ctx context.Context, cluster *clusterv1 // Do not generate the Kubeconfig if there is a ControlPlaneRef, since the Control Plane provider is // responsible for the management of the Kubeconfig. We continue to manage it here only for backward // compatibility when a Control Plane provider is not in use. - if cluster.Spec.ControlPlaneRef != nil { return ctrl.Result{}, nil } diff --git a/util/secret/certificates.go b/util/secret/certificates.go index f05926c61024..c017f5ea6f9c 100644 --- a/util/secret/certificates.go +++ b/util/secret/certificates.go @@ -24,6 +24,7 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/hex" + "fmt" "math/big" "path/filepath" "strings" @@ -213,7 +214,6 @@ func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clus } certificate.KeyPair = kp } - return nil } @@ -239,6 +239,7 @@ func (c Certificates) EnsureAllExist() error { func (c Certificates) Generate() error { for _, certificate := range c { if certificate.KeyPair == nil { + fmt.Println("TESTING.... Generate new certificates") err := certificate.Generate() if err != nil { return err @@ -269,10 +270,11 @@ func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Cl return err } - //// Generate the certificates that don't exist - //if err := c.Generate(); err != nil { - // return err - //} + fmt.Println("TESTING.... Generate new certificates if that don't exist") + // Generate the certificates that don't exist + if err := c.Generate(); err != nil { + return err + } // Save any certificates that have been generated return c.SaveGenerated(ctx, ctrlclient, clusterName, owner) From e636a859755560abee20b8c89db90b1348743485 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Tue, 20 Dec 2022 17:22:14 +0530 Subject: [PATCH 05/13] Added takeOverCluster in ClusterSpec --- api/v1beta1/cluster_types.go | 4 ++++ config/crd/bases/cluster.x-k8s.io_clusters.yaml | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/api/v1beta1/cluster_types.go b/api/v1beta1/cluster_types.go index 50898cfe01ae..fe841348572a 100644 --- a/api/v1beta1/cluster_types.go +++ b/api/v1beta1/cluster_types.go @@ -68,6 +68,10 @@ type ClusterSpec struct { // this feature is highly experimental, and parts of it might still be not implemented. // +optional Topology *Topology `json:"topology,omitempty"` + + //TODO: PCP-22, create/set cluster object for imported/takeover cluster + // TakeOverCluster represents the cluster launch is for taking over existing pre-provisioned cluster + TakeOverCluster bool `json:"takeOverCluster,omitempty"` } // Topology encapsulates the information of the managed resources. diff --git a/config/crd/bases/cluster.x-k8s.io_clusters.yaml b/config/crd/bases/cluster.x-k8s.io_clusters.yaml index d80982e2e1df..2037c91efb02 100644 --- a/config/crd/bases/cluster.x-k8s.io_clusters.yaml +++ b/config/crd/bases/cluster.x-k8s.io_clusters.yaml @@ -824,6 +824,11 @@ spec: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean + takeOverCluster: + description: 'TODO: PCP-22, create/set cluster object for imported/takeover + cluster TakeOverCluster represents the cluster launch is for taking + over existing pre-provisioned cluster' + type: boolean topology: description: 'This encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to From c3f06138b2995ea6bc204fc2a891abc266874797 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Tue, 20 Dec 2022 18:03:47 +0530 Subject: [PATCH 06/13] Added takeOverCluster in ClusterSpec --- .../internal/controllers/kubeadmconfig_controller.go | 8 ++++---- controlplane/kubeadm/internal/controllers/controller.go | 7 +------ internal/controllers/cluster/cluster_controller_phases.go | 3 +-- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index 0c70956d9907..9e2e4da0da3f 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -281,10 +281,10 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques //TODO: PCP-22 check (annotation to skip handleClusterNotInitialized and go for join ) //how to make this condition true for new cluster as kubeadm cluster is already initialized // Note: can't use IsFalse here because we need to handle the absence of the condition as well as false. - log.Info("TESTING... skip handx``leClusterNotInitialized and push cluster for join") - //if !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { - // return r.handleClusterNotInitialized(ctx, scope) - //} + log.Info("TESTING... skip handleClusterNotInitialized and push cluster for join") + if !cluster.Spec.TakeOverCluster && !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { + return r.handleClusterNotInitialized(ctx, scope) + } // Every other case it's a join scenario // Nb. in this case ClusterConfiguration and InitConfiguration should not be defined by users, but in case of misconfigurations, CABPK simply ignore them diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 68a836f72a70..0110389d48f2 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -569,12 +569,7 @@ func (r *KubeadmControlPlaneReconciler) reconcileEtcdMembers(ctx context.Context log := ctrl.LoggerFrom(ctx) // If etcd is not managed by KCP this is a no-op. - if true { - //TODO: PCP-22 - return ctrl.Result{}, nil - } - - if !controlPlane.IsEtcdManaged() { + if controlPlane.Cluster.Spec.TakeOverCluster || !controlPlane.IsEtcdManaged() { return ctrl.Result{}, nil } diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index df58d6fd41c5..69932b0963b3 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -248,8 +248,7 @@ func (r *Reconciler) reconcileControlPlane(ctx context.Context, cluster *cluster // TODO: PCP-22 set controlPlaneInitializedCondition to true for takeOver cluster // as CP are already initialized in existing cluster - conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) - if initialized { + if cluster.Spec.TakeOverCluster || initialized { conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) } else { conditions.MarkFalse(cluster, clusterv1.ControlPlaneInitializedCondition, clusterv1.WaitingForControlPlaneProviderInitializedReason, clusterv1.ConditionSeverityInfo, "Waiting for control plane provider to indicate the control plane has been initialized") From ed8d49cb74ae169d8052ca3e2b43ee025d18451e Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Mon, 8 Jan 2024 18:10:46 +0530 Subject: [PATCH 07/13] Spectro generated changes --- spectro/generated/bootstrap-base.yaml | 2 +- spectro/generated/bootstrap-global.yaml | 102 +- spectro/generated/controlplane-base.yaml | 15 +- spectro/generated/controlplane-global.yaml | 161 ++- spectro/generated/core-base.yaml | 15 +- spectro/generated/core-global.yaml | 1206 +++++++++++++++++--- 6 files changed, 1249 insertions(+), 252 deletions(-) diff --git a/spectro/generated/bootstrap-base.yaml b/spectro/generated/bootstrap-base.yaml index 558d42de5217..99333d16ad7f 100644 --- a/spectro/generated/bootstrap-base.yaml +++ b/spectro/generated/bootstrap-base.yaml @@ -26,7 +26,7 @@ spec: - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-bootstrap-controller-amd64:20220805 + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-bootstrap-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/bootstrap-global.yaml b/spectro/generated/bootstrap-global.yaml index 90de902d0bb1..d0eea2271f67 100644 --- a/spectro/generated/bootstrap-global.yaml +++ b/spectro/generated/bootstrap-global.yaml @@ -3,7 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -1272,12 +1273,12 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry to pull - images from. If empty, `k8s.gcr.io` will be used by default; + images from. If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for - kube-proxy, while `k8s.gcr.io` will be used for all the other - images. + kube-proxy, while `registry.k8s.io` will be used for all the + other images. type: string kind: description: 'Kind is a string value representing the REST resource @@ -2259,13 +2260,19 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry to pull - images from. If empty, `k8s.gcr.io` will be used by default; - in case of kubernetes version is a CI build (kubernetes version - starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` - will be used as a default for control plane components and for - kube-proxy, while `k8s.gcr.io` will be used for all the other - images. + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' type: string kind: description: 'Kind is a string value representing the REST resource @@ -2633,7 +2640,7 @@ spec: nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this - field to an empty slice, i.e. `taints: {}` in the YAML file. + field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the @@ -2844,7 +2851,7 @@ spec: nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this - field to an empty slice, i.e. `taints: {}` in the YAML file. + field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to has the @@ -2944,7 +2951,10 @@ spec: joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata \n For more information, - refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -3098,19 +3108,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: bootstrap-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -4388,12 +4393,13 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will be - used by default; in case of kubernetes version is a - CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default - for control plane components and for kube-proxy, while - `k8s.gcr.io` will be used for all the other images. + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. type: string kind: description: 'Kind is a string value representing the @@ -5368,13 +5374,21 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will be - used by default; in case of kubernetes version is a - CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default - for control plane components and for kube-proxy, while - `k8s.gcr.io` will be used for all the other images. + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' type: string kind: description: 'Kind is a string value representing the @@ -5767,7 +5781,7 @@ spec: it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: - {}` in the YAML file. This field is solely used + []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to @@ -5993,7 +6007,7 @@ spec: it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. `taints: - {}` in the YAML file. This field is solely used + []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached to @@ -6100,7 +6114,11 @@ spec: environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata - \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -6192,12 +6210,6 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -6241,7 +6253,7 @@ spec: - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-bootstrap-controller-amd64:20220805 + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-bootstrap-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -6308,6 +6320,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: bootstrap-kubeadm name: capi-kubeadm-bootstrap-mutating-webhook-configuration @@ -6360,6 +6373,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-bootstrap-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: bootstrap-kubeadm name: capi-kubeadm-bootstrap-validating-webhook-configuration diff --git a/spectro/generated/controlplane-base.yaml b/spectro/generated/controlplane-base.yaml index 5cd9f6869892..bcc2b24e28f5 100644 --- a/spectro/generated/controlplane-base.yaml +++ b/spectro/generated/controlplane-base.yaml @@ -25,7 +25,20 @@ spec: - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-control-plane-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-control-plane-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/controlplane-global.yaml b/spectro/generated/controlplane-global.yaml index 6adf5b04b649..b58e30149fd8 100644 --- a/spectro/generated/controlplane-global.yaml +++ b/spectro/generated/controlplane-global.yaml @@ -3,7 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -125,6 +126,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic kubeadmConfigSpec: description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing and joining machines to the control plane. @@ -1497,12 +1499,12 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry to - pull images from. If empty, `k8s.gcr.io` will be used by - default; in case of kubernetes version is a CI build (kubernetes - version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and - for kube-proxy, while `k8s.gcr.io` will be used for all - the other images. + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. type: string kind: description: 'Kind is a string value representing the REST @@ -2225,6 +2227,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: @@ -2715,13 +2718,20 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry to - pull images from. If empty, `k8s.gcr.io` will be used by - default; in case of kubernetes version is a CI build (kubernetes - version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and - for kube-proxy, while `k8s.gcr.io` will be used for all - the other images. + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' type: string kind: description: 'Kind is a string value representing the REST @@ -3103,7 +3113,7 @@ spec: i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, - set this field to an empty slice, i.e. `taints: {}` + set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: @@ -3323,7 +3333,7 @@ spec: i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, - set this field to an empty slice, i.e. `taints: {}` + set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.' items: @@ -3428,7 +3438,10 @@ spec: environments where joins fail due to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata - \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -3552,6 +3565,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: @@ -3588,6 +3602,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string required: - infrastructureRef type: object @@ -3603,6 +3623,17 @@ spec: made to the KubeadmControlPlane. format: date-time type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object rolloutStrategy: default: rollingUpdate: @@ -3632,7 +3663,13 @@ spec: type: string type: object version: - description: Version defines the desired Kubernetes version. + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' type: string required: - kubeadmConfigSpec @@ -3753,19 +3790,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: control-plane-kubeadm cluster.x-k8s.io/v1alpha3: v1alpha3 @@ -4082,13 +4114,13 @@ spec: type: object imageRepository: description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will - be used by default; in case of kubernetes version + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `k8s.gcr.io` will be used - for all the other images. + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. type: string kind: description: 'Kind is a string value representing @@ -4860,6 +4892,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -5243,14 +5276,21 @@ spec: description: FeatureGates enabled by the user. type: object imageRepository: - description: ImageRepository sets the container registry - to pull images from. If empty, `k8s.gcr.io` will - be used by default; in case of kubernetes version - is a CI build (kubernetes version starts with `ci/` - or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will - be used as a default for control plane components - and for kube-proxy, while `k8s.gcr.io` will be used - for all the other images. + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' type: string kind: description: 'Kind is a string value representing @@ -5659,7 +5699,7 @@ spec: init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. - `taints: {}` in the YAML file. This field is + `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached @@ -5895,7 +5935,7 @@ spec: init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. If you don''t want to taint your control-plane node, set this field to an empty slice, i.e. - `taints: {}` in the YAML file. This field is + `taints: []` in the YAML file. This field is solely used for Node registration.' items: description: The node this Taint is attached @@ -6006,7 +6046,11 @@ spec: to timing (and other issues). The long term goal is to add retries to kubeadm proper and use that functionality. \n This will add about 40KB to userdata \n For more - information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" type: boolean users: description: Users specifies extra users to add @@ -6112,6 +6156,13 @@ spec: be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string type: object rolloutAfter: description: RolloutAfter is a field to indicate a rollout @@ -6119,6 +6170,17 @@ spec: changes have been made to the KubeadmControlPlane. format: date-time type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object rolloutStrategy: default: rollingUpdate: @@ -6161,12 +6223,6 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -6209,7 +6265,20 @@ spec: - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/kubeadm-control-plane-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/kubeadm-control-plane-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -6276,6 +6345,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: control-plane-kubeadm name: capi-kubeadm-control-plane-mutating-webhook-configuration @@ -6329,6 +6399,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-kubeadm-control-plane-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: control-plane-kubeadm name: capi-kubeadm-control-plane-validating-webhook-configuration diff --git a/spectro/generated/core-base.yaml b/spectro/generated/core-base.yaml index 3096a97a49fd..74479ce3a216 100644 --- a/spectro/generated/core-base.yaml +++ b/spectro/generated/core-base.yaml @@ -25,7 +25,20 @@ spec: - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/cluster-api-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/cluster-api-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always name: manager terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml index 28ab7d47c1fb..3aaed9955e91 100644 --- a/spectro/generated/core-global.yaml +++ b/spectro/generated/core-global.yaml @@ -11,7 +11,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterclasses.cluster.x-k8s.io @@ -114,6 +115,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -179,6 +181,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -226,6 +229,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -303,6 +307,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -357,6 +362,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -491,6 +497,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The @@ -523,6 +530,7 @@ spec: over MaxUnhealthy. Eg. "[3-5]" - This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ type: string type: object machineInfrastructure: @@ -569,6 +577,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -597,6 +606,28 @@ spec: More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string ref: description: Ref is a required reference to a custom resource offered by a provider. @@ -634,6 +665,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -681,6 +713,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -693,8 +726,9 @@ spec: to customize the referenced templates. properties: definitions: - description: 'Definitions define the patches inline. Note: Patches - will be applied in the order of the array.' + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' items: description: PatchDefinition defines a patch which is applied to customize the referenced templates. @@ -815,11 +849,23 @@ spec: will be disabled. If EnabledIf is not set, the patch will be enabled per default. type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object name: description: Name of the patch. type: string required: - - definitions - name type: object type: array @@ -962,6 +1008,13 @@ spec: description: 'UniqueItems specifies if items in an array must be unique. NOTE: Can only be set if type is array.' type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean required: - type type: object @@ -993,6 +1046,13 @@ spec: and can be referenced in the Cluster to create a managed MachineDeployment. type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string machineHealthCheck: description: MachineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. @@ -1057,6 +1117,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered @@ -1092,6 +1153,107 @@ spec: This means that remediation will be allowed only when: (a) there are at least 3 unhealthy machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete type: string type: object template: @@ -1149,6 +1311,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -1203,6 +1366,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic required: - ref type: object @@ -1241,23 +1405,68 @@ spec: type: array type: object type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object type: object served: true storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesetbindings.addons.cluster.x-k8s.io @@ -1543,19 +1752,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusterresourcesets.addons.cluster.x-k8s.io @@ -2066,19 +2270,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: clusters.cluster.x-k8s.io @@ -2217,6 +2416,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2255,6 +2455,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. @@ -2476,6 +2677,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2514,6 +2716,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. @@ -2864,6 +3067,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic infrastructureRef: description: InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure @@ -2902,10 +3106,16 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic paused: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean + takeOverCluster: + description: 'TODO: PCP-22, create/set cluster object for imported/takeover + cluster TakeOverCluster represents the cluster launch is for taking + over existing pre-provisioned cluster' + type: boolean topology: description: 'This encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to @@ -2919,6 +3129,119 @@ spec: controlPlane: description: ControlPlane describes the cluster control plane. properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object metadata: description: "Metadata is the metadata applied to the machines of the ControlPlane. At runtime this metadata is merged @@ -2945,6 +3268,12 @@ spec: More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -2952,6 +3281,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string replicas: description: Replicas is the number of control plane nodes. If the value is nil, the ControlPlane object is created @@ -3022,6 +3357,128 @@ spec: machines will be created in. Must match a key in the FailureDomains map stored on the cluster object. type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object metadata: description: Metadata is the metadata applied to the machines of the MachineDeployment. At runtime this @@ -3046,6 +3503,12 @@ spec: controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer name: description: Name is the unique identifier for this MachineDeploymentTopology. The value is used with @@ -3054,6 +3517,13 @@ spec: is greater than the allowed maximum length, the values are hashed together. type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a @@ -3062,6 +3532,13 @@ spec: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string replicas: description: Replicas is the number of worker nodes belonging to this set. If the value is nil, the MachineDeployment @@ -3071,6 +3548,75 @@ spec: of this value. format: int32 type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object variables: description: Variables can be used to customize the MachineDeployment through patches. @@ -3215,18 +3761,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api @@ -3270,18 +3810,19 @@ spec: description: ExtensionConfigSpec is the desired state of the ExtensionConfig properties: clientConfig: - description: ClientConfig defines how to communicate with ExtensionHandlers. + description: ClientConfig defines how to communicate with the Extension + server. properties: caBundle: description: CABundle is a PEM encoded CA bundle which will be - used to validate the ExtensionHandler's server certificate. + used to validate the Extension server's server certificate. format: byte type: string service: description: "Service is a reference to the Kubernetes service - for the ExtensionHandler. Either `service` or `url` must be - specified. \n If the ExtensionHandler is running within a cluster, - then you should use `service`." + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." properties: name: description: Name is the name of the service. @@ -3290,13 +3831,13 @@ spec: description: Namespace is the namespace of the service. type: string path: - description: Path is an optional URL path which will be sent - in any request to this service. If a path is set it will - be used as prefix and the hook-specific path will be appended. + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. type: string port: description: Port is the port on the service that's hosting - the ExtensionHandler. Default to 443. `port` should be a + the Extension server. Defaults to 443. Port should be a valid port number (1-65535, inclusive). format: int32 type: integer @@ -3305,25 +3846,23 @@ spec: - namespace type: object url: - description: "URL gives the location of the ExtensionHandler, - in standard URL form (`scheme://host:port/path`). Exactly one - of `url` or `service` must be specified. \n The `host` should - not refer to a service running in the cluster; use the `service` - field instead. \n The scheme should be \"https\"; the URL should - begin with \"https://\". \"http\" is supported for insecure - development purposes only. \n A path is optional, and if present - may be any string permissible in a URL. If a path is set it - will be used as prefix and the hook-specific path will be appended. - \n Attempting to use a user or basic auth e.g. \"user:password@\" + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed either." type: string type: object namespaceSelector: - description: NamespaceSelector decides whether to run the webhook - on an object based on whether the namespace for that object matches - the selector. Default to the empty LabelSelector, which matches - everything. + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -3437,7 +3976,8 @@ spec: which this ExtensionHandler serves. properties: apiVersion: - description: APIVersion is the Version of the Hook. + description: APIVersion is the group and version of the + Hook. type: string hook: description: Hook is the name of the hook. @@ -3448,7 +3988,8 @@ spec: type: object timeoutSeconds: description: TimeoutSeconds defines the timeout duration for - client calls to the ExtensionHandler. + client calls to the ExtensionHandler. Defaults to 10 is not + set. format: int32 type: integer required: @@ -3465,19 +4006,258 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + required: + - addressRef + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - gateway + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinedeployments.cluster.x-k8s.io @@ -3628,6 +4408,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -3786,6 +4567,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -3839,6 +4621,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -3899,6 +4682,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -4124,6 +4908,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -4259,6 +5044,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -4313,6 +5099,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -4591,6 +5378,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic strategy: description: The deployment strategy to use to replace existing machines with new ones. @@ -4726,6 +5514,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -4780,6 +5569,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -4793,6 +5583,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -4925,19 +5721,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinehealthchecks.cluster.x-k8s.io @@ -5058,6 +5849,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5103,6 +5895,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5318,6 +6111,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5363,6 +6157,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5587,6 +6382,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic selector: description: Label selector to match machines whose health will be exercised @@ -5632,6 +6428,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions @@ -5756,19 +6553,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinepools.cluster.x-k8s.io @@ -6019,6 +6811,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -6072,6 +6865,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -6132,6 +6926,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -6243,7 +7038,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -6251,10 +7046,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -6262,12 +7057,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -6483,6 +7278,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -6537,6 +7333,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -6648,7 +7445,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -6656,10 +7453,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -6667,12 +7464,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -6897,6 +7694,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -6951,6 +7749,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -6964,6 +7763,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -7069,7 +7874,7 @@ spec: description: NodeRefs will point to the corresponding Nodes if it they exist. items: - description: 'ObjectReference contains enough information to let + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields @@ -7077,10 +7882,10 @@ spec: and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described when - embedded. 3. Inconsistent validation. Because the usages are - different, the validation rules are different by usage, which + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation @@ -7088,12 +7893,12 @@ spec: on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect - numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' + ." properties: apiVersion: description: API version of the referent. @@ -7166,19 +7971,14 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machines.cluster.x-k8s.io @@ -7288,6 +8088,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending @@ -7346,6 +8147,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, @@ -7521,6 +8323,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -7631,6 +8434,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain @@ -7684,6 +8488,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, @@ -7912,6 +8717,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -8021,6 +8827,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain @@ -8074,6 +8881,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after the Machine @@ -8086,6 +8894,12 @@ spec: meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on @@ -8136,6 +8950,11 @@ spec: bootstrapReady: description: BootstrapReady is the state of the bootstrap provider. type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string conditions: description: Conditions defines current service state of the Machine. items: @@ -8309,6 +9128,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. @@ -8324,19 +9144,14 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: "null" labels: cluster.x-k8s.io/provider: cluster-api name: machinesets.cluster.x-k8s.io @@ -8471,10 +9286,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -8583,6 +9399,7 @@ spec: - name - uid type: object + x-kubernetes-map-type: atomic type: array type: object spec: @@ -8636,6 +9453,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic data: description: "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should @@ -8696,6 +9514,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -8913,10 +9732,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -8990,6 +9810,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -9044,6 +9865,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDrainTimeout: description: 'NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default @@ -9314,10 +10136,11 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references - to custom resources resources are treated as templates. + to custom resources are treated as templates. properties: metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' @@ -9391,6 +10214,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic dataSecretName: description: DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine @@ -9445,6 +10269,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic nodeDeletionTimeout: description: NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine hosts after @@ -9458,6 +10283,12 @@ spec: any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider @@ -9598,12 +10429,6 @@ spec: specReplicasPath: .spec.replicas statusReplicasPath: .status.replicas status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 kind: Service @@ -9646,7 +10471,20 @@ spec: - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false} command: - /manager - image: gcr.io/spectro-dev-public/release/cluster-api-controller-amd64:20220805 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: gcr.io/spectro-dev-public/devop2023/release-fips/cluster-api-controller:v1.3.2-spectro-4.0.0-dev imagePullPolicy: Always livenessProbe: httpGet: @@ -9713,6 +10551,7 @@ kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api name: capi-mutating-webhook-configuration @@ -9812,10 +10651,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + path: /mutate-cluster-x-k8s-io-v1beta1-cluster failurePolicy: Fail matchPolicy: Equivalent - name: default.machinepool.cluster.x-k8s.io + name: default.cluster.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -9825,7 +10664,7 @@ webhooks: - CREATE - UPDATE resources: - - machinepools + - clusters sideEffects: None - admissionReviewVersions: - v1 @@ -9834,10 +10673,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-cluster + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass failurePolicy: Fail matchPolicy: Equivalent - name: default.cluster.cluster.x-k8s.io + name: default.clusterclass.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -9847,7 +10686,7 @@ webhooks: - CREATE - UPDATE resources: - - clusters + - clusterclasses sideEffects: None - admissionReviewVersions: - v1 @@ -9856,20 +10695,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig failurePolicy: Fail matchPolicy: Equivalent - name: default.clusterclass.cluster.x-k8s.io + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - runtime.cluster.x-k8s.io apiVersions: - - v1beta1 + - v1alpha1 operations: - CREATE - UPDATE resources: - - clusterclasses + - extensionconfigs sideEffects: None - admissionReviewVersions: - v1 @@ -9878,20 +10717,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool failurePolicy: Fail matchPolicy: Equivalent - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + name: default.machinepool.cluster.x-k8s.io rules: - apiGroups: - - runtime.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - - v1alpha1 + - v1beta1 operations: - CREATE - UPDATE resources: - - extensionconfigs + - machinepools sideEffects: None - admissionReviewVersions: - v1 @@ -9921,6 +10760,7 @@ kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capi-webhook-system/capi-serving-cert + creationTimestamp: null labels: cluster.x-k8s.io/provider: cluster-api name: capi-validating-webhook-configuration @@ -10020,10 +10860,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-machinepool + path: /validate-cluster-x-k8s-io-v1beta1-cluster failurePolicy: Fail matchPolicy: Equivalent - name: validation.machinepool.cluster.x-k8s.io + name: validation.cluster.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -10032,8 +10872,9 @@ webhooks: operations: - CREATE - UPDATE + - DELETE resources: - - machinepools + - clusters sideEffects: None - admissionReviewVersions: - v1 @@ -10042,10 +10883,10 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-cluster + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass failurePolicy: Fail matchPolicy: Equivalent - name: validation.cluster.cluster.x-k8s.io + name: validation.clusterclass.cluster.x-k8s.io rules: - apiGroups: - cluster.x-k8s.io @@ -10056,7 +10897,7 @@ webhooks: - UPDATE - DELETE resources: - - clusters + - clusterclasses sideEffects: None - admissionReviewVersions: - v1 @@ -10065,21 +10906,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig failurePolicy: Fail matchPolicy: Equivalent - name: validation.clusterclass.cluster.x-k8s.io + name: validation.extensionconfig.runtime.cluster.x-k8s.io rules: - apiGroups: - - cluster.x-k8s.io + - runtime.cluster.x-k8s.io apiVersions: - - v1beta1 + - v1alpha1 operations: - CREATE - UPDATE - - DELETE resources: - - clusterclasses + - extensionconfigs sideEffects: None - admissionReviewVersions: - v1 @@ -10088,20 +10928,20 @@ webhooks: service: name: capi-webhook-service namespace: capi-webhook-system - path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + path: /validate-cluster-x-k8s-io-v1beta1-machinepool failurePolicy: Fail matchPolicy: Equivalent - name: validation.extensionconfig.runtime.cluster.x-k8s.io + name: validation.machinepool.cluster.x-k8s.io rules: - apiGroups: - - runtime.cluster.x-k8s.io + - cluster.x-k8s.io apiVersions: - - v1alpha1 + - v1beta1 operations: - CREATE - UPDATE resources: - - extensionconfigs + - machinepools sideEffects: None - admissionReviewVersions: - v1 @@ -10125,3 +10965,49 @@ webhooks: resources: - clusterresourcesets sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-webhook-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-webhook-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None From 33b918109803b05c47b8cb80f3e8e5c558efcb78 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe <33931378+AmitSahastra@users.noreply.github.com> Date: Wed, 21 Dec 2022 10:16:26 +0530 Subject: [PATCH 08/13] Update cluster_types.go --- api/v1beta1/cluster_types.go | 1 - 1 file changed, 1 deletion(-) diff --git a/api/v1beta1/cluster_types.go b/api/v1beta1/cluster_types.go index fe841348572a..7850c1917405 100644 --- a/api/v1beta1/cluster_types.go +++ b/api/v1beta1/cluster_types.go @@ -69,7 +69,6 @@ type ClusterSpec struct { // +optional Topology *Topology `json:"topology,omitempty"` - //TODO: PCP-22, create/set cluster object for imported/takeover cluster // TakeOverCluster represents the cluster launch is for taking over existing pre-provisioned cluster TakeOverCluster bool `json:"takeOverCluster,omitempty"` } From 6ad1e4b4e8c2c6aaefd0ccbe81270d0a2e155216 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe <33931378+AmitSahastra@users.noreply.github.com> Date: Wed, 21 Dec 2022 10:17:26 +0530 Subject: [PATCH 09/13] Update kubeadmconfig_controller.go --- .../kubeadm/internal/controllers/kubeadmconfig_controller.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index 9e2e4da0da3f..12b1e16b1ce6 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -278,8 +278,8 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques return ctrl.Result{}, nil } - //TODO: PCP-22 check (annotation to skip handleClusterNotInitialized and go for join ) - //how to make this condition true for new cluster as kubeadm cluster is already initialized + // TODO: PCP-22 check (annotation to skip handleClusterNotInitialized and go for join ) + // how to make this condition true for new cluster as kubeadm cluster is already initialized // Note: can't use IsFalse here because we need to handle the absence of the condition as well as false. log.Info("TESTING... skip handleClusterNotInitialized and push cluster for join") if !cluster.Spec.TakeOverCluster && !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { From 789737f3bcef37b2dd4c8f9208385b7bb13c56c2 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe <33931378+AmitSahastra@users.noreply.github.com> Date: Wed, 21 Dec 2022 10:18:08 +0530 Subject: [PATCH 10/13] Update controller.go --- controlplane/kubeadm/internal/controllers/controller.go | 1 - 1 file changed, 1 deletion(-) diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 0110389d48f2..e745dc2e174f 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -293,7 +293,6 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * return ctrl.Result{}, nil } - //TODO: PCP-22 adopt kubeconfig instead of generating new // Generate Cluster Kubeconfig if needed if result, err := r.reconcileKubeconfig(ctx, cluster, kcp); !result.IsZero() || err != nil { if err != nil { From 9f00043b49c1a3b574f5457d8a81dbab9b498090 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe <33931378+AmitSahastra@users.noreply.github.com> Date: Wed, 21 Dec 2022 10:36:05 +0530 Subject: [PATCH 11/13] Update kubeadm_control_plane_webhook.go --- .../v1beta1/kubeadm_control_plane_webhook.go | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index 521df9d213b5..4c3c6437147a 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -110,25 +110,23 @@ func (in *KubeadmControlPlane) ValidateCreate() error { } const ( - spec = "spec" - kubeadmConfigSpec = "kubeadmConfigSpec" - clusterConfiguration = "clusterConfiguration" - initConfiguration = "initConfiguration" - joinConfiguration = "joinConfiguration" - nodeRegistration = "nodeRegistration" - skipPhases = "skipPhases" - patches = "patches" - directory = "directory" - preKubeadmCommands = "preKubeadmCommands" - postKubeadmCommands = "postKubeadmCommands" - files = "files" - users = "users" - apiServer = "apiServer" - controllerManager = "controllerManager" - scheduler = "scheduler" - ntp = "ntp" - ignition = "ignition" - diskSetup = "diskSetup" + spec = "spec" + kubeadmConfigSpec = "kubeadmConfigSpec" + //clusterConfiguration = "clusterConfiguration" + //initConfiguration = "initConfiguration" + //joinConfiguration = "joinConfiguration" + //nodeRegistration = "nodeRegistration" + //patches = "patches" + //directory = "directory" + //preKubeadmCommands = "preKubeadmCommands" + //postKubeadmCommands = "postKubeadmCommands" + //files = "files" + //users = "users" + //apiServer = "apiServer" + //controllerManager = "controllerManager" + //scheduler = "scheduler" + //ntp = "ntp" + //ignition = "ignition" ) const minimumCertificatesExpiryDays = 7 From f53c9e25a1be884466af0c7667c0db43ec142f50 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Wed, 21 Dec 2022 14:05:23 +0530 Subject: [PATCH 12/13] Added takeOverCluster in Annotations --- api/v1beta1/cluster_types.go | 3 -- api/v1beta1/common_types.go | 3 ++ .../controllers/kubeadmconfig_controller.go | 3 +- .../crd/bases/cluster.x-k8s.io_clusters.yaml | 5 ---- .../v1beta1/kubeadm_control_plane_webhook.go | 30 +++++++++---------- .../internal/controllers/controller.go | 2 +- .../cluster/cluster_controller_phases.go | 2 +- spectro/generated/core-global.yaml | 5 ---- util/annotations/helpers.go | 5 ++++ 9 files changed, 27 insertions(+), 31 deletions(-) diff --git a/api/v1beta1/cluster_types.go b/api/v1beta1/cluster_types.go index 7850c1917405..50898cfe01ae 100644 --- a/api/v1beta1/cluster_types.go +++ b/api/v1beta1/cluster_types.go @@ -68,9 +68,6 @@ type ClusterSpec struct { // this feature is highly experimental, and parts of it might still be not implemented. // +optional Topology *Topology `json:"topology,omitempty"` - - // TakeOverCluster represents the cluster launch is for taking over existing pre-provisioned cluster - TakeOverCluster bool `json:"takeOverCluster,omitempty"` } // Topology encapsulates the information of the managed resources. diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 113c4e95f25a..de2fc4115e53 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -136,6 +136,9 @@ const ( // instead of being a source of truth for eventual consistency. // This annotation can be used to inform MachinePool status during in-progress scaling scenarios. ReplicasManagedByAnnotation = "cluster.x-k8s.io/replicas-managed-by" + + // TakeOverCluster is the label used to mark the nodes that run on takeover-cluster instances. + TakeOverCluster = "cluster.x-k8s.io/takeover-cluster" ) const ( diff --git a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go index 12b1e16b1ce6..2178b82aa615 100644 --- a/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go +++ b/bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go @@ -282,7 +282,8 @@ func (r *KubeadmConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reques // how to make this condition true for new cluster as kubeadm cluster is already initialized // Note: can't use IsFalse here because we need to handle the absence of the condition as well as false. log.Info("TESTING... skip handleClusterNotInitialized and push cluster for join") - if !cluster.Spec.TakeOverCluster && !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { + + if !annotations.IsTakeOverCluster(cluster.GetObjectMeta()) && !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) { return r.handleClusterNotInitialized(ctx, scope) } diff --git a/config/crd/bases/cluster.x-k8s.io_clusters.yaml b/config/crd/bases/cluster.x-k8s.io_clusters.yaml index 2037c91efb02..d80982e2e1df 100644 --- a/config/crd/bases/cluster.x-k8s.io_clusters.yaml +++ b/config/crd/bases/cluster.x-k8s.io_clusters.yaml @@ -824,11 +824,6 @@ spec: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean - takeOverCluster: - description: 'TODO: PCP-22, create/set cluster object for imported/takeover - cluster TakeOverCluster represents the cluster launch is for taking - over existing pre-provisioned cluster' - type: boolean topology: description: 'This encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index 4c3c6437147a..7a909f99f178 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -112,21 +112,21 @@ func (in *KubeadmControlPlane) ValidateCreate() error { const ( spec = "spec" kubeadmConfigSpec = "kubeadmConfigSpec" - //clusterConfiguration = "clusterConfiguration" - //initConfiguration = "initConfiguration" - //joinConfiguration = "joinConfiguration" - //nodeRegistration = "nodeRegistration" - //patches = "patches" - //directory = "directory" - //preKubeadmCommands = "preKubeadmCommands" - //postKubeadmCommands = "postKubeadmCommands" - //files = "files" - //users = "users" - //apiServer = "apiServer" - //controllerManager = "controllerManager" - //scheduler = "scheduler" - //ntp = "ntp" - //ignition = "ignition" + // clusterConfiguration = "clusterConfiguration" + // initConfiguration = "initConfiguration" + // joinConfiguration = "joinConfiguration" + // nodeRegistration = "nodeRegistration" + // patches = "patches" + // directory = "directory" + // preKubeadmCommands = "preKubeadmCommands" + // postKubeadmCommands = "postKubeadmCommands" + // files = "files" + // users = "users" + // apiServer = "apiServer" + // controllerManager = "controllerManager" + // scheduler = "scheduler" + // ntp = "ntp" + // ignition = "ignition" ) const minimumCertificatesExpiryDays = 7 diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index e745dc2e174f..8cf1f3d443b9 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -568,7 +568,7 @@ func (r *KubeadmControlPlaneReconciler) reconcileEtcdMembers(ctx context.Context log := ctrl.LoggerFrom(ctx) // If etcd is not managed by KCP this is a no-op. - if controlPlane.Cluster.Spec.TakeOverCluster || !controlPlane.IsEtcdManaged() { + if annotations.IsTakeOverCluster(controlPlane.Cluster.GetObjectMeta()) || !controlPlane.IsEtcdManaged() { return ctrl.Result{}, nil } diff --git a/internal/controllers/cluster/cluster_controller_phases.go b/internal/controllers/cluster/cluster_controller_phases.go index 69932b0963b3..31553db35f30 100644 --- a/internal/controllers/cluster/cluster_controller_phases.go +++ b/internal/controllers/cluster/cluster_controller_phases.go @@ -248,7 +248,7 @@ func (r *Reconciler) reconcileControlPlane(ctx context.Context, cluster *cluster // TODO: PCP-22 set controlPlaneInitializedCondition to true for takeOver cluster // as CP are already initialized in existing cluster - if cluster.Spec.TakeOverCluster || initialized { + if annotations.IsTakeOverCluster(cluster.GetObjectMeta()) || initialized { conditions.MarkTrue(cluster, clusterv1.ControlPlaneInitializedCondition) } else { conditions.MarkFalse(cluster, clusterv1.ControlPlaneInitializedCondition, clusterv1.WaitingForControlPlaneProviderInitializedReason, clusterv1.ConditionSeverityInfo, "Waiting for control plane provider to indicate the control plane has been initialized") diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml index 3aaed9955e91..2309cd952031 100644 --- a/spectro/generated/core-global.yaml +++ b/spectro/generated/core-global.yaml @@ -3111,11 +3111,6 @@ spec: description: Paused can be used to prevent controllers from processing the Cluster and all its associated objects. type: boolean - takeOverCluster: - description: 'TODO: PCP-22, create/set cluster object for imported/takeover - cluster TakeOverCluster represents the cluster launch is for taking - over existing pre-provisioned cluster' - type: boolean topology: description: 'This encapsulates the topology for the cluster. NOTE: It is required to enable the ClusterTopology feature gate flag to diff --git a/util/annotations/helpers.go b/util/annotations/helpers.go index 0ec9ef9388ac..072dbd119e1c 100644 --- a/util/annotations/helpers.go +++ b/util/annotations/helpers.go @@ -38,6 +38,11 @@ func IsExternallyManaged(o metav1.Object) bool { return hasAnnotation(o, clusterv1.ManagedByAnnotation) } +// IsTakeOverCluster returns true if the object has the `managed-by` annotation. +func IsTakeOverCluster(o metav1.Object) bool { + return hasAnnotation(o, clusterv1.TakeOverCluster) +} + // HasPaused returns true if the object has the `paused` annotation. func HasPaused(o metav1.Object) bool { return hasAnnotation(o, clusterv1.PausedAnnotation) From b5316737908dcf5216c0328057d3996fec1043a4 Mon Sep 17 00:00:00 2001 From: Amit Sahastrabuddhe Date: Thu, 18 Jul 2024 18:20:17 +0530 Subject: [PATCH 13/13] Fix for first CP node join command not having node registration config --- controlplane/kubeadm/internal/controllers/controller.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go index 8cf1f3d443b9..7e9c09f2d941 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -394,6 +394,13 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * switch { // We are creating the first replica case numMachines < desiredReplicas && numMachines == 0: + + if annotations.IsTakeOverCluster(controlPlane.Cluster.GetObjectMeta()) { + // Create a new Machine w/ join + log.Info("Scaling up control plane", "Desired", desiredReplicas, "Existing", numMachines) + return r.scaleUpControlPlane(ctx, cluster, kcp, controlPlane) + } + // Create new Machine w/ init log.Info("Initializing control plane", "Desired", desiredReplicas, "Existing", numMachines) conditions.MarkFalse(controlPlane.KCP, controlplanev1.AvailableCondition, controlplanev1.WaitingForKubeadmInitReason, clusterv1.ConditionSeverityInfo, "")