From 00ced1655e6079faaabb2701af4011cacfd0f151 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Thu, 20 Jun 2024 14:29:00 +0200 Subject: [PATCH 01/27] Update to Go 1.22 Signed-off-by: Marvin Beckers --- .github/workflows/docs-gen-and-push.yaml | 2 +- .github/workflows/goreleaser.yml | 2 +- .prow.yaml | 16 ++++++++-------- Dockerfile | 2 +- docs/content/contributing/index.md | 2 +- hack/verify-go-versions.sh | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docs-gen-and-push.yaml b/.github/workflows/docs-gen-and-push.yaml index ebe8751d0c6..1ca1c3319a3 100644 --- a/.github/workflows/docs-gen-and-push.yaml +++ b/.github/workflows/docs-gen-and-push.yaml @@ -34,7 +34,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: v1.21 + go-version: v1.22.0 cache: true - uses: actions/setup-python@v5 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index c645894d079..f57f2a0aecc 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -22,7 +22,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@v5 with: - go-version: v1.21 + go-version: v1.22.0 - name: Delete non-semver tags run: 'git tag -d $(git tag -l | grep -v "^v")' - name: Set LDFLAGS diff --git a/.prow.yaml b/.prow.yaml index 180d8b8cd57..1c6a9c55e1a 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -7,7 +7,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - make - verify-boilerplate @@ -27,7 +27,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - make - verify-codegen @@ -44,7 +44,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - make - lint @@ -83,7 +83,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - make - test @@ -104,7 +104,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - ./hack/run-with-prometheus.sh - make @@ -132,7 +132,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - ./hack/run-with-prometheus.sh - make @@ -162,7 +162,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - ./hack/run-with-prometheus.sh - make @@ -188,7 +188,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.21.8-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 command: - ./hack/run-with-prometheus.sh - make diff --git a/Dockerfile b/Dockerfile index f20c1fe9a15..969da431e6e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ # limitations under the License. # Build the binary -FROM --platform=${BUILDPLATFORM} docker.io/golang:1.21 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/golang:1.22.0 AS builder WORKDIR /workspace # Install dependencies. diff --git a/docs/content/contributing/index.md b/docs/content/contributing/index.md index 7ac762b0840..8f6748c8ec8 100644 --- a/docs/content/contributing/index.md +++ b/docs/content/contributing/index.md @@ -17,7 +17,7 @@ contribution. See the [DCO](https://github.com/kcp-dev/kcp/tree/main/DCO) file f ### Prerequisites 1. Clone this repository. -2. [Install Go](https://golang.org/doc/install) (currently 1.21). +2. [Install Go](https://golang.org/doc/install) (currently 1.22.0). 3. Install [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl). Please note that the go language version numbers in these files must exactly agree: go/go.mod file, kcp/.ci-operator.yaml, kcp/Dockerfile, and in all the kcp/.github/workflows yaml files that specify go-version. In kcp/.ci-operator.yaml the go version is indicated by the "tag" attribute. In kcp/Dockerfile it is indicated by the "golang" attribute. In go.mod it is indicated by the "go" directive." In the .github/workflows yaml files it is indicated by "go-version" diff --git a/hack/verify-go-versions.sh b/hack/verify-go-versions.sh index e24eba37fd9..42c764f8938 100755 --- a/hack/verify-go-versions.sh +++ b/hack/verify-go-versions.sh @@ -17,7 +17,7 @@ set -e set -o pipefail -VERSION=$(grep "go 1." go.mod | sed 's/go //') +VERSION=$(grep "go 1." go.mod | sed 's/go //' | sed 's/.0$//') grep "FROM .* docker.io/golang:" Dockerfile | { ! grep -v "${VERSION}"; } || { echo "Wrong go version in Dockerfile, expected ${VERSION}"; exit 1; } grep -w "go-version:" .github/workflows/*.yaml | { ! grep -v "go-version: v${VERSION}"; } || { echo "Wrong go version in .github/workflows/*.yaml, expected ${VERSION}"; exit 1; } From 62ac1d6902871ae5b2262038f7a1b249c6cdb4c9 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Thu, 20 Jun 2024 14:29:21 +0200 Subject: [PATCH 02/27] Update kcp-dev/kubernetes fork Signed-off-by: Marvin Beckers --- go.mod | 111 +++++++++++++++++++++++---------------------- go.sum | 140 +++++++++++++++++---------------------------------------- 2 files changed, 97 insertions(+), 154 deletions(-) diff --git a/go.mod b/go.mod index b23de2e79dc..164f1ebf042 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/kcp-dev/kcp -go 1.21 +go 1.22.0 + +toolchain go1.22.4 require ( github.com/abiosoft/lineprefix v0.1.4 @@ -9,11 +11,11 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fatih/color v1.15.0 - github.com/go-logr/logr v1.3.0 + github.com/go-logr/logr v1.4.1 github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.3.1 - github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20230926071920-57d168bcbe34 - github.com/kcp-dev/client-go v0.0.0-20230927101349-0416c830e3b1 + github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0 + github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e github.com/kcp-dev/kcp/cli v0.0.0-00010101000000-000000000000 github.com/kcp-dev/kcp/sdk v0.0.0-00010101000000-000000000000 github.com/kcp-dev/logicalcluster/v3 v3.0.5 @@ -29,18 +31,18 @@ require ( go.uber.org/zap v1.26.0 gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.28.2 - k8s.io/apiextensions-apiserver v0.28.2 - k8s.io/apimachinery v0.28.2 - k8s.io/apiserver v0.28.2 - k8s.io/client-go v0.28.2 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/apiserver v0.30.0 + k8s.io/client-go v0.30.0 k8s.io/code-generator v0.26.3 - k8s.io/component-base v0.28.2 - k8s.io/klog/v2 v2.100.1 - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 + k8s.io/component-base v0.30.0 + k8s.io/klog/v2 v2.120.1 + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 k8s.io/kubernetes v1.28.1 k8s.io/utils v0.0.0-20230726121419-3b25d923346b - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 sigs.k8s.io/yaml v1.3.0 ) @@ -57,13 +59,13 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/distribution/reference v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-logr/zapr v1.2.4 // indirect + github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect @@ -72,7 +74,7 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect - github.com/google/cel-go v0.16.1 // indirect + github.com/google/cel-go v0.17.8 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect @@ -93,6 +95,7 @@ require ( github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.12 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/moby/spdystream v0.2.0 // indirect github.com/moby/sys/mountinfo v0.6.2 // indirect github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -100,7 +103,7 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect - github.com/onsi/gomega v1.27.6 // indirect + github.com/onsi/gomega v1.31.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -136,15 +139,15 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/mod v0.13.0 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.13.0 // indirect - golang.org/x/sync v0.5.0 // indirect + golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/tools v0.18.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect @@ -160,14 +163,14 @@ require ( k8s.io/component-helpers v0.0.0 // indirect k8s.io/controller-manager v0.0.0 // indirect k8s.io/dynamic-resource-allocation v0.0.0 // indirect - k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect + k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect k8s.io/kms v0.0.0 // indirect k8s.io/kube-aggregator v0.0.0 // indirect k8s.io/kube-controller-manager v0.0.0 // indirect k8s.io/kubelet v0.0.0 // indirect k8s.io/mount-utils v0.0.0 // indirect k8s.io/pod-security-admission v0.0.0 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect @@ -176,35 +179,35 @@ require ( replace ( github.com/kcp-dev/kcp/cli => ./cli github.com/kcp-dev/kcp/sdk => ./sdk - k8s.io/api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20231008123256-10a06602223e - k8s.io/apiextensions-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20231008123256-10a06602223e - k8s.io/apimachinery => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231008123256-10a06602223e - k8s.io/apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231008123256-10a06602223e - k8s.io/cli-runtime => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20231008123256-10a06602223e - k8s.io/client-go => github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231008123256-10a06602223e - k8s.io/cloud-provider => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231008123256-10a06602223e - k8s.io/cluster-bootstrap => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20231008123256-10a06602223e - k8s.io/code-generator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20231008123256-10a06602223e - k8s.io/component-base => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231008123256-10a06602223e - k8s.io/component-helpers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231008123256-10a06602223e - k8s.io/controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231008123256-10a06602223e - k8s.io/cri-api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20231008123256-10a06602223e - k8s.io/csi-translation-lib => github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20231008123256-10a06602223e - k8s.io/dynamic-resource-allocation => github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20231008123256-10a06602223e - k8s.io/endpointslice => github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20231008123256-10a06602223e - k8s.io/kms => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20231008123256-10a06602223e - k8s.io/kube-aggregator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20231008123256-10a06602223e - k8s.io/kube-controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20231008123256-10a06602223e - k8s.io/kube-proxy => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20231008123256-10a06602223e - k8s.io/kube-scheduler => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20231008123256-10a06602223e - k8s.io/kubectl => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20231008123256-10a06602223e - k8s.io/kubelet => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20231008123256-10a06602223e - k8s.io/kubernetes => github.com/kcp-dev/kubernetes v0.0.0-20231008123256-10a06602223e - k8s.io/legacy-cloud-providers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20231008123256-10a06602223e - k8s.io/metrics => github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics v0.0.0-20231008123256-10a06602223e - k8s.io/mount-utils => github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20231008123256-10a06602223e - k8s.io/pod-security-admission => github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20231008123256-10a06602223e - k8s.io/sample-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20231008123256-10a06602223e - k8s.io/sample-cli-plugin => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20231008123256-10a06602223e - k8s.io/sample-controller => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20231008123256-10a06602223e + k8s.io/api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240724164803-3b450c7d0daf + k8s.io/apiextensions-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240724164803-3b450c7d0daf + k8s.io/apimachinery => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240724164803-3b450c7d0daf + k8s.io/apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240724164803-3b450c7d0daf + k8s.io/cli-runtime => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240724164803-3b450c7d0daf + k8s.io/client-go => github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240724164803-3b450c7d0daf + k8s.io/cloud-provider => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240724164803-3b450c7d0daf + k8s.io/cluster-bootstrap => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240724164803-3b450c7d0daf + k8s.io/code-generator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240724164803-3b450c7d0daf + k8s.io/component-base => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240724164803-3b450c7d0daf + k8s.io/component-helpers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240724164803-3b450c7d0daf + k8s.io/controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240724164803-3b450c7d0daf + k8s.io/cri-api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240724164803-3b450c7d0daf + k8s.io/csi-translation-lib => github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240724164803-3b450c7d0daf + k8s.io/dynamic-resource-allocation => github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240724164803-3b450c7d0daf + k8s.io/endpointslice => github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kms => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kube-aggregator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kube-controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kube-proxy => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kube-scheduler => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kubectl => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kubelet => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240724164803-3b450c7d0daf + k8s.io/kubernetes => github.com/kcp-dev/kubernetes v0.0.0-20240724164803-3b450c7d0daf + k8s.io/legacy-cloud-providers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240724164803-3b450c7d0daf + k8s.io/metrics => github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240724164803-3b450c7d0daf + k8s.io/mount-utils => github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240724164803-3b450c7d0daf + k8s.io/pod-security-admission => github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240724164803-3b450c7d0daf + k8s.io/sample-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240724164803-3b450c7d0daf + k8s.io/sample-cli-plugin => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240724164803-3b450c7d0daf + k8s.io/sample-controller => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240724164803-3b450c7d0daf ) diff --git a/go.sum b/go.sum index 6faa2304ce1..790f1d8a41d 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= +github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/abiosoft/lineprefix v0.1.4 h1:fXu3jc+B2EaS98mTpEL5OH9EKv3scHRb7/gsvlqAD1A= @@ -17,9 +19,10 @@ github.com/abiosoft/lineprefix v0.1.4/go.mod h1:Myq9hfXs8e2OmHFvajp3pHxxThZL645X github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -51,8 +54,8 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/egymgmbh/go-prefix-writer v0.0.0-20180609083313-7326ea162eca h1:7oodhZp9MZW0DBkrZXyUsJWKQFy35SVxjZ8K4vHXnk8= @@ -72,23 +75,20 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -123,8 +123,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.16.1 h1:3hZfSNiAU3KOiNtxuFXVp5WFy4hf/Ly3Sa4/7F8SXNo= -github.com/google/cel-go v0.16.1/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -137,7 +137,6 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= @@ -170,60 +169,16 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20230926071920-57d168bcbe34 h1:tom0JX5OmAeOOmkGv8LaYHDtA1xAKDiQL5U0vhYYgdM= -github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20230926071920-57d168bcbe34/go.mod h1:cWoaYGHl1nlzdEM2xvMzIASkEZJZLSf5nhe17M7wDhw= -github.com/kcp-dev/client-go v0.0.0-20230927101349-0416c830e3b1 h1:cyRhjhVSmcUqsMg0wh+DB/DjlpV58nhRpJYxRgCjayA= -github.com/kcp-dev/client-go v0.0.0-20230927101349-0416c830e3b1/go.mod h1:XfQFbR0lb2SsNEiAcR0ktxzgjlcJQpiWLX+OHw3a5ac= -github.com/kcp-dev/kubernetes v0.0.0-20231008123256-10a06602223e h1:Qe8KZk2EzGOeoMiXKx0rHzxgAdwTphVmf9cZYeIhK7k= -github.com/kcp-dev/kubernetes v0.0.0-20231008123256-10a06602223e/go.mod h1:5a0ZmCQ9v00mANiU81C1rUcCGj4DleSh+lb//3PS7wg= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20231008123256-10a06602223e h1:HHOx71/12DADD78bbEwEz1q9xDhD/E4Qt+WqPVdoxMM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20231008123256-10a06602223e/go.mod h1:piD28YpWWkHPGxcaIIkKjvXaiapiOJJ3RiwsigMjFeM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20231008123256-10a06602223e h1:J16a1zSlqfGKDqf/C5O5fwp6L3UpiGq6xYCMVrmMpqI= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20231008123256-10a06602223e/go.mod h1:QT+AMzbhlTWm8LFyoOY4kh0wO4JLymh5/zb6rQ8aRo8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231008123256-10a06602223e h1:v7gywXhkWQwt9dH+IOInSEtJJwdDJYd0nyeKY9VjVf4= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231008123256-10a06602223e/go.mod h1:P7xPCsuh6Mz10bWAH3HONFdRdffSu3mLQSHSyWutwLA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231008123256-10a06602223e h1:mtM/H9D541tx3jc3y3QPmpujVH3W6RIVpDi6kGNwDvA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231008123256-10a06602223e/go.mod h1:C+7gGfwXGct7ddeL51r0qozVZ/B/ccX6uRkF8YKYIIk= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20231008123256-10a06602223e h1:GNSzbMbUetzH/CuBFVhdqsrHD7fZ+5geNebqvW1aSrY= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20231008123256-10a06602223e/go.mod h1:fsb+S+tdbCfRFCQzB2TzEPHgckAXktQh4QtnuDD3yv8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231008123256-10a06602223e h1:Ky/iMr05tgC2Vnih79fkdEvUP0aC07H08vTBGkPUfhM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231008123256-10a06602223e/go.mod h1:smSqYEw/n3//f5mgyG/b8wOvTR4mEnt0lkWyoA7+xSs= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231008123256-10a06602223e h1:4jY2Hmu/JPXocc3x6yRqltw6g+R6/I+HSRAOLgmls/Q= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231008123256-10a06602223e/go.mod h1:Qp37m9Q6+GABW6C35yv+Z+kcAe52HO9gT7yYZa2RVfc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20231008123256-10a06602223e h1:SPDsHFH1IM407GlRGzB1MuG1a0w36Ohm/zovTTQJ+NM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20231008123256-10a06602223e/go.mod h1:Xho42TD+sExgIYndQ/aVFa/cRpfOQD0xQNgeG7S2fjY= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20231008123256-10a06602223e h1:8LiMl6fVzUmZbmRxf7dSlnE97EYE1cIiPMNzoHKWLuY= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20231008123256-10a06602223e/go.mod h1:ZPNAhxKcDVyUKgmw+PKKIPASVNLOhpc3MQ1ClP0WJ4Q= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231008123256-10a06602223e h1:u7V+PaSr1Vu+rZxMcr4d+9zfcoB2qFtfQtljeVqtrB0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231008123256-10a06602223e/go.mod h1:4XMBg2x2XYGQihErVcceA1/OqjqcGqqq2bdMgz/8hWQ= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231008123256-10a06602223e h1:/YgWogbROd6zLEbxTvRMAzgBJun7/xqCEloIcbz5xUw= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231008123256-10a06602223e/go.mod h1:ffnebevIJpHLv3bagIeMk9+52JRFxMX9Igy3m1ifUAk= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231008123256-10a06602223e h1:sD3jVrTnGhJLG+fM3jKBC9VOy4KhHArFve/bt/NUfHs= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231008123256-10a06602223e/go.mod h1:6Vp/HAKAdRcqOg1MRhelyABcdlfa+30eNlh78B/W4jM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20231008123256-10a06602223e h1:yboxgZBI7VK1AuiJ4sBHvqUuQvZzkwMbzuANCWs+xNM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20231008123256-10a06602223e/go.mod h1:BLf8LEHzPbmc9TGBB26ory2nYQF0mkAOKOogzrQyc20= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20231008123256-10a06602223e h1:lzXBeP3ote0yWUBrcC67ZLY7DGmFVB15eCrM4glWZnA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20231008123256-10a06602223e/go.mod h1:Y1VXLU1InATV3CaJ5IMrAVxjFPHSpzf9+83h+QspzJQ= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20231008123256-10a06602223e h1:nHGJ6OOQPGNM+6E4op8LLeNzc8t03GDf5dr7Svz3Puc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20231008123256-10a06602223e/go.mod h1:Qh0Pucync0H3KpVS4duoHiqGJv/exFFpgjYDfq3N3OQ= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20231008123256-10a06602223e h1:75rXfME8ReBPJ7m0iqd/NyR6jRXGIglE5IsdPvrfbMA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20231008123256-10a06602223e/go.mod h1:izBajJkU7hM24qoiSDXPcVh5T90CTnYWf2XOBRyQuKo= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20231008123256-10a06602223e h1:IKVP+Q2y1MZQEeCAhM+1V+HrwErIdMSvCQC67v1PL5s= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20231008123256-10a06602223e/go.mod h1:bRlPzFhN4/ggxAZXrGvJ7tE5dWux/W4tpBu9PIzwASQ= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20231008123256-10a06602223e h1:FxB8bjUy/uVmZveruX0w6eosKGzqUHISyIclKOisoaw= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20231008123256-10a06602223e/go.mod h1:abK8LLplClD8AuMOtfYzCqTZG/WYiWc3Xr4wfngH8Gk= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20231008123256-10a06602223e h1:R8SH7/NuxtKYQeZ2SfbkVy+lGxxnwEmH9GtXAw0MQ9U= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20231008123256-10a06602223e/go.mod h1:GskFYsCeCClgcjHXQ2tt3FDaSJaqfSjyKAFxGmHAxz0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20231008123256-10a06602223e h1:LDBD0zigjHB2Kh0CZOojLwp6pYdEmFax7+X3G1qlyWc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20231008123256-10a06602223e/go.mod h1:Zj+yrQmI/mVdhQejCA9Iytwn0YMdR3Ko+djVqDRMNug= +github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0 h1:op3XYaMYEBBXJs3aaECa3emMjFs+tf26xRuTINg46VU= +github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0/go.mod h1:cXCx7fku8/rYK23PNEBRLQ5ByoABoA+CZeJNC81TO0g= +github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e h1:fLO/DagRnNTS1URG06fkuBNjDd9osCfq6CoO0Nc0V+4= +github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e/go.mod h1:omXN+OtJV8YKZtTwyjx9J8gEYCcE1kOvumwhKFGrlf4= github.com/kcp-dev/logicalcluster/v3 v3.0.5 h1:JbYakokb+5Uinz09oTXomSUJVQsqfxEvU4RyHUYxHOU= github.com/kcp-dev/logicalcluster/v3 v3.0.5/go.mod h1:EWBUBxdr49fUB1cLMO4nOdBWmYifLbP1LfoL20KkXYY= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -248,6 +203,8 @@ github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxm github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= @@ -265,10 +222,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= +github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= @@ -339,7 +296,6 @@ github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= @@ -377,16 +333,12 @@ go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v8 go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -400,12 +352,10 @@ golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2F golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -418,7 +368,6 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= @@ -432,9 +381,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -445,7 +393,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -453,7 +400,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -474,12 +420,10 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -518,8 +462,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -539,25 +481,23 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From ef0ac56762be5a65d0c216d2601ea1c07665d296 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Thu, 20 Jun 2024 14:30:29 +0200 Subject: [PATCH 03/27] Rework openapi controller to new openapi upstream types Co-authored-by: Dr. Stefan Schimanski Signed-off-by: Marvin Beckers --- pkg/server/openapiv3/controller.go | 37 ++++++------ pkg/server/openapiv3/servicecache.go | 89 ++++++++++++++++------------ 2 files changed, 72 insertions(+), 54 deletions(-) diff --git a/pkg/server/openapiv3/controller.go b/pkg/server/openapiv3/controller.go index 3ba372116dd..47435dc36e5 100644 --- a/pkg/server/openapiv3/controller.go +++ b/pkg/server/openapiv3/controller.go @@ -48,7 +48,7 @@ import ( const ControllerName = "kcp-openapiv3" type CRDSpecGetter interface { - GetCRDSpecs(clusterName logicalcluster.Name, name string) (specs map[string]cached.Data[*spec3.OpenAPI], err error) + GetCRDSpecs(clusterName logicalcluster.Name, name string) (specs map[string]cached.Value[*spec3.OpenAPI], err error) } // Controller watches CustomResourceDefinitions and publishes OpenAPI v3. @@ -60,7 +60,7 @@ type Controller struct { // specs per version, logical cluster and per CRD name lock sync.Mutex - byClusterNameVersion map[logicalcluster.Name]map[string]map[string]cached.Data[*spec3.OpenAPI] + byClusterNameVersion map[logicalcluster.Name]map[string]map[string]cached.Value[*spec3.OpenAPI] } // NewController creates a new Controller with input CustomResourceDefinition informer. @@ -69,7 +69,7 @@ func NewController(crdInformer kcpapiextensionsv1informers.CustomResourceDefinit crdLister: crdInformer.Lister(), crdsSynced: crdInformer.Informer().HasSynced, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "crd_openapi_v3_controller"), - byClusterNameVersion: map[logicalcluster.Name]map[string]map[string]cached.Data[*spec3.OpenAPI]{}, + byClusterNameVersion: map[logicalcluster.Name]map[string]map[string]cached.Value[*spec3.OpenAPI]{}, } crdInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ //nolint:errcheck @@ -192,22 +192,25 @@ func (c *Controller) processCRD(crd *apiextensionsv1.CustomResourceDefinition) { continue } - spec := cached.NewStaticSource[*spec3.OpenAPI](func() cached.Result[*spec3.OpenAPI] { - spec, err := builder.BuildOpenAPIV3(crd, v.Name, builder.Options{V2: false}) - if err != nil { - return cached.NewResultErr[*spec3.OpenAPI](err) - } - bs, err := json.Marshal(spec) - if err != nil { - return cached.NewResultErr[*spec3.OpenAPI](err) - } - return cached.NewResultOK[*spec3.OpenAPI](spec, fmt.Sprintf("%X", sha512.Sum512(bs))) - }) + spec := cached.Once(cached.Func[*spec3.OpenAPI]( + func() (value *spec3.OpenAPI, etag string, err error) { + spec, err := builder.BuildOpenAPIV3(crd, v.Name, builder.Options{V2: false}) + if err != nil { + return nil, "", err + } + bs, err := json.Marshal(spec) + if err != nil { + return nil, "", err + } + return spec, fmt.Sprintf("%X", sha512.Sum512(bs)), nil + }, + )) + if c.byClusterNameVersion[clusterName] == nil { - c.byClusterNameVersion[clusterName] = map[string]map[string]cached.Data[*spec3.OpenAPI]{} + c.byClusterNameVersion[clusterName] = map[string]map[string]cached.Value[*spec3.OpenAPI]{} } if c.byClusterNameVersion[clusterName][crd.Name] == nil { - c.byClusterNameVersion[clusterName][crd.Name] = map[string]cached.Data[*spec3.OpenAPI]{} + c.byClusterNameVersion[clusterName][crd.Name] = map[string]cached.Value[*spec3.OpenAPI]{} } c.byClusterNameVersion[clusterName][crd.Name][v.Name] = spec } @@ -247,7 +250,7 @@ func (c *Controller) enqueue(obj *apiextensionsv1.CustomResourceDefinition) { c.queue.Add(key) } -func (c *Controller) GetCRDSpecs(clusterName logicalcluster.Name, name string) (specs map[string]cached.Data[*spec3.OpenAPI], err error) { +func (c *Controller) GetCRDSpecs(clusterName logicalcluster.Name, name string) (specs map[string]cached.Value[*spec3.OpenAPI], err error) { c.lock.Lock() defer c.lock.Unlock() diff --git a/pkg/server/openapiv3/servicecache.go b/pkg/server/openapiv3/servicecache.go index 6cf5b88b13e..661466a4080 100644 --- a/pkg/server/openapiv3/servicecache.go +++ b/pkg/server/openapiv3/servicecache.go @@ -73,22 +73,22 @@ func WithOpenAPIv3(handler http.Handler, c *ServiceCache) http.Handler { // ServiceCache implements a cluster-aware OpenAPI v3 handler, sharing the // OpenAPI service for equal API surface configurations. type ServiceCache struct { - config *common.Config + config *common.OpenAPIV3Config specGetter CRDSpecGetter crdLister kcp.ClusterAwareCRDClusterLister services *lru.Cache - staticSpecs map[string]cached.Data[*spec3.OpenAPI] + staticSpecs map[string]cached.Value[*spec3.OpenAPI] } -func NewServiceCache(config *common.Config, crdLister kcp.ClusterAwareCRDClusterLister, specGetter CRDSpecGetter, serviceCacheSize int) *ServiceCache { +func NewServiceCache(config *common.OpenAPIV3Config, crdLister kcp.ClusterAwareCRDClusterLister, specGetter CRDSpecGetter, serviceCacheSize int) *ServiceCache { return &ServiceCache{ config: config, specGetter: specGetter, crdLister: crdLister, services: lru.New(serviceCacheSize), - staticSpecs: map[string]cached.Data[*spec3.OpenAPI]{}, + staticSpecs: map[string]cached.Value[*spec3.OpenAPI]{}, } } @@ -101,15 +101,20 @@ func (c *ServiceCache) RegisterStaticAPIs(cont *restful.Container) error { byGVPath[gvPath] = []*restful.WebService{t} } for gvPath, ws := range byGVPath { - spec, err := builder3.BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(ws), c.config) - if err != nil { - return fmt.Errorf("failed to build OpenAPI v3 spec for %s: %w", gvPath, err) - } - etag, err := computeEtag(spec) - if err != nil { - return fmt.Errorf("failed to compute OpenAPI v3 spec etag for %s: %w", gvPath, err) - } - c.staticSpecs[gvPath] = cached.NewResultOK(spec, etag) + c.staticSpecs[gvPath] = cached.Once(cached.Func[*spec3.OpenAPI]( + func() (value *spec3.OpenAPI, etag string, err error) { + spec, err := builder3.BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(ws), c.config) + if err != nil { + return nil, "", fmt.Errorf("failed to build OpenAPI v3 spec for %s: %w", gvPath, err) + } + etag, err = computeEtag(spec) + if err != nil { + return nil, "", fmt.Errorf("failed to compute OpenAPI v3 spec etag for %s: %w", gvPath, err) + } + + return spec, etag, nil + }, + )) } return nil @@ -139,7 +144,7 @@ func (c *ServiceCache) ServeHTTP(w http.ResponseWriter, r *http.Request) { sort.Sort(byClusterAndName(orderedCRDs)) // get the specs for all CRDs - specs := make([]map[string]cached.Data[*spec3.OpenAPI], 0, len(orderedCRDs)) + specs := make([]map[string]cached.Value[*spec3.OpenAPI], 0, len(orderedCRDs)) for _, crd := range orderedCRDs { versionSpecs, err := c.specGetter.GetCRDSpecs(logicalcluster.From(crd), crd.Name) if err != nil { @@ -150,7 +155,11 @@ func (c *ServiceCache) ServeHTTP(w http.ResponseWriter, r *http.Request) { } // get the OpenAPI service from cache or create a new one - key := apiConfigurationKey(orderedCRDs, specs) + key, err := apiConfigurationKey(orderedCRDs, specs) + if err != nil { + responsewriters.InternalError(w, r, err) + return + } log = log.WithValues("key", key) entry, ok := c.services.Get(key) if !ok { @@ -182,11 +191,11 @@ func (c *ServiceCache) ServeHTTP(w http.ResponseWriter, r *http.Request) { service.ServeHTTP(w, r) } -func addSpecs(service *handler3.OpenAPIService, static map[string]cached.Data[*spec3.OpenAPI], crds []*apiextensionsv1.CustomResourceDefinition, specs []map[string]cached.Data[*spec3.OpenAPI], log logr.Logger) error { +func addSpecs(service *handler3.OpenAPIService, static map[string]cached.Value[*spec3.OpenAPI], crds []*apiextensionsv1.CustomResourceDefinition, specs []map[string]cached.Value[*spec3.OpenAPI], log logr.Logger) error { // start with static specs - byGroupVersionSpecs := make(map[string][]cached.Data[*spec3.OpenAPI]) + byGroupVersionSpecs := make(map[string][]cached.Value[*spec3.OpenAPI]) for gvPath, spec := range static { - byGroupVersionSpecs[gvPath] = []cached.Data[*spec3.OpenAPI]{spec} + byGroupVersionSpecs[gvPath] = []cached.Value[*spec3.OpenAPI]{spec} } // add dynamic specs @@ -208,30 +217,32 @@ func addSpecs(service *handler3.OpenAPIService, static map[string]cached.Data[*s // lazily merge spec and add to service for gvPath, specs := range byGroupVersionSpecs { - gvSpec := cached.NewListMerger(func(results []cached.Result[*spec3.OpenAPI]) cached.Result[*spec3.OpenAPI] { - log.V(6).Info("Merging OpenAPI v3 specs", "gvPath", gvPath) - specs := make([]*spec3.OpenAPI, 0, len(results)) - etags := make([]string, 0, len(results)) - for _, result := range results { - if result.Err != nil { - continue + gvSpec := cached.MergeList( + func(results []cached.Result[*spec3.OpenAPI]) (*spec3.OpenAPI, string, error) { + log.V(6).Info("Merging OpenAPI v3 specs", "gvPath", gvPath) + specs := make([]*spec3.OpenAPI, 0, len(results)) + etags := make([]string, 0, len(results)) + for _, result := range results { + if result.Err != nil { + continue + } + specs = append(specs, result.Value) + etags = append(etags, result.Etag) } - specs = append(specs, result.Data) - etags = append(etags, result.Etag) - } - merged, err := builder.MergeSpecsV3(specs...) - if err != nil { - return cached.NewResultErr[*spec3.OpenAPI](fmt.Errorf("failed to merge specs: %v", err)) - } - return cached.NewResultOK[*spec3.OpenAPI](merged, fmt.Sprintf("%X", sha512.Sum512([]byte(strings.Join(etags, ","))))) - }, specs) + merged, err := builder.MergeSpecsV3(specs...) + if err != nil { + return nil, "", fmt.Errorf("failed to merge specs: %v", err) + } + return merged, fmt.Sprintf("%X", sha512.Sum512([]byte(strings.Join(etags, ",")))), nil + }, + specs) service.UpdateGroupVersionLazy(gvPath, gvSpec) } return nil } -func apiConfigurationKey(orderedCRDs []*apiextensionsv1.CustomResourceDefinition, specs []map[string]cached.Data[*spec3.OpenAPI]) string { +func apiConfigurationKey(orderedCRDs []*apiextensionsv1.CustomResourceDefinition, specs []map[string]cached.Value[*spec3.OpenAPI]) (string, error) { var buf bytes.Buffer for i, crd := range orderedCRDs { spec := specs[i] @@ -251,7 +262,11 @@ func apiConfigurationKey(orderedCRDs []*apiextensionsv1.CustomResourceDefinition } buf.WriteString(v.Name) buf.WriteRune(':') - buf.WriteString(versionSpec.Get().Etag) + _, etag, err := versionSpec.Get() + if err != nil { + return "", err + } + buf.WriteString(etag) firstVersion = false } @@ -259,7 +274,7 @@ func apiConfigurationKey(orderedCRDs []*apiextensionsv1.CustomResourceDefinition buf.WriteRune(';') } - return buf.String() + return buf.String(), nil } func groupVersionToOpenAPIV3Path(gv schema.GroupVersion) string { From e973663b85147b0f6e7ed100e0dd03d829898548 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 21 Jun 2024 15:41:21 +0200 Subject: [PATCH 04/27] Remove featuregates removed from upstream Signed-off-by: Marvin Beckers --- pkg/cache/server/config.go | 3 --- pkg/cache/server/options/options.go | 1 - pkg/features/kcp_features.go | 12 +++--------- pkg/server/options/options.go | 1 - 4 files changed, 3 insertions(+), 14 deletions(-) diff --git a/pkg/cache/server/config.go b/pkg/cache/server/config.go index fd49a37acf3..cf5445c3351 100644 --- a/pkg/cache/server/config.go +++ b/pkg/cache/server/config.go @@ -34,9 +34,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" apiopenapi "k8s.io/apiserver/pkg/endpoints/openapi" - "k8s.io/apiserver/pkg/features" genericapiserver "k8s.io/apiserver/pkg/server" - utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/client-go/rest" cacheclient "github.com/kcp-dev/kcp/pkg/cache/client" @@ -148,7 +146,6 @@ func NewConfig(opts *cacheserveroptions.CompletedOptions, optionalLocalShardRest return apiHandler } - opts.Etcd.StorageConfig.Paging = utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking) // this is where the true decodable levels come from. opts.Etcd.StorageConfig.Codec = apiextensionsapiserver.Codecs.LegacyCodec(apiextensionsv1beta1.SchemeGroupVersion, apiextensionsv1.SchemeGroupVersion) // prefer the more compact serialization (v1beta1) for storage until http://issue.k8s.io/82292 is resolved for objects whose v1 serialization is too big but whose v1beta1 serialization can be stored diff --git a/pkg/cache/server/options/options.go b/pkg/cache/server/options/options.go index aa78cddba5c..1bd5248db56 100644 --- a/pkg/cache/server/options/options.go +++ b/pkg/cache/server/options/options.go @@ -78,7 +78,6 @@ func NewOptions(rootDir string) *Options { EmbeddedEtcd: *etcdoptions.NewOptions(rootDir), } - o.ServerRunOptions.EnablePriorityAndFairness = false o.SecureServing.ServerCert.CertDirectory = rootDir o.SecureServing.BindPort = 6443 o.Etcd.StorageConfig.Transport.ServerList = []string{"embedded"} diff --git a/pkg/features/kcp_features.go b/pkg/features/kcp_features.go index 3198cd4c426..ca3c0b7ad31 100644 --- a/pkg/features/kcp_features.go +++ b/pkg/features/kcp_features.go @@ -92,15 +92,9 @@ var defaultGenericControlPlaneFeatureGates = map[featuregate.Feature]featuregate WorkspaceMounts: {Default: false, PreRelease: featuregate.Alpha}, // inherited features from generic apiserver, relisted here to get a conflict if it is changed // unintentionally on either side: - genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, - genericfeatures.APIListChunking: {Default: true, PreRelease: featuregate.Beta}, - genericfeatures.APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, - genericfeatures.CustomResourceValidationExpressions: {Default: true, PreRelease: featuregate.Beta}, - genericfeatures.OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, - genericfeatures.OpenAPIV3: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - genericfeatures.ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - genericfeatures.ValidatingAdmissionPolicy: {Default: false, PreRelease: featuregate.Beta}, + genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, + genericfeatures.OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, + genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, logsapi.LoggingBetaOptions: {Default: true, PreRelease: featuregate.Beta}, logsapi.ContextualLogging: {Default: true, PreRelease: featuregate.Alpha}, diff --git a/pkg/server/options/options.go b/pkg/server/options/options.go index 82f547295fd..2a6a3fc8515 100644 --- a/pkg/server/options/options.go +++ b/pkg/server/options/options.go @@ -126,7 +126,6 @@ func NewOptions(rootDir string) *Options { o.GenericControlPlane.Authentication.ServiceAccounts.Issuers = []string{"https://kcp.default.svc"} o.GenericControlPlane.Etcd.StorageConfig.Transport.ServerList = []string{"embedded"} o.GenericControlPlane.Authorization = nil // we have our own - o.GenericControlPlane.GenericServerRunOptions.EnablePriorityAndFairness = false // override set of admission plugins kcpadmission.RegisterAllKcpAdmissionPlugins(o.GenericControlPlane.Admission.GenericAdmission.Plugins) From 15a0b9d51cc4efd119f1ddac30af762616079f44 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 21 Jun 2024 15:42:31 +0200 Subject: [PATCH 05/27] Update virtualworkspace framework to new function signatures Signed-off-by: Marvin Beckers --- pkg/virtual/apiexport/builder/forwarding.go | 4 +++- pkg/virtual/framework/dynamic/apiserver/handler_test.go | 2 +- pkg/virtual/framework/dynamic/apiserver/serving_info.go | 9 ++++----- pkg/virtual/framework/forwardingregistry/rest.go | 4 +++- pkg/virtual/framework/forwardingregistry/rest_test.go | 4 +++- pkg/virtual/initializingworkspaces/builder/forwarding.go | 4 +++- 6 files changed, 17 insertions(+), 10 deletions(-) diff --git a/pkg/virtual/apiexport/builder/forwarding.go b/pkg/virtual/apiexport/builder/forwarding.go index c92a8a21977..ef901da9fd1 100644 --- a/pkg/virtual/apiexport/builder/forwarding.go +++ b/pkg/virtual/apiexport/builder/forwarding.go @@ -23,6 +23,7 @@ import ( "github.com/kcp-dev/logicalcluster/v3" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema" "k8s.io/apiextensions-apiserver/pkg/apiserver/validation" "k8s.io/apiextensions-apiserver/pkg/registry/customresource" @@ -70,9 +71,10 @@ func provideDelegatingRestStorage(ctx context.Context, dynamicClusterClientFunc path.ValidatePathSegmentName, schemaValidator, statusSchemaValidate, - map[string]*structuralschema.Structural{resource.Version: structuralSchema}, + structuralSchema, statusSpec, scaleSpec, + []apiextensionsv1.SelectableField{}, ) storage, statusStorage := registry.NewStorage( diff --git a/pkg/virtual/framework/dynamic/apiserver/handler_test.go b/pkg/virtual/framework/dynamic/apiserver/handler_test.go index 5ebcb0d5cd2..2806187f62b 100644 --- a/pkg/virtual/framework/dynamic/apiserver/handler_test.go +++ b/pkg/virtual/framework/dynamic/apiserver/handler_test.go @@ -904,7 +904,7 @@ func TestBuildOpenAPIModelsForApply(t *testing.T) { schema := exampleAPIResourceSchema() for i, test := range tests { _ = schema.Spec.Versions[0].SetSchema(test.OpenAPIV3Schema) - swagger, err := buildOpenAPIV2(schema, &schema.Spec.Versions[0], builder.Options{V2: true, SkipFilterSchemaForKubectlOpenAPIV2Validation: true, StripValueValidation: true, StripNullable: true, AllowNonStructural: false}) + swagger, err := buildOpenAPIV2(schema, &schema.Spec.Versions[0], builder.Options{V2: true, StripValueValidation: true, StripNullable: true, AllowNonStructural: false}) require.NoError(t, err) openAPIModels, err := utilopenapi.ToProtoModels(swagger) diff --git a/pkg/virtual/framework/dynamic/apiserver/serving_info.go b/pkg/virtual/framework/dynamic/apiserver/serving_info.go index a9093a161db..1a5f2affbda 100644 --- a/pkg/virtual/framework/dynamic/apiserver/serving_info.go +++ b/pkg/virtual/framework/dynamic/apiserver/serving_info.go @@ -99,11 +99,10 @@ func CreateServingInfoFor(genericConfig genericapiserver.CompletedConfig, apiRes apiResourceSchema, apiResourceVersion, builder.Options{ - V2: true, - SkipFilterSchemaForKubectlOpenAPIV2Validation: true, - StripValueValidation: true, - StripNullable: true, - AllowNonStructural: false}) + V2: true, + StripValueValidation: true, + StripNullable: true, + AllowNonStructural: false}) if err != nil { return nil, err } diff --git a/pkg/virtual/framework/forwardingregistry/rest.go b/pkg/virtual/framework/forwardingregistry/rest.go index 01b223cabe6..3fbc91709df 100644 --- a/pkg/virtual/framework/forwardingregistry/rest.go +++ b/pkg/virtual/framework/forwardingregistry/rest.go @@ -31,6 +31,7 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/client-go/util/retry" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "github.com/kcp-dev/kcp/pkg/virtual/framework/dynamic/apiserver" ) @@ -145,9 +146,10 @@ func ProvideReadOnlyRestStorage(ctx context.Context, dynamicClusterClientFunc Dy path.ValidatePathSegmentName, schemaValidator, statusSchemaValidate, - map[string]*structuralschema.Structural{resource.Version: structuralSchema}, + structuralSchema, nil, // no status here nil, // no scale here + []apiextensionsv1.SelectableField{}, ) storage, _ := NewStorage( diff --git a/pkg/virtual/framework/forwardingregistry/rest_test.go b/pkg/virtual/framework/forwardingregistry/rest_test.go index a0692b557f7..f76629b1d14 100644 --- a/pkg/virtual/framework/forwardingregistry/rest_test.go +++ b/pkg/virtual/framework/forwardingregistry/rest_test.go @@ -109,7 +109,9 @@ func newStorage(t *testing.T, clusterClient kcpdynamic.ClusterInterface, apiExpo nil, nil, &apiextensions.CustomResourceSubresourceStatus{}, - nil), + nil, + []apiextensionsv1.SelectableField{}, + ), nil, table, nil, diff --git a/pkg/virtual/initializingworkspaces/builder/forwarding.go b/pkg/virtual/initializingworkspaces/builder/forwarding.go index 0895d24b395..5a3af93c086 100644 --- a/pkg/virtual/initializingworkspaces/builder/forwarding.go +++ b/pkg/virtual/initializingworkspaces/builder/forwarding.go @@ -23,6 +23,7 @@ import ( kcpdynamic "github.com/kcp-dev/client-go/dynamic" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema" "k8s.io/apiextensions-apiserver/pkg/apiserver/validation" "k8s.io/apiextensions-apiserver/pkg/registry/customresource" @@ -115,9 +116,10 @@ func delegatingLogicalClusterReadOnlyRestStorage( path.ValidatePathSegmentName, schemaValidator, statusSchemaValidate, - map[string]*structuralschema.Structural{resource.Version: structuralSchema}, + structuralSchema, statusSpec, scaleSpec, + []apiextensionsv1.SelectableField{}, ) storage, statusStorage := registry.NewStorage( From ee98031ad0ef0ba4a88a303a0e3091d856bc1d67 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 21 Jun 2024 15:43:13 +0200 Subject: [PATCH 06/27] Wire in context Signed-off-by: Marvin Beckers --- pkg/proxy/options/authentication.go | 3 ++- pkg/reconciler/garbagecollector/garbagecollector_controller.go | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/proxy/options/authentication.go b/pkg/proxy/options/authentication.go index a73b09fbae1..7e2eb833c9c 100644 --- a/pkg/proxy/options/authentication.go +++ b/pkg/proxy/options/authentication.go @@ -17,6 +17,7 @@ limitations under the License. package options import ( + "context" "fmt" "strings" "time" @@ -121,7 +122,7 @@ func (c *Authentication) ApplyTo(authenticationInfo *genericapiserver.Authentica } // Sets up a union Authenticator for all enabled auth methods - authenticationInfo.Authenticator, _, err = authenticatorConfig.New() + authenticationInfo.Authenticator, _, _, _, err = authenticatorConfig.New(context.TODO()) // TODO(embik): wire server context in? if err != nil { return err } diff --git a/pkg/reconciler/garbagecollector/garbagecollector_controller.go b/pkg/reconciler/garbagecollector/garbagecollector_controller.go index 2870369a09e..08b04516106 100644 --- a/pkg/reconciler/garbagecollector/garbagecollector_controller.go +++ b/pkg/reconciler/garbagecollector/garbagecollector_controller.go @@ -243,6 +243,7 @@ func (c *Controller) startGarbageCollectorForLogicalCluster(ctx context.Context, kubeClient := c.kubeClusterClient.Cluster(clusterName.Path()) garbageCollector, err := garbagecollector.NewGarbageCollector( + ctx, kubeClient, c.metadataClient.Cluster(clusterName.Path()), c.dynamicDiscoverySharedInformerFactory.RESTMapper(), From 47121cf0bfe724b4efb25867e1dc1692e5a1cb75 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 21 Jun 2024 16:07:03 +0200 Subject: [PATCH 07/27] Make admissionregistration.k8s.io/v1 resources claimable Signed-off-by: Marvin Beckers --- .../apiexport/schemas/builtin/builtin.go | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pkg/virtual/apiexport/schemas/builtin/builtin.go b/pkg/virtual/apiexport/schemas/builtin/builtin.go index 8c7216fcc07..0a4a7f45048 100644 --- a/pkg/virtual/apiexport/schemas/builtin/builtin.go +++ b/pkg/virtual/apiexport/schemas/builtin/builtin.go @@ -251,6 +251,17 @@ var BuiltInAPIs = []internalapis.InternalAPI{ ResourceScope: apiextensionsv1.ClusterScoped, HasStatus: true, }, + { + Names: apiextensionsv1.CustomResourceDefinitionNames{ + Plural: "validatingadmissionpolicies", + Singular: "validatingadmissionpolicy", + Kind: "ValidatingAdmissionPolicy", + }, + GroupVersion: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1"}, + Instance: &admissionregistrationv1.ValidatingAdmissionPolicy{}, + ResourceScope: apiextensionsv1.ClusterScoped, + HasStatus: true, + }, { Names: apiextensionsv1.CustomResourceDefinitionNames{ Plural: "validatingadmissionpolicybindings", @@ -261,6 +272,16 @@ var BuiltInAPIs = []internalapis.InternalAPI{ Instance: &admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding{}, ResourceScope: apiextensionsv1.ClusterScoped, }, + { + Names: apiextensionsv1.CustomResourceDefinitionNames{ + Plural: "validatingadmissionpolicybindings", + Singular: "validatingadmissionpolicybinding", + Kind: "ValidatingAdmissionPolicyBinding", + }, + GroupVersion: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1"}, + Instance: &admissionregistrationv1.ValidatingAdmissionPolicyBinding{}, + ResourceScope: apiextensionsv1.ClusterScoped, + }, { Names: apiextensionsv1.CustomResourceDefinitionNames{ Plural: "customresourcedefinitions", From bba8f0adce1d64dfe881b36edbc5cf19742a9b61 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 24 Jun 2024 09:40:38 +0200 Subject: [PATCH 08/27] Update ValidatingAdmissionPolicy plugin to new infrastructure Signed-off-by: Marvin Beckers --- pkg/admission/plugins.go | 3 +-- .../validating_admission_policy.go | 25 +++++++++++-------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/pkg/admission/plugins.go b/pkg/admission/plugins.go index 804e5e47de0..728a935d83a 100644 --- a/pkg/admission/plugins.go +++ b/pkg/admission/plugins.go @@ -20,8 +20,8 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle" + validatingadmissionpolicy "k8s.io/apiserver/pkg/admission/plugin/policy/validating" "k8s.io/apiserver/pkg/admission/plugin/resourcequota" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating" validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating" kubeapiserveroptions "k8s.io/kubernetes/pkg/kubeapiserver/options" @@ -186,7 +186,6 @@ var defaultOnKubePluginsInKube = sets.New[string]( certsubjectrestriction.PluginName, // CertificateSubjectRestriction defaultingressclass.PluginName, // DefaultIngressClass podsecurity.PluginName, // PodSecurity - validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy, only active when feature gate ValidatingAdmissionPolicy is enabled ) // DefaultOffAdmissionPlugins get admission plugins off by default for kcp. diff --git a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go index abb2288264a..272e9b4a0a1 100644 --- a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go +++ b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go @@ -28,7 +28,8 @@ import ( "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" + "k8s.io/apiserver/pkg/admission/plugin/policy/validating" + "k8s.io/apiserver/pkg/authorization/authorizer" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/client-go/discovery/cached/memory" "k8s.io/client-go/restmapper" @@ -69,6 +70,7 @@ type KubeValidatingAdmissionPolicy struct { globalKubeSharedInformerFactory kcpkubernetesinformers.SharedInformerFactory serverDone <-chan struct{} featureGates featuregate.FeatureGate + authorizer authorizer.Authorizer lock sync.RWMutex delegates map[logicalcluster.Name]*stoppableValidatingAdmissionPolicy @@ -82,6 +84,7 @@ var _ = initializers.WantsKubeClusterClient(&KubeValidatingAdmissionPolicy{}) var _ = initializers.WantsServerShutdownChannel(&KubeValidatingAdmissionPolicy{}) var _ = initializers.WantsDynamicClusterClient(&KubeValidatingAdmissionPolicy{}) var _ = initializer.WantsFeatures(&KubeValidatingAdmissionPolicy{}) +var _ = initializer.WantsAuthorizer(&KubeValidatingAdmissionPolicy{}) var _ = admission.InitializationValidator(&KubeValidatingAdmissionPolicy{}) func (k *KubeValidatingAdmissionPolicy) SetKubeClusterClient(kubeClusterClient kcpkubernetesclientset.ClusterInterface) { @@ -109,6 +112,10 @@ func (k *KubeValidatingAdmissionPolicy) InspectFeatureGates(featureGates feature k.featureGates = featureGates } +func (k *KubeValidatingAdmissionPolicy) SetAuthorizer(authz authorizer.Authorizer) { + k.authorizer = authz +} + func (k *KubeValidatingAdmissionPolicy) ValidateInitialization() error { return nil } @@ -161,19 +168,16 @@ func (k *KubeValidatingAdmissionPolicy) getOrCreateDelegate(clusterName logicalc } }() - plugin, err := validatingadmissionpolicy.NewPlugin() - if err != nil { - return nil, err - } + plugin := validating.NewPlugin(nil) delegate = &stoppableValidatingAdmissionPolicy{ - CELAdmissionPlugin: plugin, - stop: cancel, + Plugin: plugin, + stop: cancel, } plugin.SetNamespaceInformer(k.localKubeSharedInformerFactory.Core().V1().Namespaces().Cluster(clusterName)) - plugin.SetValidatingAdmissionPoliciesInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Cluster(clusterName)) - plugin.SetValidatingAdmissionPolicyBindingsInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Cluster(clusterName)) + plugin.SetPolicyInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Cluster(clusterName).Informer()) + plugin.SetBindingInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Cluster(clusterName).Informer()) plugin.SetExternalKubeClientSet(k.kubeClusterClient.Cluster(clusterName.Path())) // TODO(ncdc): this is super inefficient to do per workspace @@ -184,6 +188,7 @@ func (k *KubeValidatingAdmissionPolicy) getOrCreateDelegate(clusterName logicalc plugin.SetDynamicClient(k.dynamicClusterClient.Cluster(clusterName.Path())) plugin.SetDrainedNotification(ctx.Done()) plugin.InspectFeatureGates(k.featureGates) + plugin.SetAuthorizer(k.authorizer) if err := plugin.ValidateInitialization(); err != nil { cancel() @@ -215,6 +220,6 @@ func (k *KubeValidatingAdmissionPolicy) logicalClusterDeleted(clusterName logica } type stoppableValidatingAdmissionPolicy struct { - *validatingadmissionpolicy.CELAdmissionPlugin + *validating.Plugin stop func() } From 1bff1919533bbe8d333d2ae958aa4f96e519c86c Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 24 Jun 2024 09:40:59 +0200 Subject: [PATCH 09/27] Increase server start timeout in tests to two minutes Signed-off-by: Marvin Beckers --- test/e2e/framework/kcp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/framework/kcp.go b/test/e2e/framework/kcp.go index 43c260ea4bc..4c8262809f6 100644 --- a/test/e2e/framework/kcp.go +++ b/test/e2e/framework/kcp.go @@ -868,7 +868,7 @@ func (c *kcpServer) RawConfig() (clientcmdapi.Config, error) { func (c *kcpServer) loadCfg() error { var lastError error - if err := wait.PollUntilContextTimeout(c.ctx, 100*time.Millisecond, 1*time.Minute, true, func(ctx context.Context) (bool, error) { + if err := wait.PollUntilContextTimeout(c.ctx, 100*time.Millisecond, 2*time.Minute, true, func(ctx context.Context) (bool, error) { c.kubeconfigPath = filepath.Join(c.dataDir, "admin.kubeconfig") config, err := LoadKubeConfig(c.kubeconfigPath, "base") if err != nil { From 5738943aefb3e1a1d1d529061172066e2a88ec21 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 12 Jul 2024 15:33:19 +0200 Subject: [PATCH 10/27] flags: disallow alpha log and new authentication config flag (for now) Signed-off-by: Marvin Beckers --- pkg/server/options/flags.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/server/options/flags.go b/pkg/server/options/flags.go index a1b18c2f857..071a60c2dcf 100644 --- a/pkg/server/options/flags.go +++ b/pkg/server/options/flags.go @@ -147,6 +147,7 @@ var ( // metrics flags "allow-metric-labels", // The map from metric-label to value allow-list of this label. The key's format is ,. The value's format is ,...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' metric2,label1='v1,v2,v3'. + "allow-metric-labels-manifest", // The path to the manifest file that contains the allow-list mapping. The format of the file is the same as the flag --allow-metric-labels. Note that the flag --allow-metric-labels will override the manifest file. "disabled-metrics", // This flag provides an escape hatch for misbehaving metrics. You must provide the fully qualified metric name in order to disable it. Disclaimer: disabling metrics is higher in precedence than showing hidden metrics. "show-hidden-metrics-for-version", // The previous version for which you want to show hidden metrics. Only the previous minor version is meaningful, other values will not be allowed. The format is ., e.g.: '1.16'. The purpose of this format is make sure you have the opportunity to notice if the next release hides additional metrics, rather than being surprised when they are permanently removed in the release after that. @@ -192,5 +193,13 @@ var ( "peer-advertise-ip", // If set and the UnknownVersionInteroperabilityProxy feature gate is enabled, this IP will be used by peer kube-apiservers to proxy requests to this kube-apiserver when the request cannot be handled by the peer due to version skew between the kube-apiservers. This flag is only used in clusters configured with multiple kube-apiservers for high availability. "peer-advertise-port", // If set and the UnknownVersionInteroperabilityProxy feature gate is enabled, this port will be used by peer kube-apiservers to proxy requests to this kube-apiserver when the request cannot be handled by the peer due to version skew between the kube-apiservers. This flag is only used in clusters configured with multiple kube-apiservers for high availability. "peer-ca-file", // If set and the UnknownVersionInteroperabilityProxy feature gate is enabled, this file will be used to verify serving certificates of peer kube-apiservers. This flag is only used in clusters configured with multiple kube-apiservers for high availability. + + // logs flags + "log-text-info-buffer-size", // [Alpha] In text format with split output streams, the info messages can be buffered for a while to increase performance. The default value of zero bytes disables buffering. The size can be specified as number of bytes (512), multiples of 1000 (1K), multiples of 1024 (2Ki), or powers of those (3M, 4G, 5Mi, 6Gi). Enable the LoggingAlphaOptions feature gate to use this. + "log-text-split-stream", // [Alpha] In text format, write error messages to stderr and info messages to stdout. The default is to write a single stream to stdout. Enable the LoggingAlphaOptions feature gate to use this. + + // authentication flags + // TODO(embik): look at enabling this feature. + "authentication-config", // File with Authentication Configuration to configure the JWT Token authenticator. Note: This feature is in Alpha since v1.29.--feature-gate=StructuredAuthenticationConfiguration=true needs to be set for enabling this feature.This feature is mutually exclusive with the oidc-* flags. ) ) From 2eab8337e0775da5c5c442af86fc08942942b969 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 12 Jul 2024 15:33:59 +0200 Subject: [PATCH 11/27] builtin: update informers and schemas to include ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding Signed-off-by: Marvin Beckers --- pkg/informer/informer.go | 2 ++ .../apiexport/schemas/builtin/builtin_test.go | 27 ++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkg/informer/informer.go b/pkg/informer/informer.go index 3b95e15466d..95fa5724b0c 100644 --- a/pkg/informer/informer.go +++ b/pkg/informer/informer.go @@ -848,6 +848,8 @@ var builtInInformableTypes map[schema.GroupVersionResource]GVRPartialMetadata = gvrFor("rbac.authorization.k8s.io", "v1", "rolebindings"): withGVRPartialMetadata(apiextensionsv1.NamespaceScoped, "RoleBinding", "rolebinding"), gvrFor("events.k8s.io", "v1", "events"): withGVRPartialMetadata(apiextensionsv1.NamespaceScoped, "Event", "event"), gvrFor("admissionregistration.k8s.io", "v1", "mutatingwebhookconfigurations"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "MutatingWebhookConfiguration", "mutatingwebhookconfiguration"), + gvrFor("admissionregistration.k8s.io", "v1", "validatingadmissionpolicies"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "ValidatingAdmissionPolicy", "validatingadmissionpolicy"), + gvrFor("admissionregistration.k8s.io", "v1", "validatingadmissionpolicybindings"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "ValidatingAdmissionPolicyBinding", "validatingadmissionpolicybinding"), gvrFor("admissionregistration.k8s.io", "v1", "validatingwebhookconfigurations"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "ValidatingWebhookConfiguration", "validatingwebhookconfiguration"), gvrFor("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicies"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "ValidatingAdmissionPolicy", "validatingadmissionpolicy"), gvrFor("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicybindings"): withGVRPartialMetadata(apiextensionsv1.ClusterScoped, "ValidatingAdmissionPolicyBinding", "validatingadmissionpolicybinding"), diff --git a/pkg/virtual/apiexport/schemas/builtin/builtin_test.go b/pkg/virtual/apiexport/schemas/builtin/builtin_test.go index fbc38b97ffa..7995c9eddff 100644 --- a/pkg/virtual/apiexport/schemas/builtin/builtin_test.go +++ b/pkg/virtual/apiexport/schemas/builtin/builtin_test.go @@ -19,9 +19,34 @@ package builtin import ( "testing" + "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1" "github.com/stretchr/testify/require" ) func TestInit(t *testing.T) { - require.Equal(t, len(BuiltInAPIs), len(builtInAPIResourceSchemas)) + // Note: This test previously checked len(BuiltInAPIs) == len(builtInAPIResourceSchemas). + // testing for equal length in BuiltInAPIs and builtInAPIResourceSchemas is not enough because + // BuiltInAPIs has an entry per API version. If a resource is served from multiple API group versions, + // it will be in that list several times, but only once in the resource schemas (because resource schemas + // include multiple versions potentially). + + visitedResourceSchemas := map[v1alpha1.GroupResource]bool{} + + for _, api := range BuiltInAPIs { + gr := v1alpha1.GroupResource{Group: api.GroupVersion.Group, Resource: api.Names.Plural} + schema, ok := builtInAPIResourceSchemas[gr] + require.Truef(t, ok, "could not find %s in built-in API resource schemas", api.GroupVersion.String()) + visitedResourceSchemas[gr] = true + + versionFound := false + for _, version := range schema.Spec.Versions { + if api.GroupVersion.Version == version.Name { + versionFound = true + break + } + } + require.Truef(t, versionFound, "could not find version %s in API resource schema %s", api.GroupVersion.String(), schema.Name) + } + + require.Equal(t, len(builtInAPIResourceSchemas), len(visitedResourceSchemas)) } From 3adfd0e33b6c960bd9bc51f4d40f2e6e0a47fb8b Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 12 Jul 2024 15:34:28 +0200 Subject: [PATCH 12/27] fixtures: add x-kubernetes-list-type=atomic to namespaces Signed-off-by: Marvin Beckers --- pkg/virtual/framework/internalapis/fixtures/namespaces.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/virtual/framework/internalapis/fixtures/namespaces.yaml b/pkg/virtual/framework/internalapis/fixtures/namespaces.yaml index a7abd3f4a9b..24988fb4056 100644 --- a/pkg/virtual/framework/internalapis/fixtures/namespaces.yaml +++ b/pkg/virtual/framework/internalapis/fixtures/namespaces.yaml @@ -35,6 +35,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object status: description: 'Status describes the current status of a Namespace. More info: From f255a2c1cea002b1988b41dd6f977bd96562ab51 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Fri, 12 Jul 2024 15:34:47 +0200 Subject: [PATCH 13/27] test: handle new validation options Signed-off-by: Marvin Beckers --- pkg/admission/apiresourceschema/validation_test.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkg/admission/apiresourceschema/validation_test.go b/pkg/admission/apiresourceschema/validation_test.go index a91c8c43471..e99fda34762 100644 --- a/pkg/admission/apiresourceschema/validation_test.go +++ b/pkg/admission/apiresourceschema/validation_test.go @@ -23,12 +23,14 @@ import ( func TestValidationOptionDrift(t *testing.T) { expectedNonBool := map[string]reflect.Kind{ - "DisallowDefaultsReason": reflect.String, - "CELEnvironmentSet": reflect.Ptr, - "PreexistingExpressions": reflect.Struct, + "DisallowDefaultsReason": reflect.String, + "CELEnvironmentSet": reflect.Ptr, + "PreexistingExpressions": reflect.Struct, + "VersionsWithUnchangedSchemas": reflect.Map, } expectedFalse := map[string]bool{ - "RequireImmutableNames": true, + "RequireImmutableNames": true, + "SuppressPerExpressionCost": true, } v := reflect.ValueOf(defaultValidationOpts) From 0e665ecc1d350ee4c0e92e35b421bff1fd6bc57e Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 12:06:58 +0200 Subject: [PATCH 14/27] Update dependencies to 1.30 Signed-off-by: Marvin Beckers --- go.mod | 8 +++----- go.sum | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 49 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 164f1ebf042..ca6bf213144 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,6 @@ module github.com/kcp-dev/kcp go 1.22.0 -toolchain go1.22.4 - require ( github.com/abiosoft/lineprefix v0.1.4 github.com/davecgh/go-spew v1.1.1 @@ -14,8 +12,8 @@ require ( github.com/go-logr/logr v1.4.1 github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.3.1 - github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0 - github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e + github.com/kcp-dev/apimachinery/v2 v2.0.0 + github.com/kcp-dev/client-go v0.0.0-20240712152257-bf1c9b833763 github.com/kcp-dev/kcp/cli v0.0.0-00010101000000-000000000000 github.com/kcp-dev/kcp/sdk v0.0.0-00010101000000-000000000000 github.com/kcp-dev/logicalcluster/v3 v3.0.5 @@ -40,7 +38,7 @@ require ( k8s.io/component-base v0.30.0 k8s.io/klog/v2 v2.120.1 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 - k8s.io/kubernetes v1.28.1 + k8s.io/kubernetes v1.30.0 k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/structured-merge-diff/v4 v4.4.1 sigs.k8s.io/yaml v1.3.0 diff --git a/go.sum b/go.sum index 790f1d8a41d..6628729bbe1 100644 --- a/go.sum +++ b/go.sum @@ -169,10 +169,52 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0 h1:op3XYaMYEBBXJs3aaECa3emMjFs+tf26xRuTINg46VU= -github.com/kcp-dev/apimachinery/v2 v2.0.0-alpha.0.0.20240510131959-2fa3992332d0/go.mod h1:cXCx7fku8/rYK23PNEBRLQ5ByoABoA+CZeJNC81TO0g= -github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e h1:fLO/DagRnNTS1URG06fkuBNjDd9osCfq6CoO0Nc0V+4= -github.com/kcp-dev/client-go v0.0.0-20240515123258-607e9d833b0e/go.mod h1:omXN+OtJV8YKZtTwyjx9J8gEYCcE1kOvumwhKFGrlf4= +github.com/kcp-dev/apimachinery/v2 v2.0.0 h1:hQuhBBh+AvUYYMRG+nDzo1VXxNCdMAE95wSD2uB7nxw= +github.com/kcp-dev/apimachinery/v2 v2.0.0/go.mod h1:cXCx7fku8/rYK23PNEBRLQ5ByoABoA+CZeJNC81TO0g= +github.com/kcp-dev/client-go v0.0.0-20240712152257-bf1c9b833763 h1:vVwtXbun5IkLcQFN9zJ7JYQrwTgB37N+Mjd3B6Kjo64= +github.com/kcp-dev/client-go v0.0.0-20240712152257-bf1c9b833763/go.mod h1:edNdEyMsrgVhV4aKkpZauQtsI0A8KmoodOtQrDhqWTc= +github.com/kcp-dev/kubernetes v0.0.0-20240715094234-d2685b68f922 h1:5BijbfuM3KanGBC03blnrYZYo66Pr3nNg4P+JbJqElM= +github.com/kcp-dev/kubernetes v0.0.0-20240715094234-d2685b68f922/go.mod h1:9ru4ndcnDRMyj4gdfHS6IQpy6vlugiADw85Fg6jZzf8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240715094234-d2685b68f922 h1:xq7nqCuzhHKtmZiZbzbvTvTfJ5+QnW7Uw3H35rPpaIs= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240715094234-d2685b68f922/go.mod h1:furJ7SMbGXOMPn3Kf4cKNNTLwHPk3NLDJEv+SXATzD4= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240715094234-d2685b68f922 h1:7NRVuStjnpwfaRg8rI035NO+d6HSUrBmL/EJpVzysWk= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240715094234-d2685b68f922/go.mod h1:nkqR9YUSFuYkYM9pHYygammYljfghl2/lHfLwBsjv64= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240715094234-d2685b68f922 h1:Eej9PlnkHjQrqts0rnU1tJXwlcUHcrNiKonGQ2zXX5E= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240715094234-d2685b68f922/go.mod h1:gzxH9BTlTA3LQcRGhAcXutPKzyMxIMkXYimk3dMs0Xk= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240715094234-d2685b68f922 h1:W7EcvdWzPUkEFzMRksBvQgeAqe5LP7+cimWWXmhQpOA= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240715094234-d2685b68f922/go.mod h1:yaeb+0pBbi1Z4SGQM8op5NVzow2iu6AWadvkLcTmPzw= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240715094234-d2685b68f922 h1:xszucdc1/D4XusO58mrOvOKnQF3QiZp7o1EGPHev1S8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240715094234-d2685b68f922/go.mod h1:22tpYTPRG+d7RxuuGpqoaLD9pOt89xOwDXC7kgRS84M= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240715094234-d2685b68f922 h1:QzTAEGzTH5E2/GSqTi3Q6Gp470M7T2lkqbYKDvfYBF0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240715094234-d2685b68f922/go.mod h1:YQH8QRN0urvxOXpDiV9RAMgFjaDQx482PV6TS2JoZns= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240715094234-d2685b68f922 h1:ruC6Jp73z/kYColW1xe8QUveYPJX8JEw/FqgxLkGLgc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240715094234-d2685b68f922/go.mod h1:v21iUFkNALoVtXMAfLFDuSV1YpBuYaJNcC0gzGh6tKc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240715094234-d2685b68f922 h1:LZbnbLhogB3SKZnPHeilnroLAboEsrzJV09FR/N9JHA= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240715094234-d2685b68f922/go.mod h1:LJHgnDIRHiMLZRi893syhAEZ3tFyVOwjWHAGewd5jtQ= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240715094234-d2685b68f922 h1:Vltok2HJF6cfe90FBavxYOcDQPYORXgRetpvSe0zTS0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240715094234-d2685b68f922/go.mod h1:EDHG3dffw+SJ40L6WpXY3t241FPSpOhcD1t54f0aiWE= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240715094234-d2685b68f922 h1:Wu27gdlELyf83aUNi5HyKOzx1dUhvCq43kuzTUX8qEM= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240715094234-d2685b68f922/go.mod h1:y/EYyXh/7uIrcsYCazzaoOnf3SzeudVBP46ynhYDl8o= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240715094234-d2685b68f922 h1:KiimDb1KrgfiGjjuVZMUR6z6RsUr+jiJXotUVl33NX0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240715094234-d2685b68f922/go.mod h1:5LAs6nY4EKThzlgjTUpohpVLgXsUfkDWPmfXLRq7b7c= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240715094234-d2685b68f922 h1:5WQuird55ZVruIUW9bQhjPowPQJZ6bcD2XLk1IM+lv4= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240715094234-d2685b68f922/go.mod h1:Tkgabv3gTBOaA8rN9epgkOZ/iPduzvVrN5fKl/cDpHM= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240715094234-d2685b68f922 h1:oIBi1tvsNt6KBomXLs/8LYXCRmzuLF4RTi4rXUwvGv8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240715094234-d2685b68f922/go.mod h1:cIskFSiOGpBjkOwuUQCedHc8Rc0vJMuecCPW9wPphR0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240715094234-d2685b68f922 h1:QbB55tpmd7L0BulP3WnicX5hQ9lxV1ij/tlbo6dFJw0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240715094234-d2685b68f922/go.mod h1:zuEaV38X6HTOJrTglntG5cZ/jpMiM1EYlHImqlt3X9I= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240715094234-d2685b68f922 h1:2JR01fsAle+YzcKYk7++UGQfk7EZ9O40bXu5N8aNNPw= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240715094234-d2685b68f922/go.mod h1:tig/CdAZHSLnfo7HOBGtZEUcX2ym3ksoloM6gnm3/ws= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240715094234-d2685b68f922 h1:95DFvuCOuY4c7RCBcvC5oGdoZ1Vq9uuvTPevzFNUuPM= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240715094234-d2685b68f922/go.mod h1:Muxr1mn3h9Z2aLNHj/oRYZOcehJicye1cgwXg+KEChg= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240715094234-d2685b68f922 h1:UuAuU04dhGHXFKtM6H99vUq8/hZdQzmrQK2mUxtPnH8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240715094234-d2685b68f922/go.mod h1:6GtxVzkDExmipVJnXdauHRh77ytt46h5tsJXcf+HI2s= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240715094234-d2685b68f922 h1:FVPHdWfsqyccnJZqoV3MPe83XTRCPpzXbFo7ZIqjS4I= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240715094234-d2685b68f922/go.mod h1:x7ky9i4kiCPdiKDBrZ+Nl2TCvcdpZu3KLojwWV/WBEc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240715094234-d2685b68f922 h1:S3OpR8sQTv2rixT6YtKhSZPyb9uLqECYskfGJUPYKRg= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240715094234-d2685b68f922/go.mod h1:4xH05OdueH2hpDdvzFGddYb+1GoCt/1GzcYN7ci1S14= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240715094234-d2685b68f922 h1:JWGPxUJCpn9Vz9RJ59CcQmtginVWFVCHhRTK+Z/Bxdc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240715094234-d2685b68f922/go.mod h1:lWjdcioUMwkpg2mh+jKA2TAuBzq4fJ7RQegElvJpnss= github.com/kcp-dev/logicalcluster/v3 v3.0.5 h1:JbYakokb+5Uinz09oTXomSUJVQsqfxEvU4RyHUYxHOU= github.com/kcp-dev/logicalcluster/v3 v3.0.5/go.mod h1:EWBUBxdr49fUB1cLMO4nOdBWmYifLbP1LfoL20KkXYY= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= From 75a19c3e74772d9c085e0829629bc3ca39b1593c Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 12:50:42 +0200 Subject: [PATCH 15/27] Update to Go 1.22.2 Signed-off-by: Marvin Beckers --- .github/workflows/docs-gen-and-push.yaml | 2 +- .github/workflows/goreleaser.yml | 2 +- .prow.yaml | 16 ++++++++-------- Dockerfile | 2 +- docs/content/contributing/index.md | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/docs-gen-and-push.yaml b/.github/workflows/docs-gen-and-push.yaml index 1ca1c3319a3..b731f7d095a 100644 --- a/.github/workflows/docs-gen-and-push.yaml +++ b/.github/workflows/docs-gen-and-push.yaml @@ -34,7 +34,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: v1.22.0 + go-version: v1.22.2 cache: true - uses: actions/setup-python@v5 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index f57f2a0aecc..5c8d3cdc9b9 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -22,7 +22,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@v5 with: - go-version: v1.22.0 + go-version: v1.22.2 - name: Delete non-semver tags run: 'git tag -d $(git tag -l | grep -v "^v")' - name: Set LDFLAGS diff --git a/.prow.yaml b/.prow.yaml index 1c6a9c55e1a..aa32f573d31 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -7,7 +7,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - make - verify-boilerplate @@ -27,7 +27,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - make - verify-codegen @@ -44,7 +44,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - make - lint @@ -83,7 +83,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - make - test @@ -104,7 +104,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - ./hack/run-with-prometheus.sh - make @@ -132,7 +132,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - ./hack/run-with-prometheus.sh - make @@ -162,7 +162,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - ./hack/run-with-prometheus.sh - make @@ -188,7 +188,7 @@ presubmits: preset-goproxy: "true" spec: containers: - - image: ghcr.io/kcp-dev/infra/build:1.22.0-1 + - image: ghcr.io/kcp-dev/infra/build:1.22.2-1 command: - ./hack/run-with-prometheus.sh - make diff --git a/Dockerfile b/Dockerfile index 969da431e6e..6bc98b06fa8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ # limitations under the License. # Build the binary -FROM --platform=${BUILDPLATFORM} docker.io/golang:1.22.0 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/golang:1.22.2 AS builder WORKDIR /workspace # Install dependencies. diff --git a/docs/content/contributing/index.md b/docs/content/contributing/index.md index 8f6748c8ec8..032e3a55bfc 100644 --- a/docs/content/contributing/index.md +++ b/docs/content/contributing/index.md @@ -17,7 +17,7 @@ contribution. See the [DCO](https://github.com/kcp-dev/kcp/tree/main/DCO) file f ### Prerequisites 1. Clone this repository. -2. [Install Go](https://golang.org/doc/install) (currently 1.22.0). +2. [Install Go](https://golang.org/doc/install) (currently 1.22.2). 3. Install [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl). Please note that the go language version numbers in these files must exactly agree: go/go.mod file, kcp/.ci-operator.yaml, kcp/Dockerfile, and in all the kcp/.github/workflows yaml files that specify go-version. In kcp/.ci-operator.yaml the go version is indicated by the "tag" attribute. In kcp/Dockerfile it is indicated by the "golang" attribute. In go.mod it is indicated by the "go" directive." In the .github/workflows yaml files it is indicated by "go-version" From a60bac57b179b3f7071a4bb22a84a9a460fb1aec Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 12:56:56 +0200 Subject: [PATCH 16/27] Fix imports Signed-off-by: Marvin Beckers --- pkg/virtual/apiexport/schemas/builtin/builtin_test.go | 3 ++- pkg/virtual/framework/forwardingregistry/rest.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/virtual/apiexport/schemas/builtin/builtin_test.go b/pkg/virtual/apiexport/schemas/builtin/builtin_test.go index 7995c9eddff..b7d38e0c810 100644 --- a/pkg/virtual/apiexport/schemas/builtin/builtin_test.go +++ b/pkg/virtual/apiexport/schemas/builtin/builtin_test.go @@ -19,8 +19,9 @@ package builtin import ( "testing" - "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1" "github.com/stretchr/testify/require" + + "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1" ) func TestInit(t *testing.T) { diff --git a/pkg/virtual/framework/forwardingregistry/rest.go b/pkg/virtual/framework/forwardingregistry/rest.go index 3fbc91709df..4c8d37ee8f8 100644 --- a/pkg/virtual/framework/forwardingregistry/rest.go +++ b/pkg/virtual/framework/forwardingregistry/rest.go @@ -19,6 +19,7 @@ package forwardingregistry import ( "context" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema" "k8s.io/apiextensions-apiserver/pkg/apiserver/validation" "k8s.io/apiextensions-apiserver/pkg/registry/customresource" @@ -31,7 +32,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/client-go/util/retry" - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "github.com/kcp-dev/kcp/pkg/virtual/framework/dynamic/apiserver" ) From 9c4132cc7cd4f075b2346e45a01e0d0099bd1228 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 13:35:28 +0200 Subject: [PATCH 17/27] Update controller-gen to v0.15.0 Signed-off-by: Marvin Beckers --- Makefile | 2 +- hack/update-codegen-clients.sh | 71 +++++++++++++++++----------------- 2 files changed, 37 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index 6d542126569..107e7b281dc 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ else INSTALL_GOBIN=$(shell go env GOBIN) endif -CONTROLLER_GEN_VER := v0.10.0 +CONTROLLER_GEN_VER := v0.15.0 CONTROLLER_GEN_BIN := controller-gen CONTROLLER_GEN := $(TOOLS_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER) export CONTROLLER_GEN # so hack scripts can use it diff --git a/hack/update-codegen-clients.sh b/hack/update-codegen-clients.sh index f4d9559479e..e30fa9b3a8c 100755 --- a/hack/update-codegen-clients.sh +++ b/hack/update-codegen-clients.sh @@ -26,6 +26,7 @@ pushd "${SCRIPT_ROOT}" BOILERPLATE_HEADER="$( pwd )/hack/boilerplate/boilerplate.go.txt" popd CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; go list -f '{{.Dir}}' -m k8s.io/code-generator)} +OPENAPI_PKG=${OPENAPI_PKG:-$(cd "${SCRIPT_ROOT}"; go list -f '{{.Dir}}' -m k8s.io/kube-openapi)} # TODO: use generate-groups.sh directly instead once https://github.com/kubernetes/kubernetes/pull/114987 is available go install "${CODEGEN_PKG}"/cmd/applyconfiguration-gen @@ -35,31 +36,31 @@ go install "${CODEGEN_PKG}"/cmd/client-gen chmod +x "${CODEGEN_PKG}"/generate-internal-groups.sh "$GOPATH"/bin/applyconfiguration-gen \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/topology/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/third_party/conditions/apis/conditions/v1alpha1 \ - --input-dirs k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/runtime,k8s.io/apimachinery/pkg/version \ - --output-package github.com/kcp-dev/kcp/sdk/client/applyconfiguration \ --go-header-file ./hack/../hack/boilerplate/boilerplate.generatego.txt \ - --output-base "${SCRIPT_ROOT}" \ - --trim-path-prefix github.com/kcp-dev/kcp + --output-pkg github.com/kcp-dev/kcp/sdk/client/applyconfiguration \ + --output-dir "${SCRIPT_ROOT}/sdk/client/applyconfiguration" \ + github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/topology/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/third_party/conditions/apis/conditions/v1alpha1 \ + k8s.io/apimachinery/pkg/apis/meta/v1 \ + k8s.io/apimachinery/pkg/runtime \ + k8s.io/apimachinery/pkg/version "$GOPATH"/bin/client-gen \ + --go-header-file ./hack/../hack/boilerplate/boilerplate.generatego.txt \ + --output-pkg github.com/kcp-dev/kcp/sdk/client/clientset \ + --output-dir "${SCRIPT_ROOT}/sdk/client/clientset" \ --input github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1 \ --input github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1 \ --input github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1 \ --input github.com/kcp-dev/kcp/sdk/apis/topology/v1alpha1 \ --input-base="" \ --apply-configuration-package=github.com/kcp-dev/kcp/sdk/client/applyconfiguration \ - --clientset-name "versioned" \ - --output-package github.com/kcp-dev/kcp/sdk/client/clientset \ - --go-header-file ./hack/../hack/boilerplate/boilerplate.generatego.txt \ - --output-base "${SCRIPT_ROOT}" \ - --trim-path-prefix github.com/kcp-dev/kcp + --clientset-name "versioned" -bash "${CODEGEN_PKG}"/generate-groups.sh "deepcopy" \ +bash "${CODEGEN_PKG}"/kube_codegen.sh "deepcopy" \ github.com/kcp-dev/kcp/sdk/client github.com/kcp-dev/kcp/sdk/apis \ "core:v1alpha1 tenancy:v1alpha1 apis:v1alpha1 topology:v1alpha1" \ --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate/boilerplate.generatego.txt \ @@ -76,31 +77,29 @@ ${CODE_GENERATOR} \ popd "$GOPATH"/bin/applyconfiguration-gen \ - --input-dirs github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis/wildwest/v1alpha1 \ - --input-dirs k8s.io/apimachinery/pkg/apis/meta/v1 \ - --output-package github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration \ + --output-pkg github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration \ --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate/boilerplate.generatego.txt \ - --output-base "${SCRIPT_ROOT}" \ - --trim-path-prefix github.com/kcp-dev/kcp + --output-dir "${SCRIPT_ROOT}/test/e2e/fixtures/wildwest/client/applyconfiguration" \ + github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis/wildwest/v1alpha1 \ + k8s.io/apimachinery/pkg/apis/meta/v1 "$GOPATH"/bin/client-gen \ --input github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis/wildwest/v1alpha1 \ --input-base="" \ --apply-configuration-package=github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration \ --clientset-name "versioned" \ - --output-package github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/clientset \ + --output-pkg github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/clientset \ --go-header-file ./hack/../hack/boilerplate/boilerplate.generatego.txt \ - --output-base "${SCRIPT_ROOT}" \ - --trim-path-prefix github.com/kcp-dev/kcp + --output-dir "${SCRIPT_ROOT}/test/e2e/fixtures/wildwest/client/clientset" -bash "${CODEGEN_PKG}"/generate-groups.sh "deepcopy" \ +bash "${CODEGEN_PKG}"/kube_codegen.sh "deepcopy" \ github.com/kcp-dev/kcp/third_party/conditions/client github.com/kcp-dev/kcp/third_party/conditions/apis \ "conditions:v1alpha1" \ --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate/boilerplate.generatego.txt \ --output-base "${SCRIPT_ROOT}" \ --trim-path-prefix github.com/kcp-dev/kcp -bash "${CODEGEN_PKG}"/generate-groups.sh "deepcopy" \ +bash "${CODEGEN_PKG}"/kube_codegen.sh "deepcopy" \ github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis \ "wildwest:v1alpha1" \ --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate/boilerplate.generatego.txt \ @@ -116,16 +115,18 @@ ${CODE_GENERATOR} \ "output:dir=./../client" popd -go install "${CODEGEN_PKG}"/cmd/openapi-gen +go install "${OPENAPI_PKG}"/cmd/openapi-gen "$GOPATH"/bin/openapi-gen \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/topology/v1alpha1 \ - --input-dirs github.com/kcp-dev/kcp/sdk/apis/third_party/conditions/apis/conditions/v1alpha1 \ - --input-dirs k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/runtime,k8s.io/apimachinery/pkg/version \ - --output-package github.com/kcp-dev/kcp/pkg/openapi -O zz_generated.openapi \ --go-header-file ./hack/../hack/boilerplate/boilerplate.generatego.txt \ - --output-base "${SCRIPT_ROOT}" \ - --trim-path-prefix github.com/kcp-dev/kcp + --output-pkg github.com/kcp-dev/kcp/pkg/openapi \ + --output-file zz_generated.openapi.go \ + --output-dir "${SCRIPT_ROOT}/pkg/openapi" \ + github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/topology/v1alpha1 \ + github.com/kcp-dev/kcp/sdk/apis/third_party/conditions/apis/conditions/v1alpha1 \ + k8s.io/apimachinery/pkg/apis/meta/v1 \ + k8s.io/apimachinery/pkg/runtime \ + k8s.io/apimachinery/pkg/version From fa70106dae25a28103366b768eac89a6e334a766 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 13:38:01 +0200 Subject: [PATCH 18/27] Update generated code and YAML manifests Signed-off-by: Marvin Beckers --- config/crds/apis.kcp.io_apibindings.yaml | 282 +++++++++-------- config/crds/apis.kcp.io_apiconversions.yaml | 61 ++-- .../apis.kcp.io_apiexportendpointslices.yaml | 87 ++--- config/crds/apis.kcp.io_apiexports.yaml | 228 +++++++------ .../crds/apis.kcp.io_apiresourceschemas.yaml | 299 +++++++++--------- config/crds/core.kcp.io_logicalclusters.yaml | 117 ++++--- config/crds/core.kcp.io_shards.yaml | 102 +++--- config/crds/tenancy.kcp.io_workspaces.yaml | 156 +++++---- .../crds/tenancy.kcp.io_workspacetypes.yaml | 171 +++++----- config/crds/topology.kcp.io_partitions.yaml | 55 ++-- .../crds/topology.kcp.io_partitionsets.yaml | 87 ++--- .../apiexport-shards.core.kcp.io.yaml | 2 +- .../root-phase0/apiexport-tenancy.kcp.io.yaml | 4 +- .../apiexport-topology.kcp.io.yaml | 4 +- ...rceschema-logicalclusters.core.kcp.io.yaml | 115 ++++--- ...urceschema-partitions.topology.kcp.io.yaml | 55 ++-- ...eschema-partitionsets.topology.kcp.io.yaml | 86 ++--- .../apiresourceschema-shards.core.kcp.io.yaml | 100 +++--- ...ourceschema-workspaces.tenancy.kcp.io.yaml | 152 +++++---- ...eschema-workspacetypes.tenancy.kcp.io.yaml | 167 +++++----- pkg/openapi/zz_generated.openapi.go | 135 +++++++- .../applyconfiguration/meta/v1/condition.go | 88 ++++++ .../meta/v1/deleteoptions.go | 101 ++++++ sdk/client/applyconfiguration/utils.go | 19 +- .../applyconfiguration/meta/v1/condition.go | 88 ++++++ .../meta/v1/deleteoptions.go | 101 ++++++ .../meta/v1/labelselector.go | 63 ++++ .../meta/v1/labelselectorrequirement.go | 63 ++++ .../client/applyconfiguration/utils.go | 19 +- .../wildwest/wildwest.dev_cowboys.yaml | 20 +- .../wildwest/wildwest.dev_sheriffs.yaml | 20 +- 31 files changed, 1960 insertions(+), 1087 deletions(-) create mode 100644 sdk/client/applyconfiguration/meta/v1/condition.go create mode 100644 sdk/client/applyconfiguration/meta/v1/deleteoptions.go create mode 100644 test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/condition.go create mode 100644 test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/deleteoptions.go create mode 100644 test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselector.go create mode 100644 test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselectorrequirement.go diff --git a/config/crds/apis.kcp.io_apibindings.yaml b/config/crds/apis.kcp.io_apibindings.yaml index 86cf684e0b0..9ed1e6f7f7e 100644 --- a/config/crds/apis.kcp.io_apibindings.yaml +++ b/config/crds/apis.kcp.io_apibindings.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: apibindings.apis.kcp.io spec: group: apis.kcp.io @@ -26,19 +25,27 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: "APIBinding enables a set of resources and their behaviour through - an external service provider in this workspace. \n The service provider - uses an APIExport to expose the API." + description: |- + APIBinding enables a set of resources and their behaviour through an external + service provider in this workspace. + + + The service provider uses an APIExport to expose the API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,35 +53,38 @@ spec: description: Spec holds the desired state. properties: permissionClaims: - description: permissionClaims records decisions about permission claims - requested by the API service provider. Individual claims can be - accepted or rejected. If accepted, the API service provider gets - the requested access to the specified resources in this workspace. - Access is granted per GroupResource, identity, and other properties. + description: |- + permissionClaims records decisions about permission claims requested by the API service provider. + Individual claims can be accepted or rejected. If accepted, the API service provider gets the + requested access to the specified resources in this workspace. Access is granted per + GroupResource, identity, and other properties. items: description: AcceptablePermissionClaim is a PermissionClaim that records if the user accepts or rejects it. properties: all: - description: all claims all resources for the given group/resource. + description: |- + all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector. type: boolean group: - description: group is the name of an API group. For core groups - this is the empty string '""'. + description: |- + group is the name of an API group. + For core groups this is the empty string '""'. pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$ type: string identityHash: - description: This is the identity for a given APIExport that - the APIResourceSchema belongs to. The hash can be found on - APIExport and APIResourceSchema's status. It will be empty - for core types. Note that one must look this up for a particular - KCP instance. + description: |- + This is the identity for a given APIExport that the APIResourceSchema belongs to. + The hash can be found on APIExport and APIResourceSchema's status. + It will be empty for core types. + Note that one must look this up for a particular KCP instance. type: string resource: - description: 'resource is the name of the resource. Note: it - is worth noting that you can not ask for permissions for resource - provided by a CRD not provided by an api export.' + description: |- + resource is the name of the resource. + Note: it is worth noting that you can not ask for permissions for resource provided by a CRD + not provided by an api export. pattern: ^[a-z][-a-z0-9]*[a-z0-9]$ type: string resourceSelector: @@ -83,18 +93,18 @@ spec: items: properties: name: - description: name of an object within a claimed group/resource. - It matches the metadata.name field of the underlying - object. If namespace is unset, all objects matching - that name will be claimed. + description: |- + name of an object within a claimed group/resource. + It matches the metadata.name field of the underlying object. + If namespace is unset, all objects matching that name will be claimed. maxLength: 253 minLength: 1 pattern: ^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$ type: string namespace: - description: namespace containing the named object. Matches - metadata.namespace field. If "name" is unset, all objects - from the namespace are being claimed. + description: |- + namespace containing the named object. Matches metadata.namespace field. + If "name" is unset, all objects from the namespace are being claimed. minLength: 1 type: string type: object @@ -123,19 +133,19 @@ spec: - export properties: export: - description: export is a reference to an APIExport by cluster - name and export name. The creator of the APIBinding needs to - have access to the APIExport with the verb `bind` in order to - bind to it. + description: |- + export is a reference to an APIExport by cluster name and export name. + The creator of the APIBinding needs to have access to the APIExport with the + verb `bind` in order to bind to it. properties: name: description: name is the name of the APIExport that describes the API. type: string path: - description: path is a logical cluster path where the APIExport - is defined. If the path is unset, the logical cluster of - the APIBinding is used. + description: |- + path is a logical cluster path where the APIExport is defined. + If the path is unset, the logical cluster of the APIBinding is used. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: @@ -156,36 +166,39 @@ spec: logical cluster that contains the APIExport. type: string appliedPermissionClaims: - description: appliedPermissionClaims is a list of the permission claims - the system has seen and applied, according to the requests of the - API service provider in the APIExport and the acceptance state in - spec.permissionClaims. + description: |- + appliedPermissionClaims is a list of the permission claims the system has seen and applied, + according to the requests of the API service provider in the APIExport and the acceptance + state in spec.permissionClaims. items: - description: PermissionClaim identifies an object by GR and identity - hash. Its purpose is to determine the added permissions that a - service provider may request and that a consumer may accept and - allow the service provider access to. + description: |- + PermissionClaim identifies an object by GR and identity hash. + Its purpose is to determine the added permissions that a service provider may + request and that a consumer may accept and allow the service provider access to. properties: all: - description: all claims all resources for the given group/resource. + description: |- + all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector. type: boolean group: - description: group is the name of an API group. For core groups - this is the empty string '""'. + description: |- + group is the name of an API group. + For core groups this is the empty string '""'. pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$ type: string identityHash: - description: This is the identity for a given APIExport that - the APIResourceSchema belongs to. The hash can be found on - APIExport and APIResourceSchema's status. It will be empty - for core types. Note that one must look this up for a particular - KCP instance. + description: |- + This is the identity for a given APIExport that the APIResourceSchema belongs to. + The hash can be found on APIExport and APIResourceSchema's status. + It will be empty for core types. + Note that one must look this up for a particular KCP instance. type: string resource: - description: 'resource is the name of the resource. Note: it - is worth noting that you can not ask for permissions for resource - provided by a CRD not provided by an api export.' + description: |- + resource is the name of the resource. + Note: it is worth noting that you can not ask for permissions for resource provided by a CRD + not provided by an api export. pattern: ^[a-z][-a-z0-9]*[a-z0-9]$ type: string resourceSelector: @@ -194,18 +207,18 @@ spec: items: properties: name: - description: name of an object within a claimed group/resource. - It matches the metadata.name field of the underlying - object. If namespace is unset, all objects matching - that name will be claimed. + description: |- + name of an object within a claimed group/resource. + It matches the metadata.name field of the underlying object. + If namespace is unset, all objects matching that name will be claimed. maxLength: 253 minLength: 1 pattern: ^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$ type: string namespace: - description: namespace containing the named object. Matches - metadata.namespace field. If "name" is unset, all objects - from the namespace are being claimed. + description: |- + namespace containing the named object. Matches metadata.namespace field. + If "name" is unset, all objects from the namespace are being claimed. minLength: 1 type: string type: object @@ -232,8 +245,11 @@ spec: for the core API group. type: string resource: - description: "resource is the resource of the bound API. \n - kubebuilder:validation:MinLength=1" + description: |- + resource is the resource of the bound API. + + + kubebuilder:validation:MinLength=1 type: string schema: description: Schema references the APIResourceSchema that is @@ -245,13 +261,12 @@ spec: minLength: 1 type: string identityHash: - description: identityHash is the hash of the API identity - that this schema is bound to. The API identity determines - the etcd prefix used to persist the object. Different - identity means that the objects are effectively served - and stored under a distinct resource. A CRD of the same - GroupVersionResource uses a different identity and hence - a separate etcd prefix. + description: |- + identityHash is the hash of the API identity that this schema is bound to. + The API identity determines the etcd prefix used to persist the object. + Different identity means that the objects are effectively served and stored + under a distinct resource. A CRD of the same GroupVersionResource uses a + different identity and hence a separate etcd prefix. minLength: 1 type: string name: @@ -264,13 +279,15 @@ spec: - name type: object storageVersions: - description: "storageVersions lists all versions of a resource - that were ever persisted. Tracking these versions allows a - migration path for stored versions in etcd. The field is mutable - so a migration controller can finish a migration to another - version (ensuring no old objects are left in storage), and - then remove the rest of the versions from this list. \n Versions - may not be removed while they exist in this list." + description: |- + storageVersions lists all versions of a resource that were ever persisted. Tracking these + versions allows a migration path for stored versions in etcd. The field is mutable + so a migration controller can finish a migration to another version (ensuring + no old objects are left in storage), and then remove the rest of the + versions from this list. + + + Versions may not be removed while they exist in this list. items: type: string type: array @@ -293,37 +310,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -332,34 +349,38 @@ spec: type: object type: array exportPermissionClaims: - description: exportPermissionClaims records the permissions that the - export provider is asking for the binding to grant. + description: |- + exportPermissionClaims records the permissions that the export provider is asking for + the binding to grant. items: - description: PermissionClaim identifies an object by GR and identity - hash. Its purpose is to determine the added permissions that a - service provider may request and that a consumer may accept and - allow the service provider access to. + description: |- + PermissionClaim identifies an object by GR and identity hash. + Its purpose is to determine the added permissions that a service provider may + request and that a consumer may accept and allow the service provider access to. properties: all: - description: all claims all resources for the given group/resource. + description: |- + all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector. type: boolean group: - description: group is the name of an API group. For core groups - this is the empty string '""'. + description: |- + group is the name of an API group. + For core groups this is the empty string '""'. pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$ type: string identityHash: - description: This is the identity for a given APIExport that - the APIResourceSchema belongs to. The hash can be found on - APIExport and APIResourceSchema's status. It will be empty - for core types. Note that one must look this up for a particular - KCP instance. + description: |- + This is the identity for a given APIExport that the APIResourceSchema belongs to. + The hash can be found on APIExport and APIResourceSchema's status. + It will be empty for core types. + Note that one must look this up for a particular KCP instance. type: string resource: - description: 'resource is the name of the resource. Note: it - is worth noting that you can not ask for permissions for resource - provided by a CRD not provided by an api export.' + description: |- + resource is the name of the resource. + Note: it is worth noting that you can not ask for permissions for resource provided by a CRD + not provided by an api export. pattern: ^[a-z][-a-z0-9]*[a-z0-9]$ type: string resourceSelector: @@ -368,18 +389,18 @@ spec: items: properties: name: - description: name of an object within a claimed group/resource. - It matches the metadata.name field of the underlying - object. If namespace is unset, all objects matching - that name will be claimed. + description: |- + name of an object within a claimed group/resource. + It matches the metadata.name field of the underlying object. + If namespace is unset, all objects matching that name will be claimed. maxLength: 253 minLength: 1 pattern: ^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$ type: string namespace: - description: namespace containing the named object. Matches - metadata.namespace field. If "name" is unset, all objects - from the namespace are being claimed. + description: |- + namespace containing the named object. Matches metadata.namespace field. + If "name" is unset, all objects from the namespace are being claimed. minLength: 1 type: string type: object @@ -396,10 +417,11 @@ spec: && size(self.resourceSelector) > 0) type: array phase: - description: 'phase is the current phase of the APIBinding: - "": - the APIBinding has just been created, waiting to be bound. - Binding: - the APIBinding is being bound. - Bound: the APIBinding is bound - and the referenced APIs are available in the workspace.' + description: |- + phase is the current phase of the APIBinding: + - "": the APIBinding has just been created, waiting to be bound. + - Binding: the APIBinding is being bound. + - Bound: the APIBinding is bound and the referenced APIs are available in the workspace. enum: - "" - Binding diff --git a/config/crds/apis.kcp.io_apiconversions.yaml b/config/crds/apis.kcp.io_apiconversions.yaml index 19061676f71..37b5c6fb372 100644 --- a/config/crds/apis.kcp.io_apiconversions.yaml +++ b/config/crds/apis.kcp.io_apiconversions.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: apiconversions.apis.kcp.io spec: group: apis.kcp.io @@ -24,19 +23,24 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: APIConversion contains rules to convert between different API - versions in an APIResourceSchema. The name must match the name of the APIResourceSchema - for the conversions to take effect. + description: |- + APIConversion contains rules to convert between different API versions in an APIResourceSchema. The name must match + the name of the APIResourceSchema for the conversions to take effect. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -47,11 +51,11 @@ spec: description: conversions specify rules to convert between different API versions in an APIResourceSchema. items: - description: APIVersionConversion contains rules to convert between - two specific API versions in an APIResourceSchema. Additionally, - to avoid data loss when round-tripping from a version that contains - a new field to one that doesn't and back again, you can specify - a list of fields to preserve (these are stored in annotations). + description: |- + APIVersionConversion contains rules to convert between two specific API versions in an + APIResourceSchema. Additionally, to avoid data loss when round-tripping from a version that + contains a new field to one that doesn't and back again, you can specify a list of fields to + preserve (these are stored in annotations). properties: from: description: from is the source version. @@ -59,9 +63,9 @@ spec: pattern: ^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$ type: string preserve: - description: preserve contains a list of JSONPath expressions - to fields to preserve in the originating version of the object, - relative to its root, such as '.spec.name.first'. + description: |- + preserve contains a list of JSONPath expressions to fields to preserve in the originating version + of the object, relative to its root, such as '.spec.name.first'. items: type: string type: array @@ -72,22 +76,21 @@ spec: single field. properties: destination: - description: destination is a JSONPath expression to the - field in the target version of the object, relative - to its root, such as '.spec.name.first'. + description: |- + destination is a JSONPath expression to the field in the target version of the object, relative to + its root, such as '.spec.name.first'. minLength: 1 type: string field: - description: field is a JSONPath expression to the field - in the originating version of the object, relative to - its root, such as '.spec.name.first'. + description: |- + field is a JSONPath expression to the field in the originating version of the object, relative to its root, such + as '.spec.name.first'. minLength: 1 type: string transformation: - description: transformation is an optional CEL expression - used to execute user-specified rules to transform the - originating field -- identified by 'self' -- to the - destination field. + description: |- + transformation is an optional CEL expression used to execute user-specified rules to transform the + originating field -- identified by 'self' -- to the destination field. type: string required: - destination diff --git a/config/crds/apis.kcp.io_apiexportendpointslices.yaml b/config/crds/apis.kcp.io_apiexportendpointslices.yaml index 9208cb4ffde..44c1fa3089f 100644 --- a/config/crds/apis.kcp.io_apiexportendpointslices.yaml +++ b/config/crds/apis.kcp.io_apiexportendpointslices.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: apiexportendpointslices.apis.kcp.io spec: group: apis.kcp.io @@ -30,26 +29,32 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: APIExportEndpointSlice is a sink for the endpoints of an APIExport. - These endpoints can be filtered by a Partition. They get consumed by the - managers to start controllers and informers for the respective APIExport - services. + description: |- + APIExportEndpointSlice is a sink for the endpoints of an APIExport. These endpoints can be filtered by a Partition. + They get consumed by the managers to start controllers and informers for the respective APIExport services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'spec holds the desired state: - the targeted APIExport - - an optional partition for filtering' + description: |- + spec holds the desired state: + - the targeted APIExport + - an optional partition for filtering properties: export: description: export points to the API export. @@ -59,9 +64,9 @@ spec: the API. type: string path: - description: path is a logical cluster path where the APIExport - is defined. If the path is unset, the logical cluster of the - APIBinding is used. + description: |- + path is a logical cluster path where the APIExport is defined. + If the path is unset, the logical cluster of the APIBinding is used. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: @@ -71,15 +76,17 @@ spec: - message: APIExport reference must not be changed rule: self == oldSelf partition: - description: partition (optional) points to a partition that is used - for filtering the endpoints of the APIExport part of the slice. + description: |- + partition (optional) points to a partition that is used for filtering the endpoints + of the APIExport part of the slice. type: string required: - export type: object status: - description: 'status communicates the observed state: the filtered list - of endpoints for the APIExport service.' + description: |- + status communicates the observed state: + the filtered list of endpoints for the APIExport service. properties: conditions: description: conditions is a list of conditions that apply to the @@ -89,37 +96,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/crds/apis.kcp.io_apiexports.yaml b/config/crds/apis.kcp.io_apiexports.yaml index 90f837d2bf9..edddba53f3e 100644 --- a/config/crds/apis.kcp.io_apiexports.yaml +++ b/config/crds/apis.kcp.io_apiexports.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: apiexports.apis.kcp.io spec: group: apis.kcp.io @@ -26,18 +25,24 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: APIExport registers an API and implementation to allow consumption - by others through APIBindings. + description: |- + APIExport registers an API and implementation to allow consumption by others + through APIBindings. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,18 +50,27 @@ spec: description: Spec holds the desired state. properties: identity: - description: "identity points to a secret that contains the API identity - in the 'key' file. The API identity determines an unique etcd prefix - for objects stored via this APIExport. \n Different APIExport in - a workspace can share a common identity, or have different ones. - The identity (the secret) can also be transferred to another workspace - when the APIExport is moved. \n The identity is a secret of the - API provider. The APIBindings referencing this APIExport will store - a derived, non-sensitive value of this identity. \n The identity - of an APIExport cannot be changed. A derived, non-sensitive value - of the identity key is stored in the APIExport status and this value - is immutable. \n The identity is defaulted. A secret with the name - of the APIExport is automatically created." + description: |- + identity points to a secret that contains the API identity in the 'key' file. + The API identity determines an unique etcd prefix for objects stored via this + APIExport. + + + Different APIExport in a workspace can share a common identity, or have different + ones. The identity (the secret) can also be transferred to another workspace + when the APIExport is moved. + + + The identity is a secret of the API provider. The APIBindings referencing this APIExport + will store a derived, non-sensitive value of this identity. + + + The identity of an APIExport cannot be changed. A derived, non-sensitive value of + the identity key is stored in the APIExport status and this value is immutable. + + + The identity is defaulted. A secret with the name of the APIExport is automatically + created. properties: secretRef: description: secretRef is a reference to a secret that contains @@ -74,32 +88,39 @@ spec: x-kubernetes-map-type: atomic type: object latestResourceSchemas: - description: "latestResourceSchemas records the latest APIResourceSchemas - that are exposed with this APIExport. \n The schemas can be changed - in the life-cycle of the APIExport. These changes have no effect - on existing APIBindings, but only on newly bound ones. \n For updating - existing APIBindings, use an APIDeployment keeping bound workspaces - up-to-date." + description: |- + latestResourceSchemas records the latest APIResourceSchemas that are exposed + with this APIExport. + + + The schemas can be changed in the life-cycle of the APIExport. These changes + have no effect on existing APIBindings, but only on newly bound ones. + + + For updating existing APIBindings, use an APIDeployment keeping bound + workspaces up-to-date. items: type: string type: array x-kubernetes-list-type: set maximalPermissionPolicy: - description: "maximalPermissionPolicy will allow for a service provider - to set an upper bound on what is allowed for a consumer of this - API. If the policy is not set, no upper bound is applied, i.e the - consuming users can do whatever the user workspace allows the user - to do. \n The policy consists of RBAC (Cluster)Roles and (Cluster)Bindings. - A request of a user in a workspace that binds to this APIExport - via an APIBinding is additionally checked against these rules, with - the user name and the groups prefixed with `apis.kcp.io:binding:`. - \n For example: assume a user `adam` with groups `system:authenticated` - and `a-team` binds to this APIExport in another workspace root:org:ws. - Then a request in that workspace against a resource of this APIExport - is authorized as every other request in that workspace, but in addition - the RBAC policy here in the APIExport workspace has to grant access - to the user `apis.kcp.io:binding:adam` with the groups `apis.kcp.io:binding:system:authenticated` - and `apis.kcp.io:binding:a-team`." + description: |- + maximalPermissionPolicy will allow for a service provider to set an upper bound on what is allowed + for a consumer of this API. If the policy is not set, no upper bound is applied, + i.e the consuming users can do whatever the user workspace allows the user to do. + + + The policy consists of RBAC (Cluster)Roles and (Cluster)Bindings. A request of a user in + a workspace that binds to this APIExport via an APIBinding is additionally checked against + these rules, with the user name and the groups prefixed with `apis.kcp.io:binding:`. + + + For example: assume a user `adam` with groups `system:authenticated` and `a-team` binds to + this APIExport in another workspace root:org:ws. Then a request in that workspace + against a resource of this APIExport is authorized as every other request in that workspace, + but in addition the RBAC policy here in the APIExport workspace has to grant access to the + user `apis.kcp.io:binding:adam` with the groups `apis.kcp.io:binding:system:authenticated` + and `apis.kcp.io:binding:a-team`. oneOf: - required: - local @@ -110,42 +131,50 @@ spec: type: object type: object permissionClaims: - description: "permissionClaims make resources available in APIExport's - virtual workspace that are not part of the actual APIExport resources. - \n PermissionClaims are optional and should be the least access - necessary to complete the functions that the service provider needs. - Access is asked for on a GroupResource + identity basis. \n PermissionClaims - must be accepted by the user's explicit acknowledgement. Hence, - when claims change, the respecting objects are not visible immediately. - \n PermissionClaims overlapping with the APIExport resources are - ignored." + description: |- + permissionClaims make resources available in APIExport's virtual workspace that are not part + of the actual APIExport resources. + + + PermissionClaims are optional and should be the least access necessary to complete the functions + that the service provider needs. Access is asked for on a GroupResource + identity basis. + + + PermissionClaims must be accepted by the user's explicit acknowledgement. Hence, when claims + change, the respecting objects are not visible immediately. + + + PermissionClaims overlapping with the APIExport resources are ignored. items: - description: PermissionClaim identifies an object by GR and identity - hash. Its purpose is to determine the added permissions that a - service provider may request and that a consumer may accept and - allow the service provider access to. + description: |- + PermissionClaim identifies an object by GR and identity hash. + Its purpose is to determine the added permissions that a service provider may + request and that a consumer may accept and allow the service provider access to. properties: all: - description: all claims all resources for the given group/resource. + description: |- + all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector. type: boolean group: default: "" - description: group is the name of an API group. For core groups - this is the empty string '""'. + description: |- + group is the name of an API group. + For core groups this is the empty string '""'. pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$ type: string identityHash: - description: This is the identity for a given APIExport that - the APIResourceSchema belongs to. The hash can be found on - APIExport and APIResourceSchema's status. It will be empty - for core types. Note that one must look this up for a particular - KCP instance. + description: |- + This is the identity for a given APIExport that the APIResourceSchema belongs to. + The hash can be found on APIExport and APIResourceSchema's status. + It will be empty for core types. + Note that one must look this up for a particular KCP instance. type: string resource: - description: 'resource is the name of the resource. Note: it - is worth noting that you can not ask for permissions for resource - provided by a CRD not provided by an api export.' + description: |- + resource is the name of the resource. + Note: it is worth noting that you can not ask for permissions for resource provided by a CRD + not provided by an api export. pattern: ^[a-z][-a-z0-9]*[a-z0-9]$ type: string resourceSelector: @@ -154,18 +183,18 @@ spec: items: properties: name: - description: name of an object within a claimed group/resource. - It matches the metadata.name field of the underlying - object. If namespace is unset, all objects matching - that name will be claimed. + description: |- + name of an object within a claimed group/resource. + It matches the metadata.name field of the underlying object. + If namespace is unset, all objects matching that name will be claimed. maxLength: 253 minLength: 1 pattern: ^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$ type: string namespace: - description: namespace containing the named object. Matches - metadata.namespace field. If "name" is unset, all objects - from the namespace are being claimed. + description: |- + namespace containing the named object. Matches metadata.namespace field. + If "name" is unset, all objects from the namespace are being claimed. minLength: 1 type: string type: object @@ -197,37 +226,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -236,13 +265,16 @@ spec: type: object type: array identityHash: - description: identityHash is the hash of the API identity key of this - APIExport. This value is immutable as soon as it is set. + description: |- + identityHash is the hash of the API identity key of this APIExport. This value + is immutable as soon as it is set. type: string virtualWorkspaces: - description: "virtualWorkspaces contains all APIExport virtual workspace - URLs. \n Deprecated: use APIExportEndpointSlice.status.endpoints - instead" + description: |- + virtualWorkspaces contains all APIExport virtual workspace URLs. + + + Deprecated: use APIExportEndpointSlice.status.endpoints instead items: properties: url: diff --git a/config/crds/apis.kcp.io_apiresourceschemas.yaml b/config/crds/apis.kcp.io_apiresourceschemas.yaml index f72a45e729c..6cf210316c2 100644 --- a/config/crds/apis.kcp.io_apiresourceschemas.yaml +++ b/config/crds/apis.kcp.io_apiresourceschemas.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: apiresourceschemas.apis.kcp.io spec: group: apis.kcp.io @@ -24,19 +23,27 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: "APIResourceSchema describes a resource, identified by (group, - version, resource, schema). \n An APIResourceSchema is immutable and cannot - be deleted if they are referenced by an APIExport in the same workspace." + description: |- + APIResourceSchema describes a resource, identified by (group, version, resource, schema). + + + An APIResourceSchema is immutable and cannot be deleted if they are referenced by + an APIExport in the same workspace. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,13 +55,11 @@ spec: custom resource. properties: strategy: - description: 'strategy specifies how custom resources are converted - between versions. Allowed values are: - `"None"`: The converter - only change the apiVersion and would not touch any other field - in the custom resource. - `"Webhook"`: API Server will call - to an external webhook to do the conversion. Additional information - is needed for this option. This requires spec.preserveUnknownFields - to be false, and spec.conversion.webhook to be set.' + description: |- + strategy specifies how custom resources are converted between versions. Allowed values are: + - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. + - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information + is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. enum: - None - Webhook @@ -68,41 +73,49 @@ spec: the webhook if strategy is `Webhook`. properties: caBundle: - description: caBundle is a PEM encoded CA bundle which - will be used to validate the webhook's server certificate. - If unspecified, system trust roots on the apiserver - are used. + description: |- + caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. + If unspecified, system trust roots on the apiserver are used. format: byte type: string url: - description: "url gives the location of the webhook, in - standard URL form (`scheme://host:port/path`). \n Please - note that using `localhost` or `127.0.0.1` as a `host` - is risky unless you take great care to run this webhook - on all hosts which run an apiserver which might need - to make calls to this webhook. Such installs are likely - to be non-portable, i.e., not easy to turn up in a new - cluster. \n The scheme must be \"https\"; the URL must - begin with \"https://\". \n A path is optional, and - if present may be any string permissible in a URL. You - may use the path to pass an arbitrary string to the - webhook, for example, a cluster identifier. \n Attempting - to use a user or basic auth e.g. \"user:password@\" - is not allowed. Fragments (\"#...\") and query parameters - (\"?...\") are not allowed, either. \n Note: kcp does - not support provided service names like Kubernetes does." + description: |- + url gives the location of the webhook, in standard URL form + (`scheme://host:port/path`). + + + Please note that using `localhost` or `127.0.0.1` as a `host` is + risky unless you take great care to run this webhook on all hosts + which run an apiserver which might need to make calls to this + webhook. Such installs are likely to be non-portable, i.e., not easy + to turn up in a new cluster. + + + The scheme must be "https"; the URL must begin with "https://". + + + A path is optional, and if present may be any string permissible in + a URL. You may use the path to pass an arbitrary string to the + webhook, for example, a cluster identifier. + + + Attempting to use a user or basic auth e.g. "user:password@" is not + allowed. Fragments ("#...") and query parameters ("?...") are not + allowed, either. + + + Note: kcp does not support provided service names like Kubernetes does. format: uri type: string type: object conversionReviewVersions: - description: conversionReviewVersions is an ordered list of - preferred `ConversionReview` versions the Webhook expects. - The API server will use the first version in the list which - it supports. If none of the versions specified in this list - are supported by API server, conversion will fail for the - custom resource. If a persisted Webhook configuration specifies - allowed versions and does not include any versions known - to the API Server, calls to the webhook will fail. + description: |- + conversionReviewVersions is an ordered list of preferred `ConversionReview` + versions the Webhook expects. The API server will use the first version in + the list which it supports. If none of the versions specified in this list + are supported by API server, conversion will fail for the custom resource. + If a persisted Webhook configuration specifies allowed versions and does not + include any versions known to the API Server, calls to the webhook will fail. items: type: string type: array @@ -119,20 +132,22 @@ spec: == 'Webhook' && has(self.webhook)) group: description: "group is the API group of the defined custom resource. - Empty string means the core API group. \tThe resources are served + Empty string means the\ncore API group. \tThe resources are served under `/apis//...` or `/api` for the core group." type: string nameValidation: default: DNS1123Subdomain - description: "nameValidation can be used to configure name validation - for bound APIs. Allowed values are `DNS1123Subdomain` and `PathSegmentName`. - - DNS1123Subdomain: a lowercase RFC 1123 subdomain must consist - of lower case alphanumeric characters, '-' or '.', and must start - and end with an alphanumeric character. Regex used is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - - PathSegmentName: validates the name can be safely encoded as a - path segment. The name may not be '.' or '..' and the name may not - contain '/' or '%'. \n Defaults to `DNS1123Subdomain`, matching - the behaviour of CRDs." + description: |- + nameValidation can be used to configure name validation for bound APIs. + Allowed values are `DNS1123Subdomain` and `PathSegmentName`. + - DNS1123Subdomain: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + Regex used is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + - PathSegmentName: validates the name can be safely encoded as a path segment. + The name may not be '.' or '..' and the name may not contain '/' or '%'. + + + Defaults to `DNS1123Subdomain`, matching the behaviour of CRDs. enum: - DNS1123Subdomain - PathSegmentName @@ -142,32 +157,34 @@ spec: resource. properties: categories: - description: categories is a list of grouped resources this custom - resource belongs to (e.g. 'all'). This is published in API discovery - documents, and used by clients to support invocations like `kubectl - get all`. + description: |- + categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + This is published in API discovery documents, and used by clients to support invocations like + `kubectl get all`. items: type: string type: array kind: - description: kind is the serialized kind of the resource. It is - normally CamelCase and singular. Custom resource instances will - use this value as the `kind` attribute in API calls. + description: |- + kind is the serialized kind of the resource. It is normally CamelCase and singular. + Custom resource instances will use this value as the `kind` attribute in API calls. type: string listKind: description: listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". type: string plural: - description: plural is the plural name of the resource to serve. + description: |- + plural is the plural name of the resource to serve. The custom resources are served under `/apis///.../`. - Must match the name of the CustomResourceDefinition (in the - form `.`). Must be all lowercase. + Must match the name of the CustomResourceDefinition (in the form `.`). + Must be all lowercase. type: string shortNames: - description: shortNames are short names for the resource, exposed - in API discovery documents, and used by clients to support invocations - like `kubectl get `. It must be all lowercase. + description: |- + shortNames are short names for the resource, exposed in API discovery documents, + and used by clients to support invocations like `kubectl get `. + It must be all lowercase. items: type: string type: array @@ -180,24 +197,28 @@ spec: - plural type: object scope: - description: scope indicates whether the defined custom resource is - cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`. + description: |- + scope indicates whether the defined custom resource is cluster- or namespace-scoped. + Allowed values are `Cluster` and `Namespaced`. enum: - Cluster - Namespaced type: string versions: - description: "versions is the API version of the defined custom resource. - \n Note: the OpenAPI v3 schemas must be equal for all versions until - CEL version migration is supported." + description: |- + versions is the API version of the defined custom resource. + + + Note: the OpenAPI v3 schemas must be equal for all versions until CEL + version migration is supported. items: description: APIResourceVersion describes one API version of a resource. properties: additionalPrinterColumns: - description: additionalPrinterColumns specifies additional columns - returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables - for details. If no columns are specified, a single column - displaying the age of the custom resource is used. + description: |- + additionalPrinterColumns specifies additional columns returned in Table output. + See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. + If no columns are specified, a single column displaying the age of the custom resource is used. items: description: CustomResourceColumnDefinition specifies a column for server side printing. @@ -207,32 +228,30 @@ spec: of this column. type: string format: - description: format is an optional OpenAPI type definition - for this column. The 'name' format is applied to the - primary identifier column to assist in clients identifying - column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types - for details. + description: |- + format is an optional OpenAPI type definition for this column. The 'name' format is applied + to the primary identifier column to assist in clients identifying column is the resource name. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. type: string jsonPath: - description: jsonPath is a simple JSON path (i.e. with - array notation) which is evaluated against each custom - resource to produce the value for this column. + description: |- + jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against + each custom resource to produce the value for this column. type: string name: description: name is a human readable name for the column. type: string priority: - description: priority is an integer defining the relative - importance of this column compared to others. Lower - numbers are considered higher priority. Columns that - may be omitted in limited space scenarios should be - given a priority greater than 0. + description: |- + priority is an integer defining the relative importance of this column compared to others. Lower + numbers are considered higher priority. Columns that may be omitted in limited space scenarios + should be given a priority greater than 0. format: int32 type: integer type: - description: type is an OpenAPI type definition for this - column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types - for details. + description: |- + type is an OpenAPI type definition for this column. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. type: string required: - jsonPath @@ -244,29 +263,29 @@ spec: - name x-kubernetes-list-type: map deprecated: - description: deprecated indicates this version of the custom - resource API is deprecated. When set to true, API requests - to this version receive a warning header in the server response. + description: |- + deprecated indicates this version of the custom resource API is deprecated. + When set to true, API requests to this version receive a warning header in the server response. Defaults to false. type: boolean deprecationWarning: - description: deprecationWarning overrides the default warning - returned to API clients. May only be set when `deprecated` - is true. The default warning indicates this version is deprecated - and recommends use of the newest served version of equal or - greater stability, if one exists. + description: |- + deprecationWarning overrides the default warning returned to API clients. + May only be set when `deprecated` is true. + The default warning indicates this version is deprecated and recommends use + of the newest served version of equal or greater stability, if one exists. type: string name: - description: name is the version name, e.g. “v1”, “v2beta1”, - etc. The custom resources are served under this version at - `/apis///...` if `served` is true. + description: |- + name is the version name, e.g. “v1”, “v2beta1”, etc. + The custom resources are served under this version at `/apis///...` if `served` is true. minLength: 1 pattern: ^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$ type: string schema: - description: schema describes the structural schema used for - validation, pruning, and defaulting of this version of the - custom resource. + description: |- + schema describes the structural schema used for validation, pruning, and defaulting + of this version of the custom resource. type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true @@ -276,9 +295,9 @@ spec: from being served via REST APIs type: boolean storage: - description: storage indicates this version should be used when - persisting custom resources to storage. There must be exactly - one version with storage=true. + description: |- + storage indicates this version should be used when persisting custom resources to storage. + There must be exactly one version with storage=true. type: boolean subresources: description: subresources specify what subresources this version @@ -290,48 +309,42 @@ spec: Scale object. properties: labelSelectorPath: - description: 'labelSelectorPath defines the JSON path - inside of a custom resource that corresponds to Scale - `status.selector`. Only JSON paths without the array - notation are allowed. Must be a JSON Path under `.status` - or `.spec`. Must be set to work with HorizontalPodAutoscaler. - The field pointed by this JSON path must be a string - field (not a complex selector struct) which contains - a serialized label selector in string form. More info: - https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource - If there is no value under the given path in the custom - resource, the `status.selector` value in the `/scale` - subresource will default to the empty string.' + description: |- + labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. + Only JSON paths without the array notation are allowed. + Must be a JSON Path under `.status` or `.spec`. + Must be set to work with HorizontalPodAutoscaler. + The field pointed by this JSON path must be a string field (not a complex selector struct) + which contains a serialized label selector in string form. + More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource + If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` + subresource will default to the empty string. type: string specReplicasPath: - description: specReplicasPath defines the JSON path - inside of a custom resource that corresponds to Scale - `spec.replicas`. Only JSON paths without the array - notation are allowed. Must be a JSON Path under `.spec`. - If there is no value under the given path in the custom - resource, the `/scale` subresource will return an - error on GET. + description: |- + specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. + Only JSON paths without the array notation are allowed. + Must be a JSON Path under `.spec`. + If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. type: string statusReplicasPath: - description: statusReplicasPath defines the JSON path - inside of a custom resource that corresponds to Scale - `status.replicas`. Only JSON paths without the array - notation are allowed. Must be a JSON Path under `.status`. - If there is no value under the given path in the custom - resource, the `status.replicas` value in the `/scale` - subresource will default to 0. + description: |- + statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. + Only JSON paths without the array notation are allowed. + Must be a JSON Path under `.status`. + If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource + will default to 0. type: string required: - specReplicasPath - statusReplicasPath type: object status: - description: 'status indicates the custom resource should - serve a `/status` subresource. When enabled: 1. requests - to the custom resource primary endpoint ignore changes - to the `status` stanza of the object. 2. requests to the - custom resource `/status` subresource ignore changes to - anything other than the `status` stanza of the object.' + description: |- + status indicates the custom resource should serve a `/status` subresource. + When enabled: + 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. + 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. type: object type: object required: diff --git a/config/crds/core.kcp.io_logicalclusters.yaml b/config/crds/core.kcp.io_logicalclusters.yaml index a6bb4e96a8f..087fa2d74ac 100644 --- a/config/crds/core.kcp.io_logicalclusters.yaml +++ b/config/crds/core.kcp.io_logicalclusters.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: logicalclusters.core.kcp.io spec: group: core.kcp.io @@ -31,19 +30,27 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: "LogicalCluster describes the current logical cluster. It is - used to authorize requests to the logical cluster and to track state. \n - A LogicalCluster is always named \"cluster\"." + description: |- + LogicalCluster describes the current logical cluster. It is used to authorize + requests to the logical cluster and to track state. + + + A LogicalCluster is always named "cluster". properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -59,25 +66,30 @@ spec: properties: directlyDeletable: default: false - description: DirectlyDeletable indicates that this logical cluster - can be directly deleted by the user from within by deleting the - LogicalCluster object. + description: |- + DirectlyDeletable indicates that this logical cluster can be directly deleted by the user + from within by deleting the LogicalCluster object. type: boolean initializers: - description: initializers are set on creation by the system and copied - to status when initialization starts. + description: |- + initializers are set on creation by the system and copied to status when + initialization starts. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array owner: - description: "owner is a reference to a resource controlling the life-cycle - of this logical cluster. On deletion of the LogicalCluster, the - finalizer core.kcp.io/logicalcluster is removed from the owner. - \n When this object is deleted, but the owner is not deleted, the - owner is deleted too." + description: |- + owner is a reference to a resource controlling the life-cycle of this logical cluster. + On deletion of the LogicalCluster, the finalizer core.kcp.io/logicalcluster is + removed from the owner. + + + When this object is deleted, but the owner is not deleted, the owner is deleted + too. properties: apiVersion: description: apiVersion is the group and API version of the owner. @@ -116,10 +128,10 @@ spec: Workspace. properties: URL: - description: url is the address under which the Kubernetes-cluster-like - endpoint can be found. This URL can be used to access the logical - cluster with standard Kubernetes client libraries and command line - tools. + description: |- + url is the address under which the Kubernetes-cluster-like endpoint + can be found. This URL can be used to access the logical cluster with standard Kubernetes + client libraries and command line tools. type: string conditions: description: Current processing state of the LogicalCluster. @@ -128,37 +140,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -167,13 +179,14 @@ spec: type: object type: array initializers: - description: initializers are set on creation by the system and must - be cleared by a controller before the logical cluster can be used. - The LogicalCluster object will stay in the phase "Initializing" - state until all initializers are cleared. + description: |- + initializers are set on creation by the system and must be cleared + by a controller before the logical cluster can be used. The LogicalCluster object + will stay in the phase "Initializing" state until all initializers are cleared. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array diff --git a/config/crds/core.kcp.io_shards.yaml b/config/crds/core.kcp.io_shards.yaml index 0531c6f47c1..4861072f4e9 100644 --- a/config/crds/core.kcp.io_shards.yaml +++ b/config/crds/core.kcp.io_shards.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: shards.core.kcp.io spec: group: core.kcp.io @@ -40,14 +39,19 @@ spec: will live properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,31 +59,41 @@ spec: description: ShardSpec holds the desired state of the Shard. properties: baseURL: - description: baseURL is the address of the KCP shard for direct connections, - e.g. by some front-proxy doing the fan-out to the shards. + description: |- + baseURL is the address of the KCP shard for direct connections, e.g. by some + front-proxy doing the fan-out to the shards. format: uri minLength: 1 type: string externalURL: - description: "externalURL is the externally visible address presented - to users in Workspace URLs. Changing this will break all existing - logical clusters on that shard, i.e. existing kubeconfigs of clients - will be invalid. Hence, when changing this value, the old URL used - by clients must keep working. \n The external address will not be - unique if a front-proxy does a fan-out to shards, but all logical - cluster clients will talk to the front-proxy. In that case, put - the address of the front-proxy here. \n Note that movement of shards - is only possible (in the future) between shards that share a common - external URL. \n This will be defaulted to the value of the baseURL." + description: |- + externalURL is the externally visible address presented to users in Workspace URLs. + Changing this will break all existing logical clusters on that shard, i.e. existing + kubeconfigs of clients will be invalid. Hence, when changing this value, the old + URL used by clients must keep working. + + + The external address will not be unique if a front-proxy does a fan-out to + shards, but all logical cluster clients will talk to the front-proxy. In that case, + put the address of the front-proxy here. + + + Note that movement of shards is only possible (in the future) between shards + that share a common external URL. + + + This will be defaulted to the value of the baseURL. format: uri minLength: 1 type: string virtualWorkspaceURL: - description: "virtualWorkspaceURL is the address of the virtual workspace - apiserver associated with this shard. It can be a direct address, - an address of a front-proxy or even an address of an LB. As of today - this address is assigned to APIExports. \n This will be defaulted - to the value of the baseURL." + description: |- + virtualWorkspaceURL is the address of the virtual workspace apiserver associated with this shard. + It can be a direct address, an address of a front-proxy or even an address of an LB. + As of today this address is assigned to APIExports. + + + This will be defaulted to the value of the baseURL. format: uri minLength: 1 type: string @@ -106,37 +120,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/crds/tenancy.kcp.io_workspaces.yaml b/config/crds/tenancy.kcp.io_workspaces.yaml index a1cb2bc031a..f9928be6b4b 100644 --- a/config/crds/tenancy.kcp.io_workspaces.yaml +++ b/config/crds/tenancy.kcp.io_workspaces.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: workspaces.tenancy.kcp.io spec: group: tenancy.kcp.io @@ -41,22 +40,30 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: "Workspace defines a generic Kubernetes-cluster-like endpoint, - with standard Kubernetes discovery APIs, OpenAPI and resource API endpoints. - \n A workspace can be backed by different concrete types of workspace implementation, + description: |- + Workspace defines a generic Kubernetes-cluster-like endpoint, with standard Kubernetes + discovery APIs, OpenAPI and resource API endpoints. + + + A workspace can be backed by different concrete types of workspace implementation, depending on access pattern. All workspace implementations share the characteristic that the URL that serves a given workspace can be used with standard Kubernetes - API machinery and client libraries and command line tools." + API machinery and client libraries and command line tools. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -71,22 +78,30 @@ spec: description: WorkspaceSpec holds the desired state of the Workspace. properties: URL: - description: "URL is the address under which the Kubernetes-cluster-like - endpoint can be found. This URL can be used to access the workspace - with standard Kubernetes client libraries and command line tools. - \n Set by the system." + description: |- + URL is the address under which the Kubernetes-cluster-like endpoint + can be found. This URL can be used to access the workspace with standard Kubernetes + client libraries and command line tools. + + + Set by the system. type: string cluster: - description: "cluster is the name of the logical cluster this workspace - is stored under. \n Set by the system." + description: |- + cluster is the name of the logical cluster this workspace is stored under. + + + Set by the system. type: string x-kubernetes-validations: - message: cluster is immutable rule: self == oldSelf location: - description: "location constraints where this workspace can be scheduled - to. \n If the no location is specified, an arbitrary location is - chosen." + description: |- + location constraints where this workspace can be scheduled to. + + + If the no location is specified, an arbitrary location is chosen. properties: selector: description: selector is a label selector that filters workspace @@ -96,25 +111,25 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -126,25 +141,26 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object type: - description: "type defines properties of the workspace both on creation - (e.g. initial resources and initially installed APIs) and during - runtime (e.g. permissions). If no type is provided, the default - type for the workspace in which this workspace is nesting will be - used. \n The type is a reference to a WorkspaceType in the listed - workspace, but lower-cased. The WorkspaceType existence is validated - at admission during creation. The type is immutable after creation. - The use of a type is gated via the RBAC workspacetypes/use resource - permission." + description: |- + type defines properties of the workspace both on creation (e.g. initial + resources and initially installed APIs) and during runtime (e.g. permissions). + If no type is provided, the default type for the workspace in which this workspace + is nesting will be used. + + + The type is a reference to a WorkspaceType in the listed workspace, but + lower-cased. The WorkspaceType existence is validated at admission during + creation. The type is immutable after creation. The use of a type is gated via + the RBAC workspacetypes/use resource permission. properties: name: description: name is the name of the WorkspaceType @@ -182,37 +198,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -221,11 +237,13 @@ spec: type: object type: array initializers: - description: initializers must be cleared by a controller before the - workspace is ready and can be used. + description: |- + initializers must be cleared by a controller before the workspace is ready + and can be used. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array diff --git a/config/crds/tenancy.kcp.io_workspacetypes.yaml b/config/crds/tenancy.kcp.io_workspacetypes.yaml index f0c7e27143c..3bbd3a04651 100644 --- a/config/crds/tenancy.kcp.io_workspacetypes.yaml +++ b/config/crds/tenancy.kcp.io_workspacetypes.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: workspacetypes.tenancy.kcp.io spec: group: tenancy.kcp.io @@ -22,14 +21,19 @@ spec: description: WorkspaceType specifies behaviour of workspaces of this type. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -48,13 +52,14 @@ spec: additionalWorkspaceLabels: additionalProperties: type: string - description: additionalWorkspaceLabels are a set of labels that will - be added to a Workspace on creation. + description: |- + additionalWorkspaceLabels are a set of labels that will be added to a + Workspace on creation. type: object defaultAPIBindings: - description: defaultAPIBindings are the APIs to bind during initialization - of workspaces created from this type. The APIBinding names will - be generated dynamically. + description: |- + defaultAPIBindings are the APIs to bind during initialization of workspaces created from this type. + The APIBinding names will be generated dynamically. items: description: APIExportReference provides the fields necessary to resolve an APIExport. @@ -63,9 +68,9 @@ spec: description: export is the name of the APIExport. type: string path: - description: path is the fully-qualified path to the workspace - containing the APIExport. If it is empty, the current workspace - is assumed. + description: |- + path is the fully-qualified path to the workspace containing the APIExport. If it is + empty, the current workspace is assumed. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: @@ -76,11 +81,12 @@ spec: default: name: universal path: root - description: defaultChildWorkspaceType is the WorkspaceType that will - be used by default if another, nested Workspace is created in a - workspace of this type. When this field is unset, the user must - specify a type when creating nested workspaces. Extending another - WorkspaceType does not inherit its defaultChildWorkspaceType. + description: |- + defaultChildWorkspaceType is the WorkspaceType that will be used + by default if another, nested Workspace is created in a workspace + of this type. When this field is unset, the user must specify a type when + creating nested workspaces. Extending another WorkspaceType does + not inherit its defaultChildWorkspaceType. properties: name: description: name is the name of the WorkspaceType @@ -95,20 +101,25 @@ spec: - name type: object extend: - description: "extend is a list of other WorkspaceTypes whose initializers - and limitAllowedChildren and limitAllowedParents this WorkspaceType - is inheriting. By (transitively) extending another WorkspaceType, - this WorkspaceType will be considered as that other type in evaluation - of limitAllowedChildren and limitAllowedParents constraints. \n - A dependency cycle stop this WorkspaceType from being admitted as - the type of a Workspace. \n A non-existing dependency stop this - WorkspaceType from being admitted as the type of a Workspace." + description: |- + extend is a list of other WorkspaceTypes whose initializers and limitAllowedChildren + and limitAllowedParents this WorkspaceType is inheriting. By (transitively) extending + another WorkspaceType, this WorkspaceType will be considered as that + other type in evaluation of limitAllowedChildren and limitAllowedParents constraints. + + + A dependency cycle stop this WorkspaceType from being admitted as the type + of a Workspace. + + + A non-existing dependency stop this WorkspaceType from being admitted as the type + of a Workspace. properties: with: - description: with are WorkspaceTypes whose initializers are added - to the list for the owning type, and for whom the owning type - becomes an alias, as long as all of their required types are - not mentioned in without. + description: |- + with are WorkspaceTypes whose initializers are added to the list + for the owning type, and for whom the owning type becomes an alias, as long + as all of their required types are not mentioned in without. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -128,20 +139,23 @@ spec: type: array type: object initializer: - description: "initializer determines if this WorkspaceType has an - associated initializing controller. These controllers are used to - add functionality to a Workspace; all controllers must finish their - work before the Workspace becomes ready for use. \n One initializing - controller is supported per WorkspaceType; the identifier for this - initializer will be a colon-delimited string using the workspace - in which the WorkspaceType is defined, and the type's name. For - example, if a WorkspaceType `example` is created in the `root:org` - workspace, the implicit initializer name is `root:org:Example`." + description: |- + initializer determines if this WorkspaceType has an associated initializing + controller. These controllers are used to add functionality to a Workspace; + all controllers must finish their work before the Workspace becomes ready + for use. + + + One initializing controller is supported per WorkspaceType; the identifier + for this initializer will be a colon-delimited string using the workspace in which + the WorkspaceType is defined, and the type's name. For example, if a + WorkspaceType `example` is created in the `root:org` workspace, the implicit + initializer name is `root:org:Example`. type: boolean limitAllowedChildren: - description: limitAllowedChildren specifies constraints for sub-workspaces - created in workspaces of this type. These are in addition to child - constraints of types this one extends. + description: |- + limitAllowedChildren specifies constraints for sub-workspaces created in workspaces + of this type. These are in addition to child constraints of types this one extends. oneOf: - required: - none @@ -152,10 +166,13 @@ spec: description: none means that no type matches. type: boolean types: - description: "types is a list of WorkspaceTypes that match. A - workspace type extending another workspace type automatically - is considered as that extended type as well (even transitively). - \n An empty list matches all types." + description: |- + types is a list of WorkspaceTypes that match. A workspace type extending + another workspace type automatically is considered as that extended type as well + (even transitively). + + + An empty list matches all types. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -176,9 +193,10 @@ spec: type: array type: object limitAllowedParents: - description: limitAllowedParents specifies constraints for the parent - workspace that workspaces of this type are created in. These are - in addition to parent constraints of types this one extends. + description: |- + limitAllowedParents specifies constraints for the parent workspace that workspaces + of this type are created in. These are in addition to parent constraints of types this one + extends. oneOf: - required: - none @@ -189,10 +207,13 @@ spec: description: none means that no type matches. type: boolean types: - description: "types is a list of WorkspaceTypes that match. A - workspace type extending another workspace type automatically - is considered as that extended type as well (even transitively). - \n An empty list matches all types." + description: |- + types is a list of WorkspaceTypes that match. A workspace type extending + another workspace type automatically is considered as that extended type as well + (even transitively). + + + An empty list matches all types. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -224,37 +245,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/crds/topology.kcp.io_partitions.yaml b/config/crds/topology.kcp.io_partitions.yaml index 4b74bb08ca2..2a14320b33e 100644 --- a/config/crds/topology.kcp.io_partitions.yaml +++ b/config/crds/topology.kcp.io_partitions.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: partitions.topology.kcp.io spec: group: topology.kcp.io @@ -27,19 +26,24 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: Partition defines the selection of a set of shards along multiple - dimensions. Partitions can get automatically generated through a partitioner - or manually crafted. + description: |- + Partition defines the selection of a set of shards along multiple dimensions. + Partitions can get automatically generated through a partitioner or manually crafted. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,24 +58,24 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -84,11 +88,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/config/crds/topology.kcp.io_partitionsets.yaml b/config/crds/topology.kcp.io_partitionsets.yaml index 8f3843c74ce..a78e3cb2016 100644 --- a/config/crds/topology.kcp.io_partitionsets.yaml +++ b/config/crds/topology.kcp.io_partitionsets.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: partitionsets.topology.kcp.io spec: group: topology.kcp.io @@ -31,14 +30,19 @@ spec: a set of shards into 1 or more partitions. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,9 +62,9 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies @@ -77,9 +81,9 @@ spec: && self.split("/", 2)[1].matches("^[A-Za-z0-9]([-A-Za-z0-9_.]{0,61}[A-Za-z0-9])?$") : self.matches("^[A-Za-z0-9]([-A-Za-z0-9_.]{0,61}[A-Za-z0-9])?$")' operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -87,10 +91,10 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: maxLength: 63 @@ -114,11 +118,10 @@ spec: additionalProperties: maxLength: 380 type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. maxProperties: 10 type: object x-kubernetes-validations: @@ -146,37 +149,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/root-phase0/apiexport-shards.core.kcp.io.yaml b/config/root-phase0/apiexport-shards.core.kcp.io.yaml index ebf1a761a25..e7474d739fb 100644 --- a/config/root-phase0/apiexport-shards.core.kcp.io.yaml +++ b/config/root-phase0/apiexport-shards.core.kcp.io.yaml @@ -5,5 +5,5 @@ metadata: name: shards.core.kcp.io spec: latestResourceSchemas: - - v230116-943e458f6.shards.core.kcp.io + - v240715-7835dfb5a.shards.core.kcp.io status: {} diff --git a/config/root-phase0/apiexport-tenancy.kcp.io.yaml b/config/root-phase0/apiexport-tenancy.kcp.io.yaml index 494669e5b22..2acfe87f4b5 100644 --- a/config/root-phase0/apiexport-tenancy.kcp.io.yaml +++ b/config/root-phase0/apiexport-tenancy.kcp.io.yaml @@ -5,8 +5,8 @@ metadata: name: tenancy.kcp.io spec: latestResourceSchemas: - - v230313-2197e455a.workspacetypes.tenancy.kcp.io - - v231119-434294a3b.workspaces.tenancy.kcp.io + - v240715-7835dfb5a.workspaces.tenancy.kcp.io + - v240715-7835dfb5a.workspacetypes.tenancy.kcp.io maximalPermissionPolicy: local: {} status: {} diff --git a/config/root-phase0/apiexport-topology.kcp.io.yaml b/config/root-phase0/apiexport-topology.kcp.io.yaml index 41bbc4df12d..be000b4bae0 100644 --- a/config/root-phase0/apiexport-topology.kcp.io.yaml +++ b/config/root-phase0/apiexport-topology.kcp.io.yaml @@ -5,6 +5,6 @@ metadata: name: topology.kcp.io spec: latestResourceSchemas: - - v221115-9b370eb8.partitions.topology.kcp.io - - v230202-eee1a845.partitionsets.topology.kcp.io + - v240715-7835dfb5a.partitions.topology.kcp.io + - v240715-7835dfb5a.partitionsets.topology.kcp.io status: {} diff --git a/config/root-phase0/apiresourceschema-logicalclusters.core.kcp.io.yaml b/config/root-phase0/apiresourceschema-logicalclusters.core.kcp.io.yaml index c26e8080914..a67a5faeffe 100644 --- a/config/root-phase0/apiresourceschema-logicalclusters.core.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-logicalclusters.core.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v230201-b085a04a.logicalclusters.core.kcp.io + name: v240715-7835dfb5a.logicalclusters.core.kcp.io spec: group: core.kcp.io names: @@ -28,19 +28,27 @@ spec: type: date name: v1alpha1 schema: - description: "LogicalCluster describes the current logical cluster. It is used - to authorize requests to the logical cluster and to track state. \n A LogicalCluster - is always named \"cluster\"." + description: |- + LogicalCluster describes the current logical cluster. It is used to authorize + requests to the logical cluster and to track state. + + + A LogicalCluster is always named "cluster". properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -56,25 +64,30 @@ spec: properties: directlyDeletable: default: false - description: DirectlyDeletable indicates that this logical cluster can - be directly deleted by the user from within by deleting the LogicalCluster - object. + description: |- + DirectlyDeletable indicates that this logical cluster can be directly deleted by the user + from within by deleting the LogicalCluster object. type: boolean initializers: - description: initializers are set on creation by the system and copied - to status when initialization starts. + description: |- + initializers are set on creation by the system and copied to status when + initialization starts. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array owner: - description: "owner is a reference to a resource controlling the life-cycle - of this logical cluster. On deletion of the LogicalCluster, the finalizer - core.kcp.io/logicalcluster is removed from the owner. \n When this - object is deleted, but the owner is not deleted, the owner is deleted - too." + description: |- + owner is a reference to a resource controlling the life-cycle of this logical cluster. + On deletion of the LogicalCluster, the finalizer core.kcp.io/logicalcluster is + removed from the owner. + + + When this object is deleted, but the owner is not deleted, the owner is deleted + too. properties: apiVersion: description: apiVersion is the group and API version of the owner. @@ -113,10 +126,10 @@ spec: Workspace. properties: URL: - description: url is the address under which the Kubernetes-cluster-like - endpoint can be found. This URL can be used to access the logical - cluster with standard Kubernetes client libraries and command line - tools. + description: |- + url is the address under which the Kubernetes-cluster-like endpoint + can be found. This URL can be used to access the logical cluster with standard Kubernetes + client libraries and command line tools. type: string conditions: description: Current processing state of the LogicalCluster. @@ -125,36 +138,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in - CamelCase. The specific API may choose whether or not this field - is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason - code, so the users or machines can immediately understand the - current situation and act accordingly. The Severity field MUST - be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -163,13 +177,14 @@ spec: type: object type: array initializers: - description: initializers are set on creation by the system and must - be cleared by a controller before the logical cluster can be used. - The LogicalCluster object will stay in the phase "Initializing" state - until all initializers are cleared. + description: |- + initializers are set on creation by the system and must be cleared + by a controller before the logical cluster can be used. The LogicalCluster object + will stay in the phase "Initializing" state until all initializers are cleared. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array diff --git a/config/root-phase0/apiresourceschema-partitions.topology.kcp.io.yaml b/config/root-phase0/apiresourceschema-partitions.topology.kcp.io.yaml index 893af474857..b1c5c0828bc 100644 --- a/config/root-phase0/apiresourceschema-partitions.topology.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-partitions.topology.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v221115-9b370eb8.partitions.topology.kcp.io + name: v240715-7835dfb5a.partitions.topology.kcp.io spec: group: topology.kcp.io names: @@ -23,19 +23,24 @@ spec: type: date name: v1alpha1 schema: - description: Partition defines the selection of a set of shards along multiple - dimensions. Partitions can get automatically generated through a partitioner - or manually crafted. + description: |- + Partition defines the selection of a set of shards along multiple dimensions. + Partitions can get automatically generated through a partitioner or manually crafted. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -50,24 +55,25 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -79,11 +85,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/config/root-phase0/apiresourceschema-partitionsets.topology.kcp.io.yaml b/config/root-phase0/apiresourceschema-partitionsets.topology.kcp.io.yaml index 3a21d75c071..b26520fc2c5 100644 --- a/config/root-phase0/apiresourceschema-partitionsets.topology.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-partitionsets.topology.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v230202-eee1a845.partitionsets.topology.kcp.io + name: v240715-7835dfb5a.partitionsets.topology.kcp.io spec: group: topology.kcp.io names: @@ -28,14 +28,19 @@ spec: set of shards into 1 or more partitions. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,8 +60,9 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies @@ -72,9 +78,9 @@ spec: && self.split("/", 2)[1].matches("^[A-Za-z0-9]([-A-Za-z0-9_.]{0,61}[A-Za-z0-9])?$") : self.matches("^[A-Za-z0-9]([-A-Za-z0-9_.]{0,61}[A-Za-z0-9])?$")' operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -82,11 +88,11 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: maxLength: 63 pattern: ^[A-Za-z0-9]([-A-Za-z0-9_.]{0,61}[A-Za-z0-9])?$ @@ -109,11 +115,10 @@ spec: additionalProperties: maxLength: 380 type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. maxProperties: 10 type: object x-kubernetes-validations: @@ -140,36 +145,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in - CamelCase. The specific API may choose whether or not this field - is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason - code, so the users or machines can immediately understand the - current situation and act accordingly. The Severity field MUST - be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/root-phase0/apiresourceschema-shards.core.kcp.io.yaml b/config/root-phase0/apiresourceschema-shards.core.kcp.io.yaml index a8fdc950cd9..3129538cd7b 100644 --- a/config/root-phase0/apiresourceschema-shards.core.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-shards.core.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v230116-943e458f6.shards.core.kcp.io + name: v240715-7835dfb5a.shards.core.kcp.io spec: group: core.kcp.io names: @@ -36,14 +36,19 @@ spec: will live properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -51,31 +56,41 @@ spec: description: ShardSpec holds the desired state of the Shard. properties: baseURL: - description: baseURL is the address of the KCP shard for direct connections, - e.g. by some front-proxy doing the fan-out to the shards. + description: |- + baseURL is the address of the KCP shard for direct connections, e.g. by some + front-proxy doing the fan-out to the shards. format: uri minLength: 1 type: string externalURL: - description: "externalURL is the externally visible address presented - to users in Workspace URLs. Changing this will break all existing - logical clusters on that shard, i.e. existing kubeconfigs of clients - will be invalid. Hence, when changing this value, the old URL used - by clients must keep working. \n The external address will not be - unique if a front-proxy does a fan-out to shards, but all logical - cluster clients will talk to the front-proxy. In that case, put the - address of the front-proxy here. \n Note that movement of shards is - only possible (in the future) between shards that share a common external - URL. \n This will be defaulted to the value of the baseURL." + description: |- + externalURL is the externally visible address presented to users in Workspace URLs. + Changing this will break all existing logical clusters on that shard, i.e. existing + kubeconfigs of clients will be invalid. Hence, when changing this value, the old + URL used by clients must keep working. + + + The external address will not be unique if a front-proxy does a fan-out to + shards, but all logical cluster clients will talk to the front-proxy. In that case, + put the address of the front-proxy here. + + + Note that movement of shards is only possible (in the future) between shards + that share a common external URL. + + + This will be defaulted to the value of the baseURL. format: uri minLength: 1 type: string virtualWorkspaceURL: - description: "virtualWorkspaceURL is the address of the virtual workspace - apiserver associated with this shard. It can be a direct address, - an address of a front-proxy or even an address of an LB. As of today - this address is assigned to APIExports. \n This will be defaulted - to the value of the baseURL." + description: |- + virtualWorkspaceURL is the address of the virtual workspace apiserver associated with this shard. + It can be a direct address, an address of a front-proxy or even an address of an LB. + As of today this address is assigned to APIExports. + + + This will be defaulted to the value of the baseURL. format: uri minLength: 1 type: string @@ -102,36 +117,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in - CamelCase. The specific API may choose whether or not this field - is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason - code, so the users or machines can immediately understand the - current situation and act accordingly. The Severity field MUST - be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/config/root-phase0/apiresourceschema-workspaces.tenancy.kcp.io.yaml b/config/root-phase0/apiresourceschema-workspaces.tenancy.kcp.io.yaml index 4f2a1eb4261..2f1e5d9b208 100644 --- a/config/root-phase0/apiresourceschema-workspaces.tenancy.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-workspaces.tenancy.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v231119-434294a3b.workspaces.tenancy.kcp.io + name: v240715-7835dfb5a.workspaces.tenancy.kcp.io spec: group: tenancy.kcp.io names: @@ -38,22 +38,30 @@ spec: type: date name: v1alpha1 schema: - description: "Workspace defines a generic Kubernetes-cluster-like endpoint, - with standard Kubernetes discovery APIs, OpenAPI and resource API endpoints. - \n A workspace can be backed by different concrete types of workspace implementation, + description: |- + Workspace defines a generic Kubernetes-cluster-like endpoint, with standard Kubernetes + discovery APIs, OpenAPI and resource API endpoints. + + + A workspace can be backed by different concrete types of workspace implementation, depending on access pattern. All workspace implementations share the characteristic that the URL that serves a given workspace can be used with standard Kubernetes - API machinery and client libraries and command line tools." + API machinery and client libraries and command line tools. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -68,21 +76,30 @@ spec: description: WorkspaceSpec holds the desired state of the Workspace. properties: URL: - description: "URL is the address under which the Kubernetes-cluster-like - endpoint can be found. This URL can be used to access the workspace - with standard Kubernetes client libraries and command line tools. - \n Set by the system." + description: |- + URL is the address under which the Kubernetes-cluster-like endpoint + can be found. This URL can be used to access the workspace with standard Kubernetes + client libraries and command line tools. + + + Set by the system. type: string cluster: - description: "cluster is the name of the logical cluster this workspace - is stored under. \n Set by the system." + description: |- + cluster is the name of the logical cluster this workspace is stored under. + + + Set by the system. type: string x-kubernetes-validations: - message: cluster is immutable rule: self == oldSelf location: - description: "location constraints where this workspace can be scheduled - to. \n If the no location is specified, an arbitrary location is chosen." + description: |- + location constraints where this workspace can be scheduled to. + + + If the no location is specified, an arbitrary location is chosen. properties: selector: description: selector is a label selector that filters workspace @@ -92,25 +109,25 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -122,24 +139,26 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object type: - description: "type defines properties of the workspace both on creation - (e.g. initial resources and initially installed APIs) and during runtime - (e.g. permissions). If no type is provided, the default type for the - workspace in which this workspace is nesting will be used. \n The - type is a reference to a WorkspaceType in the listed workspace, but - lower-cased. The WorkspaceType existence is validated at admission - during creation. The type is immutable after creation. The use of - a type is gated via the RBAC workspacetypes/use resource permission." + description: |- + type defines properties of the workspace both on creation (e.g. initial + resources and initially installed APIs) and during runtime (e.g. permissions). + If no type is provided, the default type for the workspace in which this workspace + is nesting will be used. + + + The type is a reference to a WorkspaceType in the listed workspace, but + lower-cased. The WorkspaceType existence is validated at admission during + creation. The type is immutable after creation. The use of a type is gated via + the RBAC workspacetypes/use resource permission. properties: name: description: name is the name of the WorkspaceType @@ -177,36 +196,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in - CamelCase. The specific API may choose whether or not this field - is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason - code, so the users or machines can immediately understand the - current situation and act accordingly. The Severity field MUST - be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -215,11 +235,13 @@ spec: type: object type: array initializers: - description: initializers must be cleared by a controller before the - workspace is ready and can be used. + description: |- + initializers must be cleared by a controller before the workspace is ready + and can be used. items: - description: LogicalClusterInitializer is a unique string corresponding - to a logical cluster initialization controller. + description: |- + LogicalClusterInitializer is a unique string corresponding to a logical cluster + initialization controller. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[a-z0-9][a-z0-9]([-a-z0-9]*[a-z0-9])?))|(system:.+)$ type: string type: array diff --git a/config/root-phase0/apiresourceschema-workspacetypes.tenancy.kcp.io.yaml b/config/root-phase0/apiresourceschema-workspacetypes.tenancy.kcp.io.yaml index c421d3c28fa..1f35d67a18d 100644 --- a/config/root-phase0/apiresourceschema-workspacetypes.tenancy.kcp.io.yaml +++ b/config/root-phase0/apiresourceschema-workspacetypes.tenancy.kcp.io.yaml @@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1 kind: APIResourceSchema metadata: creationTimestamp: null - name: v230313-2197e455a.workspacetypes.tenancy.kcp.io + name: v240715-7835dfb5a.workspacetypes.tenancy.kcp.io spec: group: tenancy.kcp.io names: @@ -19,14 +19,19 @@ spec: description: WorkspaceType specifies behaviour of workspaces of this type. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -45,13 +50,14 @@ spec: additionalWorkspaceLabels: additionalProperties: type: string - description: additionalWorkspaceLabels are a set of labels that will - be added to a Workspace on creation. + description: |- + additionalWorkspaceLabels are a set of labels that will be added to a + Workspace on creation. type: object defaultAPIBindings: - description: defaultAPIBindings are the APIs to bind during initialization - of workspaces created from this type. The APIBinding names will be - generated dynamically. + description: |- + defaultAPIBindings are the APIs to bind during initialization of workspaces created from this type. + The APIBinding names will be generated dynamically. items: description: APIExportReference provides the fields necessary to resolve an APIExport. @@ -60,9 +66,9 @@ spec: description: export is the name of the APIExport. type: string path: - description: path is the fully-qualified path to the workspace - containing the APIExport. If it is empty, the current workspace - is assumed. + description: |- + path is the fully-qualified path to the workspace containing the APIExport. If it is + empty, the current workspace is assumed. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: @@ -73,10 +79,11 @@ spec: default: name: universal path: root - description: defaultChildWorkspaceType is the WorkspaceType that will - be used by default if another, nested Workspace is created in a workspace - of this type. When this field is unset, the user must specify a type - when creating nested workspaces. Extending another WorkspaceType does + description: |- + defaultChildWorkspaceType is the WorkspaceType that will be used + by default if another, nested Workspace is created in a workspace + of this type. When this field is unset, the user must specify a type when + creating nested workspaces. Extending another WorkspaceType does not inherit its defaultChildWorkspaceType. properties: name: @@ -92,20 +99,25 @@ spec: - name type: object extend: - description: "extend is a list of other WorkspaceTypes whose initializers - and limitAllowedChildren and limitAllowedParents this WorkspaceType - is inheriting. By (transitively) extending another WorkspaceType, - this WorkspaceType will be considered as that other type in evaluation - of limitAllowedChildren and limitAllowedParents constraints. \n A - dependency cycle stop this WorkspaceType from being admitted as the - type of a Workspace. \n A non-existing dependency stop this WorkspaceType - from being admitted as the type of a Workspace." + description: |- + extend is a list of other WorkspaceTypes whose initializers and limitAllowedChildren + and limitAllowedParents this WorkspaceType is inheriting. By (transitively) extending + another WorkspaceType, this WorkspaceType will be considered as that + other type in evaluation of limitAllowedChildren and limitAllowedParents constraints. + + + A dependency cycle stop this WorkspaceType from being admitted as the type + of a Workspace. + + + A non-existing dependency stop this WorkspaceType from being admitted as the type + of a Workspace. properties: with: - description: with are WorkspaceTypes whose initializers are added - to the list for the owning type, and for whom the owning type - becomes an alias, as long as all of their required types are not - mentioned in without. + description: |- + with are WorkspaceTypes whose initializers are added to the list + for the owning type, and for whom the owning type becomes an alias, as long + as all of their required types are not mentioned in without. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -125,20 +137,23 @@ spec: type: array type: object initializer: - description: "initializer determines if this WorkspaceType has an associated - initializing controller. These controllers are used to add functionality - to a Workspace; all controllers must finish their work before the - Workspace becomes ready for use. \n One initializing controller is - supported per WorkspaceType; the identifier for this initializer will - be a colon-delimited string using the workspace in which the WorkspaceType - is defined, and the type's name. For example, if a WorkspaceType `example` - is created in the `root:org` workspace, the implicit initializer name - is `root:org:Example`." + description: |- + initializer determines if this WorkspaceType has an associated initializing + controller. These controllers are used to add functionality to a Workspace; + all controllers must finish their work before the Workspace becomes ready + for use. + + + One initializing controller is supported per WorkspaceType; the identifier + for this initializer will be a colon-delimited string using the workspace in which + the WorkspaceType is defined, and the type's name. For example, if a + WorkspaceType `example` is created in the `root:org` workspace, the implicit + initializer name is `root:org:Example`. type: boolean limitAllowedChildren: - description: limitAllowedChildren specifies constraints for sub-workspaces - created in workspaces of this type. These are in addition to child - constraints of types this one extends. + description: |- + limitAllowedChildren specifies constraints for sub-workspaces created in workspaces + of this type. These are in addition to child constraints of types this one extends. oneOf: - required: - none @@ -149,10 +164,13 @@ spec: description: none means that no type matches. type: boolean types: - description: "types is a list of WorkspaceTypes that match. A workspace - type extending another workspace type automatically is considered - as that extended type as well (even transitively). \n An empty - list matches all types." + description: |- + types is a list of WorkspaceTypes that match. A workspace type extending + another workspace type automatically is considered as that extended type as well + (even transitively). + + + An empty list matches all types. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -173,9 +191,10 @@ spec: type: array type: object limitAllowedParents: - description: limitAllowedParents specifies constraints for the parent - workspace that workspaces of this type are created in. These are in - addition to parent constraints of types this one extends. + description: |- + limitAllowedParents specifies constraints for the parent workspace that workspaces + of this type are created in. These are in addition to parent constraints of types this one + extends. oneOf: - required: - none @@ -186,10 +205,13 @@ spec: description: none means that no type matches. type: boolean types: - description: "types is a list of WorkspaceTypes that match. A workspace - type extending another workspace type automatically is considered - as that extended type as well (even transitively). \n An empty - list matches all types." + description: |- + types is a list of WorkspaceTypes that match. A workspace type extending + another workspace type automatically is considered as that extended type as well + (even transitively). + + + An empty list matches all types. items: description: WorkspaceTypeReference is a globally unique, fully qualified reference to a workspace type. @@ -220,36 +242,37 @@ spec: state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in - CamelCase. The specific API may choose whether or not this field - is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason - code, so the users or machines can immediately understand the - current situation and act accordingly. The Severity field MUST - be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime diff --git a/pkg/openapi/zz_generated.openapi.go b/pkg/openapi/zz_generated.openapi.go index 401263b5869..a4eca3e8379 100644 --- a/pkg/openapi/zz_generated.openapi.go +++ b/pkg/openapi/zz_generated.openapi.go @@ -19,8 +19,6 @@ limitations under the License. // Code generated by openapi-gen. DO NOT EDIT. -// This file was autogenerated by openapi-gen. Do not edit it manually! - package openapi import ( @@ -199,6 +197,7 @@ func schema_sdk_apis_apis_v1alpha1_APIBinding(ref common.ReferenceCallback) comm }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ @@ -1183,7 +1182,6 @@ func schema_sdk_apis_apis_v1alpha1_APIResourceVersion(ref common.ReferenceCallba }, SchemaProps: spec.SchemaProps{ Description: "schema describes the structural schema used for validation, pruning, and defaulting of this version of the custom resource.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, @@ -2168,8 +2166,7 @@ func schema_sdk_apis_core_v1alpha1_ShardStatus(ref common.ReferenceCallback) com Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -2891,7 +2888,6 @@ func schema_conditions_apis_conditions_v1alpha1_Condition(ref common.ReferenceCa "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -3230,6 +3226,11 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "versions are the versions supported in this group.", Type: []string{"array"}, @@ -3251,6 +3252,11 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, "serverAddressByClientCIDRs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", Type: []string{"array"}, @@ -3295,6 +3301,11 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O }, }, "groups": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "groups is a list of APIGroup.", Type: []string{"array"}, @@ -3386,6 +3397,11 @@ func schema_pkg_apis_meta_v1_APIResource(ref common.ReferenceCallback) common.Op }, }, "shortNames": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "shortNames is a list of suggested short names of the resource.", Type: []string{"array"}, @@ -3401,6 +3417,11 @@ func schema_pkg_apis_meta_v1_APIResource(ref common.ReferenceCallback) common.Op }, }, "categories": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", Type: []string{"array"}, @@ -3459,6 +3480,11 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo }, }, "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "resources contains the name of the resources and if they are namespaced.", Type: []string{"array"}, @@ -3503,6 +3529,11 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "versions are the api versions that are available.", Type: []string{"array"}, @@ -3518,6 +3549,11 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, "serverAddressByClientCIDRs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", Type: []string{"array"}, @@ -3562,6 +3598,11 @@ func schema_pkg_apis_meta_v1_ApplyOptions(ref common.ReferenceCallback) common.O }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -3632,7 +3673,6 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -3683,6 +3723,11 @@ func schema_pkg_apis_meta_v1_CreateOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -3766,6 +3811,11 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -4082,6 +4132,11 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. }, }, "matchExpressions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", Type: []string{"array"}, @@ -4132,6 +4187,11 @@ func schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref common.ReferenceCallba }, }, "values": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", Type: []string{"array"}, @@ -4188,8 +4248,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -4475,7 +4534,6 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "creationTimestamp": { SchemaProps: spec.SchemaProps{ Description: "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -4527,6 +4585,10 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "ownerReferences": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "uid", + }, + "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "uid", "x-kubernetes-patch-strategy": "merge", }, @@ -4547,6 +4609,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "finalizers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", "x-kubernetes-patch-strategy": "merge", }, }, @@ -4565,6 +4628,11 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, }, "managedFields": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", Type: []string{"array"}, @@ -4771,6 +4839,11 @@ func schema_pkg_apis_meta_v1_PatchOptions(ref common.ReferenceCallback) common.O }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -4847,6 +4920,11 @@ func schema_pkg_apis_meta_v1_RootPaths(ref common.ReferenceCallback) common.Open Type: []string{"object"}, Properties: map[string]spec.Schema{ "paths": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "paths are the paths available at root.", Type: []string{"array"}, @@ -4948,6 +5026,11 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, "details": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"), @@ -5038,6 +5121,11 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. }, }, "causes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", Type: []string{"array"}, @@ -5095,6 +5183,11 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, "columnDefinitions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", Type: []string{"array"}, @@ -5109,6 +5202,11 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, "rows": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "rows is the list of items in the table.", Type: []string{"array"}, @@ -5227,6 +5325,11 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA Type: []string{"object"}, Properties: map[string]spec.Schema{ "cells": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", Type: []string{"array"}, @@ -5241,6 +5344,11 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA }, }, "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", Type: []string{"array"}, @@ -5257,7 +5365,6 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA "object": { SchemaProps: spec.SchemaProps{ Description: "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, @@ -5405,6 +5512,11 @@ func schema_pkg_apis_meta_v1_UpdateOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -5456,7 +5568,6 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope "object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, diff --git a/sdk/client/applyconfiguration/meta/v1/condition.go b/sdk/client/applyconfiguration/meta/v1/condition.go new file mode 100644 index 00000000000..19874c4f966 --- /dev/null +++ b/sdk/client/applyconfiguration/meta/v1/condition.go @@ -0,0 +1,88 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ConditionApplyConfiguration represents an declarative configuration of the Condition type for use +// with apply. +type ConditionApplyConfiguration struct { + Type *string `json:"type,omitempty"` + Status *v1.ConditionStatus `json:"status,omitempty"` + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + LastTransitionTime *v1.Time `json:"lastTransitionTime,omitempty"` + Reason *string `json:"reason,omitempty"` + Message *string `json:"message,omitempty"` +} + +// ConditionApplyConfiguration constructs an declarative configuration of the Condition type for use with +// apply. +func Condition() *ConditionApplyConfiguration { + return &ConditionApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithType(value string) *ConditionApplyConfiguration { + b.Type = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithStatus(value v1.ConditionStatus) *ConditionApplyConfiguration { + b.Status = &value + return b +} + +// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedGeneration field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithObservedGeneration(value int64) *ConditionApplyConfiguration { + b.ObservedGeneration = &value + return b +} + +// WithLastTransitionTime sets the LastTransitionTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastTransitionTime field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithLastTransitionTime(value v1.Time) *ConditionApplyConfiguration { + b.LastTransitionTime = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithReason(value string) *ConditionApplyConfiguration { + b.Reason = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithMessage(value string) *ConditionApplyConfiguration { + b.Message = &value + return b +} diff --git a/sdk/client/applyconfiguration/meta/v1/deleteoptions.go b/sdk/client/applyconfiguration/meta/v1/deleteoptions.go new file mode 100644 index 00000000000..864aac9d90b --- /dev/null +++ b/sdk/client/applyconfiguration/meta/v1/deleteoptions.go @@ -0,0 +1,101 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// DeleteOptionsApplyConfiguration represents an declarative configuration of the DeleteOptions type for use +// with apply. +type DeleteOptionsApplyConfiguration struct { + TypeMetaApplyConfiguration `json:",inline"` + GracePeriodSeconds *int64 `json:"gracePeriodSeconds,omitempty"` + Preconditions *metav1.Preconditions `json:"preconditions,omitempty"` + OrphanDependents *bool `json:"orphanDependents,omitempty"` + PropagationPolicy *metav1.DeletionPropagation `json:"propagationPolicy,omitempty"` + DryRun []string `json:"dryRun,omitempty"` +} + +// DeleteOptionsApplyConfiguration constructs an declarative configuration of the DeleteOptions type for use with +// apply. +func DeleteOptions() *DeleteOptionsApplyConfiguration { + b := &DeleteOptionsApplyConfiguration{} + b.WithKind("DeleteOptions") + b.WithAPIVersion("meta.k8s.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithKind(value string) *DeleteOptionsApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithAPIVersion(value string) *DeleteOptionsApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithGracePeriodSeconds sets the GracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GracePeriodSeconds field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithGracePeriodSeconds(value int64) *DeleteOptionsApplyConfiguration { + b.GracePeriodSeconds = &value + return b +} + +// WithPreconditions sets the Preconditions field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Preconditions field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithPreconditions(value metav1.Preconditions) *DeleteOptionsApplyConfiguration { + b.Preconditions = &value + return b +} + +// WithOrphanDependents sets the OrphanDependents field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OrphanDependents field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithOrphanDependents(value bool) *DeleteOptionsApplyConfiguration { + b.OrphanDependents = &value + return b +} + +// WithPropagationPolicy sets the PropagationPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PropagationPolicy field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithPropagationPolicy(value metav1.DeletionPropagation) *DeleteOptionsApplyConfiguration { + b.PropagationPolicy = &value + return b +} + +// WithDryRun adds the given value to the DryRun field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DryRun field. +func (b *DeleteOptionsApplyConfiguration) WithDryRun(values ...string) *DeleteOptionsApplyConfiguration { + for i := range values { + b.DryRun = append(b.DryRun, values[i]) + } + return b +} diff --git a/sdk/client/applyconfiguration/utils.go b/sdk/client/applyconfiguration/utils.go index 09b7adf5497..7e40c200a23 100644 --- a/sdk/client/applyconfiguration/utils.go +++ b/sdk/client/applyconfiguration/utils.go @@ -21,6 +21,7 @@ package applyconfiguration import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" schema "k8s.io/apimachinery/pkg/runtime/schema" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" v1alpha1 "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1" corev1alpha1 "github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1" @@ -30,7 +31,7 @@ import ( apisv1alpha1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/apis/v1alpha1" applyconfigurationconditionsv1alpha1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/conditions/v1alpha1" applyconfigurationcorev1alpha1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/core/v1alpha1" - metav1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/meta/v1" + applyconfigurationmetav1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/meta/v1" applyconfigurationtenancyv1alpha1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/tenancy/v1alpha1" applyconfigurationtopologyv1alpha1 "github.com/kcp-dev/kcp/sdk/client/applyconfiguration/topology/v1alpha1" ) @@ -124,18 +125,22 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &applyconfigurationcorev1alpha1.ShardStatusApplyConfiguration{} // Group=meta.k8s.io, Version=v1 + case v1.SchemeGroupVersion.WithKind("Condition"): + return &metav1.ConditionApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("DeleteOptions"): + return &metav1.DeleteOptionsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("LabelSelector"): - return &metav1.LabelSelectorApplyConfiguration{} + return &applyconfigurationmetav1.LabelSelectorApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("LabelSelectorRequirement"): - return &metav1.LabelSelectorRequirementApplyConfiguration{} + return &applyconfigurationmetav1.LabelSelectorRequirementApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ManagedFieldsEntry"): - return &metav1.ManagedFieldsEntryApplyConfiguration{} + return &applyconfigurationmetav1.ManagedFieldsEntryApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ObjectMeta"): - return &metav1.ObjectMetaApplyConfiguration{} + return &applyconfigurationmetav1.ObjectMetaApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OwnerReference"): - return &metav1.OwnerReferenceApplyConfiguration{} + return &applyconfigurationmetav1.OwnerReferenceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TypeMeta"): - return &metav1.TypeMetaApplyConfiguration{} + return &applyconfigurationmetav1.TypeMetaApplyConfiguration{} // Group=tenancy.kcp.io, Version=v1alpha1 case tenancyv1alpha1.SchemeGroupVersion.WithKind("APIExportReference"): diff --git a/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/condition.go b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/condition.go new file mode 100644 index 00000000000..19874c4f966 --- /dev/null +++ b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/condition.go @@ -0,0 +1,88 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ConditionApplyConfiguration represents an declarative configuration of the Condition type for use +// with apply. +type ConditionApplyConfiguration struct { + Type *string `json:"type,omitempty"` + Status *v1.ConditionStatus `json:"status,omitempty"` + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + LastTransitionTime *v1.Time `json:"lastTransitionTime,omitempty"` + Reason *string `json:"reason,omitempty"` + Message *string `json:"message,omitempty"` +} + +// ConditionApplyConfiguration constructs an declarative configuration of the Condition type for use with +// apply. +func Condition() *ConditionApplyConfiguration { + return &ConditionApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithType(value string) *ConditionApplyConfiguration { + b.Type = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithStatus(value v1.ConditionStatus) *ConditionApplyConfiguration { + b.Status = &value + return b +} + +// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedGeneration field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithObservedGeneration(value int64) *ConditionApplyConfiguration { + b.ObservedGeneration = &value + return b +} + +// WithLastTransitionTime sets the LastTransitionTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastTransitionTime field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithLastTransitionTime(value v1.Time) *ConditionApplyConfiguration { + b.LastTransitionTime = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithReason(value string) *ConditionApplyConfiguration { + b.Reason = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *ConditionApplyConfiguration) WithMessage(value string) *ConditionApplyConfiguration { + b.Message = &value + return b +} diff --git a/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/deleteoptions.go b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/deleteoptions.go new file mode 100644 index 00000000000..864aac9d90b --- /dev/null +++ b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/deleteoptions.go @@ -0,0 +1,101 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// DeleteOptionsApplyConfiguration represents an declarative configuration of the DeleteOptions type for use +// with apply. +type DeleteOptionsApplyConfiguration struct { + TypeMetaApplyConfiguration `json:",inline"` + GracePeriodSeconds *int64 `json:"gracePeriodSeconds,omitempty"` + Preconditions *metav1.Preconditions `json:"preconditions,omitempty"` + OrphanDependents *bool `json:"orphanDependents,omitempty"` + PropagationPolicy *metav1.DeletionPropagation `json:"propagationPolicy,omitempty"` + DryRun []string `json:"dryRun,omitempty"` +} + +// DeleteOptionsApplyConfiguration constructs an declarative configuration of the DeleteOptions type for use with +// apply. +func DeleteOptions() *DeleteOptionsApplyConfiguration { + b := &DeleteOptionsApplyConfiguration{} + b.WithKind("DeleteOptions") + b.WithAPIVersion("meta.k8s.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithKind(value string) *DeleteOptionsApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithAPIVersion(value string) *DeleteOptionsApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithGracePeriodSeconds sets the GracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GracePeriodSeconds field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithGracePeriodSeconds(value int64) *DeleteOptionsApplyConfiguration { + b.GracePeriodSeconds = &value + return b +} + +// WithPreconditions sets the Preconditions field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Preconditions field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithPreconditions(value metav1.Preconditions) *DeleteOptionsApplyConfiguration { + b.Preconditions = &value + return b +} + +// WithOrphanDependents sets the OrphanDependents field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OrphanDependents field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithOrphanDependents(value bool) *DeleteOptionsApplyConfiguration { + b.OrphanDependents = &value + return b +} + +// WithPropagationPolicy sets the PropagationPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PropagationPolicy field is set to the value of the last call. +func (b *DeleteOptionsApplyConfiguration) WithPropagationPolicy(value metav1.DeletionPropagation) *DeleteOptionsApplyConfiguration { + b.PropagationPolicy = &value + return b +} + +// WithDryRun adds the given value to the DryRun field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DryRun field. +func (b *DeleteOptionsApplyConfiguration) WithDryRun(values ...string) *DeleteOptionsApplyConfiguration { + for i := range values { + b.DryRun = append(b.DryRun, values[i]) + } + return b +} diff --git a/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselector.go b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselector.go new file mode 100644 index 00000000000..68cbb1e5bbe --- /dev/null +++ b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselector.go @@ -0,0 +1,63 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// LabelSelectorApplyConfiguration represents an declarative configuration of the LabelSelector type for use +// with apply. +type LabelSelectorApplyConfiguration struct { + MatchLabels map[string]string `json:"matchLabels,omitempty"` + MatchExpressions []v1.LabelSelectorRequirementApplyConfiguration `json:"matchExpressions,omitempty"` +} + +// LabelSelectorApplyConfiguration constructs an declarative configuration of the LabelSelector type for use with +// apply. +func LabelSelector() *LabelSelectorApplyConfiguration { + return &LabelSelectorApplyConfiguration{} +} + +// WithMatchLabels puts the entries into the MatchLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the MatchLabels field, +// overwriting an existing map entries in MatchLabels field with the same key. +func (b *LabelSelectorApplyConfiguration) WithMatchLabels(entries map[string]string) *LabelSelectorApplyConfiguration { + if b.MatchLabels == nil && len(entries) > 0 { + b.MatchLabels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.MatchLabels[k] = v + } + return b +} + +// WithMatchExpressions adds the given value to the MatchExpressions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MatchExpressions field. +func (b *LabelSelectorApplyConfiguration) WithMatchExpressions(values ...*v1.LabelSelectorRequirementApplyConfiguration) *LabelSelectorApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithMatchExpressions") + } + b.MatchExpressions = append(b.MatchExpressions, *values[i]) + } + return b +} diff --git a/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselectorrequirement.go b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselectorrequirement.go new file mode 100644 index 00000000000..7a490ca2e5e --- /dev/null +++ b/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1/labelselectorrequirement.go @@ -0,0 +1,63 @@ +/* +Copyright The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// LabelSelectorRequirementApplyConfiguration represents an declarative configuration of the LabelSelectorRequirement type for use +// with apply. +type LabelSelectorRequirementApplyConfiguration struct { + Key *string `json:"key,omitempty"` + Operator *v1.LabelSelectorOperator `json:"operator,omitempty"` + Values []string `json:"values,omitempty"` +} + +// LabelSelectorRequirementApplyConfiguration constructs an declarative configuration of the LabelSelectorRequirement type for use with +// apply. +func LabelSelectorRequirement() *LabelSelectorRequirementApplyConfiguration { + return &LabelSelectorRequirementApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *LabelSelectorRequirementApplyConfiguration) WithKey(value string) *LabelSelectorRequirementApplyConfiguration { + b.Key = &value + return b +} + +// WithOperator sets the Operator field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Operator field is set to the value of the last call. +func (b *LabelSelectorRequirementApplyConfiguration) WithOperator(value v1.LabelSelectorOperator) *LabelSelectorRequirementApplyConfiguration { + b.Operator = &value + return b +} + +// WithValues adds the given value to the Values field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Values field. +func (b *LabelSelectorRequirementApplyConfiguration) WithValues(values ...string) *LabelSelectorRequirementApplyConfiguration { + for i := range values { + b.Values = append(b.Values, values[i]) + } + return b +} diff --git a/test/e2e/fixtures/wildwest/client/applyconfiguration/utils.go b/test/e2e/fixtures/wildwest/client/applyconfiguration/utils.go index d3ad9ee1c70..7e8d9d4721b 100644 --- a/test/e2e/fixtures/wildwest/client/applyconfiguration/utils.go +++ b/test/e2e/fixtures/wildwest/client/applyconfiguration/utils.go @@ -21,9 +21,10 @@ package applyconfiguration import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" schema "k8s.io/apimachinery/pkg/runtime/schema" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" v1alpha1 "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis/wildwest/v1alpha1" - metav1 "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1" + applyconfigurationmetav1 "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration/meta/v1" wildwestv1alpha1 "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/applyconfiguration/wildwest/v1alpha1" ) @@ -32,14 +33,22 @@ import ( func ForKind(kind schema.GroupVersionKind) interface{} { switch kind { // Group=meta.k8s.io, Version=v1 + case v1.SchemeGroupVersion.WithKind("Condition"): + return &metav1.ConditionApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("DeleteOptions"): + return &metav1.DeleteOptionsApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("LabelSelector"): + return &metav1.LabelSelectorApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("LabelSelectorRequirement"): + return &metav1.LabelSelectorRequirementApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ManagedFieldsEntry"): - return &metav1.ManagedFieldsEntryApplyConfiguration{} + return &applyconfigurationmetav1.ManagedFieldsEntryApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ObjectMeta"): - return &metav1.ObjectMetaApplyConfiguration{} + return &applyconfigurationmetav1.ObjectMetaApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OwnerReference"): - return &metav1.OwnerReferenceApplyConfiguration{} + return &applyconfigurationmetav1.OwnerReferenceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TypeMeta"): - return &metav1.TypeMetaApplyConfiguration{} + return &applyconfigurationmetav1.TypeMetaApplyConfiguration{} // Group=wildwest.dev, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithKind("Cowboy"): diff --git a/test/e2e/fixtures/wildwest/wildwest.dev_cowboys.yaml b/test/e2e/fixtures/wildwest/wildwest.dev_cowboys.yaml index 23dde119638..86fbd280770 100644 --- a/test/e2e/fixtures/wildwest/wildwest.dev_cowboys.yaml +++ b/test/e2e/fixtures/wildwest/wildwest.dev_cowboys.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: cowboys.wildwest.dev spec: group: wildwest.dev @@ -21,14 +20,19 @@ spec: description: Cowboy is part of the wild west properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/test/e2e/fixtures/wildwest/wildwest.dev_sheriffs.yaml b/test/e2e/fixtures/wildwest/wildwest.dev_sheriffs.yaml index dd5db970135..84029f33920 100644 --- a/test/e2e/fixtures/wildwest/wildwest.dev_sheriffs.yaml +++ b/test/e2e/fixtures/wildwest/wildwest.dev_sheriffs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: sheriffs.wildwest.dev spec: group: wildwest.dev @@ -23,14 +22,19 @@ spec: description: Sheriff is part of the wild west properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object From 0fc07778a81f515c98aed5a987be52c751e149a2 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 14:23:49 +0200 Subject: [PATCH 19/27] Update golangci-lint, staticcheck and logcheck Signed-off-by: Marvin Beckers --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 107e7b281dc..a415147e6d1 100644 --- a/Makefile +++ b/Makefile @@ -54,11 +54,11 @@ OPENSHIFT_GOIMPORTS_BIN := openshift-goimports OPENSHIFT_GOIMPORTS := $(TOOLS_DIR)/$(OPENSHIFT_GOIMPORTS_BIN)-$(OPENSHIFT_GOIMPORTS_VER) export OPENSHIFT_GOIMPORTS # so hack scripts can use it -GOLANGCI_LINT_VER := v1.54.2 +GOLANGCI_LINT_VER := v1.58.1 GOLANGCI_LINT_BIN := golangci-lint GOLANGCI_LINT := $(TOOLS_GOBIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER) -STATICCHECK_VER := 2023.1 +STATICCHECK_VER := 2023.1.7 STATICCHECK_BIN := staticcheck STATICCHECK := $(TOOLS_GOBIN_DIR)/$(STATICCHECK_BIN)-$(STATICCHECK_VER) @@ -66,7 +66,7 @@ GOTESTSUM_VER := v1.8.1 GOTESTSUM_BIN := gotestsum GOTESTSUM := $(abspath $(TOOLS_DIR))/$(GOTESTSUM_BIN)-$(GOTESTSUM_VER) -LOGCHECK_VER := v0.7.0 +LOGCHECK_VER := v0.8.2 LOGCHECK_BIN := logcheck LOGCHECK := $(TOOLS_GOBIN_DIR)/$(LOGCHECK_BIN)-$(LOGCHECK_VER) export LOGCHECK # so hack scripts can use it From 7159c309ef2f3c6acacccebbffe7db73f1869eb7 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 14:24:23 +0200 Subject: [PATCH 20/27] Put nolint directives on things we cannot handle otherwise Signed-off-by: Marvin Beckers --- .../garbagecollector/garbagecollector_controller.go | 2 ++ pkg/reconciler/topology/partitionset/resources.go | 7 ------- pkg/server/apiextensions_test.go | 4 ++-- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/pkg/reconciler/garbagecollector/garbagecollector_controller.go b/pkg/reconciler/garbagecollector/garbagecollector_controller.go index 08b04516106..252ee41158c 100644 --- a/pkg/reconciler/garbagecollector/garbagecollector_controller.go +++ b/pkg/reconciler/garbagecollector/garbagecollector_controller.go @@ -264,6 +264,7 @@ func (c *Controller) startGarbageCollectorForLogicalCluster(ctx context.Context, clusterName: clusterName, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "quota-"+clusterName.String()), work: func(ctx context.Context) { + //nolint:errcheck garbageCollector.ResyncMonitors(ctx, c.dynamicDiscoverySharedInformerFactory) }, } @@ -286,6 +287,7 @@ func (c *Controller) startGarbageCollectorForLogicalCluster(ctx context.Context, // Do this in a goroutine to avoid holding up a worker in the event ResyncMonitors stalls for whatever reason go func() { // Make sure the GC monitors are synced at least once + //nolint:errcheck garbageCollector.ResyncMonitors(ctx, c.dynamicDiscoverySharedInformerFactory) go garbageCollector.Run(ctx, c.workersPerLogicalCluster) diff --git a/pkg/reconciler/topology/partitionset/resources.go b/pkg/reconciler/topology/partitionset/resources.go index c3779a02864..9a3a2264474 100644 --- a/pkg/reconciler/topology/partitionset/resources.go +++ b/pkg/reconciler/topology/partitionset/resources.go @@ -54,10 +54,3 @@ func generatePartitionName(name string, matchLabels map[string]string, dimension name = name[:min(validation.DNS1123SubdomainMaxLength-1, len(name))] return name } - -func min(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/pkg/server/apiextensions_test.go b/pkg/server/apiextensions_test.go index a7f83e109a6..31a163e62b2 100644 --- a/pkg/server/apiextensions_test.go +++ b/pkg/server/apiextensions_test.go @@ -112,11 +112,11 @@ func TestDecorateCRDWithBinding(t *testing.T) { t.Fatalf("Missing status condition %v", expCondition.Type) } - if cond.Status != expCondition.Status { + if cond != nil && cond.Status != expCondition.Status { t.Errorf("expect condition status %q, got %q for type %s", expCondition.Status, cond.Status, cond.Type) } - if cond.Reason != expCondition.Reason { + if cond != nil && cond.Reason != expCondition.Reason { t.Errorf("expect condition reason %q, got %q for type %s", expCondition.Reason, cond.Reason, cond.Type) } } From 2f7e92568dc9106f750e668839fa137fce6d2e26 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 15 Jul 2024 14:49:26 +0200 Subject: [PATCH 21/27] Update workspace fixture for virtual framework test Signed-off-by: Marvin Beckers --- pkg/virtual/framework/internalapis/fixtures/workspaces.yaml | 2 ++ pkg/virtual/framework/internalapis/import_test.go | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/virtual/framework/internalapis/fixtures/workspaces.yaml b/pkg/virtual/framework/internalapis/fixtures/workspaces.yaml index 9434e25112b..86dacb096cf 100644 --- a/pkg/virtual/framework/internalapis/fixtures/workspaces.yaml +++ b/pkg/virtual/framework/internalapis/fixtures/workspaces.yaml @@ -79,11 +79,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/pkg/virtual/framework/internalapis/import_test.go b/pkg/virtual/framework/internalapis/import_test.go index 98f7a4c2a6f..2457eebc557 100644 --- a/pkg/virtual/framework/internalapis/import_test.go +++ b/pkg/virtual/framework/internalapis/import_test.go @@ -91,6 +91,6 @@ func TestImportInternalAPIs(t *testing.T) { require.NoError(t, err) actualContent, err := yaml.Marshal(schema) require.NoError(t, err) - require.Empty(t, cmp.Diff(strings.Split(string(expectedContent), "\n"), strings.Split(string(actualContent), "\n"))) + require.Emptyf(t, cmp.Diff(strings.Split(string(expectedContent), "\n"), strings.Split(string(actualContent), "\n")), "%s was not identical to the expected content", schema.Name) } } From 6e72dfccacaf7c55bcda3c0d36776c484bb210bc Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Mon, 22 Jul 2024 16:19:42 +0200 Subject: [PATCH 22/27] front-proxy: wire command context to authenticator Signed-off-by: Marvin Beckers --- cmd/kcp-front-proxy/main.go | 2 +- pkg/proxy/config.go | 4 ++-- pkg/proxy/options/authentication.go | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cmd/kcp-front-proxy/main.go b/cmd/kcp-front-proxy/main.go index e959c7cd0f8..932e51e5613 100644 --- a/cmd/kcp-front-proxy/main.go +++ b/cmd/kcp-front-proxy/main.go @@ -74,7 +74,7 @@ routed based on paths.`, go http.ListenAndServe(options.Proxy.ProfilerAddress, nil) } - config, err := proxy.NewConfig(options.Proxy) + config, err := proxy.NewConfig(ctx, options.Proxy) if err != nil { return err } diff --git a/pkg/proxy/config.go b/pkg/proxy/config.go index 047a91d34b3..c17726f69da 100644 --- a/pkg/proxy/config.go +++ b/pkg/proxy/config.go @@ -69,7 +69,7 @@ func (c *Config) Complete() (CompletedConfig, error) { } // NewConfig returns a new Config for the given options. -func NewConfig(opts *proxyoptions.Options) (*Config, error) { +func NewConfig(ctx context.Context, opts *proxyoptions.Options) (*Config, error) { c := &Config{ Options: opts, } @@ -89,7 +89,7 @@ func NewConfig(opts *proxyoptions.Options) (*Config, error) { if err := c.Options.SecureServing.ApplyTo(&c.ServingInfo, &loopbackClientConfig); err != nil { return nil, err } - if err := c.Options.Authentication.ApplyTo(&c.AuthenticationInfo, c.ServingInfo, c.RootShardConfig); err != nil { + if err := c.Options.Authentication.ApplyTo(ctx, &c.AuthenticationInfo, c.ServingInfo, c.RootShardConfig); err != nil { return nil, err } diff --git a/pkg/proxy/options/authentication.go b/pkg/proxy/options/authentication.go index 7e2eb833c9c..d18b05ba06a 100644 --- a/pkg/proxy/options/authentication.go +++ b/pkg/proxy/options/authentication.go @@ -83,7 +83,7 @@ func (c *Authentication) serviceAccountAuthEnabled() bool { return c.BuiltInOptions.ServiceAccounts != nil && len(c.BuiltInOptions.ServiceAccounts.KeyFiles) != 0 } -func (c *Authentication) ApplyTo(authenticationInfo *genericapiserver.AuthenticationInfo, servingInfo *genericapiserver.SecureServingInfo, rootShardConfig *rest.Config) error { +func (c *Authentication) ApplyTo(ctx context.Context, authenticationInfo *genericapiserver.AuthenticationInfo, servingInfo *genericapiserver.SecureServingInfo, rootShardConfig *rest.Config) error { // Note BuiltInAuthenticationOptions.ApplyTo is not called, so we // can reduce the dependencies pulled in from auth methods which aren't enabled authenticatorConfig, err := c.BuiltInOptions.ToAuthenticationConfig() @@ -122,7 +122,7 @@ func (c *Authentication) ApplyTo(authenticationInfo *genericapiserver.Authentica } // Sets up a union Authenticator for all enabled auth methods - authenticationInfo.Authenticator, _, _, _, err = authenticatorConfig.New(context.TODO()) // TODO(embik): wire server context in? + authenticationInfo.Authenticator, _, _, _, err = authenticatorConfig.New(ctx) if err != nil { return err } From f63d176ca71d4672bfcb21cebcb4de6afa81c3a3 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Tue, 23 Jul 2024 12:37:46 +0200 Subject: [PATCH 23/27] Install Kubernetes ValidatingAdmissionPolicyStatus controller Signed-off-by: Marvin Beckers --- pkg/server/controllers.go | 55 +++++++++++++++++++++++++++++++++++++++ pkg/server/server.go | 4 +++ 2 files changed, 59 insertions(+) diff --git a/pkg/server/controllers.go b/pkg/server/controllers.go index 48a4d1b3d64..29741f106ba 100644 --- a/pkg/server/controllers.go +++ b/pkg/server/controllers.go @@ -31,12 +31,18 @@ import ( "github.com/kcp-dev/logicalcluster/v3" corev1 "k8s.io/api/core/v1" + apiextensionsscheme "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" + pluginvalidatingadmissionpolicy "k8s.io/apiserver/pkg/admission/plugin/policy/validating" + "k8s.io/apiserver/pkg/cel/openapi/resolver" "k8s.io/client-go/discovery" + "k8s.io/client-go/discovery/cached/memory" + k8sscheme "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" + "k8s.io/client-go/restmapper" certutil "k8s.io/client-go/util/cert" "k8s.io/client-go/util/keyutil" "k8s.io/klog/v2" @@ -44,6 +50,8 @@ import ( "k8s.io/kubernetes/pkg/controller/clusterroleaggregation" "k8s.io/kubernetes/pkg/controller/namespace" serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount" + "k8s.io/kubernetes/pkg/controller/validatingadmissionpolicystatus" + "k8s.io/kubernetes/pkg/generated/openapi" "k8s.io/kubernetes/pkg/serviceaccount" configuniversal "github.com/kcp-dev/kcp/config/universal" @@ -349,6 +357,53 @@ func (s *Server) installRootCAConfigMapController(ctx context.Context, config *r }) } +func (s *Server) installKubeValidatingAdmissionPolicyStatusController(_ context.Context, config *rest.Config) error { + controllerName := fmt.Sprintf("kube-%s", validatingadmissionpolicystatus.ControllerName) + config = rest.AddUserAgent(rest.CopyConfig(config), controllerName) + kubeClient, err := kcpkubernetesclientset.NewForConfig(config) + if err != nil { + return err + } + + schemaResolver := resolver.NewDefinitionsSchemaResolver(openapi.GetOpenAPIDefinitions, k8sscheme.Scheme, apiextensionsscheme.Scheme) + + typeCheckerFn := func(clusterName logicalcluster.Path) (*pluginvalidatingadmissionpolicy.TypeChecker, error) { + logicalClusterConfig := rest.CopyConfig(config) + logicalClusterConfig.Host += clusterName.RequestPath() + kubeClient, err := kcpkubernetesclientset.NewForConfig(config) + if err != nil { + return nil, err + } + + discoveryClient := memory.NewMemCacheClient(kubeClient.Cluster(clusterName).Discovery()) + + return &pluginvalidatingadmissionpolicy.TypeChecker{ + SchemaResolver: schemaResolver.Combine(&resolver.ClientDiscoveryResolver{Discovery: discoveryClient}), + RestMapper: restmapper.NewDeferredDiscoveryRESTMapper(discoveryClient), + }, nil + } + + c, err := validatingadmissionpolicystatus.NewController( + s.KubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies(), + kubeClient.AdmissionregistrationV1().ValidatingAdmissionPolicies(), + typeCheckerFn) + if err != nil { + return err + } + + return s.registerController(&controllerWrapper{ + Name: controllerName, + Wait: func(ctx context.Context, s *Server) error { + return wait.PollUntilContextCancel(ctx, waitPollInterval, true, func(ctx context.Context) (bool, error) { + return s.KubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies().Informer().HasSynced(), nil + }) + }, + Runner: func(ctx context.Context) { + c.Run(ctx, 5) + }, + }) +} + func readCA(file string) ([]byte, error) { rootCA, err := os.ReadFile(file) if err != nil { diff --git a/pkg/server/server.go b/pkg/server/server.go index b5b7eb267b2..8875cb25e7e 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -211,6 +211,10 @@ func (s *Server) installControllers(ctx context.Context, controllerConfig *rest. return err } + if err := s.installKubeValidatingAdmissionPolicyStatusController(ctx, controllerConfig); err != nil { + return err + } + if err := s.installApiExportIdentityController(ctx, controllerConfig); err != nil { return err } From 52ebb378956a2abdba74da599d34047b29409f36 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Tue, 23 Jul 2024 12:38:16 +0200 Subject: [PATCH 24/27] Update to admissionregistrationv1 API for ValidatingAdmissionPolicies Signed-off-by: Marvin Beckers --- ...on.k8s.io_validatingadmissionpolicies.yaml | 279 ++++++++++++++++-- ....io_validatingadmissionpolicybindings.yaml | 126 +++++++- .../validating_admission_policy.go | 4 +- .../replication/replication_controller.go | 16 +- 4 files changed, 384 insertions(+), 41 deletions(-) diff --git a/config/crds/admissionregistration.k8s.io_validatingadmissionpolicies.yaml b/config/crds/admissionregistration.k8s.io_validatingadmissionpolicies.yaml index 056866d56a6..89abafa2c56 100755 --- a/config/crds/admissionregistration.k8s.io_validatingadmissionpolicies.yaml +++ b/config/crds/admissionregistration.k8s.io_validatingadmissionpolicies.yaml @@ -18,7 +18,7 @@ spec: singular: validatingadmissionpolicy scope: Cluster versions: - - name: v1alpha1 + - name: v1 schema: openAPIV3Schema: description: ValidatingAdmissionPolicy describes the definition of an admission @@ -39,14 +39,97 @@ spec: spec: description: Specification of the desired behavior of the ValidatingAdmissionPolicy. properties: + auditAnnotations: + description: auditAnnotations contains CEL expressions which are used + to produce audit annotations for the audit event of the API request. + validations and auditAnnotations may not both be empty; a least + one of validations or auditAnnotations is required. + items: + description: AuditAnnotation describes how to produce an audit annotation + for an API request. + properties: + key: + description: |- + key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. + + The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}". + + If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded. + + Required. + type: string + valueExpression: + description: |- + valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb. + + If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list. + + Required. + type: string + required: + - key + - valueExpression + type: object + type: array + x-kubernetes-list-type: atomic failurePolicy: - description: FailurePolicy defines how to handle failures for the - admission policy. Failures can occur from invalid or mis-configured - policy definitions or bindings. A policy is invalid if spec.paramKind - refers to a non-existent Kind. A binding is invalid if spec.paramRef.name - refers to a non-existent resource. Allowed values are Ignore or - Fail. Defaults to Fail. + description: |- + failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings. + + A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource. + + failurePolicy does not define how validations that evaluate to false are handled. + + When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced. + + Allowed values are Ignore or Fail. Defaults to Fail. + + Possible enum values: + - `"Fail"` means that an error calling the webhook causes the admission to fail. + - `"Ignore"` means that an error calling the webhook is ignored. type: string + matchConditions: + description: |- + MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed. + + If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions. + + The exact matching logic is (in order): + 1. If ANY matchCondition evaluates to FALSE, the policy is skipped. + 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated. + 3. If any matchCondition evaluates to an error (but none are FALSE): + - If failurePolicy=Fail, reject the request + - If failurePolicy=Ignore, the policy is skipped + items: + description: MatchCondition represents a condition which must by + fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map matchConstraints: description: MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request @@ -132,6 +215,10 @@ spec: - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. Defaults to "Equivalent" + + Possible enum values: + - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. + - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule. type: string namespaceSelector: description: |- @@ -193,11 +280,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -247,11 +336,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -349,8 +440,8 @@ spec: type: object validations: description: Validations contain CEL expressions which is used to - apply the validation. A minimum of one validation is required for - a policy definition. Required. + apply the validation. Validations and AuditAnnotations may not both + be empty; a minimum of one Validations or AuditAnnotations is required. items: description: Validation specifies the CEL expression which is used to apply the validation. @@ -358,14 +449,24 @@ spec: expression: description: "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec - CEL expressions have access to the contents of the Admission - request/response, organized into CEL variables as well as - some other useful variables:\n\n'object' - The object from - the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE - requests. 'request' - Attributes of the admission request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding - being evaluated. Only populated if the policy has a ParamKind.\n\nThe + CEL expressions have access to the contents of the API request/response, + organized into CEL variables as well as some other useful + variables:\n\n- 'object' - The object from the incoming request. + The value is null for DELETE requests. - 'oldObject' - The + existing object. The value is null for CREATE requests. - + 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). + - 'params' - Parameter resource referred to by the policy + binding being evaluated. Only populated if the policy has + a ParamKind. - 'namespaceObject' - The namespace object that + the incoming object belongs to. The value is null for cluster-scoped + resources. - 'variables' - Map of composited variables, from + its name to its lazily evaluated value.\n For example, a + variable named 'foo' can be accessed as 'variables.foo'.\n- + 'authorizer' - A CEL Authorizer. May be used to perform authorization + checks for the principal (user or service account) of the + request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- + 'authorizer.requestResource' - A CEL ResourceCheck constructed + from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names @@ -406,6 +507,25 @@ spec: not contain line breaks. If unset, the message is "failed Expression: {Expression}".' type: string + messageExpression: + description: 'messageExpression declares a CEL expression that + evaluates to the validation failure message that is returned + when this rule fails. Since messageExpression is used as a + failure message, it must evaluate to a string. If both message + and messageExpression are present on a validation, then messageExpression + will be used if validation fails. If messageExpression results + in a runtime error, the runtime error is logged, and the validation + failure message is produced as if the messageExpression field + were unset. If messageExpression evaluates to an empty string, + a string with only spaces, or a string that contains line + breaks, then the validation failure message will also be produced + as if the messageExpression field were unset, and the fact + that messageExpression produced an empty string/string with + only spaces/string with line breaks will be logged. messageExpression + has access to all the same variables as the `expression` except + for ''authorizer'' and ''authorizer.requestResource''. Example: + "object.x must be less than max ("+string(params.max)+")"' + type: string reason: description: 'Reason represents a machine-readable description of why this validation failed. If this is the first validation @@ -420,17 +540,134 @@ spec: type: object type: array x-kubernetes-list-type: atomic - required: - - validations + variables: + description: |- + Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy. + + The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic. + items: + description: Variable is the definition of a variable that is used + for composition. A variable is defined as a named expression. + properties: + expression: + description: Expression is the expression that will be evaluated + as the value of the variable. The CEL expression has access + to the same identifiers as the CEL expressions in Validation. + type: string + name: + description: Name is the name of the variable. The name must + be a valid CEL identifier and unique among all variables. + The variable can be accessed in other expressions through + `variables` For example, if name is "foo", the variable will + be available as `variables.foo` + type: string + required: + - expression + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The status of the ValidatingAdmissionPolicy, including warnings + that are useful to determine if the policy behaves in the expected way. + Populated by the system. Read-only. + properties: + conditions: + description: The conditions represent the latest available observations + of a policy's current state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: The generation observed by the controller. + format: int64 + type: integer + typeChecking: + description: The results of type checking for each expression. Presence + of this field indicates the completion of the type checking. + properties: + expressionWarnings: + description: The type checking warnings for each expression. + items: + description: ExpressionWarning is a warning information that + targets a specific expression. + properties: + fieldRef: + description: The path to the field that refers the expression. + For example, the reference to the expression of the first + item of validations is "spec.validations[0].expression" + type: string + warning: + description: The content of type checking information in + a human-readable form. Each line of the warning contains + the type that the expression is checked against, followed + by the type check error from the compiler. + type: string + required: + - fieldRef + - warning + type: object + type: array + x-kubernetes-list-type: atomic + type: object type: object type: object served: true storage: true - subresources: {} + subresources: + status: {} status: acceptedNames: kind: "" plural: "" conditions: null storedVersions: - - v1alpha1 + - v1 diff --git a/config/crds/admissionregistration.k8s.io_validatingadmissionpolicybindings.yaml b/config/crds/admissionregistration.k8s.io_validatingadmissionpolicybindings.yaml index 455b1be06b0..f1c1fba5a13 100755 --- a/config/crds/admissionregistration.k8s.io_validatingadmissionpolicybindings.yaml +++ b/config/crds/admissionregistration.k8s.io_validatingadmissionpolicybindings.yaml @@ -18,12 +18,15 @@ spec: singular: validatingadmissionpolicybinding scope: Cluster versions: - - name: v1alpha1 + - name: v1 schema: openAPIV3Schema: - description: ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy - with paramerized resources. ValidatingAdmissionPolicyBinding and parameter - CRDs together define how cluster administrators configure policies for clusters. + description: |- + ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters. + + For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding. + + The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -128,6 +131,10 @@ spec: - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. Defaults to "Equivalent" + + Possible enum values: + - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. + - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule. type: string namespaceSelector: description: |- @@ -189,11 +196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -243,11 +252,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -327,20 +338,92 @@ spec: x-kubernetes-list-type: atomic type: object paramRef: - description: ParamRef specifies the parameter resource used to configure + description: paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. + If the policy does not specify a ParamKind then this field is ignored, + and the rules are evaluated without a param. properties: name: - description: Name of the resource being referenced. + description: |- + name is the name of the resource being referenced. + + One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset. + + A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped. type: string namespace: - description: Namespace of the referenced resource. Should be empty - for the cluster-scoped resources + description: |- + namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields. + + A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty. + + - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error. + + - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error. + type: string + parameterNotFoundAction: + description: |- + `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy. + + Allowed values are `Allow` or `Deny` + + Required type: string + selector: + description: |- + selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind. + + If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together. + + One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object type: object policyName: description: PolicyName references a ValidatingAdmissionPolicy name @@ -348,6 +431,31 @@ spec: resource does not exist, this binding is considered invalid and will be ignored Required. type: string + validationActions: + description: |- + validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions. + + Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy. + + validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action. + + The supported actions values are: + + "Deny" specifies that a validation failure results in a denied request. + + "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses. + + "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"` + + Clients should expect to handle additional values by ignoring any values not recognized. + + "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers. + + Required. + items: + type: string + type: array + x-kubernetes-list-type: set type: object type: object served: true @@ -359,4 +467,4 @@ status: plural: "" conditions: null storedVersions: - - v1alpha1 + - v1 diff --git a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go index 272e9b4a0a1..c9006d00070 100644 --- a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go +++ b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go @@ -176,8 +176,8 @@ func (k *KubeValidatingAdmissionPolicy) getOrCreateDelegate(clusterName logicalc } plugin.SetNamespaceInformer(k.localKubeSharedInformerFactory.Core().V1().Namespaces().Cluster(clusterName)) - plugin.SetPolicyInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Cluster(clusterName).Informer()) - plugin.SetBindingInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Cluster(clusterName).Informer()) + plugin.SetPolicyInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies().Cluster(clusterName).Informer()) + plugin.SetBindingInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicyBindings().Cluster(clusterName).Informer()) plugin.SetExternalKubeClientSet(k.kubeClusterClient.Cluster(clusterName.Path())) // TODO(ncdc): this is super inefficient to do per workspace diff --git a/pkg/reconciler/cache/replication/replication_controller.go b/pkg/reconciler/cache/replication/replication_controller.go index 2b75c5456ac..e63b4ad02c9 100644 --- a/pkg/reconciler/cache/replication/replication_controller.go +++ b/pkg/reconciler/cache/replication/replication_controller.go @@ -27,7 +27,6 @@ import ( kcpkubernetesinformers "github.com/kcp-dev/client-go/informers" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" @@ -71,8 +70,7 @@ func NewController( shardName: shardName, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName), dynamicCacheClient: dynamicCacheClient, - - Gvrs: gvrs, + Gvrs: gvrs, } for gvr, info := range c.Gvrs { @@ -227,15 +225,15 @@ func InstallIndexers( Local: localKubeInformers.Admissionregistration().V1().ValidatingWebhookConfigurations().Informer(), Global: globalKubeInformers.Admissionregistration().V1().ValidatingWebhookConfigurations().Informer(), }, - admissionregistrationv1alpha1.SchemeGroupVersion.WithResource("validatingadmissionpolicies"): { + admissionregistrationv1.SchemeGroupVersion.WithResource("validatingadmissionpolicies"): { Kind: "ValidatingAdmissionPolicy", - Local: localKubeInformers.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Informer(), - Global: globalKubeInformers.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Informer(), + Local: localKubeInformers.Admissionregistration().V1().ValidatingAdmissionPolicies().Informer(), + Global: globalKubeInformers.Admissionregistration().V1().ValidatingAdmissionPolicies().Informer(), }, - admissionregistrationv1alpha1.SchemeGroupVersion.WithResource("validatingadmissionpolicybindings"): { + admissionregistrationv1.SchemeGroupVersion.WithResource("validatingadmissionpolicybindings"): { Kind: "ValidatingAdmissionPolicyBinding", - Local: localKubeInformers.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Informer(), - Global: globalKubeInformers.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Informer(), + Local: localKubeInformers.Admissionregistration().V1().ValidatingAdmissionPolicyBindings().Informer(), + Global: globalKubeInformers.Admissionregistration().V1().ValidatingAdmissionPolicyBindings().Informer(), }, corev1alpha1.SchemeGroupVersion.WithResource("shards"): { Kind: "Shard", From 14ff1aec39550733cf80b65e50776d3be6da1d85 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Wed, 24 Jul 2024 19:01:32 +0200 Subject: [PATCH 25/27] Pass correct informers to ValidatingAdmissionPolicy admission plugin add e2e conformance test Signed-off-by: Marvin Beckers --- .../validating_admission_policy.go | 23 ++- .../validatingadmissionpolicy_test.go | 177 ++++++++++++++++++ 2 files changed, 197 insertions(+), 3 deletions(-) create mode 100644 test/e2e/conformance/validatingadmissionpolicy_test.go diff --git a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go index c9006d00070..61e97ccb9a5 100644 --- a/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go +++ b/pkg/admission/validatingadmissionpolicy/validating_admission_policy.go @@ -26,12 +26,17 @@ import ( kcpkubernetesclientset "github.com/kcp-dev/client-go/kubernetes" "github.com/kcp-dev/logicalcluster/v3" + "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" + "k8s.io/apiserver/pkg/admission/plugin/policy/generic" "k8s.io/apiserver/pkg/admission/plugin/policy/validating" "k8s.io/apiserver/pkg/authorization/authorizer" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/client-go/discovery/cached/memory" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/informers" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/restmapper" "k8s.io/component-base/featuregate" "k8s.io/klog/v2" @@ -79,8 +84,8 @@ type KubeValidatingAdmissionPolicy struct { } var _ admission.ValidationInterface = &KubeValidatingAdmissionPolicy{} -var _ = initializers.WantsKcpInformers(&KubeValidatingAdmissionPolicy{}) var _ = initializers.WantsKubeClusterClient(&KubeValidatingAdmissionPolicy{}) +var _ = initializers.WantsKubeInformers(&KubeValidatingAdmissionPolicy{}) var _ = initializers.WantsServerShutdownChannel(&KubeValidatingAdmissionPolicy{}) var _ = initializers.WantsDynamicClusterClient(&KubeValidatingAdmissionPolicy{}) var _ = initializer.WantsFeatures(&KubeValidatingAdmissionPolicy{}) @@ -176,8 +181,6 @@ func (k *KubeValidatingAdmissionPolicy) getOrCreateDelegate(clusterName logicalc } plugin.SetNamespaceInformer(k.localKubeSharedInformerFactory.Core().V1().Namespaces().Cluster(clusterName)) - plugin.SetPolicyInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies().Cluster(clusterName).Informer()) - plugin.SetBindingInformer(k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicyBindings().Cluster(clusterName).Informer()) plugin.SetExternalKubeClientSet(k.kubeClusterClient.Cluster(clusterName.Path())) // TODO(ncdc): this is super inefficient to do per workspace @@ -189,6 +192,20 @@ func (k *KubeValidatingAdmissionPolicy) getOrCreateDelegate(clusterName logicalc plugin.SetDrainedNotification(ctx.Done()) plugin.InspectFeatureGates(k.featureGates) plugin.SetAuthorizer(k.authorizer) + plugin.SetClusterName(clusterName) + plugin.SetSourceFactory(func(_ informers.SharedInformerFactory, client kubernetes.Interface, dynamicClient dynamic.Interface, restMapper meta.RESTMapper, clusterName logicalcluster.Name) generic.Source[validating.PolicyHook] { + return generic.NewPolicySource( + k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies().Informer().Cluster(clusterName), + k.globalKubeSharedInformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicyBindings().Informer().Cluster(clusterName), + validating.NewValidatingAdmissionPolicyAccessor, + validating.NewValidatingAdmissionPolicyBindingAccessor, + validating.CompilePolicy, + nil, + dynamicClient, + restMapper, + clusterName, + ) + }) if err := plugin.ValidateInitialization(); err != nil { cancel() diff --git a/test/e2e/conformance/validatingadmissionpolicy_test.go b/test/e2e/conformance/validatingadmissionpolicy_test.go new file mode 100644 index 00000000000..f52f715ff17 --- /dev/null +++ b/test/e2e/conformance/validatingadmissionpolicy_test.go @@ -0,0 +1,177 @@ +/* +Copyright 2024 The KCP Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package conformance + +import ( + "context" + "strings" + "testing" + "time" + + kcpapiextensionsclientset "github.com/kcp-dev/client-go/apiextensions/client" + kcpkubernetesclientset "github.com/kcp-dev/client-go/kubernetes" + "github.com/kcp-dev/logicalcluster/v3" + "github.com/stretchr/testify/require" + + v1 "k8s.io/api/admission/v1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/utils/ptr" + + "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest" + wildwestv1alpha1 "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/apis/wildwest/v1alpha1" + wildwestclientset "github.com/kcp-dev/kcp/test/e2e/fixtures/wildwest/client/clientset/versioned/cluster" + "github.com/kcp-dev/kcp/test/e2e/framework" +) + +func TestValidatingAdmissionPolicyInWorkspace(t *testing.T) { + t.Parallel() + framework.Suite(t, "control-plane") + + server := framework.SharedKcpServer(t) + + ctx, cancelFunc := context.WithCancel(context.Background()) + t.Cleanup(cancelFunc) + + // using known path to cert and key + cfg := server.BaseConfig(t) + + scheme := runtime.NewScheme() + err := admissionregistrationv1.AddToScheme(scheme) + require.NoError(t, err, "failed to add admission registration v1 scheme") + err = v1.AddToScheme(scheme) + require.NoError(t, err, "failed to add admission v1 scheme") + err = wildwestv1alpha1.AddToScheme(scheme) + require.NoError(t, err, "failed to add cowboy v1alpha1 to scheme") + + orgPath, _ := framework.NewOrganizationFixture(t, server) + ws1Path, _ := framework.NewWorkspaceFixture(t, server, orgPath) + ws2Path, _ := framework.NewWorkspaceFixture(t, server, orgPath) + + kubeClusterClient, err := kcpkubernetesclientset.NewForConfig(cfg) + require.NoError(t, err, "failed to construct client for server") + cowbyClusterClient, err := wildwestclientset.NewForConfig(cfg) + require.NoError(t, err, "failed to construct cowboy client for server") + apiExtensionsClusterClient, err := kcpapiextensionsclientset.NewForConfig(cfg) + require.NoError(t, err, "failed to construct apiextensions client for server") + + t.Logf("Install the Cowboy resources into logical clusters") + for _, wsPath := range []logicalcluster.Path{ws1Path, ws2Path} { + t.Logf("Bootstrapping Workspace CRDs in logical cluster %s", wsPath) + crdClient := apiExtensionsClusterClient.ApiextensionsV1().CustomResourceDefinitions() + wildwest.Create(t, wsPath, crdClient, metav1.GroupResource{Group: "wildwest.dev", Resource: "cowboys"}) + } + + t.Logf("Installing validating admission policy into the first workspace") + policy := &admissionregistrationv1.ValidatingAdmissionPolicy{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "policy-", + }, + Spec: admissionregistrationv1.ValidatingAdmissionPolicySpec{ + FailurePolicy: ptr.To(admissionregistrationv1.Fail), + MatchConstraints: &admissionregistrationv1.MatchResources{ + ResourceRules: []admissionregistrationv1.NamedRuleWithOperations{ + { + RuleWithOperations: admissionregistrationv1.RuleWithOperations{ + Operations: []admissionregistrationv1.OperationType{ + admissionregistrationv1.Create, + admissionregistrationv1.Update, + }, + Rule: admissionregistrationv1.Rule{ + APIGroups: []string{wildwestv1alpha1.SchemeGroupVersion.Group}, + APIVersions: []string{wildwestv1alpha1.SchemeGroupVersion.Version}, + Resources: []string{"cowboys"}, + }, + }, + }, + }, + }, + Validations: []admissionregistrationv1.Validation{{ + Expression: "object.spec.intent != 'bad'", + }}, + }, + } + policy, err = kubeClusterClient.Cluster(ws1Path).AdmissionregistrationV1().ValidatingAdmissionPolicies().Create(ctx, policy, metav1.CreateOptions{}) + require.NoError(t, err, "failed to create ValidatingAdmissionPolicy") + require.Eventually(t, func() bool { + p, err := kubeClusterClient.Cluster(ws1Path).AdmissionregistrationV1().ValidatingAdmissionPolicies().Get(ctx, policy.Name, metav1.GetOptions{}) + if err != nil { + return false + } + + // check if ValidatingAdmissionPolicy status has been updated + // and no type checking errors came up + return p.Generation == p.Status.ObservedGeneration && p.Status.TypeChecking != nil && len(p.Status.TypeChecking.ExpressionWarnings) == 0 + }, wait.ForeverTestTimeout, 100*time.Millisecond) + + t.Logf("Installing validating admission policy binding into the first workspace") + binding := &admissionregistrationv1.ValidatingAdmissionPolicyBinding{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "binding-", + }, + Spec: admissionregistrationv1.ValidatingAdmissionPolicyBindingSpec{ + PolicyName: policy.Name, + ValidationActions: []admissionregistrationv1.ValidationAction{admissionregistrationv1.Deny}, + }, + } + + _, err = kubeClusterClient.Cluster(ws1Path).AdmissionregistrationV1().ValidatingAdmissionPolicyBindings().Create(ctx, binding, metav1.CreateOptions{}) + require.NoError(t, err, "failed to create ValidatingAdmissionPolicyBinding") + + badCowboy := wildwestv1alpha1.Cowboy{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "cowboy-", + }, + Spec: wildwestv1alpha1.CowboySpec{ + Intent: "bad", + }, + } + + goodCowboy := wildwestv1alpha1.Cowboy{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "cowboy-", + }, + Spec: wildwestv1alpha1.CowboySpec{ + Intent: "good", + }, + } + + t.Logf("Verifying that creating bad cowboy resource in first logical cluster is rejected") + require.Eventually(t, func() bool { + _, err := cowbyClusterClient.Cluster(ws1Path).WildwestV1alpha1().Cowboys("default").Create(ctx, &badCowboy, metav1.CreateOptions{}) + if err != nil { + if errors.IsInvalid(err) { + if strings.Contains(err.Error(), "failed expression: object.spec.intent != 'bad'") { + return true + } + } + t.Logf("Unexpected error when trying to create bad cowboy: %s", err) + } + return false + }, wait.ForeverTestTimeout, 1*time.Second) + + t.Logf("Verifying that creating good cowboy resource in first logical cluster succeeds") + _, err = cowbyClusterClient.Cluster(ws1Path).WildwestV1alpha1().Cowboys("default").Create(ctx, &goodCowboy, metav1.CreateOptions{}) + require.NoError(t, err) + + t.Logf("Verifying that creating bad cowboy resource in second logical cluster succeeds (policy should not apply here)") + _, err = cowbyClusterClient.Cluster(ws2Path).WildwestV1alpha1().Cowboys("default").Create(ctx, &badCowboy, metav1.CreateOptions{}) + require.NoError(t, err) +} From 012c466e82ef3e581450ea598b56d1f51c8ab392 Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Wed, 24 Jul 2024 19:02:40 +0200 Subject: [PATCH 26/27] Disable SuppressPerExpressionCost Signed-off-by: Marvin Beckers --- pkg/admission/apiresourceschema/validation.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/admission/apiresourceschema/validation.go b/pkg/admission/apiresourceschema/validation.go index 404fffb4592..889bba58690 100644 --- a/pkg/admission/apiresourceschema/validation.go +++ b/pkg/admission/apiresourceschema/validation.go @@ -171,6 +171,11 @@ var defaultValidationOpts = crdvalidation.ValidationOptions{ // Here this does not matter. The whole resource is always immutable. RequireImmutableNames: false, + // in Kube, the validation on CRD update will set it to true for unchanged schemas + // (ratcheting validation). Here, as everything is immutable, this case never + // happens. Hence, we can statically set it to false. + SuppressPerExpressionCost: false, + RequireOpenAPISchema: true, RequireValidPropertyType: true, RequireStructuralSchema: true, From bcec002aba1d271ce04d9b511da5fe89ebafd6fe Mon Sep 17 00:00:00 2001 From: Marvin Beckers Date: Wed, 24 Jul 2024 19:36:28 +0200 Subject: [PATCH 27/27] Update go dependencies for github.com/kcp-dev/kubernetes Signed-off-by: Marvin Beckers --- go.mod | 62 +++++++++++++++++++++---------------------- go.sum | 84 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 73 insertions(+), 73 deletions(-) diff --git a/go.mod b/go.mod index ca6bf213144..a52c2062f0e 100644 --- a/go.mod +++ b/go.mod @@ -177,35 +177,35 @@ require ( replace ( github.com/kcp-dev/kcp/cli => ./cli github.com/kcp-dev/kcp/sdk => ./sdk - k8s.io/api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240724164803-3b450c7d0daf - k8s.io/apiextensions-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240724164803-3b450c7d0daf - k8s.io/apimachinery => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240724164803-3b450c7d0daf - k8s.io/apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240724164803-3b450c7d0daf - k8s.io/cli-runtime => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240724164803-3b450c7d0daf - k8s.io/client-go => github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240724164803-3b450c7d0daf - k8s.io/cloud-provider => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240724164803-3b450c7d0daf - k8s.io/cluster-bootstrap => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240724164803-3b450c7d0daf - k8s.io/code-generator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240724164803-3b450c7d0daf - k8s.io/component-base => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240724164803-3b450c7d0daf - k8s.io/component-helpers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240724164803-3b450c7d0daf - k8s.io/controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240724164803-3b450c7d0daf - k8s.io/cri-api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240724164803-3b450c7d0daf - k8s.io/csi-translation-lib => github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240724164803-3b450c7d0daf - k8s.io/dynamic-resource-allocation => github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240724164803-3b450c7d0daf - k8s.io/endpointslice => github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kms => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kube-aggregator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kube-controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kube-proxy => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kube-scheduler => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kubectl => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kubelet => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240724164803-3b450c7d0daf - k8s.io/kubernetes => github.com/kcp-dev/kubernetes v0.0.0-20240724164803-3b450c7d0daf - k8s.io/legacy-cloud-providers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240724164803-3b450c7d0daf - k8s.io/metrics => github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240724164803-3b450c7d0daf - k8s.io/mount-utils => github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240724164803-3b450c7d0daf - k8s.io/pod-security-admission => github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240724164803-3b450c7d0daf - k8s.io/sample-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240724164803-3b450c7d0daf - k8s.io/sample-cli-plugin => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240724164803-3b450c7d0daf - k8s.io/sample-controller => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240724164803-3b450c7d0daf + k8s.io/api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/apiextensions-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/apimachinery => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/cli-runtime => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/client-go => github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/cloud-provider => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/cluster-bootstrap => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/code-generator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/component-base => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/component-helpers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/cri-api => github.com/kcp-dev/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/csi-translation-lib => github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/dynamic-resource-allocation => github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/endpointslice => github.com/kcp-dev/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kms => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kube-aggregator => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kube-controller-manager => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kube-proxy => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kube-scheduler => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kubectl => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kubelet => github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/kubernetes => github.com/kcp-dev/kubernetes v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/legacy-cloud-providers => github.com/kcp-dev/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/metrics => github.com/kcp-dev/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/mount-utils => github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/pod-security-admission => github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/sample-apiserver => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/sample-cli-plugin => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240729085603-f4832eb9a4c7 + k8s.io/sample-controller => github.com/kcp-dev/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240729085603-f4832eb9a4c7 ) diff --git a/go.sum b/go.sum index 6628729bbe1..d70e54b8f5f 100644 --- a/go.sum +++ b/go.sum @@ -173,48 +173,48 @@ github.com/kcp-dev/apimachinery/v2 v2.0.0 h1:hQuhBBh+AvUYYMRG+nDzo1VXxNCdMAE95wS github.com/kcp-dev/apimachinery/v2 v2.0.0/go.mod h1:cXCx7fku8/rYK23PNEBRLQ5ByoABoA+CZeJNC81TO0g= github.com/kcp-dev/client-go v0.0.0-20240712152257-bf1c9b833763 h1:vVwtXbun5IkLcQFN9zJ7JYQrwTgB37N+Mjd3B6Kjo64= github.com/kcp-dev/client-go v0.0.0-20240712152257-bf1c9b833763/go.mod h1:edNdEyMsrgVhV4aKkpZauQtsI0A8KmoodOtQrDhqWTc= -github.com/kcp-dev/kubernetes v0.0.0-20240715094234-d2685b68f922 h1:5BijbfuM3KanGBC03blnrYZYo66Pr3nNg4P+JbJqElM= -github.com/kcp-dev/kubernetes v0.0.0-20240715094234-d2685b68f922/go.mod h1:9ru4ndcnDRMyj4gdfHS6IQpy6vlugiADw85Fg6jZzf8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240715094234-d2685b68f922 h1:xq7nqCuzhHKtmZiZbzbvTvTfJ5+QnW7Uw3H35rPpaIs= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240715094234-d2685b68f922/go.mod h1:furJ7SMbGXOMPn3Kf4cKNNTLwHPk3NLDJEv+SXATzD4= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240715094234-d2685b68f922 h1:7NRVuStjnpwfaRg8rI035NO+d6HSUrBmL/EJpVzysWk= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240715094234-d2685b68f922/go.mod h1:nkqR9YUSFuYkYM9pHYygammYljfghl2/lHfLwBsjv64= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240715094234-d2685b68f922 h1:Eej9PlnkHjQrqts0rnU1tJXwlcUHcrNiKonGQ2zXX5E= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240715094234-d2685b68f922/go.mod h1:gzxH9BTlTA3LQcRGhAcXutPKzyMxIMkXYimk3dMs0Xk= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240715094234-d2685b68f922 h1:W7EcvdWzPUkEFzMRksBvQgeAqe5LP7+cimWWXmhQpOA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240715094234-d2685b68f922/go.mod h1:yaeb+0pBbi1Z4SGQM8op5NVzow2iu6AWadvkLcTmPzw= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240715094234-d2685b68f922 h1:xszucdc1/D4XusO58mrOvOKnQF3QiZp7o1EGPHev1S8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240715094234-d2685b68f922/go.mod h1:22tpYTPRG+d7RxuuGpqoaLD9pOt89xOwDXC7kgRS84M= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240715094234-d2685b68f922 h1:QzTAEGzTH5E2/GSqTi3Q6Gp470M7T2lkqbYKDvfYBF0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240715094234-d2685b68f922/go.mod h1:YQH8QRN0urvxOXpDiV9RAMgFjaDQx482PV6TS2JoZns= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240715094234-d2685b68f922 h1:ruC6Jp73z/kYColW1xe8QUveYPJX8JEw/FqgxLkGLgc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240715094234-d2685b68f922/go.mod h1:v21iUFkNALoVtXMAfLFDuSV1YpBuYaJNcC0gzGh6tKc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240715094234-d2685b68f922 h1:LZbnbLhogB3SKZnPHeilnroLAboEsrzJV09FR/N9JHA= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240715094234-d2685b68f922/go.mod h1:LJHgnDIRHiMLZRi893syhAEZ3tFyVOwjWHAGewd5jtQ= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240715094234-d2685b68f922 h1:Vltok2HJF6cfe90FBavxYOcDQPYORXgRetpvSe0zTS0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240715094234-d2685b68f922/go.mod h1:EDHG3dffw+SJ40L6WpXY3t241FPSpOhcD1t54f0aiWE= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240715094234-d2685b68f922 h1:Wu27gdlELyf83aUNi5HyKOzx1dUhvCq43kuzTUX8qEM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240715094234-d2685b68f922/go.mod h1:y/EYyXh/7uIrcsYCazzaoOnf3SzeudVBP46ynhYDl8o= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240715094234-d2685b68f922 h1:KiimDb1KrgfiGjjuVZMUR6z6RsUr+jiJXotUVl33NX0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240715094234-d2685b68f922/go.mod h1:5LAs6nY4EKThzlgjTUpohpVLgXsUfkDWPmfXLRq7b7c= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240715094234-d2685b68f922 h1:5WQuird55ZVruIUW9bQhjPowPQJZ6bcD2XLk1IM+lv4= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240715094234-d2685b68f922/go.mod h1:Tkgabv3gTBOaA8rN9epgkOZ/iPduzvVrN5fKl/cDpHM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240715094234-d2685b68f922 h1:oIBi1tvsNt6KBomXLs/8LYXCRmzuLF4RTi4rXUwvGv8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240715094234-d2685b68f922/go.mod h1:cIskFSiOGpBjkOwuUQCedHc8Rc0vJMuecCPW9wPphR0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240715094234-d2685b68f922 h1:QbB55tpmd7L0BulP3WnicX5hQ9lxV1ij/tlbo6dFJw0= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240715094234-d2685b68f922/go.mod h1:zuEaV38X6HTOJrTglntG5cZ/jpMiM1EYlHImqlt3X9I= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240715094234-d2685b68f922 h1:2JR01fsAle+YzcKYk7++UGQfk7EZ9O40bXu5N8aNNPw= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240715094234-d2685b68f922/go.mod h1:tig/CdAZHSLnfo7HOBGtZEUcX2ym3ksoloM6gnm3/ws= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240715094234-d2685b68f922 h1:95DFvuCOuY4c7RCBcvC5oGdoZ1Vq9uuvTPevzFNUuPM= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240715094234-d2685b68f922/go.mod h1:Muxr1mn3h9Z2aLNHj/oRYZOcehJicye1cgwXg+KEChg= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240715094234-d2685b68f922 h1:UuAuU04dhGHXFKtM6H99vUq8/hZdQzmrQK2mUxtPnH8= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240715094234-d2685b68f922/go.mod h1:6GtxVzkDExmipVJnXdauHRh77ytt46h5tsJXcf+HI2s= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240715094234-d2685b68f922 h1:FVPHdWfsqyccnJZqoV3MPe83XTRCPpzXbFo7ZIqjS4I= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240715094234-d2685b68f922/go.mod h1:x7ky9i4kiCPdiKDBrZ+Nl2TCvcdpZu3KLojwWV/WBEc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240715094234-d2685b68f922 h1:S3OpR8sQTv2rixT6YtKhSZPyb9uLqECYskfGJUPYKRg= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240715094234-d2685b68f922/go.mod h1:4xH05OdueH2hpDdvzFGddYb+1GoCt/1GzcYN7ci1S14= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240715094234-d2685b68f922 h1:JWGPxUJCpn9Vz9RJ59CcQmtginVWFVCHhRTK+Z/Bxdc= -github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240715094234-d2685b68f922/go.mod h1:lWjdcioUMwkpg2mh+jKA2TAuBzq4fJ7RQegElvJpnss= +github.com/kcp-dev/kubernetes v0.0.0-20240729085603-f4832eb9a4c7 h1:Fnrw6/vWqWijsGiVdrCjPltDbvzx7u5C4QkFeytFqzs= +github.com/kcp-dev/kubernetes v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:9ru4ndcnDRMyj4gdfHS6IQpy6vlugiADw85Fg6jZzf8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240729085603-f4832eb9a4c7 h1:VbD4DHAHF/IpAHv1aliFRNGVSXplWCcKMaLnqZmwbxs= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/api v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:furJ7SMbGXOMPn3Kf4cKNNTLwHPk3NLDJEv+SXATzD4= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240729085603-f4832eb9a4c7 h1:PlrSxZlHAfrtLDM+Kot65HV/tLo0l5Wxb/K29SOWUOI= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:nkqR9YUSFuYkYM9pHYygammYljfghl2/lHfLwBsjv64= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240729085603-f4832eb9a4c7 h1:Zhf42VoSmQumKIzxCxom+2+++RhvEelpRqOLgGYzNc0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:gzxH9BTlTA3LQcRGhAcXutPKzyMxIMkXYimk3dMs0Xk= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240729085603-f4832eb9a4c7 h1:gbVqnzQwB48ee/T3MqBgJI8rmDvN0aogCNh46O7LoUo= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:yaeb+0pBbi1Z4SGQM8op5NVzow2iu6AWadvkLcTmPzw= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240729085603-f4832eb9a4c7 h1:v+DHrpPxhxmRw8p5+A2erfDmmHpzP5jbvLGcwMQ6S2o= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:22tpYTPRG+d7RxuuGpqoaLD9pOt89xOwDXC7kgRS84M= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240729085603-f4832eb9a4c7 h1:1p1F69qLsOdEgz6yG1/cypW9cPh7gCVA3ADNhoHvLYI= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:YQH8QRN0urvxOXpDiV9RAMgFjaDQx482PV6TS2JoZns= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240729085603-f4832eb9a4c7 h1:rzYzVbBLQcb19ShtLO4p2dI9vSFOv8EqUpCwm9J+V6A= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:v21iUFkNALoVtXMAfLFDuSV1YpBuYaJNcC0gzGh6tKc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240729085603-f4832eb9a4c7 h1:tfFr43t5zB3yDYdXK77107DULsRLH3DWDO8sW0dx1vw= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:LJHgnDIRHiMLZRi893syhAEZ3tFyVOwjWHAGewd5jtQ= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240729085603-f4832eb9a4c7 h1:9E7Bx9TyJo3h4RKWvGCOhuchsUxMht9scvKp6Q8OVv8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:EDHG3dffw+SJ40L6WpXY3t241FPSpOhcD1t54f0aiWE= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240729085603-f4832eb9a4c7 h1:GrOCOYdU6TycL6FuKRchMRrFClOVo+iBIAJpUbpJvvE= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:y/EYyXh/7uIrcsYCazzaoOnf3SzeudVBP46ynhYDl8o= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240729085603-f4832eb9a4c7 h1:aqC5f2yYk8ZPUUwYvcUFWGhjDK9SAAGXoqqp9jaPIB0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:5LAs6nY4EKThzlgjTUpohpVLgXsUfkDWPmfXLRq7b7c= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240729085603-f4832eb9a4c7 h1:I2WmYcVSsEWP6nHh3szW2ZFkQS8QvT30BI1ObqY2qpo= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:Tkgabv3gTBOaA8rN9epgkOZ/iPduzvVrN5fKl/cDpHM= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240729085603-f4832eb9a4c7 h1:miIa6IyhAyJTI5pq4p5ho1yUC5w3PT9l9xmrD1gLb/Y= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:cIskFSiOGpBjkOwuUQCedHc8Rc0vJMuecCPW9wPphR0= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240729085603-f4832eb9a4c7 h1:1MIv7rFDRf+Y9p+b6IA/OJdqoCBTlJHI6gWgKQ84wPY= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:zuEaV38X6HTOJrTglntG5cZ/jpMiM1EYlHImqlt3X9I= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240729085603-f4832eb9a4c7 h1:zUFSiU4KY0XSGkC+ZHsSHGjb5W3/pRsXeZMwMTw4KcY= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kms v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:tig/CdAZHSLnfo7HOBGtZEUcX2ym3ksoloM6gnm3/ws= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240729085603-f4832eb9a4c7 h1:mHghPzTKnO1uFImS0rPVTaO5wOGAMj/NujnltrWyYQU= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:Muxr1mn3h9Z2aLNHj/oRYZOcehJicye1cgwXg+KEChg= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240729085603-f4832eb9a4c7 h1:jK/hFI58QJQKQ662PBKvcwtHEwlZ0xy7Ye/gTIlGSAQ= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:6GtxVzkDExmipVJnXdauHRh77ytt46h5tsJXcf+HI2s= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240729085603-f4832eb9a4c7 h1:QQkcoW8RI7ZLzgD+1IOjf5QuZTcAdfBKFCxrbyqHIB8= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:x7ky9i4kiCPdiKDBrZ+Nl2TCvcdpZu3KLojwWV/WBEc= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240729085603-f4832eb9a4c7 h1:7I5RDEdZ2LI1c+4VYOnn0bmc2Q7dc0R/Ugu33MgEafo= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:4xH05OdueH2hpDdvzFGddYb+1GoCt/1GzcYN7ci1S14= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240729085603-f4832eb9a4c7 h1:pI8jYUfjCGEQbD9udv3KDhigO81Y+TMpRCfSry35g1Q= +github.com/kcp-dev/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240729085603-f4832eb9a4c7/go.mod h1:lWjdcioUMwkpg2mh+jKA2TAuBzq4fJ7RQegElvJpnss= github.com/kcp-dev/logicalcluster/v3 v3.0.5 h1:JbYakokb+5Uinz09oTXomSUJVQsqfxEvU4RyHUYxHOU= github.com/kcp-dev/logicalcluster/v3 v3.0.5/go.mod h1:EWBUBxdr49fUB1cLMO4nOdBWmYifLbP1LfoL20KkXYY= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=