diff --git a/charts/gardener-extension-os-gardenlinux/templates/poddisruptionbudget.yaml b/charts/gardener-extension-os-gardenlinux/templates/poddisruptionbudget.yaml index b35fd7b2e..c622115dc 100644 --- a/charts/gardener-extension-os-gardenlinux/templates/poddisruptionbudget.yaml +++ b/charts/gardener-extension-os-gardenlinux/templates/poddisruptionbudget.yaml @@ -12,6 +12,6 @@ spec: matchLabels: app.kubernetes.io/name: gardener-extension-os-gardenlinux app.kubernetes.io/instance: {{ .Release.Name }} -{{- if semverCompare ">= 1.26-0" .Capabilities.KubeVersion.GitVersion }} +{{- if semverCompare ">= 1.26-0" .Capabilities.KubeVersion.Version }} unhealthyPodEvictionPolicy: AlwaysAllow {{- end }} diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index b8a7c073e..3bfe8e678 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,7 +5,7 @@ metadata: name: os-gardenlinux type: helm providerConfig: - chart: H4sIAAAAAAAAA+0ca3PbNjKf+Sv2mOsk6YSkJNtyTze5qSq7qaeu7bGcdDqdTgYiIYk1RfAAUIqa5n77LQC+9LIeTp26FcZjUyD2gV1gH8DKA8IDGlPu0PeSxiJkscOEM9C9URin770n9241bMdHR/ovtvm/+rl+cFhvHDWaTdVfbx7U60/g6P6k17dUSMIBnnDG5F3j1r1/pG2wVv/ukEajcBAzTnekoRTcPDxcqX9U+6z+G7XDw+YTqH3Sma5of3P9P4UrIiXlsQDJwKgZJkMaQy8NoyCMB5AQ/5YMqHCtp3AzDAWINEkYl/iASyOCQcR6MCLSH+Lol8BpRGQ4pggnh5V+EgeIIKYDfMtieJ5w2g/f0wAmIY77xwsXLuNoCizWkIolSCgHXITUtdyT7ruuRN4QRYeNRojgbacLQciF5Q5C6enfhn3L7f3GPf077xgOPPUr/yjGsVci6uH80gT6YUSF9aUrJgn+7pFb/C1H+Pw/HPqW8JClAs5OTpFgwtmv1JeWGwaUeGYcdlnuWPgsoJ71ubW6eVu//ztDwqU7JaNoVxrr9n/j4Gh+/zcO9vv/QRpJwreUK723YFy3SJIUH+26W7OtgAqfh4nUXW34Dp0B+GpJQJ9xkEMKr7MllD3AuVo2cNmFYklZMRnRFqxda9Y4p11zkfgj2kaPtq3f/wHz3QG7D401+79RPzyYi/+OD2tH+/3/EM3z0A0mU/SUQwnP/ReAtrcG3fYVdE8BNziJ9QfSR/cYEknBZ6OExFMX2uj6NZhAly8oH9PANfGB8qSAf6PQxyWFHj6NA2psRRuDCfzTZX05IRhpnJshL2HsQgMNhk8TCURAzCTCMQThk1AgtliDn591Ti+QMUXB8jz8yTEsIVLgziwaNNwaPFcD7OyV/eLfCsWUpRinTBVRSJGYLCaRMYTU1bRRALFPTbwiSwKuwvFThoP1JMHhBAES/NSvDgQiM6Z1G0qZtDxvMpm4RHPsMj7wMqEJL5urg1xnUG9ijFCUtP+bhhxn3JsC2msEID3kNSITrbABp/hOBXMxTDgGRSr4EpnAFZogFJKHvVTOCC3nEadeHYBiwyVgt7tw1rXhm3b3rPtSIfnx7Oa7yzc38GP7+rp9cXN22oXLa+hcXpyc3ZxdXuCnb6F98RN8f3Zx8hJoqDSJ4sSgD2eAbIZKnLhiFK4upTMs5I5FJNQP+6GPU4sHKYagMGDoIWIdlFI+CoVSq9CRJaKJwlEodXApFuflWjhkwFoDZezUOhZDcHywXdfDnzGNA8Y9DCGHac9FXXu5XSwfhhgmejm447NYchZFaDk5HSiBacouop21n+DCP5/7RIKh9Pb0uovyeZF9pO8JCoJ6q9CpsAsuE0UTZ92dCklHHRb3w0GrSmP5iBEdMT7FgLrKj60EgUG/jukzT05jtYIEzMjHBPlaGVmnkrsSqc84x/AXSqZhhmkrqWLfe/E/c1vv/3E9JZjRoUXalcbW5z+N2kHteH/+8xBtG/2/w3QfDY1wZbJVLrgu/zs8mj//aTT3+d/DtA8fHICA9sMYw6JwhFbbBufjRwtAvQn7MCTiSp/UgC2GpHHUbNngviVRSoWrx7uSDKCASHgYyz7YX4ivvxDzIzlNmAglOqW7UNAIY4AlCFs7I4wD9aHyqJ/zWQc0idh0RGOZpZ9GAhhaCQ9T4hxM9X1ubX36ts3+LwW13XHQmv1/2GzW5/b/wUGzsd//D9Gq5z/5ir8N46AFJ4W2rRGVJCCStHBDbXqUY0YKDAVx+IcP4F7TiBIMxC/ybrNBI9LDDa8wg2LAvU17GOJTqbYy8zanhvkUjUYYf3s66twUaJFkGOOKiJdxbRhGQpj1OmRMQuQds2I5VdkABtxojgRLuY94cuKuH7E08OQ0QXxlvGyp1EbNmdNxqFj7DqNntGLnKoVpQU2/0ZmdMGxkxi3r7LA0loYbgfz5CGoEqE/bzysSva9MdxFQbjAyliprR7XMrWDOVswKh/DQF65JQ7o+x0UZD3JpIwsxZuYmscuxAPoFhnBDmlbmZC9hyF4BIRQZBSN5SstBT5VbIGkkIeNK2f6EoQ8ypwBlmoYqCEd0BXaVOmX8zE1SJ1UlWxWnZDqiGe3dX3+7LXHVcPiEcTQGg4XlzPLpO6gqffbD0XxEEZvQYDP4AHU5A5HvCCPLkHHcV52ICHExO12hM1znX7VaNliRxxy/7ftqV1xsJRylT4JBAC8E7mxh4EzTAYeWZBj7URqUcZRblabuu0qj6IrhFp7ObGsTsyTFyyqcz0Yj3CzlgnDA25w5BxxnRN4rA+WnmLXH0sHUHT+oy65XFRbKla2fs8HdaYw7oMKNwjekaF97lEinsPCvVhl4WAGJyOnEwV2FyiORIxRPwUqGCjhXw51lYF0DtUAmCIUyJJUzmhnM2etO+RZ+h19xi4P90p6frLkydJg5YEFBl8ZoFbcG5DKHaBcA87gLNWZxZxVhsWOyd/OwmTlxeuirHRIE6lztVWu1vSmAM/u7QCdbPVS6fRR0yulrFfO5bwTN73cuWEDbAxrL5fNAUCcVVJTTihHAIQpi6cx2pLhgMQE/jqv7w+zg89P2yen1u9Pz0446kXx30f7htHvV7pwWIwHGiqVv0XK3Kp0A/ZBGwTXtz/Zm/VdEDluFW3OLPWDNSbYIBqqcFp0tHA6S/aTO9xYhfocY9aomXq/NpS6fOP7bJv5PWIB7h6f6MrCXBgO6WSKwJv6v1xbif3w43sf/D9Gq8X+inU+ZAVyx4KTQ9zda348kFdg25MmDD3SVb+Isso9wbP3PGGFndkbQEfqGjrqO4xhz/OcV1N1G06lh3NEhiclMQsT3PaLOVOy+DuXbqj9JY3StkRxOUdWnGEUpRefxSTuakKloqxDtD7Q/+/Z52zb2n/eIv0sh0Br7f9A4Ppg//63X9vb/QZrjOFbVB2gdk1QOMQH7zVzn3X6ljVLhFjoRyozyaxbRHd3BIzvz4WmkAjYHAcPXnKWJZt0p65vmz3usmUBPDfWNzIT+wPLbWpPLmsOju155yJ1M7xzRD2MShb8ZEugXehlh5bPV3ygU5mGiHJh+SoqnNEEd0sUJ2vbiTDBV41SK6vMuxBFQkaxQL1naiA86xvB4jl6GdCN4I7gRST4VjvydDmqy+ZcLz8ElFaiFqYIJVRK3VFCTtSrxGeMBiruyMxf50st36byg0AeUBOG+ZLaeurNspxZZPiwXTi6Se1msb7ADN8/fxHDhhLM0NtfvHfLCUYsGfnPpiLSniqK1oTR4ujMnc588YfjcrvMv0baJ/7KT1q1DwHX1nwdH8/XfjeZhbR//PUSbq/+e2bh/aLK/cKlTuS5YeY/W52zkkEgdGNPAMVc4DuoPXYRwstsER383pQXPfv5gq0f7jlPRl3bCmWQ+i+yWfdO5sj/+8mxjZop5OvkRQUa1ckaAxO1Ziz1zcIhUDVL74zaUExY42hUVlMujeBRDqG4Ny+BUo30KN5cnly1ToKthlTfhjKD7VyWfNOHUJ6riU93MxQwiFg8oR3ZogJ1Z/W0/Vee0LlzTERvros2RqtYVTJWJimJ1FBcUX4/r7vGRqiGBHqWx+m6QWguBu53GzcGUszhtfYW0bDHshP/TLaBHFifkx1/mmjpz/2dXC4dfD3soB2AUYZVn+pn0NTpzxbrmxiPXDi78ztU+YlhsO/h/YuK5zcOAdfV/R43585/DRn3v/x+k3eX/88D9cZz5P4ilxLyJjZRQZkV0w24pCrBPIkEfl5XZZv+PE7LT90DX3f81jubv/+rHzf3+f5A2d2mtVGzKsAJdAlsaB1stfeFjdInhVHHA0kPT0LAzs4FjZYgjrljQzgZTvov1cJCNDS1IEbrouK+4s69yXq3MWVLrW1TpLJQ96hhyYwtkjqey2zMNa3p+YAGdiVOUjKuD3XJcWbM8p5M8fq3WB832GZJFQZPuDGmlrql4ZUqknn35rKhKGIVx28S+1YoH8/UhzXrxlTN7kRm3hHYNiEoocgj7jmksgVxds/25N8pftK23/2Ojvnv8A4B19r++5P9/HB/u7f9DNFO9qK1J/lWKFtCUM8ylA+bfYqKc3A7cgI7LqsPs3194SdrDbVx+Q7I8cvAWrKMkgxboMELZ1aRSB3nWv2DySn2FGE2uVV4xwIePloVGQzGXuaQWqGLdFaZv0YjlBqx5+EO41kDbymXZllWp5FOD5mohW3CEnSsr/PIQUEWj2WWGobSsbrEFBzXLWqxGbMHPv1hWLtWWuQzJnLC6hCrq5gzqavGcEdpTTNulviLU397M8uKXQN2BCyIvr+5NQR+clIXLVjZS4X2aybwog87hCm3kddqFUkxC/lXtq/0/bti3fdu3ffvzt/8D/TZn6QBQAAA= + chart: H4sIAAAAAAAAA+0ca3PbNjKf+Sv2mOsk6YTUw5bc001uqshu66lreywnnU6nk4FISGJNEjwAlKKmud9+C4AvvSzJTp26FcZjUyD2gV1gH8DKI8J9GlPu0PeSxiJgscOEM9K9YRCn72tP7t3q2I5aLf0X2+Jf/dw4OGw0W812W/U32geNxhNo3Z/05pYKSTjAE86YvG3cpvePtI026t8d0zAKRjHj9I40lILbh4dr9Y9qn9d/s3542H4C9U860zXtb67/p3BJpKQ8FiAZGDXDdExjGKRB6AfxCBLi3ZARFa71FK7HgQCRJgnjEh9waYQwCtkAIiK9MY5+CZyGRAYTinByXOknsY8IYjrCtyyG5wmnw+A99WEa4Lh/vHDhIg5nwGINqViChHLARUhdyz3uv+tL5A1R9FgUIYK3vT74AReWOwpkTf827Fvu4Dde07/zjvGopn7lH8UkrpWIBji/NIFhEFJhfemKaYK/B+QGf8sIn/+HQ98SHrBUwOnxCRJMOPuVetJyA5+SmhmHXZY7ER7zac363Frdvm3e/70x4dKdkSi8K41N+7950Frc/82D/f5/kEaS4C3lSu8dmDQskiTFR7vh1m3Lp8LjQSJ1Vxe+Q2cAnloSMGQc5JjCt9kSyh7gTC0buOhDsaSsmES0AxvXmjXJadddJP6IttGjbZv3v888d8TuQ2PD/m82Dg8W4r+jw3prv/8fotVq6AaTGXrKsYTn3gtA21uHfvcS+ieAG5zE+gMZonsMiKTgsSgh8cyFLrp+DSbQ5QvKJ9R3TXygPCng3zDwcEmhh09jnxpb0cVgAv/02VBOCUYaZ2bIS5i40ESD4dFEAhEQM4lwDEH4NBCILdbgZ6e9k3NkTFGwajX8yTGsIFLgziwaNN06PFcD7OyV/eLfCsWMpRinzBRRSJGYLCaRMYTU1bRRALFHTbwiSwKuwvFThoMNJMHhBAES/DSsDgQiM6Z1G0uZdGq16XTqEs2xy/iolglN1LK5Osh1BvUmxghFSfu/acBxxoMZoL1GADJAXkMy1QobcYrvVDAXw5RjUKSCL5EJXKHxAyF5MEjlnNByHnHq1QEoNlwCdrcPp30bXnf7p/2XCsmPp9ffXby5hh+7V1fd8+vTkz5cXEHv4vz49Pr04hw/fQPd85/g+9Pz45dAA6VJFCcGfTgDZDNQ4sQVo3D1KZ1jIXcsIqFeMAw8nFo8SjEEhRFDDxHroJTyKBBKrUJHlogmDKJA6uBSLM/LtXDIiHVGytipdSzG4Hhgu24NfyY09hmvYQg5Tgcu6rqW28XyYYxhYi0HdzwWS87CEC0npyMlME3ZRbTz9hNc+Odzj0gwlN6eXPVRPi+yj/Q9QUHQ2jp0KuyCi0TRxFn3Z0LSqMfiYTDqVGmsHhHRiPEZBtRVfmwlCAz6dUyfeXIaqxUkYE4+JsjXysg6ldyVSD3GOYa/UDINc0xbSRX73ov/mdtm/4/rKcGMDi3SXWnsfP7TrB/Uj/bnPw/RdtH/O0z30dAIVyY75YKb8r/D1uL5T7O9z/8epn344AD4dBjEGBYFEVptG5yPHy0A9SYYwpiIS31SA7YYk2ar3bHBfUvClApXj3clGUEBkfAglkOwvxBffyEWR3KaMBFIdEq3oaAhxgArEHbujDD21YfKo37OZ+3TJGSziMYySz+NBDC0EjVMiXMw1fe5tfXp2y77vxTUbsdBG/b/YbvdWNj/Bwft5n7/P0Srnv/kK/4miP0OHBfatiIqiU8k6eCG2vYox4wUGAri8A8fwL2iISUYiJ/n3WaDhmSAG15hBsWAe5MOMMSnUm1lVtueGuZTNIww/q7pqHNboGWSQYwrIl7FtWEYCWHW65AJCZB3zIrlTGUDGHCjORIs5R7iyYm7XshSvyZnCeIr42VLpTZqzpxOAsXadxg9oxU7UylMB+r6jc7shGEjM25ZZ4+lsTTcCOTPQ1AjQH3aflaR6H1lehcB5QYjY6mydlTL3ArmbMWscAgPPOGaNKTvcVyU8SiXNrIQY2ZuErscC6BfYAg3pmllTvYKhuw1EEKRUTCSp7Qc9FS5BZKGEjKulO1PGPogcwpQpmmogiCia7Cr1CnjZ2GSOqkq2ao4JdMRzmnv/vq72xJXDYdPGUdjMFpaziyfvoOq0mc/HM1HGLIp9beD91GXcxD5jjCyDBjHfdULiRDn89MVOsN1/lWvZ4MVeczxu56ndsX5TsJR+iQYBPBC4M4OBs40HXBoSQaxF6Z+GUe5VWnqvss0DC8ZbuHZ3LY2MUtSvKzCeSyKcLOUC8KB2vbMOeA4EXmvDJSXYtYeSwdTd/ygLrteVVgoV7Z+zgb3ZzHugAo3Ct+Yon0dUCKdwsK/WmfgYQ0kIqdTB3cVKo+EjlA8+WsZKuBcDXeagfUN1BIZPxDKkFTOaOYwZ6975Vv4HX7FLQ72S3txsubK0GHmgAUFXRqjddwakIscolsALOIu1JjFnVWExY7J3i3CZubEGaCvdojvq3O1V5319qYAzuzvEp1s9VDpDlHQKaffqpjPfSNofr9zznzaHdFYrp4HgjqpoKKcVowADlEQK2d2R4pLFhPw46S6P8wOPjvpHp9cvTs5O+mpE8l3590fTvqX3d5JMRJgolj6Bi13p9IJMAxo6F/R4Xxv1n9J5LhTuDW32APWgmSLYKDKadHZweEg2U/qfG8Z4neIUa9q4o36QuryieO/XeL/hPm4d3iqLwMHqT+i2yUCG+L/Rn0p/281jw728f9DtGr8n2jnU2YAl8w/LvT9Wuv7kaQCu4Y8efCBrvJNnEX2IY5t/Bkj7MzOCBqhb+ip6ziOMcd/XkHDbbadOsYdPZKYzCRAfN8j6kzF7tuqM0lj9KuhHM9QzycYQikt58FJN5ySmeiq+OwPND779tnbLvafD4h3l0KgDfb/QBn7hfPfhjr/39v/P745jmNVfYDWMUnlGBOw38x13s1X2igVbqEXoswov2IhvaM7eGRnPjwNVcDmIGDwLWdpoll3yvqmxfMeay7QU0M9IzOhP7D8ttbksubw6LZXNeROpreOGAYxCYPfDAn0C4OMsPLZ6m8YCPMwVQ5MPyXFU5qgDunyBG17eSaYqnEqRfX5LsQRUJGsUC9Z2ooPOsHweIFehnQreCO4iCSfCkf+Tgc12fzLhefgkvLVwlTBhCqJWymo6UaVeIxxH8Vd2ZnLfOnlu3JeUOgDSoJwXzI7T91ZtVOLLB9WCycXyb0s1mvswM3zNzFcOOEsjc31e4u8cNSygd9eOiIdqKJobSgNnv7cydwnTxg+t+v8S7Rd4r/spHXnEHBT/edBa7H+u9k+rO/jv4doC/Xfcxv3D032ly51KtcFa+/RhpxFDgnVgTH1HXOF46D+0EUIJ7tNcPR3Uzrw7OcPtnq0bzkVfWknnEnmsdDu2Ne9S/vjL8+2ZqaYp5MfEWRUK2cESNyet9hzB4dI1SC1P+5COWG+o11RQbk8ikcxBOrWsAxONdqncH1xfNExBboaVnkTzgi6f1XySRNOPaIqPtXNXMwgZPGIcmSH+tiZ1d8OU3VO68IVjdhEF21GqlpXMFUmKorVUVxQfD1puEctVUMCA0pj9d0gtRZ8dzeNm4MpZ3na+gpp1WK4E/5Pt4AeWZyQH3+Za+rM/Z9eLh1+PeyhHIBRhFWe6WfS1+jMFeuGG49cO7jwe5f7iGG53cH/ExPPbR8GbKr/azUXz38Om429/3+Qdpv/zwP3x3Hm/yCWEvMmFimhzIvomt1QFOCQhII+Liuzy/6fJORO3wPddP/XbC3W/zWO2vv9/yBt4dJaqdiUYfm6BLY0DrZa+sLD6BLDqeKAZYCmoWlnZgPHygBHXDK/mw2m/C7Ww0E2trQgReii477izr7KebUyZ0Wtb1Gls1T2qGPIrS2QOZ7KLtA0rOn5gfl0Lk5RMq4OdstxZc3ygk7y+LVaHzTfZ0gWBU26M6CVuqbilSmRevbls6IqIQrirol9qxUP5utDmvXiK2f2MjNuCe0aEJVQ5BD2LdNYAbm+Zvtzb5S/aNts/ydGfff4BwCb7H9jxf//ODrc2/+HaKZ6UVuT/KsUHaApZ5hL+8y7wUQ5uRm5Pp2UVYfZv7+oJekAt3H5DcnyyKG2ZB0lGXVAhxHKriaVOsjT4TmTl+orxGhyrfKKAT58tCw0Goq5zCV1QBXrrjF9y0YsN2Dtwx+CjQbaVi7LtqxKJZ8atFAL2YEWdq6t8MtDQBWNZpcZhtKqusUOHNQta7kasQM//2JZuVQ75jIkc8LqEqqomzOoq8VzRmhPMW2X+opQf3szy4tfAnVHLoi8vHowA31wUhYuW9lIhfdpJvOiDDqHK7SR12kXSjEJ+Vf1r/b/uGHf9m3f9u3P3/4PCai5MwBQAAA= values: image: tag: v0.24.0-dev diff --git a/go.mod b/go.mod index 7824b66b5..cdf9d3d84 100644 --- a/go.mod +++ b/go.mod @@ -4,17 +4,17 @@ go 1.21 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 - github.com/gardener/gardener v1.87.1 - github.com/go-logr/logr v1.2.4 + github.com/gardener/gardener v1.88.0 + github.com/go-logr/logr v1.3.0 github.com/onsi/ginkgo/v2 v2.13.0 github.com/onsi/gomega v1.29.0 github.com/spf13/cobra v1.7.0 golang.org/x/tools v0.13.0 - k8s.io/api v0.28.3 - k8s.io/apimachinery v0.28.3 - k8s.io/code-generator v0.28.3 - k8s.io/component-base v0.28.3 - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + k8s.io/api v0.28.4 + k8s.io/apimachinery v0.28.4 + k8s.io/code-generator v0.28.4 + k8s.io/component-base v0.28.4 + k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.16.3 ) @@ -27,8 +27,8 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/bronze1man/yaml2json v0.0.0-20211227013850-8972abeaea25 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/cyphar/filepath-securejoin v0.2.3 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect @@ -74,6 +74,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.71.0 // indirect github.com/prometheus/client_golang v1.16.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.44.0 // indirect @@ -92,7 +93,7 @@ require ( golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.17.0 // indirect + golang.org/x/net v0.19.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect golang.org/x/sys v0.15.0 // indirect golang.org/x/term v0.15.0 // indirect @@ -109,13 +110,13 @@ require ( helm.sh/helm/v3 v3.11.1 // indirect istio.io/api v1.19.2-0.20231011000955-f3015ebb5bd4 // indirect istio.io/client-go v1.19.3 // indirect - k8s.io/apiextensions-apiserver v0.28.3 // indirect + k8s.io/apiextensions-apiserver v0.28.4 // indirect k8s.io/autoscaler/vertical-pod-autoscaler v1.0.0 // indirect - k8s.io/client-go v0.28.3 // indirect + k8s.io/client-go v0.28.4 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect k8s.io/helm v2.17.0+incompatible // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/klog/v2 v2.110.1 // indirect k8s.io/kube-aggregator v0.28.3 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect k8s.io/kubelet v0.28.3 // indirect @@ -123,6 +124,6 @@ require ( sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231015215740-bf15e44028f9 // indirect sigs.k8s.io/controller-tools v0.13.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 95208d9cb..45dd6da02 100644 --- a/go.sum +++ b/go.sum @@ -92,11 +92,12 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= @@ -130,8 +131,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/gardener/etcd-druid v0.22.0 h1:DVe+Zjrb93r9vI1uUiCTMHBffIUoMAKhNzFZNC6hsQ8= github.com/gardener/etcd-druid v0.22.0/go.mod h1:FROhfVKyWBo4krlPe3R6FIhJRmOmijEWBdEeUP0CJjE= -github.com/gardener/gardener v1.87.1 h1:TZ8I13CF7vZ0Z+9xD2504G/HjIn6k0aq+29xoNCojRY= -github.com/gardener/gardener v1.87.1/go.mod h1:MNqPkSxLD2w+HeIP56JnZbZtaqPnDb4hSRl3JWEZTWU= +github.com/gardener/gardener v1.88.0 h1:rswlezvHGqAcReLZRovPJdSEPWEOc67lHMWQqZQGICc= +github.com/gardener/gardener v1.88.0/go.mod h1:HaefCVQWgYinwiZi4z8vEGu534/ql+bW9EEKy1bEsHY= github.com/gardener/hvpa-controller/api v0.5.0 h1:f4F3O7YUrenwh4S3TgPREPiB287JjjUiUL18OqPLyAA= github.com/gardener/hvpa-controller/api v0.5.0/go.mod h1:QQl3ELkCaki+8RhXl0FZMfvnm0WCGwGJlGmrxJj6lvM= github.com/gardener/machine-controller-manager v0.50.0 h1:3dcQjzueFU1TGgprV00adjb3OCR99myTBx8DQGxywks= @@ -144,9 +145,9 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= @@ -364,8 +365,11 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.71.0 h1:et+XkusxWLz+XNqZiyMom9tv9ACvNAUyLXti2LTiV7o= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.71.0/go.mod h1:3RiUkFmR9kmPZi9r/8a5jw0a9yg+LMmr7qa0wjqvSiI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= @@ -419,8 +423,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= @@ -548,8 +552,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,31 +855,31 @@ istio.io/client-go v1.19.3/go.mod h1:ra3fVlXcquh7EuQnNssuLxfp6lFv/nx5314PvNEzOUs k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= k8s.io/api v0.18.8/go.mod h1:d/CXqwWv+Z2XEG1LgceeDmHQwpUJhROPx16SlxJgERY= k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= -k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= -k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= -k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= -k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= +k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= +k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM= k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig= k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= -k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= -k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w= -k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= +k8s.io/apiserver v0.28.4 h1:BJXlaQbAU/RXYX2lRz+E1oPe3G3TKlozMMCZWu5GMgg= +k8s.io/apiserver v0.28.4/go.mod h1:Idq71oXugKZoVGUUL2wgBCTHbUR+FYTWa4rq9j4n23w= k8s.io/autoscaler/vertical-pod-autoscaler v0.9.0/go.mod h1:PwWTGRRCxefhAezrDbG/tRYSAW7etHjjMPAr8fXKVAA= k8s.io/autoscaler/vertical-pod-autoscaler v1.0.0 h1:y0TgWoHaeYEv3L1MfLC+D2WVxyN1fGr6axURHXq+wHE= k8s.io/autoscaler/vertical-pod-autoscaler v1.0.0/go.mod h1:w6/LjLR3DPQd57vlgvgbpzpuJKsCiily0+OzQI+nyfI= k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw= k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU= -k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= -k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= -k8s.io/code-generator v0.28.3 h1:I847QvdpYx7xKiG2KVQeCSyNF/xU9TowaDAg601mvlw= -k8s.io/code-generator v0.28.3/go.mod h1:A2EAHTRYvCvBrb/MM2zZBNipeCk3f8NtpdNIKawC43M= +k8s.io/code-generator v0.28.4 h1:tcOSNIZQvuAvXhOwpbuJkKbAABJQeyCcQBCN/3uI18c= +k8s.io/code-generator v0.28.4/go.mod h1:OQAfl6bZikQ/tK6faJ18Vyzo54rUII2NmjurHyiN1g4= k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k= -k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI= -k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8= +k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= +k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -892,8 +896,8 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= k8s.io/kube-aggregator v0.28.3 h1:CVbj3+cpshSHR5dWPzLYx3sVpIDEPLlzMSxY/lAc9cM= k8s.io/kube-aggregator v0.28.3/go.mod h1:5DyLevbRTcWnT1f9b+lB3BfbXC1w7gDa/OtB6kKInCw= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= @@ -907,8 +911,8 @@ k8s.io/metrics v0.28.3 h1:w2s3kVi7HulXqCVDFkF4hN/OsL1tXTTb4Biif995h/g= k8s.io/metrics v0.28.3/go.mod h1:OZZ23AHFojPzU6r3xoHGRUcV3I9pauLua+07sAUbwLc= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -923,9 +927,9 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h6 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/apis/memoryonegardenlinux/v1alpha1/defaults.go b/pkg/apis/memoryonegardenlinux/v1alpha1/defaults.go index 40a1e6b4a..f1cd6a0d5 100644 --- a/pkg/apis/memoryonegardenlinux/v1alpha1/defaults.go +++ b/pkg/apis/memoryonegardenlinux/v1alpha1/defaults.go @@ -16,7 +16,7 @@ package v1alpha1 import ( "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) func addDefaultingFuncs(scheme *runtime.Scheme) error { @@ -26,11 +26,11 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error { // SetDefaults_OperatingSystemConfiguration sets the defaults for the Garden Linux operating system configuration func SetDefaults_OperatingSystemConfiguration(obj *OperatingSystemConfiguration) { if isEmptyString(obj.MemoryTopology) { - obj.MemoryTopology = pointer.String("2") + obj.MemoryTopology = ptr.To("2") } if isEmptyString(obj.SystemMemory) { - obj.SystemMemory = pointer.String("6x") + obj.SystemMemory = ptr.To("6x") } } diff --git a/pkg/controller/operatingsystemconfig/actuator_test.go b/pkg/controller/operatingsystemconfig/actuator_test.go index 7c874db60..a08cfc011 100644 --- a/pkg/controller/operatingsystemconfig/actuator_test.go +++ b/pkg/controller/operatingsystemconfig/actuator_test.go @@ -24,7 +24,7 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -55,7 +55,7 @@ var _ = Describe("Actuator", func() { Type: gardenlinux.OSTypeGardenLinux, }, Purpose: extensionsv1alpha1.OperatingSystemConfigPurposeProvision, - Units: []extensionsv1alpha1.Unit{{Name: "some-unit", Content: pointer.String("foo")}}, + Units: []extensionsv1alpha1.Unit{{Name: "some-unit", Content: ptr.To("foo")}}, Files: []extensionsv1alpha1.File{{Path: "/some/file", Content: extensionsv1alpha1.FileContent{Inline: &extensionsv1alpha1.FileContentInline{Data: "bar"}}}}, }, } @@ -217,7 +217,7 @@ ExecStartPre=/opt/gardener/bin/containerd_cgroup_driver.sh Expect(extensionFiles).To(ConsistOf( extensionsv1alpha1.File{ Path: "/opt/gardener/bin/g_functions.sh", - Permissions: pointer.Int32(0755), + Permissions: ptr.To[int32](0755), Content: extensionsv1alpha1.FileContent{Inline: &extensionsv1alpha1.FileContentInline{Data: `#!/bin/bash set -Eeuo pipefail @@ -285,7 +285,7 @@ function check_running_containerd_tasks { }, extensionsv1alpha1.File{ Path: "/opt/gardener/bin/kubelet_cgroup_driver.sh", - Permissions: pointer.Int32(0755), + Permissions: ptr.To[int32](0755), Content: extensionsv1alpha1.FileContent{Inline: &extensionsv1alpha1.FileContentInline{Data: `#!/bin/bash set -Eeuo pipefail @@ -342,7 +342,7 @@ fi }, extensionsv1alpha1.File{ Path: "/opt/gardener/bin/containerd_cgroup_driver.sh", - Permissions: pointer.Int32(0755), + Permissions: ptr.To[int32](0755), Content: extensionsv1alpha1.FileContent{Inline: &extensionsv1alpha1.FileContentInline{Data: `#!/bin/bash set -Eeuo pipefail diff --git a/pkg/controller/operatingsystemconfig/generator/generator_test.go b/pkg/controller/operatingsystemconfig/generator/generator_test.go index 1134cc20b..7716cbf2d 100644 --- a/pkg/controller/operatingsystemconfig/generator/generator_test.go +++ b/pkg/controller/operatingsystemconfig/generator/generator_test.go @@ -22,7 +22,7 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/gardener/gardener-extension-os-gardenlinux/pkg/apis/memoryonegardenlinux/v1alpha1" gardenlinux_generator "github.com/gardener/gardener-extension-os-gardenlinux/pkg/controller/operatingsystemconfig/generator" @@ -93,8 +93,8 @@ dataKey: token`) } memoryOneOsConfig = &v1alpha1.OperatingSystemConfiguration{ - MemoryTopology: pointer.String("3"), - SystemMemory: pointer.String("7x"), + MemoryTopology: ptr.To("3"), + SystemMemory: ptr.To("7x"), } gardenlinuxOsctemplate = commongen.OperatingSystemConfig{ diff --git a/vendor/github.com/cyphar/filepath-securejoin/.travis.yml b/vendor/github.com/cyphar/filepath-securejoin/.travis.yml deleted file mode 100644 index b94ff8cf9..000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/.travis.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (C) 2017 SUSE LLC. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -language: go -go: - - 1.13.x - - 1.16.x - - tip -arch: - - AMD64 - - ppc64le -os: - - linux - - osx - -script: - - go test -cover -v ./... - -notifications: - email: false diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index 3624617c8..4eca0f235 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -1,6 +1,6 @@ ## `filepath-securejoin` ## -[![Build Status](https://travis-ci.org/cyphar/filepath-securejoin.svg?branch=master)](https://travis-ci.org/cyphar/filepath-securejoin) +[![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml) An implementation of `SecureJoin`, a [candidate for inclusion in the Go standard library][go#20126]. The purpose of this function is to be a "secure" diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 717903969..abd410582 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.2.3 +0.2.4 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index 7dd08dbbd..aa32b85fb 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -39,17 +39,27 @@ func IsNotExist(err error) bool { // components in the returned string are not modified (in other words are not // replaced with symlinks on the filesystem) after this function has returned. // Such a symlink race is necessarily out-of-scope of SecureJoin. +// +// Volume names in unsafePath are always discarded, regardless if they are +// provided via direct input or when evaluating symlinks. Therefore: +// +// "C:\Temp" + "D:\path\to\file.txt" results in "C:\Temp\path\to\file.txt" func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { // Use the os.* VFS implementation if none was specified. if vfs == nil { vfs = osVFS{} } + unsafePath = filepath.FromSlash(unsafePath) var path bytes.Buffer n := 0 for unsafePath != "" { if n > 255 { - return "", &os.PathError{Op: "SecureJoin", Path: root + "/" + unsafePath, Err: syscall.ELOOP} + return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + } + + if v := filepath.VolumeName(unsafePath); v != "" { + unsafePath = unsafePath[len(v):] } // Next path component, p. diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/cmd/options.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/cmd/options.go index edfcd5751..0a8c91b63 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/cmd/options.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/cmd/options.go @@ -25,7 +25,7 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/leaderelection/resourcelock" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" controllerconfig "sigs.k8s.io/controller-runtime/pkg/config" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -274,7 +274,7 @@ func (c *ManagerConfig) Apply(opts *manager.Options) { opts.Metrics = metricsserver.Options{BindAddress: c.MetricsBindAddress} opts.HealthProbeBindAddress = c.HealthBindAddress opts.Logger = c.Logger - opts.Controller = controllerconfig.Controller{RecoverPanic: pointer.Bool(true)} + opts.Controller = controllerconfig.Controller{RecoverPanic: ptr.To(true)} opts.WebhookServer = webhook.NewServer(webhook.Options{ Host: c.WebhookServerHost, Port: c.WebhookServerPort, diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/bash.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/bash.go index e103a4d73..580d29fe2 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/bash.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/bash.go @@ -20,7 +20,7 @@ import ( "path" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" @@ -41,7 +41,7 @@ func FilesToDiskScript(ctx context.Context, reader client.Reader, namespace stri out += ` mkdir -p "` + path.Dir(file.Path) + `" -` + catDataIntoFile(file.Path, data, pointer.BoolDeref(file.Content.TransmitUnencoded, false)) +` + catDataIntoFile(file.Path, data, ptr.Deref(file.Content.TransmitUnencoded, false)) if file.Permissions != nil { out += ` diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/generator/test/template_generator.go b/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/generator/test/template_generator.go index 9f6b6922d..0287869fe 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/generator/test/template_generator.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/generator/test/template_generator.go @@ -20,7 +20,7 @@ import ( "github.com/go-logr/logr" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon/generator" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" @@ -50,7 +50,7 @@ var DescribeTest = func(g generator.Generator, files embed.FS) func() { { Path: "/foo2", Content: []byte("bar"), - TransmitUnencoded: pointer.Bool(true), + TransmitUnencoded: ptr.To(true), }, }, diff --git a/vendor/github.com/gardener/gardener/extensions/pkg/util/shoot_clients.go b/vendor/github.com/gardener/gardener/extensions/pkg/util/shoot_clients.go index cb3c8ebbe..c7e48622b 100644 --- a/vendor/github.com/gardener/gardener/extensions/pkg/util/shoot_clients.go +++ b/vendor/github.com/gardener/gardener/extensions/pkg/util/shoot_clients.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/version" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" extensionsconfig "github.com/gardener/gardener/extensions/pkg/apis/config" @@ -72,9 +72,9 @@ func NewShootClients(c client.Client, clientset kubernetes.Interface, gardenerCl // ApplyRESTOptions applies RESTOptions to the given rest.Config func ApplyRESTOptions(restConfig *rest.Config, restOptions extensionsconfig.RESTOptions) *rest.Config { - restConfig.QPS = pointer.Float32Deref(restOptions.QPS, restConfig.QPS) - restConfig.Burst = pointer.IntDeref(restOptions.Burst, restConfig.Burst) - restConfig.Timeout = pointer.DurationDeref(restOptions.Timeout, restConfig.Timeout) + restConfig.QPS = ptr.Deref(restOptions.QPS, restConfig.QPS) + restConfig.Burst = ptr.Deref(restOptions.Burst, restConfig.Burst) + restConfig.Timeout = ptr.Deref(restOptions.Timeout, restConfig.Timeout) return restConfig } diff --git a/vendor/github.com/gardener/gardener/hack/.ci/component_descriptor b/vendor/github.com/gardener/gardener/hack/.ci/component_descriptor index 61b44e12c..fac5deeb4 100755 --- a/vendor/github.com/gardener/gardener/hack/.ci/component_descriptor +++ b/vendor/github.com/gardener/gardener/hack/.ci/component_descriptor @@ -55,7 +55,7 @@ fi if [[ ! -z "$image_vector_path" ]]; then # default environment variables if [[ -z "${COMPONENT_PREFIXES}" ]]; then - COMPONENT_PREFIXES="europe-docker.pkg.dev/gardener-project/releases/gardener" + COMPONENT_PREFIXES="europe-docker.pkg.dev/gardener-project/releases/gardener,europe-docker.pkg.dev/gardener-project/snapshots/gardener" fi if [[ -z "${COMPONENT_CLI_ARGS}" ]]; then diff --git a/vendor/github.com/gardener/gardener/hack/generate-crds.sh b/vendor/github.com/gardener/gardener/hack/generate-crds.sh index 89e8372e2..7639bac26 100755 --- a/vendor/github.com/gardener/gardener/hack/generate-crds.sh +++ b/vendor/github.com/gardener/gardener/hack/generate-crds.sh @@ -67,6 +67,15 @@ get_group_package () { "fluentbit.fluent.io") echo "github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2" ;; + "monitoring.coreos.com_v1") + echo "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + ;; + "monitoring.coreos.com_v1beta1") + echo "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" + ;; + "monitoring.coreos.com_v1alpha1") + echo "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + ;; "autoscaling.k8s.io") echo "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1" ;; @@ -87,6 +96,9 @@ generate_all_groups () { generate_group hvpaautoscaling.k8s.io generate_group autoscaling.k8s.io generate_group fluentbit.fluent.io + generate_group monitoring.coreos.com_v1 + generate_group monitoring.coreos.com_v1beta1 + generate_group monitoring.coreos.com_v1alpha1 generate_group machine.sapcloud.io } @@ -133,6 +145,10 @@ generate_group () { fi local relevant_files=("$@") + + sanitized_group_name="${group/hvpa/}" + sanitized_group_name="${sanitized_group_name%%_*}" + while IFS= read -r crd; do crd_out="$output_dir/$file_name_prefix$(basename $crd)" mv "$crd" "$crd_out" @@ -155,7 +171,7 @@ generate_group () { if [[ ${group} =~ .*\.k8s\.io ]]; then sed -i "/^ annotations:.*/a\ api-approved.kubernetes.io: $k8s_io_api_approval_reason" "$crd_out" fi - done < <(ls "$output_dir_temp/${group/hvpa/}"_*.yaml) + done < <(ls "$output_dir_temp/$sanitized_group_name"_*.yaml) # garbage collection - clean all generated files for this group to account for changed prefix or removed resources local pattern=".*${group}_.*\.yaml" diff --git a/vendor/github.com/gardener/gardener/hack/kind-up.sh b/vendor/github.com/gardener/gardener/hack/kind-up.sh index 25df9f882..a2893b7bd 100755 --- a/vendor/github.com/gardener/gardener/hack/kind-up.sh +++ b/vendor/github.com/gardener/gardener/hack/kind-up.sh @@ -190,6 +190,9 @@ if [[ "$IPFAMILY" == "ipv6" ]] && [[ "$MULTI_ZONAL" == "true" ]]; then ADDITIONAL_ARGS="$ADDITIONAL_ARGS --set gardener.seed.istio.listenAddresses={::1,::10,::11,::12}" fi + +# TODO(acumino): update to kindest/node:v1.29.0 once we have a solution for adding seed authorizer in provider-local setup +# For details check https://github.com/gardener/gardener/issues/8871 kind create cluster \ --name "$CLUSTER_NAME" \ --image "kindest/node:v1.28.0" \ diff --git a/vendor/github.com/gardener/gardener/hack/tools.mk b/vendor/github.com/gardener/gardener/hack/tools.mk index e43050313..637f4bc7a 100755 --- a/vendor/github.com/gardener/gardener/hack/tools.mk +++ b/vendor/github.com/gardener/gardener/hack/tools.mk @@ -58,17 +58,17 @@ VGOPATH := $(TOOLS_BIN_DIR)/vgopath # default tool versions GOLANGCI_LINT_VERSION ?= v1.55.2 -GO_APIDIFF_VERSION ?= v0.7.0 +GO_APIDIFF_VERSION ?= v0.8.2 GO_ADD_LICENSE_VERSION ?= v1.1.1 -GOIMPORTSREVISER_VERSION ?= v3.6.0 +GOIMPORTSREVISER_VERSION ?= v3.6.4 GO_VULN_CHECK_VERSION ?= latest HELM_VERSION ?= v3.14.0 -KIND_VERSION ?= v0.20.0 -KUBECTL_VERSION ?= v1.29.0 -PROMTOOL_VERSION ?= 2.48.0 -PROTOC_VERSION ?= 25.1 +KIND_VERSION ?= v0.21.0 +KUBECTL_VERSION ?= v1.29.1 +PROMTOOL_VERSION ?= 2.49.1 +PROTOC_VERSION ?= 25.2 SKAFFOLD_VERSION ?= v2.9.0 -YQ_VERSION ?= v4.40.4 +YQ_VERSION ?= v4.40.5 VGOPATH_VERSION ?= v0.1.3 # tool versions from go.mod diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_common.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_common.go index 7b4e94a71..26727fecd 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_common.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_common.go @@ -117,7 +117,7 @@ type LastOperation struct { // Gardener holds the information about the Gardener. type Gardener struct { - // ID is the Docker container id of the Gardener which last acted on a Shoot cluster. + // ID is the container id of the Gardener which last acted on a Shoot cluster. ID string // Name is the hostname (pod name) of the Gardener which last acted on a Shoot cluster. Name string diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go index baf260363..59746ff74 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/types_shoot.go @@ -863,8 +863,13 @@ type KubeletConfig struct { MaxPods *int32 // PodPIDsLimit is the maximum number of process IDs per pod allowed by the kubelet. PodPIDsLimit *int64 + // TODO(shafeeqes): Remove this field in gardener v1.89 + // ImagePullProgressDeadline describes the time limit under which if no pulling progress is made, the image pulling will be cancelled. // Default: 1m + // Only relevant for docker CRI. + // + // Deprecated: This field is deprecated and will be removed in Gardener release v1.89. ImagePullProgressDeadline *metav1.Duration // FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true). FailSwapOn *bool @@ -1215,8 +1220,6 @@ type CRIName string const ( // CRINameContainerD is a constant for ContainerD CRI name. CRINameContainerD CRIName = "containerd" - // CRINameDocker is a constant for Docker CRI name. - CRINameDocker CRIName = "docker" ) // ContainerRuntime contains information about worker's available container runtime diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go index 2d5a3f585..87604b323 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/constants/types_constants.go @@ -435,6 +435,8 @@ const ( // LabelSecretBindingReference is used to identify secrets which are referred by a SecretBinding (not necessarily in the same namespace). LabelSecretBindingReference = "reference.gardener.cloud/secretbinding" + // LabelPrefixSeedName is the prefix for the label key describing the name of a seed, e.g. seed.gardener.cloud/my-seed=true. + LabelPrefixSeedName = "seed.gardener.cloud/" // LabelExtensionExtensionTypePrefix is used to prefix extension label for extension types. LabelExtensionExtensionTypePrefix = "extensions.extensions.gardener.cloud/" @@ -513,6 +515,14 @@ const ( // server). LabelNetworkPolicyAccessTargetAPIServer = "networking.gardener.cloud/access-target-apiserver" + // LabelAuthorizationExtensionsServiceAccountSelector is a constant for an annotation key on ClusterRoles in the + // garden cluster which can be used to describe a selector for labels on ServiceAccounts which are allowed to get + // bound to this ClusterRole. + LabelAuthorizationExtensionsServiceAccountSelector = "authorization.gardener.cloud/extensions-serviceaccount-selector" + // LabelAuthorizationCustomExtensionsPermissions is a constant for a label key on ClusterRoles in the garden + // cluster which can be used to describe that this ClusterRole contains custom permissions for extensions. + LabelAuthorizationCustomExtensionsPermissions = "authorization.gardener.cloud/custom-extensions-permissions" + // LabelApp is a constant for a label key. LabelApp = "app" // LabelRole is a constant for a label key. diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_cloudprofile.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_cloudprofile.go index a744a7db6..e7b1497a5 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_cloudprofile.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_cloudprofile.go @@ -15,7 +15,7 @@ package v1beta1 import ( - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" ) @@ -33,7 +33,7 @@ func SetDefaults_MachineImageVersion(obj *MachineImageVersion) { if len(obj.CRI) == 0 { obj.CRI = []CRI{ { - Name: CRINameDocker, + Name: CRINameContainerD, }, } } @@ -46,17 +46,17 @@ func SetDefaults_MachineImageVersion(obj *MachineImageVersion) { // SetDefaults_MachineType sets default values for MachineType objects. func SetDefaults_MachineType(obj *MachineType) { if obj.Architecture == nil { - obj.Architecture = pointer.String(v1beta1constants.ArchitectureAMD64) + obj.Architecture = ptr.To(v1beta1constants.ArchitectureAMD64) } if obj.Usable == nil { - obj.Usable = pointer.Bool(true) + obj.Usable = ptr.To(true) } } // SetDefaults_VolumeType sets default values for VolumeType objects. func SetDefaults_VolumeType(obj *VolumeType) { if obj.Usable == nil { - obj.Usable = pointer.Bool(true) + obj.Usable = ptr.To(true) } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_controllerregistration.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_controllerregistration.go index 4dfc92774..947a84fda 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_controllerregistration.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_controllerregistration.go @@ -18,18 +18,18 @@ import ( "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // SetDefaults_ControllerResource sets default values for ControllerResource objects. func SetDefaults_ControllerResource(obj *ControllerResource) { if obj.Primary == nil { - obj.Primary = pointer.Bool(true) + obj.Primary = ptr.To(true) } if obj.Kind == "Extension" { if obj.GloballyEnabled == nil { - obj.GloballyEnabled = pointer.Bool(false) + obj.GloballyEnabled = ptr.To(false) } if obj.ReconcileTimeout == nil { diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_seed.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_seed.go index d3dfb8c7c..257ddc061 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_seed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_seed.go @@ -17,7 +17,7 @@ package v1beta1 import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // SetDefaults_Seed sets default values for Seed objects. @@ -34,7 +34,7 @@ func SetDefaults_SeedSettings(obj *SeedSettings) { setDefaults_ExcessCapacityReservationConfig(obj.ExcessCapacityReservation) } - if pointer.BoolDeref(obj.ExcessCapacityReservation.Enabled, true) && len(obj.ExcessCapacityReservation.Configs) == 0 { + if ptr.Deref(obj.ExcessCapacityReservation.Enabled, true) && len(obj.ExcessCapacityReservation.Configs) == 0 { setDefaults_ExcessCapacityReservationConfig(obj.ExcessCapacityReservation) } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_shoot.go index 28d5bcc85..a13ac8af6 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/defaults_shoot.go @@ -21,7 +21,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" "github.com/gardener/gardener/pkg/utils/timewindow" @@ -60,7 +60,7 @@ func SetDefaults_Shoot(obj *Shoot) { for i, worker := range obj.Spec.Provider.Workers { if worker.Machine.Architecture == nil { - obj.Spec.Provider.Workers[i].Machine.Architecture = pointer.String(v1beta1constants.ArchitectureAMD64) + obj.Spec.Provider.Workers[i].Machine.Architecture = ptr.To(v1beta1constants.ArchitectureAMD64) } if worker.CRI == nil { @@ -69,7 +69,7 @@ func SetDefaults_Shoot(obj *Shoot) { if worker.Kubernetes != nil && worker.Kubernetes.Kubelet != nil { if worker.Kubernetes.Kubelet.FailSwapOn == nil { - obj.Spec.Provider.Workers[i].Kubernetes.Kubelet.FailSwapOn = pointer.Bool(true) + obj.Spec.Provider.Workers[i].Kubernetes.Kubelet.FailSwapOn = ptr.To(true) } if nodeSwapFeatureGateEnabled, ok := worker.Kubernetes.Kubelet.FeatureGates["NodeSwap"]; ok && nodeSwapFeatureGateEnabled && !*worker.Kubernetes.Kubelet.FailSwapOn { @@ -88,10 +88,10 @@ func SetDefaults_Shoot(obj *Shoot) { // these fields are relevant only for shoot with workers if len(obj.Spec.Provider.Workers) > 0 { if obj.Spec.Kubernetes.KubeAPIServer.DefaultNotReadyTolerationSeconds == nil { - obj.Spec.Kubernetes.KubeAPIServer.DefaultNotReadyTolerationSeconds = pointer.Int64(300) + obj.Spec.Kubernetes.KubeAPIServer.DefaultNotReadyTolerationSeconds = ptr.To(int64(300)) } if obj.Spec.Kubernetes.KubeAPIServer.DefaultUnreachableTolerationSeconds == nil { - obj.Spec.Kubernetes.KubeAPIServer.DefaultUnreachableTolerationSeconds = pointer.Int64(300) + obj.Spec.Kubernetes.KubeAPIServer.DefaultUnreachableTolerationSeconds = ptr.To(int64(300)) } if obj.Spec.Kubernetes.KubeControllerManager == nil { @@ -118,7 +118,7 @@ func SetDefaults_Shoot(obj *Shoot) { obj.Spec.Kubernetes.KubeProxy.Mode = &defaultProxyMode } if obj.Spec.Kubernetes.KubeProxy.Enabled == nil { - obj.Spec.Kubernetes.KubeProxy.Enabled = pointer.Bool(true) + obj.Spec.Kubernetes.KubeProxy.Enabled = ptr.To(true) } if obj.Spec.Addons == nil { @@ -136,7 +136,7 @@ func SetDefaults_Shoot(obj *Shoot) { obj.Spec.Kubernetes.Kubelet = &KubeletConfig{} } if obj.Spec.Kubernetes.Kubelet.FailSwapOn == nil { - obj.Spec.Kubernetes.Kubelet.FailSwapOn = pointer.Bool(true) + obj.Spec.Kubernetes.Kubelet.FailSwapOn = ptr.To(true) } if nodeSwapFeatureGateEnabled, ok := obj.Spec.Kubernetes.Kubelet.FeatureGates["NodeSwap"]; ok && nodeSwapFeatureGateEnabled && !*obj.Spec.Kubernetes.Kubelet.FailSwapOn { @@ -149,13 +149,13 @@ func SetDefaults_Shoot(obj *Shoot) { } } if obj.Spec.Kubernetes.Kubelet.ImageGCHighThresholdPercent == nil { - obj.Spec.Kubernetes.Kubelet.ImageGCHighThresholdPercent = pointer.Int32(50) + obj.Spec.Kubernetes.Kubelet.ImageGCHighThresholdPercent = ptr.To(int32(50)) } if obj.Spec.Kubernetes.Kubelet.ImageGCLowThresholdPercent == nil { - obj.Spec.Kubernetes.Kubelet.ImageGCLowThresholdPercent = pointer.Int32(40) + obj.Spec.Kubernetes.Kubelet.ImageGCLowThresholdPercent = ptr.To(int32(40)) } if obj.Spec.Kubernetes.Kubelet.SerializeImagePulls == nil { - obj.Spec.Kubernetes.Kubelet.SerializeImagePulls = pointer.Bool(true) + obj.Spec.Kubernetes.Kubelet.SerializeImagePulls = ptr.To(true) } var ( @@ -180,7 +180,7 @@ func SetDefaults_Shoot(obj *Shoot) { } if obj.Spec.Maintenance.AutoUpdate.MachineImageVersion == nil { - obj.Spec.Maintenance.AutoUpdate.MachineImageVersion = pointer.Bool(true) + obj.Spec.Maintenance.AutoUpdate.MachineImageVersion = ptr.To(true) } if obj.Spec.Provider.WorkersSettings == nil { @@ -205,7 +205,7 @@ func SetDefaults_Shoot(obj *Shoot) { } if obj.Spec.SchedulerName == nil { - obj.Spec.SchedulerName = pointer.String(v1beta1constants.DefaultSchedulerName) + obj.Spec.SchedulerName = ptr.To(v1beta1constants.DefaultSchedulerName) } } @@ -215,13 +215,13 @@ func SetDefaults_KubeAPIServerConfig(obj *KubeAPIServerConfig) { obj.Requests = &APIServerRequests{} } if obj.Requests.MaxNonMutatingInflight == nil { - obj.Requests.MaxNonMutatingInflight = pointer.Int32(400) + obj.Requests.MaxNonMutatingInflight = ptr.To(int32(400)) } if obj.Requests.MaxMutatingInflight == nil { - obj.Requests.MaxMutatingInflight = pointer.Int32(200) + obj.Requests.MaxMutatingInflight = ptr.To(int32(200)) } if obj.EnableAnonymousAuthentication == nil { - obj.EnableAnonymousAuthentication = pointer.Bool(false) + obj.EnableAnonymousAuthentication = ptr.To(false) } if obj.EventTTL == nil { obj.EventTTL = &metav1.Duration{Duration: time.Hour} @@ -230,7 +230,7 @@ func SetDefaults_KubeAPIServerConfig(obj *KubeAPIServerConfig) { obj.Logging = &APIServerLogging{} } if obj.Logging.Verbosity == nil { - obj.Logging.Verbosity = pointer.Int32(2) + obj.Logging.Verbosity = ptr.To(int32(2)) } } @@ -314,7 +314,7 @@ func SetDefaults_ClusterAutoscaler(obj *ClusterAutoscaler) { obj.ScaleDownUnneededTime = &metav1.Duration{Duration: 30 * time.Minute} } if obj.ScaleDownUtilizationThreshold == nil { - obj.ScaleDownUtilizationThreshold = pointer.Float64(0.5) + obj.ScaleDownUtilizationThreshold = ptr.To(float64(0.5)) } if obj.ScanInterval == nil { obj.ScanInterval = &metav1.Duration{Duration: 10 * time.Second} @@ -327,19 +327,19 @@ func SetDefaults_ClusterAutoscaler(obj *ClusterAutoscaler) { obj.MaxNodeProvisionTime = &metav1.Duration{Duration: 20 * time.Minute} } if obj.MaxGracefulTerminationSeconds == nil { - obj.MaxGracefulTerminationSeconds = pointer.Int32(600) + obj.MaxGracefulTerminationSeconds = ptr.To(int32(600)) } if obj.IgnoreDaemonsetsUtilization == nil { - obj.IgnoreDaemonsetsUtilization = pointer.Bool(false) + obj.IgnoreDaemonsetsUtilization = ptr.To(false) } if obj.Verbosity == nil { - obj.Verbosity = pointer.Int32(2) + obj.Verbosity = ptr.To(int32(2)) } if obj.NewPodScaleUpDelay == nil { obj.NewPodScaleUpDelay = &metav1.Duration{Duration: 0} } if obj.MaxEmptyBulkDelete == nil { - obj.MaxEmptyBulkDelete = pointer.Int32(10) + obj.MaxEmptyBulkDelete = ptr.To(int32(10)) } } @@ -358,7 +358,7 @@ func calculateDefaultNodeCIDRMaskSize(shoot *ShootSpec) *int32 { // If shoot is using IPv6 single-stack, don't be stingy and allocate larger pod CIDRs per node. // We don't calculate a nodeCIDRMaskSize matching the maxPods settings in this case, and simply apply // kube-controller-manager's default value for the --node-cidr-mask-size flag. - return pointer.Int32(64) + return ptr.To(int32(64)) } var maxPods int32 = 110 // default maxPods setting on kubelet diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto index ec6c4d054..4003987d5 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/generated.proto @@ -877,7 +877,7 @@ message FailureTolerance { // Gardener holds the information about the Gardener version that operated a resource. message Gardener { - // ID is the Docker container id of the Gardener which last acted on a resource. + // ID is the container id of the Gardener which last acted on a resource. optional string id = 1; // Name is the hostname (pod name) of the Gardener which last acted on a resource. @@ -1247,6 +1247,9 @@ message KubeletConfig { // ImagePullProgressDeadline describes the time limit under which if no pulling progress is made, the image pulling will be cancelled. // +optional // Default: 1m + // Only relevant for docker CRI. + // + // Deprecated: This field is deprecated and will be removed in Gardener release v1.89. optional k8s.io.apimachinery.pkg.apis.meta.v1.Duration imagePullProgressDeadline = 12; // FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true). diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go index d7093445c..4ad77d236 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/helper/helper.go @@ -27,7 +27,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" @@ -387,7 +387,7 @@ func ShootConfinesSpecUpdateRollout(maintenance *gardencorev1beta1.Maintenance) // SeedSettingExcessCapacityReservationEnabled returns true if the 'excess capacity reservation' setting is enabled. func SeedSettingExcessCapacityReservationEnabled(settings *gardencorev1beta1.SeedSettings) bool { - return settings == nil || settings.ExcessCapacityReservation == nil || pointer.BoolDeref(settings.ExcessCapacityReservation.Enabled, true) + return settings == nil || settings.ExcessCapacityReservation == nil || ptr.Deref(settings.ExcessCapacityReservation.Enabled, true) } // SeedSettingVerticalPodAutoscalerEnabled returns true if the 'verticalPodAutoscaler' setting is enabled. @@ -1139,8 +1139,8 @@ func CalculateSeedUsage(shootList []gardencorev1beta1.Shoot) map[string]int { for _, shoot := range shootList { var ( - specSeed = pointer.StringDeref(shoot.Spec.SeedName, "") - statusSeed = pointer.StringDeref(shoot.Status.SeedName, "") + specSeed = ptr.Deref(shoot.Spec.SeedName, "") + statusSeed = ptr.Deref(shoot.Status.SeedName, "") ) if specSeed != "" { @@ -1439,7 +1439,7 @@ func IsPSPDisabled(shoot *gardencorev1beta1.Shoot) bool { if shoot.Spec.Kubernetes.KubeAPIServer != nil { for _, plugin := range shoot.Spec.Kubernetes.KubeAPIServer.AdmissionPlugins { - if plugin.Name == "PodSecurityPolicy" && pointer.BoolDeref(plugin.Disabled, false) { + if plugin.Name == "PodSecurityPolicy" && ptr.Deref(plugin.Disabled, false) { return true } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_common.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_common.go index a18eced5d..6b7cdb41e 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_common.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_common.go @@ -119,7 +119,7 @@ type LastOperation struct { // Gardener holds the information about the Gardener version that operated a resource. type Gardener struct { - // ID is the Docker container id of the Gardener which last acted on a resource. + // ID is the container id of the Gardener which last acted on a resource. ID string `json:"id" protobuf:"bytes,1,opt,name=id"` // Name is the hostname (pod name) of the Gardener which last acted on a resource. Name string `json:"name" protobuf:"bytes,2,opt,name=name"` diff --git a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go index 13036c369..130dd3264 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/core/v1beta1/types_shoot.go @@ -1098,9 +1098,14 @@ type KubeletConfig struct { // PodPIDsLimit is the maximum number of process IDs per pod allowed by the kubelet. // +optional PodPIDsLimit *int64 `json:"podPidsLimit,omitempty" protobuf:"varint,11,opt,name=podPidsLimit"` + // TODO(shafeeqes): Remove this field in gardener v1.89 + // ImagePullProgressDeadline describes the time limit under which if no pulling progress is made, the image pulling will be cancelled. // +optional // Default: 1m + // Only relevant for docker CRI. + // + // Deprecated: This field is deprecated and will be removed in Gardener release v1.89. ImagePullProgressDeadline *metav1.Duration `json:"imagePullProgressDeadline,omitempty" protobuf:"bytes,12,opt,name=imagePullProgressDeadline"` // FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true). // +optional @@ -1550,8 +1555,6 @@ type CRIName string const ( // CRINameContainerD is a constant for ContainerD CRI name. CRINameContainerD CRIName = "containerd" - // CRINameDocker is a constant for Docker CRI name. - CRINameDocker CRIName = "docker" ) // ContainerRuntime contains information about worker's available container runtime diff --git a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go index 746d6625a..3b9c8fc84 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go @@ -138,11 +138,6 @@ const ( CommandStop UnitCommand = "stop" ) -// UnitCommandPtr returns a pointer to the provided unit command. -func UnitCommandPtr(c UnitCommand) *UnitCommand { - return &c -} - // DropIn is a drop-in configuration for a systemd unit. type DropIn struct { // Name is the name of the drop-in. @@ -278,8 +273,6 @@ type CRIName string const ( // CRINameContainerD is a constant for ContainerD CRI name CRINameContainerD CRIName = "containerd" - // CRINameDocker is a constant for Docker CRI name - CRINameDocker CRIName = "docker" ) // ContainerDRuntimeContainersBinFolder is the folder where Container Runtime binaries should be saved for ContainerD usage diff --git a/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go b/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go index 0b2f2ad2f..0e25f7b26 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/resources/v1alpha1/types.go @@ -99,6 +99,9 @@ const ( // ServiceAccountNamespace is the key of an annotation of a secret whose value contains the service account // namespace. ServiceAccountNamespace = "serviceaccount.resources.gardener.cloud/namespace" + // ServiceAccountLabels is the key of an annotation of a secret whose value contains the service account + // labels. + ServiceAccountLabels = "serviceaccount.resources.gardener.cloud/labels" // ServiceAccountTokenExpirationDuration is the key of an annotation of a secret whose value contains the expiration // duration of the token created. ServiceAccountTokenExpirationDuration = "serviceaccount.resources.gardener.cloud/token-expiration-duration" diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go index 1a3bd93b1..26e55f2b5 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseed.go @@ -21,17 +21,13 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" "github.com/gardener/gardener/pkg/apis/seedmanagement/encoding" gardenletv1alpha1 "github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1" ) -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - // SetDefaults_ManagedSeed sets default values for ManagedSeed objects. func SetDefaults_ManagedSeed(obj *ManagedSeed) { if obj.Spec.Gardenlet != nil { @@ -43,12 +39,12 @@ func SetDefaults_ManagedSeed(obj *ManagedSeed) { func SetDefaults_GardenletDeployment(obj *GardenletDeployment) { // Set default replica count if obj.ReplicaCount == nil { - obj.ReplicaCount = pointer.Int32(2) + obj.ReplicaCount = ptr.To(int32(2)) } // Set default revision history limit if obj.RevisionHistoryLimit == nil { - obj.RevisionHistoryLimit = pointer.Int32(2) + obj.RevisionHistoryLimit = ptr.To(int32(2)) } // Set default image @@ -58,7 +54,7 @@ func SetDefaults_GardenletDeployment(obj *GardenletDeployment) { // Set default VPA if obj.VPA == nil { - obj.VPA = pointer.Bool(true) + obj.VPA = ptr.To(true) } } @@ -115,7 +111,7 @@ func setDefaultsGardenlet(obj *Gardenlet, name, namespace string) { // Set default merge with parent if obj.MergeWithParent == nil { - obj.MergeWithParent = pointer.Bool(true) + obj.MergeWithParent = ptr.To(true) } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseedset.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseedset.go index 1d61ffdda..4a5e3ac4e 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseedset.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/defaults_managedseedset.go @@ -15,14 +15,14 @@ package v1alpha1 import ( - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // SetDefaults_ManagedSeedSet sets default values for ManagedSeed objects. func SetDefaults_ManagedSeedSet(obj *ManagedSeedSet) { // Set default replicas if obj.Spec.Replicas == nil { - obj.Spec.Replicas = pointer.Int32(1) + obj.Spec.Replicas = ptr.To(int32(1)) } // Set update strategy defaults @@ -32,7 +32,7 @@ func SetDefaults_ManagedSeedSet(obj *ManagedSeedSet) { // Set default revision history limit if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = pointer.Int32(10) + obj.Spec.RevisionHistoryLimit = ptr.To(int32(10)) } } @@ -49,6 +49,6 @@ func SetDefaults_UpdateStrategy(obj *UpdateStrategy) { func SetDefaults_RollingUpdateStrategy(obj *RollingUpdateStrategy) { // Set default partition if obj.Partition == nil { - obj.Partition = pointer.Int32(0) + obj.Partition = ptr.To(int32(0)) } } diff --git a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/register.go b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/register.go index 2bc4c071c..fcab91d51 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/register.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1/register.go @@ -55,3 +55,7 @@ func addKnownTypes(scheme *runtime.Scheme) error { metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil } + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/vendor/github.com/gardener/gardener/pkg/apis/settings/v1alpha1/defaults_shared.go b/vendor/github.com/gardener/gardener/pkg/apis/settings/v1alpha1/defaults_shared.go index f7a76bf81..c180319cd 100644 --- a/vendor/github.com/gardener/gardener/pkg/apis/settings/v1alpha1/defaults_shared.go +++ b/vendor/github.com/gardener/gardener/pkg/apis/settings/v1alpha1/defaults_shared.go @@ -16,7 +16,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // SetDefaults_OpenIDConnectPresetSpec sets default values for OpenIDConnectPresetSpec objects. @@ -33,6 +33,6 @@ func SetDefaults_KubeAPIServerOpenIDConnect(obj *KubeAPIServerOpenIDConnect) { } if obj.UsernameClaim == nil { - obj.UsernameClaim = pointer.String(DefaultUsernameClaim) + obj.UsernameClaim = ptr.To(DefaultUsernameClaim) } } diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/single_object.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/single_object.go index 4352710f1..668c20bf1 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/single_object.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/cache/single_object.go @@ -28,10 +28,9 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/rest" "k8s.io/utils/clock" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/gardener/gardener/pkg/utils" ) var _ cache.Cache = &singleObject{} @@ -113,7 +112,7 @@ func (s *singleObject) Start(ctx context.Context) error { log = logger.WithValues( "key", key, "now", now, - "lastAccessTime", utils.TimePtrDeref(lastAccessTime, time.Time{}), + "lastAccessTime", ptr.Deref(lastAccessTime, time.Time{}), ) ) diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go index 4fb96fac2..12b6e2fcb 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go @@ -18,6 +18,7 @@ import ( "context" "errors" "fmt" + "slices" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" @@ -35,7 +36,6 @@ import ( gardencoreinstall "github.com/gardener/gardener/pkg/apis/core/install" seedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" settingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" - "github.com/gardener/gardener/pkg/utils" ) const ( @@ -228,17 +228,17 @@ func ValidateConfigWithAllowList(config clientcmdapi.Config, allowedFields []str for user, authInfo := range config.AuthInfos { switch { - case authInfo.ClientCertificate != "" && !utils.ValueExists(AuthClientCertificate, validFields): + case authInfo.ClientCertificate != "" && !slices.Contains(validFields, AuthClientCertificate): return fmt.Errorf("client certificate files are not supported (user %q), these are the valid fields: %+v", user, validFields) - case authInfo.ClientKey != "" && !utils.ValueExists(AuthClientKey, validFields): + case authInfo.ClientKey != "" && !slices.Contains(validFields, AuthClientKey): return fmt.Errorf("client key files are not supported (user %q), these are the valid fields: %+v", user, validFields) - case authInfo.TokenFile != "" && !utils.ValueExists(AuthTokenFile, validFields): + case authInfo.TokenFile != "" && !slices.Contains(validFields, AuthTokenFile): return fmt.Errorf("token files are not supported (user %q), these are the valid fields: %+v", user, validFields) - case (authInfo.Impersonate != "" || len(authInfo.ImpersonateGroups) > 0) && !utils.ValueExists(AuthImpersonate, validFields): + case (authInfo.Impersonate != "" || len(authInfo.ImpersonateGroups) > 0) && !slices.Contains(validFields, AuthImpersonate): return fmt.Errorf("impersonation is not supported, these are the valid fields: %+v", validFields) - case (authInfo.AuthProvider != nil && len(authInfo.AuthProvider.Config) > 0) && !utils.ValueExists(AuthProvider, validFields): + case (authInfo.AuthProvider != nil && len(authInfo.AuthProvider.Config) > 0) && !slices.Contains(validFields, AuthProvider): return fmt.Errorf("auth provider configurations are not supported (user %q), these are the valid fields: %+v", user, validFields) - case authInfo.Exec != nil && !utils.ValueExists(AuthExec, validFields): + case authInfo.Exec != nil && !slices.Contains(validFields, AuthExec): return fmt.Errorf("exec configurations are not supported (user %q), these are the valid fields: %+v", user, validFields) } } diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/runtime_client.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/runtime_client.go index 8d2d13058..c68db8b92 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/runtime_client.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/runtime_client.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/rest" "k8s.io/utils/clock" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" @@ -49,7 +49,7 @@ func NewRuntimeCache(config *rest.Config, options cache.Options) (cache.Cache, e func setCacheOptionsDefaults(options *cache.Options) error { if options.SyncPeriod == nil { - options.SyncPeriod = pointer.Duration(defaultCacheSyncPeriod) + options.SyncPeriod = ptr.To(defaultCacheSyncPeriod) } return nil diff --git a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go index 048a4aff6..3d56fb521 100644 --- a/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go +++ b/vendor/github.com/gardener/gardener/pkg/client/kubernetes/types.go @@ -22,6 +22,9 @@ import ( hvpav1alpha1 "github.com/gardener/hvpa-controller/api/v1alpha1" machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" volumesnapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v4/apis/volumesnapshot/v1" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + monitoringv1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" istionetworkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" istionetworkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" apiextensionsscheme "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme" @@ -116,6 +119,9 @@ var ( istionetworkingv1beta1.AddToScheme, istionetworkingv1alpha3.AddToScheme, fluentbitv1alpha2.AddToScheme, + monitoringv1.AddToScheme, + monitoringv1beta1.AddToScheme, + monitoringv1alpha1.AddToScheme, ) shootSchemeBuilder = runtime.NewSchemeBuilder( diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/associations.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/associations.go index 8df156735..d57de7461 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/associations.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/associations.go @@ -20,7 +20,7 @@ import ( "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gardener/gardener/pkg/apis/core" @@ -51,7 +51,7 @@ func DetermineShootsAssociatedTo(ctx context.Context, gardenClient client.Reader } case *gardencorev1beta1.SecretBinding: binding := obj.(*gardencorev1beta1.SecretBinding) - if pointer.StringDeref(shoot.Spec.SecretBindingName, "") == binding.Name && shoot.Namespace == binding.Namespace { + if ptr.Deref(shoot.Spec.SecretBindingName, "") == binding.Name && shoot.Namespace == binding.Namespace { associatedShoots = append(associatedShoots, fmt.Sprintf("%s/%s", shoot.Namespace, shoot.Name)) } case *gardencorev1beta1.ExposureClass: diff --git a/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go b/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go index 67cf9438d..bc413dd71 100644 --- a/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go +++ b/vendor/github.com/gardener/gardener/pkg/controllerutils/miscellaneous.go @@ -16,12 +16,12 @@ package controllerutils import ( "context" + "slices" "strings" "time" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/gardener/gardener/pkg/utils" ) // DefaultReconciliationTimeout is the default timeout for the context of reconciliation functions. @@ -44,7 +44,7 @@ func HasTask(annotations map[string]string, task string) bool { if len(tasks) == 0 { return false } - return utils.ValueExists(task, tasks) + return slices.Contains(tasks, task) } // AddTasks adds tasks to the ShootTasks annotation of the passed map. @@ -52,7 +52,7 @@ func AddTasks(annotations map[string]string, tasksToAdd ...string) { tasks := GetTasks(annotations) for _, taskToAdd := range tasksToAdd { - if !utils.ValueExists(taskToAdd, tasks) { + if !slices.Contains(tasks, taskToAdd) { tasks = append(tasks, taskToAdd) } } @@ -65,7 +65,7 @@ func RemoveTasks(annotations map[string]string, tasksToRemove ...string) { tasks := GetTasks(annotations) for i := len(tasks) - 1; i >= 0; i-- { - if utils.ValueExists(tasks[i], tasksToRemove) { + if slices.Contains(tasksToRemove, tasks[i]) { tasks = append((tasks)[:i], (tasks)[i+1:]...) } } diff --git a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go index 515acb6db..cf6aa93a6 100644 --- a/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go +++ b/vendor/github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1/defaults.go @@ -20,7 +20,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" componentbaseconfigv1alpha1 "k8s.io/component-base/config/v1alpha1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" ) @@ -129,10 +129,10 @@ func SetDefaults_GardenClientConnection(obj *GardenClientConnection) { // SetDefaults_KubeconfigValidity sets defaults for the controller objects. func SetDefaults_KubeconfigValidity(obj *KubeconfigValidity) { if obj.AutoRotationJitterPercentageMin == nil { - obj.AutoRotationJitterPercentageMin = pointer.Int32(70) + obj.AutoRotationJitterPercentageMin = ptr.To(int32(70)) } if obj.AutoRotationJitterPercentageMax == nil { - obj.AutoRotationJitterPercentageMax = pointer.Int32(90) + obj.AutoRotationJitterPercentageMax = ptr.To(int32(90)) } } @@ -293,11 +293,11 @@ func SetDefaults_SeedControllerConfiguration(obj *SeedControllerConfiguration) { } if obj.LeaseResyncSeconds == nil { - obj.LeaseResyncSeconds = pointer.Int32(2) + obj.LeaseResyncSeconds = ptr.To(int32(2)) } if obj.LeaseResyncMissThreshold == nil { - obj.LeaseResyncMissThreshold = pointer.Int32(10) + obj.LeaseResyncMissThreshold = ptr.To(int32(10)) } } @@ -337,7 +337,7 @@ func SetDefaults_ShootControllerConfiguration(obj *ShootControllerConfiguration) } if obj.DNSEntryTTLSeconds == nil { - obj.DNSEntryTTLSeconds = pointer.Int64(120) + obj.DNSEntryTTLSeconds = ptr.To(int64(120)) } } @@ -370,7 +370,7 @@ func SetDefaults_StaleExtensionHealthChecks(obj *StaleExtensionHealthChecks) { // SetDefaults_ShootStateControllerConfiguration sets defaults for the shoot state controller. func SetDefaults_ShootStateControllerConfiguration(obj *ShootStateControllerConfiguration) { if obj.ConcurrentSyncs == nil { - obj.ConcurrentSyncs = pointer.Int(5) + obj.ConcurrentSyncs = ptr.To(5) } if obj.SyncPeriod == nil { obj.SyncPeriod = &metav1.Duration{Duration: 6 * time.Hour} @@ -408,14 +408,14 @@ func SetDefaults_ManagedSeedControllerConfiguration(obj *ManagedSeedControllerCo } if obj.JitterUpdates == nil { - obj.JitterUpdates = pointer.Bool(false) + obj.JitterUpdates = ptr.To(false) } } // SetDefaults_TokenRequestorControllerConfiguration sets defaults for the TokenRequestor controller. func SetDefaults_TokenRequestorControllerConfiguration(obj *TokenRequestorControllerConfiguration) { if obj.ConcurrentSyncs == nil { - obj.ConcurrentSyncs = pointer.Int(5) + obj.ConcurrentSyncs = ptr.To(5) } } @@ -452,7 +452,7 @@ func SetDefaults_SNIIngress(obj *SNIIngress) { // SetDefaults_Logging sets defaults for the Logging stack. func SetDefaults_Logging(obj *Logging) { if obj.Enabled == nil { - obj.Enabled = pointer.Bool(false) + obj.Enabled = ptr.To(false) } if obj.Vali == nil { obj.Vali = &Vali{} @@ -490,27 +490,27 @@ func SetDefaults_ETCDConfig(obj *ETCDConfig) { // SetDefaults_ETCDController sets defaults for the ETCD controller. func SetDefaults_ETCDController(obj *ETCDController) { if obj.Workers == nil { - obj.Workers = pointer.Int64(50) + obj.Workers = ptr.To(int64(50)) } } // SetDefaults_CustodianController sets defaults for the ETCD custodian controller. func SetDefaults_CustodianController(obj *CustodianController) { if obj.Workers == nil { - obj.Workers = pointer.Int64(10) + obj.Workers = ptr.To(int64(10)) } } // SetDefaults_BackupCompactionController sets defaults for the ETCD backup compaction controller. func SetDefaults_BackupCompactionController(obj *BackupCompactionController) { if obj.Workers == nil { - obj.Workers = pointer.Int64(3) + obj.Workers = ptr.To(int64(3)) } if obj.EnableBackupCompaction == nil { - obj.EnableBackupCompaction = pointer.Bool(false) + obj.EnableBackupCompaction = ptr.To(false) } if obj.EventsThreshold == nil { - obj.EventsThreshold = pointer.Int64(1000000) + obj.EventsThreshold = ptr.To(int64(1000000)) } if obj.MetricsScrapeWaitDuration == nil { obj.MetricsScrapeWaitDuration = &metav1.Duration{Duration: 60 * time.Second} diff --git a/vendor/github.com/gardener/gardener/pkg/utils/gardener/identity.go b/vendor/github.com/gardener/gardener/pkg/utils/gardener/identity.go index 3d336dbcb..3a2d800d8 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/gardener/identity.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/gardener/identity.go @@ -22,8 +22,11 @@ import ( "strings" "k8s.io/component-base/version" + "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" "github.com/gardener/gardener/pkg/utils" ) @@ -108,3 +111,28 @@ func extractID(line string) string { return id } + +// MaintainSeedNameLabels maintains the seed.gardener.cloud/=true labels on the given object. +func MaintainSeedNameLabels(obj client.Object, names ...*string) { + labels := obj.GetLabels() + + for k := range labels { + if strings.HasPrefix(k, v1beta1constants.LabelPrefixSeedName) { + delete(labels, k) + } + } + + for _, name := range names { + if ptr.Deref(name, "") == "" { + continue + } + + if labels == nil { + labels = make(map[string]string) + } + + labels[v1beta1constants.LabelPrefixSeedName+*name] = "true" + } + + obj.SetLabels(labels) +} diff --git a/vendor/github.com/gardener/gardener/pkg/utils/gardener/machines.go b/vendor/github.com/gardener/gardener/pkg/utils/gardener/machines.go index ca2b557c3..4525ce3c6 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/gardener/machines.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/gardener/machines.go @@ -36,6 +36,8 @@ const ( MachineSetKind = "MachineSet" // MachineDeploymentKind is the kind of the owner reference of a machine deployment MachineDeploymentKind = "MachineDeployment" + // NodeLeasePrefix describes the Prefix of the lease that this node is corresponding to + NodeLeasePrefix = "gardener-node-agent-" ) // BuildOwnerToMachinesMap returns a map that associates `MachineSet` names to the given `machines`. @@ -168,3 +170,8 @@ func WaitUntilMachineResourcesDeleted(ctx context.Context, log logr.Logger, read return retryutils.Ok() }) } + +// NodeAgentLeaseName returns the name of the Lease object based on the node name. +func NodeAgentLeaseName(nodeName string) string { + return NodeLeasePrefix + nodeName +} diff --git a/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go b/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go index 615e1e9a5..bf5baec73 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/gardener/shoot.go @@ -17,6 +17,7 @@ package gardener import ( "cmp" "context" + "encoding/json" "fmt" "slices" "strconv" @@ -32,7 +33,7 @@ import ( clientcmdv1 "k8s.io/client-go/tools/clientcmd/api/v1" "k8s.io/component-base/version" "k8s.io/utils/clock" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gardener/gardener/pkg/apis/core" @@ -290,6 +291,7 @@ type AccessSecret struct { kubeconfig *clientcmdv1.Config targetSecretName string targetSecretNamespace string + serviceAccountLabels map[string]string } // NewShootAccessSecret returns a new AccessSecret object and initializes it with an empty corev1.Secret object @@ -330,6 +332,12 @@ func (s *AccessSecret) WithServiceAccountName(name string) *AccessSecret { return s } +// WithServiceAccountLabels sets the serviceAccountLabels field of the AccessSecret. +func (s *AccessSecret) WithServiceAccountLabels(labels map[string]string) *AccessSecret { + s.serviceAccountLabels = labels + return s +} + // WithTokenExpirationDuration sets the tokenExpirationDuration field of the AccessSecret. func (s *AccessSecret) WithTokenExpirationDuration(duration string) *AccessSecret { s.tokenExpirationDuration = duration @@ -362,6 +370,14 @@ func (s *AccessSecret) Reconcile(ctx context.Context, c client.Client) error { metav1.SetMetaDataAnnotation(&s.Secret.ObjectMeta, resourcesv1alpha1.ServiceAccountNamespace, metav1.NamespaceSystem) } + if s.serviceAccountLabels != nil { + labelsJSON, err := json.Marshal(s.serviceAccountLabels) + if err != nil { + return fmt.Errorf("failed marshaling the service account labels to JSON: %w", err) + } + metav1.SetMetaDataAnnotation(&s.Secret.ObjectMeta, resourcesv1alpha1.ServiceAccountLabels, string(labelsJSON)) + } + if s.tokenExpirationDuration != "" { metav1.SetMetaDataAnnotation(&s.Secret.ObjectMeta, resourcesv1alpha1.ServiceAccountTokenExpirationDuration, s.tokenExpirationDuration) } @@ -422,7 +438,7 @@ func injectGenericKubeconfig(obj runtime.Object, genericKubeconfigName, accessSe Name: volumeName, VolumeSource: corev1.VolumeSource{ Projected: &corev1.ProjectedVolumeSource{ - DefaultMode: pointer.Int32(420), + DefaultMode: ptr.To(int32(420)), Sources: []corev1.VolumeProjection{ { Secret: &corev1.SecretProjection{ @@ -433,7 +449,7 @@ func injectGenericKubeconfig(obj runtime.Object, genericKubeconfigName, accessSe Key: secrets.DataKeyKubeconfig, Path: secrets.DataKeyKubeconfig, }}, - Optional: pointer.Bool(false), + Optional: ptr.To(false), }, }, { @@ -445,7 +461,7 @@ func injectGenericKubeconfig(obj runtime.Object, genericKubeconfigName, accessSe Key: resourcesv1alpha1.DataKeyToken, Path: resourcesv1alpha1.DataKeyToken, }}, - Optional: pointer.Bool(false), + Optional: ptr.To(false), }, }, }, @@ -621,7 +637,7 @@ func ComputeRequiredExtensionsForShoot(shoot *gardencorev1beta1.Shoot, seed *gar for _, extension := range shoot.Spec.Extensions { id := ExtensionsID(extensionsv1alpha1.ExtensionResource, extension.Type) - if pointer.BoolDeref(extension.Disabled, false) { + if ptr.Deref(extension.Disabled, false) { disabledExtensions.Insert(id) } else { requiredExtensions.Insert(id) @@ -660,8 +676,8 @@ func ComputeRequiredExtensionsForShoot(shoot *gardencorev1beta1.Shoot, seed *gar for _, controllerRegistration := range controllerRegistrationList.Items { for _, resource := range controllerRegistration.Spec.Resources { id := ExtensionsID(extensionsv1alpha1.ExtensionResource, resource.Type) - if resource.Kind == extensionsv1alpha1.ExtensionResource && pointer.BoolDeref(resource.GloballyEnabled, false) && !disabledExtensions.Has(id) { - if v1beta1helper.IsWorkerless(shoot) && !pointer.BoolDeref(resource.WorkerlessSupported, false) { + if resource.Kind == extensionsv1alpha1.ExtensionResource && ptr.Deref(resource.GloballyEnabled, false) && !disabledExtensions.Has(id) { + if v1beta1helper.IsWorkerless(shoot) && !ptr.Deref(resource.WorkerlessSupported, false) { continue } requiredExtensions.Insert(id) diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/daemonset.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/daemonset.go index 7138978c8..12b590651 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/daemonset.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/daemonset.go @@ -17,7 +17,7 @@ package kubernetes import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // PodManagedByDaemonSet returns 'true' if the given pod is managed by a DaemonSet, determined by the existing owner references. @@ -25,7 +25,7 @@ func PodManagedByDaemonSet(pod *corev1.Pod) bool { for _, ownerRef := range pod.ObjectMeta.OwnerReferences { if ownerRef.APIVersion == appsv1.SchemeGroupVersion.String() && ownerRef.Kind == "DaemonSet" && - pointer.BoolDeref(ownerRef.Controller, false) { + ptr.Deref(ownerRef.Controller, false) { return true } } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/deployment.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/deployment.go index 02b4af03b..d7f7088dc 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/deployment.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/deployment.go @@ -22,7 +22,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gardener/gardener/pkg/utils/retry" @@ -156,5 +156,5 @@ func DeploymentHasExactNumberOfPods(ctx context.Context, reader client.Reader, d return false, err } - return int32(len(podList.Items)) == pointer.Int32Deref(deployment.Spec.Replicas, 1), nil + return int32(len(podList.Items)) == ptr.Deref(deployment.Spec.Replicas, 1), nil } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/etcd.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/etcd.go index 7660142be..3b125251b 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/etcd.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/health/etcd.go @@ -18,13 +18,13 @@ import ( "fmt" druidv1alpha1 "github.com/gardener/etcd-druid/api/v1alpha1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // CheckEtcd checks whether the given Etcd is healthy. // An Etcd is considered healthy if its ready field in status is true and the BackupReady condition doesn't report false. func CheckEtcd(etcd *druidv1alpha1.Etcd) error { - if !pointer.BoolDeref(etcd.Status.Ready, false) { + if !ptr.Deref(etcd.Status.Ready, false) { return fmt.Errorf("etcd %q is not ready yet", etcd.Name) } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/highavailability.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/highavailability.go index 042dc6db9..6fa231dd2 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/highavailability.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/highavailability.go @@ -17,7 +17,7 @@ package kubernetes import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" resourcesv1alpha1 "github.com/gardener/gardener/pkg/apis/resources/v1alpha1" @@ -32,10 +32,10 @@ func GetReplicaCount(failureToleranceType *gardencorev1beta1.FailureToleranceTyp if failureToleranceType != nil && *failureToleranceType == "" && componentType == resourcesv1alpha1.HighAvailabilityConfigTypeController { - return pointer.Int32(1) + return ptr.To(int32(1)) } - return pointer.Int32(2) + return ptr.To(int32(2)) } // GetNodeSelectorRequirementForZones returns a node selector requirement to ensure all pods are scheduled only on @@ -109,8 +109,8 @@ func minDomains(numberOfZones, maxReplicas int32) *int32 { // the number of replicas because there is no benefit of enforcing a further zone spread for additional replicas, // e.g. when a rolling update is performed. if maxReplicas < numberOfZones { - return pointer.Int32(maxReplicas) + return ptr.To(maxReplicas) } // Return the number of zones otherwise because it's not possible to spread pods over more zones than there are available. - return pointer.Int32(numberOfZones) + return ptr.To(numberOfZones) } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/kubernetes.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/kubernetes.go index 897f23c08..b85d18a90 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/kubernetes.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/kubernetes.go @@ -38,7 +38,7 @@ import ( corev1client "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/rest" clientcmdv1 "k8s.io/client-go/tools/clientcmd/api/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -740,7 +740,7 @@ func (c *ComparableTolerations) Transform(toleration corev1.Toleration) corev1.T tolerationSeconds := *toleration.TolerationSeconds if _, ok := c.tolerationSeconds[tolerationSeconds]; !ok { - c.tolerationSeconds[tolerationSeconds] = pointer.Int64(tolerationSeconds) + c.tolerationSeconds[tolerationSeconds] = ptr.To(tolerationSeconds) } toleration.TolerationSeconds = c.tolerationSeconds[tolerationSeconds] diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/object.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/object.go index 8080383d3..7dec72e05 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/object.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/object.go @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/cache" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" @@ -155,12 +155,12 @@ func MakeUnique(obj runtime.Object) error { switch o := obj.(type) { case *corev1.Secret: - o.Immutable = pointer.Bool(true) + o.Immutable = ptr.To(true) o.Name += prependHyphen(o.Name) + utils.ComputeSecretChecksum(o.Data)[:numberOfChecksumChars] metav1.SetMetaDataLabel(&o.ObjectMeta, references.LabelKeyGarbageCollectable, references.LabelValueGarbageCollectable) case *corev1.ConfigMap: - o.Immutable = pointer.Bool(true) + o.Immutable = ptr.To(true) o.Name += prependHyphen(o.Name) + utils.ComputeConfigMapChecksum(o.Data)[:numberOfChecksumChars] metav1.SetMetaDataLabel(&o.ObjectMeta, references.LabelKeyGarbageCollectable, references.LabelValueGarbageCollectable) diff --git a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/pod.go b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/pod.go index 05c8216e2..feaf32a81 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/pod.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/kubernetes/pod.go @@ -17,6 +17,7 @@ package kubernetes import ( "context" "fmt" + "slices" appsv1 "k8s.io/api/apps/v1" appsv1beta1 "k8s.io/api/apps/v1beta1" @@ -28,8 +29,6 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/gardener/gardener/pkg/utils" ) // VisitPodSpec calls the given visitor for the PodSpec contained in the given object. The visitor may mutate the @@ -84,7 +83,7 @@ func VisitPodSpec(obj runtime.Object, visit func(*corev1.PodSpec)) error { func VisitContainers(podSpec *corev1.PodSpec, visit func(*corev1.Container), containerNames ...string) { for i, c := range podSpec.InitContainers { container := c - if len(containerNames) == 0 || utils.ValueExists(container.Name, containerNames) { + if len(containerNames) == 0 || slices.Contains(containerNames, container.Name) { visit(&container) podSpec.InitContainers[i] = container } @@ -92,7 +91,7 @@ func VisitContainers(podSpec *corev1.PodSpec, visit func(*corev1.Container), con for i, c := range podSpec.Containers { container := c - if len(containerNames) == 0 || utils.ValueExists(container.Name, containerNames) { + if len(containerNames) == 0 || slices.Contains(containerNames, container.Name) { visit(&container) podSpec.Containers[i] = container } diff --git a/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go b/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go index 62211fa14..99fb94c73 100644 --- a/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go +++ b/vendor/github.com/gardener/gardener/pkg/utils/miscellaneous.go @@ -22,23 +22,10 @@ import ( "strings" "time" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) -// ValueExists returns true or false, depending on whether the given string -// is part of the given []string list . -func ValueExists(value string, list []string) bool { - for _, v := range list { - if v == value { - return true - } - } - return false -} - // MergeMaps takes two maps , and merges them. If defines a value with a key // already existing in the map, the value for that key will be overwritten. func MergeMaps(a, b map[string]interface{}) map[string]interface{} { @@ -135,30 +122,6 @@ func IDForKeyWithOptionalValue(key string, value *string) string { return key + v } -// QuantityPtr returns a Quantity pointer to its argument. -func QuantityPtr(q resource.Quantity) *resource.Quantity { - return &q -} - -// ProtocolPtr returns a corev1.Protocol pointer to its argument. -func ProtocolPtr(protocol corev1.Protocol) *corev1.Protocol { - return &protocol -} - -// TimePtr returns a time.Time pointer to its argument. -func TimePtr(t time.Time) *time.Time { - return &t -} - -// TimePtrDeref dereferences the time.Time ptr and returns it if not nil, or else -// returns def. -func TimePtrDeref(ptr *time.Time, def time.Time) time.Time { - if ptr != nil { - return *ptr - } - return def -} - // IntStrPtrFromInt32 returns an intstr.IntOrString pointer to its argument. func IntStrPtrFromInt32(port int32) *intstr.IntOrString { v := intstr.FromInt32(port) diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md index ab5931181..a8c29bfbd 100644 --- a/vendor/github.com/go-logr/logr/README.md +++ b/vendor/github.com/go-logr/logr/README.md @@ -1,6 +1,7 @@ # A minimal logging API for Go [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr) logr offers an(other) opinion on how Go programs and libraries can do logging without becoming coupled to a particular logging implementation. This is not @@ -73,6 +74,29 @@ received: If the Go standard library had defined an interface for logging, this project probably would not be needed. Alas, here we are. +When the Go developers started developing such an interface with +[slog](https://github.com/golang/go/issues/56345), they adopted some of the +logr design but also left out some parts and changed others: + +| Feature | logr | slog | +|---------|------|------| +| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) | +| Low-level API | `LogSink` | `Handler` | +| Stack unwinding | done by `LogSink` | done by `Logger` | +| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) | +| Generating a value for logging on demand | `Marshaler` | `LogValuer` | +| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" | +| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` | +| Passing logger via context | `NewContext`, `FromContext` | no API | +| Adding a name to a logger | `WithName` | no API | +| Modify verbosity of log entries in a call chain | `V` | no API | +| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` | + +The high-level slog API is explicitly meant to be one of many different APIs +that can be layered on top of a shared `slog.Handler`. logr is one such +alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr) +package. + ### Inspiration Before you consider this package, please read [this blog post by the @@ -118,6 +142,91 @@ There are implementations for the following logging libraries: - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0) - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing) +## slog interoperability + +Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler` +and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and +`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`. +As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level +slog API. `slogr` itself leaves that to the caller. + +## Using a `logr.Sink` as backend for slog + +Ideally, a logr sink implementation should support both logr and slog by +implementing both the normal logr interface(s) and `slogr.SlogSink`. Because +of a conflict in the parameters of the common `Enabled` method, it is [not +possible to implement both slog.Handler and logr.Sink in the same +type](https://github.com/golang/go/issues/59110). + +If both are supported, log calls can go from the high-level APIs to the backend +without the need to convert parameters. `NewLogr` and `NewSlogHandler` can +convert back and forth without adding additional wrappers, with one exception: +when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then +`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future +log calls. + +Such an implementation should also support values that implement specific +interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`, +`slog.GroupValue`). logr does not convert those. + +Not supporting slog has several drawbacks: +- Recording source code locations works correctly if the handler gets called + through `slog.Logger`, but may be wrong in other cases. That's because a + `logr.Sink` does its own stack unwinding instead of using the program counter + provided by the high-level API. +- slog levels <= 0 can be mapped to logr levels by negating the level without a + loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as + used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink + because logr does not support "more important than info" levels. +- The slog group concept is supported by prefixing each key in a key/value + pair with the group names, separated by a dot. For structured output like + JSON it would be better to group the key/value pairs inside an object. +- Special slog values and interfaces don't work as expected. +- The overhead is likely to be higher. + +These drawbacks are severe enough that applications using a mixture of slog and +logr should switch to a different backend. + +## Using a `slog.Handler` as backend for logr + +Using a plain `slog.Handler` without support for logr works better than the +other direction: +- All logr verbosity levels can be mapped 1:1 to their corresponding slog level + by negating them. +- Stack unwinding is done by the `slogr.SlogSink` and the resulting program + counter is passed to the `slog.Handler`. +- Names added via `Logger.WithName` are gathered and recorded in an additional + attribute with `logger` as key and the names separated by slash as value. +- `Logger.Error` is turned into a log record with `slog.LevelError` as level + and an additional attribute with `err` as key, if an error was provided. + +The main drawback is that `logr.Marshaler` will not be supported. Types should +ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility +with logr implementations without slog support is not important, then +`slog.Valuer` is sufficient. + +## Context support for slog + +Storing a logger in a `context.Context` is not supported by +slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this +to fill this gap: + + func HandlerFromContext(ctx context.Context) slog.Handler { + logger, err := logr.FromContext(ctx) + if err == nil { + return slogr.NewSlogHandler(logger) + } + return slog.Default().Handler() + } + + func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context { + return logr.NewContext(ctx, slogr.NewLogr(handler)) + } + +The downside is that storing and retrieving a `slog.Handler` needs more +allocations compared to using a `logr.Logger`. Therefore the recommendation is +to use the `logr.Logger` API in code which uses contextual logging. + ## FAQ ### Conceptual @@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this", Then gradually choose levels in between as you need them, working your way down from 10 (for debug and trace style logs) and up from 1 (for chattier -info-type logs.) +info-type logs). For reference, slog pre-defines -4 for debug logs +(corresponds to 4 in logr), which matches what is +[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use). #### How do I choose my keys? diff --git a/vendor/github.com/go-logr/logr/SECURITY.md b/vendor/github.com/go-logr/logr/SECURITY.md new file mode 100644 index 000000000..1ca756fc7 --- /dev/null +++ b/vendor/github.com/go-logr/logr/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +If you have discovered a security vulnerability in this project, please report it +privately. **Do not disclose it as a public issue.** This gives us time to work with you +to fix the issue before public exposure, reducing the chance that the exploit will be +used before a patch is released. + +You may submit the report in the following ways: + +- send an email to go-logr-security@googlegroups.com +- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new) + +Please provide the following information in your report: + +- A description of the vulnerability and its impact +- How to reproduce the issue + +We ask that you give us 90 days to work on a fix before public exposure. diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go index e52f0cd01..12e5807cc 100644 --- a/vendor/github.com/go-logr/logr/funcr/funcr.go +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -116,17 +116,17 @@ type Options struct { // Equivalent hooks are offered for key-value pairs saved via // logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and // for user-provided pairs (see RenderArgsHook). - RenderBuiltinsHook func(kvList []interface{}) []interface{} + RenderBuiltinsHook func(kvList []any) []any // RenderValuesHook is the same as RenderBuiltinsHook, except that it is // only called for key-value pairs saved via logr.Logger.WithValues. See // RenderBuiltinsHook for more details. - RenderValuesHook func(kvList []interface{}) []interface{} + RenderValuesHook func(kvList []any) []any // RenderArgsHook is the same as RenderBuiltinsHook, except that it is only // called for key-value pairs passed directly to Info and Error. See // RenderBuiltinsHook for more details. - RenderArgsHook func(kvList []interface{}) []interface{} + RenderArgsHook func(kvList []any) []any // MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct // that contains a struct, etc.) it may log. Every time it finds a struct, @@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink { return &l } -func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink { +func (l fnlogger) WithValues(kvList ...any) logr.LogSink { l.Formatter.AddValues(kvList) return &l } @@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink { return &l } -func (l fnlogger) Info(level int, msg string, kvList ...interface{}) { +func (l fnlogger) Info(level int, msg string, kvList ...any) { prefix, args := l.FormatInfo(level, msg, kvList) l.write(prefix, args) } -func (l fnlogger) Error(err error, msg string, kvList ...interface{}) { +func (l fnlogger) Error(err error, msg string, kvList ...any) { prefix, args := l.FormatError(err, msg, kvList) l.write(prefix, args) } @@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter { type Formatter struct { outputFormat outputFormat prefix string - values []interface{} + values []any valuesStr string depth int opts *Options @@ -246,10 +246,10 @@ const ( ) // PseudoStruct is a list of key-value pairs that gets logged as a struct. -type PseudoStruct []interface{} +type PseudoStruct []any // render produces a log line, ready to use. -func (f Formatter) render(builtins, args []interface{}) string { +func (f Formatter) render(builtins, args []any) string { // Empirically bytes.Buffer is faster than strings.Builder for this. buf := bytes.NewBuffer(make([]byte, 0, 1024)) if f.outputFormat == outputJSON { @@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string { // This function returns a potentially modified version of kvList, which // ensures that there is a value for every key (adding a value if needed) and // that each key is a string (substituting a key if needed). -func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} { +func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any { // This logic overlaps with sanitize() but saves one type-cast per key, // which can be measurable. if len(kvList)%2 != 0 { @@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b return kvList } -func (f Formatter) pretty(value interface{}) string { +func (f Formatter) pretty(value any) string { return f.prettyWithFlags(value, 0, 0) } @@ -343,7 +343,7 @@ const ( ) // TODO: This is not fast. Most of the overhead goes here. -func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string { +func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string { if depth > f.opts.MaxLogDepth { return `""` } @@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool { return false } -func invokeMarshaler(m logr.Marshaler) (ret interface{}) { +func invokeMarshaler(m logr.Marshaler) (ret any) { defer func() { if r := recover(); r != nil { ret = fmt.Sprintf("", r) @@ -675,12 +675,12 @@ func (f Formatter) caller() Caller { const noValue = "" -func (f Formatter) nonStringKey(v interface{}) string { +func (f Formatter) nonStringKey(v any) string { return fmt.Sprintf("", f.snippet(v)) } // snippet produces a short snippet string of an arbitrary value. -func (f Formatter) snippet(v interface{}) string { +func (f Formatter) snippet(v any) string { const snipLen = 16 snip := f.pretty(v) @@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string { // sanitize ensures that a list of key-value pairs has a value for every key // (adding a value if needed) and that each key is a string (substituting a key // if needed). -func (f Formatter) sanitize(kvList []interface{}) []interface{} { +func (f Formatter) sanitize(kvList []any) []any { if len(kvList)%2 != 0 { kvList = append(kvList, noValue) } @@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int { // FormatInfo renders an Info log message into strings. The prefix will be // empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref } // FormatError renders an Error log message into strings. The prefix will be -// empty when no names were set (via AddNames), or when the output is +// empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre args = append(args, "caller", f.caller()) } args = append(args, "msg", msg) - var loggableErr interface{} + var loggableErr any if err != nil { loggableErr = err.Error() } args = append(args, "error", loggableErr) - return f.prefix, f.render(args, kvList) + return prefix, f.render(args, kvList) } // AddName appends the specified name. funcr uses '/' characters to separate @@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) { // AddValues adds key-value pairs to the set of saved values to be logged with // each log line. -func (f *Formatter) AddValues(kvList []interface{}) { +func (f *Formatter) AddValues(kvList []any) { // Three slice args forces a copy. n := len(f.values) f.values = append(f.values[:n:n], kvList...) diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index e027aea3f..2a5075a18 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -127,9 +127,9 @@ limitations under the License. // such a value can call its methods without having to check whether the // instance is ready for use. // -// Calling methods with the null logger (Logger{}) as instance will crash -// because it has no LogSink. Therefore this null logger should never be passed -// around. For cases where passing a logger is optional, a pointer to Logger +// The zero logger (= Logger{}) is identical to Discard() and discards all log +// entries. Code that receives a Logger by value can simply call it, the methods +// will never crash. For cases where passing a logger is optional, a pointer to Logger // should be used. // // # Key Naming Conventions @@ -258,6 +258,12 @@ type Logger struct { // Enabled tests whether this Logger is enabled. For example, commandline // flags might be used to set the logging verbosity and disable some info logs. func (l Logger) Enabled() bool { + // Some implementations of LogSink look at the caller in Enabled (e.g. + // different verbosity levels per package or file), but we only pass one + // CallDepth in (via Init). This means that all calls from Logger to the + // LogSink's Enabled, Info, and Error methods must have the same number of + // frames. In other words, Logger methods can't call other Logger methods + // which call these LogSink methods unless we do it the same in all paths. return l.sink != nil && l.sink.Enabled(l.level) } @@ -267,11 +273,11 @@ func (l Logger) Enabled() bool { // line. The key/value pairs can then be used to add additional variable // information. The key/value pairs must alternate string keys and arbitrary // values. -func (l Logger) Info(msg string, keysAndValues ...interface{}) { +func (l Logger) Info(msg string, keysAndValues ...any) { if l.sink == nil { return } - if l.Enabled() { + if l.sink.Enabled(l.level) { // see comment in Enabled if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() } @@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // while the err argument should be used to attach the actual error that // triggered this log line, if present. The err parameter is optional // and nil may be passed instead of an error instance. -func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { +func (l Logger) Error(err error, msg string, keysAndValues ...any) { if l.sink == nil { return } @@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger { return l } +// GetV returns the verbosity level of the logger. If the logger's LogSink is +// nil as in the Discard logger, this will always return 0. +func (l Logger) GetV() int { + // 0 if l.sink nil because of the if check in V above. + return l.level +} + // WithValues returns a new Logger instance with additional key/value pairs. // See Info for documentation on how key/value pairs work. -func (l Logger) WithValues(keysAndValues ...interface{}) Logger { +func (l Logger) WithValues(keysAndValues ...any) Logger { if l.sink == nil { return l } @@ -467,15 +480,15 @@ type LogSink interface { // The level argument is provided for optional logging. This method will // only be called when Enabled(level) is true. See Logger.Info for more // details. - Info(level int, msg string, keysAndValues ...interface{}) + Info(level int, msg string, keysAndValues ...any) // Error logs an error, with the given message and key/value pairs as // context. See Logger.Error for more details. - Error(err error, msg string, keysAndValues ...interface{}) + Error(err error, msg string, keysAndValues ...any) // WithValues returns a new LogSink with additional key/value pairs. See // Logger.WithValues for more details. - WithValues(keysAndValues ...interface{}) LogSink + WithValues(keysAndValues ...any) LogSink // WithName returns a new LogSink with the specified name appended. See // Logger.WithName for more details. @@ -546,5 +559,5 @@ type Marshaler interface { // with exported fields // // It may return any value of any type. - MarshalLog() interface{} + MarshalLog() any } diff --git a/vendor/github.com/go-logr/logr/slogr/sloghandler.go b/vendor/github.com/go-logr/logr/slogr/sloghandler.go new file mode 100644 index 000000000..ec6725ce2 --- /dev/null +++ b/vendor/github.com/go-logr/logr/slogr/sloghandler.go @@ -0,0 +1,168 @@ +//go:build go1.21 +// +build go1.21 + +/* +Copyright 2023 The logr Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package slogr + +import ( + "context" + "log/slog" + + "github.com/go-logr/logr" +) + +type slogHandler struct { + // May be nil, in which case all logs get discarded. + sink logr.LogSink + // Non-nil if sink is non-nil and implements SlogSink. + slogSink SlogSink + + // groupPrefix collects values from WithGroup calls. It gets added as + // prefix to value keys when handling a log record. + groupPrefix string + + // levelBias can be set when constructing the handler to influence the + // slog.Level of log records. A positive levelBias reduces the + // slog.Level value. slog has no API to influence this value after the + // handler got created, so it can only be set indirectly through + // Logger.V. + levelBias slog.Level +} + +var _ slog.Handler = &slogHandler{} + +// groupSeparator is used to concatenate WithGroup names and attribute keys. +const groupSeparator = "." + +// GetLevel is used for black box unit testing. +func (l *slogHandler) GetLevel() slog.Level { + return l.levelBias +} + +func (l *slogHandler) Enabled(ctx context.Context, level slog.Level) bool { + return l.sink != nil && (level >= slog.LevelError || l.sink.Enabled(l.levelFromSlog(level))) +} + +func (l *slogHandler) Handle(ctx context.Context, record slog.Record) error { + if l.slogSink != nil { + // Only adjust verbosity level of log entries < slog.LevelError. + if record.Level < slog.LevelError { + record.Level -= l.levelBias + } + return l.slogSink.Handle(ctx, record) + } + + // No need to check for nil sink here because Handle will only be called + // when Enabled returned true. + + kvList := make([]any, 0, 2*record.NumAttrs()) + record.Attrs(func(attr slog.Attr) bool { + if attr.Key != "" { + kvList = append(kvList, l.addGroupPrefix(attr.Key), attr.Value.Resolve().Any()) + } + return true + }) + if record.Level >= slog.LevelError { + l.sinkWithCallDepth().Error(nil, record.Message, kvList...) + } else { + level := l.levelFromSlog(record.Level) + l.sinkWithCallDepth().Info(level, record.Message, kvList...) + } + return nil +} + +// sinkWithCallDepth adjusts the stack unwinding so that when Error or Info +// are called by Handle, code in slog gets skipped. +// +// This offset currently (Go 1.21.0) works for calls through +// slog.New(NewSlogHandler(...)). There's no guarantee that the call +// chain won't change. Wrapping the handler will also break unwinding. It's +// still better than not adjusting at all.... +// +// This cannot be done when constructing the handler because NewLogr needs +// access to the original sink without this adjustment. A second copy would +// work, but then WithAttrs would have to be called for both of them. +func (l *slogHandler) sinkWithCallDepth() logr.LogSink { + if sink, ok := l.sink.(logr.CallDepthLogSink); ok { + return sink.WithCallDepth(2) + } + return l.sink +} + +func (l *slogHandler) WithAttrs(attrs []slog.Attr) slog.Handler { + if l.sink == nil || len(attrs) == 0 { + return l + } + + copy := *l + if l.slogSink != nil { + copy.slogSink = l.slogSink.WithAttrs(attrs) + copy.sink = copy.slogSink + } else { + kvList := make([]any, 0, 2*len(attrs)) + for _, attr := range attrs { + if attr.Key != "" { + kvList = append(kvList, l.addGroupPrefix(attr.Key), attr.Value.Resolve().Any()) + } + } + copy.sink = l.sink.WithValues(kvList...) + } + return © +} + +func (l *slogHandler) WithGroup(name string) slog.Handler { + if l.sink == nil { + return l + } + copy := *l + if l.slogSink != nil { + copy.slogSink = l.slogSink.WithGroup(name) + copy.sink = l.slogSink + } else { + copy.groupPrefix = copy.addGroupPrefix(name) + } + return © +} + +func (l *slogHandler) addGroupPrefix(name string) string { + if l.groupPrefix == "" { + return name + } + return l.groupPrefix + groupSeparator + name +} + +// levelFromSlog adjusts the level by the logger's verbosity and negates it. +// It ensures that the result is >= 0. This is necessary because the result is +// passed to a logr.LogSink and that API did not historically document whether +// levels could be negative or what that meant. +// +// Some example usage: +// logrV0 := getMyLogger() +// logrV2 := logrV0.V(2) +// slogV2 := slog.New(slogr.NewSlogHandler(logrV2)) +// slogV2.Debug("msg") // =~ logrV2.V(4) =~ logrV0.V(6) +// slogV2.Info("msg") // =~ logrV2.V(0) =~ logrV0.V(2) +// slogv2.Warn("msg") // =~ logrV2.V(-4) =~ logrV0.V(0) +func (l *slogHandler) levelFromSlog(level slog.Level) int { + result := -level + result += l.levelBias // in case the original logr.Logger had a V level + if result < 0 { + result = 0 // because logr.LogSink doesn't expect negative V levels + } + return int(result) +} diff --git a/vendor/github.com/go-logr/logr/slogr/slogr.go b/vendor/github.com/go-logr/logr/slogr/slogr.go new file mode 100644 index 000000000..eb519ae23 --- /dev/null +++ b/vendor/github.com/go-logr/logr/slogr/slogr.go @@ -0,0 +1,108 @@ +//go:build go1.21 +// +build go1.21 + +/* +Copyright 2023 The logr Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package slogr enables usage of a slog.Handler with logr.Logger as front-end +// API and of a logr.LogSink through the slog.Handler and thus slog.Logger +// APIs. +// +// See the README in the top-level [./logr] package for a discussion of +// interoperability. +package slogr + +import ( + "context" + "log/slog" + + "github.com/go-logr/logr" +) + +// NewLogr returns a logr.Logger which writes to the slog.Handler. +// +// The logr verbosity level is mapped to slog levels such that V(0) becomes +// slog.LevelInfo and V(4) becomes slog.LevelDebug. +func NewLogr(handler slog.Handler) logr.Logger { + if handler, ok := handler.(*slogHandler); ok { + if handler.sink == nil { + return logr.Discard() + } + return logr.New(handler.sink).V(int(handler.levelBias)) + } + return logr.New(&slogSink{handler: handler}) +} + +// NewSlogHandler returns a slog.Handler which writes to the same sink as the logr.Logger. +// +// The returned logger writes all records with level >= slog.LevelError as +// error log entries with LogSink.Error, regardless of the verbosity level of +// the logr.Logger: +// +// logger := +// slog.New(NewSlogHandler(logger.V(10))).Error(...) -> logSink.Error(...) +// +// The level of all other records gets reduced by the verbosity +// level of the logr.Logger and the result is negated. If it happens +// to be negative, then it gets replaced by zero because a LogSink +// is not expected to handled negative levels: +// +// slog.New(NewSlogHandler(logger)).Debug(...) -> logger.GetSink().Info(level=4, ...) +// slog.New(NewSlogHandler(logger)).Warning(...) -> logger.GetSink().Info(level=0, ...) +// slog.New(NewSlogHandler(logger)).Info(...) -> logger.GetSink().Info(level=0, ...) +// slog.New(NewSlogHandler(logger.V(4))).Info(...) -> logger.GetSink().Info(level=4, ...) +func NewSlogHandler(logger logr.Logger) slog.Handler { + if sink, ok := logger.GetSink().(*slogSink); ok && logger.GetV() == 0 { + return sink.handler + } + + handler := &slogHandler{sink: logger.GetSink(), levelBias: slog.Level(logger.GetV())} + if slogSink, ok := handler.sink.(SlogSink); ok { + handler.slogSink = slogSink + } + return handler +} + +// SlogSink is an optional interface that a LogSink can implement to support +// logging through the slog.Logger or slog.Handler APIs better. It then should +// also support special slog values like slog.Group. When used as a +// slog.Handler, the advantages are: +// +// - stack unwinding gets avoided in favor of logging the pre-recorded PC, +// as intended by slog +// - proper grouping of key/value pairs via WithGroup +// - verbosity levels > slog.LevelInfo can be recorded +// - less overhead +// +// Both APIs (logr.Logger and slog.Logger/Handler) then are supported equally +// well. Developers can pick whatever API suits them better and/or mix +// packages which use either API in the same binary with a common logging +// implementation. +// +// This interface is necessary because the type implementing the LogSink +// interface cannot also implement the slog.Handler interface due to the +// different prototype of the common Enabled method. +// +// An implementation could support both interfaces in two different types, but then +// additional interfaces would be needed to convert between those types in NewLogr +// and NewSlogHandler. +type SlogSink interface { + logr.LogSink + + Handle(ctx context.Context, record slog.Record) error + WithAttrs(attrs []slog.Attr) SlogSink + WithGroup(name string) SlogSink +} diff --git a/vendor/github.com/go-logr/logr/slogr/slogsink.go b/vendor/github.com/go-logr/logr/slogr/slogsink.go new file mode 100644 index 000000000..6fbac561d --- /dev/null +++ b/vendor/github.com/go-logr/logr/slogr/slogsink.go @@ -0,0 +1,122 @@ +//go:build go1.21 +// +build go1.21 + +/* +Copyright 2023 The logr Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package slogr + +import ( + "context" + "log/slog" + "runtime" + "time" + + "github.com/go-logr/logr" +) + +var ( + _ logr.LogSink = &slogSink{} + _ logr.CallDepthLogSink = &slogSink{} + _ Underlier = &slogSink{} +) + +// Underlier is implemented by the LogSink returned by NewLogr. +type Underlier interface { + // GetUnderlying returns the Handler used by the LogSink. + GetUnderlying() slog.Handler +} + +const ( + // nameKey is used to log the `WithName` values as an additional attribute. + nameKey = "logger" + + // errKey is used to log the error parameter of Error as an additional attribute. + errKey = "err" +) + +type slogSink struct { + callDepth int + name string + handler slog.Handler +} + +func (l *slogSink) Init(info logr.RuntimeInfo) { + l.callDepth = info.CallDepth +} + +func (l *slogSink) GetUnderlying() slog.Handler { + return l.handler +} + +func (l *slogSink) WithCallDepth(depth int) logr.LogSink { + newLogger := *l + newLogger.callDepth += depth + return &newLogger +} + +func (l *slogSink) Enabled(level int) bool { + return l.handler.Enabled(context.Background(), slog.Level(-level)) +} + +func (l *slogSink) Info(level int, msg string, kvList ...interface{}) { + l.log(nil, msg, slog.Level(-level), kvList...) +} + +func (l *slogSink) Error(err error, msg string, kvList ...interface{}) { + l.log(err, msg, slog.LevelError, kvList...) +} + +func (l *slogSink) log(err error, msg string, level slog.Level, kvList ...interface{}) { + var pcs [1]uintptr + // skip runtime.Callers, this function, Info/Error, and all helper functions above that. + runtime.Callers(3+l.callDepth, pcs[:]) + + record := slog.NewRecord(time.Now(), level, msg, pcs[0]) + if l.name != "" { + record.AddAttrs(slog.String(nameKey, l.name)) + } + if err != nil { + record.AddAttrs(slog.Any(errKey, err)) + } + record.Add(kvList...) + l.handler.Handle(context.Background(), record) +} + +func (l slogSink) WithName(name string) logr.LogSink { + if l.name != "" { + l.name = l.name + "/" + } + l.name += name + return &l +} + +func (l slogSink) WithValues(kvList ...interface{}) logr.LogSink { + l.handler = l.handler.WithAttrs(kvListToAttrs(kvList...)) + return &l +} + +func kvListToAttrs(kvList ...interface{}) []slog.Attr { + // We don't need the record itself, only its Add method. + record := slog.NewRecord(time.Time{}, 0, "", 0) + record.Add(kvList...) + attrs := make([]slog.Attr, 0, record.NumAttrs()) + record.Attrs(func(attr slog.Attr) bool { + attrs = append(attrs, attr) + return true + }) + return attrs +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE new file mode 100644 index 000000000..e06d20818 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go new file mode 100644 index 000000000..6f4298483 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go @@ -0,0 +1,25 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package monitoring + +// GroupName is set to var instead of const, since this provides the ability for clients importing the module - +// github.com/prometheus-operator/prometheus-operator/pkg/apis to manage the operator's objects in a different +// API group +// +// Use `ldflags` in the client side, e.g.: +// go run -ldflags="-s -X github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring.GroupName=monitoring.example.com" ./example/client/. +var ( + GroupName = "monitoring.coreos.com" +) diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go new file mode 100644 index 000000000..25736ce92 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go @@ -0,0 +1,60 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package monitoring + +import ( + "fmt" +) + +const ( + PrometheusesKind = "Prometheus" + PrometheusName = "prometheuses" + + AlertmanagersKind = "Alertmanager" + AlertmanagerName = "alertmanagers" + + ServiceMonitorsKind = "ServiceMonitor" + ServiceMonitorName = "servicemonitors" + + PodMonitorsKind = "PodMonitor" + PodMonitorName = "podmonitors" + + PrometheusRuleKind = "PrometheusRule" + PrometheusRuleName = "prometheusrules" + + ProbesKind = "Probe" + ProbeName = "probes" + + ScrapeConfigsKind = "ScrapeConfig" + ScrapeConfigName = "scrapeconfigs" +) + +var resourceToKindMap = map[string]string{ + PrometheusName: PrometheusesKind, + AlertmanagerName: AlertmanagersKind, + ServiceMonitorName: ServiceMonitorsKind, + PodMonitorName: PodMonitorsKind, + PrometheusRuleName: PrometheusRuleKind, + ProbeName: ProbesKind, + ScrapeConfigName: ScrapeConfigsKind, +} + +func ResourceToKind(s string) string { + kind, found := resourceToKindMap[s] + if !found { + panic(fmt.Sprintf("failed to map resource %q to a kind", s)) + } + return kind +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go new file mode 100644 index 000000000..f482db480 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go @@ -0,0 +1,451 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +const ( + AlertmanagersKind = "Alertmanager" + AlertmanagerName = "alertmanagers" + AlertManagerKindKey = "alertmanager" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="am" +// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version",description="The version of Alertmanager" +// +kubebuilder:printcolumn:name="Replicas",type="integer",JSONPath=".spec.replicas",description="The number of desired replicas" +// +kubebuilder:printcolumn:name="Ready",type="integer",JSONPath=".status.availableReplicas",description="The number of ready replicas" +// +kubebuilder:printcolumn:name="Reconciled",type="string",JSONPath=".status.conditions[?(@.type == 'Reconciled')].status" +// +kubebuilder:printcolumn:name="Available",type="string",JSONPath=".status.conditions[?(@.type == 'Available')].status" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 +// +kubebuilder:subresource:status + +// Alertmanager describes an Alertmanager cluster. +type Alertmanager struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the desired behavior of the Alertmanager cluster. More info: + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Spec AlertmanagerSpec `json:"spec"` + // Most recent observed status of the Alertmanager cluster. Read-only. + // More info: + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Status AlertmanagerStatus `json:"status,omitempty"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *Alertmanager) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// AlertmanagerSpec is a specification of the desired behavior of the Alertmanager cluster. More info: +// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +// +k8s:openapi-gen=true +type AlertmanagerSpec struct { + // PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. + // + // The following items are reserved and cannot be overridden: + // * "alertmanager" label, set to the name of the Alertmanager instance. + // * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. + // * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + // * "app.kubernetes.io/name" label, set to "alertmanager". + // * "app.kubernetes.io/version" label, set to the Alertmanager version. + // * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". + PodMetadata *EmbeddedObjectMetadata `json:"podMetadata,omitempty"` + // Image if specified has precedence over baseImage, tag and sha + // combinations. Specifying the version is still necessary to ensure the + // Prometheus Operator knows what version of Alertmanager is being + // configured. + Image *string `json:"image,omitempty"` + // Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. + // See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + // +kubebuilder:validation:Enum="";Always;Never;IfNotPresent + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // Version the cluster should be on. + Version string `json:"version,omitempty"` + // Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. + // Version is ignored if Tag is set. + // Deprecated: use 'image' instead. The image tag can be specified as part of the image URL. + Tag string `json:"tag,omitempty"` + // SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. + // Similar to a tag, but the SHA explicitly deploys an immutable container image. + // Version and Tag are ignored if SHA is set. + // Deprecated: use 'image' instead. The image digest can be specified as part of the image URL. + SHA string `json:"sha,omitempty"` + // Base image that is used to deploy pods, without tag. + // Deprecated: use 'image' instead. + BaseImage string `json:"baseImage,omitempty"` + // An optional list of references to secrets in the same namespace + // to use for pulling prometheus and alertmanager images from registries + // see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // Secrets is a list of Secrets in the same namespace as the Alertmanager + // object, which shall be mounted into the Alertmanager Pods. + // Each Secret is added to the StatefulSet definition as a volume named `secret-`. + // The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. + Secrets []string `json:"secrets,omitempty"` + // ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager + // object, which shall be mounted into the Alertmanager Pods. + // Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + // The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. + ConfigMaps []string `json:"configMaps,omitempty"` + // ConfigSecret is the name of a Kubernetes Secret in the same namespace as the + // Alertmanager object, which contains the configuration for this Alertmanager + // instance. If empty, it defaults to `alertmanager-`. + // + // The Alertmanager configuration should be available under the + // `alertmanager.yaml` key. Additional keys from the original secret are + // copied to the generated secret and mounted into the + // `/etc/alertmanager/config` directory in the `alertmanager` container. + // + // If either the secret or the `alertmanager.yaml` key is missing, the + // operator provisions a minimal Alertmanager configuration with one empty + // receiver (effectively dropping alert notifications). + ConfigSecret string `json:"configSecret,omitempty"` + // Log level for Alertmanager to be configured with. + // +kubebuilder:validation:Enum="";debug;info;warn;error + LogLevel string `json:"logLevel,omitempty"` + // Log format for Alertmanager to be configured with. + // +kubebuilder:validation:Enum="";logfmt;json + LogFormat string `json:"logFormat,omitempty"` + // Size is the expected size of the alertmanager cluster. The controller will + // eventually make the size of the running cluster equal to the expected + // size. + Replicas *int32 `json:"replicas,omitempty"` + // Time duration Alertmanager shall retain data for. Default is '120h', + // and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + // +kubebuilder:default:="120h" + Retention GoDuration `json:"retention,omitempty"` + // Storage is the definition of how storage will be used by the Alertmanager + // instances. + Storage *StorageSpec `json:"storage,omitempty"` + // Volumes allows configuration of additional volumes on the output StatefulSet definition. + // Volumes specified will be appended to other volumes that are generated as a result of + // StorageSpec objects. + Volumes []v1.Volume `json:"volumes,omitempty"` + // VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. + // VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, + // that are generated as a result of StorageSpec objects. + VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` + // The external URL the Alertmanager instances will be available under. This is + // necessary to generate correct URLs. This is necessary if Alertmanager is not + // served from root of a DNS name. + ExternalURL string `json:"externalUrl,omitempty"` + // The route prefix Alertmanager registers HTTP handlers for. This is useful, + // if using ExternalURL and a proxy is rewriting HTTP routes of a request, + // and the actual ExternalURL is still true, but the server serves requests + // under a different route prefix. For example for use with `kubectl proxy`. + RoutePrefix string `json:"routePrefix,omitempty"` + // If set to true all actions on the underlying managed objects are not + // goint to be performed, except for delete actions. + Paused bool `json:"paused,omitempty"` + // Define which Nodes the Pods are scheduled on. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // Define resources requests and limits for single Pods. + Resources v1.ResourceRequirements `json:"resources,omitempty"` + // If specified, the pod's scheduling constraints. + Affinity *v1.Affinity `json:"affinity,omitempty"` + // If specified, the pod's tolerations. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // If specified, the pod's topology spread constraints. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // SecurityContext holds pod-level security attributes and common container settings. + // This defaults to the default PodSecurityContext. + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // ServiceAccountName is the name of the ServiceAccount to use to run the + // Prometheus Pods. + ServiceAccountName string `json:"serviceAccountName,omitempty"` + // ListenLocal makes the Alertmanager server listen on loopback, so that it + // does not bind against the Pod IP. Note this is only for the Alertmanager + // UI, not the gossip communication. + ListenLocal bool `json:"listenLocal,omitempty"` + // Containers allows injecting additional containers. This is meant to + // allow adding an authentication proxy to an Alertmanager pod. + // Containers described here modify an operator generated container if they + // share the same name and modifications are done via a strategic merge + // patch. The current container names are: `alertmanager` and + // `config-reloader`. Overriding containers is entirely outside the scope + // of what the maintainers will support and by doing so, you accept that + // this behaviour may break at any time without notice. + Containers []v1.Container `json:"containers,omitempty"` + // InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. + // fetch secrets for injection into the Alertmanager configuration from external sources. Any + // errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // InitContainers described here modify an operator + // generated init containers if they share the same name and modifications are + // done via a strategic merge patch. The current init container name is: + // `init-config-reloader`. Overriding init containers is entirely outside the + // scope of what the maintainers will support and by doing so, you accept that + // this behaviour may break at any time without notice. + InitContainers []v1.Container `json:"initContainers,omitempty"` + // Priority class assigned to the Pods + PriorityClassName string `json:"priorityClassName,omitempty"` + // AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + AdditionalPeers []string `json:"additionalPeers,omitempty"` + // ClusterAdvertiseAddress is the explicit address to advertise in cluster. + // Needs to be provided for non RFC1918 [1] (public) addresses. + // [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ClusterAdvertiseAddress string `json:"clusterAdvertiseAddress,omitempty"` + // Interval between gossip attempts. + ClusterGossipInterval GoDuration `json:"clusterGossipInterval,omitempty"` + // Defines the identifier that uniquely identifies the Alertmanager cluster. + // You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field. + ClusterLabel *string `json:"clusterLabel,omitempty"` + // Interval between pushpull attempts. + ClusterPushpullInterval GoDuration `json:"clusterPushpullInterval,omitempty"` + // Timeout for cluster peering. + ClusterPeerTimeout GoDuration `json:"clusterPeerTimeout,omitempty"` + // Port name used for the pods and governing service. + // Defaults to `web`. + // +kubebuilder:default:="web" + PortName string `json:"portName,omitempty"` + // ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + // Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + ForceEnableClusterMode bool `json:"forceEnableClusterMode,omitempty"` + // AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + AlertmanagerConfigSelector *metav1.LabelSelector `json:"alertmanagerConfigSelector,omitempty"` + // The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. + // In the future more options may be added. + AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` + // Namespaces to be selected for AlertmanagerConfig discovery. If nil, only + // check own namespace. + AlertmanagerConfigNamespaceSelector *metav1.LabelSelector `json:"alertmanagerConfigNamespaceSelector,omitempty"` + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. + // +optional + MinReadySeconds *uint32 `json:"minReadySeconds,omitempty"` + // Pods' hostAliases configuration + // +listType=map + // +listMapKey=ip + HostAliases []HostAlias `json:"hostAliases,omitempty"` + // Defines the web command line flags when starting Alertmanager. + Web *AlertmanagerWebSpec `json:"web,omitempty"` + // EXPERIMENTAL: alertmanagerConfiguration specifies the configuration of Alertmanager. + // If defined, it takes precedence over the `configSecret` field. + // This field may change in future releases. + AlertmanagerConfiguration *AlertmanagerConfiguration `json:"alertmanagerConfiguration,omitempty"` + // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. + // If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials. + // +optional + AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` +} + +// AlertmanagerConfigMatcherStrategy defines the strategy used by AlertmanagerConfig objects to match alerts. +type AlertmanagerConfigMatcherStrategy struct { + // If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. + // `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. + // Default is `OnNamespace`. + // +kubebuilder:validation:Enum="OnNamespace";"None" + // +kubebuilder:default:="OnNamespace" + Type string `json:"type,omitempty"` +} + +// AlertmanagerConfiguration defines the Alertmanager configuration. +// +k8s:openapi-gen=true +type AlertmanagerConfiguration struct { + // The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. + // It must be defined in the same namespace as the Alertmanager object. + // The operator will not enforce a `namespace` label for routes and inhibition rules. + // +kubebuilder:validation:MinLength=1 + Name string `json:"name,omitempty"` + // Defines the global parameters of the Alertmanager configuration. + // +optional + Global *AlertmanagerGlobalConfig `json:"global,omitempty"` + // Custom notification templates. + // +optional + Templates []SecretOrConfigMap `json:"templates,omitempty"` +} + +// AlertmanagerGlobalConfig configures parameters that are valid in all other configuration contexts. +// See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file +type AlertmanagerGlobalConfig struct { + // Configures global SMTP parameters. + // +optional + SMTPConfig *GlobalSMTPConfig `json:"smtp,omitempty"` + + // ResolveTimeout is the default value used by alertmanager if the alert does + // not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. + // This has no impact on alerts from Prometheus, as they always include EndsAt. + ResolveTimeout Duration `json:"resolveTimeout,omitempty"` + + // HTTP client configuration. + HTTPConfig *HTTPConfig `json:"httpConfig,omitempty"` + + // The default Slack API URL. + SlackAPIURL *v1.SecretKeySelector `json:"slackApiUrl,omitempty"` + + // The default OpsGenie API URL. + OpsGenieAPIURL *v1.SecretKeySelector `json:"opsGenieApiUrl,omitempty"` + + // The default OpsGenie API Key. + OpsGenieAPIKey *v1.SecretKeySelector `json:"opsGenieApiKey,omitempty"` + + // The default Pagerduty URL. + PagerdutyURL *string `json:"pagerdutyUrl,omitempty"` +} + +// AlertmanagerStatus is the most recent observed status of the Alertmanager cluster. Read-only. +// More info: +// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +// +k8s:openapi-gen=true +type AlertmanagerStatus struct { + // Represents whether any actions on the underlying managed objects are + // being performed. Only delete actions will be performed. + Paused bool `json:"paused"` + // Total number of non-terminated pods targeted by this Alertmanager + // object (their labels match the selector). + Replicas int32 `json:"replicas"` + // Total number of non-terminated pods targeted by this Alertmanager + // object that have the desired version spec. + UpdatedReplicas int32 `json:"updatedReplicas"` + // Total number of available pods (ready for at least minReadySeconds) + // targeted by this Alertmanager cluster. + AvailableReplicas int32 `json:"availableReplicas"` + // Total number of unavailable pods targeted by this Alertmanager object. + UnavailableReplicas int32 `json:"unavailableReplicas"` + // The current state of the Alertmanager object. + // +listType=map + // +listMapKey=type + // +optional + Conditions []Condition `json:"conditions,omitempty"` +} + +func (a *Alertmanager) ExpectedReplicas() int { + if a.Spec.Replicas == nil { + return 1 + } + return int(*a.Spec.Replicas) +} + +func (a *Alertmanager) SetReplicas(i int) { a.Status.Replicas = int32(i) } +func (a *Alertmanager) SetUpdatedReplicas(i int) { a.Status.UpdatedReplicas = int32(i) } +func (a *Alertmanager) SetAvailableReplicas(i int) { a.Status.AvailableReplicas = int32(i) } +func (a *Alertmanager) SetUnavailableReplicas(i int) { a.Status.UnavailableReplicas = int32(i) } + +// AlertmanagerWebSpec defines the web command line flags when starting Alertmanager. +// +k8s:openapi-gen=true +type AlertmanagerWebSpec struct { + WebConfigFileFields `json:",inline"` + // Maximum number of GET requests processed concurrently. This corresponds to the + // Alertmanager's `--web.get-concurrency` flag. + // +optional + GetConcurrency *uint32 `json:"getConcurrency,omitempty"` + // Timeout for HTTP requests. This corresponds to the Alertmanager's + // `--web.timeout` flag. + // +optional + Timeout *uint32 `json:"timeout,omitempty"` +} + +// GlobalSMTPConfig configures global SMTP parameters. +// See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file +type GlobalSMTPConfig struct { + // The default SMTP From header field. + // +optional + From *string `json:"from,omitempty"` + + // The default SMTP smarthost used for sending emails. + // +optional + SmartHost *HostPort `json:"smartHost,omitempty"` + + // The default hostname to identify to the SMTP server. + // +optional + Hello *string `json:"hello,omitempty"` + + // SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. + // +optional + AuthUsername *string `json:"authUsername,omitempty"` + + // SMTP Auth using LOGIN and PLAIN. + // +optional + AuthPassword *v1.SecretKeySelector `json:"authPassword,omitempty"` + + // SMTP Auth using PLAIN + // +optional + AuthIdentity *string `json:"authIdentity,omitempty"` + + // SMTP Auth using CRAM-MD5. + // +optional + AuthSecret *v1.SecretKeySelector `json:"authSecret,omitempty"` + + // The default SMTP TLS requirement. + // Note that Go does not support unencrypted connections to remote SMTP endpoints. + // +optional + RequireTLS *bool `json:"requireTLS,omitempty"` +} + +// HostPort represents a "host:port" network address. +type HostPort struct { + // Defines the host's address, it can be a DNS name or a literal IP address. + // +kubebuilder:validation:MinLength=1 + Host string `json:"host"` + // Defines the host's port, it can be a literal port number or a port name. + // +kubebuilder:validation:MinLength=1 + Port string `json:"port"` +} + +// HTTPConfig defines a client HTTP configuration. +// See https://prometheus.io/docs/alerting/latest/configuration/#http_config +type HTTPConfig struct { + // Authorization header configuration for the client. + // This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + // +optional + Authorization *SafeAuthorization `json:"authorization,omitempty"` + // BasicAuth for the client. + // This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + // +optional + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // OAuth2 client credentials used to fetch a token for the targets. + // +optional + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // The secret's key that contains the bearer token to be used by the client + // for authentication. + // The secret needs to be in the same namespace as the Alertmanager + // object and accessible by the Prometheus Operator. + // +optional + BearerTokenSecret *v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + // TLS configuration for the client. + // +optional + TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` + // Optional proxy URL. + // +optional + ProxyURL string `json:"proxyURL,omitempty"` + // FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` +} + +// AlertmanagerList is a list of Alertmanagers. +// +k8s:openapi-gen=true +type AlertmanagerList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of Alertmanagers + Items []Alertmanager `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *AlertmanagerList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go new file mode 100644 index 000000000..64c472527 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go @@ -0,0 +1,18 @@ +// Copyright 2017 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +k8s:deepcopy-gen=package +// +groupName=monitoring.coreos.com + +package v1 diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go new file mode 100644 index 000000000..2fdd107f9 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go @@ -0,0 +1,294 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" +) + +const ( + PodMonitorsKind = "PodMonitor" + PodMonitorName = "podmonitors" + PodMonitorKindKey = "podmonitor" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="pmon" + +// PodMonitor defines monitoring for a set of pods. +type PodMonitor struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of desired Pod selection for target discovery by Prometheus. + Spec PodMonitorSpec `json:"spec"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *PodMonitor) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// PodMonitorSpec contains specification parameters for a PodMonitor. +// +k8s:openapi-gen=true +type PodMonitorSpec struct { + // The label to use to retrieve the job name from. + // `jobLabel` selects the label from the associated Kubernetes `Pod` + // object which will be used as the `job` label for all metrics. + // + // For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` + // object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + // label to all ingested metrics. + // + // If the value of this field is empty, the `job` label of the metrics + // defaults to the namespace and name of the PodMonitor object (e.g. `/`). + JobLabel string `json:"jobLabel,omitempty"` + + // `podTargetLabels` defines the labels which are transferred from the + // associated Kubernetes `Pod` object onto the ingested metrics. + // + PodTargetLabels []string `json:"podTargetLabels,omitempty"` + + // List of endpoints part of this PodMonitor. + // + // +optional + PodMetricsEndpoints []PodMetricsEndpoint `json:"podMetricsEndpoints"` + + // Label selector to select the Kubernetes `Pod` objects. + Selector metav1.LabelSelector `json:"selector"` + // Selector to select which namespaces the Kubernetes `Pods` objects + // are discovered from. + NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` + + // `sampleLimit` defines a per-scrape limit on the number of scraped samples + // that will be accepted. + // + // +optional + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + + // `targetLimit` defines a limit on the number of scraped targets that will + // be accepted. + // + // +optional + TargetLimit *uint64 `json:"targetLimit,omitempty"` + + // Per-scrape limit on number of labels that will be accepted for a sample. + // + // It requires Prometheus >= v2.27.0. + // + // +optional + LabelLimit *uint64 `json:"labelLimit,omitempty"` + // Per-scrape limit on length of labels name that will be accepted for a sample. + // + // It requires Prometheus >= v2.27.0. + // + // +optional + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + // Per-scrape limit on length of labels value that will be accepted for a sample. + // + // It requires Prometheus >= v2.27.0. + // + // +optional + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + // Per-scrape limit on the number of targets dropped by relabeling + // that will be kept in memory. 0 means no limit. + // + // It requires Prometheus >= v2.47.0. + // + // +optional + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` + + // `attachMetadata` defines additional metadata which is added to the + // discovered targets. + // + // It requires Prometheus >= v2.37.0. + // + // +optional + AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` +} + +// PodMonitorList is a list of PodMonitors. +// +k8s:openapi-gen=true +type PodMonitorList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of PodMonitors + Items []*PodMonitor `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *PodMonitorList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by +// Prometheus. +// +// +k8s:openapi-gen=true +type PodMetricsEndpoint struct { + // Name of the Pod port which this endpoint refers to. + // + // It takes precedence over `targetPort`. + Port string `json:"port,omitempty"` + + // Name or number of the target port of the `Pod` object behind the Service, the + // port must be specified with container port property. + // + // Deprecated: use 'port' instead. + TargetPort *intstr.IntOrString `json:"targetPort,omitempty"` + + // HTTP path from which to scrape for metrics. + // + // If empty, Prometheus uses the default value (e.g. `/metrics`). + Path string `json:"path,omitempty"` + + // HTTP scheme to use for scraping. + // + // `http` and `https` are the expected values unless you rewrite the + // `__scheme__` label via relabeling. + // + // If empty, Prometheus uses the default value `http`. + // + // +kubebuilder:validation:Enum=http;https + Scheme string `json:"scheme,omitempty"` + + // `params` define optional HTTP URL parameters. + Params map[string][]string `json:"params,omitempty"` + + // Interval at which Prometheus scrapes the metrics from the target. + // + // If empty, Prometheus uses the global scrape interval. + Interval Duration `json:"interval,omitempty"` + + // Timeout after which Prometheus considers the scrape to be failed. + // + // If empty, Prometheus uses the global scrape timeout unless it is less + // than the target's scrape interval value in which the latter is used. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + + // TLS configuration to use when scraping the target. + // + // +optional + TLSConfig *PodMetricsEndpointTLSConfig `json:"tlsConfig,omitempty"` + + // `bearerTokenSecret` specifies a key of a Secret containing the bearer + // token for scraping targets. The secret needs to be in the same namespace + // as the PodMonitor object and readable by the Prometheus Operator. + // + // +optional + // + // Deprecated: use `authorization` instead. + BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + + // When true, `honorLabels` preserves the metric's labels when they collide + // with the target's labels. + HonorLabels bool `json:"honorLabels,omitempty"` + + // `honorTimestamps` controls whether Prometheus preserves the timestamps + // when exposed by the target. + // + // +optional + HonorTimestamps *bool `json:"honorTimestamps,omitempty"` + + // `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + // the metrics that have an explicit timestamp present in scraped data. + // Has no effect if `honorTimestamps` is false. + // + // It requires Prometheus >= v2.48.0. + // + // +optional + TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` + + // `basicAuth` configures the Basic Authentication credentials to use when + // scraping the target. + // + // Cannot be set at the same time as `authorization`, or `oauth2`. + // + // +optional + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + + // `oauth2` configures the OAuth2 settings to use when scraping the target. + // + // It requires Prometheus >= 2.27.0. + // + // Cannot be set at the same time as `authorization`, or `basicAuth`. + // + // +optional + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + + // `authorization` configures the Authorization header credentials to use when + // scraping the target. + // + // Cannot be set at the same time as `basicAuth`, or `oauth2`. + // + // +optional + Authorization *SafeAuthorization `json:"authorization,omitempty"` + + // `metricRelabelings` configures the relabeling rules to apply to the + // samples before ingestion. + // + // +optional + MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"` + + // `relabelings` configures the relabeling rules to apply the target's + // metadata labels. + // + // The Operator automatically adds relabelings for a few standard Kubernetes fields. + // + // The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + // + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + // + // +optional + RelabelConfigs []*RelabelConfig `json:"relabelings,omitempty"` + + // `proxyURL` configures the HTTP Proxy URL (e.g. + // "http://proxyserver:2195") to go through when scraping the target. + // + // +optional + ProxyURL *string `json:"proxyUrl,omitempty"` + + // `followRedirects` defines whether the scrape requests should follow HTTP + // 3xx redirects. + // + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` + + // `enableHttp2` can be used to disable HTTP2 when scraping the target. + // + // +optional + EnableHttp2 *bool `json:"enableHttp2,omitempty"` + + // When true, the pods which are not running (e.g. either in Failed or + // Succeeded state) are dropped during the target discovery. + // + // If unset, the filtering is enabled. + // + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + // + // +optional + FilterRunning *bool `json:"filterRunning,omitempty"` +} + +// PodMetricsEndpointTLSConfig specifies TLS configuration parameters. +// +k8s:openapi-gen=true +type PodMetricsEndpointTLSConfig struct { + SafeTLSConfig `json:",inline"` +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go new file mode 100644 index 000000000..59b85ae6a --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go @@ -0,0 +1,213 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +const ( + ProbesKind = "Probe" + ProbeName = "probes" + ProbeKindKey = "probe" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="prb" + +// Probe defines monitoring for a set of static targets or ingresses. +type Probe struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of desired Ingress selection for target discovery by Prometheus. + Spec ProbeSpec `json:"spec"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *Probe) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// ProbeSpec contains specification parameters for a Probe. +// +k8s:openapi-gen=true +type ProbeSpec struct { + // The job name assigned to scraped metrics by default. + JobName string `json:"jobName,omitempty"` + // Specification for the prober to use for probing targets. + // The prober.URL parameter is required. Targets cannot be probed if left empty. + ProberSpec ProberSpec `json:"prober,omitempty"` + // The module to use for probing specifying how to probe the target. + // Example module configuring in the blackbox exporter: + // https://github.com/prometheus/blackbox_exporter/blob/master/example.yml + Module string `json:"module,omitempty"` + // Targets defines a set of static or dynamically discovered targets to probe. + Targets ProbeTargets `json:"targets,omitempty"` + // Interval at which targets are probed using the configured prober. + // If not specified Prometheus' global scrape interval is used. + Interval Duration `json:"interval,omitempty"` + // Timeout for scraping metrics from the Prometheus exporter. + // If not specified, the Prometheus global scrape timeout is used. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + // TLS configuration to use when scraping the endpoint. + TLSConfig *ProbeTLSConfig `json:"tlsConfig,omitempty"` + // Secret to mount to read bearer token for scraping targets. The secret + // needs to be in the same namespace as the probe and accessible by + // the Prometheus Operator. + BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + // BasicAuth allow an endpoint to authenticate over basic authentication. + // More info: https://prometheus.io/docs/operating/configuration/#endpoint + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // MetricRelabelConfigs to apply to samples before ingestion. + MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"` + // Authorization section for this endpoint + Authorization *SafeAuthorization `json:"authorization,omitempty"` + // SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + // +optional + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + // TargetLimit defines a limit on the number of scraped targets that will be accepted. + // +optional + TargetLimit *uint64 `json:"targetLimit,omitempty"` + // Per-scrape limit on number of labels that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + // +optional + LabelLimit *uint64 `json:"labelLimit,omitempty"` + // Per-scrape limit on length of labels name that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + // +optional + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + // Per-scrape limit on length of labels value that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + // +optional + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + // Per-scrape limit on the number of targets dropped by relabeling + // that will be kept in memory. 0 means no limit. + // + // It requires Prometheus >= v2.47.0. + // + // +optional + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` +} + +// ProbeTargets defines how to discover the probed targets. +// One of the `staticConfig` or `ingress` must be defined. +// If both are defined, `staticConfig` takes precedence. +// +k8s:openapi-gen=true +type ProbeTargets struct { + // staticConfig defines the static list of targets to probe and the + // relabeling configuration. + // If `ingress` is also defined, `staticConfig` takes precedence. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. + StaticConfig *ProbeTargetStaticConfig `json:"staticConfig,omitempty"` + // ingress defines the Ingress objects to probe and the relabeling + // configuration. + // If `staticConfig` is also defined, `staticConfig` takes precedence. + Ingress *ProbeTargetIngress `json:"ingress,omitempty"` +} + +// Validate semantically validates the given ProbeTargets. +func (it *ProbeTargets) Validate() error { + if it.StaticConfig == nil && it.Ingress == nil { + return &ProbeTargetsValidationError{"at least one of .spec.targets.staticConfig and .spec.targets.ingress is required"} + } + + return nil +} + +// ProbeTargetsValidationError is returned by ProbeTargets.Validate() +// on semantically invalid configurations. +// +k8s:openapi-gen=false +type ProbeTargetsValidationError struct { + err string +} + +func (e *ProbeTargetsValidationError) Error() string { + return e.err +} + +// ProbeTargetStaticConfig defines the set of static targets considered for probing. +// +k8s:openapi-gen=true +type ProbeTargetStaticConfig struct { + // The list of hosts to probe. + Targets []string `json:"static,omitempty"` + // Labels assigned to all metrics scraped from the targets. + Labels map[string]string `json:"labels,omitempty"` + // RelabelConfigs to apply to the label set of the targets before it gets + // scraped. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + RelabelConfigs []*RelabelConfig `json:"relabelingConfigs,omitempty"` +} + +// ProbeTargetIngress defines the set of Ingress objects considered for probing. +// The operator configures a target for each host/path combination of each ingress object. +// +k8s:openapi-gen=true +type ProbeTargetIngress struct { + // Selector to select the Ingress objects. + Selector metav1.LabelSelector `json:"selector,omitempty"` + // From which namespaces to select Ingress objects. + NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` + // RelabelConfigs to apply to the label set of the target before it gets + // scraped. + // The original ingress address is available via the + // `__tmp_prometheus_ingress_address` label. It can be used to customize the + // probed URL. + // The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + RelabelConfigs []*RelabelConfig `json:"relabelingConfigs,omitempty"` +} + +// ProberSpec contains specification parameters for the Prober used for probing. +// +k8s:openapi-gen=true +type ProberSpec struct { + // Mandatory URL of the prober. + URL string `json:"url"` + // HTTP scheme to use for scraping. + // `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. + // If empty, Prometheus uses the default value `http`. + // +kubebuilder:validation:Enum=http;https + Scheme string `json:"scheme,omitempty"` + // Path to collect metrics from. + // Defaults to `/probe`. + // +kubebuilder:default:="/probe" + Path string `json:"path,omitempty"` + // Optional ProxyURL. + ProxyURL string `json:"proxyUrl,omitempty"` +} + +// ProbeList is a list of Probes. +// +k8s:openapi-gen=true +type ProbeList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of Probes + Items []*Probe `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *ProbeList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// ProbeTLSConfig specifies TLS configuration parameters for the prober. +// +k8s:openapi-gen=true +type ProbeTLSConfig struct { + SafeTLSConfig `json:",inline"` +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go new file mode 100644 index 000000000..4b66d0e19 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go @@ -0,0 +1,1752 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + "strings" + + appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/intstr" +) + +const ( + PrometheusesKind = "Prometheus" + PrometheusName = "prometheuses" + PrometheusKindKey = "prometheus" +) + +// PrometheusInterface is used by Prometheus and PrometheusAgent to share common methods, e.g. config generation. +// +k8s:deepcopy-gen=false +type PrometheusInterface interface { + metav1.ObjectMetaAccessor + schema.ObjectKind + + GetCommonPrometheusFields() CommonPrometheusFields + SetCommonPrometheusFields(CommonPrometheusFields) + + GetStatus() PrometheusStatus +} + +var _ = PrometheusInterface(&Prometheus{}) + +func (l *Prometheus) GetCommonPrometheusFields() CommonPrometheusFields { + return l.Spec.CommonPrometheusFields +} + +func (l *Prometheus) SetCommonPrometheusFields(f CommonPrometheusFields) { + l.Spec.CommonPrometheusFields = f +} + +func (l *Prometheus) GetStatus() PrometheusStatus { + return l.Status +} + +// +kubebuilder:validation:Enum=OnResource;OnShard +type AdditionalLabelSelectors string + +const ( + // Automatically add a label selector that will select all pods matching the same Prometheus/PrometheusAgent resource (irrespective of their shards). + ResourceNameLabelSelector AdditionalLabelSelectors = "OnResource" + + // Automatically add a label selector that will select all pods matching the same shard. + ShardAndResourceNameLabelSelector AdditionalLabelSelectors = "OnShard" +) + +type CoreV1TopologySpreadConstraint v1.TopologySpreadConstraint + +type TopologySpreadConstraint struct { + CoreV1TopologySpreadConstraint `json:",inline"` + + //+optional + // Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint. + AdditionalLabelSelectors *AdditionalLabelSelectors `json:"additionalLabelSelectors,omitempty"` +} + +// CommonPrometheusFields are the options available to both the Prometheus server and agent. +// +k8s:deepcopy-gen=true +type CommonPrometheusFields struct { + // PodMetadata configures labels and annotations which are propagated to the Prometheus pods. + // + // The following items are reserved and cannot be overridden: + // * "prometheus" label, set to the name of the Prometheus object. + // * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. + // * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + // * "app.kubernetes.io/name" label, set to "prometheus". + // * "app.kubernetes.io/version" label, set to the Prometheus version. + // * "operator.prometheus.io/name" label, set to the name of the Prometheus object. + // * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. + // * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus". + PodMetadata *EmbeddedObjectMetadata `json:"podMetadata,omitempty"` + + // ServiceMonitors to be selected for target discovery. An empty label + // selector matches all objects. A null label selector matches no objects. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + // and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is *deprecated* and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + ServiceMonitorSelector *metav1.LabelSelector `json:"serviceMonitorSelector,omitempty"` + // Namespaces to match for ServicedMonitors discovery. An empty label selector + // matches all namespaces. A null label selector matches the current + // namespace only. + ServiceMonitorNamespaceSelector *metav1.LabelSelector `json:"serviceMonitorNamespaceSelector,omitempty"` + + // *Experimental* PodMonitors to be selected for target discovery. An empty + // label selector matches all objects. A null label selector matches no + // objects. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + // and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is *deprecated* and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + PodMonitorSelector *metav1.LabelSelector `json:"podMonitorSelector,omitempty"` + // Namespaces to match for PodMonitors discovery. An empty label selector + // matches all namespaces. A null label selector matches the current + // namespace only. + PodMonitorNamespaceSelector *metav1.LabelSelector `json:"podMonitorNamespaceSelector,omitempty"` + + // *Experimental* Probes to be selected for target discovery. An empty + // label selector matches all objects. A null label selector matches no + // objects. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + // and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is *deprecated* and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + ProbeSelector *metav1.LabelSelector `json:"probeSelector,omitempty"` + // *Experimental* Namespaces to match for Probe discovery. An empty label + // selector matches all namespaces. A null label selector matches the + // current namespace only. + ProbeNamespaceSelector *metav1.LabelSelector `json:"probeNamespaceSelector,omitempty"` + + // *Experimental* ScrapeConfigs to be selected for target discovery. An + // empty label selector matches all objects. A null label selector matches + // no objects. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + // and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is *deprecated* and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + ScrapeConfigSelector *metav1.LabelSelector `json:"scrapeConfigSelector,omitempty"` + // Namespaces to match for ScrapeConfig discovery. An empty label selector + // matches all namespaces. A null label selector matches the current + // current namespace only. + ScrapeConfigNamespaceSelector *metav1.LabelSelector `json:"scrapeConfigNamespaceSelector,omitempty"` + + // Version of Prometheus being deployed. The operator uses this information + // to generate the Prometheus StatefulSet + configuration files. + // + // If not specified, the operator assumes the latest upstream version of + // Prometheus available at the time when the version of the operator was + // released. + Version string `json:"version,omitempty"` + + // When a Prometheus deployment is paused, no actions except for deletion + // will be performed on the underlying objects. + Paused bool `json:"paused,omitempty"` + + // Container image name for Prometheus. If specified, it takes precedence + // over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. + // + // Specifying `spec.version` is still necessary to ensure the Prometheus + // Operator knows which version of Prometheus is being configured. + // + // If neither `spec.image` nor `spec.baseImage` are defined, the operator + // will use the latest upstream version of Prometheus available at the time + // when the operator was released. + // + // +optional + Image *string `json:"image,omitempty"` + // Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. + // See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + // +kubebuilder:validation:Enum="";Always;Never;IfNotPresent + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // An optional list of references to Secrets in the same namespace + // to use for pulling images from registries. + // See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + + // Number of replicas of each shard to deploy for a Prometheus deployment. + // `spec.replicas` multiplied by `spec.shards` is the total number of Pods + // created. + // + // Default: 1 + // +optional + Replicas *int32 `json:"replicas,omitempty"` + // EXPERIMENTAL: Number of shards to distribute targets onto. `spec.replicas` + // multiplied by `spec.shards` is the total number of Pods created. + // + // Note that scaling down shards will not reshard data onto remaining + // instances, it must be manually moved. Increasing shards will not reshard + // data either but it will continue to be available from the same + // instances. To query globally, use Thanos sidecar and Thanos querier or + // remote write data to a central location. + // + // Sharding is performed on the content of the `__address__` target meta-label + // for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + // + // Default: 1 + // +optional + Shards *int32 `json:"shards,omitempty"` + + // Name of Prometheus external label used to denote the replica name. + // The external label will _not_ be added when the field is set to the + // empty string (`""`). + // + // Default: "prometheus_replica" + // +optional + ReplicaExternalLabelName *string `json:"replicaExternalLabelName,omitempty"` + // Name of Prometheus external label used to denote the Prometheus instance + // name. The external label will _not_ be added when the field is set to + // the empty string (`""`). + // + // Default: "prometheus" + // +optional + PrometheusExternalLabelName *string `json:"prometheusExternalLabelName,omitempty"` + + // Log level for Prometheus and the config-reloader sidecar. + // +kubebuilder:validation:Enum="";debug;info;warn;error + LogLevel string `json:"logLevel,omitempty"` + // Log format for Log level for Prometheus and the config-reloader sidecar. + // +kubebuilder:validation:Enum="";logfmt;json + LogFormat string `json:"logFormat,omitempty"` + + // Interval between consecutive scrapes. + // + // Default: "30s" + // +kubebuilder:default:="30s" + ScrapeInterval Duration `json:"scrapeInterval,omitempty"` + // Number of seconds to wait until a scrape request times out. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + + // The labels to add to any time series or alerts when communicating with + // external systems (federation, remote storage, Alertmanager). + // Labels defined by `spec.replicaExternalLabelName` and + // `spec.prometheusExternalLabelName` take precedence over this list. + ExternalLabels map[string]string `json:"externalLabels,omitempty"` + + // Enable Prometheus to be used as a receiver for the Prometheus remote + // write protocol. + // + // WARNING: This is not considered an efficient way of ingesting samples. + // Use it with caution for specific low-volume use cases. + // It is not suitable for replacing the ingestion via scraping and turning + // Prometheus into a push-based metrics collection system. + // For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + // + // It requires Prometheus >= v2.33.0. + EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"` + + // Enable access to Prometheus feature flags. By default, no features are enabled. + // + // Enabling features which are disabled by default is entirely outside the + // scope of what the maintainers will support and by doing so, you accept + // that this behaviour may break at any time without notice. + // + // For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ + EnableFeatures []string `json:"enableFeatures,omitempty"` + + // The external URL under which the Prometheus service is externally + // available. This is necessary to generate correct URLs (for instance if + // Prometheus is accessible behind an Ingress resource). + ExternalURL string `json:"externalUrl,omitempty"` + // The route prefix Prometheus registers HTTP handlers for. + // + // This is useful when using `spec.externalURL`, and a proxy is rewriting + // HTTP routes of a request, and the actual ExternalURL is still true, but + // the server serves requests under a different route prefix. For example + // for use with `kubectl proxy`. + RoutePrefix string `json:"routePrefix,omitempty"` + + // Storage defines the storage used by Prometheus. + Storage *StorageSpec `json:"storage,omitempty"` + + // Volumes allows the configuration of additional volumes on the output + // StatefulSet definition. Volumes specified will be appended to other + // volumes that are generated as a result of StorageSpec objects. + Volumes []v1.Volume `json:"volumes,omitempty"` + // VolumeMounts allows the configuration of additional VolumeMounts. + // + // VolumeMounts will be appended to other VolumeMounts in the 'prometheus' + // container, that are generated as a result of StorageSpec objects. + VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` + + // The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. + // The default behavior is all PVCs are retained. + // This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. + // It requires enabling the StatefulSetAutoDeletePVC feature gate. + // + // +optional + PersistentVolumeClaimRetentionPolicy *appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy `json:"persistentVolumeClaimRetentionPolicy,omitempty"` + + // Defines the configuration of the Prometheus web server. + Web *PrometheusWebSpec `json:"web,omitempty"` + + // Defines the resources requests and limits of the 'prometheus' container. + Resources v1.ResourceRequirements `json:"resources,omitempty"` + + // Defines on which Nodes the Pods are scheduled. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // ServiceAccountName is the name of the ServiceAccount to use to run the + // Prometheus Pods. + ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // Secrets is a list of Secrets in the same namespace as the Prometheus + // object, which shall be mounted into the Prometheus Pods. + // Each Secret is added to the StatefulSet definition as a volume named `secret-`. + // The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + Secrets []string `json:"secrets,omitempty"` + // ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus + // object, which shall be mounted into the Prometheus Pods. + // Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + // The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. + ConfigMaps []string `json:"configMaps,omitempty"` + + // Defines the Pods' affinity scheduling rules if specified. + // +optional + Affinity *v1.Affinity `json:"affinity,omitempty"` + // Defines the Pods' tolerations if specified. + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + + // Defines the pod's topology spread constraints if specified. + //+optional + TopologySpreadConstraints []TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + + // Defines the list of remote write configurations. + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + + // SecurityContext holds pod-level security attributes and common container settings. + // This defaults to the default PodSecurityContext. + // +optional + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + + // When true, the Prometheus server listens on the loopback address + // instead of the Pod IP's address. + ListenLocal bool `json:"listenLocal,omitempty"` + + // Containers allows injecting additional containers or modifying operator + // generated containers. This can be used to allow adding an authentication + // proxy to the Pods or to change the behavior of an operator generated + // container. Containers described here modify an operator generated + // container if they share the same name and modifications are done via a + // strategic merge patch. + // + // The names of containers managed by the operator are: + // * `prometheus` + // * `config-reloader` + // * `thanos-sidecar` + // + // Overriding containers is entirely outside the scope of what the + // maintainers will support and by doing so, you accept that this behaviour + // may break at any time without notice. + // +optional + Containers []v1.Container `json:"containers,omitempty"` + // InitContainers allows injecting initContainers to the Pod definition. Those + // can be used to e.g. fetch secrets for injection into the Prometheus + // configuration from external sources. Any errors during the execution of + // an initContainer will lead to a restart of the Pod. More info: + // https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // InitContainers described here modify an operator generated init + // containers if they share the same name and modifications are done via a + // strategic merge patch. + // + // The names of init container name managed by the operator are: + // * `init-config-reloader`. + // + // Overriding init containers is entirely outside the scope of what the + // maintainers will support and by doing so, you accept that this behaviour + // may break at any time without notice. + // +optional + InitContainers []v1.Container `json:"initContainers,omitempty"` + + // AdditionalScrapeConfigs allows specifying a key of a Secret containing + // additional Prometheus scrape configurations. Scrape configurations + // specified are appended to the configurations generated by the Prometheus + // Operator. Job configurations specified must have the form as specified + // in the official Prometheus documentation: + // https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + // As scrape configs are appended, the user is responsible to make sure it + // is valid. Note that using this feature may expose the possibility to + // break upgrades of Prometheus. It is advised to review Prometheus release + // notes to ensure that no incompatible scrape configs are going to break + // Prometheus after the upgrade. + // +optional + AdditionalScrapeConfigs *v1.SecretKeySelector `json:"additionalScrapeConfigs,omitempty"` + + // APIServerConfig allows specifying a host and auth methods to access the + // Kuberntees API server. + // If null, Prometheus is assumed to run inside of the cluster: it will + // discover the API servers automatically and use the Pod's CA certificate + // and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + // +optional + APIServerConfig *APIServerConfig `json:"apiserverConfig,omitempty"` + + // Priority class assigned to the Pods. + PriorityClassName string `json:"priorityClassName,omitempty"` + // Port name used for the pods and governing service. + // Default: "web" + // +kubebuilder:default:="web" + PortName string `json:"portName,omitempty"` + + // When true, ServiceMonitor, PodMonitor and Probe object are forbidden to + // reference arbitrary files on the file system of the 'prometheus' + // container. + // When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value + // (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a + // malicious target can get access to the Prometheus service account's + // token in the Prometheus' scrape request. Setting + // `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. + // Users should instead provide the credentials using the + // `spec.bearerTokenSecret` field. + ArbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig `json:"arbitraryFSAccessThroughSMs,omitempty"` + + // When true, Prometheus resolves label conflicts by renaming the labels in + // the scraped data to "exported_