From 045eba040de6a46336ac9e0a3f9886046768b4cf Mon Sep 17 00:00:00 2001 From: Maksim Fedotov Date: Thu, 25 May 2023 13:20:06 +0300 Subject: [PATCH] support Create and Delete Volume methods for controller server --- .../templates/_helpers.tpl | 71 ++++++++++ .../templates/controller-rbac.yaml | 71 ++++++++++ .../templates/controller.yaml | 120 ++++++++++++++++ .../templates/csi-driver.yaml | 3 +- .../templates/daemon-set.yaml | 96 ------------- .../templates/nodeplugin-rbac.yaml | 58 ++++++++ .../templates/nodeplugin.yaml | 133 ++++++++++++++++++ .../templates/podmonitor.yaml | 25 ++++ .../templates/role-binding.yaml | 14 -- .../warm-metal-csi-driver/templates/role.yaml | 15 -- .../templates/service-account.yaml | 6 - .../templates/storage-class.yaml | 2 + charts/warm-metal-csi-driver/values.yaml | 48 ++++++- cmd/plugin/controller_server.go | 46 +++++- cmd/plugin/identity_server.go | 44 ++++++ cmd/plugin/main.go | 46 ++++-- cmd/plugin/node_server.go | 33 +++-- go.mod | 55 ++++---- go.sum | 99 +++++++------ pkg/secret/cache.go | 34 ++--- pkg/watcher/watcher.go | 125 ++++++++++++++++ 21 files changed, 884 insertions(+), 260 deletions(-) create mode 100644 charts/warm-metal-csi-driver/templates/_helpers.tpl create mode 100644 charts/warm-metal-csi-driver/templates/controller-rbac.yaml create mode 100644 charts/warm-metal-csi-driver/templates/controller.yaml delete mode 100644 charts/warm-metal-csi-driver/templates/daemon-set.yaml create mode 100644 charts/warm-metal-csi-driver/templates/nodeplugin-rbac.yaml create mode 100644 charts/warm-metal-csi-driver/templates/nodeplugin.yaml create mode 100644 charts/warm-metal-csi-driver/templates/podmonitor.yaml delete mode 100644 charts/warm-metal-csi-driver/templates/role-binding.yaml delete mode 100644 charts/warm-metal-csi-driver/templates/role.yaml delete mode 100644 charts/warm-metal-csi-driver/templates/service-account.yaml create mode 100644 cmd/plugin/identity_server.go create mode 100644 pkg/watcher/watcher.go diff --git a/charts/warm-metal-csi-driver/templates/_helpers.tpl b/charts/warm-metal-csi-driver/templates/_helpers.tpl new file mode 100644 index 0000000..c13defd --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "warm-metal-csi-driver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "warm-metal-csi-driver.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "warm-metal-csi-driver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "warm-metal-csi-driver.labels" -}} +helm.sh/chart: {{ include "warm-metal-csi-driver.chart" . }} +{{ include "warm-metal-csi-driver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{- define "warm-metal-csi-driver.nodeplugin.labels" -}} +component: nodeplugin +{{ include "warm-metal-csi-driver.labels" . }} +{{- end }} + +{{- define "warm-metal-csi-driver.controllerplugin.labels" -}} +component: controllerplugin +{{ include "warm-metal-csi-driver.labels" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "warm-metal-csi-driver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "warm-metal-csi-driver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "warm-metal-csi-driver.nodeplugin.selectorLabels" -}} +component: nodeplugin +{{ include "warm-metal-csi-driver.selectorLabels" . }} +{{- end }} + +{{- define "warm-metal-csi-driver.controllerplugin.selectorLabels" -}} +component: controllerplugin +{{ include "warm-metal-csi-driver.selectorLabels" . }} +{{- end }} \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/controller-rbac.yaml b/charts/warm-metal-csi-driver/templates/controller-rbac.yaml new file mode 100644 index 0000000..e8edf8d --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/controller-rbac.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller +subjects: + - kind: ServiceAccount + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + namespace: {{.Release.Namespace}} +roleRef: + kind: ClusterRole + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/controller.yaml b/charts/warm-metal-csi-driver/templates/controller.yaml new file mode 100644 index 0000000..1a62678 --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/controller.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-controller + labels: + {{- include "warm-metal-csi-driver.controllerplugin.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "warm-metal-csi-driver.controllerplugin.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "warm-metal-csi-driver.controllerplugin.labels" . | nindent 8 }} + spec: + containers: + - name: csi-provisioner + image: "{{ .Values.csiExternalProvisioner.image.repository }}:{{ .Values.csiExternalProvisioner.image.tag }}" + imagePullPolicy: {{ .Values.csiLivenessProbe.image.pullPolicy }} + args: + - "--csi-address=/csi/csi.sock" + {{- with .Values.csiExternalProvisioner.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - name: liveness-probe + image: "{{ .Values.csiLivenessProbe.image.repository }}:{{ .Values.csiLivenessProbe.image.tag }}" + imagePullPolicy: {{ .Values.csiLivenessProbe.image.pullPolicy }} + args: + - "--csi-address=/csi/csi.sock" + - "--http-endpoint=:9809" + - "-v={{ .Values.logLevel }}" + {{- with .Values.csiLivenessProbe.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - name: csi-plugin + args: + - --endpoint=$(CSI_ENDPOINT) + - --node=$(KUBE_NODE_NAME) + - --runtime-addr=$(CRI_ADDR) + - --node-plugin-sa={{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + - "-v={{ .Values.logLevel }}" + - "--mode=controller" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CRI_ADDR + value: {{ .Values.runtime.engine }}://{{ .Values.runtime.socketPath }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- with .Values.csiPlugin.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.csiPlugin.image.repository }}:{{ .Values.csiPlugin.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.csiPlugin.image.pullPolicy }} + ports: + - containerPort: 9809 + name: metrics + protocol: TCP + livenessProbe: + {{- toYaml .Values.csiPlugin.livenessProbe | nindent 12}} + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: {{ .Values.kubeletRoot }}/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: {{ .Values.runtime.socketPath }} + name: runtime-socket + - mountPath: {{ .Values.snapshotRoot }} + mountPropagation: Bidirectional + name: snapshot-root-0 + serviceAccountName: {{ include "warm-metal-csi-driver.fullname" . }}-controller + volumes: + - hostPath: + path: {{ .Values.kubeletRoot }}/plugins/csi-image.warm-metal.tech + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: {{ .Values.kubeletRoot }}/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: {{ .Values.kubeletRoot }}/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: {{ .Values.runtime.socketPath }} + type: Socket + name: runtime-socket + - hostPath: + path: {{ .Values.snapshotRoot }} + type: Directory + name: snapshot-root-0 + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/csi-driver.yaml b/charts/warm-metal-csi-driver/templates/csi-driver.yaml index 399277f..7f971c5 100644 --- a/charts/warm-metal-csi-driver/templates/csi-driver.yaml +++ b/charts/warm-metal-csi-driver/templates/csi-driver.yaml @@ -1,8 +1,9 @@ ---- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: csi-image.warm-metal.tech + labels: + {{- include "warm-metal-csi-driver.labels" . | nindent 4 }} spec: attachRequired: false podInfoOnMount: true diff --git a/charts/warm-metal-csi-driver/templates/daemon-set.yaml b/charts/warm-metal-csi-driver/templates/daemon-set.yaml deleted file mode 100644 index 49beeeb..0000000 --- a/charts/warm-metal-csi-driver/templates/daemon-set.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - name: csi-image-warm-metal - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-image-warm-metal - template: - metadata: - labels: - app: csi-image-warm-metal - spec: - containers: - - args: - - --csi-address=/csi/csi.sock - - --kubelet-registration-path={{ .Values.kubletRoot }}/plugins/csi-image.warm-metal.tech/csi.sock - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: {{ .Values.csiNodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriverRegistrar.image.tag }} - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - rm -rf /registration/csi-image.warm-metal.tech /registration/csi-image.warm-metal.tech-reg.sock - name: node-driver-registrar - resources: {} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /registration - name: registration-dir - - args: - - --endpoint=$(CSI_ENDPOINT) - - --node=$(KUBE_NODE_NAME) - - --runtime-addr=$(CRI_ADDR) - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: CRI_ADDR - value: {{ .Values.runtime.engine }}://{{ .Values.runtime.socketPath }} - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: IfNotPresent - name: plugin - resources: {} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.kubletRoot }}/pods - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: {{ .Values.runtime.socketPath }} - name: runtime-socket - - mountPath: {{ .Values.snapshotRoot }} - mountPropagation: Bidirectional - name: snapshot-root-0 - hostNetwork: true - serviceAccountName: csi-image-warm-metal - volumes: - - hostPath: - path: {{ .Values.kubletRoot }}/plugins/csi-image.warm-metal.tech - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.kubletRoot }}/pods - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.kubletRoot }}/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: {{ .Values.runtime.socketPath }} - type: Socket - name: runtime-socket - - hostPath: - path: {{ .Values.snapshotRoot }} - type: Directory - name: snapshot-root-0 - updateStrategy: {} \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/nodeplugin-rbac.yaml b/charts/warm-metal-csi-driver/templates/nodeplugin-rbac.yaml new file mode 100644 index 0000000..16574c4 --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/nodeplugin-rbac.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin +subjects: + - kind: ServiceAccount + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + apiGroup: rbac.authorization.k8s.io +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resourceNames: + - {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + resources: + - serviceaccounts + verbs: + - get + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/nodeplugin.yaml b/charts/warm-metal-csi-driver/templates/nodeplugin.yaml new file mode 100644 index 0000000..896385b --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/nodeplugin.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + labels: + {{- include "warm-metal-csi-driver.nodeplugin.labels" . | nindent 4 }} +spec: + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: "10%" + selector: + matchLabels: + {{- include "warm-metal-csi-driver.nodeplugin.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "warm-metal-csi-driver.nodeplugin.labels" . | nindent 8 }} + spec: + containers: + - name: node-driver-registrar + args: + - "--csi-address=/csi/csi.sock" + - --kubelet-registration-path={{ .Values.kubeletRoot }}/plugins/csi-image.warm-metal.tech/csi.sock + - "-v={{ .Values.logLevel }}" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: "{{ .Values.csiNodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriverRegistrar.image.tag }}" + imagePullPolicy: {{ .Values.csiNodeDriverRegistrar.image.pullPolicy }} + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - rm -rf /registration/csi-image.warm-metal.tech /registration/csi-image.warm-metal.tech-reg.sock + {{- with .Values.csiNodeDriverRegistrar.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - name: liveness-probe + image: "{{ .Values.csiLivenessProbe.image.repository }}:{{ .Values.csiLivenessProbe.image.tag }}" + imagePullPolicy: {{ .Values.csiLivenessProbe.image.pullPolicy }} + args: + - "--csi-address=/csi/csi.sock" + - "--http-endpoint=:9809" + - "-v={{ .Values.logLevel }}" + {{- with .Values.csiLivenessProbe.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - name: csi-plugin + args: + - --endpoint=$(CSI_ENDPOINT) + - --node=$(KUBE_NODE_NAME) + - --runtime-addr=$(CRI_ADDR) + - --node-plugin-sa={{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + - "-v={{ .Values.logLevel }}" + - "--mode=node" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CRI_ADDR + value: {{ .Values.runtime.engine }}://{{ .Values.runtime.socketPath }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- with .Values.csiPlugin.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.csiPlugin.image.repository }}:{{ .Values.csiPlugin.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.csiPlugin.image.pullPolicy }} + ports: + - containerPort: 9809 + name: metrics + protocol: TCP + livenessProbe: + {{- toYaml .Values.csiPlugin.livenessProbe | nindent 12}} + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: {{ .Values.kubeletRoot }}/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: {{ .Values.runtime.socketPath }} + name: runtime-socket + - mountPath: {{ .Values.snapshotRoot }} + mountPropagation: Bidirectional + name: snapshot-root-0 + hostNetwork: true + serviceAccountName: {{ include "warm-metal-csi-driver.fullname" . }}-nodeplugin + volumes: + - hostPath: + path: {{ .Values.kubeletRoot }}/plugins/csi-image.warm-metal.tech + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: {{ .Values.kubeletRoot }}/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: {{ .Values.kubeletRoot }}/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: {{ .Values.runtime.socketPath }} + type: Socket + name: runtime-socket + - hostPath: + path: {{ .Values.snapshotRoot }} + type: Directory + name: snapshot-root-0 + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/warm-metal-csi-driver/templates/podmonitor.yaml b/charts/warm-metal-csi-driver/templates/podmonitor.yaml new file mode 100644 index 0000000..9a29a46 --- /dev/null +++ b/charts/warm-metal-csi-driver/templates/podmonitor.yaml @@ -0,0 +1,25 @@ +{{- if or (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1alpha1") }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "warm-metal-csi-driver.fullname" . }} +spec: + podMetricsEndpoints: + - path: /metrics + port: metrics + scheme: http + {{- if .Values.podMonitor.interval }} + interval: {{ .Values.podMonitor.interval }} + {{- end }} + {{- if .Values.podMonitor.timeout }} + scrapeTimeout: {{ .Values.podMonitor.timeout }} + {{- end }} + jobLabel: {{ include "warm-metal-csi-driver.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "warm-metal-csi-driver.selectorLabels" . | nindent 6 }} +{{end}} diff --git a/charts/warm-metal-csi-driver/templates/role-binding.yaml b/charts/warm-metal-csi-driver/templates/role-binding.yaml deleted file mode 100644 index 13b6475..0000000 --- a/charts/warm-metal-csi-driver/templates/role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: csi-image-warm-metal - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-image-warm-metal -subjects: - - kind: ServiceAccount - name: csi-image-warm-metal - namespace: kube-system \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/role.yaml b/charts/warm-metal-csi-driver/templates/role.yaml deleted file mode 100644 index 9782abe..0000000 --- a/charts/warm-metal-csi-driver/templates/role.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: csi-image-warm-metal - namespace: kube-system -rules: - - apiGroups: - - "" - resourceNames: - - csi-image-warm-metal - resources: - - serviceaccounts - verbs: - - get \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/service-account.yaml b/charts/warm-metal-csi-driver/templates/service-account.yaml deleted file mode 100644 index 84ae311..0000000 --- a/charts/warm-metal-csi-driver/templates/service-account.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-image-warm-metal - namespace: kube-system \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/templates/storage-class.yaml b/charts/warm-metal-csi-driver/templates/storage-class.yaml index 637aa9b..8a594e8 100644 --- a/charts/warm-metal-csi-driver/templates/storage-class.yaml +++ b/charts/warm-metal-csi-driver/templates/storage-class.yaml @@ -3,4 +3,6 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: csi-image.warm-metal.tech + labels: + {{- include "warm-metal-csi-driver.labels" . | nindent 4 }} provisioner: csi-image.warm-metal.tech \ No newline at end of file diff --git a/charts/warm-metal-csi-driver/values.yaml b/charts/warm-metal-csi-driver/values.yaml index 6fd5c8a..a58abd6 100644 --- a/charts/warm-metal-csi-driver/values.yaml +++ b/charts/warm-metal-csi-driver/values.yaml @@ -1,13 +1,49 @@ -# Valid EKS values runtime: engine: containerd socketPath: /run/containerd/containerd.sock kubeletRoot: /var/lib/kubelet snapshotRoot: /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs -image: - tag: v0.5.1 - repository: docker.io/warmmetal/csi-image +logLevel: 4 + +csiPlugin: + resources: {} + image: + tag: "" + repository: docker.io/warmmetal/csi-image + pullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: metrics + failureThreshold: 5 + initialDelaySeconds: 10 + timeoutSeconds: 10 + periodSeconds: 60 +csiLivenessProbe: + resources: {} + image: + repository: registry.k8s.io/sig-storage/livenessprobe + tag: v2.10.0 + pullPolicy: IfNotPresent csiNodeDriverRegistrar: + resources: {} + image: + repository: registry.k8s.io/sig-storage/csi-node-driver-registrar + tag: v2.8.0 + pullPolicy: IfNotPresent +csiExternalProvisioner: + resources: {} image: - tag: v1.1.0 - repository: quay.io/k8scsi/csi-node-driver-registrar + repository: registry.k8s.io/sig-storage/csi-provisioner + tag: v3.5.0 + pullPolicy: IfNotPresent +tolerations: {} +affinity: {} +nodeSelector: {} + +fullnameOverride: "" + +podMonitor: + enabled: true + interval: 30s + timeout: 10s \ No newline at end of file diff --git a/cmd/plugin/controller_server.go b/cmd/plugin/controller_server.go index e3f882f..d72b979 100644 --- a/cmd/plugin/controller_server.go +++ b/cmd/plugin/controller_server.go @@ -4,19 +4,59 @@ import ( "context" "github.com/container-storage-interface/spec/lib/go/csi" + "github.com/pkg/errors" + "github.com/warm-metal/csi-driver-image/pkg/watcher" csicommon "github.com/warm-metal/csi-drivers/pkg/csi-common" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) -type controllerServer struct { +const ( + // GiB = 1024 * 1024 * 1024 + GiB = 1024 * 1024 * 1024 + // Default volume size = 1GB + defaultVolumeSize = 1 * GiB +) + +func NewControllerServer(driver *csicommon.CSIDriver, watcher *watcher.Watcher) *ControllerServer { + return &ControllerServer{ + DefaultControllerServer: csicommon.NewDefaultControllerServer(driver), + watcher: watcher, + } +} + +type ControllerServer struct { *csicommon.DefaultControllerServer + watcher *watcher.Watcher } -func (c controllerServer) ControllerExpandVolume(context.Context, *csi.ControllerExpandVolumeRequest) (*csi.ControllerExpandVolumeResponse, error) { +func (c ControllerServer) ControllerExpandVolume(context.Context, *csi.ControllerExpandVolumeRequest) (*csi.ControllerExpandVolumeResponse, error) { return nil, status.Error(codes.Unimplemented, "") } -func (c controllerServer) ControllerGetVolume(context.Context, *csi.ControllerGetVolumeRequest) (*csi.ControllerGetVolumeResponse, error) { +func (c ControllerServer) ControllerGetVolume(context.Context, *csi.ControllerGetVolumeRequest) (*csi.ControllerGetVolumeResponse, error) { return nil, status.Error(codes.Unimplemented, "") } + +func (c *ControllerServer) DeleteVolume(_ context.Context, _ *csi.DeleteVolumeRequest) (*csi.DeleteVolumeResponse, error) { + return &csi.DeleteVolumeResponse{}, nil +} + +func (c ControllerServer) CreateVolume(_ context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) { + volumeSize := int64(defaultVolumeSize) + if req.GetCapacityRange() != nil { + volumeSize = req.GetCapacityRange().GetRequiredBytes() + } + + volumeID, err := c.watcher.GetImage(req.Name) + if err != nil { + return nil, errors.Wrap(err, "failed to get volume handle") + } + + return &csi.CreateVolumeResponse{ + Volume: &csi.Volume{ + VolumeId: volumeID, + CapacityBytes: volumeSize, + }, + }, nil +} diff --git a/cmd/plugin/identity_server.go b/cmd/plugin/identity_server.go new file mode 100644 index 0000000..fe12e27 --- /dev/null +++ b/cmd/plugin/identity_server.go @@ -0,0 +1,44 @@ +package main + +import ( + "github.com/container-storage-interface/spec/lib/go/csi" + "github.com/golang/protobuf/ptypes/wrappers" + "golang.org/x/net/context" +) + +func NewIdentityServer(version string) *IdentityServer { + return &IdentityServer{ + version: version, + } +} + +type IdentityServer struct { + version string +} + +func (ids *IdentityServer) GetPluginInfo(_ context.Context, _ *csi.GetPluginInfoRequest) (*csi.GetPluginInfoResponse, error) { + return &csi.GetPluginInfoResponse{ + Name: driverName, + VendorVersion: ids.version, + }, nil +} + +func (ids *IdentityServer) Probe(_ context.Context, _ *csi.ProbeRequest) (*csi.ProbeResponse, error) { + return &csi.ProbeResponse{ + Ready: &wrappers.BoolValue{Value: true}, + }, nil +} + +func (ids *IdentityServer) GetPluginCapabilities(_ context.Context, _ *csi.GetPluginCapabilitiesRequest) (*csi.GetPluginCapabilitiesResponse, error) { + return &csi.GetPluginCapabilitiesResponse{ + Capabilities: []*csi.PluginCapability{ + { + Type: &csi.PluginCapability_Service_{ + Service: &csi.PluginCapability_Service{ + Type: csi.PluginCapability_Service_CONTROLLER_SERVICE, + }, + }, + }, + }, + }, nil +} diff --git a/cmd/plugin/main.go b/cmd/plugin/main.go index e4d1d1f..3f5352b 100644 --- a/cmd/plugin/main.go +++ b/cmd/plugin/main.go @@ -1,6 +1,7 @@ package main import ( + "context" goflag "flag" "fmt" "net/url" @@ -12,6 +13,7 @@ import ( "github.com/warm-metal/csi-driver-image/pkg/backend/crio" "github.com/warm-metal/csi-driver-image/pkg/cri" "github.com/warm-metal/csi-driver-image/pkg/secret" + "github.com/warm-metal/csi-driver-image/pkg/watcher" csicommon "github.com/warm-metal/csi-drivers/pkg/csi-common" "k8s.io/klog/v2" @@ -24,6 +26,9 @@ const ( containerdScheme = "containerd" criOScheme = "cri-o" + + nodeMode = "node" + controllerMode = "controller" ) var ( @@ -46,6 +51,9 @@ var ( enableCache = flag.Bool("enable-daemon-image-credential-cache", true, "Whether to save contents of imagepullsecrets of the daemon ServiceAccount in memory. "+ "If set to false, secrets will be fetched from the API server on every image pull.") + watcherResyncPeriod = flag.Duration("watcher-resync-period", 30*time.Minute, "The resync period of the pvc watcher.") + mode = flag.String("mode", "", "The mode of the driver. Valid values are: node, controller") + nodePluginSA = flag.String("node-plugin-sa", "csi-image-warm-metal", "The name of the ServiceAccount used by the node plugin.") ) func main() { @@ -63,9 +71,13 @@ func main() { csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY, }) driver.AddControllerServiceCapabilities([]csi.ControllerServiceCapability_RPC_Type{ - csi.ControllerServiceCapability_RPC_UNKNOWN, + csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME, }) + if len(*mode) == 0 { + klog.Fatalf("The mode of the driver is required.") + } + if len(*runtimeAddr) == 0 { if len(*containerdSock) == 0 { klog.Fatalf("The unit socket of container runtime is required.") @@ -107,15 +119,27 @@ func main() { } server := csicommon.NewNonBlockingGRPCServer() - server.Start(*endpoint, - csicommon.NewDefaultIdentityServer(driver), - &controllerServer{csicommon.NewDefaultControllerServer(driver)}, - &nodeServer{ - DefaultNodeServer: csicommon.NewDefaultNodeServer(driver), - mounter: mounter, - imageSvc: criClient, - secretStore: secret.CreateStoreOrDie(*icpConf, *icpBin, *enableCache), - }, - ) + + switch *mode { + case nodeMode: + server.Start(*endpoint, + NewIdentityServer(driverVersion), + nil, + NewNodeServer(driver, mounter, criClient, secret.CreateStoreOrDie(*icpConf, *icpBin, *nodePluginSA, *enableCache))) + case controllerMode: + watcher, err := watcher.New(context.Background(), *watcherResyncPeriod) + if err != nil { + klog.Fatalf("unable to create PVC watcher: %s", err) + } + + defer watcher.Stop() + + server.Start(*endpoint, + NewIdentityServer(driverVersion), + NewControllerServer(driver, watcher), + nil, + ) + } + server.Wait() } diff --git a/cmd/plugin/node_server.go b/cmd/plugin/node_server.go index af2eed9..553fc63 100644 --- a/cmd/plugin/node_server.go +++ b/cmd/plugin/node_server.go @@ -18,13 +18,6 @@ import ( k8smount "k8s.io/utils/mount" ) -type nodeServer struct { - *csicommon.DefaultNodeServer - mounter *backend.SnapshotMounter - imageSvc cri.ImageServiceClient - secretStore secret.Store -} - const ( ctxKeyVolumeHandle = "volumeHandle" ctxKeyImage = "image" @@ -32,7 +25,23 @@ const ( ctxKeyEphemeralVolume = "csi.storage.k8s.io/ephemeral" ) -func (n nodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (resp *csi.NodePublishVolumeResponse, err error) { +func NewNodeServer(driver *csicommon.CSIDriver, mounter *backend.SnapshotMounter, imageSvc cri.ImageServiceClient, secretStore secret.Store) *NodeServer { + return &NodeServer{ + DefaultNodeServer: csicommon.NewDefaultNodeServer(driver), + mounter: mounter, + imageSvc: imageSvc, + secretStore: secretStore, + } +} + +type NodeServer struct { + *csicommon.DefaultNodeServer + mounter *backend.SnapshotMounter + imageSvc cri.ImageServiceClient + secretStore secret.Store +} + +func (n NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (resp *csi.NodePublishVolumeResponse, err error) { klog.Infof("mount request: %s", req.String()) if len(req.VolumeId) == 0 { err = status.Error(codes.InvalidArgument, "VolumeId is missing") @@ -128,7 +137,7 @@ func (n nodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublishV return &csi.NodePublishVolumeResponse{}, nil } -func (n nodeServer) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublishVolumeRequest) (resp *csi.NodeUnpublishVolumeResponse, err error) { +func (n NodeServer) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublishVolumeRequest) (resp *csi.NodeUnpublishVolumeResponse, err error) { klog.Infof("unmount request: %s", req.String()) if len(req.VolumeId) == 0 { err = status.Error(codes.InvalidArgument, "VolumeId is missing") @@ -153,14 +162,14 @@ func (n nodeServer) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpubl return &csi.NodeUnpublishVolumeResponse{}, nil } -func (n nodeServer) NodeStageVolume(ctx context.Context, request *csi.NodeStageVolumeRequest) (*csi.NodeStageVolumeResponse, error) { +func (n NodeServer) NodeStageVolume(ctx context.Context, _ *csi.NodeStageVolumeRequest) (*csi.NodeStageVolumeResponse, error) { return nil, status.Error(codes.Unimplemented, "") } -func (n nodeServer) NodeUnstageVolume(ctx context.Context, request *csi.NodeUnstageVolumeRequest) (*csi.NodeUnstageVolumeResponse, error) { +func (n NodeServer) NodeUnstageVolume(ctx context.Context, _ *csi.NodeUnstageVolumeRequest) (*csi.NodeUnstageVolumeResponse, error) { return nil, status.Error(codes.Unimplemented, "") } -func (n nodeServer) NodeExpandVolume(ctx context.Context, request *csi.NodeExpandVolumeRequest) (*csi.NodeExpandVolumeResponse, error) { +func (n NodeServer) NodeExpandVolume(ctx context.Context, _ *csi.NodeExpandVolumeRequest) (*csi.NodeExpandVolumeResponse, error) { return nil, status.Error(codes.Unimplemented, "") } diff --git a/go.mod b/go.mod index 1fb1159..7f4ffff 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,19 @@ module github.com/warm-metal/csi-driver-image -go 1.20 +go 1.19 require ( - github.com/BurntSushi/toml v1.2.1 + github.com/BurntSushi/toml v1.2.0 github.com/container-storage-interface/spec v1.6.0 - github.com/containerd/containerd v1.6.21 - github.com/containers/storage v1.46.1 + github.com/containerd/containerd v1.6.8 + github.com/containers/storage v1.43.0 + github.com/golang/protobuf v1.5.2 github.com/mitchellh/go-ps v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b + github.com/opencontainers/image-spec v1.1.0-rc2 + github.com/pkg/errors v0.9.1 github.com/spf13/pflag v1.0.5 github.com/warm-metal/csi-drivers v0.5.0-alpha.0.0.20210404173852-9ec9cb097dd2 + golang.org/x/net v0.0.0-20221004154528-8021a29435af google.golang.org/grpc v1.50.0 k8s.io/api v0.25.2 k8s.io/apimachinery v0.25.2 @@ -33,7 +36,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/Microsoft/hcsshim v0.9.8 // indirect + github.com/Microsoft/hcsshim v0.9.4 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/aws/aws-sdk-go v1.38.49 // indirect @@ -43,10 +46,10 @@ require ( github.com/containerd/cgroups v1.0.4 // indirect github.com/containerd/continuity v0.3.0 // indirect github.com/containerd/fifo v1.0.0 // indirect - github.com/containerd/ttrpc v1.1.1 // indirect + github.com/containerd/ttrpc v1.1.0 // indirect github.com/containerd/typeurl v1.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-units v0.5.0 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect @@ -58,7 +61,6 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/go-intervals v0.0.2 // indirect @@ -66,16 +68,17 @@ require ( github.com/google/uuid v1.2.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.4 // indirect + github.com/klauspost/compress v1.15.11 // indirect github.com/klauspost/pgzip v1.2.5 // indirect github.com/kubernetes-csi/csi-lib-utils v0.9.1 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mistifyio/go-zfs/v3 v3.0.0 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/sys/mountinfo v0.6.2 // indirect @@ -84,10 +87,9 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/runc v1.1.5 // indirect - github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect - github.com/opencontainers/selinux v1.11.0 // indirect - github.com/pkg/errors v0.9.1 // indirect + github.com/opencontainers/runc v1.1.4 // indirect + github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect + github.com/opencontainers/selinux v1.10.2 // indirect github.com/prometheus/client_golang v1.12.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect @@ -95,20 +97,19 @@ require ( github.com/sirupsen/logrus v1.9.0 // indirect github.com/spf13/cobra v1.4.0 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect - github.com/tchap/go-patricia/v2 v2.3.1 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect - github.com/vbatts/tar-split v0.11.3 // indirect + github.com/tchap/go-patricia v2.3.0+incompatible // indirect + github.com/ulikunitz/xz v0.5.10 // indirect + github.com/vbatts/tar-split v0.11.2 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/crypto v0.9.0 // indirect - golang.org/x/mod v0.8.0 // indirect - golang.org/x/net v0.10.0 // indirect + golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.8.0 // indirect - golang.org/x/term v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 // indirect + golang.org/x/sys v0.0.0-20221010170243-090e33056c14 // indirect + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect + golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.6.0 // indirect + golang.org/x/tools v0.1.12 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e // indirect google.golang.org/protobuf v1.28.1 // indirect @@ -119,7 +120,7 @@ require ( k8s.io/cloud-provider v0.25.2 // indirect k8s.io/component-base v0.25.2 // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect - k8s.io/kubelet v0.25.2 // indirect + k8s.io/kubelet v0.0.0 // indirect k8s.io/legacy-cloud-providers v0.0.0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index 278d1a3..5b68b2f 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= +github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= @@ -83,6 +83,7 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= @@ -93,8 +94,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.9.8 h1:lf7xxK2+Ikbj9sVf2QZsouGjRjEp2STj1yDHgoVtU5k= -github.com/Microsoft/hcsshim v0.9.8/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= +github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -213,8 +214,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= -github.com/containerd/containerd v1.6.21 h1:eSTAmnvDKRPWan+MpSSfNyrtleXd86ogK9X8fMWpe/Q= -github.com/containerd/containerd v1.6.21/go.mod h1:apei1/i5Ux2FzrK6+DM/suEsGuK/MeVOfy8tR2q7Wnw= +github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs= +github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -246,14 +247,14 @@ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFY github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= +github.com/containerd/stargz-snapshotter/estargz v0.12.0/go.mod h1:AIQ59TewBFJ4GOPEQXujcrJ/EKxh5xXZegW1rkR1P/M= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= +github.com/containerd/ttrpc v1.1.0 h1:GbtyLRxb0gOLR0TYQWt3O6B0NvT8tMdorEHqIQo/lWI= github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ= -github.com/containerd/ttrpc v1.1.1 h1:NoRHS/z8UiHhpY1w0xcOqoJDGf2DHyzXrF0H4l5AE8c= -github.com/containerd/ttrpc v1.1.1/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk= github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= @@ -272,8 +273,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/storage v1.46.1 h1:GcAe8J0Y6T2CF70fXPojUpnme6zXamuzGCrNujVtIGE= -github.com/containers/storage v1.46.1/go.mod h1:81vNDX4h+nXJ2o0D6Yqy6JGXDYJGVpHZpz0nr09iJuQ= +github.com/containers/storage v1.43.0 h1:P+zulGXA3mqe2GnYmZU0xu87Wy1M0PVHM2ucrgmvTdU= +github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -292,7 +293,6 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= @@ -313,8 +313,8 @@ github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= @@ -535,6 +535,7 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -568,8 +569,10 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.16.4 h1:91KN02FnsOYhuunwU4ssRe8lc2JosWmizWa91B5v1PU= -github.com/klauspost/compress v1.16.4/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= +github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -601,8 +604,8 @@ github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= +github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -685,31 +688,31 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= +github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= -github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs= -github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= +github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w= -github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= -github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= +github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4= +github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -815,7 +818,6 @@ github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -824,28 +826,27 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs= +github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= +github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= -github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= -github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= +github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= +github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= @@ -927,9 +928,8 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -966,9 +966,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1027,8 +1026,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.0.0-20221004154528-8021a29435af h1:wv66FM3rLZGPdxpYL+ApnDe2HzHcTFta3z5nsc13wI4= +golang.org/x/net v0.0.0-20221004154528-8021a29435af/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1058,8 +1057,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 h1:cu5kTvlzcw1Q5S9f5ip1/cpiB4nXvw1XYzFPGgzLUOY= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1161,13 +1160,11 @@ golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20221010170243-090e33056c14 h1:k5II8e6QD8mITdi+okbbmR/cIyEbeXLBhy5Ha4nevyc= +golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1176,9 +1173,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1250,9 +1246,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/pkg/secret/cache.go b/pkg/secret/cache.go index fcdb8ef..6c904c9 100644 --- a/pkg/secret/cache.go +++ b/pkg/secret/cache.go @@ -130,23 +130,22 @@ func (s keyringStore) GetDockerKeyring(ctx context.Context, secretData map[strin return daemonKeyring, err } -const daemonSA = "csi-image-warm-metal" - type secretFetcher struct { - Client *kubernetes.Clientset - Namespace string + Client *kubernetes.Clientset + nodePluginSA string + Namespace string } func (f secretFetcher) Fetch(ctx context.Context) ([]corev1.Secret, error) { - sa, err := f.Client.CoreV1().ServiceAccounts(f.Namespace).Get(ctx, daemonSA, metav1.GetOptions{}) + sa, err := f.Client.CoreV1().ServiceAccounts(f.Namespace).Get(ctx, f.nodePluginSA, metav1.GetOptions{}) if err != nil { - klog.Errorf(`unable to fetch service account of the daemon pod "%s/%s": %s`, f.Namespace, daemonSA, err) + klog.Errorf(`unable to fetch service account of the daemon pod "%s/%s": %s`, f.Namespace, f.nodePluginSA, err) return nil, err } secrets := make([]corev1.Secret, len(sa.ImagePullSecrets)) klog.V(2).Infof( - `got %d imagePullSecrets from the service account %s/%s`, len(sa.ImagePullSecrets), f.Namespace, daemonSA, + `got %d imagePullSecrets from the service account %s/%s`, len(sa.ImagePullSecrets), f.Namespace, f.nodePluginSA, ) for i := range sa.ImagePullSecrets { @@ -169,7 +168,7 @@ func (s secretFetcher) Get(ctx context.Context) credentialprovider.DockerKeyring return keyring } -func createSecretFetcher() *secretFetcher { +func createSecretFetcher(nodePluginSA string) *secretFetcher { config, err := rest.InClusterConfig() if err != nil { klog.Fatalf("unable to get cluster config: %s", err) @@ -186,14 +185,15 @@ func createSecretFetcher() *secretFetcher { } return &secretFetcher{ - Client: clientset, - Namespace: string(curNamespace), + Client: clientset, + nodePluginSA: nodePluginSA, + Namespace: string(curNamespace), } } -func createFetcherOrDie() Store { +func createFetcherOrDie(nodePluginSA string) Store { return keyringStore{ - persistentKeyringGetter: createSecretFetcher(), + persistentKeyringGetter: createSecretFetcher(nodePluginSA), } } @@ -205,8 +205,8 @@ func (s secretWOCache) Get(_ context.Context) credentialprovider.DockerKeyring { return s.daemonKeyring } -func createCacheOrDie() Store { - fetcher := createSecretFetcher() +func createCacheOrDie(nodePluginSA string) Store { + fetcher := createSecretFetcher(nodePluginSA) ctx, cancel := context.WithTimeout(context.TODO(), 10*time.Second) defer cancel() @@ -220,7 +220,7 @@ func createCacheOrDie() Store { } } -func CreateStoreOrDie(pluginConfigFile, pluginBinDir string, enableCache bool) Store { +func CreateStoreOrDie(pluginConfigFile, pluginBinDir, nodePluginSA string, enableCache bool) Store { if len(pluginConfigFile) > 0 && len(pluginBinDir) > 0 { if err := execplugin.RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir); err != nil { klog.Fatalf("unable to register the credential plugin through %q and %q: %s", pluginConfigFile, @@ -229,8 +229,8 @@ func CreateStoreOrDie(pluginConfigFile, pluginBinDir string, enableCache bool) S } if enableCache { - return createCacheOrDie() + return createCacheOrDie(nodePluginSA) } else { - return createFetcherOrDie() + return createFetcherOrDie(nodePluginSA) } } diff --git a/pkg/watcher/watcher.go b/pkg/watcher/watcher.go new file mode 100644 index 0000000..5e41a79 --- /dev/null +++ b/pkg/watcher/watcher.go @@ -0,0 +1,125 @@ +package watcher + +import ( + "context" + "fmt" + "time" + + "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/cache" + "k8s.io/client-go/tools/clientcmd" +) + +const ( + // ImageAnnotation is the annotation key for the image name. + ImageAnnotation = "csi.storage.k8s.io/image" +) + +// Watcher watches PVCs. +type Watcher struct { + client kubernetes.Interface + pvcInformer cache.SharedIndexInformer + pvcIndexer cache.Indexer + stopChan chan struct{} +} + +// New creates a new Watcher. +func New(ctx context.Context, resyncPeriod time.Duration) (*Watcher, error) { + kubeConfig, err := rest.InClusterConfig() + if err != nil { + if errors.Is(err, rest.ErrNotInCluster) { + kubeConfig, err = clientcmd.BuildConfigFromFlags( + "", + clientcmd.NewDefaultClientConfigLoadingRules().GetDefaultFilename(), + ) + if err != nil { + return nil, err + } + } + + return nil, err + } + + clientSet, err := kubernetes.NewForConfig(kubeConfig) + if err != nil { + return nil, err + } + + lw := &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + return clientSet.CoreV1().PersistentVolumeClaims(metav1.NamespaceAll).List(ctx, options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + return clientSet.CoreV1().PersistentVolumeClaims(metav1.NamespaceAll).Watch(ctx, options) + }, + } + + indexers := cache.Indexers{ + "uid": func(obj interface{}) ([]string, error) { + object, err := meta.Accessor(obj) + if err != nil { + return nil, err + } + + return []string{string(object.GetUID())}, nil + }, + } + + pvcInformer := cache.NewSharedIndexInformer( + lw, + &corev1.PersistentVolumeClaim{}, + resyncPeriod, + indexers, + ) + + pvcIndexer := pvcInformer.GetIndexer() + stopChan := make(chan struct{}) + + go pvcInformer.Run(stopChan) + + return &Watcher{ + client: clientSet, + pvcInformer: pvcInformer, + pvcIndexer: pvcIndexer, + stopChan: stopChan, + }, err +} + +// Stop stops the watcher. +func (w *Watcher) Stop() { + close(w.stopChan) +} + +// GetImage returns the image name for the given PVC. +func (w *Watcher) GetImage(name string) (string, error) { + pvc, err := w.getPVCFromIndexer(name) + if err != nil { + return "", err + } + + if volumeHandle, ok := pvc.Annotations[ImageAnnotation]; ok { + return volumeHandle, nil + } + + return "", fmt.Errorf("pvc %s does not have volume handle annotation %s", name, ImageAnnotation) +} + +func (w *Watcher) getPVCFromIndexer(name string) (*corev1.PersistentVolumeClaim, error) { + uid := name[4:] + + pvc, err := w.pvcIndexer.ByIndex("uid", uid) + if err != nil { + return nil, errors.Wrapf(err, "failed to get pvc from indexer by uid %s", uid) + } else if len(pvc) == 0 { + return nil, fmt.Errorf("pvc with uid %s not found in indexer", uid) + } + + return pvc[0].(*corev1.PersistentVolumeClaim), nil +}