diff --git a/go.mod b/go.mod index 24ab6cca9..f81011337 100644 --- a/go.mod +++ b/go.mod @@ -9,8 +9,8 @@ require ( github.com/gogo/protobuf v1.3.1 // indirect github.com/gonum/graph v0.0.0-20170401004347-50b27dea7ebb github.com/jteeuwen/go-bindata v3.0.8-0.20151023091102-a0ff2567cfb7+incompatible - github.com/openshift/api v0.0.0-20200115130134-f472aa214b03 - github.com/openshift/client-go v0.0.0-20200109173103-2763c6378941 + github.com/openshift/api v0.0.0-20200116145750-0e2ff1e215dd + github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 github.com/openshift/library-go v0.0.0-20200114124611-9ace650367d2 github.com/pkg/errors v0.8.1 github.com/spf13/cobra v0.0.5 @@ -18,11 +18,13 @@ require ( github.com/stretchr/testify v1.4.0 go.uber.org/atomic v1.3.3-0.20181018215023-8dc6146f7569 // indirect go.uber.org/multierr v1.1.1-0.20180122172545-ddea229ff1df // indirect - k8s.io/api v0.17.0 - k8s.io/apimachinery v0.17.0 - k8s.io/client-go v0.17.0 - k8s.io/component-base v0.17.0 + k8s.io/api v0.17.1 + k8s.io/apimachinery v0.17.1 + k8s.io/client-go v0.17.1 + k8s.io/component-base v0.17.1 k8s.io/klog v1.0.0 - k8s.io/kube-aggregator v0.17.0 + k8s.io/kube-aggregator v0.17.1 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f ) + +replace github.com/openshift/library-go => github.com/stlaz/library-go v0.0.0-20200121085742-3ddb1b466819 diff --git a/go.sum b/go.sum index 58aceb3be..c087cd40c 100644 --- a/go.sum +++ b/go.sum @@ -303,18 +303,10 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/openshift/api v0.0.0-20191213091414-3fbf6bcf78e8/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= -github.com/openshift/api v0.0.0-20191217141120-791af96035a5/go.mod h1:dOo9oLY4lehI1ZZvNtMKwRVZTqG0y+z8564y1cf1ZOw= -github.com/openshift/api v0.0.0-20200109154256-35a64c701b10/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10= -github.com/openshift/api v0.0.0-20200109182645-c3cf38ec5571 h1:cREUBoPv0hEFnWvSg12TVjjsYcEfNqglyE12Ody4gJk= -github.com/openshift/api v0.0.0-20200109182645-c3cf38ec5571/go.mod h1:N1jYLqdomc/eHHrU/wphMsZBzRvxv5FBc7ATIdSQelI= -github.com/openshift/api v0.0.0-20200115130134-f472aa214b03 h1:FH/0yrv+sii6Z9fU9x4G/eClVMs7yN9jtYOArzuIFzs= -github.com/openshift/api v0.0.0-20200115130134-f472aa214b03/go.mod h1:WKvUfsZJ454fpKTZ2V+R+4/DI0pT4g9aDIizmZMkRto= -github.com/openshift/client-go v0.0.0-20191216194936-57f413491e9e/go.mod h1:nLJaHFCQ5Mavh98g2ejEnWYFWBMGVdphrKNjLErOn/w= -github.com/openshift/client-go v0.0.0-20200109173103-2763c6378941 h1:r9oaIRvM0JRem87eHGTCIJCWqRjRhZHcA0uc3cdc+mY= -github.com/openshift/client-go v0.0.0-20200109173103-2763c6378941/go.mod h1:zMqD3jZrS8UB+n7ZBz/PtyFvkbKExD8i/Dfye5wgFqE= -github.com/openshift/library-go v0.0.0-20200114124611-9ace650367d2 h1:XUgAoZ1MPaHKxBWeliGnYP430/yyviuAi5PSxjs5OuU= -github.com/openshift/library-go v0.0.0-20200114124611-9ace650367d2/go.mod h1:+EzNb8oA3fnhC613pNcAU0DJ9s3m6WaIMECIVQm2ork= +github.com/openshift/api v0.0.0-20200116145750-0e2ff1e215dd h1:WIrzR6PXOptxWGafidO/zMixrHDITEBHdz9k9AkAL1U= +github.com/openshift/api v0.0.0-20200116145750-0e2ff1e215dd/go.mod h1:fT6U/JfG8uZzemTRwZA2kBDJP5nWz7v05UHnty/D+pk= +github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 h1:XYfJWv2Ch+qInGLDEedHRtDsJwnxyU1L8U7SY56NcA8= +github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -369,6 +361,8 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= +github.com/stlaz/library-go v0.0.0-20200121085742-3ddb1b466819 h1:V+cQSsIu5dzRsTYDXOORkPJfud4l3SMNze+UxBpnbKc= +github.com/stlaz/library-go v0.0.0-20200121085742-3ddb1b466819/go.mod h1:/P1rPwPkaaNtylv8PLYkOTbf6tCdaNYDNqL9Y8GzJfE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -457,7 +451,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -502,13 +495,10 @@ golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200108203644-89082a384178 h1:f5gMxb6FbpY48csegk9UPd7IAHVrBD013CU7N4pWzoE= -golang.org/x/tools v0.0.0-20200108203644-89082a384178/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 h1:6VZw2h4iwEB4GwgQU3Jvcsm8l9+yReTrErAEK1k6AC4= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= @@ -552,27 +542,27 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM= -k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= -k8s.io/apiextensions-apiserver v0.17.0 h1:+XgcGxqaMztkbbvsORgCmHIb4uImHKvTjNyu7b8gRnA= -k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8= -k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo= -k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apiserver v0.17.0 h1:XhUix+FKFDcBygWkQNp7wKKvZL030QUlH1o8vFeSgZA= -k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= -k8s.io/client-go v0.17.0 h1:8QOGvUGdqDMFrm9sD6IUFl256BcffynGoe80sxgTEDg= -k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k= -k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/component-base v0.17.0 h1:BnDFcmBDq+RPpxXjmuYnZXb59XNN9CaFrX8ba9+3xrA= -k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= +k8s.io/api v0.17.1 h1:i46MidoDOE9tvQ0TTEYggf3ka/pziP1+tHI/GFVeJao= +k8s.io/api v0.17.1/go.mod h1:zxiAc5y8Ngn4fmhWUtSxuUlkfz1ixT7j9wESokELzOg= +k8s.io/apiextensions-apiserver v0.17.1 h1:Gw6zQgmKyyNrFMtVpRBNEKE8p35sDBI7Tq1ImxGS+zU= +k8s.io/apiextensions-apiserver v0.17.1/go.mod h1:DRIFH5x3jalE4rE7JP0MQKby9zdYk9lUJQuMmp+M/L0= +k8s.io/apimachinery v0.17.1 h1:zUjS3szTxoUjTDYNvdFkYt2uMEXLcthcbp+7uZvWhYM= +k8s.io/apimachinery v0.17.1/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/apiserver v0.17.1 h1:0cuh5kfAFPG2ImKT0rdNwdbPMUwDEfja14zX67V7eBQ= +k8s.io/apiserver v0.17.1/go.mod h1:BQEUObJv8H6ZYO7DeKI5vb50tjk6paRJ4ZhSyJsiSco= +k8s.io/client-go v0.17.1 h1:LbbuZ5tI7OYx4et5DfRFcJuoojvpYO0c7vps2rgJsHY= +k8s.io/client-go v0.17.1/go.mod h1:HZtHJSC/VuSHcETN9QA5QDZky1tXiYrkF/7t7vRpO1A= +k8s.io/code-generator v0.17.1/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= +k8s.io/component-base v0.17.1 h1:lK/lUzZZQK+DlH0XD+gq610OUEmjWOyDuUYOTGetw10= +k8s.io/component-base v0.17.1/go.mod h1:LrBPZkXtlvGjBzDJa0+b7E5Ij4VoAAKrOGudRC5z2eY= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-aggregator v0.17.0 h1:2/15hPpXp11GvQmtLeTlNP6WeZnmebs/uxckzZS3P9c= -k8s.io/kube-aggregator v0.17.0/go.mod h1:Vw104PtCEuT12WTVuhRFWCHXGiVqXsTzFtrvoaHxpk4= +k8s.io/kube-aggregator v0.17.1 h1:t/kREQckXfnUnF+fl8fD8c+p30HTrvfGnWE5XWSjj38= +k8s.io/kube-aggregator v0.17.1/go.mod h1:H5LcB3fx+P1gpowuZpzDu5B1XfABdO7JBKyB9J9bt34= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= diff --git a/pkg/operator/dsnodeprovider.go b/pkg/operator/dsnodeprovider.go deleted file mode 100644 index 2ceac6f37..000000000 --- a/pkg/operator/dsnodeprovider.go +++ /dev/null @@ -1,51 +0,0 @@ -package operator - -import ( - "k8s.io/apimachinery/pkg/labels" - appsv1informers "k8s.io/client-go/informers/apps/v1" - corev1informers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/tools/cache" - - encryptiondeployer "github.com/openshift/library-go/pkg/operator/encryption/deployer" - - "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/operatorclient" -) - -// DaemonSetNodeProvider returns the node list from nodes matching the node selector of a DaemonSet -type DaemonSetNodeProvider struct { - TargetNamespaceDaemonSetInformer appsv1informers.DaemonSetInformer - NodeInformer corev1informers.NodeInformer -} - -var ( - _ encryptiondeployer.MasterNodeProvider = &DaemonSetNodeProvider{} -) - -func (p DaemonSetNodeProvider) MasterNodeNames() ([]string, error) { - ds, err := p.TargetNamespaceDaemonSetInformer.Lister().DaemonSets(operatorclient.TargetNamespace).Get("apiserver") - if err != nil { - return nil, err - } - - nodes, err := p.NodeInformer.Lister().List(labels.SelectorFromSet(ds.Spec.Template.Spec.NodeSelector)) - if err != nil { - return nil, err - } - - ret := make([]string, 0, len(nodes)) - for _, n := range nodes { - ret = append(ret, n.Name) - } - - return ret, nil -} - -func (p DaemonSetNodeProvider) AddEventHandler(handler cache.ResourceEventHandler) []cache.InformerSynced { - p.TargetNamespaceDaemonSetInformer.Informer().AddEventHandler(handler) - p.NodeInformer.Informer().AddEventHandler(handler) - - return []cache.InformerSynced{ - p.TargetNamespaceDaemonSetInformer.Informer().HasSynced, - p.NodeInformer.Informer().HasSynced, - } -} diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index a0127d498..4808c803f 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -24,16 +24,13 @@ import ( configinformers "github.com/openshift/client-go/config/informers/externalversions" operatorv1client "github.com/openshift/client-go/operator/clientset/versioned" operatorv1informers "github.com/openshift/client-go/operator/informers/externalversions" - "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/apiservercontrollerset" "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/configobservation/configobservercontroller" "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/operatorclient" prune "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/prunecontroller" "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/resourcesynccontroller" "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/workloadcontroller" "github.com/openshift/library-go/pkg/controller/controllercmd" - "github.com/openshift/library-go/pkg/operator/encryption" - "github.com/openshift/library-go/pkg/operator/encryption/controllers/migrators" - encryptiondeployer "github.com/openshift/library-go/pkg/operator/encryption/deployer" + apiservercontrollerset "github.com/openshift/library-go/pkg/operator/apiserver/controllerset" "github.com/openshift/library-go/pkg/operator/genericoperatorclient" "github.com/openshift/library-go/pkg/operator/revisioncontroller" "github.com/openshift/library-go/pkg/operator/staticpod/controller/revision" @@ -133,7 +130,7 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller controllerConfig.EventRecorder, ) - apiServerControllers := apiservercontrollerset.NewAPIServerControllerSet( + apiServerControllers, err := apiservercontrollerset.NewAPIServerControllerSet( operatorClient, controllerConfig.EventRecorder, ).WithAPIServiceController( @@ -154,6 +151,19 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller operatorclient.TargetNamespace, kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace), kubeClient.CoreV1(), + ).WithEncryptionControllers( + operatorclient.TargetNamespace, + []schema.GroupResource{ + {Group: "route.openshift.io", Resource: "routes"}, // routes can contain embedded TLS private keys + {Group: "oauth.openshift.io", Resource: "oauthaccesstokens"}, + {Group: "oauth.openshift.io", Resource: "oauthauthorizetokens"}, + }, + dynamicClientForMigration, + configClient.ConfigV1().APIServers(), + configInformers.Config().V1().APIServers(), + kubeClient, + kubeInformersForNamespaces, + resourceSyncController, ).WithClusterOperatorStatusController( "openshift-apiserver", append( @@ -170,9 +180,8 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller configInformers.Config().V1().ClusterOperators(), versionRecorder, ).WithConfigUpgradableController(). - WithLogLevelController() - - runnableAPIServerControllers, err := apiServerControllers.PrepareRun() + WithLogLevelController(). + PrepareRun() if err != nil { return err } @@ -186,35 +195,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller controllerConfig.EventRecorder, ) - nodeProvider := DaemonSetNodeProvider{ - TargetNamespaceDaemonSetInformer: kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Apps().V1().DaemonSets(), - NodeInformer: kubeInformersForNamespaces.InformersFor("").Core().V1().Nodes(), - } - - deployer, err := encryptiondeployer.NewRevisionLabelPodDeployer("revision", operatorclient.TargetNamespace, kubeInformersForNamespaces, resourceSyncController, kubeClient.CoreV1(), kubeClient.CoreV1(), nodeProvider) - if err != nil { - return err - } - migrator := migrators.NewInProcessMigrator(dynamicClientForMigration, kubeClient.Discovery()) - - encryptionControllers, err := encryption.NewControllers( - operatorclient.TargetNamespace, - deployer, - migrator, - operatorClient, - configClient.ConfigV1().APIServers(), - configInformers.Config().V1().APIServers(), - kubeInformersForNamespaces, - kubeClient.CoreV1(), - controllerConfig.EventRecorder, - schema.GroupResource{Group: "route.openshift.io", Resource: "routes"}, // routes can contain embedded TLS private keys - schema.GroupResource{Group: "oauth.openshift.io", Resource: "oauthaccesstokens"}, - schema.GroupResource{Group: "oauth.openshift.io", Resource: "oauthauthorizetokens"}, - ) - if err != nil { - return err - } - pruneController := prune.NewPruneController( operatorclient.TargetNamespace, []string{"encryption-config-"}, @@ -238,9 +218,8 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller go configObserver.Run(ctx, 1) go resourceSyncController.Run(ctx, 1) go revisionController.Run(ctx, 1) - go encryptionControllers.Run(ctx.Done()) go pruneController.Run(ctx) - go runnableAPIServerControllers.Run(ctx) + go apiServerControllers.Run(ctx) <-ctx.Done() return fmt.Errorf("stopped") diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 2aba542da..8da8bb45a 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -219,3 +219,30 @@ spec: support all platforms, and must handle unrecognized platforms as None if they do not support that platform. type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure + provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components inside + the cluster, like kubelets using the infrastructure rather + than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer in + front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target of + a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS + used by the nodes. Unlike the one managed by the DNS operator, + `NodeDNSIP` provides name resolution for the nodes themselves. + There is no DNS-as-a-service for vSphere deployments. In order + to minimize necessary changes to the datacenter DNS, a DNS + service is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index ac1e5048e..10e72f43e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -133,6 +133,10 @@ type PlatformStatus struct { // Ovirt contains settings specific to the oVirt infrastructure provider. // +optional Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` } // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. @@ -230,6 +234,27 @@ type OvirtPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. +type VSpherePlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // vSphere deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` +} + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 37888a939..96c7f2435 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2737,6 +2737,11 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(OvirtPlatformStatus) **out = **in } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformStatus) + **out = **in + } return } @@ -3347,6 +3352,22 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformStatus. +func (in *VSpherePlatformStatus) DeepCopy() *VSpherePlatformStatus { + if in == nil { + return nil + } + out := new(VSpherePlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 2d6b19d2d..a0a8729d2 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -789,12 +789,24 @@ var map_PlatformStatus = map[string]string{ "baremetal": "BareMetal contains settings specific to the BareMetal platform.", "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { return map_PlatformStatus } +var map_VSpherePlatformStatus = map[string]string{ + "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", +} + +func (VSpherePlatformStatus) SwaggerDoc() map[string]string { + return map_VSpherePlatformStatus +} + var map_Ingress = map[string]string{ "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", "spec": "spec holds user settable values for configuration", diff --git a/vendor/github.com/openshift/api/go.mod b/vendor/github.com/openshift/api/go.mod index 61d3bb2d4..85dc4c852 100644 --- a/vendor/github.com/openshift/api/go.mod +++ b/vendor/github.com/openshift/api/go.mod @@ -6,11 +6,9 @@ require ( github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d github.com/spf13/pflag v1.0.5 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect - golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e // indirect golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 // indirect - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 // indirect - k8s.io/api v0.17.0 - k8s.io/apimachinery v0.17.0 - k8s.io/code-generator v0.17.0 + k8s.io/api v0.17.1 + k8s.io/apimachinery v0.17.1 + k8s.io/code-generator v0.17.1 k8s.io/klog v1.0.0 ) diff --git a/vendor/github.com/openshift/api/go.sum b/vendor/github.com/openshift/api/go.sum index 056b55046..fa6698686 100644 --- a/vendor/github.com/openshift/api/go.sum +++ b/vendor/github.com/openshift/api/go.sum @@ -118,7 +118,6 @@ golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -139,17 +138,11 @@ golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200108195415-316d2f248479 h1:csuS+MHeEA2eWhyjQCMaPMq4z1+/PohkBSjJZHSIbOE= -golang.org/x/tools v0.0.0-20200108195415-316d2f248479/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200108203644-89082a384178 h1:f5gMxb6FbpY48csegk9UPd7IAHVrBD013CU7N4pWzoE= -golang.org/x/tools v0.0.0-20200108203644-89082a384178/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 h1:6VZw2h4iwEB4GwgQU3Jvcsm8l9+yReTrErAEK1k6AC4= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= @@ -166,12 +159,12 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM= -k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= -k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo= -k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/code-generator v0.17.0 h1:y+KWtDWNqlJzJu/kUy8goJZO0X71PGIpAHLX8a0JYk0= -k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= +k8s.io/api v0.17.1 h1:i46MidoDOE9tvQ0TTEYggf3ka/pziP1+tHI/GFVeJao= +k8s.io/api v0.17.1/go.mod h1:zxiAc5y8Ngn4fmhWUtSxuUlkfz1ixT7j9wESokELzOg= +k8s.io/apimachinery v0.17.1 h1:zUjS3szTxoUjTDYNvdFkYt2uMEXLcthcbp+7uZvWhYM= +k8s.io/apimachinery v0.17.1/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/code-generator v0.17.1 h1:e3B1UqRzRUWygp7WD+QTRT3ZUahPIaRKF0OFa7duQwI= +k8s.io/code-generator v0.17.1/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505 h1:ZY6yclUKVbZ+SdWnkfY+Je5vrMpKOxmGeKRbsXVmqYM= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml index 512d0f4ca..07528dc1d 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml @@ -290,7 +290,7 @@ spec: routeAdmission: description: "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). \n - The empty, defaults will be applied. See specific routeAdmission fields + If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults." type: object properties: @@ -298,7 +298,7 @@ spec: description: "namespaceOwnership describes how host name claims across namespaces should be handled. \n Value must be one of: \n - Strict: Do not allow routes in different namespaces to claim - the same host. \n - InterNamespaceAllowed: allow routes to claim + the same host. \n - InterNamespaceAllowed: Allow routes to claim different paths of the same host name across namespaces. \n If empty, the default is Strict." type: string diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 9cac7e8aa..7feae08fe 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -149,7 +149,7 @@ type IngressControllerSpec struct { // routeAdmission defines a policy for handling new route claims (for example, // to allow or deny claims across namespaces). // - // The empty, defaults will be applied. See specific routeAdmission fields + // If empty, defaults will be applied. See specific routeAdmission fields // for details about their defaults. // // +optional @@ -326,7 +326,7 @@ type RouteAdmissionPolicy struct { // // - Strict: Do not allow routes in different namespaces to claim the same host. // - // - InterNamespaceAllowed: allow routes to claim different paths of the same + // - InterNamespaceAllowed: Allow routes to claim different paths of the same // host name across namespaces. // // If empty, the default is Strict. diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index c44f878c3..24b6089d9 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -339,7 +339,7 @@ var map_IngressControllerSpec = map[string]string{ "routeSelector": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "nodePlacement": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.\n\nNote that the minimum TLS version for ingress controllers is 1.1, and the maximum TLS version is 1.2. An implication of this restriction is that the Modern TLS profile type cannot be used because it requires TLS 1.3.", - "routeAdmission": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nThe empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", + "routeAdmission": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", } func (IngressControllerSpec) SwaggerDoc() map[string]string { @@ -398,7 +398,7 @@ func (PrivateStrategy) SwaggerDoc() map[string]string { var map_RouteAdmissionPolicy = map[string]string{ "": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", - "namespaceOwnership": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "namespaceOwnership": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", } func (RouteAdmissionPolicy) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/csisnapshotcontroller.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/csisnapshotcontroller.go new file mode 100644 index 000000000..3fd3556cf --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/csisnapshotcontroller.go @@ -0,0 +1,164 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "time" + + v1 "github.com/openshift/api/operator/v1" + scheme "github.com/openshift/client-go/operator/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// CSISnapshotControllersGetter has a method to return a CSISnapshotControllerInterface. +// A group's client should implement this interface. +type CSISnapshotControllersGetter interface { + CSISnapshotControllers() CSISnapshotControllerInterface +} + +// CSISnapshotControllerInterface has methods to work with CSISnapshotController resources. +type CSISnapshotControllerInterface interface { + Create(*v1.CSISnapshotController) (*v1.CSISnapshotController, error) + Update(*v1.CSISnapshotController) (*v1.CSISnapshotController, error) + UpdateStatus(*v1.CSISnapshotController) (*v1.CSISnapshotController, error) + Delete(name string, options *metav1.DeleteOptions) error + DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error + Get(name string, options metav1.GetOptions) (*v1.CSISnapshotController, error) + List(opts metav1.ListOptions) (*v1.CSISnapshotControllerList, error) + Watch(opts metav1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.CSISnapshotController, err error) + CSISnapshotControllerExpansion +} + +// cSISnapshotControllers implements CSISnapshotControllerInterface +type cSISnapshotControllers struct { + client rest.Interface +} + +// newCSISnapshotControllers returns a CSISnapshotControllers +func newCSISnapshotControllers(c *OperatorV1Client) *cSISnapshotControllers { + return &cSISnapshotControllers{ + client: c.RESTClient(), + } +} + +// Get takes name of the cSISnapshotController, and returns the corresponding cSISnapshotController object, and an error if there is any. +func (c *cSISnapshotControllers) Get(name string, options metav1.GetOptions) (result *v1.CSISnapshotController, err error) { + result = &v1.CSISnapshotController{} + err = c.client.Get(). + Resource("csisnapshotcontrollers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CSISnapshotControllers that match those selectors. +func (c *cSISnapshotControllers) List(opts metav1.ListOptions) (result *v1.CSISnapshotControllerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.CSISnapshotControllerList{} + err = c.client.Get(). + Resource("csisnapshotcontrollers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested cSISnapshotControllers. +func (c *cSISnapshotControllers) Watch(opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("csisnapshotcontrollers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a cSISnapshotController and creates it. Returns the server's representation of the cSISnapshotController, and an error, if there is any. +func (c *cSISnapshotControllers) Create(cSISnapshotController *v1.CSISnapshotController) (result *v1.CSISnapshotController, err error) { + result = &v1.CSISnapshotController{} + err = c.client.Post(). + Resource("csisnapshotcontrollers"). + Body(cSISnapshotController). + Do(). + Into(result) + return +} + +// Update takes the representation of a cSISnapshotController and updates it. Returns the server's representation of the cSISnapshotController, and an error, if there is any. +func (c *cSISnapshotControllers) Update(cSISnapshotController *v1.CSISnapshotController) (result *v1.CSISnapshotController, err error) { + result = &v1.CSISnapshotController{} + err = c.client.Put(). + Resource("csisnapshotcontrollers"). + Name(cSISnapshotController.Name). + Body(cSISnapshotController). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *cSISnapshotControllers) UpdateStatus(cSISnapshotController *v1.CSISnapshotController) (result *v1.CSISnapshotController, err error) { + result = &v1.CSISnapshotController{} + err = c.client.Put(). + Resource("csisnapshotcontrollers"). + Name(cSISnapshotController.Name). + SubResource("status"). + Body(cSISnapshotController). + Do(). + Into(result) + return +} + +// Delete takes name of the cSISnapshotController and deletes it. Returns an error if one occurs. +func (c *cSISnapshotControllers) Delete(name string, options *metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("csisnapshotcontrollers"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *cSISnapshotControllers) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("csisnapshotcontrollers"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched cSISnapshotController. +func (c *cSISnapshotControllers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.CSISnapshotController, err error) { + result = &v1.CSISnapshotController{} + err = c.client.Patch(pt). + Resource("csisnapshotcontrollers"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_csisnapshotcontroller.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_csisnapshotcontroller.go new file mode 100644 index 000000000..2e58c6938 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_csisnapshotcontroller.go @@ -0,0 +1,115 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + operatorv1 "github.com/openshift/api/operator/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCSISnapshotControllers implements CSISnapshotControllerInterface +type FakeCSISnapshotControllers struct { + Fake *FakeOperatorV1 +} + +var csisnapshotcontrollersResource = schema.GroupVersionResource{Group: "operator.openshift.io", Version: "v1", Resource: "csisnapshotcontrollers"} + +var csisnapshotcontrollersKind = schema.GroupVersionKind{Group: "operator.openshift.io", Version: "v1", Kind: "CSISnapshotController"} + +// Get takes name of the cSISnapshotController, and returns the corresponding cSISnapshotController object, and an error if there is any. +func (c *FakeCSISnapshotControllers) Get(name string, options v1.GetOptions) (result *operatorv1.CSISnapshotController, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(csisnapshotcontrollersResource, name), &operatorv1.CSISnapshotController{}) + if obj == nil { + return nil, err + } + return obj.(*operatorv1.CSISnapshotController), err +} + +// List takes label and field selectors, and returns the list of CSISnapshotControllers that match those selectors. +func (c *FakeCSISnapshotControllers) List(opts v1.ListOptions) (result *operatorv1.CSISnapshotControllerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(csisnapshotcontrollersResource, csisnapshotcontrollersKind, opts), &operatorv1.CSISnapshotControllerList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &operatorv1.CSISnapshotControllerList{ListMeta: obj.(*operatorv1.CSISnapshotControllerList).ListMeta} + for _, item := range obj.(*operatorv1.CSISnapshotControllerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested cSISnapshotControllers. +func (c *FakeCSISnapshotControllers) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(csisnapshotcontrollersResource, opts)) +} + +// Create takes the representation of a cSISnapshotController and creates it. Returns the server's representation of the cSISnapshotController, and an error, if there is any. +func (c *FakeCSISnapshotControllers) Create(cSISnapshotController *operatorv1.CSISnapshotController) (result *operatorv1.CSISnapshotController, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(csisnapshotcontrollersResource, cSISnapshotController), &operatorv1.CSISnapshotController{}) + if obj == nil { + return nil, err + } + return obj.(*operatorv1.CSISnapshotController), err +} + +// Update takes the representation of a cSISnapshotController and updates it. Returns the server's representation of the cSISnapshotController, and an error, if there is any. +func (c *FakeCSISnapshotControllers) Update(cSISnapshotController *operatorv1.CSISnapshotController) (result *operatorv1.CSISnapshotController, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(csisnapshotcontrollersResource, cSISnapshotController), &operatorv1.CSISnapshotController{}) + if obj == nil { + return nil, err + } + return obj.(*operatorv1.CSISnapshotController), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCSISnapshotControllers) UpdateStatus(cSISnapshotController *operatorv1.CSISnapshotController) (*operatorv1.CSISnapshotController, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(csisnapshotcontrollersResource, "status", cSISnapshotController), &operatorv1.CSISnapshotController{}) + if obj == nil { + return nil, err + } + return obj.(*operatorv1.CSISnapshotController), err +} + +// Delete takes name of the cSISnapshotController and deletes it. Returns an error if one occurs. +func (c *FakeCSISnapshotControllers) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteAction(csisnapshotcontrollersResource, name), &operatorv1.CSISnapshotController{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCSISnapshotControllers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(csisnapshotcontrollersResource, listOptions) + + _, err := c.Fake.Invokes(action, &operatorv1.CSISnapshotControllerList{}) + return err +} + +// Patch applies the patch and returns the patched cSISnapshotController. +func (c *FakeCSISnapshotControllers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *operatorv1.CSISnapshotController, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(csisnapshotcontrollersResource, name, pt, data, subresources...), &operatorv1.CSISnapshotController{}) + if obj == nil { + return nil, err + } + return obj.(*operatorv1.CSISnapshotController), err +} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_operator_client.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_operator_client.go index b2dc3b370..7c41855b2 100644 --- a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_operator_client.go +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/fake/fake_operator_client.go @@ -16,6 +16,10 @@ func (c *FakeOperatorV1) Authentications() v1.AuthenticationInterface { return &FakeAuthentications{c} } +func (c *FakeOperatorV1) CSISnapshotControllers() v1.CSISnapshotControllerInterface { + return &FakeCSISnapshotControllers{c} +} + func (c *FakeOperatorV1) Consoles() v1.ConsoleInterface { return &FakeConsoles{c} } diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/generated_expansion.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/generated_expansion.go index 18807b6ff..8641faf84 100644 --- a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/generated_expansion.go @@ -4,6 +4,8 @@ package v1 type AuthenticationExpansion interface{} +type CSISnapshotControllerExpansion interface{} + type ConsoleExpansion interface{} type DNSExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/operator_client.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/operator_client.go index b6e2f95b3..09b30462d 100644 --- a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/operator_client.go +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1/operator_client.go @@ -11,6 +11,7 @@ import ( type OperatorV1Interface interface { RESTClient() rest.Interface AuthenticationsGetter + CSISnapshotControllersGetter ConsolesGetter DNSesGetter EtcdsGetter @@ -36,6 +37,10 @@ func (c *OperatorV1Client) Authentications() AuthenticationInterface { return newAuthentications(c) } +func (c *OperatorV1Client) CSISnapshotControllers() CSISnapshotControllerInterface { + return newCSISnapshotControllers(c) +} + func (c *OperatorV1Client) Consoles() ConsoleInterface { return newConsoles(c) } diff --git a/vendor/github.com/openshift/client-go/operator/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/operator/informers/externalversions/generic.go index b5b19516f..e933a3a11 100644 --- a/vendor/github.com/openshift/client-go/operator/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/operator/informers/externalversions/generic.go @@ -40,6 +40,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource // Group=operator.openshift.io, Version=v1 case v1.SchemeGroupVersion.WithResource("authentications"): return &genericInformer{resource: resource.GroupResource(), informer: f.Operator().V1().Authentications().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("csisnapshotcontrollers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Operator().V1().CSISnapshotControllers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("consoles"): return &genericInformer{resource: resource.GroupResource(), informer: f.Operator().V1().Consoles().Informer()}, nil case v1.SchemeGroupVersion.WithResource("dnses"): diff --git a/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/csisnapshotcontroller.go b/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/csisnapshotcontroller.go new file mode 100644 index 000000000..5904c1a92 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/csisnapshotcontroller.go @@ -0,0 +1,72 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + time "time" + + operatorv1 "github.com/openshift/api/operator/v1" + versioned "github.com/openshift/client-go/operator/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/operator/informers/externalversions/internalinterfaces" + v1 "github.com/openshift/client-go/operator/listers/operator/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CSISnapshotControllerInformer provides access to a shared informer and lister for +// CSISnapshotControllers. +type CSISnapshotControllerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.CSISnapshotControllerLister +} + +type cSISnapshotControllerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewCSISnapshotControllerInformer constructs a new informer for CSISnapshotController type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCSISnapshotControllerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCSISnapshotControllerInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredCSISnapshotControllerInformer constructs a new informer for CSISnapshotController type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCSISnapshotControllerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.OperatorV1().CSISnapshotControllers().List(options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.OperatorV1().CSISnapshotControllers().Watch(options) + }, + }, + &operatorv1.CSISnapshotController{}, + resyncPeriod, + indexers, + ) +} + +func (f *cSISnapshotControllerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCSISnapshotControllerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *cSISnapshotControllerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&operatorv1.CSISnapshotController{}, f.defaultInformer) +} + +func (f *cSISnapshotControllerInformer) Lister() v1.CSISnapshotControllerLister { + return v1.NewCSISnapshotControllerLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/interface.go b/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/interface.go index 5b6985a6d..c768bd76d 100644 --- a/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/interface.go +++ b/vendor/github.com/openshift/client-go/operator/informers/externalversions/operator/v1/interface.go @@ -10,6 +10,8 @@ import ( type Interface interface { // Authentications returns a AuthenticationInformer. Authentications() AuthenticationInformer + // CSISnapshotControllers returns a CSISnapshotControllerInformer. + CSISnapshotControllers() CSISnapshotControllerInformer // Consoles returns a ConsoleInformer. Consoles() ConsoleInformer // DNSes returns a DNSInformer. @@ -56,6 +58,11 @@ func (v *version) Authentications() AuthenticationInformer { return &authenticationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } +// CSISnapshotControllers returns a CSISnapshotControllerInformer. +func (v *version) CSISnapshotControllers() CSISnapshotControllerInformer { + return &cSISnapshotControllerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // Consoles returns a ConsoleInformer. func (v *version) Consoles() ConsoleInformer { return &consoleInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/vendor/github.com/openshift/client-go/operator/listers/operator/v1/csisnapshotcontroller.go b/vendor/github.com/openshift/client-go/operator/listers/operator/v1/csisnapshotcontroller.go new file mode 100644 index 000000000..9d3260182 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/listers/operator/v1/csisnapshotcontroller.go @@ -0,0 +1,49 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/operator/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CSISnapshotControllerLister helps list CSISnapshotControllers. +type CSISnapshotControllerLister interface { + // List lists all CSISnapshotControllers in the indexer. + List(selector labels.Selector) (ret []*v1.CSISnapshotController, err error) + // Get retrieves the CSISnapshotController from the index for a given name. + Get(name string) (*v1.CSISnapshotController, error) + CSISnapshotControllerListerExpansion +} + +// cSISnapshotControllerLister implements the CSISnapshotControllerLister interface. +type cSISnapshotControllerLister struct { + indexer cache.Indexer +} + +// NewCSISnapshotControllerLister returns a new CSISnapshotControllerLister. +func NewCSISnapshotControllerLister(indexer cache.Indexer) CSISnapshotControllerLister { + return &cSISnapshotControllerLister{indexer: indexer} +} + +// List lists all CSISnapshotControllers in the indexer. +func (s *cSISnapshotControllerLister) List(selector labels.Selector) (ret []*v1.CSISnapshotController, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.CSISnapshotController)) + }) + return ret, err +} + +// Get retrieves the CSISnapshotController from the index for a given name. +func (s *cSISnapshotControllerLister) Get(name string) (*v1.CSISnapshotController, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("csisnapshotcontroller"), name) + } + return obj.(*v1.CSISnapshotController), nil +} diff --git a/vendor/github.com/openshift/client-go/operator/listers/operator/v1/expansion_generated.go b/vendor/github.com/openshift/client-go/operator/listers/operator/v1/expansion_generated.go index 3322edf34..dee56dc07 100644 --- a/vendor/github.com/openshift/client-go/operator/listers/operator/v1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/operator/listers/operator/v1/expansion_generated.go @@ -6,6 +6,10 @@ package v1 // AuthenticationLister. type AuthenticationListerExpansion interface{} +// CSISnapshotControllerListerExpansion allows custom methods to be added to +// CSISnapshotControllerLister. +type CSISnapshotControllerListerExpansion interface{} + // ConsoleListerExpansion allows custom methods to be added to // ConsoleLister. type ConsoleListerExpansion interface{} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apigroup.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apigroup.go new file mode 100644 index 000000000..e3a17cc50 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apigroup.go @@ -0,0 +1,79 @@ +package apiservice + +import ( + "fmt" + "net/http" + + "github.com/openshift/library-go/pkg/operator/events" + kubeinformers "k8s.io/client-go/informers" + "k8s.io/client-go/rest" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" +) + +func newEndpointPrecondition(kubeInformers kubeinformers.SharedInformerFactory) func(apiServices []*apiregistrationv1.APIService) (bool, error) { + // this is outside the func so it always registers before the informers start + endpointsLister := kubeInformers.Core().V1().Endpoints().Lister() + + type coordinate struct { + namespace string + name string + } + + return func(apiServices []*apiregistrationv1.APIService) (bool, error) { + + coordinates := []coordinate{} + for _, apiService := range apiServices { + curr := coordinate{namespace: apiService.Spec.Service.Namespace, name: apiService.Spec.Service.Name} + exists := false + for _, j := range coordinates { + if j == curr { + exists = true + break + } + } + if !exists { + coordinates = append(coordinates, curr) + } + } + + for _, curr := range coordinates { + endpoints, err := endpointsLister.Endpoints(curr.namespace).Get(curr.name) + if err != nil { + return false, err + } + if len(endpoints.Subsets) == 0 { + return false, nil + } + + exists := false + for _, subset := range endpoints.Subsets { + if len(subset.Addresses) > 0 { + exists = true + break + } + } + if !exists { + return false, nil + } + } + + return true, nil + } +} + +func checkDiscoveryForByAPIServices(recorder events.Recorder, restclient rest.Interface, apiServices []*apiregistrationv1.APIService) []string { + missingMessages := []string{} + for _, apiService := range apiServices { + url := "/apis/" + apiService.Spec.Group + "/" + apiService.Spec.Version + + statusCode := 0 + result := restclient.Get().AbsPath(url).Do().StatusCode(&statusCode) + if statusCode != http.StatusOK { + groupVersionString := fmt.Sprintf("%s.%s", apiService.Spec.Group, apiService.Spec.Version) + recorder.Warningf("OpenShiftAPICheckFailed", fmt.Sprintf("%q failed with HTTP status code %d (%v)", groupVersionString, statusCode, result.Error())) + missingMessages = append(missingMessages, fmt.Sprintf("%q is not ready: %d (%v)", groupVersionString, statusCode, result.Error())) + } + } + + return missingMessages +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go new file mode 100644 index 000000000..e73d93ada --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go @@ -0,0 +1,345 @@ +package apiservice + +import ( + "context" + "fmt" + "sort" + "strings" + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/errors" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/wait" + kubeinformers "k8s.io/client-go/informers" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/cache" + "k8s.io/client-go/util/workqueue" + "k8s.io/klog" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" + apiregistrationv1client "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/typed/apiregistration/v1" + apiregistrationinformers "k8s.io/kube-aggregator/pkg/client/informers/externalversions" + + operatorsv1 "github.com/openshift/api/operator/v1" + operatorv1 "github.com/openshift/api/operator/v1" + operatorlistersv1 "github.com/openshift/client-go/operator/listers/operator/v1" + "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/resource/resourceapply" + "github.com/openshift/library-go/pkg/operator/v1helpers" +) + +const ( + workQueueKey = "key" +) + +type GetAPIServicesToMangeFunc func() ([]*apiregistrationv1.APIService, error) +type apiServicesPreconditionFuncType func([]*apiregistrationv1.APIService) (bool, error) + +type APIServiceController struct { + name string + getAPIServicesToManageFn GetAPIServicesToMangeFunc + // precondition must return true before the apiservices will be created + precondition apiServicesPreconditionFuncType + + operatorClient v1helpers.OperatorClient + kubeClient kubernetes.Interface + apiregistrationv1Client apiregistrationv1client.ApiregistrationV1Interface + eventRecorder events.Recorder + + // queue only ever has one item, but it has nice error handling backoff/retry semantics + queue workqueue.RateLimitingInterface +} + +func NewAPIServiceController( + name string, + getAPIServicesToManageFunc GetAPIServicesToMangeFunc, + operatorClient v1helpers.OperatorClient, + apiregistrationInformers apiregistrationinformers.SharedInformerFactory, + apiregistrationv1Client apiregistrationv1client.ApiregistrationV1Interface, + kubeInformersForOperandNamespace kubeinformers.SharedInformerFactory, + kubeClient kubernetes.Interface, + eventRecorder events.Recorder, +) *APIServiceController { + fullname := "APIServiceController_" + name + c := &APIServiceController{ + name: fullname, + precondition: newEndpointPrecondition(kubeInformersForOperandNamespace), + getAPIServicesToManageFn: getAPIServicesToManageFunc, + + operatorClient: operatorClient, + apiregistrationv1Client: apiregistrationv1Client, + kubeClient: kubeClient, + eventRecorder: eventRecorder.WithComponentSuffix("apiservice-" + name + "-controller"), + + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fullname), + } + + kubeInformersForOperandNamespace.Core().V1().Services().Informer().AddEventHandler(c.eventHandler()) + kubeInformersForOperandNamespace.Core().V1().Endpoints().Informer().AddEventHandler(c.eventHandler()) + apiregistrationInformers.Apiregistration().V1().APIServices().Informer().AddEventHandler(c.eventHandler()) + + return c +} + +func (c *APIServiceController) sync() error { + operatorConfigSpec, _, _, err := c.operatorClient.GetOperatorState() + if err != nil { + return err + } + + switch operatorConfigSpec.ManagementState { + case operatorsv1.Managed: + case operatorsv1.Unmanaged: + return nil + case operatorsv1.Removed: + errs := []error{} + apiServices, err := c.getAPIServicesToManageFn() + if err != nil { + errs = append(errs, err) + return errors.NewAggregate(errs) + } + for _, apiService := range apiServices { + if err := c.apiregistrationv1Client.APIServices().Delete(apiService.Name, nil); err != nil { + errs = append(errs, err) + } + } + return errors.NewAggregate(errs) + default: + c.eventRecorder.Warningf("ManagementStateUnknown", "Unrecognized operator management state %q", operatorConfigSpec.ManagementState) + return nil + } + + apiServices, err := c.getAPIServicesToManageFn() + if err != nil { + return err + } + ready, err := c.precondition(apiServices) + if err != nil { + v1helpers.UpdateStatus(c.operatorClient, v1helpers.UpdateConditionFn(operatorv1.OperatorCondition{ + Type: "APIServicesAvailable", + Status: operatorv1.ConditionFalse, + Reason: "ErrorCheckingPrecondition", + Message: err.Error(), + })) + return err + } + if !ready { + v1helpers.UpdateStatus(c.operatorClient, v1helpers.UpdateConditionFn(operatorv1.OperatorCondition{ + Type: "APIServicesAvailable", + Status: operatorv1.ConditionFalse, + Reason: "PreconditionNotReady", + Message: "PreconditionNotReady", + })) + return err + } + + err = c.syncAPIServices(apiServices) + + // update failing condition + cond := operatorv1.OperatorCondition{ + Type: "APIServicesAvailable", + Status: operatorv1.ConditionTrue, + } + if err != nil { + cond.Status = operatorv1.ConditionFalse + cond.Reason = "Error" + cond.Message = err.Error() + } + if _, _, updateError := v1helpers.UpdateStatus(c.operatorClient, v1helpers.UpdateConditionFn(cond)); updateError != nil { + if err == nil { + return updateError + } + } + + return err +} + +func (c *APIServiceController) syncAPIServices(apiServices []*apiregistrationv1.APIService) error { + errs := []error{} + var availableConditionMessages []string + + for _, apiService := range apiServices { + apiregistrationv1.SetDefaults_ServiceReference(apiService.Spec.Service) + apiService, _, err := resourceapply.ApplyAPIService(c.apiregistrationv1Client, c.eventRecorder, apiService) + if err != nil { + errs = append(errs, err) + continue + } + + for _, condition := range apiService.Status.Conditions { + if condition.Type == apiregistrationv1.Available { + if condition.Status != apiregistrationv1.ConditionTrue { + availableConditionMessages = append(availableConditionMessages, fmt.Sprintf("apiservices.apiregistration.k8s.io/%v: not available: %v", apiService.Name, condition.Message)) + } + break + } + } + } + if len(errs) > 0 { + return errors.NewAggregate(errs) + } + if len(availableConditionMessages) > 0 { + sort.Sort(sort.StringSlice(availableConditionMessages)) + return fmt.Errorf(strings.Join(availableConditionMessages, "\n")) + } + + // if the apiservices themselves check out ok, try to actually hit the discovery endpoints. We have a history in clusterup + // of something delaying them. This isn't perfect because of round-robining, but let's see if we get an improvement + if c.kubeClient.Discovery().RESTClient() != nil { + missingAPIMessages := checkDiscoveryForByAPIServices(c.eventRecorder, c.kubeClient.Discovery().RESTClient(), apiServices) + availableConditionMessages = append(availableConditionMessages, missingAPIMessages...) + } + + if len(availableConditionMessages) > 0 { + sort.Sort(sort.StringSlice(availableConditionMessages)) + return fmt.Errorf(strings.Join(availableConditionMessages, "\n")) + } + + return nil +} + +// Run starts the openshift-apiserver and blocks until stopCh is closed. +// The number of workers is ignored +func (c *APIServiceController) Run(ctx context.Context, _ int) { + defer utilruntime.HandleCrash() + defer c.queue.ShutDown() + + klog.Infof("Starting %v", c.name) + defer klog.Infof("Shutting down %v", c.name) + + // doesn't matter what workers say, only start one. + go wait.Until(c.runWorker, time.Second, ctx.Done()) + + <-ctx.Done() +} + +func (c *APIServiceController) runWorker() { + for c.processNextWorkItem() { + } +} + +func (c *APIServiceController) processNextWorkItem() bool { + dsKey, quit := c.queue.Get() + if quit { + return false + } + defer c.queue.Done(dsKey) + + err := c.sync() + if err == nil { + c.queue.Forget(dsKey) + return true + } + + utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) + c.queue.AddRateLimited(dsKey) + + return true +} + +// eventHandler queues the operator to check spec and status +func (c *APIServiceController) eventHandler() cache.ResourceEventHandler { + return cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { c.queue.Add(workQueueKey) }, + UpdateFunc: func(old, new interface{}) { c.queue.Add(workQueueKey) }, + DeleteFunc: func(obj interface{}) { c.queue.Add(workQueueKey) }, + } +} + +// APIServicesToMange preserve state and clients required to return an authoritative list of API services this operate must manage +type APIServicesToManage struct { + authOperatorLister operatorlistersv1.AuthenticationLister + apiregistrationv1Client apiregistrationv1client.ApiregistrationV1Interface + allPossibleAPIServices []*apiregistrationv1.APIService + eventRecorder events.Recorder + apiGroupsManagedByExternalServer sets.String + apiGroupsManagedByExternalServerAnnotation string + currentAPIServicesToManage []*apiregistrationv1.APIService +} + +// NewAPIServicesToManage returns an object that knows how to construct an authoritative list of API services this operate must manage +func NewAPIServicesToManage(apiregistrationv1Client apiregistrationv1client.ApiregistrationV1Interface, + authOperatorLister operatorlistersv1.AuthenticationLister, + allPossibleAPIServices []*apiregistrationv1.APIService, + eventRecorder events.Recorder, + apiGroupsManagedByExternalServer sets.String, + apiGroupsManagedByExternalServerAnnotation string) *APIServicesToManage { + return &APIServicesToManage{ + authOperatorLister: authOperatorLister, + apiregistrationv1Client: apiregistrationv1Client, + allPossibleAPIServices: allPossibleAPIServices, + eventRecorder: eventRecorder, + apiGroupsManagedByExternalServer: apiGroupsManagedByExternalServer, + apiGroupsManagedByExternalServerAnnotation: apiGroupsManagedByExternalServerAnnotation, + currentAPIServicesToManage: allPossibleAPIServices, + } +} + +// GetAPIServicesToManage returns the desired list of API Services that will be managed by this operator +// note that some services might be managed by an external operators/servers +func (a *APIServicesToManage) GetAPIServicesToManage() ([]*apiregistrationv1.APIService, error) { + if externalOperatorPreconditionErr := a.externalOperatorPrecondition(); externalOperatorPreconditionErr != nil { + klog.V(4).Infof("unable to determine if an external operator should take OAuth APIs over due to %v, returning authoritative/initial API Services list", externalOperatorPreconditionErr) + return a.allPossibleAPIServices, nil + } + + newAPIServicesToManage := []*apiregistrationv1.APIService{} + for _, apiService := range a.allPossibleAPIServices { + if a.apiGroupsManagedByExternalServer.Has(apiService.Name) && a.isAPIServiceAnnotatedByExternalServer(apiService) { + continue + } + newAPIServicesToManage = append(newAPIServicesToManage, apiService) + } + + if changed, newAPIServicesSet := apiServicesChanged(a.currentAPIServicesToManage, newAPIServicesToManage); changed { + a.eventRecorder.Eventf("APIServicesToManageChanged", "The new API Services list this operator will manage is %v", newAPIServicesSet.List()) + } + + a.currentAPIServicesToManage = newAPIServicesToManage + return a.currentAPIServicesToManage, nil +} + +func (a *APIServicesToManage) isAPIServiceAnnotatedByExternalServer(apiService *apiregistrationv1.APIService) bool { + existingApiService, err := a.apiregistrationv1Client.APIServices().Get(apiService.Name, metav1.GetOptions{}) + if err != nil { + a.eventRecorder.Warningf("APIServicesToManageAnnotation", "unable to determine if the following API Service %s was annotated by an external operator (it should be) due to %v", apiService.Name, err) + return false + } + + if _, ok := existingApiService.Annotations[a.apiGroupsManagedByExternalServerAnnotation]; ok { + return true + + } + return false +} + +// externalOperatorPrecondition checks whether authentication operator will manage OAuth API Resources by checking ManagingOAuthAPIServer status field +func (a *APIServicesToManage) externalOperatorPrecondition() error { + authOperator, err := a.authOperatorLister.Get("cluster") + if err != nil { + return err + } + + if !authOperator.Status.ManagingOAuthAPIServer { + return fmt.Errorf("%q status field set to false", "ManagingOAuthAPIServer") + } + + return nil +} + +func apiServicesChanged(old []*apiregistrationv1.APIService, new []*apiregistrationv1.APIService) (bool, sets.String) { + oldSet := sets.String{} + for _, oldService := range old { + oldSet.Insert(oldService.Name) + } + + newSet := sets.String{} + for _, newService := range new { + newSet.Insert(newService.Name) + } + + removed := oldSet.Difference(newSet).List() + added := newSet.Difference(oldSet).List() + return len(removed) > 0 || len(added) > 0, newSet +} diff --git a/pkg/operator/nsfinalizercontroller/finalizer_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/nsfinalizer/finalizer_controller.go similarity index 99% rename from pkg/operator/nsfinalizercontroller/finalizer_controller.go rename to vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/nsfinalizer/finalizer_controller.go index f49c8987f..636dd4018 100644 --- a/pkg/operator/nsfinalizercontroller/finalizer_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/nsfinalizer/finalizer_controller.go @@ -1,4 +1,4 @@ -package nsfinalizercontroller +package nsfinalizer import ( "context" diff --git a/pkg/operator/apiservercontrollerset/apiservercontrollerset.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go similarity index 70% rename from pkg/operator/apiservercontrollerset/apiservercontrollerset.go rename to vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go index c2563ae13..b1aacd2be 100644 --- a/pkg/operator/apiservercontrollerset/apiservercontrollerset.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go @@ -3,17 +3,24 @@ package apiservercontrollerset import ( "context" "fmt" + configv1 "github.com/openshift/api/config/v1" configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1" configv1informers "github.com/openshift/client-go/config/informers/externalversions/config/v1" - "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/apiservicecontroller" - "github.com/openshift/cluster-openshift-apiserver-operator/pkg/operator/nsfinalizercontroller" + "github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice" + "github.com/openshift/library-go/pkg/operator/apiserver/controller/nsfinalizer" + "github.com/openshift/library-go/pkg/operator/encryption" + "github.com/openshift/library-go/pkg/operator/encryption/controllers/migrators" + encryptiondeployer "github.com/openshift/library-go/pkg/operator/encryption/deployer" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/loglevel" + "github.com/openshift/library-go/pkg/operator/resourcesynccontroller" "github.com/openshift/library-go/pkg/operator/status" "github.com/openshift/library-go/pkg/operator/unsupportedconfigoverridescontroller" "github.com/openshift/library-go/pkg/operator/v1helpers" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/errors" + "k8s.io/client-go/dynamic" kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" @@ -53,8 +60,12 @@ type APIServerControllerSet struct { apiServiceController controllerWrapper clusterOperatorStatusController controllerWrapper configUpgradableController controllerWrapper + encryptionControllers controllerWrapper logLevelController controllerWrapper finalizerController controllerWrapper + + // errors unhandled prior to running PrepareRun() + unhandledErrors []error } func NewAPIServerControllerSet( @@ -121,13 +132,13 @@ func (cs *APIServerControllerSet) WithoutClusterOperatorStatusController() *APIS func (cs *APIServerControllerSet) WithAPIServiceController( controllerName string, - getAPIServicesToManageFn apiservicecontroller.GetAPIServicesToMangeFunc, + getAPIServicesToManageFn apiservice.GetAPIServicesToMangeFunc, apiregistrationInformers apiregistrationinformers.SharedInformerFactory, apiregistrationv1Client apiregistrationv1client.ApiregistrationV1Interface, kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory, kubeClient kubernetes.Interface, ) *APIServerControllerSet { - cs.apiServiceController.controller = apiservicecontroller.NewAPIServiceController( + cs.apiServiceController.controller = apiservice.NewAPIServiceController( controllerName, getAPIServicesToManageFn, cs.operatorClient, @@ -151,7 +162,7 @@ func (cs *APIServerControllerSet) WithFinalizerController( kubeInformersForTargetNamespace kubeinformers.SharedInformerFactory, namespaceGetter corev1client.NamespacesGetter, ) *APIServerControllerSet { - cs.finalizerController.controller = nsfinalizercontroller.NewFinalizerController( + cs.finalizerController.controller = nsfinalizer.NewFinalizerController( targetNamespace, kubeInformersForTargetNamespace, namespaceGetter, @@ -166,6 +177,60 @@ func (cs *APIServerControllerSet) WithoutFinalizerController() *APIServerControl return cs } +func (cs *APIServerControllerSet) WithEncryptionControllers( + targetNamespace string, + encryptionResources []schema.GroupResource, + dynamicClientForMigration dynamic.Interface, + apiServerClient configv1client.APIServerInterface, + apiServerInformer configv1informers.APIServerInformer, + kubeClient kubernetes.Interface, + kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces, + resourceSyncController resourcesynccontroller.ResourceSyncer, +) *APIServerControllerSet { + nodeProvider := NewDaemonSetNodeProvider( + "apiserver", + targetNamespace, + kubeInformersForNamespaces.InformersFor(targetNamespace).Apps().V1().DaemonSets(), + kubeInformersForNamespaces.InformersFor("").Core().V1().Nodes(), + ) + + deployer, err := encryptiondeployer.NewRevisionLabelPodDeployer( + "revision", + targetNamespace, + kubeInformersForNamespaces, + resourceSyncController, + kubeClient.CoreV1(), + kubeClient.CoreV1(), + nodeProvider, + ) + if err != nil { + cs.unhandledErrors = append(cs.unhandledErrors, err) + return cs + } + migrator := migrators.NewInProcessMigrator(dynamicClientForMigration, kubeClient.Discovery()) + + cs.encryptionControllers.controller = encryption.NewControllers( + targetNamespace, + deployer, + migrator, + cs.operatorClient, + apiServerClient, + apiServerInformer, + kubeInformersForNamespaces, + kubeClient.CoreV1(), + cs.eventRecorder, + encryptionResources..., + ) + + return cs +} + +func (cs *APIServerControllerSet) WithoutEncryptionControllers() *APIServerControllerSet { + cs.encryptionControllers.controller = nil + cs.encryptionControllers.emptyAllowed = true + return cs +} + func (cs *APIServerControllerSet) PrepareRun() (preparedAPIServerControllerSet, error) { prepared := []controller{} errs := []error{} @@ -174,6 +239,7 @@ func (cs *APIServerControllerSet) PrepareRun() (preparedAPIServerControllerSet, "apiServiceController": cs.apiServiceController, "clusterOperatorStatusController": cs.clusterOperatorStatusController, "configUpgradableController": cs.configUpgradableController, + "encryptionControllers": cs.encryptionControllers, "logLevelController": cs.logLevelController, "finalizerController": cs.finalizerController, } { @@ -187,11 +253,11 @@ func (cs *APIServerControllerSet) PrepareRun() (preparedAPIServerControllerSet, } } - return preparedAPIServerControllerSet{controllers: prepared}, errors.NewAggregate(errs) + return preparedAPIServerControllerSet{controllers: prepared}, errors.NewAggregate(append(cs.unhandledErrors, errs...)) } func (cs *preparedAPIServerControllerSet) Run(ctx context.Context) { - for _, c := range cs.controllers { - go c.Run(ctx, 1) + for i := range cs.controllers { + go cs.controllers[i].Run(ctx, 1) // use index to avoid having to capture range variable } } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/dsnodeprovider.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/dsnodeprovider.go new file mode 100644 index 000000000..000e9c6b7 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/dsnodeprovider.go @@ -0,0 +1,64 @@ +package apiservercontrollerset + +import ( + "k8s.io/apimachinery/pkg/labels" + appsv1informers "k8s.io/client-go/informers/apps/v1" + corev1informers "k8s.io/client-go/informers/core/v1" + "k8s.io/client-go/tools/cache" + + encryptiondeployer "github.com/openshift/library-go/pkg/operator/encryption/deployer" +) + +// DaemonSetNodeProvider returns the node list from nodes matching the node selector of a DaemonSet +type DaemonSetNodeProvider struct { + targetDaemonSetName, targetDaemonSetNamespace string + targetNamespaceDaemonSetInformer appsv1informers.DaemonSetInformer + nodeInformer corev1informers.NodeInformer +} + +var ( + _ encryptiondeployer.MasterNodeProvider = &DaemonSetNodeProvider{} +) + +// NewDaemonSetNodeProvider creates a new DaemonSetNodeProvider +func NewDaemonSetNodeProvider( + targetName, targetNamespace string, + targetDSInformer appsv1informers.DaemonSetInformer, + nodeInformer corev1informers.NodeInformer, +) *DaemonSetNodeProvider { + return &DaemonSetNodeProvider{ + targetDaemonSetName: targetName, + targetDaemonSetNamespace: targetNamespace, + targetNamespaceDaemonSetInformer: targetDSInformer, + nodeInformer: nodeInformer, + } +} + +func (p *DaemonSetNodeProvider) MasterNodeNames() ([]string, error) { + ds, err := p.targetNamespaceDaemonSetInformer.Lister().DaemonSets(p.targetDaemonSetNamespace).Get(p.targetDaemonSetName) + if err != nil { + return nil, err + } + + nodes, err := p.nodeInformer.Lister().List(labels.SelectorFromSet(ds.Spec.Template.Spec.NodeSelector)) + if err != nil { + return nil, err + } + + ret := make([]string, 0, len(nodes)) + for _, n := range nodes { + ret = append(ret, n.Name) + } + + return ret, nil +} + +func (p *DaemonSetNodeProvider) AddEventHandler(handler cache.ResourceEventHandler) []cache.InformerSynced { + p.targetNamespaceDaemonSetInformer.Informer().AddEventHandler(handler) + p.nodeInformer.Informer().AddEventHandler(handler) + + return []cache.InformerSynced{ + p.targetNamespaceDaemonSetInformer.Informer().HasSynced, + p.nodeInformer.Informer().HasSynced, + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/configobserver/apiserver/observe_cors.go b/vendor/github.com/openshift/library-go/pkg/operator/configobserver/apiserver/observe_cors.go new file mode 100644 index 000000000..245470144 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/configobserver/apiserver/observe_cors.go @@ -0,0 +1,62 @@ +package apiserver + +import ( + "k8s.io/klog" + + "github.com/openshift/library-go/pkg/operator/configobserver" + "github.com/openshift/library-go/pkg/operator/events" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/util/sets" +) + +var clusterDefaultCORSAllowedOrigins = []string{ + `//127\.0\.0\.1(:|$)`, + `//localhost(:|$)`, +} + +// ObserveAdditionalCORSAllowedOrigins observes the additionalCORSAllowedOrigins field +// of the APIServer resource +func ObserveAdditionalCORSAllowedOrigins(genericListers configobserver.Listers, recorder events.Recorder, existingConfig map[string]interface{}) (map[string]interface{}, []error) { + const corsAllowedOriginsPath = "corsAllowedOrigins" + + lister := genericListers.(APIServerLister) + errs := []error{} + defaultConfig := map[string]interface{}{} + if err := unstructured.SetNestedStringSlice(defaultConfig, clusterDefaultCORSAllowedOrigins, corsAllowedOriginsPath); err != nil { + // this should not happen + return defaultConfig, append(errs, err) + } + + // grab the current CORS origins to later check whether they were updated + currentCORSAllowedOrigins, _, err := unstructured.NestedStringSlice(existingConfig, corsAllowedOriginsPath) + if err != nil { + return defaultConfig, append(errs, err) + } + currentCORSSet := sets.NewString(currentCORSAllowedOrigins...) + currentCORSSet.Insert(clusterDefaultCORSAllowedOrigins...) + + observedConfig := map[string]interface{}{} + apiServer, err := lister.APIServerLister().Get("cluster") + if errors.IsNotFound(err) { + klog.Warningf("apiserver.config.openshift.io/cluster: not found") + return defaultConfig, errs + } + if err != nil { + // return existingConfig here in case err is just a transient error so + // that we don't rewrite the config that was observed previously + return existingConfig, append(errs, err) + } + + newCORSSet := sets.NewString(clusterDefaultCORSAllowedOrigins...) + newCORSSet.Insert(apiServer.Spec.AdditionalCORSAllowedOrigins...) + if err := unstructured.SetNestedStringSlice(observedConfig, newCORSSet.List(), corsAllowedOriginsPath); err != nil { + errs = append(errs, err) + } + + if !currentCORSSet.Equal(newCORSSet) { + recorder.Eventf("ObserveAdditionalCORSAllowedOrigins", "corsAllowedOrigins changed to %q", newCORSSet.List()) + } + + return observedConfig, errs +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers.go b/vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers.go index 8ba297c5a..e5f0bde1f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers.go @@ -1,6 +1,8 @@ package encryption import ( + "context" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" @@ -33,7 +35,7 @@ func NewControllers( secretsClient corev1.SecretsGetter, eventRecorder events.Recorder, encryptedGRs ...schema.GroupResource, -) (*Controllers, error) { +) *Controllers { // avoid using the CachedSecretGetter as we need strong guarantees that our encryptionSecretSelector works // otherwise we could see secrets from a different component (which will break our keyID invariants) // this is fine in terms of performance since these controllers will be idle most of the time @@ -94,17 +96,18 @@ func NewControllers( encryptedGRs, ), }, - }, nil + } } type Controllers struct { controllers []runner } -func (c *Controllers) Run(stopCh <-chan struct{}) { +// Run runs the encryption controllers, the number of workers is ignored +func (c *Controllers) Run(ctx context.Context, _ int) { for _, controller := range c.controllers { con := controller // capture range variable - go con.Run(stopCh) + go con.Run(ctx.Done()) } - <-stopCh + <-ctx.Done() } diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 61b9c4481..5d89457cc 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -463,6 +463,13 @@ func setDiscoveryDefaults(config *restclient.Config) error { if config.Timeout == 0 { config.Timeout = defaultTimeout } + if config.Burst == 0 && config.QPS < 100 { + // discovery is expected to be bursty, increase the default burst + // to accommodate looking up resource info for many API groups. + // matches burst set by ConfigFlags#ToDiscoveryClient(). + // see https://issue.k8s.io/86149 + config.Burst = 100 + } codec := runtime.NoopEncoder{Decoder: scheme.Codecs.UniversalDecoder()} config.NegotiatedSerializer = serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{Serializer: codec}) if len(config.UserAgent) == 0 { diff --git a/vendor/k8s.io/client-go/tools/cache/reflector.go b/vendor/k8s.io/client-go/tools/cache/reflector.go index 1165c523e..62749ed7d 100644 --- a/vendor/k8s.io/client-go/tools/cache/reflector.go +++ b/vendor/k8s.io/client-go/tools/cache/reflector.go @@ -74,9 +74,6 @@ type Reflector struct { // observed when doing a sync with the underlying store // it is thread safe, but not synchronized with the underlying store lastSyncResourceVersion string - // isLastSyncResourceVersionGone is true if the previous list or watch request with lastSyncResourceVersion - // failed with an HTTP 410 (Gone) status code. - isLastSyncResourceVersionGone bool // lastSyncResourceVersionMutex guards read/write access to lastSyncResourceVersion lastSyncResourceVersionMutex sync.RWMutex // WatchListPageSize is the requested chunk size of initial and resync watch lists. @@ -188,7 +185,10 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { klog.V(3).Infof("Listing and watching %v from %s", r.expectedTypeName, r.name) var resourceVersion string - options := metav1.ListOptions{ResourceVersion: r.relistResourceVersion()} + // Explicitly set "0" as resource version - it's fine for the List() + // to be served from cache and potentially be delayed relative to + // etcd contents. Reflector framework will catch up via Watch() eventually. + options := metav1.ListOptions{ResourceVersion: "0"} if err := func() error { initTrace := trace.New("Reflector ListAndWatch", trace.Field{"name", r.name}) @@ -211,17 +211,8 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { if r.WatchListPageSize != 0 { pager.PageSize = r.WatchListPageSize } - + // Pager falls back to full list if paginated list calls fail due to an "Expired" error. list, err = pager.List(context.Background(), options) - if isExpiredError(err) { - r.setIsLastSyncResourceVersionExpired(true) - // Retry immediately if the resource version used to list is expired. - // The pager already falls back to full list if paginated list calls fail due to an "Expired" error on - // continuation pages, but the pager might not be enabled, or the full list might fail because the - // resource version it is listing at is expired, so we need to fallback to resourceVersion="" in all - // to recover and ensure the reflector makes forward progress. - list, err = pager.List(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()}) - } close(listCh) }() select { @@ -234,7 +225,6 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { if err != nil { return fmt.Errorf("%s: Failed to list %v: %v", r.name, r.expectedTypeName, err) } - r.setIsLastSyncResourceVersionExpired(false) // list was successful initTrace.Step("Objects listed") listMetaInterface, err := meta.ListAccessor(list) if err != nil { @@ -308,13 +298,10 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { w, err := r.listerWatcher.Watch(options) if err != nil { - switch { - case isExpiredError(err): - r.setIsLastSyncResourceVersionExpired(true) - klog.V(4).Infof("%s: watch of %v closed with: %v", r.name, r.expectedTypeName, err) - case err == io.EOF: + switch err { + case io.EOF: // watch closed normally - case err == io.ErrUnexpectedEOF: + case io.ErrUnexpectedEOF: klog.V(1).Infof("%s: Watch for %v closed with unexpected EOF: %v", r.name, r.expectedTypeName, err) default: utilruntime.HandleError(fmt.Errorf("%s: Failed to watch %v: %v", r.name, r.expectedTypeName, err)) @@ -333,8 +320,7 @@ func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { if err := r.watchHandler(w, &resourceVersion, resyncerrc, stopCh); err != nil { if err != errorStopRequested { switch { - case isExpiredError(err): - r.setIsLastSyncResourceVersionExpired(true) + case apierrs.IsResourceExpired(err): klog.V(4).Infof("%s: watch of %v ended with: %v", r.name, r.expectedTypeName, err) default: klog.Warningf("%s: watch of %v ended with: %v", r.name, r.expectedTypeName, err) @@ -446,42 +432,3 @@ func (r *Reflector) setLastSyncResourceVersion(v string) { defer r.lastSyncResourceVersionMutex.Unlock() r.lastSyncResourceVersion = v } - -// relistResourceVersion determines the resource version the reflector should list or relist from. -// Returns either the lastSyncResourceVersion so that this reflector will relist with a resource -// versions no older than has already been observed in relist results or watch events, or, if the last relist resulted -// in an HTTP 410 (Gone) status code, returns "" so that the relist will use the latest resource version available in -// etcd via a quorum read. -func (r *Reflector) relistResourceVersion() string { - r.lastSyncResourceVersionMutex.RLock() - defer r.lastSyncResourceVersionMutex.RUnlock() - - if r.isLastSyncResourceVersionGone { - // Since this reflector makes paginated list requests, and all paginated list requests skip the watch cache - // if the lastSyncResourceVersion is expired, we set ResourceVersion="" and list again to re-establish reflector - // to the latest available ResourceVersion, using a consistent read from etcd. - return "" - } - if r.lastSyncResourceVersion == "" { - // For performance reasons, initial list performed by reflector uses "0" as resource version to allow it to - // be served from the watch cache if it is enabled. - return "0" - } - return r.lastSyncResourceVersion -} - -// setIsLastSyncResourceVersionExpired sets if the last list or watch request with lastSyncResourceVersion returned a -// expired error: HTTP 410 (Gone) Status Code. -func (r *Reflector) setIsLastSyncResourceVersionExpired(isExpired bool) { - r.lastSyncResourceVersionMutex.Lock() - defer r.lastSyncResourceVersionMutex.Unlock() - r.isLastSyncResourceVersionGone = isExpired -} - -func isExpiredError(err error) bool { - // In Kubernetes 1.17 and earlier, the api server returns both apierrs.StatusReasonExpired and - // apierrs.StatusReasonGone for HTTP 410 (Gone) status code responses. In 1.18 the kube server is more consistent - // and always returns apierrs.StatusReasonExpired. For backward compatibility we can only remove the apierrs.IsGone - // check when we fully drop support for Kubernetes 1.17 servers from reflectors. - return apierrs.IsResourceExpired(err) || apierrs.IsGone(err) -} diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/v1/conversion.go b/vendor/k8s.io/client-go/tools/clientcmd/api/v1/conversion.go index 0d27672e3..c38ebc076 100644 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/v1/conversion.go +++ b/vendor/k8s.io/client-go/tools/clientcmd/api/v1/conversion.go @@ -31,6 +31,9 @@ func Convert_Slice_v1_NamedCluster_To_Map_string_To_Pointer_api_Cluster(in *[]Na if err := Convert_v1_Cluster_To_api_Cluster(&curr.Cluster, newCluster, s); err != nil { return err } + if *out == nil { + *out = make(map[string]*api.Cluster) + } if (*out)[curr.Name] == nil { (*out)[curr.Name] = newCluster } else { @@ -65,6 +68,9 @@ func Convert_Slice_v1_NamedAuthInfo_To_Map_string_To_Pointer_api_AuthInfo(in *[] if err := Convert_v1_AuthInfo_To_api_AuthInfo(&curr.AuthInfo, newAuthInfo, s); err != nil { return err } + if *out == nil { + *out = make(map[string]*api.AuthInfo) + } if (*out)[curr.Name] == nil { (*out)[curr.Name] = newAuthInfo } else { @@ -99,6 +105,9 @@ func Convert_Slice_v1_NamedContext_To_Map_string_To_Pointer_api_Context(in *[]Na if err := Convert_v1_Context_To_api_Context(&curr.Context, newContext, s); err != nil { return err } + if *out == nil { + *out = make(map[string]*api.Context) + } if (*out)[curr.Name] == nil { (*out)[curr.Name] = newContext } else { @@ -133,6 +142,9 @@ func Convert_Slice_v1_NamedExtension_To_Map_string_To_runtime_Object(in *[]Named if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&curr.Extension, &newExtension, s); err != nil { return err } + if *out == nil { + *out = make(map[string]runtime.Object) + } if (*out)[curr.Name] == nil { (*out)[curr.Name] = newExtension } else { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8a5443d52..5ba504c7d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -143,7 +143,7 @@ github.com/modern-go/concurrent github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20200115130134-f472aa214b03 +# github.com/openshift/api v0.0.0-20200116145750-0e2ff1e215dd github.com/openshift/api github.com/openshift/api/apps github.com/openshift/api/apps/v1 @@ -190,7 +190,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/client-go v0.0.0-20200109173103-2763c6378941 +# github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 github.com/openshift/client-go/config/clientset/versioned github.com/openshift/client-go/config/clientset/versioned/fake github.com/openshift/client-go/config/clientset/versioned/scheme @@ -217,7 +217,7 @@ github.com/openshift/client-go/operator/informers/externalversions/operator/v1 github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1 github.com/openshift/client-go/operator/listers/operator/v1 github.com/openshift/client-go/operator/listers/operator/v1alpha1 -# github.com/openshift/library-go v0.0.0-20200114124611-9ace650367d2 +# github.com/openshift/library-go v0.0.0-20200114124611-9ace650367d2 => github.com/stlaz/library-go v0.0.0-20200121085742-3ddb1b466819 github.com/openshift/library-go/alpha-build-machinery github.com/openshift/library-go/alpha-build-machinery/make github.com/openshift/library-go/alpha-build-machinery/make/lib @@ -236,6 +236,9 @@ github.com/openshift/library-go/pkg/controller/controllercmd github.com/openshift/library-go/pkg/controller/fileobserver github.com/openshift/library-go/pkg/controller/metrics github.com/openshift/library-go/pkg/crypto +github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice +github.com/openshift/library-go/pkg/operator/apiserver/controller/nsfinalizer +github.com/openshift/library-go/pkg/operator/apiserver/controllerset github.com/openshift/library-go/pkg/operator/condition github.com/openshift/library-go/pkg/operator/configobserver github.com/openshift/library-go/pkg/operator/configobserver/apiserver @@ -415,7 +418,7 @@ gopkg.in/inf.v0 gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v2 v2.2.4 gopkg.in/yaml.v2 -# k8s.io/api v0.17.0 +# k8s.io/api v0.17.1 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 k8s.io/api/admissionregistration/v1 @@ -459,13 +462,13 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.17.0 +# k8s.io/apiextensions-apiserver v0.17.1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 -# k8s.io/apimachinery v0.17.0 +# k8s.io/apimachinery v0.17.1 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -517,7 +520,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.17.0 +# k8s.io/apiserver v0.17.1 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -624,7 +627,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.17.0 +# k8s.io/client-go v0.17.1 k8s.io/client-go/discovery k8s.io/client-go/discovery/fake k8s.io/client-go/dynamic @@ -836,7 +839,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.17.0 +# k8s.io/component-base v0.17.1 k8s.io/component-base/cli/flag k8s.io/component-base/featuregate k8s.io/component-base/logs @@ -845,7 +848,7 @@ k8s.io/component-base/metrics/legacyregistry k8s.io/component-base/version # k8s.io/klog v1.0.0 k8s.io/klog -# k8s.io/kube-aggregator v0.17.0 +# k8s.io/kube-aggregator v0.17.1 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1