From 024d9d39afafc6a67e9c86a3463d615f8597fcac Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Thu, 12 Jan 2023 16:28:16 +0100 Subject: [PATCH] Make `DaemonResourceRequirements` non `omitempty` Signed-off-by: Sascha Grunert --- .github/workflows/olm_tests.yaml | 2 +- api/spod/v1alpha1/spod_types.go | 2 +- ...8s.io_securityprofilesoperatordaemons.yaml | 4 ++- dependencies.yaml | 4 +-- .../crds/securityprofilesoperatordaemon.yaml | 4 ++- deploy/helm/crds/crds.yaml | 4 ++- deploy/namespace-operator.yaml | 4 ++- deploy/openshift-dev.yaml | 4 ++- deploy/openshift-downstream.yaml | 4 ++- deploy/operator.yaml | 4 ++- deploy/webhook-operator.yaml | 4 ++- go.mod | 6 ++-- go.sum | 12 +++---- hack/ci/Vagrantfile-ubuntu | 2 +- hack/ci/install-kubernetes.sh | 2 +- test/suite_test.go | 2 +- vendor/k8s.io/api/core/v1/generated.proto | 3 +- vendor/k8s.io/api/core/v1/types.go | 3 +- .../applyconfigurations/internal/internal.go | 2 ++ .../client-go/discovery/discovery_client.go | 2 +- vendor/k8s.io/client-go/rest/request.go | 35 ++++++++++++++----- vendor/k8s.io/client-go/rest/with_retry.go | 17 +++------ vendor/modules.txt | 6 ++-- 23 files changed, 81 insertions(+), 51 deletions(-) diff --git a/.github/workflows/olm_tests.yaml b/.github/workflows/olm_tests.yaml index 55acccc467..040f1cf11f 100644 --- a/.github/workflows/olm_tests.yaml +++ b/.github/workflows/olm_tests.yaml @@ -6,7 +6,7 @@ on: pull_request: env: GO_VERSION: '1.19' - KIND_IMG_TAG: v1.26.0 + KIND_IMG_TAG: v1.26.1 permissions: {} diff --git a/api/spod/v1alpha1/spod_types.go b/api/spod/v1alpha1/spod_types.go index f2209e6ffb..b15883c0c6 100644 --- a/api/spod/v1alpha1/spod_types.go +++ b/api/spod/v1alpha1/spod_types.go @@ -312,7 +312,7 @@ type SPODSpec struct { // DaemonResourceRequirements if defined, overwrites the default resource requirements // of SPOD daemon. // +optional - DaemonResourceRequirements *corev1.ResourceRequirements `json:"daemonResourceRequirements,omitempty"` + DaemonResourceRequirements *corev1.ResourceRequirements `json:"daemonResourceRequirements"` } // SPODState defines the state that the spod is in. diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml index 2940422ec7..38a81a3ae2 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml @@ -905,7 +905,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/dependencies.yaml b/dependencies.yaml index 2fe5b87479..44e300aff6 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -64,7 +64,7 @@ dependencies: match: kindVersion - name: kind-image - version: 1.26.0 + version: 1.26.1 refPaths: - path: test/suite_test.go match: kindImage @@ -78,7 +78,7 @@ dependencies: match: QEMUVERSION - name: e2e-kubernetes - version: 1.26.0 + version: 1.26.1 refPaths: - path: hack/ci/install-kubernetes.sh match: VERSION diff --git a/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml b/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml index 82b0e35c67..eec220436c 100644 --- a/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml +++ b/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml @@ -903,7 +903,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/helm/crds/crds.yaml b/deploy/helm/crds/crds.yaml index fbaf041e6b..f7aab13d3a 100644 --- a/deploy/helm/crds/crds.yaml +++ b/deploy/helm/crds/crds.yaml @@ -1430,7 +1430,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/namespace-operator.yaml b/deploy/namespace-operator.yaml index 65de530822..3a907b07f3 100644 --- a/deploy/namespace-operator.yaml +++ b/deploy/namespace-operator.yaml @@ -1430,7 +1430,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/openshift-dev.yaml b/deploy/openshift-dev.yaml index fda7b4f185..33401384b8 100644 --- a/deploy/openshift-dev.yaml +++ b/deploy/openshift-dev.yaml @@ -1430,7 +1430,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/openshift-downstream.yaml b/deploy/openshift-downstream.yaml index c011ecf5f4..b293332c66 100644 --- a/deploy/openshift-downstream.yaml +++ b/deploy/openshift-downstream.yaml @@ -1430,7 +1430,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 6020752df0..541675428d 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1430,7 +1430,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/webhook-operator.yaml b/deploy/webhook-operator.yaml index 714d677cc1..b5bbc0d03c 100644 --- a/deploy/webhook-operator.yaml +++ b/deploy/webhook-operator.yaml @@ -1606,7 +1606,9 @@ spec: - name type: object type: array - x-kubernetes-list-type: set + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/go.mod b/go.mod index 39d70e189e..f4cfb36825 100644 --- a/go.mod +++ b/go.mod @@ -27,9 +27,9 @@ require ( google.golang.org/grpc v1.52.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0 google.golang.org/protobuf v1.28.1 - k8s.io/api v0.26.0 - k8s.io/apimachinery v0.26.0 - k8s.io/client-go v0.26.0 + k8s.io/api v0.26.1 + k8s.io/apimachinery v0.26.1 + k8s.io/client-go v0.26.1 k8s.io/klog/v2 v2.80.1 sigs.k8s.io/controller-runtime v0.14.1 sigs.k8s.io/controller-tools v0.11.1 diff --git a/go.sum b/go.sum index 307c862444..68a4653ff8 100644 --- a/go.sum +++ b/go.sum @@ -887,16 +887,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= +k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= +k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo= k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ= -k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= -k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= +k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw= k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY= -k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= -k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= +k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= +k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs= k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= diff --git a/hack/ci/Vagrantfile-ubuntu b/hack/ci/Vagrantfile-ubuntu index a077658827..f65701a7ca 100644 --- a/hack/ci/Vagrantfile-ubuntu +++ b/hack/ci/Vagrantfile-ubuntu @@ -33,7 +33,7 @@ Vagrant.configure("2") do |config| curl -sSfL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list apt-get update - KUBERNETES_VERSION=1.26.0-00 + KUBERNETES_VERSION=1.26.1-00 apt-get install -y \ build-essential \ kubelet=$KUBERNETES_VERSION \ diff --git a/hack/ci/install-kubernetes.sh b/hack/ci/install-kubernetes.sh index fd3b070458..3529219d34 100755 --- a/hack/ci/install-kubernetes.sh +++ b/hack/ci/install-kubernetes.sh @@ -19,7 +19,7 @@ ENVFILE=$(dirname "${BASH_SOURCE[0]}")/env-fedora.sh . "$ENVFILE" K8SPATH="$GOPATH/src/k8s.io" -VERSION=v1.26.0 +VERSION=v1.26.1 download-kubernetes() { export KUBERNETES_RELEASE=$VERSION diff --git a/test/suite_test.go b/test/suite_test.go index fa91cdf2f3..74a93723a7 100644 --- a/test/suite_test.go +++ b/test/suite_test.go @@ -40,7 +40,7 @@ import ( const ( kindVersion = "v0.17.0" - kindImage = "kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" + kindImage = "kindest/node:v1.26.1@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" kindDarwinSHA512 = "40ebb37b74b88d71854f73bc8d505e5cfb7ad14952657f0f9f46605632f2611277d09e8b00d05e95d10f913bd31d816131a3e26e7f34a6f2e50297d146f15050" //nolint:lll // full length SHA kindLinuxSHA512 = "ae9b8ad431157c47bd034552e6b1656e46aa4033e96f25d5ff5d539308f17b2b003d25e02656f461d3eeed4e3ba0507b8523f6fa9180b59f37a5f083f62e5560" //nolint:lll // full length SHA ) diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 854bcdeba0..9264bfd98b 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -4514,7 +4514,8 @@ message ResourceRequirements { // // This field is immutable. // - // +listType=set + // +listType=map + // +listMapKey=name // +featureGate=DynamicResourceAllocation // +optional repeated ResourceClaim claims = 3; diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 87230fd918..4be1df0c1d 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -2322,7 +2322,8 @@ type ResourceRequirements struct { // // This field is immutable. // - // +listType=set + // +listType=map + // +listMapKey=name // +featureGate=DynamicResourceAllocation // +optional Claims []ResourceClaim `json:"claims,omitempty" protobuf:"bytes,3,opt,name=claims"` diff --git a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go index afad3b12e1..4f3636b27d 100644 --- a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go +++ b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go @@ -6553,6 +6553,8 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: io.k8s.api.core.v1.ResourceClaim elementRelationship: associative + keys: + - name - name: limits type: map: diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 9025e888ec..43906190fb 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -196,7 +196,7 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s } // Discovery groups and (possibly) resources downloaded from /apis. apiGroups, apiResources, aerr := d.downloadAPIs() - if err != nil { + if aerr != nil { return nil, nil, aerr } // Merge apis groups into the legacy groups. diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go index 560f73f002..96e725692d 100644 --- a/vendor/k8s.io/client-go/rest/request.go +++ b/vendor/k8s.io/client-go/rest/request.go @@ -34,6 +34,7 @@ import ( "time" "golang.org/x/net/http2" + "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -116,8 +117,11 @@ type Request struct { subresource string // output - err error - body io.Reader + err error + + // only one of body / bodyBytes may be set. requests using body are not retriable. + body io.Reader + bodyBytes []byte retryFn requestRetryFunc } @@ -443,12 +447,15 @@ func (r *Request) Body(obj interface{}) *Request { return r } glogBody("Request Body", data) - r.body = bytes.NewReader(data) + r.body = nil + r.bodyBytes = data case []byte: glogBody("Request Body", t) - r.body = bytes.NewReader(t) + r.body = nil + r.bodyBytes = t case io.Reader: r.body = t + r.bodyBytes = nil case runtime.Object: // callers may pass typed interface pointers, therefore we must check nil with reflection if reflect.ValueOf(t).IsNil() { @@ -465,7 +472,8 @@ func (r *Request) Body(obj interface{}) *Request { return r } glogBody("Request Body", data) - r.body = bytes.NewReader(data) + r.body = nil + r.bodyBytes = data r.SetHeader("Content-Type", r.c.content.ContentType) default: r.err = fmt.Errorf("unknown type used for body: %+v", obj) @@ -825,9 +833,6 @@ func (r *Request) Stream(ctx context.Context) (io.ReadCloser, error) { if err != nil { return nil, err } - if r.body != nil { - req.Body = io.NopCloser(r.body) - } resp, err := client.Do(req) updateURLMetrics(ctx, r, resp, err) retry.After(ctx, r, resp, err) @@ -889,8 +894,20 @@ func (r *Request) requestPreflightCheck() error { } func (r *Request) newHTTPRequest(ctx context.Context) (*http.Request, error) { + var body io.Reader + switch { + case r.body != nil && r.bodyBytes != nil: + return nil, fmt.Errorf("cannot set both body and bodyBytes") + case r.body != nil: + body = r.body + case r.bodyBytes != nil: + // Create a new reader specifically for this request. + // Giving each request a dedicated reader allows retries to avoid races resetting the request body. + body = bytes.NewReader(r.bodyBytes) + } + url := r.URL().String() - req, err := http.NewRequest(r.verb, url, r.body) + req, err := http.NewRequest(r.verb, url, body) if err != nil { return nil, err } diff --git a/vendor/k8s.io/client-go/rest/with_retry.go b/vendor/k8s.io/client-go/rest/with_retry.go index b04e3e9eff..207060a5cc 100644 --- a/vendor/k8s.io/client-go/rest/with_retry.go +++ b/vendor/k8s.io/client-go/rest/with_retry.go @@ -153,6 +153,11 @@ func (r *withRetry) IsNextRetry(ctx context.Context, restReq *Request, httpReq * return false } + if restReq.body != nil { + // we have an opaque reader, we can't safely reset it + return false + } + r.attempts++ r.retryAfter = &RetryAfter{Attempt: r.attempts} if r.attempts > r.maxRetries { @@ -209,18 +214,6 @@ func (r *withRetry) Before(ctx context.Context, request *Request) error { return nil } - // At this point we've made atleast one attempt, post which the response - // body should have been fully read and closed in order for it to be safe - // to reset the request body before we reconnect, in order for us to reuse - // the same TCP connection. - if seeker, ok := request.body.(io.Seeker); ok && request.body != nil { - if _, err := seeker.Seek(0, io.SeekStart); err != nil { - err = fmt.Errorf("failed to reset the request body while retrying a request: %v", err) - r.trackPreviousError(err) - return err - } - } - // if we are here, we have made attempt(s) at least once before. if request.backoff != nil { delay := request.backoff.CalculateBackoff(url) diff --git a/vendor/modules.txt b/vendor/modules.txt index f58890b41c..908f8755bb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -816,7 +816,7 @@ helm.sh/helm/v3/pkg/plugin helm.sh/helm/v3/pkg/provenance helm.sh/helm/v3/pkg/registry helm.sh/helm/v3/pkg/repo -# k8s.io/api v0.26.0 +# k8s.io/api v0.26.1 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -876,7 +876,7 @@ k8s.io/api/storage/v1beta1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 -# k8s.io/apimachinery v0.26.0 +# k8s.io/apimachinery v0.26.1 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -931,7 +931,7 @@ k8s.io/apimachinery/third_party/forked/golang/reflect k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.0 +# k8s.io/client-go v0.26.1 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1