diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml index 2044bd8b0a..4ef844da17 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_profilebindings.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml index fa8795f86f..d05097c587 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_profilerecordings.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml index 45ab66fe7c..85c5a1fdce 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_rawselinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml index adbd6918b3..fad6cb9cd2 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_seccompprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml index ae8c64d47c..92f84df49d 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilenodestatuses.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml index 110a902e8b..a2332e8300 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_securityprofilesoperatordaemons.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -888,6 +888,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml b/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml index 28ba6c057c..7be39eef97 100644 --- a/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml +++ b/bundle/manifests/security-profiles-operator.x-k8s.io_selinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/dependencies.yaml b/dependencies.yaml index fb6bd7a255..48c1c33b49 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -50,7 +50,7 @@ dependencies: match: OLM_VERSION - name: cert-manager - version: 1.10.1 + version: 1.11.0 refPaths: - path: test/e2e_test.go match: cert-manager/cert-manager @@ -82,7 +82,7 @@ dependencies: match: QEMUVERSION - name: e2e-kubernetes - version: 1.25.3 + version: 1.26.2 refPaths: - path: hack/ci/install-kubernetes.sh match: VERSION @@ -164,7 +164,7 @@ dependencies: match: VERSION - name: CRI-O - version: v1.25.1 + version: v1.26.1 refPaths: - path: hack/ci/install-cri-o.sh match: TAG diff --git a/deploy/base-crds/crds/profilebinding.yaml b/deploy/base-crds/crds/profilebinding.yaml index 494dfc2bfd..560ebbef39 100644 --- a/deploy/base-crds/crds/profilebinding.yaml +++ b/deploy/base-crds/crds/profilebinding.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: profilebindings.security-profiles-operator.x-k8s.io spec: diff --git a/deploy/base-crds/crds/profilerecording.yaml b/deploy/base-crds/crds/profilerecording.yaml index 4efcb4acaf..47178ecd4e 100644 --- a/deploy/base-crds/crds/profilerecording.yaml +++ b/deploy/base-crds/crds/profilerecording.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: profilerecordings.security-profiles-operator.x-k8s.io spec: diff --git a/deploy/base-crds/crds/seccompprofile.yaml b/deploy/base-crds/crds/seccompprofile.yaml index 9db369b799..64e2faa86e 100644 --- a/deploy/base-crds/crds/seccompprofile.yaml +++ b/deploy/base-crds/crds/seccompprofile.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: seccompprofiles.security-profiles-operator.x-k8s.io spec: diff --git a/deploy/base-crds/crds/securityprofilenodestatus.yaml b/deploy/base-crds/crds/securityprofilenodestatus.yaml index 3e754fc7f3..c2607284dd 100644 --- a/deploy/base-crds/crds/securityprofilenodestatus.yaml +++ b/deploy/base-crds/crds/securityprofilenodestatus.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: securityprofilenodestatuses.security-profiles-operator.x-k8s.io spec: diff --git a/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml b/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml index f272210453..84e1fec9bf 100644 --- a/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml +++ b/deploy/base-crds/crds/securityprofilesoperatordaemon.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: securityprofilesoperatordaemons.security-profiles-operator.x-k8s.io spec: @@ -886,6 +886,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/deploy/base-crds/crds/selinuxpolicy.yaml b/deploy/base-crds/crds/selinuxpolicy.yaml index cab8efeeb3..5c0fa258a1 100644 --- a/deploy/base-crds/crds/selinuxpolicy.yaml +++ b/deploy/base-crds/crds/selinuxpolicy.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: rawselinuxprofiles.security-profiles-operator.x-k8s.io spec: @@ -105,7 +105,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null name: selinuxprofiles.security-profiles-operator.x-k8s.io spec: diff --git a/deploy/helm/crds/crds.yaml b/deploy/helm/crds/crds.yaml index 04f81adadd..a81aa52551 100644 --- a/deploy/helm/crds/crds.yaml +++ b/deploy/helm/crds/crds.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -79,7 +79,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -215,7 +215,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -462,7 +462,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -527,7 +527,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1413,6 +1413,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1713,7 +1733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1818,7 +1838,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/deploy/namespace-operator.yaml b/deploy/namespace-operator.yaml index f9508062b1..2ddad85822 100644 --- a/deploy/namespace-operator.yaml +++ b/deploy/namespace-operator.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -79,7 +79,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -215,7 +215,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -462,7 +462,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -527,7 +527,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1413,6 +1413,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1713,7 +1733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1818,7 +1838,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/deploy/openshift-dev.yaml b/deploy/openshift-dev.yaml index ef6c9e3bc6..134211ac9f 100644 --- a/deploy/openshift-dev.yaml +++ b/deploy/openshift-dev.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -79,7 +79,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -215,7 +215,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -462,7 +462,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -527,7 +527,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1413,6 +1413,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1713,7 +1733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1818,7 +1838,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/deploy/openshift-downstream.yaml b/deploy/openshift-downstream.yaml index 3538a43a19..4a83916fad 100644 --- a/deploy/openshift-downstream.yaml +++ b/deploy/openshift-downstream.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -79,7 +79,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -215,7 +215,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -462,7 +462,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -527,7 +527,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1413,6 +1413,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1713,7 +1733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1818,7 +1838,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/deploy/operator.yaml b/deploy/operator.yaml index d7bf196414..9f57b09bdd 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -79,7 +79,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -215,7 +215,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -462,7 +462,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -527,7 +527,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1413,6 +1413,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1713,7 +1733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1818,7 +1838,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/deploy/webhook-operator.yaml b/deploy/webhook-operator.yaml index 440469639b..0e54c81a43 100644 --- a/deploy/webhook-operator.yaml +++ b/deploy/webhook-operator.yaml @@ -73,7 +73,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -150,7 +150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -286,7 +286,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -391,7 +391,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -638,7 +638,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -703,7 +703,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator @@ -1589,6 +1589,26 @@ spec: description: DaemonResourceRequirements if defined, overwrites the default resource requirements of SPOD daemon. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1889,7 +1909,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.3 creationTimestamp: null labels: app: security-profiles-operator diff --git a/go.mod b/go.mod index fa34318d37..8728f530dd 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/acobaugh/osrelease v0.1.0 github.com/aquasecurity/libbpfgo v0.4.6-libbpf-1.1.0 github.com/blang/semver/v4 v4.0.0 - github.com/cert-manager/cert-manager v1.10.1 + github.com/cert-manager/cert-manager v1.11.0 github.com/containers/common v0.51.0 github.com/go-logr/logr v1.2.3 github.com/jellydator/ttlcache/v3 v3.0.1 @@ -15,7 +15,7 @@ require ( github.com/nxadm/tail v1.4.8 github.com/openshift/api v0.0.0-20221205111557-f2fbb1d1cd5e github.com/pjbgf/go-apparmor v0.1.2 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.62.0 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0 github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_model v0.3.0 github.com/seccomp/libseccomp-golang v0.10.0 @@ -27,13 +27,13 @@ require ( google.golang.org/grpc v1.53.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 google.golang.org/protobuf v1.28.1 - k8s.io/api v0.25.4 - k8s.io/apimachinery v0.25.5 - k8s.io/cli-runtime v0.25.2 - k8s.io/client-go v0.25.4 + k8s.io/api v0.26.2 + k8s.io/apimachinery v0.26.2 + k8s.io/cli-runtime v0.26.2 + k8s.io/client-go v0.26.2 k8s.io/klog/v2 v2.90.1 - sigs.k8s.io/controller-runtime v0.13.1 - sigs.k8s.io/controller-tools v0.10.0 + sigs.k8s.io/controller-runtime v0.14.5 + sigs.k8s.io/controller-tools v0.11.3 sigs.k8s.io/mdtoc v1.1.0 sigs.k8s.io/release-utils v0.7.3 ) @@ -44,7 +44,7 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.13.0 // indirect @@ -52,7 +52,7 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/gobuffalo/flect v0.2.5 // indirect + github.com/gobuffalo/flect v0.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect @@ -67,9 +67,9 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.14 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.16 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -88,7 +88,7 @@ require ( golang.org/x/sys v0.5.0 // indirect golang.org/x/term v0.5.0 // indirect golang.org/x/text v0.7.0 // indirect - golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect + golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect @@ -97,12 +97,12 @@ require ( gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.25.4 // indirect - k8s.io/component-base v0.25.4 // indirect - k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect - k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect - sigs.k8s.io/gateway-api v0.5.0 // indirect - sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + k8s.io/apiextensions-apiserver v0.26.1 // indirect + k8s.io/component-base v0.26.1 // indirect + k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect + k8s.io/utils v0.0.0-20230202215443-34013725500c // indirect + sigs.k8s.io/gateway-api v0.6.0 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index eceb8e0a33..e78a3b848d 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.10.1 h1:/x2dJzUB3TzwiqDcOwg/ug4X8UtOu/s0vUuDaalrgvM= -github.com/cert-manager/cert-manager v1.10.1/go.mod h1:xKakpUDYRHgUry/DkvcCCgQDRSwVSeSXTlw7slT+AYo= +github.com/cert-manager/cert-manager v1.11.0 h1:sChJmoj9hhWuFkQMDYHnLHgYA/sSVil+hY+A1lnD3jY= +github.com/cert-manager/cert-manager v1.11.0/go.mod h1:JCy2jvRi3Kp+qnRfw8TVYkOocj1thw/aDWFEHPpv4Q4= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -76,8 +76,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= -github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -120,8 +120,8 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gobuffalo/flect v0.2.5 h1:H6vvsv2an0lalEaCDRThvtBfmg44W/QHXBCYUXf/6S4= -github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= +github.com/gobuffalo/flect v0.3.0 h1:erfPWM+K1rFNIQeRPdeEXxo8yFr/PO17lhRnS8FUrtk= +github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -222,7 +222,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -233,14 +233,15 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= -github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.6.1 h1:9XE5ykDiC8eNSqIPkxx0EsV3kMX1oe4kQWRZjIgytUA= github.com/maxbrunsfeld/counterfeiter/v6 v6.6.1/go.mod h1:qbKwBR+qQODzH2WD/s53mdgp/xVcXMlJb59GRFOp6Z4= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= @@ -277,8 +278,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.62.0 h1:55138zTXw/yRYizPxZ672I/aDD7Yte3uYRAfUjWUu2M= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.62.0/go.mod h1:j51242bf6LQwvJ1JPKWApzTnifmCwcQq0i1p29ylWiM= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0 h1:efsW3CfymG5bZUpeIsYfdihB33YItCn7uHBOEbnHQG8= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0/go.mod h1:/UtstAaWVaS3Z9GK9jo8+4SN9T+RMSq7VlOcQMmiEsc= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= @@ -307,7 +308,7 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= @@ -361,7 +362,7 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -500,10 +501,10 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -524,8 +525,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U= -golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -698,35 +699,35 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs= -k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ= -k8s.io/apiextensions-apiserver v0.25.4 h1:7hu9pF+xikxQuQZ7/30z/qxIPZc2J1lFElPtr7f+B6U= -k8s.io/apiextensions-apiserver v0.25.4/go.mod h1:bkSGki5YBoZWdn5pWtNIdGvDrrsRWlmnvl9a+tAw5vQ= -k8s.io/apimachinery v0.25.5 h1:SQomYHvv+aO43qdu3QKRf9YuI0oI8w3RrOQ1qPbAUGY= -k8s.io/apimachinery v0.25.5/go.mod h1:1S2i1QHkmxc8+EZCIxe/fX5hpldVXk4gvnJInMEb8D4= -k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc= -k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc= -k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= -k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= -k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ= -k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY= +k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= +k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= +k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= +k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/cli-runtime v0.26.2 h1:6XcIQOYW1RGNwFgRwejvyUyAojhToPmJLGr0JBMC5jw= +k8s.io/cli-runtime v0.26.2/go.mod h1:U7sIXX7n6ZB+MmYQsyJratzPeJwgITqrSlpr1a5wM5I= +k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= +k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= +k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= +k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg= -k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s= +k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/utils v0.0.0-20230202215443-34013725500c h1:YVqDar2X7YiQa/DVAXFMDIfGF8uGrHQemlrwRU5NlVI= +k8s.io/utils v0.0.0-20230202215443-34013725500c/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg= -sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= -sigs.k8s.io/controller-tools v0.10.0 h1:0L5DTDTFB67jm9DkfrONgTGmfc/zYow0ZaHyppizU2U= -sigs.k8s.io/controller-tools v0.10.0/go.mod h1:uvr0EW6IsprfB0jpQq6evtKy+hHyHCXNfdWI5ONPx94= -sigs.k8s.io/gateway-api v0.5.0 h1:ze+k9fJqvmL8s1t3e4q1ST8RnN+f09dEv+gfacahlAE= -sigs.k8s.io/gateway-api v0.5.0/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s= +sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= +sigs.k8s.io/controller-tools v0.11.3 h1:T1xzLkog9saiyQSLz1XOImu4OcbdXWytc5cmYsBeBiE= +sigs.k8s.io/controller-tools v0.11.3/go.mod h1:qcfX7jfcfYD/b7lAhvqAyTbt/px4GpvN88WKLFFv7p8= +sigs.k8s.io/gateway-api v0.6.0 h1:v2FqrN2ROWZLrSnI2o91taHR8Sj3s+Eh3QU7gLNWIqA= +sigs.k8s.io/gateway-api v0.6.0/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= sigs.k8s.io/release-utils v0.7.3 h1:6pS8x6c5RmdUgR9qcg1LO6hjUzuE4Yo9TGZ3DemrZdM= diff --git a/hack/ci/Vagrantfile-ubuntu b/hack/ci/Vagrantfile-ubuntu index 669b97a82a..5a7c5afd79 100644 --- a/hack/ci/Vagrantfile-ubuntu +++ b/hack/ci/Vagrantfile-ubuntu @@ -33,7 +33,7 @@ Vagrant.configure("2") do |config| curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list apt-get update - KUBERNETES_VERSION=1.25.3-00 + KUBERNETES_VERSION=1.26.2-00 apt-get install -y \ build-essential \ kubelet=$KUBERNETES_VERSION \ @@ -50,10 +50,6 @@ Vagrant.configure("2") do |config| podman load -i /vagrant/image.tar /vagrant/hack/ci/install-cri-o.sh - # Disable IPv6 in bridge plugin config - CNI_CONFIG=/etc/cni/net.d/10-crio-bridge.conf - jq 'del(.ipam.routes[1], .ipam.ranges[1])' $CNI_CONFIG | sponge $CNI_CONFIG - # Setup cluster IP=`ip route get 1.2.3.4 | cut -d ' ' -f7 | tr -d '[:space:]'` NODENAME=$(hostname -s) diff --git a/hack/ci/baseprofiles.sh b/hack/ci/baseprofiles.sh index c1cba7c92e..7b8118d5a2 100755 --- a/hack/ci/baseprofiles.sh +++ b/hack/ci/baseprofiles.sh @@ -64,7 +64,7 @@ wait_for() { } install_operator() { - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml kubectl -n cert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager git apply hack/deploy-localhost.patch diff --git a/hack/ci/e2e-olm.sh b/hack/ci/e2e-olm.sh index 3be4b5986d..43efa04367 100755 --- a/hack/ci/e2e-olm.sh +++ b/hack/ci/e2e-olm.sh @@ -69,7 +69,7 @@ function deploy_deps() { # cert-manager first. This should be done using dependencies in the # future - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml kubectl -ncert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager # All installation methods run off the same catalog diff --git a/hack/ci/install-cri-o.sh b/hack/ci/install-cri-o.sh index 7d7e888668..3f6042af04 100755 --- a/hack/ci/install-cri-o.sh +++ b/hack/ci/install-cri-o.sh @@ -15,7 +15,7 @@ set -euo pipefail -TAG=v1.25.1 +TAG=v1.26.1 export PATH=$PATH:/usr/local/go/bin export GOPATH="$HOME/go" diff --git a/hack/ci/install-kubernetes.sh b/hack/ci/install-kubernetes.sh index 330a21e15e..2bbecafd7e 100755 --- a/hack/ci/install-kubernetes.sh +++ b/hack/ci/install-kubernetes.sh @@ -19,7 +19,7 @@ ENVFILE=$(dirname "${BASH_SOURCE[0]}")/env-fedora.sh . "$ENVFILE" K8SPATH="$GOPATH/src/k8s.io" -VERSION=v1.25.3 +VERSION=v1.26.2 download-kubernetes() { export KUBERNETES_RELEASE=$VERSION diff --git a/installation-usage.md b/installation-usage.md index fe6dd3c6df..716c7a9fa3 100644 --- a/installation-usage.md +++ b/installation-usage.md @@ -86,7 +86,7 @@ cert-manager via `kubectl`, if you're **not** running on [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift): ```sh -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml $ kubectl --namespace cert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager ``` diff --git a/internal/pkg/daemon/apparmorprofile/apparmorprofile_test.go b/internal/pkg/daemon/apparmorprofile/apparmorprofile_test.go index bbaa1f2891..ce543e37ef 100644 --- a/internal/pkg/daemon/apparmorprofile/apparmorprofile_test.go +++ b/internal/pkg/daemon/apparmorprofile/apparmorprofile_test.go @@ -65,9 +65,9 @@ func TestReconcile(t *testing.T) { name: "GotProfile", rec: &Reconciler{ client: &util.MockClient{ - MockGet: util.NewMockGetFn(nil), - MockUpdate: util.NewMockUpdateFn(nil), - MockStatusUpdate: util.NewMockStatusUpdateFn(nil), + MockGet: util.NewMockGetFn(nil), + MockUpdate: util.NewMockUpdateFn(nil), + MockSubResourceWriterUpdate: util.NewMockSubResourceWriterUpdateFn(nil), }, log: log.Log, record: record.NewFakeRecorder(10), @@ -82,9 +82,9 @@ func TestReconcile(t *testing.T) { name: "NotEnabled", rec: &Reconciler{ client: &util.MockClient{ - MockGet: util.NewMockGetFn(nil), - MockUpdate: util.NewMockUpdateFn(nil), - MockStatusUpdate: util.NewMockStatusUpdateFn(nil), + MockGet: util.NewMockGetFn(nil), + MockUpdate: util.NewMockUpdateFn(nil), + MockSubResourceWriterUpdate: util.NewMockSubResourceWriterUpdateFn(nil), }, log: log.Log, record: record.NewFakeRecorder(10), diff --git a/internal/pkg/daemon/enricher/enricher.go b/internal/pkg/daemon/enricher/enricher.go index 96ab306028..1993806976 100644 --- a/internal/pkg/daemon/enricher/enricher.go +++ b/internal/pkg/daemon/enricher/enricher.go @@ -425,7 +425,7 @@ func (e *Enricher) dispatchSelinuxLine( } a, _ := e.avcs.LoadOrStore(info.RecordProfile, sets.NewString()) - stringSet, ok := a.(sets.String) + stringSet, ok := a.(sets.Set[string]) if ok { stringSet.Insert(string(jsonBytes)) } @@ -480,7 +480,7 @@ func (e *Enricher) dispatchSeccompLine( if info.RecordProfile != "" { s, _ := e.syscalls.LoadOrStore(info.RecordProfile, sets.NewString()) - stringSet, ok := s.(sets.String) + stringSet, ok := s.(sets.Set[string]) if ok { stringSet.Insert(syscallName) } diff --git a/internal/pkg/daemon/enricher/grpc.go b/internal/pkg/daemon/enricher/grpc.go index 699f596a5e..ed5b8d0758 100644 --- a/internal/pkg/daemon/enricher/grpc.go +++ b/internal/pkg/daemon/enricher/grpc.go @@ -38,12 +38,12 @@ func (e *Enricher) Syscalls( "no syscalls recorded for profile: %v", r.GetProfile(), ) } - stringSet, ok := syscalls.(sets.String) + stringSet, ok := syscalls.(sets.Set[string]) if !ok { return nil, errors.New("syscalls are no string set") } return &api.SyscallsResponse{ - Syscalls: stringSet.List(), + Syscalls: stringSet.UnsortedList(), GoArch: runtime.GOARCH, }, nil } @@ -68,11 +68,11 @@ func (e *Enricher) Avcs( } avcList := make([]*api.AvcResponse_SelinuxAvc, 0) - stringSet, ok := avcs.(sets.String) + stringSet, ok := avcs.(sets.Set[string]) if !ok { return nil, errors.New("avcs are no string set") } - jsonList := stringSet.List() + jsonList := stringSet.UnsortedList() for i := range jsonList { avc := &api.AvcResponse_SelinuxAvc{} err := protojson.Unmarshal([]byte(jsonList[i]), avc) diff --git a/internal/pkg/daemon/profilerecorder/profilerecorder.go b/internal/pkg/daemon/profilerecorder/profilerecorder.go index 1e24446066..565aabb37f 100644 --- a/internal/pkg/daemon/profilerecorder/profilerecorder.go +++ b/internal/pkg/daemon/profilerecorder/profilerecorder.go @@ -820,7 +820,7 @@ func parseBpfAnnotations(annotations map[string]string) (res []profileToCollect, } type seProfileBuilder struct { - permMap map[string]sets.String + permMap map[string]sets.Set[string] usageCtx string policyBuilder selxv1alpha2.Allow log logr.Logger @@ -830,7 +830,7 @@ type seProfileBuilder struct { func newSeProfileBuilder(usageCtx string, log logr.Logger) *seProfileBuilder { return &seProfileBuilder{ - permMap: make(map[string]sets.String), + permMap: make(map[string]sets.Set[string]), usageCtx: usageCtx, policyBuilder: make(selxv1alpha2.Allow), log: log, @@ -866,7 +866,7 @@ func (sb *seProfileBuilder) addAvc(avc *enricherapi.AvcResponse_SelinuxAvc) erro if ok { perms.Insert(avc.Perm) } else { - sb.permMap[key] = sets.NewString(avc.Perm) + sb.permMap[key] = sets.New(avc.Perm) } return nil } @@ -883,7 +883,7 @@ func (sb *seProfileBuilder) Format() (selxv1alpha2.Allow, error) { return sb.policyBuilder, nil } -func (sb *seProfileBuilder) writeLineFromKeyVal(key string, val sets.String) error { +func (sb *seProfileBuilder) writeLineFromKeyVal(key string, val sets.Set[string]) error { tclass, setype := sb.targetClassCtx(key) if tclass == "" || setype == "" { return errors.New("empty context or class") @@ -896,7 +896,7 @@ func (sb *seProfileBuilder) writeLineFromKeyVal(key string, val sets.String) err } typePerms := sb.policyBuilder[selxv1alpha2.LabelKey(setype)] - l := val.List() + l := val.UnsortedList() sort.Strings(l) typePerms[selxv1alpha2.ObjectClassKey(tclass)] = selxv1alpha2.PermissionSet(l) return nil diff --git a/internal/pkg/daemon/seccompprofile/seccompprofile_test.go b/internal/pkg/daemon/seccompprofile/seccompprofile_test.go index 92d8c3646f..5d03c61134 100644 --- a/internal/pkg/daemon/seccompprofile/seccompprofile_test.go +++ b/internal/pkg/daemon/seccompprofile/seccompprofile_test.go @@ -92,9 +92,9 @@ func TestReconcile(t *testing.T) { name: "GotProfile", rec: &Reconciler{ client: &util.MockClient{ - MockGet: util.NewMockGetFn(nil), - MockUpdate: util.NewMockUpdateFn(nil), - MockStatusUpdate: util.NewMockStatusUpdateFn(nil), + MockGet: util.NewMockGetFn(nil), + MockUpdate: util.NewMockUpdateFn(nil), + MockSubResourceWriterUpdate: util.NewMockSubResourceWriterUpdateFn(nil), }, log: log.Log, record: record.NewFakeRecorder(10), diff --git a/internal/pkg/util/mock_client.go b/internal/pkg/util/mock_client.go index 05c1aaf5fc..f58155849f 100644 --- a/internal/pkg/util/mock_client.go +++ b/internal/pkg/util/mock_client.go @@ -45,12 +45,24 @@ type MockUpdateFn func(ctx context.Context, obj client.Object, opts ...client.Up // A MockPatchFn is used to mock client.Client's Patch implementation. type MockPatchFn func(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error -// A MockStatusUpdateFn is used to mock client.Client's StatusUpdate implementation. -type MockStatusUpdateFn func(ctx context.Context, obj client.Object, opts ...client.UpdateOption) error +// A MockSubResourceWriterCreateFn is used to mock client.Client's SubResourceWriterCreate implementation. +type MockSubResourceWriterCreateFn func( + ctx context.Context, obj, subResource client.Object, opts ...client.SubResourceCreateOption, +) error -// A MockStatusPatchFn is used to mock client.Client's StatusUpdate implementation. -type MockStatusPatchFn func( - ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption, +// A MockSubResourceWriterUpdateFn is used to mock client.Client's SubResourceWriterUpdate implementation. +type MockSubResourceWriterUpdateFn func( + ctx context.Context, obj client.Object, opts ...client.SubResourceUpdateOption, +) error + +// A MockSubResourceWriterPatchFn is used to mock client.Client's SubResourceWriterUpdate implementation. +type MockSubResourceWriterPatchFn func( + ctx context.Context, obj client.Object, patch client.Patch, opts ...client.SubResourcePatchOption, +) error + +// A MockSubResourceReaderGetFn is used to mock client.Client's SubResourceReaderGet implementation. +type MockSubResourceReaderGetFn func( + ctx context.Context, obj client.Object, subResource client.Object, opts ...client.SubResourceGetOption, ) error // A MockSchemeFn is used to mock client.Client's Scheme implementation. @@ -148,9 +160,9 @@ func NewMockPatchFn(err error, ofn ...ObjectFn) MockPatchFn { } } -// NewMockStatusUpdateFn returns a MockStatusUpdateFn that returns the supplied error. -func NewMockStatusUpdateFn(err error, ofn ...ObjectFn) MockStatusUpdateFn { - return func(_ context.Context, obj client.Object, _ ...client.UpdateOption) error { +// NewMockSubResourceWriterCreateFn returns a MockSubResourceWriterCreateFn that returns the supplied error. +func NewMockSubResourceWriterCreateFn(err error, ofn ...ObjectFn) MockSubResourceWriterCreateFn { + return func(_ context.Context, obj, subResource client.Object, _ ...client.SubResourceCreateOption) error { for _, fn := range ofn { if err := fn(obj); err != nil { return err @@ -160,9 +172,21 @@ func NewMockStatusUpdateFn(err error, ofn ...ObjectFn) MockStatusUpdateFn { } } -// NewMockStatusPatchFn returns a MockStatusPatchFn that returns the supplied error. -func NewMockStatusPatchFn(err error, ofn ...ObjectFn) MockStatusPatchFn { - return func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { +// NewMockSubResourceWriterUpdateFn returns a MockSubResourceWriterUpdateFn that returns the supplied error. +func NewMockSubResourceWriterUpdateFn(err error, ofn ...ObjectFn) MockSubResourceWriterUpdateFn { + return func(_ context.Context, obj client.Object, _ ...client.SubResourceUpdateOption) error { + for _, fn := range ofn { + if err := fn(obj); err != nil { + return err + } + } + return err + } +} + +// NewMockSubResourceWriterPatchFn returns a MockSubResourceWriterPatchFn that returns the supplied error. +func NewMockSubResourceWriterPatchFn(err error, ofn ...ObjectFn) MockSubResourceWriterPatchFn { + return func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.SubResourcePatchOption) error { for _, fn := range ofn { if err := fn(obj); err != nil { return err @@ -184,15 +208,19 @@ func NewMockSchemeFn(scheme *runtime.Scheme) MockSchemeFn { // client, but it is has surprising side effects (e.g. silently calling // os.Exit(1)) and does not allow us control over the errors it returns. type MockClient struct { - MockGet MockGetFn - MockList MockListFn - MockCreate MockCreateFn - MockDelete MockDeleteFn - MockDeleteAllOf MockDeleteAllOfFn - MockUpdate MockUpdateFn - MockPatch MockPatchFn - MockStatusUpdate MockStatusUpdateFn - MockStatusPatch MockStatusPatchFn + MockGet MockGetFn + MockList MockListFn + MockCreate MockCreateFn + MockDelete MockDeleteFn + MockDeleteAllOf MockDeleteAllOfFn + MockUpdate MockUpdateFn + MockPatch MockPatchFn + + MockSubResourceWriterCreate MockSubResourceWriterCreateFn + MockSubResourceWriterUpdate MockSubResourceWriterUpdateFn + MockSubResourceWriterPatch MockSubResourceWriterPatchFn + + MockSubResourceReaderGet MockSubResourceReaderGetFn MockScheme MockSchemeFn } @@ -201,20 +229,35 @@ type MockClient struct { // called. func NewMockClient() *MockClient { return &MockClient{ - MockGet: NewMockGetFn(nil), - MockList: NewMockListFn(nil), - MockCreate: NewMockCreateFn(nil), - MockDelete: NewMockDeleteFn(nil), - MockDeleteAllOf: NewMockDeleteAllOfFn(nil), - MockUpdate: NewMockUpdateFn(nil), - MockPatch: NewMockPatchFn(nil), - MockStatusUpdate: NewMockStatusUpdateFn(nil), - MockStatusPatch: NewMockStatusPatchFn(nil), + MockGet: NewMockGetFn(nil), + MockList: NewMockListFn(nil), + MockCreate: NewMockCreateFn(nil), + MockDelete: NewMockDeleteFn(nil), + MockDeleteAllOf: NewMockDeleteAllOfFn(nil), + MockUpdate: NewMockUpdateFn(nil), + MockPatch: NewMockPatchFn(nil), + + MockSubResourceWriterCreate: NewMockSubResourceWriterCreateFn(nil), + MockSubResourceWriterUpdate: NewMockSubResourceWriterUpdateFn(nil), + MockSubResourceWriterPatch: NewMockSubResourceWriterPatchFn(nil), MockScheme: NewMockSchemeFn(nil), } } +func (c *MockClient) SubResource(subResource string) client.SubResourceClient { + return &MockSubResource{ + SubResourceWriter: &MockSubResourceWriter{ + MockCreate: c.MockSubResourceWriterCreate, + MockUpdate: c.MockSubResourceWriterUpdate, + MockPatch: c.MockSubResourceWriterPatch, + }, + SubResourceReader: &MockSubResourceReader{ + MockGet: c.MockSubResourceReaderGet, + }, + } +} + // Get calls MockClient's MockGet function. func (c *MockClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { return c.MockGet(ctx, key, obj) @@ -252,11 +295,12 @@ func (c *MockClient) Patch( return c.MockPatch(ctx, obj, patch, opts...) } -// Status returns status writer for status sub-resource. -func (c *MockClient) Status() client.StatusWriter { - return &MockStatusWriter{ - MockUpdate: c.MockStatusUpdate, - MockPatch: c.MockStatusPatch, +// Status returns status writer for sub-resource writer. +func (c *MockClient) Status() client.SubResourceWriter { + return &MockSubResourceWriter{ + MockCreate: c.MockSubResourceWriterCreate, + MockUpdate: c.MockSubResourceWriterUpdate, + MockPatch: c.MockSubResourceWriterPatch, } } @@ -270,20 +314,46 @@ func (c *MockClient) Scheme() *runtime.Scheme { return c.MockScheme() } -// MockStatusWriter provides mock functionality for status sub-resource. -type MockStatusWriter struct { - MockUpdate MockStatusUpdateFn - MockPatch MockStatusPatchFn +// MockSubResource provides mock functionality for sub-resource client. +type MockSubResource struct { + client.SubResourceReader + client.SubResourceWriter +} + +// MockSubResourceWriter provides mock functionality for sub-resource writer. +type MockSubResourceWriter struct { + MockCreate MockSubResourceWriterCreateFn + MockUpdate MockSubResourceWriterUpdateFn + MockPatch MockSubResourceWriterPatchFn +} + +func (m *MockSubResourceWriter) Create( + ctx context.Context, obj, subResource client.Object, opts ...client.SubResourceCreateOption, +) error { + return m.MockCreate(ctx, obj, subResource, opts...) } // Update status sub-resource. -func (m *MockStatusWriter) Update(ctx context.Context, obj client.Object, opts ...client.UpdateOption) error { +func (m *MockSubResourceWriter) Update( + ctx context.Context, obj client.Object, opts ...client.SubResourceUpdateOption, +) error { return m.MockUpdate(ctx, obj, opts...) } // Patch mocks the patch method. -func (m *MockStatusWriter) Patch( - ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption, +func (m *MockSubResourceWriter) Patch( + ctx context.Context, obj client.Object, patch client.Patch, opts ...client.SubResourcePatchOption, ) error { return m.MockPatch(ctx, obj, patch, opts...) } + +// MockSubResourceReader provides mock functionality for sub-resource reader. +type MockSubResourceReader struct { + MockGet MockSubResourceReaderGetFn +} + +func (m *MockSubResourceReader) Get( + ctx context.Context, obj client.Object, subResource client.Object, opts ...client.SubResourceGetOption, +) error { + return m.MockGet(ctx, obj, subResource, opts...) +} diff --git a/test/e2e_test.go b/test/e2e_test.go index f5ec05b053..526f47728d 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -32,7 +32,7 @@ import ( ) const ( - certmanager = "https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml" + certmanager = "https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml" namespaceManifest = "deploy/namespace-operator.yaml" testNamespace = "test-ns" defaultNamespace = "default" diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSES b/vendor/github.com/cert-manager/cert-manager/LICENSES index a18c0732ac..fdb702764d 100644 --- a/vendor/github.com/cert-manager/cert-manager/LICENSES +++ b/vendor/github.com/cert-manager/cert-manager/LICENSES @@ -15,10 +15,9 @@ github.com/Masterminds/semver/v3,https://github.com/Masterminds/semver/blob/v3.1 github.com/Masterminds/sprig/v3,https://github.com/Masterminds/sprig/blob/v3.2.2/LICENSE.txt,MIT github.com/Masterminds/squirrel,https://github.com/Masterminds/squirrel/blob/v1.5.3/LICENSE.txt,MIT github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 -github.com/PuerkitoBio/purell,https://github.com/PuerkitoBio/purell/blob/v1.1.1/LICENSE,BSD-3-Clause -github.com/PuerkitoBio/urlesc,https://github.com/PuerkitoBio/urlesc/blob/de5bf2ad4578/LICENSE,BSD-3-Clause -github.com/Venafi/vcert/v4,https://github.com/Venafi/vcert/blob/v4.22.1/LICENSE,Apache-2.0 +github.com/Venafi/vcert/v4,https://github.com/Venafi/vcert/blob/v4.23.0/LICENSE,Apache-2.0 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.1/LICENSE,Apache-2.0 +github.com/antlr/antlr4/runtime/Go/antlr,https://github.com/antlr/antlr4/blob/runtime/Go/antlr/v1.4.10/runtime/Go/antlr/LICENSE,BSD-3-Clause github.com/armon/go-metrics,https://github.com/armon/go-metrics/blob/v0.3.9/LICENSE,MIT github.com/armon/go-radix,https://github.com/armon/go-radix/blob/v1.0.0/LICENSE,MIT github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/21a406dcc535/LICENSE,MIT @@ -27,6 +26,7 @@ github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws- github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.0.0/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.1.3/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/clouddns/LICENSE,MIT @@ -36,7 +36,7 @@ github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.1.2/LICENSE.txt,MIT github.com/chai2010/gettext-go,https://github.com/chai2010/gettext-go/blob/v1.0.2/LICENSE,BSD-3-Clause github.com/cloudflare/cloudflare-go,https://github.com/cloudflare/cloudflare-go/blob/v0.50.0/LICENSE,BSD-3-Clause -github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.6/LICENSE,Apache-2.0 +github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.15/LICENSE,Apache-2.0 github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.0/LICENSE,Apache-2.0 github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.3.2/LICENSE,Apache-2.0 github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT @@ -51,21 +51,22 @@ github.com/docker/docker-credential-helpers,https://github.com/docker/docker-cre github.com/docker/go-connections,https://github.com/docker/go-connections/blob/v0.4.0/LICENSE,Apache-2.0 github.com/docker/go-metrics,https://github.com/docker/go-metrics/blob/v0.0.1/LICENSE,Apache-2.0 github.com/docker/go-units,https://github.com/docker/go-units/blob/v0.4.0/LICENSE,Apache-2.0 -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.8.0/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.9.0/LICENSE,MIT github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.6.0/LICENSE,BSD-3-Clause github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.6.0/v5/LICENSE,BSD-3-Clause github.com/exponent-io/jsonpath,https://github.com/exponent-io/jsonpath/blob/d6023ce2651d/LICENSE,MIT github.com/fatih/camelcase,https://github.com/fatih/camelcase/blob/v1.0.0/LICENSE.md,MIT github.com/fatih/color,https://github.com/fatih/color/blob/v1.13.0/LICENSE.md,MIT -github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.1/LICENSE.txt,MIT -github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.5.4/LICENSE,BSD-3-Clause +github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.3/LICENSE.txt,MIT +github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.4/LICENSE,MIT github.com/go-errors/errors,https://github.com/go-errors/errors/blob/v1.0.1/LICENSE.MIT,MIT -github.com/go-gorp/gorp/v3,https://github.com/go-gorp/gorp/blob/v3.0.2/LICENSE,MIT +github.com/go-gorp/gorp/v3,https://github.com/go-gorp/gorp/blob/v3.1.0/LICENSE,MIT github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.4/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.2.3/LICENSE,Apache-2.0 +github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.5/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.19.5/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.0/LICENSE,Apache-2.0 github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.19.14/LICENSE,Apache-2.0 github.com/gobwas/glob,https://github.com/gobwas/glob/blob/v0.2.3/LICENSE,MIT github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause @@ -74,8 +75,9 @@ github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb1 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.2/LICENSE,BSD-3-Clause github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause github.com/google/btree,https://github.com/google/btree/blob/v1.0.1/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.12.5/LICENSE,Apache-2.0 github.com/google/gnostic,https://github.com/google/gnostic/blob/v0.6.9/LICENSE,Apache-2.0 -github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.5.8/LICENSE,BSD-3-Clause +github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.5.9/LICENSE,BSD-3-Clause github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 github.com/google/shlex,https://github.com/google/shlex/blob/e7afc7fbc510/COPYING,Apache-2.0 @@ -87,7 +89,7 @@ github.com/gosuri/uitable,https://github.com/gosuri/uitable/blob/v0.0.4/LICENSE, github.com/gosuri/uitable/util/wordwrap,https://github.com/gosuri/uitable/blob/v0.0.4/util/wordwrap/LICENSE.md,MIT github.com/gregjones/httpcache,https://github.com/gregjones/httpcache/blob/9cad4c3443a7/LICENSE.txt,MIT github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/grpc-ecosystem/grpc-gateway,https://github.com/grpc-ecosystem/grpc-gateway/blob/v1.16.0/LICENSE.txt,BSD-3-Clause +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.7.0/LICENSE.txt,BSD-3-Clause github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-hclog,https://github.com/hashicorp/go-hclog/blob/v1.2.0/LICENSE,MIT @@ -116,17 +118,17 @@ github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LIC github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.13.6/LICENSE,Apache-2.0 github.com/klauspost/compress/internal/snapref,https://github.com/klauspost/compress/blob/v1.13.6/internal/snapref/LICENSE,BSD-3-Clause github.com/klauspost/compress/zstd/internal/xxhash,https://github.com/klauspost/compress/blob/v1.13.6/zstd/internal/xxhash/LICENSE.txt,MIT -github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.0/License,MIT +github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT github.com/lann/builder,https://github.com/lann/builder/blob/47ae307949d0/LICENSE,MIT github.com/lann/ps,https://github.com/lann/ps/blob/62de8c46ede0/LICENSE,MIT -github.com/lib/pq,https://github.com/lib/pq/blob/v1.10.6/LICENSE.md,MIT +github.com/lib/pq,https://github.com/lib/pq/blob/v1.10.7/LICENSE.md,MIT github.com/liggitt/tabwriter,https://github.com/liggitt/tabwriter/blob/89fcab3d43de/LICENSE,BSD-3-Clause github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.6/LICENSE,MIT -github.com/mattn/go-colorable,https://github.com/mattn/go-colorable/blob/v0.1.12/LICENSE,MIT -github.com/mattn/go-isatty,https://github.com/mattn/go-isatty/blob/v0.0.14/LICENSE,MIT +github.com/mattn/go-colorable,https://github.com/mattn/go-colorable/blob/v0.1.13/LICENSE,MIT +github.com/mattn/go-isatty,https://github.com/mattn/go-isatty/blob/v0.0.16/LICENSE,MIT github.com/mattn/go-runewidth,https://github.com/mattn/go-runewidth/blob/v0.0.13/LICENSE,MIT -github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/c182affec369/LICENSE,Apache-2.0 +github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.4/LICENSE,Apache-2.0 github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.50/LICENSE,BSD-3-Clause github.com/mitchellh/copystructure,https://github.com/mitchellh/copystructure/blob/v1.2.0/LICENSE,MIT github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT @@ -136,15 +138,15 @@ github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob github.com/mitchellh/reflectwalk,https://github.com/mitchellh/reflectwalk/blob/v1.0.2/LICENSE,MIT github.com/moby/locker,https://github.com/moby/locker/blob/v1.0.1/LICENSE,Apache-2.0 github.com/moby/spdystream,https://github.com/moby/spdystream/blob/v0.2.0/LICENSE,Apache-2.0 -github.com/moby/term,https://github.com/moby/term/blob/3f7ff695adc6/LICENSE,Apache-2.0 +github.com/moby/term,https://github.com/moby/term/blob/39b0c02b01ae/LICENSE,Apache-2.0 github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 github.com/monochromegane/go-gitignore,https://github.com/monochromegane/go-gitignore/blob/205db1a8cc00/LICENSE,MIT github.com/morikuni/aec,https://github.com/morikuni/aec/blob/v1.0.0/LICENSE,MIT github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/oklog/run,https://github.com/oklog/run/blob/v1.0.0/LICENSE,Apache-2.0 -github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.2.0/LICENSE,MIT -github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.20.2/LICENSE,MIT +github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.6.1/LICENSE,MIT +github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.24.2/LICENSE,MIT github.com/opencontainers/go-digest,https://github.com/opencontainers/go-digest/blob/v1.0.0/LICENSE,Apache-2.0 github.com/opencontainers/image-spec/specs-go,https://github.com/opencontainers/image-spec/blob/c5a74bcca799/LICENSE,Apache-2.0 github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT @@ -152,61 +154,60 @@ github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/k github.com/peterbourgon/diskv,https://github.com/peterbourgon/diskv/blob/v2.0.1/LICENSE,MIT github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.5.2/LICENSE,BSD-3-Clause github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause -github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.13.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.2.0/LICENSE,Apache-2.0 +github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.14.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.3.0/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.37.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.37.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.8.0/LICENSE,Apache-2.0 github.com/rivo/uniseg,https://github.com/rivo/uniseg/blob/v0.2.0/LICENSE.txt,MIT -github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.8.1/LICENSE,BSD-3-Clause +github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.9.0/LICENSE,BSD-3-Clause github.com/rubenv/sql-migrate,https://github.com/rubenv/sql-migrate/blob/v1.1.2/LICENSE,MIT github.com/rubenv/sql-migrate/sqlparse,https://github.com/rubenv/sql-migrate/blob/v1.1.2/sqlparse/LICENSE,MIT -github.com/russross/blackfriday,https://github.com/russross/blackfriday/blob/v1.5.2/LICENSE.txt,BSD-2-Clause github.com/russross/blackfriday/v2,https://github.com/russross/blackfriday/blob/v2.1.0/LICENSE.txt,BSD-2-Clause github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT github.com/sergi/go-diff/diffmatchpatch,https://github.com/sergi/go-diff/blob/v1.2.0/LICENSE,MIT github.com/shopspring/decimal,https://github.com/shopspring/decimal/blob/v1.2.0/LICENSE,MIT github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.8.1/LICENSE,MIT github.com/spf13/cast,https://github.com/spf13/cast/blob/v1.4.1/LICENSE,MIT -github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.5.0/LICENSE.txt,Apache-2.0 +github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.6.1/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause +github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.2.0/LICENSE,MIT github.com/xeipuuv/gojsonpointer,https://github.com/xeipuuv/gojsonpointer/blob/4e3ac2762d5f/LICENSE-APACHE-2.0.txt,Apache-2.0 github.com/xeipuuv/gojsonreference,https://github.com/xeipuuv/gojsonreference/blob/bd5ef7bd5415/LICENSE-APACHE-2.0.txt,Apache-2.0 github.com/xeipuuv/gojsonschema,https://github.com/xeipuuv/gojsonschema/blob/v1.2.0/LICENSE-APACHE-2.0.txt,Apache-2.0 github.com/xlab/treeprint,https://github.com/xlab/treeprint/blob/v1.1.0/LICENSE,MIT github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICENSE,MIT -go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.4/api/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.4/client/pkg/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.4/client/v3/LICENSE,Apache-2.0 +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.5/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.5/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.5/client/v3/LICENSE,Apache-2.0 go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.23.0/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/v0.20.0/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.20.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.20.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v0.20.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/v0.20.0/exporters/otlp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v0.20.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v0.20.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk/export/metric,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/export/metric/v0.20.0/sdk/export/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk/metric,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/metric/v0.20.0/sdk/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v0.20.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v0.7.0/otlp/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.35.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.35.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.10.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/internal/retry,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/internal/retry/v1.10.0/exporters/otlp/internal/retry/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.10.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.10.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v0.31.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.10.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.10.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v0.19.0/otlp/LICENSE,Apache-2.0 go.starlark.net,https://github.com/google/starlark-go/blob/8dd3e2ee1dd5/LICENSE,BSD-3-Clause go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.9.0/LICENSE.txt,MIT go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.21.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/4ba4fb4d:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/db77216a:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/f2134210:LICENSE,BSD-3-Clause -golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/7f9b1623:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/3c1f3524:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/03fcf44c:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.3.7:LICENSE,BSD-3-Clause -golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/579cf78f:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.24.0/LICENSE.txt,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.5.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.5.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.4.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.1.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.4.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.4.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.6.0:LICENSE,BSD-3-Clause +golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0 google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.97.0/LICENSE,BSD-3-Clause google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.97.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/8cd45d7dbd1f/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.47.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.49.0/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.62.0/LICENSE,Apache-2.0 @@ -215,27 +216,29 @@ gopkg.in/square/go-jose.v2,https://github.com/square/go-jose/blob/v2.5.1/LICENSE gopkg.in/square/go-jose.v2/json,https://github.com/square/go-jose/blob/v2.5.1/json/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.10.0/LICENSE,Apache-2.0 -k8s.io/api,https://github.com/kubernetes/api/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.25.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.25.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.25.2/LICENSE,Apache-2.0 +helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.10.3/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.26.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.26.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.26.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.80.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/a70c9af30aea/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/a70c9af30aea/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/kubectl/pkg,https://github.com/kubernetes/kubectl/blob/v0.25.2/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/665eaaec4324/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/665eaaec4324/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/kms/apis,https://github.com/kubernetes/kms/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f3cff1453715/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f3cff1453715/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f3cff1453715/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kubectl/pkg,https://github.com/kubernetes/kubectl/blob/v0.26.0/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/99ec85e7a448/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/99ec85e7a448/internal/third_party/forked/golang/LICENSE,BSD-3-Clause oras.land/oras-go/pkg,https://github.com/oras-project/oras-go/blob/v1.2.0/LICENSE,Apache-2.0 -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.0.32/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.5.0/LICENSE,Apache-2.0 +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.0.33/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.14.1/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/f223a00ba0e2/LICENSE,Apache-2.0 sigs.k8s.io/kustomize/api,https://github.com/kubernetes-sigs/kustomize/blob/api/v0.12.1/api/LICENSE,Apache-2.0 sigs.k8s.io/kustomize/kyaml,https://github.com/kubernetes-sigs/kustomize/blob/kyaml/v0.13.9/kyaml/LICENSE,Apache-2.0 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go index 967ba864fe..f68db0e9f2 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go @@ -19,7 +19,7 @@ package v1 import ( corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - gwapi "sigs.k8s.io/gateway-api/apis/v1alpha2" + gwapi "sigs.k8s.io/gateway-api/apis/v1beta1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" ) @@ -54,12 +54,23 @@ type ACMEIssuer struct { // +kubebuilder:validation:MaxLength=64 PreferredChain string `json:"preferredChain"` - // Enables or disables validation of the ACME server TLS certificate. - // If true, requests to the ACME server will not have their TLS certificate - // validated (i.e. insecure connections will be allowed). + // Base64-encoded bundle of PEM CAs which can be used to validate the certificate + // chain presented by the ACME server. + // Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // INSECURE: Enables or disables validation of the ACME server TLS certificate. + // If true, requests to the ACME server will not have the TLS certificate chain + // validated. + // Mutually exclusive with CABundle; prefer using CABundle to prevent various + // kinds of security vulnerabilities. // Only enable this option in development environments. - // The cert-manager system installed roots will be used to verify connections - // to the ACME server if this is false. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. // Defaults to false. // +optional SkipTLSVerify bool `json:"skipTLSVerify,omitempty"` @@ -263,7 +274,7 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. // cert-manager needs to know which parentRefs should be used when creating // the HTTPRoute. Usually, the parentRef references a Gateway. See: - // https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways ParentRefs []gwapi.ParentReference `json:"parentRefs,omitempty"` } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go index c584ec88ad..fd25aec731 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go @@ -27,7 +27,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" - v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -202,7 +202,7 @@ func (in *ACMEChallengeSolverHTTP01GatewayHTTPRoute) DeepCopyInto(out *ACMEChall } if in.ParentRefs != nil { in, out := &in.ParentRefs, &out.ParentRefs - *out = make([]v1alpha2.ParentReference, len(*in)) + *out = make([]v1beta1.ParentReference, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -401,6 +401,11 @@ func (in *ACMEExternalAccountBinding) DeepCopy() *ACMEExternalAccountBinding { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuer) DeepCopyInto(out *ACMEIssuer) { *out = *in + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } if in.ExternalAccountBinding != nil { in, out := &in.ExternalAccountBinding, &out.ExternalAccountBinding *out = new(ACMEExternalAccountBinding) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go index a3fa3ae35e..3978707aae 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go @@ -16,8 +16,15 @@ limitations under the License. package v1 -// Common annotation keys added to resources. const ( + + // Common label keys added to resources + + // Label key that indicates that a resource is of interest to cert-manager controller + PartOfCertManagerControllerLabelKey = "controller.cert-manager.io/fao" + + // Common annotation keys added to resources + // Annotation key for DNS subjectAltNames. AltNamesAnnotationKey = "cert-manager.io/alt-names" @@ -233,6 +240,21 @@ const ( UsageNetscapeSGC KeyUsage = "netscape sgc" ) +// Keystore specific secret keys +const ( + // PKCS12SecretKey is the name of the data entry in the Secret resource + // used to store the p12 file. + PKCS12SecretKey = "keystore.p12" + // Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority + PKCS12TruststoreKey = "truststore.p12" + + // JKSSecretKey is the name of the data entry in the Secret resource + // used to store the jks file. + JKSSecretKey = "keystore.jks" + // Data Entry Name in the Secret resource for JKS containing Certificate Authority + JKSTruststoreKey = "truststore.jks" +) + // DefaultKeyUsages contains the default list of key usages func DefaultKeyUsages() []KeyUsage { // The serverAuth EKU is required as of Mac OS Catalina: https://support.apple.com/en-us/HT210176 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go index a831d6a5b6..8bbc6a85c5 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go @@ -356,7 +356,7 @@ type JKSKeystore struct { // If true, a file named `keystore.jks` will be created in the target // Secret resource, encrypted using the password stored in // `passwordSecretRef`. - // The keystore file will only be updated upon re-issuance. + // The keystore file will be updated immediately. // A file named `truststore.jks` will also be created in the target // Secret resource, encrypted using the password stored in // `passwordSecretRef` containing the issuing Certificate Authority @@ -374,7 +374,7 @@ type PKCS12Keystore struct { // If true, a file named `keystore.p12` will be created in the target // Secret resource, encrypted using the password stored in // `passwordSecretRef`. - // The keystore file will only be updated upon re-issuance. + // The keystore file will be updated immediately. // A file named `truststore.p12` will also be created in the target // Secret resource, encrypted using the password stored in // `passwordSecretRef` containing the issuing Certificate Authority diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go index 363d66920a..6b708fcc4d 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go @@ -154,12 +154,10 @@ type VenafiTPP struct { // The secret must contain two keys, 'username' and 'password'. CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` - // CABundle is a PEM encoded TLS certificate to use to verify connections to - // the TPP instance. - // If specified, system roots will not be used and the issuing CA for the - // TPP instance must be verifiable using the provided root. - // If not specified, the connection will be verified using the cert-manager - // system root certificates. + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + // If undefined, the certificate bundle in the cert-manager controller container + // is used to validate the chain. // +optional CABundle []byte `json:"caBundle,omitempty"` } @@ -203,19 +201,20 @@ type VaultIssuer struct { // +optional Namespace string `json:"namespace,omitempty"` - // PEM-encoded CA bundle (base64-encoded) used to validate Vault server - // certificate. Only used if the Server URL is using HTTPS protocol. This - // parameter is ignored for plain HTTP protocol connection. If not set the - // system root certificates are used to validate the TLS connection. - // Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, - // the cert-manager controller system root certificates are used to validate the TLS connection. + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by Vault. Only used if using HTTPS to connect to Vault and + // ignored for HTTP connections. + // Mutually exclusive with CABundleSecretRef. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` - // CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when - // connecting to Vault when using HTTPS. - // Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager - // controller system root certificates are used to validate the TLS connection. + // Reference to a Secret containing a bundle of PEM-encoded CAs to use when + // verifying the certificate chain presented by Vault when using HTTPS. + // Mutually exclusive with CABundle. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. // If no key for the Secret is specified, cert-manager will default to 'ca.crt'. // +optional CABundleSecretRef *cmmeta.SecretKeySelector `json:"caBundleSecretRef,omitempty"` diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md index 38169cfd63..74a378157a 100644 --- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md +++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md @@ -1,5 +1,9 @@ # Change history of go-restful +## [v3.9.0] - 20221-07-21 + +- add support for http.Handler implementations to work as FilterFunction, issue #504 (thanks to https://github.com/ggicci) + ## [v3.8.0] - 20221-06-06 - use exact matching of allowed domain entries, issue #489 (#493) diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md index 23166d3b47..0625359dc4 100644 --- a/vendor/github.com/emicklei/go-restful/v3/README.md +++ b/vendor/github.com/emicklei/go-restful/v3/README.md @@ -84,6 +84,7 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo - Route errors produce HTTP 404/405/406/415 errors, customizable using ServiceErrorHandler(...) - Configurable (trace) logging - Customizable gzip/deflate readers and writers using CompressorProvider registration +- Inject your own http.Handler using the `HttpMiddlewareHandlerToFilter` function ## How to customize There are several hooks to customize the behavior of the go-restful package. @@ -94,7 +95,7 @@ There are several hooks to customize the behavior of the go-restful package. - Trace logging - Compression - Encoders for other serializers -- Use [jsoniter](https://github.com/json-iterator/go) by build this package using a tag, e.g. `go build -tags=jsoniter .` +- Use [jsoniter](https://github.com/json-iterator/go) by building this package using a build tag, e.g. `go build -tags=jsoniter .` ## Resources diff --git a/vendor/github.com/emicklei/go-restful/v3/filter_adapter.go b/vendor/github.com/emicklei/go-restful/v3/filter_adapter.go new file mode 100644 index 0000000000..c246512fc0 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/filter_adapter.go @@ -0,0 +1,21 @@ +package restful + +import ( + "net/http" +) + +// HttpMiddlewareHandler is a function that takes a http.Handler and returns a http.Handler +type HttpMiddlewareHandler func(http.Handler) http.Handler + +// HttpMiddlewareHandlerToFilter converts a HttpMiddlewareHandler to a FilterFunction. +func HttpMiddlewareHandlerToFilter(middleware HttpMiddlewareHandler) FilterFunction { + return func(req *Request, resp *Response, chain *FilterChain) { + next := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + req.Request = r + resp.ResponseWriter = rw + chain.ProcessFilter(req, resp) + }) + + middleware(next).ServeHTTP(resp.ResponseWriter, req.Request) + } +} diff --git a/vendor/github.com/emicklei/go-restful/v3/parameter.go b/vendor/github.com/emicklei/go-restful/v3/parameter.go index 0e658af5ff..0b851bb437 100644 --- a/vendor/github.com/emicklei/go-restful/v3/parameter.go +++ b/vendor/github.com/emicklei/go-restful/v3/parameter.go @@ -22,6 +22,9 @@ const ( // FormParameterKind = indicator of Request parameter type "form" FormParameterKind + // MultiPartFormParameterKind = indicator of Request parameter type "multipart/form-data" + MultiPartFormParameterKind + // CollectionFormatCSV comma separated values `foo,bar` CollectionFormatCSV = CollectionFormat("csv") @@ -108,6 +111,11 @@ func (p *Parameter) beForm() *Parameter { return p } +func (p *Parameter) beMultiPartForm() *Parameter { + p.data.Kind = MultiPartFormParameterKind + return p +} + // Required sets the required field and returns the receiver func (p *Parameter) Required(required bool) *Parameter { p.data.Required = required diff --git a/vendor/github.com/emicklei/go-restful/v3/web_service.go b/vendor/github.com/emicklei/go-restful/v3/web_service.go index 0bf5d1e5f7..789c4df259 100644 --- a/vendor/github.com/emicklei/go-restful/v3/web_service.go +++ b/vendor/github.com/emicklei/go-restful/v3/web_service.go @@ -165,6 +165,18 @@ func FormParameter(name, description string) *Parameter { return p } +// MultiPartFormParameter creates a new Parameter of kind Form (using multipart/form-data) for documentation purposes. +// It is initialized as required with string as its DataType. +func (w *WebService) MultiPartFormParameter(name, description string) *Parameter { + return MultiPartFormParameter(name, description) +} + +func MultiPartFormParameter(name, description string) *Parameter { + p := &Parameter{&ParameterData{Name: name, Description: description, Required: false, DataType: "string"}} + p.beMultiPartForm() + return p +} + // Route creates a new Route using the RouteBuilder and add to the ordered list of Routes. func (w *WebService) Route(builder *RouteBuilder) *WebService { w.routesLock.Lock() diff --git a/vendor/github.com/gobuffalo/flect/custom_data.go b/vendor/github.com/gobuffalo/flect/custom_data.go index 9a2dfc74ad..efb445f671 100644 --- a/vendor/github.com/gobuffalo/flect/custom_data.go +++ b/vendor/github.com/gobuffalo/flect/custom_data.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "os" "path/filepath" + "strings" ) func init() { @@ -75,6 +76,10 @@ func LoadInflections(r io.Reader) error { defer singularMoot.Unlock() for s, p := range m { + if strings.Contains(s, " ") || strings.Contains(p, " ") { + // flect works with parts, so multi-words should not be allowed + return fmt.Errorf("inflection elements should be a single word") + } singleToPlural[s] = p pluralToSingle[p] = s } diff --git a/vendor/github.com/gobuffalo/flect/plural_rules.go b/vendor/github.com/gobuffalo/flect/plural_rules.go index 61d34d393b..7205ec028a 100644 --- a/vendor/github.com/gobuffalo/flect/plural_rules.go +++ b/vendor/github.com/gobuffalo/flect/plural_rules.go @@ -47,6 +47,7 @@ var singleToPlural = map[string]string{ "concerto": "concertos", "corpus": "corpora", "crisis": "crises", + "criterion": "criteria", "curriculum": "curriculums", "datum": "data", "deer": "deer", @@ -56,7 +57,6 @@ var singleToPlural = map[string]string{ "ellipsis": "ellipses", "equipment": "equipment", "erratum": "errata", - "faux pas": "faux pas", "fez": "fezzes", "fish": "fish", "focus": "foci", @@ -82,6 +82,7 @@ var singleToPlural = map[string]string{ "locus": "loci", "louse": "lice", "matrix": "matrices", + "medium": "media", "minutia": "minutiae", "money": "money", "moose": "moose", @@ -96,6 +97,7 @@ var singleToPlural = map[string]string{ "ovum": "ova", "ox": "oxen", "parenthesis": "parentheses", + "person": "people", "phenomenon": "phenomena", "photo": "photos", "phylum": "phyla", @@ -157,9 +159,7 @@ type singularToPluralSuffix struct { } var singularToPluralSuffixList = []singularToPluralSuffix{ - {"iterion", "iteria"}, {"campus", "campuses"}, - {"genera", "genus"}, {"person", "people"}, {"phylum", "phyla"}, {"randum", "randa"}, @@ -169,6 +169,7 @@ var singularToPluralSuffixList = []singularToPluralSuffix{ {"child", "children"}, {"chive", "chives"}, {"focus", "foci"}, + {"genus", "genera"}, {"hello", "hellos"}, {"jeans", "jeans"}, {"louse", "lice"}, @@ -195,7 +196,6 @@ var singularToPluralSuffixList = []singularToPluralSuffix{ {"oose", "eese"}, {"ouse", "ouses"}, {"ovum", "ova"}, - {"rion", "ria"}, {"shoe", "shoes"}, {"stis", "stes"}, {"tive", "tives"}, @@ -225,7 +225,6 @@ var singularToPluralSuffixList = []singularToPluralSuffix{ {"ode", "odes"}, {"ofe", "oves"}, {"pfe", "pves"}, - {"pse", "psis"}, {"qfe", "qves"}, {"quy", "quies"}, {"rfe", "rves"}, diff --git a/vendor/github.com/gobuffalo/flect/pluralize.go b/vendor/github.com/gobuffalo/flect/pluralize.go index e265f84e91..88f9ec5545 100644 --- a/vendor/github.com/gobuffalo/flect/pluralize.go +++ b/vendor/github.com/gobuffalo/flect/pluralize.go @@ -43,6 +43,9 @@ func (i Ident) Pluralize() Ident { return i } if p, ok := singleToPlural[ls]; ok { + if s == Capitalize(s) { + p = Capitalize(p) + } return i.ReplaceSuffix(s, p) } for _, r := range pluralRules { diff --git a/vendor/github.com/gobuffalo/flect/singularize.go b/vendor/github.com/gobuffalo/flect/singularize.go index 1ed4995053..244e382c3c 100644 --- a/vendor/github.com/gobuffalo/flect/singularize.go +++ b/vendor/github.com/gobuffalo/flect/singularize.go @@ -30,28 +30,32 @@ func SingularizeWithSize(s string, i int) string { // data = datum // people = person func (i Ident) Singularize() Ident { - s := i.Original + s := i.LastPart() if len(s) == 0 { return i } singularMoot.RLock() defer singularMoot.RUnlock() + ls := strings.ToLower(s) if p, ok := pluralToSingle[ls]; ok { - return New(p) + if s == Capitalize(s) { + p = Capitalize(p) + } + return i.ReplaceSuffix(s, p) } if _, ok := singleToPlural[ls]; ok { return i } for _, r := range singularRules { if strings.HasSuffix(ls, r.suffix) { - return New(r.fn(s)) + return i.ReplaceSuffix(s, r.fn(s)) } } if strings.HasSuffix(s, "s") { - return New(s[:len(s)-1]) + return i.ReplaceSuffix("s", "") } return i } diff --git a/vendor/github.com/gobuffalo/flect/underscore.go b/vendor/github.com/gobuffalo/flect/underscore.go index e1466d99b9..d42859a59a 100644 --- a/vendor/github.com/gobuffalo/flect/underscore.go +++ b/vendor/github.com/gobuffalo/flect/underscore.go @@ -6,17 +6,17 @@ import ( ) // Underscore a string -// bob dylan = bob_dylan -// Nice to see you! = nice_to_see_you -// widgetID = widget_id +// bob dylan --> bob_dylan +// Nice to see you! --> nice_to_see_you +// widgetID --> widget_id func Underscore(s string) string { return New(s).Underscore().String() } // Underscore a string -// bob dylan = bob_dylan -// Nice to see you! = nice_to_see_you -// widgetID = widget_id +// bob dylan --> bob_dylan +// Nice to see you! --> nice_to_see_you +// widgetID --> widget_id func (i Ident) Underscore() Ident { out := make([]string, 0, len(i.Parts)) for _, part := range i.Parts { diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go new file mode 100644 index 0000000000..965ddcd8ff --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go @@ -0,0 +1,351 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +const ( + AlertmanagersKind = "Alertmanager" + AlertmanagerName = "alertmanagers" + AlertManagerKindKey = "alertmanager" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="am" +// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version",description="The version of Alertmanager" +// +kubebuilder:printcolumn:name="Replicas",type="integer",JSONPath=".spec.replicas",description="The number of desired replicas" +// +kubebuilder:printcolumn:name="Ready",type="integer",JSONPath=".status.availableReplicas",description="The number of ready replicas" +// +kubebuilder:printcolumn:name="Reconciled",type="string",JSONPath=".status.conditions[?(@.type == 'Reconciled')].status" +// +kubebuilder:printcolumn:name="Available",type="string",JSONPath=".status.conditions[?(@.type == 'Available')].status" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 +// +kubebuilder:subresource:status + +// Alertmanager describes an Alertmanager cluster. +type Alertmanager struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the desired behavior of the Alertmanager cluster. More info: + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Spec AlertmanagerSpec `json:"spec"` + // Most recent observed status of the Alertmanager cluster. Read-only. + // More info: + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Status AlertmanagerStatus `json:"status,omitempty"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *Alertmanager) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// AlertmanagerSpec is a specification of the desired behavior of the Alertmanager cluster. More info: +// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +// +k8s:openapi-gen=true +type AlertmanagerSpec struct { + // PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. + PodMetadata *EmbeddedObjectMetadata `json:"podMetadata,omitempty"` + // Image if specified has precedence over baseImage, tag and sha + // combinations. Specifying the version is still necessary to ensure the + // Prometheus Operator knows what version of Alertmanager is being + // configured. + Image *string `json:"image,omitempty"` + // Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. + // See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + // +kubebuilder:validation:Enum="";Always;Never;IfNotPresent + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // Version the cluster should be on. + Version string `json:"version,omitempty"` + // Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. + // Version is ignored if Tag is set. + // Deprecated: use 'image' instead. The image tag can be specified + // as part of the image URL. + Tag string `json:"tag,omitempty"` + // SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. + // Similar to a tag, but the SHA explicitly deploys an immutable container image. + // Version and Tag are ignored if SHA is set. + // Deprecated: use 'image' instead. The image digest can be specified + // as part of the image URL. + SHA string `json:"sha,omitempty"` + // Base image that is used to deploy pods, without tag. + // Deprecated: use 'image' instead + BaseImage string `json:"baseImage,omitempty"` + // An optional list of references to secrets in the same namespace + // to use for pulling prometheus and alertmanager images from registries + // see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // Secrets is a list of Secrets in the same namespace as the Alertmanager + // object, which shall be mounted into the Alertmanager Pods. + // Each Secret is added to the StatefulSet definition as a volume named `secret-`. + // The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. + Secrets []string `json:"secrets,omitempty"` + // ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager + // object, which shall be mounted into the Alertmanager Pods. + // Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + // The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. + ConfigMaps []string `json:"configMaps,omitempty"` + // ConfigSecret is the name of a Kubernetes Secret in the same namespace as the + // Alertmanager object, which contains the configuration for this Alertmanager + // instance. If empty, it defaults to `alertmanager-`. + // + // The Alertmanager configuration should be available under the + // `alertmanager.yaml` key. Additional keys from the original secret are + // copied to the generated secret and mounted into the + // `/etc/alertmanager/config` directory in the `alertmanager` container. + // + // If either the secret or the `alertmanager.yaml` key is missing, the + // operator provisions a minimal Alertmanager configuration with one empty + // receiver (effectively dropping alert notifications). + ConfigSecret string `json:"configSecret,omitempty"` + // Log level for Alertmanager to be configured with. + //+kubebuilder:validation:Enum="";debug;info;warn;error + LogLevel string `json:"logLevel,omitempty"` + // Log format for Alertmanager to be configured with. + //+kubebuilder:validation:Enum="";logfmt;json + LogFormat string `json:"logFormat,omitempty"` + // Size is the expected size of the alertmanager cluster. The controller will + // eventually make the size of the running cluster equal to the expected + // size. + Replicas *int32 `json:"replicas,omitempty"` + // Time duration Alertmanager shall retain data for. Default is '120h', + // and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + // +kubebuilder:default:="120h" + Retention GoDuration `json:"retention,omitempty"` + // Storage is the definition of how storage will be used by the Alertmanager + // instances. + Storage *StorageSpec `json:"storage,omitempty"` + // Volumes allows configuration of additional volumes on the output StatefulSet definition. + // Volumes specified will be appended to other volumes that are generated as a result of + // StorageSpec objects. + Volumes []v1.Volume `json:"volumes,omitempty"` + // VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. + // VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, + // that are generated as a result of StorageSpec objects. + VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` + // The external URL the Alertmanager instances will be available under. This is + // necessary to generate correct URLs. This is necessary if Alertmanager is not + // served from root of a DNS name. + ExternalURL string `json:"externalUrl,omitempty"` + // The route prefix Alertmanager registers HTTP handlers for. This is useful, + // if using ExternalURL and a proxy is rewriting HTTP routes of a request, + // and the actual ExternalURL is still true, but the server serves requests + // under a different route prefix. For example for use with `kubectl proxy`. + RoutePrefix string `json:"routePrefix,omitempty"` + // If set to true all actions on the underlying managed objects are not + // goint to be performed, except for delete actions. + Paused bool `json:"paused,omitempty"` + // Define which Nodes the Pods are scheduled on. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // Define resources requests and limits for single Pods. + Resources v1.ResourceRequirements `json:"resources,omitempty"` + // If specified, the pod's scheduling constraints. + Affinity *v1.Affinity `json:"affinity,omitempty"` + // If specified, the pod's tolerations. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // If specified, the pod's topology spread constraints. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // SecurityContext holds pod-level security attributes and common container settings. + // This defaults to the default PodSecurityContext. + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // ServiceAccountName is the name of the ServiceAccount to use to run the + // Prometheus Pods. + ServiceAccountName string `json:"serviceAccountName,omitempty"` + // ListenLocal makes the Alertmanager server listen on loopback, so that it + // does not bind against the Pod IP. Note this is only for the Alertmanager + // UI, not the gossip communication. + ListenLocal bool `json:"listenLocal,omitempty"` + // Containers allows injecting additional containers. This is meant to + // allow adding an authentication proxy to an Alertmanager pod. + // Containers described here modify an operator generated container if they + // share the same name and modifications are done via a strategic merge + // patch. The current container names are: `alertmanager` and + // `config-reloader`. Overriding containers is entirely outside the scope + // of what the maintainers will support and by doing so, you accept that + // this behaviour may break at any time without notice. + Containers []v1.Container `json:"containers,omitempty"` + // InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. + // fetch secrets for injection into the Alertmanager configuration from external sources. Any + // errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // Using initContainers for any use case other then secret fetching is entirely outside the scope + // of what the maintainers will support and by doing so, you accept that this behaviour may break + // at any time without notice. + InitContainers []v1.Container `json:"initContainers,omitempty"` + // Priority class assigned to the Pods + PriorityClassName string `json:"priorityClassName,omitempty"` + // AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + AdditionalPeers []string `json:"additionalPeers,omitempty"` + // ClusterAdvertiseAddress is the explicit address to advertise in cluster. + // Needs to be provided for non RFC1918 [1] (public) addresses. + // [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ClusterAdvertiseAddress string `json:"clusterAdvertiseAddress,omitempty"` + // Interval between gossip attempts. + ClusterGossipInterval GoDuration `json:"clusterGossipInterval,omitempty"` + // Interval between pushpull attempts. + ClusterPushpullInterval GoDuration `json:"clusterPushpullInterval,omitempty"` + // Timeout for cluster peering. + ClusterPeerTimeout GoDuration `json:"clusterPeerTimeout,omitempty"` + // Port name used for the pods and governing service. + // This defaults to web + PortName string `json:"portName,omitempty"` + // ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + // Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + ForceEnableClusterMode bool `json:"forceEnableClusterMode,omitempty"` + // AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + AlertmanagerConfigSelector *metav1.LabelSelector `json:"alertmanagerConfigSelector,omitempty"` + // The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. + // In the future more options may be added. + AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` + // Namespaces to be selected for AlertmanagerConfig discovery. If nil, only + // check own namespace. + AlertmanagerConfigNamespaceSelector *metav1.LabelSelector `json:"alertmanagerConfigNamespaceSelector,omitempty"` + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. + // +optional + MinReadySeconds *uint32 `json:"minReadySeconds,omitempty"` + // Pods' hostAliases configuration + // +listType=map + // +listMapKey=ip + HostAliases []HostAlias `json:"hostAliases,omitempty"` + // Defines the web command line flags when starting Alertmanager. + Web *AlertmanagerWebSpec `json:"web,omitempty"` + // EXPERIMENTAL: alertmanagerConfiguration specifies the configuration of Alertmanager. + // If defined, it takes precedence over the `configSecret` field. + // This field may change in future releases. + AlertmanagerConfiguration *AlertmanagerConfiguration `json:"alertmanagerConfiguration,omitempty"` +} + +// AlertmanagerConfigMatcherStrategy defines the strategy used by AlertmanagerConfig objects to match alerts. +type AlertmanagerConfigMatcherStrategy struct { + // If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. + // `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. + // Default is `OnNamespace`. + // +kubebuilder:validation:Enum="OnNamespace";"None" + // +kubebuilder:default:="OnNamespace" + Type string `json:"type,omitempty"` +} + +// AlertmanagerConfiguration defines the Alertmanager configuration. +// +k8s:openapi-gen=true +type AlertmanagerConfiguration struct { + // The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. + // It must be defined in the same namespace as the Alertmanager object. + // The operator will not enforce a `namespace` label for routes and inhibition rules. + // +kubebuilder:validation:MinLength=1 + Name string `json:"name,omitempty"` + // Defines the global parameters of the Alertmanager configuration. + // +optional + Global *AlertmanagerGlobalConfig `json:"global,omitempty"` + // Custom notification templates. + // +optional + Templates []SecretOrConfigMap `json:"templates,omitempty"` +} + +// AlertmanagerGlobalConfig configures parameters that are valid in all other configuration contexts. +// See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file +type AlertmanagerGlobalConfig struct { + // ResolveTimeout is the default value used by alertmanager if the alert does + // not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. + // This has no impact on alerts from Prometheus, as they always include EndsAt. + ResolveTimeout Duration `json:"resolveTimeout,omitempty"` + + // HTTP client configuration. + HTTPConfig *HTTPConfig `json:"httpConfig,omitempty"` +} + +// AlertmanagerStatus is the most recent observed status of the Alertmanager cluster. Read-only. +// More info: +// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +// +k8s:openapi-gen=true +type AlertmanagerStatus struct { + // Represents whether any actions on the underlying managed objects are + // being performed. Only delete actions will be performed. + Paused bool `json:"paused"` + // Total number of non-terminated pods targeted by this Alertmanager + // object (their labels match the selector). + Replicas int32 `json:"replicas"` + // Total number of non-terminated pods targeted by this Alertmanager + // object that have the desired version spec. + UpdatedReplicas int32 `json:"updatedReplicas"` + // Total number of available pods (ready for at least minReadySeconds) + // targeted by this Alertmanager cluster. + AvailableReplicas int32 `json:"availableReplicas"` + // Total number of unavailable pods targeted by this Alertmanager object. + UnavailableReplicas int32 `json:"unavailableReplicas"` + // The current state of the Alertmanager object. + // +listType=map + // +listMapKey=type + // +optional + Conditions []Condition `json:"conditions,omitempty"` +} + +// AlertmanagerWebSpec defines the web command line flags when starting Alertmanager. +// +k8s:openapi-gen=true +type AlertmanagerWebSpec struct { + WebConfigFileFields `json:",inline"` +} + +// HTTPConfig defines a client HTTP configuration. +// See https://prometheus.io/docs/alerting/latest/configuration/#http_config +type HTTPConfig struct { + // Authorization header configuration for the client. + // This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + // +optional + Authorization *SafeAuthorization `json:"authorization,omitempty"` + // BasicAuth for the client. + // This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + // +optional + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // OAuth2 client credentials used to fetch a token for the targets. + // +optional + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // The secret's key that contains the bearer token to be used by the client + // for authentication. + // The secret needs to be in the same namespace as the Alertmanager + // object and accessible by the Prometheus Operator. + // +optional + BearerTokenSecret *v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + // TLS configuration for the client. + // +optional + TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` + // Optional proxy URL. + // +optional + ProxyURL string `json:"proxyURL,omitempty"` + // FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` +} + +// AlertmanagerList is a list of Alertmanagers. +// +k8s:openapi-gen=true +type AlertmanagerList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of Alertmanagers + Items []Alertmanager `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *AlertmanagerList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go new file mode 100644 index 0000000000..a9dac2dd40 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go @@ -0,0 +1,153 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" +) + +const ( + PodMonitorsKind = "PodMonitor" + PodMonitorName = "podmonitors" + PodMonitorKindKey = "podmonitor" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="pmon" + +// PodMonitor defines monitoring for a set of pods. +type PodMonitor struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of desired Pod selection for target discovery by Prometheus. + Spec PodMonitorSpec `json:"spec"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *PodMonitor) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// PodMonitorSpec contains specification parameters for a PodMonitor. +// +k8s:openapi-gen=true +type PodMonitorSpec struct { + // The label to use to retrieve the job name from. + JobLabel string `json:"jobLabel,omitempty"` + // PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + PodTargetLabels []string `json:"podTargetLabels,omitempty"` + // A list of endpoints allowed as part of this PodMonitor. + PodMetricsEndpoints []PodMetricsEndpoint `json:"podMetricsEndpoints"` + // Selector to select Pod objects. + Selector metav1.LabelSelector `json:"selector"` + // Selector to select which namespaces the Endpoints objects are discovered from. + NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` + // SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + SampleLimit uint64 `json:"sampleLimit,omitempty"` + // TargetLimit defines a limit on the number of scraped targets that will be accepted. + TargetLimit uint64 `json:"targetLimit,omitempty"` + // Per-scrape limit on number of labels that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelLimit uint64 `json:"labelLimit,omitempty"` + // Per-scrape limit on length of labels name that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelNameLengthLimit uint64 `json:"labelNameLengthLimit,omitempty"` + // Per-scrape limit on length of labels value that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelValueLengthLimit uint64 `json:"labelValueLengthLimit,omitempty"` + // Attaches node metadata to discovered targets. + // Requires Prometheus v2.35.0 and above. + AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` +} + +// PodMonitorList is a list of PodMonitors. +// +k8s:openapi-gen=true +type PodMonitorList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of PodMonitors + Items []*PodMonitor `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *PodMonitorList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. +// +k8s:openapi-gen=true +type PodMetricsEndpoint struct { + // Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. + Port string `json:"port,omitempty"` + // Deprecated: Use 'port' instead. + TargetPort *intstr.IntOrString `json:"targetPort,omitempty"` + // HTTP path to scrape for metrics. + // If empty, Prometheus uses the default value (e.g. `/metrics`). + Path string `json:"path,omitempty"` + // HTTP scheme to use for scraping. + Scheme string `json:"scheme,omitempty"` + // Optional HTTP URL parameters + Params map[string][]string `json:"params,omitempty"` + // Interval at which metrics should be scraped + // If not specified Prometheus' global scrape interval is used. + Interval Duration `json:"interval,omitempty"` + // Timeout after which the scrape is ended + // If not specified, the Prometheus global scrape interval is used. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + // TLS configuration to use when scraping the endpoint. + TLSConfig *PodMetricsEndpointTLSConfig `json:"tlsConfig,omitempty"` + // Secret to mount to read bearer token for scraping targets. The secret + // needs to be in the same namespace as the pod monitor and accessible by + // the Prometheus Operator. + BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + // HonorLabels chooses the metric's labels on collisions with target labels. + HonorLabels bool `json:"honorLabels,omitempty"` + // HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + HonorTimestamps *bool `json:"honorTimestamps,omitempty"` + // BasicAuth allow an endpoint to authenticate over basic authentication. + // More info: https://prometheus.io/docs/operating/configuration/#endpoint + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // Authorization section for this endpoint + Authorization *SafeAuthorization `json:"authorization,omitempty"` + // MetricRelabelConfigs to apply to samples before ingestion. + MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"` + // RelabelConfigs to apply to samples before scraping. + // Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + // The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + RelabelConfigs []*RelabelConfig `json:"relabelings,omitempty"` + // ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + ProxyURL *string `json:"proxyUrl,omitempty"` + // FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Whether to enable HTTP2. + EnableHttp2 *bool `json:"enableHttp2,omitempty"` + // Drop pods that are not running. (Failed, Succeeded). Enabled by default. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + FilterRunning *bool `json:"filterRunning,omitempty"` +} + +// PodMetricsEndpointTLSConfig specifies TLS configuration parameters. +// +k8s:openapi-gen=true +type PodMetricsEndpointTLSConfig struct { + SafeTLSConfig `json:",inline"` +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go new file mode 100644 index 0000000000..d9e73986eb --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go @@ -0,0 +1,199 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +const ( + ProbesKind = "Probe" + ProbeName = "probes" + ProbeKindKey = "probe" +) + +// +genclient +// +k8s:openapi-gen=true +// +kubebuilder:resource:categories="prometheus-operator",shortName="prb" + +// Probe defines monitoring for a set of static targets or ingresses. +type Probe struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of desired Ingress selection for target discovery by Prometheus. + Spec ProbeSpec `json:"spec"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *Probe) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// ProbeSpec contains specification parameters for a Probe. +// +k8s:openapi-gen=true +type ProbeSpec struct { + // The job name assigned to scraped metrics by default. + JobName string `json:"jobName,omitempty"` + // Specification for the prober to use for probing targets. + // The prober.URL parameter is required. Targets cannot be probed if left empty. + ProberSpec ProberSpec `json:"prober,omitempty"` + // The module to use for probing specifying how to probe the target. + // Example module configuring in the blackbox exporter: + // https://github.com/prometheus/blackbox_exporter/blob/master/example.yml + Module string `json:"module,omitempty"` + // Targets defines a set of static or dynamically discovered targets to probe. + Targets ProbeTargets `json:"targets,omitempty"` + // Interval at which targets are probed using the configured prober. + // If not specified Prometheus' global scrape interval is used. + Interval Duration `json:"interval,omitempty"` + // Timeout for scraping metrics from the Prometheus exporter. + // If not specified, the Prometheus global scrape interval is used. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + // TLS configuration to use when scraping the endpoint. + TLSConfig *ProbeTLSConfig `json:"tlsConfig,omitempty"` + // Secret to mount to read bearer token for scraping targets. The secret + // needs to be in the same namespace as the probe and accessible by + // the Prometheus Operator. + BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + // BasicAuth allow an endpoint to authenticate over basic authentication. + // More info: https://prometheus.io/docs/operating/configuration/#endpoint + BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // MetricRelabelConfigs to apply to samples before ingestion. + MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"` + // Authorization section for this endpoint + Authorization *SafeAuthorization `json:"authorization,omitempty"` + // SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + SampleLimit uint64 `json:"sampleLimit,omitempty"` + // TargetLimit defines a limit on the number of scraped targets that will be accepted. + TargetLimit uint64 `json:"targetLimit,omitempty"` + // Per-scrape limit on number of labels that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelLimit uint64 `json:"labelLimit,omitempty"` + // Per-scrape limit on length of labels name that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelNameLengthLimit uint64 `json:"labelNameLengthLimit,omitempty"` + // Per-scrape limit on length of labels value that will be accepted for a sample. + // Only valid in Prometheus versions 2.27.0 and newer. + LabelValueLengthLimit uint64 `json:"labelValueLengthLimit,omitempty"` +} + +// ProbeTargets defines how to discover the probed targets. +// One of the `staticConfig` or `ingress` must be defined. +// If both are defined, `staticConfig` takes precedence. +// +k8s:openapi-gen=true +type ProbeTargets struct { + // staticConfig defines the static list of targets to probe and the + // relabeling configuration. + // If `ingress` is also defined, `staticConfig` takes precedence. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. + StaticConfig *ProbeTargetStaticConfig `json:"staticConfig,omitempty"` + // ingress defines the Ingress objects to probe and the relabeling + // configuration. + // If `staticConfig` is also defined, `staticConfig` takes precedence. + Ingress *ProbeTargetIngress `json:"ingress,omitempty"` +} + +// Validate semantically validates the given ProbeTargets. +func (it *ProbeTargets) Validate() error { + if it.StaticConfig == nil && it.Ingress == nil { + return &ProbeTargetsValidationError{"at least one of .spec.targets.staticConfig and .spec.targets.ingress is required"} + } + + return nil +} + +// ProbeTargetsValidationError is returned by ProbeTargets.Validate() +// on semantically invalid configurations. +// +k8s:openapi-gen=false +type ProbeTargetsValidationError struct { + err string +} + +func (e *ProbeTargetsValidationError) Error() string { + return e.err +} + +// ProbeTargetStaticConfig defines the set of static targets considered for probing. +// +k8s:openapi-gen=true +type ProbeTargetStaticConfig struct { + // The list of hosts to probe. + Targets []string `json:"static,omitempty"` + // Labels assigned to all metrics scraped from the targets. + Labels map[string]string `json:"labels,omitempty"` + // RelabelConfigs to apply to the label set of the targets before it gets + // scraped. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + RelabelConfigs []*RelabelConfig `json:"relabelingConfigs,omitempty"` +} + +// ProbeTargetIngress defines the set of Ingress objects considered for probing. +// The operator configures a target for each host/path combination of each ingress object. +// +k8s:openapi-gen=true +type ProbeTargetIngress struct { + // Selector to select the Ingress objects. + Selector metav1.LabelSelector `json:"selector,omitempty"` + // From which namespaces to select Ingress objects. + NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` + // RelabelConfigs to apply to the label set of the target before it gets + // scraped. + // The original ingress address is available via the + // `__tmp_prometheus_ingress_address` label. It can be used to customize the + // probed URL. + // The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + RelabelConfigs []*RelabelConfig `json:"relabelingConfigs,omitempty"` +} + +// ProberSpec contains specification parameters for the Prober used for probing. +// +k8s:openapi-gen=true +type ProberSpec struct { + // Mandatory URL of the prober. + URL string `json:"url"` + // HTTP scheme to use for scraping. + // Defaults to `http`. + Scheme string `json:"scheme,omitempty"` + // Path to collect metrics from. + // Defaults to `/probe`. + // +kubebuilder:default:="/probe" + Path string `json:"path,omitempty"` + // Optional ProxyURL. + ProxyURL string `json:"proxyUrl,omitempty"` +} + +// ProbeList is a list of Probes. +// +k8s:openapi-gen=true +type ProbeList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + // List of Probes + Items []*Probe `json:"items"` +} + +// DeepCopyObject implements the runtime.Object interface. +func (l *ProbeList) DeepCopyObject() runtime.Object { + return l.DeepCopy() +} + +// ProbeTLSConfig specifies TLS configuration parameters for the prober. +// +k8s:openapi-gen=true +type ProbeTLSConfig struct { + SafeTLSConfig `json:",inline"` +} diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go new file mode 100644 index 0000000000..38f95c3845 --- /dev/null +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go @@ -0,0 +1,979 @@ +// Copyright 2018 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" + "strings" +) + +const ( + PrometheusesKind = "Prometheus" + PrometheusName = "prometheuses" + PrometheusKindKey = "prometheus" +) + +// CommonPrometheusFields are the options available to both the Prometheus server and agent. +// +k8s:deepcopy-gen=true +type CommonPrometheusFields struct { + // PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. + PodMetadata *EmbeddedObjectMetadata `json:"podMetadata,omitempty"` + // ServiceMonitors to be selected for target discovery. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and + // `spec.probeSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is deprecated and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + ServiceMonitorSelector *metav1.LabelSelector `json:"serviceMonitorSelector,omitempty"` + // Namespace's labels to match for ServiceMonitor discovery. If nil, only + // check own namespace. + ServiceMonitorNamespaceSelector *metav1.LabelSelector `json:"serviceMonitorNamespaceSelector,omitempty"` + // *Experimental* PodMonitors to be selected for target discovery. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and + // `spec.probeSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is deprecated and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + PodMonitorSelector *metav1.LabelSelector `json:"podMonitorSelector,omitempty"` + // Namespace's labels to match for PodMonitor discovery. If nil, only + // check own namespace. + PodMonitorNamespaceSelector *metav1.LabelSelector `json:"podMonitorNamespaceSelector,omitempty"` + // *Experimental* Probes to be selected for target discovery. + // + // If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and + // `spec.probeSelector` are null, the Prometheus configuration is unmanaged. + // The Prometheus operator will ensure that the Prometheus configuration's + // Secret exists, but it is the responsibility of the user to provide the raw + // gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + // This behavior is deprecated and will be removed in the next major version + // of the custom resource definition. It is recommended to use + // `spec.additionalScrapeConfigs` instead. + ProbeSelector *metav1.LabelSelector `json:"probeSelector,omitempty"` + // *Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace. + ProbeNamespaceSelector *metav1.LabelSelector `json:"probeNamespaceSelector,omitempty"` + // Version of Prometheus to be deployed. + Version string `json:"version,omitempty"` + // When a Prometheus deployment is paused, no actions except for deletion + // will be performed on the underlying objects. + Paused bool `json:"paused,omitempty"` + // Image if specified has precedence over baseImage, tag and sha + // combinations. Specifying the version is still necessary to ensure the + // Prometheus Operator knows what version of Prometheus is being + // configured. + Image *string `json:"image,omitempty"` + // Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. + // See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + // +kubebuilder:validation:Enum="";Always;Never;IfNotPresent + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // An optional list of references to secrets in the same namespace + // to use for pulling prometheus and alertmanager images from registries + // see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // Number of replicas of each shard to deploy for a Prometheus deployment. + // Number of replicas multiplied by shards is the total number of Pods + // created. + Replicas *int32 `json:"replicas,omitempty"` + // EXPERIMENTAL: Number of shards to distribute targets onto. Number of + // replicas multiplied by shards is the total number of Pods created. Note + // that scaling down shards will not reshard data onto remaining instances, + // it must be manually moved. Increasing shards will not reshard data + // either but it will continue to be available from the same instances. To + // query globally use Thanos sidecar and Thanos querier or remote write + // data to a central location. Sharding is done on the content of the + // `__address__` target meta-label. + Shards *int32 `json:"shards,omitempty"` + // Name of Prometheus external label used to denote replica name. + // Defaults to the value of `prometheus_replica`. External label will + // _not_ be added when value is set to empty string (`""`). + ReplicaExternalLabelName *string `json:"replicaExternalLabelName,omitempty"` + // Name of Prometheus external label used to denote Prometheus instance + // name. Defaults to the value of `prometheus`. External label will + // _not_ be added when value is set to empty string (`""`). + PrometheusExternalLabelName *string `json:"prometheusExternalLabelName,omitempty"` + // Log level for Prometheus to be configured with. + //+kubebuilder:validation:Enum="";debug;info;warn;error + LogLevel string `json:"logLevel,omitempty"` + // Log format for Prometheus to be configured with. + //+kubebuilder:validation:Enum="";logfmt;json + LogFormat string `json:"logFormat,omitempty"` + // Interval between consecutive scrapes. Default: `30s` + // +kubebuilder:default:="30s" + ScrapeInterval Duration `json:"scrapeInterval,omitempty"` + // Number of seconds to wait for target to respond before erroring. + ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` + // The labels to add to any time series or alerts when communicating with + // external systems (federation, remote storage, Alertmanager). + ExternalLabels map[string]string `json:"externalLabels,omitempty"` + // Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. + // WARNING: This is not considered an efficient way of ingesting samples. + // Use it with caution for specific low-volume use cases. + // It is not suitable for replacing the ingestion via scraping and turning + // Prometheus into a push-based metrics collection system. + // For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + // Only valid in Prometheus versions 2.33.0 and newer. + EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"` + // Enable access to Prometheus disabled features. By default, no features are enabled. + // Enabling disabled features is entirely outside the scope of what the maintainers will + // support and by doing so, you accept that this behaviour may break at any + // time without notice. + // For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + EnableFeatures []string `json:"enableFeatures,omitempty"` + // The external URL the Prometheus instances will be available under. This is + // necessary to generate correct URLs. This is necessary if Prometheus is not + // served from root of a DNS name. + ExternalURL string `json:"externalUrl,omitempty"` + // The route prefix Prometheus registers HTTP handlers for. This is useful, + // if using ExternalURL and a proxy is rewriting HTTP routes of a request, + // and the actual ExternalURL is still true, but the server serves requests + // under a different route prefix. For example for use with `kubectl proxy`. + RoutePrefix string `json:"routePrefix,omitempty"` + // Storage spec to specify how storage shall be used. + Storage *StorageSpec `json:"storage,omitempty"` + // Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will + // be appended to other volumes that are generated as a result of StorageSpec objects. + Volumes []v1.Volume `json:"volumes,omitempty"` + // VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. + // VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, + // that are generated as a result of StorageSpec objects. + VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` + // Defines the web command line flags when starting Prometheus. + Web *PrometheusWebSpec `json:"web,omitempty"` + // Define resources requests and limits for single Pods. + Resources v1.ResourceRequirements `json:"resources,omitempty"` + // Define which Nodes the Pods are scheduled on. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // ServiceAccountName is the name of the ServiceAccount to use to run the + // Prometheus Pods. + ServiceAccountName string `json:"serviceAccountName,omitempty"` + // Secrets is a list of Secrets in the same namespace as the Prometheus + // object, which shall be mounted into the Prometheus Pods. + // Each Secret is added to the StatefulSet definition as a volume named `secret-`. + // The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + Secrets []string `json:"secrets,omitempty"` + // ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus + // object, which shall be mounted into the Prometheus Pods. + // Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + // The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. + ConfigMaps []string `json:"configMaps,omitempty"` + // If specified, the pod's scheduling constraints. + Affinity *v1.Affinity `json:"affinity,omitempty"` + // If specified, the pod's tolerations. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // If specified, the pod's topology spread constraints. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // remoteWrite is the list of remote write configurations. + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // SecurityContext holds pod-level security attributes and common container settings. + // This defaults to the default PodSecurityContext. + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // ListenLocal makes the Prometheus server listen on loopback, so that it + // does not bind against the Pod IP. + ListenLocal bool `json:"listenLocal,omitempty"` + // Containers allows injecting additional containers or modifying operator + // generated containers. This can be used to allow adding an authentication + // proxy to a Prometheus pod or to change the behavior of an operator + // generated container. Containers described here modify an operator + // generated container if they share the same name and modifications are + // done via a strategic merge patch. The current container names are: + // `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding + // containers is entirely outside the scope of what the maintainers will + // support and by doing so, you accept that this behaviour may break at any + // time without notice. + Containers []v1.Container `json:"containers,omitempty"` + // InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. + // fetch secrets for injection into the Prometheus configuration from external sources. Any errors + // during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // InitContainers described here modify an operator + // generated init containers if they share the same name and modifications are + // done via a strategic merge patch. The current init container name is: + // `init-config-reloader`. Overriding init containers is entirely outside the + // scope of what the maintainers will support and by doing so, you accept that + // this behaviour may break at any time without notice. + InitContainers []v1.Container `json:"initContainers,omitempty"` + // AdditionalScrapeConfigs allows specifying a key of a Secret containing + // additional Prometheus scrape configurations. Scrape configurations + // specified are appended to the configurations generated by the Prometheus + // Operator. Job configurations specified must have the form as specified + // in the official Prometheus documentation: + // https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + // As scrape configs are appended, the user is responsible to make sure it + // is valid. Note that using this feature may expose the possibility to + // break upgrades of Prometheus. It is advised to review Prometheus release + // notes to ensure that no incompatible scrape configs are going to break + // Prometheus after the upgrade. + AdditionalScrapeConfigs *v1.SecretKeySelector `json:"additionalScrapeConfigs,omitempty"` + // APIServerConfig allows specifying a host and auth methods to access apiserver. + // If left empty, Prometheus is assumed to run inside of the cluster + // and will discover API servers automatically and use the pod's CA certificate + // and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + APIServerConfig *APIServerConfig `json:"apiserverConfig,omitempty"` + // Priority class assigned to the Pods + PriorityClassName string `json:"priorityClassName,omitempty"` + // Port name used for the pods and governing service. + // This defaults to web + PortName string `json:"portName,omitempty"` + // ArbitraryFSAccessThroughSMs configures whether configuration + // based on a service monitor can access arbitrary files on the file system + // of the Prometheus container e.g. bearer token files. + ArbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig `json:"arbitraryFSAccessThroughSMs,omitempty"` + // When true, Prometheus resolves label conflicts by renaming the labels in + // the scraped data to "exported_