From 6eacbcd67fd587aee54a99cfccd51d5325da1ae2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 20:25:43 +0000 Subject: [PATCH 01/12] rebase: bump the golang-dependencies group with 3 updates Bumps the golang-dependencies group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/crypto` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0) Updates `golang.org/x/net` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0) Updates `golang.org/x/sys` from 0.16.0 to 0.17.0 - [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-dependencies - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-dependencies - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 8 +- go.sum | 16 +-- vendor/golang.org/x/net/html/token.go | 12 +- vendor/golang.org/x/net/http2/frame.go | 11 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 36 ++++- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_loong64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 3 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 4 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 4 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 125 +++++++++--------- .../golang.org/x/sys/windows/env_windows.go | 17 ++- .../x/sys/windows/syscall_windows.go | 3 +- vendor/modules.txt | 8 +- 40 files changed, 245 insertions(+), 97 deletions(-) diff --git a/go.mod b/go.mod index 0c0c77203..2ce38295e 100644 --- a/go.mod +++ b/go.mod @@ -27,9 +27,9 @@ require ( github.com/pkg/xattr v0.4.9 github.com/prometheus/client_golang v1.18.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.18.0 - golang.org/x/net v0.20.0 - golang.org/x/sys v0.16.0 + golang.org/x/crypto v0.19.0 + golang.org/x/net v0.21.0 + golang.org/x/sys v0.17.0 google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.32.0 // @@ -151,7 +151,7 @@ require ( golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 // indirect golang.org/x/oauth2 v0.14.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.1 // indirect diff --git a/go.sum b/go.sum index f9678277b..200cbba30 100644 --- a/go.sum +++ b/go.sum @@ -1737,8 +1737,8 @@ golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1884,8 +1884,8 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2052,8 +2052,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2071,8 +2071,8 @@ golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go index de67f938a..3c57880d6 100644 --- a/vendor/golang.org/x/net/html/token.go +++ b/vendor/golang.org/x/net/html/token.go @@ -910,9 +910,6 @@ func (z *Tokenizer) readTagAttrKey() { return } switch c { - case ' ', '\n', '\r', '\t', '\f', '/': - z.pendingAttr[0].end = z.raw.end - 1 - return case '=': if z.pendingAttr[0].start+1 == z.raw.end { // WHATWG 13.2.5.32, if we see an equals sign before the attribute name @@ -920,7 +917,9 @@ func (z *Tokenizer) readTagAttrKey() { continue } fallthrough - case '>': + case ' ', '\n', '\r', '\t', '\f', '/', '>': + // WHATWG 13.2.5.33 Attribute name state + // We need to reconsume the char in the after attribute name state to support the / character z.raw.end-- z.pendingAttr[0].end = z.raw.end return @@ -939,6 +938,11 @@ func (z *Tokenizer) readTagAttrVal() { if z.err != nil { return } + if c == '/' { + // WHATWG 13.2.5.34 After attribute name state + // U+002F SOLIDUS (/) - Switch to the self-closing start tag state. + return + } if c != '=' { z.raw.end-- return diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index c1f6b90dc..e2b298d85 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -1510,13 +1510,12 @@ func (mh *MetaHeadersFrame) checkPseudos() error { } func (fr *Framer) maxHeaderStringLen() int { - v := fr.maxHeaderListSize() - if uint32(int(v)) == v { - return int(v) + v := int(fr.maxHeaderListSize()) + if v < 0 { + // If maxHeaderListSize overflows an int, use no limit (0). + return 0 } - // They had a crazy big number for MaxHeaderBytes anyway, - // so give them unlimited header lengths: - return 0 + return v } // readMetaFrame returns 0 or more CONTINUATION frames from fr and diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index c6492020e..fdcaa974d 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -584,7 +584,7 @@ ccflags="$@" $2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ || $2 ~ /^KEYCTL_/ || $2 ~ /^PERF_/ || - $2 ~ /^SECCOMP_MODE_/ || + $2 ~ /^SECCOMP_/ || $2 ~ /^SEEK_/ || $2 ~ /^SCHED_/ || $2 ~ /^SPLICE_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index a5d3ff8df..36bf8399f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1785,6 +1785,8 @@ const ( LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 + LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 + LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef @@ -2465,6 +2467,7 @@ const ( PR_MCE_KILL_GET = 0x22 PR_MCE_KILL_LATE = 0x0 PR_MCE_KILL_SET = 0x1 + PR_MDWE_NO_INHERIT = 0x2 PR_MDWE_REFUSE_EXEC_GAIN = 0x1 PR_MPX_DISABLE_MANAGEMENT = 0x2c PR_MPX_ENABLE_MANAGEMENT = 0x2b @@ -2669,8 +2672,9 @@ const ( RTAX_FEATURES = 0xc RTAX_FEATURE_ALLFRAG = 0x8 RTAX_FEATURE_ECN = 0x1 - RTAX_FEATURE_MASK = 0xf + RTAX_FEATURE_MASK = 0x1f RTAX_FEATURE_SACK = 0x2 + RTAX_FEATURE_TCP_USEC_TS = 0x10 RTAX_FEATURE_TIMESTAMP = 0x4 RTAX_HOPLIMIT = 0xa RTAX_INITCWND = 0xb @@ -2913,9 +2917,38 @@ const ( SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x1d SC_LOG_FLUSH = 0x100000 + SECCOMP_ADDFD_FLAG_SEND = 0x2 + SECCOMP_ADDFD_FLAG_SETFD = 0x1 + SECCOMP_FILTER_FLAG_LOG = 0x2 + SECCOMP_FILTER_FLAG_NEW_LISTENER = 0x8 + SECCOMP_FILTER_FLAG_SPEC_ALLOW = 0x4 + SECCOMP_FILTER_FLAG_TSYNC = 0x1 + SECCOMP_FILTER_FLAG_TSYNC_ESRCH = 0x10 + SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV = 0x20 + SECCOMP_GET_ACTION_AVAIL = 0x2 + SECCOMP_GET_NOTIF_SIZES = 0x3 + SECCOMP_IOCTL_NOTIF_RECV = 0xc0502100 + SECCOMP_IOCTL_NOTIF_SEND = 0xc0182101 + SECCOMP_IOC_MAGIC = '!' SECCOMP_MODE_DISABLED = 0x0 SECCOMP_MODE_FILTER = 0x2 SECCOMP_MODE_STRICT = 0x1 + SECCOMP_RET_ACTION = 0x7fff0000 + SECCOMP_RET_ACTION_FULL = 0xffff0000 + SECCOMP_RET_ALLOW = 0x7fff0000 + SECCOMP_RET_DATA = 0xffff + SECCOMP_RET_ERRNO = 0x50000 + SECCOMP_RET_KILL = 0x0 + SECCOMP_RET_KILL_PROCESS = 0x80000000 + SECCOMP_RET_KILL_THREAD = 0x0 + SECCOMP_RET_LOG = 0x7ffc0000 + SECCOMP_RET_TRACE = 0x7ff00000 + SECCOMP_RET_TRAP = 0x30000 + SECCOMP_RET_USER_NOTIF = 0x7fc00000 + SECCOMP_SET_MODE_FILTER = 0x1 + SECCOMP_SET_MODE_STRICT = 0x0 + SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP = 0x1 + SECCOMP_USER_NOTIF_FLAG_CONTINUE = 0x1 SECRETMEM_MAGIC = 0x5345434d SECURITYFS_MAGIC = 0x73636673 SEEK_CUR = 0x1 @@ -3075,6 +3108,7 @@ const ( SOL_TIPC = 0x10f SOL_TLS = 0x11a SOL_UDP = 0x11 + SOL_VSOCK = 0x11f SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 4920821cf..42ff8c3c1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index a0c1e4112..dca436004 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -282,6 +282,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index c63985560..5cca668ac 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -288,6 +288,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 47cc62e25..d8cae6d15 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -278,6 +278,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 27ac4a09e..28e39afdc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -275,6 +275,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 54694642a..cd66e92cb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 3adb81d75..c1595eba7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 2dfe98f0d..ee9456b0d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index f5398f84f..8cfca81e1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c54f152d6..60b0deb3a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -336,6 +336,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 76057dc72..f90aa7281 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e0c3725e2..ba9e01503 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 18f2813ed..07cdfd6e9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -272,6 +272,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 11619d4ec..2f1dd214a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -344,6 +344,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 396d994da..f40519d90 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -335,6 +335,9 @@ const ( SCM_TIMESTAMPNS = 0x21 SCM_TXTIME = 0x3f SCM_WIFI_STATUS = 0x25 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 SF_FP = 0x38 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index fcf3ecbdd..0cc3ce496 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -448,4 +448,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f56dc2504..856d92d69 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -371,4 +371,7 @@ const ( SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 974bf2467..8d467094c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -412,4 +412,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 39a2739e2..edc173244 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -315,4 +315,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index cf9c9d77e..445eba206 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -309,4 +309,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 10b7362ef..adba01bca 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index cd4d8b4fd..014c4e9c7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 2c0efca81..ccc97d74d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index a72e31d39..ec2b64a95 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index c7d1e3747..21a839e33 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -439,4 +439,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index f4d4838c8..c11121ec3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index b64f0e591..909b631fc 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 95711195a..e49bed16e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -316,4 +316,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index f94e943bc..66017d2d3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -377,4 +377,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index ba0c2bc51..47bab18dc 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -390,4 +390,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index bbf8399ff..dc0c955ee 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -174,7 +174,8 @@ type FscryptPolicyV2 struct { Contents_encryption_mode uint8 Filenames_encryption_mode uint8 Flags uint8 - _ [4]uint8 + Log2_data_unit_size uint8 + _ [3]uint8 Master_key_identifier [16]uint8 } @@ -455,60 +456,63 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 - Pacing_rate uint64 - Max_pacing_rate uint64 - Bytes_acked uint64 - Bytes_received uint64 - Segs_out uint32 - Segs_in uint32 - Notsent_bytes uint32 - Min_rtt uint32 - Data_segs_in uint32 - Data_segs_out uint32 - Delivery_rate uint64 - Busy_time uint64 - Rwnd_limited uint64 - Sndbuf_limited uint64 - Delivered uint32 - Delivered_ce uint32 - Bytes_sent uint64 - Bytes_retrans uint64 - Dsack_dups uint32 - Reord_seen uint32 - Rcv_ooopack uint32 - Snd_wnd uint32 - Rcv_wnd uint32 - Rehash uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 + Total_rto uint16 + Total_rto_recoveries uint16 + Total_rto_time uint32 } type CanFilter struct { @@ -551,7 +555,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0xf0 + SizeofTCPInfo = 0xf8 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -3399,7 +3403,7 @@ const ( DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 DEVLINK_PORT_FN_ATTR_CAPS = 0x4 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x5 ) type FsverityDigest struct { @@ -4183,7 +4187,8 @@ const ( ) type LandlockRulesetAttr struct { - Access_fs uint64 + Access_fs uint64 + Access_net uint64 } type LandlockPathBeneathAttr struct { @@ -5134,7 +5139,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x1b + NL80211_FREQUENCY_ATTR_MAX = 0x1c NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5547,7 +5552,7 @@ const ( NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2 NL80211_REGDOM_TYPE_INTERSECTION = 0x3 NL80211_REGDOM_TYPE_WORLD = 0x1 - NL80211_REG_RULE_ATTR_MAX = 0x7 + NL80211_REG_RULE_ATTR_MAX = 0x8 NL80211_REKEY_DATA_AKM = 0x4 NL80211_REKEY_DATA_KCK = 0x2 NL80211_REKEY_DATA_KEK = 0x1 diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go index b8ad19250..d4577a423 100644 --- a/vendor/golang.org/x/sys/windows/env_windows.go +++ b/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := unsafe.Pointer(block) - for { - entry := UTF16PtrToString((*uint16)(blockp)) - if len(entry) == 0 { - break + size := unsafe.Sizeof(*block) + for *block != 0 { + // find NUL terminator + end := unsafe.Pointer(block) + for *(*uint16)(end) != 0 { + end = unsafe.Add(end, size) } - env = append(env, entry) - blockp = unsafe.Add(blockp, 2*(len(entry)+1)) + + entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size) + env = append(env, UTF16ToString(entry)) + block = (*uint16)(unsafe.Add(end, size)) } return env, nil } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index ffb8708cc..6395a031d 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -125,8 +125,7 @@ func UTF16PtrToString(p *uint16) string { for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ { ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p)) } - - return string(utf16.Decode(unsafe.Slice(p, n))) + return UTF16ToString(unsafe.Slice(p, n)) } func Getpagesize() int { return 4096 } diff --git a/vendor/modules.txt b/vendor/modules.txt index 6515ffe40..68bc571b8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -638,7 +638,7 @@ go.uber.org/zap/internal/pool go.uber.org/zap/internal/stacktrace go.uber.org/zap/zapcore go.uber.org/zap/zapgrpc -# golang.org/x/crypto v0.18.0 +# golang.org/x/crypto v0.19.0 ## explicit; go 1.18 golang.org/x/crypto/argon2 golang.org/x/crypto/blake2b @@ -662,7 +662,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.20.0 +# golang.org/x/net v0.21.0 ## explicit; go 1.18 golang.org/x/net/context golang.org/x/net/html @@ -684,14 +684,14 @@ golang.org/x/oauth2/internal # golang.org/x/sync v0.5.0 ## explicit; go 1.18 golang.org/x/sync/singleflight -# golang.org/x/sys v0.16.0 +# golang.org/x/sys v0.17.0 ## explicit; go 1.18 golang.org/x/sys/cpu golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.16.0 +# golang.org/x/term v0.17.0 ## explicit; go 1.18 golang.org/x/term # golang.org/x/text v0.14.0 From c943a38a0902180af68615e6ead53e1ee1687dcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 20:25:59 +0000 Subject: [PATCH 02/12] rebase: bump the k8s-dependencies group with 1 update Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.17.0 to 0.17.1 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/modules.txt | 2 +- .../pkg/client/apiutil/restmapper.go | 51 ++++++++++++++----- 4 files changed, 41 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 2ce38295e..54c311ac4 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( k8s.io/mount-utils v0.29.1 k8s.io/pod-security-admission v0.0.0 k8s.io/utils v0.0.0-20230726121419-3b25d923346b - sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/controller-runtime v0.17.1 ) require ( diff --git a/go.sum b/go.sum index 200cbba30..67711a5ef 100644 --- a/go.sum +++ b/go.sum @@ -2675,8 +2675,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.1 h1:V1dQELMGVk46YVXXQUbTFujU7u4DQj6YUj9Rb6cuzz8= +sigs.k8s.io/controller-runtime v0.17.1/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= diff --git a/vendor/modules.txt b/vendor/modules.txt index 68bc571b8..7f49e633d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1604,7 +1604,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client -# sigs.k8s.io/controller-runtime v0.17.0 +# sigs.k8s.io/controller-runtime v0.17.1 ## explicit; go 1.21 sigs.k8s.io/controller-runtime/pkg/cache sigs.k8s.io/controller-runtime/pkg/cache/internal diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go b/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go index 5af02063b..24af330c8 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go @@ -182,23 +182,28 @@ func (m *mapper) addKnownGroupAndReload(groupName string, versions ...string) er Group: metav1.APIGroup{Name: groupName}, VersionedResources: make(map[string][]metav1.APIResource), } + + // Update information for group resources about versioned resources. + // The number of API calls is equal to the number of versions: /apis//. + // If we encounter a missing API version (NotFound error), we will remove the group from + // the m.apiGroups and m.knownGroups caches. + // If this happens, in the next call the group will be added back to apiGroups + // and only the existing versions will be loaded in knownGroups. + groupVersionResources, err := m.fetchGroupVersionResourcesLocked(groupName, versions...) + if err != nil { + return fmt.Errorf("failed to get API group resources: %w", err) + } + if _, ok := m.knownGroups[groupName]; ok { groupResources = m.knownGroups[groupName] } - // Update information for group resources about versioned resources. - // The number of API calls is equal to the number of versions: /apis//. - groupVersionResources, err := m.fetchGroupVersionResources(groupName, versions...) - if err != nil { - return fmt.Errorf("failed to get API group resources: %w", err) - } - for version, resources := range groupVersionResources { - groupResources.VersionedResources[version.Version] = resources.APIResources - } - // Update information for group resources about the API group by adding new versions. // Ignore the versions that are already registered. - for _, version := range versions { + for groupVersion, resources := range groupVersionResources { + version := groupVersion.Version + + groupResources.VersionedResources[version] = resources.APIResources found := false for _, v := range groupResources.Group.Versions { if v.Version == version { @@ -265,8 +270,9 @@ func (m *mapper) findAPIGroupByName(groupName string) (*metav1.APIGroup, error) return m.apiGroups[groupName], nil } -// fetchGroupVersionResources fetches the resources for the specified group and its versions. -func (m *mapper) fetchGroupVersionResources(groupName string, versions ...string) (map[schema.GroupVersion]*metav1.APIResourceList, error) { +// fetchGroupVersionResourcesLocked fetches the resources for the specified group and its versions. +// This method might modify the cache so it needs to be called under the lock. +func (m *mapper) fetchGroupVersionResourcesLocked(groupName string, versions ...string) (map[schema.GroupVersion]*metav1.APIResourceList, error) { groupVersionResources := make(map[schema.GroupVersion]*metav1.APIResourceList) failedGroups := make(map[schema.GroupVersion]error) @@ -274,9 +280,16 @@ func (m *mapper) fetchGroupVersionResources(groupName string, versions ...string groupVersion := schema.GroupVersion{Group: groupName, Version: version} apiResourceList, err := m.client.ServerResourcesForGroupVersion(groupVersion.String()) - if err != nil && !apierrors.IsNotFound(err) { + if apierrors.IsNotFound(err) && m.isGroupVersionCached(groupVersion) { + // If the version is not found, we remove the group from the cache + // so it gets refreshed on the next call. + delete(m.apiGroups, groupName) + delete(m.knownGroups, groupName) + continue + } else if err != nil { failedGroups[groupVersion] = err } + if apiResourceList != nil { // even in case of error, some fallback might have been returned. groupVersionResources[groupVersion] = apiResourceList @@ -290,3 +303,13 @@ func (m *mapper) fetchGroupVersionResources(groupName string, versions ...string return groupVersionResources, nil } + +// isGroupVersionCached checks if a version for a group is cached in the known groups cache. +func (m *mapper) isGroupVersionCached(gv schema.GroupVersion) bool { + if cachedGroup, ok := m.knownGroups[gv.Group]; ok { + _, cached := cachedGroup.VersionedResources[gv.Version] + return cached + } + + return false +} From c9e64f947861240a9152ad8f22ea4c0d8a6b462f Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 14 Feb 2024 13:23:11 +0100 Subject: [PATCH 03/12] deploy: make the csi-*plugin containers the default for kubectl commands When issues or bugs are reported, users often share the logs of the default container in a Pod. These logs do not contain the required information, as that mostly only can be found in the logs of the Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin). By moving the Ceph-CSI containers in the Pods to the 1st in the list, they become the default container for commands like `kubectl logs`. Signed-off-by: Niels de Vos --- .../templates/nodeplugin-daemonset.yaml | 50 +++---- .../templates/provisioner-deployment.yaml | 98 +++++++------- .../templates/nodeplugin-daemonset.yaml | 50 +++---- .../templates/provisioner-deployment.yaml | 128 +++++++++--------- .../csi-cephfsplugin-provisioner.yaml | 98 +++++++------- .../cephfs/kubernetes/csi-cephfsplugin.yaml | 44 +++--- .../kubernetes/csi-nfsplugin-provisioner.yaml | 66 ++++----- deploy/nfs/kubernetes/csi-nfsplugin.yaml | 44 +++--- .../kubernetes/csi-rbdplugin-provisioner.yaml | 114 ++++++++-------- deploy/rbd/kubernetes/csi-rbdplugin.yaml | 44 +++--- 10 files changed, 368 insertions(+), 368 deletions(-) diff --git a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml index 84a3d7014..252013f99 100644 --- a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml @@ -42,31 +42,6 @@ spec: {{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}} {{- end }} containers: - - name: driver-registrar - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}" - imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }} - args: - - "--v={{ .Values.logLevel }}" - - "--csi-address=/csi/{{ .Values.pluginSocketFile }}" - - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: -{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} - name: csi-cephfsplugin image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} @@ -141,6 +116,31 @@ spec: mountPath: /csi/mountinfo resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}" + imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }} + args: + - "--v={{ .Values.logLevel }}" + - "--csi-address=/csi/{{ .Values.pluginSocketFile }}" + - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: +{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} {{- if .Values.nodeplugin.httpMetrics.enabled }} - name: liveness-prometheus securityContext: diff --git a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml index dcc15eef1..14b5be0da 100644 --- a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml @@ -67,6 +67,55 @@ spec: {{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}} {{- end }} containers: + - name: csi-cephfsplugin + image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--nodeid=$(NODE_ID)" + - "--type=cephfs" + - "--controllerserver=true" + - "--pidlimit=-1" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v={{ .Values.logLevel }}" + - "--drivername=$(DRIVER_NAME)" +{{- if .Values.provisioner.profiling.enabled }} + - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" +{{- end }} +{{- if .Values.provisioner.clustername }} + - "--clustername={{ .Values.provisioner.clustername }}" +{{- end }} + - "--setmetadata={{ .Values.provisioner.setmetadata }}" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DRIVER_NAME + value: {{ .Values.driverName }} + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: host-sys + mountPath: /sys + - name: lib-modules + mountPath: /lib/modules + readOnly: true + - name: host-dev + mountPath: /dev + - name: ceph-config + mountPath: /etc/ceph/ + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} - name: csi-provisioner image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}" imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }} @@ -134,55 +183,6 @@ spec: resources: {{ toYaml .Values.provisioner.resizer.resources | indent 12 }} {{- end }} - - name: csi-cephfsplugin - image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" - imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} - args: - - "--nodeid=$(NODE_ID)" - - "--type=cephfs" - - "--controllerserver=true" - - "--pidlimit=-1" - - "--endpoint=$(CSI_ENDPOINT)" - - "--v={{ .Values.logLevel }}" - - "--drivername=$(DRIVER_NAME)" -{{- if .Values.provisioner.profiling.enabled }} - - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" -{{- end }} -{{- if .Values.provisioner.clustername }} - - "--clustername={{ .Values.provisioner.clustername }}" -{{- end }} - - "--setmetadata={{ .Values.provisioner.setmetadata }}" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DRIVER_NAME - value: {{ .Values.driverName }} - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_ENDPOINT - value: "unix:///csi/{{ .Values.provisionerSocketFile }}" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: host-sys - mountPath: /sys - - name: lib-modules - mountPath: /lib/modules - readOnly: true - - name: host-dev - mountPath: /dev - - name: ceph-config - mountPath: /etc/ceph/ - - name: ceph-csi-config - mountPath: /etc/ceph-csi-config/ - - name: keys-tmp-dir - mountPath: /tmp/csi/keys - resources: -{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} {{- if .Values.provisioner.httpMetrics.enabled }} - name: liveness-prometheus image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml index 8de3093e4..925ea6908 100644 --- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml @@ -42,31 +42,6 @@ spec: {{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}} {{- end }} containers: - - name: driver-registrar - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}" - imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }} - args: - - "--v={{ .Values.logLevel }}" - - "--csi-address=/csi/{{ .Values.pluginSocketFile }}" - - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: -{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} - name: csi-rbdplugin image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} @@ -149,6 +124,31 @@ spec: readOnly: true resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}" + imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }} + args: + - "--v={{ .Values.logLevel }}" + - "--csi-address=/csi/{{ .Values.pluginSocketFile }}" + - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: +{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} {{- if .Values.nodeplugin.httpMetrics.enabled }} - name: liveness-prometheus securityContext: diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml index 824377afb..cc72b4098 100644 --- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml @@ -67,6 +67,70 @@ spec: {{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}} {{- end }} containers: + - name: csi-rbdplugin + image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--nodeid=$(NODE_ID)" + - "--type=rbd" + - "--controllerserver=true" + - "--pidlimit=-1" + - "--endpoint=$(CSI_ENDPOINT)" + - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" + - "--v={{ .Values.logLevel }}" + - "--drivername=$(DRIVER_NAME)" + - "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}" + - "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}" + - "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}" + - "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}" + {{- if .Values.provisioner.skipForceFlatten }} + - "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}" + {{- end }} + {{- if .Values.provisioner.profiling.enabled }} + - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" + {{- end }} + {{- if .Values.provisioner.clustername }} + - "--clustername={{ .Values.provisioner.clustername }}" + {{- end }} + - "--setmetadata={{ .Values.provisioner.setmetadata }}" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DRIVER_NAME + value: {{ .Values.driverName }} + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + - name: CSI_ADDONS_ENDPOINT + value: "unix:///csi/csi-addons.sock" + volumeMounts: + - name: socket-dir + mountPath: /csi + - mountPath: /dev + name: host-dev + - mountPath: /sys + name: host-sys + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: ceph-config + mountPath: /etc/ceph/ + - name: ceph-csi-encryption-kms-config + mountPath: /etc/ceph-csi-encryption-kms-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: oidc-token + mountPath: /run/secrets/tokens + readOnly: true + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} - name: csi-provisioner image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}" imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }} @@ -160,70 +224,6 @@ spec: resources: {{ toYaml .Values.provisioner.attacher.resources | indent 12 }} {{- end }} - - name: csi-rbdplugin - image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" - imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} - args: - - "--nodeid=$(NODE_ID)" - - "--type=rbd" - - "--controllerserver=true" - - "--pidlimit=-1" - - "--endpoint=$(CSI_ENDPOINT)" - - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" - - "--v={{ .Values.logLevel }}" - - "--drivername=$(DRIVER_NAME)" - - "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}" - - "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}" - - "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}" - - "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}" - {{- if .Values.provisioner.skipForceFlatten }} - - "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}" - {{- end }} - {{- if .Values.provisioner.profiling.enabled }} - - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" - {{- end }} - {{- if .Values.provisioner.clustername }} - - "--clustername={{ .Values.provisioner.clustername }}" - {{- end }} - - "--setmetadata={{ .Values.provisioner.setmetadata }}" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DRIVER_NAME - value: {{ .Values.driverName }} - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_ENDPOINT - value: "unix:///csi/{{ .Values.provisionerSocketFile }}" - - name: CSI_ADDONS_ENDPOINT - value: "unix:///csi/csi-addons.sock" - volumeMounts: - - name: socket-dir - mountPath: /csi - - mountPath: /dev - name: host-dev - - mountPath: /sys - name: host-sys - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - name: ceph-csi-config - mountPath: /etc/ceph-csi-config/ - - name: ceph-config - mountPath: /etc/ceph/ - - name: ceph-csi-encryption-kms-config - mountPath: /etc/ceph-csi-encryption-kms-config/ - - name: keys-tmp-dir - mountPath: /tmp/csi/keys - - name: oidc-token - mountPath: /run/secrets/tokens - readOnly: true - resources: -{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} {{- if .Values.provisioner.deployController }} - name: csi-rbdplugin-controller image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml index 1ae7f21d0..ee4c10883 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml @@ -42,6 +42,55 @@ spec: serviceAccountName: cephfs-csi-provisioner priorityClassName: system-cluster-critical containers: + - name: csi-cephfsplugin + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--nodeid=$(NODE_ID)" + - "--type=cephfs" + - "--controllerserver=true" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v=5" + - "--drivername=cephfs.csi.ceph.com" + - "--pidlimit=-1" + - "--enableprofiling=false" + - "--setmetadata=true" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi-provisioner.sock + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # - name: KMS_CONFIGMAP_NAME + # value: encryptionConfig + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: host-sys + mountPath: /sys + - name: lib-modules + mountPath: /lib/modules + readOnly: true + - name: host-dev + mountPath: /dev + - name: ceph-config + mountPath: /etc/ceph/ + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-csi-encryption-kms-config + mountPath: /etc/ceph-csi-encryption-kms-config/ - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 args: @@ -93,55 +142,6 @@ spec: volumeMounts: - name: socket-dir mountPath: /csi - - name: csi-cephfsplugin - # for stable functionality replace canary with latest release version - image: quay.io/cephcsi/cephcsi:canary - args: - - "--nodeid=$(NODE_ID)" - - "--type=cephfs" - - "--controllerserver=true" - - "--endpoint=$(CSI_ENDPOINT)" - - "--v=5" - - "--drivername=cephfs.csi.ceph.com" - - "--pidlimit=-1" - - "--enableprofiling=false" - - "--setmetadata=true" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_ENDPOINT - value: unix:///csi/csi-provisioner.sock - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # - name: KMS_CONFIGMAP_NAME - # value: encryptionConfig - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: host-sys - mountPath: /sys - - name: lib-modules - mountPath: /lib/modules - readOnly: true - - name: host-dev - mountPath: /dev - - name: ceph-config - mountPath: /etc/ceph/ - - name: ceph-csi-config - mountPath: /etc/ceph-csi-config/ - - name: keys-tmp-dir - mountPath: /tmp/csi/keys - - name: ceph-csi-encryption-kms-config - mountPath: /etc/ceph-csi-encryption-kms-config/ - name: liveness-prometheus image: quay.io/cephcsi/cephcsi:canary args: diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml index c021917c7..16ea3dcb7 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml @@ -20,28 +20,6 @@ spec: # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - - name: driver-registrar - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 - args: - - "--v=1" - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - name: csi-cephfsplugin securityContext: privileged: true @@ -121,6 +99,28 @@ spec: mountPath: /csi/mountinfo - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + args: + - "--v=1" + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration - name: liveness-prometheus securityContext: privileged: true diff --git a/deploy/nfs/kubernetes/csi-nfsplugin-provisioner.yaml b/deploy/nfs/kubernetes/csi-nfsplugin-provisioner.yaml index 8d3fd4f9c..a861e0d2d 100644 --- a/deploy/nfs/kubernetes/csi-nfsplugin-provisioner.yaml +++ b/deploy/nfs/kubernetes/csi-nfsplugin-provisioner.yaml @@ -39,6 +39,39 @@ spec: - csi-nfsplugin-provisioner topologyKey: "kubernetes.io/hostname" containers: + - name: csi-nfsplugin + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--nodeid=$(NODE_ID)" + - "--type=nfs" + - "--controllerserver=true" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v=5" + - "--drivername=nfs.csi.ceph.com" + - "--pidlimit=-1" + - "--enableprofiling=false" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi-provisioner.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: host-sys + mountPath: /sys + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 args: @@ -87,39 +120,6 @@ spec: volumeMounts: - name: socket-dir mountPath: /csi - - name: csi-nfsplugin - # for stable functionality replace canary with latest release version - image: quay.io/cephcsi/cephcsi:canary - args: - - "--nodeid=$(NODE_ID)" - - "--type=nfs" - - "--controllerserver=true" - - "--endpoint=$(CSI_ENDPOINT)" - - "--v=5" - - "--drivername=nfs.csi.ceph.com" - - "--pidlimit=-1" - - "--enableprofiling=false" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_ENDPOINT - value: unix:///csi/csi-provisioner.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: host-sys - mountPath: /sys - - name: ceph-csi-config - mountPath: /etc/ceph-csi-config/ - - name: keys-tmp-dir - mountPath: /tmp/csi/keys - name: liveness-prometheus image: quay.io/cephcsi/cephcsi:canary args: diff --git a/deploy/nfs/kubernetes/csi-nfsplugin.yaml b/deploy/nfs/kubernetes/csi-nfsplugin.yaml index 960abd456..557a35980 100644 --- a/deploy/nfs/kubernetes/csi-nfsplugin.yaml +++ b/deploy/nfs/kubernetes/csi-nfsplugin.yaml @@ -20,28 +20,6 @@ spec: # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - - name: driver-registrar - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 - args: - - "--v=1" - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/nfs.csi.ceph.com/csi.sock" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - name: csi-nfsplugin securityContext: privileged: true @@ -95,6 +73,28 @@ spec: mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + args: + - "--v=1" + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/nfs.csi.ceph.com/csi.sock" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration volumes: - name: socket-dir hostPath: diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml index 17ece12ae..b8344c22f 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml @@ -46,6 +46,63 @@ spec: serviceAccountName: rbd-csi-provisioner priorityClassName: system-cluster-critical containers: + - name: csi-rbdplugin + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--nodeid=$(NODE_ID)" + - "--type=rbd" + - "--controllerserver=true" + - "--endpoint=$(CSI_ENDPOINT)" + - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" + - "--v=5" + - "--drivername=rbd.csi.ceph.com" + - "--pidlimit=-1" + - "--rbdhardmaxclonedepth=8" + - "--rbdsoftmaxclonedepth=4" + - "--enableprofiling=false" + - "--setmetadata=true" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # - name: KMS_CONFIGMAP_NAME + # value: encryptionConfig + - name: CSI_ENDPOINT + value: unix:///csi/csi-provisioner.sock + - name: CSI_ADDONS_ENDPOINT + value: unix:///csi/csi-addons.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - mountPath: /dev + name: host-dev + - mountPath: /sys + name: host-sys + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: ceph-csi-encryption-kms-config + mountPath: /etc/ceph-csi-encryption-kms-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ + - name: oidc-token + mountPath: /run/secrets/tokens + readOnly: true - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 args: @@ -115,63 +172,6 @@ spec: volumeMounts: - name: socket-dir mountPath: /csi - - name: csi-rbdplugin - # for stable functionality replace canary with latest release version - image: quay.io/cephcsi/cephcsi:canary - args: - - "--nodeid=$(NODE_ID)" - - "--type=rbd" - - "--controllerserver=true" - - "--endpoint=$(CSI_ENDPOINT)" - - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" - - "--v=5" - - "--drivername=rbd.csi.ceph.com" - - "--pidlimit=-1" - - "--rbdhardmaxclonedepth=8" - - "--rbdsoftmaxclonedepth=4" - - "--enableprofiling=false" - - "--setmetadata=true" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # - name: KMS_CONFIGMAP_NAME - # value: encryptionConfig - - name: CSI_ENDPOINT - value: unix:///csi/csi-provisioner.sock - - name: CSI_ADDONS_ENDPOINT - value: unix:///csi/csi-addons.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /csi - - mountPath: /dev - name: host-dev - - mountPath: /sys - name: host-sys - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - name: ceph-csi-config - mountPath: /etc/ceph-csi-config/ - - name: ceph-csi-encryption-kms-config - mountPath: /etc/ceph-csi-encryption-kms-config/ - - name: keys-tmp-dir - mountPath: /tmp/csi/keys - - name: ceph-config - mountPath: /etc/ceph/ - - name: oidc-token - mountPath: /run/secrets/tokens - readOnly: true - name: csi-rbdplugin-controller # for stable functionality replace canary with latest release version image: quay.io/cephcsi/cephcsi:canary diff --git a/deploy/rbd/kubernetes/csi-rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml index 403ababd4..0d0165f06 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml @@ -22,28 +22,6 @@ spec: # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - - name: driver-registrar - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 - args: - - "--v=1" - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - name: csi-rbdplugin securityContext: privileged: true @@ -131,6 +109,28 @@ spec: - name: oidc-token mountPath: /run/secrets/tokens readOnly: true + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + args: + - "--v=1" + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration - name: liveness-prometheus securityContext: privileged: true From 581efb3602eb532dc9dd03483e274dbcfacfc840 Mon Sep 17 00:00:00 2001 From: Riya Singhal Date: Wed, 3 Jan 2024 23:14:51 +0530 Subject: [PATCH 04/12] ci: update mergify rules for kubernetes 1.29 Signed-off-by: Riya Singhal --- .mergify.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.mergify.yml b/.mergify.yml index 935e40cc1..48086e3ab 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -75,12 +75,15 @@ queue_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" - "status-success=ci/centos/upgrade-tests-cephfs" - "status-success=ci/centos/upgrade-tests-rbd" - and: @@ -169,12 +172,15 @@ pull_request_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" - "status-success=ci/centos/upgrade-tests-cephfs" - "status-success=ci/centos/upgrade-tests-rbd" - "status-success=DCO" @@ -262,12 +268,15 @@ pull_request_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" - "status-success=ci/centos/upgrade-tests-cephfs" - "status-success=ci/centos/upgrade-tests-rbd" - "status-success=DCO" @@ -320,12 +329,15 @@ pull_request_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" - "status-success=ci/centos/upgrade-tests-cephfs" - "status-success=ci/centos/upgrade-tests-rbd" - "status-success=DCO" From f464f0b85d53db58466bc035d00991fc28a06936 Mon Sep 17 00:00:00 2001 From: Riya Singhal Date: Wed, 3 Jan 2024 23:25:40 +0530 Subject: [PATCH 05/12] ci: update mergify rules for release branches Signed-off-by: Riya Singhal --- .mergify.yml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/.mergify.yml b/.mergify.yml index 48086e3ab..b762885c4 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -37,6 +37,28 @@ queue_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" + - "status-success=ci/centos/mini-e2e/k8s-1.26" + - "status-success=ci/centos/mini-e2e/k8s-1.27" + - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" + - "status-success=ci/centos/upgrade-tests-cephfs" + - "status-success=ci/centos/upgrade-tests-rbd" + - and: + - base=release-v3.10 + - "status-success=codespell" + - "status-success=multi-arch-build" + - "status-success=go-test" + - "status-success=golangci-lint" + - "status-success=mod-check" + - "status-success=lint-extras" + - "status-success=ci/centos/k8s-e2e-external-storage/1.26" + - "status-success=ci/centos/k8s-e2e-external-storage/1.27" + - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" @@ -217,6 +239,35 @@ pull_request_rules: - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" + - "status-success=ci/centos/k8s-e2e-external-storage/1.29" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" + - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" + - "status-success=ci/centos/mini-e2e/k8s-1.26" + - "status-success=ci/centos/mini-e2e/k8s-1.27" + - "status-success=ci/centos/mini-e2e/k8s-1.28" + - "status-success=ci/centos/mini-e2e/k8s-1.29" + - "status-success=ci/centos/upgrade-tests-cephfs" + - "status-success=ci/centos/upgrade-tests-rbd" + - and: + - label!=DNM + - base=release-v3.10 + - "#approved-reviews-by>=2" + - "#changes-requested-reviews-by=0" + - "approved-reviews-by=@ceph/ceph-csi-contributors" + - "approved-reviews-by=@ceph/ceph-csi-maintainers" + - "status-success=DCO" + - "status-success=codespell" + - "status-success=commitlint" + - "status-success=go-test" + - "status-success=golangci-lint" + - "status-success=lint-extras" + - "status-success=mod-check" + - "status-success=multi-arch-build" + - "status-success=ci/centos/k8s-e2e-external-storage/1.26" + - "status-success=ci/centos/k8s-e2e-external-storage/1.27" + - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" From fe050557c9411d60b131b3951a91c89225445eb2 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 14 Feb 2024 17:34:38 +0100 Subject: [PATCH 06/12] ci: no need to test the devel branch with k8s v1.26 Signed-off-by: Niels de Vos --- .github/workflows/pull-request-commentor.yaml | 2 ++ .mergify.yml | 12 ------------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pull-request-commentor.yaml b/.github/workflows/pull-request-commentor.yaml index 115732d75..7c6c6e749 100644 --- a/.github/workflows/pull-request-commentor.yaml +++ b/.github/workflows/pull-request-commentor.yaml @@ -22,6 +22,8 @@ jobs: k8s: ["1.25", "1.26", "1.27", "1.28", "1.29"] exclude: # the next Ceph-CSI version will not be tested with old Kubernetes + - k8s: "1.26" + branch: "devel" - k8s: "1.25" branch: "devel" - k8s: "1.25" diff --git a/.mergify.yml b/.mergify.yml index b762885c4..97c894e65 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -94,15 +94,12 @@ queue_rules: - "status-success=golangci-lint" - "status-success=mod-check" - "status-success=lint-extras" - - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" - "status-success=ci/centos/mini-e2e/k8s-1.29" @@ -191,15 +188,12 @@ pull_request_rules: - "status-success=golangci-lint" - "status-success=mod-check" - "status-success=lint-extras" - - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" - "status-success=ci/centos/mini-e2e/k8s-1.29" @@ -316,15 +310,12 @@ pull_request_rules: - "status-success=commitlint" - "status-success=mod-check" - "status-success=lint-extras" - - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" - "status-success=ci/centos/mini-e2e/k8s-1.29" @@ -377,15 +368,12 @@ pull_request_rules: - "status-success=mod-check" - "status-success=lint-extras" - "#changes-requested-reviews-by=0" - - "status-success=ci/centos/k8s-e2e-external-storage/1.26" - "status-success=ci/centos/k8s-e2e-external-storage/1.27" - "status-success=ci/centos/k8s-e2e-external-storage/1.28" - "status-success=ci/centos/k8s-e2e-external-storage/1.29" - - "status-success=ci/centos/mini-e2e-helm/k8s-1.26" - "status-success=ci/centos/mini-e2e-helm/k8s-1.27" - "status-success=ci/centos/mini-e2e-helm/k8s-1.28" - "status-success=ci/centos/mini-e2e-helm/k8s-1.29" - - "status-success=ci/centos/mini-e2e/k8s-1.26" - "status-success=ci/centos/mini-e2e/k8s-1.27" - "status-success=ci/centos/mini-e2e/k8s-1.28" - "status-success=ci/centos/mini-e2e/k8s-1.29" From 5f24d1634f0a7ca56ea3eb262be5aed726b14888 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:15:29 +0100 Subject: [PATCH 07/12] ci: update snapshotter to latest version updating csi snapshotter deployment to pull image and rbac from latest released version. Signed-off-by: Madhu Rajanna --- build.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.env b/build.env index 75448aaae..32e7dafcf 100644 --- a/build.env +++ b/build.env @@ -30,7 +30,7 @@ GOLANGCI_VERSION=v1.54.1 # external snapshotter version # Refer: https://github.com/kubernetes-csi/external-snapshotter/releases -SNAPSHOT_VERSION=v6.2.2 +SNAPSHOT_VERSION=v7.0.1 # "go test" configuration # set to stdout or html to enable coverage reporting, disabled by default From 98b2a32767e321c2294b09026389dd26efddee65 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:17:45 +0100 Subject: [PATCH 08/12] ci: install latest version of snapshotter Install latest version of snapshotter and also take care of create/delete of new CRD's and required flag for volumegroupsnapshot operation Signed-off-by: Madhu Rajanna --- scripts/install-snapshot.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/scripts/install-snapshot.sh b/scripts/install-snapshot.sh index eb72b2ae2..fc204ad3e 100755 --- a/scripts/install-snapshot.sh +++ b/scripts/install-snapshot.sh @@ -21,6 +21,11 @@ SNAPSHOTCLASS="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_volu VOLUME_SNAPSHOT_CONTENT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml" VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml" +# volumegroupsnapshot CRD +VOLUME_GROUP_SNAPSHOTCLASS="${SNAPSHOTTER_URL}/client/config/crd/groupsnapshot.storage.k8s.io_volumegroupsnapshotclasses.yaml" +VOLUME_GROUP_SNAPSHOT_CONTENT="${SNAPSHOTTER_URL}/client/config/crd/groupsnapshot.storage.k8s.io_volumegroupsnapshotcontents.yaml" +VOLUME_GROUP_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/groupsnapshot.storage.k8s.io_volumegroupsnapshots.yaml" + function install_snapshot_controller() { local namespace=$1 if [ -z "${namespace}" ]; then @@ -68,6 +73,24 @@ function create_or_delete_resource() { sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}" sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}" + if [ "${operation}" == "create" ]; then + # Argument to add/update + ARGUMENT="--enable-volume-group-snapshots=true" + # Check if the argument is already present and set to false + if grep -q -E "^\s+-\s+--enable-volume-group-snapshots=false" "${temp_snap_controller}"; then + sed -i -E "s/^\s+-\s+--enable-volume-group-snapshots=false$/ - $ARGUMENT/" "${temp_snap_controller}" + # Check if the argument is already present and set to true + elif grep -q -E "^\s+-\s+--enable-volume-group-snapshots=true" "${temp_snap_controller}"; then + echo "Argument already present and matching." + else + # Add the argument if it's not present + sed -i -E "/^(\s+)args:/a\ \ - $ARGUMENT" "${temp_snap_controller}" + fi + fi + + kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOTCLASS}" + kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOT_CONTENT}" + kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOT}" kubectl "${operation}" -f "${temp_rbac}" kubectl "${operation}" -f "${temp_snap_controller}" -n "${namespace}" kubectl "${operation}" -f "${SNAPSHOTCLASS}" From 11031091ef5742747fdf3058f58a27a529bcb23e Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:20:02 +0100 Subject: [PATCH 09/12] ci: remove unused function remove unused function from the install-snapshot script Signed-off-by: Madhu Rajanna --- scripts/install-snapshot.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/scripts/install-snapshot.sh b/scripts/install-snapshot.sh index fc204ad3e..378061716 100755 --- a/scripts/install-snapshot.sh +++ b/scripts/install-snapshot.sh @@ -98,12 +98,6 @@ function create_or_delete_resource() { kubectl "${operation}" -f "${VOLUME_SNAPSHOT}" } -function delete_snapshot_crd() { - kubectl delete -f "${SNAPSHOTCLASS}" --ignore-not-found - kubectl delete -f "${VOLUME_SNAPSHOT_CONTENT}" --ignore-not-found - kubectl delete -f "${VOLUME_SNAPSHOT}" --ignore-not-found -} - case "${1:-}" in install) install_snapshot_controller "$2" From 5c17d845b2351e7757a1cec29dbe613a7bafdb41 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:27:37 +0100 Subject: [PATCH 10/12] ci: fix image version replacement canary tag is no more used in the snapshotter yaml and latest version are used, instead of searching for tag check for the image name and do sed to replace the required tag only. Signed-off-by: Madhu Rajanna --- scripts/install-snapshot.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-snapshot.sh b/scripts/install-snapshot.sh index 378061716..91e8fa780 100755 --- a/scripts/install-snapshot.sh +++ b/scripts/install-snapshot.sh @@ -71,7 +71,7 @@ function create_or_delete_resource() { curl -o "${temp_snap_controller}" "${SNAPSHOT_CONTROLLER}" sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_rbac}" sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}" - sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}" + sed -i -E "s/(image: registry\.k8s\.io\/sig-storage\/snapshot-controller:).*$/\1$SNAPSHOT_VERSION/g" "${temp_snap_controller}" if [ "${operation}" == "create" ]; then # Argument to add/update From 89501a88656b04d1aa362101480d485a2a42caeb Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:32:51 +0100 Subject: [PATCH 11/12] ci: use kubectl_retry helper for kubectl use kubectl_retry helper to avoid intermediate failure and retry again Signed-off-by: Madhu Rajanna --- scripts/install-snapshot.sh | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/scripts/install-snapshot.sh b/scripts/install-snapshot.sh index 91e8fa780..20b57596f 100755 --- a/scripts/install-snapshot.sh +++ b/scripts/install-snapshot.sh @@ -7,6 +7,9 @@ SCRIPT_DIR="$(dirname "${0}")" # shellcheck source=build.env source "${SCRIPT_DIR}/../build.env" +# shellcheck disable=SC1091 +[ ! -e "${SCRIPT_DIR}"/utils.sh ] || source "${SCRIPT_DIR}"/utils.sh + SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v5.0.1"} TEMP_DIR="$(mktemp -d)" @@ -34,19 +37,19 @@ function install_snapshot_controller() { create_or_delete_resource "create" "${namespace}" - pod_ready=$(kubectl get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') + pod_ready=$(kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') INC=0 until [[ "${pod_ready}" == "true" || $INC -gt 20 ]]; do sleep 10 ((++INC)) - pod_ready=$(kubectl get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') + pod_ready=$(kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') echo "snapshotter pod status: ${pod_ready}" done if [ "${pod_ready}" != "true" ]; then echo "snapshotter controller creation failed" - kubectl get pods -l app=snapshot-controller -n "${namespace}" - kubectl describe po -l app=snapshot-controller -n "${namespace}" + kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" + kubectl_retry describe po -l app=snapshot-controller -n "${namespace}" exit 1 fi @@ -88,14 +91,14 @@ function create_or_delete_resource() { fi fi - kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOTCLASS}" - kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOT_CONTENT}" - kubectl "${operation}" -f "${VOLUME_GROUP_SNAPSHOT}" - kubectl "${operation}" -f "${temp_rbac}" - kubectl "${operation}" -f "${temp_snap_controller}" -n "${namespace}" - kubectl "${operation}" -f "${SNAPSHOTCLASS}" - kubectl "${operation}" -f "${VOLUME_SNAPSHOT_CONTENT}" - kubectl "${operation}" -f "${VOLUME_SNAPSHOT}" + kubectl_retry "${operation}" -f "${VOLUME_GROUP_SNAPSHOTCLASS}" + kubectl_retry "${operation}" -f "${VOLUME_GROUP_SNAPSHOT_CONTENT}" + kubectl_retry "${operation}" -f "${VOLUME_GROUP_SNAPSHOT}" + kubectl_retry "${operation}" -f "${temp_rbac}" + kubectl_retry "${operation}" -f "${temp_snap_controller}" -n "${namespace}" + kubectl_retry "${operation}" -f "${SNAPSHOTCLASS}" + kubectl_retry "${operation}" -f "${VOLUME_SNAPSHOT_CONTENT}" + kubectl_retry "${operation}" -f "${VOLUME_SNAPSHOT}" } case "${1:-}" in From 0a82f176718a6f66b20b5da6540d80a63eb45d2b Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Thu, 15 Feb 2024 13:51:12 +0100 Subject: [PATCH 12/12] ci: use new label for snapshot controller with new release of snapshotter the labels are changed, this commit uses the new labels to list the snapshot controller pod. Signed-off-by: Madhu Rajanna --- scripts/install-snapshot.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install-snapshot.sh b/scripts/install-snapshot.sh index 20b57596f..2f0b12b5d 100755 --- a/scripts/install-snapshot.sh +++ b/scripts/install-snapshot.sh @@ -37,19 +37,19 @@ function install_snapshot_controller() { create_or_delete_resource "create" "${namespace}" - pod_ready=$(kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') + pod_ready=$(kubectl_retry get pods -l app.kubernetes.io/name=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') INC=0 until [[ "${pod_ready}" == "true" || $INC -gt 20 ]]; do sleep 10 ((++INC)) - pod_ready=$(kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') + pod_ready=$(kubectl_retry get pods -l app.kubernetes.io/name=snapshot-controller -n "${namespace}" -o jsonpath='{.items[0].status.containerStatuses[0].ready}') echo "snapshotter pod status: ${pod_ready}" done if [ "${pod_ready}" != "true" ]; then echo "snapshotter controller creation failed" - kubectl_retry get pods -l app=snapshot-controller -n "${namespace}" - kubectl_retry describe po -l app=snapshot-controller -n "${namespace}" + kubectl_retry get pods -l app.kubernetes.io/name=snapshot-controller -n "${namespace}" + kubectl_retry describe po -l app.kubernetes.io/name=snapshot-controller -n "${namespace}" exit 1 fi