mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-12 16:10:19 +00:00
rebase: bump sigs.k8s.io/controller-runtime
Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.19.2 to 0.19.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.19.2...v0.19.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
8ffd9f515a
commit
8726f1b68e
2
go.mod
2
go.mod
@ -42,7 +42,7 @@ require (
|
||||
k8s.io/mount-utils v0.31.3
|
||||
k8s.io/pod-security-admission v0.31.3
|
||||
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
|
||||
sigs.k8s.io/controller-runtime v0.19.2
|
||||
sigs.k8s.io/controller-runtime v0.19.3
|
||||
)
|
||||
|
||||
require (
|
||||
|
4
go.sum
4
go.sum
@ -3572,8 +3572,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
|
||||
sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I=
|
||||
sigs.k8s.io/controller-runtime v0.19.2 h1:3sPrF58XQEPzbE8T81TN6selQIMGbtYwuaJ6eDssDF8=
|
||||
sigs.k8s.io/controller-runtime v0.19.2/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
|
||||
sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
|
||||
sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
|
||||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
|
||||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
|
||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1785,7 +1785,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
|
||||
# sigs.k8s.io/controller-runtime v0.19.2
|
||||
# sigs.k8s.io/controller-runtime v0.19.3
|
||||
## explicit; go 1.22.0
|
||||
sigs.k8s.io/controller-runtime/pkg/cache
|
||||
sigs.k8s.io/controller-runtime/pkg/cache/internal
|
||||
|
170
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/certwatcher.go
generated
vendored
170
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/certwatcher.go
generated
vendored
@ -17,58 +17,55 @@ limitations under the License.
|
||||
package certwatcher
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"os"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/fsnotify/fsnotify"
|
||||
kerrors "k8s.io/apimachinery/pkg/util/errors"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics"
|
||||
logf "sigs.k8s.io/controller-runtime/pkg/internal/log"
|
||||
)
|
||||
|
||||
var log = logf.RuntimeLog.WithName("certwatcher")
|
||||
|
||||
// CertWatcher watches certificate and key files for changes. When either file
|
||||
// changes, it reads and parses both and calls an optional callback with the new
|
||||
// certificate.
|
||||
const defaultWatchInterval = 10 * time.Second
|
||||
|
||||
// CertWatcher watches certificate and key files for changes.
|
||||
// It always returns the cached version,
|
||||
// but periodically reads and parses certificate and key for changes
|
||||
// and calls an optional callback with the new certificate.
|
||||
type CertWatcher struct {
|
||||
sync.RWMutex
|
||||
|
||||
currentCert *tls.Certificate
|
||||
watcher *fsnotify.Watcher
|
||||
interval time.Duration
|
||||
|
||||
certPath string
|
||||
keyPath string
|
||||
|
||||
cachedKeyPEMBlock []byte
|
||||
|
||||
// callback is a function to be invoked when the certificate changes.
|
||||
callback func(tls.Certificate)
|
||||
}
|
||||
|
||||
// New returns a new CertWatcher watching the given certificate and key.
|
||||
func New(certPath, keyPath string) (*CertWatcher, error) {
|
||||
var err error
|
||||
|
||||
cw := &CertWatcher{
|
||||
certPath: certPath,
|
||||
keyPath: keyPath,
|
||||
interval: defaultWatchInterval,
|
||||
}
|
||||
|
||||
// Initial read of certificate and key.
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return cw, cw.ReadCertificate()
|
||||
}
|
||||
|
||||
cw.watcher, err = fsnotify.NewWatcher()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return cw, nil
|
||||
// WithWatchInterval sets the watch interval and returns the CertWatcher pointer
|
||||
func (cw *CertWatcher) WithWatchInterval(interval time.Duration) *CertWatcher {
|
||||
cw.interval = interval
|
||||
return cw
|
||||
}
|
||||
|
||||
// RegisterCallback registers a callback to be invoked when the certificate changes.
|
||||
@ -91,72 +88,71 @@ func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate,
|
||||
|
||||
// Start starts the watch on the certificate and key files.
|
||||
func (cw *CertWatcher) Start(ctx context.Context) error {
|
||||
files := sets.New(cw.certPath, cw.keyPath)
|
||||
|
||||
{
|
||||
var watchErr error
|
||||
if err := wait.PollUntilContextTimeout(ctx, 1*time.Second, 10*time.Second, true, func(ctx context.Context) (done bool, err error) {
|
||||
for _, f := range files.UnsortedList() {
|
||||
if err := cw.watcher.Add(f); err != nil {
|
||||
watchErr = err
|
||||
return false, nil //nolint:nilerr // We want to keep trying.
|
||||
}
|
||||
// We've added the watch, remove it from the set.
|
||||
files.Delete(f)
|
||||
}
|
||||
return true, nil
|
||||
}); err != nil {
|
||||
return fmt.Errorf("failed to add watches: %w", kerrors.NewAggregate([]error{err, watchErr}))
|
||||
}
|
||||
}
|
||||
|
||||
go cw.Watch()
|
||||
ticker := time.NewTicker(cw.interval)
|
||||
defer ticker.Stop()
|
||||
|
||||
log.Info("Starting certificate watcher")
|
||||
|
||||
// Block until the context is done.
|
||||
<-ctx.Done()
|
||||
|
||||
return cw.watcher.Close()
|
||||
}
|
||||
|
||||
// Watch reads events from the watcher's channel and reacts to changes.
|
||||
func (cw *CertWatcher) Watch() {
|
||||
for {
|
||||
select {
|
||||
case event, ok := <-cw.watcher.Events:
|
||||
// Channel is closed.
|
||||
if !ok {
|
||||
return
|
||||
case <-ctx.Done():
|
||||
return nil
|
||||
case <-ticker.C:
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
log.Error(err, "failed read certificate")
|
||||
}
|
||||
|
||||
cw.handleEvent(event)
|
||||
|
||||
case err, ok := <-cw.watcher.Errors:
|
||||
// Channel is closed.
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
log.Error(err, "certificate watch error")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Watch used to read events from the watcher's channel and reacts to changes,
|
||||
// it has currently no function and it's left here for backward compatibility until a future release.
|
||||
//
|
||||
// Deprecated: fsnotify has been removed and Start() is now polling instead.
|
||||
func (cw *CertWatcher) Watch() {
|
||||
}
|
||||
|
||||
// updateCachedCertificate checks if the new certificate differs from the cache,
|
||||
// updates it and returns the result if it was updated or not
|
||||
func (cw *CertWatcher) updateCachedCertificate(cert *tls.Certificate, keyPEMBlock []byte) bool {
|
||||
cw.Lock()
|
||||
defer cw.Unlock()
|
||||
|
||||
if cw.currentCert != nil &&
|
||||
bytes.Equal(cw.currentCert.Certificate[0], cert.Certificate[0]) &&
|
||||
bytes.Equal(cw.cachedKeyPEMBlock, keyPEMBlock) {
|
||||
log.V(7).Info("certificate already cached")
|
||||
return false
|
||||
}
|
||||
cw.currentCert = cert
|
||||
cw.cachedKeyPEMBlock = keyPEMBlock
|
||||
return true
|
||||
}
|
||||
|
||||
// ReadCertificate reads the certificate and key files from disk, parses them,
|
||||
// and updates the current certificate on the watcher. If a callback is set, it
|
||||
// and updates the current certificate on the watcher if updated. If a callback is set, it
|
||||
// is invoked with the new certificate.
|
||||
func (cw *CertWatcher) ReadCertificate() error {
|
||||
metrics.ReadCertificateTotal.Inc()
|
||||
cert, err := tls.LoadX509KeyPair(cw.certPath, cw.keyPath)
|
||||
certPEMBlock, err := os.ReadFile(cw.certPath)
|
||||
if err != nil {
|
||||
metrics.ReadCertificateErrors.Inc()
|
||||
return err
|
||||
}
|
||||
keyPEMBlock, err := os.ReadFile(cw.keyPath)
|
||||
if err != nil {
|
||||
metrics.ReadCertificateErrors.Inc()
|
||||
return err
|
||||
}
|
||||
|
||||
cw.Lock()
|
||||
cw.currentCert = &cert
|
||||
cw.Unlock()
|
||||
cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
|
||||
if err != nil {
|
||||
metrics.ReadCertificateErrors.Inc()
|
||||
return err
|
||||
}
|
||||
|
||||
if !cw.updateCachedCertificate(&cert, keyPEMBlock) {
|
||||
return nil
|
||||
}
|
||||
|
||||
log.Info("Updated current TLS certificate")
|
||||
|
||||
@ -170,39 +166,3 @@ func (cw *CertWatcher) ReadCertificate() error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (cw *CertWatcher) handleEvent(event fsnotify.Event) {
|
||||
// Only care about events which may modify the contents of the file.
|
||||
if !(isWrite(event) || isRemove(event) || isCreate(event) || isChmod(event)) {
|
||||
return
|
||||
}
|
||||
|
||||
log.V(1).Info("certificate event", "event", event)
|
||||
|
||||
// If the file was removed or renamed, re-add the watch to the previous name
|
||||
if isRemove(event) || isChmod(event) {
|
||||
if err := cw.watcher.Add(event.Name); err != nil {
|
||||
log.Error(err, "error re-watching file")
|
||||
}
|
||||
}
|
||||
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
log.Error(err, "error re-reading certificate")
|
||||
}
|
||||
}
|
||||
|
||||
func isWrite(event fsnotify.Event) bool {
|
||||
return event.Op.Has(fsnotify.Write)
|
||||
}
|
||||
|
||||
func isCreate(event fsnotify.Event) bool {
|
||||
return event.Op.Has(fsnotify.Create)
|
||||
}
|
||||
|
||||
func isRemove(event fsnotify.Event) bool {
|
||||
return event.Op.Has(fsnotify.Remove)
|
||||
}
|
||||
|
||||
func isChmod(event fsnotify.Event) bool {
|
||||
return event.Op.Has(fsnotify.Chmod)
|
||||
}
|
||||
|
1
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics/metrics.go
generated
vendored
1
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics/metrics.go
generated
vendored
@ -18,6 +18,7 @@ package metrics
|
||||
|
||||
import (
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
|
||||
"sigs.k8s.io/controller-runtime/pkg/metrics"
|
||||
)
|
||||
|
||||
|
25
vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go
generated
vendored
25
vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go
generated
vendored
@ -20,6 +20,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
coordinationv1client "k8s.io/client-go/kubernetes/typed/coordination/v1"
|
||||
@ -49,6 +50,12 @@ type Options struct {
|
||||
// LeaderElectionID determines the name of the resource that leader election
|
||||
// will use for holding the leader lock.
|
||||
LeaderElectionID string
|
||||
|
||||
// RenewDeadline is the renew deadline for this leader election client.
|
||||
// Must be set to ensure the resource lock has an appropriate client timeout.
|
||||
// Without that, a single slow response from the API server can result
|
||||
// in losing leadership.
|
||||
RenewDeadline time.Duration
|
||||
}
|
||||
|
||||
// NewResourceLock creates a new resource lock for use in a leader election loop.
|
||||
@ -88,6 +95,20 @@ func NewResourceLock(config *rest.Config, recorderProvider recorder.Provider, op
|
||||
|
||||
// Construct clients for leader election
|
||||
rest.AddUserAgent(config, "leader-election")
|
||||
|
||||
if options.RenewDeadline != 0 {
|
||||
return resourcelock.NewFromKubeconfig(options.LeaderElectionResourceLock,
|
||||
options.LeaderElectionNamespace,
|
||||
options.LeaderElectionID,
|
||||
resourcelock.ResourceLockConfig{
|
||||
Identity: id,
|
||||
EventRecorder: recorderProvider.GetEventRecorderFor(id),
|
||||
},
|
||||
config,
|
||||
options.RenewDeadline,
|
||||
)
|
||||
}
|
||||
|
||||
corev1Client, err := corev1client.NewForConfig(config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -97,7 +118,6 @@ func NewResourceLock(config *rest.Config, recorderProvider recorder.Provider, op
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return resourcelock.New(options.LeaderElectionResourceLock,
|
||||
options.LeaderElectionNamespace,
|
||||
options.LeaderElectionID,
|
||||
@ -106,7 +126,8 @@ func NewResourceLock(config *rest.Config, recorderProvider recorder.Provider, op
|
||||
resourcelock.ResourceLockConfig{
|
||||
Identity: id,
|
||||
EventRecorder: recorderProvider.GetEventRecorderFor(id),
|
||||
})
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
func getInClusterNamespace() (string, error) {
|
||||
|
1
vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go
generated
vendored
1
vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go
generated
vendored
@ -389,6 +389,7 @@ func New(config *rest.Config, options Options) (Manager, error) {
|
||||
LeaderElectionResourceLock: options.LeaderElectionResourceLock,
|
||||
LeaderElectionID: options.LeaderElectionID,
|
||||
LeaderElectionNamespace: options.LeaderElectionNamespace,
|
||||
RenewDeadline: *options.RenewDeadline,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
Loading…
Reference in New Issue
Block a user