diff --git a/api/go.mod b/api/go.mod index c3dc220f7..e0ffe73b5 100644 --- a/api/go.mod +++ b/api/go.mod @@ -6,7 +6,7 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/openshift/api v0.0.0-20240115183315-0793e918179d github.com/stretchr/testify v1.9.0 - k8s.io/api v0.30.1 + k8s.io/api v0.30.2 ) require ( @@ -23,7 +23,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apimachinery v0.30.1 // indirect + k8s.io/apimachinery v0.30.2 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/api/go.sum b/api/go.sum index 79cc3e8a0..dde255efe 100644 --- a/api/go.sum +++ b/api/go.sum @@ -5,8 +5,6 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -81,10 +79,10 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= diff --git a/api/vendor/modules.txt b/api/vendor/modules.txt index bc74cf9fb..5bc91bf19 100644 --- a/api/vendor/modules.txt +++ b/api/vendor/modules.txt @@ -55,12 +55,12 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.30.1 +# k8s.io/api v0.30.2 ## explicit; go 1.22.0 k8s.io/api/core/v1 k8s.io/api/rbac/v1 k8s.io/api/storage/v1 -# k8s.io/apimachinery v0.30.1 +# k8s.io/apimachinery v0.30.2 ## explicit; go 1.22.0 k8s.io/apimachinery/pkg/api/resource k8s.io/apimachinery/pkg/apis/meta/v1 diff --git a/go.mod b/go.mod index 9ee258bbb..ad8bd0d94 100644 --- a/go.mod +++ b/go.mod @@ -33,14 +33,14 @@ require ( // // when updating k8s.io/kubernetes, make sure to update the replace section too // - k8s.io/api v0.30.1 - k8s.io/apimachinery v0.30.1 + k8s.io/api v0.30.2 + k8s.io/apimachinery v0.30.2 k8s.io/client-go v12.0.0+incompatible - k8s.io/cloud-provider v0.30.1 + k8s.io/cloud-provider v0.30.2 k8s.io/klog/v2 v2.120.1 k8s.io/kubernetes v1.30.1 - k8s.io/mount-utils v0.29.3 - k8s.io/pod-security-admission v0.30.1 + k8s.io/mount-utils v0.30.2 + k8s.io/pod-security-admission v0.30.2 k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/controller-runtime v0.18.4 ) @@ -175,11 +175,11 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.30.1 // indirect - k8s.io/apiserver v0.30.1 // indirect - k8s.io/component-base v0.30.1 // indirect - k8s.io/component-helpers v0.30.1 // indirect - k8s.io/controller-manager v0.30.1 // indirect - k8s.io/kms v0.30.1 // indirect + k8s.io/apiserver v0.30.2 // indirect + k8s.io/component-base v0.30.2 // indirect + k8s.io/component-helpers v0.30.2 // indirect + k8s.io/controller-manager v0.30.2 // indirect + k8s.io/kms v0.30.2 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.0.0 // indirect k8s.io/kubelet v0.0.0 // indirect @@ -199,35 +199,35 @@ replace ( // // k8s.io/kubernetes depends on these k8s.io packages, but unversioned // - k8s.io/api => k8s.io/api v0.30.1 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.1 - k8s.io/apimachinery => k8s.io/apimachinery v0.30.1 - k8s.io/apiserver => k8s.io/apiserver v0.30.1 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.1 - k8s.io/client-go => k8s.io/client-go v0.30.1 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.1 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.1 - k8s.io/code-generator => k8s.io/code-generator v0.30.1 - k8s.io/component-base => k8s.io/component-base v0.30.1 - k8s.io/component-helpers => k8s.io/component-helpers v0.30.1 - k8s.io/controller-manager => k8s.io/controller-manager v0.30.1 - k8s.io/cri-api => k8s.io/cri-api v0.30.1 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.1 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.1 - k8s.io/endpointslice => k8s.io/endpointslice v0.30.1 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.1 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.1 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.1 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.1 - k8s.io/kubectl => k8s.io/kubectl v0.30.1 - k8s.io/kubelet => k8s.io/kubelet v0.30.1 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.1 - k8s.io/metrics => k8s.io/metrics v0.30.1 + k8s.io/api => k8s.io/api v0.30.2 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.2 + k8s.io/apimachinery => k8s.io/apimachinery v0.30.2 + k8s.io/apiserver => k8s.io/apiserver v0.30.2 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.2 + k8s.io/client-go => k8s.io/client-go v0.30.2 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.2 + k8s.io/code-generator => k8s.io/code-generator v0.30.2 + k8s.io/component-base => k8s.io/component-base v0.30.2 + k8s.io/component-helpers => k8s.io/component-helpers v0.30.2 + k8s.io/controller-manager => k8s.io/controller-manager v0.30.2 + k8s.io/cri-api => k8s.io/cri-api v0.30.2 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2 + k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2 + k8s.io/kubectl => k8s.io/kubectl v0.30.2 + k8s.io/kubelet => k8s.io/kubelet v0.30.2 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2 + k8s.io/metrics => k8s.io/metrics v0.30.2 // TODO: replace with latest once https://github.com/ceph/ceph-csi/issues/4633 is fixed k8s.io/mount-utils => k8s.io/mount-utils v0.29.3 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.1 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.1 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2 // layeh.com seems to be misbehaving layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917 ) diff --git a/go.sum b/go.sum index d6f883ff5..00a143863 100644 --- a/go.sum +++ b/go.sum @@ -2609,27 +2609,27 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= -k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= -k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= -k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= -k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= -k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= -k8s.io/cloud-provider v0.30.1 h1:OslHpog97zG9Kr7/vV1ki8nLKq8xTPUkN/kepCxBqKI= -k8s.io/cloud-provider v0.30.1/go.mod h1:1uZp+FSskXQoeAAIU91/XCO8X/9N1U3z5usYeSLT4MI= -k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= -k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= -k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= -k8s.io/component-helpers v0.30.1 h1:/UcxSLzZ0owluTE2WMDrFfZl2L+WVXKdYYYm68qnH7U= -k8s.io/component-helpers v0.30.1/go.mod h1:b1Xk27UJ3p/AmPqDx7khrnSxrdwQy9gTP7O1y6MZ6rg= -k8s.io/controller-manager v0.30.1 h1:vrpfinHQWGf40U08Zmrt+QxK/2yTgjJl/9DKtjaB1gI= -k8s.io/controller-manager v0.30.1/go.mod h1:8rTEPbn8LRKC/vS+If+JAKBfsftCfTMaF8/n4SJC+PQ= -k8s.io/csi-translation-lib v0.30.1 h1:fIBtNMQjyr7HFv3xGSSH9cWOQS1K1kIBmZ1zRsHuVKs= -k8s.io/csi-translation-lib v0.30.1/go.mod h1:l0HrIBIxUKRvqnNWqn6AXTYgUa2mAFLT6bjo1lU+55U= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= +k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= +k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/cloud-provider v0.30.2 h1:yov6r02v7sMUNNvzEz51LtL2krn2c1wsC+dy/8BxKQI= +k8s.io/cloud-provider v0.30.2/go.mod h1:w69t2dSjDtI9BYK6SEqj6HmMKIojEk08fXRoUzjFN2I= +k8s.io/code-generator v0.30.2/go.mod h1:RQP5L67QxqgkVquk704CyvWFIq0e6RCMmLTXxjE8dVA= +k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= +k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= +k8s.io/component-helpers v0.30.2 h1:kDMYLiWEYeWU7H6jBI+Ua1i2hqNh0DzqDHNIppFC3po= +k8s.io/component-helpers v0.30.2/go.mod h1:tI0anfS6AbRqooaICkGg7UVAQLedOauVSQW9srDBnJw= +k8s.io/controller-manager v0.30.2 h1:tC7V7IdGUW2I4de3bXx4m2fS3naP7VlCYlECCajK9fU= +k8s.io/controller-manager v0.30.2/go.mod h1:CYltIHGhCgldEkXT5vS2JHCCWM1WyBI4kA2UfP9cZvY= +k8s.io/csi-translation-lib v0.30.2 h1:ZcFVMWDHg7feW3mtdl+xClgmw1Yxv7m9ysOKt8h3K8Y= +k8s.io/csi-translation-lib v0.30.2/go.mod h1:jFT8vquP6eSDUwDHk0mKT6uKFWlZp60ecUEUhmlGsOY= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -2639,22 +2639,22 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.30.1 h1:gEIbEeCbFiaN2tNfp/EUhFdGr5/CSj8Eyq6Mkr7cCiY= -k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kms v0.30.2 h1:VSZILO/tkzrz5Tu2j+yFQZ2Dc5JerQZX2GqhFJbQrfw= +k8s.io/kms v0.30.2/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.30.1 h1:sHFIRI3oP0FFZmBAVEE8ErjnTyXDPkBcvO88mH9RjuY= -k8s.io/kubectl v0.30.1/go.mod h1:7j+L0Cc38RYEcx+WH3y44jRBe1Q1jxdGPKkX0h4iDq0= -k8s.io/kubelet v0.30.1 h1:6gS1gWjrefUGfC/9n0ITOzxnKyt89FfkIhom70Bola4= -k8s.io/kubelet v0.30.1/go.mod h1:5IUeAt3YlIfLNdT/YfRuCCONfEefm7qfcqz81b002Z8= +k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8= +k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4= +k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY= +k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94= k8s.io/kubernetes v1.30.1 h1:XlqS6KslLEA5mQzLK2AJrhr4Z1m8oJfkhHiWJ5lue+I= k8s.io/kubernetes v1.30.1/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= k8s.io/mount-utils v0.29.3 h1:iEcqPP7Vv8UClH8nnMfovtmy/04fIloRW9JuSXykoZ0= k8s.io/mount-utils v0.29.3/go.mod h1:9IWJTMe8tG0MYMLEp60xK9GYVeCdA3g4LowmnVi+t9Y= -k8s.io/pod-security-admission v0.30.1 h1:r2NQSNXfnZDnm6KvLv1sYgai1ZXuO+m0qn11/Xymkf8= -k8s.io/pod-security-admission v0.30.1/go.mod h1:O5iry5U8N0CvtfI5kfe0CZ0Ct/KYj057j6Pa+QIwp24= +k8s.io/pod-security-admission v0.30.2 h1:UlHnkvvOr+rgQplOqD+SHzLUF8EgKIOCpDU8kaMeTQQ= +k8s.io/pod-security-admission v0.30.2/go.mod h1:gMUJUG9zOgNBk0VIz5BS7uIYiYPEoXkBSeHh6rG2m8c= k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= diff --git a/internal/cephfs/groupcontrollerserver.go b/internal/cephfs/groupcontrollerserver.go index 321ec5752..b5dfeaabb 100644 --- a/internal/cephfs/groupcontrollerserver.go +++ b/internal/cephfs/groupcontrollerserver.go @@ -461,11 +461,13 @@ func (cs *ControllerServer) createSnapshotAndAddMapping( } defer j.Destroy() // Add the snapshot to the volume group journal - err = j.AddVolumeSnapshotMapping(ctx, + err = j.AddVolumesMapping(ctx, vgo.MetadataPool, vgs.ReservedID, - req.GetSourceVolumeId(), - resp.GetSnapshot().GetSnapshotId()) + map[string]string{ + req.GetSourceVolumeId(): resp.GetSnapshot().GetSnapshotId(), + }, + ) if err != nil { log.ErrorLog(ctx, "failed to add volume snapshot mapping: %v", err) // Delete the last created snapshot as its still not added to the @@ -640,11 +642,11 @@ func (cs *ControllerServer) deleteSnapshotsAndUndoReservation(ctx context.Contex return err } // remove the entry from the omap - err = j.RemoveVolumeSnapshotMapping( + err = j.RemoveVolumesMapping( ctx, vgo.MetadataPool, vgsi.ReservedID, - volID) + []string{volID}) j.Destroy() if err != nil { log.ErrorLog(ctx, "failed to remove volume snapshot mapping: %v", err) diff --git a/internal/cephfs/store/volumegroup.go b/internal/cephfs/store/volumegroup.go index 4286ad76f..3d302ffc5 100644 --- a/internal/cephfs/store/volumegroup.go +++ b/internal/cephfs/store/volumegroup.go @@ -169,7 +169,7 @@ func NewVolumeGroupOptionsFromID( vgs.RequestName = groupAttributes.RequestName vgs.FsVolumeGroupSnapshotName = groupAttributes.GroupName vgs.VolumeGroupSnapshotID = volumeGroupSnapshotID - vgs.VolumeSnapshotMap = groupAttributes.VolumeSnapshotMap + vgs.VolumeSnapshotMap = groupAttributes.VolumeMap return volOptions, &vgs, nil } @@ -208,7 +208,7 @@ func CheckVolumeGroupSnapExists( vgs.RequestName = volOptions.RequestName vgs.ReservedID = volGroupData.GroupUUID vgs.FsVolumeGroupSnapshotName = volGroupData.GroupName - vgs.VolumeSnapshotMap = volGroupData.VolumeGroupAttributes.VolumeSnapshotMap + vgs.VolumeSnapshotMap = volGroupData.VolumeGroupAttributes.VolumeMap // found a snapshot already available, process and return it! vgs.VolumeGroupSnapshotID, err = util.GenerateVolID(ctx, volOptions.Monitors, cr, volOptions.FscID, diff --git a/internal/csi-addons/rbd/replication.go b/internal/csi-addons/rbd/replication.go index 045203cc4..a949a383c 100644 --- a/internal/csi-addons/rbd/replication.go +++ b/internal/csi-addons/rbd/replication.go @@ -74,6 +74,12 @@ const ( // (optional) StartTime is the time the snapshot schedule // begins, can be specified using the ISO 8601 time format. schedulingStartTimeKey = "schedulingStartTime" + + // flattenModeKey to get the flattenMode from the parameters. + // (optional) flattenMode decides how to handle images with parent. + // (default) If set to "never", the image with parent will not be flattened. + // If set to "force", the image with parent will be flattened. + flattenModeKey = "flattenMode" ) // ReplicationServer struct of rbd CSI driver with supported methods of Replication @@ -115,6 +121,27 @@ func getForceOption(ctx context.Context, parameters map[string]string) (bool, er return force, nil } +// getFlattenMode gets flatten mode from the input GRPC request parameters. +// flattenMode is the key to check the mode in the parameters. +func getFlattenMode(ctx context.Context, parameters map[string]string) (corerbd.FlattenMode, error) { + val, ok := parameters[flattenModeKey] + if !ok { + log.DebugLog(ctx, "%q is not set in parameters, setting to default (%v)", + flattenModeKey, corerbd.FlattenModeNever) + + return corerbd.FlattenModeNever, nil + } + + mode := corerbd.FlattenMode(val) + switch mode { + case corerbd.FlattenModeForce, corerbd.FlattenModeNever: + return mode, nil + } + log.ErrorLog(ctx, "%q=%q is not supported", flattenModeKey, val) + + return mode, status.Errorf(codes.InvalidArgument, "%q=%q is not supported", flattenModeKey, val) +} + // getMirroringMode gets the mirroring mode from the input GRPC request parameters. // mirroringMode is the key to check the mode in the parameters. func getMirroringMode(ctx context.Context, parameters map[string]string) (librbd.ImageMirrorMode, error) { @@ -265,6 +292,11 @@ func (rs *ReplicationServer) EnableVolumeReplication(ctx context.Context, if err != nil { return nil, err } + // extract the flatten mode + flattenMode, err := getFlattenMode(ctx, req.GetParameters()) + if err != nil { + return nil, err + } mirroringInfo, err := rbdVol.GetImageMirroringInfo() if err != nil { @@ -274,6 +306,12 @@ func (rs *ReplicationServer) EnableVolumeReplication(ctx context.Context, } if mirroringInfo.State != librbd.MirrorImageEnabled { + err = rbdVol.HandleParentImageExistence(ctx, flattenMode) + if err != nil { + log.ErrorLog(ctx, err.Error()) + + return nil, getGRPCError(err) + } err = rbdVol.EnableImageMirroring(mirroringMode) if err != nil { log.ErrorLog(ctx, err.Error()) @@ -777,6 +815,7 @@ func getGRPCError(err error) error { errorStatusMap := map[error]codes.Code{ corerbd.ErrInvalidArgument: codes.InvalidArgument, + corerbd.ErrFlattenInProgress: codes.Aborted, corerbd.ErrAborted: codes.Aborted, corerbd.ErrFailedPrecondition: codes.FailedPrecondition, corerbd.ErrUnavailable: codes.Unavailable, diff --git a/internal/csi-addons/rbd/replication_test.go b/internal/csi-addons/rbd/replication_test.go index c00a7168d..c678c6377 100644 --- a/internal/csi-addons/rbd/replication_test.go +++ b/internal/csi-addons/rbd/replication_test.go @@ -641,3 +641,69 @@ func Test_timestampFromString(t *testing.T) { }) } } + +func Test_getFlattenMode(t *testing.T) { + t.Parallel() + type args struct { + ctx context.Context + parameters map[string]string + } + tests := []struct { + name string + args args + want corerbd.FlattenMode + wantErr bool + }{ + { + name: "flattenMode option not set", + args: args{ + ctx: context.TODO(), + parameters: map[string]string{}, + }, + want: corerbd.FlattenModeNever, + }, + { + name: "flattenMode option set to never", + args: args{ + ctx: context.TODO(), + parameters: map[string]string{ + flattenModeKey: string(corerbd.FlattenModeNever), + }, + }, + want: corerbd.FlattenModeNever, + }, + { + name: "flattenMode option set to force", + args: args{ + ctx: context.TODO(), + parameters: map[string]string{ + flattenModeKey: string(corerbd.FlattenModeForce), + }, + }, + want: corerbd.FlattenModeForce, + }, + + { + name: "flattenMode option set to invalid value", + args: args{ + ctx: context.TODO(), + parameters: map[string]string{ + flattenModeKey: "invalid123", + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := getFlattenMode(tt.args.ctx, tt.args.parameters) + if (err != nil) != tt.wantErr { + t.Errorf("getFlattenMode() error = %v, wantErr %v", err, tt.wantErr) + } + if !tt.wantErr && !reflect.DeepEqual(got, tt.want) { + t.Errorf("getFlattenMode() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/journal/voljournal.go b/internal/journal/voljournal.go index b8aec1cd8..096375a68 100644 --- a/internal/journal/voljournal.go +++ b/internal/journal/voljournal.go @@ -131,6 +131,10 @@ type Config struct { // of this Ceph volume csiImageIDKey string + // CSI GroupName is per Ceph volume object omap, contains the group ID of + // this Ceph volume + csiGroupIDKey string + // CSI image-name key in per Ceph volume object map, containing RBD image-name // of this Ceph volume csiImageKey string @@ -174,6 +178,7 @@ func NewCSIVolumeJournal(suffix string) *Config { cephSnapSourceKey: "", namespace: "", csiImageIDKey: "csi.imageid", + csiGroupIDKey: "csi.groupid", encryptKMSKey: "csi.volume.encryptKMS", encryptionType: "csi.volume.encryptionType", ownerKey: "csi.volume.owner", @@ -686,6 +691,7 @@ type ImageAttributes struct { EncryptionType util.EncryptionType // Type of encryption used, if image encrypted Owner string // Contains the owner to be used in combination with KmsID (for some KMS) ImageID string // Contains the image id + GroupID string // Contains the group id of the image JournalPoolID int64 // Pool ID of the CSI journal pool, stored in big endian format (on-disk data) BackingSnapshotID string // ID of the snapshot on which the CephFS snapshot-backed volume is based } @@ -718,6 +724,7 @@ func (conn *Connection) GetImageAttributes( cj.csiImageIDKey, cj.ownerKey, cj.backingSnapshotIDKey, + cj.csiGroupIDKey, } values, err := getOMapValues( ctx, conn, pool, cj.namespace, cj.cephUUIDDirectoryPrefix+objectUUID, @@ -736,6 +743,7 @@ func (conn *Connection) GetImageAttributes( imageAttributes.Owner = values[cj.ownerKey] imageAttributes.ImageID = values[cj.csiImageIDKey] imageAttributes.BackingSnapshotID = values[cj.backingSnapshotIDKey] + imageAttributes.GroupID = values[cj.csiGroupIDKey] // image key was added at a later point, so not all volumes will have this // key set when ceph-csi was upgraded @@ -795,6 +803,16 @@ func (conn *Connection) StoreAttribute(ctx context.Context, pool, reservedUUID, return nil } +// StoreGroupID stores an groupID in omap. +func (conn *Connection) StoreGroupID(ctx context.Context, pool, reservedUUID, groupID string) error { + err := conn.StoreAttribute(ctx, pool, reservedUUID, conn.config.csiGroupIDKey, groupID) + if err != nil { + return fmt.Errorf("failed to store groupID %w", err) + } + + return nil +} + // FetchAttribute fetches an attribute (key) in omap. func (conn *Connection) FetchAttribute(ctx context.Context, pool, reservedUUID, attribute string) (string, error) { key := conn.config.commonPrefix + attribute diff --git a/internal/journal/volumegroupjournal.go b/internal/journal/volumegroupjournal.go index 75f06a355..990c38d85 100644 --- a/internal/journal/volumegroupjournal.go +++ b/internal/journal/volumegroupjournal.go @@ -41,7 +41,7 @@ type VolumeGroupJournal interface { UndoReservation( ctx context.Context, csiJournalPool, - snapshotGroupName, + groupName, reqName string) error // GetGroupAttributes fetches all keys and their values, from a UUID directory, // returning VolumeGroupAttributes structure. @@ -55,19 +55,22 @@ type VolumeGroupJournal interface { journalPoolID int64, reqName, namePrefix string) (string, string, error) - // AddVolumeSnapshotMapping adds a volumeID and snapshotID mapping to the UUID directory. - AddVolumeSnapshotMapping( + // AddVolumesMapping adds a volumeMap map which contains volumeID's and its + // corresponding values mapping which need to be added to the UUID + // directory. value can be anything which needs mapping, in case of + // volumegroupsnapshot its a snapshotID and its empty in case of + // volumegroup. + AddVolumesMapping( ctx context.Context, pool, - reservedUUID, - volumeID, - snapshotID string) error - // RemoveVolumeSnapshotMapping removes a volumeID and snapshotID mapping from the UUID directory. - RemoveVolumeSnapshotMapping( + reservedUUID string, + volumeMap map[string]string) error + // RemoveVolumesMapping removes volumeIDs mapping from the UUID directory. + RemoveVolumesMapping( ctx context.Context, pool, - reservedUUID, - volumeID string) error + reservedUUID string, + volumeIDs []string) error } // VolumeGroupJournalConfig contains the configuration. @@ -222,7 +225,7 @@ func (vgjc *VolumeGroupJournalConnection) CheckReservation(ctx context.Context, volGroupData.GroupName = savedVolumeGroupAttributes.GroupName volGroupData.VolumeGroupAttributes = &VolumeGroupAttributes{} volGroupData.VolumeGroupAttributes.RequestName = savedVolumeGroupAttributes.RequestName - volGroupData.VolumeGroupAttributes.VolumeSnapshotMap = savedVolumeGroupAttributes.VolumeSnapshotMap + volGroupData.VolumeGroupAttributes.VolumeMap = savedVolumeGroupAttributes.VolumeMap return volGroupData, nil } @@ -361,9 +364,9 @@ func (vgjc *VolumeGroupJournalConnection) ReserveName(ctx context.Context, // VolumeGroupAttributes contains the request name and the volumeID's and // the corresponding snapshotID's. type VolumeGroupAttributes struct { - RequestName string // Contains the request name for the passed in UUID - GroupName string // Contains the group name - VolumeSnapshotMap map[string]string // Contains the volumeID and the corresponding snapshotID mapping + RequestName string // Contains the request name for the passed in UUID + GroupName string // Contains the group name + VolumeMap map[string]string // Contains the volumeID and the corresponding value mapping } func (vgjc *VolumeGroupJournalConnection) GetVolumeGroupAttributes( @@ -393,25 +396,24 @@ func (vgjc *VolumeGroupJournalConnection) GetVolumeGroupAttributes( // looking for volumeID/snapshotID mapping delete(values, cj.csiNameKey) delete(values, cj.csiImageKey) - groupAttributes.VolumeSnapshotMap = map[string]string{} + groupAttributes.VolumeMap = map[string]string{} for k, v := range values { - groupAttributes.VolumeSnapshotMap[k] = v + groupAttributes.VolumeMap[k] = v } return groupAttributes, nil } -func (vgjc *VolumeGroupJournalConnection) AddVolumeSnapshotMapping( +func (vgjc *VolumeGroupJournalConnection) AddVolumesMapping( ctx context.Context, pool, - reservedUUID, - volumeID, - snapshotID string, + reservedUUID string, + volumeMap map[string]string, ) error { err := setOMapKeys(ctx, vgjc.connection, pool, vgjc.config.namespace, vgjc.config.cephUUIDDirectoryPrefix+reservedUUID, - map[string]string{volumeID: snapshotID}) + volumeMap) if err != nil { - log.ErrorLog(ctx, "failed adding volume snapshot mapping: %v", err) + log.ErrorLog(ctx, "failed to add volumeMap %v: %w ", volumeMap, err) return err } @@ -419,17 +421,17 @@ func (vgjc *VolumeGroupJournalConnection) AddVolumeSnapshotMapping( return nil } -func (vgjc *VolumeGroupJournalConnection) RemoveVolumeSnapshotMapping( +func (vgjc *VolumeGroupJournalConnection) RemoveVolumesMapping( ctx context.Context, pool, - reservedUUID, - volumeID string, + reservedUUID string, + volumeIDs []string, ) error { err := removeMapKeys(ctx, vgjc.connection, pool, vgjc.config.namespace, vgjc.config.cephUUIDDirectoryPrefix+reservedUUID, - []string{volumeID}) + volumeIDs) if err != nil { - log.ErrorLog(ctx, "failed removing volume snapshot mapping: %v", err) + log.ErrorLog(ctx, "failed removing volume mapping from group: key: %q %v", volumeIDs, err) return err } diff --git a/internal/rbd/controllerserver.go b/internal/rbd/controllerserver.go index 3b6c58d06..71f0492c4 100644 --- a/internal/rbd/controllerserver.go +++ b/internal/rbd/controllerserver.go @@ -1020,21 +1020,11 @@ func cleanupRBDImage(ctx context.Context, // delete the temporary rbd image created as part of volume clone during // create volume - tempClone := rbdVol.generateTempClone() - err = tempClone.deleteImage(ctx) + err = rbdVol.DeleteTempImage(ctx) if err != nil { - if errors.Is(err, ErrImageNotFound) { - err = tempClone.ensureImageCleanup(ctx) - if err != nil { - return nil, status.Error(codes.Internal, err.Error()) - } - } else { - // return error if it is not ErrImageNotFound - log.ErrorLog(ctx, "failed to delete rbd image: %s with error: %v", - tempClone, err) + log.ErrorLog(ctx, "failed to delete temporary rbd image: %v", err) - return nil, status.Error(codes.Internal, err.Error()) - } + return nil, status.Error(codes.Internal, err.Error()) } // Deleting rbd image diff --git a/internal/rbd/mirror.go b/internal/rbd/mirror.go index 4f6507614..106a9eb77 100644 --- a/internal/rbd/mirror.go +++ b/internal/rbd/mirror.go @@ -25,6 +25,69 @@ import ( librbd "github.com/ceph/go-ceph/rbd" ) +// FlattenMode is used to indicate the flatten mode for an RBD image. +type FlattenMode string + +const ( + // FlattenModeNever indicates that the image should never be flattened. + FlattenModeNever FlattenMode = "never" + // FlattenModeForce indicates that the image with the parent must be flattened. + FlattenModeForce FlattenMode = "force" +) + +// HandleParentImageExistence checks the image's parent. +// if the parent image does not exist and is not in trash, it returns nil. +// if the flattenMode is FlattenModeForce, it flattens the image itself. +// if the parent image is in trash, it returns an error. +// if the parent image exists and is not enabled for mirroring, it returns an error. +func (rv *rbdVolume) HandleParentImageExistence( + ctx context.Context, + flattenMode FlattenMode, +) error { + if rv.ParentName == "" && !rv.ParentInTrash { + return nil + } + + if flattenMode == FlattenModeForce { + // Delete temp image that exists for volume datasource since + // it is no longer required when the live image is flattened. + err := rv.DeleteTempImage(ctx) + if err != nil { + return fmt.Errorf("failed to delete temporary rbd image: %w", err) + } + + err = rv.flattenRbdImage(ctx, true, 0, 0) + if err != nil { + return err + } + } + + if rv.ParentInTrash { + return fmt.Errorf("%w: failed to enable mirroring on image %q:"+ + " parent is in trash", + ErrFailedPrecondition, rv) + } + + parent, err := rv.getParent() + if err != nil { + return err + } + parentMirroringInfo, err := parent.GetImageMirroringInfo() + if err != nil { + return fmt.Errorf( + "failed to get mirroring info of parent %q of image %q: %w", + parent, rv, err) + } + + if parentMirroringInfo.State != librbd.MirrorImageEnabled { + return fmt.Errorf("%w: failed to enable mirroring on image %q: "+ + "parent image %q is not enabled for mirroring", + ErrFailedPrecondition, rv, parent) + } + + return nil +} + // EnableImageMirroring enables mirroring on an image. func (ri *rbdImage) EnableImageMirroring(mode librbd.ImageMirrorMode) error { image, err := ri.open() diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go index ee955d745..b84f64344 100644 --- a/internal/rbd/rbd_util.go +++ b/internal/rbd/rbd_util.go @@ -703,6 +703,22 @@ func (ri *rbdImage) trashRemoveImage(ctx context.Context) error { return nil } +// DeleteTempImage deletes the temporary image created for volume datasource. +func (rv *rbdVolume) DeleteTempImage(ctx context.Context) error { + tempClone := rv.generateTempClone() + err := tempClone.deleteImage(ctx) + if err != nil { + if errors.Is(err, ErrImageNotFound) { + return tempClone.ensureImageCleanup(ctx) + } else { + // return error if it is not ErrImageNotFound + return err + } + } + + return nil +} + func (ri *rbdImage) getCloneDepth(ctx context.Context) (uint, error) { var depth uint vol := rbdVolume{} diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go index b7b589d27..bb5e233d4 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go @@ -222,40 +222,48 @@ func (c compiler) CompileCELExpression(expressionAccessor ExpressionAccessor, op func mustBuildEnvs(baseEnv *environment.EnvSet) variableDeclEnvs { requestType := BuildRequestType() namespaceType := BuildNamespaceType() - envs := make(variableDeclEnvs, 4) // since the number of variable combinations is small, pre-build a environment for each + envs := make(variableDeclEnvs, 8) // since the number of variable combinations is small, pre-build a environment for each for _, hasParams := range []bool{false, true} { for _, hasAuthorizer := range []bool{false, true} { - var envOpts []cel.EnvOption - if hasParams { - envOpts = append(envOpts, cel.Variable(ParamsVarName, cel.DynType)) - } - if hasAuthorizer { + for _, strictCost := range []bool{false, true} { + var envOpts []cel.EnvOption + if hasParams { + envOpts = append(envOpts, cel.Variable(ParamsVarName, cel.DynType)) + } + if hasAuthorizer { + envOpts = append(envOpts, + cel.Variable(AuthorizerVarName, library.AuthorizerType), + cel.Variable(RequestResourceAuthorizerVarName, library.ResourceCheckType)) + } envOpts = append(envOpts, - cel.Variable(AuthorizerVarName, library.AuthorizerType), - cel.Variable(RequestResourceAuthorizerVarName, library.ResourceCheckType)) - } - envOpts = append(envOpts, - cel.Variable(ObjectVarName, cel.DynType), - cel.Variable(OldObjectVarName, cel.DynType), - cel.Variable(NamespaceVarName, namespaceType.CelType()), - cel.Variable(RequestVarName, requestType.CelType())) + cel.Variable(ObjectVarName, cel.DynType), + cel.Variable(OldObjectVarName, cel.DynType), + cel.Variable(NamespaceVarName, namespaceType.CelType()), + cel.Variable(RequestVarName, requestType.CelType())) - extended, err := baseEnv.Extend( - environment.VersionedOptions{ - // Feature epoch was actually 1.26, but we artificially set it to 1.0 because these - // options should always be present. - IntroducedVersion: version.MajorMinor(1, 0), - EnvOptions: envOpts, - DeclTypes: []*apiservercel.DeclType{ - namespaceType, - requestType, + extended, err := baseEnv.Extend( + environment.VersionedOptions{ + // Feature epoch was actually 1.26, but we artificially set it to 1.0 because these + // options should always be present. + IntroducedVersion: version.MajorMinor(1, 0), + EnvOptions: envOpts, + DeclTypes: []*apiservercel.DeclType{ + namespaceType, + requestType, + }, }, - }, - ) - if err != nil { - panic(fmt.Sprintf("environment misconfigured: %v", err)) + ) + if err != nil { + panic(fmt.Sprintf("environment misconfigured: %v", err)) + } + if strictCost { + extended, err = extended.Extend(environment.StrictCostOpt) + if err != nil { + panic(fmt.Sprintf("environment misconfigured: %v", err)) + } + } + envs[OptionalVariableDeclarations{HasParams: hasParams, HasAuthorizer: hasAuthorizer, StrictCost: strictCost}] = extended } - envs[OptionalVariableDeclarations{HasParams: hasParams, HasAuthorizer: hasAuthorizer}] = extended } } return envs diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go index c9f4e6336..ae61dc826 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go @@ -57,10 +57,12 @@ type OptionalVariableDeclarations struct { // HasParams specifies if the "params" variable is declared. // The "params" variable may still be bound to "null" when declared. HasParams bool - // HasAuthorizer specifies if the"authorizer" and "authorizer.requestResource" + // HasAuthorizer specifies if the "authorizer" and "authorizer.requestResource" // variables are declared. When declared, the authorizer variables are // expected to be non-null. HasAuthorizer bool + // StrictCost specifies if the CEL cost limitation is strict for extended libraries as well as native libraries. + StrictCost bool } // FilterCompiler contains a function to assist with converting types and values to/from CEL-typed values. diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go index c286cffbd..fb097737a 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go @@ -31,6 +31,7 @@ import ( "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/cel/environment" "k8s.io/apiserver/pkg/features" + utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/client-go/dynamic" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" @@ -43,13 +44,21 @@ const ( ) var ( - compositionEnvTemplate *cel.CompositionEnv = func() *cel.CompositionEnv { - compositionEnvTemplate, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())) + compositionEnvTemplateWithStrictCost *cel.CompositionEnv = func() *cel.CompositionEnv { + compositionEnvTemplateWithStrictCost, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true)) if err != nil { panic(err) } - return compositionEnvTemplate + return compositionEnvTemplateWithStrictCost + }() + compositionEnvTemplateWithoutStrictCost *cel.CompositionEnv = func() *cel.CompositionEnv { + compositionEnvTemplateWithoutStrictCost, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), false)) + if err != nil { + panic(err) + } + + return compositionEnvTemplateWithoutStrictCost }() ) @@ -114,12 +123,18 @@ func compilePolicy(policy *Policy) Validator { if policy.Spec.ParamKind != nil { hasParam = true } - optionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: true} - expressionOptionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: false} + strictCost := utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP) + optionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: true, StrictCost: strictCost} + expressionOptionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: false, StrictCost: strictCost} failurePolicy := policy.Spec.FailurePolicy var matcher matchconditions.Matcher = nil matchConditions := policy.Spec.MatchConditions - + var compositionEnvTemplate *cel.CompositionEnv + if strictCost { + compositionEnvTemplate = compositionEnvTemplateWithStrictCost + } else { + compositionEnvTemplate = compositionEnvTemplateWithoutStrictCost + } filterCompiler := cel.NewCompositedCompilerFromTemplate(compositionEnvTemplate) filterCompiler.CompileAndStoreVariables(convertv1beta1Variables(policy.Spec.Variables), optionalVars, environment.StoredExpressions) diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go index 16184b4ba..192be9621 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go @@ -39,6 +39,8 @@ import ( "k8s.io/apiserver/pkg/cel/library" "k8s.io/apiserver/pkg/cel/openapi" "k8s.io/apiserver/pkg/cel/openapi/resolver" + "k8s.io/apiserver/pkg/features" + utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/klog/v2" ) @@ -210,6 +212,7 @@ func (c *TypeChecker) CheckExpression(ctx *TypeCheckingContext, expression strin options := plugincel.OptionalVariableDeclarations{ HasParams: ctx.paramDeclType != nil, HasAuthorizer: true, + StrictCost: utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP), } compiler.CompileAndStoreVariables(convertv1beta1Variables(ctx.variables), options, environment.StoredExpressions) result := compiler.CompileCELExpression(celExpression(expression), options, environment.StoredExpressions) @@ -391,7 +394,7 @@ func (c *TypeChecker) tryRefreshRESTMapper() { } func buildEnvSet(hasParams bool, hasAuthorizer bool, types typeOverwrite) (*environment.EnvSet, error) { - baseEnv := environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion()) + baseEnv := environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP)) requestType := plugincel.BuildRequestType() namespaceType := plugincel.BuildNamespaceType() diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go index e60d245a6..f23580cc0 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go @@ -27,6 +27,8 @@ import ( "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace" "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object" "k8s.io/apiserver/pkg/cel/environment" + "k8s.io/apiserver/pkg/features" + utilfeature "k8s.io/apiserver/pkg/util/feature" webhookutil "k8s.io/apiserver/pkg/util/webhook" "k8s.io/client-go/rest" ) @@ -139,11 +141,16 @@ func (m *mutatingWebhookAccessor) GetCompiledMatcher(compiler cel.FilterCompiler Expression: matchCondition.Expression, } } + strictCost := false + if utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks) { + strictCost = true + } m.compiledMatcher = matchconditions.NewMatcher(compiler.Compile( expressions, cel.OptionalVariableDeclarations{ HasParams: false, HasAuthorizer: true, + StrictCost: strictCost, }, environment.StoredExpressions, ), m.FailurePolicy, "webhook", "admit", m.Name) @@ -267,11 +274,16 @@ func (v *validatingWebhookAccessor) GetCompiledMatcher(compiler cel.FilterCompil Expression: matchCondition.Expression, } } + strictCost := false + if utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks) { + strictCost = true + } v.compiledMatcher = matchconditions.NewMatcher(compiler.Compile( expressions, cel.OptionalVariableDeclarations{ HasParams: false, HasAuthorizer: true, + StrictCost: strictCost, }, environment.StoredExpressions, ), v.FailurePolicy, "webhook", "validating", v.Name) diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go index 6a513f1c1..f067b3f72 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go @@ -21,7 +21,6 @@ import ( "fmt" "io" - admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" "k8s.io/klog/v2" admissionv1 "k8s.io/api/admission/v1" @@ -31,6 +30,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/admission" genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" + admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" "k8s.io/apiserver/pkg/admission/plugin/cel" "k8s.io/apiserver/pkg/admission/plugin/webhook" "k8s.io/apiserver/pkg/admission/plugin/webhook/config" @@ -39,6 +39,8 @@ import ( "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/cel/environment" + "k8s.io/apiserver/pkg/features" + utilfeature "k8s.io/apiserver/pkg/util/feature" webhookutil "k8s.io/apiserver/pkg/util/webhook" "k8s.io/client-go/informers" clientset "k8s.io/client-go/kubernetes" @@ -100,7 +102,7 @@ func NewWebhook(handler *admission.Handler, configFile io.Reader, sourceFactory namespaceMatcher: &namespace.Matcher{}, objectMatcher: &object.Matcher{}, dispatcher: dispatcherFactory(&cm), - filterCompiler: cel.NewFilterCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())), + filterCompiler: cel.NewFilterCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks))), }, nil } diff --git a/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go b/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go index 35ee8a450..471eb4a74 100644 --- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go +++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go @@ -91,7 +91,8 @@ func CompileAndValidateJWTAuthenticator(authenticator api.JWTAuthenticator, disa func validateJWTAuthenticator(authenticator api.JWTAuthenticator, fldPath *field.Path, disallowedIssuers sets.Set[string], structuredAuthnFeatureEnabled bool) (authenticationcel.CELMapper, field.ErrorList) { var allErrs field.ErrorList - compiler := authenticationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())) + // strictCost is set to true which enables the strict cost for CEL validation. + compiler := authenticationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true)) state := &validationState{} allErrs = append(allErrs, validateIssuer(authenticator.Issuer, disallowedIssuers, fldPath.Child("issuer"))...) @@ -722,7 +723,8 @@ func compileMatchConditions(matchConditions []api.WebhookMatchCondition, fldPath return nil, allErrs } - compiler := authorizationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())) + // strictCost is set to true which enables the strict cost for CEL validation. + compiler := authorizationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true)) seenExpressions := sets.NewString() var compilationResults []authorizationcel.CompilationResult diff --git a/vendor/k8s.io/apiserver/pkg/cel/environment/base.go b/vendor/k8s.io/apiserver/pkg/cel/environment/base.go index c108bdd64..2cea83c2e 100644 --- a/vendor/k8s.io/apiserver/pkg/cel/environment/base.go +++ b/vendor/k8s.io/apiserver/pkg/cel/environment/base.go @@ -46,7 +46,9 @@ func DefaultCompatibilityVersion() *version.Version { return version.MajorMinor(1, 29) } -var baseOpts = []VersionedOptions{ +var baseOpts = append(baseOptsWithoutStrictCost, StrictCostOpt) + +var baseOptsWithoutStrictCost = []VersionedOptions{ { // CEL epoch was actually 1.23, but we artificially set it to 1.0 because these // options should always be present. @@ -132,6 +134,14 @@ var baseOpts = []VersionedOptions{ }, } +var StrictCostOpt = VersionedOptions{ + // This is to configure the cost calculation for extended libraries + IntroducedVersion: version.MajorMinor(1, 0), + ProgramOptions: []cel.ProgramOption{ + cel.CostTracking(&library.CostEstimator{}), + }, +} + // MustBaseEnvSet returns the common CEL base environments for Kubernetes for Version, or panics // if the version is nil, or does not have major and minor components. // @@ -141,7 +151,8 @@ var baseOpts = []VersionedOptions{ // The returned environment contains no CEL variable definitions or custom type declarations and // should be extended to construct environments with the appropriate variable definitions, // type declarations and any other needed configuration. -func MustBaseEnvSet(ver *version.Version) *EnvSet { +// strictCost is used to determine whether to enforce strict cost calculation for CEL expressions. +func MustBaseEnvSet(ver *version.Version, strictCost bool) *EnvSet { if ver == nil { panic("version must be non-nil") } @@ -149,19 +160,33 @@ func MustBaseEnvSet(ver *version.Version) *EnvSet { panic(fmt.Sprintf("version must contain an major and minor component, but got: %s", ver.String())) } key := strconv.FormatUint(uint64(ver.Major()), 10) + "." + strconv.FormatUint(uint64(ver.Minor()), 10) - if entry, ok := baseEnvs.Load(key); ok { - return entry.(*EnvSet) + var entry interface{} + if strictCost { + if entry, ok := baseEnvs.Load(key); ok { + return entry.(*EnvSet) + } + entry, _, _ = baseEnvsSingleflight.Do(key, func() (interface{}, error) { + entry := mustNewEnvSet(ver, baseOpts) + baseEnvs.Store(key, entry) + return entry, nil + }) + } else { + if entry, ok := baseEnvsWithOption.Load(key); ok { + return entry.(*EnvSet) + } + entry, _, _ = baseEnvsWithOptionSingleflight.Do(key, func() (interface{}, error) { + entry := mustNewEnvSet(ver, baseOptsWithoutStrictCost) + baseEnvsWithOption.Store(key, entry) + return entry, nil + }) } - entry, _, _ := baseEnvsSingleflight.Do(key, func() (interface{}, error) { - entry := mustNewEnvSet(ver, baseOpts) - baseEnvs.Store(key, entry) - return entry, nil - }) return entry.(*EnvSet) } var ( - baseEnvs = sync.Map{} - baseEnvsSingleflight = &singleflight.Group{} + baseEnvs = sync.Map{} + baseEnvsWithOption = sync.Map{} + baseEnvsSingleflight = &singleflight.Group{} + baseEnvsWithOptionSingleflight = &singleflight.Group{} ) diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go index dbd41b8c5..bae04d954 100644 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go @@ -220,6 +220,24 @@ const ( // if the generated name conflicts with an existing resource name, up to a maximum number of 7 retries. RetryGenerateName featuregate.Feature = "RetryGenerateName" + // owner: @cici37 + // alpha: v1.30 + // + // StrictCostEnforcementForVAP is used to apply strict CEL cost validation for ValidatingAdmissionPolicy. + // It will be set to off by default for certain time of period to prevent the impact on the existing users. + // It is strongly recommended to enable this feature gate as early as possible. + // The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library. + StrictCostEnforcementForVAP featuregate.Feature = "StrictCostEnforcementForVAP" + + // owner: @cici37 + // alpha: v1.30 + // + // StrictCostEnforcementForWebhooks is used to apply strict CEL cost validation for matchConditions in Webhooks. + // It will be set to off by default for certain time of period to prevent the impact on the existing users. + // It is strongly recommended to enable this feature gate as early as possible. + // The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library. + StrictCostEnforcementForWebhooks featuregate.Feature = "StrictCostEnforcementForWebhooks" + // owner: @caesarxuchao @roycaihw // alpha: v1.20 // @@ -347,6 +365,10 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, + StrictCostEnforcementForVAP: {Default: false, PreRelease: featuregate.Beta}, + + StrictCostEnforcementForWebhooks: {Default: false, PreRelease: featuregate.Beta}, + StructuredAuthenticationConfiguration: {Default: true, PreRelease: featuregate.Beta}, StructuredAuthorizationConfiguration: {Default: true, PreRelease: featuregate.Beta}, diff --git a/vendor/modules.txt b/vendor/modules.txt index 802a979b9..6a98a37ed 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -943,7 +943,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.30.1 => k8s.io/api v0.30.1 +# k8s.io/api v0.30.2 => k8s.io/api v0.30.2 ## explicit; go 1.22.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1001,12 +1001,12 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v0.30.1 => k8s.io/apiextensions-apiserver v0.30.1 +# k8s.io/apiextensions-apiserver v0.30.1 => k8s.io/apiextensions-apiserver v0.30.2 ## explicit; go 1.22.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/features -# k8s.io/apimachinery v0.30.1 => k8s.io/apimachinery v0.30.1 +# k8s.io/apimachinery v0.30.2 => k8s.io/apimachinery v0.30.2 ## explicit; go 1.22.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1070,7 +1070,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.30.1 => k8s.io/apiserver v0.30.1 +# k8s.io/apiserver v0.30.2 => k8s.io/apiserver v0.30.2 ## explicit; go 1.22.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1218,7 +1218,7 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics -# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.30.1 +# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.30.2 ## explicit; go 1.22.0 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1552,7 +1552,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.30.1 => k8s.io/cloud-provider v0.30.1 +# k8s.io/cloud-provider v0.30.2 => k8s.io/cloud-provider v0.30.2 ## explicit; go 1.22.0 k8s.io/cloud-provider k8s.io/cloud-provider/app/config @@ -1567,7 +1567,7 @@ k8s.io/cloud-provider/names k8s.io/cloud-provider/options k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/helpers -# k8s.io/component-base v0.30.1 => k8s.io/component-base v0.30.1 +# k8s.io/component-base v0.30.2 => k8s.io/component-base v0.30.2 ## explicit; go 1.22.0 k8s.io/component-base/cli/flag k8s.io/component-base/config @@ -1590,13 +1590,13 @@ k8s.io/component-base/metrics/testutil k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.30.1 => k8s.io/component-helpers v0.30.1 +# k8s.io/component-helpers v0.30.2 => k8s.io/component-helpers v0.30.2 ## explicit; go 1.22.0 k8s.io/component-helpers/node/util/sysctl k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.30.1 => k8s.io/controller-manager v0.30.1 +# k8s.io/controller-manager v0.30.2 => k8s.io/controller-manager v0.30.2 ## explicit; go 1.22.0 k8s.io/controller-manager/config k8s.io/controller-manager/config/v1 @@ -1619,7 +1619,7 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger -# k8s.io/kms v0.30.1 +# k8s.io/kms v0.30.2 ## explicit; go 1.22.0 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 @@ -1646,11 +1646,11 @@ k8s.io/kube-openapi/pkg/validation/errors k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson -# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.30.1 +# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.30.2 ## explicit; go 1.22.0 k8s.io/kubectl/pkg/scale k8s.io/kubectl/pkg/util/podutils -# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.30.1 +# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.30.2 ## explicit; go 1.22.0 k8s.io/kubelet/pkg/apis k8s.io/kubelet/pkg/apis/stats/v1alpha1 @@ -1719,10 +1719,10 @@ k8s.io/kubernetes/test/utils k8s.io/kubernetes/test/utils/format k8s.io/kubernetes/test/utils/image k8s.io/kubernetes/test/utils/kubeconfig -# k8s.io/mount-utils v0.29.3 => k8s.io/mount-utils v0.29.3 +# k8s.io/mount-utils v0.30.2 => k8s.io/mount-utils v0.29.3 ## explicit; go 1.21 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.30.1 => k8s.io/pod-security-admission v0.30.1 +# k8s.io/pod-security-admission v0.30.2 => k8s.io/pod-security-admission v0.30.2 ## explicit; go 1.22.0 k8s.io/pod-security-admission/api k8s.io/pod-security-admission/policy @@ -1808,31 +1808,31 @@ sigs.k8s.io/yaml/goyaml.v2 # github.com/ceph/ceph-csi/api => ./api # github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3 # gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0 -# k8s.io/api => k8s.io/api v0.30.1 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.1 -# k8s.io/apimachinery => k8s.io/apimachinery v0.30.1 -# k8s.io/apiserver => k8s.io/apiserver v0.30.1 -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.1 -# k8s.io/client-go => k8s.io/client-go v0.30.1 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.1 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.1 -# k8s.io/code-generator => k8s.io/code-generator v0.30.1 -# k8s.io/component-base => k8s.io/component-base v0.30.1 -# k8s.io/component-helpers => k8s.io/component-helpers v0.30.1 -# k8s.io/controller-manager => k8s.io/controller-manager v0.30.1 -# k8s.io/cri-api => k8s.io/cri-api v0.30.1 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.1 -# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.1 -# k8s.io/endpointslice => k8s.io/endpointslice v0.30.1 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.1 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.1 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.1 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.1 -# k8s.io/kubectl => k8s.io/kubectl v0.30.1 -# k8s.io/kubelet => k8s.io/kubelet v0.30.1 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.1 -# k8s.io/metrics => k8s.io/metrics v0.30.1 +# k8s.io/api => k8s.io/api v0.30.2 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.2 +# k8s.io/apimachinery => k8s.io/apimachinery v0.30.2 +# k8s.io/apiserver => k8s.io/apiserver v0.30.2 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.2 +# k8s.io/client-go => k8s.io/client-go v0.30.2 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.2 +# k8s.io/code-generator => k8s.io/code-generator v0.30.2 +# k8s.io/component-base => k8s.io/component-base v0.30.2 +# k8s.io/component-helpers => k8s.io/component-helpers v0.30.2 +# k8s.io/controller-manager => k8s.io/controller-manager v0.30.2 +# k8s.io/cri-api => k8s.io/cri-api v0.30.2 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2 +# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2 +# k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2 +# k8s.io/kubectl => k8s.io/kubectl v0.30.2 +# k8s.io/kubelet => k8s.io/kubelet v0.30.2 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2 +# k8s.io/metrics => k8s.io/metrics v0.30.2 # k8s.io/mount-utils => k8s.io/mount-utils v0.29.3 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.1 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.1 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2 # layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917