mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
rebase: bump k8s.io/kubernetes in the k8s-dependencies group
Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes). Updates `k8s.io/kubernetes` from 1.30.2 to 1.30.3 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.30.2...v1.30.3) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
74d434c3b7
commit
e9c729b692
2
go.mod
2
go.mod
@ -38,7 +38,7 @@ require (
|
||||
k8s.io/client-go v12.0.0+incompatible
|
||||
k8s.io/cloud-provider v0.30.2
|
||||
k8s.io/klog/v2 v2.130.1
|
||||
k8s.io/kubernetes v1.30.2
|
||||
k8s.io/kubernetes v1.30.3
|
||||
k8s.io/mount-utils v0.30.2
|
||||
k8s.io/pod-security-admission v0.30.2
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
|
||||
|
4
go.sum
4
go.sum
@ -2593,8 +2593,8 @@ k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
|
||||
k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
|
||||
k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY=
|
||||
k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94=
|
||||
k8s.io/kubernetes v1.30.2 h1:11WhS78OYX/lnSy6TXxPO6Hk+E5K9ZNrEsk9JgMSX8I=
|
||||
k8s.io/kubernetes v1.30.2/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0=
|
||||
k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0=
|
||||
k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0=
|
||||
k8s.io/mount-utils v0.29.3 h1:iEcqPP7Vv8UClH8nnMfovtmy/04fIloRW9JuSXykoZ0=
|
||||
k8s.io/mount-utils v0.29.3/go.mod h1:9IWJTMe8tG0MYMLEp60xK9GYVeCdA3g4LowmnVi+t9Y=
|
||||
k8s.io/pod-security-admission v0.30.2 h1:UlHnkvvOr+rgQplOqD+SHzLUF8EgKIOCpDU8kaMeTQQ=
|
||||
|
3
vendor/k8s.io/kubernetes/pkg/securitycontext/util.go
generated
vendored
3
vendor/k8s.io/kubernetes/pkg/securitycontext/util.go
generated
vendored
@ -188,7 +188,7 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
|
||||
|
||||
var (
|
||||
// These *must* be kept in sync with moby/moby.
|
||||
// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123
|
||||
// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124
|
||||
// @jessfraz will watch changes to those files upstream.
|
||||
defaultMaskedPaths = []string{
|
||||
"/proc/asound",
|
||||
@ -201,6 +201,7 @@ var (
|
||||
"/proc/sched_debug",
|
||||
"/proc/scsi",
|
||||
"/sys/firmware",
|
||||
"/sys/devices/virtual/powercap",
|
||||
}
|
||||
defaultReadonlyPaths = []string{
|
||||
"/proc/bus",
|
||||
|
5
vendor/k8s.io/kubernetes/pkg/util/filesystem/defaultfs.go
generated
vendored
5
vendor/k8s.io/kubernetes/pkg/util/filesystem/defaultfs.go
generated
vendored
@ -72,9 +72,8 @@ func (fs *DefaultFs) Rename(oldpath, newpath string) error {
|
||||
return os.Rename(oldpath, newpath)
|
||||
}
|
||||
|
||||
// MkdirAll via os.MkdirAll
|
||||
func (fs *DefaultFs) MkdirAll(path string, perm os.FileMode) error {
|
||||
return os.MkdirAll(fs.prefix(path), perm)
|
||||
return MkdirAll(fs.prefix(path), perm)
|
||||
}
|
||||
|
||||
// MkdirAllWithPathCheck checks if path exists already. If not, it creates a directory
|
||||
@ -97,7 +96,7 @@ func MkdirAllWithPathCheck(path string, perm os.FileMode) error {
|
||||
return fmt.Errorf("path %v exists but is not a directory", path)
|
||||
}
|
||||
// If existence of path not known, attempt to create it.
|
||||
if err := os.MkdirAll(path, perm); err != nil {
|
||||
if err := MkdirAll(path, perm); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
10
vendor/k8s.io/kubernetes/pkg/util/filesystem/util_unix.go
generated
vendored
10
vendor/k8s.io/kubernetes/pkg/util/filesystem/util_unix.go
generated
vendored
@ -37,6 +37,16 @@ func IsUnixDomainSocket(filePath string) (bool, error) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// Chmod is the same as os.Chmod on Linux.
|
||||
func Chmod(name string, mode os.FileMode) error {
|
||||
return os.Chmod(name, mode)
|
||||
}
|
||||
|
||||
// MkdirAll is the same as os.MkdirAll on Linux.
|
||||
func MkdirAll(path string, perm os.FileMode) error {
|
||||
return os.MkdirAll(path, perm)
|
||||
}
|
||||
|
||||
// IsAbs is same as filepath.IsAbs on Unix.
|
||||
func IsAbs(path string) bool {
|
||||
return filepath.IsAbs(path)
|
||||
|
156
vendor/k8s.io/kubernetes/pkg/util/filesystem/util_windows.go
generated
vendored
156
vendor/k8s.io/kubernetes/pkg/util/filesystem/util_windows.go
generated
vendored
@ -29,6 +29,8 @@ import (
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"golang.org/x/sys/windows"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -88,6 +90,160 @@ func IsUnixDomainSocket(filePath string) (bool, error) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// On Windows os.Mkdir all doesn't set any permissions so call the Chown function below to set
|
||||
// permissions once the directory is created.
|
||||
func MkdirAll(path string, perm os.FileMode) error {
|
||||
klog.V(6).InfoS("Function MkdirAll starts", "path", path, "perm", perm)
|
||||
err := os.MkdirAll(path, perm)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating directory %s: %v", path, err)
|
||||
}
|
||||
|
||||
err = Chmod(path, perm)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error setting permissions for directory %s: %v", path, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
const (
|
||||
// These aren't defined in the syscall package for Windows :(
|
||||
USER_READ = 0x100
|
||||
USER_WRITE = 0x80
|
||||
USER_EXECUTE = 0x40
|
||||
GROUP_READ = 0x20
|
||||
GROUP_WRITE = 0x10
|
||||
GROUP_EXECUTE = 0x8
|
||||
OTHERS_READ = 0x4
|
||||
OTHERS_WRITE = 0x2
|
||||
OTHERS_EXECUTE = 0x1
|
||||
USER_ALL = USER_READ | USER_WRITE | USER_EXECUTE
|
||||
GROUP_ALL = GROUP_READ | GROUP_WRITE | GROUP_EXECUTE
|
||||
OTHERS_ALL = OTHERS_READ | OTHERS_WRITE | OTHERS_EXECUTE
|
||||
)
|
||||
|
||||
// On Windows os.Chmod only sets the read-only flag on files, so we need to use Windows APIs to set the desired access on files / directories.
|
||||
// The OWNER mode will set file permissions for the file owner SID, the GROUP mode will set file permissions for the file group SID,
|
||||
// and the OTHERS mode will set file permissions for BUILTIN\Users.
|
||||
// Please note that Windows containers can be run as one of two user accounts; ContainerUser or ContainerAdministrator.
|
||||
// Containers run as ContainerAdministrator will inherit permissions from BUILTIN\Administrators,
|
||||
// while containers run as ContainerUser will inherit permissions from BUILTIN\Users.
|
||||
// Windows containers do not have the ability to run as a custom user account that is known to the host so the OTHERS group mode
|
||||
// is used to grant / deny permissions of files on the hosts to the ContainerUser account.
|
||||
func Chmod(path string, filemode os.FileMode) error {
|
||||
klog.V(6).InfoS("Function Chmod starts", "path", path, "filemode", filemode)
|
||||
// Get security descriptor for the file
|
||||
sd, err := windows.GetNamedSecurityInfo(
|
||||
path,
|
||||
windows.SE_FILE_OBJECT,
|
||||
windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION|windows.OWNER_SECURITY_INFORMATION|windows.GROUP_SECURITY_INFORMATION)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error getting security descriptor for file %s: %v", path, err)
|
||||
}
|
||||
|
||||
// Get owner SID from the security descriptor for assigning USER permissions
|
||||
owner, _, err := sd.Owner()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error getting owner SID for file %s: %v", path, err)
|
||||
}
|
||||
ownerString := owner.String()
|
||||
|
||||
// Get the group SID from the security descriptor for assigning GROUP permissions
|
||||
group, _, err := sd.Group()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error getting group SID for file %s: %v", path, err)
|
||||
}
|
||||
groupString := group.String()
|
||||
|
||||
mask := uint32(windows.ACCESS_MASK(filemode))
|
||||
|
||||
// Build a new Discretionary Access Control List (DACL) with the desired permissions using
|
||||
//the Security Descriptor Definition Language (SDDL) format.
|
||||
// https://learn.microsoft.com/windows/win32/secauthz/security-descriptor-definition-language
|
||||
// the DACL is a list of Access Control Entries (ACEs) where each ACE represents the permissions (Allow or Deny) for a specific SID.
|
||||
// Each ACE has the following format:
|
||||
// (AceType;AceFlags;Rights;ObjectGuid;InheritObjectGuid;AccountSid)
|
||||
// We can leave ObjectGuid and InheritObjectGuid empty for our purposes.
|
||||
|
||||
dacl := "D:"
|
||||
|
||||
// build the owner ACE
|
||||
dacl += "(A;OICI;"
|
||||
if mask&USER_ALL == USER_ALL {
|
||||
dacl += "FA"
|
||||
} else {
|
||||
if mask&USER_READ == USER_READ {
|
||||
dacl += "FR"
|
||||
}
|
||||
if mask&USER_WRITE == USER_WRITE {
|
||||
dacl += "FW"
|
||||
}
|
||||
if mask&USER_EXECUTE == USER_EXECUTE {
|
||||
dacl += "FX"
|
||||
}
|
||||
}
|
||||
dacl += ";;;" + ownerString + ")"
|
||||
|
||||
// Build the group ACE
|
||||
dacl += "(A;OICI;"
|
||||
if mask&GROUP_ALL == GROUP_ALL {
|
||||
dacl += "FA"
|
||||
} else {
|
||||
if mask&GROUP_READ == GROUP_READ {
|
||||
dacl += "FR"
|
||||
}
|
||||
if mask&GROUP_WRITE == GROUP_WRITE {
|
||||
dacl += "FW"
|
||||
}
|
||||
if mask&GROUP_EXECUTE == GROUP_EXECUTE {
|
||||
dacl += "FX"
|
||||
}
|
||||
}
|
||||
dacl += ";;;" + groupString + ")"
|
||||
|
||||
// Build the others ACE
|
||||
dacl += "(A;OICI;"
|
||||
if mask&OTHERS_ALL == OTHERS_ALL {
|
||||
dacl += "FA"
|
||||
} else {
|
||||
if mask&OTHERS_READ == OTHERS_READ {
|
||||
dacl += "FR"
|
||||
}
|
||||
if mask&OTHERS_WRITE == OTHERS_WRITE {
|
||||
dacl += "FW"
|
||||
}
|
||||
if mask&OTHERS_EXECUTE == OTHERS_EXECUTE {
|
||||
dacl += "FX"
|
||||
}
|
||||
}
|
||||
dacl += ";;;BU)"
|
||||
|
||||
klog.V(6).InfoS("Setting new DACL for path", "path", path, "dacl", dacl)
|
||||
|
||||
// create a new security descriptor from the DACL string
|
||||
newSD, err := windows.SecurityDescriptorFromString(dacl)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating new security descriptor from DACL string: %v", err)
|
||||
}
|
||||
|
||||
// get the DACL in binary format from the newly created security descriptor
|
||||
newDACL, _, err := newSD.DACL()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error getting DACL from new security descriptor: %v", err)
|
||||
}
|
||||
|
||||
// Write the new security descriptor to the file
|
||||
return windows.SetNamedSecurityInfo(
|
||||
path,
|
||||
windows.SE_FILE_OBJECT,
|
||||
windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION,
|
||||
nil, // owner SID
|
||||
nil, // group SID
|
||||
newDACL,
|
||||
nil) // SACL
|
||||
}
|
||||
|
||||
// IsAbs returns whether the given path is absolute or not.
|
||||
// On Windows, filepath.IsAbs will not return True for paths prefixed with a slash, even
|
||||
// though they can be used as absolute paths (https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats).
|
||||
|
2
vendor/k8s.io/kubernetes/test/utils/image/manifest.go
generated
vendored
2
vendor/k8s.io/kubernetes/test/utils/image/manifest.go
generated
vendored
@ -237,7 +237,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config
|
||||
configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"}
|
||||
configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"}
|
||||
configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.3"}
|
||||
configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.5"}
|
||||
configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.6"}
|
||||
configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.12-0"}
|
||||
configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"}
|
||||
configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"}
|
||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1643,7 +1643,7 @@ k8s.io/kubectl/pkg/util/podutils
|
||||
## explicit; go 1.22.0
|
||||
k8s.io/kubelet/pkg/apis
|
||||
k8s.io/kubelet/pkg/apis/stats/v1alpha1
|
||||
# k8s.io/kubernetes v1.30.2
|
||||
# k8s.io/kubernetes v1.30.3
|
||||
## explicit; go 1.22.0
|
||||
k8s.io/kubernetes/pkg/api/legacyscheme
|
||||
k8s.io/kubernetes/pkg/api/service
|
||||
|
Loading…
Reference in New Issue
Block a user