From 7ee471e79a94e72a6e4922a1716085ac70158792 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Tue, 27 Feb 2024 14:25:37 +0100 Subject: [PATCH] Revendor to g/g 1.76. (#381) --- README.md | 2 +- .../templates/rbac.yaml | 32 +++++++-- .../seed/mcm-monitoring-dashboard.json | 15 ++--- .../seed/templates/configmap-monitoring.yaml | 37 +++++------ .../seed/templates/deployment.yaml | 19 +++--- .../seed/templates/poddisruptionbudget.yaml | 14 ++++ .../seed/templates/vpa.yaml | 18 ++++- .../seed/values.yaml | 28 +++++++- .../app/app.go | 2 +- example/controller-registration.yaml | 6 +- go.mod | 14 ++-- go.sum | 28 ++++---- pkg/admission/mutator/shoot.go | 22 ++----- pkg/admission/mutator/webhook.go | 2 +- pkg/admission/validator/cloudprofile.go | 13 ++-- pkg/admission/validator/shoot.go | 20 ++---- pkg/admission/validator/webhook.go | 4 +- pkg/controller/controlplane/add.go | 22 ++++--- pkg/controller/controlplane/valuesprovider.go | 65 ++++++++++--------- pkg/controller/healthcheck/add.go | 8 ++- pkg/controller/infrastructure/actuator.go | 46 +++---------- pkg/controller/infrastructure/add.go | 14 ++-- pkg/controller/worker/actuator.go | 42 +++++------- pkg/controller/worker/add.go | 26 +++++--- pkg/webhook/controlplane/add.go | 23 ++----- pkg/webhook/controlplane/ensurer.go | 10 +-- pkg/webhook/controlplaneexposure/add.go | 2 +- pkg/webhook/controlplaneexposure/ensurer.go | 10 +-- pkg/webhook/shoot/add.go | 2 +- pkg/webhook/shoot/mutator.go | 19 ++---- 30 files changed, 285 insertions(+), 280 deletions(-) create mode 100644 charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml diff --git a/README.md b/README.md index d7ee0645e..472d51101 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/metal-stack/gardener-extension-provider-metal)](https://goreportcard.com/report/github.com/metal-stack/gardener-extension-provider-metal) -This is the implementation of the Gardener extension provider of metal-stack. It reconciles infrastructure, control plane, and worker resources of `type: Metal`. +This is the implementation of the Gardener extension provider of metal-stack. It reconciles infrastructure, control plane, and worker resources of `type: Metal`. Additionally, the project contains a validator for all metal-specific provider configs and mutating webhooks. diff --git a/charts/gardener-extension-provider-metal/templates/rbac.yaml b/charts/gardener-extension-provider-metal/templates/rbac.yaml index 51ec00d53..0eb65f176 100644 --- a/charts/gardener-extension-provider-metal/templates/rbac.yaml +++ b/charts/gardener-extension-provider-metal/templates/rbac.yaml @@ -9,9 +9,17 @@ rules: - apiGroups: - extensions.gardener.cloud resources: + - backupbuckets + - backupbuckets/status + - backupentries + - backupentries/status + - bastions + - bastions/status - clusters - controlplanes - controlplanes/status + - dnsrecords + - dnsrecords/status - infrastructures - infrastructures/status - workers @@ -84,12 +92,6 @@ rules: - "*" verbs: - "*" -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - "*" # metal-specific rules: - apiGroups: - metal-stack.io @@ -130,6 +132,24 @@ rules: - get - list - watch +- apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - "*" +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - list + - watch + - patch + - update + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json b/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json index 8b4b43cb5..f69abde24 100644 --- a/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json +++ b/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json @@ -150,14 +150,14 @@ "refId": "A" }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{resource=\"cpu\", unit=\"core\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Limits ({{pod}})", "refId": "C" }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{resource=\"cpu\", unit=\"core\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Requests ({{pod}})", @@ -250,14 +250,14 @@ "refId": "A" }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{resource=\"memory\", unit=\"byte\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Limits ({{pod}})", "refId": "B" }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{resource=\"memory\", unit=\"byte\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Requests ({{pod}})", @@ -547,14 +547,14 @@ "refId": "A" }, { - "expr": "mcm_machineset_items_total", + "expr": "mcm_machine_set_items_total", "format": "time_series", "intervalFactor": 1, "legendFormat": "machine set(s)", "refId": "B" }, { - "expr": "mcm_machinedeployment_items_total", + "expr": "mcm_machine_deployment_items_total", "format": "time_series", "intervalFactor": 1, "legendFormat": "machine deployment(s)", @@ -1070,7 +1070,6 @@ } } ], - "refresh": "30s", "schemaVersion": 18, "style": "dark", "tags": [ @@ -1168,7 +1167,7 @@ "14d" ] }, - "timezone": "browser", + "timezone": "utc", "title": "Machine Controller Manager", "uid": "machine-controller-manager", "version": 1 diff --git a/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml b/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml index dc96648ec..cf54861f2 100644 --- a/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml +++ b/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ConfigMap metadata: @@ -7,6 +6,23 @@ metadata: labels: extensions.gardener.cloud/configuration: monitoring data: + alerting_rules: | + machine-controller-manager.rules.yaml: | + groups: + - name: machine-controller-manager.rules + rules: + - alert: MachineControllerManagerDown + expr: absent(up{job="machine-controller-manager"} == 1) + for: 15m + labels: + service: machine-controller-manager + severity: critical + type: seed + visibility: operator + annotations: + description: There are no running machine controller manager instances. No shoot nodes can be created/maintained. + summary: Machine controller manager is down. + scrape_config: | - job_name: machine-controller-manager honor_labels: false @@ -27,26 +43,9 @@ data: target_label: pod metric_relabel_configs: - source_labels: [ __name__ ] - regex: ^(mcm_cloud_api_requests_failed_total|mcm_cloud_api_requests_total|mcm_machine_controller_frozen|mcm_machine_current_status_phase|mcm_machine_deployment_failed_machines|mcm_machine_items_total|mcm_machine_set_failed_machines|mcm_machinedeployment_items_total|mcm_machineset_items_total|mcm_scrape_failure_total|machine_adds|machine_depth|machine_queue_latency|machine_retries|machine_work_duration|machinedeployment_adds|machinedeployment_depth|machinedeployment_queue_latency|machinedeployment_retries|machinedeployment_work_duration|machinesafetyapiserver_adds|machinesafetyapiserver_depth|machinesafetyapiserver_queue_latency|machinesafetyapiserver_retries|machinesafetyapiserver_work_duration|machinesafetyorphanvms_adds|machinesafetyorphanvms_depth|machinesafetyorphanvms_queue_latency|machinesafetyorphanvms_retries|machinesafetyorphanvms_work_duration|machinesafetyovershooting_adds|machinesafetyovershooting_depth|machinesafetyovershooting_latency|machinesafetyovershooting_retries|machinesafetyovershooting_work_duration|machineset_adds|machineset_depth|machineset_queue_latency|machineset_retries|machineset_work_duration|node_adds|node_depth|node_queue_latency|node_retries|node_work_duration|secret_adds|secret_depth|secret_queue_latency|secret_retries|secret_work_duration|process_max_fds|process_open_fds)$ + regex: ^(mcm_cloud_api_requests_failed_total|mcm_cloud_api_requests_total|mcm_machine_controller_frozen|mcm_machine_current_status_phase|mcm_machine_deployment_failed_machines|mcm_machine_items_total|mcm_machine_set_failed_machines|mcm_machine_deployment_items_total|mcm_machine_set_items_total|mcm_machine_set_stale_machines_total|mcm_scrape_failure_total|process_max_fds|process_open_fds|mcm_workqueue_adds_total|mcm_workqueue_depth|mcm_workqueue_queue_duration_seconds_bucket|mcm_workqueue_queue_duration_seconds_sum|mcm_workqueue_queue_duration_seconds_count|mcm_workqueue_work_duration_seconds_bucket|mcm_workqueue_work_duration_seconds_sum|mcm_workqueue_work_duration_seconds_count|mcm_workqueue_unfinished_work_seconds|mcm_workqueue_longest_running_processor_seconds|mcm_workqueue_retries_total)$ action: keep - alerting_rules: | - machine-controller-manager.rules.yaml: | - groups: - - name: machine-controller-manager.rules - rules: - - alert: MachineControllerManagerDown - expr: absent(up{job="machine-controller-manager"} == 1) - for: 15m - labels: - service: machine-controller-manager - severity: critical - type: seed - visibility: operator - annotations: - description: There are no running machine controller manager instances. No shoot nodes can be created/maintained. - summary: Machine controller manager is down. - dashboard_operators: | machine-controller-manager-dashboard.json: |- {{ .Files.Get "mcm-monitoring-dashboard.json" | indent 6 }} diff --git a/charts/internal/machine-controller-manager/seed/templates/deployment.yaml b/charts/internal/machine-controller-manager/seed/templates/deployment.yaml index 39bddf675..2d9388f78 100644 --- a/charts/internal/machine-controller-manager/seed/templates/deployment.yaml +++ b/charts/internal/machine-controller-manager/seed/templates/deployment.yaml @@ -5,11 +5,11 @@ metadata: name: machine-controller-manager namespace: {{ .Release.Namespace }} labels: - gardener.cloud/role: controlplane app: kubernetes role: machine-controller-manager + high-availability-config.resources.gardener.cloud/type: controller spec: - revisionHistoryLimit: 0 + revisionHistoryLimit: 1 replicas: {{ .Values.replicas }} selector: matchLabels: @@ -17,9 +17,8 @@ spec: role: machine-controller-manager template: metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' {{- if .Values.podAnnotations }} + annotations: {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} labels: @@ -35,6 +34,7 @@ spec: {{ toYaml .Values.podLabels | indent 8 }} {{- end }} spec: + priorityClassName: gardener-system-300 serviceAccountName: machine-controller-manager terminationGracePeriodSeconds: 5 containers: @@ -54,6 +54,8 @@ spec: - --namespace={{ .Release.Namespace }} - --port={{ .Values.metricsPort2 }} - --v=3 + resources: +{{ toYaml .Values.resources.mcmProviderMetal | indent 10 }} livenessProbe: failureThreshold: 3 httpGet: @@ -70,7 +72,7 @@ spec: - mountPath: /var/run/secrets/gardener.cloud/shoot/generic-kubeconfig name: kubeconfig readOnly: true - - name: machine-controller-manager + - name: metal-machine-controller-manager image: {{ index .Values.images "machine-controller-manager" }} imagePullPolicy: IfNotPresent command: @@ -100,12 +102,7 @@ spec: containerPort: {{ .Values.metricsPort }} protocol: TCP resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: "3" - memory: 3000Mi +{{ toYaml .Values.resources.mcm | indent 10 }} volumeMounts: - mountPath: /var/run/secrets/gardener.cloud/shoot/generic-kubeconfig name: kubeconfig diff --git a/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml b/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..5c5ad6ae9 --- /dev/null +++ b/charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: machine-controller-manager + namespace: {{ .Release.Namespace }} + labels: + app: kubernetes + role: machine-controller-manager +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: kubernetes + role: machine-controller-manager diff --git a/charts/internal/machine-controller-manager/seed/templates/vpa.yaml b/charts/internal/machine-controller-manager/seed/templates/vpa.yaml index 4f89a4c50..c964fb688 100644 --- a/charts/internal/machine-controller-manager/seed/templates/vpa.yaml +++ b/charts/internal/machine-controller-manager/seed/templates/vpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.vpa.enabled }} -apiVersion: autoscaling.k8s.io/v1beta2 +apiVersion: autoscaling.k8s.io/v1 kind: VerticalPodAutoscaler metadata: name: machine-controller-manager-vpa @@ -11,4 +11,20 @@ spec: name: machine-controller-manager updatePolicy: updateMode: {{ .Values.vpa.updatePolicy.updateMode | quote }} + resourcePolicy: + containerPolicies: + - containerName: machine-controller-manager-provider-metal + minAllowed: + memory: {{ .Values.resources.mcmProviderMetal.requests.memory }} + maxAllowed: + cpu: {{ .Values.vpa.resourcePolicy.mcmProviderMetal.maxAllowed.cpu }} + memory: {{ .Values.vpa.resourcePolicy.mcmProviderMetal.maxAllowed.memory }} + controlledValues: RequestsOnly + - containerName: metal-machine-controller-manager + minAllowed: + memory: {{ .Values.resources.mcm.requests.memory }} + maxAllowed: + cpu: {{ .Values.vpa.resourcePolicy.mcm.maxAllowed.cpu }} + memory: {{ .Values.vpa.resourcePolicy.mcm.maxAllowed.memory }} + controlledValues: RequestsOnly {{- end }} diff --git a/charts/internal/machine-controller-manager/seed/values.yaml b/charts/internal/machine-controller-manager/seed/values.yaml index 672aaf24c..756453853 100644 --- a/charts/internal/machine-controller-manager/seed/values.yaml +++ b/charts/internal/machine-controller-manager/seed/values.yaml @@ -1,5 +1,6 @@ images: machine-controller-manager: image-repository:image-tag + machine-controller-manager-provider-metal: image-repository:image-tag replicas: 1 @@ -9,6 +10,9 @@ podLabels: {} providerName: provider-foo +# injected by generic worker actuator +genericTokenKubeconfigSecretName: generic-token-kubeconfig + namespace: uid: uuid-of-namespace @@ -19,5 +23,25 @@ vpa: enabled: true updatePolicy: updateMode: "Auto" - -genericTokenKubeconfigSecretName: generic-token-kubeconfig + resourcePolicy: + mcm: + maxAllowed: + cpu: 2 + memory: 5G + mcmProviderMetal: + maxAllowed: + cpu: 2 + memory: 5G + +resources: + mcm: + requests: + cpu: 31m + memory: 70Mi + mcmProviderMetal: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: "2" + memory: 5G diff --git a/cmd/gardener-extension-provider-metal/app/app.go b/cmd/gardener-extension-provider-metal/app/app.go index f102ce5e0..608de242d 100644 --- a/cmd/gardener-extension-provider-metal/app/app.go +++ b/cmd/gardener-extension-provider-metal/app/app.go @@ -211,7 +211,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command { metalcontrolplane.DefaultAddOptions.ShootWebhookConfig = atomicShootWebhookConfig metalcontrolplane.DefaultAddOptions.WebhookServerNamespace = webhookOptions.Server.Namespace - if err := controllerSwitches.Completed().AddToManager(mgr); err != nil { + if err := controllerSwitches.Completed().AddToManager(ctx, mgr); err != nil { return fmt.Errorf("could not add controllers to manager: %w", err) } diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index 583345871..c514c08b8 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,15 +5,17 @@ metadata: name: provider-metal type: helm providerConfig: - chart: H4sIAAAAAAAAA+0ca2/cNjKf9SsIuUXbQ6R9eO0EAnKoa7uJ7xLbsH3pHYoi0Er0rmKtqJKSH03z32/40lurlZ04fYgw4BU1MxySM8PhcKiFS30cYWrh2wRHLCCRFVNyHfhQtcKJG46ePLiMoTzb2RH/oVT/i9+T7dlkujPd3eX1k93t8ewJ2nl4090lZYlLEXpCCUnWwXW9/5OWRef87y9dmth37iq8bxt8gndns9b5n27PyvM/harxEzT+lB1tK3/z+Xfj4C2mfN4ddD0x3DjOHs2JPTYNHzOPBnEiqvbQKxyukMdFAl0SipIlRi+VCKE3XF7QqRIflEmUEbkr7KBOUTOuddNjG9o2vvTY/B1Kt/77xLMX5CFtdOn/zvaziv1/NhvvDPr/GGU0WhBnwSXATTBiS2R5yLTtEfxd48gndLQIkmU6tz2yGmlhyX8sXe9qpNEtj0QJJWEIskPxImAJ1IJE2UC2LFTIRl9967kJki29PTw7Pzo5/k494lt3FYd41EaOr0VoX748Dd0IO5LoUXRJXYBKvSSluvInQq8wlQ+mYYxG6BR4dhdYWTEcufMQM1QahjSOibJwqjKIFsLYeYRS7CUo5w2VeDPiIvU/vgnr1v8Ew2TAqLB7e4K9/b/peHs8Hfy/xyh95v/dEocxLNF2EvfyBTvs/2Q63a3M/3R3Otj/RykfPljIx5dBhJHJ3TQTWR8/Gt2uGseD9UFAG0UioTvHIbPBkbSv8J0kJx7SOaYRBjmyAzLiTZVotJC4dsNU8fThAwoiL0z9jFMbKcQ1jNRxqwxyKg5qgVDti5bqvQgiEJ7IwwLdPsMhdhm2j4G5Rs4y1oIVrBCSM4T4m+ASLV12SuH9LTLZ0p3u7DrQ7FvePDTF4e3EXaAMI6ZBlFwi82v2/desCklxTFiQEHq3jgT0ETcRdO5NEDpb6Hd1Qnwch+RuhaNE+fmZcLARbD2Kw/WlteLvU/rYf/B5LoPFyo0tMfnX4AcRahGYzRsaJLg1RtDl/892tyv2/xmvGuz/IxRlfUpa/VZM7ImeV2n7SmGCqyDyHe6Cgzy8cWODS4rvJq4DlkBu9putdbPgKCQGrnODKRXV0shIw+w0mHNO/neoBFlO0IxDa3ZEi+xdWUod9DsnsrbXZXIFo/alp+yTlnvpf89oYIf+70ynVf9/ezLE/x6nfCrFzmTjsyqzbCVTYQTFsizxv9gRIbi2lmM7E21mKwJa6m0vJKkP3ocbxkt3IghlQ6D293IwUrm/Nyr2UtHzwgB4BcgIjAiAyR4Cv5V6R9QCs56HY14PjCUXdzFmYqgo/jUNKPaR2UHfrhNAAcvwzS7+mvAVy2KQdW1PrgqY/dgpImZ8/Br3HRXA6NcuR8jam6eUJT1bFDj92pQo5SWlWapWrrcEz/lIrGCaz1Kl0J6E/I8HxNYity5mzS1fQldu3DA8gmmhkRvKnUnORNv7Nfy0kmxljTe0hX48+u+bQxjeFazgLdziBcWMHWCWBJHQ0ozP+ps1HDaQWcsbTjxfKzQD1wEGWj9yzXcZO9YWs9oSYNoKxc4gc0kEdBcMZZDcdWMrwIIYu95VGuecMG+J/TRsZ0Qi2BquyIaPw8Q9j9yYLUlyimlA/C4yDSi5NYTFFtO91A8SzZ8MvzZSLYLbCk6TcnnlBTmPwzS62oBWCb5IrFmiWsFlQ0vsXZArHHW3pCFzXC5Qt92IAqzU4iuirFNXgxywhHlK6GaYHDDHTEJ2uOmI5rCllvf3fgy45JW87bbWJXCuc8/rKldRMz+lhOWSvmb+tboIjO75bwXXTcUuTQJuI6R3sMaqlElV8PLOTqYNFkbsS07TMDwlYeA1GoMKSHuXMsBz7FHMFcojPvYPiHelfZx/nZ8c15qW4LmKNWKt5ay7wb/q5upPUPrs//IAXr8N4Pr932Qy2anmf2xv7wz7v0cpxW2TjsTKHdBBNtsb7wI/y96PxdjjDVN8HXA+XwXcpN69DlbgRaCxeBOD7XNZyQqpyn2SRmpNY8ALD/E4yo9OvOXrzfjYlQS0JigChUERLkkUkUQ7mXqd2DC8lrl9sAxesXRVCLUKJWyOm5Wm4VsRwEdf2ReKS/sHGPhTN1kic6PIrfmd6LI8fAAeinxV1qUWVteGBu7B7EZswei6wJkeYRguGnh6zT73KAh4tCgt3ZQA0BKn2UGUg8yG8xuzBYNxmhwnoSnOgbb4OYebhglSLPABiwnvZhAV0gUsCgIZrHAL9Vj4amZBkBU55ZuZ7XOilUoDRDi5IRSUuRbvSIjmwoLhYZiCIID6hyG5wf5m+D5IeT+MOJ2DQloKpjc2Da55islG6LCPIyn1YPDqhADNgq0JSZjFD/PyAbASL7Zms+2ccodVeJ55pcpCCbWAiXZh302zibC6TKYsQjHLM187e/v40am9lidwZplOi88oMeKSt5jpM1mtQJFy8bHQqME5kOZoeRdjWoAsuwzFPCCgCW0WYS1lEKxL8PZfjGDvOGoeGmUIRoWgX5UMbyXmGUDQzi2v8FJKYW4sivkDNMBelD1TxVf2W2DbOeb5XeSx4rjwlpYY3PY5dhMrW95erFndmhCBNr6xAh78uIYRYpw/v5W5DM8WeEcK7VxiVVsJSnlP/YeijN81GMEiItAKibEMiVr5wtfagEA50Rh7GUKV9o1I1urfA4nXxfkNnoPiX2n56zmXFWxlNLi9LnKloPbV5k8AlbfVkpofML5AFVSl1Dn1Oo9C81jUe1hNkPnUbKOl2m4i9JN61UKl4qaUl5xSW+qVNQcjaLm+z0NmL5zW5WqdB6EUJEyW7dTk+yZGMtukkgmKnc6svnpXxMXRddHGSdv8+nDv4PDs3eHrw/2Lo5Pjd8d7bw7PT/f2DzNIhEQqyI+wWDuFSh4KxaF/hi/LtaqeezRO5inamcTd1z/U/B692Xt5+BaYPTl7d/L28Oyns6OLGq8OGokkxMLh56jxNHTdJIXBNYwkY6eUzHGxj8skiV/mgQFZYtHfkZy138qvqkGo5qnlhUcieS9fXVycFl4EUZAEbniAQ/dOWUIHTcYZBMWuH/TmlWPdPQqrO0axAVaXQm1hpNUokMucilokbxNzI1zMhHgkdNDF/mk1PpQ5S0WcrLIpspVj/I4iHb8aN8SveLkmYbrCb/g2rKHL0pgWWF1xQKk23a7BQ9WoLRuhiZmaKhXguAydRCE4W3xP0K5OfH4CD+95Hid83O0WbiH38pIL052T1XDx8ffAe99reIWyg6iDFLZYi3MZ1IdfR2INVtWHt9hLiweSW2pchJt7Xtoo65diQPim+fA25na6uNHNISx0he9a0+myhLsaHkLSoYBW0VHU8FqYtIYGeZMbJO+V0RISk5As7v7NeTXLSX1LwhIxEQpHCnDNna9IoKePzItGZuMTc13UFvIN8QFvNtW2rZd4bybc/fntUpY1vA+x3T9s6RP/BbsD7iRNxWWweeov8GaB4M77P7PK/R/48Ww6xH8foyjTskjQtzxU1RQ9/Q5NqimAsQgfjK4ncxARHTA+Jf5BJh4/CPH4Y0SOYTv5n8i9doOQb4UEeZbOOzv84Ijxn8H09dF/One9+1wE7tD/2e6kdv9jwu9/D/r/+QtPnytqtphjN02WhAa/ySttV8+FX5RnB8q8jDMS4j763UdzaRpyj8viWX0vKUlj4X5ZqJDJV47sGqUtCwdV2SNMPhSCfQ01I5CBJJUvysGwxroiuIw8lX7nr8FLmit2uDEUDnbA5I8bbk3Erzj7lcYwlrje7bZ4dr3XMtzqZ7VlJsx/mHXiHiHUVxlPaq7rdIUtrlDzYNsjPMBarx7Yhq4Xpl++qwSYAZQ/CPPMszLFCNctWRZGbZ6LtuE2TfGPH4eKH/Nsglq1QyL4q0Dsi0o3QosAcVCQ4MKLwtlF2+hkyyOrPI5gF+iGwW9aCsFHh622+MlE5kUm8HK7oaDU4ZR8yk/2a88j5rkhVuTE9pUVH1y5l2VFnQO9wrUKHuKD/sn6HKL26j2Zyx/gbeY/RrBbkwKeJuIyrgp8eMXkXAkOu77A74DxgC2y0iMsLigF+Vs1G8LJCTbSIZVsaTM3ForZOIMcs5sUSBfhQ75OFoBGAs5KCCOjweXsV4hvyUxoiztCwWXgoTa7qsAS17tqbFAnb5Zm9Sbg+tZ3qDQpu1+b2ZOWZ11RFt2u1nU2VlfjIltrA3r+BisRwAB3NFASnz/2WSgeshRCi/wIhfqs8tiLgQc5Cj9IFf9s/gI0oWLwepjWcGhkSf4FT6aDH9gwvIfFRiiPRD4vBfM+zf7m8f2/Pv6/Mvm9twAd/v90Z1bN/5rubg/3/x6lNN7/UaL96XfvtRypTZI2LilZ8ZPh0Ld4Iog4O0Hf/PzB1McapmNe7J+aT03+znQ2Ox75+Ms3/TgQiSMY+5ZMALJAbMBUMktli5QYq/JRPhR9WuX8Xrzo06J1fDzWAGWzb+mQieKgEDOBdiuR9tK5KPAoiZowQDXESnvc3gOCyOMxe3EKLpMlVpGM0zwPAIYw4FmE+dJqyEODi5ODEwddLAMmVyW+NaAEfD5+8wccEFhOwUD6IhEtIigk0QJTYAc8S59nf/EPx1ymIrkCnYmbLLxqhVyGGCER/1/7tM731xP72Q7/LACaYxzBmi40yrf7SYqM1Fn1bos0pyaBvhf9T6YE94nvJeKmmlrMj/g5bB642yyzMzuQtdTh72y2LcahfHIqjo7EKPU6iP3SNn5ducf6r7Z8m7sBXfH/6WxSWf9n0/GQ//0oZd36r13bLxrE/9ID9Bcv3fovD94f8gHQDv3f3p5Mq9//mu3uDvr/GEWmHYuYgU4zdtBi6VHtoKkoSVMucOWTUHxtXDhIrBV8PxwXkpD3whv3jhlG8ZjNQRMjj1SgDx8No+AiOOj5+PnYyFOvRMXEMAoZk+qTAFkgX+4pKlmgMvGqHMJfA5jFjCVMU/6tg7Z5doMM969rsy3t1UGXbsiwYdTTPB308y9GJWlT1BlbqCnvg9+t5FktgboPvlXIAIndlMkMU5E8ZsjsFzngZ8Xpzr/wmDvoxZ/zkMxHK5e7V6N5GoTgRnPSI3mXj+dxGzr5qEBVytCCkEWI3+V58RLXclf+7kyhCbkxt/nnZmVF9iHYiT2Z2Ld/7l5Nar0y//mC92wqX9i2bRgl/9ExZK6YTvjj3qixtQV1CY9rM/FhSqUrTxG2FzZi+qbL/A4Jpz6/VgKYWrE4YaAjL8dkF1U0rnhp6Hu0+u6MSmozvIy15q9aNH3TAvZJXN050Og9I5HWlfz7Eo0Q4ssPk7FMIVKfZZgInSt//YDrReULAY13/jncmo8WyNf5df7KLeP8Kr+u0JfzJX+l+/bZbXtDZ0XVb9AbTVfhs8vL0jQ0XnGvwRSuoosneblcvxA3xvWDkCS5g8nvdeuX6p62Uel76X51Q+P1e9DcijfcQTm6PIbew7xgESltvFzcdrXYyL5GKNVCs61XH/W5l8FRHMpQhjKUoQxlKEMZylCGMpShDGUoQxnKUIYylKEMZShDEeX/Lwj1rwB4AAA= + chart: H4sIAAAAAAAAA+0ca2/cNjKf9SsIuUXbQ6R9eO0EAnKoa7uJ7xLbsH3pHYoi0Er0rmKtqIqSH03z32/4kqjXamWnTtOKMOAVyRkOyZnhcDjkwk18HOHEwrcpjmhAIitOyHXgQ9YKp244evLgNIb0bGeH/4dU/c9/T7Znk+nOdHeX5U92t8ezJ2jn4U13p4ymboLQk4SQdF29rvIvNC06539/6Sapfeeuwvu2wSZ4dzZrnf/p9qw8/1PIGj9B40/Z0bb0N59/Nw7e4oTNu4OuJ4Ybx/mnObHHpuFj6iVBnPKsPfQKhyvkMZZAlyRB6RKjl5KF0BvGL+hUsg/KOcqI3BV2UCerGdeq6bENbRufe2z+Dqlb/n3i2QvykDa65H9n+1lF/z+bjXcG+X+MNBotiLNgHOCmGNElsjxk2vYI/q5x5JNktAjSZTa3PbIaKWYpfixd72qkwC2PRGlCwhB4J8GLgKaQCxxlA9oyUyEbffWt56ZItPT28Oz86OT4O/mJb91VHOJRGzq2FqF9UXgauhF2BNKj6DJxoVbmpVmiMn8iyRVOxIdpGKMROgWa3QWWWgxH7jzEFJWGIYtjIjWczAyiBVd2HkkS7KWooA2VaDNiHfufX4V1y3+KYTJgVOi9LcHe9t90vD2eDvbfY6Q+8/9uicMYlmg7jXvZgh36fzKd7lbmf7o7HfT/o6QPHyzk48sgwshkZpqJrI8fjW5TjcHB+sBrGzqS0J3jkNpgSNpX+E6g4x/ZHCcRBj6yAzJiTZVwtKC4dsNM0vThAwoiL8z8nFIbScA1hNRhqwQyLA5qqSHb5y3VexFEwDyRhzm4fYZD7FJsHwNxjZTlpAUrWCEEZQixkuASLV16mkD5LTLp0p3u7DrQ7FvWPDTF6tupu0A5RJwEUXqJzK/p91/Tas0Ex4QGKUnu1qGAPuImhM69EUJntX5XJ8THcUjuVjhKpZ2fMwcdwdZDH67PLRV/n9RH/4PNcxksVm5s8cm/BjuIJBaB2bxJghS3+gi67P/Z7nZF/z9jWYP+f4QktU9Jqt/yiT1R8yp0X8lNcBVEvsNMcOCHN25sME7x3dR1QBOIzX6ztm5mHAlEwXRuUKU8WygZoZidBnXO0P8OmcDLKZqx2ooc3iJ9V+ZSB/3OkKztdRmdptQ+95R90nQv+e/pDeyQ/53ptGr/b08G/9/jpE8l2Dlv/KHCLFrJRRhBsiyL/9c7whnXVnxs56xNbYlAcb3thSTzwfpww3jpTjiifAjk/l4MRib290ZFX0p8XhgArVAzAiUC1UQPgd5KvsNzgVjPwzHLB8LSi7sYUz5UCf41CxLsI7MDv11HgAKaw5td9DXBS5L5IKvcnlRpkP3I0QFzOn6N+44KQPRrlwHk7c2zhKY9W+Qw/doUIOUlpZmrVq63BMv5iK9gis5SJpeelPyPOcTWArcuZs0tX0JXbtwwPIJpSSI3FDuTgoi28jX0tKJsJY01tIV+PPrvm0MY3hWs4C3U4kWCKT3ANA0iLqU5nfWSNRQ2oFlLG049Xwk0BdMBBlp9Msl3KT1WGrPaEkDaEsTOaxacCOAuKMogveuGlhU1Nna9qywuKKHeEvtZ2E6IALBVPZ0MH4epex65MV2S9BQnAfG70DSAFNoQFluc7GV+kCr6hPu1Eate3Zb1FCqXZV6Q8zjMoqsNcJXq68iaOaq1umhoib0LcoWj7pZUzQKWMdRtNyCvVmrxFZHaqatBVrEEeUqSzSBZxQIyDenhpiNa1C21vL/3Y8A4r2Rtt7UuKhcy97wuchUx87OE0ILT18y/EhcO0T3/rdVVU7GbpAHTEcI6WKNVyqgqcEVnJ9MGDcP3JadZGJ6SMPAalUGlSnuX8orn2EswEyiP+Ng/IN6VsnH+dX5yXGtaVC9ErBFqLWXdDf5VN1dfQOqz/ysceP02gOv3f5PJZKca/7G9vTPs/x4l6dsm5YkVO6CDfLY33gX+IXs/GmOPNZzg64DR+SpgKvXudbACKwKNeUkMus+lJS0kM/dJFsk1jQItzMXjSDs69ZavN6NjVyBQkiARaIPCTZIoIqkyMtU6saF7LTf7YBm8otlKc7VyIWz2m5Wm4VvuwEdf2ReSSvsHGPhTN10icyPPrfkd77I4fAAadLoq61ILqWtdA/cgdiOyYHRdoEyNMAxXEnhqzT73EmDwaFFauhMClZY4yw+iHGQ2nN+YLRCU4WQwaZLhotIWO+dwszBFkgQ2YDFh3QwiLVzASoAhgxVuwR5zW83UGFmik7aZ2T4nSqhUhQinNyQBYa75O1KiqLBgeChOgBFA/MOQ3GB/M3gfuLwfRJzNQSAtWac3dBJcsxCTjcBhH0eyxIPBqyMCMAu2JiSlFjvMKwbASr3Yms22C8wdWuF5bpVKDcXFAibahX13kk+E1aUyReKCWZ752tnbx49OrVicwJllPC02o4CIS9ZiLs9ktQJBKtjHQqMG40Coo+VdjBOtZtlk0OOAACe0qde1pEKwLsHafzGCveOoeWikIhhpTr8qGtZKzCKAoJ1bluFlSQJzYyWYfUAD9EXZMpV05b85tF1Ant9FHtXHhbW0xGC2z7GbWvny9mLN6tYECLjxjRUw58c1jBBl9PmtxOVwNoc7kmDnAqraSlCKe+o/FGX4rsEIFhGBVkiMhUvUKha+1gY4yImC2MsBqrhveLBW/x4IuC7Kb/AcBP9K8V/PuaxAS6XB9LVOlay1Lzd/vFJ5Wy2w+QFlC5QmKqXOyeLCC818Ue9hNUHmU7MNl2y7CdFPsqgFS8VMKS85pbZkkTUHJWi5vs9cZi+c1uVqnQUhBSRMl+3YRHkTIbluksEEeqdzrS/LdFgcXes6Tujm14d7B4dn7w5fH+5fHJ0cvzvee3N4frq3f5jXRIiHgvwIi7WjZTJXKA79M3xZzpX5zKJxckvRzjnuvvahovfozd7Lw7dA7MnZu5O3h2c/nR1d1Gh10IgHIWqHn6PG09B1kxQG1zCSlJ4mZI71Pi7TNH5ZOAZEinl/R2LWfisXVZ1QzVPLEvNEsl6+urg41QqCKEgDNzzAoXsnNaGDJuO8RoJdP+hNK4O6exRSdwy9AVrnQqVhhNbQ0OVGRc2Tt4m64SZmSjwSOuhi/7TqH8qNJR0mz2zybBUQv6NI+a/GDf4rlq5JmK3wG7YNa+iyUKYaqStWUYhNt2nwUDFqi0ZoIqYmSlo9xkMnUQjGFtsTtIsTm5/Aw3uexxAfd5uFW8i9vGTMdOfkOYx9/D2w3vcailB+EHWQwRZrcS6c+vDriK/BMvvwFnuZfiC5JceFm7nnpY2yKuQDwjbNh7cx09P6RreoYaErfNcaTpcH3NXgEBIGBbSKjqKGYq7SGhpkTW4QvFcGS0lMQrK4+zej1SwH9S0JTflESBjBwDVzvsKBnjoy15XMxifmKskt5BviA9xsqnRbL/bejLn709slLGtoH3y7f9rUx/8LegfMySTjl8Hmmb/AmzmCO+//zCr3f+DHs+ng/32MJFXLIkXfMldVk/f0OzSphgDG3H0wup7MgUWUw/iU+Ac5e/zA2ePP4TmG7eR/IvfaDUK2FeLoaTbv7PCDPcZfgurrI//J3PXucxG4M/5vtyr/08n42SD/j5FY+Jwu2XyO3SxdkiT4TVxpu3rO7aIiOlDEZZyREPeR7z6Sm2Qhs7gsFtX3MiFZzM0vC2mRfGXPrlHasrCqIhxlnnlXOKX1nBFMe5rpBdB4EuCGnHJVyk94Sh96BRm0Ij80H2NDjg7nR5S5uRK/+qlXKjvqGvP06sIrVvpdFIMFN5dDxRQ1N/4DKn7cME3Hf8X5ryyGecb1KWnztddnRLiC/Ty3TIT5D7OO3CMwBDIaS/JhHS9fJyrYPNiSceu01qsHtqHy+bIkyirOb6jKPvjSwSJG+QjXtWzu4m2ei7bhNk3+jx3VSh5UE9QquQLAXwV8z1a6rapXiANNurQC7VylbXTypZtWPkewQ3XD4DfFhbB/iKQ0Uh4VkkuF2ArJWvLgTIpCfg5d+x5Rzw2xRMe31lT/cMU+uySYIHy4lsHcj9A/kV/UqBW9J3PxAyzh4scIdpKCwbOUXxSWThlPDxwW1WFHGvgddTwgi6zUCPPLU0FRKmeDG2DBRjIkA0Ft6sZcMBtnkEHWUG2JQGqL2VHBZeChNrUsq6WgNRuxq9jP0sDfBEwk+vZGobL7tZl/KZZTGWXu6mpdBXN1Nc6DvTbA52+wkEEdfWkqPvvo8oespBssTfcgADQVYeK7Tq8A2hSM8hCkTFUXmqRrXMX+pI6wYQfbvnD0WRaFYgoxU9kPsqh+EPrmDzOsoAl5WKGGbA2FRn4bQjP5OuiBndV7WPm4mhDA5yWvZ3d/NtkIfm6z+S+T+uz/5LLaewvYsf+b7syq8X/T3e3h/uejpMb7X1JiP733phYjt0nQzmVCViwyIPQtFgjEz87QNz9/MNWxlumYF/un5lOTlZnOZsdjH3/5ph8FPHAIY98SAWAWsA1bPiwZLVQirEpH+VD8aZXye9GiTgvX0fFYA5TPvqVcZpICzWcG7VZOWkrn4kCjQGrCANUAK+2xZQwAeByX2YtSsAAsvjjmlBZxIDCEAYsiLWwjQxwaXZwcnDjoYhlQsdiy7VdCwK5mN7/AggR7CBSkzwMRI4JCEi1wAuSA9e6z6D/2cNBlxoNr0Bm/ycSyVsiliBISsf+1p5W+v57Yz3bYsxBojnEElgyXKN/uxynCErLq3eZhbk0MfS/8n0wI7uPfTflNRWmjHLFz+MJxu1lkb34gb8nD/9lsm49D+eScHx3yUep1EP+5dfy6dI/1X26rNzcDus5/prNJZf2fTcdD/P+jpHXrv7LYP+shzuceoL946pZ/EXjxkAdgO+R/e3syrb7/NtvdHeT/MZIIO+eeEhVm7qDF0kuUgSbdXE2x4JUnwdjauHAQXyvYNj/WgtD3whv3jhqGfszqoIlR+GfQh4+GoZkIDno+fj42itA7njExDC1iVj4JkZ+oiD1FJQpYBN6Vj0nWVMz98qJOU/y1g7ZZdIs4UlnXZlvYs4Mu3ZBiw6iH+Tro51+MStAuzzO2UFPcD7tby6KaAvkewJYWARS7GRURxjx40BDRT2LAz/TpLl74LAx0/ec8JPPRymXm1WieBSGY0Qz1SNzlZHH8hgo+07AKHloQsgjxu+JehIC13JW/O5NgnG/MbfbcsMjIHwKe2JOJfftl92pS65X5zxesZ1NRYNu2YZTsR8cQsYIq4JNZo8bWFuSl7OyA8odJpaw8Rdhe2Iiqm07zO8SN+uJaEUAqwWKIAY+4HJVfVFKwvNBQ96jV3SkZ1Gh4OWnNr5o0vWkC+yQm7qzS6D0lkZKV4n2Rxhr85Y/JWISQyWc5Jlzmyq9fMLmovBDR+OYDq7fm0QpRXDznULllXjzloDLU4wyCvtJ7C/lrC4aKiqu/oGA0PYWQX14XqqHxiYNaHe0pAv4lHhdQBfzFAPXBOUnsYIp7/apQ3tM3Kn0v3a9vaLx+D55p8YY7SEeXx9B7mBfMHcCNl8vbrpYb+WuUQiwU2Wr1kc/9DIbikIY0pCENaUhDGtKQhjSkIQ1pSEMa0pCGNKQhDWlIefo/JJQQJAB4AAA= values: image: - tag: v0.21.3 + tag: v0.22.2 --- apiVersion: core.gardener.cloud/v1beta1 kind: ControllerRegistration metadata: name: provider-metal + annotations: + security.gardener.cloud/pod-security-enforce: baseline spec: deployment: deploymentRefs: diff --git a/go.mod b/go.mod index 327f942bc..4073b380c 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/gardener/etcd-druid v0.18.1 - github.com/gardener/gardener v1.73.2 + github.com/gardener/etcd-druid v0.18.4 + github.com/gardener/gardener v1.76.4 github.com/gardener/gardener-extension-networking-calico v1.27.2 github.com/gardener/gardener-extension-networking-cilium v1.19.0 github.com/gardener/machine-controller-manager v0.49.3 @@ -32,7 +32,7 @@ require ( k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible k8s.io/code-generator v0.26.10 k8s.io/component-base v0.26.10 - k8s.io/kubelet v0.26.3 + k8s.io/kubelet v0.26.4 sigs.k8s.io/controller-runtime v0.14.6 sigs.k8s.io/yaml v1.4.0 ) @@ -152,15 +152,15 @@ require ( istio.io/api v0.0.0-20230217221049-9d422bf48675 // indirect istio.io/client-go v1.17.1 // indirect k8s.io/apiserver v0.26.10 // indirect - k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0 // indirect - k8s.io/cluster-bootstrap v0.26.3 // indirect + k8s.io/autoscaler/vertical-pod-autoscaler v0.14.0 // indirect + k8s.io/cluster-bootstrap v0.26.4 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/helm v2.16.1+incompatible // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-aggregator v0.26.3 // indirect + k8s.io/kube-aggregator v0.26.4 // indirect k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - k8s.io/metrics v0.26.3 // indirect + k8s.io/metrics v0.26.4 // indirect k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20221212190805-d4f1e822ca11 // indirect sigs.k8s.io/controller-tools v0.11.3 // indirect diff --git a/go.sum b/go.sum index afbc380b7..3ca960aa0 100644 --- a/go.sum +++ b/go.sum @@ -720,10 +720,10 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gardener/etcd-druid v0.18.1 h1:dcId4WayxlZiKvDMxLZHmmvWFXjTBFVqQWmqB5/8mdM= -github.com/gardener/etcd-druid v0.18.1/go.mod h1:Bn4doVhryu6GWdXaYlVNy7TZMjUSMr5EjChei06KX0w= -github.com/gardener/gardener v1.73.2 h1:z7frIsLgDidFB6vaCs2mTCC/kfYaPw24wr8RMneyKTk= -github.com/gardener/gardener v1.73.2/go.mod h1:uSkzPPoAEvdU1fvciTAsZFxPQ9vQpMbMFRJLMQgdfEQ= +github.com/gardener/etcd-druid v0.18.4 h1:CyDQRRBPDXYSoNPaSnrs4lw3Ht+aD3LuQZQliJz+Gw0= +github.com/gardener/etcd-druid v0.18.4/go.mod h1:NfBcP/xYSrbbtbPPFzEQ7CSQ73l+GtNQgx466Gv7FW0= +github.com/gardener/gardener v1.76.4 h1:m47txbRFtg2sTgffoxoghFvVerc3PHbwBHj2ve+GUnc= +github.com/gardener/gardener v1.76.4/go.mod h1:xqK/tGtxNF5wdCdtBtFqb2K6/u4s90gfW9gDPrmNLnM= github.com/gardener/gardener-extension-networking-calico v1.27.2 h1:9tOq6VtQ6gIkrYUZFQw1y8k9QNbS8kYqr5fqtq3FuMo= github.com/gardener/gardener-extension-networking-calico v1.27.2/go.mod h1:MURFRmYPHiXSfmJ82S3nXH3qGcszeYQwhMVKn/J5XoU= github.com/gardener/gardener-extension-networking-cilium v1.19.0 h1:gL5cAiKvAlvQyNSwbx94uyRkNRnc9pItVSDkPgUmIWg= @@ -1954,12 +1954,12 @@ k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDAp k8s.io/apiserver v0.26.10 h1:gradpIHygzZN87yK+o6V3gpbCSF78HZ0hejLZQQwdDs= k8s.io/apiserver v0.26.10/go.mod h1:TGrQKQWUfQcotK3P4TtoVZxXOWklFF36QZlA5wufLs4= k8s.io/autoscaler/vertical-pod-autoscaler v0.9.0/go.mod h1:PwWTGRRCxefhAezrDbG/tRYSAW7etHjjMPAr8fXKVAA= -k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0 h1:pH6AsxeBZcyX6KBqcnl7SPIJqbN1d59RrEBuIE6Rq6c= -k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0/go.mod h1:LraL5kR2xX7jb4VMCG6/tUH4I75uRHlnzC0VWQHcyWk= +k8s.io/autoscaler/vertical-pod-autoscaler v0.14.0 h1:HkQHkcuwVP3BgJpVqTGeYHro83qGBj8mWotygHZND1k= +k8s.io/autoscaler/vertical-pod-autoscaler v0.14.0/go.mod h1:w6/LjLR3DPQd57vlgvgbpzpuJKsCiily0+OzQI+nyfI= k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= -k8s.io/cluster-bootstrap v0.26.3 h1:x+yLUle2BaGoAfHbqyzCabGLHR0caZ+9Cvr9BlExR7w= -k8s.io/cluster-bootstrap v0.26.3/go.mod h1:/ycygTmZVqlJehSJQzV7RU6DH+MlW9TL0HEr/xQzDDI= +k8s.io/cluster-bootstrap v0.26.4 h1:VC1zutgohgdvTZ2B/PLZo0UV+XaERfwNdkm114cqUw4= +k8s.io/cluster-bootstrap v0.26.4/go.mod h1:zUsNa66NhkekYL7PIyp/bhtjqJq3DVO+tPu6w3Q9MXk= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/code-generator v0.26.10 h1:YHyiMDqabyW+S4s6WglcfsUJMl5GlpNPoFEwrS7/tIY= @@ -1980,15 +1980,15 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-aggregator v0.26.3 h1:nc4H5ymGkWPU3c9U9UM468JcmNENY/s/mDYVW3t3uRo= -k8s.io/kube-aggregator v0.26.3/go.mod h1:SgBESB/+PfZAyceTPIanfQ7GtX9G/+mjfUbTHg3Twbo= +k8s.io/kube-aggregator v0.26.4 h1:iGljhq5exQkbuc3bnkwUx95RPCBDExg7DkX9XaYhg6w= +k8s.io/kube-aggregator v0.26.4/go.mod h1:eWfg4tU0+l57ebWiS5THOANIJUrKRxudSVDJ+63bqvQ= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kubelet v0.26.3 h1:6WT2dX/39cvc3q25xkFmMIT2EoV+gS/8gxZmUiDvG4U= -k8s.io/kubelet v0.26.3/go.mod h1:yd5GJNMOFLMKxP1rmZhg6etbYAbdTimF87fBIBtRimA= +k8s.io/kubelet v0.26.4 h1:SEQPfjN4lu4uL9O8NdeN7Aum3liQ4kOnp/yC3jMRMUo= +k8s.io/kubelet v0.26.4/go.mod h1:ZMPGTCnrQ5UOlC7igXhbW9cgna1LtTRWLaHub4dA2FU= k8s.io/metrics v0.18.3/go.mod h1:TkuJE3ezDZ1ym8pYkZoEzJB7HDiFE7qxl+EmExEBoPA= -k8s.io/metrics v0.26.3 h1:pHI8XtmBbGGdh7bL0s2C3v93fJfxyktHPAFsnRYnDTo= -k8s.io/metrics v0.26.3/go.mod h1:NNnWARAAz+ZJTs75Z66fJTV7jHcVb3GtrlDszSIr3fE= +k8s.io/metrics v0.26.4 h1:ijyerycmjVp9EVPfDqha8eb+s9jw5c+A9MkTvuRBdms= +k8s.io/metrics v0.26.4/go.mod h1:0InNj7+/aS5POa0dDHuSleIDr5MHXaQQSpMc0mm17wE= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= diff --git a/pkg/admission/mutator/shoot.go b/pkg/admission/mutator/shoot.go index 7d8cbb1a1..bb0191d83 100644 --- a/pkg/admission/mutator/shoot.go +++ b/pkg/admission/mutator/shoot.go @@ -13,15 +13,19 @@ import ( kutil "github.com/gardener/gardener/pkg/utils/kubernetes" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) // NewShootMutator returns a new instance of a shoot mutator. -func NewShootMutator() extensionswebhook.Mutator { - return &mutator{} +func NewShootMutator(mgr manager.Manager) extensionswebhook.Mutator { + return &mutator{ + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), + } } type mutator struct { @@ -29,18 +33,6 @@ type mutator struct { decoder runtime.Decoder } -// InjectScheme injects the given scheme into the validator. -func (m *mutator) InjectScheme(scheme *runtime.Scheme) error { - m.decoder = serializer.NewCodecFactory(scheme, serializer.EnableStrict).UniversalDecoder() - return nil -} - -// InjectClient injects the given client into the mutator. -func (s *mutator) InjectClient(client client.Client) error { - s.client = client - return nil -} - // Mutate mutates the given shoot object. func (m *mutator) Mutate(ctx context.Context, new, old client.Object) error { shoot, ok := new.(*gardenv1beta1.Shoot) diff --git a/pkg/admission/mutator/webhook.go b/pkg/admission/mutator/webhook.go index 20477e11a..cc09e5aae 100644 --- a/pkg/admission/mutator/webhook.go +++ b/pkg/admission/mutator/webhook.go @@ -27,7 +27,7 @@ func New(mgr manager.Manager) (*extensionswebhook.Webhook, error) { Path: "/webhooks/mutate", Predicates: []predicate.Predicate{extensionspredicate.GardenCoreProviderType(metal.Type)}, Mutators: map[extensionswebhook.Mutator][]extensionswebhook.Type{ - NewShootMutator(): {{Obj: &gardencorev1beta1.Shoot{}}}, + NewShootMutator(mgr): {{Obj: &gardencorev1beta1.Shoot{}}}, }, }) } diff --git a/pkg/admission/validator/cloudprofile.go b/pkg/admission/validator/cloudprofile.go index a2194c777..55206b57f 100644 --- a/pkg/admission/validator/cloudprofile.go +++ b/pkg/admission/validator/cloudprofile.go @@ -13,23 +13,20 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) // NewCloudProfileValidator returns a new instance of a cloud profile validator. -func NewCloudProfileValidator() extensionswebhook.Validator { - return &cloudProfile{} +func NewCloudProfileValidator(mgr manager.Manager) extensionswebhook.Validator { + return &cloudProfile{ + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), + } } type cloudProfile struct { decoder runtime.Decoder } -// InjectScheme injects the given scheme into the validator. -func (cp *cloudProfile) InjectScheme(scheme *runtime.Scheme) error { - cp.decoder = serializer.NewCodecFactory(scheme).UniversalDecoder() - return nil -} - // Validate validates the given cloud profile objects. func (cp *cloudProfile) Validate(_ context.Context, new, old client.Object) error { cloudProfile, ok := new.(*core.CloudProfile) diff --git a/pkg/admission/validator/shoot.go b/pkg/admission/validator/shoot.go index 5810aa90c..f03aacdc1 100644 --- a/pkg/admission/validator/shoot.go +++ b/pkg/admission/validator/shoot.go @@ -19,11 +19,15 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) // NewShootValidator returns a new instance of a shoot validator. -func NewShootValidator() extensionswebhook.Validator { - return &shoot{} +func NewShootValidator(mgr manager.Manager) extensionswebhook.Validator { + return &shoot{ + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), + } } type shoot struct { @@ -31,18 +35,6 @@ type shoot struct { decoder runtime.Decoder } -// InjectScheme injects the given scheme into the validator. -func (s *shoot) InjectScheme(scheme *runtime.Scheme) error { - s.decoder = serializer.NewCodecFactory(scheme).UniversalDecoder() - return nil -} - -// InjectClient injects the given client into the validator. -func (s *shoot) InjectClient(client client.Client) error { - s.client = client - return nil -} - // Validate validates the given shoot object. func (s *shoot) Validate(ctx context.Context, new, old client.Object) error { shoot, ok := new.(*core.Shoot) diff --git a/pkg/admission/validator/webhook.go b/pkg/admission/validator/webhook.go index dc048609f..49814e384 100644 --- a/pkg/admission/validator/webhook.go +++ b/pkg/admission/validator/webhook.go @@ -28,8 +28,8 @@ func New(mgr manager.Manager) (*extensionswebhook.Webhook, error) { Path: "/webhooks/validate", Predicates: []predicate.Predicate{extensionspredicate.GardenCoreProviderType(metal.Type)}, Validators: map[extensionswebhook.Validator][]extensionswebhook.Type{ - NewShootValidator(): {{Obj: &core.Shoot{}}}, - NewCloudProfileValidator(): {{Obj: &core.CloudProfile{}}}, + NewShootValidator(mgr): {{Obj: &core.Shoot{}}}, + NewCloudProfileValidator(mgr): {{Obj: &core.CloudProfile{}}}, }, }) } diff --git a/pkg/controller/controlplane/add.go b/pkg/controller/controlplane/add.go index 58edfe17c..14806bfa6 100644 --- a/pkg/controller/controlplane/add.go +++ b/pkg/controller/controlplane/add.go @@ -1,12 +1,14 @@ package controlplane import ( + "context" "sync/atomic" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" "github.com/gardener/gardener/extensions/pkg/controller/controlplane" "github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator" "github.com/gardener/gardener/extensions/pkg/util" + kubernetesclient "github.com/gardener/gardener/pkg/client/kubernetes" "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config" "github.com/metal-stack/gardener-extension-provider-metal/pkg/imagevector" "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal" @@ -37,22 +39,26 @@ type AddOptions struct { // AddToManagerWithOptions adds a controller with the given Options to the given manager. // The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - return controlplane.Add(mgr, controlplane.AddArgs{ +func AddToManagerWithOptions(ctx context.Context, mgr manager.Manager, opts AddOptions) error { + gardenerClientset, err := kubernetesclient.NewWithConfig(kubernetesclient.WithRESTConfig(mgr.GetConfig())) + if err != nil { + return err + } - Actuator: genericactuator.NewActuator(metal.Name, + return controlplane.Add(ctx, mgr, controlplane.AddArgs{ + Actuator: genericactuator.NewActuator(mgr, metal.Name, secretConfigsFunc, shootAccessSecretsFunc, nil, nil, configChart, controlPlaneChart, cpShootChart, nil, storageClassChart, nil, - NewValuesProvider(logger, opts.ControllerConfig), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), - imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, mgr.GetWebhookServer().Port, + NewValuesProvider(mgr, opts.ControllerConfig), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), + imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, mgr.GetWebhookServer().Port, gardenerClientset, ), ControllerOptions: opts.Controller, - Predicates: controlplane.DefaultPredicates(opts.IgnoreOperationAnnotation), + Predicates: controlplane.DefaultPredicates(ctx, mgr, opts.IgnoreOperationAnnotation), Type: metal.Type, }) } // AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) +func AddToManager(ctx context.Context, mgr manager.Manager) error { + return AddToManagerWithOptions(ctx, mgr, DefaultAddOptions) } diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index 03d9a92dd..a7c10470d 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -24,7 +24,6 @@ import ( extensionsconfig "github.com/gardener/gardener/extensions/pkg/apis/config" extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" - "github.com/gardener/gardener/extensions/pkg/controller/common" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator" @@ -39,20 +38,8 @@ import ( "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/validation" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - corev1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - policyv1beta1 "k8s.io/api/policy/v1beta1" - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/intstr" - "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal" - apierrors "k8s.io/apimachinery/pkg/api/errors" - gutil "github.com/gardener/gardener/pkg/utils/gardener" kutil "github.com/gardener/gardener/pkg/utils/kubernetes" @@ -66,11 +53,25 @@ import ( "github.com/go-logr/logr" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + policyv1beta1 "k8s.io/api/policy/v1beta1" rbacv1 "k8s.io/api/rbac/v1" + storagev1 "k8s.io/api/storage/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) const ( @@ -180,8 +181,8 @@ func secretConfigsFunc(namespace string) []extensionssecretsmanager.SecretConfig } } -func shootAccessSecretsFunc(namespace string) []*gutil.ShootAccessSecret { - return []*gutil.ShootAccessSecret{ +func shootAccessSecretsFunc(namespace string) []*gutil.AccessSecret { + return []*gutil.AccessSecret{ gutil.NewShootAccessSecret(metal.FirewallControllerManagerDeploymentName, namespace), gutil.NewShootAccessSecret(metal.CloudControllerManagerDeploymentName, namespace), gutil.NewShootAccessSecret(metal.DurosControllerDeploymentName, namespace), @@ -293,7 +294,7 @@ var storageClassChart = &chart.Chart{ type networkMap map[string]*models.V1NetworkResponse // NewValuesProvider creates a new ValuesProvider for the generic actuator. -func NewValuesProvider(logger logr.Logger, controllerConfig config.ControllerConfiguration) genericactuator.ValuesProvider { +func NewValuesProvider(mgr manager.Manager, controllerConfig config.ControllerConfiguration) genericactuator.ValuesProvider { cpShootChart.Objects = append(cpShootChart.Objects, []*chart.Object{ {Type: &corev1.ConfigMap{}, Name: "shoot-info-node-cidr"}, }...) @@ -339,15 +340,17 @@ func NewValuesProvider(logger logr.Logger, controllerConfig config.ControllerCon } return &valuesProvider{ - logger: logger.WithName("metal-values-provider"), controllerConfig: controllerConfig, + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), } } // valuesProvider is a ValuesProvider that provides metal-specific values for the 2 charts applied by the generic actuator. type valuesProvider struct { genericactuator.NoopValuesProvider - common.ClientContext + client client.Client + decoder runtime.Decoder logger logr.Logger controllerConfig config.ControllerConfiguration } @@ -417,7 +420,7 @@ func (vp *valuesProvider) getClusterAuditConfigValues(ctx context.Context, cp *e } func (vp *valuesProvider) getCustomSplunkValues(ctx context.Context, clusterName string, auditToSplunkValues map[string]interface{}) (map[string]interface{}, error) { - shootConfig, _, err := util.NewClientForShoot(ctx, vp.Client(), clusterName, client.Options{}, extensionsconfig.RESTOptions{}) + shootConfig, _, err := util.NewClientForShoot(ctx, vp.client, clusterName, client.Options{}, extensionsconfig.RESTOptions{}) if err != nil { return auditToSplunkValues, err } @@ -470,7 +473,7 @@ func (vp *valuesProvider) GetControlPlaneChartValues( scaledDown bool, ) (map[string]any, error) { infrastructureConfig := &apismetal.InfrastructureConfig{} - if _, _, err := vp.Decoder().Decode(cluster.Shoot.Spec.Provider.InfrastructureConfig.Raw, nil, infrastructureConfig); err != nil { + if _, _, err := vp.decoder.Decode(cluster.Shoot.Spec.Provider.InfrastructureConfig.Raw, nil, infrastructureConfig); err != nil { return nil, fmt.Errorf("could not decode providerConfig of infrastructure %w", err) } @@ -489,7 +492,7 @@ func (vp *valuesProvider) GetControlPlaneChartValues( return nil, err } - metalCredentials, err := metalclient.ReadCredentialsFromSecretRef(ctx, vp.Client(), &cp.Spec.SecretRef) + metalCredentials, err := metalclient.ReadCredentialsFromSecretRef(ctx, vp.client, &cp.Spec.SecretRef) if err != nil { return nil, err } @@ -515,16 +518,16 @@ func (vp *valuesProvider) GetControlPlaneChartValues( // it would need the start of another reconcilation until the node cidr can be picked up from the cluster resource // therefore, we read it directly from the infrastructure status infrastructure := &extensionsv1alpha1.Infrastructure{} - if err := vp.Client().Get(ctx, kutil.Key(cp.Namespace, cp.Name), infrastructure); err != nil { + if err := vp.client.Get(ctx, kutil.Key(cp.Namespace, cp.Name), infrastructure); err != nil { return nil, err } - sshSecret, err := helper.GetLatestSSHSecret(ctx, vp.Client(), cp.Namespace) + sshSecret, err := helper.GetLatestSSHSecret(ctx, vp.client, cp.Namespace) if err != nil { return nil, fmt.Errorf("could not find current ssh secret: %w", err) } - caBundle, err := helper.GetLatestSecret(ctx, vp.Client(), cp.Namespace, metal.FirewallControllerManagerDeploymentName) + caBundle, err := helper.GetLatestSecret(ctx, vp.client, cp.Namespace, metal.FirewallControllerManagerDeploymentName) if err != nil { return nil, fmt.Errorf("could not get ca from secret: %w", err) } @@ -534,7 +537,7 @@ func (vp *valuesProvider) GetControlPlaneChartValues( return nil, err } - storageValues, err := getStorageControlPlaneChartValues(ctx, vp.Client(), vp.logger, vp.controllerConfig.Storage, cluster, infrastructureConfig, cpConfig, nws) + storageValues, err := getStorageControlPlaneChartValues(ctx, vp.client, vp.logger, vp.controllerConfig.Storage, cluster, infrastructureConfig, cpConfig, nws) if err != nil { return nil, err } @@ -586,7 +589,7 @@ func (vp *valuesProvider) GetControlPlaneExposureChartValues( // GetControlPlaneShootChartValues returns the values for the control plane shoot chart applied by the generic actuator. func (vp *valuesProvider) GetControlPlaneShootChartValues(ctx context.Context, cp *extensionsv1alpha1.ControlPlane, cluster *extensionscontroller.Cluster, secretsReader secretsmanager.Reader, checksums map[string]string) (map[string]interface{}, error) { infrastructureConfig := &apismetal.InfrastructureConfig{} - if _, _, err := vp.Decoder().Decode(cluster.Shoot.Spec.Provider.InfrastructureConfig.Raw, nil, infrastructureConfig); err != nil { + if _, _, err := vp.decoder.Decode(cluster.Shoot.Spec.Provider.InfrastructureConfig.Raw, nil, infrastructureConfig); err != nil { return nil, fmt.Errorf("could not decode providerConfig of infrastructure %w", err) } @@ -605,7 +608,7 @@ func (vp *valuesProvider) GetControlPlaneShootChartValues(ctx context.Context, c return nil, err } - mclient, err := metalclient.NewClient(ctx, vp.Client(), metalControlPlane.Endpoint, &cp.Spec.SecretRef) + mclient, err := metalclient.NewClient(ctx, vp.client, metalControlPlane.Endpoint, &cp.Spec.SecretRef) if err != nil { return nil, err } @@ -626,7 +629,7 @@ func (vp *valuesProvider) GetControlPlaneShootChartValues(ctx context.Context, c // it would need the start of another reconcilation until the node cidr can be picked up from the cluster resource // therefore, we read it directly from the infrastructure status infrastructure := &extensionsv1alpha1.Infrastructure{} - if err := vp.Client().Get(ctx, kutil.Key(cp.Namespace, cp.Name), infrastructure); err != nil { + if err := vp.client.Get(ctx, kutil.Key(cp.Namespace, cp.Name), infrastructure); err != nil { return nil, err } @@ -673,7 +676,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c // We can then remove reading the dns entry resources entirely // get apiserver ip adresses from external dns record dnsRecord := &extensionsv1alpha1.DNSRecord{} - err := vp.Client().Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%s-external", cluster.Shoot.Name), Namespace: namespace}, dnsRecord) + err := vp.client.Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%s-external", cluster.Shoot.Name), Namespace: namespace}, dnsRecord) if err != nil { return nil, fmt.Errorf("failed to get dnsRecord %w", err) } @@ -859,7 +862,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c func (vp *valuesProvider) getSecret(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error) { key := kutil.Key(namespace, secretName) secret := &corev1.Secret{} - err := vp.Client().Get(ctx, key, secret) + err := vp.client.Get(ctx, key, secret) if err != nil { if apierrors.IsNotFound(err) { vp.logger.Error(err, "error getting secret - not found") @@ -1107,7 +1110,7 @@ func (vp *valuesProvider) getFirewallControllerManagerChartValues(ctx context.Co }, } isConfigMapConfigured := false - err := vp.Client().Get(ctx, client.ObjectKeyFromObject(cm), cm) + err := vp.client.Get(ctx, client.ObjectKeyFromObject(cm), cm) if err == nil { url, ok := cm.Data["url"] if ok { diff --git a/pkg/controller/healthcheck/add.go b/pkg/controller/healthcheck/add.go index 4d5f4bf04..48264b460 100644 --- a/pkg/controller/healthcheck/add.go +++ b/pkg/controller/healthcheck/add.go @@ -44,12 +44,13 @@ type AddOptions struct { } // RegisterHealthChecks registers health checks for each extension resource -func RegisterHealthChecks(mgr manager.Manager, opts AddOptions) error { +func RegisterHealthChecks(ctx context.Context, mgr manager.Manager, opts AddOptions) error { durosPreCheck := func(_ context.Context, _ client.Client, _ client.Object, _ *extensionscontroller.Cluster) bool { return opts.ControllerConfig.Storage.Duros.Enabled } if err := healthcheck.DefaultRegistration( + ctx, metal.Type, extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.ControlPlaneResource), func() client.ObjectList { return &extensionsv1alpha1.ControlPlaneList{} }, @@ -91,6 +92,7 @@ func RegisterHealthChecks(mgr manager.Manager, opts AddOptions) error { } return healthcheck.DefaultRegistration( + ctx, metal.Type, extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.WorkerResource), func() client.ObjectList { return &extensionsv1alpha1.WorkerList{} }, @@ -118,6 +120,6 @@ func RegisterHealthChecks(mgr manager.Manager, opts AddOptions) error { } // AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return RegisterHealthChecks(mgr, DefaultAddOptions) +func AddToManager(ctx context.Context, mgr manager.Manager) error { + return RegisterHealthChecks(ctx, mgr, DefaultAddOptions) } diff --git a/pkg/controller/infrastructure/actuator.go b/pkg/controller/infrastructure/actuator.go index eb073909a..13a19e8a8 100644 --- a/pkg/controller/infrastructure/actuator.go +++ b/pkg/controller/infrastructure/actuator.go @@ -10,58 +10,30 @@ import ( metalv1alpha1 "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/v1alpha1" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - gardenerkubernetes "github.com/gardener/gardener/pkg/client/kubernetes" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) type actuator struct { - clientset kubernetes.Interface - gardenerClientset gardenerkubernetes.Interface - restConfig *rest.Config - - client client.Client - scheme *runtime.Scheme - decoder runtime.Decoder + restConfig *rest.Config + client client.Client + decoder runtime.Decoder } // NewActuator creates a new Actuator that updates the status of the handled Infrastructure resources. -func NewActuator() infrastructure.Actuator { - return &actuator{} -} - -func (a *actuator) InjectScheme(scheme *runtime.Scheme) error { - a.scheme = scheme - a.decoder = serializer.NewCodecFactory(a.scheme).UniversalDecoder() - return nil -} - -func (a *actuator) InjectClient(client client.Client) error { - a.client = client - return nil -} - -func (a *actuator) InjectConfig(config *rest.Config) error { - var err error - a.clientset, err = kubernetes.NewForConfig(config) - if err != nil { - return fmt.Errorf("could not create Kubernetes client %w", err) - } - - a.gardenerClientset, err = gardenerkubernetes.NewWithConfig(gardenerkubernetes.WithRESTConfig(config)) - if err != nil { - return fmt.Errorf("could not create Gardener client %w", err) +func NewActuator(mgr manager.Manager) infrastructure.Actuator { + return &actuator{ + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme()).UniversalDecoder(), + restConfig: mgr.GetConfig(), } - - a.restConfig = config - return nil } func decodeInfrastructure(infrastructure *extensionsv1alpha1.Infrastructure, decoder runtime.Decoder) (*metalapi.InfrastructureConfig, *metalapi.InfrastructureStatus, error) { diff --git a/pkg/controller/infrastructure/add.go b/pkg/controller/infrastructure/add.go index 2ec7ee214..a1e76c795 100644 --- a/pkg/controller/infrastructure/add.go +++ b/pkg/controller/infrastructure/add.go @@ -1,6 +1,8 @@ package infrastructure import ( + "context" + "github.com/gardener/gardener/extensions/pkg/controller/infrastructure" "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal" @@ -23,16 +25,16 @@ type AddOptions struct { // AddToManagerWithOptions adds a controller with the given Options to the given manager. // The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - return infrastructure.Add(mgr, infrastructure.AddArgs{ - Actuator: NewActuator(), +func AddToManagerWithOptions(ctx context.Context, mgr manager.Manager, opts AddOptions) error { + return infrastructure.Add(ctx, mgr, infrastructure.AddArgs{ + Actuator: NewActuator(mgr), ControllerOptions: opts.Controller, - Predicates: infrastructure.DefaultPredicates(opts.IgnoreOperationAnnotation), + Predicates: infrastructure.DefaultPredicates(ctx, mgr, opts.IgnoreOperationAnnotation), Type: metal.Type, }) } // AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) +func AddToManager(ctx context.Context, mgr manager.Manager) error { + return AddToManagerWithOptions(ctx, mgr, DefaultAddOptions) } diff --git a/pkg/controller/worker/actuator.go b/pkg/controller/worker/actuator.go index f204ef299..8f00ff735 100644 --- a/pkg/controller/worker/actuator.go +++ b/pkg/controller/worker/actuator.go @@ -10,6 +10,7 @@ import ( extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" "github.com/gardener/gardener/extensions/pkg/controller/worker" "github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config" apismetal "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal" "github.com/metal-stack/gardener-extension-provider-metal/pkg/imagevector" @@ -31,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" + "sigs.k8s.io/controller-runtime/pkg/manager" ) type ( @@ -52,10 +53,10 @@ type ( networkCache *cache.Cache[*cacheKey, *models.V1NetworkResponse] - restConfig *rest.Config client client.Client - scheme *runtime.Scheme decoder runtime.Decoder + restConfig *rest.Config + scheme *runtime.Scheme } delegateFactory struct { @@ -90,27 +91,7 @@ type ( } ) -func (a *actuator) InjectFunc(f inject.Func) error { - return f(a.workerActuator) -} - -func (a *actuator) InjectScheme(scheme *runtime.Scheme) error { - a.scheme = scheme - a.decoder = serializer.NewCodecFactory(scheme).UniversalDecoder() - return nil -} - -func (a *actuator) InjectClient(client client.Client) error { - a.client = client - return nil -} - -func (a *actuator) InjectConfig(restConfig *rest.Config) error { - a.restConfig = restConfig - return nil -} - -func NewActuator(machineImages []config.MachineImage, controllerConfig config.ControllerConfiguration) worker.Actuator { +func NewActuator(mgr manager.Manager, machineImages []config.MachineImage, controllerConfig config.ControllerConfiguration) (worker.Actuator, error) { a := &actuator{ controllerConfig: controllerConfig, networkCache: cache.New(15*time.Minute, func(ctx context.Context, accessor *cacheKey) (*models.V1NetworkResponse, error) { @@ -124,6 +105,10 @@ func NewActuator(machineImages []config.MachineImage, controllerConfig config.Co } return privateNetwork, nil }), + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), + restConfig: mgr.GetConfig(), + scheme: mgr.GetScheme(), } delegateFactory := &delegateFactory{ @@ -135,16 +120,21 @@ func NewActuator(machineImages []config.MachineImage, controllerConfig config.Co machineImageMapping: machineImages, } - a.workerActuator = genericactuator.NewActuator( + var err error + a.workerActuator, err = genericactuator.NewActuator( + mgr, delegateFactory, metal.MachineControllerManagerName, mcmChart, mcmShootChart, imagevector.ImageVector(), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), + func(err error) []gardencorev1beta1.ErrorCode { + return util.DetermineErrorCodes(err, map[gardencorev1beta1.ErrorCode]func(string) bool{}) // TODO: implement our error codes? + }, ) - return a + return a, err } func (a *actuator) Reconcile(ctx context.Context, log logr.Logger, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) error { diff --git a/pkg/controller/worker/add.go b/pkg/controller/worker/add.go index 65b94e57b..203097bfe 100644 --- a/pkg/controller/worker/add.go +++ b/pkg/controller/worker/add.go @@ -1,12 +1,15 @@ package worker import ( + "context" + "github.com/gardener/gardener/extensions/pkg/controller/worker" "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config" "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal" machinescheme "github.com/gardener/machine-controller-manager/pkg/client/clientset/versioned/scheme" apiextensionsscheme "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme" + "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/manager" ) @@ -29,24 +32,29 @@ type AddOptions struct { // AddToManagerWithOptions adds a controller with the given Options to the given manager. // The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - scheme := mgr.GetScheme() - if err := apiextensionsscheme.AddToScheme(scheme); err != nil { +func AddToManagerWithOptions(ctx context.Context, mgr manager.Manager, opts AddOptions) error { + schemeBuilder := runtime.NewSchemeBuilder( + apiextensionsscheme.AddToScheme, + machinescheme.AddToScheme, + ) + if err := schemeBuilder.AddToScheme(mgr.GetScheme()); err != nil { return err } - if err := machinescheme.AddToScheme(scheme); err != nil { + + actuator, err := NewActuator(mgr, opts.MachineImages, opts.ControllerConfig) + if err != nil { return err } - return worker.Add(mgr, worker.AddArgs{ - Actuator: NewActuator(opts.MachineImages, opts.ControllerConfig), + return worker.Add(ctx, mgr, worker.AddArgs{ + Actuator: actuator, ControllerOptions: opts.Controller, - Predicates: worker.DefaultPredicates(opts.IgnoreOperationAnnotation), + Predicates: worker.DefaultPredicates(ctx, mgr, opts.IgnoreOperationAnnotation), Type: metal.Type, }) } // AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) +func AddToManager(ctx context.Context, mgr manager.Manager) error { + return AddToManagerWithOptions(ctx, mgr, DefaultAddOptions) } diff --git a/pkg/webhook/controlplane/add.go b/pkg/webhook/controlplane/add.go index a2d992fbd..ac67f0d09 100644 --- a/pkg/webhook/controlplane/add.go +++ b/pkg/webhook/controlplane/add.go @@ -26,7 +26,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" ) var ( @@ -50,7 +49,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionsw {Obj: &appsv1.Deployment{}}, {Obj: &extensionsv1alpha1.OperatingSystemConfig{}}, }, - Mutator: newMutator(opts.ControllerConfig), + Mutator: newMutator(mgr, opts.ControllerConfig), }) } @@ -66,15 +65,17 @@ type mutator struct { gardenerMutator extensionswebhook.Mutator } -func newMutator(c config.ControllerConfiguration) extensionswebhook.Mutator { +func newMutator(mgr manager.Manager, c config.ControllerConfiguration) extensionswebhook.Mutator { fciCodec := oscutils.NewFileContentInlineCodec() - gardenerMutator := genericmutator.NewMutator(NewEnsurer(logger, c), oscutils.NewUnitSerializer(), + gardenerMutator := genericmutator.NewMutator(mgr, NewEnsurer(mgr, logger, c), oscutils.NewUnitSerializer(), kubelet.NewConfigCodec(fciCodec), fciCodec, logger) return &mutator{ logger: logger, gardenerMutator: gardenerMutator, + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme()).UniversalDecoder(), } } @@ -180,17 +181,3 @@ func (m *mutator) mutateOperatingSystemConfig(ctx context.Context, gctx gcontext return nil } - -func (m *mutator) InjectClient(client client.Client) error { - m.client = client - return nil -} - -func (m *mutator) InjectFunc(f inject.Func) error { - return f(m.gardenerMutator) -} - -func (m *mutator) InjectScheme(scheme *runtime.Scheme) error { - m.decoder = serializer.NewCodecFactory(scheme, serializer.EnableStrict).UniversalDecoder() - return nil -} diff --git a/pkg/webhook/controlplane/ensurer.go b/pkg/webhook/controlplane/ensurer.go index 2e1874338..73eed251f 100644 --- a/pkg/webhook/controlplane/ensurer.go +++ b/pkg/webhook/controlplane/ensurer.go @@ -36,13 +36,15 @@ import ( "k8s.io/apimachinery/pkg/api/resource" kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" ) // NewEnsurer creates a new controlplane ensurer. -func NewEnsurer(logger logr.Logger, controllerConfig config.ControllerConfiguration) genericmutator.Ensurer { +func NewEnsurer(mgr manager.Manager, logger logr.Logger, controllerConfig config.ControllerConfiguration) genericmutator.Ensurer { return &ensurer{ logger: logger.WithName("metal-controlplane-ensurer"), controllerConfig: controllerConfig, + client: mgr.GetClient(), } } @@ -53,12 +55,6 @@ type ensurer struct { controllerConfig config.ControllerConfiguration } -// InjectClient injects the given client into the ensurer. -func (e *ensurer) InjectClient(client client.Client) error { - e.client = client - return nil -} - // EnsureKubeAPIServerDeployment ensures that the kube-apiserver deployment conforms to the provider requirements. func (e *ensurer) EnsureKubeAPIServerDeployment(ctx context.Context, gctx gcontext.GardenContext, new, _ *appsv1.Deployment) error { cluster, err := gctx.GetCluster(ctx) diff --git a/pkg/webhook/controlplaneexposure/add.go b/pkg/webhook/controlplaneexposure/add.go index 01a0e263f..e233fbeb9 100644 --- a/pkg/webhook/controlplaneexposure/add.go +++ b/pkg/webhook/controlplaneexposure/add.go @@ -38,7 +38,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionsw {Obj: &appsv1.Deployment{}}, {Obj: &druidv1alpha1.Etcd{}}, }, - Mutator: genericmutator.NewMutator(NewEnsurer(&opts.ETCD, logger), nil, nil, nil, logger), + Mutator: genericmutator.NewMutator(mgr, NewEnsurer(mgr, &opts.ETCD, logger), nil, nil, nil, logger), }) } diff --git a/pkg/webhook/controlplaneexposure/ensurer.go b/pkg/webhook/controlplaneexposure/ensurer.go index 76cdc3e25..be8bb7b7b 100644 --- a/pkg/webhook/controlplaneexposure/ensurer.go +++ b/pkg/webhook/controlplaneexposure/ensurer.go @@ -14,6 +14,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" gcontext "github.com/gardener/gardener/extensions/pkg/webhook/context" @@ -25,9 +26,10 @@ import ( ) // NewEnsurer creates a new controlplaneexposure ensurer. -func NewEnsurer(etcdStorage *config.ETCD, logger logr.Logger) genericmutator.Ensurer { +func NewEnsurer(mgr manager.Manager, etcdStorage *config.ETCD, logger logr.Logger) genericmutator.Ensurer { return &ensurer{ c: etcdStorage, + client: mgr.GetClient(), logger: logger.WithName("metal-controlplaneexposure-ensurer"), } } @@ -39,12 +41,6 @@ type ensurer struct { logger logr.Logger } -// InjectClient injects the given client into the ensurer. -func (e *ensurer) InjectClient(client client.Client) error { - e.client = client - return nil -} - // EnsureKubeAPIServerService ensures that the kube-apiserver service conforms to the provider requirements. func (e *ensurer) EnsureKubeAPIServerService(ctx context.Context, gctx gcontext.GardenContext, new, old *corev1.Service) error { return nil diff --git a/pkg/webhook/shoot/add.go b/pkg/webhook/shoot/add.go index a6a8b9ccd..e3fed946a 100644 --- a/pkg/webhook/shoot/add.go +++ b/pkg/webhook/shoot/add.go @@ -28,7 +28,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionsw {Obj: &corev1.ConfigMap{}}, {Obj: &corev1.Secret{}}, }, - Mutator: NewMutator(), + Mutator: NewMutator(mgr), }) } diff --git a/pkg/webhook/shoot/mutator.go b/pkg/webhook/shoot/mutator.go index a437f36d9..e014388c0 100644 --- a/pkg/webhook/shoot/mutator.go +++ b/pkg/webhook/shoot/mutator.go @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/manager" ) type mutator struct { @@ -38,24 +39,14 @@ type mutator struct { } // NewMutator creates a new Mutator that mutates resources in the shoot cluster. -func NewMutator() extensionswebhook.Mutator { +func NewMutator(mgr manager.Manager) extensionswebhook.Mutator { return &mutator{ - logger: log.Log.WithName("shoot-mutator"), + logger: log.Log.WithName("shoot-mutator"), + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), } } -// InjectScheme injects the given scheme into the validator. -func (s *mutator) InjectScheme(scheme *runtime.Scheme) error { - s.decoder = serializer.NewCodecFactory(scheme).UniversalDecoder() - return nil -} - -// InjectClient injects the given client into the mutator. -func (s *mutator) InjectClient(client client.Client) error { - s.client = client - return nil -} - func (m *mutator) Mutate(ctx context.Context, new, _ client.Object) error { acc, err := meta.Accessor(new) if err != nil {