From 9f048be91be4412e33207ccd5924825825f3f5af Mon Sep 17 00:00:00 2001 From: Edgar Lee Date: Fri, 16 Feb 2024 02:48:56 -0500 Subject: [PATCH 01/22] Rootless mode also bind service nodePort to host for LoadBalancer type Signed-off-by: Edgar Lee (cherry picked from commit 8c83b5e0f335dfc21c849f7c04a2446ac83f6ce4) Signed-off-by: Brad Davidson --- pkg/rootlessports/controller.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/rootlessports/controller.go b/pkg/rootlessports/controller.go index d449fd048bb2..ba8fa67e314c 100644 --- a/pkg/rootlessports/controller.go +++ b/pkg/rootlessports/controller.go @@ -143,11 +143,14 @@ func (h *handler) toBindPorts() (map[int]int, error) { continue } - if port.Port != 0 { - if port.Port <= 1024 { - toBindPorts[10000+int(port.Port)] = int(port.Port) + for _, toBindPort := range []int32{port.Port, port.NodePort} { + if toBindPort == 0 { + continue + } + if toBindPort <= 1024 { + toBindPorts[10000+int(toBindPort)] = int(toBindPort) } else { - toBindPorts[int(port.Port)] = int(port.Port) + toBindPorts[int(toBindPort)] = int(toBindPort) } } } From 875eee96d33aa859f719d478d0d48fa9beb6c504 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 27 Feb 2024 22:43:39 +0000 Subject: [PATCH 02/22] Fix NodeHosts on dual-stack clusters * Add both dual-stack addresses to the node hosts file * Add hostname to hosts file as alias for node name to ensure consistent resolution Signed-off-by: Brad Davidson (cherry picked from commit be569f65a9352366037ea93c93b3ded52555b8d1) Signed-off-by: Brad Davidson --- pkg/agent/run.go | 14 +++++- pkg/node/controller.go | 104 ++++++++++++++++++++++++++++++----------- 2 files changed, 90 insertions(+), 28 deletions(-) diff --git a/pkg/agent/run.go b/pkg/agent/run.go index e8b446958f19..742913b7ab85 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -426,7 +426,7 @@ func updateLegacyAddressLabels(agentConfig *daemonconfig.Agent, nodeLabels map[s if ls.Has(cp.InternalIPKey) || ls.Has(cp.HostnameKey) { result := map[string]string{ cp.InternalIPKey: agentConfig.NodeIP, - cp.HostnameKey: agentConfig.NodeName, + cp.HostnameKey: getHostname(agentConfig), } if agentConfig.NodeExternalIP != "" { @@ -444,7 +444,7 @@ func updateAddressAnnotations(nodeConfig *daemonconfig.Node, nodeAnnotations map agentConfig := &nodeConfig.AgentConfig result := map[string]string{ cp.InternalIPKey: util.JoinIPs(agentConfig.NodeIPs), - cp.HostnameKey: agentConfig.NodeName, + cp.HostnameKey: getHostname(agentConfig), } if agentConfig.NodeExternalIP != "" { @@ -539,3 +539,13 @@ func tunnelSetup(ctx context.Context, nodeConfig *daemonconfig.Node, cfg cmds.Ag } return tunnel.Setup(ctx, nodeConfig, proxy) } + +// getHostname returns the actual system hostname. +// If the hostname cannot be determined, or is invalid, the node name is used. +func getHostname(agentConfig *daemonconfig.Agent) string { + hostname, err := os.Hostname() + if err != nil || hostname == "" || strings.Contains(hostname, "localhost") { + return agentConfig.NodeName + } + return hostname +} diff --git a/pkg/node/controller.go b/pkg/node/controller.go index c52203279838..66a8ee31def3 100644 --- a/pkg/node/controller.go +++ b/pkg/node/controller.go @@ -1,7 +1,10 @@ package node import ( + "bytes" "context" + "net" + "sort" "strings" "github.com/k3s-io/k3s/pkg/nodepassword" @@ -9,6 +12,7 @@ import ( coreclient "github.com/rancher/wrangler/pkg/generated/controllers/core/v1" "github.com/sirupsen/logrus" core "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -48,14 +52,22 @@ func (h *handler) onRemove(key string, node *core.Node) (*core.Node, error) { func (h *handler) updateHosts(node *core.Node, removed bool) (*core.Node, error) { var ( - nodeName string - nodeAddress string + nodeName string + hostName string + nodeIPv4 string + nodeIPv6 string ) nodeName = node.Name for _, address := range node.Status.Addresses { - if address.Type == "InternalIP" { - nodeAddress = address.Address - break + switch address.Type { + case v1.NodeInternalIP: + if strings.Contains(address.Address, ":") { + nodeIPv6 = address.Address + } else { + nodeIPv4 = address.Address + } + case v1.NodeHostName: + hostName = address.Address } } if removed { @@ -64,57 +76,97 @@ func (h *handler) updateHosts(node *core.Node, removed bool) (*core.Node, error) } } if h.modCoreDNS { - if err := h.updateCoreDNSConfigMap(nodeName, nodeAddress, removed); err != nil { + if err := h.updateCoreDNSConfigMap(nodeName, hostName, nodeIPv4, nodeIPv6, removed); err != nil { return nil, err } } return nil, nil } -func (h *handler) updateCoreDNSConfigMap(nodeName, nodeAddress string, removed bool) error { - if nodeAddress == "" && !removed { - logrus.Errorf("No InternalIP found for node " + nodeName) +func (h *handler) updateCoreDNSConfigMap(nodeName, hostName, nodeIPv4, nodeIPv6 string, removed bool) error { + if removed { + nodeIPv4 = "" + nodeIPv6 = "" + } else if nodeIPv4 == "" && nodeIPv6 == "" { + logrus.Errorf("No InternalIP addresses found for node " + nodeName) return nil } + nodeNames := nodeName + if hostName != nodeName { + nodeNames += " " + hostName + } + configMap, err := h.configMaps.Get("kube-system", "coredns", metav1.GetOptions{}) if err != nil || configMap == nil { logrus.Warn(errors.Wrap(err, "Unable to fetch coredns config map")) return nil } - hosts := configMap.Data["NodeHosts"] - hostsMap := map[string]string{} + addressMap := map[string]string{} - for _, line := range strings.Split(hosts, "\n") { + // extract current entries from hosts file, skipping any entries that are + // empty, unparsable, or hold an incorrect address for the current node. + for _, line := range strings.Split(configMap.Data["NodeHosts"], "\n") { + line, _, _ = strings.Cut(line, "#") if line == "" { continue } fields := strings.Fields(line) - if len(fields) != 2 { + if len(fields) < 2 { logrus.Warnf("Unknown format for hosts line [%s]", line) continue } ip := fields[0] - host := fields[1] - if host == nodeName { - if removed { - continue - } - if ip == nodeAddress { - return nil + if fields[1] == nodeName { + if strings.Contains(ip, ":") { + if ip != nodeIPv6 { + continue + } + } else { + if ip != nodeIPv4 { + continue + } } } - hostsMap[host] = ip + names := strings.Join(fields[1:], " ") + addressMap[ip] = names + } + + // determine what names we should have for each address family + var namesv6, namesv4 string + if nodeIPv4 != "" { + namesv4 = nodeNames + } + if nodeIPv6 != "" { + namesv6 = nodeNames + } + + // don't need to do anything if the addresses are in sync + if !removed && addressMap[nodeIPv4] == namesv4 && addressMap[nodeIPv6] == namesv6 { + return nil + } + + // Something's out of sync, set the desired entries + if nodeIPv4 != "" { + addressMap[nodeIPv4] = namesv4 + } + if nodeIPv6 != "" { + addressMap[nodeIPv6] = namesv6 } - if !removed { - hostsMap[nodeName] = nodeAddress + // sort addresses by IP + addresses := make([]string, 0, len(addressMap)) + for ip := range addressMap { + addresses = append(addresses, ip) } + sort.Slice(addresses, func(i, j int) bool { + return bytes.Compare(net.ParseIP(addresses[i]), net.ParseIP(addresses[j])) < 0 + }) var newHosts string - for host, ip := range hostsMap { - newHosts += ip + " " + host + "\n" + for _, ip := range addresses { + newHosts += ip + " " + addressMap[ip] + "\n" } if configMap.Data == nil { @@ -132,7 +184,7 @@ func (h *handler) updateCoreDNSConfigMap(nodeName, nodeAddress string, removed b } else { actionType = "Updated" } - logrus.Infof("%s coredns node hosts entry [%s]", actionType, nodeAddress+" "+nodeName) + logrus.Infof("%s coredns NodeHosts entry for %s", actionType, nodeName) return nil } From ce5883cc810f1a2a76d1c811cecc64a8094620b6 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 27 Feb 2024 01:17:23 +0000 Subject: [PATCH 03/22] Tweak netpol node wait logs Signed-off-by: Brad Davidson (cherry picked from commit 513c3416e79a3beb4dc2789574f8a9e8ae4dbe48) Signed-off-by: Brad Davidson --- pkg/agent/netpol/netpol.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/agent/netpol/netpol.go b/pkg/agent/netpol/netpol.go index 88ef81c316af..a8bb760bcfc1 100644 --- a/pkg/agent/netpol/netpol.go +++ b/pkg/agent/netpol/netpol.go @@ -74,19 +74,20 @@ func Run(ctx context.Context, nodeConfig *config.Node) error { // Get the node object node, err := client.CoreV1().Nodes().Get(ctx, nodeConfig.AgentConfig.NodeName, metav1.GetOptions{}) if err != nil { - logrus.Errorf("Error getting the node object: %v", err) + logrus.Debugf("Network policy controller waiting to get Node %s: %v", nodeConfig.AgentConfig.NodeName, err) return false, nil } // Check for the uninitialized taint that should be removed by cloud-provider // If there is no cloud-provider, the taint will not be there for _, taint := range node.Spec.Taints { if taint.Key == cloudproviderapi.TaintExternalCloudProvider { + logrus.Debugf("Network policy controller waiting for removal of %s taint", cloudproviderapi.TaintExternalCloudProvider) return false, nil } } return true, nil }); err != nil { - return err + return errors.Wrapf(err, "network policy controller timed out waiting for %s taint to be removed from Node %s", cloudproviderapi.TaintExternalCloudProvider, nodeConfig.AgentConfig.NodeName) } krConfig := options.NewKubeRouterConfig() From 1a568edc90369c0abe3242315183c2ee2a254727 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 16 Feb 2024 18:13:33 +0000 Subject: [PATCH 04/22] Fix issue with etcd node name missing hostname * Set ServerNodeName in snapshot CLI setup * Raise errer if ServerNodeName ends up empty some other way * Fix status controller to use etcd node name annotation instead of prefix checking Signed-off-by: Brad Davidson (cherry picked from commit 82432a2df7fdbe1fa06656b32f1563d3405d4e30) Signed-off-by: Brad Davidson --- pkg/cli/etcdsnapshot/etcd_snapshot.go | 3 ++- pkg/etcd/etcd.go | 5 ++++- pkg/etcd/etcd_test.go | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/cli/etcdsnapshot/etcd_snapshot.go b/pkg/cli/etcdsnapshot/etcd_snapshot.go index 495e471a2e90..dc6919453f1c 100644 --- a/pkg/cli/etcdsnapshot/etcd_snapshot.go +++ b/pkg/cli/etcdsnapshot/etcd_snapshot.go @@ -80,10 +80,11 @@ func commandSetup(app *cli.Context, cfg *cmds.Server, config *server.Config) (*e // command uses the same endpoint selection logic as it does when starting up the full server. Specifically, // we need to set an IPv6 service CIDR on IPv6-only or IPv6-first nodes, as the etcd default endpoints check // the service CIDR primary addresss family to determine what loopback address to use. - _, nodeIPs, err := util.GetHostnameAndIPs(cmds.AgentConfig.NodeName, cmds.AgentConfig.NodeIP) + nodeName, nodeIPs, err := util.GetHostnameAndIPs(cmds.AgentConfig.NodeName, cmds.AgentConfig.NodeIP) if err != nil { return nil, err } + config.ControlConfig.ServerNodeName = nodeName // configure ClusterIPRanges. Use default 10.42.0.0/16 or fd00:42::/56 if user did not set it _, defaultClusterCIDR, defaultServiceCIDR, _ := util.GetDefaultAddresses(nodeIPs[0]) diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index d9d7356442b3..6a4801dff155 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -623,6 +623,9 @@ func (e *ETCD) setName(force bool) error { fileName := nameFile(e.config) data, err := os.ReadFile(fileName) if os.IsNotExist(err) || force { + if e.config.ServerNodeName == "" { + return errors.New("server node name not set") + } e.name = e.config.ServerNodeName + "-" + uuid.New().String()[:8] if err := os.MkdirAll(filepath.Dir(fileName), 0700); err != nil { return err @@ -1106,7 +1109,7 @@ func (e *ETCD) manageLearners(ctx context.Context) { var node *v1.Node for _, n := range nodes { - if strings.HasPrefix(member.Name, n.Name+"-") { + if member.Name == n.Annotations[NodeNameAnnotation] { node = n nodeIsMember[n.Name] = true break diff --git a/pkg/etcd/etcd_test.go b/pkg/etcd/etcd_test.go index f7d6e2da48af..a28dee46e113 100644 --- a/pkg/etcd/etcd_test.go +++ b/pkg/etcd/etcd_test.go @@ -27,6 +27,7 @@ func mustGetAddress() string { } func generateTestConfig() *config.Control { + hostname, _ := os.Hostname() containerRuntimeReady := make(chan struct{}) close(containerRuntimeReady) criticalControlArgs := config.CriticalControlArgs{ @@ -37,6 +38,7 @@ func generateTestConfig() *config.Control { ServiceIPRange: testutil.ServiceIPNet(), } return &config.Control{ + ServerNodeName: hostname, Runtime: config.NewRuntime(containerRuntimeReady), HTTPSPort: 6443, SupervisorPort: 6443, From 3004d39c9242d1a8b76237a395794705850466c5 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 29 Feb 2024 01:13:37 +0000 Subject: [PATCH 05/22] Bump helm-controller/klipper-helm versions Signed-off-by: Brad Davidson (cherry picked from commit 109e3e454c31526eeca4041024d055423f776f12) Signed-off-by: Brad Davidson --- go.mod | 2 +- go.sum | 4 ++-- scripts/airgap/image-list.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6e8069b00078..200470cbf0cd 100644 --- a/go.mod +++ b/go.mod @@ -120,7 +120,7 @@ require ( github.com/ipfs/go-ds-leveldb v0.5.0 github.com/ipfs/go-log/v2 v2.5.1 github.com/json-iterator/go v1.1.12 - github.com/k3s-io/helm-controller v0.15.8 + github.com/k3s-io/helm-controller v0.15.9 github.com/k3s-io/kine v0.11.4 github.com/klauspost/compress v1.17.2 github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 diff --git a/go.sum b/go.sum index 5a0a1bd7fe33..f6c5ad6db5df 100644 --- a/go.sum +++ b/go.sum @@ -819,8 +819,8 @@ github.com/k3s-io/etcd/raft/v3 v3.5.9-k3s1 h1:nlix2+EM1UDofoHgp/X2VHzMvJW7oYbZbE github.com/k3s-io/etcd/raft/v3 v3.5.9-k3s1/go.mod h1:WnFkqzFdZua4LVlVXQEGhmooLeyS7mqzS4Pf4BCVqXg= github.com/k3s-io/etcd/server/v3 v3.5.9-k3s1 h1:B3039IkTPnwQEt4tIMjC6yd6b1Q3Z9ZZe8rfaBPfbXo= github.com/k3s-io/etcd/server/v3 v3.5.9-k3s1/go.mod h1:GgI1fQClQCFIzuVjlvdbMxNbnISt90gdfYyqiAIt65g= -github.com/k3s-io/helm-controller v0.15.8 h1:CAMEPmiqf4ugUCpZdICGINthCn+hkG/l1fadn8aVjfQ= -github.com/k3s-io/helm-controller v0.15.8/go.mod h1:AYitg40howLjKloL/zdjDDOPL1jg/K5R4af0tQcyPR8= +github.com/k3s-io/helm-controller v0.15.9 h1:eBZq0KkZCDyWh4og+tyI43Nt9T5TNjc7QCFhAt1aR64= +github.com/k3s-io/helm-controller v0.15.9/go.mod h1:AYitg40howLjKloL/zdjDDOPL1jg/K5R4af0tQcyPR8= github.com/k3s-io/kine v0.11.4 h1:ZIXQT4vPPKNL9DwLF4dQ11tWtpJ1C/7OKNIpFmTkImo= github.com/k3s-io/kine v0.11.4/go.mod h1:NmwOWsWgB3aScq5+LEYytAaceqkG7lmCLLjjrWug8v4= github.com/k3s-io/klog v1.0.0-k3s2 h1:yyvD2bQbxG7m85/pvNctLX2bUDmva5kOBvuZ77tTGBA= diff --git a/scripts/airgap/image-list.txt b/scripts/airgap/image-list.txt index bfb6845fa552..24bb9ae046c4 100644 --- a/scripts/airgap/image-list.txt +++ b/scripts/airgap/image-list.txt @@ -1,4 +1,4 @@ -docker.io/rancher/klipper-helm:v0.8.2-build20230815 +docker.io/rancher/klipper-helm:v0.8.3-build20240228 docker.io/rancher/klipper-lb:v0.4.7 docker.io/rancher/local-path-provisioner:v0.0.26 docker.io/rancher/mirrored-coredns-coredns:1.10.1 From 73aa7f2638cc70e9ebf229229e865ce55f91a218 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 2 Feb 2024 02:51:13 +0000 Subject: [PATCH 06/22] Fix additional corner cases in registries handling Signed-off-by: Brad Davidson (cherry picked from commit b164d7a2705056508e466c24624410a9ff56a87e) Signed-off-by: Brad Davidson --- pkg/agent/containerd/config.go | 167 +++++--- pkg/agent/containerd/config_test.go | 625 +++++++++++++++++++--------- pkg/agent/templates/templates.go | 31 +- 3 files changed, 560 insertions(+), 263 deletions(-) diff --git a/pkg/agent/containerd/config.go b/pkg/agent/containerd/config.go index ac2c5254eed1..760b5d5a28b7 100644 --- a/pkg/agent/containerd/config.go +++ b/pkg/agent/containerd/config.go @@ -1,6 +1,7 @@ package containerd import ( + "fmt" "net" "net/url" "os" @@ -70,65 +71,60 @@ func writeContainerdHosts(cfg *config.Node, containerdConfig templates.Container func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirrorAddr string) HostConfigs { hosts := map[string]templates.HostConfig{} + // create config for default endpoints + for host, config := range registry.Configs { + if c, err := defaultHostConfig(host, mirrorAddr, config); err != nil { + logrus.Errorf("Failed to generate config for registry %s: %v", host, err) + } else { + if host == "*" { + host = "_default" + } + hosts[host] = *c + } + } + // create endpoints for mirrors for host, mirror := range registry.Mirrors { - config := templates.HostConfig{ - Program: version.Program, - } - if uri, _, err := normalizeEndpointAddress(host, mirrorAddr); err == nil { - config.DefaultEndpoint = uri.String() + // create the default config, if it wasn't explicitly mentioned in the config section + config, ok := hosts[host] + if !ok { + if c, err := defaultHostConfig(host, mirrorAddr, configForHost(registry.Configs, host)); err != nil { + logrus.Errorf("Failed to generate config for registry %s: %v", host, err) + continue + } else { + if host == "*" || noDefaultEndpoint { + c.Default = nil + } + config = *c + } } // TODO: rewrites are currently copied from the mirror settings into each endpoint. // In the future, we should allow for per-endpoint rewrites, instead of expecting // all mirrors to have the same structure. This will require changes to the registries.yaml // structure, which is defined in rancher/wharfie. - for _, endpoint := range mirror.Endpoints { - uri, override, err := normalizeEndpointAddress(endpoint, mirrorAddr) + for i, endpoint := range mirror.Endpoints { + registryName, url, override, err := normalizeEndpointAddress(endpoint, mirrorAddr) if err != nil { - logrus.Warnf("Ignoring invalid endpoint URL %s for %s: %v", endpoint, host, err) + logrus.Warnf("Ignoring invalid endpoint URL %d=%s for %s: %v", i, endpoint, host, err) } else { var rewrites map[string]string // Do not apply rewrites to the embedded registry endpoint - if uri.Host != mirrorAddr { + if url.Host != mirrorAddr { rewrites = mirror.Rewrites } - config.Endpoints = append(config.Endpoints, templates.RegistryEndpoint{ - Config: registry.Configs[uri.Host], + ep := templates.RegistryEndpoint{ + Config: configForHost(registry.Configs, registryName), Rewrites: rewrites, OverridePath: override, - URI: uri.String(), - }) - } - } - - if host == "*" { - host = "_default" - } - hosts[host] = config - } - - // create endpoints for registries using default endpoints - for host, registry := range registry.Configs { - config, ok := hosts[host] - if !ok { - config = templates.HostConfig{ - Program: version.Program, - } - if uri, _, err := normalizeEndpointAddress(host, mirrorAddr); err == nil { - config.DefaultEndpoint = uri.String() - } - } - // If there is config for this host but no endpoints, inject the config for the default endpoint. - if len(config.Endpoints) == 0 { - uri, _, err := normalizeEndpointAddress(host, mirrorAddr) - if err != nil { - logrus.Warnf("Ignoring invalid endpoint URL %s for %s: %v", host, host, err) - } else { - config.Endpoints = append(config.Endpoints, templates.RegistryEndpoint{ - Config: registry, - URI: uri.String(), - }) + URL: url, + } + if i+1 == len(mirror.Endpoints) && endpointURLEqual(config.Default, &ep) { + // if the last endpoint is the default endpoint, move it there + config.Default = &ep + } else { + config.Endpoints = append(config.Endpoints, ep) + } } } @@ -140,25 +136,8 @@ func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirro // Clean up hosts and default endpoints where resulting config leaves only defaults for host, config := range hosts { - // if default endpoint is disabled, or this is the wildcard host, delete the default endpoint - if noDefaultEndpoint || host == "_default" { - config.DefaultEndpoint = "" - hosts[host] = config - } - if l := len(config.Endpoints); l > 0 { - if ep := config.Endpoints[l-1]; ep.URI == config.DefaultEndpoint { - // if the last endpoint is the default endpoint - if ep.Config.Auth == nil && ep.Config.TLS == nil && len(ep.Rewrites) == 0 { - // if has no config, delete this host to use the default config - delete(hosts, host) - } else { - // if it has config, delete the default endpoint - config.DefaultEndpoint = "" - hosts[host] = config - } - } - } else { - // if this host has no endpoints, delete this host to use the default config + // if this host has no endpoints and the default has no config, delete this host + if len(config.Endpoints) == 0 && !endpointHasConfig(config.Default) { delete(hosts, host) } } @@ -167,18 +146,18 @@ func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirro } // normalizeEndpointAddress normalizes the endpoint address. -// If successful, it returns the URL, and a bool indicating if the endpoint path should be overridden. +// If successful, it returns the registry name, URL, and a bool indicating if the endpoint path should be overridden. // If unsuccessful, an error is returned. // Scheme and hostname logic should match containerd: // https://github.com/containerd/containerd/blob/v1.7.13/remotes/docker/config/hosts.go#L99-L131 -func normalizeEndpointAddress(endpoint, mirrorAddr string) (*url.URL, bool, error) { +func normalizeEndpointAddress(endpoint, mirrorAddr string) (string, *url.URL, bool, error) { // Ensure that the endpoint address has a scheme so that the URL is parsed properly if !strings.Contains(endpoint, "://") { endpoint = "//" + endpoint } endpointURL, err := url.Parse(endpoint) if err != nil { - return nil, false, err + return "", nil, false, err } port := endpointURL.Port() @@ -191,14 +170,66 @@ func normalizeEndpointAddress(endpoint, mirrorAddr string) (*url.URL, bool, erro endpointURL.Scheme = "https" } } - endpointURL.Host, _ = docker.DefaultHost(endpointURL.Host) + registry := endpointURL.Host + endpointURL.Host, _ = docker.DefaultHost(registry) + // This is the reverse of the DefaultHost normalization + if endpointURL.Host == "registry-1.docker.io" { + registry = "docker.io" + } switch endpointURL.Path { case "", "/", "/v2": // If the path is empty, /, or /v2, use the default path. endpointURL.Path = "/v2" - return endpointURL, false, nil + return registry, endpointURL, false, nil + } + + return registry, endpointURL, true, nil +} + +func defaultHostConfig(host, mirrorAddr string, config registries.RegistryConfig) (*templates.HostConfig, error) { + _, url, _, err := normalizeEndpointAddress(host, mirrorAddr) + if err != nil { + return nil, fmt.Errorf("invalid endpoint URL %s for %s: %v", host, host, err) } + if host == "*" { + url = nil + } + return &templates.HostConfig{ + Program: version.Program, + Default: &templates.RegistryEndpoint{ + URL: url, + Config: config, + }, + }, nil +} - return endpointURL, true, nil +func configForHost(configs map[string]registries.RegistryConfig, host string) registries.RegistryConfig { + // check for config under modified hostname. If the hostname is unmodified, or there is no config for + // the modified hostname, return the config for the default hostname. + if h, _ := docker.DefaultHost(host); h != host { + if c, ok := configs[h]; ok { + return c + } + } + return configs[host] +} + +// endpointURLEqual compares endpoint URL strings +func endpointURLEqual(a, b *templates.RegistryEndpoint) bool { + var au, bu string + if a != nil && a.URL != nil { + au = a.URL.String() + } + if b != nil && b.URL != nil { + bu = b.URL.String() + } + return au == bu +} + +func endpointHasConfig(ep *templates.RegistryEndpoint) bool { + if ep != nil { + return ep.OverridePath || ep.Config.Auth != nil || ep.Config.TLS != nil || len(ep.Rewrites) > 0 + } + return false } diff --git a/pkg/agent/containerd/config_test.go b/pkg/agent/containerd/config_test.go index 428215343575..dc7b55f160ca 100644 --- a/pkg/agent/containerd/config_test.go +++ b/pkg/agent/containerd/config_test.go @@ -2,6 +2,7 @@ package containerd import ( "net" + "net/url" "os" "path/filepath" "strings" @@ -11,9 +12,22 @@ import ( "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/spegel" "github.com/rancher/wharfie/pkg/registries" + "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" ) +func init() { + logrus.SetLevel(logrus.DebugLevel) +} + +func u(s string) *url.URL { + u, err := url.Parse(s) + if err != nil { + panic(err) + } + return u +} + func Test_UnitGetHostConfigs(t *testing.T) { type args struct { registryContent string @@ -39,6 +53,18 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{}, }, + { + name: "registry with default endpoint explicitly listed", + args: args{ + registryContent: ` + mirrors: + docker.io: + endpoint: + - docker.io + `, + }, + want: HostConfigs{}, + }, { name: "registry with default endpoint - embedded registry", args: args{ @@ -50,11 +76,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:6443/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ CAFile: "server-ca", @@ -67,15 +95,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "127.0.0.1:6443": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://127.0.0.1:6443/v2", - Config: registries.RegistryConfig{ - TLS: ®istries.TLSConfig{ - CAFile: "server-ca", - KeyFile: "client-key", - CertFile: "client-cert", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", }, }, }, @@ -98,20 +124,49 @@ func Test_UnitGetHostConfigs(t *testing.T) { want: HostConfigs{ "docker.io": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry-1.docker.io/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", + }, + }, + }, + }, + }, + }, + { + name: "registry with default endpoint explicitly listed and creds", + args: args{ + registryContent: ` + mirrors: + docker.io: + endpoint: + - docker.io + configs: + docker.io: + auth: + username: user + password: pass + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, }, }, }, + { name: "registry with only creds", args: args{ @@ -126,14 +181,12 @@ func Test_UnitGetHostConfigs(t *testing.T) { want: HostConfigs{ "docker.io": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry-1.docker.io/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, @@ -166,14 +219,12 @@ func Test_UnitGetHostConfigs(t *testing.T) { want: HostConfigs{ "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, @@ -194,14 +245,12 @@ func Test_UnitGetHostConfigs(t *testing.T) { want: HostConfigs{ "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, @@ -220,12 +269,14 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/prefix/v2", + URL: u("https://registry.example.com/prefix/v2"), }, }, }, @@ -243,12 +294,14 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/prefix/v2", + URL: u("https://registry.example.com/prefix/v2"), }, }, }, @@ -266,11 +319,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, @@ -288,11 +343,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, @@ -310,11 +367,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, @@ -332,11 +391,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, @@ -354,11 +415,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com:443/v2", + URL: u("https://registry.example.com:443/v2"), }, }, }, @@ -376,11 +439,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://1.2.3.4/v2", + URL: u("https://1.2.3.4/v2"), }, }, }, @@ -398,11 +463,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://1.2.3.4:443/v2", + URL: u("https://1.2.3.4:443/v2"), }, }, }, @@ -420,11 +487,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "http://localhost:5000/v2", + URL: u("http://localhost:5000/v2"), }, }, }, @@ -442,11 +511,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://localhost:5000/v2", + URL: u("https://localhost:5000/v2"), }, }, }, @@ -464,11 +535,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "http://127.0.0.1:5000/v2", + URL: u("http://127.0.0.1:5000/v2"), }, }, }, @@ -486,11 +559,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:5000/v2", + URL: u("https://127.0.0.1:5000/v2"), }, }, }, @@ -513,11 +588,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -529,14 +606,12 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, @@ -563,12 +638,14 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/prefix/v2", + URL: u("https://registry.example.com/prefix/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -579,12 +656,20 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, "registry.example.com": templates.HostConfig{ - DefaultEndpoint: "https://registry.example.com/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", + }, + }, + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/prefix/v2", + URL: u("https://registry.example.com/prefix/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -616,12 +701,14 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/project/registry", + URL: u("https://registry.example.com/project/registry"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -632,12 +719,20 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, "registry.example.com": templates.HostConfig{ - DefaultEndpoint: "https://registry.example.com/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", + }, + }, + }, Endpoints: []templates.RegistryEndpoint{ { OverridePath: true, - URI: "https://registry.example.com/project/registry", + URL: u("https://registry.example.com/project/registry"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -670,7 +765,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { Program: "k3s", Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -682,14 +777,12 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, @@ -714,11 +807,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:6443/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ CAFile: "server-ca", @@ -728,7 +823,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -740,29 +835,25 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, }, "127.0.0.1:6443": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://127.0.0.1:6443/v2", - Config: registries.RegistryConfig{ - TLS: ®istries.TLSConfig{ - CAFile: "server-ca", - KeyFile: "client-key", - CertFile: "client-cert", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", }, }, }, @@ -789,11 +880,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "docker.io": templates.HostConfig{ - DefaultEndpoint: "https://registry-1.docker.io/v2", - Program: "k3s", + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:6443/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ CAFile: "server-ca", @@ -803,7 +896,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -818,29 +911,25 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "registry.example.com": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://registry.example.com/v2", - Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", }, }, }, }, "127.0.0.1:6443": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://127.0.0.1:6443/v2", - Config: registries.RegistryConfig{ - TLS: ®istries.TLSConfig{ - CAFile: "server-ca", - KeyFile: "client-key", - CertFile: "client-cert", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", }, }, }, @@ -869,7 +958,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { Program: "k3s", Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:6443/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ CAFile: "server-ca", @@ -879,7 +968,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), Config: registries.RegistryConfig{ Auth: ®istries.AuthConfig{ Username: "user", @@ -891,23 +980,104 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, "registry.example.com": templates.HostConfig{ Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry.example.com/v2"), + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", + }, + }, + }, + }, + "127.0.0.1:6443": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", + }, + }, + }, + }, + }, + }, + { + name: "registry with mirror endpoint - embedded registry, default endpoint explicitly listed", + args: args{ + mirrorAddr: "127.0.0.1:6443", + registryContent: ` + mirrors: + docker.io: + endpoint: + - registry.example.com + - registry.example.org + - docker.io + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ - Auth: ®istries.AuthConfig{ - Username: "user", - Password: "pass", + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", }, }, }, + { + URL: u("https://registry.example.com/v2"), + }, + { + URL: u("https://registry.example.org/v2"), + }, }, }, "127.0.0.1:6443": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", + }, + }, + }, + }, + }, + }, + { + name: "registry with mirror endpoint - embedded registry and no default endpoint, default endpoint explicitly listed", + args: args{ + mirrorAddr: "127.0.0.1:6443", + noDefaultEndpoint: true, + registryContent: ` + mirrors: + docker.io: + endpoint: + - registry.example.com + - registry.example.org + - docker.io + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ Program: "k3s", Endpoints: []templates.RegistryEndpoint{ { - URI: "https://127.0.0.1:6443/v2", + URL: u("https://127.0.0.1:6443/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ CAFile: "server-ca", @@ -916,6 +1086,28 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, }, + { + URL: u("https://registry.example.com/v2"), + }, + { + URL: u("https://registry.example.org/v2"), + }, + { + URL: u("https://registry-1.docker.io/v2"), + }, + }, + }, + "127.0.0.1:6443": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", + }, + }, }, }, }, @@ -935,7 +1127,7 @@ func Test_UnitGetHostConfigs(t *testing.T) { Program: "k3s", Endpoints: []templates.RegistryEndpoint{ { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, @@ -959,21 +1151,49 @@ func Test_UnitGetHostConfigs(t *testing.T) { // note that the embedded registry mirror is NOT listed as an endpoint. // individual registries must be enabled for mirroring by name. { - URI: "https://registry.example.com/v2", + URL: u("https://registry.example.com/v2"), }, }, }, "127.0.0.1:6443": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://127.0.0.1:6443/v2", - Config: registries.RegistryConfig{ - TLS: ®istries.TLSConfig{ - CAFile: "server-ca", - KeyFile: "client-key", - CertFile: "client-cert", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", + }, + }, + }, + }, + }, + }, + { + name: "wildcard config", + args: args{ + registryContent: ` + configs: + "*": + auth: + username: user + password: pass + tls: + insecure_skip_verify: true + `, + }, + want: HostConfigs{ + "_default": { + Program: "k3s", + Default: &templates.RegistryEndpoint{ + Config: registries.RegistryConfig{ + Auth: ®istries.AuthConfig{ + Username: "user", + Password: "pass", + }, + TLS: ®istries.TLSConfig{ + InsecureSkipVerify: true, }, }, }, @@ -1033,15 +1253,13 @@ func Test_UnitGetHostConfigs(t *testing.T) { // localhost registries are not handled by the embedded registry mirror. "127.0.0.1:6443": templates.HostConfig{ Program: "k3s", - Endpoints: []templates.RegistryEndpoint{ - { - URI: "https://127.0.0.1:6443/v2", - Config: registries.RegistryConfig{ - TLS: ®istries.TLSConfig{ - CAFile: "server-ca", - KeyFile: "client-key", - CertFile: "client-cert", - }, + Default: &templates.RegistryEndpoint{ + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", }, }, }, @@ -1064,11 +1282,18 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, want: HostConfigs{ "localhost:5000": templates.HostConfig{ - DefaultEndpoint: "http://localhost:5000/v2", - Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("http://localhost:5000/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + InsecureSkipVerify: true, + }, + }, + }, + Program: "k3s", Endpoints: []templates.RegistryEndpoint{ { - URI: "https://localhost:5000/v2", + URL: u("https://localhost:5000/v2"), Config: registries.RegistryConfig{ TLS: ®istries.TLSConfig{ InsecureSkipVerify: true, @@ -1085,8 +1310,10 @@ func Test_UnitGetHostConfigs(t *testing.T) { t.Run(tt.name, func(t *testing.T) { // replace tabs from the inline yaml with spaces; yaml doesn't support tabs for indentation. tt.args.registryContent = strings.ReplaceAll(tt.args.registryContent, "\t", " ") - registriesFile := filepath.Join(t.TempDir(), "registries.yaml") + tempDir := t.TempDir() + registriesFile := filepath.Join(tempDir, "registries.yaml") os.WriteFile(registriesFile, []byte(tt.args.registryContent), 0644) + t.Logf("%s:\n%s", registriesFile, tt.args.registryContent) registry, err := registries.GetPrivateRegistries(registriesFile) if err != nil { @@ -1103,8 +1330,30 @@ func Test_UnitGetHostConfigs(t *testing.T) { conf.InjectMirror(&config.Node{AgentConfig: config.Agent{Registry: registry.Registry}}) } + // Generate config template struct for all hosts got := getHostConfigs(registry.Registry, tt.args.noDefaultEndpoint, tt.args.mirrorAddr) assert.Equal(t, tt.want, got, "getHostConfigs()") + + // Confirm that hosts.toml renders properly for all registries + for host, config := range got { + hostsTemplate, err := templates.ParseHostsTemplateFromConfig(templates.HostsTomlTemplate, config) + assert.NoError(t, err, "ParseHostTemplateFromConfig for %s", host) + t.Logf("%s/hosts.d/%s/hosts.toml\n%s", tempDir, host, hostsTemplate) + } + + // Confirm that the main containerd config.toml renders properly + containerdConfig := templates.ContainerdConfig{ + NodeConfig: &config.Node{ + Containerd: config.Containerd{ + Registry: tempDir + "/hosts.d", + }, + }, + PrivateRegistryConfig: registry.Registry, + Program: "k3s", + } + configTemplate, err := templates.ParseTemplateFromConfig(templates.ContainerdConfigTemplate, containerdConfig) + assert.NoError(t, err, "ParseTemplateFromConfig") + t.Logf("%s/config.toml\n%s", tempDir, configTemplate) }) } } diff --git a/pkg/agent/templates/templates.go b/pkg/agent/templates/templates.go index de273f26c144..82eb1ab4acf0 100644 --- a/pkg/agent/templates/templates.go +++ b/pkg/agent/templates/templates.go @@ -2,6 +2,7 @@ package templates import ( "bytes" + "net/url" "text/template" "github.com/rancher/wharfie/pkg/registries" @@ -28,24 +29,40 @@ type ContainerdConfig struct { type RegistryEndpoint struct { OverridePath bool - URI string + URL *url.URL Rewrites map[string]string Config registries.RegistryConfig } type HostConfig struct { - DefaultEndpoint string - Program string - Endpoints []RegistryEndpoint + Default *RegistryEndpoint + Program string + Endpoints []RegistryEndpoint } const HostsTomlTemplate = ` {{- /* */ -}} # File generated by {{ .Program }}. DO NOT EDIT. -{{ if .DefaultEndpoint }}server = "{{ .DefaultEndpoint }}"{{ end }} +{{ with $e := .Default }} +{{- if $e.URL }} +server = "{{ $e.URL }}" +capabilities = ["pull", "resolve", "push"] +{{ end }} +{{- if $e.Config.TLS }} +{{- if $e.Config.TLS.CAFile }} +ca = [{{ printf "%q" $e.Config.TLS.CAFile }}] +{{- end }} +{{- if or $e.Config.TLS.CertFile $e.Config.TLS.KeyFile }} +client = [[{{ printf "%q" $e.Config.TLS.CertFile }}, {{ printf "%q" $e.Config.TLS.KeyFile }}]] +{{- end }} +{{- if $e.Config.TLS.InsecureSkipVerify }} +skip_verify = true +{{- end }} +{{ end }} +{{ end }} {{ range $e := .Endpoints -}} -[host."{{ $e.URI }}"] +[host."{{ $e.URL }}"] capabilities = ["pull", "resolve"] {{- if $e.OverridePath }} override_path = true @@ -62,7 +79,7 @@ const HostsTomlTemplate = ` {{- end }} {{ end }} {{- if $e.Rewrites }} - [host."{{ $e.URI }}".rewrite] + [host."{{ $e.URL }}".rewrite] {{- range $pattern, $replace := $e.Rewrites }} "{{ $pattern }}" = "{{ $replace }}" {{- end }} From 1a7297c95bd73e428d3129b494e5bd70a1b7a2d1 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 15 Feb 2024 22:24:15 +0000 Subject: [PATCH 07/22] Clean up snapshotDir create/exists logic Signed-off-by: Brad Davidson (cherry picked from commit 3576ed4327f35819065c5221523f8aa188850080) Signed-off-by: Brad Davidson --- pkg/etcd/snapshot.go | 57 +++++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/pkg/etcd/snapshot.go b/pkg/etcd/snapshot.go index d9f5f7689c1e..a481985171dd 100644 --- a/pkg/etcd/snapshot.go +++ b/pkg/etcd/snapshot.go @@ -74,26 +74,38 @@ var ( ) // snapshotDir ensures that the snapshot directory exists, and then returns its path. +// Only the default snapshot directory will be created; user-specified non-default +// snapshot directories must already exist. func snapshotDir(config *config.Control, create bool) (string, error) { - if config.EtcdSnapshotDir == "" { - // we have to create the snapshot dir if we are using - // the default snapshot dir if it doesn't exist - defaultSnapshotDir := filepath.Join(config.DataDir, "db", "snapshots") - s, err := os.Stat(defaultSnapshotDir) - if err != nil { - if create && os.IsNotExist(err) { - if err := os.MkdirAll(defaultSnapshotDir, 0700); err != nil { - return "", err - } - return defaultSnapshotDir, nil + defaultSnapshotDir := filepath.Join(config.DataDir, "db", "snapshots") + snapshotDir := config.EtcdSnapshotDir + + if snapshotDir == "" { + snapshotDir = defaultSnapshotDir + } + + // Disable creation if not using the default snapshot dir. + // Non-default snapshot dirs must be created by the user. + if snapshotDir != defaultSnapshotDir { + create = false + } + + s, err := os.Stat(snapshotDir) + if err != nil { + if os.IsNotExist(err) && create { + if err := os.MkdirAll(snapshotDir, 0700); err != nil { + return "", err } - return "", err - } - if s.IsDir() { - return defaultSnapshotDir, nil + return snapshotDir, nil } + return "", err + } + + if !s.IsDir() { + return "", fmt.Errorf("%s is not a directory", snapshotDir) } - return config.EtcdSnapshotDir, nil + + return snapshotDir, nil } // preSnapshotSetup checks to see if the necessary components are in place @@ -248,12 +260,6 @@ func (e *ETCD) Snapshot(ctx context.Context) error { return errors.Wrap(err, "failed to get etcd-snapshot-dir") } - if info, err := os.Stat(snapshotDir); err != nil { - return errors.Wrapf(err, "failed to stat etcd-snapshot-dir %s", snapshotDir) - } else if !info.IsDir() { - return fmt.Errorf("etcd-snapshot-dir %s is not a directory", snapshotDir) - } - cfg, err := getClientConfig(ctx, e.config) if err != nil { return errors.Wrap(err, "failed to get config for etcd snapshot") @@ -438,7 +444,7 @@ func (e *ETCD) listLocalSnapshots() (map[string]snapshotFile, error) { snapshots := make(map[string]snapshotFile) snapshotDir, err := snapshotDir(e.config, true) if err != nil { - return snapshots, errors.Wrap(err, "failed to get the snapshot dir") + return snapshots, errors.Wrap(err, "failed to get etcd-snapshot-dir") } if err := filepath.Walk(snapshotDir, func(path string, file os.FileInfo, err error) error { @@ -502,8 +508,9 @@ func (e *ETCD) initS3IfNil(ctx context.Context) error { func (e *ETCD) PruneSnapshots(ctx context.Context) error { snapshotDir, err := snapshotDir(e.config, false) if err != nil { - return errors.Wrap(err, "failed to get the snapshot dir") + return errors.Wrap(err, "failed to get etcd-snapshot-dir") } + if err := snapshotRetention(e.config.EtcdSnapshotRetention, e.config.EtcdSnapshotName, snapshotDir); err != nil { logrus.Errorf("Error applying snapshot retention policy: %v", err) } @@ -551,7 +558,7 @@ func (e *ETCD) ListSnapshots(ctx context.Context) (map[string]snapshotFile, erro func (e *ETCD) DeleteSnapshots(ctx context.Context, snapshots []string) error { snapshotDir, err := snapshotDir(e.config, false) if err != nil { - return errors.Wrap(err, "failed to get the snapshot dir") + return errors.Wrap(err, "failed to get etcd-snapshot-dir") } if e.config.EtcdS3 { if err := e.initS3IfNil(ctx); err != nil { From a41fc6a7250dac24f31510681df0329cda1426a3 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 15 Feb 2024 22:36:52 +0000 Subject: [PATCH 08/22] Move snapshot-retention to EtcdSnapshotFlags in order to support loading from config Signed-off-by: Brad Davidson (cherry picked from commit 0b3593205a9654a792dc5554445576585e1aa6db) Signed-off-by: Brad Davidson --- pkg/cli/cmds/etcd_snapshot.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pkg/cli/cmds/etcd_snapshot.go b/pkg/cli/cmds/etcd_snapshot.go index 9f005e0ef747..b0eb26dba822 100644 --- a/pkg/cli/cmds/etcd_snapshot.go +++ b/pkg/cli/cmds/etcd_snapshot.go @@ -37,6 +37,12 @@ var EtcdSnapshotFlags = []cli.Flag{ Usage: "(db) Compress etcd snapshot", Destination: &ServerConfig.EtcdSnapshotCompress, }, + &cli.IntFlag{ + Name: "snapshot-retention,etcd-snapshot-retention", + Usage: "(db) Number of snapshots to retain.", + Destination: &ServerConfig.EtcdSnapshotRetention, + Value: defaultSnapshotRentention, + }, &cli.BoolFlag{ Name: "s3,etcd-s3", Usage: "(db) Enable backup to S3", @@ -134,12 +140,7 @@ func NewEtcdSnapshotCommands(run, delete, list, prune, save func(ctx *cli.Contex SkipFlagParsing: false, SkipArgReorder: true, Action: prune, - Flags: append(EtcdSnapshotFlags, &cli.IntFlag{ - Name: "snapshot-retention", - Usage: "(db) Number of snapshots to retain.", - Destination: &ServerConfig.EtcdSnapshotRetention, - Value: defaultSnapshotRentention, - }), + Flags: EtcdSnapshotFlags, }, { Name: "save", From 53023d36a7987e1d8ce856e91f526d47ef31d637 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 4 Mar 2024 18:45:43 +0000 Subject: [PATCH 09/22] Use and version flannel/cni-plugin properly Moves us closer to using the proper upstream for our flannel CNI plugin, instead of the snapshot that is vendored into our plugins fork. Signed-off-by: Brad Davidson (cherry picked from commit 88d30f940d8e71d620823014980f4db8c4a354a8) Signed-off-by: Brad Davidson --- scripts/build | 7 +++++-- scripts/version.sh | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/build b/scripts/build index 93d44ef94123..a1162b766b92 100755 --- a/scripts/build +++ b/scripts/build @@ -41,7 +41,7 @@ VERSIONFLAGS=" -X ${PKG_CNI_PLUGINS}/pkg/utils/buildversion.BuildVersion=${VERSION_CNIPLUGINS} -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Program=flannel - -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Version=${VERSION_FLANNEL} + -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Version=${VERSION_FLANNEL_PLUGIN} -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Commit=HEAD -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.buildDate=${buildDate} @@ -145,8 +145,11 @@ if [ ! -x ${INSTALLBIN}/cni${BINARY_POSTFIX} ]; then TMPDIR=$(mktemp -d) trap cleanup EXIT WORKDIR=$TMPDIR/src/github.com/containernetworking/plugins - git clone -b $VERSION_CNIPLUGINS https://github.com/rancher/plugins.git $WORKDIR + git clone --single-branch --depth=1 --branch=$VERSION_CNIPLUGINS https://github.com/rancher/plugins.git $WORKDIR cd $WORKDIR + rm -rf plugins/meta/flannel + git clone --single-branch --depth=1 --branch=$VERSION_FLANNEL_PLUGIN https://github.com/flannel-io/cni-plugin.git plugins/meta/flannel + sed -i 's/package main/package flannel/; s/func main/func Main/' plugins/meta/flannel/*.go GO111MODULE=off GOPATH=$TMPDIR CGO_ENABLED=0 "${GO}" build -tags "$TAGS" -gcflags="all=${GCFLAGS}" -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC" -o $INSTALLBIN/cni${BINARY_POSTFIX} ) fi diff --git a/scripts/version.sh b/scripts/version.sh index a67f0d560794..986603e83536 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -69,6 +69,7 @@ if [ -z "$VERSION_CRI_DOCKERD" ]; then fi VERSION_CNIPLUGINS="v1.4.0-k3s2" +VERSION_FLANNEL_PLUGIN="v1.4.0-flannel1" VERSION_KUBE_ROUTER=$(get-module-version github.com/cloudnativelabs/kube-router/v2) if [ -z "$VERSION_KUBE_ROUTER" ]; then From 32d8d7f2a194a7be3355b20b3f4c0374b55d02c6 Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Tue, 6 Feb 2024 23:02:59 +0100 Subject: [PATCH 10/22] Bump spegel to v0.0.18-k3s4 Signed-off-by: Philip Laine Signed-off-by: Brad Davidson (cherry picked from commit 26feb25c40d237976cd370c011595d89a848b528) Signed-off-by: Brad Davidson --- go.mod | 26 +++++++------ go.sum | 82 +++++++++-------------------------------- pkg/spegel/bootstrap.go | 10 ++--- pkg/spegel/spegel.go | 18 ++++++--- 4 files changed, 48 insertions(+), 88 deletions(-) diff --git a/go.mod b/go.mod index 200470cbf0cd..a301a1f36702 100644 --- a/go.mod +++ b/go.mod @@ -21,11 +21,13 @@ replace ( github.com/opencontainers/runc => github.com/k3s-io/runc v1.1.12-k3s1 github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.10.1 + github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/common => github.com/prometheus/common v0.45.0 github.com/quic-go/qtls-go1-20 => github.com/quic-go/qtls-go1-20 v0.3.3 github.com/quic-go/quic-go => github.com/quic-go/quic-go v0.38.2 github.com/rancher/wrangler => github.com/rancher/wrangler v1.1.1-0.20230807182002-35cb42e6a915 github.com/ugorji/go => github.com/ugorji/go v1.2.11 - github.com/xenitab/spegel => github.com/k3s-io/spegel v0.0.17-0.20240109004735-9466a5529330 // k3s-main + github.com/xenitab/spegel => github.com/k3s-io/spegel v0.0.18-k3s4 // k3s-main go.etcd.io/etcd/api/v3 => github.com/k3s-io/etcd/api/v3 v3.5.9-k3s1 go.etcd.io/etcd/client/pkg/v3 => github.com/k3s-io/etcd/client/pkg/v3 v3.5.9-k3s1 go.etcd.io/etcd/client/v2 => github.com/k3s-io/etcd/client/v2 v2.305.9-k3s1 @@ -98,7 +100,7 @@ require ( github.com/cloudnativelabs/kube-router/v2 v2.0.0-00010101000000-000000000000 github.com/containerd/aufs v1.0.0 github.com/containerd/cgroups/v3 v3.0.2 - github.com/containerd/containerd v1.7.11 + github.com/containerd/containerd v1.7.13 github.com/containerd/fuse-overlayfs-snapshotter v1.0.5 github.com/containerd/stargz-snapshotter v0.14.4-0.20230913082252-7275d45b185c github.com/containerd/zfs v1.1.0 @@ -156,8 +158,8 @@ require ( go.etcd.io/etcd/etcdutl/v3 v3.5.9 go.etcd.io/etcd/server/v3 v3.5.10 go.uber.org/zap v1.26.0 - golang.org/x/crypto v0.17.0 - golang.org/x/net v0.19.0 + golang.org/x/crypto v0.18.0 + golang.org/x/net v0.20.0 golang.org/x/sync v0.6.0 golang.org/x/sys v0.16.0 google.golang.org/grpc v1.60.1 @@ -337,7 +339,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/josharian/native v1.1.0 // indirect github.com/karrick/godirwalk v1.17.0 // indirect - github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/koron/go-ssdp v0.0.4 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect @@ -394,7 +396,7 @@ require ( github.com/mrunalp/fileutils v0.5.1 // indirect github.com/multiformats/go-base32 v0.1.0 // indirect github.com/multiformats/go-base36 v0.2.0 // indirect - github.com/multiformats/go-multiaddr v0.12.0 // indirect + github.com/multiformats/go-multiaddr v0.12.2 // indirect github.com/multiformats/go-multiaddr-dns v0.3.1 // indirect github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect github.com/multiformats/go-multibase v0.2.0 // indirect @@ -423,13 +425,13 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/qtls-go1-20 v0.3.3 // indirect - github.com/quic-go/quic-go v0.38.0 // indirect + github.com/quic-go/quic-go v0.38.2 // indirect github.com/quic-go/webtransport-go v0.5.3 // indirect github.com/raulk/go-watchdog v1.3.0 // indirect github.com/rs/xid v1.5.0 // indirect @@ -486,8 +488,8 @@ require ( golang.org/x/arch v0.3.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/mod v0.13.0 // indirect - golang.org/x/oauth2 v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.14.0 // indirect @@ -497,7 +499,7 @@ require ( google.golang.org/api v0.152.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/gcfg.v1 v1.2.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index f6c5ad6db5df..360af8f844d8 100644 --- a/go.sum +++ b/go.sum @@ -148,12 +148,7 @@ github.com/Rican7/retry v0.1.0/go.mod h1:FgOROf8P5bebcC1DS0PdOQiqGUridaZvikzUmkF github.com/a8m/tree v0.0.0-20210115125333-10a5fd5b637d/go.mod h1:FSdwKX97koS5efgm8WevNf7XS3PqtyFkKDDXrz778cg= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= -github.com/alecthomas/kingpin/v2 v2.3.1/go.mod h1:oYL5vtsvEHZGHxU7DMp32Dvx+qL+ptGn6lWaot2vCNE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= @@ -361,7 +356,6 @@ github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkz github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= @@ -467,14 +461,9 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -786,7 +775,6 @@ github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtL github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -795,7 +783,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/k3s-io/containerd v1.7.11-k3s2.26 h1:L+qoTJbpm7g3lse9BzhN23neHsee74XjQwo4m7tvljA= github.com/k3s-io/containerd v1.7.11-k3s2.26/go.mod h1:dLQbKVd9nQsB+/2LO09B/VMzHELxgeORT5OCucwBMVo= @@ -886,8 +873,8 @@ github.com/k3s-io/kubernetes/staging/src/k8s.io/pod-security-admission v1.26.14- github.com/k3s-io/kubernetes/staging/src/k8s.io/sample-apiserver v1.26.14-k3s1/go.mod h1:9zYTQO3cABNpR1Sb4WJm6CLiNZmODi+CTbFY6u24T90= github.com/k3s-io/runc v1.1.12-k3s1 h1:p2x48K2BbRdF8crLEB4xoJ1pdjSprlvNNGpYBBULHL4= github.com/k3s-io/runc v1.1.12-k3s1/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= -github.com/k3s-io/spegel v0.0.17-0.20240109004735-9466a5529330 h1:Tn9qxllPEzcyJqhqbYywUz0y0bFnZG3eMDLCb9UXeVM= -github.com/k3s-io/spegel v0.0.17-0.20240109004735-9466a5529330/go.mod h1:VwX+8hz21pU7YjrvMmLCv7G4ww2Ds3HPEw3oDalMkGM= +github.com/k3s-io/spegel v0.0.18-k3s4 h1:CjAH/z8oD5MGTnUbyUTotTgzSBKm/1J+REjJTmAtH04= +github.com/k3s-io/spegel v0.0.18-k3s4/go.mod h1:Zy+QeqEfE/YmY8wt0e+Sk1PB1kUhRGVCP3l+TW4HlUA= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -905,10 +892,9 @@ github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQs github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= +github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0= github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -1111,8 +1097,8 @@ github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9 github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4= github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo= github.com/multiformats/go-multiaddr v0.2.0/go.mod h1:0nO36NvPpyV4QzvTLi/lafl2y95ncPj0vFwVF6k6wJ4= -github.com/multiformats/go-multiaddr v0.12.0 h1:1QlibTFkoXJuDjjYsMHhE73TnzJQl8FSWatk/0gxGzE= -github.com/multiformats/go-multiaddr v0.12.0/go.mod h1:WmZXgObOQOYp9r3cslLlppkrz1FYSHmE834dfz/lWu8= +github.com/multiformats/go-multiaddr v0.12.2 h1:9G9sTY/wCYajKa9lyfWPmpZAwe6oV+Wb1zcmMS1HG24= +github.com/multiformats/go-multiaddr v0.12.2/go.mod h1:GKyaTYjZRdcUhyOetrxTk9z0cW+jA/YrnqTOvKgi44M= github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A= github.com/multiformats/go-multiaddr-dns v0.3.1/go.mod h1:G/245BRQ6FJGmryJCrOuTdB37AMA5AMOVuO6NY3JwTk= github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E= @@ -1132,7 +1118,6 @@ github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOEL github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-http-dialer v0.0.0-20161116154839-378f744fb2b8 h1:BhQQWYKJwXPtAhm12d4gQU4LKS9Yov22yOrDc2QA7ho= github.com/mwitkow/go-http-dialer v0.0.0-20161116154839-378f744fb2b8/go.mod h1:ntWhh7pzdiiRKBMxUB5iG+Q2gmZBxGxpX1KyK6N8kX8= @@ -1163,7 +1148,6 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -1252,53 +1236,26 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= github.com/quic-go/qtls-go1-20 v0.3.3 h1:17/glZSLI9P9fDAeyCHBFSWSqJcwx1byhLwP5eUIDCM= @@ -1376,10 +1333,8 @@ github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go. github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -1515,7 +1470,7 @@ github.com/xenitab/pkg/channels v0.0.2 h1:nCMsjEyhJedmAimYPOobzJl/yj7byU9h6IHEPc github.com/xenitab/pkg/channels v0.0.2/go.mod h1:/MCBlje0/98BdAF7LetkSK1+lXeUpScIbTENGaWjGRg= github.com/xenitab/pkg/gin v0.0.9 h1:BGdxnKoXAJBkthQTwQdaRdN7jTiNO+/C8hIexBrasfU= github.com/xenitab/pkg/gin v0.0.9/go.mod h1:8rzqJ8X5KJOo31PBOD4/Wtlt2ac8hCjN1mpOf1YAFs4= -github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk= github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -1665,11 +1620,9 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= @@ -1682,8 +1635,9 @@ golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= -golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= +golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1709,8 +1663,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1848,7 +1802,6 @@ google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= @@ -1856,9 +1809,9 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1890,7 +1843,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= diff --git a/pkg/spegel/bootstrap.go b/pkg/spegel/bootstrap.go index d2d29a48e449..479bd9bec18f 100644 --- a/pkg/spegel/bootstrap.go +++ b/pkg/spegel/bootstrap.go @@ -43,7 +43,7 @@ func (s *selfBootstrapper) Run(_ context.Context, id string) error { return nil } -func (s *selfBootstrapper) GetAddress() (*peer.AddrInfo, error) { +func (s *selfBootstrapper) Get() (*peer.AddrInfo, error) { return peer.AddrInfoFromString(s.id) } @@ -68,7 +68,7 @@ func (c *agentBootstrapper) Run(_ context.Context, _ string) error { return nil } -func (c *agentBootstrapper) GetAddress() (*peer.AddrInfo, error) { +func (c *agentBootstrapper) Get() (*peer.AddrInfo, error) { if c.server == "" || c.token == "" { return nil, errors.New("cannot get addresses without server and token") } @@ -131,7 +131,7 @@ func (s *serverBootstrapper) Run(_ context.Context, id string) error { return nil } -func (s *serverBootstrapper) GetAddress() (addrInfo *peer.AddrInfo, err error) { +func (s *serverBootstrapper) Get() (addrInfo *peer.AddrInfo, err error) { if s.controlConfig.Runtime.Core == nil { return nil, errors.New("runtime core not ready") } @@ -187,10 +187,10 @@ func (c *chainingBootstrapper) Run(ctx context.Context, id string) error { return merr.NewErrors(errs...) } -func (c *chainingBootstrapper) GetAddress() (*peer.AddrInfo, error) { +func (c *chainingBootstrapper) Get() (*peer.AddrInfo, error) { errs := merr.Errors{} for _, b := range c.bootstrappers { - addr, err := b.GetAddress() + addr, err := b.Get() if err == nil { return addr, nil } diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index a5b15712285f..acbd65c71d8d 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -96,7 +96,6 @@ const ( resolveLatestTag = false resolveRetries = 0 resolveTimeout = time.Second * 5 - registryScheme = "https" registryNamespace = "k8s.io" defaultRouterPort = "5001" ) @@ -188,12 +187,12 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { libp2p.Identity(p2pKey), libp2p.Peerstore(ps), libp2p.PrivateNetwork(c.PSK), - libp2p.PrometheusRegisterer(metrics.DefaultRegisterer), } - router, err := routing.NewP2PRouter(ctx, routerAddr, c.Bootstrapper, c.RegistryPort, registryScheme, opts...) + router, err := routing.NewP2PRouter(ctx, routerAddr, c.Bootstrapper, c.RegistryPort, opts...) if err != nil { return errors.Wrap(err, "failed to create p2p router") } + go router.Run(ctx) caCert, err := os.ReadFile(c.ServerCAFile) if err != nil { @@ -202,7 +201,14 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { localAddr := net.JoinHostPort(c.InternalAddress, c.RegistryPort) client := clientaccess.GetHTTPClient(caCert, c.ClientCertFile, c.ClientKeyFile) metrics.Register() - reg := registry.NewRegistry(ociClient, router, localAddr, resolveRetries, resolveTimeout, resolveLatestTag, client.Transport) + registryOpts := []registry.Option{ + registry.WithLocalAddress(localAddr), + registry.WithResolveLatestTag(resolveLatestTag), + registry.WithResolveRetries(resolveRetries), + registry.WithResolveTimeout(resolveTimeout), + registry.WithTransport(client.Transport), + } + reg := registry.NewRegistry(ociClient, router, registryOpts...) regSvr := reg.Server(":"+c.RegistryPort, logr.FromContextOrDiscard(ctx)) // Close router on shutdown @@ -225,7 +231,7 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { // Wait up to 5 seconds for the p2p network to find peers. This will return // immediately if the node is bootstrapping from itself. wait.PollImmediateWithContext(ctx, time.Second, resolveTimeout, func(_ context.Context) (bool, error) { - return router.HasMirrors() + return router.Ready() }) return nil @@ -235,7 +241,7 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { func (c *Config) peerInfo() http.HandlerFunc { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { client, _, _ := net.SplitHostPort(req.RemoteAddr) - info, err := c.Bootstrapper.GetAddress() + info, err := c.Bootstrapper.Get() if err != nil { http.Error(resp, "Internal Error", http.StatusInternalServerError) return From e919faa5242809c427710257a409395ef8c28820 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 29 Feb 2024 22:46:16 +0000 Subject: [PATCH 11/22] Add env var to allow spegel mirroring of `latest` tag Signed-off-by: Brad Davidson (cherry picked from commit 84a071a81e5f2ade3f1c1c73ef681c7cfc942742) Signed-off-by: Brad Davidson --- pkg/spegel/spegel.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index acbd65c71d8d..a138d10eeaf5 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -54,6 +54,9 @@ var ( P2pAddressAnnotation = "p2p." + version.Program + ".cattle.io/node-address" P2pEnabledLabel = "p2p." + version.Program + ".cattle.io/enabled" P2pPortEnv = version.ProgramUpper + "_P2P_PORT" + P2pEnableLatestEnv = version.ProgramUpper + "_P2P_ENABLE_LATEST" + + resolveLatestTag = false ) type authFunc func() authenticator.Request @@ -93,7 +96,6 @@ type Config struct { // These values are not currently configurable const ( - resolveLatestTag = false resolveRetries = 0 resolveTimeout = time.Second * 5 registryNamespace = "k8s.io" @@ -171,11 +173,20 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { return errors.Wrap(err, "failed to create peerstore") } + // get latest tag configuration override + if env := os.Getenv(P2pEnableLatestEnv); env != "" { + if b, err := strconv.ParseBool(env); err != nil { + logrus.Warnf("Invalid %s value; using default %v", P2pEnableLatestEnv, resolveLatestTag) + } else { + resolveLatestTag = b + } + } + // get port and start p2p router routerPort := defaultRouterPort if env := os.Getenv(P2pPortEnv); env != "" { if i, err := strconv.Atoi(env); i == 0 || err != nil { - logrus.Warnf("Invalid P2P node port; using default") + logrus.Warnf("Invalid %s value; using default %v", P2pPortEnv, defaultRouterPort) } else { routerPort = env } From e38ea22992ccd6f86d6bc19ce3de814196e07318 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 29 Feb 2024 23:05:43 +0000 Subject: [PATCH 12/22] Remove filtering of wildcard mirror entry Signed-off-by: Brad Davidson (cherry picked from commit b5a4846e9da3e5fa041b97f6680caa36483ae899) Signed-off-by: Brad Davidson --- pkg/spegel/registry.go | 4 ++-- pkg/spegel/spegel.go | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/spegel/registry.go b/pkg/spegel/registry.go index 403b96f9fb3a..66fb0e06ec62 100644 --- a/pkg/spegel/registry.go +++ b/pkg/spegel/registry.go @@ -30,8 +30,8 @@ func (c *Config) InjectMirror(nodeConfig *config.Node) error { registry.Mirrors = map[string]registries.Mirror{} } for host, mirror := range registry.Mirrors { - // Don't handle wildcard or local registry entries - if host != "*" && !docker.IsLocalhost(host) { + // Don't handle local registry entries + if !docker.IsLocalhost(host) { mirror.Endpoints = append([]string{mirrorURL}, mirror.Endpoints...) registry.Mirrors[host] = mirror } diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index a138d10eeaf5..5a1b40cec364 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -12,6 +12,7 @@ import ( "strconv" "time" + "github.com/containerd/containerd/remotes/docker" "github.com/k3s-io/k3s/pkg/clientaccess" "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/version" @@ -115,8 +116,8 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { urls := []url.URL{} registries := []string{} for host := range nodeConfig.AgentConfig.Registry.Mirrors { - if u, err := url.Parse("https://" + host); err != nil || host == "*" { - logrus.Errorf("Distributed registry mirror skipping unsupported registry: %s", host) + if u, err := url.Parse("https://" + host); err != nil || docker.IsLocalhost(host) { + logrus.Errorf("Distributed registry mirror skipping invalid registry: %s", host) } else { urls = append(urls, *u) registries = append(registries, host) From aa6dced1cfb6fa80bb37c51ec3b978e506d2628f Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 1 Mar 2024 21:33:51 +0000 Subject: [PATCH 13/22] Don't register embedded registry address as an upstream registry Signed-off-by: Brad Davidson (cherry picked from commit 091a5c89653d5ba2ae0e49fa7e2c9f9eb0a328c6) Signed-off-by: Brad Davidson --- pkg/spegel/spegel.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index 5a1b40cec364..8c42eea1e18f 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -111,11 +111,15 @@ func init() { // Start starts the embedded p2p router, and binds the registry API to an existing HTTP router. func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { + localAddr := net.JoinHostPort(c.InternalAddress, c.RegistryPort) // distribute images for all configured mirrors. there doesn't need to be a // configured endpoint, just having a key for the registry will do. urls := []url.URL{} registries := []string{} for host := range nodeConfig.AgentConfig.Registry.Mirrors { + if host == localAddr { + continue + } if u, err := url.Parse("https://" + host); err != nil || docker.IsLocalhost(host) { logrus.Errorf("Distributed registry mirror skipping invalid registry: %s", host) } else { @@ -210,7 +214,6 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node) error { if err != nil { return errors.Wrap(err, "failed to read server CA") } - localAddr := net.JoinHostPort(c.InternalAddress, c.RegistryPort) client := clientaccess.GetHTTPClient(caCert, c.ClientCertFile, c.ClientKeyFile) metrics.Register() registryOpts := []registry.Option{ From 417f26f13053df6ec189ad6c1f66021561d4afc4 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Fri, 16 Feb 2024 14:50:21 +0100 Subject: [PATCH 14/22] fix: use correct wasm shims names Fix the wasm shim detection and the containerd configuration generation. Prior to this commit, the binary and the `RuntimeType` values were not correct. Signed-off-by: Flavio Castelli (cherry picked from commit 64e4f0e6e71d4b2abf37b71267ba208ecba2f17d) Signed-off-by: Brad Davidson --- pkg/agent/containerd/runtimes.go | 14 +++++++------- pkg/agent/containerd/runtimes_test.go | 18 +++++++++--------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pkg/agent/containerd/runtimes.go b/pkg/agent/containerd/runtimes.go index 422d763197fb..3e5ec311a031 100644 --- a/pkg/agent/containerd/runtimes.go +++ b/pkg/agent/containerd/runtimes.go @@ -79,31 +79,31 @@ func findNvidiaContainerRuntimes(foundRuntimes runtimeConfigs) { func findWasiRuntimes(foundRuntimes runtimeConfigs) { potentialRuntimes := runtimeConfigs{ "lunatic": { - RuntimeType: "io.containerd.lunatic.v2", + RuntimeType: "io.containerd.lunatic.v1", BinaryName: "containerd-shim-lunatic-v1", }, "slight": { - RuntimeType: "io.containerd.slight.v2", + RuntimeType: "io.containerd.slight.v1", BinaryName: "containerd-shim-slight-v1", }, "spin": { RuntimeType: "io.containerd.spin.v2", - BinaryName: "containerd-shim-spin-v1", + BinaryName: "containerd-shim-spin-v2", }, "wws": { - RuntimeType: "io.containerd.wws.v2", + RuntimeType: "io.containerd.wws.v1", BinaryName: "containerd-shim-wws-v1", }, "wasmedge": { - RuntimeType: "io.containerd.wasmedge.v2", + RuntimeType: "io.containerd.wasmedge.v1", BinaryName: "containerd-shim-wasmedge-v1", }, "wasmer": { - RuntimeType: "io.containerd.wasmer.v2", + RuntimeType: "io.containerd.wasmer.v1", BinaryName: "containerd-shim-wasmer-v1", }, "wasmtime": { - RuntimeType: "io.containerd.wasmtime.v2", + RuntimeType: "io.containerd.wasmtime.v1", BinaryName: "containerd-shim-wasmtime-v1", }, } diff --git a/pkg/agent/containerd/runtimes_test.go b/pkg/agent/containerd/runtimes_test.go index 0bbc763fbcf9..f388b13f71e4 100644 --- a/pkg/agent/containerd/runtimes_test.go +++ b/pkg/agent/containerd/runtimes_test.go @@ -44,7 +44,7 @@ func Test_UnitFindContainerRuntimes(t *testing.T) { BinaryName: "/tmp/testExecutables/crun", }, "lunatic": { - RuntimeType: "io.containerd.lunatic.v2", + RuntimeType: "io.containerd.lunatic.v1", BinaryName: "/tmp/testExecutables/containerd-shim-lunatic-v1", }, }, @@ -57,7 +57,7 @@ func Test_UnitFindContainerRuntimes(t *testing.T) { "containerd-shim-wasmtime-v1", "containerd-shim-lunatic-v1", "containerd-shim-slight-v1", - "containerd-shim-spin-v1", + "containerd-shim-spin-v2", "containerd-shim-wws-v1", "containerd-shim-wasmedge-v1", "containerd-shim-wasmer-v1", @@ -65,31 +65,31 @@ func Test_UnitFindContainerRuntimes(t *testing.T) { }, want: runtimeConfigs{ "wasmtime": { - RuntimeType: "io.containerd.wasmtime.v2", + RuntimeType: "io.containerd.wasmtime.v1", BinaryName: "/tmp/testExecutables/containerd-shim-wasmtime-v1", }, "lunatic": { - RuntimeType: "io.containerd.lunatic.v2", + RuntimeType: "io.containerd.lunatic.v1", BinaryName: "/tmp/testExecutables/containerd-shim-lunatic-v1", }, "slight": { - RuntimeType: "io.containerd.slight.v2", + RuntimeType: "io.containerd.slight.v1", BinaryName: "/tmp/testExecutables/containerd-shim-slight-v1", }, "spin": { RuntimeType: "io.containerd.spin.v2", - BinaryName: "/tmp/testExecutables/containerd-shim-spin-v1", + BinaryName: "/tmp/testExecutables/containerd-shim-spin-v2", }, "wws": { - RuntimeType: "io.containerd.wws.v2", + RuntimeType: "io.containerd.wws.v1", BinaryName: "/tmp/testExecutables/containerd-shim-wws-v1", }, "wasmedge": { - RuntimeType: "io.containerd.wasmedge.v2", + RuntimeType: "io.containerd.wasmedge.v1", BinaryName: "/tmp/testExecutables/containerd-shim-wasmedge-v1", }, "wasmer": { - RuntimeType: "io.containerd.wasmer.v2", + RuntimeType: "io.containerd.wasmer.v1", BinaryName: "/tmp/testExecutables/containerd-shim-wasmer-v1", }, }, From fb655ee308df6eb68ffb451eeeb10d2c017a71b6 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Tue, 20 Feb 2024 10:05:02 +0100 Subject: [PATCH 15/22] e2e tests: cover WebAssembly integration Add a e2e test that runs some demo WebAssembly applications using the dedicated containerd shims. Note: this is not an integration test because we need to install some binaries (the special containerd shims) on the host. Signed-off-by: Flavio Castelli (cherry picked from commit f82d438f395a9a1e77507a16441ce9140b0a0a8b) Signed-off-by: Brad Davidson --- .../amd64_resource_files/wasm-workloads.yaml | 126 +++++++++++++++ tests/e2e/wasm/Vagrantfile | 96 ++++++++++++ tests/e2e/wasm/wasm_test.go | 145 ++++++++++++++++++ 3 files changed, 367 insertions(+) create mode 100644 tests/e2e/amd64_resource_files/wasm-workloads.yaml create mode 100644 tests/e2e/wasm/Vagrantfile create mode 100644 tests/e2e/wasm/wasm_test.go diff --git a/tests/e2e/amd64_resource_files/wasm-workloads.yaml b/tests/e2e/amd64_resource_files/wasm-workloads.yaml new file mode 100644 index 000000000000..5e19fd281cb1 --- /dev/null +++ b/tests/e2e/amd64_resource_files/wasm-workloads.yaml @@ -0,0 +1,126 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wasm-slight + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: wasm-slight + template: + metadata: + labels: + app: wasm-slight + spec: + runtimeClassName: slight + containers: + - name: slight-hello + image: ghcr.io/deislabs/containerd-wasm-shims/examples/slight-rust-hello:v0.9.1 + command: ["/"] + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wasm-spin + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: wasm-spin + template: + metadata: + labels: + app: wasm-spin + spec: + runtimeClassName: spin + containers: + - name: spin-hello + image: ghcr.io/deislabs/containerd-wasm-shims/examples/spin-rust-hello:v0.11.1 + command: ["/"] + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi +--- +# create a traefik middleware +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: strip-prefix + namespace: default +spec: + stripPrefix: + forceSlash: false + prefixes: + - /spin + - /slight +--- +# define the slight service +apiVersion: v1 +kind: Service +metadata: + name: wasm-slight + namespace: default +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 3000 + selector: + app: wasm-slight +--- +# define the spin service +apiVersion: v1 +kind: Service +metadata: + name: wasm-spin + namespace: default +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 80 + selector: + app: wasm-spin +--- +# define a single ingress, that exposes both services +# using a path route +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress + namespace: default + annotations: + ingress.kubernetes.io/ssl-redirect: "false" + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.middlewares: default-strip-prefix@kubernetescrd +spec: + rules: + - http: + paths: + - path: /slight + pathType: Prefix + backend: + service: + name: wasm-slight + port: + number: 80 + - path: /spin + pathType: Prefix + backend: + service: + name: wasm-spin + port: + number: 80 diff --git a/tests/e2e/wasm/Vagrantfile b/tests/e2e/wasm/Vagrantfile new file mode 100644 index 000000000000..055ccf185d71 --- /dev/null +++ b/tests/e2e/wasm/Vagrantfile @@ -0,0 +1,96 @@ +ENV['VAGRANT_NO_PARALLEL'] = 'no' +NODE_ROLES = (ENV['E2E_NODE_ROLES'] || + ["server-0"]) +NODE_BOXES = (ENV['E2E_NODE_BOXES'] || + ['generic/ubuntu2004']) +GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master") +RELEASE_VERSION = (ENV['E2E_RELEASE_VERSION'] || "") +GOCOVER = (ENV['E2E_GOCOVER'] || "") +NODE_CPUS = (ENV['E2E_NODE_CPUS'] || 2).to_i +NODE_MEMORY = (ENV['E2E_NODE_MEMORY'] || 2048).to_i +# Virtualbox >= 6.1.28 require `/etc/vbox/network.conf` for expanded private networks +NETWORK_PREFIX = "10.10.10" +install_type = "" + +SPIN_DOWNLOAD_URL = "https://github.com/deislabs/containerd-wasm-shims/releases/download/v0.11.1/containerd-wasm-shims-v2-spin-linux-x86_64.tar.gz" +SLIGHT_DOWNLOAD_URL = "https://github.com/deislabs/containerd-wasm-shims/releases/download/v0.11.1/containerd-wasm-shims-v1-slight-linux-x86_64.tar.gz" + +INSTALL_WASM_SHIMS = <<-SCRIPT +curl -fsSL -o spin.tar.gz #{SPIN_DOWNLOAD_URL} +tar xf spin.tar.gz + +curl -fsSL -o slight.tar.gz #{SLIGHT_DOWNLOAD_URL} +tar xf slight.tar.gz + +mv containerd-shim-* /usr/bin +rm *tar.gz +SCRIPT + +def provision(vm, role, role_num, node_num) + vm.box = NODE_BOXES[node_num] + vm.hostname = role + # An expanded netmask is required to allow VM<-->VM communication, virtualbox defaults to /32 + node_ip = "#{NETWORK_PREFIX}.#{100+node_num}" + vm.network "private_network", ip: node_ip, netmask: "255.255.255.0" + + scripts_location = Dir.exists?("./scripts") ? "./scripts" : "../scripts" + vagrant_defaults = File.exists?("./vagrantdefaults.rb") ? "./vagrantdefaults.rb" : "../vagrantdefaults.rb" + load vagrant_defaults + + defaultOSConfigure(vm) + addCoverageDir(vm, role, GOCOVER) + install_type = getInstallType(vm, RELEASE_VERSION, GITHUB_BRANCH) + + vm.provision "shell", inline: "ping -c 2 k3s.io" + vm.provision "Install run-wasi containerd shims", type: "shell", inline: INSTALL_WASM_SHIMS + + if role.include?("server") && role_num == 0 + + dockerInstall(vm) + vm.provision 'k3s-primary-server', type: 'k3s', run: 'once' do |k3s| + k3s.args = "server " + k3s.config = <<~YAML + cluster-init: true + node-external-ip: #{NETWORK_PREFIX}.100 + token: vagrant + flannel-iface: eth1 + YAML + k3s.env = %W[K3S_KUBECONFIG_MODE=0644 #{install_type}] + k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321 + end + end + + if vm.box.to_s.include?("microos") + vm.provision 'k3s-reload', type: 'reload', run: 'once' + end +end + +Vagrant.configure("2") do |config| + config.vagrant.plugins = ["vagrant-k3s", "vagrant-reload"] + # Default provider is libvirt, virtualbox is only provided as a backup + config.vm.provider "libvirt" do |v| + v.cpus = NODE_CPUS + v.memory = NODE_MEMORY + end + config.vm.provider "virtualbox" do |v| + v.cpus = NODE_CPUS + v.memory = NODE_MEMORY + end + + if NODE_ROLES.kind_of?(String) + NODE_ROLES = NODE_ROLES.split(" ", -1) + end + if NODE_BOXES.kind_of?(String) + NODE_BOXES = NODE_BOXES.split(" ", -1) + end + + # Must iterate on the index, vagrant does not understand iterating + # over the node roles themselves + NODE_ROLES.length.times do |i| + name = NODE_ROLES[i] + role_num = name.split("-", -1).pop.to_i + config.vm.define name do |node| + provision(node.vm, name, role_num, i) + end + end +end diff --git a/tests/e2e/wasm/wasm_test.go b/tests/e2e/wasm/wasm_test.go new file mode 100644 index 000000000000..3cb57327f1ee --- /dev/null +++ b/tests/e2e/wasm/wasm_test.go @@ -0,0 +1,145 @@ +package wasm + +import ( + "flag" + "fmt" + "os" + "strings" + "testing" + + "github.com/k3s-io/k3s/tests/e2e" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Valid nodeOS: generic/ubuntu2004, opensuse/Leap-15.3.x86_64 +var nodeOS = flag.String("nodeOS", "generic/ubuntu2004", "VM operating system") +var serverCount = flag.Int("serverCount", 1, "number of server nodes") +var agentCount = flag.Int("agentCount", 0, "number of agent nodes") +var ci = flag.Bool("ci", false, "running on CI") +var local = flag.Bool("local", false, "deploy a locally built K3s binary") + +func Test_E2EWasm(t *testing.T) { + flag.Parse() + RegisterFailHandler(Fail) + suiteConfig, reporterConfig := GinkgoConfiguration() + RunSpecs(t, "Run WebAssenbly Workloads Test Suite", suiteConfig, reporterConfig) +} + +var ( + kubeConfigFile string + serverNodeNames []string + agentNodeNames []string +) + +var _ = ReportAfterEach(e2e.GenReport) + +var _ = Describe("Verify Can run Wasm workloads", Ordered, func() { + + It("Starts up with no issues", func() { + var err error + if *local { + serverNodeNames, agentNodeNames, err = e2e.CreateLocalCluster(*nodeOS, *serverCount, *agentCount) + } else { + serverNodeNames, agentNodeNames, err = e2e.CreateCluster(*nodeOS, *serverCount, *agentCount) + } + Expect(err).NotTo(HaveOccurred(), e2e.GetVagrantLog(err)) + fmt.Println("CLUSTER CONFIG") + fmt.Println("OS:", *nodeOS) + fmt.Println("Server Nodes:", serverNodeNames) + fmt.Println("Agent Nodes:", agentNodeNames) + kubeConfigFile, err = e2e.GenKubeConfigFile(serverNodeNames[0]) + Expect(err).NotTo(HaveOccurred()) + }) + + // Server node needs to be ready before we continue + It("Checks Node and Pod Status", func() { + fmt.Printf("\nFetching node status\n") + Eventually(func(g Gomega) { + nodes, err := e2e.ParseNodes(kubeConfigFile, false) + g.Expect(err).NotTo(HaveOccurred()) + for _, node := range nodes { + g.Expect(node.Status).Should(Equal("Ready")) + } + }, "620s", "5s").Should(Succeed()) + _, _ = e2e.ParseNodes(kubeConfigFile, true) + + fmt.Printf("\nFetching Pods status\n") + Eventually(func(g Gomega) { + pods, err := e2e.ParsePods(kubeConfigFile, false) + g.Expect(err).NotTo(HaveOccurred()) + for _, pod := range pods { + if strings.Contains(pod.Name, "helm-install") { + g.Expect(pod.Status).Should(Equal("Completed"), pod.Name) + } else { + g.Expect(pod.Status).Should(Equal("Running"), pod.Name) + } + } + }, "620s", "5s").Should(Succeed()) + _, _ = e2e.ParsePods(kubeConfigFile, true) + }) + + It("Verify wasm-related containerd shims are installed", func() { + expected_shims := []string{"containerd-shim-spin-v2", "containerd-shim-slight-v1"} + for _, node := range append(serverNodeNames, agentNodeNames...) { + for _, shim := range expected_shims { + cmd := fmt.Sprintf("which %s", shim) + _, err := e2e.RunCmdOnNode(cmd, node) + Expect(err).NotTo(HaveOccurred()) + } + } + }) + + Context("Verify Wasm workloads can run on the cluster", func() { + It("Deploy Wasm workloads", func() { + out, err := e2e.DeployWorkload("wasm-workloads.yaml", kubeConfigFile, false) + Expect(err).NotTo(HaveOccurred(), out) + }) + + It("Wait for slight Pod to be up and running", func() { + Eventually(func() (string, error) { + cmd := "kubectl get pods -o=name -l app=wasm-slight --field-selector=status.phase=Running --kubeconfig=" + kubeConfigFile + return e2e.RunCommand(cmd) + }, "240s", "5s").Should(ContainSubstring("pod/wasm-slight")) + }) + + It("Wait for spin Pod to be up and running", func() { + Eventually(func() (string, error) { + cmd := "kubectl get pods -o=name -l app=wasm-spin --field-selector=status.phase=Running --kubeconfig=" + kubeConfigFile + return e2e.RunCommand(cmd) + }, "120s", "5s").Should(ContainSubstring("pod/wasm-spin")) + }) + + It("Interact with Wasm applications", func() { + ingressIPs, err := e2e.FetchIngressIP(kubeConfigFile) + Expect(err).NotTo(HaveOccurred()) + Expect(ingressIPs).To(HaveLen(1)) + + endpoints := []string{"slight/hello", "spin/go-hello", "spin/hello"} + for _, endpoint := range endpoints { + url := fmt.Sprintf("http://%s/%s", ingressIPs[0], endpoint) + fmt.Printf("Connecting to Wasm web application at: %s\n", url) + cmd := "curl -sfv " + url + + Eventually(func() (string, error) { + return e2e.RunCommand(cmd) + }, "120s", "5s").Should(ContainSubstring("200 OK")) + } + }) + }) +}) + +var failed bool +var _ = AfterEach(func() { + failed = failed || CurrentSpecReport().Failed() +}) + +var _ = AfterSuite(func() { + if failed && !*ci { + fmt.Println("FAILED!") + } else { + Expect(e2e.GetCoverageReport(append(serverNodeNames, agentNodeNames...))).To(Succeed()) + Expect(e2e.DestroyCluster()).To(Succeed()) + Expect(os.Remove(kubeConfigFile)).To(Succeed()) + } +}) From ab7631ea3a5b40afd3f4c9d1164dd4e036f9c79e Mon Sep 17 00:00:00 2001 From: Vitor Savian Date: Tue, 5 Mar 2024 15:39:26 -0300 Subject: [PATCH 16/22] Fix wildcard with embbeded registry test Signed-off-by: Vitor Savian Signed-off-by: Brad Davidson (cherry picked from commit 59c724f7a6ba2a572f7608db81cbc018a8292c5e) Signed-off-by: Brad Davidson --- pkg/agent/containerd/config_test.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/agent/containerd/config_test.go b/pkg/agent/containerd/config_test.go index dc7b55f160ca..915f404d2974 100644 --- a/pkg/agent/containerd/config_test.go +++ b/pkg/agent/containerd/config_test.go @@ -1148,8 +1148,16 @@ func Test_UnitGetHostConfigs(t *testing.T) { "_default": templates.HostConfig{ Program: "k3s", Endpoints: []templates.RegistryEndpoint{ - // note that the embedded registry mirror is NOT listed as an endpoint. - // individual registries must be enabled for mirroring by name. + { + URL: u("https://127.0.0.1:6443/v2"), + Config: registries.RegistryConfig{ + TLS: ®istries.TLSConfig{ + CAFile: "server-ca", + KeyFile: "client-key", + CertFile: "client-cert", + }, + }, + }, { URL: u("https://registry.example.com/v2"), }, From 996a477f803ea944f2e0048d4f07b62a11b1981a Mon Sep 17 00:00:00 2001 From: Rishi Date: Tue, 6 Feb 2024 13:15:26 +0530 Subject: [PATCH 17/22] Disable color outputs using RAW_OUTPUT env var Setting this environment variable will not wrap the text in color ANSI code, so that we can print a raw output. Signed-off-by: Rishikesh Nair (cherry picked from commit ff7cfa22351c76c8537c89a127daa41e2afe1a3a) Signed-off-by: Brad Davidson --- contrib/util/check-config.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh index 16d743720a41..f70435a8e29f 100755 --- a/contrib/util/check-config.sh +++ b/contrib/util/check-config.sh @@ -21,6 +21,9 @@ binDir=$(dirname "$0") configFormat=gz isError=0 +# RAW_OUTPUT=1 disables colored outputs +RAW_OUTPUT=${RAW_OUTPUT:-0} + if [ $# -gt 0 ]; then CONFIG="$1" fi @@ -81,6 +84,11 @@ color() { printf '\033['"$codes"'m' } wrap_color() { + if [ $RAW_OUTPUT -eq 1 ]; then + echo -n "$1" + return + fi + text="$1" shift color "$@" From 10f0dfdd8f095111df95e58042b51e1e0ca6ef4d Mon Sep 17 00:00:00 2001 From: Rishikesh Nair Date: Thu, 29 Feb 2024 16:56:32 +0530 Subject: [PATCH 18/22] Rename `RAW_OUTPUT` -> `NO_COLOR` Also, if NO_COLOR is empty, output will be colored, otherwise not colored. Signed-off-by: Rishikesh Nair (cherry picked from commit ce0765c9f8e8eec9419449a304811ed6786271d9) Signed-off-by: Brad Davidson --- contrib/util/check-config.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh index f70435a8e29f..9571f96f1827 100755 --- a/contrib/util/check-config.sh +++ b/contrib/util/check-config.sh @@ -21,9 +21,6 @@ binDir=$(dirname "$0") configFormat=gz isError=0 -# RAW_OUTPUT=1 disables colored outputs -RAW_OUTPUT=${RAW_OUTPUT:-0} - if [ $# -gt 0 ]; then CONFIG="$1" fi @@ -58,6 +55,10 @@ is_set_as_module() { } color() { + if [[ -n "$NO_COLOR" ]]; then + return + fi + codes= if [ "$1" = 'bold' ]; then codes=1 @@ -84,11 +85,6 @@ color() { printf '\033['"$codes"'m' } wrap_color() { - if [ $RAW_OUTPUT -eq 1 ]; then - echo -n "$1" - return - fi - text="$1" shift color "$@" From b363e6f42f0e820d1d3adea308fc96a685c02d37 Mon Sep 17 00:00:00 2001 From: Rishikesh Nair <42700059+rishinair11@users.noreply.github.com> Date: Sat, 2 Mar 2024 06:09:59 +0530 Subject: [PATCH 19/22] Update contrib/util/check-config.sh Co-authored-by: Brad Davidson Signed-off-by: Rishikesh Nair <42700059+rishinair11@users.noreply.github.com> (cherry picked from commit 82cfacb2f30cff9913a5317265e12d725d1034b4) Signed-off-by: Brad Davidson --- contrib/util/check-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh index 9571f96f1827..0c5388cc0da5 100755 --- a/contrib/util/check-config.sh +++ b/contrib/util/check-config.sh @@ -55,7 +55,7 @@ is_set_as_module() { } color() { - if [[ -n "$NO_COLOR" ]]; then + if [ -n "$NO_COLOR" ]; then return fi From 462e50e72aa6b074f1c90ccf3e601502ff913e50 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 5 Mar 2024 19:38:14 +0000 Subject: [PATCH 20/22] Include flannel version in flannel cni plugin version We were misreporting the flannel version as the flannel cni plugin version; restore the actual flannel version as build metadata Signed-off-by: Brad Davidson (cherry picked from commit 6f331ea7b520095785a3a4ca30f8c75c69a12105) Signed-off-by: Brad Davidson --- scripts/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build b/scripts/build index a1162b766b92..f6ead50cb2f3 100755 --- a/scripts/build +++ b/scripts/build @@ -41,7 +41,7 @@ VERSIONFLAGS=" -X ${PKG_CNI_PLUGINS}/pkg/utils/buildversion.BuildVersion=${VERSION_CNIPLUGINS} -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Program=flannel - -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Version=${VERSION_FLANNEL_PLUGIN} + -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Version=${VERSION_FLANNEL_PLUGIN}+${VERSION_FLANNEL} -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.Commit=HEAD -X ${PKG_CNI_PLUGINS}/plugins/meta/flannel.buildDate=${buildDate} From faff9496dd769b64c0dde0edc6dd1f4cb3e720a4 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 7 Mar 2024 08:17:20 +0000 Subject: [PATCH 21/22] Bump metrics-server to v0.7.0 Signed-off-by: Brad Davidson --- manifests/metrics-server/metrics-server-deployment.yaml | 2 +- pkg/deploy/zz_generated_bindata.go | 2 +- scripts/airgap/image-list.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/metrics-server/metrics-server-deployment.yaml b/manifests/metrics-server/metrics-server-deployment.yaml index 24fafa4f969c..169b270afa32 100644 --- a/manifests/metrics-server/metrics-server-deployment.yaml +++ b/manifests/metrics-server/metrics-server-deployment.yaml @@ -44,7 +44,7 @@ spec: emptyDir: {} containers: - name: metrics-server - image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.6.3 + image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.7.0 args: - --cert-dir=/tmp - --secure-port=10250 diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go index 74253c57826d..9685e373dc0b 100644 --- a/pkg/deploy/zz_generated_bindata.go +++ b/pkg/deploy/zz_generated_bindata.go @@ -232,7 +232,7 @@ func metricsServerMetricsApiserviceYaml() (*asset, error) { return a, nil } -var _metricsServerMetricsServerDeploymentYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x55\xc1\x6e\xdb\x46\x10\xbd\xeb\x2b\x06\x2a\x7c\x2b\x6d\x49\xa9\xdd\x80\x80\x0f\x82\xc4\x44\x01\x6c\x47\x10\xe5\x16\x3e\x09\xeb\xe5\xc8\x5a\x78\xb9\xbb\x9d\x19\x2a\x61\x83\xfc\x7b\xb1\xa2\x43\x93\x8e\x1d\xb8\x68\xc3\x03\x0f\x33\x6f\xde\x3c\xbe\x9d\xe5\x24\x49\x32\x50\xc1\xfc\x81\xc4\xc6\xbb\x14\xf6\xe3\xc1\xbd\x71\x45\x0a\x39\xd2\xde\x68\x9c\x6a\xed\x2b\x27\x83\x12\x45\x15\x4a\x54\x3a\x00\x70\xaa\xc4\x14\x4a\x14\x32\x9a\x13\x46\xda\x23\x3d\x84\x39\x28\x8d\x29\xdc\x57\xb7\x98\x70\xcd\x82\xe5\xe0\x69\x07\x15\x02\x9f\xb4\x6d\xe6\x18\xac\xaf\x4b\xfc\x4f\x2d\x00\xac\xba\x45\xcb\xb1\x12\xe0\xfe\x2d\x27\x2a\x84\xef\xca\x39\xa0\x8e\x08\xc2\xbd\x89\x52\x16\x86\xc5\x53\x7d\x61\x4a\x23\x29\x8c\x06\x00\x2c\xa4\x04\xef\xea\x86\x47\xea\x80\x29\xac\xbc\xb5\xc6\xdd\x5d\x87\x42\x09\x1e\xe2\xd4\x8d\x34\x50\x80\x52\x7d\xbe\x76\x6a\xaf\x8c\x55\xb7\x16\x53\x18\x47\x3a\xb4\xa8\xc5\x53\x83\x29\x95\xe8\xdd\x45\x47\xe7\xcb\x4a\x01\x04\xcb\x60\x5b\xfa\xae\x33\xf1\x79\xc1\x9d\xf8\xd8\x5e\x83\x1f\xb5\x00\xf8\x66\x48\x7c\x02\x19\x4f\x46\xea\x99\x55\xcc\x57\x07\xfe\x61\xe3\x6e\xe2\x7c\x81\x89\x26\x23\x46\x2b\x3b\x7c\xc0\x73\x6f\x3c\xae\x5e\x16\x24\xde\x22\x29\x31\xde\x75\x54\x25\x70\x8f\x75\x0a\xc3\xd9\x03\xeb\xb4\x28\xbc\xe3\x8f\xce\xd6\xc3\x16\x03\xe0\x43\xac\xf4\x94\xc2\x30\xfb\x6c\x58\x78\xf8\x1d\xc1\x41\x1b\x79\x8b\xc7\x71\x1e\xc8\xa1\x20\x1f\x1b\x7f\xa2\xbd\x13\xf2\x36\x09\x56\x39\x7c\x25\x27\x00\x6e\xb7\xa8\x25\x85\xe1\x95\xcf\xf5\x0e\x8b\xca\xe2\xeb\x5b\x96\x8a\x05\xe9\xff\xe8\xb5\xf7\xb6\x2a\xb1\xb5\xeb\x17\x28\xa3\xc7\x60\x1c\x48\x19\x80\x3d\x7c\x42\xd0\xca\x01\xab\x2d\xda\x1a\x2a\x46\xd8\x92\x2f\x13\xd6\x14\x67\x0c\x4c\xa9\xee\x90\x41\xb9\xe2\xc4\x13\x10\xaa\x22\xf1\xce\xd6\x10\x4d\x51\xc6\x21\xf1\xe0\xdb\x27\x35\x93\x24\x65\x48\x0a\x43\xad\x3a\x2c\x83\xd4\x73\x43\x29\x7c\xf9\xfa\x10\x7c\xac\x4d\x9f\x14\x3f\x7b\xea\xd0\x88\x48\xe1\xe8\x4b\x7e\x93\xaf\xb3\xcb\xcd\x3c\x7b\x37\xbd\xbe\x58\x6f\x56\xd9\xfb\x0f\xf9\x7a\x75\xf3\xf5\x88\x94\xd3\x3b\xa4\x93\xd2\x10\x79\xc2\x22\xe9\x33\xa5\xfb\xd1\xf1\xd9\xf1\x9b\x96\x50\xd1\x5d\x6f\x82\x92\x44\x23\x49\xd4\x7d\x7e\x22\x65\xe8\x65\x18\x75\x45\x98\x04\x4f\x72\x3e\x1e\x4d\x4e\x47\xbd\x6c\x3c\x37\x8b\x92\x04\xc2\x2d\x52\xec\xac\x8a\x82\x90\x39\x89\x57\x9e\xcf\x8f\xbe\x2c\x57\xd9\xbb\x6c\xb5\xca\xe6\x9b\xe9\x7c\xbe\xca\xf2\x7c\xb3\xbe\x59\x66\xf9\xd7\xa3\x67\x79\x2a\xc6\xe6\x92\xb0\x28\xa9\xf8\xd0\xb6\x07\x6c\x3e\x2c\x21\x64\x6f\xab\x78\x15\xce\xc7\xa7\xdc\x43\x88\xe5\x44\x9b\xb0\x43\x4a\xb8\x32\x82\x7c\xbe\xbe\xc8\x37\xd9\x6c\xbe\xc8\xe2\x3b\x9f\x6e\xfe\xfc\xb0\x5e\x6c\xa6\x59\xbe\x99\x9c\x9e\x6d\xde\xcf\x2e\x37\xf9\x62\xfa\xe6\xed\x6f\xbf\x3e\xe2\x56\xaf\x42\x3d\x61\x1b\x4f\xde\x7e\xc3\x4d\x4e\xcf\x5e\x62\x7b\x11\xd5\x61\x9b\x2d\xa6\xb3\xc5\x74\x32\xda\x2c\x3f\x5e\xdc\x8c\xdf\x8c\x4e\x9f\x23\xfb\x0e\xd4\xba\x10\xcd\xa9\x48\x63\xe7\x8c\x63\xf0\xaf\x0a\x59\x7a\x31\x00\x1d\xaa\x14\xc6\xa3\x51\xd9\x8b\x96\x58\x7a\xaa\x53\xf8\x7d\x74\x69\xda\x44\x3c\x8a\xde\xd4\x34\x33\xbb\x13\x09\xdc\xa9\x6e\xa7\x7b\xe9\x49\x22\x77\x77\x64\xe2\xcf\xd1\x8b\xd7\xde\xa6\xb0\x9e\x2d\x3b\x8a\x55\x61\x1c\x32\x2f\xc9\xdf\x62\x57\x62\xa4\x7f\x8f\xd2\x57\x1d\x94\xec\x52\x38\x89\x55\xf5\xdf\xfd\xcc\xa1\xe9\x53\x4d\x00\xac\x77\x18\xd5\x2e\xd6\xeb\x65\xde\xc9\x18\x67\xc4\x28\x3b\x47\xab\xea\x1c\xb5\x77\x05\x37\xfb\xab\x25\x44\x32\xbe\x68\x53\x93\x4e\x4a\x4c\x89\xbe\x92\x36\x37\xee\xe4\xb8\xd2\x1a\x99\xd7\x3b\x42\xde\x79\x5b\xf4\xb3\x5b\x65\x6c\x45\xd8\xc9\x3e\xde\x4d\x6b\xf6\xf8\xaf\x9d\x88\x45\x3f\xc1\x88\xb3\x1f\x38\x31\x1e\xfd\x74\x2b\x0e\xbf\x9e\xb8\x48\xbd\x13\xfc\x2c\xfd\x69\x56\x45\xdc\x71\x2b\xef\xe5\x9d\xb1\xd8\xec\xd7\x14\x84\x2a\xec\xc2\x2a\x37\xe5\x2b\xef\x22\xec\xf9\xe4\x35\x23\x1d\x6e\x40\xf7\x73\x94\xb5\xfe\xd3\x92\xcc\xde\x58\xbc\xc3\x8c\xb5\xb2\x87\xb5\x9b\xc2\x56\x59\x7e\xe4\x68\xb6\xcb\x65\x5c\x29\xcf\xdc\x8c\xa7\xab\x00\x9a\xe5\xb3\x6c\x8e\x2c\xfe\x67\xff\x09\x00\x00\xff\xff\x70\xb0\x51\x48\x32\x0a\x00\x00") +var _metricsServerMetricsServerDeploymentYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x55\x4f\x6f\xdb\xc8\x0f\xbd\xfb\x53\x10\xfe\x21\xb7\x9f\xe2\x3f\xdd\xb4\x85\x80\x1c\x0c\x5b\xad\x0b\x24\xa9\x61\x39\xbb\xc8\xc9\x98\x8c\xe8\x78\x90\xd1\xcc\x2c\x49\xb9\xd5\x16\xfd\xee\x8b\xb1\x52\x55\x4a\x93\x22\x8b\xdd\xea\xa0\x03\xf9\xf8\xf8\xf4\x86\x23\x26\x49\x32\x50\xc1\xfc\x8e\xc4\xc6\xbb\x14\x0e\x93\xc1\xbd\x71\x45\x0a\x39\xd2\xc1\x68\x9c\x69\xed\x2b\x27\x83\x12\x45\x15\x4a\x54\x3a\x00\x70\xaa\xc4\x14\x4a\x14\x32\x9a\x13\x46\x3a\x20\x3d\x84\x39\x28\x8d\x29\xdc\x57\xb7\x98\x70\xcd\x82\xe5\xe0\x71\x07\x15\x02\x8f\xda\x36\x0b\x0c\xd6\xd7\x25\xfe\xab\x16\x00\x56\xdd\xa2\xe5\x58\x09\x70\xff\x96\x13\x15\xc2\x0f\xe5\x1c\x50\x47\x04\xe1\xc1\x44\x29\x4b\xc3\xe2\xa9\xbe\x30\xa5\x91\x14\xc6\x03\x00\x16\x52\x82\x77\x75\xc3\x23\x75\xc0\x14\xd6\xde\x5a\xe3\xee\xae\x43\xa1\x04\x8f\x71\xea\x46\x1a\x28\x40\xa9\x3e\x5f\x3b\x75\x50\xc6\xaa\x5b\x8b\x29\x4c\x22\x1d\x5a\xd4\xe2\xa9\xc1\x94\x4a\xf4\xfe\xa2\xa3\xf3\x79\xa5\x00\x82\x65\xb0\x2d\x7d\xd7\x99\xf8\x3c\xe3\x4e\x7c\x6c\xaf\xc1\xcf\x5a\x00\x7c\x33\x24\x3e\x81\x8c\x27\x23\xf5\xdc\x2a\xe6\xab\x23\xff\xb0\x71\x37\x71\xbe\xc0\x44\x93\x11\xa3\x95\x1d\x3e\xe0\xb9\x37\x1e\x57\xcf\x0b\x12\x6f\x91\x94\x18\xef\x3a\xaa\x12\xb8\xc7\x3a\x85\xe1\xfc\x81\x75\x56\x14\xde\xf1\x47\x67\xeb\x61\x8b\x01\xf0\x21\x56\x7a\x4a\x61\x98\x7d\x36\x2c\x3c\xfc\x81\xe0\xa8\x8d\xbc\xc5\xd3\x38\x0f\xe4\x50\x90\x4f\x8d\x1f\x69\xef\x84\xbc\x4d\x82\x55\x0e\x5f\xc8\x09\x80\xbb\x1d\x6a\x49\x61\x78\xe5\x73\xbd\xc7\xa2\xb2\xf8\xf2\x96\xa5\x62\x41\xfa\x2f\x7a\x1d\xbc\xad\x4a\x6c\xed\xfa\x1f\x94\xd1\x63\x30\x0e\xa4\x0c\xc0\x1e\x3e\x21\x68\xe5\x80\xd5\x0e\x6d\x0d\x15\x23\xec\xc8\x97\x09\x6b\x8a\x33\x06\xa6\x54\x77\xc8\xa0\x5c\x31\xf2\x04\x84\xaa\x48\xbc\xb3\x35\x44\x53\x94\x71\x48\x3c\xf8\xf6\x49\xcd\x24\x49\x19\x92\xc2\x50\xab\x0e\xcb\x20\xf5\xc2\x50\x0a\x5f\xbe\x3e\x04\xbf\xd7\xa6\x8f\x8a\x9f\x3c\x75\x68\x44\xa4\x70\xf2\x25\xbf\xc9\x37\xd9\xe5\x76\x91\xbd\x9b\x5d\x5f\x6c\xb6\xeb\xec\xfd\x87\x7c\xb3\xbe\xf9\x7a\x42\xca\xe9\x3d\xd2\xa8\x34\x44\x9e\xb0\x48\xfa\x4c\xe9\x61\x7c\xfa\xe6\x74\xdc\x12\x2a\xba\xeb\x4d\x50\x92\x68\x24\x89\xba\xcf\x47\x52\x86\x5e\x86\x51\x57\x84\x49\xf0\x24\xe7\x93\xf1\xf4\x6c\xdc\xcb\xc6\x73\xb3\x28\x49\x20\xdc\x21\xc5\xce\xaa\x28\x08\x99\x93\x78\xe5\xf9\xfc\xe4\xcb\x6a\x9d\xbd\xcb\xd6\xeb\x6c\xb1\x9d\x2d\x16\xeb\x2c\xcf\xb7\x9b\x9b\x55\x96\x7f\x3d\x79\x92\xa7\x62\x6c\x2e\x09\x8b\x92\x8a\x8f\x6d\x7b\xc0\xe6\xc3\x12\x42\xf6\xb6\x8a\x57\xe1\x7c\x72\xc6\x3d\x84\x58\x4e\xb4\x09\x7b\xa4\x84\x2b\x23\xc8\xe7\x9b\x8b\x7c\x9b\xcd\x17\xcb\x2c\xbe\xf3\xd9\xf6\x8f\x0f\x9b\xe5\x76\x96\xe5\xdb\xe9\xd9\xeb\xed\xfb\xf9\xe5\x36\x5f\xce\x5e\xbd\xfd\xed\xff\xdf\x71\xeb\x17\xa1\x1e\xb1\x4d\xa6\x6f\xbf\xe1\xa6\x67\xaf\x9f\x63\x7b\x16\xd5\x61\x9b\x2f\x67\xf3\xe5\x6c\x3a\xde\xae\x3e\x5e\xdc\x4c\x5e\x8d\xcf\x9e\x22\xfb\x01\xd4\xba\x10\xcd\xa9\x48\x63\xe7\x8c\x63\xf0\xcf\x0a\x59\x7a\x31\x00\x1d\xaa\x14\x26\xe3\x71\xd9\x8b\x96\x58\x7a\xaa\x53\x78\x33\xbe\x34\x6d\x22\x1e\x45\x6f\x6a\x9a\x99\xdd\x8b\x04\xee\x54\xb7\xd3\xbd\xf2\x24\x91\xbb\x3b\x32\xf1\xe7\xe8\xc5\x6b\x6f\x53\xd8\xcc\x57\x1d\xc5\xaa\x30\x0e\x99\x57\xe4\x6f\xb1\x2b\x31\xd2\xbf\x47\xe9\xab\x0e\x4a\xf6\x29\x8c\x62\x55\xfd\x57\x3f\x73\x6c\xfa\x58\x13\x00\xeb\x3d\x46\xb5\xcb\xcd\x66\x95\x77\x32\xc6\x19\x31\xca\x2e\xd0\xaa\x3a\x47\xed\x5d\xc1\xcd\xfe\x6a\x09\x91\x8c\x2f\xda\xd4\xb4\x93\x12\x53\xa2\xaf\xa4\xcd\x4d\x3a\x39\xae\xb4\x46\xe6\xcd\x9e\x90\xf7\xde\x16\xfd\xec\x4e\x19\x5b\x11\x76\xb2\xaf\xda\xac\x35\x07\xfc\xc7\x4e\xc4\xa2\x5f\x60\xc4\xeb\x9f\x38\x31\x19\xff\x72\x2b\x8e\xbf\x9e\xb8\x48\xbd\x13\xfc\x2c\xfd\x69\x56\x45\xdc\x71\x6b\xef\xe5\x9d\xb1\xd8\xec\xd7\x14\x84\x2a\xec\xc2\x2a\x37\xe3\x2b\xef\x22\xec\xe9\xe4\x35\x23\x1d\x6f\x40\xf7\x73\x94\xb5\xfe\xd3\x8a\xcc\xc1\x58\xbc\xc3\x8c\xb5\xb2\xc7\xb5\x9b\xc2\x4e\x59\xfe\xce\xd1\x6c\x97\xcb\xb8\x52\x9e\xb8\x19\x8f\x57\x01\x34\xcb\x67\xd5\x1c\x59\xfc\xcf\xfe\x1d\x00\x00\xff\xff\xd7\x9f\xb6\x0a\x32\x0a\x00\x00") func metricsServerMetricsServerDeploymentYamlBytes() ([]byte, error) { return bindataRead( diff --git a/scripts/airgap/image-list.txt b/scripts/airgap/image-list.txt index 24bb9ae046c4..9d1fce45495a 100644 --- a/scripts/airgap/image-list.txt +++ b/scripts/airgap/image-list.txt @@ -4,5 +4,5 @@ docker.io/rancher/local-path-provisioner:v0.0.26 docker.io/rancher/mirrored-coredns-coredns:1.10.1 docker.io/rancher/mirrored-library-busybox:1.36.1 docker.io/rancher/mirrored-library-traefik:2.10.5 -docker.io/rancher/mirrored-metrics-server:v0.6.3 +docker.io/rancher/mirrored-metrics-server:v0.7.0 docker.io/rancher/mirrored-pause:3.6 From 8ba2aa1642cc1c4e67316b123f34b6bbada9f14c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 7 Mar 2024 19:38:19 +0000 Subject: [PATCH 22/22] Warn and suppress duplicate registry mirror endpoints Signed-off-by: Brad Davidson --- pkg/agent/containerd/config.go | 6 +++ pkg/agent/containerd/config_test.go | 80 +++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/pkg/agent/containerd/config.go b/pkg/agent/containerd/config.go index 760b5d5a28b7..23199ee3a711 100644 --- a/pkg/agent/containerd/config.go +++ b/pkg/agent/containerd/config.go @@ -99,6 +99,9 @@ func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirro } } + // track which endpoints we've already seen to avoid creating duplicates + seenEndpoint := map[string]bool{} + // TODO: rewrites are currently copied from the mirror settings into each endpoint. // In the future, we should allow for per-endpoint rewrites, instead of expecting // all mirrors to have the same structure. This will require changes to the registries.yaml @@ -107,7 +110,10 @@ func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirro registryName, url, override, err := normalizeEndpointAddress(endpoint, mirrorAddr) if err != nil { logrus.Warnf("Ignoring invalid endpoint URL %d=%s for %s: %v", i, endpoint, host, err) + } else if _, ok := seenEndpoint[url.String()]; ok { + logrus.Warnf("Skipping duplicate endpoint URL %d=%s for %s", i, endpoint, host) } else { + seenEndpoint[url.String()] = true var rewrites map[string]string // Do not apply rewrites to the embedded registry endpoint if url.Host != mirrorAddr { diff --git a/pkg/agent/containerd/config_test.go b/pkg/agent/containerd/config_test.go index 915f404d2974..7fc1dd897135 100644 --- a/pkg/agent/containerd/config_test.go +++ b/pkg/agent/containerd/config_test.go @@ -475,6 +475,86 @@ func Test_UnitGetHostConfigs(t *testing.T) { }, }, }, + { + name: "registry with mirror endpoint - duplicate endpoints", + args: args{ + registryContent: ` + mirrors: + docker.io: + endpoint: + - registry.example.com + - registry.example.com + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, + Endpoints: []templates.RegistryEndpoint{ + { + URL: u("https://registry.example.com/v2"), + }, + }, + }, + }, + }, + { + name: "registry with mirror endpoint - duplicate endpoints in different formats", + args: args{ + registryContent: ` + mirrors: + docker.io: + endpoint: + - registry.example.com + - https://registry.example.com + - https://registry.example.com/v2 + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, + Endpoints: []templates.RegistryEndpoint{ + { + URL: u("https://registry.example.com/v2"), + }, + }, + }, + }, + }, + { + name: "registry with mirror endpoint - duplicate endpoints in different positions", + args: args{ + registryContent: ` + mirrors: + docker.io: + endpoint: + - https://registry.example.com + - https://registry.example.org + - https://registry.example.com + `, + }, + want: HostConfigs{ + "docker.io": templates.HostConfig{ + Program: "k3s", + Default: &templates.RegistryEndpoint{ + URL: u("https://registry-1.docker.io/v2"), + }, + Endpoints: []templates.RegistryEndpoint{ + { + URL: u("https://registry.example.com/v2"), + }, + { + URL: u("https://registry.example.org/v2"), + }, + }, + }, + }, + }, { name: "registry with mirror endpoint - localhost and port only", args: args{