diff --git a/Makefile b/Makefile index 96f0825..62b0471 100644 --- a/Makefile +++ b/Makefile @@ -123,7 +123,7 @@ verify-mocks: mocks ## Verify if mocks need to be updated fi $(CONTROLLER_GEN): $(TOOLS_BIN_DIR) # Build controller-gen from tools folder. - GOBIN=$(ABS_TOOLS_BIN_DIR) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.4 + GOBIN=$(ABS_TOOLS_BIN_DIR) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.5 $(CONVERSION_GEN): $(TOOLS_BIN_DIR) GOBIN=$(ABS_TOOLS_BIN_DIR) go install k8s.io/code-generator/cmd/conversion-gen@v0.26.0 diff --git a/config/crd/bases/etcdcluster.cluster.x-k8s.io_etcdadmclusters.yaml b/config/crd/bases/etcdcluster.cluster.x-k8s.io_etcdadmclusters.yaml index 1a66482..b563c80 100644 --- a/config/crd/bases/etcdcluster.cluster.x-k8s.io_etcdadmclusters.yaml +++ b/config/crd/bases/etcdcluster.cluster.x-k8s.io_etcdadmclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.16.5 name: etcdadmclusters.etcdcluster.cluster.x-k8s.io spec: group: etcdcluster.cluster.x-k8s.io @@ -20,14 +20,19 @@ spec: description: EtcdadmCluster is the Schema for the etcdadmclusters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -71,11 +76,10 @@ spec: container setting for bottlerocket. properties: essential: - description: Essential decides whether or not the container - should fail the boot process. Bootstrap containers - configured with essential = true will stop the boot - process if they exit code is a non-zero value. Default - is false. + description: |- + Essential decides whether or not the container should fail the boot process. + Bootstrap containers configured with essential = true will stop the boot process if they exit code is a non-zero value. + Default is false. type: boolean image: description: Image is the actual image used for Bottlerocket @@ -171,9 +175,9 @@ spec: type: object type: array cipherSuites: - description: CipherSuites is a list of comma-delimited supported - TLS cipher suites, mapping to the --cipher-suites flag. Default - is empty, which means that they will be auto-populated by Go. + description: |- + CipherSuites is a list of comma-delimited supported TLS cipher suites, mapping to the --cipher-suites flag. + Default is empty, which means that they will be auto-populated by Go. type: string cloudInitConfig: description: CloudInitConfig specifies the configuration for the @@ -204,27 +208,33 @@ spec: in cloud-init. properties: append: - description: Append specifies whether to append Content + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the file. + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -234,7 +244,7 @@ spec: - secret type: object encoding: - description: Encoding specifies the encoding of the file + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -242,16 +252,22 @@ spec: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path @@ -268,12 +284,15 @@ spec: description: NTP specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postEtcdadmCommands: @@ -289,8 +308,9 @@ spec: type: string type: array proxy: - description: Proxy holds the https and no proxy information This - is only used for bottlerocket + description: |- + Proxy holds the https and no proxy information + This is only used for bottlerocket properties: httpProxy: description: HTTP Proxy @@ -305,7 +325,8 @@ spec: type: array type: object registryMirror: - description: RegistryMirror holds the image registry mirror information + description: |- + RegistryMirror holds the image registry mirror information This is only used for bottlerocket properties: caCert: @@ -323,46 +344,60 @@ spec: cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups for + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory to use + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark the user + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password for the + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of passwd + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -372,20 +407,29 @@ spec: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary group for + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name @@ -393,40 +437,47 @@ spec: type: array type: object infrastructureTemplate: - description: InfrastructureTemplate is a required reference to a custom - resource offered by an infrastructure provider. + description: |- + InfrastructureTemplate is a required reference to a custom resource + offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -446,48 +497,48 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: + - lastTransitionTime - status - type type: object type: array creationComplete: - description: CreationComplete gets set to true once the etcd cluster - is created. Its value never changes after that. It is used as a - way to indicate that the periodic healthcheck loop can be run for - the particular etcd cluster. + description: |- + CreationComplete gets set to true once the etcd cluster is created. Its value never changes after that. + It is used as a way to indicate that the periodic healthcheck loop can be run for the particular etcd cluster. type: boolean endpoints: type: string @@ -506,16 +557,18 @@ spec: requests or not. type: boolean replicas: - description: Total number of non-terminated machines targeted by this - etcd cluster (their labels match the selector). + description: |- + Total number of non-terminated machines targeted by this etcd cluster + (their labels match the selector). format: int32 type: integer selector: - description: 'Selector is the label selector in string format to avoid - introspection by clients, and is used to provide the CRD-based integration - for the scale subresource and additional integrations for things - like kubectl describe.. The string will be in the same format as - the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + description: |- + Selector is the label selector in string format to avoid introspection + by clients, and is used to provide the CRD-based integration for the + scale subresource and additional integrations for things like kubectl + describe.. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string type: object type: object @@ -529,14 +582,19 @@ spec: description: EtcdadmCluster is the Schema for the etcdadmclusters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -580,11 +638,10 @@ spec: container setting for bottlerocket. properties: essential: - description: Essential decides whether or not the container - should fail the boot process. Bootstrap containers - configured with essential = true will stop the boot - process if they exit code is a non-zero value. Default - is false. + description: |- + Essential decides whether or not the container should fail the boot process. + Bootstrap containers configured with essential = true will stop the boot process if they exit code is a non-zero value. + Default is false. type: boolean image: description: Image is the actual image used for Bottlerocket @@ -680,9 +737,9 @@ spec: type: object type: array cipherSuites: - description: CipherSuites is a list of comma-delimited supported - TLS cipher suites, mapping to the --cipher-suites flag. Default - is empty, which means that they will be auto-populated by Go. + description: |- + CipherSuites is a list of comma-delimited supported TLS cipher suites, mapping to the --cipher-suites flag. + Default is empty, which means that they will be auto-populated by Go. type: string cloudInitConfig: description: CloudInitConfig specifies the configuration for the @@ -713,27 +770,33 @@ spec: in cloud-init. properties: append: - description: Append specifies whether to append Content + description: append specifies whether to append Content to existing file if Path exists. type: boolean content: - description: Content is the actual content of the file. + description: content is the actual content of the file. + maxLength: 10240 + minLength: 1 type: string contentFrom: - description: ContentFrom is a referenced source of content + description: contentFrom is a referenced source of content to populate the file. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this file. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -743,7 +806,7 @@ spec: - secret type: object encoding: - description: Encoding specifies the encoding of the file + description: encoding specifies the encoding of the file contents. enum: - base64 @@ -751,16 +814,22 @@ spec: - gzip+base64 type: string owner: - description: Owner specifies the ownership of the file, + description: owner specifies the ownership of the file, e.g. "root:root". + maxLength: 256 + minLength: 1 type: string path: - description: Path specifies the full path on disk where + description: path specifies the full path on disk where to store the file. + maxLength: 512 + minLength: 1 type: string permissions: - description: Permissions specifies the permissions to assign + description: permissions specifies the permissions to assign to the file, e.g. "0640". + maxLength: 16 + minLength: 1 type: string required: - path @@ -777,12 +846,15 @@ spec: description: NTP specifies NTP configuration properties: enabled: - description: Enabled specifies whether NTP should be enabled + description: enabled specifies whether NTP should be enabled type: boolean servers: - description: Servers specifies which NTP servers to use + description: servers specifies which NTP servers to use items: + maxLength: 512 + minLength: 1 type: string + maxItems: 100 type: array type: object postEtcdadmCommands: @@ -798,8 +870,9 @@ spec: type: string type: array proxy: - description: Proxy holds the https and no proxy information This - is only used for bottlerocket + description: |- + Proxy holds the https and no proxy information + This is only used for bottlerocket properties: httpProxy: description: HTTP Proxy @@ -814,7 +887,8 @@ spec: type: array type: object registryMirror: - description: RegistryMirror holds the image registry mirror information + description: |- + RegistryMirror holds the image registry mirror information This is only used for bottlerocket properties: caCert: @@ -832,46 +906,60 @@ spec: cloud-init. properties: gecos: - description: Gecos specifies the gecos to use for the user + description: gecos specifies the gecos to use for the user + maxLength: 256 + minLength: 1 type: string groups: - description: Groups specifies the additional groups for + description: groups specifies the additional groups for the user + maxLength: 256 + minLength: 1 type: string homeDir: - description: HomeDir specifies the home directory to use + description: homeDir specifies the home directory to use for the user + maxLength: 256 + minLength: 1 type: string inactive: - description: Inactive specifies whether to mark the user + description: inactive specifies whether to mark the user as inactive type: boolean lockPassword: - description: LockPassword specifies if password login should + description: lockPassword specifies if password login should be disabled type: boolean name: - description: Name specifies the user name + description: name specifies the user name + maxLength: 256 + minLength: 1 type: string passwd: - description: Passwd specifies a hashed password for the + description: passwd specifies a hashed password for the user + maxLength: 256 + minLength: 1 type: string passwdFrom: - description: PasswdFrom is a referenced source of passwd + description: passwdFrom is a referenced source of passwd to populate the passwd. properties: secret: - description: Secret represents a secret that should + description: secret represents a secret that should populate this password. properties: key: - description: Key is the key in the secret's data + description: key is the key in the secret's data map for this value. + maxLength: 256 + minLength: 1 type: string name: - description: Name of the secret in the KubeadmBootstrapConfig's + description: name of the secret in the KubeadmBootstrapConfig's namespace to use. + maxLength: 253 + minLength: 1 type: string required: - key @@ -881,20 +969,29 @@ spec: - secret type: object primaryGroup: - description: PrimaryGroup specifies the primary group for + description: primaryGroup specifies the primary group for the user + maxLength: 256 + minLength: 1 type: string shell: - description: Shell specifies the user's shell + description: shell specifies the user's shell + maxLength: 256 + minLength: 1 type: string sshAuthorizedKeys: - description: SSHAuthorizedKeys specifies a list of ssh authorized + description: sshAuthorizedKeys specifies a list of ssh authorized keys for the user items: + maxLength: 2048 + minLength: 1 type: string + maxItems: 100 type: array sudo: - description: Sudo specifies a sudo role for the user + description: sudo specifies a sudo role for the user + maxLength: 256 + minLength: 1 type: string required: - name @@ -902,40 +999,47 @@ spec: type: array type: object infrastructureTemplate: - description: InfrastructureTemplate is a required reference to a custom - resource offered by an infrastructure provider. + description: |- + InfrastructureTemplate is a required reference to a custom resource + offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -955,37 +1059,44 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -994,10 +1105,9 @@ spec: type: object type: array creationComplete: - description: CreationComplete gets set to true once the etcd cluster - is created. Its value never changes after that. It is used as a - way to indicate that the periodic healthcheck loop can be run for - the particular etcd cluster. + description: |- + CreationComplete gets set to true once the etcd cluster is created. Its value never changes after that. + It is used as a way to indicate that the periodic healthcheck loop can be run for the particular etcd cluster. type: boolean endpoints: type: string @@ -1016,16 +1126,18 @@ spec: requests or not. type: boolean replicas: - description: Total number of non-terminated machines targeted by this - etcd cluster (their labels match the selector). + description: |- + Total number of non-terminated machines targeted by this etcd cluster + (their labels match the selector). format: int32 type: integer selector: - description: 'Selector is the label selector in string format to avoid - introspection by clients, and is used to provide the CRD-based integration - for the scale subresource and additional integrations for things - like kubectl describe.. The string will be in the same format as - the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + description: |- + Selector is the label selector in string format to avoid introspection + by clients, and is used to provide the CRD-based integration for the + scale subresource and additional integrations for things like kubectl + describe.. The string will be in the same format as the query-param syntax. + More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors type: string type: object type: object diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 197a8de..772c5c7 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -33,8 +33,14 @@ spec: - /manager args: - --enable-leader-election + - --diagnostics-address=:8443 + - --insecure-diagnostics=false image: ${ETCDADM_CONTROLLER_IMAGE} name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP resources: limits: cpu: 200m diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 70643ab..64c630d 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -18,6 +18,18 @@ rules: - patch - update - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create - apiGroups: - bootstrap.cluster.x-k8s.io resources: diff --git a/go.mod b/go.mod index ef51279..5d78047 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/onsi/ginkgo/v2 v2.23.4 github.com/onsi/gomega v1.38.0 github.com/pkg/errors v0.9.1 + github.com/spf13/pflag v1.0.7 go.etcd.io/etcd/api/v3 v3.5.22 go.etcd.io/etcd/client/v3 v3.5.22 k8s.io/api v0.33.3 @@ -21,22 +22,28 @@ require ( k8s.io/client-go v0.33.3 k8s.io/klog/v2 v2.130.1 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 - sigs.k8s.io/cluster-api v1.6.0 + sigs.k8s.io/cluster-api v1.11.1 sigs.k8s.io/controller-runtime v0.21.0 sigs.k8s.io/etcdadm v0.1.5 ) require ( + cel.dev/expr v0.19.1 // indirect + github.com/NYTimes/gziphandler v1.1.1 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -46,12 +53,16 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect + github.com/google/cel-go v0.23.2 // indirect github.com/google/gnostic-models v0.6.9 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -61,15 +72,24 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/satori/go.uuid v1.2.0 // indirect - github.com/spf13/pflag v1.0.7 // indirect + github.com/spf13/cobra v1.9.1 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect github.com/x448/float16 v0.8.4 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.22 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.34.0 // indirect + go.opentelemetry.io/otel/sdk v1.34.0 // indirect go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.42.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect golang.org/x/sync v0.16.0 // indirect @@ -90,6 +110,7 @@ require ( k8s.io/cluster-bootstrap v0.33.3 // indirect k8s.io/component-base v0.33.3 // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect diff --git a/go.sum b/go.sum index 1fe3a46..6d6ea5e 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -53,6 +55,7 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -84,6 +87,7 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -157,7 +161,6 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.6/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -264,6 +267,7 @@ github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoG github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -278,6 +282,7 @@ github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= diff --git a/main.go b/main.go index 298576a..589916e 100644 --- a/main.go +++ b/main.go @@ -25,14 +25,15 @@ import ( "time" etcdbp "github.com/aws/etcdadm-bootstrap-provider/api/v1beta1" + "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" + capiflags "sigs.k8s.io/cluster-api/util/flags" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/log/zap" - "sigs.k8s.io/controller-runtime/pkg/metrics/server" etcdclusterv1alpha3 "github.com/aws/etcdadm-controller/api/v1alpha3" etcdclusterv1beta1 "github.com/aws/etcdadm-controller/api/v1beta1" @@ -41,9 +42,11 @@ import ( ) var ( - scheme = runtime.NewScheme() - setupLog = ctrl.Log.WithName("setup") - watchNamespace string + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") + watchNamespace string + managerOptions capiflags.ManagerOptions + enableLeaderElection bool ) func init() { @@ -56,28 +59,35 @@ func init() { // +kubebuilder:scaffold:scheme } +// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create +// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create func main() { - var metricsAddr string - var enableLeaderElection bool var maxConcurrentReconciles int var healthcheckInterval int - flag.StringVar(&metricsAddr, "metrics-addr", "localhost:8080", "The address the metric endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, + + pflag.CommandLine.AddGoFlagSet(flag.CommandLine) + capiflags.AddManagerOptions(pflag.CommandLine, &managerOptions) + + pflag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") - flag.StringVar(&watchNamespace, "namespace", "", + pflag.StringVar(&watchNamespace, "namespace", "", "Namespace that the controller watches to reconcile etcdadmCluster objects. If unspecified, the controller watches for objects across all namespaces.") - flag.IntVar(&maxConcurrentReconciles, "max-concurrent-reconciles", 10, "The maximum number of concurrent etcdadm-controller reconciles.") - flag.IntVar(&healthcheckInterval, "healthcheck-interval", 30, "The time interval between each healthcheck loop in seconds.") - flag.Parse() + pflag.IntVar(&maxConcurrentReconciles, "max-concurrent-reconciles", 10, "The maximum number of concurrent etcdadm-controller reconciles.") + pflag.IntVar(&healthcheckInterval, "healthcheck-interval", 30, "The time interval between each healthcheck loop in seconds.") + pflag.Parse() ctrl.SetLogger(zap.New(zap.UseDevMode(true))) + _, metricsServerOpts, err := capiflags.GetManagerOptions(managerOptions) + if err != nil { + setupLog.Error(err, "Unable to start manager: invalid metrics server flags") + os.Exit(1) + } + opts := ctrl.Options{ - Scheme: scheme, - Metrics: server.Options{ - BindAddress: metricsAddr, - }, + Scheme: scheme, + Metrics: *metricsServerOpts, LeaderElection: enableLeaderElection, LeaderElectionID: "cc88008e.cluster.x-k8s.io", }