Skip to content

feat: Add ambient mode support to profile-controller #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: Add ambient mode support to profile-controller #127

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2ecf65c
feat: Add ambient mode support to profile-controller
madmecodes Jul 15, 2025
b333928
update: review changes
madmecodes Aug 19, 2025
7c8ab38
update: variable load test fix
madmecodes Aug 26, 2025
a8b460b
update: Keep Variable Substitution Where It Works
madmecodes Aug 26, 2025
2f50157
update: review comments changes
madmecodes Aug 26, 2025
c5a9989
update: function used in pipeline test
madmecodes Aug 26, 2025
063d073
updated profile controller tests to use setNamespaceLabelsAndServiceMesh
madmecodes Aug 26, 2025
29274e3
feat: complete ambient mode support with HTTPRoute fixes
madmecodes Sep 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions components/profile-controller/config/manager/manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ spec:
- $(USERID_PREFIX)
- "-workload-identity"
- $(WORKLOAD_IDENTITY)
- "-service-mesh-mode"
- $(SERVICE_MESH_MODE)
- "-gateway-name"
- $(GATEWAY_NAME)
- "-gateway-namespace"
- $(GATEWAY_NAMESPACE)
Copy link
Contributor

@orfeas-k orfeas-k Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the code, the gateway and gateway-namespace are not used at all. The HTTPRoute is applied during deployment (instead of a VirtualService) and not by the profile-controller binary AFAIK.

The AuthorizationPolicy that the profile-controller already creates is what needs to be changed to secure profile namespaces in Istio ambient mode. To achieve this, it needs to be attached to a waypoint, since this is an L7 AuthorizationPolicy (see this example).

This is done using a targetRef instead of a selector. The targetRef in that case is indeed of kind: Gateway but the gateway has a gateway-class: waypoint. Thus, using the waypoint naming in the code is more clear, since it actually targets a different resource than the HTTPRoute.

envFrom:
- configMapRef:
name: config
Expand Down
14 changes: 14 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/authorizationpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: profiles-kfam
spec:
action: ALLOW
rules:
- from:
- source:
principals:
- cluster.local/ns/kubeflow/sa/centraldashboard
selector:
matchLabels:
kustomize.component: profiles
30 changes: 30 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/httproute.yaml
View file
Open in desktop
Copy link
Contributor

@orfeas-k orfeas-k Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I tried to apply this I got

The HTTPRoute "profiles-kfam" is invalid: 
* spec.hostnames[0]: Invalid value: "*": spec.hostnames[0] in body should match '^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
* spec.parentRefs[0].namespace: Invalid value: "$(GATEWAY_NAMESPACE)": spec.parentRefs[0].namespace in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
* spec.rules[0].backendRefs[0].namespace: Invalid value: "$(PROFILES_NAMESPACE)": spec.rules[0].backendRefs[0].namespace in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'

Copy link
Contributor Author

@madmecodes madmecodes Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I tried to apply this I got

The HTTPRoute "profiles-kfam" is invalid: 
* spec.hostnames[0]: Invalid value: "*": spec.hostnames[0] in body should match '^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
* spec.parentRefs[0].namespace: Invalid value: "$(GATEWAY_NAMESPACE)": spec.parentRefs[0].namespace in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
* spec.rules[0].backendRefs[0].namespace: Invalid value: "$(PROFILES_NAMESPACE)": spec.rules[0].backendRefs[0].namespace in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'

i tried, some issue in injecting variable values, if i harcode them like this they work and are installed,

- $(GATEWAY_NAMESPACE) to istio-system
- $(PROFILES_NAMESPACE) to kubeflow

this is how i am installing:

  1. kind create cluster --name profile-controller-test
  2. kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
  3. kustomize build /Users/themadme/gsoc/manifests/common/istio/istio-crds/base | kubectl apply -f -

Finally:
kustomize build config/overlays/kubeflow-ambient | kubectl apply --dry-run=client -f -
Result: All Resources Validated Successfully

Am i missing anything?

Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: profiles-kfam
spec:
parentRefs:
- name: $(GATEWAY_NAME)
namespace: $(GATEWAY_NAMESPACE)
hostnames:
- '*'
rules:
- matches:
- path:
type: PathPrefix
value: /kfam/
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
add:
- name: x-forwarded-prefix
value: /kfam
- type: URLRewrite
urlRewrite:
path:
type: ReplacePrefixMatch
replacePrefixMatch: /kfam/
backendRefs:
- name: profiles-kfam
namespace: $(PROFILES_NAMESPACE)
port: 8081
47 changes: 47 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../base
- service.yaml
- httproute.yaml
- authorizationpolicy.yaml

commonLabels:
kustomize.component: profiles

patchesStrategicMerge:
- patches/kfam.yaml
- patches/manager.yaml
- patches/remove-namespace.yaml

configurations:
- params.yaml

vars:
- name: PROFILES_NAMESPACE
fieldref:
fieldpath: metadata.namespace
objref:
name: profiles-kfam
kind: Service
apiVersion: v1
- name: GATEWAY_NAME
fieldref:
fieldpath: spec.parentRefs[0].name
objref:
name: profiles-kfam
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
- name: GATEWAY_NAMESPACE
fieldref:
fieldpath: spec.parentRefs[0].namespace
objref:
name: profiles-kfam
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1

images:
- name: ghcr.io/kubeflow/kubeflow/kfam
newName: ghcr.io/kubeflow/kubeflow/kfam
newTag: latest
3 changes: 3 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/params.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
varReference:
- path: spec/http/route/destination/host
kind: VirtualService
45 changes: 45 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/patches/kfam.yaml
View file
Open in desktop
Copy link
Contributor

@orfeas-k orfeas-k Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I 'm not too familiar with overlays but I think we should be able split the kubeflow to two flavours in order to avoid manifests duplication and only change what's needed in sidecar and ambient.

Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
metadata:
labels:
sidecar.istio.io/inject: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- command:
- /access-management
- "-cluster-admin"
- $(ADMIN)
- "-userid-header"
- $(USERID_HEADER)
- "-userid-prefix"
- $(USERID_PREFIX)
envFrom:
- configMapRef:
name: config
image: ghcr.io/kubeflow/kubeflow/kfam
imagePullPolicy: IfNotPresent
name: kfam
livenessProbe:
httpGet:
path: /metrics
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
ports:
- containerPort: 8081
name: kfam-http
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
serviceAccountName: controller-service-account
16 changes: 16 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/patches/manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: manager
env:
- name: SERVICE_MESH_MODE
value: ambient
- name: GATEWAY_NAME
value: kubeflow-gateway
- name: GATEWAY_NAMESPACE
Copy link
Contributor

@orfeas-k orfeas-k Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other environment variables are being fetched from the generated configmap which is generated here https://github.com/madmecodes/dashboard/blob/2ecf65c9c42aaf4ccdbbc5913c18ac78899982fe/components/profile-controller/config/manager/kustomization.yaml#L5-L14. To keep a single source of truth and ensure those manifests are configurable from a higher level, it 'd be nice to follow what's already done.

value: istio-system
5 changes: 5 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/patches/remove-namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
$patch: delete
apiVersion: v1
kind: Namespace
metadata:
name: system
7 changes: 7 additions & 0 deletions components/profile-controller/config/overlays/kubeflow-ambient/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: profiles-kfam
spec:
ports:
- port: 8081
35 changes: 29 additions & 6 deletions components/profile-controller/controllers/profile_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ type ProfileReconciler struct {
UserIdPrefix string
WorkloadIdentity string
DefaultNamespaceLabelsPath string
ServiceMeshMode string
GatewayName string
GatewayNamespace string
}

// +kubebuilder:rbac:groups=core,resources=namespaces,verbs="*"
Expand Down Expand Up @@ -127,13 +130,20 @@ func (r *ProfileReconciler) Reconcile(ctx context.Context, request ctrl.Request)
ns := &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{"owner": instance.Spec.Owner.Name},
// inject istio sidecar to all pods in target namespace by default.
Labels: map[string]string{
istioInjectionLabel: "enabled",
},
Name: instance.Name,
Labels: map[string]string{},
Name: instance.Name,
},
}

// Set istio-injection label based on service mesh mode
if r.ServiceMeshMode == "ambient" {
// In ambient mode, disable sidecar injection but enable ambient mesh
Copy link
Contributor

@orfeas-k orfeas-k Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of including this if statement twice in the code, I think we could leverage the existing setNamespaceLabels() calls, by probably creating a new object including istio labels + defaultKubeflowNamespaceLabels and passing this to those calls.

ns.Labels[istioInjectionLabel] = "disabled"
ns.Labels["istio.io/dataplane-mode"] = "ambient"
} else {
// In sidecar mode (default), inject istio sidecar to all pods in target namespace
ns.Labels[istioInjectionLabel] = "enabled"
}
setNamespaceLabels(ns, defaultKubeflowNamespaceLabels)
logger.Info("List of labels to be added to namespace", "labels", ns.Labels)
if err := controllerutil.SetControllerReference(instance, ns, r.Scheme); err != nil {
Expand Down Expand Up @@ -178,8 +188,21 @@ func (r *ProfileReconciler) Reconcile(ctx context.Context, request ctrl.Request)
for k, v := range foundNs.Labels {
oldLabels[k] = v
}

// Apply service mesh mode labels to existing namespace
if r.ServiceMeshMode == "ambient" {
// In ambient mode, disable sidecar injection but enable ambient mesh
foundNs.Labels[istioInjectionLabel] = "disabled"
foundNs.Labels["istio.io/dataplane-mode"] = "ambient"
} else {
// In sidecar mode (default), inject istio sidecar to all pods in target namespace
foundNs.Labels[istioInjectionLabel] = "enabled"
// Remove ambient mode label if it exists
delete(foundNs.Labels, "istio.io/dataplane-mode")
}

setNamespaceLabels(foundNs, defaultKubeflowNamespaceLabels)
logger.Info("List of labels to be added to found namespace", "labels", ns.Labels)
logger.Info("List of labels to be added to found namespace", "labels", foundNs.Labels)
if !reflect.DeepEqual(oldLabels, foundNs.Labels) {
err = r.Update(ctx, foundNs)
if err != nil {
Expand Down
13 changes: 7 additions & 6 deletions components/profile-controller/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@ require (
gopkg.in/yaml.v2 v2.4.0
istio.io/api v0.0.0-20220525153140-e3c48c9ac324
istio.io/client-go v1.13.4
k8s.io/api v0.24.0
k8s.io/apimachinery v0.24.0
k8s.io/client-go v0.24.0
k8s.io/api v0.24.1
k8s.io/apimachinery v0.24.1
k8s.io/client-go v0.24.1
sigs.k8s.io/controller-runtime v0.12.1
sigs.k8s.io/gateway-api v0.5.1
)

require (
Expand Down Expand Up @@ -50,7 +51,7 @@ require (
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.5 // indirect
github.com/google/go-cmp v0.5.6 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/googleapis/gax-go/v2 v2.0.5 // indirect
Expand Down Expand Up @@ -89,8 +90,8 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/apiextensions-apiserver v0.24.0 // indirect
k8s.io/component-base v0.24.0 // indirect
k8s.io/apiextensions-apiserver v0.24.1 // indirect
k8s.io/component-base v0.24.1 // indirect
k8s.io/klog/v2 v2.60.1 // indirect
k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
Expand Down
32 changes: 16 additions & 16 deletions components/profile-controller/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
Expand Down Expand Up @@ -240,8 +239,9 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
Expand Down Expand Up @@ -528,7 +528,6 @@ go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
Expand Down Expand Up @@ -980,21 +979,21 @@ istio.io/client-go v1.13.4/go.mod h1:kM3WH/HCojq7BhCD894SZuaAXUKMswT+VQRaEEhTGj0
istio.io/gogo-genproto v0.0.0-20211208193508-5ab4acc9eb1e/go.mod h1:vJDAniIqryf/z///fgZqVPKJ7N2lBk7Gg8DCTB7oCfU=
k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
k8s.io/api v0.23.1/go.mod h1:WfXnOnwSqNtG62Y1CdjoMxh7r7u9QXGCkA1u0na2jgo=
k8s.io/api v0.24.0 h1:J0hann2hfxWr1hinZIDefw7Q96wmCBx6SSB8IY0MdDg=
k8s.io/api v0.24.0/go.mod h1:5Jl90IUrJHUJYEMANRURMiVvJ0g7Ax7r3R1bqO8zx8I=
k8s.io/apiextensions-apiserver v0.24.0 h1:JfgFqbA8gKJ/uDT++feAqk9jBIwNnL9YGdQvaI9DLtY=
k8s.io/apiextensions-apiserver v0.24.0/go.mod h1:iuVe4aEpe6827lvO6yWQVxiPSpPoSKVjkq+MIdg84cM=
k8s.io/api v0.24.1 h1:BjCMRDcyEYz03joa3K1+rbshwh1Ay6oB53+iUx2H8UY=
k8s.io/api v0.24.1/go.mod h1:JhoOvNiLXKTPQ60zh2g0ewpA+bnEYf5q44Flhquh4vQ=
k8s.io/apiextensions-apiserver v0.24.1 h1:5yBh9+ueTq/kfnHQZa0MAo6uNcPrtxPMpNQgorBaKS0=
k8s.io/apiextensions-apiserver v0.24.1/go.mod h1:A6MHfaLDGfjOc/We2nM7uewD5Oa/FnEbZ6cD7g2ca4Q=
k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
k8s.io/apimachinery v0.23.1/go.mod h1:SADt2Kl8/sttJ62RRsi9MIV4o8f5S3coArm0Iu3fBno=
k8s.io/apimachinery v0.24.0 h1:ydFCyC/DjCvFCHK5OPMKBlxayQytB8pxy8YQInd5UyQ=
k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
k8s.io/apiserver v0.24.0/go.mod h1:WFx2yiOMawnogNToVvUYT9nn1jaIkMKj41ZYCVycsBA=
k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I=
k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
k8s.io/apiserver v0.24.1/go.mod h1:dQWNMx15S8NqJMp0gpYfssyvhYnkilc1LpExd/dkLh0=
k8s.io/client-go v0.23.1/go.mod h1:6QSI8fEuqD4zgFK0xbdwfB/PthBsIxCJMa3s17WlcO0=
k8s.io/client-go v0.24.0 h1:lbE4aB1gTHvYFSwm6eD3OF14NhFDKCejlnsGYlSJe5U=
k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw=
k8s.io/code-generator v0.24.0/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
k8s.io/component-base v0.24.0 h1:h5jieHZQoHrY/lHG+HyrSbJeyfuitheBvqvKwKHVC0g=
k8s.io/component-base v0.24.0/go.mod h1:Dgazgon0i7KYUsS8krG8muGiMVtUZxG037l1MKyXgrA=
k8s.io/client-go v0.24.1 h1:w1hNdI9PFrzu3OlovVeTnf4oHDt+FJLd9Ndluvnb42E=
k8s.io/client-go v0.24.1/go.mod h1:f1kIDqcEYmwXS/vTbbhopMUbhKp2JhOeVTfxgaCIlF8=
k8s.io/code-generator v0.24.1/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
k8s.io/component-base v0.24.1 h1:APv6W/YmfOWZfo+XJ1mZwep/f7g7Tpwvdbo9CQLDuts=
k8s.io/component-base v0.24.1/go.mod h1:DW5vQGYVCog8WYpNob3PMmmsY8A3L9QZNg4j/dV3s38=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
Expand All @@ -1007,7 +1006,6 @@ k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClC
k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
Expand All @@ -1016,6 +1014,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
sigs.k8s.io/controller-runtime v0.12.1 h1:4BJY01xe9zKQti8oRjj/NeHKRXthf1YkYJAgLONFFoI=
sigs.k8s.io/controller-runtime v0.12.1/go.mod h1:BKhxlA4l7FPK4AQcsuL4X6vZeWnKDXez/vp1Y8dxTU0=
sigs.k8s.io/gateway-api v0.5.1 h1:EqzgOKhChzyve9rmeXXbceBYB6xiM50vDfq0kK5qpdw=
sigs.k8s.io/gateway-api v0.5.1/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
Expand Down
Loading
Loading