diff --git a/go.mod b/go.mod index 1b14d3be2..f2ab070a1 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( k8s.io/apimachinery v0.23.5 k8s.io/client-go v0.23.5 k8s.io/klog/v2 v2.60.1 - sigs.k8s.io/controller-runtime v0.11.1 + sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20220104140252-e52a8b1fba62 sigs.k8s.io/controller-tools v0.8.0 sigs.k8s.io/kustomize/kustomize/v4 v4.5.3 @@ -210,15 +210,15 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect helm.sh/helm/v3 v3.6.2 // indirect - k8s.io/apiextensions-apiserver v0.23.3 // indirect - k8s.io/apiserver v0.23.3 // indirect + k8s.io/apiextensions-apiserver v0.23.5 // indirect + k8s.io/apiserver v0.23.5 // indirect k8s.io/cli-runtime v0.23.3 // indirect - k8s.io/component-base v0.23.3 // indirect + k8s.io/component-base v0.23.5 // indirect k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect k8s.io/kubectl v0.23.3 // indirect k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect rsc.io/letsencrypt v0.0.3 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect sigs.k8s.io/kubebuilder/v3 v3.3.0 // indirect sigs.k8s.io/kustomize/api v0.11.3 // indirect diff --git a/go.sum b/go.sum index 415ca3ea5..2acd75655 100644 --- a/go.sum +++ b/go.sum @@ -1858,8 +1858,8 @@ k8s.io/apiextensions-apiserver v0.22.0/go.mod h1:+9w/QQC/lwH2qTbpqndXXjwBgidlSmy k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA= k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4= k8s.io/apiextensions-apiserver v0.23.1/go.mod h1:0qz4fPaHHsVhRApbtk3MGXNn2Q9M/cVWWhfHdY2SxiM= -k8s.io/apiextensions-apiserver v0.23.3 h1:JvPJA7hSEAqMRteveq4aj9semilAZYcJv+9HHFWfUdM= -k8s.io/apiextensions-apiserver v0.23.3/go.mod h1:/ZpRXdgKZA6DvIVPEmXDCZJN53YIQEUDF+hrpIQJL38= +k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= +k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apimachinery v0.19.3/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= @@ -1884,8 +1884,8 @@ k8s.io/apiserver v0.22.0/go.mod h1:04kaIEzIQrTGJ5syLppQWvpkLJXQtJECHmae+ZGc/nc= k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI= k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4= k8s.io/apiserver v0.23.1/go.mod h1:Bqt0gWbeM2NefS8CjWswwd2VNAKN6lUKR85Ft4gippY= -k8s.io/apiserver v0.23.3 h1:gWY1DmA0AdAGR/H+Q/1FtyGkFq8xqSaZOw7oLopmO8k= -k8s.io/apiserver v0.23.3/go.mod h1:3HhsTmC+Pn+Jctw+Ow0LHA4dQ4oXrQ4XJDzrVDG64T4= +k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= +k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/cli-runtime v0.21.0/go.mod h1:XoaHP93mGPF37MkLbjGVYqg3S1MnsFdKtiA/RZzzxOo= k8s.io/cli-runtime v0.22.0/go.mod h1:An6zELQ7udUI0GaXvkuMqyopPA14dIgNqpH8cZu1vig= k8s.io/cli-runtime v0.23.1/go.mod h1:r9r8H/qfXo9w+69vwUL7LokKlLRKW5D6A8vUKCx+YL0= @@ -1914,6 +1914,7 @@ k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpx k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE= k8s.io/code-generator v0.23.1/go.mod h1:V7yn6VNTCWW8GqodYCESVo95fuiEg713S8B7WacWZDA= k8s.io/code-generator v0.23.3/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= +k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= k8s.io/component-base v0.19.2/go.mod h1:g5LrsiTiabMLZ40AR6Hl45f088DevyGY+cCE2agEIVo= k8s.io/component-base v0.19.3/go.mod h1:WhLWSIefQn8W8jxSLl5WNiR6z8oyMe/8Zywg7alOkRc= @@ -1924,8 +1925,9 @@ k8s.io/component-base v0.22.0/go.mod h1:SXj6Z+V6P6GsBhHZVbWCw9hFjUdUYnJerlhhPnYC k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug= k8s.io/component-base v0.23.0/go.mod h1:DHH5uiFvLC1edCpvcTDV++NKULdYYU6pR9Tt3HIKMKI= k8s.io/component-base v0.23.1/go.mod h1:6llmap8QtJIXGDd4uIWJhAq0Op8AtQo6bDW2RrNMTeo= -k8s.io/component-base v0.23.3 h1:q+epprVdylgecijVGVdf4MbizEL2feW4ssd7cdo6LVY= k8s.io/component-base v0.23.3/go.mod h1:1Smc4C60rWG7d3HjSYpIwEbySQ3YWg0uzH5a2AtaTLg= +k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE= +k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/component-helpers v0.21.0/go.mod h1:tezqefP7lxfvJyR+0a+6QtVrkZ/wIkyMLK4WcQ3Cj8U= k8s.io/component-helpers v0.22.0/go.mod h1:YNIbQI59ayNiU8JHlPIxVkOUYycbKhk5Niy0pcyJOEY= k8s.io/component-helpers v0.23.1/go.mod h1:ZK24U+2oXnBPcas2KolLigVVN9g5zOzaHLkHiQMFGr0= @@ -1985,13 +1987,13 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9/go.mod h1:dzAXnQb sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25/go.mod h1:Mlj9PNLmG9bZ6BHFwFKDo5afkpWyUISkb9Me0GnK66I= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 h1:KQOkVzXrLNb0EP6W0FD6u3CCPAwgXFYwZitbj7K0P0Y= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 h1:dUk62HQ3ZFhD48Qr8MIXCiKA8wInBQCtuE4QGfFW7yA= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-runtime v0.7.0/go.mod h1:pJ3YBrJiAqMAZKi6UVGuE98ZrroV1p+pIhoHsMm9wdU= sigs.k8s.io/controller-runtime v0.9.0/go.mod h1:TgkfvrhhEw3PlI0BRL/5xM+89y3/yc0ZDfdbTl84si8= sigs.k8s.io/controller-runtime v0.11.0/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA= -sigs.k8s.io/controller-runtime v0.11.1 h1:7YIHT2QnHJArj/dk9aUkYhfqfK5cIxPOX5gPECfdZLU= -sigs.k8s.io/controller-runtime v0.11.1/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA= +sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= +sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20220104140252-e52a8b1fba62 h1:SCXDKdiCkko9CjGIrqwiS/795bJRaMy6EuibgBuo8dM= sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20220104140252-e52a8b1fba62/go.mod h1:+sJcI1F0QI0Cv+8fp5rH5B2fK1LxzrAQqYnaPx9nY8I= sigs.k8s.io/controller-tools v0.4.1/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/deepcopy.go index 761e27cc4..2bd5d5293 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/deepcopy.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/deepcopy.go @@ -290,5 +290,11 @@ func (in *JSONSchemaProps) DeepCopy() *JSONSchemaProps { **out = **in } + if in.XValidations != nil { + in, out := &in.XValidations, &out.XValidations + *out = make([]ValidationRule, len(*in)) + copy(*out, *in) + } + return out } diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go index 9bcbe5026..4d29ff823 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go @@ -18,6 +18,7 @@ package v1 import ( "bytes" + unsafe "unsafe" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" apiequality "k8s.io/apimachinery/pkg/api/equality" @@ -207,3 +208,8 @@ func Convert_apiextensions_CustomResourceConversion_To_v1_CustomResourceConversi } return nil } + +func Convert_apiextensions_ValidationRules_To_v1_ValidationRules(in *apiextensions.ValidationRules, out *ValidationRules, s conversion.Scope) error { + *out = *(*ValidationRules)(unsafe.Pointer(in)) + return nil +} diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/deepcopy.go index 84dda976b..28dfb99f1 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/deepcopy.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/deepcopy.go @@ -250,5 +250,11 @@ func (in *JSONSchemaProps) DeepCopy() *JSONSchemaProps { **out = **in } + if in.XValidations != nil { + in, out := &in.XValidations, &out.XValidations + *out = make([]ValidationRule, len(*in)) + copy(*out, *in) + } + return out } diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go index 77d22c16c..95a58529b 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go @@ -242,6 +242,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*apiextensions.ValidationRules)(nil), (*ValidationRules)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiextensions_ValidationRules_To_v1_ValidationRules(a.(*apiextensions.ValidationRules), b.(*ValidationRules), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*CustomResourceConversion)(nil), (*apiextensions.CustomResourceConversion)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1_CustomResourceConversion_To_apiextensions_CustomResourceConversion(a.(*CustomResourceConversion), b.(*apiextensions.CustomResourceConversion), scope) }); err != nil { diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/deepcopy.go index 857beac4a..9f64585da 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/deepcopy.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/deepcopy.go @@ -266,5 +266,11 @@ func (in *JSONSchemaProps) DeepCopy() *JSONSchemaProps { **out = **in } + if in.XValidations != nil { + in, out := &in.XValidations, &out.XValidations + *out = make([]ValidationRule, len(*in)) + copy(*out, *in) + } + return out } diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation.go index acaa7478b..02aa271f7 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation.go @@ -24,7 +24,7 @@ import ( "github.com/google/cel-go/common/types/ref" "github.com/google/cel-go/interpreter" - "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apiextensions-apiserver/pkg/apiserver/schema" "k8s.io/apiextensions-apiserver/third_party/forked/celopenapi/model" "k8s.io/apimachinery/pkg/util/validation/field" diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/convert.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/convert.go index 4b6b1eedf..9ec23b332 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/convert.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/convert.go @@ -19,6 +19,7 @@ package schema import ( "fmt" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" ) // NewStructural converts an OpenAPI v3 schema into a structural schema. A pre-validated JSONSchemaProps will @@ -246,7 +247,9 @@ func newExtensions(s *apiextensions.JSONSchemaProps) (*Extensions, error) { XListMapKeys: s.XListMapKeys, XListType: s.XListType, XMapType: s.XMapType, - XValidations: s.XValidations, + } + if err := apiextensionsv1.Convert_apiextensions_ValidationRules_To_v1_ValidationRules(&s.XValidations, &ret.XValidations, nil); err != nil { + return nil, err } if s.XPreserveUnknownFields != nil { diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/structural.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/structural.go index 1948b7ba4..234998d90 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/structural.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/structural.go @@ -17,7 +17,7 @@ limitations under the License. package schema import ( - "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -130,7 +130,8 @@ type Extensions struct { XMapType *string // x-kubernetes-validations describes a list of validation rules for expression validation. - XValidations apiextensions.ValidationRules + // Use the v1 struct since this gets serialized as an extension. + XValidations apiextensionsv1.ValidationRules } // +k8s:deepcopy-gen=true diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/zz_generated.deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/zz_generated.deepcopy.go index 3ce631066..271b7b038 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/zz_generated.deepcopy.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/zz_generated.deepcopy.go @@ -22,7 +22,7 @@ limitations under the License. package schema import ( - apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -45,7 +45,7 @@ func (in *Extensions) DeepCopyInto(out *Extensions) { } if in.XValidations != nil { in, out := &in.XValidations, &out.XValidations - *out = make(apiextensions.ValidationRules, len(*in)) + *out = make(v1.ValidationRules, len(*in)) copy(*out, *in) } return diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go index 14081c944..b325abf9a 100644 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go +++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go @@ -21,6 +21,7 @@ import ( "strings" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/util/validation/field" openapierrors "k8s.io/kube-openapi/pkg/validation/errors" "k8s.io/kube-openapi/pkg/validation/spec" @@ -255,7 +256,11 @@ func ConvertJSONSchemaPropsWithPostProcess(in *apiextensions.JSONSchemaProps, ou out.VendorExtensible.AddExtension("x-kubernetes-map-type", *in.XMapType) } if len(in.XValidations) != 0 { - out.VendorExtensible.AddExtension("x-kubernetes-validations", in.XValidations) + var serializationValidationRules apiextensionsv1.ValidationRules + if err := apiextensionsv1.Convert_apiextensions_ValidationRules_To_v1_ValidationRules(&in.XValidations, &serializationValidationRules, nil); err != nil { + return err + } + out.VendorExtensible.AddExtension("x-kubernetes-validations", serializationValidationRules) } return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 929330eaa..bc0efe61e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1240,7 +1240,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.23.3 +# k8s.io/apiextensions-apiserver v0.23.5 ## explicit; go 1.16 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1316,7 +1316,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.23.3 +# k8s.io/apiserver v0.23.5 ## explicit; go 1.16 k8s.io/apiserver/pkg/apis/apiserver k8s.io/apiserver/pkg/apis/apiserver/install @@ -1481,7 +1481,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.23.3 +# k8s.io/component-base v0.23.5 ## explicit; go 1.16 k8s.io/component-base/config k8s.io/component-base/config/v1alpha1 @@ -1536,11 +1536,11 @@ k8s.io/utils/pointer k8s.io/utils/trace # rsc.io/letsencrypt v0.0.3 ## explicit -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 +# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 ## explicit; go 1.17 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client -# sigs.k8s.io/controller-runtime v0.11.1 +# sigs.k8s.io/controller-runtime v0.11.2 ## explicit; go 1.17 sigs.k8s.io/controller-runtime sigs.k8s.io/controller-runtime/pkg/builder diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go index 6f247128d..a3e17cb10 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go @@ -43,10 +43,17 @@ type dialResult struct { connid int64 } +type pendingDial struct { + // resultCh is the channel to send the dial result to + resultCh chan<- dialResult + // cancelCh is the channel closed when resultCh no longer has a receiver + cancelCh <-chan struct{} +} + // grpcTunnel implements Tunnel type grpcTunnel struct { stream client.ProxyService_ProxyClient - pendingDial map[int64]chan<- dialResult + pendingDial map[int64]pendingDial conns map[int64]*conn pendingDialLock sync.RWMutex connsLock sync.RWMutex @@ -76,12 +83,13 @@ func CreateSingleUseGrpcTunnel(ctx context.Context, address string, opts ...grpc stream, err := grpcClient.Proxy(ctx) if err != nil { + c.Close() return nil, err } tunnel := &grpcTunnel{ stream: stream, - pendingDial: make(map[int64]chan<- dialResult), + pendingDial: make(map[int64]pendingDial), conns: make(map[int64]*conn), readTimeoutSeconds: 10, } @@ -110,7 +118,7 @@ func (t *grpcTunnel) serve(c clientConn) { case client.PacketType_DIAL_RSP: resp := pkt.GetDialResponse() t.pendingDialLock.RLock() - ch, ok := t.pendingDial[resp.Random] + pendingDial, ok := t.pendingDial[resp.Random] t.pendingDialLock.RUnlock() if !ok { @@ -122,10 +130,16 @@ func (t *grpcTunnel) serve(c clientConn) { connid: resp.ConnectID, } select { - case ch <- result: - default: - klog.ErrorS(fmt.Errorf("blocked pending channel"), "Received second dial response for connection request", "connectionID", resp.ConnectID, "dialID", resp.Random) - // On multiple dial responses, avoid leaking serve goroutine. + // try to send to the result channel + case pendingDial.resultCh <- result: + // unblock if the cancel channel is closed + case <-pendingDial.cancelCh: + // If there are no readers of the pending dial channel above, it means one of two things: + // 1. There was a second DIAL_RSP for the connection request (this is very unlikely but possible) + // 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context + // + // In either scenario, we should return here as this tunnel is no longer needed. + klog.V(1).InfoS("Pending dial has been cancelled; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random) return } } @@ -182,9 +196,16 @@ func (t *grpcTunnel) DialContext(ctx context.Context, protocol, address string) } random := rand.Int63() /* #nosec G404 */ - resCh := make(chan dialResult, 1) + + // This channel is closed once we're returning and no longer waiting on resultCh + cancelCh := make(chan struct{}) + defer close(cancelCh) + + // This channel MUST NOT be buffered. The sender needs to know when we are not receiving things, so they can abort. + resCh := make(chan dialResult) + t.pendingDialLock.Lock() - t.pendingDial[random] = resCh + t.pendingDial[random] = pendingDial{resultCh: resCh, cancelCh: cancelCh} t.pendingDialLock.Unlock() defer func() { t.pendingDialLock.Lock() @@ -225,8 +246,10 @@ func (t *grpcTunnel) DialContext(ctx context.Context, protocol, address string) t.conns[res.connid] = c t.connsLock.Unlock() case <-time.After(30 * time.Second): + klog.V(5).InfoS("Timed out waiting for DialResp", "dialID", random) return nil, errors.New("dial timeout, backstop") case <-ctx.Done(): + klog.V(5).InfoS("Context canceled waiting for DialResp", "ctxErr", ctx.Err(), "dialID", random) return nil, errors.New("dial timeout, context") }