diff --git a/Makefile b/Makefile
index ceb3901..a29eb12 100644
--- a/Makefile
+++ b/Makefile
@@ -207,7 +207,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
## Tool Versions
KUSTOMIZE_VERSION ?= v5.3.0
-CONTROLLER_TOOLS_VERSION ?= v0.14.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
.PHONY: kustomize
diff --git a/config/crd/bases/stunner.l7mp.io_dataplanes.yaml b/config/crd/bases/stunner.l7mp.io_dataplanes.yaml
index 0800a8c..b8e296d 100644
--- a/config/crd/bases/stunner.l7mp.io_dataplanes.yaml
+++ b/config/crd/bases/stunner.l7mp.io_dataplanes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.5
name: dataplanes.stunner.l7mp.io
spec:
group: stunner.l7mp.io
@@ -100,11 +100,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchFields:
description: A list of node selector requirements
by node's fields.
@@ -132,11 +134,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
weight:
@@ -149,6 +153,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the affinity requirements specified by this field are not met at
@@ -193,11 +198,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchFields:
description: A list of node selector requirements
by node's fields.
@@ -225,14 +232,17 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
+ x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
@@ -293,11 +303,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -312,13 +324,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -327,13 +339,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -373,11 +385,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -397,6 +411,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -419,6 +434,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the affinity requirements specified by this field are not met at
@@ -468,11 +484,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -487,13 +505,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -502,13 +520,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -547,11 +565,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -571,6 +591,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -583,6 +604,7 @@ spec:
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
@@ -640,11 +662,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -659,13 +683,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -674,13 +698,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -720,11 +744,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -744,6 +770,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -766,6 +793,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the anti-affinity requirements specified by this field are not met at
@@ -815,11 +843,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -834,13 +864,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -849,13 +879,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -894,11 +924,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -918,6 +950,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -930,6 +963,7 @@ spec:
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
annotations:
@@ -966,6 +1000,30 @@ spec:
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
capabilities:
description: |-
The capabilities to add/drop when running containers.
@@ -978,12 +1036,14 @@ spec:
description: Capability represent POSIX capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
privileged:
description: |-
@@ -995,7 +1055,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -1077,7 +1137,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -1163,10 +1222,13 @@ spec:
description: The key to select.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key
@@ -1225,10 +1287,13 @@ spec:
be a valid secret key.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must
@@ -1253,10 +1318,13 @@ spec:
description: The ConfigMap to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap must be defined
@@ -1271,10 +1339,13 @@ spec:
description: The Secret to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret must be defined
@@ -1307,10 +1378,13 @@ spec:
referenced object inside the same namespace.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -1339,11 +1413,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -1354,6 +1426,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -1390,18 +1468,39 @@ spec:
description: SecurityContext holds pod-level security attributes and
common container settings.
properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
fsGroup:
description: |-
A special supplemental group that applies to all containers in a pod.
Some volume types allow the Kubelet to change the ownership of that volume
to be owned by the pod:
-
1. The owning GID will be the FSGroup
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw----
-
If unset, the Kubelet will not modify the ownership and permissions of any volume.
Note that this field cannot be set when spec.os.name is windows.
format: int64
@@ -1445,6 +1544,32 @@ spec:
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
+ seLinuxChangePolicy:
+ description: |-
+ seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
+ It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
+ Valid values are "MountOption" and "Recursive".
+
+ "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
+ This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
+
+ "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
+ This requires all Pods that share the same volume to use the same SELinux label.
+ It is not possible to share the same volume among privileged and unprivileged Pods.
+ Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
+ whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
+ CSIDriver instance. Other volumes are always re-labelled recursively.
+ "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
+
+ If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
+ If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
+ and "Recursive" for all other volumes.
+
+ This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
+
+ All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
seLinuxOptions:
description: |-
The SELinux context to be applied to all containers.
@@ -1488,7 +1613,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -1498,17 +1622,28 @@ spec:
type: object
supplementalGroups:
description: |-
- A list of groups applied to the first process run in each container, in addition
- to the container's primary GID, the fsGroup (if specified), and group memberships
- defined in the container image for the uid of the container process. If unspecified,
- no additional groups are added to any container. Note that group memberships
- defined in the container image for the uid of the container process are still effective,
- even if they are not included in this list.
+ A list of groups applied to the first process run in each container, in
+ addition to the container's primary GID and fsGroup (if specified). If
+ the SupplementalGroupsPolicy feature is enabled, the
+ supplementalGroupsPolicy field determines whether these are in addition
+ to or instead of any group memberships defined in the container image.
+ If unspecified, no additional groups are added, though group memberships
+ defined in the container image may still be used, depending on the
+ supplementalGroupsPolicy field.
Note that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
type: array
+ x-kubernetes-list-type: atomic
+ supplementalGroupsPolicy:
+ description: |-
+ Defines how supplemental groups of the first container processes are calculated.
+ Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+ (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+ and the container runtime must implement support for this feature.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
sysctls:
description: |-
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
@@ -1528,6 +1663,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
@@ -1645,11 +1781,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -1671,7 +1809,6 @@ spec:
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
-
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
items:
type: string
@@ -1711,7 +1848,6 @@ spec:
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
-
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
@@ -1720,9 +1856,6 @@ spec:
In this situation, new pod with the same labelSelector cannot be scheduled,
because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
it will violate MaxSkew.
-
-
- This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
format: int32
type: integer
nodeAffinityPolicy:
@@ -1732,7 +1865,6 @@ spec:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
-
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -1744,7 +1876,6 @@ spec:
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
-
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -1874,11 +2005,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchFields:
description: A list of node selector requirements
by node's fields.
@@ -1906,11 +2039,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
weight:
@@ -1923,6 +2058,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the affinity requirements specified by this field are not met at
@@ -1967,11 +2103,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchFields:
description: A list of node selector requirements
by node's fields.
@@ -1999,14 +2137,17 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
+ x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
@@ -2067,11 +2208,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2086,13 +2229,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2101,13 +2244,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2147,11 +2290,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2171,6 +2316,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -2193,6 +2339,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the affinity requirements specified by this field are not met at
@@ -2242,11 +2389,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2261,13 +2410,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2276,13 +2425,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2321,11 +2470,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2345,6 +2496,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -2357,6 +2509,7 @@ spec:
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
@@ -2414,11 +2567,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2433,13 +2588,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2448,13 +2603,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2494,11 +2649,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2518,6 +2675,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -2540,6 +2698,7 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: |-
If the anti-affinity requirements specified by this field are not met at
@@ -2589,11 +2748,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2608,13 +2769,13 @@ spec:
description: |-
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2623,13 +2784,13 @@ spec:
description: |-
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
- Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2668,11 +2829,13 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@@ -2692,6 +2855,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
topologyKey:
description: |-
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
@@ -2704,6 +2868,7 @@ spec:
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
args:
@@ -2749,10 +2914,13 @@ spec:
description: The key to select.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key
@@ -2811,10 +2979,13 @@ spec:
be a valid secret key.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must
@@ -2857,11 +3028,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -2872,6 +3041,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -2908,18 +3083,39 @@ spec:
description: SecurityContext holds pod-level security attributes and
common container settings.
properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
fsGroup:
description: |-
A special supplemental group that applies to all containers in a pod.
Some volume types allow the Kubelet to change the ownership of that volume
to be owned by the pod:
-
1. The owning GID will be the FSGroup
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw----
-
If unset, the Kubelet will not modify the ownership and permissions of any volume.
Note that this field cannot be set when spec.os.name is windows.
format: int64
@@ -2963,6 +3159,32 @@ spec:
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
+ seLinuxChangePolicy:
+ description: |-
+ seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
+ It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
+ Valid values are "MountOption" and "Recursive".
+
+ "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
+ This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
+
+ "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
+ This requires all Pods that share the same volume to use the same SELinux label.
+ It is not possible to share the same volume among privileged and unprivileged Pods.
+ Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
+ whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
+ CSIDriver instance. Other volumes are always re-labelled recursively.
+ "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
+
+ If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
+ If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
+ and "Recursive" for all other volumes.
+
+ This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
+
+ All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
seLinuxOptions:
description: |-
The SELinux context to be applied to all containers.
@@ -3006,7 +3228,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -3016,17 +3237,28 @@ spec:
type: object
supplementalGroups:
description: |-
- A list of groups applied to the first process run in each container, in addition
- to the container's primary GID, the fsGroup (if specified), and group memberships
- defined in the container image for the uid of the container process. If unspecified,
- no additional groups are added to any container. Note that group memberships
- defined in the container image for the uid of the container process are still effective,
- even if they are not included in this list.
+ A list of groups applied to the first process run in each container, in
+ addition to the container's primary GID and fsGroup (if specified). If
+ the SupplementalGroupsPolicy feature is enabled, the
+ supplementalGroupsPolicy field determines whether these are in addition
+ to or instead of any group memberships defined in the container image.
+ If unspecified, no additional groups are added, though group memberships
+ defined in the container image may still be used, depending on the
+ supplementalGroupsPolicy field.
Note that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
type: array
+ x-kubernetes-list-type: atomic
+ supplementalGroupsPolicy:
+ description: |-
+ Defines how supplemental groups of the first container processes are calculated.
+ Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+ (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+ and the container runtime must implement support for this feature.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
sysctls:
description: |-
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
@@ -3046,6 +3278,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
diff --git a/config/crd/bases/stunner.l7mp.io_gatewayconfigs.yaml b/config/crd/bases/stunner.l7mp.io_gatewayconfigs.yaml
index c7429ef..f4e2f34 100644
--- a/config/crd/bases/stunner.l7mp.io_gatewayconfigs.yaml
+++ b/config/crd/bases/stunner.l7mp.io_gatewayconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.5
name: gatewayconfigs.stunner.l7mp.io
spec:
group: stunner.l7mp.io
@@ -91,13 +91,11 @@ spec:
Namespace is the namespace of the referenced object. When unspecified, the local
namespace is inferred.
-
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
-
Support: Core
maxLength: 63
minLength: 1
@@ -125,7 +123,6 @@ spec:
LoadBalancerServiceAnnotations is a list of annotations that will go into the
LoadBalancer services created automatically by the operator to wrap Gateways.
-
NOTE: removing annotations from a GatewayConfig will not result in the removal of the
corresponding annotations from the LoadBalancer service, in order to prevent the
accidental removal of an annotation installed there by Kubernetes or the cloud
@@ -149,7 +146,6 @@ spec:
Realm defines the STUN/TURN authentication realm to be used for clients toauthenticate
with STUNner.
-
The realm must consist of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character. No other punctuation is allowed.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -241,13 +237,11 @@ spec:
Namespace is the namespace of the referenced object. When unspecified, the local
namespace is inferred.
-
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
-
Support: Core
maxLength: 63
minLength: 1
@@ -283,7 +277,6 @@ spec:
LoadBalancerServiceAnnotations is a list of annotations that will go into the
LoadBalancer services created automatically by the operator to wrap Gateways.
-
NOTE: removing annotations from a GatewayConfig will not result in the removal of the
corresponding annotations from the LoadBalancer service, in order to prevent the
accidental removal of an annotation installed there by Kubernetes or the cloud
@@ -323,7 +316,6 @@ spec:
Realm defines the STUN/TURN authentication realm to be used for clients toauthenticate
with STUNner.
-
The realm must consist of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character. No other punctuation is allowed.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
diff --git a/config/crd/bases/stunner.l7mp.io_staticservices.yaml b/config/crd/bases/stunner.l7mp.io_staticservices.yaml
index e3d7fb4..4d7376e 100644
--- a/config/crd/bases/stunner.l7mp.io_staticservices.yaml
+++ b/config/crd/bases/stunner.l7mp.io_staticservices.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.5
name: staticservices.stunner.l7mp.io
spec:
group: stunner.l7mp.io
@@ -99,17 +99,14 @@ spec:
This field follows standard Kubernetes label syntax.
Valid values are either:
-
* Un-prefixed protocol names - reserved for IANA standard service names (as per
RFC-6335 and https://www.iana.org/assignments/service-names).
-
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
-
* Other protocols should use implementation-defined prefixed names such as
mycompany.com/my-custom-protocol.
type: string
diff --git a/config/crd/bases/stunner.l7mp.io_udproutes.yaml b/config/crd/bases/stunner.l7mp.io_udproutes.yaml
index e43a8e5..185b919 100644
--- a/config/crd/bases/stunner.l7mp.io_udproutes.yaml
+++ b/config/crd/bases/stunner.l7mp.io_udproutes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.5
name: udproutes.stunner.l7mp.io
spec:
group: stunner.l7mp.io
@@ -28,7 +28,6 @@ spec:
used to forward traffic on the port specified by the listener to a set of backends specified by
the UDPRoute.
-
Differences from Gateway API UDPRoutes
- port-ranges are correctly handled ([port, endPort])
- port is not mandatory
@@ -67,21 +66,16 @@ spec:
create a "producer" route for a Service in a different namespace from the
Route.
-
There are two kinds of parent resources with "Core" support:
-
* Gateway (Gateway conformance profile)
-
- * Service (Mesh conformance profile, experimental, ClusterIP Services only)
-
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
This API may be extended in the future to support additional kinds of parent
resources.
-
ParentRefs must be _distinct_. This means either that:
-
* They select different objects. If this is the case, then parentRef
entries are distinct. In terms of fields, this means that the
multi-part key defined by `group`, `kind`, `namespace`, and `name` must
@@ -91,10 +85,8 @@ spec:
optional fields to different values. If one ParentRef sets a
combination of optional fields, all must set the same combination.
-
Some examples:
-
* If one ParentRef sets `sectionName`, all ParentRefs referencing the
same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
@@ -102,27 +94,23 @@ spec:
* If one ParentRef sets `sectionName` and `port`, all ParentRefs
referencing the same object must also set `sectionName` and `port`.
-
It is possible to separately reference multiple distinct objects that may
be collapsed by an implementation. For example, some implementations may
choose to merge compatible Gateway Listeners together. If that is the
case, the list of routes attached to those resources should also be
merged.
-
Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example,
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable other kinds of cross-namespace reference.
-
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
-
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
@@ -130,7 +118,6 @@ spec:
ParentRef of the Route.
-
@@ -141,15 +128,12 @@ spec:
a parent of this resource (usually a route). There are two kinds of parent resources
with "Core" support:
-
* Gateway (Gateway conformance profile)
- * Service (Mesh conformance profile, experimental, ClusterIP Services only)
-
+ * Service (Mesh conformance profile, ClusterIP Services only)
This API may be extended in the future to support additional kinds of parent
resources.
-
The API object must be valid in the cluster; the Group and Kind must
be registered in the cluster for this reference to be valid.
properties:
@@ -161,7 +145,6 @@ spec:
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
-
Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -171,13 +154,10 @@ spec:
description: |-
Kind is kind of the referent.
-
There are two kinds of parent resources with "Core" support:
-
* Gateway (Gateway conformance profile)
- * Service (Mesh conformance profile, experimental, ClusterIP Services only)
-
+ * Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
maxLength: 63
@@ -188,7 +168,6 @@ spec:
description: |-
Name is the name of the referent.
-
Support: Core
maxLength: 253
minLength: 1
@@ -198,20 +177,17 @@ spec:
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
-
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
-
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
-
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
@@ -219,7 +195,6 @@ spec:
ParentRef of the Route.
-
Support: Core
maxLength: 63
minLength: 1
@@ -230,7 +205,6 @@ spec:
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
-
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set `Port` unless the
@@ -239,19 +213,16 @@ spec:
and SectionName are specified, the name and port of the selected listener
must match both specified values.
-
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
-
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
-
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
@@ -260,11 +231,7 @@ spec:
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
-
Support: Extended
-
-
-
format: int32
maximum: 65535
minimum: 1
@@ -274,22 +241,17 @@ spec:
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
-
- * Gateway: Listener Name. When both Port (experimental) and SectionName
+ * Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
- * Service: Port Name. When both Port (experimental) and SectionName
+ * Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services as Parents
- is part of experimental Mesh support and is not supported for any other
- purpose.
-
+ both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
-
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
@@ -299,7 +261,6 @@ spec:
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
-
Support: Core
maxLength: 253
minLength: 1
@@ -395,13 +356,11 @@ spec:
first sees the route and should update the entry as appropriate when the
route or gateway is modified.
-
Note that parent references that cannot be resolved by an implementation
of this API will not be added to this list. Implementations of this API
can only populate Route status for the Gateways/parent resources they are
responsible for.
-
A maximum of 32 Gateways will be represented in this list. An empty list
means the route has not been attached to any Gateway.
items:
@@ -415,38 +374,24 @@ spec:
Note that the route's availability is also subject to the Gateway's own
status conditions and listener status.
-
If the Route's ParentRef specifies an existing Gateway that supports
Routes of this kind AND that Gateway's controller has sufficient access,
then that Gateway's controller MUST set the "Accepted" condition on the
Route, to indicate whether the route has been accepted or rejected by the
Gateway, and why.
-
A Route MUST be considered "Accepted" if at least one of the Route's
rules is implemented by the Gateway.
-
There are a number of cases where the "Accepted" condition may not be set
due to lack of controller visibility, that includes when:
-
* The Route refers to a non-existent parent.
* The Route is of a type that the controller does not support.
* The Route is in a namespace the controller does not have access to.
items:
- description: "Condition contains details for one aspect of
- the current state of this API Resource.\n---\nThis struct
- is intended for direct use as an array at the field path
- .status.conditions. For example,\n\n\n\ttype FooStatus
- struct{\n\t // Represents the observations of a foo's
- current state.\n\t // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\"\n\t //
- +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
- +listType=map\n\t // +listMapKey=type\n\t Conditions
- []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
- patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
+ description: Condition contains details for one aspect of
+ the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -488,12 +433,7 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -516,15 +456,12 @@ spec:
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
-
Example: "example.net/gateway-controller".
-
The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
-
Controllers MUST populate this field when writing status. Controllers should ensure that
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
@@ -545,7 +482,6 @@ spec:
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
-
Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -555,13 +491,10 @@ spec:
description: |-
Kind is kind of the referent.
-
There are two kinds of parent resources with "Core" support:
-
* Gateway (Gateway conformance profile)
- * Service (Mesh conformance profile, experimental, ClusterIP Services only)
-
+ * Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
maxLength: 63
@@ -572,7 +505,6 @@ spec:
description: |-
Name is the name of the referent.
-
Support: Core
maxLength: 253
minLength: 1
@@ -582,20 +514,17 @@ spec:
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
-
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
-
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
-
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
@@ -603,7 +532,6 @@ spec:
ParentRef of the Route.
-
Support: Core
maxLength: 63
minLength: 1
@@ -614,7 +542,6 @@ spec:
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
-
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set `Port` unless the
@@ -623,19 +550,16 @@ spec:
and SectionName are specified, the name and port of the selected listener
must match both specified values.
-
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
-
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
-
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
@@ -644,11 +568,7 @@ spec:
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
-
Support: Extended
-
-
-
format: int32
maximum: 65535
minimum: 1
@@ -658,22 +578,17 @@ spec:
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
-
- * Gateway: Listener Name. When both Port (experimental) and SectionName
+ * Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
- * Service: Port Name. When both Port (experimental) and SectionName
+ * Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services as Parents
- is part of experimental Mesh support and is not supported for any other
- purpose.
-
+ both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
-
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
@@ -683,7 +598,6 @@ spec:
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
-
Support: Core
maxLength: 253
minLength: 1
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 9ea7e21..d542534 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -4,31 +4,11 @@ kind: ClusterRole
metadata:
name: manager-role
rules:
-- apiGroups:
- - apps
- resources:
- - deployments
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - apps
- resources:
- - deployments/finalizers
- - deployments/status
- verbs:
- - get
- - list
- - watch
- apiGroups:
- ""
resources:
- configmaps
+ - services
verbs:
- create
- delete
@@ -47,27 +27,20 @@ rules:
- ""
resources:
- endpoints
+ - endpoints/status
- namespaces
- nodes
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - endpoints/status
- nodes/status
+ - secrets
- services/status
verbs:
- get
- list
- watch
- apiGroups:
- - ""
+ - apps
resources:
- - services
+ - deployments
verbs:
- create
- delete
@@ -77,9 +50,10 @@ rules:
- update
- watch
- apiGroups:
- - discovery.k8s.io
+ - apps
resources:
- - endpointslices
+ - deployments/finalizers
+ - deployments/status
verbs:
- get
- list
@@ -87,6 +61,7 @@ rules:
- apiGroups:
- discovery.k8s.io
resources:
+ - endpointslices
- endpointslices/status
verbs:
- get
diff --git a/go.mod b/go.mod
index d21094d..aea00c1 100644
--- a/go.mod
+++ b/go.mod
@@ -1,60 +1,61 @@
module github.com/l7mp/stunner-gateway-operator
-go 1.21
+go 1.23.0
+
+toolchain go1.23.4
require (
github.com/go-logr/logr v1.4.2
github.com/go-logr/zapr v1.3.0
github.com/l7mp/stunner v1.0.0
- github.com/onsi/ginkgo/v2 v2.15.0
- github.com/onsi/gomega v1.30.0
- github.com/stretchr/testify v1.9.0
- go.uber.org/zap v1.26.0
- k8s.io/api v0.29.1
- k8s.io/apimachinery v0.29.1
- k8s.io/client-go v0.29.1
- sigs.k8s.io/controller-runtime v0.17.0
- sigs.k8s.io/gateway-api v1.0.0
+ github.com/onsi/ginkgo/v2 v2.21.0
+ github.com/onsi/gomega v1.35.1
+ github.com/stretchr/testify v1.10.0
+ go.uber.org/zap v1.27.0
+ k8s.io/api v0.32.0
+ k8s.io/apimachinery v0.32.0
+ k8s.io/client-go v0.32.0
+ sigs.k8s.io/controller-runtime v0.19.3
+ sigs.k8s.io/gateway-api v1.2.1
)
require (
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
+ github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
- github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/emicklei/go-restful/v3 v3.11.2 // indirect
- github.com/evanphx/json-patch v5.9.0+incompatible // indirect
- github.com/evanphx/json-patch/v5 v5.8.1 // indirect
- github.com/fsnotify/fsnotify v1.7.0 // indirect
- github.com/getkin/kin-openapi v0.123.0 // indirect
+ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+ github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+ github.com/fsnotify/fsnotify v1.8.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/getkin/kin-openapi v0.128.0 // indirect
github.com/go-errors/errors v1.5.1 // indirect
- github.com/go-openapi/jsonpointer v0.20.2 // indirect
- github.com/go-openapi/jsonreference v0.20.4 // indirect
- github.com/go-openapi/swag v0.22.9 // indirect
- github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.0 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
+ github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
- github.com/google/btree v1.1.2 // indirect
- github.com/google/gnostic-models v0.6.8 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
+ github.com/google/btree v1.1.3 // indirect
+ github.com/google/gnostic-models v0.6.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
+ github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/mux v1.8.1 // indirect
- github.com/gorilla/websocket v1.5.1 // indirect
+ github.com/gorilla/websocket v1.5.3 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
- github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
- github.com/invopop/yaml v0.2.0 // indirect
+ github.com/invopop/yaml v0.3.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/klauspost/compress v1.17.9 // indirect
+ github.com/klauspost/compress v1.17.11 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/moby/spdystream v0.2.0 // indirect
+ github.com/moby/spdystream v0.5.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -68,42 +69,40 @@ require (
github.com/pion/logging v0.2.2 // indirect
github.com/pion/transport/v3 v3.0.7 // indirect
github.com/pkg/errors v0.9.1 // indirect
- github.com/pmezard/go-difflib v1.0.0 // indirect
- github.com/prometheus/client_golang v1.20.2 // indirect
+ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+ github.com/prometheus/client_golang v1.20.5 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
- github.com/prometheus/common v0.58.0 // indirect
+ github.com/prometheus/common v0.61.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/spf13/cobra v1.8.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- github.com/wlynxg/anet v0.0.3 // indirect
+ github.com/wlynxg/anet v0.0.5 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
- go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect
go.uber.org/multierr v1.11.0 // indirect
- golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
- golang.org/x/net v0.28.0 // indirect
- golang.org/x/oauth2 v0.22.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/sys v0.23.0 // indirect
- golang.org/x/term v0.23.0 // indirect
- golang.org/x/text v0.17.0 // indirect
- golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+ golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
+ golang.org/x/net v0.32.0 // indirect
+ golang.org/x/oauth2 v0.24.0 // indirect
+ golang.org/x/sync v0.10.0 // indirect
+ golang.org/x/sys v0.28.0 // indirect
+ golang.org/x/term v0.27.0 // indirect
+ golang.org/x/text v0.21.0 // indirect
+ golang.org/x/time v0.8.0 // indirect
+ golang.org/x/tools v0.28.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/protobuf v1.34.2 // indirect
- gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect
+ google.golang.org/protobuf v1.35.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
- gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/apiextensions-apiserver v0.29.1 // indirect
- k8s.io/cli-runtime v0.29.1 // indirect
- k8s.io/component-base v0.29.1 // indirect
- k8s.io/klog/v2 v2.120.1 // indirect
- k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec // indirect
- k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
- sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/kustomize/api v0.16.0 // indirect
- sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+ k8s.io/apiextensions-apiserver v0.32.0 // indirect
+ k8s.io/cli-runtime v0.32.0 // indirect
+ k8s.io/klog/v2 v2.130.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20241212045625-5ad02ce6640f // indirect
+ k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+ sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+ sigs.k8s.io/kustomize/api v0.18.0 // indirect
+ sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
diff --git a/go.sum b/go.sum
index 20db7fe..2e70bd3 100644
--- a/go.sum
+++ b/go.sum
@@ -7,82 +7,76 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU=
-github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.8.1 h1:iPEdwg0XayoS+E7Mth9JxwUtOgyVxnDTXHtKhZPlZxA=
-github.com/evanphx/json-patch/v5 v5.8.1/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/getkin/kin-openapi v0.123.0 h1:zIik0mRwFNLyvtXK274Q6ut+dPh6nlxBp0x7mNrPhs8=
-github.com/getkin/kin-openapi v0.123.0/go.mod h1:wb1aSZA/iWmorQP9KTAS/phLj/t17B5jT7+fS8ed9NM=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLbITSp4=
+github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM=
github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q=
-github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
-github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU=
-github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4=
-github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE=
-github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
-github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
-github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/invopop/yaml v0.2.0 h1:7zky/qH+O0DwAyoobXUqvVBwgBFRxKoQ/3FjcVpjTMY=
-github.com/invopop/yaml v0.2.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q=
+github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso=
+github.com/invopop/yaml v0.3.1/go.mod h1:PMOp3nn4/12yEZUFfmOuNHJsZToEEOwoWsT+D81KkeA=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -90,8 +84,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -104,8 +98,8 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -123,10 +117,10 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/oapi-codegen/runtime v1.1.1 h1:EXLHh0DXIJnWhdRPN2w4MXAzFyE4CskzhNLUmtpMYro=
github.com/oapi-codegen/runtime v1.1.1/go.mod h1:SK9X900oXmPWilYR5/WKPzt3Kqxn/uS/+lbpREv+eCg=
-github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
-github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s=
github.com/perimeterx/marshmallow v1.1.5/go.mod h1:dsXbUu8CRzfYP5a87xpp0xq9S3u0Vchtcl8we9tYaXw=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -137,21 +131,22 @@ github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1
github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
-github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.58.0 h1:N+N8vY4/23r6iYfD3UQZUoJPnUYAo7v6LG5XZxjZTXo=
-github.com/prometheus/common v0.58.0/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0=
+github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ=
+github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -161,120 +156,110 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/wlynxg/anet v0.0.3 h1:PvR53psxFXstc12jelG6f1Lv4MWqE0tI76/hHGjh9rg=
-github.com/wlynxg/anet v0.0.3/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
+github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.starlark.net v0.0.0-20240123142251-f86470692795 h1:LmbG8Pq7KDGkglKVn8VpZOZj6vb9b8nKEGcg9l03epM=
-go.starlark.net v0.0.0-20240123142251-f86470692795/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
+golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
+golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
+golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo=
-gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw=
-k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ=
-k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw=
-k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU=
-k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc=
-k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
-k8s.io/cli-runtime v0.29.1 h1:By3WVOlEWYfyxhGko0f/IuAOLQcbBSMzwSaDren2JUs=
-k8s.io/cli-runtime v0.29.1/go.mod h1:vjEY9slFp8j8UoMhV5AlO8uulX9xk6ogfIesHobyBDU=
-k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A=
-k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks=
-k8s.io/component-base v0.29.1 h1:MUimqJPCRnnHsskTTjKD+IC1EHBbRCVyi37IoFBrkYw=
-k8s.io/component-base v0.29.1/go.mod h1:fP9GFjxYrLERq1GcWWZAE3bqbNcDKDytn2srWuHTtKc=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec h1:iGTel2aR8vCZdxJDgmbeY0zrlXy9Qcvyw4R2sB4HLrA=
-k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s=
-sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s=
-sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=
-sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g=
-sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c=
-sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0=
-sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
+k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c=
+k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241212045625-5ad02ce6640f h1:jyijczch0N1N0Uk0p4P0hfgTP+2Rkt4m6pVX8l3R6q4=
+k8s.io/kube-openapi v0.0.0-20241212045625-5ad02ce6640f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
+sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
+sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM=
+sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
+sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
+sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=
+sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/internal/controllers/dataplane.go b/internal/controllers/dataplane.go
index cd37582..f09032d 100644
--- a/internal/controllers/dataplane.go
+++ b/internal/controllers/dataplane.go
@@ -57,11 +57,9 @@ func NewDataplaneController(mgr manager.Manager, ch chan event.Event, log logr.L
r.log.Info("created dataplane controller")
if err := c.Watch(
- // &source.Kind{Type: &stnrgwv1.Dataplane{}},
- source.Kind(mgr.GetCache(), &stnrgwv1.Dataplane{}),
- &handler.EnqueueRequestForObject{},
- // trigger when the Dataplane spec changes
- predicate.GenerationChangedPredicate{},
+ source.Kind(mgr.GetCache(), &stnrgwv1.Dataplane{},
+ &handler.TypedEnqueueRequestForObject[*stnrgwv1.Dataplane]{},
+ predicate.TypedGenerationChangedPredicate[*stnrgwv1.Dataplane]{}), // trigger when the Dataplane spec changes
); err != nil {
return nil, err
}
diff --git a/internal/controllers/gateway.go b/internal/controllers/gateway.go
index ad3166b..e67d316 100644
--- a/internal/controllers/gateway.go
+++ b/internal/controllers/gateway.go
@@ -63,12 +63,11 @@ func NewGatewayController(mgr manager.Manager, ch chan event.Event, log logr.Log
// watch GatewayClass objects that match this controller name
if err := c.Watch(
- source.Kind(mgr.GetCache(), &gwapiv1.GatewayClass{}),
- &handler.EnqueueRequestForObject{},
- // trigger when the spec changes on a GatewayClass we manage
- predicate.And(
- predicate.NewPredicateFuncs(r.hasMatchingController),
- predicate.GenerationChangedPredicate{},
+ source.Kind(mgr.GetCache(), &gwapiv1.GatewayClass{},
+ &handler.TypedEnqueueRequestForObject[*gwapiv1.GatewayClass]{},
+ predicate.And( // trigger when the spec changes on a GatewayClass we manage
+ predicate.NewTypedPredicateFuncs[*gwapiv1.GatewayClass](r.hasMatchingController),
+ predicate.TypedGenerationChangedPredicate[*gwapiv1.GatewayClass]{}),
),
); err != nil {
return nil, err
@@ -77,15 +76,14 @@ func NewGatewayController(mgr manager.Manager, ch chan event.Event, log logr.Log
// watch Gateway objects that match the controller name
if err := c.Watch(
- source.Kind(mgr.GetCache(), &gwapiv1.Gateway{}),
- &handler.EnqueueRequestForObject{},
- //trigger when the Spec or an annotation changes on a Gateway we manage
- predicate.And(
- predicate.Or(
- predicate.GenerationChangedPredicate{},
- predicate.AnnotationChangedPredicate{},
- ),
- predicate.NewPredicateFuncs(r.validateGatewayForReconcile),
+ source.Kind(mgr.GetCache(), &gwapiv1.Gateway{},
+ &handler.TypedEnqueueRequestForObject[*gwapiv1.Gateway]{},
+ predicate.And( //trigger when the Spec or an annotation changes on a Gateway we manage
+ predicate.Or(
+ predicate.TypedGenerationChangedPredicate[*gwapiv1.Gateway]{},
+ predicate.TypedAnnotationChangedPredicate[*gwapiv1.Gateway]{},
+ ),
+ predicate.NewTypedPredicateFuncs[*gwapiv1.Gateway](r.validateGatewayForReconcile)),
),
); err != nil {
return nil, err
@@ -106,9 +104,9 @@ func NewGatewayController(mgr manager.Manager, ch chan event.Event, log logr.Log
// watch Secret objects referenced by one of our Gateways
if err := c.Watch(
- source.Kind(mgr.GetCache(), &corev1.Secret{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateSecretForReconcile),
+ source.Kind(mgr.GetCache(), &corev1.Secret{},
+ &handler.TypedEnqueueRequestForObject[*corev1.Secret]{},
+ predicate.NewTypedPredicateFuncs[*corev1.Secret](r.validateSecretForReconcile)),
); err != nil {
return nil, err
}
@@ -117,9 +115,9 @@ func NewGatewayController(mgr manager.Manager, ch chan event.Event, log logr.Log
if config.DataplaneMode == config.DataplaneModeManaged {
// watch Deployment objects referenced by one of our Gateways
if err := c.Watch(
- source.Kind(mgr.GetCache(), &appv1.Deployment{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateDeploymentForReconcile),
+ source.Kind(mgr.GetCache(), &appv1.Deployment{},
+ &handler.TypedEnqueueRequestForObject[*appv1.Deployment]{},
+ predicate.NewTypedPredicateFuncs[*appv1.Deployment](r.validateDeploymentForReconcile)),
); err != nil {
return nil, err
}
@@ -266,23 +264,13 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req reconcile.Request
// hasMatchingController returns true if the provided object is a GatewayClass with a
// Spec.Controller string matching the controller string, or false otherwise.
-func (r *gatewayReconciler) hasMatchingController(obj client.Object) bool {
- gc, ok := obj.(*gwapiv1.GatewayClass)
- if !ok {
- return false
- }
-
- if string(gc.Spec.ControllerName) == config.ControllerName {
- return true
- }
-
- return false
+func (r *gatewayReconciler) hasMatchingController(gc *gwapiv1.GatewayClass) bool {
+ return string(gc.Spec.ControllerName) == config.ControllerName
}
// validateGatewayForReconcile returns true if the provided object is a Gateway using a
// GatewayClass matching the configured gatewayclass controller name.
-func (r *gatewayReconciler) validateGatewayForReconcile(o client.Object) bool {
- gw := o.(*gwapiv1.Gateway)
+func (r *gatewayReconciler) validateGatewayForReconcile(gw *gwapiv1.Gateway) bool {
gc := &gwapiv1.GatewayClass{}
key := types.NamespacedName{Name: string(gw.Spec.GatewayClassName)}
if err := r.Get(context.Background(), key, gc); err != nil {
@@ -299,8 +287,7 @@ func (r *gatewayReconciler) validateGatewayForReconcile(o client.Object) bool {
}
// validateSecretForReconcile checks whether the Secret belongs to a valid Gateway.
-func (r *gatewayReconciler) validateSecretForReconcile(obj client.Object) bool {
- secret := obj.(*corev1.Secret)
+func (r *gatewayReconciler) validateSecretForReconcile(secret *corev1.Secret) bool {
gwList := &gwapiv1.GatewayList{}
secretName := store.GetNamespacedName(secret).String()
if err := r.List(context.Background(), gwList, &client.ListOptions{
@@ -326,14 +313,12 @@ func (r *gatewayReconciler) validateSecretForReconcile(obj client.Object) bool {
// validateDeploymentForReconcile checks whether there is a Gateway with the same name as the
// Deployment and the Deployment is owned by us.
-func (r *gatewayReconciler) validateDeploymentForReconcile(obj client.Object) bool {
+func (r *gatewayReconciler) validateDeploymentForReconcile(deployment *appv1.Deployment) bool {
// we don't watch Deployments in legacy mode
if config.DataplaneMode != config.DataplaneModeManaged {
return false
}
- deployment := obj.(*appv1.Deployment)
-
// is deployment owned by us?
val, ok := deployment.GetLabels()[opdefault.OwnedByLabelKey]
if !ok || val != opdefault.OwnedByLabelValue {
diff --git a/internal/controllers/gatewayconfig.go b/internal/controllers/gatewayconfig.go
index 78b7664..4fa6dc4 100644
--- a/internal/controllers/gatewayconfig.go
+++ b/internal/controllers/gatewayconfig.go
@@ -64,10 +64,9 @@ func NewGatewayConfigController(mgr manager.Manager, ch chan event.Event, log lo
r.log.Info("Created GatewayConfig controller")
if err := c.Watch(
- source.Kind(mgr.GetCache(), &stnrgwv1.GatewayConfig{}),
- &handler.EnqueueRequestForObject{},
- // trigger when the GatewayConfig spec changes
- predicate.GenerationChangedPredicate{},
+ source.Kind(mgr.GetCache(), &stnrgwv1.GatewayConfig{},
+ &handler.TypedEnqueueRequestForObject[*stnrgwv1.GatewayConfig]{},
+ predicate.TypedGenerationChangedPredicate[*stnrgwv1.GatewayConfig]{}),
); err != nil {
return nil, err
}
@@ -81,9 +80,9 @@ func NewGatewayConfigController(mgr manager.Manager, ch chan event.Event, log lo
// watch Secret objects referenced by one of our GatewayConfigs
if err := c.Watch(
- source.Kind(mgr.GetCache(), &corev1.Secret{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateSecretForReconcile),
+ source.Kind(mgr.GetCache(), &corev1.Secret{},
+ &handler.TypedEnqueueRequestForObject[*corev1.Secret]{},
+ predicate.NewTypedPredicateFuncs[*corev1.Secret](r.validateSecretForReconcile)),
); err != nil {
return nil, err
}
@@ -168,8 +167,7 @@ func (r *gatewayConfigReconciler) Reconcile(ctx context.Context, req reconcile.R
}
// validateSecretForReconcile checks whether the Secret belongs to a valid GatewayConfig.
-func (r *gatewayConfigReconciler) validateSecretForReconcile(obj client.Object) bool {
- secret := obj.(*corev1.Secret)
+func (r *gatewayConfigReconciler) validateSecretForReconcile(secret *corev1.Secret) bool {
gcList := &stnrgwv1.GatewayConfigList{}
secretName := store.GetNamespacedName(secret).String()
if err := r.List(context.Background(), gcList, &client.ListOptions{
diff --git a/internal/controllers/node.go b/internal/controllers/node.go
index 1aef1b3..5d37383 100644
--- a/internal/controllers/node.go
+++ b/internal/controllers/node.go
@@ -46,9 +46,9 @@ func NewNodeController(mgr manager.Manager, ch chan event.Event, log logr.Logger
r.log.Info("created node controller")
if err := c.Watch(
- source.Kind(mgr.GetCache(), &corev1.Node{}),
- &handler.EnqueueRequestForObject{},
- predicate.ResourceVersionChangedPredicate{},
+ source.Kind(mgr.GetCache(), &corev1.Node{},
+ &handler.TypedEnqueueRequestForObject[*corev1.Node]{},
+ predicate.TypedResourceVersionChangedPredicate[*corev1.Node]{}),
); err != nil {
return nil, err
}
diff --git a/internal/controllers/udproute.go b/internal/controllers/udproute.go
index e29edca..4ee9738 100644
--- a/internal/controllers/udproute.go
+++ b/internal/controllers/udproute.go
@@ -7,6 +7,7 @@ import (
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
+ v1 "k8s.io/api/core/v1"
discoveryv1 "k8s.io/api/discovery/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -61,9 +62,9 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// watch UDPRoute objects
if err := c.Watch(
- source.Kind(mgr.GetCache(), &stnrgwv1.UDPRoute{}),
- &handler.EnqueueRequestForObject{},
- predicate.GenerationChangedPredicate{},
+ source.Kind(mgr.GetCache(), &stnrgwv1.UDPRoute{},
+ &handler.TypedEnqueueRequestForObject[*stnrgwv1.UDPRoute]{},
+ predicate.TypedGenerationChangedPredicate[*stnrgwv1.UDPRoute]{}),
); err != nil {
return nil, err
}
@@ -83,9 +84,9 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// watch UDPRouteV1A2 objects
if err := c.Watch(
- source.Kind(mgr.GetCache(), &gwapiv1a2.UDPRoute{}),
- &handler.EnqueueRequestForObject{},
- predicate.GenerationChangedPredicate{},
+ source.Kind(mgr.GetCache(), &gwapiv1a2.UDPRoute{},
+ &handler.TypedEnqueueRequestForObject[*gwapiv1a2.UDPRoute]{},
+ predicate.TypedGenerationChangedPredicate[*gwapiv1a2.UDPRoute]{}),
); err != nil {
return nil, err
}
@@ -104,7 +105,8 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
}
// a label-selector predicate to select the loadbalancer services we are interested in
- loadBalancerPredicate, err := predicate.LabelSelectorPredicate(
+ // loadBalancerPredicate, err := predicate.LabelSelectorPredicate(
+ loadBalancerPredicate, err := ServiceLabelSelectorPredicate(
metav1.LabelSelector{
MatchLabels: map[string]string{
// LB services have both "app:stunner" and
@@ -119,14 +121,13 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// watch Service objects referenced by one of our UDPRoutes
if err := c.Watch(
- source.Kind(mgr.GetCache(), &corev1.Service{}),
- &handler.EnqueueRequestForObject{},
- // trigger when either a gateway-loadbalancer service (svc annotated as a
- // related-service for a gateway) or a backend-service changes
- predicate.Or(
- predicate.NewPredicateFuncs(r.validateBackendForReconcile),
- // predicate.NewPredicateFuncs(r.validateLoadBalancerReconcile),
- loadBalancerPredicate),
+ source.Kind(mgr.GetCache(), &corev1.Service{},
+ &handler.TypedEnqueueRequestForObject[*corev1.Service]{},
+ // trigger when either a gateway-loadbalancer service (svc annotated as a
+ // related-service for a gateway) or a backend-service changes
+ predicate.Or(
+ predicate.NewTypedPredicateFuncs[*corev1.Service](r.validateBackendServiceForReconcile),
+ loadBalancerPredicate)),
); err != nil {
return nil, err
}
@@ -138,9 +139,9 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// explicitly disabled on the command line
if config.EndpointSliceAvailable {
if err := c.Watch(
- source.Kind(mgr.GetCache(), &discoveryv1.EndpointSlice{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateEndpointSliceForReconcile),
+ source.Kind(mgr.GetCache(), &discoveryv1.EndpointSlice{},
+ &handler.TypedEnqueueRequestForObject[*discoveryv1.EndpointSlice]{},
+ predicate.NewTypedPredicateFuncs[*discoveryv1.EndpointSlice](r.validateEndpointSliceForReconcile)),
); err == nil {
r.log.Info("Watching EndpointSlice objects")
config.EndpointSliceAvailable = true
@@ -155,9 +156,9 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// if EndpointSlices are still not available, fall back to wathing Endpoints
if !config.EndpointSliceAvailable {
if err := c.Watch(
- source.Kind(mgr.GetCache(), &corev1.Endpoints{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateBackendForReconcile),
+ source.Kind(mgr.GetCache(), &corev1.Endpoints{},
+ &handler.TypedEnqueueRequestForObject[*corev1.Endpoints]{},
+ predicate.NewTypedPredicateFuncs[*corev1.Endpoints](r.validateBackendEndpointsForReconcile)),
); err != nil {
return nil, err
}
@@ -169,9 +170,9 @@ func NewUDPRouteController(mgr manager.Manager, ch chan event.Event, log logr.Lo
// watch StaticService objects referenced by one of our UDPRoutes
if err := c.Watch(
- source.Kind(mgr.GetCache(), &stnrgwv1.StaticService{}),
- &handler.EnqueueRequestForObject{},
- predicate.NewPredicateFuncs(r.validateStaticServiceForReconcile),
+ source.Kind(mgr.GetCache(), &stnrgwv1.StaticService{},
+ &handler.TypedEnqueueRequestForObject[*stnrgwv1.StaticService]{},
+ predicate.NewTypedPredicateFuncs[*stnrgwv1.StaticService](r.validateStaticServiceForReconcile)),
); err != nil {
return nil, err
}
@@ -358,19 +359,20 @@ func (r *udpRouteReconciler) Reconcile(ctx context.Context, req reconcile.Reques
return reconcile.Result{}, nil
}
-// validateBackendForReconcile checks whether the Service belongs to a valid UDPRoute.
-func (r *udpRouteReconciler) validateBackendForReconcile(o client.Object) bool {
- // are we given a service or an endpoints object?
- key := ""
- if svc, ok := o.(*corev1.Service); ok {
- key = store.GetObjectKey(svc)
- } else if e, ok := o.(*corev1.Endpoints); ok {
- // endpoints and services are of the same name
- key = store.GetObjectKey(e)
- } else {
- return false
- }
+func (r *udpRouteReconciler) validateBackendServiceForReconcile(svc *corev1.Service) bool {
+ return r.validateBackendForReconcile(store.GetObjectKey(svc))
+}
+
+func (r *udpRouteReconciler) validateStaticServiceForReconcile(svc *stnrgwv1.StaticService) bool {
+ return r.validateBackendForReconcile(store.GetObjectKey(svc))
+}
+
+func (r *udpRouteReconciler) validateBackendEndpointsForReconcile(e *corev1.Endpoints) bool {
+ return r.validateBackendForReconcile(store.GetObjectKey(e))
+}
+// validateBackendForReconcile checks whether the Service belongs to a valid UDPRoute.
+func (r *udpRouteReconciler) validateBackendForReconcile(key string) bool {
// find the routes referring to this service
routeList := &stnrgwv1.UDPRouteList{}
if err := r.List(context.Background(), routeList, &client.ListOptions{
@@ -400,15 +402,7 @@ func (r *udpRouteReconciler) validateBackendForReconcile(o client.Object) bool {
// validateEndpointSliceForReconcile checks whether an EndpointSlice belongs to a Service that
// belongs to a valid UDPRoute.
-func (r *udpRouteReconciler) validateEndpointSliceForReconcile(o client.Object) bool {
- // are we given a proper EndpointSlice object?
- esl, ok := o.(*discoveryv1.EndpointSlice)
- if !ok {
- return false
- }
-
- // r.log.Info("validateEndpointSliceForReconcile:", "namespace/name", store.GetObjectKey(esl))
-
+func (r *udpRouteReconciler) validateEndpointSliceForReconcile(esl *discoveryv1.EndpointSlice) bool {
// find the Service corresponding to this EndpointSlice
// TODO: also check ownership
svcName, ok := esl.GetLabels()[discoveryv1.LabelServiceName]
@@ -433,48 +427,11 @@ func (r *udpRouteReconciler) validateEndpointSliceForReconcile(o client.Object)
return false
}
- // r.log.Info("validateEndpointSliceForReconcile:", "svc", "found")
-
- return r.validateBackendForReconcile(svc)
-}
-
-// validateStaticServiceForReconcile checks whether a Static Service belongs to a valid UDPRoute.
-func (r *udpRouteReconciler) validateStaticServiceForReconcile(o client.Object) bool {
- // are we given a service or an endpoints object?
- key := ""
- if svc, ok := o.(*stnrgwv1.StaticService); ok {
- key = store.GetObjectKey(svc)
- } else {
- return false
- }
-
- // find the routes referring to this static service
- routeList := &stnrgwv1.UDPRouteList{}
- if err := r.List(context.Background(), routeList, &client.ListOptions{
- FieldSelector: fields.OneTermEqualSelector(staticServiceUDPRouteIndex, key),
- }); err != nil {
- r.log.Error(err, "Unable to find associated UDPRoute", "static-service", key)
- return false
- }
-
- routeListV1A2 := &gwapiv1a2.UDPRouteList{}
- if err := r.List(context.Background(), routeListV1A2, &client.ListOptions{
- FieldSelector: fields.OneTermEqualSelector(staticServiceUDPRouteIndexV1A2, key),
- }); err != nil {
- r.log.Error(err, "Unable to find associated UDPRouteV1A2", "static-service", key)
- return false
- }
-
- if len(routeList.Items) == 0 && len(routeListV1A2.Items) == 0 {
- return false
- }
-
- return true
+ return r.validateBackendServiceForReconcile(svc)
}
// getServiceForBackend finds the Service associated with a backendRef
func (r *udpRouteReconciler) getServiceForBackend(ctx context.Context, udproute *stnrgwv1.UDPRoute, ref *stnrgwv1.BackendRef) *corev1.Service {
- svc := corev1.Service{}
// if no explicit Service namespace is provided, use the UDPRoute namespace to lookup the
// Service
@@ -483,6 +440,7 @@ func (r *udpRouteReconciler) getServiceForBackend(ctx context.Context, udproute
namespace = string(*ref.Namespace)
}
+ svc := corev1.Service{}
if err := r.Get(ctx,
types.NamespacedName{Namespace: namespace, Name: string(ref.Name)},
&svc,
@@ -679,3 +637,16 @@ func staticServiceUDPRouteIndexFunc(o client.Object) []string {
func (r *udpRouteReconciler) Terminate() {
r.terminating = true
}
+
+// TypedLabelSelectorPredicate is the generic version of LabelSelectorPredicate that somehow seems
+// to be missing in controller-runtime to construct a TypedPredicate from a LabelSelector. Only
+// objects matching the LabelSelector will be admitted.
+func ServiceLabelSelectorPredicate(s metav1.LabelSelector) (predicate.TypedPredicate[*v1.Service], error) {
+ selector, err := metav1.LabelSelectorAsSelector(&s)
+ if err != nil {
+ return predicate.TypedFuncs[*v1.Service]{}, err
+ }
+ return predicate.NewTypedPredicateFuncs[*v1.Service](func(o *v1.Service) bool {
+ return selector.Matches(labels.Set(o.GetLabels()))
+ }), nil
+}
diff --git a/internal/operator/operator.go b/internal/operator/operator.go
index 2ef9f7d..c6b7bd0 100644
--- a/internal/operator/operator.go
+++ b/internal/operator/operator.go
@@ -29,10 +29,10 @@ const (
var scheme = runtime.NewScheme()
func init() {
- _ = gwapiv1a2.AddToScheme(scheme)
- _ = gwapiv1.AddToScheme(scheme)
- _ = stnrgwv1.AddToScheme(scheme)
- _ = apiv1.AddToScheme(scheme)
+ _ = gwapiv1a2.AddToScheme(scheme) //nolint:staticcheck
+ _ = gwapiv1.AddToScheme(scheme) //nolint:staticcheck
+ _ = stnrgwv1.AddToScheme(scheme) //nolint:staticcheck
+ _ = apiv1.AddToScheme(scheme) //nolint:staticcheck
}
type OperatorConfig struct {
diff --git a/internal/renderer/render_test_suite.go b/internal/renderer/render_test_suite.go
index 855d4b5..597e407 100644
--- a/internal/renderer/render_test_suite.go
+++ b/internal/renderer/render_test_suite.go
@@ -37,9 +37,9 @@ var (
)
func init() {
- utilruntime.Must(clientgoscheme.AddToScheme(scheme))
- utilruntime.Must(gwapiv1.AddToScheme(scheme))
- utilruntime.Must(stnrgwv1.AddToScheme(scheme))
+ utilruntime.Must(clientgoscheme.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(gwapiv1.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(stnrgwv1.AddToScheme(scheme)) //nolint:staticcheck
}
type renderTestConfig struct {
diff --git a/main.go b/main.go
index ddb1b75..b0aeb6d 100644
--- a/main.go
+++ b/main.go
@@ -66,11 +66,11 @@ var (
)
func init() {
- utilruntime.Must(clientgoscheme.AddToScheme(scheme))
- utilruntime.Must(gwapiv1a2.AddToScheme(scheme))
- utilruntime.Must(gwapiv1.AddToScheme(scheme))
- utilruntime.Must(stnrgwv1a1.AddToScheme(scheme))
- utilruntime.Must(stnrgwv1.AddToScheme(scheme))
+ utilruntime.Must(clientgoscheme.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(gwapiv1a2.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(gwapiv1.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(stnrgwv1a1.AddToScheme(scheme)) //nolint:staticcheck
+ utilruntime.Must(stnrgwv1.AddToScheme(scheme)) //nolint:staticcheck
}
func main() {
diff --git a/test/integration_suite_test.go b/test/integration_suite_test.go
index 2a99c5c..4cdbf44 100644
--- a/test/integration_suite_test.go
+++ b/test/integration_suite_test.go
@@ -36,6 +36,7 @@ import (
"k8s.io/client-go/rest"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
+ ctrlcfg "sigs.k8s.io/controller-runtime/pkg/config"
"sigs.k8s.io/controller-runtime/pkg/envtest"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -131,17 +132,17 @@ var _ = BeforeSuite(func() {
Expect(err).NotTo(HaveOccurred())
Expect(cfg).NotTo(BeNil())
- err = clientgoscheme.AddToScheme(scheme)
+ err = clientgoscheme.AddToScheme(scheme) //nolint:staticcheck
Expect(err).NotTo(HaveOccurred())
// Gateway API schemes
- err = gwapiv1.AddToScheme(scheme)
+ err = gwapiv1.AddToScheme(scheme) //nolint:staticcheck
Expect(err).NotTo(HaveOccurred())
- err = gwapiv1a2.AddToScheme(scheme)
+ err = gwapiv1a2.AddToScheme(scheme) //nolint:staticcheck
Expect(err).NotTo(HaveOccurred())
// STUNner CRD scheme
- err = stnrgwv1.AddToScheme(scheme)
+ err = stnrgwv1.AddToScheme(scheme) //nolint:staticcheck
Expect(err).NotTo(HaveOccurred())
k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
@@ -165,8 +166,10 @@ var _ = AfterSuite(func() {
func initOperator(mgrCtx, opCtx context.Context) {
setupLog.Info("setting up client manager")
+ on := true
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
- Scheme: scheme,
+ Scheme: scheme,
+ Controller: ctrlcfg.Controller{SkipNameValidation: &on},
})
Expect(err).NotTo(HaveOccurred())
diff --git a/test/managed_mode_test.go b/test/managed_mode_test.go
index ff892a9..278ee09 100644
--- a/test/managed_mode_test.go
+++ b/test/managed_mode_test.go
@@ -787,7 +787,7 @@ func testManagedMode() {
// must change the spec othwewise the controller will not be
// triggered
infra := gwapiv1.GatewayInfrastructure{
- Labels: map[gwapiv1.AnnotationKey]gwapiv1.AnnotationValue{
+ Labels: map[gwapiv1.LabelKey]gwapiv1.LabelValue{
"dummy-label-key": "dummy-label-value",
},
}