From cb0e5eb2b5899e58c1df544151ea843f546ec25a Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 17 Nov 2023 15:44:45 +0100 Subject: [PATCH] Revendor g/g v1.71 and implement `FullNetworkPolicies`. (#354) --- Makefile | 2 +- .../templates/deployment.yaml | 11 +- .../templates/rbac.yaml | 1 + .../templates/service.yaml | 9 ++ .../values.yaml | 1 + .../templates/cloud-controller-manager.yaml | 1 + .../templates/duros-controller.yaml | 7 +- .../firewall-controller-manager.yaml | 28 ++--- .../templates/network-policies.yaml | 102 ------------------ .../seed/templates/deployment.yaml | 5 +- .../templates/network-policies-legacy.yaml | 85 --------------- example/controller-registration.yaml | 4 +- go.mod | 9 +- go.sum | 71 ++++-------- pkg/admission/mutator/defaulter.go | 15 ++- pkg/admission/mutator/defaulter_test.go | 55 +++++----- pkg/apis/metal/helper/helper.go | 2 +- pkg/controller/controlplane/valuesprovider.go | 19 +--- .../infrastructure/actuator_reconcile.go | 2 +- pkg/webhook/controlplane/add.go | 4 +- pkg/webhook/controlplane/ensurer.go | 3 + 21 files changed, 115 insertions(+), 321 deletions(-) delete mode 100644 charts/internal/control-plane/templates/network-policies.yaml delete mode 100644 charts/internal/shoot-control-plane/templates/network-policies-legacy.yaml diff --git a/Makefile b/Makefile index 9d6143ad2..0183df46d 100644 --- a/Makefile +++ b/Makefile @@ -75,7 +75,7 @@ check: $(GOIMPORTS) $(GOLANGCI_LINT) $(HELM) @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/check-charts.sh ./charts .PHONY: generate -generate: $(HELM) +generate: $(HELM) $(YQ) @$(REPO_ROOT)/vendor/github.com/gardener/gardener/hack/generate.sh ./charts/... ./cmd/... ./pkg/... .PHONY: generate-in-docker diff --git a/charts/gardener-extension-provider-metal/templates/deployment.yaml b/charts/gardener-extension-provider-metal/templates/deployment.yaml index fc5350183..28d58f1e8 100644 --- a/charts/gardener-extension-provider-metal/templates/deployment.yaml +++ b/charts/gardener-extension-provider-metal/templates/deployment.yaml @@ -19,11 +19,17 @@ spec: {{- end }} checksum/configmap-{{ include "name" . }}-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if and .Values.metrics.enableScraping }} + prometheus.io/name: "{{ .Release.Name }}" prometheus.io/scrape: "true" # default metrics endpoint in controller-runtime - prometheus.io/port: "8080" + prometheus.io/port: "{{ .Values.metricsPort }}" {{- end }} labels: + networking.gardener.cloud/to-runtime-apiserver: allowed + networking.gardener.cloud/to-dns: allowed + networking.gardener.cloud/to-public-networks: allowed + networking.gardener.cloud/to-private-networks: allowed + networking.resources.gardener.cloud/to-all-shoots-kube-apiserver-tcp-443: allowed {{ include "labels" . | indent 8 }} spec: containers: @@ -44,6 +50,9 @@ spec: - --webhook-config-server-port={{ .Values.webhookConfig.serverPort }} - --disable-controllers={{ .Values.disableControllers | join "," }} - --disable-webhooks={{ .Values.disableWebhooks | join "," }} + {{- if .Values.metricsPort }} + - --metrics-bind-address=:{{ .Values.metricsPort }} + {{- end }} - --health-bind-address=:{{ .Values.healthPort }} - --gardener-version={{ .Values.gardener.version }} env: diff --git a/charts/gardener-extension-provider-metal/templates/rbac.yaml b/charts/gardener-extension-provider-metal/templates/rbac.yaml index 8a79dfe91..51ec00d53 100644 --- a/charts/gardener-extension-provider-metal/templates/rbac.yaml +++ b/charts/gardener-extension-provider-metal/templates/rbac.yaml @@ -62,6 +62,7 @@ rules: - configmaps - endpoints - deployments + - deployments/scale - services - serviceaccounts - clusterroles diff --git a/charts/gardener-extension-provider-metal/templates/service.yaml b/charts/gardener-extension-provider-metal/templates/service.yaml index 95052fbf8..6d5f6766a 100644 --- a/charts/gardener-extension-provider-metal/templates/service.yaml +++ b/charts/gardener-extension-provider-metal/templates/service.yaml @@ -3,6 +3,15 @@ kind: Service metadata: name: {{ include "name" . }} namespace: {{ .Release.Namespace }} + annotations: + networking.resources.gardener.cloud/from-world-to-ports: '[{"protocol":"TCP","port":{{ .Values.webhookConfig.serverPort }}}]' + networking.resources.gardener.cloud/from-all-seed-scrape-targets-allowed-ports: '[{"port":{{ .Values.metricsPort }},"protocol":"TCP"}]' + networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":{{ .Values.webhookConfig.serverPort }}}]' + networking.resources.gardener.cloud/namespace-selectors: '[{"matchLabels":{"kubernetes.io/metadata.name":"garden"}},{"matchLabels":{"gardener.cloud/role":"shoot"}}]' + networking.resources.gardener.cloud/pod-label-selector-namespace-alias: extensions + # TODO: This label approach is deprecated and no longer needed in the future. Remove them as soon as gardener/gardener@v1.75 has been released. + networking.resources.gardener.cloud/from-policy-pod-label-selector: all-seed-scrape-targets + networking.resources.gardener.cloud/from-policy-allowed-ports: '[{"port":{{ .Values.metricsPort }},"protocol":"TCP"}]' labels: {{ include "labels" . | indent 4 }} spec: diff --git a/charts/gardener-extension-provider-metal/values.yaml b/charts/gardener-extension-provider-metal/values.yaml index 4c055daa3..14681e888 100644 --- a/charts/gardener-extension-provider-metal/values.yaml +++ b/charts/gardener-extension-provider-metal/values.yaml @@ -6,6 +6,7 @@ image: replicaCount: 1 resources: {} +metricsPort: 8080 healthPort: 8081 controllers: diff --git a/charts/internal/control-plane/templates/cloud-controller-manager.yaml b/charts/internal/control-plane/templates/cloud-controller-manager.yaml index fb84f13ad..f8dfa9617 100644 --- a/charts/internal/control-plane/templates/cloud-controller-manager.yaml +++ b/charts/internal/control-plane/templates/cloud-controller-manager.yaml @@ -48,6 +48,7 @@ spec: networking.gardener.cloud/to-dns: allowed networking.gardener.cloud/to-shoot-apiserver: allowed networking.gardener.cloud/to-public-networks: allowed + networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: "allowed" spec: tolerations: - effect: NoExecute diff --git a/charts/internal/control-plane/templates/duros-controller.yaml b/charts/internal/control-plane/templates/duros-controller.yaml index da193d63e..79e66322a 100644 --- a/charts/internal/control-plane/templates/duros-controller.yaml +++ b/charts/internal/control-plane/templates/duros-controller.yaml @@ -38,7 +38,6 @@ rules: - update - patch - create - --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -87,6 +86,12 @@ spec: metadata: labels: app: duros-controller + networking.gardener.cloud/from-prometheus: "allowed" + networking.gardener.cloud/to-dns: "allowed" + networking.gardener.cloud/to-shoot-apiserver: "allowed" + networking.gardener.cloud/to-public-networks: "allowed" + networking.gardener.cloud/to-runtime-apiserver: "allowed" + networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: "allowed" spec: # required to be able to read the duros cr from the seed automountServiceAccountToken: true diff --git a/charts/internal/control-plane/templates/firewall-controller-manager.yaml b/charts/internal/control-plane/templates/firewall-controller-manager.yaml index 15e7e4720..5cb50820f 100644 --- a/charts/internal/control-plane/templates/firewall-controller-manager.yaml +++ b/charts/internal/control-plane/templates/firewall-controller-manager.yaml @@ -99,6 +99,12 @@ spec: metadata: labels: app: firewall-controller-manager + networking.gardener.cloud/from-prometheus: "allowed" + networking.gardener.cloud/to-dns: "allowed" + networking.gardener.cloud/to-public-networks: "allowed" + networking.gardener.cloud/to-shoot-apiserver: "allowed" + networking.gardener.cloud/to-runtime-apiserver: "allowed" + networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: "allowed" {{- if .Values.podAnnotations }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} @@ -114,6 +120,7 @@ spec: - -log-level=info - -seed-api-url={{ .Values.firewallControllerManager.seedApiURL }} - -shoot-api-url={{ .Values.firewallControllerManager.shootApiURL }} + - -internal-shoot-api-url=https://kube-apiserver - -cluster-id={{ .Values.firewallControllerManager.clusterID }} - -enable-leader-election - -metal-api-url={{ .Values.firewallControllerManager.metalapi.url }} @@ -167,6 +174,10 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: firewall-controller-manager + annotations: + networking.resources.gardener.cloud/from-world-to-ports: '[{"protocol":"TCP","port":9443}]' + networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":9443}]' + networking.resources.gardener.cloud/from-all-seed-scrape-targets-allowed-ports: '[{"protocol":"TCP","port":2112}]' spec: type: ClusterIP clusterIP: None @@ -338,20 +349,3 @@ webhooks: resources: - firewalldeployments sideEffects: None ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - annotations: - name: allow-to-firewall-controller-manager-webhook - namespace: {{ .Release.Namespace }} -spec: - ingress: - - ports: - - port: 9443 - protocol: TCP - podSelector: - matchLabels: - app: firewall-controller-manager - policyTypes: - - Ingress diff --git a/charts/internal/control-plane/templates/network-policies.yaml b/charts/internal/control-plane/templates/network-policies.yaml deleted file mode 100644 index c94dba7b9..000000000 --- a/charts/internal/control-plane/templates/network-policies.yaml +++ /dev/null @@ -1,102 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-dns - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: UDP - port: 53 - - protocol: TCP - port: 53 ---- -# FIXME remove this rule -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-any - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-https - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 443 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-http - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-ntp - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: UDP - port: 123 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-vpn - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - ports: - - port: 4314 - protocol: UDP - - port: 4314 - protocol: TCP - to: - - ipBlock: - cidr: 0.0.0.0/0 diff --git a/charts/internal/machine-controller-manager/seed/templates/deployment.yaml b/charts/internal/machine-controller-manager/seed/templates/deployment.yaml index 2c0c77e59..39bddf675 100644 --- a/charts/internal/machine-controller-manager/seed/templates/deployment.yaml +++ b/charts/internal/machine-controller-manager/seed/templates/deployment.yaml @@ -29,9 +29,8 @@ spec: networking.gardener.cloud/to-dns: allowed networking.gardener.cloud/to-public-networks: allowed networking.gardener.cloud/to-private-networks: allowed - networking.gardener.cloud/to-seed-apiserver: allowed - networking.gardener.cloud/to-shoot-apiserver: allowed - networking.gardener.cloud/from-prometheus: allowed + networking.gardener.cloud/to-runtime-apiserver: allowed + networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: allowed {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} {{- end }} diff --git a/charts/internal/shoot-control-plane/templates/network-policies-legacy.yaml b/charts/internal/shoot-control-plane/templates/network-policies-legacy.yaml deleted file mode 100644 index e9968cc76..000000000 --- a/charts/internal/shoot-control-plane/templates/network-policies-legacy.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# TODO This file can be removed in a future version when all firewalls migrated to the new firewall controller -# these network policies will actually allow workers to join ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-dns - namespace: kube-system -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: UDP - port: 53 - - protocol: TCP - port: 53 ---- -# FIXME remove this rule -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-any - namespace: kube-system -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-https - namespace: kube-system -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 443 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-http - namespace: kube-system -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: egress-allow-ntp - namespace: kube-system -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: UDP - port: 123 diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index 70c723e21..b88bb4f14 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,10 +5,10 @@ metadata: name: provider-metal type: helm providerConfig: - chart: H4sIAAAAAAAAA+0ca2/bOLKf9SsIdxfoHtbyI05SGOjhsmm2zV2bBEmui8PhUNASY6uRRS0pJfF2+99v+JIoWbKspJu2uxoUqEVyhkNyZjgcDjPHzCcRYX1yl5CIBzTqx4zeBD4ULUmCw8GTB8MQYH93V/4PUP5f/h7tTEbj3fHenigf7e0MJ0/Q7sO7boaUJ5gh9IRRmmxq11T/jcK8cf0PF5gl7govw/v2IRZ4bzKpXf/xZFxc//FwPN5/goafc6B18BdffxwH7wgT6z5FNyMHx3H+OXTH4p/jE+6xIE5k6QF6TcIl8oRUoCvKULIg6JWWIvRWiAw60xKEMqFyIrwkU9Qobc7NWu9feob+3NCs/z713Dl9SB9N+r+7s1+y//uT4W6n/48Bg8GcTudCAnBCEF+gvod6rjuAfzck8ikbzINkkc5cjy4HRljyHwvsXQ8Met+jUcJoGILsMDIPeAKlIFEukC0KFXLRd888nCDV07uj84vj05Mf9Ce5w8s4JIM6cmIvQoeq8izEEZkqosfRFcPQKvWSlJnCXyi7Jkx99BxnMEBnwDOeE23CSIRnIeGoMA1pHFNt3nRhEM2lpfMoY8RLUM4bKvDmxDb1r994Net/QmAxYFb4vT3B1v7feLgzHHf+32NAm/V/vyBhDPuzm8StfMEG+z8aj/dK6z/eG3f2/1Hg48c+8slVEBHUEz5aD/U/fXKa/TSBB/uDbO3YREI8IyF3wZF0r8lKkZMf6YywiIAcuQEdiK4KNGpI3OAw1Tx9/IiCyAtTP+PURRpxAyPruGUGBZUpqmmh+5c9rY8iiEB4Io9IdPechARz4p4Ac5WcZawFS9ghFGcIiZrgCi0wP2NQf4d6fIHHu3tT6Pad6B66Eu3dBM9RhhGzIEquUO97/o/vebklIzHlQULZahMJGCOpIji9N0EYrDXu8oL4JA7pakmiRDv5mXDwARw97On60lrx14E29h98nqtgvsRxXy7+DfhBlPUprOYtCxJSGyNo8v8nezsl+78vijr7/wigrU9Bq9/JhT0166psXyFMcB1E/lS44CAPb3HsCEnxcYKnYAnUSb/aWlcLjkbi4DpXmFJZrIyMMszTCnMuyP8OhSDLCZqI1oYd2SN/X5TSKfpdENk46iI5y6h96SX7rHAv/W8ZDWzQ/93R/m5J/3dGk1Gn/48Bn0uxM9n4Q5VZ9ZKpMALo9/vyf3sgUnBdI8duJtrc1QSM1LteSFMfvA8cxgs8koSyKdDnezUZqTrfOyV7qel5YQC8QssIjAg0UyMEfkvlU1kKzHoeiUU5MJZcrmLC5VQx8msaMOKjXgN9d50ACniG32virwpfsywn2ZS25MrCbMeOjZjx8WvcdlYAo12/AiHrb5YynrTsUeK061OhFLeUaqlaYm8BnvOx3MEMn4VCqT0J/Y8IiG1Ert3Mqnu+gqHc4jA8hmVhEQ7VySRnoq5+Az+1JFuyRuaMcP6S8CSIpEpmTK3XbGCngkwtI5J44vlGezn4CTCr5lOoOeb8xJjHck+A6WoUN2uZix2gY7CKQbJqxtYNLZnF3nUa55xwb0H8NKxnRCG4pp3Nhk/CBF9EOOYLmpwRFlC/iUwFSm76YGcl7CD1g8Twp2KtlVTt5q5uZ0hhUXhJL+Iwja63oFVobxOrlqja5qqjBfEu6TWJmnsyLXNcIVB3zYiyWaHH11SboqYORcMC5hll22GKhjlmEvKjbWc0b1vo+fDg50BIXsG1rutdNc517vm6ypXUzE8Z5bmkb1h/oy4So3n9a5ubrmLMkkDYCOUKbLAqRVIlvHywo3GFhZGHkLM0DM9oGHiVxqDUpH5IWcML4jEiFMqjPvFfUu/aODT/vDg9WetaNc9VrBJrI2fNHf5ZT1LfJrQ5/+UBvHYHwM3nv9FwNNkvn/92drvz36OAfWwykVh1AnqZrfbWp8A/5OzHY+KJjhm5CQSfrwNhZVdvgiU4Fmgoa2Iwh5gXDJMuPKRppLc5DryIEM9U+9GJt3izHR97ioDRBE3AmhTppUQRTYzfabaOLcNrmScIO+M1T5dWqFUqYXXcrLAMz2QAH33nXmou3Z9g4s9wskC9rSK3vR/kkNXlA/Bg81XaqmpY3RgauAezW7EFs4uBMzPDMF0s8Mw2fuExEPBoXtjNGYVGC5LKKxwuWsBM9hKWkl7W6Km4tcBpmCBNUAw/poLpILIu//sMxCtYkhrqsXTGes+Hz4e9+sncUhueZ46R1gi5DMAKhnMey4Su36Si2jUVggC8lcOg9l3Pp0/TtWp149Mr0qlxWxRGXHBYMvmhyyUsXK4qfTSo2IyU+C9WMWFWy+IWZeedAE3o027b1wLYvwKH88UAji+D6qnRgjewgkxlMqKXWGScQD93osBLGYO16TMiPqAD/qLoHGm+st8S280xL1aRx+15ET0tCHiOM4KTfmZOX2ywplWIQJvc9gNx2L6BGeKCP7+WuQzPlXjHGu1CYZV7CQp5Nu2noojfNBnBPKLQC42JCsH1c0Nb24FEOTUYBxlCmfatTA5qPwKF18T5LZktKL028tdyLUvYHFYEWBUWxeZKtzrU5w/ZqHiyU9T8gAuDaKlKYXC6Oo96inDIB7B3qPdjr46W7ruK0C+6agMVkLkwWfRnYN362PdFOOaFbW5UfdVYMjOh75Ht/rPIrq6zcUl0Y5sbZSbfHB28PDp/f/Tm6PDy+PTk/cnB26OLs4PDo6wlQjIL4Gew7FOrUETBSOifk6tiqS4Xm9k0cxLcbPHv6xoYfo/fHrw6egfMnp6/P313dP7L+fHlGq9TNJD5Z9a916DyImzTDh8GNzCTnJ8xOiP2GBdJEr/Kj4kKYjnegVq134pV5ZBE9dIKEHEpMcrXl5dnVkUQwTkahy9JiFfaKE3RaJi1YAT7QWteBdbqUVjddewO+LoUGmVXCmyRy/b3tbjONpov/ZGEejScosvDs3K0AHSOpswjBcuVFVbFOXKM31FkohnDimiGgBsapkvyVnjgFUNWds1idSkaKrVp3qUfqkZ1F9FVzKypktVOyNBpFILfIxzIenUS6xN45MDzBOGTZg/tKcJXV0KYVtOsRIiPfwAO50FFFcruIF6m4F3PL1SIF34dy+1QFx/dES+176Ke6nmRHudF4YxkKuWEiPPS0V0s7LR9xslb9NE1WdVmUmW5Vmt4CKm9HXpFx1FFtTRpFR2KLrfI2yqiJTSmIZ2v/iV47RXzuRaUJ3IhNI4S4DXPuiSBnrkttY3M1pelBvR54y31AW8yNratlXhvJ9zt+W1Slg28d5G+rxvaxP/A+IB7x1L5EmiW+nOyXSCw8f3HWvxvd7w/7uJ/jwHavswT9EwEN6qiZz+gUTkFLJbH+cHNaAYiYgKGZ9R/mYnHT1I8vo7IIRzv/h3hGxyE4mgiyfN01jjgB0cMvwX710b/2Qx793kI2qD/k9398vuP8WjY5X8+Coj0KVuz5RrjNFlQFvymnjRdP5fOUZ4dpq7qz2lI2uh3G81laSjcrr7I6nrFaBpLH6yPrEyuYgqXUzi3iKY6oYCrDyv4VlEyABlIUlVRDE5VltnNVSSo8DuvBldpptkRxlB62QFXP26FNZG/4uxXGsNckvVhZ0NrHLUKf/pZaZGJ3t9668Q9Spmvk2D0Wq/Tlba4RM2Ds490A9dG9cA+TLk0/aquFPCFpuJDmmeRlSdneN2SZWHN6rWom+5eT/4nrsPkj1m2QLXaoRD8ZSAPR4UXgXaDOLAk2KqAE4gQHjie1c5Otj3y0ucAjoI4DH4zUgiOOpy35U8uL+MzgVdnDt1KX2eor/xm1yDK02rhA6ujK7e1CzSIrBWIiB6MRJXnLdaqPtCZ+gF+Zf5jAIczJcppIp9d6jiHZ6dhquZwyAv8hjYesEWXZi7lU5Qgr9XzLt2ZYCtt0Wl1LsexVMHKtRKYzaRAjij3cLhp1YFGAm5JCDNjmqt1LhF/qnJe+8LlCa4CD9VZUN0swd51ZYcmTa+wqreB0Ky2U2VIue36zL6M5JqCopA29W5ScZo6l6k6W9Dzt9hzoA1wxwIt8flnmy3hIZse9CguL5jPS5+tGHiQS/CTUvE/zDOALnTI3UzTBg6dLJ3b8lka+IGjwQfYVqTyKOSLQuzu85xkvrTfZ6CN/683gtZHgMbz/7D891/Ge+PO/38UqHz/oQX+6zi9J/Idglbg47PCsXy7vJ3szqWv73cmkx15oi9ejsjoMGZgFVvdtXzpFXwY3EP/tSO4vRlo0v/xZFTS/8kY/uv0/xFgk/6bDe+LmoEvPUF/cmjWf3X79pA/ANeg/zvj3bL+Dyf7nf4/Cqg0QHmSMGl/UzRfeEz499bZqSo3r/QnQcTuOZ8iuVcILzm2kgIPwlu84o5jh9mnaOTk5xf08ZPj5NkWU/R8+HzkOFa+kn4AmoXtVFS+lIOlci2KAbsNDbMIkWpTlf02RTviQlMF9zb1WZd0NkVXGE6zjrOeZDVF//2fU0qZkmVwoK+66hWPa8RFdqBf/z21Ln1jnHKV3yXzRRx14a2m99xe3PzveeW33/bPWUhngyUW7tZglgahP5CkB+oxh8iidEy+gUVVScyc0nlI3udZqQq3j5f+3kSjSSnp7bjDni7I/ubfyB2N3Ltve1SjtVH1/v5CjGysKlzXdZyCPzl1VHqIyfER3qnz9CmUJSK2xeWfIdNpyD8i4s5dxE1e82wFzYjfz9OOAdPRjQVhoKNSobNEZoMrKx3zkMpkSus8FsfLWKt+w1z1ghnHUrlFo8EHTiOjK/lr4soW8p3vaKiyBvQj3JHUueJbV6EXla88VUXtm1SNlz3gLL0ryx9vmgLzHFMxVHhhmb2vdEzmw/qbSafq8WP2XE3ZgspHjWttrMeH8ks9JzQV8o2g+ZCio44w+Us+U6lf5jmlsRde1FV0vv7yTRjpipTv46sTGD2sC5HhkcrnZHWPyZzsj00pPTBsm81Fv+bv/MAOOuiggw466KCDDjrooIMOOuiggw466KCDDjrooIMOOuiggw46qIf/A1uzBPcAeAAA + chart: H4sIAAAAAAAAA+0ca2/cNjKf9SsIpYe2h0j78NoOBORQ13YT3yW2YftSHIoi0Er0rmKtqJKSH03z32/40lurlZ04TSvCgFfUzHBIzgyHw6EWLvVxhKmFbxMcsYBEVkzJdeBD1Qonbjh68uAyhrK7vS3+Q6n+F78nW7PJdHu6s8PrJztb49kTtP3wprtLyhKXIvSEEpKsg+t6/5WWRef87y9dmth37iq8bxt8gndms9b5n27NyvM/harxEzT+lB1tK3/z+Xfj4C2mfN4ddD0x3DjOHs2JPTYNHzOPBnEiqvbQKxyukMdFAl0SipIlRi+VCKE3XF7QqRIflEmUEbkr7KBOUTOuddNjG9o2vvTY/B1Kt/77xLMX5CFtdOn/9tZuxf7vzsbbg/4/RhmNFsRZcAlwE4zYElkeMm17BH/XOPIJHS2CZJnObY+sRlpY8h9L17saaXTLI1FCSRiC7FC8CFgCtSBRNpAtCxWy0TffeW6CZEtvD8/Oj06Ov1eP+NZdxSEetZHjaxHaly9PQzfCjiR6FF1SF6BSL0mprvyZ0CtM5YNpGKMROgWe3QVWVgxH7jzEDJWGIY1joiycqgyihTB2HqEUewnKeUMl3oy4SP3Pb8K69T/BMBkwKuzenmBv/2863hpPB//vMUqf+X+3xGEMS7SdxL18wQ77P5lOdyrzP92ZDvb/UcqHDxby8WUQYWRyN81E1sePRrerxvFgfRDQRpFI6M5xyGxwJO0rfCfJiYd0jmmEQY7sgIx4UyUaLSSu3TBVPH34gILIC1M/49RGCnENI3XcKoOcioNaIFT7oqV6L4IIhCfysEC3z3CIXYbtY2CukbOMtWAFK4TkDCH+JrhES5edUnh/i0y2dKfbOw40+5Y3D01xeDtxFyjDiGkQJZfI/Af74R+sCklxTFiQEHq3jgT0ETcRdO5NEDpb6Hd1Qnwch+RuhaNE+fmZcLARbD2Kw/WlteLvU/rYf/B5LoPFyo0tMfnX4AcRahGYzRsaJLg1RtDl/892tir2f5dXDfb/EYqyPiWtfism9kTPq7R9pTDBVRD5DnfBQR7euLHBJcV3E9cBSyA3+83WullwFBID17nBlIpqaWSkYXYazDkn/wdUgiwnaMahNTuiRfauLKUO+oMTWdvrMrmCUfvSU/ZJy730v2c0sEP/tye72xX935rMJoP+P0b5VIqdycZnVWbZSqbCCIplWeJ/sSNCcG0tx3Ym2sxWBLTU215IUh+8DzeMl+5EEMqGQO3v5WCkcn9vVOyloueFAfAKkBEYEQCTPQR+K/WOqAVmPQ/HvB4YSy7uYszEUFH8WxpQ7COzg75dJ4ACluGbXfw14SuWxSDr2p5cFTD7sVNEzPj4Le47KoDRr12OkLU3TylLerYocPq1KVHKS0qzVK1cbwme85FYwTSfpUqhPQn5Hw+IrUVuXcyaW76Erty4YXgE00IjN5Q7k5yJtvdr+Gkl2ZM1vKCYsQPMkiASKpkxVX+zhp0GMq2MCOKJ52vtZeAnwKjqR67mLmPH2jxWWwJMW6HYGWQudoDuglUMkrtubAVYkFnXu0rjnBPmLbGfhu2MSARbwxXZ8HGYuOeRG7MlSU4xDYjfRaYBJTd9sLJiupf6QaL5k7HWRqpFcFvBaVIur7wg53GYRlcb0CrBF4k1S1QruGxoib0LcoWj7pY0ZI7LBeq2G1GAlVp8RZQp6mqQA5YwTwndDJMD5phJyA43HdEcttTy/t5PAZe8kmvd1roEznXueV3lKmrmp5SwXNLXzL9WF4HRPf+t4Lqp2KVJwG2EdAXWWJUyqQpe3tnJtMHCiE3IaRqGpyQMvEZjUAFp71IGeI49irlCecTH/gHxrrRD8+/zk+Na0xI8V7FGrLWcdTf4V91JfZ2lz/4vD+D12wCu3/9NJpPtav7H1tb2kP/xKKW4bdKRWLkDOshme+Nd4GfZ+7EYe7xhiq8DzuergFvZu9fBChwLNBZvYjCHLisZJlW5T9JILXMMeOEhHkf50Ym3fL0ZHzuSgNYERaAwKMJLiSKSaL9TLx0bhtcyTxBWxiuWrgqhVqGEzXGz0jR8JwL46Bv7QnFp/wgDf+omS2RuFLk1vxddlocPwEORr8pS1cLq2tDAPZjdiC0YXRc40yMMw0UDTy/j5x4FAY8WpdWcEgBa4jQ7iHKQ2XB+Y7ZgME6T4yQ0xTnQU37O4aZhghQLfMBiwrsZRIV0AYuCQAYr3EI9Fu6bWRBkRU65a2b7nGil0gARTm4IBWWuxTsSormwYHgYpiAIoP5hSG6wvxm+D1LeDyNO56CQloLpjU2Da55ishE6bO1ISj0YvDohQLNgt0ISZvHDvHwArMSLrdlsK6fcYRWeZ46qslBCLWCiXdh302wirC6TKYtQzPLM187ePn50aq/lCZxZptPiRkqMuORAZvpMVitQpFx8LDRqcA6kOVrexZgWIMsuQzEPCGhCm0VYSxkE6xI2AC9GsJ0cNQ+NMgSjQtCvSoa3EvMMIGjnlld4KaUwNxbF/AEaYC/KzqriK/stsO0c8/wu8lhxXHhLSwye/By7iZUtby/WrG5NiEAb31gBD35cwwgxzp/fylyGZwu8I4V2LrGqrQSlvKf+Q1HG7xqMYBERaIXEWIZErXzha21AoJxojL0MoUr7RiRr9e+BxOvi/AbPQfGvtPz1nMsKtjIa3F4XuVJQ+2o/KIDKO21JzQ8YX6AKqlLqnHqdR6F5eOo9rCbIfGa20VJtNxH6Wb1qoVJxU8pLTqkt9cqagxG0XN/nUbQXTutytc6DUAoSJst2avJ9EyOZbVLJBMVOZ1ZfvSvi4ui6aOOkbX59uHdwePbu8PXh/sXRyfG74703h+ene/uHGSRCIhXkJ1isnUIlD4Xi0D/Dl+VaVc89GifzFO1M4u7rH2p+j97svTx8C8yenL07eXt49vPZ0UWNVweNRBJi4fBz1Hgaum6SwuAaRpKxU0rmuNjHZZLEL/NYgSyx6O9Iztrv5VfVuFTz1PLCg5O8l68uLk4LL4IoSAI3PMChe6csoYMm4wyCYtcPevPKse4ehdVto9gAq0uhtjDSahTIZU5FLbi3ibkRLmZCPBI66GL/tBoyypylIk5W2RTsyjH+QJEOaY0bQlq8XJMwXeE3fBvW0GVpTAusrjigVJtu1+ChatSWjdDETE2VCnBchk6iEJwtvidoVyc+P4GH9zyPEz7udgufIvfykgvTnZPVcPHx98B732t4hbKDqIMUtliLcxnnh19HYg1W1Ye32EuLB5JP1bgIN/e8tFHWL8WA8E3z4W3M7XRxo5tDWOgK37Wm02UJdzU8hKRDAa2io6jhtTBpDQ3yJjdI3iujJSQmIVnc/YfzapaT+paEJWIiFI4U4Jo7X5FATx+ZF43Mxifmuqgt5BviA95sqm1bL/HeTLj789ulLGt4H8K9f9rSJ/4LdgfcSZqKy2Dz1F/gzQLBnfd/ZpX7P/BjdzrEfx+jKNOySNB3PFTVFD39Hk2qKYCxCB+MridzEBEdMD4l/kEmHj8K8fhzRI5hO/nfyL12g5BvhQR5ls47O/zgiPHXYPr66D+du959LgJ36P9sZ1K7/zHh978H/f/8hafPFTVbzLGbJktCg9/llbar58IvyrMDZarGGQlxH/3uo7k0DbnHZfGsvpeUpLFwvyxUyOQrR3aN0paFg6qEEiYfCsG+hpoRyECSyhflYFhjXRFcRp5Kv/PX4CXNFTvcGAoHO2Dyxw23JuJXnP1KYxhLXO92Wzy73msZbvWz2jIT5j/NOnGPEOqrJCg113W6whZXqHmw7REeYK1XD2xD1wvTL99VAswAyh+EeeZZmWKE65YsC6M2z0XbcJum+MePQ8WPeTZBrdohEfxVIPZFpRuhRYA4KEhw4UXh7KJtdLLlkVUeR7ALdMPgdy2F4KPDVlv8ZCIZIxN4ud1QUOpwSj7lJ/u15xHz3BArcmL7yooPrtzLsqLOgV7hWgUP8UH/ZH0OUXv1nszlD/A28x8j2K1JAU8TcRlXBT68YnKuBIddX+B3wHjAFlnpERYXlIL8rZoN4eQEG+mQSra0mRsLxWycQY7ZTQqki/AhXycLQCMBZyWEkdHgcvYrxJ/KTGiLO0LBZeChNruqwBLXu2psUCdvlmb1JuD61neoNCm7X5vZk5ZnXVEW3a7WdYJWV+MigWsDev4GKxHAAHc0UBKfP/ZZKB6yFEKL/AiF+qzy2IuBBzkKP0oV/2z+AjShYvB6mNZwaGRJ/gVPpoMf2DC8h8VGKI9EPi8F8z7N/ubx/b8+/r8y+b23AB3+/3R7Vs3/mu5sDff/HqU03v9Rov3pd++1HKlNkjYuKVnxk+HQt3giiDg7Qd/+8sHUxxqmY17sn5rPTP7OdDY7Hvn467f9OBCJIxj7lkwAskBswFQyS2WLlBir8lE+FH1W5fxevOjTonV8PNYAZbNv6ZCJ4qAQM4F2K5H20rko8CiJmjBANcRKe9zeA4LI4zF7cQoukyVWkYzTPA8AhjDgWYT50mrIQ4OLk4MTB10sAyZXJb41oAR8Pn7zBxwQWE7BQPoiES0iKCTRAlNgBzxLn2d/8Q/HXKYiuQKd4RW5xrxqhVyGGCER/1/7tM4P1xN7d5t/FgDNMY5gTRca5dv9JEVG6qx6t0WaU5NA34v+J1OC+8T3EnFTTS3mR/wcNg/cbZbZmR3IWurwdzbbEuNQPjkVR0dilHodxH5pG7+u3GP9V1u+zd2Arvj/dDaprP+z6XjI/36Usm79167tFw3if+kB+ouXbv2XB+8P+QBoh/5vTXer3/8Yz3aH+P+jFJl2LGIGOs3YQYulR7WDpqIkTbnAlU9C8bVx4SCxVvD9cFxIQt4Lb9w7ZhjFYzYHTYw8UoE+fDSMgovgoOfj52MjT70SFRPDKGRMqk8CZIF8uaeoZIHKxKtyCH8NYBYzljBN+bcO2uLZDTLcv67NtrRXB126IcOGUU/zdNAvvxqVpE1RZzxFTXkf/Lolz2oJ1H3wp4UMkNhNmcwwFcljhsx+kQN+Vpzu/AuPuYNe/DkPyXy0crl7NZqnQQhuNCc9ktf7eB63oZOPClSlDC0IWYT4XZ4XL3Etd+XvzBSakBtzi39uVlZkH4Kd2JOJfft192pS65X5rxe8Z1P5wrZtwyj5j44hc8V0wh/3Ro2nT6Eu4XFtJj5MqXTlGcL2wkZM33SZ3yHh1OfXSgBTKxYnDHTk5ZjsoorGFS8NfbVW351RSW2Gl7HW/FWLpm9awD6JqzsHGr1nJNK6kn9fohFCfPlhMpYpROqzDBOhc+WvH3C9aLz3L1+0fqVA4WVX+is3jfPr/LpCX9CXDJXu3Gc37g2dBlW/RW80XYfPLjBLW9B4zb0GU7iOLp7kBXP9Qtwa1w9CdOSWJb/brV+qu9pGpe+lO9YNjdfvQnOz3XDp5OjyGHoP84JFaLTxgnHb9WIj+/yg1APNtl5u1PddBs9wKEMZylCGMpShDGUoQxnKUIYylKEMZShDGcpQhjKUoQylqfwfDhFVpwB4AAA= values: image: - tag: v0.20.20 + tag: v0.21.1 --- apiVersion: core.gardener.cloud/v1beta1 kind: ControllerRegistration diff --git a/go.mod b/go.mod index da0afdb97..7e4de8db7 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/gardener/etcd-druid v0.15.3 - github.com/gardener/gardener v1.67.3 + github.com/gardener/gardener v1.71.6 github.com/gardener/gardener-extension-networking-calico v1.27.2 github.com/gardener/gardener-extension-networking-cilium v1.19.0 github.com/gardener/machine-controller-manager v0.49.3 @@ -53,6 +53,7 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.15.0 // indirect + github.com/fluent/fluent-operator/v2 v2.2.0 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/gardener/hvpa-controller/api v0.5.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect @@ -88,7 +89,7 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/kubernetes-csi/external-snapshotter/v2 v2.1.4 // indirect + github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 // indirect github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect github.com/lestrrat-go/blackmagic v1.0.1 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect @@ -153,9 +154,9 @@ require ( k8s.io/helm v2.16.1+incompatible // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-aggregator v0.26.2 // indirect + k8s.io/kube-aggregator v0.26.3 // indirect k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/metrics v0.26.2 // indirect + k8s.io/metrics v0.26.3 // indirect k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20221212190805-d4f1e822ca11 // indirect sigs.k8s.io/controller-tools v0.11.3 // indirect diff --git a/go.sum b/go.sum index a062dccaa..14cc96422 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,6 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/container-storage-interface/spec v1.1.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4= -github.com/container-storage-interface/spec v1.2.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4= github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o= github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -100,7 +98,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -109,7 +106,6 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etly github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -126,7 +122,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -135,14 +131,16 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= +github.com/fluent/fluent-operator/v2 v2.2.0 h1:97CiP6WKOHRM7zY/zCynX187Rg+T8hgx2JzD2iuJof8= +github.com/fluent/fluent-operator/v2 v2.2.0/go.mod h1:v/q0zLEOWP6MKHP7xvrhtASZTwlrk4LcCne/kgPQ7J0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/gardener/etcd-druid v0.15.3 h1:IMsJTaUaSOXusfgOOF5GX5eJ0o1CI/9XtKzgxwWJ0Eo= github.com/gardener/etcd-druid v0.15.3/go.mod h1:VTxoQXmaE2RSP+LQS5qWUDoXzmdK6xlKLUdFhaGu6KM= -github.com/gardener/gardener v1.67.3 h1:fF8v61CPi2rwCJbzGjNA9n7XXvKBUxK/F8hLq9tIEeo= -github.com/gardener/gardener v1.67.3/go.mod h1:LOelF1QZM+flQ9qbEBOY73JJJSnyLd8fuZ2pQfreGxU= +github.com/gardener/gardener v1.71.6 h1:eGQ4SD4Loi1YOb6Uj3fnPt5B/NkFL7/s7GkX/3mSPsc= +github.com/gardener/gardener v1.71.6/go.mod h1:l6FaKO0wqF2qaUe4Zh05/CYGMNDAOuoqRGfHUnbjQ74= github.com/gardener/gardener-extension-networking-calico v1.27.2 h1:9tOq6VtQ6gIkrYUZFQw1y8k9QNbS8kYqr5fqtq3FuMo= github.com/gardener/gardener-extension-networking-calico v1.27.2/go.mod h1:MURFRmYPHiXSfmJ82S3nXH3qGcszeYQwhMVKn/J5XoU= github.com/gardener/gardener-extension-networking-cilium v1.19.0 h1:gL5cAiKvAlvQyNSwbx94uyRkNRnc9pItVSDkPgUmIWg= @@ -257,7 +255,6 @@ github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -265,7 +262,6 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -320,7 +316,6 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -350,7 +345,7 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= @@ -370,7 +365,6 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -380,9 +374,9 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -408,10 +402,8 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kubernetes-csi/csi-lib-utils v0.7.1/go.mod h1:bze+2G9+cmoHxN6+WyG1qT4MDxgZJMLGwc7V4acPNm0= -github.com/kubernetes-csi/csi-test v2.0.0+incompatible/go.mod h1:YxJ4UiuPWIhMBkxUKY5c267DyA0uDZ/MtAimhx/2TA0= -github.com/kubernetes-csi/external-snapshotter/v2 v2.1.4 h1:5k854kIoa81t4A0BhVAXV/VcNKklXwdPyGrvkCDoZC4= -github.com/kubernetes-csi/external-snapshotter/v2 v2.1.4/go.mod h1:2ar8FelpdkUJaoqp8cQpucBd8pir8c1K5BQIVZwUbJI= +github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 h1:nHHjmvjitIiyPlUHk/ofpgvBcNcawJLtf4PYHORLjAA= +github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0/go.mod h1:YBCo4DoEeDndqvAn6eeu0vWM7QdXmHEeI9cFWplmBys= github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A= github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80= @@ -472,7 +464,6 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= @@ -491,8 +482,6 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= @@ -526,7 +515,6 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -547,7 +535,6 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.11.0 h1:5EAgkfkMl659uZPbe9AS2N68a7Cc1TJbPEuGzFuRbyk= github.com/prometheus/procfs v0.11.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -580,7 +567,6 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -659,9 +645,7 @@ golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= @@ -800,14 +784,12 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220220014-0732a990476f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -821,6 +803,7 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -876,6 +859,7 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -883,7 +867,6 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -925,6 +908,7 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= @@ -953,9 +937,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -994,7 +975,6 @@ google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBr google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191220175831-5c49e3ecc1c1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= @@ -1101,17 +1081,16 @@ istio.io/api v0.0.0-20230217221049-9d422bf48675 h1:dxHqYbJwurfq+x2OOG4WP+NkbyjUR istio.io/api v0.0.0-20230217221049-9d422bf48675/go.mod h1:owGDRg9uqMob8CN1gxaOzk6nJxnbT8wrP7PmggpJHHY= istio.io/client-go v1.17.1 h1:W0kQXYCzIluA/20zLzxeNF7bNMJXXArmGYRt/MIg2io= istio.io/client-go v1.17.1/go.mod h1:mLTRYYFxHctzUbt8Iclgj+Sueq34+qC2ZEJTn6BxRuE= -k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= k8s.io/api v0.18.8/go.mod h1:d/CXqwWv+Z2XEG1LgceeDmHQwpUJhROPx16SlxJgERY= +k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= -k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apimachinery v0.17.1-beta.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig= +k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs= k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= @@ -1122,11 +1101,10 @@ k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0 h1:pH6AsxeBZcyX6KBqcnl7SPIJqbN k8s.io/autoscaler/vertical-pod-autoscaler v0.13.0/go.mod h1:LraL5kR2xX7jb4VMCG6/tUH4I75uRHlnzC0VWQHcyWk= k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= -k8s.io/code-generator v0.0.0-20191121015212-c4c8f8345c7e/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= +k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/code-generator v0.26.3 h1:DNYPsWoeFwmg4qFg97Z1cHSSv7KSG10mAEIFoZGTQM8= k8s.io/code-generator v0.26.3/go.mod h1:ryaiIKwfxEJEaywEzx3dhWOydpVctKYbqLajJf0O8dI= -k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k= k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g= k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E= @@ -1144,30 +1122,23 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-aggregator v0.26.2 h1:WtcLGisa5aCKBbBI1/Xe7gdjPlVb5Xhvs4a8Rdk8EXs= -k8s.io/kube-aggregator v0.26.2/go.mod h1:swDTw0k/XghVLR+PCWnP6Y36wR2+DsqL2HUVq8eu0RI= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= +k8s.io/kube-aggregator v0.26.3 h1:nc4H5ymGkWPU3c9U9UM468JcmNENY/s/mDYVW3t3uRo= +k8s.io/kube-aggregator v0.26.3/go.mod h1:SgBESB/+PfZAyceTPIanfQ7GtX9G/+mjfUbTHg3Twbo= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= k8s.io/kubelet v0.26.3 h1:6WT2dX/39cvc3q25xkFmMIT2EoV+gS/8gxZmUiDvG4U= k8s.io/kubelet v0.26.3/go.mod h1:yd5GJNMOFLMKxP1rmZhg6etbYAbdTimF87fBIBtRimA= -k8s.io/kubernetes v1.14.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/metrics v0.18.3/go.mod h1:TkuJE3ezDZ1ym8pYkZoEzJB7HDiFE7qxl+EmExEBoPA= -k8s.io/metrics v0.26.2 h1:2gUvUWWnHPdE2tyA5DvyHC8HGryr+izhY9i5dzLP06s= -k8s.io/metrics v0.26.2/go.mod h1:PX1wm9REV9hSGuw9GcXTFNDgab1KRXck3mNeiLYbRho= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +k8s.io/metrics v0.26.3 h1:pHI8XtmBbGGdh7bL0s2C3v93fJfxyktHPAFsnRYnDTo= +k8s.io/metrics v0.26.3/go.mod h1:NNnWARAAz+ZJTs75Z66fJTV7jHcVb3GtrlDszSIr3fE= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -1180,9 +1151,9 @@ sigs.k8s.io/controller-tools v0.11.3/go.mod h1:qcfX7jfcfYD/b7lAhvqAyTbt/px4GpvN8 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/pkg/admission/mutator/defaulter.go b/pkg/admission/mutator/defaulter.go index 0e9278d2d..9fa40c994 100644 --- a/pkg/admission/mutator/defaulter.go +++ b/pkg/admission/mutator/defaulter.go @@ -87,8 +87,17 @@ func (d *defaulter) defaultInfrastructureConfig(shoot *gardenv1beta1.Shoot) erro } func (d *defaulter) defaultNetworking(shoot *gardenv1beta1.Shoot) error { - if shoot.Spec.Networking.Type == "" { - shoot.Spec.Networking.Type = d.c.networkType() + if len(shoot.Spec.Provider.Workers) == 0 { + // this is the workerless shoot case, don't default a network configuration + return nil + } + + if shoot.Spec.Networking == nil { + shoot.Spec.Networking = &gardenv1beta1.Networking{} + } + + if pointer.SafeDeref(shoot.Spec.Networking.Type) == "" { + shoot.Spec.Networking.Type = pointer.Pointer(d.c.networkType()) } if shoot.Spec.Networking.Pods == nil { @@ -104,7 +113,7 @@ func (d *defaulter) defaultNetworking(shoot *gardenv1beta1.Shoot) error { return nil } - switch shoot.Spec.Networking.Type { + switch pointer.SafeDeref(shoot.Spec.Networking.Type) { case "calico": err := d.defaultCalicoConfig(shoot) if err != nil { diff --git a/pkg/admission/mutator/defaulter_test.go b/pkg/admission/mutator/defaulter_test.go index ab0cc77a0..cd81cdfca 100644 --- a/pkg/admission/mutator/defaulter_test.go +++ b/pkg/admission/mutator/defaulter_test.go @@ -87,8 +87,8 @@ func Test_defaulter_defaultShoot(t *testing.T) { Enabled: pointer.Pointer(true), }, }, - Networking: gardenv1beta1.Networking{ - Type: "cilium", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("cilium"), ProviderConfig: mustEncode(t, completeCiliumSpec), Pods: pointer.Pointer("10.240.0.0/14"), Services: pointer.Pointer("10.248.0.0/19"), @@ -125,9 +125,6 @@ func Test_defaulter_defaultShoot(t *testing.T) { Kubelet: &gardenv1beta1.KubeletConfig{ MaxPods: pointer.Pointer(int32(250)), }, - KubeProxy: &gardenv1beta1.KubeProxyConfig{ - Enabled: pointer.Pointer(true), - }, }, Provider: gardenv1beta1.Provider{ InfrastructureConfig: &runtime.RawExtension{ @@ -139,22 +136,6 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, - Networking: gardenv1beta1.Networking{ - Type: "calico", - Pods: pointer.Pointer("10.240.0.0/13"), - Services: pointer.Pointer("10.248.0.0/18"), - ProviderConfig: &runtime.RawExtension{ - Object: &calicoextensionv1alpha1.NetworkConfig{ - Backend: pointer.Pointer(calicoextensionv1alpha1.None), - IPv4: &calicoextensionv1alpha1.IPv4{ - Mode: pointer.Pointer(calicoextensionv1alpha1.Never), - }, - Typha: &calicoextensionv1alpha1.Typha{ - Enabled: false, - }, - }, - }, - }, }, }, }, @@ -187,8 +168,8 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, - Networking: gardenv1beta1.Networking{ - Type: "calico", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("calico"), ProviderConfig: &runtime.RawExtension{ Object: &calicoextensionv1alpha1.NetworkConfig{ Backend: pointer.Pointer(calicoextensionv1alpha1.Bird), @@ -221,8 +202,8 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, - Networking: gardenv1beta1.Networking{ - Type: "calico", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("calico"), Pods: pointer.Pointer("10.240.0.0/14"), Services: pointer.Pointer("10.248.0.0/19"), ProviderConfig: &runtime.RawExtension{ @@ -257,6 +238,9 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, + Workers: []gardenv1beta1.Worker{ + {}, + }, }, }, }, @@ -284,9 +268,12 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, + Workers: []gardenv1beta1.Worker{ + {}, + }, }, - Networking: gardenv1beta1.Networking{ - Type: "calico", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("calico"), Pods: pointer.Pointer("10.240.0.0/13"), Services: pointer.Pointer("10.248.0.0/18"), ProviderConfig: &runtime.RawExtension{ @@ -327,9 +314,12 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, + Workers: []gardenv1beta1.Worker{ + {}, + }, }, - Networking: gardenv1beta1.Networking{ - Type: "cilium", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("cilium"), }, }, }, @@ -357,9 +347,12 @@ func Test_defaulter_defaultShoot(t *testing.T) { }, }, }, + Workers: []gardenv1beta1.Worker{ + {}, + }, }, - Networking: gardenv1beta1.Networking{ - Type: "cilium", + Networking: &gardenv1beta1.Networking{ + Type: pointer.Pointer("cilium"), Pods: pointer.Pointer("10.240.0.0/13"), Services: pointer.Pointer("10.248.0.0/18"), ProviderConfig: &runtime.RawExtension{ diff --git a/pkg/apis/metal/helper/helper.go b/pkg/apis/metal/helper/helper.go index 70fc26a0a..f12f0a414 100644 --- a/pkg/apis/metal/helper/helper.go +++ b/pkg/apis/metal/helper/helper.go @@ -51,7 +51,7 @@ func ImagePullPolicyFromString(policy string) corev1.PullPolicy { func GetNodeCIDR(infrastructure *extensionsv1alpha1.Infrastructure, cluster *extensionscontroller.Cluster) (string, error) { var nodeCIDR string - if cluster.Shoot.Spec.Networking.Nodes != nil { + if cluster.Shoot.Spec.Networking != nil && cluster.Shoot.Spec.Networking.Nodes != nil { nodeCIDR = *cluster.Shoot.Spec.Networking.Nodes } else if infrastructure != nil && infrastructure.Status.NodesCIDR != nil { nodeCIDR = *infrastructure.Status.NodesCIDR diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index 3bcf0a86e..7d6ec1964 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -14,6 +14,7 @@ import ( "github.com/gardener/gardener/extensions/pkg/util" "github.com/metal-stack/metal-go/api/client/network" "github.com/metal-stack/metal-go/api/models" + "github.com/metal-stack/metal-lib/pkg/pointer" "github.com/metal-stack/metal-lib/pkg/tag" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -199,14 +200,6 @@ var controlPlaneChart = &chart.Chart{ // cloud controller manager {Type: &corev1.Service{}, Name: "cloud-controller-manager"}, {Type: &appsv1.Deployment{}, Name: "cloud-controller-manager"}, - - // network policies - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-dns"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-any"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-http"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-https"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-ntp"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-vpn"}, }, } @@ -229,13 +222,6 @@ var cpShootChart = &chart.Chart{ {Type: &appsv1.DaemonSet{}, Name: "speaker"}, {Type: &appsv1.Deployment{}, Name: "controller"}, - // network policies - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-dns"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-any"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-http"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-https"}, - {Type: &networkingv1.NetworkPolicy{}, Name: "egress-allow-ntp"}, - // cluster wide network policies {Type: &firewallv1.ClusterwideNetworkPolicy{}, Name: "allow-to-http"}, {Type: &firewallv1.ClusterwideNetworkPolicy{}, Name: "allow-to-https"}, @@ -255,7 +241,6 @@ var cpShootChart = &chart.Chart{ {Type: &corev1.Service{}, Name: "firewall-controller-manager"}, {Type: &admissionregistrationv1.MutatingWebhookConfiguration{}, Name: "firewall-controller-manager-namespace"}, {Type: &admissionregistrationv1.ValidatingWebhookConfiguration{}, Name: "firewall-controller-manager-namespace"}, - {Type: &firewallv1.ClusterwideNetworkPolicy{}, Name: "allow-to-firewall-controller-manager-webhook"}, // firewall policy controller TODO can be removed in a future version {Type: &rbacv1.ClusterRole{}, Name: "system:firewall-policy-controller"}, @@ -671,7 +656,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c nodeInitValues := map[string]any{ "enabled": true, } - if cluster.Shoot.Spec.Networking.Type == "cilium" { + if pointer.SafeDeref(pointer.SafeDeref(cluster.Shoot.Spec.Networking).Type) == "cilium" { nodeInitValues["enabled"] = false } diff --git a/pkg/controller/infrastructure/actuator_reconcile.go b/pkg/controller/infrastructure/actuator_reconcile.go index bf8b5cbac..f3e5d7be9 100644 --- a/pkg/controller/infrastructure/actuator_reconcile.go +++ b/pkg/controller/infrastructure/actuator_reconcile.go @@ -191,7 +191,7 @@ func clearIPTags(ctx context.Context, mclient metalgo.Client, ip string) error { } func ensureNodeNetwork(ctx context.Context, r *networkReconciler) (string, error) { - if r.cluster.Shoot.Spec.Networking.Nodes != nil { + if r.cluster.Shoot.Spec.Networking != nil && r.cluster.Shoot.Spec.Networking.Nodes != nil { return *r.cluster.Shoot.Spec.Networking.Nodes, nil } diff --git a/pkg/webhook/controlplane/add.go b/pkg/webhook/controlplane/add.go index 222705678..2dbbfcdfe 100644 --- a/pkg/webhook/controlplane/add.go +++ b/pkg/webhook/controlplane/add.go @@ -8,8 +8,8 @@ import ( "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener/pkg/operation/botanist/component/extensions/operatingsystemconfig/original/components/kubelet" - oscutils "github.com/gardener/gardener/pkg/operation/botanist/component/extensions/operatingsystemconfig/utils" + "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/kubelet" + oscutils "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/utils" appsv1 "k8s.io/api/apps/v1" "sigs.k8s.io/controller-runtime/pkg/log" diff --git a/pkg/webhook/controlplane/ensurer.go b/pkg/webhook/controlplane/ensurer.go index e5c17a521..98c2fe588 100644 --- a/pkg/webhook/controlplane/ensurer.go +++ b/pkg/webhook/controlplane/ensurer.go @@ -114,6 +114,9 @@ func (e *ensurer) EnsureKubeAPIServerDeployment(ctx context.Context, gctx gconte ensureVPNSeedEnvVars(c, nodeCIDR) } if makeAuditForwarder { + // required because auditforwarder uses kube-apiserver and not localhost + template.Labels["networking.resources.gardener.cloud/to-kube-apiserver-tcp-443"] = "allowed" + err := ensureAuditForwarder(ps, auditToSplunk) if err != nil { logger.Error(err, "could not ensure the audit forwarder", "Cluster name", cluster.ObjectMeta.Name)