diff --git a/apis/apps/v1alpha1/nebulacluster.go b/apis/apps/v1alpha1/nebulacluster.go index 400fd4d0..f8783c81 100644 --- a/apis/apps/v1alpha1/nebulacluster.go +++ b/apis/apps/v1alpha1/nebulacluster.go @@ -130,6 +130,13 @@ func (nc *NebulaCluster) AutoMountServerCerts() bool { return nc.Spec.SSLCerts != nil && pointer.BoolDeref(nc.Spec.SSLCerts.AutoMountServerCerts, false) } +func (nc *NebulaCluster) SslServerName() string { + if nc.Spec.SSLCerts != nil { + return nc.Spec.SSLCerts.ServerName + } + return "" +} + func (nc *NebulaCluster) IsGraphdSSLEnabled() bool { return nc.Spec.Graphd.Config["enable_graph_ssl"] == "true" } diff --git a/apis/apps/v1alpha1/nebulacluster_common.go b/apis/apps/v1alpha1/nebulacluster_common.go index 1fc4080e..ce80499f 100644 --- a/apis/apps/v1alpha1/nebulacluster_common.go +++ b/apis/apps/v1alpha1/nebulacluster_common.go @@ -399,6 +399,10 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe initCmd += " --insecure_skip_verify" brCmd += " --insecure_skip_verify" } + if nc.SslServerName() != "" { + initCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName + brCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName + } } if init { @@ -411,6 +415,12 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe Name: AgentSidecarContainerName, Image: DefaultAgentImage, Command: cmd, + Ports: []corev1.ContainerPort{ + { + Name: AgentPortNameGRPC, + ContainerPort: int32(DefaultAgentPortGRPC), + }, + }, } imagePullPolicy := nc.Spec.ImagePullPolicy if imagePullPolicy != nil { @@ -425,34 +435,33 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe agentImage = fmt.Sprintf("%s:%s", agentImage, nc.Spec.Agent.Version) } container.Image = agentImage + container.Env = nc.Spec.Agent.EnvVars container.Resources = nc.Spec.Agent.Resources } - if nc.IsBREnabled() { - if c.ComponentType() == MetadComponentType { - container.VolumeMounts = []corev1.VolumeMount{ - { - Name: dataVolume(componentType), - MountPath: "/usr/local/nebula/data", - SubPath: "data", - }, - } - } else if c.ComponentType() == StoragedComponentType { - container.VolumeMounts = getStoragedDataVolumeMounts(c) - } - - container.Ports = []corev1.ContainerPort{ + volumeMounts := make([]corev1.VolumeMount, 0) + if c.ComponentType() == MetadComponentType { + dataVolumeMounts := []corev1.VolumeMount{ { - Name: AgentPortNameGRPC, - ContainerPort: int32(DefaultAgentPortGRPC), + Name: dataVolume(componentType), + MountPath: "/usr/local/nebula/data", + SubPath: "data", }, } + volumeMounts = append(volumeMounts, dataVolumeMounts...) + } else if c.ComponentType() == StoragedComponentType { + dataVolumeMounts := getStoragedDataVolumeMounts(c) + volumeMounts = append(volumeMounts, dataVolumeMounts...) } - if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && nc.IsBREnabled() && !EnableLocalCerts() { + if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && !EnableLocalCerts() { certMounts := getClientCertVolumeMounts() - container.VolumeMounts = append(container.VolumeMounts, certMounts...) + volumeMounts = append(volumeMounts, certMounts...) } + if nc.Spec.Agent != nil { + volumeMounts = append(volumeMounts, nc.Spec.Agent.VolumeMounts...) + } + container.VolumeMounts = volumeMounts return container } @@ -706,33 +715,31 @@ do done ` - if len(dynamicFlags) > 0 { - envVars := []corev1.EnvVar{ - { - Name: "MY_IP", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ - FieldPath: "status.podIP", - }, + envVars := []corev1.EnvVar{ + { + Name: "MY_IP", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "status.podIP", }, }, - { - Name: "HTTP_PORT", - Value: strconv.Itoa(int(ports[1].ContainerPort)), - }, - { - Name: "SCRIPT", - Value: script, - }, - } - baseContainer.Env = append(baseContainer.Env, envVars...) - baseContainer.Lifecycle = &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`}, - }, + }, + { + Name: "HTTP_PORT", + Value: strconv.Itoa(int(ports[1].ContainerPort)), + }, + { + Name: "SCRIPT", + Value: script, + }, + } + baseContainer.Env = append(baseContainer.Env, envVars...) + baseContainer.Lifecycle = &corev1.Lifecycle{ + PostStart: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`}, }, - } + }, } containers = append(containers, baseContainer) diff --git a/apis/apps/v1alpha1/nebulacluster_types.go b/apis/apps/v1alpha1/nebulacluster_types.go index 680a40b7..60d93d13 100644 --- a/apis/apps/v1alpha1/nebulacluster_types.go +++ b/apis/apps/v1alpha1/nebulacluster_types.go @@ -100,7 +100,6 @@ type NebulaClusterSpec struct { // +optional EnableAutoFailover *bool `json:"enableAutoFailover,omitempty"` - // +kubebuilder:default="5m" // +optional FailoverPeriod metav1.Duration `json:"failoverPeriod,omitempty"` @@ -299,6 +298,7 @@ type AgentContainerSpec struct { Image string `json:"image,omitempty"` // Version tag for container image. + // +kubebuilder:default=latest // +optional Version string `json:"version,omitempty"` @@ -310,9 +310,6 @@ type AgentContainerSpec struct { // +optional EnvVars []corev1.EnvVar `json:"env,omitempty"` - // +optional - Volumes []corev1.Volume `json:"volumes,omitempty"` - // +optional VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` } @@ -366,6 +363,13 @@ type SSLCertsSpec struct { // +optional InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` + // ServerName is used to verify the hostname on the returned + // certificates unless InsecureSkipVerify is given. It is also included + // in the client's handshake to support virtual hosting unless it is + // an IP address. + // +optional + ServerName string `json:"serverName,omitempty"` + // AutoMountServerCerts controls whether operator mounts server's // certificate from secret. // +optional diff --git a/apis/apps/v1alpha1/nebularestore_types.go b/apis/apps/v1alpha1/nebularestore_types.go index 28ba9c87..0eea7092 100644 --- a/apis/apps/v1alpha1/nebularestore_types.go +++ b/apis/apps/v1alpha1/nebularestore_types.go @@ -28,6 +28,7 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:resource:shortName="nr" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`,description="The current status of the restore" +// +kubebuilder:printcolumn:name="RESTORED-CLUSTER",type=string,JSONPath=`.status.clusterName`,description="The name of restored nebula cluster" // +kubebuilder:printcolumn:name="Started",type=date,JSONPath=`.status.timeStarted`,description="The time at which the restore was started" // +kubebuilder:printcolumn:name="Completed",type=date,JSONPath=`.status.timeCompleted`,description="The time at which the restore was completed" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` diff --git a/apis/apps/v1alpha1/zz_generated.deepcopy.go b/apis/apps/v1alpha1/zz_generated.deepcopy.go index fc627683..a7babde1 100644 --- a/apis/apps/v1alpha1/zz_generated.deepcopy.go +++ b/apis/apps/v1alpha1/zz_generated.deepcopy.go @@ -39,13 +39,6 @@ func (in *AgentContainerSpec) DeepCopyInto(out *AgentContainerSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]v1.Volume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]v1.VolumeMount, len(*in)) diff --git a/config/crd/bases/apps.nebula-graph.io_nebulaclusters.yaml b/config/crd/bases/apps.nebula-graph.io_nebulaclusters.yaml index 9be0b892..025e5e34 100644 --- a/config/crd/bases/apps.nebula-graph.io_nebulaclusters.yaml +++ b/config/crd/bases/apps.nebula-graph.io_nebulaclusters.yaml @@ -527,735 +527,25 @@ spec: type: object type: object version: - type: string - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object + default: latest + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string required: + - mountPath - name type: object type: array @@ -3994,7 +3284,6 @@ spec: - image type: object failoverPeriod: - default: 5m type: string graphd: properties: @@ -9622,6 +8911,8 @@ spec: serverKey: default: tls.key type: string + serverName: + type: string serverSecret: type: string type: object diff --git a/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml b/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml index 677921f1..5d89dc3e 100644 --- a/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml +++ b/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml @@ -22,6 +22,10 @@ spec: jsonPath: .status.phase name: Status type: string + - description: The name of restored nebula cluster + jsonPath: .status.clusterName + name: RESTORED-CLUSTER + type: string - description: The time at which the restore was started jsonPath: .status.timeStarted name: Started diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 13951529..8e3699f1 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -69,6 +69,13 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list - apiGroups: - "" resources: diff --git a/config/samples/full-backup-job-tls-env.yaml b/config/samples/full-backup-job-tls-env.yaml index 5ec0e207..f6b15324 100644 --- a/config/samples/full-backup-job-tls-env.yaml +++ b/config/samples/full-backup-job-tls-env.yaml @@ -11,9 +11,9 @@ spec: imagePullSecrets: - name: nebula-image containers: - - image: reg.vesoft-inc.com/cloud-dev/br-ent:v3.7.0 + - name: backup + image: reg.vesoft-inc.com/cloud-dev/br-ent:v3.7.0 imagePullPolicy: Always - name: backup env: - name: CA_CERT_PATH value: /credentials/ca.crt @@ -37,8 +37,8 @@ spec: - name: credentials mountPath: /credentials - name: auth-sidecar - imagePullPolicy: Always image: reg.vesoft-inc.com/cloud-dev/nebula-certs:latest + imagePullPolicy: Always volumeMounts: - name: credentials mountPath: /credentials diff --git a/config/samples/nebulabackup-gs-tls.yaml b/config/samples/nebulabackup-gs-tls.yaml new file mode 100644 index 00000000..a8146a9e --- /dev/null +++ b/config/samples/nebulabackup-gs-tls.yaml @@ -0,0 +1,50 @@ +apiVersion: apps.nebula-graph.io/v1alpha1 +kind: NebulaBackup +metadata: + name: backup +spec: + image: reg.vesoft-inc.com/cloud-dev/br-ent + version: v3.7.0 + env: + - name: CA_CERT_PATH + value: /usr/local/certs/root.crt + - name: CLIENT_CERT_PATH + value: /usr/local/certs/client.crt + - name: CLIENT_KEY_PATH + value: /usr/local/certs/client.key + resources: + limits: + cpu: "200m" + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + imagePullSecrets: + - name: nebula-image + initContainers: + - name: init-auth-sidecar + command: + - /bin/sh + - -c + args: + - cp -r /certs/* /credentials/ + imagePullPolicy: Always + image: reg.vesoft-inc.com/cloud-dev/nebula-certs:latest + volumeMounts: + - name: credentials + mountPath: /credentials + volumes: + - name: credentials + emptyDir: + medium: Memory + volumeMounts: + - name: credentials + mountPath: /usr/local/certs + autoRemoveFinished: true + cleanBackupData: true + config: + clusterName: nebula + gs: + location: "us-central1" + bucket: "nebula-test" + secretName: "gcp-secret" \ No newline at end of file diff --git a/config/samples/nebularestore-gs.yaml b/config/samples/nebularestore-gs.yaml index 62e3dd8c..ea1b9a2d 100644 --- a/config/samples/nebularestore-gs.yaml +++ b/config/samples/nebularestore-gs.yaml @@ -18,4 +18,4 @@ spec: gs: location: us-central1 bucket: "nebula-br-test" - secretName: "gs-secret" \ No newline at end of file + secretName: "gcp-secret" \ No newline at end of file diff --git a/go.mod b/go.mod index 44f90f88..ff8addcd 100644 --- a/go.mod +++ b/go.mod @@ -21,18 +21,18 @@ require ( github.com/vesoft-inc/nebula-importer/v4 v4.0.0 github.com/vesoft-inc/nebula-operator/apis v0.0.0-00010101000000-000000000000 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.27.4 - k8s.io/apimachinery v0.27.4 - k8s.io/cli-runtime v0.27.4 - k8s.io/client-go v0.27.4 - k8s.io/code-generator v0.27.4 - k8s.io/component-base v0.27.4 - k8s.io/component-helpers v0.27.4 + k8s.io/api v0.27.10 + k8s.io/apimachinery v0.27.10 + k8s.io/cli-runtime v0.27.10 + k8s.io/client-go v0.27.10 + k8s.io/code-generator v0.27.10 + k8s.io/component-base v0.27.10 + k8s.io/component-helpers v0.27.10 k8s.io/klog/v2 v2.100.1 - k8s.io/kube-controller-manager v0.27.4 - k8s.io/kubectl v0.27.4 - k8s.io/kubernetes v1.27.4 - k8s.io/metrics v0.27.4 + k8s.io/kube-controller-manager v0.27.10 + k8s.io/kubectl v0.27.10 + k8s.io/kubernetes v1.27.10 + k8s.io/metrics v0.27.10 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 sigs.k8s.io/controller-runtime v0.15.2 sigs.k8s.io/e2e-framework v0.3.0 @@ -86,7 +86,7 @@ require ( github.com/golang/mock v1.6.0 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.0.1 // indirect - github.com/google/cel-go v0.12.6 // indirect + github.com/google/cel-go v0.12.7 // indirect github.com/google/gnostic v0.6.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.7 // indirect @@ -164,7 +164,7 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.18.0 // indirect - golang.org/x/mod v0.10.0 // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.5.0 // indirect @@ -172,7 +172,7 @@ require ( golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.9.1 // indirect + golang.org/x/tools v0.16.1 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/api v0.152.0 // indirect @@ -186,16 +186,16 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/apiextensions-apiserver v0.27.2 // indirect - k8s.io/apiserver v0.27.4 // indirect - k8s.io/cloud-provider v0.27.4 // indirect - k8s.io/controller-manager v0.27.4 // indirect + k8s.io/apiserver v0.27.10 // indirect + k8s.io/cloud-provider v0.27.10 // indirect + k8s.io/controller-manager v0.27.10 // indirect k8s.io/csi-translation-lib v0.0.0 // indirect k8s.io/dynamic-resource-allocation v0.0.0 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kms v0.27.4 // indirect + k8s.io/kms v0.27.10 // indirect k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/kube-scheduler v0.27.4 // indirect - k8s.io/kubelet v0.27.4 // indirect + k8s.io/kube-scheduler v0.27.10 // indirect + k8s.io/kubelet v0.27.10 // indirect k8s.io/mount-utils v0.0.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect @@ -205,33 +205,33 @@ require ( ) replace ( - k8s.io/api => k8s.io/api v0.27.4 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.4 - k8s.io/apimachinery => k8s.io/apimachinery v0.27.4 - k8s.io/apiserver => k8s.io/apiserver v0.27.4 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.4 - k8s.io/client-go => k8s.io/client-go v0.27.4 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.4 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.4 - k8s.io/code-generator => k8s.io/code-generator v0.27.4 - k8s.io/component-base => k8s.io/component-base v0.27.4 - k8s.io/component-helpers => k8s.io/component-helpers v0.27.4 - k8s.io/controller-manager => k8s.io/controller-manager v0.27.4 - k8s.io/cri-api => k8s.io/cri-api v0.27.4 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.4 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.4 - k8s.io/kms => k8s.io/kms v0.27.4 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.4 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.4 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.4 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.4 - k8s.io/kubectl => k8s.io/kubectl v0.27.4 - k8s.io/kubelet => k8s.io/kubelet v0.27.4 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.4 - k8s.io/metrics => k8s.io/metrics v0.27.4 - k8s.io/mount-utils => k8s.io/mount-utils v0.27.4 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.4 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.4 + k8s.io/api => k8s.io/api v0.27.10 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.10 + k8s.io/apimachinery => k8s.io/apimachinery v0.27.10 + k8s.io/apiserver => k8s.io/apiserver v0.27.10 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.10 + k8s.io/client-go => k8s.io/client-go v0.27.10 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.10 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.10 + k8s.io/code-generator => k8s.io/code-generator v0.27.10 + k8s.io/component-base => k8s.io/component-base v0.27.10 + k8s.io/component-helpers => k8s.io/component-helpers v0.27.10 + k8s.io/controller-manager => k8s.io/controller-manager v0.27.10 + k8s.io/cri-api => k8s.io/cri-api v0.27.10 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.10 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.10 + k8s.io/kms => k8s.io/kms v0.27.10 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.10 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.10 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.10 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.10 + k8s.io/kubectl => k8s.io/kubectl v0.27.10 + k8s.io/kubelet => k8s.io/kubelet v0.27.10 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.10 + k8s.io/metrics => k8s.io/metrics v0.27.10 + k8s.io/mount-utils => k8s.io/mount-utils v0.27.10 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.10 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.10 ) replace github.com/vesoft-inc/nebula-operator/apis => ./apis diff --git a/go.sum b/go.sum index caa17fb5..f474a18b 100644 --- a/go.sum +++ b/go.sum @@ -209,8 +209,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M= -github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= +github.com/google/cel-go v0.12.7 h1:jM6p55R0MKBg79hZjn1zs2OlrywZ1Vk00rxVvad1/O0= +github.com/google/cel-go v0.12.7/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -389,7 +389,7 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= @@ -536,8 +536,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -718,8 +718,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= -golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -852,55 +852,55 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs= -k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y= -k8s.io/apiextensions-apiserver v0.27.4 h1:ie1yZG4nY/wvFMIR2hXBeSVq+HfNzib60FjnBYtPGSs= -k8s.io/apiextensions-apiserver v0.27.4/go.mod h1:KHZaDr5H9IbGEnSskEUp/DsdXe1hMQ7uzpQcYUFt2bM= -k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs= -k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/apiserver v0.27.4 h1:ncZ0MBR9yQ/Gf34rtu1EK+HqT8In1YpfAUINu/Akvho= -k8s.io/apiserver v0.27.4/go.mod h1:GDEFRfFZ4/l+pAvwYRnoSfz0K4j3TWiN4WsG2KnRteE= -k8s.io/cli-runtime v0.27.4 h1:Zb0eci+58eHZNnoHhjRFc7W88s8dlG12VtIl3Nv2Hto= -k8s.io/cli-runtime v0.27.4/go.mod h1:k9Z1xiZq2xNplQmehpDquLgc+rE+pubpO1cK4al4Mlw= -k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk= -k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc= -k8s.io/cloud-provider v0.27.4 h1:FkZ1z40+YPm+nEqkojgPbjNQ3QLvU98gsFW3ZbZnrwo= -k8s.io/cloud-provider v0.27.4/go.mod h1:LpqG1hrNPQQySPWrMrNNNGl79dK0fk/yTkYUlRMoaWU= -k8s.io/code-generator v0.27.4 h1:bw2xFEBnthhCSC7Bt6FFHhPTfWX21IJ30GXxOzywsFE= -k8s.io/code-generator v0.27.4/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= -k8s.io/component-base v0.27.4 h1:Wqc0jMKEDGjKXdae8hBXeskRP//vu1m6ypC+gwErj4c= -k8s.io/component-base v0.27.4/go.mod h1:hoiEETnLc0ioLv6WPeDt8vD34DDeB35MfQnxCARq3kY= -k8s.io/component-helpers v0.27.4 h1:l1hn/Zx9mWXflo5xz1mo5RRW2g8b6rptWCG7My6rYoE= -k8s.io/component-helpers v0.27.4/go.mod h1:ayW5btpTdJkVv+CcxhzNRfWT+oPrV6T6qZ1Ay6NEJNI= -k8s.io/controller-manager v0.27.4 h1:iisi3D1AKknVAGgU1dk/HG/UusmBqeS2fCFiRAS0DnE= -k8s.io/controller-manager v0.27.4/go.mod h1:5+Fo0k+t3MDyuNLjmXzU/dJcD2c34ii8Wef+OmqhkVg= -k8s.io/csi-translation-lib v0.27.4 h1:yk/0MNZAOyTEGk/OBNMwPTe63nZYlO/FWFv+J3z5pEM= -k8s.io/csi-translation-lib v0.27.4/go.mod h1:yDQc83ATsJshOCKhvRuPSoGVJOduWvou4u7YRON4U98= -k8s.io/dynamic-resource-allocation v0.27.4 h1:1Aw6WZZvViVsxQc77gzqNbzthR92mVZB0db9u+58htg= -k8s.io/dynamic-resource-allocation v0.27.4/go.mod h1:plkvKEAgUQbEFmiGGd6FvmqMQ+oIZwKkl70Gcy5eM14= +k8s.io/api v0.27.10 h1:VFvsFZxiG3qeKyMvSOlO6hzrB7CGk6CC0XI1hniBI28= +k8s.io/api v0.27.10/go.mod h1:cDmAF4GtSVRO0+5hOY/Vo3lLCQMOp6FfrXZ94/gQwC0= +k8s.io/apiextensions-apiserver v0.27.10 h1:Dq+ttF90Rh8up2WF2rKdhMf7G8E6fR5Mld3KMVk+b50= +k8s.io/apiextensions-apiserver v0.27.10/go.mod h1:f89XD5CLnQ9cBJZmo7BmTcYt7vwpIWzZ8Pa8GnIZ6qk= +k8s.io/apimachinery v0.27.10 h1:AlOhsgdtNPMYDMJyUDsj2HZDLKOf1qPfvbbo5O9m4jg= +k8s.io/apimachinery v0.27.10/go.mod h1:IHu2ovJ60RqxyPSLmTel7KDLdOCRbpOxwtUBmwBnT/E= +k8s.io/apiserver v0.27.10 h1:CqQAgWNPKiRtnFJuOCpgvwvYxZWmPyR648SjLr7t+sc= +k8s.io/apiserver v0.27.10/go.mod h1:DX7fezKa/BllhAAbo1iyYuaqFSQE2VfLx0Km5V0jCFg= +k8s.io/cli-runtime v0.27.10 h1:tAqzwZJWhdT5/5cZKLKTiwBnaLFQNqdBRcuHtXq326E= +k8s.io/cli-runtime v0.27.10/go.mod h1:fovnmIPiOS3gCX9VjGb87HMxTJ6PnxKNz9NBj1WuT3c= +k8s.io/client-go v0.27.10 h1:ZOrDrfTSsw+66NIkFMmnamKZ9TTs8WUaV8WRc9NhtJA= +k8s.io/client-go v0.27.10/go.mod h1:PhrjLdIJNy7L8liOPEzm6wNlMjhIRJeVbfvksTxKNqI= +k8s.io/cloud-provider v0.27.10 h1:pnYTqsCvC+J21eVQrRxgtmhkaHKQFRT2+YLRQq2og7w= +k8s.io/cloud-provider v0.27.10/go.mod h1:vcXwilEL5xnMIeoVsHPnxNcq//fJV6s60VZpSLkq9C8= +k8s.io/code-generator v0.27.10 h1:QtyCMveDsjaS2vOme02iDC4RXuiKzfNQ22/T6b4XaOA= +k8s.io/code-generator v0.27.10/go.mod h1:iyFD2q65bX/xrlrGzXi2kZXiBTbTDiAzEty3jq6a0NA= +k8s.io/component-base v0.27.10 h1:1TIxq37EskUeeM0X+ovygYLBPzqYZCYcJn9+3x/lbTg= +k8s.io/component-base v0.27.10/go.mod h1:uby3jhUDcUZSh3fM8naFaKxNEHxh8K12CZZWOSd4XI4= +k8s.io/component-helpers v0.27.10 h1:Tkv7yt0+jNBI3UT4B/VIgBBUyCBnhn2m4RDxdxfqFM0= +k8s.io/component-helpers v0.27.10/go.mod h1:HB2zRH13uM4BZmAkVF3MR57LTW8tembe/v6EC/LUJro= +k8s.io/controller-manager v0.27.10 h1:epU/2CiQZQkwXrMo4xARwvg8ySoeLjHCB43GhM+Hrgk= +k8s.io/controller-manager v0.27.10/go.mod h1:+T1/IVq6VwjMbCAD3yHEWTObH1UiDplgM9YB9n7rGbQ= +k8s.io/csi-translation-lib v0.27.10 h1:z1D5s+xe+mCWDuwBVmXDmY+/PI2+qsl/1t6tLCSFVeU= +k8s.io/csi-translation-lib v0.27.10/go.mod h1:yam3zf9jVAdAFk3hljJvV0LyWfBJL96lM3FmFGxKm98= +k8s.io/dynamic-resource-allocation v0.27.10 h1:UQJTrhILrRYOBKwQgIBnzbuAEP/tfMBQBq3tE45krHA= +k8s.io/dynamic-resource-allocation v0.27.10/go.mod h1:ooxd2xQzusf/aTrDer+qIHKwlDlYeYfstx3vQr5nw7Y= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.27.4 h1:FeT17HfqxZMP7dTq3Gpa9dG05iP3J3wgGtqGh1SUoN0= -k8s.io/kms v0.27.4/go.mod h1:0BY6tkfa+zOP85u8yE7iNNf1Yx7rEZnRQSWLEbsSk+w= -k8s.io/kube-controller-manager v0.27.4 h1:XkK3gUxRuVA4Jc3v5kfDlS0YnCl+e1Jq2/wil+TiUcE= -k8s.io/kube-controller-manager v0.27.4/go.mod h1:sCie5zxAAJyTOLd84Q072K3UXHBxdUDUnZ74aB7bIvg= +k8s.io/kms v0.27.10 h1:R9Sid86pgOlST+GLhdsDb7YqwZljtr2QxdsPy7jWP9M= +k8s.io/kms v0.27.10/go.mod h1:E7q26ply5yJxZJxAasmaHhyq3JffytF/UgmvR/pIj7Y= +k8s.io/kube-controller-manager v0.27.10 h1:fDe1k2r8xDwJVYABDzgQAJhH6H6FxuntYIBtiRElkGQ= +k8s.io/kube-controller-manager v0.27.10/go.mod h1:YMCKzQRmgulRdi35Ef1+0QaKunWa4FXIKC0HsARfNEM= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kube-scheduler v0.27.4 h1:aCN06gDyCjHT4tVlpkUikR8IuSpTRIjYGIKGRjrN3no= -k8s.io/kube-scheduler v0.27.4/go.mod h1:3rbitDiZ6cNQwO7QEpt7Sk+IAyzq8uV6N5LYQkXKFUg= -k8s.io/kubectl v0.27.4 h1:RV1TQLIbtL34+vIM+W7HaS3KfAbqvy9lWn6pWB9els4= -k8s.io/kubectl v0.27.4/go.mod h1:qtc1s3BouB9KixJkriZMQqTsXMc+OAni6FeKAhq7q14= -k8s.io/kubelet v0.27.4 h1:P8+MoRx4ikcAc5eEa3k2A6kd8AXtoDRaoC8KX2HFZe4= -k8s.io/kubelet v0.27.4/go.mod h1:2y4peCA57vKEhBcDL6Q5EkPuGP7FFxj9U41NV9hk1ac= -k8s.io/kubernetes v1.27.4 h1:js5bonPoe7jgVPduNcWo6IjPTUdLzlnfhRgGmC7isM0= -k8s.io/kubernetes v1.27.4/go.mod h1:MbYZxAacYS6HjZ6VJuvKaKTilbzp0B0atzW3J8TFBEo= -k8s.io/metrics v0.27.4 h1:2s04bods7rA507iouGbxD55YrKNlFjLYzm30noOl9Sk= -k8s.io/metrics v0.27.4/go.mod h1:kRvfhFC7wCQEFvu6H92uiV7v05z3Ty/vtluYT5D2Xpk= -k8s.io/mount-utils v0.27.4 h1:Se7Cskbrg/t6g4tXvwohuTzXdmTO0feTG0BwQvSE6I4= -k8s.io/mount-utils v0.27.4/go.mod h1:vmcjYdi2Vg1VTWY7KkhvwJVY6WDHxb/QQhiQKkR8iNs= +k8s.io/kube-scheduler v0.27.10 h1:Uau6Fo5wQal4H0GV6gI+QUaSNQ7eWrBKbQ9yXQCpcqE= +k8s.io/kube-scheduler v0.27.10/go.mod h1:OwFSiHJMVxqsQr/40A48+/Gvd9QjVa9Xv/tXSDFUDjU= +k8s.io/kubectl v0.27.10 h1:qz6KWyZEf7+Z8QdoWdNMN7yvFFoIQHO8BdyrVWokJH4= +k8s.io/kubectl v0.27.10/go.mod h1:4yZ56d4/fkr7d4kb/AWYJQnAy6Us2Ok+Fb93ArV+1zw= +k8s.io/kubelet v0.27.10 h1:nZ/vCiXXCcSVsG3sDyWvwDXy1OhsWDSmNntPjheahx4= +k8s.io/kubelet v0.27.10/go.mod h1:YO6tFItG7WPkYmenMUAZX4jzNrpTvUe5Wzoq8QYqd7Y= +k8s.io/kubernetes v1.27.10 h1:/fYjGKNPgnq3hXj+MLTzUDYHFzdn9+lCFuPWu1QLM4c= +k8s.io/kubernetes v1.27.10/go.mod h1:cRLM3g95AsipdxwaEkPgIFiF+qda0y3UKHyDHVSj6ok= +k8s.io/metrics v0.27.10 h1:RP8DVJ9/Z+dj5vncqT/IrIQDPsTHeqQrnVBXuPkduac= +k8s.io/metrics v0.27.10/go.mod h1:MYOaCJy/112a5byspyWZesgZavPFb38XcsBj0MWfXkc= +k8s.io/mount-utils v0.27.10 h1:VUkSDkKTd2pQDRLjABpeUGEyq/2DrcEgZRw16ic7pWc= +k8s.io/mount-utils v0.27.10/go.mod h1:ZTpotHgWN49RtIuK0Dy98noHxs2D0hqsbKMnwnKgY44= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/hack/nebula_mtls.go b/hack/nebula_mtls.go index 7cc86edb..1647695d 100644 --- a/hack/nebula_mtls.go +++ b/hack/nebula_mtls.go @@ -37,6 +37,8 @@ var servicePort int var clusterName string var namespace string var enableTLS bool +var insecureSkipVerify bool +var serverName string func main() { pflag.CommandLine.AddGoFlagSet(flag.CommandLine) @@ -45,6 +47,8 @@ func main() { pflag.StringVar(&clusterName, "cluster-name", "", "nebula cluster name") pflag.StringVar(&namespace, "namespace", "default", "cluster namespace") pflag.BoolVar(&enableTLS, "enable-tls", false, "connect to nebula service enable mTLS") + pflag.BoolVar(&insecureSkipVerify, "insecure-skip-verify", false, "a client verifies the server's certificate chain and host name") + pflag.StringVar(&serverName, "server-name", "", "server name is used to verify the hostname on the returned certificates") pflag.Parse() var tlsConfig *tls.Config @@ -140,7 +144,8 @@ func getTLSConfig() (*tls.Config, error) { if err != nil { return nil, fmt.Errorf("load tls config failed: %v", err) } - tlsConfig.InsecureSkipVerify = true + tlsConfig.InsecureSkipVerify = insecureSkipVerify + tlsConfig.ServerName = serverName tlsConfig.MaxVersion = tls.VersionTLS12 return tlsConfig, nil } diff --git a/pkg/controller/component/storaged_cluster.go b/pkg/controller/component/storaged_cluster.go index 6413284a..577d95e6 100644 --- a/pkg/controller/component/storaged_cluster.go +++ b/pkg/controller/component/storaged_cluster.go @@ -257,6 +257,9 @@ func (c *storagedCluster) syncStoragedWorkload(nc *v1alpha1.NebulaCluster) error if err := c.updateManager.RestartPod(nc, int32(ordinal)); err != nil { return err } + if err := c.updateManager.Balance(nc); err != nil { + return err + } } if err := c.syncStoragedPVC(nc); err != nil { @@ -274,12 +277,6 @@ func (c *storagedCluster) syncStoragedWorkload(nc *v1alpha1.NebulaCluster) error return fmt.Errorf("update zone mappings failed: %v", err) } } - - if len(nc.Status.Storaged.BalancedSpaces) > 0 { - if err := c.updateManager.Balance(nc); err != nil { - return err - } - } } return extender.UpdateWorkload(c.clientSet.Workload(), newWorkload, oldWorkload) diff --git a/pkg/controller/component/storaged_updater.go b/pkg/controller/component/storaged_updater.go index a5c507f4..5daf4c49 100644 --- a/pkg/controller/component/storaged_updater.go +++ b/pkg/controller/component/storaged_updater.go @@ -214,7 +214,7 @@ func (s *storagedUpdater) Balance(nc *v1alpha1.NebulaCluster) error { } nc.Status.Storaged.BalancedSpaces = nil - return nil + return s.clientSet.NebulaCluster().UpdateNebulaClusterStatus(nc) } // nolint: revive diff --git a/pkg/controller/cronbackup/cronbackup_control.go b/pkg/controller/cronbackup/cronbackup_control.go index 5b13151f..f8f694d7 100644 --- a/pkg/controller/cronbackup/cronbackup_control.go +++ b/pkg/controller/cronbackup/cronbackup_control.go @@ -23,6 +23,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/klog/v2" + "k8s.io/utils/pointer" "github.com/vesoft-inc/nebula-operator/apis/apps/v1alpha1" "github.com/vesoft-inc/nebula-operator/apis/pkg/label" @@ -66,13 +67,20 @@ func (c *defaultCronBackupControl) UpdateCronBackup(cronBackup *v1alpha1.NebulaC return nil, err } - if c.cleanFinishedBackups(cronBackup, backupsToBeReconciled) { + if c.cleanupFinishedBackups(cronBackup, backupsToBeReconciled) { cronBackup.Status.BackupCleanTime = &metav1.Time{Time: time.Now()} if err := c.clientSet.NebulaCronBackup().UpdateCronBackupStatus(cronBackup.DeepCopy()); err != nil { return nil, err } } + if pointer.BoolDeref(cronBackup.Spec.Pause, false) && requeueAfter == nil { + requeueAfter, err = c.calculateExpirationTime(cronBackup, backupsToBeReconciled) + if err != nil { + return nil, err + } + } + if requeueAfter != nil { klog.V(4).Infof("re-queuing cron backup [%s/%s], requeueAfter %v", cronBackup.Namespace, cronBackup.Name, requeueAfter) if err := c.clientSet.NebulaCronBackup().UpdateCronBackupStatus(cronBackup.DeepCopy()); err != nil { @@ -84,7 +92,7 @@ func (c *defaultCronBackupControl) UpdateCronBackup(cronBackup *v1alpha1.NebulaC return nil, nil } -func (c *defaultCronBackupControl) cleanFinishedBackups(cronBackup *v1alpha1.NebulaCronBackup, backups []v1alpha1.NebulaBackup) bool { +func (c *defaultCronBackupControl) cleanupFinishedBackups(cronBackup *v1alpha1.NebulaCronBackup, backups []v1alpha1.NebulaBackup) bool { if cronBackup.Spec.MaxReservedTime == nil { return false } @@ -95,16 +103,7 @@ func (c *defaultCronBackupControl) cleanFinishedBackups(cronBackup *v1alpha1.Neb return false } - ascBackups := make([]*v1alpha1.NebulaBackup, 0) - for i := range backups { - backup := backups[i] - if !(condition.IsBackupFailed(&backup) || condition.IsBackupComplete(&backup)) { - continue - } - ascBackups = append(ascBackups, &backup) - } - - sort.Sort(byBackupStartTime(ascBackups)) + ascBackups := sortBackupsByAscOrder(backups) expiredBackups := calculateExpiredBackups(ascBackups, reservedTime) if len(expiredBackups) == 0 { klog.V(4).Infof("cron backup [%s/%s] no expired backups found", cronBackup.Namespace, cronBackup.Name) @@ -121,7 +120,7 @@ func (c *defaultCronBackupControl) cleanFinishedBackups(cronBackup *v1alpha1.Neb if err := c.clientSet.NebulaBackup().DeleteNebulaBackup(backup.Namespace, backup.Name); err != nil { return err } - klog.V(4).Infof("cron backup [%s/%s] clean expired backup %s ago", backup.Namespace, backup.Name, reservedTime.String()) + klog.V(4).Infof("cron backup [%s/%s] cleanups expired backup %s ago", backup.Namespace, backup.Name, reservedTime.String()) return nil } @@ -130,7 +129,7 @@ func (c *defaultCronBackupControl) cleanFinishedBackups(cronBackup *v1alpha1.Neb }) } if err := group.Wait(); err != nil { - klog.Errorf("cron backup [%s/%s] failed to clean expired backups: %v", cronBackup.Namespace, cronBackup.Name, err) + klog.Errorf("cron backup [%s/%s] failed to cleanup expired backups: %v", cronBackup.Namespace, cronBackup.Name, err) return false } @@ -150,6 +149,47 @@ func (c *defaultCronBackupControl) getBackupsToBeReconciled(cronBackup *v1alpha1 return backups, nil } +func (c *defaultCronBackupControl) calculateExpirationTime(cronBackup *v1alpha1.NebulaCronBackup, backups []v1alpha1.NebulaBackup) (*time.Duration, error) { + if cronBackup.Spec.MaxReservedTime == nil { + return nil, nil + } + reservedTime, err := time.ParseDuration(*cronBackup.Spec.MaxReservedTime) + if err != nil { + return nil, err + } + ascBackups := sortBackupsByAscOrder(backups) + if len(ascBackups) == 0 { + return nil, nil + } + oldestTime := ascBackups[0].CreationTimestamp + expiredTime := time.Now().Add(-1 * reservedTime) + klog.Infof("oldest backup create time %v, clenaup expired time %v", oldestTime.Time, expiredTime) + timeElapsed := oldestTime.Time.Sub(expiredTime) + if timeElapsed < 0 { + klog.Infof("cleanup the oldest backup [%s/%s] right now", ascBackups[0].Namespace, ascBackups[0].Name) + return pointer.Duration(time.Millisecond * 100), nil + } + klog.Infof("the oldest backup [%s/%s] will be cleanup after %s", ascBackups[0].Namespace, ascBackups[0].Name, timeElapsed.String()) + return &timeElapsed, nil +} + +func sortBackupsByAscOrder(backups []v1alpha1.NebulaBackup) []*v1alpha1.NebulaBackup { + ascBackups := make([]*v1alpha1.NebulaBackup, 0) + for i := range backups { + backup := backups[i] + if !(condition.IsBackupFailed(&backup) || condition.IsBackupComplete(&backup)) { + continue + } + if backup.DeletionTimestamp != nil { + continue + } + ascBackups = append(ascBackups, &backup) + } + + sort.Sort(byBackupStartTime(ascBackups)) + return ascBackups +} + func calculateExpiredBackups(ascBackups []*v1alpha1.NebulaBackup, reservedTime time.Duration) []*v1alpha1.NebulaBackup { expiredTS := time.Now().Add(-1 * reservedTime).Unix() i := 0 diff --git a/pkg/controller/cronbackup/cronbackup_manager.go b/pkg/controller/cronbackup/cronbackup_manager.go index 2fe19417..9c1efeae 100644 --- a/pkg/controller/cronbackup/cronbackup_manager.go +++ b/pkg/controller/cronbackup/cronbackup_manager.go @@ -127,10 +127,13 @@ func (cbm *cronBackupManager) canPerformNextBackup(cb *v1alpha1.NebulaCronBackup return err } if condition.IsBackupComplete(backup) || condition.IsBackupFailed(backup) { + if cb.Status.LastSuccessfulTime == nil { + cb.Status.LastSuccessfulTime = backup.Status.TimeCompleted + } if backup.Status.TimeCompleted != nil && backup.Status.TimeCompleted.After(cb.Status.LastSuccessfulTime.Time) { cb.Status.LastSuccessfulTime = backup.Status.TimeCompleted - return nil } + return nil } return utilerrors.ReconcileErrorf("the last backup %s is still running", backup.Name) } diff --git a/pkg/controller/nebulabackup/nebula_backup_controller.go b/pkg/controller/nebulabackup/nebula_backup_controller.go index ded4ed9b..19f6b6c1 100644 --- a/pkg/controller/nebulabackup/nebula_backup_controller.go +++ b/pkg/controller/nebulabackup/nebula_backup_controller.go @@ -78,7 +78,9 @@ func NewBackupReconciler(mgr ctrl.Manager) (*Reconciler, error) { }, nil } -//+kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups="",resources=pods/log,verbs=get;list +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch +// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;list // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters,verbs=get;list;watch diff --git a/pkg/controller/nebulabackup/nebula_backup_manager.go b/pkg/controller/nebulabackup/nebula_backup_manager.go index ee5927ec..49191bec 100644 --- a/pkg/controller/nebulabackup/nebula_backup_manager.go +++ b/pkg/controller/nebulabackup/nebula_backup_manager.go @@ -378,6 +378,9 @@ func (bm *backupManager) getSslFlags(cluster *v1alpha1.NebulaCluster) string { if cluster.InsecureSkipVerify() { flag += " --insecure-skip-verify" } + if cluster.SslServerName() != "" { + flag += " --server-name=" + cluster.Spec.SSLCerts.ServerName + } return flag } diff --git a/pkg/controller/nebularestore/nebula_restore_control.go b/pkg/controller/nebularestore/nebula_restore_control.go index fd301c4c..dc851161 100644 --- a/pkg/controller/nebularestore/nebula_restore_control.go +++ b/pkg/controller/nebularestore/nebula_restore_control.go @@ -79,6 +79,7 @@ func (c *defaultRestoreControl) UpdateNebulaRestore(nr *v1alpha1.NebulaRestore) return nil } for _, pod := range pods { + // TODO get pod failed details if pod.Status.Phase == corev1.PodFailed { klog.Infof("NebulaCluster [%s/%s] has failed pod %s.", ns, name, pod.Name) if err := c.clientSet.NebulaRestore().UpdateNebulaRestoreStatus(nr, &v1alpha1.RestoreCondition{ diff --git a/pkg/controller/nebularestore/nebula_restore_controller.go b/pkg/controller/nebularestore/nebula_restore_controller.go index d83bdb66..64cbb379 100644 --- a/pkg/controller/nebularestore/nebula_restore_controller.go +++ b/pkg/controller/nebularestore/nebula_restore_controller.go @@ -73,6 +73,7 @@ func NewRestoreReconciler(mgr ctrl.Manager) (*Reconciler, error) { }, nil } +// +kubebuilder:rbac:groups="",resources=pods/log,verbs=get;list // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;list diff --git a/pkg/controller/nebularestore/nebula_restore_manager.go b/pkg/controller/nebularestore/nebula_restore_manager.go index 2855f7e6..4a1ccf28 100644 --- a/pkg/controller/nebularestore/nebula_restore_manager.go +++ b/pkg/controller/nebularestore/nebula_restore_manager.go @@ -624,7 +624,8 @@ func (r *RestoreAgent) genHostPairs(backup *meta.BackupMeta, restoreHosts []stri func (r *RestoreAgent) playBackStorageData(metaEndpoints []string, storageHosts []*meta.ServiceInfo) error { group := async.NewGroup(context.TODO(), r.cfg.Concurrency) - for _, s := range storageHosts { + for i := range storageHosts { + s := storageHosts[i] agent, err := r.agentMgr.GetAgent(s.GetAddr()) if err != nil { return err @@ -743,7 +744,7 @@ func (rm *restoreManager) updateClusterAnnotations(namespace, ncName string, ann } if needUpdate { - klog.Infof("NebulaCluster %s/%s will update annotations %v", namespace, ncName, annotations) + klog.Infof("NebulaCluster [%s/%s] will update annotations %v", namespace, ncName, annotations) return rm.clientSet.NebulaCluster().UpdateNebulaCluster(updated) } diff --git a/pkg/kube/rbac.go b/pkg/kube/rbac.go index 98b2b460..4257e851 100644 --- a/pkg/kube/rbac.go +++ b/pkg/kube/rbac.go @@ -64,6 +64,11 @@ func createClusterRole(ctx context.Context, k8sClient client.Client) error { Resources: []string{"pods"}, Verbs: []string{"get", "list"}, }, + { + APIGroups: []string{"apps"}, + Resources: []string{"statefulsets"}, + Verbs: []string{"get", "list"}, + }, }, } if err := k8sClient.Create(ctx, &role); err != nil { diff --git a/pkg/nebula/options.go b/pkg/nebula/options.go index ade0a206..b21d7c72 100644 --- a/pkg/nebula/options.go +++ b/pkg/nebula/options.go @@ -72,8 +72,10 @@ func ClientOptions(nc *v1alpha1.NebulaCluster, opts ...Option) ([]Option, error) if err != nil { return nil, fmt.Errorf("load tls config failed: %v", err) } + tlsConfig.ServerName = nc.Spec.SSLCerts.ServerName tlsConfig.InsecureSkipVerify = nc.InsecureSkipVerify() tlsConfig.MaxVersion = tls.VersionTLS12 + klog.V(4).Infof("tls config, ServerName: %s, InsecureSkipVerify: %v, MaxVersion: %d", tlsConfig.ServerName, tlsConfig.InsecureSkipVerify, tlsConfig.MaxVersion) options = append(options, SetTLSConfig(tlsConfig)) options = append(options, opts...) return options, nil