Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dropping support for obsolete PodSecurityPolicy; updating network-pro…
Browse files Browse the repository at this point in the history
…blem-detector to v0.19.0
MartinWeindel committed Mar 7, 2024
1 parent 8a10945 commit fa7a104
Showing 11 changed files with 69 additions and 111 deletions.
37 changes: 18 additions & 19 deletions go.mod
Original file line number Diff line number Diff line change
@@ -5,13 +5,13 @@ go 1.22.0
require (
github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
github.com/gardener/gardener v1.90.0
github.com/gardener/network-problem-detector v0.18.0
github.com/gardener/network-problem-detector v0.19.0
github.com/go-logr/logr v1.4.1
github.com/onsi/ginkgo/v2 v2.15.0
github.com/onsi/ginkgo/v2 v2.16.0
github.com/onsi/gomega v1.31.1
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
golang.org/x/tools v0.16.1
golang.org/x/tools v0.19.0
k8s.io/api v0.29.2
k8s.io/apimachinery v0.29.2
k8s.io/client-go v0.29.2
@@ -30,7 +30,7 @@ require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.3 // indirect
github.com/evanphx/json-patch/v5 v5.8.0 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/fluent/fluent-operator/v2 v2.7.0 // indirect
@@ -40,20 +40,20 @@ require (
github.com/gardener/machine-controller-manager v0.52.0 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-openapi/errors v0.20.4 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonpointer v0.20.3 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-openapi/swag v0.22.10 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/gobuffalo/flect v1.0.2 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/uuid v1.4.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -69,7 +69,6 @@ require (
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -82,9 +81,9 @@ require (
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.72.0 // indirect
github.com/prometheus/client_golang v1.18.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/client_golang v1.19.0 // indirect
github.com/prometheus/client_model v0.6.0 // indirect
github.com/prometheus/common v0.49.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
@@ -102,20 +101,20 @@ require (
go.uber.org/mock v0.4.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.20.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/oauth2 v0.15.0 // indirect
golang.org/x/sys v0.17.0 // indirect
golang.org/x/term v0.17.0 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.5.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
google.golang.org/protobuf v1.32.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
83 changes: 40 additions & 43 deletions go.sum

Large diffs are not rendered by default.

12 changes: 0 additions & 12 deletions hack/api-reference/config.md
Original file line number Diff line number Diff line change
@@ -173,18 +173,6 @@ int
</tr>
<tr>
<td>
<code>pspDisabled</code></br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>PSPDisabled is a flag to disable pod security policy.</p>
</td>
</tr>
<tr>
<td>
<code>pingEnabled</code></br>
<em>
bool
4 changes: 2 additions & 2 deletions imagevector/images.yaml
Original file line number Diff line number Diff line change
@@ -9,10 +9,10 @@ images:
name: network-problem-detector
sourceRepository: github.com/gardener/network-problem-detector
repository: europe-docker.pkg.dev/gardener-project/releases/gardener/network-problem-detector
tag: "v0.18.0"
tag: "v0.19.0"
- name: network-problem-detector-controller
sourceRepository: github.com/gardener/network-problem-detector
resourceId:
name: network-problem-detector
repository: europe-docker.pkg.dev/gardener-project/releases/gardener/network-problem-detector
tag: "v0.18.0"
tag: "v0.19.0"
3 changes: 0 additions & 3 deletions pkg/apis/config/types.go
Original file line number Diff line number Diff line change
@@ -30,9 +30,6 @@ type NetworkProblemDetector struct {
// MaxPeerNodes optionally overrides the MaxPeerNodes in the agent config (maximum number of is the default period for jobs running in the agent.
MaxPeerNodes *int

// PSPDisabled is a flag to disable pod security policy.
PSPDisabled *bool

// PingEnabled is a flag if ICMP ping checks should be performed.
PingEnabled *bool

4 changes: 0 additions & 4 deletions pkg/apis/config/v1alpha1/types.go
Original file line number Diff line number Diff line change
@@ -35,10 +35,6 @@ type NetworkProblemDetector struct {
// +optional
MaxPeerNodes *int `json:"maxPeerNodes,omitempty"`

// PSPDisabled is a flag to disable pod security policy.
// +optional
PSPDisabled *bool `json:"pspDisabled,omitempty"`

// PingEnabled is a flag if ICMP ping checks should be performed.
// +optional
PingEnabled *bool `json:"pingEnabled,omitempty"`
2 changes: 0 additions & 2 deletions pkg/apis/config/v1alpha1/zz_generated.conversion.go
5 changes: 0 additions & 5 deletions pkg/apis/config/v1alpha1/zz_generated.deepcopy.go
5 changes: 0 additions & 5 deletions pkg/apis/config/zz_generated.deepcopy.go
18 changes: 6 additions & 12 deletions pkg/controller/lifecycle/actuator.go
Original file line number Diff line number Diff line change
@@ -15,7 +15,6 @@ import (
"github.com/gardener/gardener/extensions/pkg/controller/extension"
"github.com/gardener/gardener/extensions/pkg/util"
corev1betaconstants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
resourcesv1alpha1 "github.com/gardener/gardener/pkg/apis/resources/v1alpha1"
"github.com/gardener/gardener/pkg/chartrenderer"
@@ -24,7 +23,7 @@ import (
"github.com/gardener/gardener/pkg/utils/chart"
gutil "github.com/gardener/gardener/pkg/utils/gardener"
kutil "github.com/gardener/gardener/pkg/utils/kubernetes"
managedresources "github.com/gardener/gardener/pkg/utils/managedresources"
"github.com/gardener/gardener/pkg/utils/managedresources"
"github.com/gardener/network-problem-detector/pkg/common"
"github.com/gardener/network-problem-detector/pkg/deploy"
"github.com/go-logr/logr"
@@ -71,7 +70,7 @@ func (a *actuator) Reconcile(ctx context.Context, log logr.Logger, ex *extension
}

if !controller.IsHibernated(cluster) {
if err := a.createShootResources(ctx, cluster, namespace, gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot)); err != nil {
if err := a.createShootResources(ctx, cluster, namespace); err != nil {
return err
}
}
@@ -110,10 +109,9 @@ func (a *actuator) createSeedResources(ctx context.Context, log logr.Logger, clu
return a.createManagedResource(ctx, namespace, constants.ManagedResourceNamesControllerSeed, "seed", renderer, constants.NetworkProblemDetectorControllerChartNameSeed, namespace, values, nil)
}

func (a *actuator) createShootResources(ctx context.Context, cluster *controller.Cluster, namespace string, pspDisabled bool) error {
func (a *actuator) createShootResources(ctx context.Context, cluster *controller.Cluster, namespace string) error {
defaultPeriod := 5 * time.Second
maxPeerNodes := 25
pspDisabledByConfig := false
pingEnabled := false
var k8sExporter *config.K8sExporter
if a.serviceConfig.NetworkProblemDetector != nil {
@@ -123,9 +121,6 @@ func (a *actuator) createShootResources(ctx context.Context, cluster *controller
if a.serviceConfig.NetworkProblemDetector.MaxPeerNodes != nil {
maxPeerNodes = *a.serviceConfig.NetworkProblemDetector.MaxPeerNodes
}
if a.serviceConfig.NetworkProblemDetector.PSPDisabled != nil {
pspDisabledByConfig = *a.serviceConfig.NetworkProblemDetector.PSPDisabled
}
if a.serviceConfig.NetworkProblemDetector.PingEnabled != nil {
pingEnabled = !*a.serviceConfig.NetworkProblemDetector.PingEnabled
}
@@ -134,7 +129,7 @@ func (a *actuator) createShootResources(ctx context.Context, cluster *controller
}
}

shootResources, err := a.getShootAgentResources(defaultPeriod, pingEnabled, !pspDisabled && !pspDisabledByConfig, k8sExporter, maxPeerNodes)
shootResources, err := a.getShootAgentResources(defaultPeriod, pingEnabled, k8sExporter, maxPeerNodes)
if err != nil {
return err
}
@@ -241,7 +236,7 @@ func (a *actuator) Migrate(ctx context.Context, log logr.Logger, ex *extensionsv
return a.Delete(ctx, log, ex)
}

func (a *actuator) getShootAgentResources(defaultPeriod time.Duration, pingEnabled, pspEnabled bool, k8sExporter *config.K8sExporter, maxPeerNodes int) (map[string][]byte, error) {
func (a *actuator) getShootAgentResources(defaultPeriod time.Duration, pingEnabled bool, k8sExporter *config.K8sExporter, maxPeerNodes int) (map[string][]byte, error) {
shootRegistry := managedresources.NewRegistry(kubernetes.ShootScheme, kubernetes.ShootCodec, kubernetes.ShootSerializer)

image, err := imagevector.ImageVector().FindImage(constants.AgentImageName)
@@ -254,7 +249,6 @@ func (a *actuator) getShootAgentResources(defaultPeriod time.Duration, pingEnabl
DefaultPeriod: defaultPeriod,
MaxPeerNodes: maxPeerNodes,
DefaultSeccompProfileEnabled: true,
PodSecurityPolicyEnabled: pspEnabled,
PingEnabled: pingEnabled,
PriorityClassName: corev1betaconstants.PriorityClassNameShootSystem900,
AdditionalLabels: map[string]string{
@@ -270,7 +264,7 @@ func (a *actuator) getShootAgentResources(defaultPeriod time.Duration, pingEnabl
deployConfig.K8sExporterHeartbeat = 3 * time.Minute
if k8sExporter.HeartbeatPeriod != nil {
if k8sExporter.HeartbeatPeriod.Duration < 1*time.Minute {
return nil, fmt.Errorf("Invalid k8sExporter.heartbeatPeriod. Must be >= 1m")
return nil, fmt.Errorf("invalid k8sExporter.heartbeatPeriod. Must be >= 1m")
}
deployConfig.K8sExporterHeartbeat = k8sExporter.HeartbeatPeriod.Duration
}
7 changes: 3 additions & 4 deletions pkg/controller/lifecycle/actuator_test.go
Original file line number Diff line number Diff line change
@@ -18,10 +18,9 @@ import (
var _ = Describe("activator methods", func() {
var (
deployConfig = &deploy.AgentDeployConfig{
Image: "image:tag",
DefaultPeriod: 16 * time.Second,
PodSecurityPolicyEnabled: true,
PingEnabled: false,
Image: "image:tag",
DefaultPeriod: 16 * time.Second,
PingEnabled: false,
}
)

0 comments on commit fa7a104

Please sign in to comment.