Skip to content

Commit

Permalink
CI-1658: Upgrade controller-runtime to v0.13.1
Browse files Browse the repository at this point in the history 
Upgrade controller-runtime from v0.12.3 to v0.13.1.
Comes with support for k8s 1.25:
https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.13.0

Upgrade controller-gen to v0.10.0, comes with support for k8s 1.25:
https://github.com/kubernetes-sigs/controller-tools/releases/tag/v0.10.0

Needed to bump up go version to 1.19 as controller-gen v0.10.0 depends
on it.
  • Loading branch information
Nabil372 committed Nov 30, 2022
1 parent e7e176d commit c5da0a5
Show file tree
Hide file tree
Showing 9 changed files with 201 additions and 369 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ version: 2
references:
docker_golang: &docker_golang
docker:
- image: golang:1.17.3
- image: golang:1.19.3
working_directory: /go/src/github.com/gocardless/theatre

jobs:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build Go binary without cgo dependencies
FROM golang:1.17.3 as builder
FROM golang:1.19.3 as builder
WORKDIR /go/src/github.com/gocardless/theatre

COPY . /go/src/github.com/gocardless/theatre
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ ifeq (, $(shell which controller-gen))
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
cd $$CONTROLLER_GEN_TMP_DIR ;\
go mod init tmp ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.2 ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 ;\
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
}
CONTROLLER_GEN=$(GOBIN)/controller-gen
Expand Down
2 changes: 1 addition & 1 deletion config/base/crds/rbac.crd.gocardless.com_directoryrolebindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: directoryrolebindings.rbac.crd.gocardless.com
spec:
Expand Down
2 changes: 1 addition & 1 deletion config/base/crds/workloads.crd.gocardless.com_consoleauthorisations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: consoleauthorisations.workloads.crd.gocardless.com
spec:
Expand Down
2 changes: 1 addition & 1 deletion config/base/crds/workloads.crd.gocardless.com_consoles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: consoles.workloads.crd.gocardless.com
spec:
Expand Down
106 changes: 76 additions & 30 deletions config/base/crds/workloads.crd.gocardless.com_consoletemplates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: consoletemplates.workloads.crd.gocardless.com
spec:
Expand Down Expand Up @@ -1739,13 +1739,13 @@ spec:
type: string
ports:
description: List of ports to expose from the container.
Exposing a port here gives the system additional information
about the network connections a container uses, but
is primarily informational. Not specifying a port
here DOES NOT prevent that port from being exposed.
Any port which is listening on the default "0.0.0.0"
address inside a container will be accessible from
the network. Cannot be updated.
Not specifying a port here DOES NOT prevent that port
from being exposed. Any port which is listening on
the default "0.0.0.0" address inside a container will
be accessible from the network. Modifying this array
with strategic merge patch may corrupt the data. For
more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
Expand Down Expand Up @@ -2503,8 +2503,6 @@ spec:
be specified when creating a pod, and it cannot be modified
by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource.
This field is beta-level and available on clusters that
haven't disabled the EphemeralContainers feature gate.
items:
description: "An EphemeralContainer is a temporary container
that you may add to an existing Pod for user-initiated
Expand All @@ -2515,9 +2513,7 @@ spec:
container causes the Pod to exceed its resource allocation.
\n To add an ephemeral container, use the ephemeralcontainers
subresource of an existing Pod. Ephemeral containers may
not be removed or restarted. \n This is a beta feature
available on clusters that haven't disabled the EphemeralContainers
feature gate."
not be removed or restarted."
properties:
args:
description: 'Arguments to the entrypoint. The image''s
Expand Down Expand Up @@ -3831,6 +3827,19 @@ spec:
description: 'Use the host''s pid namespace. Optional: Default
to false.'
type: boolean
hostUsers:
description: 'Use the host''s user namespace. Optional: Default
to true. If set to true or not present, the pod will be
run in the host user namespace, useful for when the pod
needs a feature only available to the host user namespace,
such as loading a kernel module with CAP_SYS_MODULE. When
set to false, a new userns is created for the pod. Setting
false is useful for mitigating container breakout vulnerabilities
even allowing users to run their containers as root without
actually having root privileges on the host. This field
is alpha-level and is only honored by servers that enable
the UserNamespacesSupport feature.'
type: boolean
hostname:
description: Specifies the hostname of the Pod If not specified,
the pod's hostname will be set to a system-defined value.
Expand Down Expand Up @@ -4457,13 +4466,13 @@ spec:
type: string
ports:
description: List of ports to expose from the container.
Exposing a port here gives the system additional information
about the network connections a container uses, but
is primarily informational. Not specifying a port
here DOES NOT prevent that port from being exposed.
Any port which is listening on the default "0.0.0.0"
address inside a container will be accessible from
the network. Cannot be updated.
Not specifying a port here DOES NOT prevent that port
from being exposed. Any port which is listening on
the default "0.0.0.0" address inside a container will
be accessible from the network. Modifying this array
with strategic merge patch may corrupt the data. For
more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
Expand Down Expand Up @@ -5183,7 +5192,7 @@ spec:
set. \n If the OS field is set to linux, the following fields
must be unset: -securityContext.windowsOptions \n If the
OS field is set to windows, following fields must be unset:
- spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions
- spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile - spec.securityContext.fsGroup
- spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls
- spec.shareProcessNamespace - spec.securityContext.runAsUser
Expand All @@ -5192,8 +5201,7 @@ spec:
- spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem
- spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- spec.containers[*].securityContext.runAsGroup This is
a beta field and requires the IdentifyPodOS feature"
- spec.containers[*].securityContext.runAsGroup"
properties:
name:
description: 'Name is the name of the operating system.
Expand Down Expand Up @@ -5611,6 +5619,20 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
description: MatchLabelKeys is a set of pod label keys
to select the pods over which spreading will be calculated.
The keys are used to lookup values from the incoming
pod labels, those key-value labels are ANDed with
labelSelector to select the group of existing pods
over which spreading will be calculated for the incoming
pod. Keys that don't exist in the incoming pod labels
will be ignored. A null or empty list means only match
against labelSelector.
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
Expand Down Expand Up @@ -5656,10 +5678,34 @@ spec:
new pod with the same labelSelector cannot be scheduled,
because computed skew will be 3(3 - 0) if new Pod
is scheduled to any of the three zones, it will violate
MaxSkew. \n This is an alpha field and requires enabling
MinDomainsInPodTopologySpread feature gate."
MaxSkew. \n This is a beta field and requires the
MinDomainsInPodTopologySpread feature gate to be enabled
(enabled by default)."
format: int32
type: integer
nodeAffinityPolicy:
description: "NodeAffinityPolicy indicates how we will
treat Pod's nodeAffinity/nodeSelector when calculating
pod topology spread skew. Options are: - Honor: only
nodes matching nodeAffinity/nodeSelector are included
in the calculations. - Ignore: nodeAffinity/nodeSelector
are ignored. All nodes are included in the calculations.
\n If this value is nil, the behavior is equivalent
to the Honor policy. This is a alpha-level feature
enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
nodeTaintsPolicy:
description: "NodeTaintsPolicy indicates how we will
treat node taints when calculating pod topology spread
skew. Options are: - Honor: nodes without taints,
along with tainted nodes for which the incoming pod
has a toleration, are included. - Ignore: node taints
are ignored. All nodes are included. \n If this value
is nil, the behavior is equivalent to the Ignore policy.
This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
Expand All @@ -5668,11 +5714,11 @@ spec:
to put balanced number of pods into each bucket. We
define a domain as a particular instance of a topology.
Also, we define an eligible domain as a domain whose
nodes match the node selector. e.g. If TopologyKey
is "kubernetes.io/hostname", each Node is a domain
of that topology. And, if TopologyKey is "topology.kubernetes.io/zone",
each zone is a domain of that topology. It's a required
field.
nodes meet the requirements of nodeAffinityPolicy
and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
each Node is a domain of that topology. And, if TopologyKey
is "topology.kubernetes.io/zone", each zone is a domain
of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
Expand Down
Loading

0 comments on commit c5da0a5

Please sign in to comment.