Update dependencies (#435)

* update kubetest2 deps * update main deps * remove apis that are no longer part of K8s 1.29 * fix volume resource changes * update controller-runtime and fix falcon incompatibility
aws · Mar 19, 2024 · 24a54a3 · 24a54a3
1 parent 0941593
commit 24a54a3
Show file tree

Hide file tree

Showing 14 changed files with 2,457 additions and 2,214 deletions.
diff --git a/cmd/eks-utils/nodes/list.go b/cmd/eks-utils/nodes/list.go
@@ -16,7 +16,7 @@ import (
 	"github.com/aws/aws-k8s-tester/pkg/logutil"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 	"go.uber.org/zap"
 	v1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/yaml" // must use "sigs.k8s.io/yaml"

diff --git a/cmd/etcd-utils/k8s/list.go b/cmd/etcd-utils/k8s/list.go
@@ -13,7 +13,7 @@ import (
 	"github.com/aws/aws-k8s-tester/pkg/logutil"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 	"go.uber.org/zap"
 	"sigs.k8s.io/yaml" // must use "sigs.k8s.io/yaml"
 )

diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/k8s-tester/csi-ebs/tester.go b/k8s-tester/csi-ebs/tester.go
@@ -379,7 +379,7 @@ func (ts *tester) createPersistentVolumeClaim(storageClass string) error {
 			Spec: core_v1.PersistentVolumeClaimSpec{
 				AccessModes:      []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
 				StorageClassName: &storageClass,
-				Resources: core_v1.ResourceRequirements{
+				Resources: core_v1.VolumeResourceRequirements{
 					Requests: core_v1.ResourceList{
 						core_v1.ResourceStorage: api_resource.MustParse("4Gi"),
 					},

diff --git a/k8s-tester/csi-efs/tester.go b/k8s-tester/csi-efs/tester.go
@@ -366,7 +366,7 @@ func (ts *tester) createPVC() error {
 			Spec: core_v1.PersistentVolumeClaimSpec{
 				AccessModes:      []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
 				StorageClassName: &scName,
-				Resources: core_v1.ResourceRequirements{
+				Resources: core_v1.VolumeResourceRequirements{
 					Requests: core_v1.ResourceList{
 						core_v1.ResourceStorage: api_resource.MustParse("5Gi"),
 					},

diff --git a/k8s-tester/falcon/tester.go b/k8s-tester/falcon/tester.go
@@ -17,7 +17,7 @@ import (
 	"github.com/aws/aws-k8s-tester/client"
 	k8s_tester "github.com/aws/aws-k8s-tester/k8s-tester/tester"
 	"github.com/aws/aws-k8s-tester/utils/file"
-	falconv1alpha1 "github.com/crowdstrike/falcon-operator/apis/falcon/v1alpha1"
+	falconv1alpha1 "github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1"
 	"go.uber.org/zap"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -154,16 +154,16 @@ func (ts *tester) deployFalconContainer(ctx context.Context) error {
 			Name: "default",
 		},
 		Spec: falconv1alpha1.FalconContainerSpec{
-			FalconAPI: falconv1alpha1.FalconAPI{
+			FalconAPI: &falconv1alpha1.FalconAPI{
 				CloudRegion:  "autodiscover",
 				ClientId:     ts.cfg.FalconClientId,
 				ClientSecret: ts.cfg.FalconClientSecret,
 			},
 			Registry: falconv1alpha1.RegistrySpec{
 				Type: falconv1alpha1.RegistryTypeCrowdStrike,
 			},
-			InstallerArgs: []string{
-				"-disable-default-ns-injection",
+			Injector: falconv1alpha1.FalconContainerInjectorSpec{
+				DisableDefaultNSInjection: true,
 			},
 		},
 	}

diff --git a/kubetest2/go.mod b/kubetest2/go.mod
diff --git a/kubetest2/go.sum b/kubetest2/go.sum
diff --git a/pkg/etcd-client/client.go b/pkg/etcd-client/client.go
@@ -7,8 +7,8 @@ import (
 	"time"
 
 	"github.com/aws/aws-k8s-tester/pkg/logutil"
-	"go.etcd.io/etcd/clientv3"
-	"go.etcd.io/etcd/clientv3/concurrency"
+	clientv3 "go.etcd.io/etcd/client/v3"
+	"go.etcd.io/etcd/client/v3/concurrency"
 	"go.etcd.io/etcd/mvcc/mvccpb"
 	"go.uber.org/zap"
 )

diff --git a/pkg/etcd-client/client_test.go b/pkg/etcd-client/client_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 )
 
 func TestEtcd(t *testing.T) {

diff --git a/pkg/k8s-client/eks-deprecate.go b/pkg/k8s-client/eks-deprecate.go
@@ -650,100 +650,6 @@ func (e *eks) Deprecate(batchLimit int64, batchInterval time.Duration) (err erro
 				}
 			}
 
-		case from.APIVersion == "extensions/v1beta1" && from.Kind == "PodSecurityPolicy":
-			e.cfg.Logger.Info("checking",
-				zap.String("from-api-version", from.APIVersion),
-				zap.String("from-kind", from.Kind),
-				zap.String("to-api-version", to.APIVersion),
-				zap.String("to-kind", to.Kind),
-			)
-
-			rs1, err := e.ListExtensionsV1beta1PodSecurityPolicies(batchLimit, batchInterval)
-			if err != nil {
-				return err
-			}
-			rs2, err := e.ListPolicyV1beta1PodSecurityPolicies(batchLimit, batchInterval)
-			if err != nil {
-				return err
-			}
-
-			if len(rs1) == 0 && len(rs2) == 0 {
-				e.cfg.Logger.Info("😁 😁 😁  skipping; no resource found",
-					zap.String("from-api-version", from.APIVersion),
-					zap.String("from-kind", from.Kind),
-				)
-				time.Sleep(batchInterval)
-				continue
-			}
-			resources := make(map[string]struct{})
-			for _, v := range rs1 {
-				resources[v.ObjectMeta.Name] = struct{}{}
-			}
-			for _, v := range rs2 {
-				resources[v.ObjectMeta.Name] = struct{}{}
-			}
-			allNames := make([]string, 0, len(resources))
-			for k := range resources {
-				allNames = append(allNames, k)
-			}
-			sort.Strings(allNames)
-			e.cfg.Logger.Info("checking all names", zap.Strings("names", allNames))
-			for _, name := range allNames {
-				time.Sleep(100 * time.Millisecond)
-
-				orig, origBody, err := e.GetObject("", from.Kind, name)
-				if err != nil {
-					return err
-				}
-
-				if orig.APIVersion == "" || orig.APIVersion == to.APIVersion {
-					e.cfg.Logger.Warn("😁  skipping latest API",
-						zap.String("name", name),
-						zap.String("current-api-version", orig.APIVersion),
-						zap.String("expected-api-version", to.APIVersion),
-					)
-					continue
-				}
-
-				e.cfg.Logger.Warn("🔥 💀 👽 😱 😡  found deprecated API!",
-					zap.String("name", name),
-					zap.String("current-api-version", orig.APIVersion),
-					zap.String("expected-api-version", to.APIVersion),
-				)
-
-				if err = e.saveKubectlGet("", orig.Kind, name, rbF, "\n"); err != nil {
-					return err
-				}
-				if err = e.saveKubectlGet("", orig.Kind, name, upF, "\n"); err != nil {
-					return err
-				}
-				patchBody := strings.Replace(
-					string(origBody),
-					"apiVersion: "+orig.APIVersion+"\n",
-					"apiVersion: "+to.APIVersion+"\n",
-					1,
-				)
-
-				origYAMLPath, err := e.saveYAML("", orig.APIVersion, orig.Kind, name, ".original.yaml", origBody)
-				if err != nil {
-					return err
-				}
-				patchYAMLPath, err := e.saveYAML("", to.APIVersion, to.Kind, name, ".patch.yaml", []byte(patchBody))
-				if err != nil {
-					return err
-				}
-
-				if err = e.saveKubectlApply(origYAMLPath, rbF, "\n\n"); err != nil {
-					return err
-				}
-				if err = e.saveKubectlConvert("namespace", from.Kind, to.APIVersion, name, upF, "\n"); err != nil {
-					return err
-				}
-				if err = e.saveKubectlApply(patchYAMLPath, upF, "\n\n"); err != nil {
-					return err
-				}
-			}
-
 		default:
 			return fmt.Errorf("upgrade operation not implemented for %q %q", from.APIVersion, from.Kind)
 		}

diff --git a/pkg/k8s-client/eks-deprecate/deprecate.go b/pkg/k8s-client/eks-deprecate/deprecate.go
@@ -9,7 +9,6 @@ import (
 	apps_v1beta2 "k8s.io/api/apps/v1beta2"
 	extensions_v1beta1 "k8s.io/api/extensions/v1beta1"
 	networking_v1 "k8s.io/api/networking/v1"
-	policy_v1beta1 "k8s.io/api/policy/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -446,204 +445,3 @@ func ConvertExtensionsV1beta1ToNetworkingV1NetworkPolicy(obj extensions_v1beta1.
 
 	return rs, nil
 }
-
-func ConvertExtensionsV1beta1ToPolicyV1beta1PodSecurityPolicy(obj extensions_v1beta1.PodSecurityPolicy) (rs policy_v1beta1.PodSecurityPolicy, err error) {
-	copied := obj.DeepCopy()
-	cs := copied.Spec.DeepCopy()
-	rs = policy_v1beta1.PodSecurityPolicy{
-		TypeMeta: metav1.TypeMeta{
-			APIVersion: "policy/v1beta1",
-			Kind:       "PodSecurityPolicy",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:                       copied.GetObjectMeta().GetName(),
-			GenerateName:               copied.GetObjectMeta().GetGenerateName(),
-			Namespace:                  copied.GetObjectMeta().GetNamespace(),
-			Labels:                     copied.GetObjectMeta().GetLabels(),
-			Annotations:                copied.GetObjectMeta().GetAnnotations(),
-			ManagedFields:              copied.GetObjectMeta().GetManagedFields(),
-			DeletionGracePeriodSeconds: copied.GetObjectMeta().GetDeletionGracePeriodSeconds(),
-		},
-		Spec: policy_v1beta1.PodSecurityPolicySpec{
-			Privileged:               cs.Privileged,
-			DefaultAddCapabilities:   cs.DefaultAddCapabilities,
-			RequiredDropCapabilities: cs.RequiredDropCapabilities,
-			AllowedCapabilities:      cs.AllowedCapabilities,
-			HostNetwork:              cs.HostNetwork,
-			HostPID:                  cs.HostPID,
-			HostIPC:                  cs.HostIPC,
-
-			ReadOnlyRootFilesystem:          cs.ReadOnlyRootFilesystem,
-			DefaultAllowPrivilegeEscalation: cs.DefaultAllowPrivilegeEscalation,
-			AllowPrivilegeEscalation:        cs.AllowPrivilegeEscalation,
-
-			AllowedUnsafeSysctls:  cs.AllowedUnsafeSysctls,
-			ForbiddenSysctls:      cs.ForbiddenSysctls,
-			AllowedProcMountTypes: cs.AllowedProcMountTypes,
-		},
-	}
-
-	for _, vv := range cs.Volumes {
-		switch vv {
-		case extensions_v1beta1.AzureFile:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.AzureFile)
-		case extensions_v1beta1.Flocker:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.Flocker)
-		case extensions_v1beta1.FlexVolume:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.FlexVolume)
-		case extensions_v1beta1.HostPath:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.HostPath)
-		case extensions_v1beta1.EmptyDir:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.EmptyDir)
-		case extensions_v1beta1.GCEPersistentDisk:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.GCEPersistentDisk)
-		case extensions_v1beta1.AWSElasticBlockStore:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.AWSElasticBlockStore)
-		case extensions_v1beta1.GitRepo:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.GitRepo)
-		case extensions_v1beta1.Secret:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.Secret)
-		case extensions_v1beta1.NFS:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.NFS)
-		case extensions_v1beta1.ISCSI:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.ISCSI)
-		case extensions_v1beta1.Glusterfs:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.Glusterfs)
-		case extensions_v1beta1.PersistentVolumeClaim:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.PersistentVolumeClaim)
-		case extensions_v1beta1.RBD:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.RBD)
-		case extensions_v1beta1.Cinder:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.Cinder)
-		case extensions_v1beta1.CephFS:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.CephFS)
-		case extensions_v1beta1.DownwardAPI:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.DownwardAPI)
-		case extensions_v1beta1.FC:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.FC)
-		case extensions_v1beta1.ConfigMap:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.ConfigMap)
-		case extensions_v1beta1.Quobyte:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.Quobyte)
-		case extensions_v1beta1.AzureDisk:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.AzureDisk)
-		case extensions_v1beta1.CSI:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.CSI)
-		case extensions_v1beta1.All:
-			rs.Spec.Volumes = append(rs.Spec.Volumes, policy_v1beta1.All)
-		default:
-			return rs, fmt.Errorf("unknown Volume %q", vv)
-		}
-	}
-
-	for _, vv := range cs.HostPorts {
-		rs.Spec.HostPorts = append(rs.Spec.HostPorts, policy_v1beta1.HostPortRange{
-			Min: vv.Min,
-			Max: vv.Max,
-		})
-	}
-
-	switch cs.SELinux.Rule {
-	case extensions_v1beta1.SELinuxStrategyMustRunAs:
-		rs.Spec.SELinux.Rule = policy_v1beta1.SELinuxStrategyMustRunAs
-	case extensions_v1beta1.SELinuxStrategyRunAsAny:
-		rs.Spec.SELinux.Rule = policy_v1beta1.SELinuxStrategyRunAsAny
-	default:
-		return rs, fmt.Errorf("unknown SELinux.Rule %q", cs.SELinux.Rule)
-	}
-	rs.Spec.SELinux.SELinuxOptions = cs.SELinux.SELinuxOptions
-
-	switch cs.RunAsUser.Rule {
-	case extensions_v1beta1.RunAsUserStrategyMustRunAs:
-		rs.Spec.RunAsUser.Rule = policy_v1beta1.RunAsUserStrategyMustRunAs
-	case extensions_v1beta1.RunAsUserStrategyMustRunAsNonRoot:
-		rs.Spec.RunAsUser.Rule = policy_v1beta1.RunAsUserStrategyMustRunAsNonRoot
-	case extensions_v1beta1.RunAsUserStrategyRunAsAny:
-		rs.Spec.RunAsUser.Rule = policy_v1beta1.RunAsUserStrategyRunAsAny
-	default:
-		return rs, fmt.Errorf("unknown RunAsUser.Rule %q", cs.RunAsUser.Rule)
-	}
-	for _, vv := range cs.RunAsUser.Ranges {
-		rs.Spec.RunAsUser.Ranges = append(rs.Spec.RunAsUser.Ranges, policy_v1beta1.IDRange{
-			Min: vv.Min,
-			Max: vv.Max,
-		})
-	}
-
-	if cs.RunAsGroup != nil {
-		switch cs.RunAsGroup.Rule {
-		case extensions_v1beta1.RunAsGroupStrategyMayRunAs:
-			rs.Spec.RunAsGroup.Rule = policy_v1beta1.RunAsGroupStrategyMayRunAs
-		case extensions_v1beta1.RunAsGroupStrategyMustRunAs:
-			rs.Spec.RunAsGroup.Rule = policy_v1beta1.RunAsGroupStrategyMustRunAs
-		case extensions_v1beta1.RunAsGroupStrategyRunAsAny:
-			rs.Spec.RunAsGroup.Rule = policy_v1beta1.RunAsGroupStrategyRunAsAny
-		default:
-			return rs, fmt.Errorf("unknown RunAsGroup.Rule %q", cs.RunAsGroup.Rule)
-		}
-		for _, vv := range cs.RunAsGroup.Ranges {
-			rs.Spec.RunAsGroup.Ranges = append(rs.Spec.RunAsGroup.Ranges, policy_v1beta1.IDRange{
-				Min: vv.Min,
-				Max: vv.Max,
-			})
-		}
-	}
-
-	switch cs.SupplementalGroups.Rule {
-	case extensions_v1beta1.SupplementalGroupsStrategyMustRunAs:
-		rs.Spec.SupplementalGroups.Rule = policy_v1beta1.SupplementalGroupsStrategyMustRunAs
-	case extensions_v1beta1.SupplementalGroupsStrategyRunAsAny:
-		rs.Spec.SupplementalGroups.Rule = policy_v1beta1.SupplementalGroupsStrategyRunAsAny
-	default:
-		return rs, fmt.Errorf("unknown SupplementalGroups.Rule %q", cs.SupplementalGroups.Rule)
-	}
-	for _, vv := range cs.SupplementalGroups.Ranges {
-		rs.Spec.SupplementalGroups.Ranges = append(rs.Spec.SupplementalGroups.Ranges, policy_v1beta1.IDRange{
-			Min: vv.Min,
-			Max: vv.Max,
-		})
-	}
-
-	switch cs.FSGroup.Rule {
-	case extensions_v1beta1.FSGroupStrategyMustRunAs:
-		rs.Spec.FSGroup.Rule = policy_v1beta1.FSGroupStrategyMustRunAs
-	case extensions_v1beta1.FSGroupStrategyRunAsAny:
-		rs.Spec.FSGroup.Rule = policy_v1beta1.FSGroupStrategyRunAsAny
-	default:
-		return rs, fmt.Errorf("unknown FSGroup.Rule %q", cs.FSGroup.Rule)
-	}
-	for _, vv := range cs.FSGroup.Ranges {
-		rs.Spec.FSGroup.Ranges = append(rs.Spec.FSGroup.Ranges, policy_v1beta1.IDRange{
-			Min: vv.Min,
-			Max: vv.Max,
-		})
-	}
-
-	for _, vv := range cs.AllowedHostPaths {
-		rs.Spec.AllowedHostPaths = append(rs.Spec.AllowedHostPaths, policy_v1beta1.AllowedHostPath{
-			PathPrefix: vv.PathPrefix,
-			ReadOnly:   vv.ReadOnly,
-		})
-	}
-
-	for _, vv := range cs.AllowedFlexVolumes {
-		rs.Spec.AllowedFlexVolumes = append(rs.Spec.AllowedFlexVolumes, policy_v1beta1.AllowedFlexVolume{
-			Driver: vv.Driver,
-		})
-	}
-
-	for _, vv := range cs.AllowedCSIDrivers {
-		rs.Spec.AllowedCSIDrivers = append(rs.Spec.AllowedCSIDrivers, policy_v1beta1.AllowedCSIDriver{
-			Name: vv.Name,
-		})
-	}
-
-	if cs.RuntimeClass != nil {
-		rs.Spec.RuntimeClass = &policy_v1beta1.RuntimeClassStrategyOptions{
-			AllowedRuntimeClassNames: cs.RuntimeClass.AllowedRuntimeClassNames,
-			DefaultRuntimeClassName:  cs.RuntimeClass.DefaultRuntimeClassName,
-		}
-	}
-
-	return rs, nil
-}