From a7ae9a1004ad8f1950d53fabb893a513fb177890 Mon Sep 17 00:00:00 2001 From: David Fowler Date: Fri, 7 Jan 2022 13:51:02 +0000 Subject: [PATCH 1/4] Updating K8s api endpoints to be v1.22.x compatible - Update CRD - Update kubebuilder references - Update Charts --- Makefile | 4 +- PROJECT | 2 +- api/v1beta1/disruption_webhook.go | 4 +- chart/install.yaml | 627 ++++++++--------- .../crds/chaos.datadoghq.com_disruptions.yaml | 641 +++++++++--------- chart/templates/webhook.yaml | 16 +- webhook/user_info.go | 2 +- 7 files changed, 653 insertions(+), 643 deletions(-) diff --git a/Makefile b/Makefile index 2972658b14..a5faecb3ad 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,7 @@ restart: # Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen - $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:trivialVersions=true,preserveUnknownFields=false,crdVersions=v1beta1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ + $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:trivialVersions=true,preserveUnknownFields=false,crdVersions=v1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ # Run go fmt against code fmt: @@ -121,7 +121,7 @@ minikube-start: --container-runtime=${container-runtime} \ --memory=${minikube-memory} \ --cpus=4 \ - --kubernetes-version=1.19.14 \ + --kubernetes-version=1.22.5 \ --disk-size=50GB \ --extra-config=apiserver.enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota \ --iso-url=https://public-chaos-controller.s3.amazonaws.com/minikube/minikube-2021-01-18.iso diff --git a/PROJECT b/PROJECT index 2aec2e1d46..5e43133bcc 100644 --- a/PROJECT +++ b/PROJECT @@ -16,5 +16,5 @@ resources: webhooks: defaulting: true validation: true - webhookVersion: v1beta1 + webhookVersion: v1 version: "3" diff --git a/api/v1beta1/disruption_webhook.go b/api/v1beta1/disruption_webhook.go index 1e367bc892..1c00027c60 100644 --- a/api/v1beta1/disruption_webhook.go +++ b/api/v1beta1/disruption_webhook.go @@ -40,7 +40,7 @@ func (r *Disruption) SetupWebhookWithManager(mgr ctrl.Manager, l *zap.SugaredLog Complete() } -//+kubebuilder:webhook:webhookVersions={v1beta1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update,versions=v1beta1,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +//+kubebuilder:webhook:webhookVersions={v1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update,versions=v1beta1,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} var _ webhook.Defaulter = &Disruption{} @@ -52,7 +52,7 @@ func (r *Disruption) Default() { } } -//+kubebuilder:webhook:webhookVersions={v1beta1},path=/validate-chaos-datadoghq-com-v1beta1-disruption,mutating=false,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update;delete,versions=v1beta1,name=vdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +//+kubebuilder:webhook:webhookVersions={v1},path=/validate-chaos-datadoghq-com-v1beta1-disruption,mutating=false,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update;delete,versions=v1beta1,name=vdisruption.kb.io,admissionReviewVersions={v1,v1beta1} var _ webhook.Validator = &Disruption{} diff --git a/chart/install.yaml b/chart/install.yaml index b5fe1abd64..37a5b07549 100644 --- a/chart/install.yaml +++ b/chart/install.yaml @@ -74,11 +74,11 @@ data: timeout: "1m" --- # Source: chaos-controller/templates/crds/chaos.datadoghq.com_disruptions.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.2.4 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: @@ -88,346 +88,347 @@ spec: listKind: DisruptionList plural: disruptions shortNames: - - dis + - dis singular: disruption - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: Disruption is the Schema for the disruptions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DisruptionSpec defines the desired state of Disruption + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Disruption is the Schema for the disruptions API properties: - advancedSelector: - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - nullable: true - type: array - containerFailure: - description: ContainerFailureSpec represents a container failure injection - nullable: true - properties: - forced: - type: boolean - type: object - containers: - items: - type: string - type: array - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - cpuPressure: - description: CPUPressureSpec represents a cpu pressure disruption - nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: type: object - diskPressure: - description: DiskPressureSpec represents a disk pressure disruption - nullable: true + spec: + description: DisruptionSpec defines the desired state of Disruption properties: - path: - type: string - throttling: - description: DiskPressureThrottlingSpec represents a throttle on - read and write disk operations - properties: - readBytesPerSec: - type: integer - writeBytesPerSec: - type: integer - type: object - required: - - path - - throttling - type: object - dns: - description: DNSDisruptionSpec represents a dns disruption - items: - description: HostRecordPair represents a hostname and a corresponding - dns record override - properties: - hostname: - type: string - record: - description: DNSRecord represents a type of DNS Record, such as - A or CNAME, and the value of that record + advancedSelector: + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - type: + key: + description: key is the label key that the selector applies + to. type: string - value: + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - type - - value + - key + - operator type: object - required: - - hostname - - record - type: object - nullable: true - type: array - dryRun: - type: boolean - duration: - type: string - grpc: - description: GRPCDisruptionSpec represents a gRPC disruption - nullable: true - properties: - endpoints: + nullable: true + type: array + containerFailure: + description: ContainerFailureSpec represents a container failure injection + nullable: true + properties: + forced: + type: boolean + type: object + containers: items: - description: EndpointAlteration represents an endpoint to disrupt - and the corresponding error to return + type: string + type: array + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + cpuPressure: + description: CPUPressureSpec represents a cpu pressure disruption + nullable: true + type: object + diskPressure: + description: DiskPressureSpec represents a disk pressure disruption + nullable: true + properties: + path: + type: string + throttling: + description: DiskPressureThrottlingSpec represents a throttle + on read and write disk operations + properties: + readBytesPerSec: + type: integer + writeBytesPerSec: + type: integer + type: object + required: + - path + - throttling + type: object + dns: + description: DNSDisruptionSpec represents a dns disruption + items: + description: HostRecordPair represents a hostname and a corresponding + dns record override properties: - endpoint: - type: string - error: - enum: - - OK - - CANCELED - - UNKNOWN - - INVALID_ARGUMENT - - DEADLINE_EXCEEDED - - NOT_FOUND - - ALREADY_EXISTS - - PERMISSION_DENIED - - RESOURCE_EXHAUSTED - - FAILED_PRECONDITION - - ABORTED - - OUT_OF_RANGE - - UNIMPLEMENTED - - INTERNAL - - UNAVAILABLE - - DATA_LOSS - - UNAUTHENTICATED + hostname: type: string - override: - type: string - queryPercent: - maximum: 100 - minimum: 0 - type: integer + record: + description: DNSRecord represents a type of DNS Record, such + as A or CNAME, and the value of that record + properties: + type: + type: string + value: + type: string + required: + - type + - value + type: object required: - - endpoint + - hostname + - record type: object + nullable: true type: array - port: - maximum: 65535 - minimum: 1 - type: integer + dryRun: + type: boolean + duration: + type: string + grpc: + description: GRPCDisruptionSpec represents a gRPC disruption + nullable: true + properties: + endpoints: + items: + description: EndpointAlteration represents an endpoint to disrupt + and the corresponding error to return + properties: + endpoint: + type: string + error: + enum: + - OK + - CANCELED + - UNKNOWN + - INVALID_ARGUMENT + - DEADLINE_EXCEEDED + - NOT_FOUND + - ALREADY_EXISTS + - PERMISSION_DENIED + - RESOURCE_EXHAUSTED + - FAILED_PRECONDITION + - ABORTED + - OUT_OF_RANGE + - UNIMPLEMENTED + - INTERNAL + - UNAVAILABLE + - DATA_LOSS + - UNAUTHENTICATED + type: string + override: + type: string + queryPercent: + maximum: 100 + minimum: 0 + type: integer + required: + - endpoint + type: object + type: array + port: + maximum: 65535 + minimum: 1 + type: integer + required: + - endpoints + - port + type: object + level: + description: DisruptionLevel represents which level the disruption + should be injected at + enum: + - pod + - node + - "" + type: string + network: + description: NetworkDisruptionSpec represents a network disruption + injection + nullable: true + properties: + allowedHosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + bandwidthLimit: + minimum: 0 + type: integer + corrupt: + maximum: 100 + minimum: 0 + type: integer + delay: + maximum: 60000 + minimum: 0 + type: integer + delayJitter: + maximum: 100 + minimum: 0 + type: integer + drop: + maximum: 100 + minimum: 0 + type: integer + duplicate: + maximum: 100 + minimum: 0 + type: integer + flow: + enum: + - egress + - ingress + type: string + hosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + port: + maximum: 65535 + minimum: 0 + nullable: true + type: integer + services: + items: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + nullable: true + type: array + type: object + nodeFailure: + description: NodeFailureSpec represents a node failure injection + nullable: true + properties: + shutdown: + type: boolean + type: object + onInit: + type: boolean + selector: + additionalProperties: + type: string + description: Set is a map of label:value. It implements Labels. + nullable: true + type: object required: - - endpoints - - port + - count type: object - level: - description: DisruptionLevel represents which level the disruption should - be injected at - enum: - - pod - - node - - "" - type: string - network: - description: NetworkDisruptionSpec represents a network disruption injection - nullable: true + status: + description: DisruptionStatus defines the observed state of Disruption properties: - allowedHosts: + ignoredTargets: items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object + type: string nullable: true type: array - bandwidthLimit: - minimum: 0 - type: integer - corrupt: - maximum: 100 - minimum: 0 - type: integer - delay: - maximum: 60000 - minimum: 0 - type: integer - delayJitter: - maximum: 100 - minimum: 0 - type: integer - drop: - maximum: 100 - minimum: 0 - type: integer - duplicate: - maximum: 100 - minimum: 0 - type: integer - flow: + injectionStatus: + description: DisruptionInjectionStatus represents the injection status + of a disruption enum: - - egress - - ingress + - NotInjected + - PartiallyInjected + - Injected type: string - hosts: + isInjected: + type: boolean + isStuckOnRemoval: + type: boolean + targets: items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object + type: string nullable: true type: array - port: - maximum: 65535 - minimum: 0 + userInfo: + description: UserInfo holds the information about the user needed + to implement the user.Info interface. nullable: true - type: integer - services: - items: - properties: - name: - type: string - namespace: + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: + type: string + type: array + description: Any additional information provided by the authenticator. + type: object + groups: + description: The names of groups this user is a part of. + items: type: string - required: - - name - - namespace - type: object - nullable: true - type: array - type: object - nodeFailure: - description: NodeFailureSpec represents a node failure injection - nullable: true - properties: - shutdown: - type: boolean - type: object - onInit: - type: boolean - selector: - additionalProperties: - type: string - description: Set is a map of label:value. It implements Labels. - nullable: true - type: object - required: - - count - type: object - status: - description: DisruptionStatus defines the observed state of Disruption - properties: - ignoredTargets: - items: - type: string - nullable: true - type: array - injectionStatus: - description: DisruptionInjectionStatus represents the injection status - of a disruption - enum: - - NotInjected - - PartiallyInjected - - Injected - type: string - isInjected: - type: boolean - isStuckOnRemoval: - type: boolean - targets: - items: - type: string - nullable: true - type: array - userInfo: - description: UserInfo holds the information about the user needed to - implement the user.Info interface. - nullable: true - properties: - extra: - additionalProperties: - description: ExtraValue masks the value so protobuf can generate - items: + type: array + uid: + description: A unique value that identifies this user across time. + If this user is deleted and another user by the same name is + added, they will have different UIDs. + type: string + username: + description: The name that uniquely identifies this user among + all active users. type: string - type: array - description: Any additional information provided by the authenticator. type: object - groups: - description: The names of groups this user is a part of. - items: - type: string - type: array - uid: - description: A unique value that identifies this user across time. - If this user is deleted and another user by the same name is added, - they will have different UIDs. - type: string - username: - description: The name that uniquely identifies this user among all - active users. - type: string type: object type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true + served: true + storage: true status: acceptedNames: kind: "" @@ -805,7 +806,7 @@ spec: selfSigned: {} --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -831,7 +832,7 @@ webhooks: - disruptions --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -861,7 +862,7 @@ webhooks: - pods --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -889,7 +890,7 @@ webhooks: - disruptions/status --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: diff --git a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml index 402cbc35ec..46020b22f2 100644 --- a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml +++ b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.2.4 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: @@ -16,342 +16,343 @@ spec: shortNames: - dis singular: disruption - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: Disruption is the Schema for the disruptions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DisruptionSpec defines the desired state of Disruption - properties: - advancedSelector: - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Disruption is the Schema for the disruptions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DisruptionSpec defines the desired state of Disruption + properties: + advancedSelector: + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + nullable: true + type: array + containerFailure: + description: ContainerFailureSpec represents a container failure injection + nullable: true properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists and DoesNotExist. + forced: + type: boolean + type: object + containers: + items: + type: string + type: array + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + cpuPressure: + description: CPUPressureSpec represents a cpu pressure disruption + nullable: true + type: object + diskPressure: + description: DiskPressureSpec represents a disk pressure disruption + nullable: true + properties: + path: type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: + throttling: + description: DiskPressureThrottlingSpec represents a throttle + on read and write disk operations + properties: + readBytesPerSec: + type: integer + writeBytesPerSec: + type: integer + type: object + required: + - path + - throttling + type: object + dns: + description: DNSDisruptionSpec represents a dns disruption + items: + description: HostRecordPair represents a hostname and a corresponding + dns record override + properties: + hostname: type: string + record: + description: DNSRecord represents a type of DNS Record, such + as A or CNAME, and the value of that record + properties: + type: + type: string + value: + type: string + required: + - type + - value + type: object + required: + - hostname + - record + type: object + nullable: true + type: array + dryRun: + type: boolean + duration: + type: string + grpc: + description: GRPCDisruptionSpec represents a gRPC disruption + nullable: true + properties: + endpoints: + items: + description: EndpointAlteration represents an endpoint to disrupt + and the corresponding error to return + properties: + endpoint: + type: string + error: + enum: + - OK + - CANCELED + - UNKNOWN + - INVALID_ARGUMENT + - DEADLINE_EXCEEDED + - NOT_FOUND + - ALREADY_EXISTS + - PERMISSION_DENIED + - RESOURCE_EXHAUSTED + - FAILED_PRECONDITION + - ABORTED + - OUT_OF_RANGE + - UNIMPLEMENTED + - INTERNAL + - UNAVAILABLE + - DATA_LOSS + - UNAUTHENTICATED + type: string + override: + type: string + queryPercent: + maximum: 100 + minimum: 0 + type: integer + required: + - endpoint + type: object type: array + port: + maximum: 65535 + minimum: 1 + type: integer required: - - key - - operator + - endpoints + - port type: object - nullable: true - type: array - containerFailure: - description: ContainerFailureSpec represents a container failure injection - nullable: true - properties: - forced: - type: boolean - type: object - containers: - items: + level: + description: DisruptionLevel represents which level the disruption + should be injected at + enum: + - pod + - node + - "" type: string - type: array - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - cpuPressure: - description: CPUPressureSpec represents a cpu pressure disruption - nullable: true - type: object - diskPressure: - description: DiskPressureSpec represents a disk pressure disruption - nullable: true - properties: - path: - type: string - throttling: - description: DiskPressureThrottlingSpec represents a throttle on - read and write disk operations - properties: - readBytesPerSec: - type: integer - writeBytesPerSec: - type: integer - type: object - required: - - path - - throttling - type: object - dns: - description: DNSDisruptionSpec represents a dns disruption - items: - description: HostRecordPair represents a hostname and a corresponding - dns record override + network: + description: NetworkDisruptionSpec represents a network disruption + injection + nullable: true properties: - hostname: + allowedHosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + bandwidthLimit: + minimum: 0 + type: integer + corrupt: + maximum: 100 + minimum: 0 + type: integer + delay: + maximum: 60000 + minimum: 0 + type: integer + delayJitter: + maximum: 100 + minimum: 0 + type: integer + drop: + maximum: 100 + minimum: 0 + type: integer + duplicate: + maximum: 100 + minimum: 0 + type: integer + flow: + enum: + - egress + - ingress type: string - record: - description: DNSRecord represents a type of DNS Record, such as - A or CNAME, and the value of that record - properties: - type: - type: string - value: - type: string - required: - - type - - value - type: object - required: - - hostname - - record + hosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + port: + maximum: 65535 + minimum: 0 + nullable: true + type: integer + services: + items: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + nullable: true + type: array type: object - nullable: true - type: array - dryRun: - type: boolean - duration: - type: string - grpc: - description: GRPCDisruptionSpec represents a gRPC disruption - nullable: true - properties: - endpoints: - items: - description: EndpointAlteration represents an endpoint to disrupt - and the corresponding error to return - properties: - endpoint: - type: string - error: - enum: - - OK - - CANCELED - - UNKNOWN - - INVALID_ARGUMENT - - DEADLINE_EXCEEDED - - NOT_FOUND - - ALREADY_EXISTS - - PERMISSION_DENIED - - RESOURCE_EXHAUSTED - - FAILED_PRECONDITION - - ABORTED - - OUT_OF_RANGE - - UNIMPLEMENTED - - INTERNAL - - UNAVAILABLE - - DATA_LOSS - - UNAUTHENTICATED - type: string - override: - type: string - queryPercent: - maximum: 100 - minimum: 0 - type: integer - required: - - endpoint - type: object - type: array - port: - maximum: 65535 - minimum: 1 - type: integer - required: - - endpoints - - port - type: object - level: - description: DisruptionLevel represents which level the disruption should - be injected at - enum: - - pod - - node - - "" - type: string - network: - description: NetworkDisruptionSpec represents a network disruption injection - nullable: true - properties: - allowedHosts: - items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object - nullable: true - type: array - bandwidthLimit: - minimum: 0 - type: integer - corrupt: - maximum: 100 - minimum: 0 - type: integer - delay: - maximum: 60000 - minimum: 0 - type: integer - delayJitter: - maximum: 100 - minimum: 0 - type: integer - drop: - maximum: 100 - minimum: 0 - type: integer - duplicate: - maximum: 100 - minimum: 0 - type: integer - flow: - enum: - - egress - - ingress + nodeFailure: + description: NodeFailureSpec represents a node failure injection + nullable: true + properties: + shutdown: + type: boolean + type: object + onInit: + type: boolean + selector: + additionalProperties: type: string - hosts: - items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object - nullable: true - type: array - port: - maximum: 65535 - minimum: 0 - nullable: true - type: integer - services: - items: - properties: - name: - type: string - namespace: + description: Set is a map of label:value. It implements Labels. + nullable: true + type: object + required: + - count + type: object + status: + description: DisruptionStatus defines the observed state of Disruption + properties: + ignoredTargets: + items: + type: string + nullable: true + type: array + injectionStatus: + description: DisruptionInjectionStatus represents the injection status + of a disruption + enum: + - NotInjected + - PartiallyInjected + - Injected + type: string + isInjected: + type: boolean + isStuckOnRemoval: + type: boolean + targets: + items: + type: string + nullable: true + type: array + userInfo: + description: UserInfo holds the information about the user needed + to implement the user.Info interface. + nullable: true + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: type: string - required: - - name - - namespace + type: array + description: Any additional information provided by the authenticator. type: object - nullable: true - type: array - type: object - nodeFailure: - description: NodeFailureSpec represents a node failure injection - nullable: true - properties: - shutdown: - type: boolean - type: object - onInit: - type: boolean - selector: - additionalProperties: - type: string - description: Set is a map of label:value. It implements Labels. - nullable: true - type: object - required: - - count - type: object - status: - description: DisruptionStatus defines the observed state of Disruption - properties: - ignoredTargets: - items: - type: string - nullable: true - type: array - injectionStatus: - description: DisruptionInjectionStatus represents the injection status - of a disruption - enum: - - NotInjected - - PartiallyInjected - - Injected - type: string - isInjected: - type: boolean - isStuckOnRemoval: - type: boolean - targets: - items: - type: string - nullable: true - type: array - userInfo: - description: UserInfo holds the information about the user needed to - implement the user.Info interface. - nullable: true - properties: - extra: - additionalProperties: - description: ExtraValue masks the value so protobuf can generate + groups: + description: The names of groups this user is a part of. items: type: string type: array - description: Any additional information provided by the authenticator. - type: object - groups: - description: The names of groups this user is a part of. - items: + uid: + description: A unique value that identifies this user across time. + If this user is deleted and another user by the same name is + added, they will have different UIDs. type: string - type: array - uid: - description: A unique value that identifies this user across time. - If this user is deleted and another user by the same name is added, - they will have different UIDs. - type: string - username: - description: The name that uniquely identifies this user among all - active users. - type: string - type: object - type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 + username: + description: The name that uniquely identifies this user among + all active users. + type: string + type: object + type: object + type: object served: true storage: true status: diff --git a/chart/templates/webhook.yaml b/chart/templates/webhook.yaml index ccadbfe71c..925b4fd140 100644 --- a/chart/templates/webhook.yaml +++ b/chart/templates/webhook.yaml @@ -8,7 +8,7 @@ {{- $altName2 := "chaos-controller-webhook-service.chaos-engineering.svc.cluster.local" }} {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: @@ -29,6 +29,8 @@ webhooks: path: /validate-chaos-datadoghq-com-v1beta1-disruption failurePolicy: Fail name: chaos-controller-webhook-service.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - chaos.datadoghq.com @@ -41,7 +43,7 @@ webhooks: resources: - disruptions --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -62,6 +64,8 @@ webhooks: path: /mutate-chaos-datadoghq-com-v1beta1-disruption failurePolicy: Fail name: chaos-controller-webhook-service.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - chaos.datadoghq.com @@ -72,7 +76,7 @@ webhooks: resources: - disruptions --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -93,6 +97,8 @@ webhooks: path: /mutate-v1-pod-chaos-handler-init-container failurePolicy: Ignore name: chaos-controller-admission-webhook.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] objectSelector: matchExpressions: - key: "chaos.datadoghq.com/disrupt-on-init" @@ -107,7 +113,7 @@ webhooks: resources: - pods --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -128,6 +134,8 @@ webhooks: path: /mutate-chaos-datadoghq-com-v1beta1-disruption-user-info failurePolicy: Fail name: chaos-controller-admission-webhook.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - "chaos.datadoghq.com" diff --git a/webhook/user_info.go b/webhook/user_info.go index e0315ad848..7a589bfe8e 100644 --- a/webhook/user_info.go +++ b/webhook/user_info.go @@ -16,7 +16,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) -// +kubebuilder:webhook:webhookVersions={v1beta1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption-user-info,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions;disruptions/status,verbs=create,versions=v1beta1,,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +// +kubebuilder:webhook:webhookVersions={v1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption-user-info,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions;disruptions/status,verbs=create,versions=v1beta1,,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} type UserInfoMutator struct { Client client.Client Log *zap.SugaredLogger From 09b20f0d2e68847565d1b719eb5e4a8568de2f49 Mon Sep 17 00:00:00 2001 From: David Fowler Date: Fri, 7 Jan 2022 17:16:04 +0000 Subject: [PATCH 2/4] update controller-gen to version 0.7.0 update makefile with new controller-gen options --- Makefile | 4 ++-- chart/install.yaml | 2 +- chart/templates/crds/chaos.datadoghq.com_disruptions.yaml | 2 +- go.sum | 2 ++ 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index a5faecb3ad..69a083e9c3 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,7 @@ restart: # Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen - $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:trivialVersions=true,preserveUnknownFields=false,crdVersions=v1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ + $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:crdVersions=v1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ # Run go fmt against code fmt: @@ -99,7 +99,7 @@ ifeq (, $(shell which controller-gen)) CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ cd $$CONTROLLER_GEN_TMP_DIR ;\ go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.2 ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 ;\ rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ } CONTROLLER_GEN=$(GOBIN)/controller-gen diff --git a/chart/install.yaml b/chart/install.yaml index 37a5b07549..fc8fecd78e 100644 --- a/chart/install.yaml +++ b/chart/install.yaml @@ -78,7 +78,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: diff --git a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml index 46020b22f2..69b0da08b4 100644 --- a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml +++ b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: diff --git a/go.sum b/go.sum index 6b95a5e2cd..b8051a420b 100644 --- a/go.sum +++ b/go.sum @@ -358,6 +358,7 @@ github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -443,6 +444,7 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/gobuffalo/flect v0.2.3 h1:f/ZukRnSNA/DUpSNDadko7Qc0PhGvsew35p/2tu+CRY= github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI= github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= From 741dab8d825e9726376eb7b6f9a19806db0dfff0 Mon Sep 17 00:00:00 2001 From: David Fowler Date: Mon, 10 Jan 2022 13:16:40 +0000 Subject: [PATCH 3/4] update controller-gen to version 0.7.0 update makefile with new controller-gen options --- go.sum | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.sum b/go.sum index b8051a420b..6b95a5e2cd 100644 --- a/go.sum +++ b/go.sum @@ -358,7 +358,6 @@ github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -444,7 +443,6 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/gobuffalo/flect v0.2.3 h1:f/ZukRnSNA/DUpSNDadko7Qc0PhGvsew35p/2tu+CRY= github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/here v0.6.0 h1:hYrd0a6gDmWxBM4TnrGw8mQg24iSVoIkHEk7FodQcBI= github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= From 4e78be9c716402b1fa1a85b1d9c1d08e4f70288c Mon Sep 17 00:00:00 2001 From: David Fowler Date: Mon, 10 Jan 2022 13:20:27 +0000 Subject: [PATCH 4/4] update controller-gen to version 0.7.0 update makefile with new controller-gen options --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08df4e96a7..d5ced6f13b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -**Oldest Kubernetes version supported: 1.15** +**Oldest Kubernetes version supported: 1.16** > :warning: **Kubernetes version 1.20.x is not supported!** _This [Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/97288) prevents the controller from running properly on Kubernetes 1.20.0-1.20.4. Earlier versions of Kubernetes as well as 1.20.5 and later are still supported._