...
|
...
|
@@ -1,65 +1,93 @@
|
1
|
|
-From f8d5684a26a77a20e4e77aff73ca9c96ac063ed4 Mon Sep 17 00:00:00 2001
|
2
|
|
-From: DheerajSShetty <dheerajs@vmware.com>
|
3
|
|
-Date: Tue, 16 Oct 2018 15:49:44 -0700
|
4
|
|
-Subject: [PATCH] VKE patch for k8s 1.11.3 (350444)
|
|
1
|
+From 71c06970a0147b6a9f566174e345de781fa573f5 Mon Sep 17 00:00:00 2001
|
|
2
|
+From: Amarnath <vaa@vmware.com>
|
|
3
|
+Date: Tue, 27 Nov 2018 18:06:31 +0530
|
|
4
|
+Subject: [PATCH] VCP patch for K8s v1.11.5 (3f918d7)
|
5
|
5
|
|
6
|
6
|
---
|
7
|
|
- api/swagger-spec/apps_v1alpha1.json | 21 +
|
8
|
|
- api/swagger-spec/apps_v1beta1.json | 21 +
|
9
|
|
- api/swagger-spec/apps_v1beta2.json | 21 +
|
10
|
|
- api/swagger-spec/batch_v1.json | 21 +
|
11
|
|
- api/swagger-spec/batch_v1beta1.json | 21 +
|
12
|
|
- api/swagger-spec/batch_v2alpha1.json | 21 +
|
13
|
|
- api/swagger-spec/extensions_v1beta1.json | 21 +
|
14
|
|
- api/swagger-spec/settings.k8s.io_v1alpha1.json | 21 +
|
15
|
|
- api/swagger-spec/v1.json | 25 +
|
16
|
|
- cmd/kube-controller-manager/app/BUILD | 1 +
|
17
|
|
- cmd/kube-controller-manager/app/plugins.go | 4 +
|
18
|
|
- cmd/kubelet/app/BUILD | 1 +
|
19
|
|
- cmd/kubelet/app/plugins.go | 2 +
|
20
|
|
- pkg/apis/core/types.go | 14 +
|
21
|
|
- pkg/apis/core/validation/validation.go | 25 +
|
22
|
|
- pkg/apis/policy/types.go | 1 +
|
23
|
|
- pkg/cloudprovider/providers/BUILD | 2 +
|
24
|
|
- pkg/cloudprovider/providers/cascade/BUILD | 56 +
|
25
|
|
- pkg/cloudprovider/providers/cascade/OWNERS | 3 +
|
26
|
|
- pkg/cloudprovider/providers/cascade/apitypes.go | 230 ++
|
27
|
|
- pkg/cloudprovider/providers/cascade/auth.go | 145 ++
|
28
|
|
- pkg/cloudprovider/providers/cascade/cascade.go | 215 ++
|
29
|
|
- .../providers/cascade/cascade_disks.go | 228 ++
|
30
|
|
- .../providers/cascade/cascade_instances.go | 132 +
|
31
|
|
- .../providers/cascade/cascade_instances_test.go | 44 +
|
32
|
|
- .../providers/cascade/cascade_loadbalancer.go | 285 +++
|
33
|
|
- pkg/cloudprovider/providers/cascade/client.go | 399 +++
|
34
|
|
- pkg/cloudprovider/providers/cascade/oidcclient.go | 297 +++
|
35
|
|
- pkg/cloudprovider/providers/cascade/restclient.go | 262 ++
|
36
|
|
- pkg/cloudprovider/providers/cascade/tests_owed | 5 +
|
37
|
|
- pkg/cloudprovider/providers/cascade/utils.go | 29 +
|
38
|
|
- pkg/cloudprovider/providers/providers.go | 1 +
|
39
|
|
- pkg/kubeapiserver/authorizer/config.go | 8 +-
|
40
|
|
- pkg/kubeapiserver/authorizer/modes/modes.go | 3 +-
|
41
|
|
- pkg/kubeapiserver/options/plugins.go | 3 +
|
42
|
|
- pkg/printers/internalversion/describe.go | 11 +
|
43
|
|
- pkg/security/podsecuritypolicy/util/util.go | 3 +
|
44
|
|
- pkg/volume/cascade_disk/BUILD | 43 +
|
45
|
|
- pkg/volume/cascade_disk/OWNERS | 2 +
|
46
|
|
- pkg/volume/cascade_disk/attacher.go | 264 ++
|
47
|
|
- pkg/volume/cascade_disk/cascade_disk.go | 390 +++
|
48
|
|
- pkg/volume/cascade_disk/cascade_util.go | 162 ++
|
49
|
|
- .../storage/persistentvolume/label/admission.go | 54 +
|
50
|
|
- plugin/pkg/admission/vke/BUILD | 61 +
|
51
|
|
- plugin/pkg/admission/vke/admission.go | 624 +++++
|
52
|
|
- plugin/pkg/admission/vke/admission_test.go | 960 +++++++
|
53
|
|
- plugin/pkg/auth/authorizer/vke/BUILD | 40 +
|
54
|
|
- plugin/pkg/auth/authorizer/vke/OWNERS | 2 +
|
55
|
|
- plugin/pkg/auth/authorizer/vke/vke_authorizer.go | 125 +
|
56
|
|
- .../pkg/auth/authorizer/vke/vke_authorizer_test.go | 230 ++
|
57
|
|
- staging/src/k8s.io/api/core/v1/generated.pb.go | 2686 +++++++++++---------
|
58
|
|
- staging/src/k8s.io/api/core/v1/types.go | 24 +-
|
59
|
|
- 52 files changed, 7054 insertions(+), 1215 deletions(-)
|
|
7
|
+ api/swagger-spec/apps_v1alpha1.json | 21 +
|
|
8
|
+ api/swagger-spec/apps_v1beta1.json | 21 +
|
|
9
|
+ api/swagger-spec/apps_v1beta2.json | 21 +
|
|
10
|
+ api/swagger-spec/batch_v1.json | 21 +
|
|
11
|
+ api/swagger-spec/batch_v1beta1.json | 21 +
|
|
12
|
+ api/swagger-spec/batch_v2alpha1.json | 21 +
|
|
13
|
+ api/swagger-spec/extensions_v1beta1.json | 21 +
|
|
14
|
+ .../settings.k8s.io_v1alpha1.json | 21 +
|
|
15
|
+ api/swagger-spec/v1.json | 25 +
|
|
16
|
+ cmd/kube-controller-manager/app/BUILD | 1 +
|
|
17
|
+ cmd/kube-controller-manager/app/plugins.go | 4 +
|
|
18
|
+ cmd/kubelet/app/BUILD | 1 +
|
|
19
|
+ cmd/kubelet/app/plugins.go | 2 +
|
|
20
|
+ pkg/apis/core/types.go | 14 +
|
|
21
|
+ pkg/apis/core/validation/validation.go | 25 +
|
|
22
|
+ pkg/apis/policy/types.go | 1 +
|
|
23
|
+ pkg/cloudprovider/providers/BUILD | 2 +
|
|
24
|
+ pkg/cloudprovider/providers/cascade/BUILD | 56 +
|
|
25
|
+ pkg/cloudprovider/providers/cascade/OWNERS | 3 +
|
|
26
|
+ .../providers/cascade/apitypes.go | 230 ++
|
|
27
|
+ pkg/cloudprovider/providers/cascade/auth.go | 145 +
|
|
28
|
+ .../providers/cascade/cascade.go | 219 ++
|
|
29
|
+ .../providers/cascade/cascade_disks.go | 253 ++
|
|
30
|
+ .../providers/cascade/cascade_instances.go | 132 +
|
|
31
|
+ .../cascade/cascade_instances_test.go | 44 +
|
|
32
|
+ .../providers/cascade/cascade_loadbalancer.go | 295 ++
|
|
33
|
+ pkg/cloudprovider/providers/cascade/client.go | 400 +++
|
|
34
|
+ .../providers/cascade/oidcclient.go | 297 ++
|
|
35
|
+ .../providers/cascade/restclient.go | 262 ++
|
|
36
|
+ .../providers/cascade/tests_owed | 5 +
|
|
37
|
+ pkg/cloudprovider/providers/cascade/utils.go | 29 +
|
|
38
|
+ pkg/cloudprovider/providers/providers.go | 1 +
|
|
39
|
+ pkg/kubeapiserver/authorizer/config.go | 7 +
|
|
40
|
+ pkg/kubeapiserver/authorizer/modes/modes.go | 3 +-
|
|
41
|
+ pkg/kubeapiserver/options/plugins.go | 3 +
|
|
42
|
+ pkg/printers/internalversion/describe.go | 11 +
|
|
43
|
+ pkg/security/podsecuritypolicy/util/util.go | 3 +
|
|
44
|
+ pkg/volume/cascade_disk/BUILD | 43 +
|
|
45
|
+ pkg/volume/cascade_disk/OWNERS | 2 +
|
|
46
|
+ pkg/volume/cascade_disk/attacher.go | 264 ++
|
|
47
|
+ pkg/volume/cascade_disk/azure_disk_util.go | 135 +
|
|
48
|
+ pkg/volume/cascade_disk/cascade_disk.go | 399 +++
|
|
49
|
+ pkg/volume/cascade_disk/cascade_util.go | 217 ++
|
|
50
|
+ .../persistentvolume/label/admission.go | 54 +
|
|
51
|
+ plugin/pkg/admission/vke/BUILD | 61 +
|
|
52
|
+ plugin/pkg/admission/vke/admission.go | 629 ++++
|
|
53
|
+ plugin/pkg/admission/vke/admission_test.go | 960 ++++++
|
|
54
|
+ plugin/pkg/auth/authorizer/vke/BUILD | 40 +
|
|
55
|
+ plugin/pkg/auth/authorizer/vke/OWNERS | 2 +
|
|
56
|
+ .../pkg/auth/authorizer/vke/vke_authorizer.go | 125 +
|
|
57
|
+ .../authorizer/vke/vke_authorizer_test.go | 230 ++
|
|
58
|
+ .../src/k8s.io/api/core/v1/generated.pb.go | 2686 +++++++++--------
|
|
59
|
+ staging/src/k8s.io/api/core/v1/types.go | 24 +-
|
|
60
|
+ 53 files changed, 7298 insertions(+), 1214 deletions(-)
|
|
61
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/BUILD
|
|
62
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/OWNERS
|
|
63
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/apitypes.go
|
|
64
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/auth.go
|
|
65
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/cascade.go
|
|
66
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/cascade_disks.go
|
|
67
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/cascade_instances.go
|
|
68
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/cascade_instances_test.go
|
|
69
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/cascade_loadbalancer.go
|
|
70
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/client.go
|
|
71
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/oidcclient.go
|
|
72
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/restclient.go
|
|
73
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/tests_owed
|
|
74
|
+ create mode 100644 pkg/cloudprovider/providers/cascade/utils.go
|
|
75
|
+ create mode 100644 pkg/volume/cascade_disk/BUILD
|
|
76
|
+ create mode 100644 pkg/volume/cascade_disk/OWNERS
|
|
77
|
+ create mode 100644 pkg/volume/cascade_disk/attacher.go
|
|
78
|
+ create mode 100644 pkg/volume/cascade_disk/azure_disk_util.go
|
|
79
|
+ create mode 100644 pkg/volume/cascade_disk/cascade_disk.go
|
|
80
|
+ create mode 100644 pkg/volume/cascade_disk/cascade_util.go
|
|
81
|
+ create mode 100644 plugin/pkg/admission/vke/BUILD
|
|
82
|
+ create mode 100644 plugin/pkg/admission/vke/admission.go
|
|
83
|
+ create mode 100644 plugin/pkg/admission/vke/admission_test.go
|
|
84
|
+ create mode 100644 plugin/pkg/auth/authorizer/vke/BUILD
|
|
85
|
+ create mode 100644 plugin/pkg/auth/authorizer/vke/OWNERS
|
|
86
|
+ create mode 100644 plugin/pkg/auth/authorizer/vke/vke_authorizer.go
|
|
87
|
+ create mode 100644 plugin/pkg/auth/authorizer/vke/vke_authorizer_test.go
|
60
|
88
|
|
61
|
89
|
diff --git a/api/swagger-spec/apps_v1alpha1.json b/api/swagger-spec/apps_v1alpha1.json
|
62
|
|
-index 6f54662..0ce6f3f 100644
|
|
90
|
+index 6f546623de..0ce6f3f2fc 100644
|
63
|
91
|
--- a/api/swagger-spec/apps_v1alpha1.json
|
64
|
92
|
+++ b/api/swagger-spec/apps_v1alpha1.json
|
65
|
93
|
@@ -1459,6 +1459,10 @@
|
...
|
...
|
@@ -98,7 +126,7 @@ index 6f54662..0ce6f3f 100644
|
98
|
98
|
"id": "v1.Container",
|
99
|
99
|
"description": "A single application container that you want to run within a pod.",
|
100
|
100
|
diff --git a/api/swagger-spec/apps_v1beta1.json b/api/swagger-spec/apps_v1beta1.json
|
101
|
|
-index eaacb45..dfe9400 100644
|
|
101
|
+index eaacb45105..dfe940052f 100644
|
102
|
102
|
--- a/api/swagger-spec/apps_v1beta1.json
|
103
|
103
|
+++ b/api/swagger-spec/apps_v1beta1.json
|
104
|
104
|
@@ -4490,6 +4490,10 @@
|
...
|
...
|
@@ -137,7 +165,7 @@ index eaacb45..dfe9400 100644
|
137
|
137
|
"id": "v1.ProjectedVolumeSource",
|
138
|
138
|
"description": "Represents a projected volume source",
|
139
|
139
|
diff --git a/api/swagger-spec/apps_v1beta2.json b/api/swagger-spec/apps_v1beta2.json
|
140
|
|
-index d6bc46e..1c60717 100644
|
|
140
|
+index d6bc46eae9..1c607176a2 100644
|
141
|
141
|
--- a/api/swagger-spec/apps_v1beta2.json
|
142
|
142
|
+++ b/api/swagger-spec/apps_v1beta2.json
|
143
|
143
|
@@ -6856,6 +6856,10 @@
|
...
|
...
|
@@ -176,7 +204,7 @@ index d6bc46e..1c60717 100644
|
176
|
176
|
"id": "v1.ProjectedVolumeSource",
|
177
|
177
|
"description": "Represents a projected volume source",
|
178
|
178
|
diff --git a/api/swagger-spec/batch_v1.json b/api/swagger-spec/batch_v1.json
|
179
|
|
-index 3f4abc9..2ed4018 100644
|
|
179
|
+index 3f4abc9212..2ed4018106 100644
|
180
|
180
|
--- a/api/swagger-spec/batch_v1.json
|
181
|
181
|
+++ b/api/swagger-spec/batch_v1.json
|
182
|
182
|
@@ -1830,6 +1830,10 @@
|
...
|
...
|
@@ -215,7 +243,7 @@ index 3f4abc9..2ed4018 100644
|
215
|
215
|
"id": "v1.ProjectedVolumeSource",
|
216
|
216
|
"description": "Represents a projected volume source",
|
217
|
217
|
diff --git a/api/swagger-spec/batch_v1beta1.json b/api/swagger-spec/batch_v1beta1.json
|
218
|
|
-index 58fa752..74fcd28 100644
|
|
218
|
+index 58fa7522e8..74fcd28e7d 100644
|
219
|
219
|
--- a/api/swagger-spec/batch_v1beta1.json
|
220
|
220
|
+++ b/api/swagger-spec/batch_v1beta1.json
|
221
|
221
|
@@ -1885,6 +1885,10 @@
|
...
|
...
|
@@ -254,7 +282,7 @@ index 58fa752..74fcd28 100644
|
254
|
254
|
"id": "v1.ProjectedVolumeSource",
|
255
|
255
|
"description": "Represents a projected volume source",
|
256
|
256
|
diff --git a/api/swagger-spec/batch_v2alpha1.json b/api/swagger-spec/batch_v2alpha1.json
|
257
|
|
-index 050235b..3484e13 100644
|
|
257
|
+index 050235b53f..3484e13353 100644
|
258
|
258
|
--- a/api/swagger-spec/batch_v2alpha1.json
|
259
|
259
|
+++ b/api/swagger-spec/batch_v2alpha1.json
|
260
|
260
|
@@ -1900,6 +1900,10 @@
|
...
|
...
|
@@ -293,7 +321,7 @@ index 050235b..3484e13 100644
|
293
|
293
|
"id": "v1.Container",
|
294
|
294
|
"description": "A single application container that you want to run within a pod.",
|
295
|
295
|
diff --git a/api/swagger-spec/extensions_v1beta1.json b/api/swagger-spec/extensions_v1beta1.json
|
296
|
|
-index 07c832d..26d2578 100644
|
|
296
|
+index 07c832d787..26d2578257 100644
|
297
|
297
|
--- a/api/swagger-spec/extensions_v1beta1.json
|
298
|
298
|
+++ b/api/swagger-spec/extensions_v1beta1.json
|
299
|
299
|
@@ -7513,6 +7513,10 @@
|
...
|
...
|
@@ -332,7 +360,7 @@ index 07c832d..26d2578 100644
|
332
|
332
|
"id": "v1.ProjectedVolumeSource",
|
333
|
333
|
"description": "Represents a projected volume source",
|
334
|
334
|
diff --git a/api/swagger-spec/settings.k8s.io_v1alpha1.json b/api/swagger-spec/settings.k8s.io_v1alpha1.json
|
335
|
|
-index 8c9e275..90c0e0b 100644
|
|
335
|
+index 8c9e275eb5..90c0e0b777 100644
|
336
|
336
|
--- a/api/swagger-spec/settings.k8s.io_v1alpha1.json
|
337
|
337
|
+++ b/api/swagger-spec/settings.k8s.io_v1alpha1.json
|
338
|
338
|
@@ -1676,6 +1676,10 @@
|
...
|
...
|
@@ -371,7 +399,7 @@ index 8c9e275..90c0e0b 100644
|
371
|
371
|
"id": "v1.ProjectedVolumeSource",
|
372
|
372
|
"description": "Represents a projected volume source",
|
373
|
373
|
diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json
|
374
|
|
-index 7cfc2e9..b36450e 100644
|
|
374
|
+index 7cfc2e91ac..b36450efdf 100644
|
375
|
375
|
--- a/api/swagger-spec/v1.json
|
376
|
376
|
+++ b/api/swagger-spec/v1.json
|
377
|
377
|
@@ -19360,6 +19360,10 @@
|
...
|
...
|
@@ -421,7 +449,7 @@ index 7cfc2e9..b36450e 100644
|
421
|
421
|
}
|
422
|
422
|
},
|
423
|
423
|
diff --git a/cmd/kube-controller-manager/app/BUILD b/cmd/kube-controller-manager/app/BUILD
|
424
|
|
-index 64c82a7..0a9bd71 100644
|
|
424
|
+index 64c82a719a..0a9bd71e9c 100644
|
425
|
425
|
--- a/cmd/kube-controller-manager/app/BUILD
|
426
|
426
|
+++ b/cmd/kube-controller-manager/app/BUILD
|
427
|
427
|
@@ -86,6 +86,7 @@ go_library(
|
...
|
...
|
@@ -433,7 +461,7 @@ index 64c82a7..0a9bd71 100644
|
433
|
433
|
"//pkg/volume/csi:go_default_library",
|
434
|
434
|
"//pkg/volume/fc:go_default_library",
|
435
|
435
|
diff --git a/cmd/kube-controller-manager/app/plugins.go b/cmd/kube-controller-manager/app/plugins.go
|
436
|
|
-index 42034d5..e729785 100644
|
|
436
|
+index 42034d5c6d..e729785006 100644
|
437
|
437
|
--- a/cmd/kube-controller-manager/app/plugins.go
|
438
|
438
|
+++ b/cmd/kube-controller-manager/app/plugins.go
|
439
|
439
|
@@ -34,6 +34,7 @@ import (
|
...
|
...
|
@@ -469,7 +497,7 @@ index 42034d5..e729785 100644
|
469
|
469
|
return allPlugins
|
470
|
470
|
}
|
471
|
471
|
diff --git a/cmd/kubelet/app/BUILD b/cmd/kubelet/app/BUILD
|
472
|
|
-index b2f3efb..278970c 100644
|
|
472
|
+index b2f3efbc79..278970c4cb 100644
|
473
|
473
|
--- a/cmd/kubelet/app/BUILD
|
474
|
474
|
+++ b/cmd/kubelet/app/BUILD
|
475
|
475
|
@@ -119,6 +119,7 @@ go_library(
|
...
|
...
|
@@ -481,7 +509,7 @@ index b2f3efb..278970c 100644
|
481
|
481
|
"//pkg/volume/cinder:go_default_library",
|
482
|
482
|
"//pkg/volume/configmap:go_default_library",
|
483
|
483
|
diff --git a/cmd/kubelet/app/plugins.go b/cmd/kubelet/app/plugins.go
|
484
|
|
-index 22700b0..540e501 100644
|
|
484
|
+index 22700b051f..540e5016a1 100644
|
485
|
485
|
--- a/cmd/kubelet/app/plugins.go
|
486
|
486
|
+++ b/cmd/kubelet/app/plugins.go
|
487
|
487
|
@@ -32,6 +32,7 @@ import (
|
...
|
...
|
@@ -501,7 +529,7 @@ index 22700b0..540e501 100644
|
501
|
501
|
allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
|
502
|
502
|
}
|
503
|
503
|
diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go
|
504
|
|
-index 1669edc..60ba08e 100644
|
|
504
|
+index 1669edc41e..60ba08e91b 100644
|
505
|
505
|
--- a/pkg/apis/core/types.go
|
506
|
506
|
+++ b/pkg/apis/core/types.go
|
507
|
507
|
@@ -152,6 +152,8 @@ type VolumeSource struct {
|
...
|
...
|
@@ -540,7 +568,7 @@ index 1669edc..60ba08e 100644
|
540
|
540
|
//
|
541
|
541
|
// The contents of the target ConfigMap's Data field will be presented in a
|
542
|
542
|
diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go
|
543
|
|
-index 7050c60..cf15bb7 100644
|
|
543
|
+index 7050c604e5..cf15bb705d 100644
|
544
|
544
|
--- a/pkg/apis/core/validation/validation.go
|
545
|
545
|
+++ b/pkg/apis/core/validation/validation.go
|
546
|
546
|
@@ -638,6 +638,14 @@ func validateVolumeSource(source *core.VolumeSource, fldPath *field.Path, volNam
|
...
|
...
|
@@ -590,7 +618,7 @@ index 7050c60..cf15bb7 100644
|
590
|
590
|
allErrs = append(allErrs, field.Required(specPath, "must specify a volume type"))
|
591
|
591
|
}
|
592
|
592
|
diff --git a/pkg/apis/policy/types.go b/pkg/apis/policy/types.go
|
593
|
|
-index 298fcd0..174d0fc 100644
|
|
593
|
+index 298fcd0e4d..174d0fc876 100644
|
594
|
594
|
--- a/pkg/apis/policy/types.go
|
595
|
595
|
+++ b/pkg/apis/policy/types.go
|
596
|
596
|
@@ -290,6 +290,7 @@ var (
|
...
|
...
|
@@ -602,7 +630,7 @@ index 298fcd0..174d0fc 100644
|
602
|
602
|
)
|
603
|
603
|
|
604
|
604
|
diff --git a/pkg/cloudprovider/providers/BUILD b/pkg/cloudprovider/providers/BUILD
|
605
|
|
-index aeccfa1..4313576 100644
|
|
605
|
+index aeccfa1e5b..4313576203 100644
|
606
|
606
|
--- a/pkg/cloudprovider/providers/BUILD
|
607
|
607
|
+++ b/pkg/cloudprovider/providers/BUILD
|
608
|
608
|
@@ -12,6 +12,7 @@ go_library(
|
...
|
...
|
@@ -623,7 +651,7 @@ index aeccfa1..4313576 100644
|
623
|
623
|
"//pkg/cloudprovider/providers/gce:all-srcs",
|
624
|
624
|
diff --git a/pkg/cloudprovider/providers/cascade/BUILD b/pkg/cloudprovider/providers/cascade/BUILD
|
625
|
625
|
new file mode 100644
|
626
|
|
-index 0000000..4089166
|
|
626
|
+index 0000000000..4089166732
|
627
|
627
|
--- /dev/null
|
628
|
628
|
+++ b/pkg/cloudprovider/providers/cascade/BUILD
|
629
|
629
|
@@ -0,0 +1,56 @@
|
...
|
...
|
@@ -685,7 +713,7 @@ index 0000000..4089166
|
685
|
685
|
+)
|
686
|
686
|
diff --git a/pkg/cloudprovider/providers/cascade/OWNERS b/pkg/cloudprovider/providers/cascade/OWNERS
|
687
|
687
|
new file mode 100644
|
688
|
|
-index 0000000..70efc9d
|
|
688
|
+index 0000000000..70efc9dc1c
|
689
|
689
|
--- /dev/null
|
690
|
690
|
+++ b/pkg/cloudprovider/providers/cascade/OWNERS
|
691
|
691
|
@@ -0,0 +1,3 @@
|
...
|
...
|
@@ -694,7 +722,7 @@ index 0000000..70efc9d
|
694
|
694
|
+- ysheng
|
695
|
695
|
diff --git a/pkg/cloudprovider/providers/cascade/apitypes.go b/pkg/cloudprovider/providers/cascade/apitypes.go
|
696
|
696
|
new file mode 100644
|
697
|
|
-index 0000000..d437394
|
|
697
|
+index 0000000000..d437394462
|
698
|
698
|
--- /dev/null
|
699
|
699
|
+++ b/pkg/cloudprovider/providers/cascade/apitypes.go
|
700
|
700
|
@@ -0,0 +1,230 @@
|
...
|
...
|
@@ -930,7 +958,7 @@ index 0000000..d437394
|
930
|
930
|
+}
|
931
|
931
|
diff --git a/pkg/cloudprovider/providers/cascade/auth.go b/pkg/cloudprovider/providers/cascade/auth.go
|
932
|
932
|
new file mode 100644
|
933
|
|
-index 0000000..fc92377
|
|
933
|
+index 0000000000..fc9237767f
|
934
|
934
|
--- /dev/null
|
935
|
935
|
+++ b/pkg/cloudprovider/providers/cascade/auth.go
|
936
|
936
|
@@ -0,0 +1,145 @@
|
...
|
...
|
@@ -1082,10 +1110,10 @@ index 0000000..fc92377
|
1082
|
1082
|
\ No newline at end of file
|
1083
|
1083
|
diff --git a/pkg/cloudprovider/providers/cascade/cascade.go b/pkg/cloudprovider/providers/cascade/cascade.go
|
1084
|
1084
|
new file mode 100644
|
1085
|
|
-index 0000000..06ada64
|
|
1085
|
+index 0000000000..b9fafb92e1
|
1086
|
1086
|
--- /dev/null
|
1087
|
1087
|
+++ b/pkg/cloudprovider/providers/cascade/cascade.go
|
1088
|
|
-@@ -0,0 +1,215 @@
|
|
1088
|
+@@ -0,0 +1,219 @@
|
1089
|
1089
|
+// The use of Cascade cloud provider requires the kubelet, kube-apiserver, and kube-controller-manager to be started
|
1090
|
1090
|
+// with config flag: '--cloud-provider=cascade --cloud-config=[path_to_config_file]'.
|
1091
|
1091
|
+package cascade
|
...
|
...
|
@@ -1176,11 +1204,15 @@ index 0000000..06ada64
|
1176
|
1176
|
+
|
1177
|
1177
|
+// VolumeOptions specifies capacity, tags, name and flavorID for a volume.
|
1178
|
1178
|
+type VolumeOptions struct {
|
1179
|
|
-+ CapacityGB int
|
1180
|
|
-+ Tags map[string]string
|
1181
|
|
-+ Name string
|
1182
|
|
-+ Flavor string
|
1183
|
|
-+ Encrypted bool
|
|
1179
|
++ CapacityGB int
|
|
1180
|
++ Tags map[string]string
|
|
1181
|
++ Name string
|
|
1182
|
++ Type string
|
|
1183
|
++ ZonePresent bool
|
|
1184
|
++ ZonesPresent bool
|
|
1185
|
++ AvailabilityZone string
|
|
1186
|
++ AvailabilityZones string
|
|
1187
|
++ Encrypted bool
|
1184
|
1188
|
+}
|
1185
|
1189
|
+
|
1186
|
1190
|
+func readConfig(config io.Reader) (*CascadeConfig, error) {
|
...
|
...
|
@@ -1303,14 +1335,15 @@ index 0000000..06ada64
|
1303
|
1303
|
+}
|
1304
|
1304
|
diff --git a/pkg/cloudprovider/providers/cascade/cascade_disks.go b/pkg/cloudprovider/providers/cascade/cascade_disks.go
|
1305
|
1305
|
new file mode 100644
|
1306
|
|
-index 0000000..a2e8ded
|
|
1306
|
+index 0000000000..e889a28951
|
1307
|
1307
|
--- /dev/null
|
1308
|
1308
|
+++ b/pkg/cloudprovider/providers/cascade/cascade_disks.go
|
1309
|
|
-@@ -0,0 +1,228 @@
|
|
1309
|
+@@ -0,0 +1,253 @@
|
1310
|
1310
|
+package cascade
|
1311
|
1311
|
+
|
1312
|
1312
|
+import (
|
1313
|
1313
|
+ "context"
|
|
1314
|
++ "fmt"
|
1314
|
1315
|
+ "github.com/golang/glog"
|
1315
|
1316
|
+ k8stypes "k8s.io/apimachinery/pkg/types"
|
1316
|
1317
|
+ "k8s.io/apimachinery/pkg/util/sets"
|
...
|
...
|
@@ -1324,7 +1357,7 @@ index 0000000..a2e8ded
|
1324
|
1324
|
+ // Check if disk is already attached to that node.
|
1325
|
1325
|
+ attached, err := cc.DiskIsAttached(diskID, nodeName)
|
1326
|
1326
|
+ if err != nil {
|
1327
|
|
-+ glog.Errorf("Cascade Cloud Provider: cc.DiskIsAttached failed during AttachDisk. Error[%v]", err)
|
|
1327
|
++ glog.Errorf("VKE Cloud Provider: cc.DiskIsAttached failed during AttachDisk. Error[%v]", err)
|
1328
|
1328
|
+ return "", err
|
1329
|
1329
|
+ }
|
1330
|
1330
|
+
|
...
|
...
|
@@ -1336,19 +1369,19 @@ index 0000000..a2e8ded
|
1336
|
1336
|
+
|
1337
|
1337
|
+ vmID, err := cc.InstanceID(context.TODO(), nodeName)
|
1338
|
1338
|
+ if err != nil {
|
1339
|
|
-+ glog.Errorf("Cascade Cloud Provider: cc.InstanceID failed for AttachDisk. Error[%v]", err)
|
|
1339
|
++ glog.Errorf("VKE Cloud Provider: cc.InstanceID failed for AttachDisk. Error[%v]", err)
|
1340
|
1340
|
+ return "", err
|
1341
|
1341
|
+ }
|
1342
|
1342
|
+
|
1343
|
1343
|
+ task, err := cc.apiClient.AttachDisk(vmID, operation)
|
1344
|
1344
|
+ if err != nil {
|
1345
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to attach disk with ID %s. Error[%v]", diskID, err)
|
|
1345
|
++ glog.Errorf("VKE Cloud Provider: Failed to attach disk with ID %s. Error[%v]", diskID, err)
|
1346
|
1346
|
+ return "", err
|
1347
|
1347
|
+ }
|
1348
|
1348
|
+
|
1349
|
1349
|
+ _, err = cc.apiClient.WaitForTask(StringVal(task.ID))
|
1350
|
1350
|
+ if err != nil {
|
1351
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to wait for task to attach disk with ID %s. Error[%v]",
|
|
1351
|
++ glog.Errorf("VKE Cloud Provider: Failed to wait for task to attach disk with ID %s. Error[%v]",
|
1352
|
1352
|
+ diskID, err)
|
1353
|
1353
|
+ return "", err
|
1354
|
1354
|
+ }
|
...
|
...
|
@@ -1357,7 +1390,7 @@ index 0000000..a2e8ded
|
1357
|
1357
|
+ // Get mount device of the attached disk.
|
1358
|
1358
|
+ disk, err := cc.apiClient.GetDisk(diskID)
|
1359
|
1359
|
+ if err != nil {
|
1360
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to Get disk with diskID %s. Error[%v]", diskID, err)
|
|
1360
|
++ glog.Errorf("VKE Cloud Provider: Failed to Get disk with diskID %s. Error[%v]", diskID, err)
|
1361
|
1361
|
+ return "", err
|
1362
|
1362
|
+ }
|
1363
|
1363
|
+
|
...
|
...
|
@@ -1372,19 +1405,19 @@ index 0000000..a2e8ded
|
1372
|
1372
|
+
|
1373
|
1373
|
+ vmID, err := cc.InstanceID(context.TODO(), nodeName)
|
1374
|
1374
|
+ if err != nil {
|
1375
|
|
-+ glog.Errorf("Cascade Cloud Provider: cc.InstanceID failed for DetachDisk. Error[%v]", err)
|
|
1375
|
++ glog.Errorf("VKE Cloud Provider: cc.InstanceID failed for DetachDisk. Error[%v]", err)
|
1376
|
1376
|
+ return err
|
1377
|
1377
|
+ }
|
1378
|
1378
|
+
|
1379
|
1379
|
+ task, err := cc.apiClient.DetachDisk(vmID, operation)
|
1380
|
1380
|
+ if err != nil {
|
1381
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to detach disk with pdID %s. Error[%v]", diskID, err)
|
|
1381
|
++ glog.Errorf("VKE Cloud Provider: Failed to detach disk with pdID %s. Error[%v]", diskID, err)
|
1382
|
1382
|
+ return err
|
1383
|
1383
|
+ }
|
1384
|
1384
|
+
|
1385
|
1385
|
+ _, err = cc.apiClient.WaitForTask(StringVal(task.ID))
|
1386
|
1386
|
+ if err != nil {
|
1387
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to wait for task to detach disk with pdID %s. Error[%v]",
|
|
1387
|
++ glog.Errorf("VKE Cloud Provider: Failed to wait for task to detach disk with pdID %s. Error[%v]",
|
1388
|
1388
|
+ diskID, err)
|
1389
|
1389
|
+ return err
|
1390
|
1390
|
+ }
|
...
|
...
|
@@ -1396,7 +1429,7 @@ index 0000000..a2e8ded
|
1396
|
1396
|
+func (cc *CascadeCloud) DiskIsAttached(diskID string, nodeName k8stypes.NodeName) (bool, error) {
|
1397
|
1397
|
+ vmID, err := cc.InstanceID(context.TODO(), nodeName)
|
1398
|
1398
|
+ if err != nil {
|
1399
|
|
-+ glog.Errorf("Cascade Cloud Provider: cc.InstanceID failed for DiskIsAttached. Error[%v]", err)
|
|
1399
|
++ glog.Errorf("VKE Cloud Provider: cc.InstanceID failed for DiskIsAttached. Error[%v]", err)
|
1400
|
1400
|
+ return false, err
|
1401
|
1401
|
+ }
|
1402
|
1402
|
+
|
...
|
...
|
@@ -1406,7 +1439,7 @@ index 0000000..a2e8ded
|
1406
|
1406
|
+ case APIError:
|
1407
|
1407
|
+ if err.(APIError).ErrorCode == VMNotFoundError {
|
1408
|
1408
|
+ // If instance no longer exists, we will assume that the volume is not attached.
|
1409
|
|
-+ glog.Warningf("Cascade Cloud Provider: Instance %s does not exist. DiskIsAttached will assume"+
|
|
1409
|
++ glog.Warningf("VKE Cloud Provider: Instance %s does not exist. DiskIsAttached will assume"+
|
1410
|
1410
|
+ " disk %s is not attached to it.", nodeName, diskID)
|
1411
|
1411
|
+ return false, nil
|
1412
|
1412
|
+ }
|
...
|
...
|
@@ -1416,7 +1449,7 @@ index 0000000..a2e8ded
|
1416
|
1416
|
+
|
1417
|
1417
|
+ disk, err := cc.apiClient.GetDisk(diskID)
|
1418
|
1418
|
+ if err != nil {
|
1419
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to Get disk with diskID %s. Error[%v]", diskID, err)
|
|
1419
|
++ glog.Errorf("VKE Cloud Provider: Failed to Get disk with diskID %s. Error[%v]", diskID, err)
|
1420
|
1420
|
+ return false, err
|
1421
|
1421
|
+ }
|
1422
|
1422
|
+
|
...
|
...
|
@@ -1436,14 +1469,14 @@ index 0000000..a2e8ded
|
1436
|
1436
|
+
|
1437
|
1437
|
+ vmID, err := cc.InstanceID(context.TODO(), nodeName)
|
1438
|
1438
|
+ if err != nil {
|
1439
|
|
-+ glog.Errorf("Cascade Cloud Provider: cc.InstanceID failed for DiskIsAttached. Error[%v]", err)
|
|
1439
|
++ glog.Errorf("VKE Cloud Provider: cc.InstanceID failed for DiskIsAttached. Error[%v]", err)
|
1440
|
1440
|
+ return attached, err
|
1441
|
1441
|
+ }
|
1442
|
1442
|
+
|
1443
|
1443
|
+ for _, diskID := range diskIDs {
|
1444
|
1444
|
+ disk, err := cc.apiClient.GetDisk(diskID)
|
1445
|
1445
|
+ if err != nil {
|
1446
|
|
-+ glog.Warningf("Cascade Cloud Provider: failed to get VMs for persistent disk %s, err [%v]",
|
|
1446
|
++ glog.Warningf("VKE Cloud Provider: failed to get VMs for persistent disk %s, err [%v]",
|
1447
|
1447
|
+ diskID, err)
|
1448
|
1448
|
+ } else {
|
1449
|
1449
|
+ if disk.VM == vmID && StringVal(disk.State) == DiskStateAttached {
|
...
|
...
|
@@ -1460,7 +1493,7 @@ index 0000000..a2e8ded
|
1460
|
1460
|
+ // Get Zones for the cluster
|
1461
|
1461
|
+ zones, err := cc.apiClient.GetZones()
|
1462
|
1462
|
+ if err != nil {
|
1463
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to Get zones for the cluster. Error[%v]", err)
|
|
1463
|
++ glog.Errorf("VKE Cloud Provider: Failed to Get zones for the cluster. Error[%v]", err)
|
1464
|
1464
|
+ return "", err
|
1465
|
1465
|
+ }
|
1466
|
1466
|
+
|
...
|
...
|
@@ -1469,11 +1502,35 @@ index 0000000..a2e8ded
|
1469
|
1469
|
+ for _, zone := range zones {
|
1470
|
1470
|
+ zoneSet.Insert(zone)
|
1471
|
1471
|
+ }
|
1472
|
|
-+ zone := volumeutil.ChooseZoneForVolume(zoneSet, volumeOptions.Name)
|
|
1472
|
++ var zone string
|
|
1473
|
++ if !volumeOptions.ZonePresent && !volumeOptions.ZonesPresent {
|
|
1474
|
++ zone = volumeutil.ChooseZoneForVolume(zoneSet, volumeOptions.Name)
|
|
1475
|
++ }
|
|
1476
|
++ if !volumeOptions.ZonePresent && volumeOptions.ZonesPresent {
|
|
1477
|
++ userZoneSet, err := volumeutil.ZonesToSet(volumeOptions.AvailabilityZones)
|
|
1478
|
++ if err != nil {
|
|
1479
|
++ return "", err
|
|
1480
|
++ }
|
|
1481
|
++ if !zoneSet.IsSuperset(userZoneSet) {
|
|
1482
|
++ return "", fmt.Errorf("VKE Cloud Provider: Zones '%s' is invalid. "+
|
|
1483
|
++ "Please use one or more of the following zones: %v", volumeOptions.AvailabilityZones, zoneSet.List())
|
|
1484
|
++ }
|
|
1485
|
++ zone = volumeutil.ChooseZoneForVolume(userZoneSet, volumeOptions.Name)
|
|
1486
|
++ }
|
|
1487
|
++ if volumeOptions.ZonePresent && !volumeOptions.ZonesPresent {
|
|
1488
|
++ if err := volumeutil.ValidateZone(volumeOptions.AvailabilityZone); err != nil {
|
|
1489
|
++ return "", err
|
|
1490
|
++ }
|
|
1491
|
++ if !zoneSet.Has(volumeOptions.AvailabilityZone) {
|
|
1492
|
++ return "", fmt.Errorf("VKE Cloud Provider: Zone '%s' is invalid. "+
|
|
1493
|
++ "Please use one of the following zones: %v", volumeOptions.AvailabilityZone, zoneSet.List())
|
|
1494
|
++ }
|
|
1495
|
++ zone = volumeOptions.AvailabilityZone
|
|
1496
|
++ }
|
1473
|
1497
|
+
|
1474
|
1498
|
+ diskSpec := DiskCreateSpec{}
|
1475
|
1499
|
+ diskSpec.Name = StringPtr(volumeOptions.Name)
|
1476
|
|
-+ diskSpec.Flavor = StringPtr(volumeOptions.Flavor)
|
|
1500
|
++ diskSpec.Flavor = StringPtr(volumeOptions.Type)
|
1477
|
1501
|
+ diskSpec.CapacityGB = Int32Ptr(int32(volumeOptions.CapacityGB))
|
1478
|
1502
|
+ diskSpec.Kind = StringPtr(DiskSpecKind)
|
1479
|
1503
|
+ diskSpec.Zone = StringPtr(zone)
|
...
|
...
|
@@ -1481,13 +1538,13 @@ index 0000000..a2e8ded
|
1481
|
1481
|
+
|
1482
|
1482
|
+ task, err := cc.apiClient.CreateDisk(&diskSpec)
|
1483
|
1483
|
+ if err != nil {
|
1484
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to CreateDisk. Error[%v]", err)
|
|
1484
|
++ glog.Errorf("VKE Cloud Provider: Failed to CreateDisk. Error[%v]", err)
|
1485
|
1485
|
+ return "", err
|
1486
|
1486
|
+ }
|
1487
|
1487
|
+
|
1488
|
1488
|
+ waitTask, err := cc.apiClient.WaitForTask(StringVal(task.ID))
|
1489
|
1489
|
+ if err != nil {
|
1490
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to wait for task to CreateDisk. Error[%v]", err)
|
|
1490
|
++ glog.Errorf("VKE Cloud Provider: Failed to wait for task to CreateDisk. Error[%v]", err)
|
1491
|
1491
|
+ return "", err
|
1492
|
1492
|
+ }
|
1493
|
1493
|
+
|
...
|
...
|
@@ -1498,7 +1555,7 @@ index 0000000..a2e8ded
|
1498
|
1498
|
+func (cc *CascadeCloud) DeleteDisk(diskID string) error {
|
1499
|
1499
|
+ task, err := cc.apiClient.DeleteDisk(diskID)
|
1500
|
1500
|
+ if err != nil {
|
1501
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to DeleteDisk. Error[%v]", err)
|
|
1501
|
++ glog.Errorf("VKE Cloud Provider: Failed to DeleteDisk. Error[%v]", err)
|
1502
|
1502
|
+ // If we get a DiskNotFound error, we assume that the disk is already deleted. So we don't return an error here.
|
1503
|
1503
|
+ switch err.(type) {
|
1504
|
1504
|
+ case APIError:
|
...
|
...
|
@@ -1514,7 +1571,7 @@ index 0000000..a2e8ded
|
1514
|
1514
|
+
|
1515
|
1515
|
+ _, err = cc.apiClient.WaitForTask(StringVal(task.ID))
|
1516
|
1516
|
+ if err != nil {
|
1517
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to wait for task to DeleteDisk. Error[%v]", err)
|
|
1517
|
++ glog.Errorf("VKE Cloud Provider: Failed to wait for task to DeleteDisk. Error[%v]", err)
|
1518
|
1518
|
+ return err
|
1519
|
1519
|
+ }
|
1520
|
1520
|
+
|
...
|
...
|
@@ -1525,7 +1582,7 @@ index 0000000..a2e8ded
|
1525
|
1525
|
+func (cc *CascadeCloud) GetVolumeLabels(diskID string) (map[string]string, error) {
|
1526
|
1526
|
+ disk, err := cc.apiClient.GetDisk(diskID)
|
1527
|
1527
|
+ if err != nil {
|
1528
|
|
-+ glog.Errorf("Cascade Cloud Provider: Failed to GetDisk for GetVolumeLabels. Error[%v]", err)
|
|
1528
|
++ glog.Errorf("VKE Cloud Provider: Failed to GetDisk for GetVolumeLabels. Error[%v]", err)
|
1529
|
1529
|
+ return nil, err
|
1530
|
1530
|
+ }
|
1531
|
1531
|
+
|
...
|
...
|
@@ -1537,7 +1594,7 @@ index 0000000..a2e8ded
|
1537
|
1537
|
+}
|
1538
|
1538
|
diff --git a/pkg/cloudprovider/providers/cascade/cascade_instances.go b/pkg/cloudprovider/providers/cascade/cascade_instances.go
|
1539
|
1539
|
new file mode 100644
|
1540
|
|
-index 0000000..33acfc0
|
|
1540
|
+index 0000000000..33acfc01e0
|
1541
|
1541
|
--- /dev/null
|
1542
|
1542
|
+++ b/pkg/cloudprovider/providers/cascade/cascade_instances.go
|
1543
|
1543
|
@@ -0,0 +1,132 @@
|
...
|
...
|
@@ -1675,7 +1732,7 @@ index 0000000..33acfc0
|
1675
|
1675
|
+}
|
1676
|
1676
|
diff --git a/pkg/cloudprovider/providers/cascade/cascade_instances_test.go b/pkg/cloudprovider/providers/cascade/cascade_instances_test.go
|
1677
|
1677
|
new file mode 100644
|
1678
|
|
-index 0000000..8fb314d
|
|
1678
|
+index 0000000000..8fb314def1
|
1679
|
1679
|
--- /dev/null
|
1680
|
1680
|
+++ b/pkg/cloudprovider/providers/cascade/cascade_instances_test.go
|
1681
|
1681
|
@@ -0,0 +1,44 @@
|
...
|
...
|
@@ -1725,10 +1782,10 @@ index 0000000..8fb314d
|
1725
|
1725
|
+}
|
1726
|
1726
|
diff --git a/pkg/cloudprovider/providers/cascade/cascade_loadbalancer.go b/pkg/cloudprovider/providers/cascade/cascade_loadbalancer.go
|
1727
|
1727
|
new file mode 100644
|
1728
|
|
-index 0000000..6338072
|
|
1728
|
+index 0000000000..c2a62c2ff7
|
1729
|
1729
|
--- /dev/null
|
1730
|
1730
|
+++ b/pkg/cloudprovider/providers/cascade/cascade_loadbalancer.go
|
1731
|
|
-@@ -0,0 +1,285 @@
|
|
1731
|
+@@ -0,0 +1,295 @@
|
1732
|
1732
|
+package cascade
|
1733
|
1733
|
+
|
1734
|
1734
|
+import (
|
...
|
...
|
@@ -1745,6 +1802,8 @@ index 0000000..6338072
|
1745
|
1745
|
+
|
1746
|
1746
|
+const HTTP_PROTOCOL = "HTTP"
|
1747
|
1747
|
+
|
|
1748
|
++const ServiceAnnotationLoadBalancerInternal = "service.beta.kubernetes.io/vke-load-balancer-internal"
|
|
1749
|
++
|
1748
|
1750
|
+// EnsureLoadBalancer creates or updates a Cascade load balancer
|
1749
|
1751
|
+func (cc *CascadeCloud) EnsureLoadBalancer(ctx context.Context, clusterName string, k8sService *v1.Service, nodes []*v1.Node) (*v1.LoadBalancerStatus, error) {
|
1750
|
1752
|
+ logger := newLoadBalancerLogger(clusterName, k8sService, "EnsureLoadBalancer")
|
...
|
...
|
@@ -1806,7 +1865,7 @@ index 0000000..6338072
|
1806
|
1806
|
+ // Create load balancer
|
1807
|
1807
|
+ createSpec := &LoadBalancerCreateSpec{
|
1808
|
1808
|
+ Name: StringPtr(loadBalancerName),
|
1809
|
|
-+ Type: StringPtr("PUBLIC"),
|
|
1809
|
++ Type: StringPtr(getLoadBalancerType(k8sService)),
|
1810
|
1810
|
+ PortMaps: portMaps,
|
1811
|
1811
|
+ HealthCheck: healthCheck,
|
1812
|
1812
|
+ SubDomain: StringPtr(k8sService.Name),
|
...
|
...
|
@@ -2014,12 +2073,20 @@ index 0000000..6338072
|
2014
|
2014
|
+func (l *loadBalancerLogger) Infof(msgTemplate string, args ...interface{}) {
|
2015
|
2015
|
+ glog.Infoln(l.getLogMsg(msgTemplate, args))
|
2016
|
2016
|
+}
|
|
2017
|
++
|
|
2018
|
++// Check if service requires an internal load balancer.
|
|
2019
|
++func getLoadBalancerType(service *v1.Service) string {
|
|
2020
|
++ if _, found := service.Annotations[ServiceAnnotationLoadBalancerInternal]; found {
|
|
2021
|
++ return "PRIVATE"
|
|
2022
|
++ }
|
|
2023
|
++ return "PUBLIC"
|
|
2024
|
++}
|
2017
|
2025
|
diff --git a/pkg/cloudprovider/providers/cascade/client.go b/pkg/cloudprovider/providers/cascade/client.go
|
2018
|
2026
|
new file mode 100644
|
2019
|
|
-index 0000000..e4494e4
|
|
2027
|
+index 0000000000..400e3777d0
|
2020
|
2028
|
--- /dev/null
|
2021
|
2029
|
+++ b/pkg/cloudprovider/providers/cascade/client.go
|
2022
|
|
-@@ -0,0 +1,399 @@
|
|
2030
|
+@@ -0,0 +1,400 @@
|
2023
|
2031
|
+package cascade
|
2024
|
2032
|
+
|
2025
|
2033
|
+import (
|
...
|
...
|
@@ -2343,7 +2410,7 @@ index 0000000..e4494e4
|
2343
|
2343
|
+ api.cfg.clusterID, StringVal(loadBalancerName))
|
2344
|
2344
|
+
|
2345
|
2345
|
+ if len(subDomain) > 0 {
|
2346
|
|
-+ uri = fmt.Sprintf(uri + "?sub-domain=%s", subDomain)
|
|
2346
|
++ uri = fmt.Sprintf(uri+"?sub-domain=%s", subDomain)
|
2347
|
2347
|
+ }
|
2348
|
2348
|
+
|
2349
|
2349
|
+ res, err := api.restClient.Delete(uri, api.options.TokenOptions)
|
...
|
...
|
@@ -2371,7 +2438,8 @@ index 0000000..e4494e4
|
2371
|
2371
|
+
|
2372
|
2372
|
+// Gets all the zones in which the cluster has the VMs in.
|
2373
|
2373
|
+func (api *Client) GetZones() (zones []string, err error) {
|
2374
|
|
-+ uri := fmt.Sprintf("%s/v1/tenants/%s/clusters/%s/zones", api.cfg.endpoint, api.cfg.tenantName,
|
|
2374
|
++ // Call the version 2 zones API to use generic zones.
|
|
2375
|
++ uri := fmt.Sprintf("%s/v1/tenants/%s/clusters/%s/zones?version=2", api.cfg.endpoint, api.cfg.tenantName,
|
2375
|
2376
|
+ api.cfg.clusterID)
|
2376
|
2377
|
+ res, err := api.restClient.Get(uri, api.options.TokenOptions)
|
2377
|
2378
|
+ if err != nil {
|
...
|
...
|
@@ -2421,7 +2489,7 @@ index 0000000..e4494e4
|
2421
|
2421
|
+}
|
2422
|
2422
|
diff --git a/pkg/cloudprovider/providers/cascade/oidcclient.go b/pkg/cloudprovider/providers/cascade/oidcclient.go
|
2423
|
2423
|
new file mode 100644
|
2424
|
|
-index 0000000..6a71cc1
|
|
2424
|
+index 0000000000..6a71cc184f
|
2425
|
2425
|
--- /dev/null
|
2426
|
2426
|
+++ b/pkg/cloudprovider/providers/cascade/oidcclient.go
|
2427
|
2427
|
@@ -0,0 +1,297 @@
|
...
|
...
|
@@ -2724,7 +2792,7 @@ index 0000000..6a71cc1
|
2724
|
2724
|
+}
|
2725
|
2725
|
diff --git a/pkg/cloudprovider/providers/cascade/restclient.go b/pkg/cloudprovider/providers/cascade/restclient.go
|
2726
|
2726
|
new file mode 100644
|
2727
|
|
-index 0000000..71d8d1c
|
|
2727
|
+index 0000000000..71d8d1c164
|
2728
|
2728
|
--- /dev/null
|
2729
|
2729
|
+++ b/pkg/cloudprovider/providers/cascade/restclient.go
|
2730
|
2730
|
@@ -0,0 +1,262 @@
|
...
|
...
|
@@ -2992,7 +3060,7 @@ index 0000000..71d8d1c
|
2992
|
2992
|
+}
|
2993
|
2993
|
diff --git a/pkg/cloudprovider/providers/cascade/tests_owed b/pkg/cloudprovider/providers/cascade/tests_owed
|
2994
|
2994
|
new file mode 100644
|
2995
|
|
-index 0000000..dff5ab1
|
|
2995
|
+index 0000000000..dff5ab1dcd
|
2996
|
2996
|
--- /dev/null
|
2997
|
2997
|
+++ b/pkg/cloudprovider/providers/cascade/tests_owed
|
2998
|
2998
|
@@ -0,0 +1,5 @@
|
...
|
...
|
@@ -3003,7 +3071,7 @@ index 0000000..dff5ab1
|
3003
|
3003
|
+
|
3004
|
3004
|
diff --git a/pkg/cloudprovider/providers/cascade/utils.go b/pkg/cloudprovider/providers/cascade/utils.go
|
3005
|
3005
|
new file mode 100644
|
3006
|
|
-index 0000000..866f853
|
|
3006
|
+index 0000000000..866f853b42
|
3007
|
3007
|
--- /dev/null
|
3008
|
3008
|
+++ b/pkg/cloudprovider/providers/cascade/utils.go
|
3009
|
3009
|
@@ -0,0 +1,29 @@
|
...
|
...
|
@@ -3037,7 +3105,7 @@ index 0000000..866f853
|
3037
|
3037
|
+ return &s
|
3038
|
3038
|
+}
|
3039
|
3039
|
diff --git a/pkg/cloudprovider/providers/providers.go b/pkg/cloudprovider/providers/providers.go
|
3040
|
|
-index 7de9ca9..a655477 100644
|
|
3040
|
+index 7de9ca9a41..a65547783a 100644
|
3041
|
3041
|
--- a/pkg/cloudprovider/providers/providers.go
|
3042
|
3042
|
+++ b/pkg/cloudprovider/providers/providers.go
|
3043
|
3043
|
@@ -21,6 +21,7 @@ import (
|
...
|
...
|
@@ -3049,7 +3117,7 @@ index 7de9ca9..a655477 100644
|
3049
|
3049
|
_ "k8s.io/kubernetes/pkg/cloudprovider/providers/openstack"
|
3050
|
3050
|
_ "k8s.io/kubernetes/pkg/cloudprovider/providers/ovirt"
|
3051
|
3051
|
diff --git a/pkg/kubeapiserver/authorizer/config.go b/pkg/kubeapiserver/authorizer/config.go
|
3052
|
|
-index a72ba5e..78fa9e1 100644
|
|
3052
|
+index a72ba5ee63..be1f0a7bdd 100644
|
3053
|
3053
|
--- a/pkg/kubeapiserver/authorizer/config.go
|
3054
|
3054
|
+++ b/pkg/kubeapiserver/authorizer/config.go
|
3055
|
3055
|
@@ -32,6 +32,7 @@ import (
|
...
|
...
|
@@ -3060,11 +3128,10 @@ index a72ba5e..78fa9e1 100644
|
3060
|
3060
|
)
|
3061
|
3061
|
|
3062
|
3062
|
type AuthorizationConfig struct {
|
3063
|
|
-@@ -81,7 +82,12 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleR
|
3064
|
|
- )
|
|
3063
|
+@@ -82,6 +83,12 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleR
|
3065
|
3064
|
nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules())
|
3066
|
3065
|
authorizers = append(authorizers, nodeAuthorizer)
|
3067
|
|
--
|
|
3066
|
+
|
3068
|
3067
|
+ case modes.ModeVKE:
|
3069
|
3068
|
+ vkeAuthorizer, err := vke.NewAuthorizer()
|
3070
|
3069
|
+ if err != nil {
|
...
|
...
|
@@ -3075,7 +3142,7 @@ index a72ba5e..78fa9e1 100644
|
3075
|
3075
|
alwaysAllowAuthorizer := authorizerfactory.NewAlwaysAllowAuthorizer()
|
3076
|
3076
|
authorizers = append(authorizers, alwaysAllowAuthorizer)
|
3077
|
3077
|
diff --git a/pkg/kubeapiserver/authorizer/modes/modes.go b/pkg/kubeapiserver/authorizer/modes/modes.go
|
3078
|
|
-index 54d0a62..73a763f 100644
|
|
3078
|
+index 54d0a62770..73a763ff14 100644
|
3079
|
3079
|
--- a/pkg/kubeapiserver/authorizer/modes/modes.go
|
3080
|
3080
|
+++ b/pkg/kubeapiserver/authorizer/modes/modes.go
|
3081
|
3081
|
@@ -25,9 +25,10 @@ const (
|
...
|
...
|
@@ -3091,7 +3158,7 @@ index 54d0a62..73a763f 100644
|
3091
|
3091
|
// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver
|
3092
|
3092
|
func IsValidAuthorizationMode(authzMode string) bool {
|
3093
|
3093
|
diff --git a/pkg/kubeapiserver/options/plugins.go b/pkg/kubeapiserver/options/plugins.go
|
3094
|
|
-index abcb5b4..292fcdd 100644
|
|
3094
|
+index abcb5b4673..292fcdd1dc 100644
|
3095
|
3095
|
--- a/pkg/kubeapiserver/options/plugins.go
|
3096
|
3096
|
+++ b/pkg/kubeapiserver/options/plugins.go
|
3097
|
3097
|
@@ -57,6 +57,7 @@ import (
|
...
|
...
|
@@ -3119,7 +3186,7 @@ index abcb5b4..292fcdd 100644
|
3119
|
3119
|
|
3120
|
3120
|
// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
|
3121
|
3121
|
diff --git a/pkg/printers/internalversion/describe.go b/pkg/printers/internalversion/describe.go
|
3122
|
|
-index c1b59cf..f6b18a7 100644
|
|
3122
|
+index c1b59cf96e..f6b18a7f16 100644
|
3123
|
3123
|
--- a/pkg/printers/internalversion/describe.go
|
3124
|
3124
|
+++ b/pkg/printers/internalversion/describe.go
|
3125
|
3125
|
@@ -757,6 +757,8 @@ func describeVolumes(volumes []api.Volume, w PrefixWriter, space string) {
|
...
|
...
|
@@ -3155,7 +3222,7 @@ index c1b59cf..f6b18a7 100644
|
3155
|
3155
|
w.Write(LEVEL_1, "<unknown>\n")
|
3156
|
3156
|
}
|
3157
|
3157
|
diff --git a/pkg/security/podsecuritypolicy/util/util.go b/pkg/security/podsecuritypolicy/util/util.go
|
3158
|
|
-index 3f29f6e..8e96503 100644
|
|
3158
|
+index 3f29f6e7a4..8e965032d4 100644
|
3159
|
3159
|
--- a/pkg/security/podsecuritypolicy/util/util.go
|
3160
|
3160
|
+++ b/pkg/security/podsecuritypolicy/util/util.go
|
3161
|
3161
|
@@ -68,6 +68,7 @@ func GetAllFSTypesAsSet() sets.String {
|
...
|
...
|
@@ -3177,7 +3244,7 @@ index 3f29f6e..8e96503 100644
|
3177
|
3177
|
return "", fmt.Errorf("unknown volume type for volume: %#v", v)
|
3178
|
3178
|
diff --git a/pkg/volume/cascade_disk/BUILD b/pkg/volume/cascade_disk/BUILD
|
3179
|
3179
|
new file mode 100644
|
3180
|
|
-index 0000000..3386612
|
|
3180
|
+index 0000000000..3386612450
|
3181
|
3181
|
--- /dev/null
|
3182
|
3182
|
+++ b/pkg/volume/cascade_disk/BUILD
|
3183
|
3183
|
@@ -0,0 +1,43 @@
|
...
|
...
|
@@ -3226,7 +3293,7 @@ index 0000000..3386612
|
3226
|
3226
|
+)
|
3227
|
3227
|
diff --git a/pkg/volume/cascade_disk/OWNERS b/pkg/volume/cascade_disk/OWNERS
|
3228
|
3228
|
new file mode 100644
|
3229
|
|
-index 0000000..c3a4ed7
|
|
3229
|
+index 0000000000..c3a4ed77dc
|
3230
|
3230
|
--- /dev/null
|
3231
|
3231
|
+++ b/pkg/volume/cascade_disk/OWNERS
|
3232
|
3232
|
@@ -0,0 +1,2 @@
|
...
|
...
|
@@ -3234,7 +3301,7 @@ index 0000000..c3a4ed7
|
3234
|
3234
|
+- ashokc
|
3235
|
3235
|
diff --git a/pkg/volume/cascade_disk/attacher.go b/pkg/volume/cascade_disk/attacher.go
|
3236
|
3236
|
new file mode 100644
|
3237
|
|
-index 0000000..c19c37c
|
|
3237
|
+index 0000000000..c19c37c965
|
3238
|
3238
|
--- /dev/null
|
3239
|
3239
|
+++ b/pkg/volume/cascade_disk/attacher.go
|
3240
|
3240
|
@@ -0,0 +1,264 @@
|
...
|
...
|
@@ -3502,12 +3569,153 @@ index 0000000..c19c37c
|
3502
|
3502
|
+func (detacher *cascadeDiskDetacher) UnmountDevice(deviceMountPath string) error {
|
3503
|
3503
|
+ return volumeutil.UnmountPath(deviceMountPath, detacher.mounter)
|
3504
|
3504
|
+}
|
|
3505
|
+diff --git a/pkg/volume/cascade_disk/azure_disk_util.go b/pkg/volume/cascade_disk/azure_disk_util.go
|
|
3506
|
+new file mode 100644
|
|
3507
|
+index 0000000000..7f9812f767
|
|
3508
|
+--- /dev/null
|
|
3509
|
+@@ -0,0 +1,135 @@
|
|
3510
|
++package cascade_disk
|
|
3511
|
++
|
|
3512
|
++import (
|
|
3513
|
++ "io/ioutil"
|
|
3514
|
++ "os"
|
|
3515
|
++ "path"
|
|
3516
|
++ "strconv"
|
|
3517
|
++ "strings"
|
|
3518
|
++
|
|
3519
|
++ "github.com/golang/glog"
|
|
3520
|
++)
|
|
3521
|
++
|
|
3522
|
++const (
|
|
3523
|
++ environmentFilePath = "/etc/kubernetes/environment"
|
|
3524
|
++ diskPath = "/dev/disk/cloud/"
|
|
3525
|
++ sysPath = "/sys/bus/scsi/devices"
|
|
3526
|
++ lunIndex = 3
|
|
3527
|
++ maxOsScsiHostNo = 3
|
|
3528
|
++ vendor = "vendor"
|
|
3529
|
++ msftVendor = "MSFT"
|
|
3530
|
++ model = "model"
|
|
3531
|
++ vhdModel = "VIRTUAL DISK"
|
|
3532
|
++ block = "block"
|
|
3533
|
++)
|
|
3534
|
++
|
|
3535
|
++func findAzureVolume(lun int) (device string, err error) {
|
|
3536
|
++ azureDisks := listAzureDiskPath()
|
|
3537
|
++ return findDiskByLunWithConstraint(lun, azureDisks)
|
|
3538
|
++}
|
|
3539
|
++
|
|
3540
|
++// List all the devices that are used by azure.
|
|
3541
|
++// All these devices are the symbolic link under /dev/disk/cloud/
|
|
3542
|
++// eg. azure_resource -> ../../sdb
|
|
3543
|
++func listAzureDiskPath() []string {
|
|
3544
|
++ var azureDiskList []string
|
|
3545
|
++ if dirs, err := ioutil.ReadDir(diskPath); err == nil {
|
|
3546
|
++ for _, f := range dirs {
|
|
3547
|
++ name := f.Name()
|
|
3548
|
++ diskPath := diskPath + name
|
|
3549
|
++ if link, linkErr := os.Readlink(diskPath); linkErr == nil {
|
|
3550
|
++ sd := link[(strings.LastIndex(link, "/") + 1):]
|
|
3551
|
++ azureDiskList = append(azureDiskList, sd)
|
|
3552
|
++ }
|
|
3553
|
++ }
|
|
3554
|
++ }
|
|
3555
|
++ glog.V(12).Infof("Azure sys disks paths: %v", azureDiskList)
|
|
3556
|
++ return azureDiskList
|
|
3557
|
++}
|
|
3558
|
++
|
|
3559
|
++// Azure attach/detach APIs return the disk model that does not have disk
|
|
3560
|
++// device path name (eg. /dev/sde) instead it gives the lun number of the disk
|
|
3561
|
++// getting attached/detached.
|
|
3562
|
++// This function maps that lun number to device path name of the
|
|
3563
|
++// device mounted to "current" node.
|
|
3564
|
++// Refrence : https://github.com/kubernetes/kubernetes/blob/master/pkg/volume/azure_dd/azure_common_linux.go#L69
|
|
3565
|
++// https://docs.microsoft.com/en-us/azure/virtual-machines/linux/troubleshoot-device-names-problems
|
|
3566
|
++func findDiskByLunWithConstraint(lun int, azureDisks []string) (string, error) {
|
|
3567
|
++ var err error
|
|
3568
|
++ if dirs, err := ioutil.ReadDir(sysPath); err == nil {
|
|
3569
|
++ for _, f := range dirs {
|
|
3570
|
++ name := f.Name()
|
|
3571
|
++ // look for path like /sys/bus/scsi/devices/3:0:0:1
|
|
3572
|
++ arr := strings.Split(name, ":")
|
|
3573
|
++ if len(arr) < 4 {
|
|
3574
|
++ continue
|
|
3575
|
++ }
|
|
3576
|
++ if len(azureDisks) == 0 {
|
|
3577
|
++ glog.V(4).Infof("/dev/disk/cloud is not populated, now try to parse %v directly", name)
|
|
3578
|
++ target, err := strconv.Atoi(arr[0])
|
|
3579
|
++ if err != nil {
|
|
3580
|
++ glog.Errorf("failed to parse target from %v (%v), err %v", arr[0], name, err)
|
|
3581
|
++ continue
|
|
3582
|
++ }
|
|
3583
|
++ // as observed, targets 0-3 are used by OS disks. Skip them
|
|
3584
|
++ if target <= maxOsScsiHostNo {
|
|
3585
|
++ continue
|
|
3586
|
++ }
|
|
3587
|
++ }
|
|
3588
|
++
|
|
3589
|
++ // extract LUN from the path.
|
|
3590
|
++ // LUN is the last index of the array, i.e. 1 in /sys/bus/scsi/devices/3:0:0:1
|
|
3591
|
++ l, err := strconv.Atoi(arr[lunIndex])
|
|
3592
|
++ if err != nil {
|
|
3593
|
++ // unknown path format, continue to read the next one
|
|
3594
|
++ glog.V(4).Infof("azure disk - failed to parse lun from %v (%v), err %v", arr[lunIndex], name, err)
|
|
3595
|
++ continue
|
|
3596
|
++ }
|
|
3597
|
++ if lun == l {
|
|
3598
|
++ // find the matching LUN
|
|
3599
|
++ // read vendor and model to ensure it is a VHD disk
|
|
3600
|
++ vendorPath := path.Join(sysPath, name, vendor)
|
|
3601
|
++ vendorBytes, err := ioutil.ReadFile(vendorPath)
|
|
3602
|
++ if err != nil {
|
|
3603
|
++ glog.Errorf("failed to read device vendor, err: %v", err)
|
|
3604
|
++ continue
|
|
3605
|
++ }
|
|
3606
|
++ vendor := strings.TrimSpace(string(vendorBytes))
|
|
3607
|
++ if strings.ToUpper(vendor) != msftVendor {
|
|
3608
|
++ glog.V(4).Infof("vendor doesn't match VHD, got %s", vendor)
|
|
3609
|
++ continue
|
|
3610
|
++ }
|
|
3611
|
++
|
|
3612
|
++ modelPath := path.Join(sysPath, name, model)
|
|
3613
|
++ modelBytes, err := ioutil.ReadFile(modelPath)
|
|
3614
|
++ if err != nil {
|
|
3615
|
++ glog.Errorf("failed to read device model, err: %v", err)
|
|
3616
|
++ continue
|
|
3617
|
++ }
|
|
3618
|
++ model := strings.TrimSpace(string(modelBytes))
|
|
3619
|
++ if strings.ToUpper(model) != vhdModel {
|
|
3620
|
++ glog.V(4).Infof("model doesn't match VHD, got %s", model)
|
|
3621
|
++ continue
|
|
3622
|
++ }
|
|
3623
|
++
|
|
3624
|
++ // find a disk, validate name
|
|
3625
|
++ dir := path.Join(sysPath, name, block)
|
|
3626
|
++ if dev, err := ioutil.ReadDir(dir); err == nil {
|
|
3627
|
++ found := false
|
|
3628
|
++ devName := dev[0].Name()
|
|
3629
|
++ for _, diskName := range azureDisks {
|
|
3630
|
++ glog.V(12).Infof("azureDisk - validating disk %q with sys disk %q", devName, diskName)
|
|
3631
|
++ if devName == diskName {
|
|
3632
|
++ found = true
|
|
3633
|
++ break
|
|
3634
|
++ }
|
|
3635
|
++ }
|
|
3636
|
++ if !found {
|
|
3637
|
++ return "/dev/" + devName, nil
|
|
3638
|
++ }
|
|
3639
|
++ }
|
|
3640
|
++ }
|
|
3641
|
++ }
|
|
3642
|
++ }
|
|
3643
|
++ return "", err
|
|
3644
|
++}
|
3505
|
3645
|
diff --git a/pkg/volume/cascade_disk/cascade_disk.go b/pkg/volume/cascade_disk/cascade_disk.go
|
3506
|
3646
|
new file mode 100644
|
3507
|
|
-index 0000000..d1b791c
|
|
3647
|
+index 0000000000..b7d3fd774b
|
3508
|
3648
|
--- /dev/null
|
3509
|
3649
|
+++ b/pkg/volume/cascade_disk/cascade_disk.go
|
3510
|
|
-@@ -0,0 +1,390 @@
|
|
3650
|
+@@ -0,0 +1,399 @@
|
3511
|
3651
|
+package cascade_disk
|
3512
|
3652
|
+
|
3513
|
3653
|
+import (
|
...
|
...
|
@@ -3659,7 +3867,7 @@ index 0000000..d1b791c
|
3659
|
3659
|
+// Abstract interface to disk operations.
|
3660
|
3660
|
+type diskManager interface {
|
3661
|
3661
|
+ // Creates a volume
|
3662
|
|
-+ CreateVolume(provisioner *cascadeDiskProvisioner) (diskID string, volumeSizeGB int, fstype string, err error)
|
|
3662
|
++ CreateVolume(provisioner *cascadeDiskProvisioner) (diskID string, volumeSizeGB int, labels map[string]string, fstype string, err error)
|
3663
|
3663
|
+ // Deletes a volume
|
3664
|
3664
|
+ DeleteVolume(deleter *cascadeDiskDeleter) error
|
3665
|
3665
|
+}
|
...
|
...
|
@@ -3850,7 +4058,7 @@ index 0000000..d1b791c
|
3850
|
3850
|
+ p.options.PVC.Spec.AccessModes, p.plugin.GetAccessModes())
|
3851
|
3851
|
+ }
|
3852
|
3852
|
+
|
3853
|
|
-+ diskID, sizeGB, fstype, err := p.manager.CreateVolume(p)
|
|
3853
|
++ diskID, sizeGB, labels, fstype, err := p.manager.CreateVolume(p)
|
3854
|
3854
|
+ if err != nil {
|
3855
|
3855
|
+ return nil, err
|
3856
|
3856
|
+ }
|
...
|
...
|
@@ -3886,6 +4094,15 @@ index 0000000..d1b791c
|
3886
|
3886
|
+ pv.Spec.AccessModes = p.plugin.GetAccessModes()
|
3887
|
3887
|
+ }
|
3888
|
3888
|
+
|
|
3889
|
++ if len(labels) != 0 {
|
|
3890
|
++ if pv.Labels == nil {
|
|
3891
|
++ pv.Labels = make(map[string]string)
|
|
3892
|
++ }
|
|
3893
|
++ for k, v := range labels {
|
|
3894
|
++ pv.Labels[k] = v
|
|
3895
|
++ }
|
|
3896
|
++ }
|
|
3897
|
++
|
3889
|
3898
|
+ return pv, nil
|
3890
|
3899
|
+}
|
3891
|
3900
|
+
|
...
|
...
|
@@ -3900,14 +4117,16 @@ index 0000000..d1b791c
|
3900
|
3900
|
+}
|
3901
|
3901
|
diff --git a/pkg/volume/cascade_disk/cascade_util.go b/pkg/volume/cascade_disk/cascade_util.go
|
3902
|
3902
|
new file mode 100644
|
3903
|
|
-index 0000000..e16199c
|
|
3903
|
+index 0000000000..5ad0bc9316
|
3904
|
3904
|
--- /dev/null
|
3905
|
3905
|
+++ b/pkg/volume/cascade_disk/cascade_util.go
|
3906
|
|
-@@ -0,0 +1,162 @@
|
|
3906
|
+@@ -0,0 +1,217 @@
|
3907
|
3907
|
+package cascade_disk
|
3908
|
3908
|
+
|
3909
|
3909
|
+import (
|
3910
|
3910
|
+ "fmt"
|
|
3911
|
++ "os"
|
|
3912
|
++ "path/filepath"
|
3911
|
3913
|
+ "strconv"
|
3912
|
3914
|
+ "strings"
|
3913
|
3915
|
+ "time"
|
...
|
...
|
@@ -3918,8 +4137,7 @@ index 0000000..e16199c
|
3918
|
3918
|
+ "k8s.io/kubernetes/pkg/cloudprovider/providers/cascade"
|
3919
|
3919
|
+ "k8s.io/kubernetes/pkg/volume"
|
3920
|
3920
|
+ volumeutil "k8s.io/kubernetes/pkg/volume/util"
|
3921
|
|
-+ "path/filepath"
|
3922
|
|
-+ "os"
|
|
3921
|
++ "bufio"
|
3923
|
3922
|
+)
|
3924
|
3923
|
+
|
3925
|
3924
|
+const (
|
...
|
...
|
@@ -3941,23 +4159,43 @@ index 0000000..e16199c
|
3941
|
3941
|
+
|
3942
|
3942
|
+// Returns path for given VKE disk mount
|
3943
|
3943
|
+func getDiskByIdPath(devicePath string) string {
|
3944
|
|
-+ nvmePath, err := findNvmeVolume(devicePath)
|
|
3944
|
++ provider, err := getProvider()
|
3945
|
3945
|
+ if err != nil {
|
3946
|
|
-+ glog.Warningf("error looking for nvme volume %q: %v", devicePath, err)
|
3947
|
|
-+ } else if nvmePath != "" {
|
3948
|
|
-+ devicePath = nvmePath
|
|
3946
|
++ glog.Warningf("error getting provider name from %s: %v", environmentFilePath, err)
|
|
3947
|
++ return devicePath
|
3949
|
3948
|
+ }
|
3950
|
3949
|
+
|
|
3950
|
++ switch provider {
|
|
3951
|
++ case "azure":
|
|
3952
|
++ // devicePath is an integer then it is lun returned from azure attach disk.
|
|
3953
|
++ if diskLun, err := strconv.Atoi(devicePath); err == nil {
|
|
3954
|
++ azDevicePath, err := findAzureVolume(diskLun)
|
|
3955
|
++ if err != nil {
|
|
3956
|
++ glog.Warningf("error looking for azure volume %q: %v", devicePath, err)
|
|
3957
|
++ } else if azDevicePath != "" {
|
|
3958
|
++ devicePath = azDevicePath
|
|
3959
|
++ }
|
|
3960
|
++ } else {
|
|
3961
|
++ glog.Warningf("The device path for azure expected to be an integer but it is %s. Error : %v", devicePath, err)
|
|
3962
|
++ }
|
|
3963
|
++ default:
|
|
3964
|
++ nvmePath, err := findNvmeVolume(devicePath)
|
|
3965
|
++ if err != nil {
|
|
3966
|
++ glog.Warningf("error looking for nvme volume %q: %v", devicePath, err)
|
|
3967
|
++ } else if nvmePath != "" {
|
|
3968
|
++ devicePath = nvmePath
|
|
3969
|
++ }
|
|
3970
|
++ }
|
3951
|
3971
|
+ return devicePath
|
3952
|
3972
|
+}
|
3953
|
3973
|
+
|
3954
|
3974
|
+// CreateVolume creates a Cascade persistent disk.
|
3955
|
|
-+func (util *CascadeDiskUtil) CreateVolume(p *cascadeDiskProvisioner) (diskID string, capacityGB int, fstype string,
|
3956
|
|
-+ err error) {
|
|
3975
|
++func (util *CascadeDiskUtil) CreateVolume(p *cascadeDiskProvisioner) (string, int, map[string]string, string, error) {
|
|
3976
|
++
|
3957
|
3977
|
+ cloud, err := getCloudProvider(p.plugin.host.GetCloudProvider())
|
3958
|
3978
|
+ if err != nil {
|
3959
|
|
-+ glog.Errorf("Cascade Util: CreateVolume failed to get cloud provider. Error [%v]", err)
|
3960
|
|
-+ return "", 0, "", err
|
|
3979
|
++ glog.Errorf("CreateVolume failed to get cloud provider. Error [%v]", err)
|
|
3980
|
++ return "", 0, nil, "", err
|
3961
|
3981
|
+ }
|
3962
|
3982
|
+
|
3963
|
3983
|
+ capacity := p.options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)]
|
...
|
...
|
@@ -3970,51 +4208,67 @@ index 0000000..e16199c
|
3970
|
3970
|
+ Tags: *p.options.CloudTags,
|
3971
|
3971
|
+ Name: name,
|
3972
|
3972
|
+ }
|
3973
|
|
-+
|
|
3973
|
++ fstype := ""
|
3974
|
3974
|
+ // enabling encryption by default if not provided from within storage class
|
3975
|
3975
|
+ volumeOptions.Encrypted = true
|
3976
|
3976
|
+ for parameter, value := range p.options.Parameters {
|
3977
|
3977
|
+ switch strings.ToLower(parameter) {
|
3978
|
|
-+ case "flavor":
|
3979
|
|
-+ volumeOptions.Flavor = value
|
|
3978
|
++ case "type":
|
|
3979
|
++ volumeOptions.Type = value
|
|
3980
|
++ case "zone":
|
|
3981
|
++ volumeOptions.ZonePresent = true
|
|
3982
|
++ volumeOptions.AvailabilityZone = value
|
|
3983
|
++ case "zones":
|
|
3984
|
++ volumeOptions.ZonesPresent = true
|
|
3985
|
++ volumeOptions.AvailabilityZones = value
|
3980
|
3986
|
+ case "encrypted":
|
3981
|
3987
|
+ volumeOptions.Encrypted, err = strconv.ParseBool(value)
|
3982
|
3988
|
+ if err != nil {
|
3983
|
|
-+ glog.Errorf("Cascade Util: invalid value %q for encryption of volume plugin %s.", value,
|
3984
|
|
-+ p.plugin.GetPluginName())
|
3985
|
|
-+ return "", 0, "", fmt.Errorf("invalid encrypted boolean value %q, must be true or false: %v", value, err)
|
|
3989
|
++ glog.Errorf("invalid value %q for encryption of volume plugin %s.", value, p.plugin.GetPluginName())
|
|
3990
|
++ return "", 0, nil, "",
|
|
3991
|
++ fmt.Errorf("invalid encrypted boolean value %q, must be true or false: %v", value, err)
|
3986
|
3992
|
+ }
|
3987
|
3993
|
+ case volume.VolumeParameterFSType:
|
3988
|
3994
|
+ fstype = value
|
3989
|
|
-+ glog.V(4).Infof("Cascade Util: Setting fstype to %s", fstype)
|
|
3995
|
++ glog.V(4).Infof("Setting fstype to %s", fstype)
|
3990
|
3996
|
+ default:
|
3991
|
|
-+ glog.Errorf("Cascade Util: invalid option %s for volume plugin %s.", parameter,
|
3992
|
|
-+ p.plugin.GetPluginName())
|
3993
|
|
-+ return "", 0, "", fmt.Errorf("Cascade Util: invalid option %s for volume plugin %s.", parameter,
|
|
3997
|
++ glog.Errorf("invalid option %s for volume plugin %s.", parameter,
|
3994
|
3998
|
+ p.plugin.GetPluginName())
|
|
3999
|
++ return "", 0, nil, "",
|
|
4000
|
++ fmt.Errorf("invalid option %s for volume plugin %s.", parameter, p.plugin.GetPluginName())
|
3995
|
4001
|
+ }
|
3996
|
4002
|
+ }
|
3997
|
4003
|
+
|
3998
|
|
-+ diskID, err = cloud.CreateDisk(volumeOptions)
|
|
4004
|
++ if volumeOptions.ZonePresent && volumeOptions.ZonesPresent {
|
|
4005
|
++ return "", 0, nil, "", fmt.Errorf("both zone and zones StorageClass parameters must not be used at the same time")
|
|
4006
|
++ }
|
|
4007
|
++
|
|
4008
|
++ diskID, err := cloud.CreateDisk(volumeOptions)
|
|
4009
|
++ if err != nil {
|
|
4010
|
++ glog.Errorf("failed to CreateDisk. Error [%v]", err)
|
|
4011
|
++ return "", 0, nil, "", err
|
|
4012
|
++ }
|
|
4013
|
++
|
|
4014
|
++ labels, err := cloud.GetVolumeLabels(diskID)
|
3999
|
4015
|
+ if err != nil {
|
4000
|
|
-+ glog.Errorf("Cascade Util: failed to CreateDisk. Error [%v]", err)
|
4001
|
|
-+ return "", 0, "", err
|
|
4016
|
++ // We don't really want to leak the volume here...
|
|
4017
|
++ glog.Errorf("error building labels for new volume %q: %v", name, err)
|
4002
|
4018
|
+ }
|
4003
|
4019
|
+
|
4004
|
4020
|
+ glog.V(4).Infof("Successfully created Cascade persistent disk %s", name)
|
4005
|
|
-+ return diskID, volSizeGB, "", nil
|
|
4021
|
++ return diskID, volSizeGB, labels, fstype, nil
|
4006
|
4022
|
+}
|
4007
|
4023
|
+
|
4008
|
4024
|
+// DeleteVolume deletes a Cascade volume.
|
4009
|
4025
|
+func (util *CascadeDiskUtil) DeleteVolume(disk *cascadeDiskDeleter) error {
|
4010
|
4026
|
+ cloud, err := getCloudProvider(disk.plugin.host.GetCloudProvider())
|
4011
|
4027
|
+ if err != nil {
|
4012
|
|
-+ glog.Errorf("Cascade Util: DeleteVolume failed to get cloud provider. Error [%v]", err)
|
|
4028
|
++ glog.Errorf("DeleteVolume failed to get cloud provider. Error [%v]", err)
|
4013
|
4029
|
+ return err
|
4014
|
4030
|
+ }
|
4015
|
4031
|
+
|
4016
|
4032
|
+ if err = cloud.DeleteDisk(disk.diskID); err != nil {
|
4017
|
|
-+ glog.Errorf("Cascade Util: failed to DeleteDisk for diskID %s. Error [%v]", disk.diskID, err)
|
|
4033
|
++ glog.Errorf("failed to DeleteDisk for diskID %s. Error [%v]", disk.diskID, err)
|
4018
|
4034
|
+ return err
|
4019
|
4035
|
+ }
|
4020
|
4036
|
+
|
...
|
...
|
@@ -4024,8 +4278,8 @@ index 0000000..e16199c
|
4024
|
4024
|
+
|
4025
|
4025
|
+func getCloudProvider(cloud cloudprovider.Interface) (*cascade.CascadeCloud, error) {
|
4026
|
4026
|
+ if cloud == nil {
|
4027
|
|
-+ glog.Errorf("Cascade Util: Cloud provider not initialized properly")
|
4028
|
|
-+ return nil, fmt.Errorf("Cascade Util: Cloud provider not initialized properly")
|
|
4027
|
++ glog.Errorf("Cloud provider not initialized properly")
|
|
4028
|
++ return nil, fmt.Errorf("Cloud provider not initialized properly")
|
4029
|
4029
|
+ }
|
4030
|
4030
|
+
|
4031
|
4031
|
+ cc := cloud.(*cascade.CascadeCloud)
|
...
|
...
|
@@ -4066,8 +4320,26 @@ index 0000000..e16199c
|
4066
|
4066
|
+
|
4067
|
4067
|
+ return resolved, nil
|
4068
|
4068
|
+}
|
|
4069
|
++
|
|
4070
|
++func getProvider() (provider string, err error) {
|
|
4071
|
++ file, err := os.Open(environmentFilePath)
|
|
4072
|
++ if err != nil {
|
|
4073
|
++ return "", err
|
|
4074
|
++ }
|
|
4075
|
++ defer file.Close()
|
|
4076
|
++
|
|
4077
|
++ scanner := bufio.NewScanner(file)
|
|
4078
|
++
|
|
4079
|
++ for scanner.Scan() {
|
|
4080
|
++ lineContent := scanner.Text()
|
|
4081
|
++ if strings.Contains(lineContent, "PROVIDER=") {
|
|
4082
|
++ return strings.SplitAfter(lineContent, "=")[1], err
|
|
4083
|
++ }
|
|
4084
|
++ }
|
|
4085
|
++ return "", err
|
|
4086
|
++}
|
4069
|
4087
|
diff --git a/plugin/pkg/admission/storage/persistentvolume/label/admission.go b/plugin/pkg/admission/storage/persistentvolume/label/admission.go
|
4070
|
|
-index 19fc962..8c51e38 100644
|
|
4088
|
+index 19fc962ca3..8c51e38c3d 100644
|
4071
|
4089
|
--- a/plugin/pkg/admission/storage/persistentvolume/label/admission.go
|
4072
|
4090
|
+++ b/plugin/pkg/admission/storage/persistentvolume/label/admission.go
|
4073
|
4091
|
@@ -27,6 +27,7 @@ import (
|
...
|
...
|
@@ -4151,7 +4423,7 @@ index 19fc962..8c51e38 100644
|
4151
|
4151
|
+}
|
4152
|
4152
|
diff --git a/plugin/pkg/admission/vke/BUILD b/plugin/pkg/admission/vke/BUILD
|
4153
|
4153
|
new file mode 100644
|
4154
|
|
-index 0000000..530877a
|
|
4154
|
+index 0000000000..530877a443
|
4155
|
4155
|
--- /dev/null
|
4156
|
4156
|
+++ b/plugin/pkg/admission/vke/BUILD
|
4157
|
4157
|
@@ -0,0 +1,61 @@
|
...
|
...
|
@@ -4219,10 +4491,10 @@ index 0000000..530877a
|
4219
|
4219
|
\ No newline at end of file
|
4220
|
4220
|
diff --git a/plugin/pkg/admission/vke/admission.go b/plugin/pkg/admission/vke/admission.go
|
4221
|
4221
|
new file mode 100644
|
4222
|
|
-index 0000000..53a9d6a
|
|
4222
|
+index 0000000000..1998d1d338
|
4223
|
4223
|
--- /dev/null
|
4224
|
4224
|
+++ b/plugin/pkg/admission/vke/admission.go
|
4225
|
|
-@@ -0,0 +1,624 @@
|
|
4225
|
+@@ -0,0 +1,629 @@
|
4226
|
4226
|
+package vke
|
4227
|
4227
|
+
|
4228
|
4228
|
+import (
|
...
|
...
|
@@ -4291,16 +4563,25 @@ index 0000000..53a9d6a
|
4291
|
4291
|
+}
|
4292
|
4292
|
+
|
4293
|
4293
|
+var _ admission.MutationInterface = &vmwareAdmissionController{}
|
|
4294
|
++var _ admission.ValidationInterface = &vmwareAdmissionController{}
|
4294
|
4295
|
+
|
4295
|
4296
|
+// Admit makes an admission decision based on the request attributes.
|
4296
|
4297
|
+// Note: We implement the mutation interface for this admission controller, which means we have the ability to modify
|
4297
|
4298
|
+// the resources. But we do not modify them because we just need to validate the requests to either let them through or
|
4298
|
|
-+// block them. We have implemented this as a mutation interface because we need access to oldObjects during update
|
4299
|
|
-+// operations to find out what values are being modified. For node update operation, the old and new objects are always
|
4300
|
|
-+// identical in the validation phase (possibly due to some initializer modifying it). So, we are performing our
|
4301
|
|
-+// validation during the mutation phase.
|
|
4299
|
++// block them. We have implemented this mutation interface because we need access to oldObjects during update operations
|
|
4300
|
++// to find out what values are being modified. For node update operation, the old and new objects are always identical
|
|
4301
|
++// in the validation phase (possibly due to some initializer modifying it). So, we are performing this specific
|
|
4302
|
++// vaidation during the mutation phase.
|
4302
|
4303
|
+func (vac *vmwareAdmissionController) Admit(a admission.Attributes) (err error) {
|
|
4304
|
++ if isPrivilegedServiceAccount(a) {
|
|
4305
|
++ return validatePrivilegedServiceAccount(a)
|
|
4306
|
++ }
|
|
4307
|
++
|
|
4308
|
++ return err
|
|
4309
|
++}
|
4303
|
4310
|
+
|
|
4311
|
++// Validate makes an admission decision based on the request attributes.
|
|
4312
|
++func (vac *vmwareAdmissionController) Validate(a admission.Attributes) (err error) {
|
4304
|
4313
|
+ if isPrivilegedUser(vac, a) {
|
4305
|
4314
|
+ return nil
|
4306
|
4315
|
+ }
|
...
|
...
|
@@ -4313,7 +4594,6 @@ index 0000000..53a9d6a
|
4313
|
4313
|
+ return validateCertificateFromWorker(a)
|
4314
|
4314
|
+ }
|
4315
|
4315
|
+
|
4316
|
|
-+
|
4317
|
4316
|
+ if isPrivilegedServiceAccount(a) {
|
4318
|
4317
|
+ return validatePrivilegedServiceAccount(a)
|
4319
|
4318
|
+ }
|
...
|
...
|
@@ -4476,7 +4756,6 @@ index 0000000..53a9d6a
|
4476
|
4476
|
+ return false
|
4477
|
4477
|
+}
|
4478
|
4478
|
+
|
4479
|
|
-+
|
4480
|
4479
|
+func validateCertificateFromMaster(vac *vmwareAdmissionController, a admission.Attributes) (err error) {
|
4481
|
4480
|
+ // kube-controller-manager, kube-scheduler and cloud-init script which creates our pods and other resources can use
|
4482
|
4481
|
+ // the master certificate to create pods in privileged namespace. If the request comes to any other namespace,
|
...
|
...
|
@@ -4503,7 +4782,6 @@ index 0000000..53a9d6a
|
4503
|
4503
|
+ return false
|
4504
|
4504
|
+}
|
4505
|
4505
|
+
|
4506
|
|
-+
|
4507
|
4506
|
+func isCreatingPodsThroughControllerManager(resource string) bool {
|
4508
|
4507
|
+ // If the resource is one of the following, it means the controller manager will create a pod for them and not the
|
4509
|
4508
|
+ // user directly. So, we need to identify these cases and block them in certain scenarios.
|
...
|
...
|
@@ -4616,7 +4894,6 @@ index 0000000..53a9d6a
|
4616
|
4616
|
+ return nil
|
4617
|
4617
|
+}
|
4618
|
4618
|
+
|
4619
|
|
-+
|
4620
|
4619
|
+func validateNodes(a admission.Attributes) error {
|
4621
|
4620
|
+ // If it is a connect operation on the sub resource, allow it. Sub resources of nodes are nodes/nodename/proxy and
|
4622
|
4621
|
+ // nodes/nodename/status. Prometheus needs read access to nodes/nodename/proxy/metrics. To support that and other
|
...
|
...
|
@@ -4849,7 +5126,7 @@ index 0000000..53a9d6a
|
4849
|
4849
|
+}
|
4850
|
4850
|
diff --git a/plugin/pkg/admission/vke/admission_test.go b/plugin/pkg/admission/vke/admission_test.go
|
4851
|
4851
|
new file mode 100644
|
4852
|
|
-index 0000000..3486f10
|
|
4852
|
+index 0000000000..689a22dfa4
|
4853
|
4853
|
--- /dev/null
|
4854
|
4854
|
+++ b/plugin/pkg/admission/vke/admission_test.go
|
4855
|
4855
|
@@ -0,0 +1,960 @@
|
...
|
...
|
@@ -5167,7 +5444,8 @@ index 0000000..3486f10
|
5167
|
5167
|
+ },
|
5168
|
5168
|
+ "denied: regular lightwave user cannot escalate privilege using service account": {
|
5169
|
5169
|
+ operation: kadmission.Create,
|
5170
|
|
-+ pod: newTestPodBuilder().withNamespace(privilegedNamespace).withServiceAccount(privilegedServiceAccount + "default").build(), userInfo: newTestUserBuilder().build(),
|
|
5170
|
++ pod: newTestPodBuilder().withNamespace(privilegedNamespace).withServiceAccount(privilegedServiceAccount + "default").build(),
|
|
5171
|
++ userInfo: newTestUserBuilder().build(),
|
5171
|
5172
|
+ shouldPassValidate: false,
|
5172
|
5173
|
+ },
|
5173
|
5174
|
+ "denied: regular service account creates pod in vke-system namespace": {
|
...
|
...
|
@@ -5569,7 +5847,7 @@ index 0000000..3486f10
|
5569
|
5569
|
+ attrs := kadmission.NewAttributesRecord(pod, nil, kapi.Kind("Pod").WithVersion("version"),
|
5570
|
5570
|
+ namespace, name, kapi.Resource("pods").WithVersion("version"), "", op, userInfo)
|
5571
|
5571
|
+
|
5572
|
|
-+ err = plugin.Admit(attrs)
|
|
5572
|
++ err = plugin.Validate(attrs)
|
5573
|
5573
|
+ if shouldPassValidate && err != nil {
|
5574
|
5574
|
+ t.Errorf("%s: expected no errors on Validate but received %v", testCaseName, err)
|
5575
|
5575
|
+ } else if !shouldPassValidate && err == nil {
|
...
|
...
|
@@ -5595,7 +5873,7 @@ index 0000000..3486f10
|
5595
|
5595
|
+ attrs := kadmission.NewAttributesRecord(object, oldObject, kapi.Kind("kind").WithVersion("version"),
|
5596
|
5596
|
+ namespace, name, groupResource, subresource, op, userInfo)
|
5597
|
5597
|
+
|
5598
|
|
-+ err = plugin.Admit(attrs)
|
|
5598
|
++ err = plugin.Validate(attrs)
|
5599
|
5599
|
+ if shouldPassValidate && err != nil {
|
5600
|
5600
|
+ t.Errorf("%s: expected no errors on Validate but received %v", testCaseName, err)
|
5601
|
5601
|
+ } else if !shouldPassValidate && err == nil {
|
...
|
...
|
@@ -5812,10 +6090,9 @@ index 0000000..3486f10
|
5812
|
5812
|
+ n.node.Spec.Taints = taints
|
5813
|
5813
|
+ return n
|
5814
|
5814
|
+}
|
5815
|
|
-+
|
5816
|
5815
|
diff --git a/plugin/pkg/auth/authorizer/vke/BUILD b/plugin/pkg/auth/authorizer/vke/BUILD
|
5817
|
5816
|
new file mode 100644
|
5818
|
|
-index 0000000..4b984f1
|
|
5817
|
+index 0000000000..4b984f14ec
|
5819
|
5818
|
--- /dev/null
|
5820
|
5819
|
+++ b/plugin/pkg/auth/authorizer/vke/BUILD
|
5821
|
5820
|
@@ -0,0 +1,40 @@
|
...
|
...
|
@@ -5861,7 +6138,7 @@ index 0000000..4b984f1
|
5861
|
5861
|
+)
|
5862
|
5862
|
diff --git a/plugin/pkg/auth/authorizer/vke/OWNERS b/plugin/pkg/auth/authorizer/vke/OWNERS
|
5863
|
5863
|
new file mode 100644
|
5864
|
|
-index 0000000..c3a4ed7
|
|
5864
|
+index 0000000000..c3a4ed77dc
|
5865
|
5865
|
--- /dev/null
|
5866
|
5866
|
+++ b/plugin/pkg/auth/authorizer/vke/OWNERS
|
5867
|
5867
|
@@ -0,0 +1,2 @@
|
...
|
...
|
@@ -5869,7 +6146,7 @@ index 0000000..c3a4ed7
|
5869
|
5869
|
+- ashokc
|
5870
|
5870
|
diff --git a/plugin/pkg/auth/authorizer/vke/vke_authorizer.go b/plugin/pkg/auth/authorizer/vke/vke_authorizer.go
|
5871
|
5871
|
new file mode 100644
|
5872
|
|
-index 0000000..6d7f9ae
|
|
5872
|
+index 0000000000..6d7f9ae2b8
|
5873
|
5873
|
--- /dev/null
|
5874
|
5874
|
+++ b/plugin/pkg/auth/authorizer/vke/vke_authorizer.go
|
5875
|
5875
|
@@ -0,0 +1,125 @@
|
...
|
...
|
@@ -6000,7 +6277,7 @@ index 0000000..6d7f9ae
|
6000
|
6000
|
+
|
6001
|
6001
|
diff --git a/plugin/pkg/auth/authorizer/vke/vke_authorizer_test.go b/plugin/pkg/auth/authorizer/vke/vke_authorizer_test.go
|
6002
|
6002
|
new file mode 100644
|
6003
|
|
-index 0000000..6aba9ec
|
|
6003
|
+index 0000000000..6aba9ecec9
|
6004
|
6004
|
--- /dev/null
|
6005
|
6005
|
+++ b/plugin/pkg/auth/authorizer/vke/vke_authorizer_test.go
|
6006
|
6006
|
@@ -0,0 +1,230 @@
|
...
|
...
|
@@ -6235,7 +6512,7 @@ index 0000000..6aba9ec
|
6235
|
6235
|
+ }
|
6236
|
6236
|
+}
|
6237
|
6237
|
diff --git a/staging/src/k8s.io/api/core/v1/generated.pb.go b/staging/src/k8s.io/api/core/v1/generated.pb.go
|
6238
|
|
-index a809ceb..f27250e 100644
|
|
6238
|
+index a809ceb0ae..f27250e2d9 100644
|
6239
|
6239
|
--- a/staging/src/k8s.io/api/core/v1/generated.pb.go
|
6240
|
6240
|
+++ b/staging/src/k8s.io/api/core/v1/generated.pb.go
|
6241
|
6241
|
@@ -35,6 +35,7 @@ limitations under the License.
|
...
|
...
|
@@ -10685,7 +10962,7 @@ index a809ceb..f27250e 100644
|
10685
|
10685
|
+ 0xfe, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x60, 0x08, 0xf7, 0x9c, 0xf8, 0xe6, 0x00, 0x00,
|
10686
|
10686
|
}
|
10687
|
10687
|
diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go
|
10688
|
|
-index d9f4869..5417d75 100644
|
|
10688
|
+index d9f4869fbc..5417d75199 100644
|
10689
|
10689
|
--- a/staging/src/k8s.io/api/core/v1/types.go
|
10690
|
10690
|
+++ b/staging/src/k8s.io/api/core/v1/types.go
|
10691
|
10691
|
@@ -133,9 +133,9 @@ type VolumeSource struct {
|
...
|
...
|
@@ -10750,5 +11027,5 @@ index d9f4869..5417d75 100644
|
10750
|
10750
|
//
|
10751
|
10751
|
// The contents of the target ConfigMap's Data field will be presented in a
|
10752
|
10752
|
--
|
10753
|
|
-2.7.4
|
|
10753
|
+2.17.1
|
10754
|
10754
|
|