From f13a4e756df2ab0684458acadc846c5e9ed9fb9f Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Tue, 25 Jul 2023 14:34:40 +0200 Subject: [PATCH 1/2] rebase: update Kubernetes modules to v1.27.4 Dependabot complains about Ceph-CSI being vulnerable to GHSA-f4w6-3rh6-6q4q . This is an old and addressed CSI sidecar issue, not related to the k8s.io/kubernetes module listed in go.mod. Is it possible that updating the Kubernetes modules helps? Signed-off-by: Niels de Vos --- go.mod | 68 ++++++++-------- go.sum | 64 +++++++-------- .../apimachinery/pkg/runtime/converter.go | 4 +- .../k8s.io/apimachinery/pkg/util/wait/loop.go | 19 ++++- .../apiserver/pkg/server/options/etcd.go | 8 ++ .../pkg/server/storage/storage_factory.go | 49 +++++++++++- .../pkg/storage/etcd3/healthcheck.go | 1 + .../storage/storagebackend/factory/etcd3.go | 61 +++++++++++--- .../storage/storagebackend/factory/factory.go | 18 +++++ vendor/k8s.io/client-go/util/cert/cert.go | 27 +++++-- vendor/modules.txt | 80 +++++++++---------- 11 files changed, 267 insertions(+), 132 deletions(-) diff --git a/go.mod b/go.mod index a4701bb759c..543b6657f83 100644 --- a/go.mod +++ b/go.mod @@ -38,10 +38,10 @@ require ( k8s.io/api v0.27.4 k8s.io/apimachinery v0.27.4 k8s.io/client-go v12.0.0+incompatible - k8s.io/cloud-provider v0.27.2 + k8s.io/cloud-provider v0.27.4 k8s.io/klog/v2 v2.100.1 k8s.io/kubernetes v1.27.4 - k8s.io/mount-utils v0.27.2 + k8s.io/mount-utils v0.27.4 k8s.io/pod-security-admission v0.0.0 k8s.io/utils v0.0.0-20230209194617-a36077c30491 sigs.k8s.io/controller-runtime v0.15.1-0.20230524200249-30eae58f1b98 @@ -167,12 +167,12 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.27.2 // indirect - k8s.io/apiserver v0.27.2 // indirect - k8s.io/component-base v0.27.2 // indirect - k8s.io/component-helpers v0.27.2 // indirect - k8s.io/controller-manager v0.27.2 // indirect - k8s.io/kms v0.27.2 // indirect + k8s.io/apiextensions-apiserver v0.27.4 // indirect + k8s.io/apiserver v0.27.4 // indirect + k8s.io/component-base v0.27.4 // indirect + k8s.io/component-helpers v0.27.4 // indirect + k8s.io/controller-manager v0.27.4 // indirect + k8s.io/kms v0.27.4 // indirect k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect k8s.io/kubectl v0.0.0 // indirect k8s.io/kubelet v0.0.0 // indirect @@ -192,32 +192,32 @@ replace ( // // k8s.io/kubernetes depends on these k8s.io packages, but unversioned // - k8s.io/api => k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.2 - k8s.io/apimachinery => k8s.io/apimachinery v0.27.2 - k8s.io/apiserver => k8s.io/apiserver v0.27.2 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.2 - k8s.io/client-go => k8s.io/client-go v0.27.2 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.2 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.2 - k8s.io/code-generator => k8s.io/code-generator v0.27.2 - k8s.io/component-base => k8s.io/component-base v0.27.2 - k8s.io/component-helpers => k8s.io/component-helpers v0.27.2 - k8s.io/controller-manager => k8s.io/controller-manager v0.27.2 - k8s.io/cri-api => k8s.io/cri-api v0.27.2 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.2 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.2 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.2 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.2 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.2 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.2 - k8s.io/kubectl => k8s.io/kubectl v0.27.2 - k8s.io/kubelet => k8s.io/kubelet v0.27.2 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.2 - k8s.io/metrics => k8s.io/metrics v0.27.2 - k8s.io/mount-utils => k8s.io/mount-utils v0.27.2 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.2 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.2 + k8s.io/api => k8s.io/api v0.27.4 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.27.4 + k8s.io/apiserver => k8s.io/apiserver v0.27.4 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.4 + k8s.io/client-go => k8s.io/client-go v0.27.4 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.4 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.4 + k8s.io/code-generator => k8s.io/code-generator v0.27.4 + k8s.io/component-base => k8s.io/component-base v0.27.4 + k8s.io/component-helpers => k8s.io/component-helpers v0.27.4 + k8s.io/controller-manager => k8s.io/controller-manager v0.27.4 + k8s.io/cri-api => k8s.io/cri-api v0.27.4 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.4 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.4 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.4 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.4 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.4 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.4 + k8s.io/kubectl => k8s.io/kubectl v0.27.4 + k8s.io/kubelet => k8s.io/kubelet v0.27.4 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.4 + k8s.io/metrics => k8s.io/metrics v0.27.4 + k8s.io/mount-utils => k8s.io/mount-utils v0.27.4 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.4 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.4 // layeh.com seems to be misbehaving layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917 ) diff --git a/go.sum b/go.sum index 4d6bb4d8d3e..7bcecdfd7ea 100644 --- a/go.sum +++ b/go.sum @@ -1055,8 +1055,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -1867,26 +1867,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.3.0/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70= -k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo= -k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4= -k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo= -k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ= -k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg= -k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E= -k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y= -k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE= -k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ= -k8s.io/cloud-provider v0.27.2 h1:IiQWyFtdzcPOqvrBZE9FCt0CDCx3GUcZhKkykEgKlM4= -k8s.io/cloud-provider v0.27.2/go.mod h1:QnFa2fPMEWntkpU+kOAC9MZ6DKUB9WTQmMGA0MuYoj0= -k8s.io/code-generator v0.27.2/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= -k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo= -k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo= -k8s.io/component-helpers v0.27.2 h1:i9TgWJ6TH8lQ9x4ExHOwhVitrRpBOr7Wn8aZLbBWxkc= -k8s.io/component-helpers v0.27.2/go.mod h1:NwcpSKo1xzXtUtrUjj5NTSVWex84UPua/z0PYDcCzNo= -k8s.io/controller-manager v0.27.2 h1:S7984FVb5ajp8YqMQGAm8zXEUEl0Omw6FJlOiQU2Ne8= -k8s.io/controller-manager v0.27.2/go.mod h1:2HzIhmjKxSH5dJVjYLuJ7/v9HYluNDcHLh6ZyE6rT18= -k8s.io/csi-translation-lib v0.27.2 h1:HbwiOk+M3jIkTC+e5nxUCwmux68OguKV/g9NaHDQhzs= +k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs= +k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y= +k8s.io/apiextensions-apiserver v0.27.4 h1:ie1yZG4nY/wvFMIR2hXBeSVq+HfNzib60FjnBYtPGSs= +k8s.io/apiextensions-apiserver v0.27.4/go.mod h1:KHZaDr5H9IbGEnSskEUp/DsdXe1hMQ7uzpQcYUFt2bM= +k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs= +k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/apiserver v0.27.4 h1:ncZ0MBR9yQ/Gf34rtu1EK+HqT8In1YpfAUINu/Akvho= +k8s.io/apiserver v0.27.4/go.mod h1:GDEFRfFZ4/l+pAvwYRnoSfz0K4j3TWiN4WsG2KnRteE= +k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk= +k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc= +k8s.io/cloud-provider v0.27.4 h1:FkZ1z40+YPm+nEqkojgPbjNQ3QLvU98gsFW3ZbZnrwo= +k8s.io/cloud-provider v0.27.4/go.mod h1:LpqG1hrNPQQySPWrMrNNNGl79dK0fk/yTkYUlRMoaWU= +k8s.io/code-generator v0.27.4/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= +k8s.io/component-base v0.27.4 h1:Wqc0jMKEDGjKXdae8hBXeskRP//vu1m6ypC+gwErj4c= +k8s.io/component-base v0.27.4/go.mod h1:hoiEETnLc0ioLv6WPeDt8vD34DDeB35MfQnxCARq3kY= +k8s.io/component-helpers v0.27.4 h1:l1hn/Zx9mWXflo5xz1mo5RRW2g8b6rptWCG7My6rYoE= +k8s.io/component-helpers v0.27.4/go.mod h1:ayW5btpTdJkVv+CcxhzNRfWT+oPrV6T6qZ1Ay6NEJNI= +k8s.io/controller-manager v0.27.4 h1:iisi3D1AKknVAGgU1dk/HG/UusmBqeS2fCFiRAS0DnE= +k8s.io/controller-manager v0.27.4/go.mod h1:5+Fo0k+t3MDyuNLjmXzU/dJcD2c34ii8Wef+OmqhkVg= +k8s.io/csi-translation-lib v0.27.4 h1:yk/0MNZAOyTEGk/OBNMwPTe63nZYlO/FWFv+J3z5pEM= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -1897,21 +1897,21 @@ k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.27.2 h1:wCdmPCa3kubcVd3AssOeaVjLQSu45k5g/vruJ3iqwDU= -k8s.io/kms v0.27.2/go.mod h1:dahSqjI05J55Fo5qipzvHSRbm20d7llrSeQjjl86A7c= +k8s.io/kms v0.27.4 h1:FeT17HfqxZMP7dTq3Gpa9dG05iP3J3wgGtqGh1SUoN0= +k8s.io/kms v0.27.4/go.mod h1:0BY6tkfa+zOP85u8yE7iNNf1Yx7rEZnRQSWLEbsSk+w= k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg= -k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw= -k8s.io/kubelet v0.27.2 h1:vpJnBkqQjxItEhehKG0toXoZ+G+tf4UXAOqtMJy6qgc= -k8s.io/kubelet v0.27.2/go.mod h1:1SVrHaLnuw53nQJx8036k9HjE0teDXZtbN51cYC0HSc= +k8s.io/kubectl v0.27.4 h1:RV1TQLIbtL34+vIM+W7HaS3KfAbqvy9lWn6pWB9els4= +k8s.io/kubectl v0.27.4/go.mod h1:qtc1s3BouB9KixJkriZMQqTsXMc+OAni6FeKAhq7q14= +k8s.io/kubelet v0.27.4 h1:P8+MoRx4ikcAc5eEa3k2A6kd8AXtoDRaoC8KX2HFZe4= +k8s.io/kubelet v0.27.4/go.mod h1:2y4peCA57vKEhBcDL6Q5EkPuGP7FFxj9U41NV9hk1ac= k8s.io/kubernetes v1.27.4 h1:js5bonPoe7jgVPduNcWo6IjPTUdLzlnfhRgGmC7isM0= k8s.io/kubernetes v1.27.4/go.mod h1:MbYZxAacYS6HjZ6VJuvKaKTilbzp0B0atzW3J8TFBEo= -k8s.io/mount-utils v0.27.2 h1:fEqtBdAv88xpoPr3nR0MgYs6P+2PjXyUTwd4NmqSBjY= -k8s.io/mount-utils v0.27.2/go.mod h1:vmcjYdi2Vg1VTWY7KkhvwJVY6WDHxb/QQhiQKkR8iNs= -k8s.io/pod-security-admission v0.27.2 h1:dSGK0ftJwJNHSp5fMAwVuFIMMY1MlzW4k82mjar6G8I= -k8s.io/pod-security-admission v0.27.2/go.mod h1:jWVYAoR3AwJxwJ6tTQSVBZBBe4u0tvmFhyhpAWcOlYY= +k8s.io/mount-utils v0.27.4 h1:Se7Cskbrg/t6g4tXvwohuTzXdmTO0feTG0BwQvSE6I4= +k8s.io/mount-utils v0.27.4/go.mod h1:vmcjYdi2Vg1VTWY7KkhvwJVY6WDHxb/QQhiQKkR8iNs= +k8s.io/pod-security-admission v0.27.4 h1:AA32ID+ECNJoUU8yuzLt4WzKPDZg7zMmP2cZ9rVsFyE= +k8s.io/pod-security-admission v0.27.4/go.mod h1:GOcnrXk8TT5cPhtCxdlkOAvBnX3QmZiMHqPw9PbZhPs= k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go index 90bf487e354..62eb27afc19 100644 --- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go +++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go @@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) { } -// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type. +// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type. // It uses encoding/json/Unmarshaler if object implements it or reflection if not. // It takes a validationDirective that indicates how to behave when it encounters unknown fields. func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error { @@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e } dv.SetBytes(data) } else { - dv.Set(reflect.Zero(dt)) + dv.Set(reflect.MakeSlice(dt, 0, 0)) } return nil } diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go index 51864d70f95..0dd13c626c8 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go +++ b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go @@ -27,9 +27,11 @@ import ( // the provided timer until the provided context is cancelled, the condition returns // true, or the condition returns an error. If sliding is true, the period is computed // after condition runs. If it is false then period includes the runtime for condition. -// If immediate is false the first delay happens before any call to condition. The -// returned error is the error returned by the last condition or the context error if -// the context was terminated. +// If immediate is false the first delay happens before any call to condition, if +// immediate is true the condition will be invoked before waiting and guarantees that +// the condition is invoked at least once, regardless of whether the context has been +// cancelled. The returned error is the error returned by the last condition or the +// context error if the context was terminated. // // This is the common loop construct for all polling in the wait package. func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding bool, condition ConditionWithContextFunc) error { @@ -38,8 +40,17 @@ func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding var timeCh <-chan time.Time doneCh := ctx.Done() + // if immediate is true the condition is + // guaranteed to be executed at least once, // if we haven't requested immediate execution, delay once - if !immediate { + if immediate { + if ok, err := func() (bool, error) { + defer runtime.HandleCrash() + return condition(ctx) + }(); err != nil || ok { + return err + } + } else { timeCh = t.C() select { case <-doneCh: diff --git a/vendor/k8s.io/apiserver/pkg/server/options/etcd.go b/vendor/k8s.io/apiserver/pkg/server/options/etcd.go index 6aabbf255be..a3b20a4a324 100644 --- a/vendor/k8s.io/apiserver/pkg/server/options/etcd.go +++ b/vendor/k8s.io/apiserver/pkg/server/options/etcd.go @@ -444,6 +444,10 @@ func (s *SimpleStorageFactory) ResourcePrefix(resource schema.GroupResource) str return resource.Group + "/" + resource.Resource } +func (s *SimpleStorageFactory) Configs() []storagebackend.Config { + return serverstorage.Configs(s.StorageConfig) +} + func (s *SimpleStorageFactory) Backends() []serverstorage.Backend { // nothing should ever call this method but we still provide a functional implementation return serverstorage.Backends(s.StorageConfig) @@ -474,6 +478,10 @@ func (t *transformerStorageFactory) ResourcePrefix(resource schema.GroupResource return t.delegate.ResourcePrefix(resource) } +func (t *transformerStorageFactory) Configs() []storagebackend.Config { + return t.delegate.Configs() +} + func (t *transformerStorageFactory) Backends() []serverstorage.Backend { return t.delegate.Backends() } diff --git a/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go b/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go index 5b1c24446c7..1c32b977239 100644 --- a/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go +++ b/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go @@ -22,14 +22,13 @@ import ( "io/ioutil" "strings" - "k8s.io/klog/v2" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/features" "k8s.io/apiserver/pkg/storage/storagebackend" utilfeature "k8s.io/apiserver/pkg/util/feature" + "k8s.io/klog/v2" ) // Backend describes the storage servers, the information here should be enough @@ -52,8 +51,12 @@ type StorageFactory interface { // centralized control over the shape of etcd directories ResourcePrefix(groupResource schema.GroupResource) string + // Configs gets configurations for all of registered storage destinations. + Configs() []storagebackend.Config + // Backends gets all backends for all registered storage destinations. // Used for getting all instances for health validations. + // Deprecated: Use Configs instead Backends() []Backend } @@ -276,14 +279,52 @@ func (s *DefaultStorageFactory) NewConfig(groupResource schema.GroupResource) (* return storageConfig.ForResource(groupResource), nil } -// Backends returns all backends for all registered storage destinations. -// Used for getting all instances for health validations. +// Configs implements StorageFactory. +func (s *DefaultStorageFactory) Configs() []storagebackend.Config { + return configs(s.StorageConfig, s.Overrides) +} + +// Configs gets configurations for all of registered storage destinations. +func Configs(storageConfig storagebackend.Config) []storagebackend.Config { + return configs(storageConfig, nil) +} + +// Returns all storage configurations including those for group resource overrides +func configs(storageConfig storagebackend.Config, grOverrides map[schema.GroupResource]groupResourceOverrides) []storagebackend.Config { + locations := sets.NewString() + configs := []storagebackend.Config{} + for _, loc := range storageConfig.Transport.ServerList { + // copy + newConfig := storageConfig + newConfig.Transport.ServerList = []string{loc} + configs = append(configs, newConfig) + locations.Insert(loc) + } + + for _, override := range grOverrides { + for _, loc := range override.etcdLocation { + if locations.Has(loc) { + continue + } + // copy + newConfig := storageConfig + override.Apply(&newConfig, &StorageCodecConfig{}) + newConfig.Transport.ServerList = []string{loc} + configs = append(configs, newConfig) + locations.Insert(loc) + } + } + return configs +} + +// Backends implements StorageFactory. func (s *DefaultStorageFactory) Backends() []Backend { return backends(s.StorageConfig, s.Overrides) } // Backends returns all backends for all registered storage destinations. // Used for getting all instances for health validations. +// Deprecated: Validate health by passing storagebackend.Config directly to storagefactory.CreateProber. func Backends(storageConfig storagebackend.Config) []Backend { return backends(storageConfig, nil) } diff --git a/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go b/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go index ad051d2d6cd..3d489810378 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go +++ b/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go @@ -28,6 +28,7 @@ type etcdHealth struct { } // EtcdHealthCheck decodes data returned from etcd /healthz handler. +// Deprecated: Validate health by passing storagebackend.Config directly to storagefactory.CreateProber. func EtcdHealthCheck(data []byte) error { obj := etcdHealth{} if err := json.Unmarshal(data, &obj); err != nil { diff --git a/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go b/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go index c1785964956..64bcabadb97 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go +++ b/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go @@ -153,18 +153,18 @@ func newETCD3Check(c storagebackend.Config, timeout time.Duration, stopCh <-chan // retry in a loop in the background until we successfully create the client, storing the client or error encountered lock := sync.RWMutex{} - var client *clientv3.Client + var prober *etcd3Prober clientErr := fmt.Errorf("etcd client connection not yet established") go wait.PollUntil(time.Second, func() (bool, error) { - newClient, err := newETCD3Client(c.Transport) + newProber, err := newETCD3Prober(c) lock.Lock() defer lock.Unlock() // Ensure that server is already not shutting down. select { case <-stopCh: if err == nil { - newClient.Close() + newProber.Close() } return true, nil default: @@ -173,7 +173,7 @@ func newETCD3Check(c storagebackend.Config, timeout time.Duration, stopCh <-chan clientErr = err return false, nil } - client = newClient + prober = newProber clientErr = nil return true, nil }, stopCh) @@ -185,8 +185,8 @@ func newETCD3Check(c storagebackend.Config, timeout time.Duration, stopCh <-chan lock.Lock() defer lock.Unlock() - if client != nil { - client.Close() + if prober != nil { + prober.Close() clientErr = fmt.Errorf("server is shutting down") } }() @@ -214,17 +214,56 @@ func newETCD3Check(c storagebackend.Config, timeout time.Duration, stopCh <-chan } ctx, cancel := context.WithTimeout(context.Background(), timeout) defer cancel() - // See https://github.com/etcd-io/etcd/blob/c57f8b3af865d1b531b979889c602ba14377420e/etcdctl/ctlv3/command/ep_command.go#L118 now := time.Now() - _, err := client.Get(ctx, path.Join("/", c.Prefix, "health")) - if err != nil { - err = fmt.Errorf("error getting data from etcd: %w", err) - } + err := prober.Probe(ctx) lastError.Store(err, now) return err }, nil } +func newETCD3Prober(c storagebackend.Config) (*etcd3Prober, error) { + client, err := newETCD3Client(c.Transport) + if err != nil { + return nil, err + } + return &etcd3Prober{ + client: client, + prefix: c.Prefix, + }, nil +} + +type etcd3Prober struct { + prefix string + + mux sync.RWMutex + client *clientv3.Client + closed bool +} + +func (p *etcd3Prober) Close() error { + p.mux.Lock() + defer p.mux.Unlock() + if !p.closed { + p.closed = true + return p.client.Close() + } + return fmt.Errorf("prober was closed") +} + +func (p *etcd3Prober) Probe(ctx context.Context) error { + p.mux.RLock() + defer p.mux.RUnlock() + if p.closed { + return fmt.Errorf("prober was closed") + } + // See https://github.com/etcd-io/etcd/blob/c57f8b3af865d1b531b979889c602ba14377420e/etcdctl/ctlv3/command/ep_command.go#L118 + _, err := p.client.Get(ctx, path.Join("/", p.prefix, "health")) + if err != nil { + return fmt.Errorf("error getting data from etcd: %w", err) + } + return nil +} + var newETCD3Client = func(c storagebackend.TransportConfig) (*clientv3.Client, error) { tlsInfo := transport.TLSInfo{ CertFile: c.CertFile, diff --git a/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go b/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go index 4c8a409d659..c8cdd19b97a 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go +++ b/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go @@ -17,6 +17,7 @@ limitations under the License. package factory import ( + "context" "fmt" "k8s.io/apimachinery/pkg/runtime" @@ -61,3 +62,20 @@ func CreateReadyCheck(c storagebackend.Config, stopCh <-chan struct{}) (func() e return nil, fmt.Errorf("unknown storage type: %s", c.Type) } } + +func CreateProber(c storagebackend.Config) (Prober, error) { + switch c.Type { + case storagebackend.StorageTypeETCD2: + return nil, fmt.Errorf("%s is no longer a supported storage backend", c.Type) + case storagebackend.StorageTypeUnset, storagebackend.StorageTypeETCD3: + return newETCD3Prober(c) + default: + return nil, fmt.Errorf("unknown storage type: %s", c.Type) + } +} + +// Prober is an interface that defines the Probe function for doing etcd readiness/liveness checks. +type Prober interface { + Probe(ctx context.Context) error + Close() error +} diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go index 4be1dfe4935..37b023ef25d 100644 --- a/vendor/k8s.io/client-go/util/cert/cert.go +++ b/vendor/k8s.io/client-go/util/cert/cert.go @@ -25,6 +25,7 @@ import ( "crypto/x509/pkix" "encoding/pem" "fmt" + "math" "math/big" "net" "os" @@ -57,8 +58,14 @@ type AltNames struct { // NewSelfSignedCACert creates a CA certificate func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) { now := time.Now() + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) tmpl := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), + SerialNumber: serial, Subject: pkix.Name{ CommonName: cfg.CommonName, Organization: cfg.Organization, @@ -116,9 +123,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) caTemplate := x509.Certificate{ - SerialNumber: big.NewInt(1), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()), }, @@ -144,9 +156,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) template := x509.Certificate{ - SerialNumber: big.NewInt(2), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()), }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 339b846d1ff..317ca769c21 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -854,7 +854,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.4 => k8s.io/api v0.27.2 +# k8s.io/api v0.27.4 => k8s.io/api v0.27.4 ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -910,11 +910,11 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.27.2 => k8s.io/apiextensions-apiserver v0.27.2 +# k8s.io/apiextensions-apiserver v0.27.4 => k8s.io/apiextensions-apiserver v0.27.4 ## explicit; go 1.20 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 -# k8s.io/apimachinery v0.27.4 => k8s.io/apimachinery v0.27.2 +# k8s.io/apimachinery v0.27.4 => k8s.io/apimachinery v0.27.4 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -974,7 +974,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.27.2 => k8s.io/apiserver v0.27.2 +# k8s.io/apiserver v0.27.4 => k8s.io/apiserver v0.27.4 ## explicit; go 1.20 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1116,7 +1116,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.27.2 +# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.27.4 ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1385,7 +1385,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.27.2 => k8s.io/cloud-provider v0.27.2 +# k8s.io/cloud-provider v0.27.4 => k8s.io/cloud-provider v0.27.4 ## explicit; go 1.20 k8s.io/cloud-provider k8s.io/cloud-provider/app/config @@ -1399,7 +1399,7 @@ k8s.io/cloud-provider/controllers/service/config/v1alpha1 k8s.io/cloud-provider/options k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/helpers -# k8s.io/component-base v0.27.2 => k8s.io/component-base v0.27.2 +# k8s.io/component-base v0.27.4 => k8s.io/component-base v0.27.4 ## explicit; go 1.20 k8s.io/component-base/cli/flag k8s.io/component-base/config @@ -1421,13 +1421,13 @@ k8s.io/component-base/metrics/testutil k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.27.2 => k8s.io/component-helpers v0.27.2 +# k8s.io/component-helpers v0.27.4 => k8s.io/component-helpers v0.27.4 ## explicit; go 1.20 k8s.io/component-helpers/node/util/sysctl k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.27.2 => k8s.io/controller-manager v0.27.2 +# k8s.io/controller-manager v0.27.4 => k8s.io/controller-manager v0.27.4 ## explicit; go 1.20 k8s.io/controller-manager/config k8s.io/controller-manager/config/v1 @@ -1447,7 +1447,7 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.27.2 +# k8s.io/kms v0.27.4 ## explicit; go 1.20 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 @@ -1475,11 +1475,11 @@ k8s.io/kube-openapi/pkg/validation/errors k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson -# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.27.2 +# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.27.4 ## explicit; go 1.20 k8s.io/kubectl/pkg/scale k8s.io/kubectl/pkg/util/podutils -# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.27.2 +# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.27.4 ## explicit; go 1.20 k8s.io/kubelet/pkg/apis k8s.io/kubelet/pkg/apis/stats/v1alpha1 @@ -1550,10 +1550,10 @@ k8s.io/kubernetes/test/utils k8s.io/kubernetes/test/utils/format k8s.io/kubernetes/test/utils/image k8s.io/kubernetes/test/utils/kubeconfig -# k8s.io/mount-utils v0.27.2 => k8s.io/mount-utils v0.27.2 +# k8s.io/mount-utils v0.27.4 => k8s.io/mount-utils v0.27.4 ## explicit; go 1.20 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.0.0 => k8s.io/pod-security-admission v0.27.2 +# k8s.io/pod-security-admission v0.0.0 => k8s.io/pod-security-admission v0.27.4 ## explicit; go 1.20 k8s.io/pod-security-admission/api k8s.io/pod-security-admission/policy @@ -1637,30 +1637,30 @@ sigs.k8s.io/yaml # github.com/ceph/ceph-csi/api => ./api # github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3 # gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0 -# k8s.io/api => k8s.io/api v0.27.2 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.2 -# k8s.io/apimachinery => k8s.io/apimachinery v0.27.2 -# k8s.io/apiserver => k8s.io/apiserver v0.27.2 -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.2 -# k8s.io/client-go => k8s.io/client-go v0.27.2 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.2 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.2 -# k8s.io/code-generator => k8s.io/code-generator v0.27.2 -# k8s.io/component-base => k8s.io/component-base v0.27.2 -# k8s.io/component-helpers => k8s.io/component-helpers v0.27.2 -# k8s.io/controller-manager => k8s.io/controller-manager v0.27.2 -# k8s.io/cri-api => k8s.io/cri-api v0.27.2 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.2 -# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.2 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.2 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.2 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.2 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.2 -# k8s.io/kubectl => k8s.io/kubectl v0.27.2 -# k8s.io/kubelet => k8s.io/kubelet v0.27.2 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.2 -# k8s.io/metrics => k8s.io/metrics v0.27.2 -# k8s.io/mount-utils => k8s.io/mount-utils v0.27.2 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.2 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.2 +# k8s.io/api => k8s.io/api v0.27.4 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.4 +# k8s.io/apimachinery => k8s.io/apimachinery v0.27.4 +# k8s.io/apiserver => k8s.io/apiserver v0.27.4 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.4 +# k8s.io/client-go => k8s.io/client-go v0.27.4 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.4 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.4 +# k8s.io/code-generator => k8s.io/code-generator v0.27.4 +# k8s.io/component-base => k8s.io/component-base v0.27.4 +# k8s.io/component-helpers => k8s.io/component-helpers v0.27.4 +# k8s.io/controller-manager => k8s.io/controller-manager v0.27.4 +# k8s.io/cri-api => k8s.io/cri-api v0.27.4 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.4 +# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.4 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.4 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.4 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.4 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.4 +# k8s.io/kubectl => k8s.io/kubectl v0.27.4 +# k8s.io/kubelet => k8s.io/kubelet v0.27.4 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.4 +# k8s.io/metrics => k8s.io/metrics v0.27.4 +# k8s.io/mount-utils => k8s.io/mount-utils v0.27.4 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.4 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.4 # layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917 From c7abe6e7c8af469e5ddae513d4ad0cd4d31731a0 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 26 Jul 2023 08:41:43 +0200 Subject: [PATCH 2/2] ci: allow CVE-2019-11255 in Kubernetes module dependency It is unclear how a module for utility functions can have the same problem as a separate side-car that is expected to do the input validation. The side-cars have been fixed already, no further details are in the CVE description (from 2019). See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4 Signed-off-by: Niels de Vos --- .github/workflows/dependency-review.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 28f8f12738a..8d0533c9d2d 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -18,3 +18,5 @@ jobs: uses: actions/checkout@v3 - name: 'Dependency Review' uses: actions/dependency-review-action@v3 + with: + allow-ghsas: GHSA-f4w6-3rh6-6q4q