Update kubernetes/client-go to v7.0.0 (#1808)

This fix updates k8s' client-go to v7.0.0, which matches k8s 1.10. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2025-11-01 10:43:17 -04:00 · 2018-05-16 23:10:28 -07:00
parent 9a82fa0374
commit b109a79cb5
730 changed files with 17431 additions and 43251 deletions
--- a/vendor/k8s.io/client-go/util/buffer/BUILD
+++ b/vendor/k8s.io/client-go/util/buffer/BUILD
@@ -10,8 +10,7 @@ go_library(
 go_test(
    name = "go_default_test",
    srcs = ["ring_growing_test.go"],
-    importpath = "k8s.io/client-go/util/buffer",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = ["//vendor/github.com/stretchr/testify/assert:go_default_library"],
 )

--- a/vendor/k8s.io/client-go/util/cert/BUILD
+++ b/vendor/k8s.io/client-go/util/cert/BUILD
@@ -13,8 +13,7 @@ go_test(
        "pem_test.go",
    ],
    data = glob(["testdata/**"]),
-    importpath = "k8s.io/client-go/util/cert",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
 )

 go_library(
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -38,7 +38,7 @@ const (
 	duration365d = time.Hour * 24 * 365
 )

-// Config containes the basic fields required for creating a certificate
+// Config contains the basic fields required for creating a certificate
 type Config struct {
 	CommonName   string
 	Organization []string
@@ -138,23 +138,50 @@ func MakeEllipticPrivateKeyPEM() ([]byte, error) {
 // Host may be an IP or a DNS name
 // You may also specify additional subject alt names (either ip or dns names) for the certificate
 func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) {
+	caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	caTemplate := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
+		},
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().Add(time.Hour * 24 * 365),
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		IsCA: true,
+	}
+
+	caDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &caTemplate, &caTemplate, &caKey.PublicKey, caKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	caCertificate, err := x509.ParseCertificate(caDERBytes)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
 	if err != nil {
 		return nil, nil, err
 	}

 	template := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: big.NewInt(2),
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365),

-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
-		IsCA: true,
 	}

 	if ip := net.ParseIP(host); ip != nil {
@@ -166,16 +193,19 @@ func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
 	template.IPAddresses = append(template.IPAddresses, alternateIPs...)
 	template.DNSNames = append(template.DNSNames, alternateDNS...)

-	derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv)
+	derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, caCertificate, &priv.PublicKey, caKey)
 	if err != nil {
 		return nil, nil, err
 	}

-	// Generate cert
+	// Generate cert, followed by ca
 	certBuffer := bytes.Buffer{}
 	if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: derBytes}); err != nil {
 		return nil, nil, err
 	}
+	if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: caDERBytes}); err != nil {
+		return nil, nil, err
+	}

 	// Generate key
 	keyBuffer := bytes.Buffer{}
--- a/vendor/k8s.io/client-go/util/flowcontrol/BUILD
+++ b/vendor/k8s.io/client-go/util/flowcontrol/BUILD
@@ -12,8 +12,7 @@ go_test(
        "backoff_test.go",
        "throttle_test.go",
    ],
-    importpath = "k8s.io/client-go/util/flowcontrol",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = ["//vendor/k8s.io/apimachinery/pkg/util/clock:go_default_library"],
 )

@@ -25,7 +24,7 @@ go_library(
    ],
    importpath = "k8s.io/client-go/util/flowcontrol",
    deps = [
-        "//vendor/github.com/juju/ratelimit:go_default_library",
+        "//vendor/golang.org/x/time/rate:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/clock:go_default_library",
        "//vendor/k8s.io/client-go/util/integer:go_default_library",
    ],
--- a/vendor/k8s.io/client-go/util/flowcontrol/throttle.go
+++ b/vendor/k8s.io/client-go/util/flowcontrol/throttle.go
@@ -18,8 +18,9 @@ package flowcontrol

 import (
 	"sync"
+	"time"

-	"github.com/juju/ratelimit"
+	"golang.org/x/time/rate"
 )

 type RateLimiter interface {
@@ -30,17 +31,13 @@ type RateLimiter interface {
 	Accept()
 	// Stop stops the rate limiter, subsequent calls to CanAccept will return false
 	Stop()
-	// Saturation returns a percentage number which describes how saturated
-	// this rate limiter is.
-	// Usually we use token bucket rate limiter. In that case,
-	// 1.0 means no tokens are available; 0.0 means we have a full bucket of tokens to use.
-	Saturation() float64
 	// QPS returns QPS of this rate limiter
 	QPS() float32
 }

 type tokenBucketRateLimiter struct {
-	limiter *ratelimit.Bucket
+	limiter *rate.Limiter
+	clock   Clock
 	qps     float32
 }

@@ -50,42 +47,48 @@ type tokenBucketRateLimiter struct {
 // The bucket is initially filled with 'burst' tokens, and refills at a rate of 'qps'.
 // The maximum number of tokens in the bucket is capped at 'burst'.
 func NewTokenBucketRateLimiter(qps float32, burst int) RateLimiter {
-	limiter := ratelimit.NewBucketWithRate(float64(qps), int64(burst))
-	return newTokenBucketRateLimiter(limiter, qps)
+	limiter := rate.NewLimiter(rate.Limit(qps), burst)
+	return newTokenBucketRateLimiter(limiter, realClock{}, qps)
 }

 // An injectable, mockable clock interface.
 type Clock interface {
-	ratelimit.Clock
+	Now() time.Time
+	Sleep(time.Duration)
+}
+
+type realClock struct{}
+
+func (realClock) Now() time.Time {
+	return time.Now()
+}
+func (realClock) Sleep(d time.Duration) {
+	time.Sleep(d)
 }

 // NewTokenBucketRateLimiterWithClock is identical to NewTokenBucketRateLimiter
 // but allows an injectable clock, for testing.
-func NewTokenBucketRateLimiterWithClock(qps float32, burst int, clock Clock) RateLimiter {
-	limiter := ratelimit.NewBucketWithRateAndClock(float64(qps), int64(burst), clock)
-	return newTokenBucketRateLimiter(limiter, qps)
+func NewTokenBucketRateLimiterWithClock(qps float32, burst int, c Clock) RateLimiter {
+	limiter := rate.NewLimiter(rate.Limit(qps), burst)
+	return newTokenBucketRateLimiter(limiter, c, qps)
 }

-func newTokenBucketRateLimiter(limiter *ratelimit.Bucket, qps float32) RateLimiter {
+func newTokenBucketRateLimiter(limiter *rate.Limiter, c Clock, qps float32) RateLimiter {
 	return &tokenBucketRateLimiter{
 		limiter: limiter,
+		clock:   c,
 		qps:     qps,
 	}
 }

 func (t *tokenBucketRateLimiter) TryAccept() bool {
-	return t.limiter.TakeAvailable(1) == 1
-}
-
-func (t *tokenBucketRateLimiter) Saturation() float64 {
-	capacity := t.limiter.Capacity()
-	avail := t.limiter.Available()
-	return float64(capacity-avail) / float64(capacity)
+	return t.limiter.AllowN(t.clock.Now(), 1)
 }

 // Accept will block until a token becomes available
 func (t *tokenBucketRateLimiter) Accept() {
-	t.limiter.Wait(1)
+	now := t.clock.Now()
+	t.clock.Sleep(t.limiter.ReserveN(now, 1).DelayFrom(now))
 }

 func (t *tokenBucketRateLimiter) Stop() {
@@ -105,10 +108,6 @@ func (t *fakeAlwaysRateLimiter) TryAccept() bool {
 	return true
 }

-func (t *fakeAlwaysRateLimiter) Saturation() float64 {
-	return 0
-}
-
 func (t *fakeAlwaysRateLimiter) Stop() {}

 func (t *fakeAlwaysRateLimiter) Accept() {}
@@ -131,10 +130,6 @@ func (t *fakeNeverRateLimiter) TryAccept() bool {
 	return false
 }

-func (t *fakeNeverRateLimiter) Saturation() float64 {
-	return 1
-}
-
 func (t *fakeNeverRateLimiter) Stop() {
 	t.wg.Done()
 }
--- a/vendor/k8s.io/client-go/util/flowcontrol/throttle_test.go
+++ b/vendor/k8s.io/client-go/util/flowcontrol/throttle_test.go
@@ -17,7 +17,6 @@ limitations under the License.
 package flowcontrol

 import (
-	"math"
 	"sync"
 	"testing"
 	"time"
@@ -116,29 +115,6 @@ func TestThrottle(t *testing.T) {
 	}
 }

-func TestRateLimiterSaturation(t *testing.T) {
-	const e = 0.000001
-	tests := []struct {
-		capacity int
-		take     int
-
-		expectedSaturation float64
-	}{
-		{1, 1, 1},
-		{10, 3, 0.3},
-	}
-	for i, tt := range tests {
-		rl := NewTokenBucketRateLimiter(1, tt.capacity)
-		for i := 0; i < tt.take; i++ {
-			rl.Accept()
-		}
-		if math.Abs(rl.Saturation()-tt.expectedSaturation) > e {
-			t.Fatalf("#%d: Saturation rate difference isn't within tolerable range\n want=%f, get=%f",
-				i, tt.expectedSaturation, rl.Saturation())
-		}
-	}
-}
-
 func TestAlwaysFake(t *testing.T) {
 	rl := NewFakeAlwaysRateLimiter()
 	if !rl.TryAccept() {
--- a/vendor/k8s.io/client-go/util/integer/BUILD
+++ b/vendor/k8s.io/client-go/util/integer/BUILD
@@ -9,8 +9,7 @@ load(
 go_test(
    name = "go_default_test",
    srcs = ["integer_test.go"],
-    importpath = "k8s.io/client-go/util/integer",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
 )

 go_library(
--- a/vendor/k8s.io/client-go/util/retry/BUILD
+++ b/vendor/k8s.io/client-go/util/retry/BUILD
@@ -0,0 +1,41 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["util.go"],
+    importpath = "k8s.io/client-go/util/retry",
+    deps = [
+        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["util_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/client-go/util/retry/OWNERS
+++ b/vendor/k8s.io/client-go/util/retry/OWNERS
@@ -0,0 +1,2 @@
+reviewers:
+- caesarxuchao
--- a/vendor/k8s.io/client-go/util/retry/util.go
+++ b/vendor/k8s.io/client-go/util/retry/util.go
@@ -0,0 +1,79 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package retry
+
+import (
+	"time"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/util/wait"
+)
+
+// DefaultRetry is the recommended retry for a conflict where multiple clients
+// are making changes to the same resource.
+var DefaultRetry = wait.Backoff{
+	Steps:    5,
+	Duration: 10 * time.Millisecond,
+	Factor:   1.0,
+	Jitter:   0.1,
+}
+
+// DefaultBackoff is the recommended backoff for a conflict where a client
+// may be attempting to make an unrelated modification to a resource under
+// active management by one or more controllers.
+var DefaultBackoff = wait.Backoff{
+	Steps:    4,
+	Duration: 10 * time.Millisecond,
+	Factor:   5.0,
+	Jitter:   0.1,
+}
+
+// RetryConflict executes the provided function repeatedly, retrying if the server returns a conflicting
+// write. Callers should preserve previous executions if they wish to retry changes. It performs an
+// exponential backoff.
+//
+//     var pod *api.Pod
+//     err := RetryOnConflict(DefaultBackoff, func() (err error) {
+//       pod, err = c.Pods("mynamespace").UpdateStatus(podStatus)
+//       return
+//     })
+//     if err != nil {
+//       // may be conflict if max retries were hit
+//       return err
+//     }
+//     ...
+//
+// TODO: Make Backoff an interface?
+func RetryOnConflict(backoff wait.Backoff, fn func() error) error {
+	var lastConflictErr error
+	err := wait.ExponentialBackoff(backoff, func() (bool, error) {
+		err := fn()
+		switch {
+		case err == nil:
+			return true, nil
+		case errors.IsConflict(err):
+			lastConflictErr = err
+			return false, nil
+		default:
+			return false, err
+		}
+	})
+	if err == wait.ErrWaitTimeout {
+		err = lastConflictErr
+	}
+	return err
+}
--- a/vendor/k8s.io/client-go/util/retry/util_test.go
+++ b/vendor/k8s.io/client-go/util/retry/util_test.go
@@ -0,0 +1,71 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package retry
+
+import (
+	"fmt"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/wait"
+)
+
+func TestRetryOnConflict(t *testing.T) {
+	opts := wait.Backoff{Factor: 1.0, Steps: 3}
+	conflictErr := errors.NewConflict(schema.GroupResource{Resource: "test"}, "other", nil)
+
+	// never returns
+	err := RetryOnConflict(opts, func() error {
+		return conflictErr
+	})
+	if err != conflictErr {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	// returns immediately
+	i := 0
+	err = RetryOnConflict(opts, func() error {
+		i++
+		return nil
+	})
+	if err != nil || i != 1 {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	// returns immediately on error
+	testErr := fmt.Errorf("some other error")
+	err = RetryOnConflict(opts, func() error {
+		return testErr
+	})
+	if err != testErr {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	// keeps retrying
+	i = 0
+	err = RetryOnConflict(opts, func() error {
+		if i < 2 {
+			i++
+			return errors.NewConflict(schema.GroupResource{Resource: "test"}, "other", nil)
+		}
+		return nil
+	})
+	if err != nil || i != 2 {
+		t.Errorf("unexpected error: %v", err)
+	}
+}