treewide: switch to gomod and bump everything
This switches version resolution from fietsje to gomod and updates
all Go dependencies. It also bumps rules_go (required by gVisor) and
switches the Gazelle naming convention from go_default_xxx to the
standard Bazel convention of the default target having the package
name.
Since Kubernetes dropped upstream Bazel support and doesn't check in
all generated files I manually pregenerated the OpenAPI spec. This
should be fixed, but because of the already-huge scope of this CL
and the rebase complexity this is not in here.
Change-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833
Reviewed-on: https://review.monogon.dev/c/monogon/+/639
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
Reviewed-by: Leopold Schabel <leo@nexantic.com>
diff --git a/metropolis/node/kubernetes/BUILD.bazel b/metropolis/node/kubernetes/BUILD.bazel
index 2a35c4b..c92ca06 100644
--- a/metropolis/node/kubernetes/BUILD.bazel
+++ b/metropolis/node/kubernetes/BUILD.bazel
@@ -1,7 +1,7 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "kubernetes",
srcs = [
"apiserver.go",
"controller-manager.go",
@@ -14,46 +14,46 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes",
visibility = ["//metropolis/node:__subpackages__"],
deps = [
- "//metropolis/node:go_default_library",
- "//metropolis/node/core/identity:go_default_library",
- "//metropolis/node/core/localstorage:go_default_library",
- "//metropolis/node/core/network:go_default_library",
- "//metropolis/node/core/network/dns:go_default_library",
- "//metropolis/node/kubernetes/authproxy:go_default_library",
- "//metropolis/node/kubernetes/clusternet:go_default_library",
- "//metropolis/node/kubernetes/nfproxy:go_default_library",
- "//metropolis/node/kubernetes/pki:go_default_library",
- "//metropolis/node/kubernetes/plugins/kvmdevice:go_default_library",
- "//metropolis/node/kubernetes/reconciler:go_default_library",
- "//metropolis/pkg/fileargs:go_default_library",
- "//metropolis/pkg/fsquota:go_default_library",
- "//metropolis/pkg/logtree:go_default_library",
- "//metropolis/pkg/loop:go_default_library",
- "//metropolis/pkg/pki:go_default_library",
- "//metropolis/pkg/supervisor:go_default_library",
- "//metropolis/proto/api:go_default_library",
- "@com_github_container_storage_interface_spec//lib/go/csi:go_default_library",
+ "//metropolis/node",
+ "//metropolis/node/core/identity",
+ "//metropolis/node/core/localstorage",
+ "//metropolis/node/core/network",
+ "//metropolis/node/core/network/dns",
+ "//metropolis/node/kubernetes/authproxy",
+ "//metropolis/node/kubernetes/clusternet",
+ "//metropolis/node/kubernetes/nfproxy",
+ "//metropolis/node/kubernetes/pki",
+ "//metropolis/node/kubernetes/plugins/kvmdevice",
+ "//metropolis/node/kubernetes/reconciler",
+ "//metropolis/pkg/fileargs",
+ "//metropolis/pkg/fsquota",
+ "//metropolis/pkg/logtree",
+ "//metropolis/pkg/loop",
+ "//metropolis/pkg/pki",
+ "//metropolis/pkg/supervisor",
+ "//metropolis/proto/api",
+ "@com_github_container_storage_interface_spec//lib/go/csi",
"@io_bazel_rules_go//proto/wkt:wrappers_go_proto",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_api//storage/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_client_go//informers:go_default_library",
- "@io_k8s_client_go//informers/core/v1:go_default_library",
- "@io_k8s_client_go//informers/storage/v1:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//kubernetes/scheme:go_default_library",
- "@io_k8s_client_go//kubernetes/typed/core/v1:go_default_library",
- "@io_k8s_client_go//tools/cache:go_default_library",
- "@io_k8s_client_go//tools/clientcmd:go_default_library",
- "@io_k8s_client_go//tools/record:go_default_library",
- "@io_k8s_client_go//tools/reference:go_default_library",
- "@io_k8s_client_go//util/workqueue:go_default_library",
- "@io_k8s_kubelet//config/v1beta1:go_default_library",
- "@io_k8s_kubelet//pkg/apis/pluginregistration/v1:go_default_library",
+ "@io_k8s_api//core/v1:core",
+ "@io_k8s_api//storage/v1:storage",
+ "@io_k8s_apimachinery//pkg/api/errors",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
+ "@io_k8s_client_go//informers",
+ "@io_k8s_client_go//informers/core/v1:core",
+ "@io_k8s_client_go//informers/storage/v1:storage",
+ "@io_k8s_client_go//kubernetes",
+ "@io_k8s_client_go//kubernetes/scheme",
+ "@io_k8s_client_go//kubernetes/typed/core/v1:core",
+ "@io_k8s_client_go//tools/cache",
+ "@io_k8s_client_go//tools/clientcmd",
+ "@io_k8s_client_go//tools/record",
+ "@io_k8s_client_go//tools/reference",
+ "@io_k8s_client_go//util/workqueue",
+ "@io_k8s_kubelet//config/v1beta1",
+ "@io_k8s_kubelet//pkg/apis/pluginregistration/v1:pluginregistration",
"@org_golang_google_grpc//:go_default_library",
- "@org_golang_google_grpc//codes:go_default_library",
- "@org_golang_google_grpc//status:go_default_library",
- "@org_golang_x_sys//unix:go_default_library",
+ "@org_golang_google_grpc//codes",
+ "@org_golang_google_grpc//status",
+ "@org_golang_x_sys//unix",
],
)
diff --git a/metropolis/node/kubernetes/apiserver.go b/metropolis/node/kubernetes/apiserver.go
index cd4ff60..aeaa80e 100644
--- a/metropolis/node/kubernetes/apiserver.go
+++ b/metropolis/node/kubernetes/apiserver.go
@@ -97,7 +97,6 @@
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.idCA})),
"--enable-admission-plugins=NodeRestriction,PodSecurityPolicy",
"--enable-aggregator-routing=true",
- "--insecure-port=0",
fmt.Sprintf("--secure-port=%d", common.KubernetesAPIPort),
fmt.Sprintf("--etcd-servers=unix:///%s:0", s.EphemeralConsensusDirectory.ClientSocket.FullPath()),
args.FileOpt("--kubelet-client-certificate", "kubelet-client-cert.pem",
@@ -117,6 +116,9 @@
"--requestheader-username-headers=X-Remote-User",
args.FileOpt("--service-account-key-file", "service-account-pubkey.pem",
pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: s.serviceAccountPrivKey})),
+ args.FileOpt("--service-account-signing-key-file", "service-account-signing-key.pem",
+ pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: s.serviceAccountPrivKey})),
+ "--service-account-issuer", "https://metropolis.internal", // TODO: Figure out federation
fmt.Sprintf("--service-cluster-ip-range=%v", s.ServiceIPRange.String()),
args.FileOpt("--tls-cert-file", "server-cert.pem",
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.serverCert})),
diff --git a/metropolis/node/kubernetes/authproxy/BUILD.bazel b/metropolis/node/kubernetes/authproxy/BUILD.bazel
index 965e8ad..9cf57cb 100644
--- a/metropolis/node/kubernetes/authproxy/BUILD.bazel
+++ b/metropolis/node/kubernetes/authproxy/BUILD.bazel
@@ -1,15 +1,15 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "authproxy",
srcs = ["authproxy.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/authproxy",
visibility = ["//visibility:public"],
deps = [
- "//metropolis/node:go_default_library",
- "//metropolis/node/core/identity:go_default_library",
- "//metropolis/node/kubernetes/pki:go_default_library",
- "//metropolis/pkg/supervisor:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+ "//metropolis/node",
+ "//metropolis/node/core/identity",
+ "//metropolis/node/kubernetes/pki",
+ "//metropolis/pkg/supervisor",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
],
)
diff --git a/metropolis/node/kubernetes/clusternet/BUILD.bazel b/metropolis/node/kubernetes/clusternet/BUILD.bazel
index b2f0687..8e8f820 100644
--- a/metropolis/node/kubernetes/clusternet/BUILD.bazel
+++ b/metropolis/node/kubernetes/clusternet/BUILD.bazel
@@ -1,7 +1,7 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "clusternet",
srcs = [
"clusternet.go",
"netlink_compat.go",
@@ -9,19 +9,19 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes/clusternet",
visibility = ["//metropolis/node/kubernetes:__subpackages__"],
deps = [
- "//metropolis/node:go_default_library",
- "//metropolis/node/core/localstorage:go_default_library",
- "//metropolis/pkg/jsonpatch:go_default_library",
- "//metropolis/pkg/logtree:go_default_library",
- "//metropolis/pkg/supervisor:go_default_library",
- "@com_github_vishvananda_netlink//:go_default_library",
- "@com_zx2c4_golang_wireguard_wgctrl//:go_default_library",
- "@com_zx2c4_golang_wireguard_wgctrl//wgtypes:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/types:go_default_library",
- "@io_k8s_client_go//informers:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//tools/cache:go_default_library",
+ "//metropolis/node",
+ "//metropolis/node/core/localstorage",
+ "//metropolis/pkg/jsonpatch",
+ "//metropolis/pkg/logtree",
+ "//metropolis/pkg/supervisor",
+ "@com_github_vishvananda_netlink//:netlink",
+ "@com_zx2c4_golang_wireguard_wgctrl//:wgctrl",
+ "@com_zx2c4_golang_wireguard_wgctrl//wgtypes",
+ "@io_k8s_api//core/v1:core",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
+ "@io_k8s_apimachinery//pkg/types",
+ "@io_k8s_client_go//informers",
+ "@io_k8s_client_go//kubernetes",
+ "@io_k8s_client_go//tools/cache",
],
)
diff --git a/metropolis/node/kubernetes/containerd/BUILD.bazel b/metropolis/node/kubernetes/containerd/BUILD.bazel
index 58534d7..ef6606d 100644
--- a/metropolis/node/kubernetes/containerd/BUILD.bazel
+++ b/metropolis/node/kubernetes/containerd/BUILD.bazel
@@ -1,15 +1,15 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "containerd",
srcs = ["main.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/containerd",
visibility = ["//metropolis/node/core:__subpackages__"],
deps = [
- "//metropolis/node/core/localstorage:go_default_library",
- "//metropolis/pkg/supervisor:go_default_library",
- "@com_github_containerd_containerd//:go_default_library",
- "@com_github_containerd_containerd//namespaces:go_default_library",
+ "//metropolis/node/core/localstorage",
+ "//metropolis/pkg/supervisor",
+ "@com_github_containerd_containerd//:containerd",
+ "@com_github_containerd_containerd//namespaces",
],
)
diff --git a/metropolis/node/kubernetes/containerd/config.toml b/metropolis/node/kubernetes/containerd/config.toml
index da2bed7..98a11fe 100644
--- a/metropolis/node/kubernetes/containerd/config.toml
+++ b/metropolis/node/kubernetes/containerd/config.toml
@@ -58,6 +58,7 @@
systemd_cgroup = false
enable_tls_streaming = false
ignore_image_defined_volumes = true
+ netns_mounts_under_state_dir = true
max_container_log_line_size = 16384
disable_cgroup = false
disable_apparmor = true
diff --git a/metropolis/node/kubernetes/hyperkube/BUILD b/metropolis/node/kubernetes/hyperkube/BUILD
index 3b5deb3..ed27296 100644
--- a/metropolis/node/kubernetes/hyperkube/BUILD
+++ b/metropolis/node/kubernetes/hyperkube/BUILD
@@ -2,27 +2,27 @@
load("@//third_party/go:kubernetes_version_def.bzl", "version_x_defs")
go_library(
- name = "go_default_library",
+ name = "hyperkube_lib",
srcs = ["main.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/hyperkube",
visibility = ["//visibility:private"],
deps = [
- "@com_github_spf13_cobra//:go_default_library",
- "@com_github_spf13_pflag//:go_default_library",
- "@io_k8s_component_base//cli/flag:go_default_library",
- "@io_k8s_component_base//logs:go_default_library",
- "@io_k8s_component_base//metrics/prometheus/restclient:go_default_library",
- "@io_k8s_component_base//metrics/prometheus/version:go_default_library",
- "@io_k8s_kubernetes//cmd/kube-apiserver/app:go_default_library",
- "@io_k8s_kubernetes//cmd/kube-controller-manager/app:go_default_library",
- "@io_k8s_kubernetes//cmd/kube-scheduler/app:go_default_library",
- "@io_k8s_kubernetes//cmd/kubelet/app:go_default_library",
+ "@com_github_spf13_cobra//:cobra",
+ "@com_github_spf13_pflag//:pflag",
+ "@io_k8s_component_base//cli/flag",
+ "@io_k8s_component_base//logs",
+ "@io_k8s_component_base//metrics/prometheus/restclient",
+ "@io_k8s_component_base//metrics/prometheus/version",
+ "@io_k8s_kubernetes//cmd/kube-apiserver/app",
+ "@io_k8s_kubernetes//cmd/kube-controller-manager/app",
+ "@io_k8s_kubernetes//cmd/kube-scheduler/app",
+ "@io_k8s_kubernetes//cmd/kubelet/app",
],
)
go_binary(
name = "hyperkube",
- embed = [":go_default_library"],
+ embed = [":hyperkube_lib"],
pure = "on",
visibility = ["//metropolis/node:__pkg__"],
x_defs = version_x_defs(),
diff --git a/metropolis/node/kubernetes/nfproxy/BUILD.bazel b/metropolis/node/kubernetes/nfproxy/BUILD.bazel
index 1dc5bbc..e8dce41 100644
--- a/metropolis/node/kubernetes/nfproxy/BUILD.bazel
+++ b/metropolis/node/kubernetes/nfproxy/BUILD.bazel
@@ -1,22 +1,22 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "nfproxy",
srcs = ["nfproxy.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/nfproxy",
visibility = ["//metropolis/node/kubernetes:__subpackages__"],
deps = [
- "//metropolis/pkg/supervisor:go_default_library",
- "@com_github_sbezverk_nfproxy//pkg/controller:go_default_library",
- "@com_github_sbezverk_nfproxy//pkg/nftables:go_default_library",
- "@com_github_sbezverk_nfproxy//pkg/proxy:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/labels:go_default_library",
- "@io_k8s_apimachinery//pkg/selection:go_default_library",
- "@io_k8s_client_go//informers:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//kubernetes/scheme:go_default_library",
- "@io_k8s_client_go//tools/record:go_default_library",
+ "//metropolis/pkg/supervisor",
+ "@com_github_sbezverk_nfproxy//pkg/controller",
+ "@com_github_sbezverk_nfproxy//pkg/nftables",
+ "@com_github_sbezverk_nfproxy//pkg/proxy",
+ "@io_k8s_api//core/v1:core",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
+ "@io_k8s_apimachinery//pkg/labels",
+ "@io_k8s_apimachinery//pkg/selection",
+ "@io_k8s_client_go//informers",
+ "@io_k8s_client_go//kubernetes",
+ "@io_k8s_client_go//kubernetes/scheme",
+ "@io_k8s_client_go//tools/record",
],
)
diff --git a/metropolis/node/kubernetes/pki/BUILD.bazel b/metropolis/node/kubernetes/pki/BUILD.bazel
index cfbba0c..f2e4e3c 100644
--- a/metropolis/node/kubernetes/pki/BUILD.bazel
+++ b/metropolis/node/kubernetes/pki/BUILD.bazel
@@ -1,16 +1,16 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "pki",
srcs = ["kubernetes.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/pki",
visibility = ["//metropolis/node:__subpackages__"],
deps = [
- "//metropolis/node:go_default_library",
- "//metropolis/pkg/logtree:go_default_library",
- "//metropolis/pkg/pki:go_default_library",
- "@io_etcd_go_etcd//clientv3:go_default_library",
- "@io_k8s_client_go//tools/clientcmd:go_default_library",
- "@io_k8s_client_go//tools/clientcmd/api:go_default_library",
+ "//metropolis/node",
+ "//metropolis/pkg/logtree",
+ "//metropolis/pkg/pki",
+ "@io_etcd_go_etcd_client_v3//:client",
+ "@io_k8s_client_go//tools/clientcmd",
+ "@io_k8s_client_go//tools/clientcmd/api",
],
)
diff --git a/metropolis/node/kubernetes/pki/kubernetes.go b/metropolis/node/kubernetes/pki/kubernetes.go
index 542c614..1a14f99 100644
--- a/metropolis/node/kubernetes/pki/kubernetes.go
+++ b/metropolis/node/kubernetes/pki/kubernetes.go
@@ -32,7 +32,7 @@
"fmt"
"net"
- "go.etcd.io/etcd/clientv3"
+ clientv3 "go.etcd.io/etcd/client/v3"
"k8s.io/client-go/tools/clientcmd"
configapi "k8s.io/client-go/tools/clientcmd/api"
diff --git a/metropolis/node/kubernetes/plugins/kvmdevice/BUILD.bazel b/metropolis/node/kubernetes/plugins/kvmdevice/BUILD.bazel
index a4e0f93..7d9b43f 100644
--- a/metropolis/node/kubernetes/plugins/kvmdevice/BUILD.bazel
+++ b/metropolis/node/kubernetes/plugins/kvmdevice/BUILD.bazel
@@ -1,18 +1,18 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
- name = "go_default_library",
+ name = "kvmdevice",
srcs = ["kvmdevice.go"],
importpath = "source.monogon.dev/metropolis/node/kubernetes/plugins/kvmdevice",
visibility = ["//visibility:public"],
deps = [
- "//metropolis/node/core/localstorage:go_default_library",
- "//metropolis/pkg/logtree:go_default_library",
- "//metropolis/pkg/supervisor:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_kubelet//pkg/apis/deviceplugin/v1beta1:go_default_library",
- "@io_k8s_kubelet//pkg/apis/pluginregistration/v1:go_default_library",
+ "//metropolis/node/core/localstorage",
+ "//metropolis/pkg/logtree",
+ "//metropolis/pkg/supervisor",
+ "@io_k8s_api//core/v1:core",
+ "@io_k8s_kubelet//pkg/apis/deviceplugin/v1beta1",
+ "@io_k8s_kubelet//pkg/apis/pluginregistration/v1:pluginregistration",
"@org_golang_google_grpc//:go_default_library",
- "@org_golang_x_sys//unix:go_default_library",
+ "@org_golang_x_sys//unix",
],
)
diff --git a/metropolis/node/kubernetes/reconciler/BUILD.bazel b/metropolis/node/kubernetes/reconciler/BUILD.bazel
index fadcd96..bba9f4c 100644
--- a/metropolis/node/kubernetes/reconciler/BUILD.bazel
+++ b/metropolis/node/kubernetes/reconciler/BUILD.bazel
@@ -1,7 +1,7 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
go_library(
- name = "go_default_library",
+ name = "reconciler",
srcs = [
"reconciler.go",
"resources_csi.go",
@@ -13,26 +13,26 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes/reconciler",
visibility = ["//metropolis/node:__subpackages__"],
deps = [
- "//metropolis/pkg/supervisor:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_api//node/v1beta1:go_default_library",
- "@io_k8s_api//policy/v1beta1:go_default_library",
- "@io_k8s_api//rbac/v1:go_default_library",
- "@io_k8s_api//storage/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
+ "//metropolis/pkg/supervisor",
+ "@io_k8s_api//core/v1:core",
+ "@io_k8s_api//node/v1beta1",
+ "@io_k8s_api//policy/v1beta1",
+ "@io_k8s_api//rbac/v1:rbac",
+ "@io_k8s_api//storage/v1:storage",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
+ "@io_k8s_client_go//kubernetes",
],
)
go_test(
- name = "go_default_test",
+ name = "reconciler_test",
srcs = ["reconciler_test.go"],
- embed = [":go_default_library"],
+ embed = [":reconciler"],
deps = [
- "@io_k8s_api//node/v1beta1:go_default_library",
- "@io_k8s_api//policy/v1beta1:go_default_library",
- "@io_k8s_api//rbac/v1:go_default_library",
- "@io_k8s_api//storage/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+ "@io_k8s_api//node/v1beta1",
+ "@io_k8s_api//policy/v1beta1",
+ "@io_k8s_api//rbac/v1:rbac",
+ "@io_k8s_api//storage/v1:storage",
+ "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
],
)