Bump k8s dependencies to v1.26.0.

This addresses a few CVEs, but was slightly challenging because of some Kubernetes API changes. In particular, the Ingress type signatures changed. This required some surgery on a function that wrapped the extensionsv1beta1 Ingress and v1 Ingress types, attempting to provide some compatibility. The API changes were kind of tough to deal with, but fortunately the only field required by anything else in this project was the Hostname field, so I changed the function to just normalize the hostnames into a slice. Signed-off-by: Dan Lorenc <[email protected]>
argoproj · Dec 4, 2023 · efa4df2 · efa4df2
1 parent 8cae284
commit efa4df2
Show file tree

Hide file tree

Showing 8 changed files with 100 additions and 112 deletions.
diff --git a/go.mod b/go.mod
@@ -1,6 +1,8 @@
 module github.com/argoproj/argo-rollouts
 
-go 1.20
+go 1.21
+
+toolchain go1.21.4
 
 require (
 	github.com/antonmedv/expr v1.15.5
@@ -41,37 +43,30 @@ require (
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.25.8
-	k8s.io/apiextensions-apiserver v0.25.8
-	k8s.io/apimachinery v0.25.8
-	k8s.io/apiserver v0.25.8
-	k8s.io/cli-runtime v0.25.8
-	k8s.io/client-go v0.25.8
-	k8s.io/code-generator v0.25.8
-	k8s.io/component-base v0.25.8
+	k8s.io/api v0.26.0
+	k8s.io/apiextensions-apiserver v0.26.0
+	k8s.io/apimachinery v0.26.0
+	k8s.io/apiserver v0.26.0
+	k8s.io/cli-runtime v0.26.0
+	k8s.io/client-go v0.26.0
+	k8s.io/code-generator v0.26.0
+	k8s.io/component-base v0.26.0
 	k8s.io/klog/v2 v2.80.1
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
-	k8s.io/kubectl v0.25.8
-	k8s.io/kubernetes v1.25.8
+	k8s.io/kubectl v0.26.0
+	k8s.io/kubernetes v1.26.0
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
 	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/PagerDuty/go-pagerduty v1.7.0 // indirect
 	github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 // indirect
 	github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect
 	github.com/google/go-github/v41 v41.0.0 // indirect
 	github.com/matryer/is v1.4.0 // indirect
-	github.com/russross/blackfriday v1.6.0 // indirect
 )
 
 require (
@@ -167,6 +162,7 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/slack-go/slack v0.12.2 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
@@ -198,7 +194,7 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/cluster-bootstrap v0.25.8 // indirect
-	k8s.io/component-helpers v0.25.8 // indirect
+	k8s.io/component-helpers v0.26.0 // indirect
 	k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect

diff --git a/go.sum b/go.sum
diff --git a/pkg/apis/rollouts/validation/validation.go b/pkg/apis/rollouts/validation/validation.go
@@ -94,7 +94,6 @@ var allowAllPodValidationOptions = apivalidation.PodValidationOptions{
 	AllowDownwardAPIHugePages:       true,
 	AllowInvalidPodDeletionCost:     true,
 	AllowIndivisibleHugePagesValues: true,
-	AllowWindowsHostProcessField:    true,
 	AllowExpandedDNSConfig:          true,
 }
 
@@ -117,7 +116,7 @@ func ValidateRolloutSpec(rollout *v1alpha1.Rollout, fldPath *field.Path) field.E
 			message := fmt.Sprintf(MissingFieldMessage, ".spec.selector")
 			allErrs = append(allErrs, field.Required(fldPath.Child("selector"), message))
 		} else {
-			allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, fldPath.Child("selector"))...)
+			allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, unversionedvalidation.LabelSelectorValidationOptions{}, fldPath.Child("selector"))...)
 			if len(spec.Selector.MatchLabels)+len(spec.Selector.MatchExpressions) == 0 {
 				allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "empty selector is invalid for deployment"))
 			}

diff --git a/rollout/trafficrouting/alb/alb.go b/rollout/trafficrouting/alb/alb.go
@@ -251,22 +251,22 @@ func (r *Reconciler) VerifyWeightPerIngress(desiredWeight int32, ingresses []str
 			resourceIDToDest[resourceID] = dest
 		}
 
-		loadBalancerStatus := ingress.GetLoadBalancerStatus()
-		if len(loadBalancerStatus.Ingress) == 0 {
+		hostnames := ingress.GetLoadBalancerHostnames()
+		if len(hostnames) == 0 {
 			r.log.Infof("LoadBalancer not yet allocated")
 		}
 
-		for _, lbIngress := range loadBalancerStatus.Ingress {
-			if lbIngress.Hostname == "" {
+		for _, hostname := range hostnames {
+			if hostname == "" {
 				continue
 			}
-			lb, err := r.aws.FindLoadBalancerByDNSName(ctx, lbIngress.Hostname)
+			lb, err := r.aws.FindLoadBalancerByDNSName(ctx, hostname)
 			if err != nil {
 				r.cfg.Recorder.Warnf(rollout, record.EventOptions{EventReason: conditions.TargetGroupVerifyErrorReason}, conditions.TargetGroupVerifyErrorMessage, canaryService, "unknown", err.Error())
 				return pointer.Bool(false), err
 			}
 			if lb == nil || lb.LoadBalancerArn == nil {
-				r.cfg.Recorder.Warnf(rollout, record.EventOptions{EventReason: conditions.LoadBalancerNotFoundReason}, conditions.LoadBalancerNotFoundMessage, lbIngress.Hostname)
+				r.cfg.Recorder.Warnf(rollout, record.EventOptions{EventReason: conditions.LoadBalancerNotFoundReason}, conditions.LoadBalancerNotFoundMessage, hostname)
 				return pointer.Bool(false), nil
 			}
 

diff --git a/rollout/trafficrouting/alb/alb_test.go b/rollout/trafficrouting/alb/alb_test.go
@@ -9,7 +9,6 @@ import (
 
 	elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
 	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -800,8 +799,8 @@ func TestVerifyWeight(t *testing.T) {
 			SetWeight: pointer.Int32Ptr(10),
 		}}
 		i := ingress("ingress", STABLE_SVC, CANARY_SVC, STABLE_SVC, 443, 5, ro.Name, false)
-		i.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		i.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-test-abc-123.us-west-2.elb.amazonaws.com",
 				},
@@ -1001,15 +1000,15 @@ func TestVerifyWeightMultiIngress(t *testing.T) {
 		}}
 		i := ingress("ingress", STABLE_SVC, CANARY_SVC, STABLE_SVC, 443, 5, ro.Name, false)
 		mi := ingress("multi-ingress", STABLE_SVC, CANARY_SVC, STABLE_SVC, 443, 5, ro.Name, false)
-		i.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		i.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-test-abc-123.us-west-2.elb.amazonaws.com",
 				},
 			},
 		}
-		mi.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		mi.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-multi-ingress.us-west-2.elb.amazonaws.com",
 				},
@@ -1337,8 +1336,8 @@ func TestVerifyWeightWithAdditionalDestinations(t *testing.T) {
 		i := ingress("ingress", STABLE_SVC, CANARY_SVC, STABLE_SVC, 443, 0, ro.Name, false)
 		i.Annotations["alb.ingress.kubernetes.io/actions.stable-svc"] = fmt.Sprintf(actionTemplateWithExperiments, CANARY_SVC, 443, 10, weightDestinations[0].ServiceName, 443, weightDestinations[0].Weight, weightDestinations[1].ServiceName, 443, weightDestinations[1].Weight, STABLE_SVC, 443, 85)
 
-		i.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		i.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-test-abc-123.us-west-2.elb.amazonaws.com",
 				},
@@ -1552,15 +1551,15 @@ func TestVerifyWeightWithAdditionalDestinationsMultiIngress(t *testing.T) {
 		i.Annotations["alb.ingress.kubernetes.io/actions.stable-svc"] = fmt.Sprintf(actionTemplateWithExperiments, CANARY_SVC, 443, 10, weightDestinations[0].ServiceName, 443, weightDestinations[0].Weight, weightDestinations[1].ServiceName, 443, weightDestinations[1].Weight, STABLE_SVC, 443, 85)
 		mi.Annotations["alb.ingress.kubernetes.io/actions.stable-svc"] = fmt.Sprintf(actionTemplateWithExperiments, CANARY_SVC, 443, 10, weightDestinations[0].ServiceName, 443, weightDestinations[0].Weight, weightDestinations[1].ServiceName, 443, weightDestinations[1].Weight, STABLE_SVC, 443, 85)
 
-		i.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		i.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-test-abc-123.us-west-2.elb.amazonaws.com",
 				},
 			},
 		}
-		mi.Status.LoadBalancer = corev1.LoadBalancerStatus{
-			Ingress: []corev1.LoadBalancerIngress{
+		mi.Status.LoadBalancer = extensionsv1beta1.IngressLoadBalancerStatus{
+			Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 				{
 					Hostname: "verify-weight-multi-ingress.us-west-2.elb.amazonaws.com",
 				},

diff --git a/utils/ingress/ingress_test.go b/utils/ingress/ingress_test.go
@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
 	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -587,12 +586,12 @@ func getNetworkingIngress() *networkingv1.Ingress {
 			},
 		},
 		Status: networkingv1.IngressStatus{
-			LoadBalancer: corev1.LoadBalancerStatus{
-				Ingress: []corev1.LoadBalancerIngress{
+			LoadBalancer: networkingv1.IngressLoadBalancerStatus{
+				Ingress: []networkingv1.IngressLoadBalancerIngress{
 					{
 						IP:       "127.0.0.1",
 						Hostname: "localhost",
-						Ports: []corev1.PortStatus{
+						Ports: []networkingv1.IngressPortStatus{
 							{
 								Port:     8080,
 								Protocol: "http",
@@ -630,12 +629,12 @@ func getExtensionsIngress() *extensionsv1beta1.Ingress {
 			},
 		},
 		Status: extensionsv1beta1.IngressStatus{
-			LoadBalancer: corev1.LoadBalancerStatus{
-				Ingress: []corev1.LoadBalancerIngress{
+			LoadBalancer: extensionsv1beta1.IngressLoadBalancerStatus{
+				Ingress: []extensionsv1beta1.IngressLoadBalancerIngress{
 					{
 						IP:       "127.0.0.1",
 						Hostname: "localhost",
-						Ports: []corev1.PortStatus{
+						Ports: []extensionsv1beta1.IngressPortStatus{
 							{
 								Port:     8080,
 								Protocol: "http",

diff --git a/utils/ingress/wrapper.go b/utils/ingress/wrapper.go
@@ -6,7 +6,6 @@ import (
 	"sort"
 	"sync"
 
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/api/extensions/v1beta1"
 	v1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -322,15 +321,19 @@ func (i *Ingress) GetNamespace() string {
 	}
 }
 
-func (i *Ingress) GetLoadBalancerStatus() corev1.LoadBalancerStatus {
+func (i *Ingress) GetLoadBalancerHostnames() []string {
+	hostnames := []string{}
 	switch i.mode {
 	case IngressModeNetworking:
-		return i.ingress.Status.LoadBalancer
+		for _, ingress := range i.ingress.Status.LoadBalancer.Ingress {
+			hostnames = append(hostnames, ingress.Hostname)
+		}
 	case IngressModeExtensions:
-		return i.legacyIngress.Status.LoadBalancer
-	default:
-		return corev1.LoadBalancerStatus{}
+		for _, ingress := range i.legacyIngress.Status.LoadBalancer.Ingress {
+			hostnames = append(hostnames, ingress.Hostname)
+		}
 	}
+	return hostnames
 }
 
 func (i *Ingress) Mode() IngressMode {

diff --git a/utils/ingress/wrapper_test.go b/utils/ingress/wrapper_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/api/extensions/v1beta1"
+	networkingv1 "k8s.io/api/networking/v1"
 	v1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
@@ -450,30 +450,30 @@ func TestDeepCopy(t *testing.T) {
 	})
 }
 
-func TestGetLoadBalancerStatus(t *testing.T) {
-	t.Run("will get loadbalancer status from wrapped networking.Ingress", func(t *testing.T) {
+func TestGetLoadBalancerHostnames(t *testing.T) {
+	t.Run("will get loadbalancer hostnames from wrapped networking.Ingress", func(t *testing.T) {
 		// given
 		t.Parallel()
 		i := getNetworkingIngress()
 		ni := ingress.NewIngress(i)
 
 		// when
-		lbs := ni.GetLoadBalancerStatus()
+		lbs := ni.GetLoadBalancerHostnames()
 
 		// then
-		assert.Equal(t, i.Status.LoadBalancer, lbs)
+		assert.Equal(t, []string{"localhost"}, lbs)
 	})
-	t.Run("will get loadbalancer status from wrapped extensions.Ingress", func(t *testing.T) {
+	t.Run("will get loadbalancer hostnames from wrapped extensions.Ingress", func(t *testing.T) {
 		// given
 		t.Parallel()
 		i := getExtensionsIngress()
 		li := ingress.NewLegacyIngress(i)
 
 		// when
-		lbs := li.GetLoadBalancerStatus()
+		lbs := li.GetLoadBalancerHostnames()
 
 		// then
-		assert.Equal(t, i.Status.LoadBalancer, lbs)
+		assert.Equal(t, []string{"localhost"}, lbs)
 	})
 }
 
@@ -914,12 +914,12 @@ func getNetworkingIngress() *v1.Ingress {
 			},
 		},
 		Status: v1.IngressStatus{
-			LoadBalancer: corev1.LoadBalancerStatus{
-				Ingress: []corev1.LoadBalancerIngress{
+			LoadBalancer: networkingv1.IngressLoadBalancerStatus{
+				Ingress: []networkingv1.IngressLoadBalancerIngress{
 					{
 						IP:       "127.0.0.1",
 						Hostname: "localhost",
-						Ports: []corev1.PortStatus{
+						Ports: []networkingv1.IngressPortStatus{
 							{
 								Port:     8080,
 								Protocol: "http",
@@ -954,12 +954,12 @@ func getExtensionsIngress() *v1beta1.Ingress {
 			},
 		},
 		Status: v1beta1.IngressStatus{
-			LoadBalancer: corev1.LoadBalancerStatus{
-				Ingress: []corev1.LoadBalancerIngress{
+			LoadBalancer: v1beta1.IngressLoadBalancerStatus{
+				Ingress: []v1beta1.IngressLoadBalancerIngress{
 					{
 						IP:       "127.0.0.1",
 						Hostname: "localhost",
-						Ports: []corev1.PortStatus{
+						Ports: []v1beta1.IngressPortStatus{
 							{
 								Port:     8080,
 								Protocol: "http",