Merge remote-tracking branch 'open-source/master' into tool-flowlog

Author: mazdakn

Makefile

@@ -81,7 +81,7 @@ generate:
 	$(MAKE) gen-manifests
 	$(MAKE) fix-changed
 
-gen-manifests: bin/helm
+gen-manifests: bin/helm bin/yq
 	cd ./manifests && \
 		OPERATOR_VERSION=$(OPERATOR_VERSION) \
 		CALICO_VERSION=$(CALICO_VERSION) \
@@ -153,6 +153,13 @@ release/bin/release: $(shell find ./release -type f -name '*.go')
 bin/ghr:
 	$(DOCKER_RUN) -e GOBIN=/go/src/$(PACKAGE_NAME)/bin/ $(CALICO_BUILD) go install github.com/tcnksm/ghr@$(GHR_VERSION)
 
+# Install GitHub CLI
+bin/gh:
+	curl -sSL -o bin/gh.tgz https://github.com/cli/cli/releases/download/v$(GITHUB_CLI_VERSION)/gh_$(GITHUB_CLI_VERSION)_linux_amd64.tar.gz
+	tar -zxvf bin/gh.tgz -C bin/ gh_$(GITHUB_CLI_VERSION)_linux_amd64/bin/gh --strip-components=2
+	chmod +x $@
+	rm bin/gh.tgz
+
 # Build a release.
 release: release/bin/release
 	@release/bin/release release build
@@ -161,6 +168,9 @@ release: release/bin/release
 release-publish: release/bin/release bin/ghr
 	@release/bin/release release publish
 
+release-public: bin/gh release/bin/release
+	@release/bin/release release public
+
 # Create a release branch.
 create-release-branch: release/bin/release
 	@release/bin/release branch cut -git-publish

api/pkg/apis/projectcalico/v3/ippool.go

@@ -48,6 +48,7 @@ type IPPool struct {
 // IPPoolSpec contains the specification for an IPPool resource.
 type IPPoolSpec struct {
 	// The pool CIDR.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="CIDR cannot be changed; follow IP pool migration guide to avoid corruption."
 	CIDR string `json:"cidr" validate:"net"`
 
 	// Contains configuration for VXLAN tunneling for this pool. If not specified,
@@ -69,6 +70,7 @@ type IPPoolSpec struct {
 	DisableBGPExport bool `json:"disableBGPExport,omitempty" validate:"omitempty"`
 
 	// The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 122 for IPv6.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Block size cannot be changed; follow IP pool migration guide to avoid corruption."
 	BlockSize int `json:"blockSize,omitempty"`
 
 	// Allows IPPool to allocate for a specific node by label selector.

api/pkg/apis/projectcalico/v3/kubecontrollersconfig.go

@@ -126,6 +126,7 @@ const (
 
 type Template struct {
 	// GenerateName is appended to the end of the generated AutoHostEndpoint name
+	// +kubebuilder:validation:MaxLength=253
 	GenerateName string `json:"generateName,omitempty" validate:"omitempty,name"`
 
 	// InterfaceCIDRs contains a list of CIRDs used for matching nodeIPs to the AutoHostEndpoint

apiserver/Dockerfile

@@ -27,13 +27,13 @@ FROM ${CALICO_BASE}
 
 ARG GIT_VERSION=unknown
 
-LABEL description="Aggregated API server which enables calico resources to be managed via kubectl"
-LABEL maintainer="[email protected]"
-LABEL name="Calico API server"
-LABEL release="1"
-LABEL summary="Calico API server"
-LABEL vendor="Project Calico"
-LABEL version=${GIT_VERSION}
+LABEL org.opencontainers.image.description="Aggregated API server which enables calico resources to be managed via kubectl"
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.source="https://github.com/projectcalico/calico"
+LABEL org.opencontainers.image.title="Calico API server"
+LABEL org.opencontainers.image.vendor="Project Calico"
+LABEL org.opencontainers.image.version="${GIT_VERSION}"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 COPY --from=source / /
 

app-policy/Dockerfile

@@ -39,13 +39,13 @@ FROM ${CALICO_BASE}
 
 ARG GIT_VERSION=unknown
 
-LABEL description="Calico Dikastes enables Application Layer Policy"
-LABEL maintainer="[email protected]"
-LABEL name="Calico Dikastes"
-LABEL release="1"
-LABEL summary="Calico Dikastes enables Application Layer Policy"
-LABEL vendor="Project Calico"
-LABEL version=${GIT_VERSION}
+LABEL org.opencontainers.image.description="Calico Dikastes enables Application Layer Policy"
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.source="https://github.com/projectcalico/calico"
+LABEL org.opencontainers.image.title="Calico Dikastes"
+LABEL org.opencontainers.image.vendor="Project Calico"
+LABEL org.opencontainers.image.version="${GIT_VERSION}"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 COPY --from=source / /
 

app-policy/policystore/ipset.go

@@ -15,7 +15,6 @@
 package policystore
 
 import (
-	"fmt"
 	"net"
 	"strconv"
 	"strings"
@@ -63,7 +62,7 @@ func NewIPSet(t syncapi.IPSetUpdate_IPSetType) IPSet {
 	case syncapi.IPSetUpdate_NET:
 		return ipNetSet{v4: &trieNode{}, v6: &trieNode{}}
 	}
-	log.Warn(fmt.Sprintf("Unrecognized IPSet type %T", t))
+	log.Warnf("Unrecognized IPSet type %v", t)
 	return nil
 }
 

calicoctl/Dockerfile

@@ -25,13 +25,13 @@ FROM ${CALICO_BASE}
 
 ARG GIT_VERSION=unknown
 
-LABEL description="calicoctl(1) is a command line tool used to interface with the Calico datastore"
-LABEL maintainer="[email protected]"
-LABEL name="Calico CLI tool"
-LABEL release="1"
-LABEL summary="Calico CLI tool"
-LABEL vendor="Project Calico"
-LABEL version=${GIT_VERSION}
+LABEL org.opencontainers.image.description="calicoctl(1) is a command line tool used to interface with the Calico datastore"
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.source="https://github.com/projectcalico/calico"
+LABEL org.opencontainers.image.title="Calico CLI tool"
+LABEL org.opencontainers.image.vendor="Project Calico"
+LABEL org.opencontainers.image.version="${GIT_VERSION}"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 ENV CALICO_CTL_CONTAINER=TRUE
 

charts/calico/templates/calico-kube-controllers.yaml

@@ -42,7 +42,7 @@ spec:
       hostNetwork: true
       containers:
         - name: calico-kube-controllers
-          image: {{.Values.kubeControllers.image}}:{{ .Values.version }}
+          image: {{.Values.kubeControllers.registry}}/{{.Values.kubeControllers.image}}:{{ .Values.version }}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           env:
             # The location of the etcd cluster.
@@ -106,7 +106,7 @@ spec:
 {{- else }}
       containers:
         - name: calico-kube-controllers
-          image: {{.Values.kubeControllers.image}}:{{ .Values.version }}
+          image: {{.Values.kubeControllers.registry}}/{{.Values.kubeControllers.image}}:{{ .Values.version }}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           env:
             # Choose which controllers to run.

charts/calico/templates/calico-node.yaml

@@ -51,7 +51,7 @@ spec:
         # It can be deleted if this is a fresh installation, or if you have already
         # upgraded to use calico-ipam.
         - name: upgrade-ipam
-          image: {{.Values.cni.image}}:{{ .Values.version }}
+          image: {{.Values.cni.registry}}/{{.Values.cni.image}}:{{ .Values.version }}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
           envFrom:
@@ -93,7 +93,7 @@ spec:
         # This container installs the CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
-          image: {{.Values.cni.image}}:{{ .Values.version }}
+          image: {{.Values.cni.registry}}/{{.Values.cni.image}}:{{ .Values.version }}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           command: ["/opt/cni/bin/install"]
           envFrom:
@@ -195,7 +195,7 @@ spec:
         # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
         # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
         - name: "mount-bpffs"
-          image: {{.Values.node.image}}:{{.Values.version}}
+          image: {{.Values.node.registry}}/{{.Values.node.image}}:{{.Values.version}}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           command: ["calico-node", "-init", "-best-effort"]
           volumeMounts:
@@ -221,7 +221,7 @@ spec:
         # container programs network policy and routes on each
         # host.
         - name: calico-node
-          image: {{.Values.node.image}}:{{.Values.version}}
+          image: {{.Values.node.registry}}/{{.Values.node.image}}:{{.Values.version}}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           envFrom:
             - configMapRef:

charts/calico/templates/calico-typha.yaml

@@ -86,7 +86,7 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       containers:
-        - image: {{ .Values.typha.image }}:{{.Values.version }}
+        - image: {{ .Values.typha.registry }}/{{ .Values.typha.image }}:{{.Values.version }}
           imagePullPolicy: {{.Values.imagePullPolicy}}
           name: calico-typha
           ports:

charts/calico/values.yaml

@@ -2,25 +2,34 @@
 version: master
 
 # Configure the images to use when generating manifests.
+# If a new image is added, update manifests/generate.sh
 node:
-  image: quay.io/calico/node
+  image: node
+  registry: quay.io/calico
 calicoctl:
-  image: quay.io/calico/ctl
+  image: ctl
+  registry: quay.io/calico
 typha:
-  image: quay.io/calico/typha
+  image: typha
+  registry: quay.io/calico
 cni:
-  image: quay.io/calico/cni
+  image: cni
+  registry: quay.io/calico
 kubeControllers:
-  image: quay.io/calico/kube-controllers
+  image: kube-controllers
+  registry: quay.io/calico
 flannel:
   image: quay.io/flannel/flannel
   tag: v0.24.4
 flannelMigration:
-  image: quay.io/calico/flannel-migration
+  image: flannel-migration
+  registry: quay.io/calico
 dikastes:
-  image: quay.io/calico/dikastes
+  image: dikastes
+  registry: quay.io/calico
 csi-driver:
-  image: quay.io/calico/csi-driver
+  image: csi-driver
+  registry: quay.io/calico
 
 # Some defaults used in the templates.
 includeCRDs: true