remove pod security policy; additional policy/v1beta1 cleanup; use in…

…formers for descheduler unit tests update go to 1.19 and helm kubernetes cluster to 1.25 bump -rc.0 to 1.25 GA bump k8s utils library bump golang-ci use go 1.19 for helm github action upgrade kubectl from 0.20 to 0.25 Signed-off-by: Amir Alavi <amiralavi7@gmail.com>
kubernetes-sigs · Sep 4, 2022 · e8fae9a · e8fae9a
1 parent c9b0fbe
commit e8fae9a
Show file tree

Hide file tree

Showing 171 changed files with 23,514 additions and 692 deletions.
diff --git a/.github/ci/ct.yaml b/.github/ci/ct.yaml
@@ -2,5 +2,5 @@ chart-dirs:
   - charts
 helm-extra-args: "--timeout=5m"
 check-version-increment: false
-helm-extra-set-args: "--set=kind=Deployment --set=podSecurityPolicy.create=false"
+helm-extra-set-args: "--set=kind=Deployment"
 target-branch: master
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
@@ -31,6 +31,10 @@ jobs:
         with:
           python-version: 3.7
 
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.19.0'
+
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.2.1
         with:
@@ -43,21 +47,21 @@ jobs:
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
           fi
-      
+
       - name: Run chart-testing (lint)
         run: ct lint --config=.github/ci/ct.yaml --validate-maintainers=false
-      
+
       # Need a multi node cluster so descheduler runs until evictions
       - name: Create multi node Kind cluster
         run: make kind-multi-node
 
       # helm-extra-set-args only available after ct 3.6.0
       - name: Run chart-testing (install)
         run: ct install --config=.github/ci/ct.yaml
-      
+
       - name: E2E after chart install
         env:
-          KUBERNETES_VERSION: "v1.24.0"
+          KUBERNETES_VERSION: "v1.25.0"
           KIND_E2E: true
           SKIP_INSTALL: true
         run: make test-e2e
diff --git a/Dockerfile b/Dockerfile
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM golang:1.18.2
+FROM golang:1.19.0
 
 WORKDIR /go/src/sigs.k8s.io/descheduler
 COPY . .

diff --git a/Makefile b/Makefile
@@ -26,7 +26,7 @@ ARCHS = amd64 arm arm64
 
 LDFLAGS=-ldflags "-X ${LDFLAG_LOCATION}.version=${VERSION} -X ${LDFLAG_LOCATION}.buildDate=${BUILD} -X ${LDFLAG_LOCATION}.gitbranch=${BRANCH} -X ${LDFLAG_LOCATION}.gitsha1=${SHA1}"
 
-GOLANGCI_VERSION := v1.46.1
+GOLANGCI_VERSION := v1.49.0
 HAS_GOLANGCI := $(shell ls _output/bin/golangci-lint 2> /dev/null)
 
 # REGISTRY is the container registry to push

diff --git a/charts/descheduler/README.md b/charts/descheduler/README.md
@@ -64,7 +64,6 @@ The following table lists the configurable parameters of the _descheduler_ chart
 | `deschedulerPolicy.strategies`      | The _descheduler_ strategies to apply                                                                                 | _see values.yaml_                    |
 | `priorityClassName`                 | The name of the priority class to add to pods                                                                         | `system-cluster-critical`            |
 | `rbac.create`                       | If `true`, create & use RBAC resources                                                                                | `true`                               |
-| `podSecurityPolicy.create`          | If `true`, create PodSecurityPolicy                                                                                   | `true`                               |
 | `resources`                         | Descheduler container CPU and memory requests/limits                                                                  | _see values.yaml_                    |
 | `serviceAccount.create`             | If `true`, create a service account for the cron job                                                                  | `true`                               |
 | `serviceAccount.name`               | The name of the service account to use, if not set and create is true a name is generated using the fullname template | `nil`                                |

diff --git a/charts/descheduler/templates/clusterrole.yaml b/charts/descheduler/templates/clusterrole.yaml
@@ -33,11 +33,4 @@ rules:
   resourceNames: ["{{ .Values.leaderElection.resourceName | default "descheduler" }}"]
   verbs: ["get", "patch", "delete"]
 {{- end }}
-{{- if .Values.podSecurityPolicy.create }}
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "descheduler.fullname" . }}
-{{- end }}
 {{- end -}}
diff --git a/charts/descheduler/templates/podsecuritypolicy.yaml b/charts/descheduler/templates/podsecuritypolicy.yaml
diff --git a/charts/descheduler/values.yaml b/charts/descheduler/values.yaml
@@ -123,10 +123,6 @@ rbac:
   # Specifies whether RBAC resources should be created
   create: true
 
-podSecurityPolicy:
-  # Specifies whether PodSecurityPolicy should be created.
-  create: true
-
 serviceAccount:
   # Specifies whether a ServiceAccount should be created
   create: true

diff --git a/go.mod b/go.mod
@@ -1,25 +1,32 @@
 module sigs.k8s.io/descheduler
 
-go 1.18
+go 1.19
 
 require (
 	github.com/client9/misspell v0.3.4
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
-	k8s.io/api v0.25.0-rc.0
-	k8s.io/apimachinery v0.25.0-rc.0
-	k8s.io/apiserver v0.25.0-rc.0
-	k8s.io/client-go v0.25.0-rc.0
-	k8s.io/code-generator v0.25.0-rc.0
-	k8s.io/component-base v0.25.0-rc.0
-	k8s.io/component-helpers v0.25.0-rc.0
+	k8s.io/api v0.25.0
+	k8s.io/apimachinery v0.25.0
+	k8s.io/apiserver v0.25.0
+	k8s.io/client-go v0.25.0
+	k8s.io/code-generator v0.25.0
+	k8s.io/component-base v0.25.0
+	k8s.io/component-helpers v0.25.0
 	k8s.io/klog/v2 v2.70.1
-	k8s.io/kubectl v0.20.5
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
+	k8s.io/kubectl v0.25.0
+	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73
 	sigs.k8s.io/mdtoc v1.0.1
 )
 
 require (
+	cloud.google.com/go v0.97.0 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
@@ -40,6 +47,7 @@ require (
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20200824053859-8c8b3816f167 // indirect