From a316e1a413f3ad7b4345ac9bee7f5d23fcb97b7c Mon Sep 17 00:00:00 2001 From: Jiawei Huang Date: Fri, 30 May 2025 09:04:43 -0700 Subject: [PATCH 1/2] Use pointer helpers from k8s utils lib --- go.mod | 2 +- .../egressgateway_controller_test.go | 6 ++-- pkg/controller/ippool/defaults.go | 16 +++++----- pkg/controller/whisker/controller.go | 4 +-- pkg/ptr/conversion.go | 18 +---------- .../applicationlayer/applicationlayer_test.go | 10 +++--- .../common/components/components_test.go | 18 ++++++----- .../common/networkpolicy/k8snetworkpolicy.go | 6 ++-- .../securitycontext/security_context.go | 23 +++++++------- .../security_context_constraints.go | 7 ++--- pkg/render/csi.go | 6 ++-- pkg/render/dex_test.go | 8 ++--- pkg/render/egressgateway/egressgateway.go | 4 +-- pkg/render/goldmane/component.go | 16 +++++----- pkg/render/goldmane/component_test.go | 4 +-- pkg/render/guardian.go | 10 +++--- .../kubecontrollers/kube-controllers.go | 6 ++-- .../logstorage/dashboards/dashboards.go | 6 ++-- .../logstorage/dashboards/dashboards_test.go | 14 ++++----- .../esmetrics/elasticsearch_metrics.go | 6 ++-- .../esmetrics/elasticsearch_metrics_test.go | 6 ++-- pkg/render/logstorage/linseed/linseed_test.go | 31 ++++++++++--------- .../manager/manager_route_config_test.go | 30 +++++++++--------- pkg/render/monitor/monitor_test.go | 6 ++-- pkg/render/node.go | 6 ++-- pkg/render/node_test.go | 4 +-- pkg/render/packet_capture_api.go | 6 ++-- pkg/render/packet_capture_api_test.go | 16 +++++----- pkg/render/policyrecommendation.go | 4 +-- pkg/render/policyrecommendation_test.go | 6 ++-- pkg/render/whisker/component.go | 8 ++--- pkg/render/whisker/component_test.go | 12 +++---- 32 files changed, 156 insertions(+), 169 deletions(-) diff --git a/go.mod b/go.mod index 0b1836f33d..e31aa9957f 100644 --- a/go.mod +++ b/go.mod @@ -39,6 +39,7 @@ require ( k8s.io/apiserver v0.32.4 k8s.io/client-go v0.32.4 k8s.io/kube-aggregator v0.30.5 + k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/controller-runtime v0.20.2 sigs.k8s.io/gateway-api v1.2.1 sigs.k8s.io/kind v0.24.0 // Do not remove, not used by code but used by build @@ -122,7 +123,6 @@ require ( howett.net/plist v1.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect - k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect ) diff --git a/pkg/controller/egressgateway/egressgateway_controller_test.go b/pkg/controller/egressgateway/egressgateway_controller_test.go index fde3ec3107..8dcb31de93 100644 --- a/pkg/controller/egressgateway/egressgateway_controller_test.go +++ b/pkg/controller/egressgateway/egressgateway_controller_test.go @@ -34,6 +34,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -48,7 +49,6 @@ import ( "github.com/tigera/operator/pkg/controller/status" "github.com/tigera/operator/pkg/controller/utils" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/test" ) @@ -779,8 +779,8 @@ var _ = Describe("Egress Gateway controller tests", func() { egw := &operatorv1.EgressGateway{ ObjectMeta: metav1.ObjectMeta{Name: "calico-red", Namespace: "calico-egress"}, Spec: operatorv1.EgressGatewaySpec{ - Replicas: ptr.ToPtr(int32(2)), - LogSeverity: ptr.ToPtr(operatorv1.LogSeverityInfo), + Replicas: ptr.To(int32(2)), + LogSeverity: ptr.To(operatorv1.LogSeverityInfo), IPPools: []operatorv1.EgressGatewayIPPool{ {Name: "ippool-1"}, }, diff --git a/pkg/controller/ippool/defaults.go b/pkg/controller/ippool/defaults.go index 6e07ab5a4a..ef7da891f5 100644 --- a/pkg/controller/ippool/defaults.go +++ b/pkg/controller/ippool/defaults.go @@ -21,15 +21,17 @@ import ( "net/netip" "strings" - configv1 "github.com/openshift/api/config/v1" - operator "github.com/tigera/operator/api/v1" - crdv1 "github.com/tigera/operator/pkg/apis/crd.projectcalico.org/v1" - "github.com/tigera/operator/pkg/ptr" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" + + configv1 "github.com/openshift/api/config/v1" + + operator "github.com/tigera/operator/api/v1" + crdv1 "github.com/tigera/operator/pkg/apis/crd.projectcalico.org/v1" ) var ( @@ -184,7 +186,7 @@ func fillDefaults(ctx context.Context, client client.Client, instance *operator. pool.NodeSelector = operator.NodeSelectorDefault } if pool.BlockSize == nil { - pool.BlockSize = ptr.ToPtr[int32](26) + pool.BlockSize = ptr.To(int32(26)) } } else if err == nil && addr.To16() != nil { // This is an IPv6 pool. @@ -198,12 +200,12 @@ func fillDefaults(ctx context.Context, client client.Client, instance *operator. pool.NodeSelector = operator.NodeSelectorDefault } if pool.BlockSize == nil { - pool.BlockSize = ptr.ToPtr[int32](122) + pool.BlockSize = ptr.To(int32(122)) } } if pool.DisableNewAllocations == nil { - pool.DisableNewAllocations = ptr.ToPtr(false) + pool.DisableNewAllocations = ptr.To(false) } // Default the name if it's not set. diff --git a/pkg/controller/whisker/controller.go b/pkg/controller/whisker/controller.go index 7cdb97f47f..69fb7bfd7b 100644 --- a/pkg/controller/whisker/controller.go +++ b/pkg/controller/whisker/controller.go @@ -21,6 +21,7 @@ import ( v1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" @@ -38,7 +39,6 @@ import ( "github.com/tigera/operator/pkg/controller/utils/imageset" "github.com/tigera/operator/pkg/ctrlruntime" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcertificatemanagement "github.com/tigera/operator/pkg/render/certificatemanagement" "github.com/tigera/operator/pkg/render/goldmane" @@ -280,7 +280,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( func updateWhiskerWithDefaults(instance *operatorv1.Whisker) { if instance.Spec.Notifications == nil { - instance.Spec.Notifications = ptr.ToPtr(operatorv1.Enabled) + instance.Spec.Notifications = ptr.To(operatorv1.Enabled) } } diff --git a/pkg/ptr/conversion.go b/pkg/ptr/conversion.go index 9472a7e7a9..8bec4ded7c 100644 --- a/pkg/ptr/conversion.go +++ b/pkg/ptr/conversion.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,23 +18,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" ) -func BoolToPtr(b bool) *bool { - return &b -} - -func Int64ToPtr(i int64) *int64 { - return &i -} - -func Int32ToPtr(i int32) *int32 { - return &i -} - func IntOrStrPtr(v string) *intstr.IntOrString { ios := intstr.Parse(v) return &ios } - -func ToPtr[V any](v V) *V { - return &v -} diff --git a/pkg/render/applicationlayer/applicationlayer_test.go b/pkg/render/applicationlayer/applicationlayer_test.go index 5e56a3e455..c441be0cd6 100644 --- a/pkg/render/applicationlayer/applicationlayer_test.go +++ b/pkg/render/applicationlayer/applicationlayer_test.go @@ -22,10 +22,10 @@ import ( corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/utils/ptr" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/common" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render/applicationlayer" "github.com/tigera/operator/pkg/render/applicationlayer/ruleset" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -312,8 +312,8 @@ var _ = Describe("Tigera Secure Application Layer rendering tests", func() { Installation: installation, OsType: rmeta.OSTypeLinux, PerHostLogsEnabled: true, - LogIntervalSeconds: ptr.Int64ToPtr(5), - LogRequestsPerInterval: ptr.Int64ToPtr(-1), + LogIntervalSeconds: ptr.To(int64(5)), + LogRequestsPerInterval: ptr.To(int64(-1)), }) resources, _ := component.Objects() @@ -343,8 +343,8 @@ var _ = Describe("Tigera Secure Application Layer rendering tests", func() { Installation: installation, OsType: rmeta.OSTypeLinux, PerHostLogsEnabled: true, - LogIntervalSeconds: ptr.Int64ToPtr(5), - LogRequestsPerInterval: ptr.Int64ToPtr(-1), + LogIntervalSeconds: ptr.To(int64(5)), + LogRequestsPerInterval: ptr.To(int64(-1)), UseRemoteAddressXFF: true, NumTrustedHopsXFF: 1, }) diff --git a/pkg/render/common/components/components_test.go b/pkg/render/common/components/components_test.go index 2695c231e1..f5b5d1e127 100644 --- a/pkg/render/common/components/components_test.go +++ b/pkg/render/common/components/components_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2022-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,12 +21,14 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo/extensions/table" . "github.com/onsi/gomega" - v1 "github.com/tigera/operator/api/v1" - "github.com/tigera/operator/pkg/ptr" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/utils/ptr" + v1 "github.com/tigera/operator/api/v1" + operatorptr "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/test" ) @@ -1133,7 +1135,7 @@ var _ = Describe("Common components render tests", func() { Spec: &v1.TyphaDeploymentSpec{ Template: &v1.TyphaDeploymentPodTemplateSpec{ Spec: &v1.TyphaDeploymentPodSpec{ - TerminationGracePeriodSeconds: ptr.Int64ToPtr(3), + TerminationGracePeriodSeconds: ptr.To(int64(3)), }, }, }, @@ -1150,8 +1152,8 @@ var _ = Describe("Common components render tests", func() { Spec: &v1.TyphaDeploymentSpec{ Strategy: &v1.TyphaDeploymentStrategy{ RollingUpdate: &appsv1.RollingUpdateDeployment{ - MaxUnavailable: ptr.IntOrStrPtr("0"), - MaxSurge: ptr.IntOrStrPtr("100%"), + MaxUnavailable: operatorptr.IntOrStrPtr("0"), + MaxSurge: operatorptr.IntOrStrPtr("100%"), }, }, }, @@ -1161,8 +1163,8 @@ var _ = Describe("Common components render tests", func() { Expect(result.Spec.Strategy).To(Equal(appsv1.DeploymentStrategy{ Type: appsv1.RollingUpdateDeploymentStrategyType, RollingUpdate: &appsv1.RollingUpdateDeployment{ - MaxUnavailable: ptr.IntOrStrPtr("0"), - MaxSurge: ptr.IntOrStrPtr("100%"), + MaxUnavailable: operatorptr.IntOrStrPtr("0"), + MaxSurge: operatorptr.IntOrStrPtr("100%"), }, })) }), diff --git a/pkg/render/common/networkpolicy/k8snetworkpolicy.go b/pkg/render/common/networkpolicy/k8snetworkpolicy.go index f0f4792b21..ffac1c6ce7 100644 --- a/pkg/render/common/networkpolicy/k8snetworkpolicy.go +++ b/pkg/render/common/networkpolicy/k8snetworkpolicy.go @@ -19,8 +19,8 @@ import ( netv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render/common/selector" ) @@ -78,7 +78,7 @@ func K8sDNSEgressRules(openShift bool) []netv1.NetworkPolicyEgressRule { func NewK8sPolicyPort(protocol corev1.Protocol, port int32) netv1.NetworkPolicyPort { return netv1.NetworkPolicyPort{ - Protocol: ptr.ToPtr(protocol), - Port: ptr.ToPtr(intstr.FromInt32(port)), + Protocol: ptr.To(protocol), + Port: ptr.To(intstr.FromInt32(port)), } } diff --git a/pkg/render/common/securitycontext/security_context.go b/pkg/render/common/securitycontext/security_context.go index e6e65d0e08..7c14fc58cc 100644 --- a/pkg/render/common/securitycontext/security_context.go +++ b/pkg/render/common/securitycontext/security_context.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,8 +16,7 @@ package securitycontext import ( corev1 "k8s.io/api/core/v1" - - "github.com/tigera/operator/pkg/ptr" + "k8s.io/utils/ptr" ) var ( @@ -33,13 +32,13 @@ var ( // the containers should be using. func NewNonRootContext() *corev1.SecurityContext { return &corev1.SecurityContext{ - AllowPrivilegeEscalation: ptr.BoolToPtr(false), + AllowPrivilegeEscalation: ptr.To(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - Privileged: ptr.BoolToPtr(false), + Privileged: ptr.To(false), RunAsGroup: &runAsGroupID, - RunAsNonRoot: ptr.BoolToPtr(true), + RunAsNonRoot: ptr.To(true), RunAsUser: &runAsUserID, SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, @@ -50,14 +49,14 @@ func NewNonRootContext() *corev1.SecurityContext { // NewRootContext returns the root container security context for containers that access host files or network. func NewRootContext(privileged bool) *corev1.SecurityContext { return &corev1.SecurityContext{ - AllowPrivilegeEscalation: ptr.BoolToPtr(privileged), + AllowPrivilegeEscalation: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - Privileged: ptr.BoolToPtr(privileged), - RunAsGroup: ptr.Int64ToPtr(0), - RunAsNonRoot: ptr.BoolToPtr(false), - RunAsUser: ptr.Int64ToPtr(0), + Privileged: ptr.To(privileged), + RunAsGroup: ptr.To(int64(0)), + RunAsNonRoot: ptr.To(false), + RunAsUser: ptr.To(int64(0)), SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, @@ -80,7 +79,7 @@ func NewWindowsHostProcessContext() *corev1.SecurityContext { func NewNonRootPodContext() *corev1.PodSecurityContext { return &corev1.PodSecurityContext{ RunAsGroup: &runAsGroupID, - RunAsNonRoot: ptr.BoolToPtr(true), + RunAsNonRoot: ptr.To(true), RunAsUser: &runAsUserID, SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, diff --git a/pkg/render/common/securitycontextconstraints/security_context_constraints.go b/pkg/render/common/securitycontextconstraints/security_context_constraints.go index 6c631815fb..34308c62dd 100644 --- a/pkg/render/common/securitycontextconstraints/security_context_constraints.go +++ b/pkg/render/common/securitycontextconstraints/security_context_constraints.go @@ -1,4 +1,4 @@ -// Copyright (c) 2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2024-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -17,10 +17,9 @@ package securitycontextconstraints import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" ocsv1 "github.com/openshift/api/security/v1" - - "github.com/tigera/operator/pkg/ptr" ) // Default OpenShift security context constraints (SCCs) defined in @@ -43,7 +42,7 @@ func NewNonRootSecurityContextConstraints(name string, users []string) *ocsv1.Se AllowHostNetwork: false, AllowHostPID: false, AllowHostPorts: false, - AllowPrivilegeEscalation: ptr.BoolToPtr(false), + AllowPrivilegeEscalation: ptr.To(false), AllowPrivilegedContainer: false, FSGroup: ocsv1.FSGroupStrategyOptions{Type: ocsv1.FSGroupStrategyRunAsAny}, ReadOnlyRootFilesystem: false, diff --git a/pkg/render/csi.go b/pkg/render/csi.go index 1d01086437..98ce17459b 100644 --- a/pkg/render/csi.go +++ b/pkg/render/csi.go @@ -1,4 +1,4 @@ -// Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2022-2025 Tigera, Inc. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,12 +22,12 @@ import ( rbacv1 "k8s.io/api/rbac/v1" v1 "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/common" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" rcomp "github.com/tigera/operator/pkg/render/common/components" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/securitycontext" @@ -75,7 +75,7 @@ func (c *csiComponent) csiDriver() *v1.CSIDriver { v1.VolumeLifecycleEphemeral, } spec := v1.CSIDriverSpec{ - PodInfoOnMount: ptr.BoolToPtr(true), + PodInfoOnMount: ptr.To(true), VolumeLifecycleModes: volumeLifecycleModes, } diff --git a/pkg/render/dex_test.go b/pkg/render/dex_test.go index bdb136cae5..70de816443 100644 --- a/pkg/render/dex_test.go +++ b/pkg/render/dex_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2020-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -30,6 +30,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -40,7 +41,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/networkpolicy" @@ -104,7 +104,7 @@ var _ = Describe("dex rendering tests", func() { Items: []corev1.KeyToPath{ {Key: "serviceAccountSecret", Path: "google-groups.json"}, }, - DefaultMode: ptr.Int32ToPtr(420), + DefaultMode: ptr.To(int32(420)), }, }, }, @@ -113,7 +113,7 @@ var _ = Describe("dex rendering tests", func() { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "tigera-dex-tls", - DefaultMode: ptr.Int32ToPtr(420), + DefaultMode: ptr.To(int32(420)), }, }, }, diff --git a/pkg/render/egressgateway/egressgateway.go b/pkg/render/egressgateway/egressgateway.go index 64d92b3c87..496e14ba1b 100644 --- a/pkg/render/egressgateway/egressgateway.go +++ b/pkg/render/egressgateway/egressgateway.go @@ -28,13 +28,13 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/common" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcomp "github.com/tigera/operator/pkg/render/common/components" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -470,7 +470,7 @@ func (c *component) getSecurityContextConstraints() *ocsv1.SecurityContextConstr func SecurityContextConstraints() *ocsv1.SecurityContextConstraints { scc := securitycontextconstraints.NewNonRootSecurityContextConstraints(OpenShiftSCCName, []string{}) - scc.AllowPrivilegeEscalation = ptr.BoolToPtr(true) + scc.AllowPrivilegeEscalation = ptr.To(true) scc.AllowPrivilegedContainer = true scc.AllowedCapabilities = []corev1.Capability{corev1.Capability("NET_ADMIN"), corev1.Capability("NET_RAW")} scc.ReadOnlyRootFilesystem = false diff --git a/pkg/render/goldmane/component.go b/pkg/render/goldmane/component.go index 13ed75cf50..2c4c6e1d9c 100644 --- a/pkg/render/goldmane/component.go +++ b/pkg/render/goldmane/component.go @@ -19,23 +19,23 @@ import ( "fmt" "path/filepath" - "github.com/tigera/operator/pkg/common" - "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" - "github.com/tigera/operator/pkg/render" - "github.com/tigera/operator/pkg/render/common/securitycontext" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" netv1 "k8s.io/api/networking/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "github.com/tigera/operator/api/v1" + "github.com/tigera/operator/pkg/common" + "github.com/tigera/operator/pkg/components" + "github.com/tigera/operator/pkg/render" rcomp "github.com/tigera/operator/pkg/render/common/components" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/secret" + "github.com/tigera/operator/pkg/render/common/securitycontext" "github.com/tigera/operator/pkg/tls/certificatemanagement" ) @@ -250,7 +250,7 @@ func (c *Component) deployment() *appsv1.Deployment { Annotations: annotations, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.ToPtr(int32(1)), + Replicas: ptr.To(int32(1)), Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, @@ -330,8 +330,8 @@ func (c *Component) networkPolicy() *netv1.NetworkPolicy { Ingress: []netv1.NetworkPolicyIngressRule{ { Ports: []netv1.NetworkPolicyPort{{ - Protocol: ptr.ToPtr(corev1.ProtocolTCP), - Port: ptr.ToPtr(intstr.FromInt32(GoldmaneServicePort)), + Protocol: ptr.To(corev1.ProtocolTCP), + Port: ptr.To(intstr.FromInt32(GoldmaneServicePort)), }}, }, }, diff --git a/pkg/render/goldmane/component_test.go b/pkg/render/goldmane/component_test.go index bb5884105b..366976a8d3 100644 --- a/pkg/render/goldmane/component_test.go +++ b/pkg/render/goldmane/component_test.go @@ -25,9 +25,9 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" operatorv1 "github.com/tigera/operator/api/v1" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/securitycontext" @@ -109,7 +109,7 @@ var _ = Describe("ComponentRendering", func() { Annotations: map[string]string{"hash.operator.tigera.io/key-pair": "e9e6e60e8b6007cbf14a325c3fa1f1692412315a"}, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.ToPtr(int32(1)), + Replicas: ptr.To(int32(1)), Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, diff --git a/pkg/render/guardian.go b/pkg/render/guardian.go index f76a211254..771996c3a6 100644 --- a/pkg/render/guardian.go +++ b/pkg/render/guardian.go @@ -30,6 +30,7 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -39,7 +40,6 @@ import ( operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/common" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" rcomponents "github.com/tigera/operator/pkg/render/common/components" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/networkpolicy" @@ -477,14 +477,14 @@ func (c *GuardianComponent) networkPolicy() *netv1.NetworkPolicy { }, }, Ports: []netv1.NetworkPolicyPort{{ - Protocol: ptr.ToPtr(corev1.ProtocolTCP), - Port: ptr.ToPtr(intstr.FromInt32(GuardianTargetPort)), + Protocol: ptr.To(corev1.ProtocolTCP), + Port: ptr.To(intstr.FromInt32(GuardianTargetPort)), }}, }, { Ports: []netv1.NetworkPolicyPort{{ - Protocol: ptr.ToPtr(corev1.ProtocolUDP), - Port: ptr.ToPtr(intstr.FromInt32(53)), + Protocol: ptr.To(corev1.ProtocolUDP), + Port: ptr.To(intstr.FromInt32(53)), }}, }, }, diff --git a/pkg/render/kubecontrollers/kube-controllers.go b/pkg/render/kubecontrollers/kube-controllers.go index 23b86ee0ec..b67f599fd5 100644 --- a/pkg/render/kubecontrollers/kube-controllers.go +++ b/pkg/render/kubecontrollers/kube-controllers.go @@ -25,6 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apiserver/pkg/authentication/serviceaccount" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -33,7 +34,6 @@ import ( "github.com/tigera/operator/pkg/common" "github.com/tigera/operator/pkg/components" "github.com/tigera/operator/pkg/controller/k8sapi" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcomp "github.com/tigera/operator/pkg/render/common/components" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" @@ -588,8 +588,8 @@ func (c *kubeControllersComponent) controllersDeployment() *appsv1.Deployment { // UID 999 is used in kube-controller Dockerfile. sc := securitycontext.NewNonRootContext() - sc.RunAsUser = ptr.Int64ToPtr(999) - sc.RunAsGroup = ptr.Int64ToPtr(0) + sc.RunAsUser = ptr.To(int64(999)) + sc.RunAsGroup = ptr.To(int64(0)) container := corev1.Container{ Name: c.kubeControllerName, diff --git a/pkg/render/logstorage/dashboards/dashboards.go b/pkg/render/logstorage/dashboards/dashboards.go index fd087fc949..3f6325878e 100644 --- a/pkg/render/logstorage/dashboards/dashboards.go +++ b/pkg/render/logstorage/dashboards/dashboards.go @@ -1,4 +1,4 @@ -// Copyright (c) 2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2024-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,6 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -29,7 +30,6 @@ import ( operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcomponents "github.com/tigera/operator/pkg/render/common/components" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" @@ -300,7 +300,7 @@ func (d *dashboards) Job() *batchv1.Job { Template: *podTemplate, // PodFailurePolicy is not available for k8s < 1.26; setting BackoffLimit to a higher number (default is 6) // to lessen the frequency of installation failures when responses from Elastic Search takes more time. - BackoffLimit: ptr.Int32ToPtr(30), + BackoffLimit: ptr.To(int32(30)), PodFailurePolicy: &batchv1.PodFailurePolicy{ Rules: []batchv1.PodFailurePolicyRule{ // We don't want the job to fail, so we keep retrying by ignoring incrementing the backoff. diff --git a/pkg/render/logstorage/dashboards/dashboards_test.go b/pkg/render/logstorage/dashboards/dashboards_test.go index dcc182ed3b..72ba6955cc 100644 --- a/pkg/render/logstorage/dashboards/dashboards_test.go +++ b/pkg/render/logstorage/dashboards/dashboards_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2024-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/google/go-cmp/cmp" @@ -42,7 +43,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rtest "github.com/tigera/operator/pkg/render/common/test" "github.com/tigera/operator/pkg/render/logstorage" @@ -611,11 +611,11 @@ func expectedContainers() []corev1.Container { ImagePullPolicy: render.ImagePullPolicy(), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}, - AllowPrivilegeEscalation: ptr.BoolToPtr(false), - Privileged: ptr.BoolToPtr(false), - RunAsNonRoot: ptr.BoolToPtr(true), - RunAsGroup: ptr.Int64ToPtr(10001), - RunAsUser: ptr.Int64ToPtr(10001), + AllowPrivilegeEscalation: ptr.To(false), + Privileged: ptr.To(false), + RunAsNonRoot: ptr.To(true), + RunAsGroup: ptr.To(int64(10001)), + RunAsUser: ptr.To(int64(10001)), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, }, Env: []corev1.EnvVar{ diff --git a/pkg/render/logstorage/esmetrics/elasticsearch_metrics.go b/pkg/render/logstorage/esmetrics/elasticsearch_metrics.go index 1faab775f1..db4039fe7d 100644 --- a/pkg/render/logstorage/esmetrics/elasticsearch_metrics.go +++ b/pkg/render/logstorage/esmetrics/elasticsearch_metrics.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -22,13 +22,13 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcomponents "github.com/tigera/operator/pkg/render/common/components" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" @@ -215,7 +215,7 @@ func (e *elasticsearchMetrics) metricsDeployment() *appsv1.Deployment { Namespace: render.ElasticsearchNamespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.Int32ToPtr(1), + Replicas: ptr.To(int32(1)), Template: *relasticsearch.DecorateAnnotations(&corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Annotations: annotations, diff --git a/pkg/render/logstorage/esmetrics/elasticsearch_metrics_test.go b/pkg/render/logstorage/esmetrics/elasticsearch_metrics_test.go index f3f5275933..fb613848a6 100644 --- a/pkg/render/logstorage/esmetrics/elasticsearch_metrics_test.go +++ b/pkg/render/logstorage/esmetrics/elasticsearch_metrics_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -27,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -37,7 +38,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -149,7 +149,7 @@ var _ = Describe("Elasticsearch metrics", func() { Namespace: render.ElasticsearchNamespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.Int32ToPtr(1), + Replicas: ptr.To(int32(1)), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{"k8s-app": ElasticsearchMetricsName}, }, diff --git a/pkg/render/logstorage/linseed/linseed_test.go b/pkg/render/logstorage/linseed/linseed_test.go index d4719192df..313c933d46 100644 --- a/pkg/render/logstorage/linseed/linseed_test.go +++ b/pkg/render/logstorage/linseed/linseed_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2022-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -31,6 +31,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apiserver/pkg/authentication/serviceaccount" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -41,7 +42,7 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" + operatorptr "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" "github.com/tigera/operator/pkg/render/common/podaffinity" @@ -580,17 +581,17 @@ var _ = Describe("Linseed rendering tests", func() { }) It("should override replicas with the value from TenantSpec's controlPlaneReplicas when available", func() { - cfg.Tenant.Spec.ControlPlaneReplicas = ptr.Int32ToPtr(3) + cfg.Tenant.Spec.ControlPlaneReplicas = ptr.To(int32(3)) component := Linseed(cfg) resources, _ := component.Objects() d := rtest.GetResource(resources, DeploymentName, cfg.Namespace, appsv1.GroupName, "v1", "Deployment").(*appsv1.Deployment) - Expect(d.Spec.Replicas).To(Equal(ptr.Int32ToPtr(3))) + Expect(d.Spec.Replicas).To(Equal(ptr.To(int32(3)))) }) It("should render PodAffinity when TenantSpec ControlPlaneReplicas is greater than 1", func() { - installation.ControlPlaneReplicas = ptr.Int32ToPtr(1) - cfg.Tenant.Spec.ControlPlaneReplicas = ptr.Int32ToPtr(3) + installation.ControlPlaneReplicas = ptr.To(int32(1)) + cfg.Tenant.Spec.ControlPlaneReplicas = ptr.To(int32(3)) component := Linseed(cfg) resources, _ := component.Objects() @@ -832,8 +833,8 @@ func compareResources(resources []client.Object, expectedResources []resourceTes deployment := rtest.GetResource(resources, DeploymentName, render.ElasticsearchNamespace, "apps", "v1", "Deployment").(*appsv1.Deployment) ExpectWithOffset(1, deployment).NotTo(BeNil()) ExpectWithOffset(1, deployment.Spec.Strategy.Type).To(Equal(appsv1.RollingUpdateDeploymentStrategyType)) - ExpectWithOffset(1, deployment.Spec.Strategy.RollingUpdate.MaxSurge).To(Equal(ptr.IntOrStrPtr("100%"))) - ExpectWithOffset(1, deployment.Spec.Strategy.RollingUpdate.MaxUnavailable).To(Equal(ptr.IntOrStrPtr("0"))) + ExpectWithOffset(1, deployment.Spec.Strategy.RollingUpdate.MaxSurge).To(Equal(operatorptr.IntOrStrPtr("100%"))) + ExpectWithOffset(1, deployment.Spec.Strategy.RollingUpdate.MaxUnavailable).To(Equal(operatorptr.IntOrStrPtr("0"))) // Check containers expected := expectedContainers() @@ -942,7 +943,7 @@ func expectedVolumes(useCSR bool) []corev1.Volume { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: render.TigeraLinseedSecret, - DefaultMode: ptr.Int32ToPtr(420), + DefaultMode: ptr.To(int32(420)), }, }, }, @@ -951,7 +952,7 @@ func expectedVolumes(useCSR bool) []corev1.Volume { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "tigera-secure-linseed-token-tls", - DefaultMode: ptr.Int32ToPtr(420), + DefaultMode: ptr.To(int32(420)), }, }, }, @@ -978,11 +979,11 @@ func expectedContainers() []corev1.Container { ImagePullPolicy: render.ImagePullPolicy(), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}, - AllowPrivilegeEscalation: ptr.BoolToPtr(false), - Privileged: ptr.BoolToPtr(false), - RunAsNonRoot: ptr.BoolToPtr(true), - RunAsGroup: ptr.Int64ToPtr(10001), - RunAsUser: ptr.Int64ToPtr(10001), + AllowPrivilegeEscalation: ptr.To(false), + Privileged: ptr.To(false), + RunAsNonRoot: ptr.To(true), + RunAsGroup: ptr.To(int64(10001)), + RunAsUser: ptr.To(int64(10001)), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, }, ReadinessProbe: &corev1.Probe{ diff --git a/pkg/render/manager/manager_route_config_test.go b/pkg/render/manager/manager_route_config_test.go index 553af75492..99e2deabfb 100644 --- a/pkg/render/manager/manager_route_config_test.go +++ b/pkg/render/manager/manager_route_config_test.go @@ -25,9 +25,9 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" operatorv1 "github.com/tigera/operator/api/v1" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render/manager" ) @@ -62,8 +62,8 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { Spec: operatorv1.TLSTerminatedRouteSpec{ PathMatch: &operatorv1.PathMatch{ Path: "/foobar", - PathRegexp: ptr.ToPtr("^/foobar$"), - PathReplace: ptr.ToPtr("/"), + PathRegexp: ptr.To("^/foobar$"), + PathReplace: ptr.To("/"), }, }, } @@ -77,7 +77,7 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "voltron-routes"}, - DefaultMode: ptr.ToPtr(int32(420)), + DefaultMode: ptr.To(int32(420)), }, }, } @@ -102,7 +102,7 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "ca-bundle"}, - DefaultMode: ptr.ToPtr(int32(420)), + DefaultMode: ptr.To(int32(420)), }, }, } @@ -123,7 +123,7 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: mtlsCert.Name, - DefaultMode: ptr.ToPtr(int32(420)), + DefaultMode: ptr.To(int32(420)), }, }, } @@ -145,7 +145,7 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: mtlsKey.Name, - DefaultMode: ptr.ToPtr(int32(420)), + DefaultMode: ptr.To(int32(420)), }, }, } @@ -197,8 +197,8 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { Spec: operatorv1.TLSTerminatedRouteSpec{ PathMatch: &operatorv1.PathMatch{ Path: fmt.Sprintf("/foobar-%d", num-1-i), - PathRegexp: ptr.ToPtr("^/foobar$"), - PathReplace: ptr.ToPtr("/"), + PathRegexp: ptr.To("^/foobar$"), + PathReplace: ptr.To("/"), }, }, } @@ -376,8 +376,8 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { }, PathMatch: &operatorv1.PathMatch{ Path: "/bar/", - PathRegexp: ptr.ToPtr("^/bar/?"), - PathReplace: ptr.ToPtr("/"), + PathRegexp: ptr.To("^/bar/?"), + PathReplace: ptr.To("/"), }, Destination: "bar", }, @@ -395,8 +395,8 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { }, PathMatch: &operatorv1.PathMatch{ Path: "/foo/", - PathRegexp: ptr.ToPtr("^/foo/?"), - PathReplace: ptr.ToPtr("/"), + PathRegexp: ptr.To("^/foo/?"), + PathReplace: ptr.To("/"), }, Destination: "foo", }, @@ -414,8 +414,8 @@ var _ = Describe("VoltronRouteConfigBuilder", func() { }, PathMatch: &operatorv1.PathMatch{ Path: "/goo/", - PathRegexp: ptr.ToPtr("^/goo/?"), - PathReplace: ptr.ToPtr("/"), + PathRegexp: ptr.To("^/goo/?"), + PathReplace: ptr.To("/"), }, Destination: "goo", }, diff --git a/pkg/render/monitor/monitor_test.go b/pkg/render/monitor/monitor_test.go index 8d74cebfad..f357e9eb08 100644 --- a/pkg/render/monitor/monitor_test.go +++ b/pkg/render/monitor/monitor_test.go @@ -30,6 +30,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -41,7 +42,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" rtest "github.com/tigera/operator/pkg/render/common/test" @@ -92,7 +92,7 @@ var _ = Describe("monitor rendering tests", func() { bundle := certificateManager.CreateTrustedBundle() cfg = &monitor.Config{ Installation: &operatorv1.InstallationSpec{ - ControlPlaneReplicas: ptr.Int32ToPtr(3), + ControlPlaneReplicas: ptr.To(int32(3)), }, PullSecrets: []*corev1.Secret{ {ObjectMeta: metav1.ObjectMeta{Name: "tigera-pull-secret"}}, @@ -911,7 +911,7 @@ var _ = Describe("monitor rendering tests", func() { }) It("Should render typha service monitor if typha metrics are enabled", func() { - cfg.Installation.TyphaMetricsPort = ptr.Int32ToPtr(9093) + cfg.Installation.TyphaMetricsPort = ptr.To(int32(9093)) component := monitor.Monitor(cfg) Expect(component.ResolveImages(nil)).NotTo(HaveOccurred()) toCreate, toDelete := component.Objects() diff --git a/pkg/render/node.go b/pkg/render/node.go index f64972e34b..9ab8a897a8 100644 --- a/pkg/render/node.go +++ b/pkg/render/node.go @@ -28,6 +28,7 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "github.com/tigera/operator/api/v1" @@ -37,7 +38,6 @@ import ( "github.com/tigera/operator/pkg/controller/k8sapi" "github.com/tigera/operator/pkg/controller/migration" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" rcomp "github.com/tigera/operator/pkg/render/common/components" "github.com/tigera/operator/pkg/render/common/configmap" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -1259,14 +1259,14 @@ func (c *nodeComponent) nodeContainer() corev1.Container { if c.runAsNonPrivileged() { sc = securitycontext.NewNonRootContext() // Set the group to be the root user group since all container users should be a member - sc.RunAsGroup = ptr.Int64ToPtr(0) + sc.RunAsGroup = ptr.To(int64(0)) sc.Capabilities.Add = []corev1.Capability{ "NET_ADMIN", "NET_BIND_SERVICE", "NET_RAW", } // Set the privilege escalation to true so that routes, ipsets can be programmed. - sc.AllowPrivilegeEscalation = ptr.BoolToPtr(true) + sc.AllowPrivilegeEscalation = ptr.To(true) sc.Capabilities.Drop = []corev1.Capability{} } diff --git a/pkg/render/node_test.go b/pkg/render/node_test.go index cc7c40d662..8b17e62c04 100644 --- a/pkg/render/node_test.go +++ b/pkg/render/node_test.go @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "github.com/tigera/operator/api/v1" @@ -38,7 +39,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" "github.com/tigera/operator/pkg/controller/k8sapi" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" rtest "github.com/tigera/operator/pkg/render/common/test" @@ -3430,7 +3430,7 @@ var _ = Describe("Node rendering tests", func() { fipsEnabled := operatorv1.FIPSModeEnabled cfg.Installation.FIPSMode = &fipsEnabled cfg.Installation.Variant = operatorv1.Calico - cfg.Installation.NodeMetricsPort = ptr.Int32ToPtr(123) + cfg.Installation.NodeMetricsPort = ptr.To(int32(123)) certificateManager, err := certificatemanager.Create(cli, nil, clusterDomain, common.OperatorNamespace(), certificatemanager.AllowCACreation()) Expect(err).NotTo(HaveOccurred()) diff --git a/pkg/render/packet_capture_api.go b/pkg/render/packet_capture_api.go index c58e065061..e556fd2b90 100644 --- a/pkg/render/packet_capture_api.go +++ b/pkg/render/packet_capture_api.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -20,13 +20,13 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render/common/authentication" rcomponents "github.com/tigera/operator/pkg/render/common/components" "github.com/tigera/operator/pkg/render/common/configmap" @@ -241,7 +241,7 @@ func (pc *packetCaptureApiComponent) deployment() *appsv1.Deployment { Namespace: PacketCaptureNamespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.Int32ToPtr(1), + Replicas: ptr.To(int32(1)), Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, diff --git a/pkg/render/packet_capture_api_test.go b/pkg/render/packet_capture_api_test.go index eb18fa80e7..901f08ce66 100644 --- a/pkg/render/packet_capture_api_test.go +++ b/pkg/render/packet_capture_api_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2021-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" operatorv1 "github.com/tigera/operator/api/v1" @@ -38,7 +39,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" "github.com/tigera/operator/pkg/render/common/authentication" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -194,14 +194,14 @@ var _ = Describe("Rendering tests for PacketCapture API component", func() { Image: fmt.Sprintf("%s%s:%s", components.TigeraRegistry, components.ComponentPacketCapture.Image, components.ComponentPacketCapture.Version), ImagePullPolicy: render.ImagePullPolicy(), SecurityContext: &corev1.SecurityContext{ - AllowPrivilegeEscalation: ptr.BoolToPtr(false), + AllowPrivilegeEscalation: ptr.To(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - Privileged: ptr.BoolToPtr(false), - RunAsGroup: ptr.Int64ToPtr(10001), - RunAsNonRoot: ptr.BoolToPtr(true), - RunAsUser: ptr.Int64ToPtr(10001), + Privileged: ptr.To(false), + RunAsGroup: ptr.To(int64(10001)), + RunAsNonRoot: ptr.To(true), + RunAsUser: ptr.To(int64(10001)), SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, @@ -250,7 +250,7 @@ var _ = Describe("Rendering tests for PacketCapture API component", func() { VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: render.PacketCaptureServerCert, - DefaultMode: ptr.Int32ToPtr(420), + DefaultMode: ptr.To(int32(420)), }, }, }) diff --git a/pkg/render/policyrecommendation.go b/pkg/render/policyrecommendation.go index 0403ffe0e9..c1e60842cb 100644 --- a/pkg/render/policyrecommendation.go +++ b/pkg/render/policyrecommendation.go @@ -19,6 +19,7 @@ import ( "fmt" "k8s.io/apiserver/pkg/authentication/serviceaccount" + "k8s.io/utils/ptr" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -29,7 +30,6 @@ import ( v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" rcomponents "github.com/tigera/operator/pkg/render/common/components" relasticsearch "github.com/tigera/operator/pkg/render/common/elasticsearch" @@ -372,7 +372,7 @@ func (pr *policyRecommendationComponent) deployment() *appsv1.Deployment { Namespace: pr.cfg.Namespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.Int32ToPtr(1), + Replicas: ptr.To(int32(1)), Template: *podTemplateSpec, }, } diff --git a/pkg/render/policyrecommendation_test.go b/pkg/render/policyrecommendation_test.go index dc882ad3f0..fbffde4f97 100644 --- a/pkg/render/policyrecommendation_test.go +++ b/pkg/render/policyrecommendation_test.go @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apiserver/pkg/authentication/serviceaccount" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" @@ -39,7 +40,6 @@ import ( "github.com/tigera/operator/pkg/controller/certificatemanager" ctrlrfake "github.com/tigera/operator/pkg/ctrlruntime/client/fake" "github.com/tigera/operator/pkg/dns" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" rtest "github.com/tigera/operator/pkg/render/common/test" @@ -379,7 +379,7 @@ var _ = Describe("Policy recommendation rendering tests", func() { cfg.ManagementCluster = true cfg.Tenant = &operatorv1.Tenant{ Spec: operatorv1.TenantSpec{ - ManagedClusterVariant: ptr.ToPtr(operatorv1.Calico), + ManagedClusterVariant: ptr.To(operatorv1.Calico), }, } component := render.PolicyRecommendation(cfg) @@ -397,7 +397,7 @@ var _ = Describe("Policy recommendation rendering tests", func() { cfg.ManagementCluster = true cfg.Tenant = &operatorv1.Tenant{ Spec: operatorv1.TenantSpec{ - ManagedClusterVariant: ptr.ToPtr(operatorv1.TigeraSecureEnterprise), + ManagedClusterVariant: ptr.To(operatorv1.TigeraSecureEnterprise), }, } component := render.PolicyRecommendation(cfg) diff --git a/pkg/render/whisker/component.go b/pkg/render/whisker/component.go index c666f36e21..62289816af 100644 --- a/pkg/render/whisker/component.go +++ b/pkg/render/whisker/component.go @@ -20,6 +20,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" netv1 "k8s.io/api/networking/v1" + "k8s.io/utils/ptr" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -28,7 +29,6 @@ import ( operatorv1 "github.com/tigera/operator/api/v1" "github.com/tigera/operator/pkg/common" "github.com/tigera/operator/pkg/components" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rcomp "github.com/tigera/operator/pkg/render/common/components" rmeta "github.com/tigera/operator/pkg/render/common/meta" @@ -206,7 +206,7 @@ func (c *Component) deployment() *appsv1.Deployment { Namespace: WhiskerNamespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.ToPtr(int32(1)), + Replicas: ptr.To(int32(1)), Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, @@ -236,8 +236,8 @@ func (c *Component) networkPolicy() *netv1.NetworkPolicy { }, }, Ports: []netv1.NetworkPolicyPort{{ - Protocol: ptr.ToPtr(corev1.ProtocolTCP), - Port: ptr.ToPtr(intstr.FromInt32(GoldmaneServicePort)), + Protocol: ptr.To(corev1.ProtocolTCP), + Port: ptr.To(intstr.FromInt32(GoldmaneServicePort)), }}, }, } diff --git a/pkg/render/whisker/component_test.go b/pkg/render/whisker/component_test.go index 13d032b0ac..3b60109f42 100644 --- a/pkg/render/whisker/component_test.go +++ b/pkg/render/whisker/component_test.go @@ -25,9 +25,9 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" operatorv1 "github.com/tigera/operator/api/v1" - "github.com/tigera/operator/pkg/ptr" "github.com/tigera/operator/pkg/render" rmeta "github.com/tigera/operator/pkg/render/common/meta" "github.com/tigera/operator/pkg/render/common/securitycontext" @@ -56,7 +56,7 @@ var _ = Describe("ComponentRendering", func() { }, TrustedCertBundle: defaultTrustedCertBundle, WhiskerBackendKeyPair: defaultTLSKeyPair, - Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.ToPtr(operatorv1.Enabled)}}, + Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.To(operatorv1.Enabled)}}, }, 4, 0, ), @@ -68,7 +68,7 @@ var _ = Describe("ComponentRendering", func() { }, TrustedCertBundle: defaultTrustedCertBundle, WhiskerBackendKeyPair: defaultTLSKeyPair, - Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.ToPtr(operatorv1.Enabled)}}, + Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.To(operatorv1.Enabled)}}, }, 0, 4, ), @@ -90,7 +90,7 @@ var _ = Describe("ComponentRendering", func() { }, TrustedCertBundle: defaultTrustedCertBundle, WhiskerBackendKeyPair: defaultTLSKeyPair, - Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.ToPtr(operatorv1.Enabled)}}, + Whisker: &operatorv1.Whisker{Spec: operatorv1.WhiskerSpec{Notifications: ptr.To(operatorv1.Enabled)}}, ClusterID: "test-cluster-id", CalicoVersion: "test-calico-version", ClusterType: "test-cluster-type", @@ -103,7 +103,7 @@ var _ = Describe("ComponentRendering", func() { Namespace: whisker.WhiskerNamespace, }, Spec: appsv1.DeploymentSpec{ - Replicas: ptr.ToPtr(int32(1)), + Replicas: ptr.To(int32(1)), Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, @@ -273,7 +273,7 @@ func GetOverriddenWhiskerDeployment(overrides *operatorv1.WhiskerDeployment) (*a Whisker: &operatorv1.Whisker{ Spec: operatorv1.WhiskerSpec{ WhiskerDeployment: overrides, - Notifications: ptr.ToPtr(operatorv1.Enabled), + Notifications: ptr.To(operatorv1.Enabled), }, }, }) From d4a9621b400b3393951ade4161cfaa4ce2d5d9a3 Mon Sep 17 00:00:00 2001 From: Jiawei Huang Date: Fri, 30 May 2025 09:15:49 -0700 Subject: [PATCH 2/2] Run make gen-versions --- pkg/crds/enterprise/crd.projectcalico.org_managedclusters.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/crds/enterprise/crd.projectcalico.org_managedclusters.yaml b/pkg/crds/enterprise/crd.projectcalico.org_managedclusters.yaml index ba8bdb3045..7daeb66cce 100644 --- a/pkg/crds/enterprise/crd.projectcalico.org_managedclusters.yaml +++ b/pkg/crds/enterprise/crd.projectcalico.org_managedclusters.yaml @@ -52,6 +52,8 @@ spec: - type type: object type: array + version: + type: string type: object type: object served: true