diff --git a/go.mod b/go.mod index 88cf8fad31..8647192b35 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ replace ( sigs.k8s.io/controller-tools => github.com/cilium/controller-tools v0.8.0-2 ) -require github.com/cilium/cilium v1.17.0-pre.3.0.20241210085346-6db21de11e49 +require github.com/cilium/cilium v1.17.0-rc.0 require ( cel.dev/expr v0.18.0 // indirect @@ -31,9 +31,9 @@ require ( github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/cilium/charts v0.0.0-20241202171727-5ceb3f5006f9 // indirect - github.com/cilium/ebpf v0.16.1-0.20241205185900-f0eec7efba9d // indirect - github.com/cilium/hive v0.0.0-20241205140635-d02f07f3d452 // indirect + github.com/cilium/charts v0.0.0-20241213141006-a9d85774177e // indirect + github.com/cilium/ebpf v0.16.1-0.20241212130635-98ede8ac7aa8 // indirect + github.com/cilium/hive v0.0.0-20241213121623-605c1412b9b3 // indirect github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95 // indirect github.com/cilium/statedb v0.3.4 // indirect github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 // indirect @@ -51,7 +51,7 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v27.3.1+incompatible // indirect + github.com/docker/docker v27.4.0+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect @@ -190,32 +190,32 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/grpc v1.68.1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.69.0 // indirect google.golang.org/protobuf v1.35.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect helm.sh/helm/v3 v3.16.3 // indirect - k8s.io/api v0.32.0-rc.2 // indirect - k8s.io/apiextensions-apiserver v0.32.0-rc.2 // indirect - k8s.io/apimachinery v0.32.0-rc.2 // indirect - k8s.io/apiserver v0.32.0-rc.2 // indirect - k8s.io/cli-runtime v0.32.0-rc.2 // indirect - k8s.io/client-go v0.32.0-rc.2 // indirect - k8s.io/component-base v0.32.0-rc.2 // indirect + k8s.io/api v0.32.0 // indirect + k8s.io/apiextensions-apiserver v0.32.0 // indirect + k8s.io/apimachinery v0.32.0 // indirect + k8s.io/apiserver v0.32.0 // indirect + k8s.io/cli-runtime v0.32.0 // indirect + k8s.io/client-go v0.32.0 // indirect + k8s.io/component-base v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect k8s.io/kubectl v0.31.3 // indirect - k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect + k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/controller-runtime v0.19.3 // indirect sigs.k8s.io/gateway-api v1.2.0 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect sigs.k8s.io/kustomize/api v0.18.0 // indirect sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect - sigs.k8s.io/mcs-api v0.1.1-0.20241206165000-e2cb6dc0c753 // indirect + sigs.k8s.io/mcs-api v0.1.1-0.20241209122601-8690854b517f // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 38cfb78340..41dbb09929 100644 --- a/go.sum +++ b/go.sum @@ -54,14 +54,14 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= -github.com/cilium/charts v0.0.0-20241202171727-5ceb3f5006f9 h1:Gq6hla62DhEh3lLlE7VlnRsWqdUTq951EQHbyQf62S8= -github.com/cilium/charts v0.0.0-20241202171727-5ceb3f5006f9/go.mod h1:M3C9VOlFvRzuV+a01t07Tw4uFLSfkCH3L542IWjf6BU= -github.com/cilium/cilium v1.17.0-pre.3.0.20241210085346-6db21de11e49 h1:j74JexxH/pMi3WCZAcyoXGMSXVR5/kTvlHCctpxMY3M= -github.com/cilium/cilium v1.17.0-pre.3.0.20241210085346-6db21de11e49/go.mod h1:zpct1FtpC+CVZ5/6XwXmqUtzosFrnVmfp3oe2n+CRX4= -github.com/cilium/ebpf v0.16.1-0.20241205185900-f0eec7efba9d h1:f1E6PeQ/j1Xd2ZNlffKOfscx+daNInIUAJObbiU+7aQ= -github.com/cilium/ebpf v0.16.1-0.20241205185900-f0eec7efba9d/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= -github.com/cilium/hive v0.0.0-20241205140635-d02f07f3d452 h1:phyHNaED0wvK8Q5Mne8glGH6lWGx7jmyO/bsIzWHEtA= -github.com/cilium/hive v0.0.0-20241205140635-d02f07f3d452/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI= +github.com/cilium/charts v0.0.0-20241213141006-a9d85774177e h1:CqZNPEoabgBQg2likE3AURbK40WGoG03xywqnQOUcyg= +github.com/cilium/charts v0.0.0-20241213141006-a9d85774177e/go.mod h1:M3C9VOlFvRzuV+a01t07Tw4uFLSfkCH3L542IWjf6BU= +github.com/cilium/cilium v1.17.0-rc.0 h1:hZOr+6rqHJ06vdjTZ/q1tOln2QxPSUQPdHrqVdqvbrg= +github.com/cilium/cilium v1.17.0-rc.0/go.mod h1:Z9TPDoKIIUfq8/U6KqGBFLYHPVbEXxHGdV1n4+FAZhw= +github.com/cilium/ebpf v0.16.1-0.20241212130635-98ede8ac7aa8 h1:8JEXgZ0pcBvp430GkpfD8uMMMAJWQiJFYajKJGajKLM= +github.com/cilium/ebpf v0.16.1-0.20241212130635-98ede8ac7aa8/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= +github.com/cilium/hive v0.0.0-20241213121623-605c1412b9b3 h1:RfmUH1ouzj0LzORYJRhp43e1rlGpx6GNv4NIRUakU2w= +github.com/cilium/hive v0.0.0-20241213121623-605c1412b9b3/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI= github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95 h1:iMn0++U3CDqoDINY5JLOhlPcjj3kW/xCmse+d+EZkOM= github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95/go.mod h1:/UoCz3gByKwF5gCHFMUhwmIN5/Pgmb8LTIrfBlmjGCo= github.com/cilium/statedb v0.3.4 h1:nb5qNntmtaNljJD1r2s5zGOs62LP87AqLhFKIZH2rRE= @@ -107,8 +107,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= -github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.4.0+incompatible h1:I9z7sQ5qyzO0BfAb9IMOawRkAGxhYsidKiTMcm0DU+A= +github.com/docker/docker v27.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -518,8 +518,10 @@ go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= +go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= @@ -637,10 +639,10 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= +google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -666,28 +668,28 @@ gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= -k8s.io/api v0.32.0-rc.2 h1:mFjTedXmyzuhkl1Fi35t/CY6Dq/VYKCyZoqnxvf6j+g= -k8s.io/api v0.32.0-rc.2/go.mod h1:/O0NxfXqcDG0xKUKKttOnl/DWYJ6K7iqnzVXecg5OKw= -k8s.io/apiextensions-apiserver v0.32.0-rc.2 h1:O2XbrgIWxbUwsUJcQLTSmzTOzL2rj2OYHtaQuuwfigc= -k8s.io/apiextensions-apiserver v0.32.0-rc.2/go.mod h1:Nv/SzjQtVyRxAWzqabtoEwXyoS6u6AnqHcR0ECfYQ54= -k8s.io/apimachinery v0.32.0-rc.2 h1:rsh5rcqBWhYHXuV4GLXyQs26HKnhYq+Plp7iywewHR0= -k8s.io/apimachinery v0.32.0-rc.2/go.mod h1:pfmi1Ug6+bq/azoo9WveGhYBCQ0b+Wm4IgxWGFZ7wRc= -k8s.io/apiserver v0.32.0-rc.2 h1:LH1UDj4RBvzhngtrp/A5Z09dwuJjj1X8spHK8n3GDGs= -k8s.io/apiserver v0.32.0-rc.2/go.mod h1:4MMzPo3GuS5TNvVRMO0jrGZzwBSuUagJgJgNdiCzctY= -k8s.io/cli-runtime v0.32.0-rc.2 h1:uNxQEOKNZ02BYkJ1jmHOVNuqyVfrMr2TZ4BNVeEwdNw= -k8s.io/cli-runtime v0.32.0-rc.2/go.mod h1:8cgRd05Taggpzjw5F7qN4duSqRW+XknCkxraemyO1/s= -k8s.io/client-go v0.32.0-rc.2 h1:x1WFgHIL7hTF+SQw7OvGB/IG7srV74gU+vtcErXI3pk= -k8s.io/client-go v0.32.0-rc.2/go.mod h1:+ePHye0JCEujugXp1oGyBhELUV3w/XcaPdkieeKJ40k= -k8s.io/component-base v0.32.0-rc.2 h1:Cgf4rBPacMEUYJnFJuV25KFE1NSr5FYu/Beu8oh/0pA= -k8s.io/component-base v0.32.0-rc.2/go.mod h1:sWSaFBT1kESrSbmQHYDLQwBY/25IokFSOsog/62fuaA= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= +k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= +k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c= +k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= +k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= +k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= @@ -700,8 +702,8 @@ sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= -sigs.k8s.io/mcs-api v0.1.1-0.20241206165000-e2cb6dc0c753 h1:1WWZgHP/n7hBbx3Sp6JKdPk0kJKExYxUjeSuzDtyEAA= -sigs.k8s.io/mcs-api v0.1.1-0.20241206165000-e2cb6dc0c753/go.mod h1:x0rgWQwGd3FJzrb94BNn3Nu7YxUwBWcgjVRbkrkVy2A= +sigs.k8s.io/mcs-api v0.1.1-0.20241209122601-8690854b517f h1:i4EQQFfqISdU8vDozZUUEP8mD4OyXUU0pb3D/fbrrZk= +sigs.k8s.io/mcs-api v0.1.1-0.20241209122601-8690854b517f/go.mod h1:x0rgWQwGd3FJzrb94BNn3Nu7YxUwBWcgjVRbkrkVy2A= sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/vendor/github.com/cilium/charts/README.md b/vendor/github.com/cilium/charts/README.md index 203c242211..4f02f47d7f 100644 --- a/vendor/github.com/cilium/charts/README.md +++ b/vendor/github.com/cilium/charts/README.md @@ -2,492 +2,250 @@ This repository holds helm templates for the following Cilium releases: * [v1.17.0-pre.3](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.3) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.3/install/kubernetes/cilium)_) * [v1.17.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.2/install/kubernetes/cilium)_) -* [v1.17.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.2/install/kubernetes/cilium)_) -* [v1.17.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.1/install/kubernetes/cilium)_) * [v1.17.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.1/install/kubernetes/cilium)_) * [v1.17.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.0/install/kubernetes/cilium)_) -* [v1.17.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.0/install/kubernetes/cilium)_) -* [v1.16.4](https://github.com/cilium/cilium/releases/tag/v1.16.4) (_[source](https://github.com/cilium/cilium/tree/v1.16.4/install/kubernetes/cilium)_) * [v1.16.4](https://github.com/cilium/cilium/releases/tag/v1.16.4) (_[source](https://github.com/cilium/cilium/tree/v1.16.4/install/kubernetes/cilium)_) * [v1.16.3](https://github.com/cilium/cilium/releases/tag/v1.16.3) (_[source](https://github.com/cilium/cilium/tree/v1.16.3/install/kubernetes/cilium)_) -* [v1.16.3](https://github.com/cilium/cilium/releases/tag/v1.16.3) (_[source](https://github.com/cilium/cilium/tree/v1.16.3/install/kubernetes/cilium)_) -* [v1.16.2](https://github.com/cilium/cilium/releases/tag/v1.16.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.2/install/kubernetes/cilium)_) * [v1.16.2](https://github.com/cilium/cilium/releases/tag/v1.16.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.2/install/kubernetes/cilium)_) * [v1.16.1](https://github.com/cilium/cilium/releases/tag/v1.16.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.1/install/kubernetes/cilium)_) -* [v1.16.1](https://github.com/cilium/cilium/releases/tag/v1.16.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.1/install/kubernetes/cilium)_) -* [v1.16.0](https://github.com/cilium/cilium/releases/tag/v1.16.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0/install/kubernetes/cilium)_) * [v1.16.0](https://github.com/cilium/cilium/releases/tag/v1.16.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0/install/kubernetes/cilium)_) * [v1.16.0-rc.2](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.2/install/kubernetes/cilium)_) -* [v1.16.0-rc.2](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.2/install/kubernetes/cilium)_) -* [v1.16.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.1/install/kubernetes/cilium)_) * [v1.16.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.1/install/kubernetes/cilium)_) * [v1.16.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.0/install/kubernetes/cilium)_) -* [v1.16.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.16.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-rc.0/install/kubernetes/cilium)_) -* [v1.16.0-pre.3](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.3) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.3/install/kubernetes/cilium)_) * [v1.16.0-pre.3](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.3) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.3/install/kubernetes/cilium)_) * [v1.16.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.2/install/kubernetes/cilium)_) -* [v1.16.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.2/install/kubernetes/cilium)_) -* [v1.16.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.1/install/kubernetes/cilium)_) * [v1.16.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.1/install/kubernetes/cilium)_) * [v1.16.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.0/install/kubernetes/cilium)_) -* [v1.16.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.0/install/kubernetes/cilium)_) -* [v1.15.11](https://github.com/cilium/cilium/releases/tag/v1.15.11) (_[source](https://github.com/cilium/cilium/tree/v1.15.11/install/kubernetes/cilium)_) * [v1.15.11](https://github.com/cilium/cilium/releases/tag/v1.15.11) (_[source](https://github.com/cilium/cilium/tree/v1.15.11/install/kubernetes/cilium)_) * [v1.15.10](https://github.com/cilium/cilium/releases/tag/v1.15.10) (_[source](https://github.com/cilium/cilium/tree/v1.15.10/install/kubernetes/cilium)_) -* [v1.15.10](https://github.com/cilium/cilium/releases/tag/v1.15.10) (_[source](https://github.com/cilium/cilium/tree/v1.15.10/install/kubernetes/cilium)_) -* [v1.15.9](https://github.com/cilium/cilium/releases/tag/v1.15.9) (_[source](https://github.com/cilium/cilium/tree/v1.15.9/install/kubernetes/cilium)_) * [v1.15.9](https://github.com/cilium/cilium/releases/tag/v1.15.9) (_[source](https://github.com/cilium/cilium/tree/v1.15.9/install/kubernetes/cilium)_) * [v1.15.8](https://github.com/cilium/cilium/releases/tag/v1.15.8) (_[source](https://github.com/cilium/cilium/tree/v1.15.8/install/kubernetes/cilium)_) -* [v1.15.8](https://github.com/cilium/cilium/releases/tag/v1.15.8) (_[source](https://github.com/cilium/cilium/tree/v1.15.8/install/kubernetes/cilium)_) -* [v1.15.7](https://github.com/cilium/cilium/releases/tag/v1.15.7) (_[source](https://github.com/cilium/cilium/tree/v1.15.7/install/kubernetes/cilium)_) * [v1.15.7](https://github.com/cilium/cilium/releases/tag/v1.15.7) (_[source](https://github.com/cilium/cilium/tree/v1.15.7/install/kubernetes/cilium)_) * [v1.15.6](https://github.com/cilium/cilium/releases/tag/v1.15.6) (_[source](https://github.com/cilium/cilium/tree/v1.15.6/install/kubernetes/cilium)_) -* [v1.15.6](https://github.com/cilium/cilium/releases/tag/v1.15.6) (_[source](https://github.com/cilium/cilium/tree/v1.15.6/install/kubernetes/cilium)_) -* [v1.15.5](https://github.com/cilium/cilium/releases/tag/v1.15.5) (_[source](https://github.com/cilium/cilium/tree/v1.15.5/install/kubernetes/cilium)_) * [v1.15.5](https://github.com/cilium/cilium/releases/tag/v1.15.5) (_[source](https://github.com/cilium/cilium/tree/v1.15.5/install/kubernetes/cilium)_) * [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) (_[source](https://github.com/cilium/cilium/tree/v1.15.4/install/kubernetes/cilium)_) -* [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) (_[source](https://github.com/cilium/cilium/tree/v1.15.4/install/kubernetes/cilium)_) -* [v1.15.3](https://github.com/cilium/cilium/releases/tag/v1.15.3) (_[source](https://github.com/cilium/cilium/tree/v1.15.3/install/kubernetes/cilium)_) * [v1.15.3](https://github.com/cilium/cilium/releases/tag/v1.15.3) (_[source](https://github.com/cilium/cilium/tree/v1.15.3/install/kubernetes/cilium)_) * [v1.15.2](https://github.com/cilium/cilium/releases/tag/v1.15.2) (_[source](https://github.com/cilium/cilium/tree/v1.15.2/install/kubernetes/cilium)_) -* [v1.15.2](https://github.com/cilium/cilium/releases/tag/v1.15.2) (_[source](https://github.com/cilium/cilium/tree/v1.15.2/install/kubernetes/cilium)_) -* [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.1/install/kubernetes/cilium)_) * [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.1/install/kubernetes/cilium)_) * [v1.15.0](https://github.com/cilium/cilium/releases/tag/v1.15.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0/install/kubernetes/cilium)_) -* [v1.15.0](https://github.com/cilium/cilium/releases/tag/v1.15.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0/install/kubernetes/cilium)_) -* [v1.15.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.15.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-rc.1/install/kubernetes/cilium)_) * [v1.15.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.15.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-rc.1/install/kubernetes/cilium)_) * [v1.15.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.15.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-rc.0/install/kubernetes/cilium)_) -* [v1.15.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.15.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-rc.0/install/kubernetes/cilium)_) -* [v1.15.0-pre.3](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.3) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.3/install/kubernetes/cilium)_) * [v1.15.0-pre.3](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.3) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.3/install/kubernetes/cilium)_) * [v1.15.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.2/install/kubernetes/cilium)_) -* [v1.15.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.2/install/kubernetes/cilium)_) * [v1.15.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.1/install/kubernetes/cilium)_) -* [v1.15.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.1/install/kubernetes/cilium)_) -* [v1.15.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.0/install/kubernetes/cilium)_) * [v1.15.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.0/install/kubernetes/cilium)_) * [v1.14.17](https://github.com/cilium/cilium/releases/tag/v1.14.17) (_[source](https://github.com/cilium/cilium/tree/v1.14.17/install/kubernetes/cilium)_) -* [v1.14.17](https://github.com/cilium/cilium/releases/tag/v1.14.17) (_[source](https://github.com/cilium/cilium/tree/v1.14.17/install/kubernetes/cilium)_) -* [v1.14.16](https://github.com/cilium/cilium/releases/tag/v1.14.16) (_[source](https://github.com/cilium/cilium/tree/v1.14.16/install/kubernetes/cilium)_) * [v1.14.16](https://github.com/cilium/cilium/releases/tag/v1.14.16) (_[source](https://github.com/cilium/cilium/tree/v1.14.16/install/kubernetes/cilium)_) * [v1.14.15](https://github.com/cilium/cilium/releases/tag/v1.14.15) (_[source](https://github.com/cilium/cilium/tree/v1.14.15/install/kubernetes/cilium)_) -* [v1.14.15](https://github.com/cilium/cilium/releases/tag/v1.14.15) (_[source](https://github.com/cilium/cilium/tree/v1.14.15/install/kubernetes/cilium)_) -* [v1.14.14](https://github.com/cilium/cilium/releases/tag/v1.14.14) (_[source](https://github.com/cilium/cilium/tree/v1.14.14/install/kubernetes/cilium)_) * [v1.14.14](https://github.com/cilium/cilium/releases/tag/v1.14.14) (_[source](https://github.com/cilium/cilium/tree/v1.14.14/install/kubernetes/cilium)_) * [v1.14.13](https://github.com/cilium/cilium/releases/tag/v1.14.13) (_[source](https://github.com/cilium/cilium/tree/v1.14.13/install/kubernetes/cilium)_) -* [v1.14.13](https://github.com/cilium/cilium/releases/tag/v1.14.13) (_[source](https://github.com/cilium/cilium/tree/v1.14.13/install/kubernetes/cilium)_) -* [v1.14.12](https://github.com/cilium/cilium/releases/tag/v1.14.12) (_[source](https://github.com/cilium/cilium/tree/v1.14.12/install/kubernetes/cilium)_) * [v1.14.12](https://github.com/cilium/cilium/releases/tag/v1.14.12) (_[source](https://github.com/cilium/cilium/tree/v1.14.12/install/kubernetes/cilium)_) * [v1.14.11](https://github.com/cilium/cilium/releases/tag/v1.14.11) (_[source](https://github.com/cilium/cilium/tree/v1.14.11/install/kubernetes/cilium)_) -* [v1.14.11](https://github.com/cilium/cilium/releases/tag/v1.14.11) (_[source](https://github.com/cilium/cilium/tree/v1.14.11/install/kubernetes/cilium)_) -* [v1.14.10](https://github.com/cilium/cilium/releases/tag/v1.14.10) (_[source](https://github.com/cilium/cilium/tree/v1.14.10/install/kubernetes/cilium)_) * [v1.14.10](https://github.com/cilium/cilium/releases/tag/v1.14.10) (_[source](https://github.com/cilium/cilium/tree/v1.14.10/install/kubernetes/cilium)_) * [v1.14.9](https://github.com/cilium/cilium/releases/tag/v1.14.9) (_[source](https://github.com/cilium/cilium/tree/v1.14.9/install/kubernetes/cilium)_) -* [v1.14.9](https://github.com/cilium/cilium/releases/tag/v1.14.9) (_[source](https://github.com/cilium/cilium/tree/v1.14.9/install/kubernetes/cilium)_) -* [v1.14.8](https://github.com/cilium/cilium/releases/tag/v1.14.8) (_[source](https://github.com/cilium/cilium/tree/v1.14.8/install/kubernetes/cilium)_) * [v1.14.8](https://github.com/cilium/cilium/releases/tag/v1.14.8) (_[source](https://github.com/cilium/cilium/tree/v1.14.8/install/kubernetes/cilium)_) * [v1.14.7](https://github.com/cilium/cilium/releases/tag/v1.14.7) (_[source](https://github.com/cilium/cilium/tree/v1.14.7/install/kubernetes/cilium)_) -* [v1.14.7](https://github.com/cilium/cilium/releases/tag/v1.14.7) (_[source](https://github.com/cilium/cilium/tree/v1.14.7/install/kubernetes/cilium)_) -* [v1.14.6](https://github.com/cilium/cilium/releases/tag/v1.14.6) (_[source](https://github.com/cilium/cilium/tree/v1.14.6/install/kubernetes/cilium)_) * [v1.14.6](https://github.com/cilium/cilium/releases/tag/v1.14.6) (_[source](https://github.com/cilium/cilium/tree/v1.14.6/install/kubernetes/cilium)_) * [v1.14.5](https://github.com/cilium/cilium/releases/tag/v1.14.5) (_[source](https://github.com/cilium/cilium/tree/v1.14.5/install/kubernetes/cilium)_) -* [v1.14.5](https://github.com/cilium/cilium/releases/tag/v1.14.5) (_[source](https://github.com/cilium/cilium/tree/v1.14.5/install/kubernetes/cilium)_) * [v1.14.4](https://github.com/cilium/cilium/releases/tag/v1.14.4) (_[source](https://github.com/cilium/cilium/tree/v1.14.4/install/kubernetes/cilium)_) -* [v1.14.4](https://github.com/cilium/cilium/releases/tag/v1.14.4) (_[source](https://github.com/cilium/cilium/tree/v1.14.4/install/kubernetes/cilium)_) -* [v1.14.3](https://github.com/cilium/cilium/releases/tag/v1.14.3) (_[source](https://github.com/cilium/cilium/tree/v1.14.3/install/kubernetes/cilium)_) * [v1.14.3](https://github.com/cilium/cilium/releases/tag/v1.14.3) (_[source](https://github.com/cilium/cilium/tree/v1.14.3/install/kubernetes/cilium)_) * [v1.14.2](https://github.com/cilium/cilium/releases/tag/v1.14.2) (_[source](https://github.com/cilium/cilium/tree/v1.14.2/install/kubernetes/cilium)_) -* [v1.14.2](https://github.com/cilium/cilium/releases/tag/v1.14.2) (_[source](https://github.com/cilium/cilium/tree/v1.14.2/install/kubernetes/cilium)_) -* [v1.14.1](https://github.com/cilium/cilium/releases/tag/v1.14.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.1/install/kubernetes/cilium)_) * [v1.14.1](https://github.com/cilium/cilium/releases/tag/v1.14.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.1/install/kubernetes/cilium)_) * [v1.14.0](https://github.com/cilium/cilium/releases/tag/v1.14.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0/install/kubernetes/cilium)_) -* [v1.14.0](https://github.com/cilium/cilium/releases/tag/v1.14.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0/install/kubernetes/cilium)_) -* [v1.14.0-snapshot.4](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.4) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.4/install/kubernetes/cilium)_) * [v1.14.0-snapshot.4](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.4) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.4/install/kubernetes/cilium)_) * [v1.14.0-snapshot.3](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.3) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.3/install/kubernetes/cilium)_) -* [v1.14.0-snapshot.3](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.3) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.3/install/kubernetes/cilium)_) -* [v1.14.0-snapshot.2](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.2) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.2/install/kubernetes/cilium)_) * [v1.14.0-snapshot.2](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.2) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.2/install/kubernetes/cilium)_) * [v1.14.0-snapshot.1](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.1/install/kubernetes/cilium)_) -* [v1.14.0-snapshot.1](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.1/install/kubernetes/cilium)_) -* [v1.14.0-snapshot.0](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.0/install/kubernetes/cilium)_) * [v1.14.0-snapshot.0](https://github.com/cilium/cilium/releases/tag/v1.14.0-snapshot.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-snapshot.0/install/kubernetes/cilium)_) * [v1.14.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.14.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-rc.1/install/kubernetes/cilium)_) -* [v1.14.0-rc.1](https://github.com/cilium/cilium/releases/tag/v1.14.0-rc.1) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-rc.1/install/kubernetes/cilium)_) -* [v1.14.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.14.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-rc.0/install/kubernetes/cilium)_) * [v1.14.0-rc.0](https://github.com/cilium/cilium/releases/tag/v1.14.0-rc.0) (_[source](https://github.com/cilium/cilium/tree/v1.14.0-rc.0/install/kubernetes/cilium)_) * [v1.13.18](https://github.com/cilium/cilium/releases/tag/v1.13.18) (_[source](https://github.com/cilium/cilium/tree/v1.13.18/install/kubernetes/cilium)_) -* [v1.13.18](https://github.com/cilium/cilium/releases/tag/v1.13.18) (_[source](https://github.com/cilium/cilium/tree/v1.13.18/install/kubernetes/cilium)_) -* [v1.13.17](https://github.com/cilium/cilium/releases/tag/v1.13.17) (_[source](https://github.com/cilium/cilium/tree/v1.13.17/install/kubernetes/cilium)_) * [v1.13.17](https://github.com/cilium/cilium/releases/tag/v1.13.17) (_[source](https://github.com/cilium/cilium/tree/v1.13.17/install/kubernetes/cilium)_) * [v1.13.16](https://github.com/cilium/cilium/releases/tag/v1.13.16) (_[source](https://github.com/cilium/cilium/tree/v1.13.16/install/kubernetes/cilium)_) -* [v1.13.16](https://github.com/cilium/cilium/releases/tag/v1.13.16) (_[source](https://github.com/cilium/cilium/tree/v1.13.16/install/kubernetes/cilium)_) * [v1.13.15](https://github.com/cilium/cilium/releases/tag/v1.13.15) (_[source](https://github.com/cilium/cilium/tree/v1.13.15/install/kubernetes/cilium)_) -* [v1.13.15](https://github.com/cilium/cilium/releases/tag/v1.13.15) (_[source](https://github.com/cilium/cilium/tree/v1.13.15/install/kubernetes/cilium)_) -* [v1.13.14](https://github.com/cilium/cilium/releases/tag/v1.13.14) (_[source](https://github.com/cilium/cilium/tree/v1.13.14/install/kubernetes/cilium)_) * [v1.13.14](https://github.com/cilium/cilium/releases/tag/v1.13.14) (_[source](https://github.com/cilium/cilium/tree/v1.13.14/install/kubernetes/cilium)_) * [v1.13.13](https://github.com/cilium/cilium/releases/tag/v1.13.13) (_[source](https://github.com/cilium/cilium/tree/v1.13.13/install/kubernetes/cilium)_) -* [v1.13.13](https://github.com/cilium/cilium/releases/tag/v1.13.13) (_[source](https://github.com/cilium/cilium/tree/v1.13.13/install/kubernetes/cilium)_) -* [v1.13.12](https://github.com/cilium/cilium/releases/tag/v1.13.12) (_[source](https://github.com/cilium/cilium/tree/v1.13.12/install/kubernetes/cilium)_) * [v1.13.12](https://github.com/cilium/cilium/releases/tag/v1.13.12) (_[source](https://github.com/cilium/cilium/tree/v1.13.12/install/kubernetes/cilium)_) * [v1.13.11](https://github.com/cilium/cilium/releases/tag/v1.13.11) (_[source](https://github.com/cilium/cilium/tree/v1.13.11/install/kubernetes/cilium)_) -* [v1.13.11](https://github.com/cilium/cilium/releases/tag/v1.13.11) (_[source](https://github.com/cilium/cilium/tree/v1.13.11/install/kubernetes/cilium)_) -* [v1.13.10](https://github.com/cilium/cilium/releases/tag/v1.13.10) (_[source](https://github.com/cilium/cilium/tree/v1.13.10/install/kubernetes/cilium)_) * [v1.13.10](https://github.com/cilium/cilium/releases/tag/v1.13.10) (_[source](https://github.com/cilium/cilium/tree/v1.13.10/install/kubernetes/cilium)_) * [v1.13.9](https://github.com/cilium/cilium/releases/tag/v1.13.9) (_[source](https://github.com/cilium/cilium/tree/v1.13.9/install/kubernetes/cilium)_) -* [v1.13.9](https://github.com/cilium/cilium/releases/tag/v1.13.9) (_[source](https://github.com/cilium/cilium/tree/v1.13.9/install/kubernetes/cilium)_) -* [v1.13.8](https://github.com/cilium/cilium/releases/tag/v1.13.8) (_[source](https://github.com/cilium/cilium/tree/v1.13.8/install/kubernetes/cilium)_) * [v1.13.8](https://github.com/cilium/cilium/releases/tag/v1.13.8) (_[source](https://github.com/cilium/cilium/tree/v1.13.8/install/kubernetes/cilium)_) * [v1.13.7](https://github.com/cilium/cilium/releases/tag/v1.13.7) (_[source](https://github.com/cilium/cilium/tree/v1.13.7/install/kubernetes/cilium)_) -* [v1.13.7](https://github.com/cilium/cilium/releases/tag/v1.13.7) (_[source](https://github.com/cilium/cilium/tree/v1.13.7/install/kubernetes/cilium)_) -* [v1.13.6](https://github.com/cilium/cilium/releases/tag/v1.13.6) (_[source](https://github.com/cilium/cilium/tree/v1.13.6/install/kubernetes/cilium)_) * [v1.13.6](https://github.com/cilium/cilium/releases/tag/v1.13.6) (_[source](https://github.com/cilium/cilium/tree/v1.13.6/install/kubernetes/cilium)_) * [v1.13.5](https://github.com/cilium/cilium/releases/tag/v1.13.5) (_[source](https://github.com/cilium/cilium/tree/v1.13.5/install/kubernetes/cilium)_) -* [v1.13.5](https://github.com/cilium/cilium/releases/tag/v1.13.5) (_[source](https://github.com/cilium/cilium/tree/v1.13.5/install/kubernetes/cilium)_) -* [v1.13.4](https://github.com/cilium/cilium/releases/tag/v1.13.4) (_[source](https://github.com/cilium/cilium/tree/v1.13.4/install/kubernetes/cilium)_) * [v1.13.4](https://github.com/cilium/cilium/releases/tag/v1.13.4) (_[source](https://github.com/cilium/cilium/tree/v1.13.4/install/kubernetes/cilium)_) * [v1.13.3](https://github.com/cilium/cilium/releases/tag/v1.13.3) (_[source](https://github.com/cilium/cilium/tree/v1.13.3/install/kubernetes/cilium)_) -* [v1.13.3](https://github.com/cilium/cilium/releases/tag/v1.13.3) (_[source](https://github.com/cilium/cilium/tree/v1.13.3/install/kubernetes/cilium)_) -* [v1.13.2](https://github.com/cilium/cilium/releases/tag/v1.13.2) (_[source](https://github.com/cilium/cilium/tree/v1.13.2/install/kubernetes/cilium)_) * [v1.13.2](https://github.com/cilium/cilium/releases/tag/v1.13.2) (_[source](https://github.com/cilium/cilium/tree/v1.13.2/install/kubernetes/cilium)_) * [v1.13.1](https://github.com/cilium/cilium/releases/tag/v1.13.1) (_[source](https://github.com/cilium/cilium/tree/v1.13.1/install/kubernetes/cilium)_) -* [v1.13.1](https://github.com/cilium/cilium/releases/tag/v1.13.1) (_[source](https://github.com/cilium/cilium/tree/v1.13.1/install/kubernetes/cilium)_) -* [v1.13.0](https://github.com/cilium/cilium/releases/tag/v1.13.0) (_[source](https://github.com/cilium/cilium/tree/v1.13.0/install/kubernetes/cilium)_) * [v1.13.0](https://github.com/cilium/cilium/releases/tag/v1.13.0) (_[source](https://github.com/cilium/cilium/tree/v1.13.0/install/kubernetes/cilium)_) * [v1.13.0-rc5](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc5) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc5/install/kubernetes/cilium)_) -* [v1.13.0-rc5](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc5) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc5/install/kubernetes/cilium)_) -* [v1.13.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc4/install/kubernetes/cilium)_) * [v1.13.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc4/install/kubernetes/cilium)_) * [v1.13.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc3/install/kubernetes/cilium)_) -* [v1.13.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc3/install/kubernetes/cilium)_) -* [v1.13.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc2/install/kubernetes/cilium)_) * [v1.13.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc2/install/kubernetes/cilium)_) * [v1.13.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc1/install/kubernetes/cilium)_) -* [v1.13.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc1/install/kubernetes/cilium)_) -* [v1.13.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc0/install/kubernetes/cilium)_) * [v1.13.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.13.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.13.0-rc0/install/kubernetes/cilium)_) * [v1.12.19](https://github.com/cilium/cilium/releases/tag/v1.12.19) (_[source](https://github.com/cilium/cilium/tree/v1.12.19/install/kubernetes/cilium)_) -* [v1.12.19](https://github.com/cilium/cilium/releases/tag/v1.12.19) (_[source](https://github.com/cilium/cilium/tree/v1.12.19/install/kubernetes/cilium)_) -* [v1.12.18](https://github.com/cilium/cilium/releases/tag/v1.12.18) (_[source](https://github.com/cilium/cilium/tree/v1.12.18/install/kubernetes/cilium)_) * [v1.12.18](https://github.com/cilium/cilium/releases/tag/v1.12.18) (_[source](https://github.com/cilium/cilium/tree/v1.12.18/install/kubernetes/cilium)_) * [v1.12.17](https://github.com/cilium/cilium/releases/tag/v1.12.17) (_[source](https://github.com/cilium/cilium/tree/v1.12.17/install/kubernetes/cilium)_) -* [v1.12.17](https://github.com/cilium/cilium/releases/tag/v1.12.17) (_[source](https://github.com/cilium/cilium/tree/v1.12.17/install/kubernetes/cilium)_) -* [v1.12.16](https://github.com/cilium/cilium/releases/tag/v1.12.16) (_[source](https://github.com/cilium/cilium/tree/v1.12.16/install/kubernetes/cilium)_) * [v1.12.16](https://github.com/cilium/cilium/releases/tag/v1.12.16) (_[source](https://github.com/cilium/cilium/tree/v1.12.16/install/kubernetes/cilium)_) * [v1.12.15](https://github.com/cilium/cilium/releases/tag/v1.12.15) (_[source](https://github.com/cilium/cilium/tree/v1.12.15/install/kubernetes/cilium)_) -* [v1.12.15](https://github.com/cilium/cilium/releases/tag/v1.12.15) (_[source](https://github.com/cilium/cilium/tree/v1.12.15/install/kubernetes/cilium)_) -* [v1.12.14](https://github.com/cilium/cilium/releases/tag/v1.12.14) (_[source](https://github.com/cilium/cilium/tree/v1.12.14/install/kubernetes/cilium)_) * [v1.12.14](https://github.com/cilium/cilium/releases/tag/v1.12.14) (_[source](https://github.com/cilium/cilium/tree/v1.12.14/install/kubernetes/cilium)_) * [v1.12.13](https://github.com/cilium/cilium/releases/tag/v1.12.13) (_[source](https://github.com/cilium/cilium/tree/v1.12.13/install/kubernetes/cilium)_) -* [v1.12.13](https://github.com/cilium/cilium/releases/tag/v1.12.13) (_[source](https://github.com/cilium/cilium/tree/v1.12.13/install/kubernetes/cilium)_) -* [v1.12.12](https://github.com/cilium/cilium/releases/tag/v1.12.12) (_[source](https://github.com/cilium/cilium/tree/v1.12.12/install/kubernetes/cilium)_) * [v1.12.12](https://github.com/cilium/cilium/releases/tag/v1.12.12) (_[source](https://github.com/cilium/cilium/tree/v1.12.12/install/kubernetes/cilium)_) * [v1.12.11](https://github.com/cilium/cilium/releases/tag/v1.12.11) (_[source](https://github.com/cilium/cilium/tree/v1.12.11/install/kubernetes/cilium)_) -* [v1.12.11](https://github.com/cilium/cilium/releases/tag/v1.12.11) (_[source](https://github.com/cilium/cilium/tree/v1.12.11/install/kubernetes/cilium)_) * [v1.12.10](https://github.com/cilium/cilium/releases/tag/v1.12.10) (_[source](https://github.com/cilium/cilium/tree/v1.12.10/install/kubernetes/cilium)_) -* [v1.12.10](https://github.com/cilium/cilium/releases/tag/v1.12.10) (_[source](https://github.com/cilium/cilium/tree/v1.12.10/install/kubernetes/cilium)_) -* [v1.12.9](https://github.com/cilium/cilium/releases/tag/v1.12.9) (_[source](https://github.com/cilium/cilium/tree/v1.12.9/install/kubernetes/cilium)_) * [v1.12.9](https://github.com/cilium/cilium/releases/tag/v1.12.9) (_[source](https://github.com/cilium/cilium/tree/v1.12.9/install/kubernetes/cilium)_) * [v1.12.8](https://github.com/cilium/cilium/releases/tag/v1.12.8) (_[source](https://github.com/cilium/cilium/tree/v1.12.8/install/kubernetes/cilium)_) -* [v1.12.8](https://github.com/cilium/cilium/releases/tag/v1.12.8) (_[source](https://github.com/cilium/cilium/tree/v1.12.8/install/kubernetes/cilium)_) -* [v1.12.7](https://github.com/cilium/cilium/releases/tag/v1.12.7) (_[source](https://github.com/cilium/cilium/tree/v1.12.7/install/kubernetes/cilium)_) * [v1.12.7](https://github.com/cilium/cilium/releases/tag/v1.12.7) (_[source](https://github.com/cilium/cilium/tree/v1.12.7/install/kubernetes/cilium)_) * [v1.12.6](https://github.com/cilium/cilium/releases/tag/v1.12.6) (_[source](https://github.com/cilium/cilium/tree/v1.12.6/install/kubernetes/cilium)_) -* [v1.12.6](https://github.com/cilium/cilium/releases/tag/v1.12.6) (_[source](https://github.com/cilium/cilium/tree/v1.12.6/install/kubernetes/cilium)_) -* [v1.12.5](https://github.com/cilium/cilium/releases/tag/v1.12.5) (_[source](https://github.com/cilium/cilium/tree/v1.12.5/install/kubernetes/cilium)_) * [v1.12.5](https://github.com/cilium/cilium/releases/tag/v1.12.5) (_[source](https://github.com/cilium/cilium/tree/v1.12.5/install/kubernetes/cilium)_) * [v1.12.4](https://github.com/cilium/cilium/releases/tag/v1.12.4) (_[source](https://github.com/cilium/cilium/tree/v1.12.4/install/kubernetes/cilium)_) -* [v1.12.4](https://github.com/cilium/cilium/releases/tag/v1.12.4) (_[source](https://github.com/cilium/cilium/tree/v1.12.4/install/kubernetes/cilium)_) -* [v1.12.3](https://github.com/cilium/cilium/releases/tag/v1.12.3) (_[source](https://github.com/cilium/cilium/tree/v1.12.3/install/kubernetes/cilium)_) * [v1.12.3](https://github.com/cilium/cilium/releases/tag/v1.12.3) (_[source](https://github.com/cilium/cilium/tree/v1.12.3/install/kubernetes/cilium)_) * [v1.12.2](https://github.com/cilium/cilium/releases/tag/v1.12.2) (_[source](https://github.com/cilium/cilium/tree/v1.12.2/install/kubernetes/cilium)_) -* [v1.12.2](https://github.com/cilium/cilium/releases/tag/v1.12.2) (_[source](https://github.com/cilium/cilium/tree/v1.12.2/install/kubernetes/cilium)_) -* [v1.12.1](https://github.com/cilium/cilium/releases/tag/v1.12.1) (_[source](https://github.com/cilium/cilium/tree/v1.12.1/install/kubernetes/cilium)_) * [v1.12.1](https://github.com/cilium/cilium/releases/tag/v1.12.1) (_[source](https://github.com/cilium/cilium/tree/v1.12.1/install/kubernetes/cilium)_) * [v1.12.0](https://github.com/cilium/cilium/releases/tag/v1.12.0) (_[source](https://github.com/cilium/cilium/tree/v1.12.0/install/kubernetes/cilium)_) -* [v1.12.0](https://github.com/cilium/cilium/releases/tag/v1.12.0) (_[source](https://github.com/cilium/cilium/tree/v1.12.0/install/kubernetes/cilium)_) -* [v1.12.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc3/install/kubernetes/cilium)_) * [v1.12.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc3/install/kubernetes/cilium)_) * [v1.12.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc2/install/kubernetes/cilium)_) -* [v1.12.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc2/install/kubernetes/cilium)_) -* [v1.12.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc1/install/kubernetes/cilium)_) * [v1.12.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc1/install/kubernetes/cilium)_) * [v1.12.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc0/install/kubernetes/cilium)_) -* [v1.12.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.12.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.12.0-rc0/install/kubernetes/cilium)_) * [v1.11.20](https://github.com/cilium/cilium/releases/tag/v1.11.20) (_[source](https://github.com/cilium/cilium/tree/v1.11.20/install/kubernetes/cilium)_) -* [v1.11.20](https://github.com/cilium/cilium/releases/tag/v1.11.20) (_[source](https://github.com/cilium/cilium/tree/v1.11.20/install/kubernetes/cilium)_) -* [v1.11.19](https://github.com/cilium/cilium/releases/tag/v1.11.19) (_[source](https://github.com/cilium/cilium/tree/v1.11.19/install/kubernetes/cilium)_) * [v1.11.19](https://github.com/cilium/cilium/releases/tag/v1.11.19) (_[source](https://github.com/cilium/cilium/tree/v1.11.19/install/kubernetes/cilium)_) * [v1.11.18](https://github.com/cilium/cilium/releases/tag/v1.11.18) (_[source](https://github.com/cilium/cilium/tree/v1.11.18/install/kubernetes/cilium)_) -* [v1.11.18](https://github.com/cilium/cilium/releases/tag/v1.11.18) (_[source](https://github.com/cilium/cilium/tree/v1.11.18/install/kubernetes/cilium)_) -* [v1.11.17](https://github.com/cilium/cilium/releases/tag/v1.11.17) (_[source](https://github.com/cilium/cilium/tree/v1.11.17/install/kubernetes/cilium)_) * [v1.11.17](https://github.com/cilium/cilium/releases/tag/v1.11.17) (_[source](https://github.com/cilium/cilium/tree/v1.11.17/install/kubernetes/cilium)_) * [v1.11.16](https://github.com/cilium/cilium/releases/tag/v1.11.16) (_[source](https://github.com/cilium/cilium/tree/v1.11.16/install/kubernetes/cilium)_) -* [v1.11.16](https://github.com/cilium/cilium/releases/tag/v1.11.16) (_[source](https://github.com/cilium/cilium/tree/v1.11.16/install/kubernetes/cilium)_) -* [v1.11.15](https://github.com/cilium/cilium/releases/tag/v1.11.15) (_[source](https://github.com/cilium/cilium/tree/v1.11.15/install/kubernetes/cilium)_) * [v1.11.15](https://github.com/cilium/cilium/releases/tag/v1.11.15) (_[source](https://github.com/cilium/cilium/tree/v1.11.15/install/kubernetes/cilium)_) * [v1.11.14](https://github.com/cilium/cilium/releases/tag/v1.11.14) (_[source](https://github.com/cilium/cilium/tree/v1.11.14/install/kubernetes/cilium)_) -* [v1.11.14](https://github.com/cilium/cilium/releases/tag/v1.11.14) (_[source](https://github.com/cilium/cilium/tree/v1.11.14/install/kubernetes/cilium)_) -* [v1.11.13](https://github.com/cilium/cilium/releases/tag/v1.11.13) (_[source](https://github.com/cilium/cilium/tree/v1.11.13/install/kubernetes/cilium)_) * [v1.11.13](https://github.com/cilium/cilium/releases/tag/v1.11.13) (_[source](https://github.com/cilium/cilium/tree/v1.11.13/install/kubernetes/cilium)_) * [v1.11.12](https://github.com/cilium/cilium/releases/tag/v1.11.12) (_[source](https://github.com/cilium/cilium/tree/v1.11.12/install/kubernetes/cilium)_) -* [v1.11.12](https://github.com/cilium/cilium/releases/tag/v1.11.12) (_[source](https://github.com/cilium/cilium/tree/v1.11.12/install/kubernetes/cilium)_) -* [v1.11.11](https://github.com/cilium/cilium/releases/tag/v1.11.11) (_[source](https://github.com/cilium/cilium/tree/v1.11.11/install/kubernetes/cilium)_) * [v1.11.11](https://github.com/cilium/cilium/releases/tag/v1.11.11) (_[source](https://github.com/cilium/cilium/tree/v1.11.11/install/kubernetes/cilium)_) * [v1.11.10](https://github.com/cilium/cilium/releases/tag/v1.11.10) (_[source](https://github.com/cilium/cilium/tree/v1.11.10/install/kubernetes/cilium)_) -* [v1.11.10](https://github.com/cilium/cilium/releases/tag/v1.11.10) (_[source](https://github.com/cilium/cilium/tree/v1.11.10/install/kubernetes/cilium)_) -* [v1.11.9](https://github.com/cilium/cilium/releases/tag/v1.11.9) (_[source](https://github.com/cilium/cilium/tree/v1.11.9/install/kubernetes/cilium)_) * [v1.11.9](https://github.com/cilium/cilium/releases/tag/v1.11.9) (_[source](https://github.com/cilium/cilium/tree/v1.11.9/install/kubernetes/cilium)_) * [v1.11.8](https://github.com/cilium/cilium/releases/tag/v1.11.8) (_[source](https://github.com/cilium/cilium/tree/v1.11.8/install/kubernetes/cilium)_) -* [v1.11.8](https://github.com/cilium/cilium/releases/tag/v1.11.8) (_[source](https://github.com/cilium/cilium/tree/v1.11.8/install/kubernetes/cilium)_) -* [v1.11.7](https://github.com/cilium/cilium/releases/tag/v1.11.7) (_[source](https://github.com/cilium/cilium/tree/v1.11.7/install/kubernetes/cilium)_) * [v1.11.7](https://github.com/cilium/cilium/releases/tag/v1.11.7) (_[source](https://github.com/cilium/cilium/tree/v1.11.7/install/kubernetes/cilium)_) * [v1.11.6](https://github.com/cilium/cilium/releases/tag/v1.11.6) (_[source](https://github.com/cilium/cilium/tree/v1.11.6/install/kubernetes/cilium)_) -* [v1.11.6](https://github.com/cilium/cilium/releases/tag/v1.11.6) (_[source](https://github.com/cilium/cilium/tree/v1.11.6/install/kubernetes/cilium)_) * [v1.11.5](https://github.com/cilium/cilium/releases/tag/v1.11.5) (_[source](https://github.com/cilium/cilium/tree/v1.11.5/install/kubernetes/cilium)_) -* [v1.11.5](https://github.com/cilium/cilium/releases/tag/v1.11.5) (_[source](https://github.com/cilium/cilium/tree/v1.11.5/install/kubernetes/cilium)_) -* [v1.11.4](https://github.com/cilium/cilium/releases/tag/v1.11.4) (_[source](https://github.com/cilium/cilium/tree/v1.11.4/install/kubernetes/cilium)_) * [v1.11.4](https://github.com/cilium/cilium/releases/tag/v1.11.4) (_[source](https://github.com/cilium/cilium/tree/v1.11.4/install/kubernetes/cilium)_) * [v1.11.3](https://github.com/cilium/cilium/releases/tag/v1.11.3) (_[source](https://github.com/cilium/cilium/tree/v1.11.3/install/kubernetes/cilium)_) -* [v1.11.3](https://github.com/cilium/cilium/releases/tag/v1.11.3) (_[source](https://github.com/cilium/cilium/tree/v1.11.3/install/kubernetes/cilium)_) -* [v1.11.2](https://github.com/cilium/cilium/releases/tag/v1.11.2) (_[source](https://github.com/cilium/cilium/tree/v1.11.2/install/kubernetes/cilium)_) * [v1.11.2](https://github.com/cilium/cilium/releases/tag/v1.11.2) (_[source](https://github.com/cilium/cilium/tree/v1.11.2/install/kubernetes/cilium)_) * [v1.11.1](https://github.com/cilium/cilium/releases/tag/v1.11.1) (_[source](https://github.com/cilium/cilium/tree/v1.11.1/install/kubernetes/cilium)_) -* [v1.11.1](https://github.com/cilium/cilium/releases/tag/v1.11.1) (_[source](https://github.com/cilium/cilium/tree/v1.11.1/install/kubernetes/cilium)_) -* [v1.11.0](https://github.com/cilium/cilium/releases/tag/v1.11.0) (_[source](https://github.com/cilium/cilium/tree/v1.11.0/install/kubernetes/cilium)_) * [v1.11.0](https://github.com/cilium/cilium/releases/tag/v1.11.0) (_[source](https://github.com/cilium/cilium/tree/v1.11.0/install/kubernetes/cilium)_) * [v1.11.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc3/install/kubernetes/cilium)_) -* [v1.11.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc3/install/kubernetes/cilium)_) -* [v1.11.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc2/install/kubernetes/cilium)_) * [v1.11.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc2/install/kubernetes/cilium)_) * [v1.11.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc1/install/kubernetes/cilium)_) -* [v1.11.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc1/install/kubernetes/cilium)_) -* [v1.11.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc0/install/kubernetes/cilium)_) * [v1.11.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.11.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.11.0-rc0/install/kubernetes/cilium)_) * [v1.10.20](https://github.com/cilium/cilium/releases/tag/v1.10.20) (_[source](https://github.com/cilium/cilium/tree/v1.10.20/install/kubernetes/cilium)_) -* [v1.10.20](https://github.com/cilium/cilium/releases/tag/v1.10.20) (_[source](https://github.com/cilium/cilium/tree/v1.10.20/install/kubernetes/cilium)_) -* [v1.10.19](https://github.com/cilium/cilium/releases/tag/v1.10.19) (_[source](https://github.com/cilium/cilium/tree/v1.10.19/install/kubernetes/cilium)_) * [v1.10.19](https://github.com/cilium/cilium/releases/tag/v1.10.19) (_[source](https://github.com/cilium/cilium/tree/v1.10.19/install/kubernetes/cilium)_) * [v1.10.18](https://github.com/cilium/cilium/releases/tag/v1.10.18) (_[source](https://github.com/cilium/cilium/tree/v1.10.18/install/kubernetes/cilium)_) -* [v1.10.18](https://github.com/cilium/cilium/releases/tag/v1.10.18) (_[source](https://github.com/cilium/cilium/tree/v1.10.18/install/kubernetes/cilium)_) -* [v1.10.17](https://github.com/cilium/cilium/releases/tag/v1.10.17) (_[source](https://github.com/cilium/cilium/tree/v1.10.17/install/kubernetes/cilium)_) * [v1.10.17](https://github.com/cilium/cilium/releases/tag/v1.10.17) (_[source](https://github.com/cilium/cilium/tree/v1.10.17/install/kubernetes/cilium)_) * [v1.10.16](https://github.com/cilium/cilium/releases/tag/v1.10.16) (_[source](https://github.com/cilium/cilium/tree/v1.10.16/install/kubernetes/cilium)_) -* [v1.10.16](https://github.com/cilium/cilium/releases/tag/v1.10.16) (_[source](https://github.com/cilium/cilium/tree/v1.10.16/install/kubernetes/cilium)_) -* [v1.10.15](https://github.com/cilium/cilium/releases/tag/v1.10.15) (_[source](https://github.com/cilium/cilium/tree/v1.10.15/install/kubernetes/cilium)_) * [v1.10.15](https://github.com/cilium/cilium/releases/tag/v1.10.15) (_[source](https://github.com/cilium/cilium/tree/v1.10.15/install/kubernetes/cilium)_) * [v1.10.14](https://github.com/cilium/cilium/releases/tag/v1.10.14) (_[source](https://github.com/cilium/cilium/tree/v1.10.14/install/kubernetes/cilium)_) -* [v1.10.14](https://github.com/cilium/cilium/releases/tag/v1.10.14) (_[source](https://github.com/cilium/cilium/tree/v1.10.14/install/kubernetes/cilium)_) -* [v1.10.13](https://github.com/cilium/cilium/releases/tag/v1.10.13) (_[source](https://github.com/cilium/cilium/tree/v1.10.13/install/kubernetes/cilium)_) * [v1.10.13](https://github.com/cilium/cilium/releases/tag/v1.10.13) (_[source](https://github.com/cilium/cilium/tree/v1.10.13/install/kubernetes/cilium)_) * [v1.10.12](https://github.com/cilium/cilium/releases/tag/v1.10.12) (_[source](https://github.com/cilium/cilium/tree/v1.10.12/install/kubernetes/cilium)_) -* [v1.10.12](https://github.com/cilium/cilium/releases/tag/v1.10.12) (_[source](https://github.com/cilium/cilium/tree/v1.10.12/install/kubernetes/cilium)_) -* [v1.10.11](https://github.com/cilium/cilium/releases/tag/v1.10.11) (_[source](https://github.com/cilium/cilium/tree/v1.10.11/install/kubernetes/cilium)_) * [v1.10.11](https://github.com/cilium/cilium/releases/tag/v1.10.11) (_[source](https://github.com/cilium/cilium/tree/v1.10.11/install/kubernetes/cilium)_) * [v1.10.10](https://github.com/cilium/cilium/releases/tag/v1.10.10) (_[source](https://github.com/cilium/cilium/tree/v1.10.10/install/kubernetes/cilium)_) -* [v1.10.10](https://github.com/cilium/cilium/releases/tag/v1.10.10) (_[source](https://github.com/cilium/cilium/tree/v1.10.10/install/kubernetes/cilium)_) -* [v1.10.9](https://github.com/cilium/cilium/releases/tag/v1.10.9) (_[source](https://github.com/cilium/cilium/tree/v1.10.9/install/kubernetes/cilium)_) * [v1.10.9](https://github.com/cilium/cilium/releases/tag/v1.10.9) (_[source](https://github.com/cilium/cilium/tree/v1.10.9/install/kubernetes/cilium)_) * [v1.10.8](https://github.com/cilium/cilium/releases/tag/v1.10.8) (_[source](https://github.com/cilium/cilium/tree/v1.10.8/install/kubernetes/cilium)_) -* [v1.10.8](https://github.com/cilium/cilium/releases/tag/v1.10.8) (_[source](https://github.com/cilium/cilium/tree/v1.10.8/install/kubernetes/cilium)_) -* [v1.10.7](https://github.com/cilium/cilium/releases/tag/v1.10.7) (_[source](https://github.com/cilium/cilium/tree/v1.10.7/install/kubernetes/cilium)_) * [v1.10.7](https://github.com/cilium/cilium/releases/tag/v1.10.7) (_[source](https://github.com/cilium/cilium/tree/v1.10.7/install/kubernetes/cilium)_) * [v1.10.6](https://github.com/cilium/cilium/releases/tag/v1.10.6) (_[source](https://github.com/cilium/cilium/tree/v1.10.6/install/kubernetes/cilium)_) -* [v1.10.6](https://github.com/cilium/cilium/releases/tag/v1.10.6) (_[source](https://github.com/cilium/cilium/tree/v1.10.6/install/kubernetes/cilium)_) -* [v1.10.5](https://github.com/cilium/cilium/releases/tag/v1.10.5) (_[source](https://github.com/cilium/cilium/tree/v1.10.5/install/kubernetes/cilium)_) * [v1.10.5](https://github.com/cilium/cilium/releases/tag/v1.10.5) (_[source](https://github.com/cilium/cilium/tree/v1.10.5/install/kubernetes/cilium)_) * [v1.10.4](https://github.com/cilium/cilium/releases/tag/v1.10.4) (_[source](https://github.com/cilium/cilium/tree/v1.10.4/install/kubernetes/cilium)_) -* [v1.10.4](https://github.com/cilium/cilium/releases/tag/v1.10.4) (_[source](https://github.com/cilium/cilium/tree/v1.10.4/install/kubernetes/cilium)_) -* [v1.10.3](https://github.com/cilium/cilium/releases/tag/v1.10.3) (_[source](https://github.com/cilium/cilium/tree/v1.10.3/install/kubernetes/cilium)_) * [v1.10.3](https://github.com/cilium/cilium/releases/tag/v1.10.3) (_[source](https://github.com/cilium/cilium/tree/v1.10.3/install/kubernetes/cilium)_) * [v1.10.2](https://github.com/cilium/cilium/releases/tag/v1.10.2) (_[source](https://github.com/cilium/cilium/tree/v1.10.2/install/kubernetes/cilium)_) -* [v1.10.2](https://github.com/cilium/cilium/releases/tag/v1.10.2) (_[source](https://github.com/cilium/cilium/tree/v1.10.2/install/kubernetes/cilium)_) -* [v1.10.1](https://github.com/cilium/cilium/releases/tag/v1.10.1) (_[source](https://github.com/cilium/cilium/tree/v1.10.1/install/kubernetes/cilium)_) * [v1.10.1](https://github.com/cilium/cilium/releases/tag/v1.10.1) (_[source](https://github.com/cilium/cilium/tree/v1.10.1/install/kubernetes/cilium)_) * [v1.10.0](https://github.com/cilium/cilium/releases/tag/v1.10.0) (_[source](https://github.com/cilium/cilium/tree/v1.10.0/install/kubernetes/cilium)_) -* [v1.10.0](https://github.com/cilium/cilium/releases/tag/v1.10.0) (_[source](https://github.com/cilium/cilium/tree/v1.10.0/install/kubernetes/cilium)_) * [v1.10.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc2/install/kubernetes/cilium)_) -* [v1.10.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc2/install/kubernetes/cilium)_) -* [v1.10.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc1/install/kubernetes/cilium)_) * [v1.10.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc1/install/kubernetes/cilium)_) * [v1.10.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc0/install/kubernetes/cilium)_) -* [v1.10.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.10.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.10.0-rc0/install/kubernetes/cilium)_) -* [v1.9.18](https://github.com/cilium/cilium/releases/tag/v1.9.18) (_[source](https://github.com/cilium/cilium/tree/v1.9.18/install/kubernetes/cilium)_) * [v1.9.18](https://github.com/cilium/cilium/releases/tag/v1.9.18) (_[source](https://github.com/cilium/cilium/tree/v1.9.18/install/kubernetes/cilium)_) * [v1.9.17](https://github.com/cilium/cilium/releases/tag/v1.9.17) (_[source](https://github.com/cilium/cilium/tree/v1.9.17/install/kubernetes/cilium)_) -* [v1.9.17](https://github.com/cilium/cilium/releases/tag/v1.9.17) (_[source](https://github.com/cilium/cilium/tree/v1.9.17/install/kubernetes/cilium)_) -* [v1.9.16](https://github.com/cilium/cilium/releases/tag/v1.9.16) (_[source](https://github.com/cilium/cilium/tree/v1.9.16/install/kubernetes/cilium)_) * [v1.9.16](https://github.com/cilium/cilium/releases/tag/v1.9.16) (_[source](https://github.com/cilium/cilium/tree/v1.9.16/install/kubernetes/cilium)_) * [v1.9.15](https://github.com/cilium/cilium/releases/tag/v1.9.15) (_[source](https://github.com/cilium/cilium/tree/v1.9.15/install/kubernetes/cilium)_) -* [v1.9.15](https://github.com/cilium/cilium/releases/tag/v1.9.15) (_[source](https://github.com/cilium/cilium/tree/v1.9.15/install/kubernetes/cilium)_) -* [v1.9.14](https://github.com/cilium/cilium/releases/tag/v1.9.14) (_[source](https://github.com/cilium/cilium/tree/v1.9.14/install/kubernetes/cilium)_) * [v1.9.14](https://github.com/cilium/cilium/releases/tag/v1.9.14) (_[source](https://github.com/cilium/cilium/tree/v1.9.14/install/kubernetes/cilium)_) * [v1.9.13](https://github.com/cilium/cilium/releases/tag/v1.9.13) (_[source](https://github.com/cilium/cilium/tree/v1.9.13/install/kubernetes/cilium)_) -* [v1.9.13](https://github.com/cilium/cilium/releases/tag/v1.9.13) (_[source](https://github.com/cilium/cilium/tree/v1.9.13/install/kubernetes/cilium)_) -* [v1.9.12](https://github.com/cilium/cilium/releases/tag/v1.9.12) (_[source](https://github.com/cilium/cilium/tree/v1.9.12/install/kubernetes/cilium)_) * [v1.9.12](https://github.com/cilium/cilium/releases/tag/v1.9.12) (_[source](https://github.com/cilium/cilium/tree/v1.9.12/install/kubernetes/cilium)_) * [v1.9.11](https://github.com/cilium/cilium/releases/tag/v1.9.11) (_[source](https://github.com/cilium/cilium/tree/v1.9.11/install/kubernetes/cilium)_) -* [v1.9.11](https://github.com/cilium/cilium/releases/tag/v1.9.11) (_[source](https://github.com/cilium/cilium/tree/v1.9.11/install/kubernetes/cilium)_) -* [v1.9.10](https://github.com/cilium/cilium/releases/tag/v1.9.10) (_[source](https://github.com/cilium/cilium/tree/v1.9.10/install/kubernetes/cilium)_) * [v1.9.10](https://github.com/cilium/cilium/releases/tag/v1.9.10) (_[source](https://github.com/cilium/cilium/tree/v1.9.10/install/kubernetes/cilium)_) * [v1.9.9](https://github.com/cilium/cilium/releases/tag/v1.9.9) (_[source](https://github.com/cilium/cilium/tree/v1.9.9/install/kubernetes/cilium)_) -* [v1.9.9](https://github.com/cilium/cilium/releases/tag/v1.9.9) (_[source](https://github.com/cilium/cilium/tree/v1.9.9/install/kubernetes/cilium)_) -* [v1.9.8](https://github.com/cilium/cilium/releases/tag/v1.9.8) (_[source](https://github.com/cilium/cilium/tree/v1.9.8/install/kubernetes/cilium)_) * [v1.9.8](https://github.com/cilium/cilium/releases/tag/v1.9.8) (_[source](https://github.com/cilium/cilium/tree/v1.9.8/install/kubernetes/cilium)_) * [v1.9.7](https://github.com/cilium/cilium/releases/tag/v1.9.7) (_[source](https://github.com/cilium/cilium/tree/v1.9.7/install/kubernetes/cilium)_) -* [v1.9.7](https://github.com/cilium/cilium/releases/tag/v1.9.7) (_[source](https://github.com/cilium/cilium/tree/v1.9.7/install/kubernetes/cilium)_) * [v1.9.6](https://github.com/cilium/cilium/releases/tag/v1.9.6) (_[source](https://github.com/cilium/cilium/tree/v1.9.6/install/kubernetes/cilium)_) -* [v1.9.6](https://github.com/cilium/cilium/releases/tag/v1.9.6) (_[source](https://github.com/cilium/cilium/tree/v1.9.6/install/kubernetes/cilium)_) -* [v1.9.5](https://github.com/cilium/cilium/releases/tag/v1.9.5) (_[source](https://github.com/cilium/cilium/tree/v1.9.5/install/kubernetes/cilium)_) * [v1.9.5](https://github.com/cilium/cilium/releases/tag/v1.9.5) (_[source](https://github.com/cilium/cilium/tree/v1.9.5/install/kubernetes/cilium)_) * [v1.9.4](https://github.com/cilium/cilium/releases/tag/v1.9.4) (_[source](https://github.com/cilium/cilium/tree/v1.9.4/install/kubernetes/cilium)_) -* [v1.9.4](https://github.com/cilium/cilium/releases/tag/v1.9.4) (_[source](https://github.com/cilium/cilium/tree/v1.9.4/install/kubernetes/cilium)_) -* [v1.9.3](https://github.com/cilium/cilium/releases/tag/v1.9.3) (_[source](https://github.com/cilium/cilium/tree/v1.9.3/install/kubernetes/cilium)_) * [v1.9.3](https://github.com/cilium/cilium/releases/tag/v1.9.3) (_[source](https://github.com/cilium/cilium/tree/v1.9.3/install/kubernetes/cilium)_) * [v1.9.2](https://github.com/cilium/cilium/releases/tag/v1.9.2) (_[source](https://github.com/cilium/cilium/tree/v1.9.2/install/kubernetes/cilium)_) -* [v1.9.2](https://github.com/cilium/cilium/releases/tag/v1.9.2) (_[source](https://github.com/cilium/cilium/tree/v1.9.2/install/kubernetes/cilium)_) -* [v1.9.1](https://github.com/cilium/cilium/releases/tag/v1.9.1) (_[source](https://github.com/cilium/cilium/tree/v1.9.1/install/kubernetes/cilium)_) * [v1.9.1](https://github.com/cilium/cilium/releases/tag/v1.9.1) (_[source](https://github.com/cilium/cilium/tree/v1.9.1/install/kubernetes/cilium)_) * [v1.9.0](https://github.com/cilium/cilium/releases/tag/v1.9.0) (_[source](https://github.com/cilium/cilium/tree/v1.9.0/install/kubernetes/cilium)_) -* [v1.9.0](https://github.com/cilium/cilium/releases/tag/v1.9.0) (_[source](https://github.com/cilium/cilium/tree/v1.9.0/install/kubernetes/cilium)_) -* [v1.9.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc3/install/kubernetes/cilium)_) * [v1.9.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc3/install/kubernetes/cilium)_) * [v1.9.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc2/install/kubernetes/cilium)_) -* [v1.9.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc2/install/kubernetes/cilium)_) -* [v1.9.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc1/install/kubernetes/cilium)_) * [v1.9.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc1/install/kubernetes/cilium)_) * [v1.9.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc0/install/kubernetes/cilium)_) -* [v1.9.0-rc0](https://github.com/cilium/cilium/releases/tag/v1.9.0-rc0) (_[source](https://github.com/cilium/cilium/tree/v1.9.0-rc0/install/kubernetes/cilium)_) -* [v1.8.13](https://github.com/cilium/cilium/releases/tag/v1.8.13) (_[source](https://github.com/cilium/cilium/tree/v1.8.13/install/kubernetes/cilium)_) * [v1.8.13](https://github.com/cilium/cilium/releases/tag/v1.8.13) (_[source](https://github.com/cilium/cilium/tree/v1.8.13/install/kubernetes/cilium)_) * [v1.8.12](https://github.com/cilium/cilium/releases/tag/v1.8.12) (_[source](https://github.com/cilium/cilium/tree/v1.8.12/install/kubernetes/cilium)_) -* [v1.8.12](https://github.com/cilium/cilium/releases/tag/v1.8.12) (_[source](https://github.com/cilium/cilium/tree/v1.8.12/install/kubernetes/cilium)_) -* [v1.8.11](https://github.com/cilium/cilium/releases/tag/v1.8.11) (_[source](https://github.com/cilium/cilium/tree/v1.8.11/install/kubernetes/cilium)_) * [v1.8.11](https://github.com/cilium/cilium/releases/tag/v1.8.11) (_[source](https://github.com/cilium/cilium/tree/v1.8.11/install/kubernetes/cilium)_) * [v1.8.10](https://github.com/cilium/cilium/releases/tag/v1.8.10) (_[source](https://github.com/cilium/cilium/tree/v1.8.10/install/kubernetes/cilium)_) -* [v1.8.10](https://github.com/cilium/cilium/releases/tag/v1.8.10) (_[source](https://github.com/cilium/cilium/tree/v1.8.10/install/kubernetes/cilium)_) * [v1.8.9](https://github.com/cilium/cilium/releases/tag/v1.8.9) (_[source](https://github.com/cilium/cilium/tree/v1.8.9/install/kubernetes/cilium)_) -* [v1.8.9](https://github.com/cilium/cilium/releases/tag/v1.8.9) (_[source](https://github.com/cilium/cilium/tree/v1.8.9/install/kubernetes/cilium)_) -* [v1.8.8](https://github.com/cilium/cilium/releases/tag/v1.8.8) (_[source](https://github.com/cilium/cilium/tree/v1.8.8/install/kubernetes/cilium)_) * [v1.8.8](https://github.com/cilium/cilium/releases/tag/v1.8.8) (_[source](https://github.com/cilium/cilium/tree/v1.8.8/install/kubernetes/cilium)_) * [v1.8.7](https://github.com/cilium/cilium/releases/tag/v1.8.7) (_[source](https://github.com/cilium/cilium/tree/v1.8.7/install/kubernetes/cilium)_) -* [v1.8.7](https://github.com/cilium/cilium/releases/tag/v1.8.7) (_[source](https://github.com/cilium/cilium/tree/v1.8.7/install/kubernetes/cilium)_) -* [v1.8.6](https://github.com/cilium/cilium/releases/tag/v1.8.6) (_[source](https://github.com/cilium/cilium/tree/v1.8.6/install/kubernetes/cilium)_) * [v1.8.6](https://github.com/cilium/cilium/releases/tag/v1.8.6) (_[source](https://github.com/cilium/cilium/tree/v1.8.6/install/kubernetes/cilium)_) * [v1.8.5](https://github.com/cilium/cilium/releases/tag/v1.8.5) (_[source](https://github.com/cilium/cilium/tree/v1.8.5/install/kubernetes/cilium)_) -* [v1.8.5](https://github.com/cilium/cilium/releases/tag/v1.8.5) (_[source](https://github.com/cilium/cilium/tree/v1.8.5/install/kubernetes/cilium)_) -* [v1.8.4](https://github.com/cilium/cilium/releases/tag/v1.8.4) (_[source](https://github.com/cilium/cilium/tree/v1.8.4/install/kubernetes/cilium)_) * [v1.8.4](https://github.com/cilium/cilium/releases/tag/v1.8.4) (_[source](https://github.com/cilium/cilium/tree/v1.8.4/install/kubernetes/cilium)_) * [v1.8.3](https://github.com/cilium/cilium/releases/tag/v1.8.3) (_[source](https://github.com/cilium/cilium/tree/v1.8.3/install/kubernetes/cilium)_) -* [v1.8.3](https://github.com/cilium/cilium/releases/tag/v1.8.3) (_[source](https://github.com/cilium/cilium/tree/v1.8.3/install/kubernetes/cilium)_) -* [v1.8.2](https://github.com/cilium/cilium/releases/tag/v1.8.2) (_[source](https://github.com/cilium/cilium/tree/v1.8.2/install/kubernetes/cilium)_) * [v1.8.2](https://github.com/cilium/cilium/releases/tag/v1.8.2) (_[source](https://github.com/cilium/cilium/tree/v1.8.2/install/kubernetes/cilium)_) * [v1.8.1](https://github.com/cilium/cilium/releases/tag/v1.8.1) (_[source](https://github.com/cilium/cilium/tree/v1.8.1/install/kubernetes/cilium)_) -* [v1.8.1](https://github.com/cilium/cilium/releases/tag/v1.8.1) (_[source](https://github.com/cilium/cilium/tree/v1.8.1/install/kubernetes/cilium)_) -* [v1.8.0](https://github.com/cilium/cilium/releases/tag/v1.8.0) (_[source](https://github.com/cilium/cilium/tree/v1.8.0/install/kubernetes/cilium)_) * [v1.8.0](https://github.com/cilium/cilium/releases/tag/v1.8.0) (_[source](https://github.com/cilium/cilium/tree/v1.8.0/install/kubernetes/cilium)_) * [v1.8.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc4/install/kubernetes/cilium)_) -* [v1.8.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc4/install/kubernetes/cilium)_) -* [v1.8.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc3/install/kubernetes/cilium)_) * [v1.8.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc3/install/kubernetes/cilium)_) * [v1.8.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc2/install/kubernetes/cilium)_) -* [v1.8.0-rc2](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc2) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc2/install/kubernetes/cilium)_) -* [v1.8.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc1/install/kubernetes/cilium)_) * [v1.8.0-rc1](https://github.com/cilium/cilium/releases/tag/v1.8.0-rc1) (_[source](https://github.com/cilium/cilium/tree/v1.8.0-rc1/install/kubernetes/cilium)_) * [v1.7.16](https://github.com/cilium/cilium/releases/tag/v1.7.16) (_[source](https://github.com/cilium/cilium/tree/v1.7.16/install/kubernetes/cilium)_) -* [v1.7.16](https://github.com/cilium/cilium/releases/tag/v1.7.16) (_[source](https://github.com/cilium/cilium/tree/v1.7.16/install/kubernetes/cilium)_) * [v1.7.15](https://github.com/cilium/cilium/releases/tag/v1.7.15) (_[source](https://github.com/cilium/cilium/tree/v1.7.15/install/kubernetes/cilium)_) -* [v1.7.15](https://github.com/cilium/cilium/releases/tag/v1.7.15) (_[source](https://github.com/cilium/cilium/tree/v1.7.15/install/kubernetes/cilium)_) -* [v1.7.14](https://github.com/cilium/cilium/releases/tag/v1.7.14) (_[source](https://github.com/cilium/cilium/tree/v1.7.14/install/kubernetes/cilium)_) * [v1.7.14](https://github.com/cilium/cilium/releases/tag/v1.7.14) (_[source](https://github.com/cilium/cilium/tree/v1.7.14/install/kubernetes/cilium)_) * [v1.7.13](https://github.com/cilium/cilium/releases/tag/v1.7.13) (_[source](https://github.com/cilium/cilium/tree/v1.7.13/install/kubernetes/cilium)_) -* [v1.7.13](https://github.com/cilium/cilium/releases/tag/v1.7.13) (_[source](https://github.com/cilium/cilium/tree/v1.7.13/install/kubernetes/cilium)_) -* [v1.7.12](https://github.com/cilium/cilium/releases/tag/v1.7.12) (_[source](https://github.com/cilium/cilium/tree/v1.7.12/install/kubernetes/cilium)_) * [v1.7.12](https://github.com/cilium/cilium/releases/tag/v1.7.12) (_[source](https://github.com/cilium/cilium/tree/v1.7.12/install/kubernetes/cilium)_) * [v1.7.11](https://github.com/cilium/cilium/releases/tag/v1.7.11) (_[source](https://github.com/cilium/cilium/tree/v1.7.11/install/kubernetes/cilium)_) -* [v1.7.11](https://github.com/cilium/cilium/releases/tag/v1.7.11) (_[source](https://github.com/cilium/cilium/tree/v1.7.11/install/kubernetes/cilium)_) -* [v1.7.10](https://github.com/cilium/cilium/releases/tag/v1.7.10) (_[source](https://github.com/cilium/cilium/tree/v1.7.10/install/kubernetes/cilium)_) * [v1.7.10](https://github.com/cilium/cilium/releases/tag/v1.7.10) (_[source](https://github.com/cilium/cilium/tree/v1.7.10/install/kubernetes/cilium)_) * [v1.7.9](https://github.com/cilium/cilium/releases/tag/v1.7.9) (_[source](https://github.com/cilium/cilium/tree/v1.7.9/install/kubernetes/cilium)_) -* [v1.7.9](https://github.com/cilium/cilium/releases/tag/v1.7.9) (_[source](https://github.com/cilium/cilium/tree/v1.7.9/install/kubernetes/cilium)_) -* [v1.7.8](https://github.com/cilium/cilium/releases/tag/v1.7.8) (_[source](https://github.com/cilium/cilium/tree/v1.7.8/install/kubernetes/cilium)_) * [v1.7.8](https://github.com/cilium/cilium/releases/tag/v1.7.8) (_[source](https://github.com/cilium/cilium/tree/v1.7.8/install/kubernetes/cilium)_) * [v1.7.7](https://github.com/cilium/cilium/releases/tag/v1.7.7) (_[source](https://github.com/cilium/cilium/tree/v1.7.7/install/kubernetes/cilium)_) -* [v1.7.7](https://github.com/cilium/cilium/releases/tag/v1.7.7) (_[source](https://github.com/cilium/cilium/tree/v1.7.7/install/kubernetes/cilium)_) -* [v1.7.6](https://github.com/cilium/cilium/releases/tag/v1.7.6) (_[source](https://github.com/cilium/cilium/tree/v1.7.6/install/kubernetes/cilium)_) * [v1.7.6](https://github.com/cilium/cilium/releases/tag/v1.7.6) (_[source](https://github.com/cilium/cilium/tree/v1.7.6/install/kubernetes/cilium)_) * [v1.7.5](https://github.com/cilium/cilium/releases/tag/v1.7.5) (_[source](https://github.com/cilium/cilium/tree/v1.7.5/install/kubernetes/cilium)_) -* [v1.7.5](https://github.com/cilium/cilium/releases/tag/v1.7.5) (_[source](https://github.com/cilium/cilium/tree/v1.7.5/install/kubernetes/cilium)_) -* [v1.7.4](https://github.com/cilium/cilium/releases/tag/v1.7.4) (_[source](https://github.com/cilium/cilium/tree/v1.7.4/install/kubernetes/cilium)_) * [v1.7.4](https://github.com/cilium/cilium/releases/tag/v1.7.4) (_[source](https://github.com/cilium/cilium/tree/v1.7.4/install/kubernetes/cilium)_) * [v1.7.3](https://github.com/cilium/cilium/releases/tag/v1.7.3) (_[source](https://github.com/cilium/cilium/tree/v1.7.3/install/kubernetes/cilium)_) -* [v1.7.3](https://github.com/cilium/cilium/releases/tag/v1.7.3) (_[source](https://github.com/cilium/cilium/tree/v1.7.3/install/kubernetes/cilium)_) -* [v1.7.2](https://github.com/cilium/cilium/releases/tag/v1.7.2) (_[source](https://github.com/cilium/cilium/tree/v1.7.2/install/kubernetes/cilium)_) * [v1.7.2](https://github.com/cilium/cilium/releases/tag/v1.7.2) (_[source](https://github.com/cilium/cilium/tree/v1.7.2/install/kubernetes/cilium)_) * [v1.7.1](https://github.com/cilium/cilium/releases/tag/v1.7.1) (_[source](https://github.com/cilium/cilium/tree/v1.7.1/install/kubernetes/cilium)_) -* [v1.7.1](https://github.com/cilium/cilium/releases/tag/v1.7.1) (_[source](https://github.com/cilium/cilium/tree/v1.7.1/install/kubernetes/cilium)_) * [v1.7.0](https://github.com/cilium/cilium/releases/tag/v1.7.0) (_[source](https://github.com/cilium/cilium/tree/v1.7.0/install/kubernetes/cilium)_) -* [v1.7.0](https://github.com/cilium/cilium/releases/tag/v1.7.0) (_[source](https://github.com/cilium/cilium/tree/v1.7.0/install/kubernetes/cilium)_) -* [v1.7.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.7.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.7.0-rc4/install/kubernetes/cilium)_) * [v1.7.0-rc4](https://github.com/cilium/cilium/releases/tag/v1.7.0-rc4) (_[source](https://github.com/cilium/cilium/tree/v1.7.0-rc4/install/kubernetes/cilium)_) * [v1.7.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.7.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.7.0-rc3/install/kubernetes/cilium)_) -* [v1.7.0-rc3](https://github.com/cilium/cilium/releases/tag/v1.7.0-rc3) (_[source](https://github.com/cilium/cilium/tree/v1.7.0-rc3/install/kubernetes/cilium)_) -* [v1.6.12](https://github.com/cilium/cilium/releases/tag/v1.6.12) (_[source](https://github.com/cilium/cilium/tree/v1.6.12/install/kubernetes/cilium)_) * [v1.6.12](https://github.com/cilium/cilium/releases/tag/v1.6.12) (_[source](https://github.com/cilium/cilium/tree/v1.6.12/install/kubernetes/cilium)_) * [v1.6.11](https://github.com/cilium/cilium/releases/tag/v1.6.11) (_[source](https://github.com/cilium/cilium/tree/v1.6.11/install/kubernetes/cilium)_) -* [v1.6.11](https://github.com/cilium/cilium/releases/tag/v1.6.11) (_[source](https://github.com/cilium/cilium/tree/v1.6.11/install/kubernetes/cilium)_) -* [v1.6.10](https://github.com/cilium/cilium/releases/tag/v1.6.10) (_[source](https://github.com/cilium/cilium/tree/v1.6.10/install/kubernetes/cilium)_) * [v1.6.10](https://github.com/cilium/cilium/releases/tag/v1.6.10) (_[source](https://github.com/cilium/cilium/tree/v1.6.10/install/kubernetes/cilium)_) * [v1.6.9](https://github.com/cilium/cilium/releases/tag/v1.6.9) (_[source](https://github.com/cilium/cilium/tree/v1.6.9/install/kubernetes/cilium)_) -* [v1.6.9](https://github.com/cilium/cilium/releases/tag/v1.6.9) (_[source](https://github.com/cilium/cilium/tree/v1.6.9/install/kubernetes/cilium)_) -* [v1.6.8](https://github.com/cilium/cilium/releases/tag/v1.6.8) (_[source](https://github.com/cilium/cilium/tree/v1.6.8/install/kubernetes/cilium)_) * [v1.6.8](https://github.com/cilium/cilium/releases/tag/v1.6.8) (_[source](https://github.com/cilium/cilium/tree/v1.6.8/install/kubernetes/cilium)_) * [v1.6.7](https://github.com/cilium/cilium/releases/tag/v1.6.7) (_[source](https://github.com/cilium/cilium/tree/v1.6.7/install/kubernetes/cilium)_) -* [v1.6.7](https://github.com/cilium/cilium/releases/tag/v1.6.7) (_[source](https://github.com/cilium/cilium/tree/v1.6.7/install/kubernetes/cilium)_) -* [v1.6.6](https://github.com/cilium/cilium/releases/tag/v1.6.6) (_[source](https://github.com/cilium/cilium/tree/v1.6.6/install/kubernetes/cilium)_) * [v1.6.6](https://github.com/cilium/cilium/releases/tag/v1.6.6) (_[source](https://github.com/cilium/cilium/tree/v1.6.6/install/kubernetes/cilium)_) * [v1.6.5](https://github.com/cilium/cilium/releases/tag/v1.6.5) (_[source](https://github.com/cilium/cilium/tree/v1.6.5/install/kubernetes/cilium)_) -* [v1.6.5](https://github.com/cilium/cilium/releases/tag/v1.6.5) (_[source](https://github.com/cilium/cilium/tree/v1.6.5/install/kubernetes/cilium)_) This repository holds helm templates for the following Tetragon releases: +* [v1.3.0](https://github.com/cilium/tetragon/releases/tag/v1.3.0) (_[source](https://github.com/cilium/tetragon/tree/v1.3.0/install/kubernetes/tetragon)_) * [v1.2.1](https://github.com/cilium/tetragon/releases/tag/v1.2.1) (_[source](https://github.com/cilium/tetragon/tree/v1.2.1/install/kubernetes/tetragon)_) * [v1.2.0](https://github.com/cilium/tetragon/releases/tag/v1.2.0) (_[source](https://github.com/cilium/tetragon/tree/v1.2.0/install/kubernetes/tetragon)_) -* [v1.2.0](https://github.com/cilium/tetragon/releases/tag/v1.2.0) (_[source](https://github.com/cilium/tetragon/tree/v1.2.0/install/kubernetes/tetragon)_) * [v1.1.2](https://github.com/cilium/tetragon/releases/tag/v1.1.2) (_[source](https://github.com/cilium/tetragon/tree/v1.1.2/install/kubernetes/tetragon)_) -* [v1.1.2](https://github.com/cilium/tetragon/releases/tag/v1.1.2) (_[source](https://github.com/cilium/tetragon/tree/v1.1.2/install/kubernetes/tetragon)_) -* [v1.1.0](https://github.com/cilium/tetragon/releases/tag/v1.1.0) (_[source](https://github.com/cilium/tetragon/tree/v1.1.0/install/kubernetes/tetragon)_) * [v1.1.0](https://github.com/cilium/tetragon/releases/tag/v1.1.0) (_[source](https://github.com/cilium/tetragon/tree/v1.1.0/install/kubernetes/tetragon)_) * [v1.0.3](https://github.com/cilium/tetragon/releases/tag/v1.0.3) (_[source](https://github.com/cilium/tetragon/tree/v1.0.3/install/kubernetes)_) -* [v1.0.3](https://github.com/cilium/tetragon/releases/tag/v1.0.3) (_[source](https://github.com/cilium/tetragon/tree/v1.0.3/install/kubernetes)_) * [v1.0.2](https://github.com/cilium/tetragon/releases/tag/v1.0.2) (_[source](https://github.com/cilium/tetragon/tree/v1.0.2/install/kubernetes)_) -* [v1.0.2](https://github.com/cilium/tetragon/releases/tag/v1.0.2) (_[source](https://github.com/cilium/tetragon/tree/v1.0.2/install/kubernetes)_) -* [v1.0.1](https://github.com/cilium/tetragon/releases/tag/v1.0.1) (_[source](https://github.com/cilium/tetragon/tree/v1.0.1/install/kubernetes)_) * [v1.0.1](https://github.com/cilium/tetragon/releases/tag/v1.0.1) (_[source](https://github.com/cilium/tetragon/tree/v1.0.1/install/kubernetes)_) * [v1.0.0](https://github.com/cilium/tetragon/releases/tag/v1.0.0) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0/install/kubernetes)_) -* [v1.0.0](https://github.com/cilium/tetragon/releases/tag/v1.0.0) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0/install/kubernetes)_) -* [v1.0.0-rc.5](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.5) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.5/install/kubernetes)_) * [v1.0.0-rc.5](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.5) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.5/install/kubernetes)_) * [v1.0.0-rc.3](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.3) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.3/install/kubernetes)_) -* [v1.0.0-rc.3](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.3) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.3/install/kubernetes)_) -* [v1.0.0-rc.2](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.2) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.2/install/kubernetes)_) * [v1.0.0-rc.2](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.2) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.2/install/kubernetes)_) * [v1.0.0-rc.1](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.1) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.1/install/kubernetes)_) -* [v1.0.0-rc.1](https://github.com/cilium/tetragon/releases/tag/v1.0.0-rc.1) (_[source](https://github.com/cilium/tetragon/tree/v1.0.0-rc.1/install/kubernetes)_) -* [v0.11.0](https://github.com/cilium/tetragon/releases/tag/v0.11.0) (_[source](https://github.com/cilium/tetragon/tree/v0.11.0/install/kubernetes)_) * [v0.11.0](https://github.com/cilium/tetragon/releases/tag/v0.11.0) (_[source](https://github.com/cilium/tetragon/tree/v0.11.0/install/kubernetes)_) * [v0.10.0](https://github.com/cilium/tetragon/releases/tag/v0.10.0) (_[source](https://github.com/cilium/tetragon/tree/v0.10.0/install/kubernetes)_) -* [v0.10.0](https://github.com/cilium/tetragon/releases/tag/v0.10.0) (_[source](https://github.com/cilium/tetragon/tree/v0.10.0/install/kubernetes)_) -* [v0.9.0](https://github.com/cilium/tetragon/releases/tag/v0.9.0) (_[source](https://github.com/cilium/tetragon/tree/v0.9.0/install/kubernetes)_) * [v0.9.0](https://github.com/cilium/tetragon/releases/tag/v0.9.0) (_[source](https://github.com/cilium/tetragon/tree/v0.9.0/install/kubernetes)_) * [v0.8.4](https://github.com/cilium/tetragon/releases/tag/v0.8.4) (_[source](https://github.com/cilium/tetragon/tree/v0.8.4/install/kubernetes)_) -* [v0.8.4](https://github.com/cilium/tetragon/releases/tag/v0.8.4) (_[source](https://github.com/cilium/tetragon/tree/v0.8.4/install/kubernetes)_) -* [v0.8.3](https://github.com/cilium/tetragon/releases/tag/v0.8.3) (_[source](https://github.com/cilium/tetragon/tree/v0.8.3/install/kubernetes)_) * [v0.8.3](https://github.com/cilium/tetragon/releases/tag/v0.8.3) (_[source](https://github.com/cilium/tetragon/tree/v0.8.3/install/kubernetes)_) * [v0.8.2](https://github.com/cilium/tetragon/releases/tag/v0.8.2) (_[source](https://github.com/cilium/tetragon/tree/v0.8.2/install/kubernetes)_) -* [v0.8.2](https://github.com/cilium/tetragon/releases/tag/v0.8.2) (_[source](https://github.com/cilium/tetragon/tree/v0.8.2/install/kubernetes)_) -* [v0.8.1](https://github.com/cilium/tetragon/releases/tag/v0.8.1) (_[source](https://github.com/cilium/tetragon/tree/v0.8.1/install/kubernetes)_) * [v0.8.1](https://github.com/cilium/tetragon/releases/tag/v0.8.1) (_[source](https://github.com/cilium/tetragon/tree/v0.8.1/install/kubernetes)_) * [v0.8.0](https://github.com/cilium/tetragon/releases/tag/v0.8.0) (_[source](https://github.com/cilium/tetragon/tree/v0.8.0/install/kubernetes)_) -* [v0.8.0](https://github.com/cilium/tetragon/releases/tag/v0.8.0) (_[source](https://github.com/cilium/tetragon/tree/v0.8.0/install/kubernetes)_) diff --git a/vendor/github.com/cilium/charts/generate_helm_release.sh b/vendor/github.com/cilium/charts/generate_helm_release.sh index de0df1dcb1..3af3edfb23 100644 --- a/vendor/github.com/cilium/charts/generate_helm_release.sh +++ b/vendor/github.com/cilium/charts/generate_helm_release.sh @@ -51,7 +51,7 @@ main() { git stash remote=$(git remote -v | grep "${ORG}/${PROJECT}" | awk '{print $1;exit}') git fetch "${remote}" - git checkout -b "$version" + git checkout -B "$version" cd - else git clone --depth 1 --branch "$version" "https://github.com/cilium/${PROJECT}.git" diff --git a/vendor/github.com/cilium/charts/index.yaml b/vendor/github.com/cilium/charts/index.yaml index 12c094b045..86d2838756 100644 --- a/vendor/github.com/cilium/charts/index.yaml +++ b/vendor/github.com/cilium/charts/index.yaml @@ -20933,6 +20933,16 @@ entries: - cilium-1.6.5.tgz version: 1.6.5 tetragon: + - apiVersion: v2 + appVersion: 1.3.0 + created: "2024-12-13T13:24:53.007466361Z" + description: Helm chart for Tetragon + digest: 19bb9f3777ec823d43e7e5a1d2d6c8ef2320b54372f493d3fe460a0f842995e3 + name: tetragon + type: application + urls: + - tetragon-1.3.0.tgz + version: 1.3.0 - apiVersion: v2 appVersion: 1.2.1 created: "2024-11-27T11:05:58.573950346Z" @@ -20945,9 +20955,9 @@ entries: version: 1.2.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2024-09-05T13:21:20.070471945Z" + created: "2024-12-13T13:21:53.111318705Z" description: Helm chart for Tetragon - digest: 711faa2847966e52323f92e50ca5da69a462046470a2427176d273b1e1899d8e + digest: c3bfb7cebf8fd777120c07ea1b6707436e6219fdde4bd9966f55bfbc79a5c295 name: tetragon type: application urls: @@ -21133,4 +21143,4 @@ entries: urls: - tetragon-0.8.0.tgz version: 0.8.0 -generated: "2024-12-02T17:17:27.239332118Z" +generated: "2024-12-13T13:24:53.004496762Z" diff --git a/vendor/github.com/cilium/charts/tetragon-1.3.0.tgz b/vendor/github.com/cilium/charts/tetragon-1.3.0.tgz new file mode 100644 index 0000000000..d070c5534e Binary files /dev/null and b/vendor/github.com/cilium/charts/tetragon-1.3.0.tgz differ diff --git a/vendor/github.com/cilium/cilium/AUTHORS b/vendor/github.com/cilium/cilium/AUTHORS index e60872bc03..4ae3420936 100644 --- a/vendor/github.com/cilium/cilium/AUTHORS +++ b/vendor/github.com/cilium/cilium/AUTHORS @@ -335,6 +335,7 @@ guangwu guoguangwug@gmail.com Guilherme Oki guilherme.oki@wildlifestudios.com Guilherme Souza 101073+guilhermef@users.noreply.github.com Gunju Kim gjkim042@gmail.com +Gyutae Bae gyu.8ae@gmail.com hacktivist123 akintayoshedrack@gmail.com Hadrien Patte hadrien.patte@datadoghq.com Haitao Li lihaitao@gmail.com @@ -751,7 +752,7 @@ Richard Tweed RichardoC@users.noreply.github.com Ricky Ho horicky78@gmail.com Rio Kierkels riokierkels@gmail.com Robin Elfrink robin@15augustus.nl -Robin Gögge r.goegge@isovalent.com +Robin Gögge r.goegge@gmail.com Robin Hahling robin.hahling@gw-computing.net Rob Scott robertjscott@google.com Rocky Chen 40374064+rockc2020@users.noreply.github.com @@ -764,6 +765,7 @@ Ronald van Zantvoort the.loeki@gmail.com Ross Guarino rssguar@gmail.com roykharman roykharman@gmail.com Rudrakh Panigrahi rudrakh97@gmail.com +Rui Cao caorui.io@bytedance.com Rui Chen rui@chenrui.dev Rui Gu rui@covalent.io Rushikesh Butley rushikeshbutley@gmail.com @@ -903,6 +905,7 @@ Valas Valancius valas@google.com Vance Li vanceli@tencent.com Vanilla osu_Vanilla@126.com Vasu Dasari vasudasari@google.com +verysonglaa 39988258+verysonglaa@users.noreply.github.com Vigneshwaren Sunder vickymailed@gmail.com Viktor Kurchenko viktor.kurchenko@isovalent.com Viktor Kuzmin kvaster@gmail.com diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/allow-all-egress.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/allow-all-egress.yaml index 5437de55bf..f395498d12 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/allow-all-egress.yaml +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/allow-all-egress.yaml @@ -9,3 +9,4 @@ spec: - {} - toCIDR: - 0.0.0.0/0 + - ::/0 diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-deny.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-deny.yaml index 8f0e6216bb..3243095ae0 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-deny.yaml +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-deny.yaml @@ -11,6 +11,6 @@ spec: kind: client egressDeny: - toCIDRSet: - - cidr: {{.ExternalCIDR}} + - cidr: "{{.ExternalCIDR}}" except: - - {{.ExternalIP}}/32 + - "{{.ExternalIP | ipToCIDR }}" diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-knp.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-knp.yaml index ea635927fd..b8cc4e511b 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-knp.yaml +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external-knp.yaml @@ -10,6 +10,6 @@ spec: egress: - to: - ipBlock: - cidr: {{.ExternalCIDR}} + cidr: "{{.ExternalCIDR}}" except: - - {{.ExternalOtherIP}}/32 + - "{{ .ExternalOtherIP | ipToCIDR }}" diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external.yaml index b2fa10cad0..53beddd038 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external.yaml +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidr-external.yaml @@ -9,6 +9,6 @@ spec: kind: client egress: - toCIDRSet: - - cidr: {{.ExternalCIDR}} + - cidr: "{{.ExternalCIDR}}" except: - - {{.ExternalOtherIP}}/32 + - "{{ .ExternalOtherIP | ipToCIDR }}" diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml index 361589271a..31595869da 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml @@ -24,4 +24,4 @@ spec: - toCIDRSet: - cidrGroupRef: cilium-test-external-cidr except: - - "{{.ExternalIP}}/32" + - "{{ .ExternalIP | ipToCIDR }}" diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/template/template.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/template/template.go index f7d3b2952a..6e902bf93c 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/template/template.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/template/template.go @@ -6,6 +6,7 @@ package template import ( "bytes" "html/template" + "net/netip" "strings" ) @@ -13,6 +14,13 @@ import ( func Render(temp string, data any) (string, error) { fns := template.FuncMap{ "trimSuffix": func(in, suffix string) string { return strings.TrimSuffix(in, suffix) }, + "ipToCIDR": func(ipString string) string { + if ip, err := netip.ParseAddr(ipString); err == nil && ip.Is6() { + return ipString + "/128" // IPv6 address + } else { + return ipString + "/32" // otherwise assume IPv4 + } + }, } tm, err := template.New("template").Funcs(fns).Parse(temp) diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/node_to_node_encryption.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/node_to_node_encryption.go index d93bb9ebb7..d370119576 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/node_to_node_encryption.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/node_to_node_encryption.go @@ -21,5 +21,5 @@ func (t nodeToNodeEncryption) build(ct *check.ConnectivityTest, _ map[string]str features.RequireEnabled(features.EncryptionPod), features.RequireEnabled(features.EncryptionNode), ), - ) + ).WithFeatureRequirements(features.RequireModeIsNot(features.EncryptionPod, "ipsec")) } diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go index a90d4677a2..5eb0d2a95b 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go @@ -1751,7 +1751,7 @@ func (ct *ConnectivityTest) validateDeployment(ctx context.Context) error { } ct.secondaryNetworkNodeIPv4[pod.Spec.NodeName] = strings.TrimSuffix(addr.String(), "\n") } - if ct.Features[features.IPv4].Enabled { + if ct.Features[features.IPv6].Enabled { cmd := []string{"/bin/sh", "-c", fmt.Sprintf("ip -family inet6 -oneline address show dev %s scope global | awk '{print $4}' | cut -d/ -f1", iface)} addr, err := client.ExecInPod(ctx, pod.Namespace, pod.Name, "", cmd) if err != nil { diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/to-cidr.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/to-cidr.go index 591b197ce2..f7c2aae2ed 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/to-cidr.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/to-cidr.go @@ -6,6 +6,7 @@ package tests import ( "context" "fmt" + "net/netip" "strings" "github.com/cilium/cilium/cilium-cli/connectivity/check" @@ -35,7 +36,7 @@ func (s *podToCIDR) Run(ctx context.Context, t *check.Test) { ct := t.Context() for _, ip := range []string{ct.Params().ExternalIP, ct.Params().ExternalOtherIP} { - ep := check.HTTPEndpoint(fmt.Sprintf("external-%s", strings.ReplaceAll(ip, ".", "")), "https://"+ip) + ep := check.HTTPEndpoint(ipToName(ip), ipToURL(ip)) var i int for _, src := range ct.ClientPods() { @@ -51,3 +52,16 @@ func (s *podToCIDR) Run(ctx context.Context, t *check.Test) { } } } + +func ipToName(ip string) string { + ipWithoutSep := strings.ReplaceAll(ip, ".", "") // IPv4 separator + ipWithoutSep = strings.ReplaceAll(ipWithoutSep, ":", "") // IPv6 separator + return fmt.Sprintf("external-%s", ipWithoutSep) +} + +func ipToURL(ipString string) string { + if ip, err := netip.ParseAddr(ipString); err == nil && ip.Is6() { + ipString = fmt.Sprintf("[%s]", ipString) // Avoid parsing IPv6 last ":" as port + } + return "https://" + ipString +} diff --git a/vendor/github.com/cilium/cilium/cilium-cli/install/helm.go b/vendor/github.com/cilium/cilium/cilium-cli/install/helm.go index 66c93b6d63..26fdcd0114 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/install/helm.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/install/helm.go @@ -66,10 +66,7 @@ func (k *K8sInstaller) getHelmValues() (map[string]interface{}, error) { } // AL2023 uses ens interfaces, but we default to eth interfaces for everything else for backwards compatibility, // since the CLI was assuming eth interfaces before support for AL2023 was introduced - helmMapOpts["egressMasqueradeInterfaces"] = "eth+" - if k.params.AWS.AwsNodeImageFamily == AwsNodeImageFamilyAmazonLinux2023 { - helmMapOpts["egressMasqueradeInterfaces"] = "ens+" - } + helmMapOpts["egressMasqueradeInterfaces"] = "eth+ ens+" case DatapathGKE: helmMapOpts["ipam.mode"] = ipamKubernetes diff --git a/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go b/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go index 1603ad03d7..925a7f6c7a 100644 --- a/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go +++ b/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go @@ -143,6 +143,9 @@ func (fs Set) MatchRequirements(reqs ...Requirement) (bool, string) { if req.requiresMode && (req.mode != status.Mode) { return false, fmt.Sprintf("requires Feature %s mode %s, got %s", req.Feature, req.mode, status.Mode) } + if req.requireModeIsNot && (req.mode == status.Mode) { + return false, fmt.Sprintf("requires Feature %s mode %s to not equal %s, req.Feature", req.Feature, status.Mode, req.mode) + } } return true, "" @@ -184,8 +187,9 @@ type Requirement struct { requiresEnabled bool enabled bool - requiresMode bool - mode string + requiresMode bool + requireModeIsNot bool + mode string } // RequireEnabled constructs a Requirement which expects the @@ -218,6 +222,20 @@ func RequireMode(feature Feature, mode string) Requirement { } } +// RequiredModeIsNot constructs a Requirement which expects the Feature to not +// be in the given mode +// +// When evaluating a set of requirements with MatchRequirements, +// having a RequireMode requirement of the same feature and mode will cause +// conflicting results. +func RequireModeIsNot(feature Feature, mode string) Requirement { + return Requirement{ + Feature: feature, + requireModeIsNot: true, + mode: mode, + } +} + // ExtractFromVersionedConfigMap extracts features based on Cilium version and cilium-config // ConfigMap. func (fs Set) ExtractFromVersionedConfigMap(ciliumVersion semver.Version, cm *v1.ConfigMap) { diff --git a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/bgp.go b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/bgp.go index a0ff4cd6b8..42aa85b311 100644 --- a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/bgp.go +++ b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/bgp.go @@ -13,6 +13,18 @@ import ( v2alpha1api "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1" ) +// BGP metric labels +const ( + LabelClusterConfig = "bgp_cluster_config" + LabelVRouter = "vrouter" + LabelNeighbor = "neighbor" + LabelNeighborAsn = "neighbor_asn" + LabelAfi = "afi" + LabelSafi = "safi" + + MetricsSubsystem = "bgp_control_plane" +) + // BGPGlobal contains high level BGP configuration for given instance. type BGPGlobal struct { ASN uint32 diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go b/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go index b8236fb69a..3c19338a8c 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go @@ -413,11 +413,11 @@ func (s *ServiceCache) DeleteService(k8sSvc *slim_corev1.Service, swg *lock.Stop if serviceOK { s.metrics.DelService(oldService) s.emitEvent(ServiceEvent{ - Action: DeleteService, - ID: svcID, - Service: oldService, - Endpoints: endpoints, - SWGDone: swg.Add(), + Action: DeleteService, + ID: svcID, + OldService: oldService, + OldEndpoints: endpoints, + SWGDone: swg.Add(), }) } } @@ -808,6 +808,7 @@ func (s *ServiceCache) mergeExternalServiceDeleteLocked(service *serviceStore.Cl Action: UpdateService, ID: id, Service: svc, + OldService: svc, Endpoints: endpoints, OldEndpoints: oldEPs, SWGDone: swg.Add(), @@ -816,6 +817,8 @@ func (s *ServiceCache) mergeExternalServiceDeleteLocked(service *serviceStore.Cl if !serviceReady { delete(s.services, id) event.Action = DeleteService + event.Service = nil + event.Endpoints = nil } s.emitEvent(event) @@ -871,11 +874,11 @@ func (s *ServiceCache) MergeClusterServiceDelete(service *serviceStore.ClusterSe if ok { s.emitEvent(ServiceEvent{ - Action: DeleteService, - ID: id, - Service: svc, - Endpoints: endpoints, - SWGDone: swg.Add(), + Action: DeleteService, + ID: id, + OldService: svc, + OldEndpoints: endpoints, + SWGDone: swg.Add(), }) } } diff --git a/vendor/github.com/cilium/cilium/pkg/monitor/api/types.go b/vendor/github.com/cilium/cilium/pkg/monitor/api/types.go index ed76ce2b73..fc15a962a2 100644 --- a/vendor/github.com/cilium/cilium/pkg/monitor/api/types.go +++ b/vendor/github.com/cilium/cilium/pkg/monitor/api/types.go @@ -455,8 +455,9 @@ type ServiceUpsertNotificationAddr struct { type ServiceUpsertNotification struct { ID uint32 `json:"id"` - Frontend ServiceUpsertNotificationAddr `json:"frontend-address"` - Backends []ServiceUpsertNotificationAddr `json:"backend-addresses"` + Frontend ServiceUpsertNotificationAddr `json:"frontend-address"` + Backends []ServiceUpsertNotificationAddr `json:"backend-addresses"` + NumBackendsOmitted int `json:"num-backends-omitted,omitempty"` Type string `json:"type,omitempty"` ExtTrafficPolicy string `json:"ext-traffic-policy,omitempty"` @@ -471,17 +472,19 @@ func ServiceUpsertMessage( id uint32, frontend ServiceUpsertNotificationAddr, backends []ServiceUpsertNotificationAddr, + numBackendsOmitted int, svcType, svcExtTrafficPolicy, svcIntTrafficPolicy, svcName, svcNamespace string, ) AgentNotifyMessage { notification := ServiceUpsertNotification{ - ID: id, - Frontend: frontend, - Backends: backends, - Type: svcType, - ExtTrafficPolicy: svcExtTrafficPolicy, - IntTrafficPolicy: svcIntTrafficPolicy, - Name: svcName, - Namespace: svcNamespace, + ID: id, + Frontend: frontend, + Backends: backends, + NumBackendsOmitted: numBackendsOmitted, + Type: svcType, + ExtTrafficPolicy: svcExtTrafficPolicy, + IntTrafficPolicy: svcIntTrafficPolicy, + Name: svcName, + Namespace: svcNamespace, } return AgentNotifyMessage{ diff --git a/vendor/github.com/cilium/cilium/pkg/node/bootid.go b/vendor/github.com/cilium/cilium/pkg/node/bootid.go index 7345749991..e341fc7c74 100644 --- a/vendor/github.com/cilium/cilium/pkg/node/bootid.go +++ b/vendor/github.com/cilium/cilium/pkg/node/bootid.go @@ -11,8 +11,6 @@ var ( ) func GetBootID() string { - logOnce.Do(func() { - log.Infof("Local boot ID is %q", localBootID) - }) + logOnce.Do(initLocalBootID) return localBootID } diff --git a/vendor/github.com/cilium/cilium/pkg/node/bootid_linux.go b/vendor/github.com/cilium/cilium/pkg/node/bootid_linux.go index a47ab5f17f..d7daac2305 100644 --- a/vendor/github.com/cilium/cilium/pkg/node/bootid_linux.go +++ b/vendor/github.com/cilium/cilium/pkg/node/bootid_linux.go @@ -1,20 +1,23 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright Authors of Cilium +//go:build linux + package node import ( "os" "strings" -) -var bootIDFilePath = "/proc/sys/kernel/random/boot_id" + "github.com/cilium/cilium/pkg/option" +) -func init() { - bootID, err := os.ReadFile(bootIDFilePath) +func initLocalBootID() { + bootID, err := os.ReadFile(option.Config.BootIDFile) if err != nil { - log.WithError(err).Warnf("Could not read boot id from %s", bootIDFilePath) + log.WithError(err).Warnf("Could not read boot id from %s", option.Config.BootIDFile) return } localBootID = strings.TrimSpace(string(bootID)) + log.Infof("Local boot ID is %q", localBootID) } diff --git a/vendor/github.com/cilium/cilium/pkg/node/bootid_other.go b/vendor/github.com/cilium/cilium/pkg/node/bootid_other.go new file mode 100644 index 0000000000..5bdafe9b6b --- /dev/null +++ b/vendor/github.com/cilium/cilium/pkg/node/bootid_other.go @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright Authors of Cilium + +//go:build !linux + +package node + +func initLocalBootID() { +} diff --git a/vendor/github.com/cilium/cilium/pkg/option/config.go b/vendor/github.com/cilium/cilium/pkg/option/config.go index 9ef2c30655..8557222a3c 100644 --- a/vendor/github.com/cilium/cilium/pkg/option/config.go +++ b/vendor/github.com/cilium/cilium/pkg/option/config.go @@ -206,6 +206,13 @@ const ( // K8sServiceCacheSize is service cache size for cilium k8s package. K8sServiceCacheSize = "k8s-service-cache-size" + // K8sServiceDebounceBufferSize is the maximum number of service events to buffer. + K8sServiceDebounceBufferSize = "k8s-service-debounce-buffer-size" + + // K8sServiceDebounceBufferWaitTime is the amount of time to wait before emitting + // the service event buffer. + K8sServiceDebounceWaitTime = "k8s-service-debounce-wait-time" + // K8sSyncTimeout is the timeout since last event was received to synchronize all resources with k8s. K8sSyncTimeoutName = "k8s-sync-timeout" @@ -769,6 +776,11 @@ const ( // This feature will encrypt overlay traffic before it leaves the cluster. EnableIPSecEncryptedOverlay = "enable-ipsec-encrypted-overlay" + // BootIDFilename is a hidden flag that allows users to specify a + // filename other than /proc/sys/kernel/random/boot_id. This can be + // useful for testing purposes in local containerized cluster. + BootIDFilename = "boot-id-file" + // EnableWireguard is the name of the option to enable WireGuard EnableWireguard = "enable-wireguard" @@ -1398,6 +1410,13 @@ type DaemonConfig struct { // K8sServiceCacheSize is the service cache size for cilium k8s package. K8sServiceCacheSize uint + // Number of distinct services to buffer at most. + K8sServiceDebounceBufferSize int + + // The amount of time to wait to debounce service events before + // emitting the buffer. + K8sServiceDebounceWaitTime time.Duration + // MTU is the maximum transmission unit of the underlying network MTU int @@ -1559,6 +1578,9 @@ type DaemonConfig struct { // EnableIPSecEncryptedOverlay enables IPSec encryption for overlay traffic. EnableIPSecEncryptedOverlay bool + // BootIDFile is the file containing the boot ID of the node + BootIDFile string + // EnableWireguard enables Wireguard encryption EnableWireguard bool @@ -2824,9 +2846,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.EnableXDPPrefilter = vp.GetBool(EnableXDPPrefilter) c.EnableTCX = vp.GetBool(EnableTCX) c.DisableCiliumEndpointCRD = vp.GetBool(DisableCiliumEndpointCRDName) - if masqInfs := vp.GetString(MasqueradeInterfaces); masqInfs != "" { - c.MasqueradeInterfaces = strings.Split(masqInfs, ",") - } + c.MasqueradeInterfaces = vp.GetStringSlice(MasqueradeInterfaces) c.BPFSocketLBHostnsOnly = vp.GetBool(BPFSocketLBHostnsOnly) c.EnableSocketLB = vp.GetBool(EnableSocketLB) c.EnableSocketLBTracing = vp.GetBool(EnableSocketLBTracing) @@ -2877,6 +2897,8 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.K8sRequireIPv4PodCIDR = vp.GetBool(K8sRequireIPv4PodCIDRName) c.K8sRequireIPv6PodCIDR = vp.GetBool(K8sRequireIPv6PodCIDRName) c.K8sServiceCacheSize = uint(vp.GetInt(K8sServiceCacheSize)) + c.K8sServiceDebounceBufferSize = vp.GetInt(K8sServiceDebounceBufferSize) + c.K8sServiceDebounceWaitTime = vp.GetDuration(K8sServiceDebounceWaitTime) c.K8sSyncTimeout = vp.GetDuration(K8sSyncTimeoutName) c.AllocatorListTimeout = vp.GetDuration(AllocatorListTimeoutName) c.K8sWatcherEndpointSelector = vp.GetString(K8sWatcherEndpointSelector) @@ -2953,6 +2975,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.BPFConntrackAccounting = vp.GetBool(BPFConntrackAccounting) c.EnableIPSecEncryptedOverlay = vp.GetBool(EnableIPSecEncryptedOverlay) c.LBSourceRangeAllTypes = vp.GetBool(LBSourceRangeAllTypes) + c.BootIDFile = vp.GetString(BootIDFilename) c.ServiceNoBackendResponse = vp.GetString(ServiceNoBackendResponse) switch c.ServiceNoBackendResponse { diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 13fff832dd..e0fe974920 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -39,7 +39,6 @@ TARGETS := \ testdata/subprog_reloc \ testdata/fwd_decl \ testdata/kconfig \ - testdata/kconfig_config \ testdata/ksym \ testdata/kfunc \ testdata/invalid-kfunc \ diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 459ea90d8f..1bda110a40 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -701,6 +701,7 @@ func resolveKconfig(m *MapSpec) error { type configInfo struct { offset uint32 + size uint32 typ btf.Type } @@ -742,6 +743,7 @@ func resolveKconfig(m *MapSpec) error { default: // Catch CONFIG_*. configs[n] = configInfo{ offset: vsi.Offset, + size: vsi.Size, typ: v.Type, } } @@ -768,10 +770,10 @@ func resolveKconfig(m *MapSpec) error { for n, info := range configs { value, ok := kernelConfig[n] if !ok { - return fmt.Errorf("config option %q does not exists for this kernel", n) + return fmt.Errorf("config option %q does not exist on this kernel", n) } - err := kconfig.PutValue(data[info.offset:], info.typ, value) + err := kconfig.PutValue(data[info.offset:info.offset+info.size], info.typ, value) if err != nil { return fmt.Errorf("problem adding value for %s: %w", n, err) } diff --git a/vendor/github.com/cilium/ebpf/features/misc.go b/vendor/github.com/cilium/ebpf/features/misc.go index 0c4e1a2619..c039020a95 100644 --- a/vendor/github.com/cilium/ebpf/features/misc.go +++ b/vendor/github.com/cilium/ebpf/features/misc.go @@ -1,9 +1,12 @@ package features import ( + "errors" + "github.com/cilium/ebpf" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" ) // HaveLargeInstructions probes the running kernel if more than 4096 instructions @@ -62,7 +65,7 @@ func HaveV2ISA() error { } var haveV2ISA = internal.NewFeatureTest("v2 ISA", func() error { - return probeProgram(&ebpf.ProgramSpec{ + err := probeProgram(&ebpf.ProgramSpec{ Type: ebpf.SocketFilter, Instructions: asm.Instructions{ asm.Mov.Imm(asm.R0, 0), @@ -71,6 +74,11 @@ var haveV2ISA = internal.NewFeatureTest("v2 ISA", func() error { asm.Return().WithSymbol("exit"), }, }) + // This sometimes bubbles up from the JIT on aarch64. + if errors.Is(err, sys.ENOTSUPP) { + return ebpf.ErrNotSupported + } + return err }, "4.14") // HaveV3ISA probes the running kernel if instructions of the v3 ISA are supported. @@ -83,7 +91,7 @@ func HaveV3ISA() error { } var haveV3ISA = internal.NewFeatureTest("v3 ISA", func() error { - return probeProgram(&ebpf.ProgramSpec{ + err := probeProgram(&ebpf.ProgramSpec{ Type: ebpf.SocketFilter, Instructions: asm.Instructions{ asm.Mov.Imm(asm.R0, 0), @@ -92,4 +100,36 @@ var haveV3ISA = internal.NewFeatureTest("v3 ISA", func() error { asm.Return().WithSymbol("exit"), }, }) + // This sometimes bubbles up from the JIT on aarch64. + if errors.Is(err, sys.ENOTSUPP) { + return ebpf.ErrNotSupported + } + return err }, "5.1") + +// HaveV4ISA probes the running kernel if instructions of the v4 ISA are supported. +// +// Upstream commit 1f9a1ea821ff ("bpf: Support new sign-extension load insns"). +// +// See the package documentation for the meaning of the error return value. +func HaveV4ISA() error { + return haveV4ISA() +} + +var haveV4ISA = internal.NewFeatureTest("v4 ISA", func() error { + err := probeProgram(&ebpf.ProgramSpec{ + Type: ebpf.SocketFilter, + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.JEq.Imm(asm.R0, 1, "error"), + asm.LongJump("exit"), + asm.Mov.Imm(asm.R0, 1).WithSymbol("error"), + asm.Return().WithSymbol("exit"), + }, + }) + // This sometimes bubbles up from the JIT on aarch64. + if errors.Is(err, sys.ENOTSUPP) { + return ebpf.ErrNotSupported + } + return err +}, "6.6") diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index c32c066eb0..29c62b6266 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -103,12 +103,13 @@ func PutValue(data []byte, typ btf.Type, value string) error { switch value { case "y", "n", "m": return putValueTri(data, typ, value) - default: - if strings.HasPrefix(value, `"`) { - return putValueString(data, typ, value) - } - return putValueNumber(data, typ, value) } + + if strings.HasPrefix(value, `"`) { + return putValueString(data, typ, value) + } + + return putValueNumber(data, typ, value) } // Golang translation of libbpf_tristate enum: @@ -145,6 +146,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { return fmt.Errorf("cannot use enum %q, only libbpf_tristate is supported", v.Name) } + if len(data) != 4 { + return fmt.Errorf("expected enum value to occupy 4 bytes in datasec, got: %d", len(data)) + } + var tri triState switch value { case "y": @@ -154,10 +159,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { case "n": tri = TriNo default: - return fmt.Errorf("value %q is not support for libbpf_tristate", value) + return fmt.Errorf("value %q is not supported for libbpf_tristate", value) } - internal.NativeEndian.PutUint64(data, uint64(tri)) + internal.NativeEndian.PutUint32(data, uint32(tri)) default: return fmt.Errorf("cannot add number value, expected btf.Int or btf.Enum, got: %T", v) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go index 028be00455..399edbd20c 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd.go @@ -4,8 +4,10 @@ import ( "fmt" "math" "os" + "path/filepath" "runtime" "strconv" + "strings" "github.com/cilium/ebpf/internal/testutils/fdtrace" "github.com/cilium/ebpf/internal/unix" @@ -118,3 +120,43 @@ func (fd *FD) File(name string) *os.File { return os.NewFile(uintptr(fd.disown()), name) } + +// ObjGetTyped wraps [ObjGet] with a readlink call to extract the type of the +// underlying bpf object. +func ObjGetTyped(attr *ObjGetAttr) (*FD, ObjType, error) { + fd, err := ObjGet(attr) + if err != nil { + return nil, 0, err + } + + typ, err := readType(fd) + if err != nil { + _ = fd.Close() + return nil, 0, fmt.Errorf("reading fd type: %w", err) + } + + return fd, typ, nil +} + +// readType returns the bpf object type of the file descriptor by calling +// readlink(3). Returns an error if the file descriptor does not represent a bpf +// object. +func readType(fd *FD) (ObjType, error) { + s, err := os.Readlink(filepath.Join("/proc/self/fd/", fd.String())) + if err != nil { + return 0, fmt.Errorf("readlink fd %d: %w", fd.Int(), err) + } + + s = strings.TrimPrefix(s, "anon_inode:") + + switch s { + case "bpf-map": + return BPF_TYPE_MAP, nil + case "bpf-prog": + return BPF_TYPE_PROG, nil + case "bpf-link": + return BPF_TYPE_LINK, nil + } + + return 0, fmt.Errorf("unknown type %s of fd %d", s, fd.Int()) +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index f8792da052..88001c319e 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -566,6 +566,15 @@ const ( BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 ) +type ObjType uint32 + +const ( + BPF_TYPE_UNSPEC ObjType = 0 + BPF_TYPE_PROG ObjType = 1 + BPF_TYPE_MAP ObjType = 2 + BPF_TYPE_LINK ObjType = 3 +) + type PerfEventType uint32 const ( diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index eef834a812..796769f8ea 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -78,7 +78,9 @@ func NewFromID(id ID) (Link, error) { return wrapRawLink(&RawLink{fd, ""}) } -// LoadPinnedLink loads a link that was persisted into a bpffs. +// LoadPinnedLink loads a Link from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 5.7. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) if err != nil { @@ -350,7 +352,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { } func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -358,6 +360,11 @@ func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, er return nil, fmt.Errorf("load pinned link: %w", err) } + if typ != sys.BPF_TYPE_LINK { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Link", fileName) + } + return &RawLink{fd, fileName}, nil } diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index c5010b4190..f3f98b46d5 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -1560,9 +1560,11 @@ func (m *Map) unmarshalValue(value any, buf sysenc.Buffer) error { return buf.Unmarshal(value) } -// LoadPinnedMap loads a Map from a BPF file. +// LoadPinnedMap opens a Map from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 4.5. func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -1570,6 +1572,11 @@ func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { return nil, err } + if typ != sys.BPF_TYPE_MAP { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Map", fileName) + } + m, err := newMapFromFD(fd) if err == nil { m.pinnedPath = fileName diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index bde48a56be..1c97ae3de8 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -906,11 +906,12 @@ func marshalProgram(p *Program, length int) ([]byte, error) { return buf, nil } -// LoadPinnedProgram loads a Program from a BPF file. +// LoadPinnedProgram loads a Program from a pin (file) on the BPF virtual +// filesystem. // // Requires at least Linux 4.11. func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -918,6 +919,11 @@ func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) return nil, err } + if typ != sys.BPF_TYPE_PROG { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Program", fileName) + } + info, err := newProgramInfoFromFd(fd) if err != nil { _ = fd.Close() diff --git a/vendor/github.com/cilium/hive/script/cmds.go b/vendor/github.com/cilium/hive/script/cmds.go index a72abb26ed..4182d1b8a5 100644 --- a/vendor/github.com/cilium/hive/script/cmds.go +++ b/vendor/github.com/cilium/hive/script/cmds.go @@ -19,6 +19,7 @@ import ( "time" "github.com/cilium/hive/script/internal/diff" + "github.com/spf13/pflag" "golang.org/x/term" ) @@ -44,6 +45,7 @@ func DefaultCmds() map[string]Cmd { "mv": Mv(), "rm": Rm(), "replace": Replace(), + "sed": Sed(), "sleep": Sleep(), "stderr": Stderr(), "stdout": Stdout(), @@ -175,14 +177,19 @@ func Chmod() Cmd { }) } +func compareFlags(fs *pflag.FlagSet) { + fs.BoolP("quiet", "q", false, "Suppress printing of diff") +} + // Cmp compares the contents of two files, or the contents of either the // "stdout" or "stderr" buffer and a file, returning a non-nil error if the // contents differ. func Cmp() Cmd { return Command( CmdUsage{ - Args: "[-q] file1 file2", + Args: "file1 file2", Summary: "compare files for differences", + Flags: compareFlags, Detail: []string{ "By convention, file1 is the actual data and file2 is the expected data.", "The command succeeds if the file contents are identical.", @@ -199,7 +206,8 @@ func Cmp() Cmd { func Cmpenv() Cmd { return Command( CmdUsage{ - Args: "[-q] file1 file2", + Args: "file1 file2", + Flags: compareFlags, Summary: "compare files for differences, with environment expansion", Detail: []string{ "By convention, file1 is the actual data and file2 is the expected data.", @@ -213,10 +221,9 @@ func Cmpenv() Cmd { } func doCompare(s *State, env bool, args ...string) error { - quiet := false - if len(args) > 0 && args[0] == "-q" { - quiet = true - args = args[1:] + quiet, err := s.Flags.GetBool("quiet") + if err != nil { + return err } if len(args) != 2 { return ErrUsage @@ -576,23 +583,22 @@ func Exists() Cmd { return Command( CmdUsage{ Summary: "check that files exist", - Args: "[-readonly] [-exec] file...", + Args: "file...", + Flags: func(fs *pflag.FlagSet) { + fs.Bool("readonly", false, "File must not be writable") + fs.Bool("exec", false, "File must not be executable") + }, }, func(s *State, args ...string) (WaitFunc, error) { - var readonly, exec bool - loop: - for len(args) > 0 { - switch args[0] { - case "-readonly": - readonly = true - args = args[1:] - case "-exec": - exec = true - args = args[1:] - default: - break loop - } + readonly, err := s.Flags.GetBool("readonly") + if err != nil { + return nil, err } + exec, err := s.Flags.GetBool("exec") + if err != nil { + return nil, err + } + if len(args) == 0 { return nil, ErrUsage } @@ -624,7 +630,8 @@ func Grep() Cmd { return Command( CmdUsage{ Summary: "find lines in a file that match a pattern", - Args: matchUsage + " file", + Args: "'pattern' file", + Flags: matchFlags, Detail: []string{ "The command succeeds if at least one match (or the exact count, if given) is found.", "The -q flag suppresses printing of matches.", @@ -636,26 +643,20 @@ func Grep() Cmd { }) } -const matchUsage = "[-count=N] [-q] 'pattern'" +func matchFlags(fs *pflag.FlagSet) { + fs.Int("count", 0, "Exact count of matches") + fs.BoolP("quiet", "q", false, "Suppress printing of matches") +} // match implements the Grep, Stdout, and Stderr commands. func match(s *State, args []string, text, name string) error { - n := 0 - if len(args) >= 1 && strings.HasPrefix(args[0], "-count=") { - var err error - n, err = strconv.Atoi(args[0][len("-count="):]) - if err != nil { - return fmt.Errorf("bad -count=: %v", err) - } - if n < 1 { - return fmt.Errorf("bad -count=: must be at least 1") - } - args = args[1:] + n, err := s.Flags.GetInt("count") + if err != nil { + return err } - quiet := false - if len(args) >= 1 && args[0] == "-q" { - quiet = true - args = args[1:] + quiet, err := s.Flags.GetBool("quiet") + if err != nil { + return err } isGrep := name == "grep" @@ -882,6 +883,45 @@ func Replace() Cmd { }) } +// Sed implements a simple regexp replacement of text in a file. +func Sed() Cmd { + return Command( + CmdUsage{ + Summary: "substitute strings in a file with a regexp", + Args: "regexp replacement file", + Detail: []string{ + "A simple sed-like command for replacing text matching regular expressions", + "in a file.", + "", + "Implemented using regexp.ReplaceAll, see its docs for what is supported:", + "https://pkg.go.dev/regexp#Regexp.ReplaceAll", + }, + RegexpArgs: firstNonFlag, + }, + func(s *State, args ...string) (WaitFunc, error) { + if len(args) != 3 { + return nil, ErrUsage + } + + re, err := regexp.Compile(args[0]) + if err != nil { + return nil, err + } + replacement := args[1] + file := s.Path(args[2]) + + data, err := os.ReadFile(file) + if err != nil { + return nil, err + } + lines := strings.Split(string(data), "\n") + for i, line := range lines { + lines[i] = re.ReplaceAllString(line, replacement) + } + return nil, os.WriteFile(file, []byte(strings.Join(lines, "\n")), 0666) + }) +} + // Rm removes a file or directory. // // If a directory, Rm also recursively removes that directory's @@ -968,7 +1008,8 @@ func Stderr() Cmd { return Command( CmdUsage{ Summary: "find lines in the stderr buffer that match a pattern", - Args: matchUsage + " file", + Args: "'pattern'", + Flags: matchFlags, Detail: []string{ "The command succeeds if at least one match (or the exact count, if given) is found.", "The -q flag suppresses printing of matches.", @@ -985,7 +1026,8 @@ func Stdout() Cmd { return Command( CmdUsage{ Summary: "find lines in the stdout buffer that match a pattern", - Args: matchUsage + " file", + Args: "'pattern'", + Flags: matchFlags, Detail: []string{ "The command succeeds if at least one match (or the exact count, if given) is found.", "The -q flag suppresses printing of matches.", diff --git a/vendor/github.com/cilium/hive/script/engine.go b/vendor/github.com/cilium/hive/script/engine.go index 15f5ba387a..84208aab19 100644 --- a/vendor/github.com/cilium/hive/script/engine.go +++ b/vendor/github.com/cilium/hive/script/engine.go @@ -62,6 +62,8 @@ import ( "sort" "strings" "time" + + "github.com/spf13/pflag" ) // An Engine stores the configuration for executing a set of scripts. @@ -116,9 +118,17 @@ type WaitFunc func(*State) (stdout, stderr string, err error) // A CmdUsage describes the usage of a Cmd, independent of its name // (which can change based on its registration). type CmdUsage struct { - Summary string // in the style of the Name section of a Unix 'man' page, omitting the name - Args string // a brief synopsis of the command's arguments (only) - Detail []string // zero or more sentences in the style of the Description section of a Unix 'man' page + Summary string // in the style of the Name section of a Unix 'man' page, omitting the name + + // synopsis of arguments, e.g. "files...". If [Flags] is provided then these will be prepended + // to [Args] in usage output. + Args string + + // flags for the command, optional. If provided, then args passed to the command will not include any + // of the flag arguments. The [plafg.FlagSet] is available to the command via [State.Flags]. + Flags func(fs *pflag.FlagSet) + + Detail []string // zero or more sentences in the style of the Description section of a Unix 'man' page // If Async is true, the Cmd is meaningful to run in the background, and its // Run method must return either a non-nil WaitFunc or a non-nil error. @@ -317,12 +327,16 @@ func (e *Engine) Execute(s *State, file string, script *bufio.Reader, log io.Wri if err != nil { if cmd.want == successRetryOnFailure || cmd.want == failureRetryOnSuccess { // Command wants retries. Retry the whole section + numRetries := 0 for err != nil { + s.FlushLog() select { case <-s.Context().Done(): return lineErr(s.Context().Err()) case <-time.After(retryInterval): } + s.Logf("(command %q failed, retrying...)\n", line) + numRetries++ for _, cmd := range sectionCmds { impl := e.Cmds[cmd.name] if err = e.runCommand(s, cmd, impl); err != nil { @@ -330,6 +344,7 @@ func (e *Engine) Execute(s *State, file string, script *bufio.Reader, log io.Wri } } } + s.Logf("(command %q succeeded after %d retries)\n", line, numRetries) } else { if stop := (stopError{}); errors.As(err, &stop) { // Since the 'stop' command halts execution of the entire script, @@ -665,11 +680,42 @@ func (e *Engine) runCommand(s *State, cmd *command, impl Cmd) error { return cmdError(cmd, errors.New("unknown command")) } - async := impl.Usage().Async + usage := impl.Usage() + + async := usage.Async if cmd.background && !async { return cmdError(cmd, errors.New("command cannot be run in background")) } + // Register and parse the flags. We do this regardless of whether [usage.Flags] + // is set in order to handle -h/--help. + fs := pflag.NewFlagSet(cmd.name, pflag.ContinueOnError) + fs.Usage = func() {} // Don't automatically handle error + fs.SetOutput(s.logOut) + if usage.Flags != nil { + usage.Flags(fs) + } + if err := fs.Parse(cmd.args); err != nil { + if errors.Is(err, pflag.ErrHelp) { + out := new(strings.Builder) + err = e.ListCmds(out, true, "^"+cmd.name+"$") + s.stdout = out.String() + if s.stdout != "" { + s.Logf("[stdout]\n%s", s.stdout) + } + return err + } + if usage.Flags != nil { + return cmdError(cmd, err) + } + + // [usage.Flags] wasn't given, so ignore the parsing errors as the + // command might do its own argument parsing. + } else { + cmd.args = fs.Args() + s.Flags = fs + } + wait, runErr := impl.Run(s, cmd.args...) if wait == nil { if async && runErr == nil { @@ -788,22 +834,64 @@ func (e *Engine) ListCmds(w io.Writer, verbose bool, regexMatch string) error { suffix = " [&]" } - _, err := fmt.Fprintf(w, "%s %s%s\n\t%s\n", name, usage.Args, suffix, usage.Summary) + flagArgs := "" + flagUsages := "" + if usage.Flags != nil { + fs := pflag.NewFlagSet(name, pflag.ContinueOnError) + fs.SetOutput(w) + usage.Flags(fs) + flagUsages = fs.FlagUsages() + shortArgs := []string{} + longArgs := []string{} + fs.VisitAll(func(flag *pflag.Flag) { + if flag.Shorthand != "" { + shortArgs = append(shortArgs, flag.Shorthand) + } + switch flag.Value.Type() { + case "bool": + longArgs = append(longArgs, fmt.Sprintf("[--%s]", flag.Name)) + default: + longArgs = append(longArgs, fmt.Sprintf("[--%s=%s]", flag.Name, flag.Value.Type())) + } + }) + if len(shortArgs) > 0 { + flagArgs = fmt.Sprintf("[-%s] ", strings.Join(shortArgs, "")) + } + flagArgs += strings.Join(longArgs, " ") + " " + } + + _, err := fmt.Fprintf(w, "%s %s%s\n\t%s\n", name, flagArgs+usage.Args, suffix, usage.Summary) if err != nil { return err } if verbose { - if _, err := io.WriteString(w, "\n"); err != nil { - return err - } - for _, line := range usage.Detail { - if err := wrapLine(w, line, 60, "\t"); err != nil { + if len(usage.Detail) > 0 { + if _, err := io.WriteString(w, "\n"); err != nil { return err } + + for _, line := range usage.Detail { + if err := wrapLine(w, line, 60, "\t"); err != nil { + return err + } + } } - if _, err := io.WriteString(w, "\n"); err != nil { - return err + if flagUsages != "" { + if _, err := io.WriteString(w, "\n"); err != nil { + return err + } + lines := strings.Split(flagUsages, "\n") + if len(lines) > 0 { + if _, err := fmt.Fprintf(w, "\tFlags:\n"); err != nil { + return err + } + for _, line := range lines { + if _, err := fmt.Fprintf(w, "\t%s\n", line); err != nil { + return err + } + } + } } } } diff --git a/vendor/github.com/cilium/hive/script/state.go b/vendor/github.com/cilium/hive/script/state.go index 9a3580becf..29c3287f95 100644 --- a/vendor/github.com/cilium/hive/script/state.go +++ b/vendor/github.com/cilium/hive/script/state.go @@ -16,6 +16,7 @@ import ( "regexp" "strings" + "github.com/spf13/pflag" "golang.org/x/tools/txtar" ) @@ -36,6 +37,7 @@ type State struct { stdout string // standard output from last 'go' command; for 'stdout' command stderr string // standard error from last 'go' command; for 'stderr' command + Flags *pflag.FlagSet DoUpdate bool FileUpdates map[string]string diff --git a/vendor/github.com/docker/docker/registry/types.go b/vendor/github.com/docker/docker/registry/types.go index 54aa0bd19d..4926580a6c 100644 --- a/vendor/github.com/docker/docker/registry/types.go +++ b/vendor/github.com/docker/docker/registry/types.go @@ -37,5 +37,7 @@ type RepositoryInfo struct { Official bool // Class represents the class of the repository, such as "plugin" // or "image". + // + // Deprecated: this field is no longer used, and will be removed in the next release. Class string } diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go index 3a2092f105..382ad69411 100644 --- a/vendor/google.golang.org/grpc/balancer/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/balancer.go @@ -73,17 +73,6 @@ func unregisterForTesting(name string) { delete(m, name) } -// connectedAddress returns the connected address for a SubConnState. The -// address is only valid if the state is READY. -func connectedAddress(scs SubConnState) resolver.Address { - return scs.connectedAddress -} - -// setConnectedAddress sets the connected address for a SubConnState. -func setConnectedAddress(scs *SubConnState, addr resolver.Address) { - scs.connectedAddress = addr -} - func init() { internal.BalancerUnregister = unregisterForTesting internal.ConnectedAddress = connectedAddress @@ -106,57 +95,6 @@ func Get(name string) Builder { return nil } -// A SubConn represents a single connection to a gRPC backend service. -// -// Each SubConn contains a list of addresses. -// -// All SubConns start in IDLE, and will not try to connect. To trigger the -// connecting, Balancers must call Connect. If a connection re-enters IDLE, -// Balancers must call Connect again to trigger a new connection attempt. -// -// gRPC will try to connect to the addresses in sequence, and stop trying the -// remainder once the first connection is successful. If an attempt to connect -// to all addresses encounters an error, the SubConn will enter -// TRANSIENT_FAILURE for a backoff period, and then transition to IDLE. -// -// Once established, if a connection is lost, the SubConn will transition -// directly to IDLE. -// -// This interface is to be implemented by gRPC. Users should not need their own -// implementation of this interface. For situations like testing, any -// implementations should embed this interface. This allows gRPC to add new -// methods to this interface. -type SubConn interface { - // UpdateAddresses updates the addresses used in this SubConn. - // gRPC checks if currently-connected address is still in the new list. - // If it's in the list, the connection will be kept. - // If it's not in the list, the connection will gracefully close, and - // a new connection will be created. - // - // This will trigger a state transition for the SubConn. - // - // Deprecated: this method will be removed. Create new SubConns for new - // addresses instead. - UpdateAddresses([]resolver.Address) - // Connect starts the connecting for this SubConn. - Connect() - // GetOrBuildProducer returns a reference to the existing Producer for this - // ProducerBuilder in this SubConn, or, if one does not currently exist, - // creates a new one and returns it. Returns a close function which may be - // called when the Producer is no longer needed. Otherwise the producer - // will automatically be closed upon connection loss or subchannel close. - // Should only be called on a SubConn in state Ready. Otherwise the - // producer will be unable to create streams. - GetOrBuildProducer(ProducerBuilder) (p Producer, close func()) - // Shutdown shuts down the SubConn gracefully. Any started RPCs will be - // allowed to complete. No future calls should be made on the SubConn. - // One final state update will be delivered to the StateListener (or - // UpdateSubConnState; deprecated) with ConnectivityState of Shutdown to - // indicate the shutdown operation. This may be delivered before - // in-progress RPCs are complete and the actual connection is closed. - Shutdown() -} - // NewSubConnOptions contains options to create new SubConn. type NewSubConnOptions struct { // CredsBundle is the credentials bundle that will be used in the created @@ -424,18 +362,6 @@ type ExitIdler interface { ExitIdle() } -// SubConnState describes the state of a SubConn. -type SubConnState struct { - // ConnectivityState is the connectivity state of the SubConn. - ConnectivityState connectivity.State - // ConnectionError is set if the ConnectivityState is TransientFailure, - // describing the reason the SubConn failed. Otherwise, it is nil. - ConnectionError error - // connectedAddr contains the connected address when ConnectivityState is - // Ready. Otherwise, it is indeterminate. - connectedAddress resolver.Address -} - // ClientConnState describes the state of a ClientConn relevant to the // balancer. type ClientConnState struct { @@ -448,22 +374,3 @@ type ClientConnState struct { // ErrBadResolverState may be returned by UpdateClientConnState to indicate a // problem with the provided name resolver data. var ErrBadResolverState = errors.New("bad resolver state") - -// A ProducerBuilder is a simple constructor for a Producer. It is used by the -// SubConn to create producers when needed. -type ProducerBuilder interface { - // Build creates a Producer. The first parameter is always a - // grpc.ClientConnInterface (a type to allow creating RPCs/streams on the - // associated SubConn), but is declared as `any` to avoid a dependency - // cycle. Build also returns a close function that will be called when all - // references to the Producer have been given up for a SubConn, or when a - // connectivity state change occurs on the SubConn. The close function - // should always block until all asynchronous cleanup work is completed. - Build(grpcClientConnInterface any) (p Producer, close func()) -} - -// A Producer is a type shared among potentially many consumers. It is -// associated with a SubConn, and an implementation will typically contain -// other methods to provide additional functionality, e.g. configuration or -// subscription registration. -type Producer any diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go b/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go index c519789458..7d66cb491c 100644 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go +++ b/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go @@ -18,7 +18,18 @@ // Package internal contains code internal to the pickfirst package. package internal -import "math/rand" +import ( + rand "math/rand/v2" + "time" +) -// RandShuffle pseudo-randomizes the order of addresses. -var RandShuffle = rand.Shuffle +var ( + // RandShuffle pseudo-randomizes the order of addresses. + RandShuffle = rand.Shuffle + // TimeAfterFunc allows mocking the timer for testing connection delay + // related functionality. + TimeAfterFunc = func(d time.Duration, f func()) func() { + timer := time.AfterFunc(d, f) + return func() { timer.Stop() } + } +) diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go index e069346a75..ea8899818c 100644 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go +++ b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go @@ -23,7 +23,7 @@ import ( "encoding/json" "errors" "fmt" - "math/rand" + rand "math/rand/v2" "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/pickfirst/internal" diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go index 985b6edc7f..2fc0a71f94 100644 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go +++ b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go @@ -29,11 +29,15 @@ import ( "encoding/json" "errors" "fmt" + "net" + "net/netip" "sync" + "time" "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/pickfirst/internal" "google.golang.org/grpc/connectivity" + expstats "google.golang.org/grpc/experimental/stats" "google.golang.org/grpc/grpclog" "google.golang.org/grpc/internal/envconfig" internalgrpclog "google.golang.org/grpc/internal/grpclog" @@ -50,26 +54,68 @@ func init() { balancer.Register(pickfirstBuilder{}) } +// enableHealthListenerKeyType is a unique key type used in resolver attributes +// to indicate whether the health listener usage is enabled. +type enableHealthListenerKeyType struct{} + var ( logger = grpclog.Component("pick-first-leaf-lb") // Name is the name of the pick_first_leaf balancer. // It is changed to "pick_first" in init() if this balancer is to be // registered as the default pickfirst. - Name = "pick_first_leaf" + Name = "pick_first_leaf" + disconnectionsMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.disconnections", + Description: "EXPERIMENTAL. Number of times the selected subchannel becomes disconnected.", + Unit: "disconnection", + Labels: []string{"grpc.target"}, + Default: false, + }) + connectionAttemptsSucceededMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.connection_attempts_succeeded", + Description: "EXPERIMENTAL. Number of successful connection attempts.", + Unit: "attempt", + Labels: []string{"grpc.target"}, + Default: false, + }) + connectionAttemptsFailedMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.connection_attempts_failed", + Description: "EXPERIMENTAL. Number of failed connection attempts.", + Unit: "attempt", + Labels: []string{"grpc.target"}, + Default: false, + }) ) -// TODO: change to pick-first when this becomes the default pick_first policy. -const logPrefix = "[pick-first-leaf-lb %p] " +const ( + // TODO: change to pick-first when this becomes the default pick_first policy. + logPrefix = "[pick-first-leaf-lb %p] " + // connectionDelayInterval is the time to wait for during the happy eyeballs + // pass before starting the next connection attempt. + connectionDelayInterval = 250 * time.Millisecond +) + +type ipAddrFamily int + +const ( + // ipAddrFamilyUnknown represents strings that can't be parsed as an IP + // address. + ipAddrFamilyUnknown ipAddrFamily = iota + ipAddrFamilyV4 + ipAddrFamilyV6 +) type pickfirstBuilder struct{} -func (pickfirstBuilder) Build(cc balancer.ClientConn, _ balancer.BuildOptions) balancer.Balancer { +func (pickfirstBuilder) Build(cc balancer.ClientConn, bo balancer.BuildOptions) balancer.Balancer { b := &pickfirstBalancer{ - cc: cc, - addressList: addressList{}, - subConns: resolver.NewAddressMap(), - state: connectivity.Connecting, - mu: sync.Mutex{}, + cc: cc, + target: bo.Target.String(), + metricsRecorder: bo.MetricsRecorder, // ClientConn will always create a Metrics Recorder. + + subConns: resolver.NewAddressMap(), + state: connectivity.Connecting, + cancelConnectionTimer: func() {}, } b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b)) return b @@ -87,6 +133,13 @@ func (pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalan return cfg, nil } +// EnableHealthListener updates the state to configure pickfirst for using a +// generic health listener. +func EnableHealthListener(state resolver.State) resolver.State { + state.Attributes = state.Attributes.WithValue(enableHealthListenerKeyType{}, true) + return state +} + type pfConfig struct { serviceconfig.LoadBalancingConfig `json:"-"` @@ -104,14 +157,19 @@ type scData struct { subConn balancer.SubConn addr resolver.Address - state connectivity.State - lastErr error + rawConnectivityState connectivity.State + // The effective connectivity state based on raw connectivity, health state + // and after following sticky TransientFailure behaviour defined in A62. + effectiveState connectivity.State + lastErr error + connectionFailedInFirstPass bool } func (b *pickfirstBalancer) newSCData(addr resolver.Address) (*scData, error) { sd := &scData{ - state: connectivity.Idle, - addr: addr, + rawConnectivityState: connectivity.Idle, + effectiveState: connectivity.Idle, + addr: addr, } sc, err := b.cc.NewSubConn([]resolver.Address{addr}, balancer.NewSubConnOptions{ StateListener: func(state balancer.SubConnState) { @@ -128,19 +186,25 @@ func (b *pickfirstBalancer) newSCData(addr resolver.Address) (*scData, error) { type pickfirstBalancer struct { // The following fields are initialized at build time and read-only after // that and therefore do not need to be guarded by a mutex. - logger *internalgrpclog.PrefixLogger - cc balancer.ClientConn + logger *internalgrpclog.PrefixLogger + cc balancer.ClientConn + target string + metricsRecorder expstats.MetricsRecorder // guaranteed to be non nil // The mutex is used to ensure synchronization of updates triggered // from the idle picker and the already serialized resolver, // SubConn state updates. - mu sync.Mutex + mu sync.Mutex + // State reported to the channel based on SubConn states and resolver + // updates. state connectivity.State // scData for active subonns mapped by address. - subConns *resolver.AddressMap - addressList addressList - firstPass bool - numTF int + subConns *resolver.AddressMap + addressList addressList + firstPass bool + numTF int + cancelConnectionTimer func() + healthCheckingEnabled bool } // ResolverError is called by the ClientConn when the name resolver produces @@ -166,7 +230,7 @@ func (b *pickfirstBalancer) resolverErrorLocked(err error) { return } - b.cc.UpdateState(balancer.State{ + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.TransientFailure, Picker: &picker{err: fmt.Errorf("name resolver error: %v", err)}, }) @@ -175,15 +239,16 @@ func (b *pickfirstBalancer) resolverErrorLocked(err error) { func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState) error { b.mu.Lock() defer b.mu.Unlock() + b.cancelConnectionTimer() if len(state.ResolverState.Addresses) == 0 && len(state.ResolverState.Endpoints) == 0 { // Cleanup state pertaining to the previous resolver state. // Treat an empty address list like an error by calling b.ResolverError. - b.state = connectivity.TransientFailure b.closeSubConnsLocked() b.addressList.updateAddrs(nil) b.resolverErrorLocked(errors.New("produced zero addresses")) return balancer.ErrBadResolverState } + b.healthCheckingEnabled = state.ResolverState.Attributes.Value(enableHealthListenerKeyType{}) != nil cfg, ok := state.BalancerConfig.(pfConfig) if state.BalancerConfig != nil && !ok { return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v: %w", state.BalancerConfig, state.BalancerConfig, balancer.ErrBadResolverState) @@ -206,9 +271,6 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState // "Flatten the list by concatenating the ordered list of addresses for // each of the endpoints, in order." - A61 for _, endpoint := range endpoints { - // "In the flattened list, interleave addresses from the two address - // families, as per RFC-8305 section 4." - A61 - // TODO: support the above language. newAddrs = append(newAddrs, endpoint.Addresses...) } } else { @@ -231,16 +293,17 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState // Not de-duplicating would result in attempting to connect to the same // SubConn multiple times in the same pass. We don't want this. newAddrs = deDupAddresses(newAddrs) + newAddrs = interleaveAddresses(newAddrs) - // Since we have a new set of addresses, we are again at first pass. - b.firstPass = true - - // If the previous ready SubConn exists in new address list, - // keep this connection and don't create new SubConns. prevAddr := b.addressList.currentAddress() + prevSCData, found := b.subConns.Get(prevAddr) prevAddrsCount := b.addressList.size() + isPrevRawConnectivityStateReady := found && prevSCData.(*scData).rawConnectivityState == connectivity.Ready b.addressList.updateAddrs(newAddrs) - if b.state == connectivity.Ready && b.addressList.seekTo(prevAddr) { + + // If the previous ready SubConn exists in new address list, + // keep this connection and don't create new SubConns. + if isPrevRawConnectivityStateReady && b.addressList.seekTo(prevAddr) { return nil } @@ -252,18 +315,17 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState // we should still enter CONNECTING because the sticky TF behaviour // mentioned in A62 applies only when the TRANSIENT_FAILURE is reported // due to connectivity failures. - if b.state == connectivity.Ready || b.state == connectivity.Connecting || prevAddrsCount == 0 { + if isPrevRawConnectivityStateReady || b.state == connectivity.Connecting || prevAddrsCount == 0 { // Start connection attempt at first address. - b.state = connectivity.Connecting - b.cc.UpdateState(balancer.State{ + b.forceUpdateConcludedStateLocked(balancer.State{ ConnectivityState: connectivity.Connecting, Picker: &picker{err: balancer.ErrNoSubConnAvailable}, }) - b.requestConnectionLocked() + b.startFirstPassLocked() } else if b.state == connectivity.TransientFailure { // If we're in TRANSIENT_FAILURE, we stay in TRANSIENT_FAILURE until // we're READY. See A62. - b.requestConnectionLocked() + b.startFirstPassLocked() } return nil } @@ -278,6 +340,7 @@ func (b *pickfirstBalancer) Close() { b.mu.Lock() defer b.mu.Unlock() b.closeSubConnsLocked() + b.cancelConnectionTimer() b.state = connectivity.Shutdown } @@ -287,10 +350,19 @@ func (b *pickfirstBalancer) Close() { func (b *pickfirstBalancer) ExitIdle() { b.mu.Lock() defer b.mu.Unlock() - if b.state == connectivity.Idle && b.addressList.currentAddress() == b.addressList.first() { - b.firstPass = true - b.requestConnectionLocked() + if b.state == connectivity.Idle { + b.startFirstPassLocked() + } +} + +func (b *pickfirstBalancer) startFirstPassLocked() { + b.firstPass = true + b.numTF = 0 + // Reset the connection attempt record for existing SubConns. + for _, sd := range b.subConns.Values() { + sd.(*scData).connectionFailedInFirstPass = false } + b.requestConnectionLocked() } func (b *pickfirstBalancer) closeSubConnsLocked() { @@ -314,6 +386,70 @@ func deDupAddresses(addrs []resolver.Address) []resolver.Address { return retAddrs } +// interleaveAddresses interleaves addresses of both families (IPv4 and IPv6) +// as per RFC-8305 section 4. +// Whichever address family is first in the list is followed by an address of +// the other address family; that is, if the first address in the list is IPv6, +// then the first IPv4 address should be moved up in the list to be second in +// the list. It doesn't support configuring "First Address Family Count", i.e. +// there will always be a single member of the first address family at the +// beginning of the interleaved list. +// Addresses that are neither IPv4 nor IPv6 are treated as part of a third +// "unknown" family for interleaving. +// See: https://datatracker.ietf.org/doc/html/rfc8305#autoid-6 +func interleaveAddresses(addrs []resolver.Address) []resolver.Address { + familyAddrsMap := map[ipAddrFamily][]resolver.Address{} + interleavingOrder := []ipAddrFamily{} + for _, addr := range addrs { + family := addressFamily(addr.Addr) + if _, found := familyAddrsMap[family]; !found { + interleavingOrder = append(interleavingOrder, family) + } + familyAddrsMap[family] = append(familyAddrsMap[family], addr) + } + + interleavedAddrs := make([]resolver.Address, 0, len(addrs)) + + for curFamilyIdx := 0; len(interleavedAddrs) < len(addrs); curFamilyIdx = (curFamilyIdx + 1) % len(interleavingOrder) { + // Some IP types may have fewer addresses than others, so we look for + // the next type that has a remaining member to add to the interleaved + // list. + family := interleavingOrder[curFamilyIdx] + remainingMembers := familyAddrsMap[family] + if len(remainingMembers) > 0 { + interleavedAddrs = append(interleavedAddrs, remainingMembers[0]) + familyAddrsMap[family] = remainingMembers[1:] + } + } + + return interleavedAddrs +} + +// addressFamily returns the ipAddrFamily after parsing the address string. +// If the address isn't of the format "ip-address:port", it returns +// ipAddrFamilyUnknown. The address may be valid even if it's not an IP when +// using a resolver like passthrough where the address may be a hostname in +// some format that the dialer can resolve. +func addressFamily(address string) ipAddrFamily { + // Parse the IP after removing the port. + host, _, err := net.SplitHostPort(address) + if err != nil { + return ipAddrFamilyUnknown + } + ip, err := netip.ParseAddr(host) + if err != nil { + return ipAddrFamilyUnknown + } + switch { + case ip.Is4() || ip.Is4In6(): + return ipAddrFamilyV4 + case ip.Is6(): + return ipAddrFamilyV6 + default: + return ipAddrFamilyUnknown + } +} + // reconcileSubConnsLocked updates the active subchannels based on a new address // list from the resolver. It does this by: // - closing subchannels: any existing subchannels associated with addresses @@ -342,6 +478,7 @@ func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address) // shutdownRemainingLocked shuts down remaining subConns. Called when a subConn // becomes ready, which means that all other subConn must be shutdown. func (b *pickfirstBalancer) shutdownRemainingLocked(selected *scData) { + b.cancelConnectionTimer() for _, v := range b.subConns.Values() { sd := v.(*scData) if sd.subConn != selected.subConn { @@ -382,46 +519,89 @@ func (b *pickfirstBalancer) requestConnectionLocked() { } scd := sd.(*scData) - switch scd.state { + switch scd.rawConnectivityState { case connectivity.Idle: scd.subConn.Connect() + b.scheduleNextConnectionLocked() + return case connectivity.TransientFailure: - // Try the next address. + // The SubConn is being re-used and failed during a previous pass + // over the addressList. It has not completed backoff yet. + // Mark it as having failed and try the next address. + scd.connectionFailedInFirstPass = true lastErr = scd.lastErr continue - case connectivity.Ready: - // Should never happen. - b.logger.Errorf("Requesting a connection even though we have a READY SubConn") - case connectivity.Shutdown: - // Should never happen. - b.logger.Errorf("SubConn with state SHUTDOWN present in SubConns map") case connectivity.Connecting: - // Wait for the SubConn to report success or failure. + // Wait for the connection attempt to complete or the timer to fire + // before attempting the next address. + b.scheduleNextConnectionLocked() + return + default: + b.logger.Errorf("SubConn with unexpected state %v present in SubConns map.", scd.rawConnectivityState) + return + } - return } + // All the remaining addresses in the list are in TRANSIENT_FAILURE, end the - // first pass. - b.endFirstPassLocked(lastErr) + // first pass if possible. + b.endFirstPassIfPossibleLocked(lastErr) +} + +func (b *pickfirstBalancer) scheduleNextConnectionLocked() { + b.cancelConnectionTimer() + if !b.addressList.hasNext() { + return + } + curAddr := b.addressList.currentAddress() + cancelled := false // Access to this is protected by the balancer's mutex. + closeFn := internal.TimeAfterFunc(connectionDelayInterval, func() { + b.mu.Lock() + defer b.mu.Unlock() + // If the scheduled task is cancelled while acquiring the mutex, return. + if cancelled { + return + } + if b.logger.V(2) { + b.logger.Infof("Happy Eyeballs timer expired while waiting for connection to %q.", curAddr.Addr) + } + if b.addressList.increment() { + b.requestConnectionLocked() + } + }) + // Access to the cancellation callback held by the balancer is guarded by + // the balancer's mutex, so it's safe to set the boolean from the callback. + b.cancelConnectionTimer = sync.OnceFunc(func() { + cancelled = true + closeFn() + }) } func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.SubConnState) { b.mu.Lock() defer b.mu.Unlock() - oldState := sd.state - sd.state = newState.ConnectivityState + oldState := sd.rawConnectivityState + sd.rawConnectivityState = newState.ConnectivityState // Previously relevant SubConns can still callback with state updates. // To prevent pickers from returning these obsolete SubConns, this logic // is included to check if the current list of active SubConns includes this // SubConn. - if activeSD, found := b.subConns.Get(sd.addr); !found || activeSD != sd { + if !b.isActiveSCData(sd) { return } if newState.ConnectivityState == connectivity.Shutdown { + sd.effectiveState = connectivity.Shutdown return } + // Record a connection attempt when exiting CONNECTING. + if newState.ConnectivityState == connectivity.TransientFailure { + sd.connectionFailedInFirstPass = true + connectionAttemptsFailedMetric.Record(b.metricsRecorder, 1, b.target) + } + if newState.ConnectivityState == connectivity.Ready { + connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) b.shutdownRemainingLocked(sd) if !b.addressList.seekTo(sd.addr) { // This should not fail as we should have only one SubConn after @@ -429,10 +609,30 @@ func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.Sub b.logger.Errorf("Address %q not found address list in %v", sd.addr, b.addressList.addresses) return } - b.state = connectivity.Ready - b.cc.UpdateState(balancer.State{ - ConnectivityState: connectivity.Ready, - Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, + if !b.healthCheckingEnabled { + if b.logger.V(2) { + b.logger.Infof("SubConn %p reported connectivity state READY and the health listener is disabled. Transitioning SubConn to READY.", sd.subConn) + } + + sd.effectiveState = connectivity.Ready + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Ready, + Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, + }) + return + } + if b.logger.V(2) { + b.logger.Infof("SubConn %p reported connectivity state READY. Registering health listener.", sd.subConn) + } + // Send a CONNECTING update to take the SubConn out of sticky-TF if + // required. + sd.effectiveState = connectivity.Connecting + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, + }) + sd.subConn.RegisterHealthListener(func(scs balancer.SubConnState) { + b.updateSubConnHealthState(sd, scs) }) return } @@ -443,13 +643,24 @@ func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.Sub // a transport is successfully created, but the connection fails // before the SubConn can send the notification for READY. We treat // this as a successful connection and transition to IDLE. - if (b.state == connectivity.Ready && newState.ConnectivityState != connectivity.Ready) || (oldState == connectivity.Connecting && newState.ConnectivityState == connectivity.Idle) { + // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second + // part of the if condition below once the issue is fixed. + if oldState == connectivity.Ready || (oldState == connectivity.Connecting && newState.ConnectivityState == connectivity.Idle) { // Once a transport fails, the balancer enters IDLE and starts from // the first address when the picker is used. b.shutdownRemainingLocked(sd) - b.state = connectivity.Idle + sd.effectiveState = newState.ConnectivityState + // READY SubConn interspliced in between CONNECTING and IDLE, need to + // account for that. + if oldState == connectivity.Connecting { + // A known issue (https://github.com/grpc/grpc-go/issues/7862) + // causes a race that prevents the READY state change notification. + // This works around it. + connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) + } + disconnectionsMetric.Record(b.metricsRecorder, 1, b.target) b.addressList.reset() - b.cc.UpdateState(balancer.State{ + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.Idle, Picker: &idlePicker{exitIdle: sync.OnceFunc(b.ExitIdle)}, }) @@ -459,32 +670,35 @@ func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.Sub if b.firstPass { switch newState.ConnectivityState { case connectivity.Connecting: - // The balancer can be in either IDLE, CONNECTING or - // TRANSIENT_FAILURE. If it's in TRANSIENT_FAILURE, stay in + // The effective state can be in either IDLE, CONNECTING or + // TRANSIENT_FAILURE. If it's TRANSIENT_FAILURE, stay in // TRANSIENT_FAILURE until it's READY. See A62. - // If the balancer is already in CONNECTING, no update is needed. - if b.state == connectivity.Idle { - b.state = connectivity.Connecting - b.cc.UpdateState(balancer.State{ + if sd.effectiveState != connectivity.TransientFailure { + sd.effectiveState = connectivity.Connecting + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.Connecting, Picker: &picker{err: balancer.ErrNoSubConnAvailable}, }) } case connectivity.TransientFailure: sd.lastErr = newState.ConnectionError + sd.effectiveState = connectivity.TransientFailure // Since we're re-using common SubConns while handling resolver // updates, we could receive an out of turn TRANSIENT_FAILURE from - // a pass over the previous address list. We ignore such updates. - - if curAddr := b.addressList.currentAddress(); !equalAddressIgnoringBalAttributes(&curAddr, &sd.addr) { - return - } - if b.addressList.increment() { - b.requestConnectionLocked() - return + // a pass over the previous address list. Happy Eyeballs will also + // cause out of order updates to arrive. + + if curAddr := b.addressList.currentAddress(); equalAddressIgnoringBalAttributes(&curAddr, &sd.addr) { + b.cancelConnectionTimer() + if b.addressList.increment() { + b.requestConnectionLocked() + return + } } - // End of the first pass. - b.endFirstPassLocked(newState.ConnectionError) + + // End the first pass if we've seen a TRANSIENT_FAILURE from all + // SubConns once. + b.endFirstPassIfPossibleLocked(newState.ConnectionError) } return } @@ -495,7 +709,7 @@ func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.Sub b.numTF = (b.numTF + 1) % b.subConns.Len() sd.lastErr = newState.ConnectionError if b.numTF%b.subConns.Len() == 0 { - b.cc.UpdateState(balancer.State{ + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.TransientFailure, Picker: &picker{err: newState.ConnectionError}, }) @@ -509,24 +723,95 @@ func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.Sub } } -func (b *pickfirstBalancer) endFirstPassLocked(lastErr error) { +// endFirstPassIfPossibleLocked ends the first happy-eyeballs pass if all the +// addresses are tried and their SubConns have reported a failure. +func (b *pickfirstBalancer) endFirstPassIfPossibleLocked(lastErr error) { + // An optimization to avoid iterating over the entire SubConn map. + if b.addressList.isValid() { + return + } + // Connect() has been called on all the SubConns. The first pass can be + // ended if all the SubConns have reported a failure. + for _, v := range b.subConns.Values() { + sd := v.(*scData) + if !sd.connectionFailedInFirstPass { + return + } + } b.firstPass = false - b.numTF = 0 - b.state = connectivity.TransientFailure - - b.cc.UpdateState(balancer.State{ + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.TransientFailure, Picker: &picker{err: lastErr}, }) // Start re-connecting all the SubConns that are already in IDLE. for _, v := range b.subConns.Values() { sd := v.(*scData) - if sd.state == connectivity.Idle { + if sd.rawConnectivityState == connectivity.Idle { sd.subConn.Connect() } } } +func (b *pickfirstBalancer) isActiveSCData(sd *scData) bool { + activeSD, found := b.subConns.Get(sd.addr) + return found && activeSD == sd +} + +func (b *pickfirstBalancer) updateSubConnHealthState(sd *scData, state balancer.SubConnState) { + b.mu.Lock() + defer b.mu.Unlock() + // Previously relevant SubConns can still callback with state updates. + // To prevent pickers from returning these obsolete SubConns, this logic + // is included to check if the current list of active SubConns includes + // this SubConn. + if !b.isActiveSCData(sd) { + return + } + sd.effectiveState = state.ConnectivityState + switch state.ConnectivityState { + case connectivity.Ready: + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Ready, + Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, + }) + case connectivity.TransientFailure: + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: &picker{err: fmt.Errorf("pickfirst: health check failure: %v", state.ConnectionError)}, + }) + case connectivity.Connecting: + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, + }) + default: + b.logger.Errorf("Got unexpected health update for SubConn %p: %v", state) + } +} + +// updateBalancerState stores the state reported to the channel and calls +// ClientConn.UpdateState(). As an optimization, it avoids sending duplicate +// updates to the channel. +func (b *pickfirstBalancer) updateBalancerState(newState balancer.State) { + // In case of TransientFailures allow the picker to be updated to update + // the connectivity error, in all other cases don't send duplicate state + // updates. + if newState.ConnectivityState == b.state && b.state != connectivity.TransientFailure { + return + } + b.forceUpdateConcludedStateLocked(newState) +} + +// forceUpdateConcludedStateLocked stores the state reported to the channel and +// calls ClientConn.UpdateState(). +// A separate function is defined to force update the ClientConn state since the +// channel doesn't correctly assume that LB policies start in CONNECTING and +// relies on LB policy to send an initial CONNECTING update. +func (b *pickfirstBalancer) forceUpdateConcludedStateLocked(newState balancer.State) { + b.state = newState.ConnectivityState + b.cc.UpdateState(newState) +} + type picker struct { result balancer.PickResult err error @@ -583,15 +868,6 @@ func (al *addressList) currentAddress() resolver.Address { return al.addresses[al.idx] } -// first returns the first address in the list. If the list is empty, it returns -// an empty address instead. -func (al *addressList) first() resolver.Address { - if len(al.addresses) == 0 { - return resolver.Address{} - } - return al.addresses[0] -} - func (al *addressList) reset() { al.idx = 0 } @@ -614,6 +890,16 @@ func (al *addressList) seekTo(needle resolver.Address) bool { return false } +// hasNext returns whether incrementing the addressList will result in moving +// past the end of the list. If the list has already moved past the end, it +// returns false. +func (al *addressList) hasNext() bool { + if !al.isValid() { + return false + } + return al.idx+1 < len(al.addresses) +} + // equalAddressIgnoringBalAttributes returns true is a and b are considered // equal. This is different from the Equal method on the resolver.Address type // which considers all fields to determine equality. Here, we only consider diff --git a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go index 260255d31b..80a42d2251 100644 --- a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go +++ b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go @@ -22,7 +22,7 @@ package roundrobin import ( - "math/rand" + rand "math/rand/v2" "sync/atomic" "google.golang.org/grpc/balancer" @@ -60,7 +60,7 @@ func (*rrPickerBuilder) Build(info base.PickerBuildInfo) balancer.Picker { // Start at a random index, as the same RR balancer rebuilds a new // picker when SubConn states change, and we don't want to apply excess // load to the first server in the list. - next: uint32(rand.Intn(len(scs))), + next: uint32(rand.IntN(len(scs))), } } diff --git a/vendor/google.golang.org/grpc/balancer/subconn.go b/vendor/google.golang.org/grpc/balancer/subconn.go new file mode 100644 index 0000000000..ea27c4fa76 --- /dev/null +++ b/vendor/google.golang.org/grpc/balancer/subconn.go @@ -0,0 +1,134 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package balancer + +import ( + "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/internal" + "google.golang.org/grpc/resolver" +) + +// A SubConn represents a single connection to a gRPC backend service. +// +// All SubConns start in IDLE, and will not try to connect. To trigger a +// connection attempt, Balancers must call Connect. +// +// If the connection attempt fails, the SubConn will transition to +// TRANSIENT_FAILURE for a backoff period, and then return to IDLE. If the +// connection attempt succeeds, it will transition to READY. +// +// If a READY SubConn becomes disconnected, the SubConn will transition to IDLE. +// +// If a connection re-enters IDLE, Balancers must call Connect again to trigger +// a new connection attempt. +// +// Each SubConn contains a list of addresses. gRPC will try to connect to the +// addresses in sequence, and stop trying the remainder once the first +// connection is successful. However, this behavior is deprecated. SubConns +// should only use a single address. +// +// NOTICE: This interface is intended to be implemented by gRPC, or intercepted +// by custom load balancing poilices. Users should not need their own complete +// implementation of this interface -- they should always delegate to a SubConn +// returned by ClientConn.NewSubConn() by embedding it in their implementations. +// An embedded SubConn must never be nil, or runtime panics will occur. +type SubConn interface { + // UpdateAddresses updates the addresses used in this SubConn. + // gRPC checks if currently-connected address is still in the new list. + // If it's in the list, the connection will be kept. + // If it's not in the list, the connection will gracefully close, and + // a new connection will be created. + // + // This will trigger a state transition for the SubConn. + // + // Deprecated: this method will be removed. Create new SubConns for new + // addresses instead. + UpdateAddresses([]resolver.Address) + // Connect starts the connecting for this SubConn. + Connect() + // GetOrBuildProducer returns a reference to the existing Producer for this + // ProducerBuilder in this SubConn, or, if one does not currently exist, + // creates a new one and returns it. Returns a close function which may be + // called when the Producer is no longer needed. Otherwise the producer + // will automatically be closed upon connection loss or subchannel close. + // Should only be called on a SubConn in state Ready. Otherwise the + // producer will be unable to create streams. + GetOrBuildProducer(ProducerBuilder) (p Producer, close func()) + // Shutdown shuts down the SubConn gracefully. Any started RPCs will be + // allowed to complete. No future calls should be made on the SubConn. + // One final state update will be delivered to the StateListener (or + // UpdateSubConnState; deprecated) with ConnectivityState of Shutdown to + // indicate the shutdown operation. This may be delivered before + // in-progress RPCs are complete and the actual connection is closed. + Shutdown() + // RegisterHealthListener registers a health listener that receives health + // updates for a Ready SubConn. Only one health listener can be registered + // at a time. A health listener should be registered each time the SubConn's + // connectivity state changes to READY. Registering a health listener when + // the connectivity state is not READY may result in undefined behaviour. + // This method must not be called synchronously while handling an update + // from a previously registered health listener. + RegisterHealthListener(func(SubConnState)) + // EnforceSubConnEmbedding is included to force implementers to embed + // another implementation of this interface, allowing gRPC to add methods + // without breaking users. + internal.EnforceSubConnEmbedding +} + +// A ProducerBuilder is a simple constructor for a Producer. It is used by the +// SubConn to create producers when needed. +type ProducerBuilder interface { + // Build creates a Producer. The first parameter is always a + // grpc.ClientConnInterface (a type to allow creating RPCs/streams on the + // associated SubConn), but is declared as `any` to avoid a dependency + // cycle. Build also returns a close function that will be called when all + // references to the Producer have been given up for a SubConn, or when a + // connectivity state change occurs on the SubConn. The close function + // should always block until all asynchronous cleanup work is completed. + Build(grpcClientConnInterface any) (p Producer, close func()) +} + +// SubConnState describes the state of a SubConn. +type SubConnState struct { + // ConnectivityState is the connectivity state of the SubConn. + ConnectivityState connectivity.State + // ConnectionError is set if the ConnectivityState is TransientFailure, + // describing the reason the SubConn failed. Otherwise, it is nil. + ConnectionError error + // connectedAddr contains the connected address when ConnectivityState is + // Ready. Otherwise, it is indeterminate. + connectedAddress resolver.Address +} + +// connectedAddress returns the connected address for a SubConnState. The +// address is only valid if the state is READY. +func connectedAddress(scs SubConnState) resolver.Address { + return scs.connectedAddress +} + +// setConnectedAddress sets the connected address for a SubConnState. +func setConnectedAddress(scs *SubConnState, addr resolver.Address) { + scs.connectedAddress = addr +} + +// A Producer is a type shared among potentially many consumers. It is +// associated with a SubConn, and an implementation will typically contain +// other methods to provide additional functionality, e.g. configuration or +// subscription registration. +type Producer any diff --git a/vendor/google.golang.org/grpc/balancer_wrapper.go b/vendor/google.golang.org/grpc/balancer_wrapper.go index 2a4f2878ae..905817b5fc 100644 --- a/vendor/google.golang.org/grpc/balancer_wrapper.go +++ b/vendor/google.golang.org/grpc/balancer_wrapper.go @@ -189,6 +189,7 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer ac: ac, producers: make(map[balancer.ProducerBuilder]*refCountedProducer), stateListener: opts.StateListener, + healthData: newHealthData(connectivity.Idle), } ac.acbw = acbw return acbw, nil @@ -254,12 +255,32 @@ func (ccb *ccBalancerWrapper) Target() string { // acBalancerWrapper is a wrapper on top of ac for balancers. // It implements balancer.SubConn interface. type acBalancerWrapper struct { + internal.EnforceSubConnEmbedding ac *addrConn // read-only ccb *ccBalancerWrapper // read-only stateListener func(balancer.SubConnState) producersMu sync.Mutex producers map[balancer.ProducerBuilder]*refCountedProducer + + // Access to healthData is protected by healthMu. + healthMu sync.Mutex + // healthData is stored as a pointer to detect when the health listener is + // dropped or updated. This is required as closures can't be compared for + // equality. + healthData *healthData +} + +// healthData holds data related to health state reporting. +type healthData struct { + // connectivityState stores the most recent connectivity state delivered + // to the LB policy. This is stored to avoid sending updates when the + // SubConn has already exited connectivity state READY. + connectivityState connectivity.State +} + +func newHealthData(s connectivity.State) *healthData { + return &healthData{connectivityState: s} } // updateState is invoked by grpc to push a subConn state update to the @@ -279,6 +300,24 @@ func (acbw *acBalancerWrapper) updateState(s connectivity.State, curAddr resolve if s == connectivity.Ready { setConnectedAddress(&scs, curAddr) } + // Invalidate the health listener by updating the healthData. + acbw.healthMu.Lock() + // A race may occur if a health listener is registered soon after the + // connectivity state is set but before the stateListener is called. + // Two cases may arise: + // 1. The new state is not READY: RegisterHealthListener has checks to + // ensure no updates are sent when the connectivity state is not + // READY. + // 2. The new state is READY: This means that the old state wasn't Ready. + // The RegisterHealthListener API mentions that a health listener + // must not be registered when a SubConn is not ready to avoid such + // races. When this happens, the LB policy would get health updates + // on the old listener. When the LB policy registers a new listener + // on receiving the connectivity update, the health updates will be + // sent to the new health listener. + acbw.healthData = newHealthData(scs.ConnectivityState) + acbw.healthMu.Unlock() + acbw.stateListener(scs) }) } @@ -373,3 +412,41 @@ func (acbw *acBalancerWrapper) closeProducers() { delete(acbw.producers, pb) } } + +// RegisterHealthListener accepts a health listener from the LB policy. It sends +// updates to the health listener as long as the SubConn's connectivity state +// doesn't change and a new health listener is not registered. To invalidate +// the currently registered health listener, acbw updates the healthData. If a +// nil listener is registered, the active health listener is dropped. +func (acbw *acBalancerWrapper) RegisterHealthListener(listener func(balancer.SubConnState)) { + acbw.healthMu.Lock() + defer acbw.healthMu.Unlock() + // listeners should not be registered when the connectivity state + // isn't Ready. This may happen when the balancer registers a listener + // after the connectivityState is updated, but before it is notified + // of the update. + if acbw.healthData.connectivityState != connectivity.Ready { + return + } + // Replace the health data to stop sending updates to any previously + // registered health listeners. + hd := newHealthData(connectivity.Ready) + acbw.healthData = hd + if listener == nil { + return + } + + acbw.ccb.serializer.TrySchedule(func(ctx context.Context) { + if ctx.Err() != nil || acbw.ccb.balancer == nil { + return + } + // Don't send updates if a new listener is registered. + acbw.healthMu.Lock() + defer acbw.healthMu.Unlock() + curHD := acbw.healthData + if curHD != hd { + return + } + listener(balancer.SubConnState{ConnectivityState: connectivity.Ready}) + }) +} diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go index 55bffaa77e..9e9d080699 100644 --- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go +++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.1 // source: grpc/binlog/v1/binarylog.proto @@ -274,11 +274,9 @@ type GrpcLogEntry struct { func (x *GrpcLogEntry) Reset() { *x = GrpcLogEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GrpcLogEntry) String() string { @@ -289,7 +287,7 @@ func (*GrpcLogEntry) ProtoMessage() {} func (x *GrpcLogEntry) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -440,11 +438,9 @@ type ClientHeader struct { func (x *ClientHeader) Reset() { *x = ClientHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ClientHeader) String() string { @@ -455,7 +451,7 @@ func (*ClientHeader) ProtoMessage() {} func (x *ClientHeader) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -509,11 +505,9 @@ type ServerHeader struct { func (x *ServerHeader) Reset() { *x = ServerHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServerHeader) String() string { @@ -524,7 +518,7 @@ func (*ServerHeader) ProtoMessage() {} func (x *ServerHeader) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -565,11 +559,9 @@ type Trailer struct { func (x *Trailer) Reset() { *x = Trailer{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Trailer) String() string { @@ -580,7 +572,7 @@ func (*Trailer) ProtoMessage() {} func (x *Trailer) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -638,11 +630,9 @@ type Message struct { func (x *Message) Reset() { *x = Message{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Message) String() string { @@ -653,7 +643,7 @@ func (*Message) ProtoMessage() {} func (x *Message) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -713,11 +703,9 @@ type Metadata struct { func (x *Metadata) Reset() { *x = Metadata{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Metadata) String() string { @@ -728,7 +716,7 @@ func (*Metadata) ProtoMessage() {} func (x *Metadata) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -762,11 +750,9 @@ type MetadataEntry struct { func (x *MetadataEntry) Reset() { *x = MetadataEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MetadataEntry) String() string { @@ -777,7 +763,7 @@ func (*MetadataEntry) ProtoMessage() {} func (x *MetadataEntry) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -820,11 +806,9 @@ type Address struct { func (x *Address) Reset() { *x = Address{} - if protoimpl.UnsafeEnabled { - mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Address) String() string { @@ -835,7 +819,7 @@ func (*Address) ProtoMessage() {} func (x *Address) ProtoReflect() protoreflect.Message { mi := &file_grpc_binlog_v1_binarylog_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1057,104 +1041,6 @@ func file_grpc_binlog_v1_binarylog_proto_init() { if File_grpc_binlog_v1_binarylog_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_grpc_binlog_v1_binarylog_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*GrpcLogEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*ClientHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*ServerHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*Trailer); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[5].Exporter = func(v any, i int) any { - switch v := v.(*Metadata); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[6].Exporter = func(v any, i int) any { - switch v := v.(*MetadataEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_grpc_binlog_v1_binarylog_proto_msgTypes[7].Exporter = func(v any, i int) any { - switch v := v.(*Address); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } file_grpc_binlog_v1_binarylog_proto_msgTypes[0].OneofWrappers = []any{ (*GrpcLogEntry_ClientHeader)(nil), (*GrpcLogEntry_ServerHeader)(nil), diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 19763f8edd..4f57b55434 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -775,10 +775,7 @@ func (cc *ClientConn) updateResolverStateAndUnlock(s resolver.State, err error) } } - var balCfg serviceconfig.LoadBalancingConfig - if cc.sc != nil && cc.sc.lbConfig != nil { - balCfg = cc.sc.lbConfig - } + balCfg := cc.sc.lbConfig bw := cc.balancerWrapper cc.mu.Unlock() @@ -1374,7 +1371,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, defer cancel() copts.ChannelzParent = ac.channelz - newTr, err := transport.NewClientTransport(connectCtx, ac.cc.ctx, addr, copts, onClose) + newTr, err := transport.NewHTTP2Client(connectCtx, ac.cc.ctx, addr, copts, onClose) if err != nil { if logger.V(2) { logger.Infof("Creating new client transport to %q: %v", addr, err) @@ -1448,7 +1445,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) { if !ac.scopts.HealthCheckEnabled { return } - healthCheckFunc := ac.cc.dopts.healthCheckFunc + healthCheckFunc := internal.HealthCheckFunc if healthCheckFunc == nil { // The health package is not imported to set health check function. // @@ -1480,7 +1477,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) { } // Start the health checking stream. go func() { - err := ac.cc.dopts.healthCheckFunc(ctx, newStream, setConnectivityState, healthCheckConfig.ServiceName) + err := healthCheckFunc(ctx, newStream, setConnectivityState, healthCheckConfig.ServiceName) if err != nil { if status.Code(err) == codes.Unimplemented { channelz.Error(logger, ac.channelz, "Subchannel health check is unimplemented at server side, thus health check is disabled") diff --git a/vendor/google.golang.org/grpc/codec.go b/vendor/google.golang.org/grpc/codec.go index e840858b77..959c2f99d4 100644 --- a/vendor/google.golang.org/grpc/codec.go +++ b/vendor/google.golang.org/grpc/codec.go @@ -71,7 +71,7 @@ func (c codecV0Bridge) Marshal(v any) (mem.BufferSlice, error) { if err != nil { return nil, err } - return mem.BufferSlice{mem.NewBuffer(&data, nil)}, nil + return mem.BufferSlice{mem.SliceBuffer(data)}, nil } func (c codecV0Bridge) Unmarshal(data mem.BufferSlice, v any) (err error) { diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index 518692c3af..7494ae591f 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -87,7 +87,6 @@ type dialOptions struct { disableServiceConfig bool disableRetry bool disableHealthCheck bool - healthCheckFunc internal.HealthChecker minConnectTimeout func() time.Duration defaultServiceConfig *ServiceConfig // defaultServiceConfig is parsed from defaultServiceConfigRawJSON. defaultServiceConfigRawJSON *string @@ -445,10 +444,6 @@ func WithContextDialer(f func(context.Context, string) (net.Conn, error)) DialOp }) } -func init() { - internal.WithHealthCheckFunc = withHealthCheckFunc -} - // WithDialer returns a DialOption that specifies a function to use for dialing // network addresses. If FailOnNonTempDialError() is set to true, and an error // is returned by f, gRPC checks the error's Temporary() method to decide if it @@ -662,16 +657,6 @@ func WithDisableHealthCheck() DialOption { }) } -// withHealthCheckFunc replaces the default health check function with the -// provided one. It makes tests easier to change the health check function. -// -// For testing purpose only. -func withHealthCheckFunc(f internal.HealthChecker) DialOption { - return newFuncDialOption(func(o *dialOptions) { - o.healthCheckFunc = f - }) -} - func defaultDialOptions() dialOptions { return dialOptions{ copts: transport.ConnectOptions{ @@ -682,7 +667,6 @@ func defaultDialOptions() dialOptions { BufferPool: mem.DefaultBufferPool(), }, bs: internalbackoff.DefaultExponential, - healthCheckFunc: internal.HealthCheckFunc, idleTimeout: 30 * time.Minute, defaultScheme: "dns", maxCallAttempts: defaultMaxCallAttempts, diff --git a/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go b/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go index 1d827dd5d9..ad75313a18 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go @@ -23,6 +23,7 @@ import ( "google.golang.org/grpc/grpclog" "google.golang.org/grpc/internal" + "google.golang.org/grpc/stats" ) func init() { @@ -34,7 +35,7 @@ var logger = grpclog.Component("metrics-registry") // DefaultMetrics are the default metrics registered through global metrics // registry. This is written to at initialization time only, and is read only // after initialization. -var DefaultMetrics = NewMetrics() +var DefaultMetrics = stats.NewMetricSet() // MetricDescriptor is the data for a registered metric. type MetricDescriptor struct { @@ -42,7 +43,7 @@ type MetricDescriptor struct { // (including any per call metrics). See // https://github.com/grpc/proposal/blob/master/A79-non-per-call-metrics-architecture.md#metric-instrument-naming-conventions // for metric naming conventions. - Name Metric + Name string // The description of this metric. Description string // The unit (e.g. entries, seconds) of this metric. @@ -154,27 +155,27 @@ func (h *Int64GaugeHandle) Record(recorder MetricsRecorder, incr int64, labels . } // registeredMetrics are the registered metric descriptor names. -var registeredMetrics = make(map[Metric]bool) +var registeredMetrics = make(map[string]bool) // metricsRegistry contains all of the registered metrics. // // This is written to only at init time, and read only after that. -var metricsRegistry = make(map[Metric]*MetricDescriptor) +var metricsRegistry = make(map[string]*MetricDescriptor) // DescriptorForMetric returns the MetricDescriptor from the global registry. // // Returns nil if MetricDescriptor not present. -func DescriptorForMetric(metric Metric) *MetricDescriptor { - return metricsRegistry[metric] +func DescriptorForMetric(metricName string) *MetricDescriptor { + return metricsRegistry[metricName] } -func registerMetric(name Metric, def bool) { - if registeredMetrics[name] { - logger.Fatalf("metric %v already registered", name) +func registerMetric(metricName string, def bool) { + if registeredMetrics[metricName] { + logger.Fatalf("metric %v already registered", metricName) } - registeredMetrics[name] = true + registeredMetrics[metricName] = true if def { - DefaultMetrics = DefaultMetrics.Add(name) + DefaultMetrics = DefaultMetrics.Add(metricName) } } @@ -256,8 +257,8 @@ func snapshotMetricsRegistryForTesting() func() { oldRegisteredMetrics := registeredMetrics oldMetricsRegistry := metricsRegistry - registeredMetrics = make(map[Metric]bool) - metricsRegistry = make(map[Metric]*MetricDescriptor) + registeredMetrics = make(map[string]bool) + metricsRegistry = make(map[string]*MetricDescriptor) maps.Copy(registeredMetrics, registeredMetrics) maps.Copy(metricsRegistry, metricsRegistry) diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go index 3221f7a633..bf9e7f987b 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go @@ -19,8 +19,6 @@ // Package stats contains experimental metrics/stats API's. package stats -import "maps" - // MetricsRecorder records on metrics derived from metric registry. type MetricsRecorder interface { // RecordInt64Count records the measurement alongside labels on the int @@ -39,76 +37,3 @@ type MetricsRecorder interface { // gauge associated with the provided handle. RecordInt64Gauge(handle *Int64GaugeHandle, incr int64, labels ...string) } - -// Metric is an identifier for a metric. -type Metric string - -// Metrics is a set of metrics to record. Once created, Metrics is immutable, -// however Add and Remove can make copies with specific metrics added or -// removed, respectively. -// -// Do not construct directly; use NewMetrics instead. -type Metrics struct { - // metrics are the set of metrics to initialize. - metrics map[Metric]bool -} - -// NewMetrics returns a Metrics containing Metrics. -func NewMetrics(metrics ...Metric) *Metrics { - newMetrics := make(map[Metric]bool) - for _, metric := range metrics { - newMetrics[metric] = true - } - return &Metrics{ - metrics: newMetrics, - } -} - -// Metrics returns the metrics set. The returned map is read-only and must not -// be modified. -func (m *Metrics) Metrics() map[Metric]bool { - return m.metrics -} - -// Add adds the metrics to the metrics set and returns a new copy with the -// additional metrics. -func (m *Metrics) Add(metrics ...Metric) *Metrics { - newMetrics := make(map[Metric]bool) - for metric := range m.metrics { - newMetrics[metric] = true - } - - for _, metric := range metrics { - newMetrics[metric] = true - } - return &Metrics{ - metrics: newMetrics, - } -} - -// Join joins the metrics passed in with the metrics set, and returns a new copy -// with the merged metrics. -func (m *Metrics) Join(metrics *Metrics) *Metrics { - newMetrics := make(map[Metric]bool) - maps.Copy(newMetrics, m.metrics) - maps.Copy(newMetrics, metrics.metrics) - return &Metrics{ - metrics: newMetrics, - } -} - -// Remove removes the metrics from the metrics set and returns a new copy with -// the metrics removed. -func (m *Metrics) Remove(metrics ...Metric) *Metrics { - newMetrics := make(map[Metric]bool) - for metric := range m.metrics { - newMetrics[metric] = true - } - - for _, metric := range metrics { - delete(newMetrics, metric) - } - return &Metrics{ - metrics: newMetrics, - } -} diff --git a/vendor/google.golang.org/grpc/grpclog/internal/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/internal/loggerv2.go index 07df71e98a..ed90060c3c 100644 --- a/vendor/google.golang.org/grpc/grpclog/internal/loggerv2.go +++ b/vendor/google.golang.org/grpc/grpclog/internal/loggerv2.go @@ -101,6 +101,22 @@ var severityName = []string{ fatalLog: "FATAL", } +// sprintf is fmt.Sprintf. +// These vars exist to make it possible to test that expensive format calls aren't made unnecessarily. +var sprintf = fmt.Sprintf + +// sprint is fmt.Sprint. +// These vars exist to make it possible to test that expensive format calls aren't made unnecessarily. +var sprint = fmt.Sprint + +// sprintln is fmt.Sprintln. +// These vars exist to make it possible to test that expensive format calls aren't made unnecessarily. +var sprintln = fmt.Sprintln + +// exit is os.Exit. +// This var exists to make it possible to test functions calling os.Exit. +var exit = os.Exit + // loggerT is the default logger used by grpclog. type loggerT struct { m []*log.Logger @@ -111,7 +127,7 @@ type loggerT struct { func (g *loggerT) output(severity int, s string) { sevStr := severityName[severity] if !g.jsonFormat { - g.m[severity].Output(2, fmt.Sprintf("%v: %v", sevStr, s)) + g.m[severity].Output(2, sevStr+": "+s) return } // TODO: we can also include the logging component, but that needs more @@ -123,55 +139,79 @@ func (g *loggerT) output(severity int, s string) { g.m[severity].Output(2, string(b)) } +func (g *loggerT) printf(severity int, format string, args ...any) { + // Note the discard check is duplicated in each print func, rather than in + // output, to avoid the expensive Sprint calls. + // De-duplicating this by moving to output would be a significant performance regression! + if lg := g.m[severity]; lg.Writer() == io.Discard { + return + } + g.output(severity, sprintf(format, args...)) +} + +func (g *loggerT) print(severity int, v ...any) { + if lg := g.m[severity]; lg.Writer() == io.Discard { + return + } + g.output(severity, sprint(v...)) +} + +func (g *loggerT) println(severity int, v ...any) { + if lg := g.m[severity]; lg.Writer() == io.Discard { + return + } + g.output(severity, sprintln(v...)) +} + func (g *loggerT) Info(args ...any) { - g.output(infoLog, fmt.Sprint(args...)) + g.print(infoLog, args...) } func (g *loggerT) Infoln(args ...any) { - g.output(infoLog, fmt.Sprintln(args...)) + g.println(infoLog, args...) } func (g *loggerT) Infof(format string, args ...any) { - g.output(infoLog, fmt.Sprintf(format, args...)) + g.printf(infoLog, format, args...) } func (g *loggerT) Warning(args ...any) { - g.output(warningLog, fmt.Sprint(args...)) + g.print(warningLog, args...) } func (g *loggerT) Warningln(args ...any) { - g.output(warningLog, fmt.Sprintln(args...)) + g.println(warningLog, args...) } func (g *loggerT) Warningf(format string, args ...any) { - g.output(warningLog, fmt.Sprintf(format, args...)) + g.printf(warningLog, format, args...) } func (g *loggerT) Error(args ...any) { - g.output(errorLog, fmt.Sprint(args...)) + g.print(errorLog, args...) } func (g *loggerT) Errorln(args ...any) { - g.output(errorLog, fmt.Sprintln(args...)) + g.println(errorLog, args...) } func (g *loggerT) Errorf(format string, args ...any) { - g.output(errorLog, fmt.Sprintf(format, args...)) + g.printf(errorLog, format, args...) } func (g *loggerT) Fatal(args ...any) { - g.output(fatalLog, fmt.Sprint(args...)) - os.Exit(1) + g.print(fatalLog, args...) + exit(1) } func (g *loggerT) Fatalln(args ...any) { - g.output(fatalLog, fmt.Sprintln(args...)) - os.Exit(1) + g.println(fatalLog, args...) + exit(1) } func (g *loggerT) Fatalf(format string, args ...any) { - g.output(fatalLog, fmt.Sprintf(format, args...)) - os.Exit(1) + g.printf(fatalLog, format, args...) + exit(1) } func (g *loggerT) V(l int) bool { @@ -186,19 +226,42 @@ type LoggerV2Config struct { FormatJSON bool } +// combineLoggers returns a combined logger for both higher & lower severity logs, +// or only one if the other is io.Discard. +// +// This uses io.Discard instead of io.MultiWriter when all loggers +// are set to io.Discard. Both this package and the standard log package have +// significant optimizations for io.Discard, which io.MultiWriter lacks (as of +// this writing). +func combineLoggers(lower, higher io.Writer) io.Writer { + if lower == io.Discard { + return higher + } + if higher == io.Discard { + return lower + } + return io.MultiWriter(lower, higher) +} + // NewLoggerV2 creates a new LoggerV2 instance with the provided configuration. // The infoW, warningW, and errorW writers are used to write log messages of // different severity levels. func NewLoggerV2(infoW, warningW, errorW io.Writer, c LoggerV2Config) LoggerV2 { - var m []*log.Logger flag := log.LstdFlags if c.FormatJSON { flag = 0 } - m = append(m, log.New(infoW, "", flag)) - m = append(m, log.New(io.MultiWriter(infoW, warningW), "", flag)) - ew := io.MultiWriter(infoW, warningW, errorW) // ew will be used for error and fatal. - m = append(m, log.New(ew, "", flag)) - m = append(m, log.New(ew, "", flag)) + + warningW = combineLoggers(infoW, warningW) + errorW = combineLoggers(errorW, warningW) + + fatalW := errorW + + m := []*log.Logger{ + log.New(infoW, "", flag), + log.New(warningW, "", flag), + log.New(errorW, "", flag), + log.New(fatalW, "", flag), + } return &loggerT{m: m, v: c.Verbosity, jsonFormat: c.FormatJSON} } diff --git a/vendor/google.golang.org/grpc/internal/backoff/backoff.go b/vendor/google.golang.org/grpc/internal/backoff/backoff.go index b15cf482d2..b6ae7f2585 100644 --- a/vendor/google.golang.org/grpc/internal/backoff/backoff.go +++ b/vendor/google.golang.org/grpc/internal/backoff/backoff.go @@ -25,7 +25,7 @@ package backoff import ( "context" "errors" - "math/rand" + rand "math/rand/v2" "time" grpcbackoff "google.golang.org/grpc/backoff" diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 20b4dc3d35..3afc181344 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -29,8 +29,6 @@ import ( ) var ( - // WithHealthCheckFunc is set by dialoptions.go - WithHealthCheckFunc any // func (HealthChecker) DialOption // HealthCheckFunc is used to provide client-side LB channel health checking HealthCheckFunc HealthChecker // BalancerUnregister is exported by package balancer to unregister a balancer. @@ -149,6 +147,20 @@ var ( // other features, including the CSDS service. NewXDSResolverWithConfigForTesting any // func([]byte) (resolver.Builder, error) + // NewXDSResolverWithClientForTesting creates a new xDS resolver builder + // using the provided xDS client instead of creating a new one using the + // bootstrap configuration specified by the supported environment variables. + // The resolver.Builder is meant to be used in conjunction with the + // grpc.WithResolvers DialOption. The resolver.Builder does not take + // ownership of the provided xDS client and it is the responsibility of the + // caller to close the client when no longer required. + // + // Testing Only + // + // This function should ONLY be used for testing and may not work with some + // other features, including the CSDS service. + NewXDSResolverWithClientForTesting any // func(xdsclient.XDSClient) (resolver.Builder, error) + // RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster // Specifier Plugin for testing purposes, regardless of the XDSRLS environment // variable. @@ -255,3 +267,9 @@ const ( // It currently has an experimental suffix which would be removed once // end-to-end testing of the policy is completed. const RLSLoadBalancingPolicyName = "rls_experimental" + +// EnforceSubConnEmbedding is used to enforce proper SubConn implementation +// embedding. +type EnforceSubConnEmbedding interface { + enforceSubConnEmbedding() +} diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go index 374c12fb77..ba5c5a95d0 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go +++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go @@ -24,8 +24,9 @@ import ( "context" "encoding/json" "fmt" - "math/rand" + rand "math/rand/v2" "net" + "net/netip" "os" "strconv" "strings" @@ -122,7 +123,7 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts } // IP address. - if ipAddr, ok := formatIP(host); ok { + if ipAddr, err := formatIP(host); err == nil { addr := []resolver.Address{{Addr: ipAddr + ":" + port}} cc.UpdateState(resolver.State{Addresses: addr}) return deadResolver{}, nil @@ -260,9 +261,9 @@ func (d *dnsResolver) lookupSRV(ctx context.Context) ([]resolver.Address, error) return nil, err } for _, a := range lbAddrs { - ip, ok := formatIP(a) - if !ok { - return nil, fmt.Errorf("dns: error parsing A record IP address %v", a) + ip, err := formatIP(a) + if err != nil { + return nil, fmt.Errorf("dns: error parsing A record IP address %v: %v", a, err) } addr := ip + ":" + strconv.Itoa(int(s.Port)) newAddrs = append(newAddrs, resolver.Address{Addr: addr, ServerName: s.Target}) @@ -322,9 +323,9 @@ func (d *dnsResolver) lookupHost(ctx context.Context) ([]resolver.Address, error } newAddrs := make([]resolver.Address, 0, len(addrs)) for _, a := range addrs { - ip, ok := formatIP(a) - if !ok { - return nil, fmt.Errorf("dns: error parsing A record IP address %v", a) + ip, err := formatIP(a) + if err != nil { + return nil, fmt.Errorf("dns: error parsing A record IP address %v: %v", a, err) } addr := ip + ":" + d.port newAddrs = append(newAddrs, resolver.Address{Addr: addr}) @@ -351,19 +352,19 @@ func (d *dnsResolver) lookup() (*resolver.State, error) { return &state, nil } -// formatIP returns ok = false if addr is not a valid textual representation of -// an IP address. If addr is an IPv4 address, return the addr and ok = true. +// formatIP returns an error if addr is not a valid textual representation of +// an IP address. If addr is an IPv4 address, return the addr and error = nil. // If addr is an IPv6 address, return the addr enclosed in square brackets and -// ok = true. -func formatIP(addr string) (addrIP string, ok bool) { - ip := net.ParseIP(addr) - if ip == nil { - return "", false +// error = nil. +func formatIP(addr string) (string, error) { + ip, err := netip.ParseAddr(addr) + if err != nil { + return "", err } - if ip.To4() != nil { - return addr, true + if ip.Is4() { + return addr, nil } - return "[" + addr + "]", true + return "[" + addr + "]", nil } // parseTarget takes the user input target string and default port, returns @@ -379,7 +380,7 @@ func parseTarget(target, defaultPort string) (host, port string, err error) { if target == "" { return "", "", internal.ErrMissingAddr } - if ip := net.ParseIP(target); ip != nil { + if _, err := netip.ParseAddr(target); err == nil { // target is an IPv4 or IPv6(without brackets) address return target, defaultPort, nil } @@ -427,7 +428,7 @@ func chosenByPercentage(a *int) bool { if a == nil { return true } - return rand.Intn(100)+1 <= *a + return rand.IntN(100)+1 <= *a } func canaryingSC(js string) string { diff --git a/vendor/google.golang.org/grpc/internal/transport/client_stream.go b/vendor/google.golang.org/grpc/internal/transport/client_stream.go new file mode 100644 index 0000000000..8ed347c541 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/client_stream.go @@ -0,0 +1,144 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package transport + +import ( + "sync/atomic" + + "golang.org/x/net/http2" + "google.golang.org/grpc/mem" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) + +// ClientStream implements streaming functionality for a gRPC client. +type ClientStream struct { + *Stream // Embed for common stream functionality. + + ct *http2Client + done chan struct{} // closed at the end of stream to unblock writers. + doneFunc func() // invoked at the end of stream. + + headerChan chan struct{} // closed to indicate the end of header metadata. + headerChanClosed uint32 // set when headerChan is closed. Used to avoid closing headerChan multiple times. + // headerValid indicates whether a valid header was received. Only + // meaningful after headerChan is closed (always call waitOnHeader() before + // reading its value). + headerValid bool + header metadata.MD // the received header metadata + noHeaders bool // set if the client never received headers (set only after the stream is done). + + bytesReceived atomic.Bool // indicates whether any bytes have been received on this stream + unprocessed atomic.Bool // set if the server sends a refused stream or GOAWAY including this stream + + status *status.Status // the status error received from the server +} + +// Read reads an n byte message from the input stream. +func (s *ClientStream) Read(n int) (mem.BufferSlice, error) { + b, err := s.Stream.read(n) + if err == nil { + s.ct.incrMsgRecv() + } + return b, err +} + +// Close closes the stream and popagates err to any readers. +func (s *ClientStream) Close(err error) { + var ( + rst bool + rstCode http2.ErrCode + ) + if err != nil { + rst = true + rstCode = http2.ErrCodeCancel + } + s.ct.closeStream(s, err, rst, rstCode, status.Convert(err), nil, false) +} + +// Write writes the hdr and data bytes to the output stream. +func (s *ClientStream) Write(hdr []byte, data mem.BufferSlice, opts *WriteOptions) error { + return s.ct.write(s, hdr, data, opts) +} + +// BytesReceived indicates whether any bytes have been received on this stream. +func (s *ClientStream) BytesReceived() bool { + return s.bytesReceived.Load() +} + +// Unprocessed indicates whether the server did not process this stream -- +// i.e. it sent a refused stream or GOAWAY including this stream ID. +func (s *ClientStream) Unprocessed() bool { + return s.unprocessed.Load() +} + +func (s *ClientStream) waitOnHeader() { + select { + case <-s.ctx.Done(): + // Close the stream to prevent headers/trailers from changing after + // this function returns. + s.Close(ContextErr(s.ctx.Err())) + // headerChan could possibly not be closed yet if closeStream raced + // with operateHeaders; wait until it is closed explicitly here. + <-s.headerChan + case <-s.headerChan: + } +} + +// RecvCompress returns the compression algorithm applied to the inbound +// message. It is empty string if there is no compression applied. +func (s *ClientStream) RecvCompress() string { + s.waitOnHeader() + return s.recvCompress +} + +// Done returns a channel which is closed when it receives the final status +// from the server. +func (s *ClientStream) Done() <-chan struct{} { + return s.done +} + +// Header returns the header metadata of the stream. Acquires the key-value +// pairs of header metadata once it is available. It blocks until i) the +// metadata is ready or ii) there is no header metadata or iii) the stream is +// canceled/expired. +func (s *ClientStream) Header() (metadata.MD, error) { + s.waitOnHeader() + + if !s.headerValid || s.noHeaders { + return nil, s.status.Err() + } + + return s.header.Copy(), nil +} + +// TrailersOnly blocks until a header or trailers-only frame is received and +// then returns true if the stream was trailers-only. If the stream ends +// before headers are received, returns true, nil. +func (s *ClientStream) TrailersOnly() bool { + s.waitOnHeader() + return s.noHeaders +} + +// Status returns the status received from the server. +// Status can be read safely only after the stream has ended, +// that is, after Done() is closed. +func (s *ClientStream) Status() *status.Status { + return s.status +} diff --git a/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go index 97198c5158..dfc0f224ec 100644 --- a/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go +++ b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go @@ -92,14 +92,11 @@ func (f *trInFlow) newLimit(n uint32) uint32 { func (f *trInFlow) onData(n uint32) uint32 { f.unacked += n - if f.unacked >= f.limit/4 { - w := f.unacked - f.unacked = 0 + if f.unacked < f.limit/4 { f.updateEffectiveWindowSize() - return w + return 0 } - f.updateEffectiveWindowSize() - return 0 + return f.reset() } func (f *trInFlow) reset() uint32 { diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go index ce878693bd..d9305a65d8 100644 --- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go @@ -225,7 +225,7 @@ func (ht *serverHandlerTransport) do(fn func()) error { } } -func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) error { +func (ht *serverHandlerTransport) writeStatus(s *ServerStream, st *status.Status) error { ht.writeStatusMu.Lock() defer ht.writeStatusMu.Unlock() @@ -289,14 +289,14 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro // writePendingHeaders sets common and custom headers on the first // write call (Write, WriteHeader, or WriteStatus) -func (ht *serverHandlerTransport) writePendingHeaders(s *Stream) { +func (ht *serverHandlerTransport) writePendingHeaders(s *ServerStream) { ht.writeCommonHeaders(s) ht.writeCustomHeaders(s) } // writeCommonHeaders sets common headers on the first write // call (Write, WriteHeader, or WriteStatus). -func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) { +func (ht *serverHandlerTransport) writeCommonHeaders(s *ServerStream) { h := ht.rw.Header() h["Date"] = nil // suppress Date to make tests happy; TODO: restore h.Set("Content-Type", ht.contentType) @@ -317,7 +317,7 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) { // writeCustomHeaders sets custom headers set on the stream via SetHeader // on the first write call (Write, WriteHeader, or WriteStatus) -func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) { +func (ht *serverHandlerTransport) writeCustomHeaders(s *ServerStream) { h := ht.rw.Header() s.hdrMu.Lock() @@ -333,7 +333,7 @@ func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) { s.hdrMu.Unlock() } -func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data mem.BufferSlice, _ *Options) error { +func (ht *serverHandlerTransport) write(s *ServerStream, hdr []byte, data mem.BufferSlice, _ *WriteOptions) error { // Always take a reference because otherwise there is no guarantee the data will // be available after this function returns. This is what callers to Write // expect. @@ -357,7 +357,7 @@ func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data mem.BufferSl return nil } -func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { +func (ht *serverHandlerTransport) writeHeader(s *ServerStream, md metadata.MD) error { if err := s.SetHeader(md); err != nil { return err } @@ -385,7 +385,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { return err } -func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream func(*Stream)) { +func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream func(*ServerStream)) { // With this transport type there will be exactly 1 stream: this HTTP request. var cancel context.CancelFunc if ht.timeoutSet { @@ -408,16 +408,18 @@ func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream ctx = metadata.NewIncomingContext(ctx, ht.headerMD) req := ht.req - s := &Stream{ - id: 0, // irrelevant - ctx: ctx, - requestRead: func(int) {}, + s := &ServerStream{ + Stream: &Stream{ + id: 0, // irrelevant + ctx: ctx, + requestRead: func(int) {}, + buf: newRecvBuffer(), + method: req.URL.Path, + recvCompress: req.Header.Get("grpc-encoding"), + contentSubtype: ht.contentSubtype, + }, cancel: cancel, - buf: newRecvBuffer(), st: ht, - method: req.URL.Path, - recvCompress: req.Header.Get("grpc-encoding"), - contentSubtype: ht.contentSubtype, headerWireLength: 0, // won't have access to header wire length until golang/go#18997. } s.trReader = &transportReader{ @@ -471,9 +473,7 @@ func (ht *serverHandlerTransport) runStream() { } } -func (ht *serverHandlerTransport) IncrMsgSent() {} - -func (ht *serverHandlerTransport) IncrMsgRecv() {} +func (ht *serverHandlerTransport) incrMsgRecv() {} func (ht *serverHandlerTransport) Drain(string) { panic("Drain() is not implemented") diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index 62b81885d8..f323ab7f45 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -123,7 +123,7 @@ type http2Client struct { mu sync.Mutex // guard the following variables nextID uint32 state transportState - activeStreams map[uint32]*Stream + activeStreams map[uint32]*ClientStream // prevGoAway ID records the Last-Stream-ID in the previous GOAway frame. prevGoAwayID uint32 // goAwayReason records the http2.ErrCode and debug data received with the @@ -199,10 +199,10 @@ func isTemporary(err error) bool { return true } -// newHTTP2Client constructs a connected ClientTransport to addr based on HTTP2 +// NewHTTP2Client constructs a connected ClientTransport to addr based on HTTP2 // and starts to receive messages on it. Non-nil error returns if construction // fails. -func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (_ *http2Client, err error) { +func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (_ ClientTransport, err error) { scheme := "http" ctx, cancel := context.WithCancel(ctx) defer func() { @@ -339,7 +339,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts framer: newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize), fc: &trInFlow{limit: uint32(icwz)}, scheme: scheme, - activeStreams: make(map[uint32]*Stream), + activeStreams: make(map[uint32]*ClientStream), isSecure: isSecure, perRPCCreds: perRPCCreds, kp: kp, @@ -480,17 +480,19 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts return t, nil } -func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream { +func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *ClientStream { // TODO(zhaoq): Handle uint32 overflow of Stream.id. - s := &Stream{ - ct: t, - done: make(chan struct{}), - method: callHdr.Method, - sendCompress: callHdr.SendCompress, - buf: newRecvBuffer(), - headerChan: make(chan struct{}), - contentSubtype: callHdr.ContentSubtype, - doneFunc: callHdr.DoneFunc, + s := &ClientStream{ + Stream: &Stream{ + method: callHdr.Method, + sendCompress: callHdr.SendCompress, + buf: newRecvBuffer(), + contentSubtype: callHdr.ContentSubtype, + }, + ct: t, + done: make(chan struct{}), + headerChan: make(chan struct{}), + doneFunc: callHdr.DoneFunc, } s.wq = newWriteQuota(defaultWriteQuota, s.done) s.requestRead = func(n int) { @@ -506,7 +508,7 @@ func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream { ctxDone: s.ctx.Done(), recv: s.buf, closeStream: func(err error) { - t.CloseStream(s, err) + s.Close(err) }, }, windowHandler: func(n int) { @@ -597,12 +599,6 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) for k, v := range callAuthData { headerFields = append(headerFields, hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)}) } - if b := stats.OutgoingTags(ctx); b != nil { - headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-tags-bin", Value: encodeBinHeader(b)}) - } - if b := stats.OutgoingTrace(ctx); b != nil { - headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)}) - } if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok { var k string @@ -738,7 +734,7 @@ func (e NewStreamError) Error() string { // NewStream creates a stream and registers it into the transport as "active" // streams. All non-nil errors returned will be *NewStreamError. -func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, error) { +func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientStream, error) { ctx = peer.NewContext(ctx, t.getPeer()) // ServerName field of the resolver returned address takes precedence over @@ -763,7 +759,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, return } // The stream was unprocessed by the server. - atomic.StoreUint32(&s.unprocessed, 1) + s.unprocessed.Store(true) s.write(recvMsg{err: err}) close(s.done) // If headerChan isn't closed, then close it. @@ -908,21 +904,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, return s, nil } -// CloseStream clears the footprint of a stream when the stream is not needed any more. -// This must not be executed in reader's goroutine. -func (t *http2Client) CloseStream(s *Stream, err error) { - var ( - rst bool - rstCode http2.ErrCode - ) - if err != nil { - rst = true - rstCode = http2.ErrCodeCancel - } - t.closeStream(s, err, rst, rstCode, status.Convert(err), nil, false) -} - -func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.ErrCode, st *status.Status, mdata map[string][]string, eosReceived bool) { +func (t *http2Client) closeStream(s *ClientStream, err error, rst bool, rstCode http2.ErrCode, st *status.Status, mdata map[string][]string, eosReceived bool) { // Set stream status to done. if s.swapState(streamDone) == streamDone { // If it was already done, return. If multiple closeStream calls @@ -1085,7 +1067,7 @@ func (t *http2Client) GracefulClose() { // Write formats the data into HTTP2 data frame(s) and sends it out. The caller // should proceed only if Write returns nil. -func (t *http2Client) Write(s *Stream, hdr []byte, data mem.BufferSlice, opts *Options) error { +func (t *http2Client) write(s *ClientStream, hdr []byte, data mem.BufferSlice, opts *WriteOptions) error { reader := data.Reader() if opts.Last { @@ -1114,10 +1096,11 @@ func (t *http2Client) Write(s *Stream, hdr []byte, data mem.BufferSlice, opts *O _ = reader.Close() return err } + t.incrMsgSent() return nil } -func (t *http2Client) getStream(f http2.Frame) *Stream { +func (t *http2Client) getStream(f http2.Frame) *ClientStream { t.mu.Lock() s := t.activeStreams[f.Header().StreamID] t.mu.Unlock() @@ -1127,7 +1110,7 @@ func (t *http2Client) getStream(f http2.Frame) *Stream { // adjustWindow sends out extra window update over the initial window size // of stream if the application is requesting data larger in size than // the window. -func (t *http2Client) adjustWindow(s *Stream, n uint32) { +func (t *http2Client) adjustWindow(s *ClientStream, n uint32) { if w := s.fc.maybeAdjust(n); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w}) } @@ -1136,7 +1119,7 @@ func (t *http2Client) adjustWindow(s *Stream, n uint32) { // updateWindow adjusts the inbound quota for the stream. // Window updates will be sent out when the cumulative quota // exceeds the corresponding threshold. -func (t *http2Client) updateWindow(s *Stream, n uint32) { +func (t *http2Client) updateWindow(s *ClientStream, n uint32) { if w := s.fc.onRead(n); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w}) } @@ -1242,7 +1225,7 @@ func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) { } if f.ErrCode == http2.ErrCodeRefusedStream { // The stream was unprocessed by the server. - atomic.StoreUint32(&s.unprocessed, 1) + s.unprocessed.Store(true) } statusCode, ok := http2ErrConvTab[f.ErrCode] if !ok { @@ -1383,11 +1366,11 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) error { return connectionErrorf(true, nil, "received goaway and there are no active streams") } - streamsToClose := make([]*Stream, 0) + streamsToClose := make([]*ClientStream, 0) for streamID, stream := range t.activeStreams { if streamID > id && streamID <= upperLimit { // The stream was unprocessed by the server. - atomic.StoreUint32(&stream.unprocessed, 1) + stream.unprocessed.Store(true) streamsToClose = append(streamsToClose, stream) } } @@ -1439,7 +1422,7 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { return } endStream := frame.StreamEnded() - atomic.StoreUint32(&s.bytesReceived, 1) + s.bytesReceived.Store(true) initialHeader := atomic.LoadUint32(&s.headerChanClosed) == 0 if !initialHeader && !endStream { @@ -1809,14 +1792,18 @@ func (t *http2Client) socketMetrics() *channelz.EphemeralSocketMetrics { func (t *http2Client) RemoteAddr() net.Addr { return t.remoteAddr } -func (t *http2Client) IncrMsgSent() { - t.channelz.SocketMetrics.MessagesSent.Add(1) - t.channelz.SocketMetrics.LastMessageSentTimestamp.Store(time.Now().UnixNano()) +func (t *http2Client) incrMsgSent() { + if channelz.IsOn() { + t.channelz.SocketMetrics.MessagesSent.Add(1) + t.channelz.SocketMetrics.LastMessageSentTimestamp.Store(time.Now().UnixNano()) + } } -func (t *http2Client) IncrMsgRecv() { - t.channelz.SocketMetrics.MessagesReceived.Add(1) - t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Store(time.Now().UnixNano()) +func (t *http2Client) incrMsgRecv() { + if channelz.IsOn() { + t.channelz.SocketMetrics.MessagesReceived.Add(1) + t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Store(time.Now().UnixNano()) + } } func (t *http2Client) getOutFlowWindow() int64 { diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index 584b50fe55..0055fddd7e 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -25,7 +25,7 @@ import ( "fmt" "io" "math" - "math/rand" + rand "math/rand/v2" "net" "net/http" "strconv" @@ -111,7 +111,7 @@ type http2Server struct { // already initialized since draining is already underway. drainEvent *grpcsync.Event state transportState - activeStreams map[uint32]*Stream + activeStreams map[uint32]*ServerStream // idle is the time instant when the connection went idle. // This is either the beginning of the connection or when the number of // RPCs go down to 0. @@ -256,7 +256,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, inTapHandle: config.InTapHandle, fc: &trInFlow{limit: uint32(icwz)}, state: reachable, - activeStreams: make(map[uint32]*Stream), + activeStreams: make(map[uint32]*ServerStream), stats: config.StatsHandlers, kp: kp, idle: time.Now(), @@ -359,7 +359,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, // operateHeaders takes action on the decoded headers. Returns an error if fatal // error encountered and transport needs to close, otherwise returns nil. -func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeadersFrame, handle func(*Stream)) error { +func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeadersFrame, handle func(*ServerStream)) error { // Acquire max stream ID lock for entire duration t.maxStreamMu.Lock() defer t.maxStreamMu.Unlock() @@ -385,11 +385,13 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade t.maxStreamID = streamID buf := newRecvBuffer() - s := &Stream{ - id: streamID, + s := &ServerStream{ + Stream: &Stream{ + id: streamID, + buf: buf, + fc: &inFlow{limit: uint32(t.initialWindowSize)}, + }, st: t, - buf: buf, - fc: &inFlow{limit: uint32(t.initialWindowSize)}, headerWireLength: int(frame.Header().Length), } var ( @@ -537,12 +539,6 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade // Attach the received metadata to the context. if len(mdata) > 0 { s.ctx = metadata.NewIncomingContext(s.ctx, mdata) - if statsTags := mdata["grpc-tags-bin"]; len(statsTags) > 0 { - s.ctx = stats.SetIncomingTags(s.ctx, []byte(statsTags[len(statsTags)-1])) - } - if statsTrace := mdata["grpc-trace-bin"]; len(statsTrace) > 0 { - s.ctx = stats.SetIncomingTrace(s.ctx, []byte(statsTrace[len(statsTrace)-1])) - } } t.mu.Lock() if t.state != reachable { @@ -634,7 +630,7 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade // HandleStreams receives incoming streams using the given handler. This is // typically run in a separate goroutine. // traceCtx attaches trace to ctx and returns the new context. -func (t *http2Server) HandleStreams(ctx context.Context, handle func(*Stream)) { +func (t *http2Server) HandleStreams(ctx context.Context, handle func(*ServerStream)) { defer func() { close(t.readerDone) <-t.loopyWriterDone @@ -698,7 +694,7 @@ func (t *http2Server) HandleStreams(ctx context.Context, handle func(*Stream)) { } } -func (t *http2Server) getStream(f http2.Frame) (*Stream, bool) { +func (t *http2Server) getStream(f http2.Frame) (*ServerStream, bool) { t.mu.Lock() defer t.mu.Unlock() if t.activeStreams == nil { @@ -716,7 +712,7 @@ func (t *http2Server) getStream(f http2.Frame) (*Stream, bool) { // adjustWindow sends out extra window update over the initial window size // of stream if the application is requesting data larger in size than // the window. -func (t *http2Server) adjustWindow(s *Stream, n uint32) { +func (t *http2Server) adjustWindow(s *ServerStream, n uint32) { if w := s.fc.maybeAdjust(n); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w}) } @@ -726,7 +722,7 @@ func (t *http2Server) adjustWindow(s *Stream, n uint32) { // updateWindow adjusts the inbound quota for the stream and the transport. // Window updates will deliver to the controller for sending when // the cumulative quota exceeds the corresponding threshold. -func (t *http2Server) updateWindow(s *Stream, n uint32) { +func (t *http2Server) updateWindow(s *ServerStream, n uint32) { if w := s.fc.onRead(n); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{streamID: s.id, increment: w, @@ -963,7 +959,7 @@ func (t *http2Server) checkForHeaderListSize(it any) bool { return true } -func (t *http2Server) streamContextErr(s *Stream) error { +func (t *http2Server) streamContextErr(s *ServerStream) error { select { case <-t.done: return ErrConnClosing @@ -973,7 +969,7 @@ func (t *http2Server) streamContextErr(s *Stream) error { } // WriteHeader sends the header metadata md back to the client. -func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error { +func (t *http2Server) writeHeader(s *ServerStream, md metadata.MD) error { s.hdrMu.Lock() defer s.hdrMu.Unlock() if s.getState() == streamDone { @@ -1006,7 +1002,7 @@ func (t *http2Server) setResetPingStrikes() { atomic.StoreUint32(&t.resetPingStrikes, 1) } -func (t *http2Server) writeHeaderLocked(s *Stream) error { +func (t *http2Server) writeHeaderLocked(s *ServerStream) error { // TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields // first and create a slice of that exact size. headerFields := make([]hpack.HeaderField, 0, 2) // at least :status, content-type will be there if none else. @@ -1046,7 +1042,7 @@ func (t *http2Server) writeHeaderLocked(s *Stream) error { // There is no further I/O operations being able to perform on this stream. // TODO(zhaoq): Now it indicates the end of entire stream. Revisit if early // OK is adopted. -func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error { +func (t *http2Server) writeStatus(s *ServerStream, st *status.Status) error { s.hdrMu.Lock() defer s.hdrMu.Unlock() @@ -1117,11 +1113,11 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error { // Write converts the data into HTTP2 data frame and sends it out. Non-nil error // is returns if it fails (e.g., framing error, transport error). -func (t *http2Server) Write(s *Stream, hdr []byte, data mem.BufferSlice, _ *Options) error { +func (t *http2Server) write(s *ServerStream, hdr []byte, data mem.BufferSlice, _ *WriteOptions) error { reader := data.Reader() if !s.isHeaderSent() { // Headers haven't been written yet. - if err := t.WriteHeader(s, nil); err != nil { + if err := t.writeHeader(s, nil); err != nil { _ = reader.Close() return err } @@ -1147,6 +1143,7 @@ func (t *http2Server) Write(s *Stream, hdr []byte, data mem.BufferSlice, _ *Opti _ = reader.Close() return err } + t.incrMsgSent() return nil } @@ -1276,7 +1273,7 @@ func (t *http2Server) Close(err error) { } // deleteStream deletes the stream s from transport's active streams. -func (t *http2Server) deleteStream(s *Stream, eosReceived bool) { +func (t *http2Server) deleteStream(s *ServerStream, eosReceived bool) { t.mu.Lock() if _, ok := t.activeStreams[s.id]; ok { @@ -1297,7 +1294,7 @@ func (t *http2Server) deleteStream(s *Stream, eosReceived bool) { } // finishStream closes the stream and puts the trailing headerFrame into controlbuf. -func (t *http2Server) finishStream(s *Stream, rst bool, rstCode http2.ErrCode, hdr *headerFrame, eosReceived bool) { +func (t *http2Server) finishStream(s *ServerStream, rst bool, rstCode http2.ErrCode, hdr *headerFrame, eosReceived bool) { // In case stream sending and receiving are invoked in separate // goroutines (e.g., bi-directional streaming), cancel needs to be // called to interrupt the potential blocking on other goroutines. @@ -1321,7 +1318,7 @@ func (t *http2Server) finishStream(s *Stream, rst bool, rstCode http2.ErrCode, h } // closeStream clears the footprint of a stream when the stream is not needed any more. -func (t *http2Server) closeStream(s *Stream, rst bool, rstCode http2.ErrCode, eosReceived bool) { +func (t *http2Server) closeStream(s *ServerStream, rst bool, rstCode http2.ErrCode, eosReceived bool) { // In case stream sending and receiving are invoked in separate // goroutines (e.g., bi-directional streaming), cancel needs to be // called to interrupt the potential blocking on other goroutines. @@ -1415,14 +1412,18 @@ func (t *http2Server) socketMetrics() *channelz.EphemeralSocketMetrics { } } -func (t *http2Server) IncrMsgSent() { - t.channelz.SocketMetrics.MessagesSent.Add(1) - t.channelz.SocketMetrics.LastMessageSentTimestamp.Add(1) +func (t *http2Server) incrMsgSent() { + if channelz.IsOn() { + t.channelz.SocketMetrics.MessagesSent.Add(1) + t.channelz.SocketMetrics.LastMessageSentTimestamp.Add(1) + } } -func (t *http2Server) IncrMsgRecv() { - t.channelz.SocketMetrics.MessagesReceived.Add(1) - t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Add(1) +func (t *http2Server) incrMsgRecv() { + if channelz.IsOn() { + t.channelz.SocketMetrics.MessagesReceived.Add(1) + t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Add(1) + } } func (t *http2Server) getOutFlowWindow() int64 { @@ -1455,7 +1456,7 @@ func getJitter(v time.Duration) time.Duration { } // Generate a jitter between +/- 10% of the value. r := int64(v / 10) - j := rand.Int63n(2*r) - r + j := rand.Int64N(2*r) - r return time.Duration(j) } diff --git a/vendor/google.golang.org/grpc/internal/transport/server_stream.go b/vendor/google.golang.org/grpc/internal/transport/server_stream.go new file mode 100644 index 0000000000..a22a901514 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/server_stream.go @@ -0,0 +1,178 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package transport + +import ( + "context" + "errors" + "strings" + "sync" + "sync/atomic" + + "google.golang.org/grpc/mem" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) + +// ServerStream implements streaming functionality for a gRPC server. +type ServerStream struct { + *Stream // Embed for common stream functionality. + + st internalServerTransport + ctxDone <-chan struct{} // closed at the end of stream. Cache of ctx.Done() (for performance) + cancel context.CancelFunc // invoked at the end of stream to cancel ctx. + + // Holds compressor names passed in grpc-accept-encoding metadata from the + // client. + clientAdvertisedCompressors string + headerWireLength int + + // hdrMu protects outgoing header and trailer metadata. + hdrMu sync.Mutex + header metadata.MD // the outgoing header metadata. Updated by WriteHeader. + headerSent atomic.Bool // atomically set when the headers are sent out. +} + +// Read reads an n byte message from the input stream. +func (s *ServerStream) Read(n int) (mem.BufferSlice, error) { + b, err := s.Stream.read(n) + if err == nil { + s.st.incrMsgRecv() + } + return b, err +} + +// SendHeader sends the header metadata for the given stream. +func (s *ServerStream) SendHeader(md metadata.MD) error { + return s.st.writeHeader(s, md) +} + +// Write writes the hdr and data bytes to the output stream. +func (s *ServerStream) Write(hdr []byte, data mem.BufferSlice, opts *WriteOptions) error { + return s.st.write(s, hdr, data, opts) +} + +// WriteStatus sends the status of a stream to the client. WriteStatus is +// the final call made on a stream and always occurs. +func (s *ServerStream) WriteStatus(st *status.Status) error { + return s.st.writeStatus(s, st) +} + +// isHeaderSent indicates whether headers have been sent. +func (s *ServerStream) isHeaderSent() bool { + return s.headerSent.Load() +} + +// updateHeaderSent updates headerSent and returns true +// if it was already set. +func (s *ServerStream) updateHeaderSent() bool { + return s.headerSent.Swap(true) +} + +// RecvCompress returns the compression algorithm applied to the inbound +// message. It is empty string if there is no compression applied. +func (s *ServerStream) RecvCompress() string { + return s.recvCompress +} + +// SendCompress returns the send compressor name. +func (s *ServerStream) SendCompress() string { + return s.sendCompress +} + +// ContentSubtype returns the content-subtype for a request. For example, a +// content-subtype of "proto" will result in a content-type of +// "application/grpc+proto". This will always be lowercase. See +// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for +// more details. +func (s *ServerStream) ContentSubtype() string { + return s.contentSubtype +} + +// SetSendCompress sets the compression algorithm to the stream. +func (s *ServerStream) SetSendCompress(name string) error { + if s.isHeaderSent() || s.getState() == streamDone { + return errors.New("transport: set send compressor called after headers sent or stream done") + } + + s.sendCompress = name + return nil +} + +// SetContext sets the context of the stream. This will be deleted once the +// stats handler callouts all move to gRPC layer. +func (s *ServerStream) SetContext(ctx context.Context) { + s.ctx = ctx +} + +// ClientAdvertisedCompressors returns the compressor names advertised by the +// client via grpc-accept-encoding header. +func (s *ServerStream) ClientAdvertisedCompressors() []string { + values := strings.Split(s.clientAdvertisedCompressors, ",") + for i, v := range values { + values[i] = strings.TrimSpace(v) + } + return values +} + +// Header returns the header metadata of the stream. It returns the out header +// after t.WriteHeader is called. It does not block and must not be called +// until after WriteHeader. +func (s *ServerStream) Header() (metadata.MD, error) { + // Return the header in stream. It will be the out + // header after t.WriteHeader is called. + return s.header.Copy(), nil +} + +// HeaderWireLength returns the size of the headers of the stream as received +// from the wire. +func (s *ServerStream) HeaderWireLength() int { + return s.headerWireLength +} + +// SetHeader sets the header metadata. This can be called multiple times. +// This should not be called in parallel to other data writes. +func (s *ServerStream) SetHeader(md metadata.MD) error { + if md.Len() == 0 { + return nil + } + if s.isHeaderSent() || s.getState() == streamDone { + return ErrIllegalHeaderWrite + } + s.hdrMu.Lock() + s.header = metadata.Join(s.header, md) + s.hdrMu.Unlock() + return nil +} + +// SetTrailer sets the trailer metadata which will be sent with the RPC status +// by the server. This can be called multiple times. +// This should not be called parallel to other data writes. +func (s *ServerStream) SetTrailer(md metadata.MD) error { + if md.Len() == 0 { + return nil + } + if s.getState() == streamDone { + return ErrIllegalHeaderWrite + } + s.hdrMu.Lock() + s.trailer = metadata.Join(s.trailer, md) + s.hdrMu.Unlock() + return nil +} diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index e12cb0bc91..2859b87755 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -27,7 +27,6 @@ import ( "fmt" "io" "net" - "strings" "sync" "sync/atomic" "time" @@ -39,7 +38,6 @@ import ( "google.golang.org/grpc/mem" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" - "google.golang.org/grpc/resolver" "google.golang.org/grpc/stats" "google.golang.org/grpc/status" "google.golang.org/grpc/tap" @@ -133,7 +131,7 @@ type recvBufferReader struct { err error } -func (r *recvBufferReader) ReadHeader(header []byte) (n int, err error) { +func (r *recvBufferReader) ReadMessageHeader(header []byte) (n int, err error) { if r.err != nil { return 0, r.err } @@ -142,9 +140,9 @@ func (r *recvBufferReader) ReadHeader(header []byte) (n int, err error) { return n, nil } if r.closeStream != nil { - n, r.err = r.readHeaderClient(header) + n, r.err = r.readMessageHeaderClient(header) } else { - n, r.err = r.readHeader(header) + n, r.err = r.readMessageHeader(header) } return n, r.err } @@ -174,12 +172,12 @@ func (r *recvBufferReader) Read(n int) (buf mem.Buffer, err error) { return buf, r.err } -func (r *recvBufferReader) readHeader(header []byte) (n int, err error) { +func (r *recvBufferReader) readMessageHeader(header []byte) (n int, err error) { select { case <-r.ctxDone: return 0, ContextErr(r.ctx.Err()) case m := <-r.recv.get(): - return r.readHeaderAdditional(m, header) + return r.readMessageHeaderAdditional(m, header) } } @@ -192,7 +190,7 @@ func (r *recvBufferReader) read(n int) (buf mem.Buffer, err error) { } } -func (r *recvBufferReader) readHeaderClient(header []byte) (n int, err error) { +func (r *recvBufferReader) readMessageHeaderClient(header []byte) (n int, err error) { // If the context is canceled, then closes the stream with nil metadata. // closeStream writes its error parameter to r.recv as a recvMsg. // r.readAdditional acts on that message and returns the necessary error. @@ -213,9 +211,9 @@ func (r *recvBufferReader) readHeaderClient(header []byte) (n int, err error) { // faster. r.closeStream(ContextErr(r.ctx.Err())) m := <-r.recv.get() - return r.readHeaderAdditional(m, header) + return r.readMessageHeaderAdditional(m, header) case m := <-r.recv.get(): - return r.readHeaderAdditional(m, header) + return r.readMessageHeaderAdditional(m, header) } } @@ -246,7 +244,7 @@ func (r *recvBufferReader) readClient(n int) (buf mem.Buffer, err error) { } } -func (r *recvBufferReader) readHeaderAdditional(m recvMsg, header []byte) (n int, err error) { +func (r *recvBufferReader) readMessageHeaderAdditional(m recvMsg, header []byte) (n int, err error) { r.recv.load() if m.err != nil { if m.buffer != nil { @@ -288,14 +286,8 @@ const ( // Stream represents an RPC in the transport layer. type Stream struct { id uint32 - st ServerTransport // nil for client side Stream - ct ClientTransport // nil for server side Stream - ctx context.Context // the associated context of the stream - cancel context.CancelFunc // always nil for client side Stream - done chan struct{} // closed at the end of stream to unblock writers. On the client side. - doneFunc func() // invoked at the end of stream on client side. - ctxDone <-chan struct{} // same as done chan but for server side. Cache of ctx.Done() (for performance) - method string // the associated RPC method of the stream + ctx context.Context // the associated context of the stream + method string // the associated RPC method of the stream recvCompress string sendCompress string buf *recvBuffer @@ -303,58 +295,17 @@ type Stream struct { fc *inFlow wq *writeQuota - // Holds compressor names passed in grpc-accept-encoding metadata from the - // client. This is empty for the client side stream. - clientAdvertisedCompressors string // Callback to state application's intentions to read data. This // is used to adjust flow control, if needed. requestRead func(int) - headerChan chan struct{} // closed to indicate the end of header metadata. - headerChanClosed uint32 // set when headerChan is closed. Used to avoid closing headerChan multiple times. - // headerValid indicates whether a valid header was received. Only - // meaningful after headerChan is closed (always call waitOnHeader() before - // reading its value). Not valid on server side. - headerValid bool - headerWireLength int // Only set on server side. - - // hdrMu protects header and trailer metadata on the server-side. - hdrMu sync.Mutex - // On client side, header keeps the received header metadata. - // - // On server side, header keeps the header set by SetHeader(). The complete - // header will merged into this after t.WriteHeader() is called. - header metadata.MD - trailer metadata.MD // the key-value map of trailer metadata. - - noHeaders bool // set if the client never received headers (set only after the stream is done). - - // On the server-side, headerSent is atomically set to 1 when the headers are sent out. - headerSent uint32 - state streamState - // On client-side it is the status error received from the server. - // On server-side it is unused. - status *status.Status - - bytesReceived uint32 // indicates whether any bytes have been received on this stream - unprocessed uint32 // set if the server sends a refused stream or GOAWAY including this stream - // contentSubtype is the content-subtype for requests. // this must be lowercase or the behavior is undefined. contentSubtype string -} - -// isHeaderSent is only valid on the server-side. -func (s *Stream) isHeaderSent() bool { - return atomic.LoadUint32(&s.headerSent) == 1 -} -// updateHeaderSent updates headerSent and returns true -// if it was already set. It is valid only on server-side. -func (s *Stream) updateHeaderSent() bool { - return atomic.SwapUint32(&s.headerSent, 1) == 1 + trailer metadata.MD // the key-value map of trailer metadata. } func (s *Stream) swapState(st streamState) streamState { @@ -369,110 +320,12 @@ func (s *Stream) getState() streamState { return streamState(atomic.LoadUint32((*uint32)(&s.state))) } -func (s *Stream) waitOnHeader() { - if s.headerChan == nil { - // On the server headerChan is always nil since a stream originates - // only after having received headers. - return - } - select { - case <-s.ctx.Done(): - // Close the stream to prevent headers/trailers from changing after - // this function returns. - s.ct.CloseStream(s, ContextErr(s.ctx.Err())) - // headerChan could possibly not be closed yet if closeStream raced - // with operateHeaders; wait until it is closed explicitly here. - <-s.headerChan - case <-s.headerChan: - } -} - -// RecvCompress returns the compression algorithm applied to the inbound -// message. It is empty string if there is no compression applied. -func (s *Stream) RecvCompress() string { - s.waitOnHeader() - return s.recvCompress -} - -// SetSendCompress sets the compression algorithm to the stream. -func (s *Stream) SetSendCompress(name string) error { - if s.isHeaderSent() || s.getState() == streamDone { - return errors.New("transport: set send compressor called after headers sent or stream done") - } - - s.sendCompress = name - return nil -} - -// SendCompress returns the send compressor name. -func (s *Stream) SendCompress() string { - return s.sendCompress -} - -// ClientAdvertisedCompressors returns the compressor names advertised by the -// client via grpc-accept-encoding header. -func (s *Stream) ClientAdvertisedCompressors() []string { - values := strings.Split(s.clientAdvertisedCompressors, ",") - for i, v := range values { - values[i] = strings.TrimSpace(v) - } - return values -} - -// Done returns a channel which is closed when it receives the final status -// from the server. -func (s *Stream) Done() <-chan struct{} { - return s.done -} - -// Header returns the header metadata of the stream. -// -// On client side, it acquires the key-value pairs of header metadata once it is -// available. It blocks until i) the metadata is ready or ii) there is no header -// metadata or iii) the stream is canceled/expired. -// -// On server side, it returns the out header after t.WriteHeader is called. It -// does not block and must not be called until after WriteHeader. -func (s *Stream) Header() (metadata.MD, error) { - if s.headerChan == nil { - // On server side, return the header in stream. It will be the out - // header after t.WriteHeader is called. - return s.header.Copy(), nil - } - s.waitOnHeader() - - if !s.headerValid || s.noHeaders { - return nil, s.status.Err() - } - - return s.header.Copy(), nil -} - -// TrailersOnly blocks until a header or trailers-only frame is received and -// then returns true if the stream was trailers-only. If the stream ends -// before headers are received, returns true, nil. Client-side only. -func (s *Stream) TrailersOnly() bool { - s.waitOnHeader() - return s.noHeaders -} - // Trailer returns the cached trailer metadata. Note that if it is not called -// after the entire stream is done, it could return an empty MD. Client -// side only. +// after the entire stream is done, it could return an empty MD. // It can be safely read only after stream has ended that is either read // or write have returned io.EOF. func (s *Stream) Trailer() metadata.MD { - c := s.trailer.Copy() - return c -} - -// ContentSubtype returns the content-subtype for a request. For example, a -// content-subtype of "proto" will result in a content-type of -// "application/grpc+proto". This will always be lowercase. See -// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for -// more details. -func (s *Stream) ContentSubtype() string { - return s.contentSubtype + return s.trailer.Copy() } // Context returns the context of the stream. @@ -480,90 +333,31 @@ func (s *Stream) Context() context.Context { return s.ctx } -// SetContext sets the context of the stream. This will be deleted once the -// stats handler callouts all move to gRPC layer. -func (s *Stream) SetContext(ctx context.Context) { - s.ctx = ctx -} - // Method returns the method for the stream. func (s *Stream) Method() string { return s.method } -// Status returns the status received from the server. -// Status can be read safely only after the stream has ended, -// that is, after Done() is closed. -func (s *Stream) Status() *status.Status { - return s.status -} - -// HeaderWireLength returns the size of the headers of the stream as received -// from the wire. Valid only on the server. -func (s *Stream) HeaderWireLength() int { - return s.headerWireLength -} - -// SetHeader sets the header metadata. This can be called multiple times. -// Server side only. -// This should not be called in parallel to other data writes. -func (s *Stream) SetHeader(md metadata.MD) error { - if md.Len() == 0 { - return nil - } - if s.isHeaderSent() || s.getState() == streamDone { - return ErrIllegalHeaderWrite - } - s.hdrMu.Lock() - s.header = metadata.Join(s.header, md) - s.hdrMu.Unlock() - return nil -} - -// SendHeader sends the given header metadata. The given metadata is -// combined with any metadata set by previous calls to SetHeader and -// then written to the transport stream. -func (s *Stream) SendHeader(md metadata.MD) error { - return s.st.WriteHeader(s, md) -} - -// SetTrailer sets the trailer metadata which will be sent with the RPC status -// by the server. This can be called multiple times. Server side only. -// This should not be called parallel to other data writes. -func (s *Stream) SetTrailer(md metadata.MD) error { - if md.Len() == 0 { - return nil - } - if s.getState() == streamDone { - return ErrIllegalHeaderWrite - } - s.hdrMu.Lock() - s.trailer = metadata.Join(s.trailer, md) - s.hdrMu.Unlock() - return nil -} - func (s *Stream) write(m recvMsg) { s.buf.put(m) } -// ReadHeader reads data into the provided header slice from the stream. It -// first checks if there was an error during a previous read operation and +// ReadMessageHeader reads data into the provided header slice from the stream. +// It first checks if there was an error during a previous read operation and // returns it if present. It then requests a read operation for the length of // the header. It continues to read from the stream until the entire header -// slice is filled or an error occurs. If an `io.EOF` error is encountered -// with partially read data, it is converted to `io.ErrUnexpectedEOF` to -// indicate an unexpected end of the stream. The method returns any error -// encountered during the read process or nil if the header was successfully -// read. -func (s *Stream) ReadHeader(header []byte) (err error) { +// slice is filled or an error occurs. If an `io.EOF` error is encountered with +// partially read data, it is converted to `io.ErrUnexpectedEOF` to indicate an +// unexpected end of the stream. The method returns any error encountered during +// the read process or nil if the header was successfully read. +func (s *Stream) ReadMessageHeader(header []byte) (err error) { // Don't request a read if there was an error earlier if er := s.trReader.er; er != nil { return er } s.requestRead(len(header)) for len(header) != 0 { - n, err := s.trReader.ReadHeader(header) + n, err := s.trReader.ReadMessageHeader(header) header = header[n:] if len(header) == 0 { err = nil @@ -579,7 +373,7 @@ func (s *Stream) ReadHeader(header []byte) (err error) { } // Read reads n bytes from the wire for this stream. -func (s *Stream) Read(n int) (data mem.BufferSlice, err error) { +func (s *Stream) read(n int) (data mem.BufferSlice, err error) { // Don't request a read if there was an error earlier if er := s.trReader.er; er != nil { return nil, er @@ -619,8 +413,8 @@ type transportReader struct { er error } -func (t *transportReader) ReadHeader(header []byte) (int, error) { - n, err := t.reader.ReadHeader(header) +func (t *transportReader) ReadMessageHeader(header []byte) (int, error) { + n, err := t.reader.ReadMessageHeader(header) if err != nil { t.er = err return 0, err @@ -639,17 +433,6 @@ func (t *transportReader) Read(n int) (mem.Buffer, error) { return buf, nil } -// BytesReceived indicates whether any bytes have been received on this stream. -func (s *Stream) BytesReceived() bool { - return atomic.LoadUint32(&s.bytesReceived) == 1 -} - -// Unprocessed indicates whether the server did not process this stream -- -// i.e. it sent a refused stream or GOAWAY including this stream ID. -func (s *Stream) Unprocessed() bool { - return atomic.LoadUint32(&s.unprocessed) == 1 -} - // GoString is implemented by Stream so context.String() won't // race when printing %#v. func (s *Stream) GoString() string { @@ -725,15 +508,9 @@ type ConnectOptions struct { BufferPool mem.BufferPool } -// NewClientTransport establishes the transport with the required ConnectOptions -// and returns it to the caller. -func NewClientTransport(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (ClientTransport, error) { - return newHTTP2Client(connectCtx, ctx, addr, opts, onClose) -} - -// Options provides additional hints and information for message +// WriteOptions provides additional hints and information for message // transmission. -type Options struct { +type WriteOptions struct { // Last indicates whether this write is the last piece for // this stream. Last bool @@ -782,18 +559,8 @@ type ClientTransport interface { // It does not block. GracefulClose() - // Write sends the data for the given stream. A nil stream indicates - // the write is to be performed on the transport as a whole. - Write(s *Stream, hdr []byte, data mem.BufferSlice, opts *Options) error - // NewStream creates a Stream for an RPC. - NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, error) - - // CloseStream clears the footprint of a stream when the stream is - // not needed any more. The err indicates the error incurred when - // CloseStream is called. Must be called when a stream is finished - // unless the associated transport is closing. - CloseStream(stream *Stream, err error) + NewStream(ctx context.Context, callHdr *CallHdr) (*ClientStream, error) // Error returns a channel that is closed when some I/O error // happens. Typically the caller should have a goroutine to monitor @@ -813,12 +580,6 @@ type ClientTransport interface { // RemoteAddr returns the remote network address. RemoteAddr() net.Addr - - // IncrMsgSent increments the number of message sent through this transport. - IncrMsgSent() - - // IncrMsgRecv increments the number of message received through this transport. - IncrMsgRecv() } // ServerTransport is the common interface for all gRPC server-side transport @@ -828,19 +589,7 @@ type ClientTransport interface { // Write methods for a given Stream will be called serially. type ServerTransport interface { // HandleStreams receives incoming streams using the given handler. - HandleStreams(context.Context, func(*Stream)) - - // WriteHeader sends the header metadata for the given stream. - // WriteHeader may not be called on all streams. - WriteHeader(s *Stream, md metadata.MD) error - - // Write sends the data for the given stream. - // Write may not be called on all streams. - Write(s *Stream, hdr []byte, data mem.BufferSlice, opts *Options) error - - // WriteStatus sends the status of a stream to the client. WriteStatus is - // the final call made on a stream and always occurs. - WriteStatus(s *Stream, st *status.Status) error + HandleStreams(context.Context, func(*ServerStream)) // Close tears down the transport. Once it is called, the transport // should not be accessed any more. All the pending streams and their @@ -852,12 +601,14 @@ type ServerTransport interface { // Drain notifies the client this ServerTransport stops accepting new RPCs. Drain(debugData string) +} - // IncrMsgSent increments the number of message sent through this transport. - IncrMsgSent() - - // IncrMsgRecv increments the number of message received through this transport. - IncrMsgRecv() +type internalServerTransport interface { + ServerTransport + writeHeader(s *ServerStream, md metadata.MD) error + write(s *ServerStream, hdr []byte, data mem.BufferSlice, opts *WriteOptions) error + writeStatus(s *ServerStream, st *status.Status) error + incrMsgRecv() } // connectionErrorf creates an ConnectionError with the specified error description. diff --git a/vendor/google.golang.org/grpc/mem/buffer_slice.go b/vendor/google.golang.org/grpc/mem/buffer_slice.go index 228e9c2f20..65002e2cc8 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_slice.go +++ b/vendor/google.golang.org/grpc/mem/buffer_slice.go @@ -22,6 +22,11 @@ import ( "io" ) +const ( + // 32 KiB is what io.Copy uses. + readAllBufSize = 32 * 1024 +) + // BufferSlice offers a means to represent data that spans one or more Buffer // instances. A BufferSlice is meant to be immutable after creation, and methods // like Ref create and return copies of the slice. This is why all methods have @@ -219,8 +224,58 @@ func (w *writer) Write(p []byte) (n int, err error) { // NewWriter wraps the given BufferSlice and BufferPool to implement the // io.Writer interface. Every call to Write copies the contents of the given -// buffer into a new Buffer pulled from the given pool and the Buffer is added to -// the given BufferSlice. +// buffer into a new Buffer pulled from the given pool and the Buffer is +// added to the given BufferSlice. func NewWriter(buffers *BufferSlice, pool BufferPool) io.Writer { return &writer{buffers: buffers, pool: pool} } + +// ReadAll reads from r until an error or EOF and returns the data it read. +// A successful call returns err == nil, not err == EOF. Because ReadAll is +// defined to read from src until EOF, it does not treat an EOF from Read +// as an error to be reported. +// +// Important: A failed call returns a non-nil error and may also return +// partially read buffers. It is the responsibility of the caller to free the +// BufferSlice returned, or its memory will not be reused. +func ReadAll(r io.Reader, pool BufferPool) (BufferSlice, error) { + var result BufferSlice + if wt, ok := r.(io.WriterTo); ok { + // This is more optimal since wt knows the size of chunks it wants to + // write and, hence, we can allocate buffers of an optimal size to fit + // them. E.g. might be a single big chunk, and we wouldn't chop it + // into pieces. + w := NewWriter(&result, pool) + _, err := wt.WriteTo(w) + return result, err + } +nextBuffer: + for { + buf := pool.Get(readAllBufSize) + // We asked for 32KiB but may have been given a bigger buffer. + // Use all of it if that's the case. + *buf = (*buf)[:cap(*buf)] + usedCap := 0 + for { + n, err := r.Read((*buf)[usedCap:]) + usedCap += n + if err != nil { + if usedCap == 0 { + // Nothing in this buf, put it back + pool.Put(buf) + } else { + *buf = (*buf)[:usedCap] + result = append(result, NewBuffer(buf, pool)) + } + if err == io.EOF { + err = nil + } + return result, err + } + if len(*buf) == usedCap { + result = append(result, NewBuffer(buf, pool)) + continue nextBuffer + } + } + } +} diff --git a/vendor/google.golang.org/grpc/preloader.go b/vendor/google.golang.org/grpc/preloader.go index e87a17f36a..ee0ff969af 100644 --- a/vendor/google.golang.org/grpc/preloader.go +++ b/vendor/google.golang.org/grpc/preloader.go @@ -62,7 +62,7 @@ func (p *PreparedMsg) Encode(s Stream, msg any) error { materializedData := data.Materialize() data.Free() - p.encodedData = mem.BufferSlice{mem.NewBuffer(&materializedData, nil)} + p.encodedData = mem.BufferSlice{mem.SliceBuffer(materializedData)} // TODO: it should be possible to grab the bufferPool from the underlying // stream implementation with a type cast to its actual type (such as @@ -76,7 +76,7 @@ func (p *PreparedMsg) Encode(s Stream, msg any) error { if p.pf.isCompressed() { materializedCompData := compData.Materialize() compData.Free() - compData = mem.BufferSlice{mem.NewBuffer(&materializedCompData, nil)} + compData = mem.BufferSlice{mem.SliceBuffer(materializedCompData)} } p.hdr, p.payload = msgHeader(p.encodedData, compData, p.pf) diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index 202854511b..8eb1cf3bcf 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -22,6 +22,7 @@ package resolver import ( "context" + "errors" "fmt" "net" "net/url" @@ -237,8 +238,8 @@ type ClientConn interface { // UpdateState can be omitted. UpdateState(State) error // ReportError notifies the ClientConn that the Resolver encountered an - // error. The ClientConn will notify the load balancer and begin calling - // ResolveNow on the Resolver with exponential backoff. + // error. The ClientConn then forwards this error to the load balancing + // policy. ReportError(error) // NewAddress is called by resolver to notify ClientConn a new list // of resolved addresses. @@ -330,3 +331,20 @@ type AuthorityOverrider interface { // typically in line, and must keep it unchanged. OverrideAuthority(Target) string } + +// ValidateEndpoints validates endpoints from a petiole policy's perspective. +// Petiole policies should call this before calling into their children. See +// [gRPC A61](https://github.com/grpc/proposal/blob/master/A61-IPv4-IPv6-dualstack-backends.md) +// for details. +func ValidateEndpoints(endpoints []Endpoint) error { + if len(endpoints) == 0 { + return errors.New("endpoints list is empty") + } + + for _, endpoint := range endpoints { + for range endpoint.Addresses { + return nil + } + } + return errors.New("endpoints list contains no addresses") +} diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go index aba1ae3e67..9fac2b08b4 100644 --- a/vendor/google.golang.org/grpc/rpc_util.go +++ b/vendor/google.golang.org/grpc/rpc_util.go @@ -622,7 +622,7 @@ func (pf payloadFormat) isCompressed() bool { } type streamReader interface { - ReadHeader(header []byte) error + ReadMessageHeader(header []byte) error Read(n int) (mem.BufferSlice, error) } @@ -656,7 +656,7 @@ type parser struct { // that the underlying streamReader must not return an incompatible // error. func (p *parser) recvMsg(maxReceiveMessageSize int) (payloadFormat, mem.BufferSlice, error) { - err := p.r.ReadHeader(p.header[:]) + err := p.r.ReadMessageHeader(p.header[:]) if err != nil { return 0, nil, err } @@ -664,9 +664,6 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (payloadFormat, mem.BufferSl pf := payloadFormat(p.header[0]) length := binary.BigEndian.Uint32(p.header[1:]) - if length == 0 { - return pf, nil, nil - } if int64(length) > int64(maxInt) { return 0, nil, status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max length allowed on current machine (%d vs. %d)", length, maxInt) } @@ -817,7 +814,7 @@ func (p *payloadInfo) free() { // the buffer is no longer needed. // TODO: Refactor this function to reduce the number of arguments. // See: https://google.github.io/styleguide/go/best-practices.html#function-argument-lists -func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool, +func recvAndDecompress(p *parser, s recvCompressor, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool, ) (out mem.BufferSlice, err error) { pf, compressed, err := p.recvMsg(maxReceiveMessageSize) if err != nil { @@ -841,7 +838,7 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei var uncompressedBuf []byte uncompressedBuf, err = dc.Do(compressed.Reader()) if err == nil { - out = mem.BufferSlice{mem.NewBuffer(&uncompressedBuf, nil)} + out = mem.BufferSlice{mem.SliceBuffer(uncompressedBuf)} } size = len(uncompressedBuf) } else { @@ -877,30 +874,7 @@ func decompress(compressor encoding.Compressor, d mem.BufferSlice, maxReceiveMes return nil, 0, err } - // TODO: Can/should this still be preserved with the new BufferSlice API? Are - // there any actual benefits to allocating a single large buffer instead of - // multiple smaller ones? - //if sizer, ok := compressor.(interface { - // DecompressedSize(compressedBytes []byte) int - //}); ok { - // if size := sizer.DecompressedSize(d); size >= 0 { - // if size > maxReceiveMessageSize { - // return nil, size, nil - // } - // // size is used as an estimate to size the buffer, but we - // // will read more data if available. - // // +MinRead so ReadFrom will not reallocate if size is correct. - // // - // // TODO: If we ensure that the buffer size is the same as the DecompressedSize, - // // we can also utilize the recv buffer pool here. - // buf := bytes.NewBuffer(make([]byte, 0, size+bytes.MinRead)) - // bytesRead, err := buf.ReadFrom(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1)) - // return buf.Bytes(), int(bytesRead), err - // } - //} - - var out mem.BufferSlice - _, err = io.Copy(mem.NewWriter(&out, pool), io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1)) + out, err := mem.ReadAll(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1), pool) if err != nil { out.Free() return nil, 0, err @@ -908,10 +882,14 @@ func decompress(compressor encoding.Compressor, d mem.BufferSlice, maxReceiveMes return out, out.Len(), nil } +type recvCompressor interface { + RecvCompress() string +} + // For the two compressor parameters, both should not be set, but if they are, // dc takes precedence over compressor. // TODO(dfawley): wrap the old compressor/decompressor using the new API? -func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool) error { +func recv(p *parser, c baseCodec, s recvCompressor, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool) error { data, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor, isServer) if err != nil { return err diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index d1e1415a40..16065a027a 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -87,12 +87,13 @@ func init() { var statusOK = status.New(codes.OK, "") var logger = grpclog.Component("core") -type methodHandler func(srv any, ctx context.Context, dec func(any) error, interceptor UnaryServerInterceptor) (any, error) +// MethodHandler is a function type that processes a unary RPC method call. +type MethodHandler func(srv any, ctx context.Context, dec func(any) error, interceptor UnaryServerInterceptor) (any, error) // MethodDesc represents an RPC service's method specification. type MethodDesc struct { MethodName string - Handler methodHandler + Handler MethodHandler } // ServiceDesc represents an RPC service's specification. @@ -621,8 +622,8 @@ func bufferPool(bufferPool mem.BufferPool) ServerOption { // workload (assuming a QPS of a few thousand requests/sec). const serverWorkerResetThreshold = 1 << 16 -// serverWorker blocks on a *transport.Stream channel forever and waits for -// data to be fed by serveStreams. This allows multiple requests to be +// serverWorker blocks on a *transport.ServerStream channel forever and waits +// for data to be fed by serveStreams. This allows multiple requests to be // processed by the same goroutine, removing the need for expensive stack // re-allocations (see the runtime.morestack problem [1]). // @@ -1020,7 +1021,7 @@ func (s *Server) serveStreams(ctx context.Context, st transport.ServerTransport, }() streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams) - st.HandleStreams(ctx, func(stream *transport.Stream) { + st.HandleStreams(ctx, func(stream *transport.ServerStream) { s.handlersWG.Add(1) streamQuota.acquire() f := func() { @@ -1136,7 +1137,7 @@ func (s *Server) incrCallsFailed() { s.channelz.ServerMetrics.CallsFailed.Add(1) } -func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, msg any, cp Compressor, opts *transport.Options, comp encoding.Compressor) error { +func (s *Server) sendResponse(ctx context.Context, stream *transport.ServerStream, msg any, cp Compressor, opts *transport.WriteOptions, comp encoding.Compressor) error { data, err := encode(s.getCodec(stream.ContentSubtype()), msg) if err != nil { channelz.Error(logger, s.channelz, "grpc: server failed to encode response: ", err) @@ -1165,7 +1166,7 @@ func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, if payloadLen > s.opts.maxSendMessageSize { return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", payloadLen, s.opts.maxSendMessageSize) } - err = t.Write(stream, hdr, payload, opts) + err = stream.Write(hdr, payload, opts) if err == nil { if len(s.opts.statsHandlers) != 0 { for _, sh := range s.opts.statsHandlers { @@ -1212,7 +1213,7 @@ func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info } } -func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) { +func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerStream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) { shs := s.opts.statsHandlers if len(shs) != 0 || trInfo != nil || channelz.IsOn() { if channelz.IsOn() { @@ -1320,7 +1321,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor decomp = encoding.GetCompressor(rc) if decomp == nil { st := status.Newf(codes.Unimplemented, "grpc: Decompressor is not installed for grpc-encoding %q", rc) - t.WriteStatus(stream, st) + stream.WriteStatus(st) return st.Err() } } @@ -1354,15 +1355,12 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor d, err := recvAndDecompress(&parser{r: stream, bufferPool: s.opts.bufferPool}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp, true) if err != nil { - if e := t.WriteStatus(stream, status.Convert(err)); e != nil { + if e := stream.WriteStatus(status.Convert(err)); e != nil { channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } return err } defer d.Free() - if channelz.IsOn() { - t.IncrMsgRecv() - } df := func(v any) error { if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil { return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err) @@ -1404,7 +1402,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor trInfo.tr.LazyLog(stringer(appStatus.Message()), true) trInfo.tr.SetError() } - if e := t.WriteStatus(stream, appStatus); e != nil { + if e := stream.WriteStatus(appStatus); e != nil { channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } if len(binlogs) != 0 { @@ -1431,20 +1429,20 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor if trInfo != nil { trInfo.tr.LazyLog(stringer("OK"), false) } - opts := &transport.Options{Last: true} + opts := &transport.WriteOptions{Last: true} // Server handler could have set new compressor by calling SetSendCompressor. // In case it is set, we need to use it for compressing outbound message. if stream.SendCompress() != sendCompressorName { comp = encoding.GetCompressor(stream.SendCompress()) } - if err := s.sendResponse(ctx, t, stream, reply, cp, opts, comp); err != nil { + if err := s.sendResponse(ctx, stream, reply, cp, opts, comp); err != nil { if err == io.EOF { // The entire stream is done (for unary RPC only). return err } if sts, ok := status.FromError(err); ok { - if e := t.WriteStatus(stream, sts); e != nil { + if e := stream.WriteStatus(sts); e != nil { channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } } else { @@ -1484,9 +1482,6 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor binlog.Log(ctx, sm) } } - if channelz.IsOn() { - t.IncrMsgSent() - } if trInfo != nil { trInfo.tr.LazyLog(&payload{sent: true, msg: reply}, true) } @@ -1502,7 +1497,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor binlog.Log(ctx, st) } } - return t.WriteStatus(stream, statusOK) + return stream.WriteStatus(statusOK) } // chainStreamServerInterceptors chains all stream server interceptors into one. @@ -1541,7 +1536,7 @@ func getChainStreamHandler(interceptors []StreamServerInterceptor, curr int, inf } } -func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) { +func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.ServerStream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) { if channelz.IsOn() { s.incrCallsStarted() } @@ -1561,7 +1556,6 @@ func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTran ctx = NewContextWithServerTransportStream(ctx, stream) ss := &serverStream{ ctx: ctx, - t: t, s: stream, p: &parser{r: stream, bufferPool: s.opts.bufferPool}, codec: s.getCodec(stream.ContentSubtype()), @@ -1648,7 +1642,7 @@ func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTran ss.decomp = encoding.GetCompressor(rc) if ss.decomp == nil { st := status.Newf(codes.Unimplemented, "grpc: Decompressor is not installed for grpc-encoding %q", rc) - t.WriteStatus(ss.s, st) + ss.s.WriteStatus(st) return st.Err() } } @@ -1717,7 +1711,7 @@ func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTran binlog.Log(ctx, st) } } - t.WriteStatus(ss.s, appStatus) + ss.s.WriteStatus(appStatus) // TODO: Should we log an error from WriteStatus here and below? return appErr } @@ -1735,10 +1729,10 @@ func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTran binlog.Log(ctx, st) } } - return t.WriteStatus(ss.s, statusOK) + return ss.s.WriteStatus(statusOK) } -func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream) { +func (s *Server) handleStream(t transport.ServerTransport, stream *transport.ServerStream) { ctx := stream.Context() ctx = contextWithServer(ctx, s) var ti *traceInfo @@ -1768,7 +1762,7 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str ti.tr.SetError() } errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) - if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil { + if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { if ti != nil { ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) ti.tr.SetError() @@ -1783,17 +1777,20 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str service := sm[:pos] method := sm[pos+1:] - md, _ := metadata.FromIncomingContext(ctx) - for _, sh := range s.opts.statsHandlers { - ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: stream.Method()}) - sh.HandleRPC(ctx, &stats.InHeader{ - FullMethod: stream.Method(), - RemoteAddr: t.Peer().Addr, - LocalAddr: t.Peer().LocalAddr, - Compression: stream.RecvCompress(), - WireLength: stream.HeaderWireLength(), - Header: md, - }) + // FromIncomingContext is expensive: skip if there are no statsHandlers + if len(s.opts.statsHandlers) > 0 { + md, _ := metadata.FromIncomingContext(ctx) + for _, sh := range s.opts.statsHandlers { + ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: stream.Method()}) + sh.HandleRPC(ctx, &stats.InHeader{ + FullMethod: stream.Method(), + RemoteAddr: t.Peer().Addr, + LocalAddr: t.Peer().LocalAddr, + Compression: stream.RecvCompress(), + WireLength: stream.HeaderWireLength(), + Header: md, + }) + } } // To have calls in stream callouts work. Will delete once all stats handler // calls come from the gRPC layer. @@ -1802,17 +1799,17 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str srv, knownService := s.services[service] if knownService { if md, ok := srv.methods[method]; ok { - s.processUnaryRPC(ctx, t, stream, srv, md, ti) + s.processUnaryRPC(ctx, stream, srv, md, ti) return } if sd, ok := srv.streams[method]; ok { - s.processStreamingRPC(ctx, t, stream, srv, sd, ti) + s.processStreamingRPC(ctx, stream, srv, sd, ti) return } } // Unknown service, or known server unknown method. if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil { - s.processStreamingRPC(ctx, t, stream, nil, unknownDesc, ti) + s.processStreamingRPC(ctx, stream, nil, unknownDesc, ti) return } var errDesc string @@ -1825,7 +1822,7 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str ti.tr.LazyPrintf("%s", errDesc) ti.tr.SetError() } - if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil { + if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { if ti != nil { ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) ti.tr.SetError() @@ -2100,7 +2097,7 @@ func SendHeader(ctx context.Context, md metadata.MD) error { // Notice: This function is EXPERIMENTAL and may be changed or removed in a // later release. func SetSendCompressor(ctx context.Context, name string) error { - stream, ok := ServerTransportStreamFromContext(ctx).(*transport.Stream) + stream, ok := ServerTransportStreamFromContext(ctx).(*transport.ServerStream) if !ok || stream == nil { return fmt.Errorf("failed to fetch the stream from the given context") } @@ -2122,7 +2119,7 @@ func SetSendCompressor(ctx context.Context, name string) error { // Notice: This function is EXPERIMENTAL and may be changed or removed in a // later release. func ClientSupportedCompressors(ctx context.Context) ([]string, error) { - stream, ok := ServerTransportStreamFromContext(ctx).(*transport.Stream) + stream, ok := ServerTransportStreamFromContext(ctx).(*transport.ServerStream) if !ok || stream == nil { return nil, fmt.Errorf("failed to fetch the stream from the given context %v", ctx) } diff --git a/vendor/google.golang.org/grpc/service_config.go b/vendor/google.golang.org/grpc/service_config.go index 2671c5ef69..7e83027d19 100644 --- a/vendor/google.golang.org/grpc/service_config.go +++ b/vendor/google.golang.org/grpc/service_config.go @@ -168,6 +168,7 @@ func init() { return parseServiceConfig(js, defaultMaxCallAttempts) } } + func parseServiceConfig(js string, maxAttempts int) *serviceconfig.ParseResult { if len(js) == 0 { return &serviceconfig.ParseResult{Err: fmt.Errorf("no JSON service config provided")} @@ -297,7 +298,7 @@ func convertRetryPolicy(jrp *jsonRetryPolicy, maxAttempts int) (p *internalservi return rp, nil } -func min(a, b *int) *int { +func minPointers(a, b *int) *int { if *a < *b { return a } @@ -309,7 +310,7 @@ func getMaxSize(mcMax, doptMax *int, defaultVal int) *int { return &defaultVal } if mcMax != nil && doptMax != nil { - return min(mcMax, doptMax) + return minPointers(mcMax, doptMax) } if mcMax != nil { return mcMax diff --git a/vendor/google.golang.org/grpc/stats/metrics.go b/vendor/google.golang.org/grpc/stats/metrics.go new file mode 100644 index 0000000000..641c8e9794 --- /dev/null +++ b/vendor/google.golang.org/grpc/stats/metrics.go @@ -0,0 +1,81 @@ +/* + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package stats + +import "maps" + +// MetricSet is a set of metrics to record. Once created, MetricSet is immutable, +// however Add and Remove can make copies with specific metrics added or +// removed, respectively. +// +// Do not construct directly; use NewMetricSet instead. +type MetricSet struct { + // metrics are the set of metrics to initialize. + metrics map[string]bool +} + +// NewMetricSet returns a MetricSet containing metricNames. +func NewMetricSet(metricNames ...string) *MetricSet { + newMetrics := make(map[string]bool) + for _, metric := range metricNames { + newMetrics[metric] = true + } + return &MetricSet{metrics: newMetrics} +} + +// Metrics returns the metrics set. The returned map is read-only and must not +// be modified. +func (m *MetricSet) Metrics() map[string]bool { + return m.metrics +} + +// Add adds the metricNames to the metrics set and returns a new copy with the +// additional metrics. +func (m *MetricSet) Add(metricNames ...string) *MetricSet { + newMetrics := make(map[string]bool) + for metric := range m.metrics { + newMetrics[metric] = true + } + + for _, metric := range metricNames { + newMetrics[metric] = true + } + return &MetricSet{metrics: newMetrics} +} + +// Join joins the metrics passed in with the metrics set, and returns a new copy +// with the merged metrics. +func (m *MetricSet) Join(metrics *MetricSet) *MetricSet { + newMetrics := make(map[string]bool) + maps.Copy(newMetrics, m.metrics) + maps.Copy(newMetrics, metrics.metrics) + return &MetricSet{metrics: newMetrics} +} + +// Remove removes the metricNames from the metrics set and returns a new copy +// with the metrics removed. +func (m *MetricSet) Remove(metricNames ...string) *MetricSet { + newMetrics := make(map[string]bool) + for metric := range m.metrics { + newMetrics[metric] = true + } + + for _, metric := range metricNames { + delete(newMetrics, metric) + } + return &MetricSet{metrics: newMetrics} +} diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go index 71195c4943..6f20d2d548 100644 --- a/vendor/google.golang.org/grpc/stats/stats.go +++ b/vendor/google.golang.org/grpc/stats/stats.go @@ -260,84 +260,42 @@ func (s *ConnEnd) IsClient() bool { return s.Client } func (s *ConnEnd) isConnStats() {} -type incomingTagsKey struct{} -type outgoingTagsKey struct{} - // SetTags attaches stats tagging data to the context, which will be sent in // the outgoing RPC with the header grpc-tags-bin. Subsequent calls to // SetTags will overwrite the values from earlier calls. // -// NOTE: this is provided only for backward compatibility with existing clients -// and will likely be removed in an upcoming release. New uses should transmit -// this type of data using metadata with a different, non-reserved (i.e. does -// not begin with "grpc-") header name. +// Deprecated: set the `grpc-tags-bin` header in the metadata instead. func SetTags(ctx context.Context, b []byte) context.Context { - return context.WithValue(ctx, outgoingTagsKey{}, b) + return metadata.AppendToOutgoingContext(ctx, "grpc-tags-bin", string(b)) } // Tags returns the tags from the context for the inbound RPC. // -// NOTE: this is provided only for backward compatibility with existing clients -// and will likely be removed in an upcoming release. New uses should transmit -// this type of data using metadata with a different, non-reserved (i.e. does -// not begin with "grpc-") header name. +// Deprecated: obtain the `grpc-tags-bin` header from metadata instead. func Tags(ctx context.Context) []byte { - b, _ := ctx.Value(incomingTagsKey{}).([]byte) - return b -} - -// SetIncomingTags attaches stats tagging data to the context, to be read by -// the application (not sent in outgoing RPCs). -// -// This is intended for gRPC-internal use ONLY. -func SetIncomingTags(ctx context.Context, b []byte) context.Context { - return context.WithValue(ctx, incomingTagsKey{}, b) -} - -// OutgoingTags returns the tags from the context for the outbound RPC. -// -// This is intended for gRPC-internal use ONLY. -func OutgoingTags(ctx context.Context) []byte { - b, _ := ctx.Value(outgoingTagsKey{}).([]byte) - return b + traceValues := metadata.ValueFromIncomingContext(ctx, "grpc-tags-bin") + if len(traceValues) == 0 { + return nil + } + return []byte(traceValues[len(traceValues)-1]) } -type incomingTraceKey struct{} -type outgoingTraceKey struct{} - // SetTrace attaches stats tagging data to the context, which will be sent in // the outgoing RPC with the header grpc-trace-bin. Subsequent calls to // SetTrace will overwrite the values from earlier calls. // -// NOTE: this is provided only for backward compatibility with existing clients -// and will likely be removed in an upcoming release. New uses should transmit -// this type of data using metadata with a different, non-reserved (i.e. does -// not begin with "grpc-") header name. +// Deprecated: set the `grpc-trace-bin` header in the metadata instead. func SetTrace(ctx context.Context, b []byte) context.Context { - return context.WithValue(ctx, outgoingTraceKey{}, b) + return metadata.AppendToOutgoingContext(ctx, "grpc-trace-bin", string(b)) } // Trace returns the trace from the context for the inbound RPC. // -// NOTE: this is provided only for backward compatibility with existing clients -// and will likely be removed in an upcoming release. New uses should transmit -// this type of data using metadata with a different, non-reserved (i.e. does -// not begin with "grpc-") header name. +// Deprecated: obtain the `grpc-trace-bin` header from metadata instead. func Trace(ctx context.Context) []byte { - b, _ := ctx.Value(incomingTraceKey{}).([]byte) - return b -} - -// SetIncomingTrace attaches stats tagging data to the context, to be read by -// the application (not sent in outgoing RPCs). It is intended for -// gRPC-internal use. -func SetIncomingTrace(ctx context.Context, b []byte) context.Context { - return context.WithValue(ctx, incomingTraceKey{}, b) -} - -// OutgoingTrace returns the trace from the context for the outbound RPC. It is -// intended for gRPC-internal use. -func OutgoingTrace(ctx context.Context) []byte { - b, _ := ctx.Value(outgoingTraceKey{}).([]byte) - return b + traceValues := metadata.ValueFromIncomingContext(ctx, "grpc-trace-bin") + if len(traceValues) == 0 { + return nil + } + return []byte(traceValues[len(traceValues)-1]) } diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index bb2b2a216c..17e2267b33 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -23,7 +23,7 @@ import ( "errors" "io" "math" - "math/rand" + rand "math/rand/v2" "strconv" "sync" "time" @@ -113,7 +113,9 @@ type ClientStream interface { // SendMsg is generally called by generated code. On error, SendMsg aborts // the stream. If the error was generated by the client, the status is // returned directly; otherwise, io.EOF is returned and the status of - // the stream may be discovered using RecvMsg. + // the stream may be discovered using RecvMsg. For unary or server-streaming + // RPCs (StreamDesc.ClientStreams is false), a nil error is returned + // unconditionally. // // SendMsg blocks until: // - There is sufficient flow control to schedule m with the transport, or @@ -216,7 +218,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth var mc serviceconfig.MethodConfig var onCommit func() - var newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) { + newStream := func(ctx context.Context, done func()) (iresolver.ClientStream, error) { return newClientStreamWithParams(ctx, desc, cc, method, mc, onCommit, done, opts...) } @@ -584,7 +586,7 @@ type csAttempt struct { ctx context.Context cs *clientStream t transport.ClientTransport - s *transport.Stream + s *transport.ClientStream p *parser pickResult balancer.PickResult @@ -706,11 +708,10 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) { cs.numRetriesSincePushback = 0 } else { fact := math.Pow(rp.BackoffMultiplier, float64(cs.numRetriesSincePushback)) - cur := float64(rp.InitialBackoff) * fact - if max := float64(rp.MaxBackoff); cur > max { - cur = max - } - dur = time.Duration(rand.Int63n(int64(cur))) + cur := min(float64(rp.InitialBackoff)*fact, float64(rp.MaxBackoff)) + // Apply jitter by multiplying with a random factor between 0.8 and 1.2 + cur *= 0.8 + 0.4*rand.Float64() + dur = time.Duration(int64(cur)) cs.numRetriesSincePushback++ } @@ -991,7 +992,7 @@ func (cs *clientStream) CloseSend() error { } cs.sentLast = true op := func(a *csAttempt) error { - a.t.Write(a.s, nil, nil, &transport.Options{Last: true}) + a.s.Write(nil, nil, &transport.WriteOptions{Last: true}) // Always return nil; io.EOF is the only error that might make sense // instead, but there is no need to signal the client to call RecvMsg // as the only use left for the stream after CloseSend is to call @@ -1083,7 +1084,7 @@ func (a *csAttempt) sendMsg(m any, hdr []byte, payld mem.BufferSlice, dataLength } a.mu.Unlock() } - if err := a.t.Write(a.s, hdr, payld, &transport.Options{Last: !cs.desc.ClientStreams}); err != nil { + if err := a.s.Write(hdr, payld, &transport.WriteOptions{Last: !cs.desc.ClientStreams}); err != nil { if !cs.desc.ClientStreams { // For non-client-streaming RPCs, we return nil instead of EOF on error // because the generated code requires it. finish is not called; RecvMsg() @@ -1097,9 +1098,6 @@ func (a *csAttempt) sendMsg(m any, hdr []byte, payld mem.BufferSlice, dataLength sh.HandleRPC(a.ctx, outPayload(true, m, dataLength, payloadLength, time.Now())) } } - if channelz.IsOn() { - a.t.IncrMsgSent() - } return nil } @@ -1153,9 +1151,6 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { Length: payInfo.uncompressedBytes.Len(), }) } - if channelz.IsOn() { - a.t.IncrMsgRecv() - } if cs.desc.ServerStreams { // Subsequent messages should be received by subsequent RecvMsg calls. return nil @@ -1183,7 +1178,7 @@ func (a *csAttempt) finish(err error) { } var tr metadata.MD if a.s != nil { - a.t.CloseStream(a.s, err) + a.s.Close(err) tr = a.s.Trailer() } @@ -1340,7 +1335,7 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin } type addrConnStream struct { - s *transport.Stream + s *transport.ClientStream ac *addrConn callHdr *transport.CallHdr cancel context.CancelFunc @@ -1380,7 +1375,7 @@ func (as *addrConnStream) CloseSend() error { } as.sentLast = true - as.t.Write(as.s, nil, nil, &transport.Options{Last: true}) + as.s.Write(nil, nil, &transport.WriteOptions{Last: true}) // Always return nil; io.EOF is the only error that might make sense // instead, but there is no need to signal the client to call RecvMsg // as the only use left for the stream after CloseSend is to call @@ -1430,7 +1425,7 @@ func (as *addrConnStream) SendMsg(m any) (err error) { return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", payload.Len(), *as.callInfo.maxSendMessageSize) } - if err := as.t.Write(as.s, hdr, payload, &transport.Options{Last: !as.desc.ClientStreams}); err != nil { + if err := as.s.Write(hdr, payload, &transport.WriteOptions{Last: !as.desc.ClientStreams}); err != nil { if !as.desc.ClientStreams { // For non-client-streaming RPCs, we return nil instead of EOF on error // because the generated code requires it. finish is not called; RecvMsg() @@ -1440,9 +1435,6 @@ func (as *addrConnStream) SendMsg(m any) (err error) { return io.EOF } - if channelz.IsOn() { - as.t.IncrMsgSent() - } return nil } @@ -1480,9 +1472,6 @@ func (as *addrConnStream) RecvMsg(m any) (err error) { return toRPCErr(err) } - if channelz.IsOn() { - as.t.IncrMsgRecv() - } if as.desc.ServerStreams { // Subsequent messages should be received by subsequent RecvMsg calls. return nil @@ -1510,7 +1499,7 @@ func (as *addrConnStream) finish(err error) { err = nil } if as.s != nil { - as.t.CloseStream(as.s, err) + as.s.Close(err) } if err != nil { @@ -1577,8 +1566,7 @@ type ServerStream interface { // serverStream implements a server side Stream. type serverStream struct { ctx context.Context - t transport.ServerTransport - s *transport.Stream + s *transport.ServerStream p *parser codec baseCodec @@ -1628,7 +1616,7 @@ func (ss *serverStream) SendHeader(md metadata.MD) error { return status.Error(codes.Internal, err.Error()) } - err = ss.t.WriteHeader(ss.s, md) + err = ss.s.SendHeader(md) if len(ss.binlogs) != 0 && !ss.serverHeaderBinlogged { h, _ := ss.s.Header() sh := &binarylog.ServerHeader{ @@ -1668,7 +1656,7 @@ func (ss *serverStream) SendMsg(m any) (err error) { } if err != nil && err != io.EOF { st, _ := status.FromError(toRPCErr(err)) - ss.t.WriteStatus(ss.s, st) + ss.s.WriteStatus(st) // Non-user specified status was sent out. This should be an error // case (as a server side Cancel maybe). // @@ -1676,9 +1664,6 @@ func (ss *serverStream) SendMsg(m any) (err error) { // status from the service handler, we will log that error instead. // This behavior is similar to an interceptor. } - if channelz.IsOn() && err == nil { - ss.t.IncrMsgSent() - } }() // Server handler could have set new compressor by calling SetSendCompressor. @@ -1710,7 +1695,7 @@ func (ss *serverStream) SendMsg(m any) (err error) { if payloadLen > ss.maxSendMessageSize { return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", payloadLen, ss.maxSendMessageSize) } - if err := ss.t.Write(ss.s, hdr, payload, &transport.Options{Last: false}); err != nil { + if err := ss.s.Write(hdr, payload, &transport.WriteOptions{Last: false}); err != nil { return toRPCErr(err) } @@ -1756,7 +1741,7 @@ func (ss *serverStream) RecvMsg(m any) (err error) { } if err != nil && err != io.EOF { st, _ := status.FromError(toRPCErr(err)) - ss.t.WriteStatus(ss.s, st) + ss.s.WriteStatus(st) // Non-user specified status was sent out. This should be an error // case (as a server side Cancel maybe). // @@ -1764,9 +1749,6 @@ func (ss *serverStream) RecvMsg(m any) (err error) { // status from the service handler, we will log that error instead. // This behavior is similar to an interceptor. } - if channelz.IsOn() && err == nil { - ss.t.IncrMsgRecv() - } }() var payInfo *payloadInfo if len(ss.statsHandler) != 0 || len(ss.binlogs) != 0 { diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 5a47094ae8..a5b038829d 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.68.1" +const Version = "1.69.0-dev" diff --git a/vendor/k8s.io/utils/clock/testing/fake_clock.go b/vendor/k8s.io/utils/clock/testing/fake_clock.go index 79e11deb65..462c40c2c8 100644 --- a/vendor/k8s.io/utils/clock/testing/fake_clock.go +++ b/vendor/k8s.io/utils/clock/testing/fake_clock.go @@ -48,7 +48,6 @@ type fakeClockWaiter struct { stepInterval time.Duration skipIfBlocked bool destChan chan time.Time - fired bool afterFunc func() } @@ -198,12 +197,10 @@ func (f *FakeClock) setTimeLocked(t time.Time) { if w.skipIfBlocked { select { case w.destChan <- t: - w.fired = true default: } } else { w.destChan <- t - w.fired = true } if w.afterFunc != nil { @@ -305,44 +302,48 @@ func (f *fakeTimer) C() <-chan time.Time { return f.waiter.destChan } -// Stop stops the timer and returns true if the timer has not yet fired, or false otherwise. +// Stop prevents the Timer from firing. It returns true if the call stops the +// timer, false if the timer has already expired or been stopped. func (f *fakeTimer) Stop() bool { f.fakeClock.lock.Lock() defer f.fakeClock.lock.Unlock() + active := false newWaiters := make([]*fakeClockWaiter, 0, len(f.fakeClock.waiters)) for i := range f.fakeClock.waiters { w := f.fakeClock.waiters[i] if w != &f.waiter { newWaiters = append(newWaiters, w) + continue } + // If timer is found, it has not been fired yet. + active = true } f.fakeClock.waiters = newWaiters - return !f.waiter.fired + return active } -// Reset resets the timer to the fake clock's "now" + d. It returns true if the timer has not yet -// fired, or false otherwise. +// Reset changes the timer to expire after duration d. It returns true if the +// timer had been active, false if the timer had expired or been stopped. func (f *fakeTimer) Reset(d time.Duration) bool { f.fakeClock.lock.Lock() defer f.fakeClock.lock.Unlock() - active := !f.waiter.fired + active := false - f.waiter.fired = false f.waiter.targetTime = f.fakeClock.time.Add(d) - var isWaiting bool for i := range f.fakeClock.waiters { w := f.fakeClock.waiters[i] if w == &f.waiter { - isWaiting = true + // If timer is found, it has not been fired yet. + active = true break } } - if !isWaiting { + if !active { f.fakeClock.waiters = append(f.fakeClock.waiters, &f.waiter) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 3b7493645d..631117d65a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -52,10 +52,10 @@ github.com/chai2010/gettext-go github.com/chai2010/gettext-go/mo github.com/chai2010/gettext-go/plural github.com/chai2010/gettext-go/po -# github.com/cilium/charts v0.0.0-20241202171727-5ceb3f5006f9 +# github.com/cilium/charts v0.0.0-20241213141006-a9d85774177e ## explicit; go 1.17 github.com/cilium/charts -# github.com/cilium/cilium v1.17.0-pre.3.0.20241210085346-6db21de11e49 +# github.com/cilium/cilium v1.17.0-rc.0 ## explicit; go 1.23.0 github.com/cilium/cilium/api/v1/client github.com/cilium/cilium/api/v1/client/bgp @@ -248,7 +248,7 @@ github.com/cilium/cilium/pkg/u8proto github.com/cilium/cilium/pkg/version github.com/cilium/cilium/pkg/versioncheck github.com/cilium/cilium/pkg/wireguard/types -# github.com/cilium/ebpf v0.16.1-0.20241205185900-f0eec7efba9d +# github.com/cilium/ebpf v0.16.1-0.20241212130635-98ede8ac7aa8 ## explicit; go 1.22 github.com/cilium/ebpf github.com/cilium/ebpf/asm @@ -264,7 +264,7 @@ github.com/cilium/ebpf/internal/testutils/fdtrace github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link -# github.com/cilium/hive v0.0.0-20241205140635-d02f07f3d452 +# github.com/cilium/hive v0.0.0-20241213121623-605c1412b9b3 ## explicit; go 1.21.3 github.com/cilium/hive github.com/cilium/hive/cell @@ -646,7 +646,7 @@ github.com/docker/distribution/registry/client/auth/challenge github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory -# github.com/docker/docker v27.3.1+incompatible +# github.com/docker/docker v27.4.0+incompatible ## explicit github.com/docker/docker/api/types/filters github.com/docker/docker/api/types/registry @@ -1294,10 +1294,10 @@ golang.org/x/tools/txtar google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/api/expr/v1alpha1 -# google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 ## explicit; go 1.21 google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.68.1 +# google.golang.org/grpc v1.69.0 ## explicit; go 1.22 google.golang.org/grpc google.golang.org/grpc/attributes @@ -1454,7 +1454,7 @@ helm.sh/helm/v3/pkg/strvals helm.sh/helm/v3/pkg/time helm.sh/helm/v3/pkg/time/ctime helm.sh/helm/v3/pkg/uploader -# k8s.io/api v0.32.0-rc.2 +# k8s.io/api v0.32.0 ## explicit; go 1.23.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1515,7 +1515,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v0.32.0-rc.2 +# k8s.io/apiextensions-apiserver v0.32.0 ## explicit; go 1.23.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 @@ -1531,7 +1531,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextension k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1/fake k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1/fake -# k8s.io/apimachinery v0.32.0-rc.2 +# k8s.io/apimachinery v0.32.0 ## explicit; go 1.23.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1596,16 +1596,16 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.32.0-rc.2 +# k8s.io/apiserver v0.32.0 ## explicit; go 1.23.0 k8s.io/apiserver/pkg/endpoints/deprecation -# k8s.io/cli-runtime v0.32.0-rc.2 +# k8s.io/cli-runtime v0.32.0 ## explicit; go 1.23.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.32.0-rc.2 +# k8s.io/client-go v0.32.0 ## explicit; go 1.23.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -1832,7 +1832,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.32.0-rc.2 +# k8s.io/component-base v0.32.0 ## explicit; go 1.23.0 k8s.io/component-base/version # k8s.io/klog/v2 v2.130.1 @@ -1868,7 +1868,7 @@ k8s.io/kubectl/pkg/util/podutils k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 +# k8s.io/utils v0.0.0-20241210054802-24370beab758 ## explicit; go 1.18 k8s.io/utils/buffer k8s.io/utils/clock @@ -1983,7 +1983,7 @@ sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation/field sigs.k8s.io/kustomize/kyaml/yaml/merge2 sigs.k8s.io/kustomize/kyaml/yaml/schema sigs.k8s.io/kustomize/kyaml/yaml/walk -# sigs.k8s.io/mcs-api v0.1.1-0.20241206165000-e2cb6dc0c753 +# sigs.k8s.io/mcs-api v0.1.1-0.20241209122601-8690854b517f ## explicit; go 1.22.0 sigs.k8s.io/mcs-api/pkg/apis/v1alpha1 sigs.k8s.io/mcs-api/pkg/client/clientset/versioned