Merge branch 'yosshy/master'

Signed-off-by: Andrei Kvapil <[email protected]>

README.md

@@ -94,6 +94,6 @@ You can specify the needed annotations for specific node or commonly for PodTemp
 | `fencing/enabled` | Fencing-switcher automatically sets this annotation to enable or disable fencing for the node. *(can be specified only for node, usually you don't need to configure it)*. | `false` |
 | `fencing/id`      | Specify the device id which will be used to fence the node. | *same as node name* |
 | `fencing/template`| Specify PodTemplate which be used to fence the node. | `fencing` |
-| `fencing/mode`    | Specify cleanup mode for the node: <ul><li><code>none</code> - do nothing after successful fencing.</li><li><code>flush</code> - remove all pods and volumeattachments from the node after successful fencing.</li><li><code>delete</code> - remove the node after successful fencing.</li></ul>  | `flush` |
+| `fencing/mode`    | Specify cleanup mode for the node: <ul><li><code>none</code> - do nothing after successful fencing.</li><li><code>flush</code> - remove all pods and volumeattachments from the node after successful fencing.</li><li><code>taint</code> - remove all pods and volumeattachments from the node with "node.kubernetes.io/out-of-service" taint for k8s v1.24+. </li><li><code>delete</code> - remove the node after successful fencing.</li></ul>  | `flush` |
 | `fencing/after-hook` | Specific PodTemplate which will be spawned after successful fencing. | *unspecified* |
 | `fencing/timeout` | Timeout in seconds to wait for the node recovery before starting fencing procedure. | `0` |

build/controller/Dockerfile

@@ -1,7 +1,7 @@
 ############################
 # STEP 1 build executable binary
 ############################
-FROM golang:1.14-alpine3.12 AS builder
+FROM golang:1.18-alpine3.15 AS builder
 
 # Install git.
 # Git is required for fetching the dependencies.

build/switcher/Dockerfile

@@ -1,7 +1,7 @@
 ############################
 # STEP 1 build executable binary
 ############################
-FROM golang:1.14-alpine3.12 AS builder
+FROM golang:1.18-alpine3.15 AS builder
 
 # Install git.
 # Git is required for fetching the dependencies.

deploy/examples/hp-ilo.yaml

@@ -7,7 +7,7 @@ template:
     restartPolicy: OnFailure
     containers:
     - name: fence
-      image: ghcr.io/kvaps/kube-fencing-agents:v2.3.0
+      image: ghcr.io/kvaps/kube-fencing-agents:v2.4.0
       command: ["fence_ilo", "-a", "$(FENCING_ID)", "-l", "user", "-p", "password"]
       env:
       - name: FENCING_NODE

deploy/examples/virtualbox.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: PodTemplate
+metadata:
+  name: fencing
+template:
+  spec:
+    restartPolicy: OnFailure
+    containers:
+    - name: fence
+      image: ghcr.io/kvaps/kube-fencing-agents:v2.4.0
+      command: ["fence_vbox", "-a", "172.18.8.1", "-l", "$(FENCING_USER)", "-p", "$(FENCING_PASSWORD)", "-n", "$(FENCING_ID)", "-o", "off"]
+      env:
+      - name: FENCING_ID
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.annotations['fencing/id']
+      - name: FENCING_USER
+        valueFrom:
+          secretKeyRef:
+            name: fencing-user
+            key: username
+      - name: FENCING_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: fencing-user
+            key: password

deploy/helm/kube-fencing/templates/controller-deployment.yaml

@@ -6,6 +6,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-controller
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 spec:
   replicas: {{ .Values.controller.replicas }}
   selector:

deploy/helm/kube-fencing/templates/controller-rbac.yaml

@@ -6,13 +6,19 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-controller
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-controller
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 rules:
   - apiGroups: ["batch", "extensions"]
     resources: ["jobs"]
@@ -39,6 +45,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-controller
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "fencing.fullname" . }}-controller
@@ -70,6 +79,9 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["list", "watch", "deletecollection"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "list", "update"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

deploy/helm/kube-fencing/templates/namespace.yaml

@@ -0,0 +1,9 @@
+{{- if and (ne .Release.Namespace "kube-system") (ne .Release.Namespace "default") -}}
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: {{ .Release.Namespace }}
+  labels:
+    name: {{ .Release.Namespace }}
+{{- end -}}

deploy/helm/kube-fencing/templates/switcher-daemonset.yaml

@@ -6,6 +6,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-switcher
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 spec:
   selector:
     matchLabels:

deploy/helm/kube-fencing/templates/switcher-rbac.yaml

@@ -6,6 +6,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-switcher
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -40,6 +43,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-switcher
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 rules:
   - apiGroups: ["extensions"]
     resources: ["podsecuritypolicies"]
@@ -52,6 +58,9 @@ metadata:
   labels:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: {{ template "fencing.fullname" . }}-switcher
+{{- if ne .Release.Namespace "default" }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ template "fencing.fullname" . }}-switcher

deploy/helm/kube-fencing/values.yaml

@@ -12,7 +12,7 @@ controller:
 
   image:
     repository: ghcr.io/kvaps/kube-fencing-controller
-    tag: v2.3.0
+    tag: v2.4.0
     pullPolicy: IfNotPresent
     pullSecrets:
       - name: regsecret
@@ -43,7 +43,7 @@ switcher:
 
   image:
     repository: ghcr.io/kvaps/kube-fencing-switcher
-    tag: v2.3.0
+    tag: v2.4.0
     pullPolicy: IfNotPresent
     pullSecrets:
       - name: regsecret

deploy/kube-fencing.yaml

@@ -1,15 +1,25 @@
 ---
+# Source: kube-fencing/templates/namespace.yaml
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: kube-fencing
+  labels:
+    name: kube-fencing
+---
 # Source: kube-fencing/templates/controller-rbac.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: fencing-controller
+  namespace: kube-fencing
 ---
 # Source: kube-fencing/templates/switcher-rbac.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: fencing-switcher
+  namespace: kube-fencing
 ---
 # Source: kube-fencing/templates/controller-rbac.yaml
 kind: ClusterRole
@@ -32,6 +42,9 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["list", "watch", "deletecollection"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "list", "update"]
 ---
 # Source: kube-fencing/templates/switcher-rbac.yaml
 kind: ClusterRole
@@ -55,7 +68,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: fencing-controller
-    namespace: default
+    namespace: kube-fencing
 ---
 # Source: kube-fencing/templates/switcher-rbac.yaml
 kind: ClusterRoleBinding
@@ -69,13 +82,14 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: fencing-switcher
-    namespace: default
+    namespace: kube-fencing
 ---
 # Source: kube-fencing/templates/controller-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: fencing-controller
+  namespace: kube-fencing
 rules:
   - apiGroups: ["batch", "extensions"]
     resources: ["jobs"]
@@ -95,10 +109,11 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: fencing-controller
+  namespace: kube-fencing
 subjects:
   - kind: ServiceAccount
     name: fencing-controller
-    namespace: default
+    namespace: kube-fencing
 roleRef:
   kind: Role
   name: fencing-controller
@@ -109,6 +124,7 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: fencing-switcher
+  namespace: kube-fencing
 spec:
   selector:
     matchLabels:
@@ -124,8 +140,8 @@ spec:
         - name: regsecret
       containers:
       - name: switcher
-        image: ghcr.io/kvaps/kube-fencing-switcher:v2.3.0
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/kvaps/kube-fencing-switcher:v2.4.0
+        imagePullPolicy: Always
         env:
         - name: NODE_NAME
           valueFrom:
@@ -137,6 +153,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: fencing-controller
+  namespace: kube-fencing
 spec:
   replicas: 2
   selector:
@@ -153,5 +170,5 @@ spec:
         - name: regsecret
       containers:
       - name: controller
-        image: ghcr.io/kvaps/kube-fencing-controller:v2.3.0
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/kvaps/kube-fencing-controller:v2.4.0
+        imagePullPolicy: Always

go.mod

@@ -3,36 +3,38 @@ module github.com/kvaps/kube-fencing
 go 1.13
 
 require (
-	k8s.io/api v0.17.2
-	k8s.io/apimachinery v0.17.2
-	k8s.io/client-go v12.0.0+incompatible
+	k8s.io/api v0.25.2
+	k8s.io/apimachinery v0.25.2
+	k8s.io/client-go v0.25.2
 	k8s.io/klog v1.0.0
-	sigs.k8s.io/controller-runtime v0.5.0
+	k8s.io/kubernetes v1.25.3
+	sigs.k8s.io/controller-runtime v0.13.0
 )
 
-// Pinned to kubernetes-1.16.2
 replace (
-	k8s.io/api => k8s.io/api v0.0.0-20191016110408-35e52d86657a
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20191016113550-5357c4baaf65
-	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8
-	k8s.io/apiserver => k8s.io/apiserver v0.0.0-20191016112112-5190913f932d
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20191016114015-74ad18325ed5
-	k8s.io/client-go => k8s.io/client-go v0.0.0-20191016111102-bec269661e48
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.0.0-20191016115326-20453efc2458
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.0.0-20191016115129-c07a134afb42
-	k8s.io/code-generator => k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894
-	k8s.io/component-base => k8s.io/component-base v0.0.0-20191016111319-039242c015a9
-	k8s.io/cri-api => k8s.io/cri-api v0.0.0-20190828162817-608eb1dad4ac
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.0.0-20191016115521-756ffa5af0bd
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.0.0-20191016112429-9587704a8ad4
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.0.0-20191016114939-2b2b218dc1df
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.0.0-20191016114407-2e83b6f20229
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.0.0-20191016114748-65049c67a58b
-	k8s.io/kubectl => k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
-	k8s.io/kubelet => k8s.io/kubelet v0.0.0-20191016114556-7841ed97f1b2
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.0.0-20191016115753-cf0698c3a16b
-	k8s.io/metrics => k8s.io/metrics v0.0.0-20191016113814-3b1a734dba6e
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.0.0-20191016112829-06bb3c9d77c9
+	k8s.io/api => k8s.io/api v0.25.2
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.2
+	k8s.io/apimachinery => k8s.io/apimachinery v0.25.2
+	k8s.io/apiserver => k8s.io/apiserver v0.25.2
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.2
+	k8s.io/client-go => k8s.io/client-go v0.25.2
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.2
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.2
+	k8s.io/code-generator => k8s.io/code-generator v0.25.2
+	k8s.io/component-base => k8s.io/component-base v0.25.2
+	k8s.io/component-helpers => k8s.io/component-helpers v0.25.2
+	k8s.io/controller-manager => k8s.io/controller-manager v0.25.2
+	k8s.io/cri-api => k8s.io/cri-api v0.25.2
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.2
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.2
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.2
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.2
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.2
+	k8s.io/kubectl => k8s.io/kubectl v0.25.2
+	k8s.io/kubelet => k8s.io/kubelet v0.25.2
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.2
+	k8s.io/metrics => k8s.io/metrics v0.25.2
+	k8s.io/mount-utils => k8s.io/mount-utils v0.25.2
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.2
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.2
 )
-
-replace github.com/docker/docker => github.com/moby/moby v0.7.3-0.20190826074503-38ab9da00309 // Required by Helm