├── .dockerignore ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ └── codeql-analysis.yml ├── .gitignore ├── .semaphore ├── clean_up.yml ├── clear_cache.yml ├── push_images.yml ├── release.yml └── semaphore.yml ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── RELEASING.md ├── api ├── doc.go ├── go.mod ├── go.sum └── v1 │ ├── apiserver_types.go │ ├── applicationlayer_types.go │ ├── authentication_types.go │ ├── benchmarker_types.go │ ├── calico_kubecontrollers_types.go │ ├── calico_node_types.go │ ├── calico_node_windows_types.go │ ├── common_types.go │ ├── compliance_controller_types.go │ ├── compliance_reporter_types.go │ ├── compliance_server_types.go │ ├── compliance_types.go │ ├── csi_node_driver.go │ ├── dashboards_job_types.go │ ├── dex_deployment_types.go │ ├── doc.go │ ├── eckoperator_types.go │ ├── egressgateway_types.go │ ├── eks_logforwarder_types.go │ ├── elasticsearchmetric_types.go │ ├── esgateway_deployment_types.go │ ├── fluentd_daemonset_types.go │ ├── gatewayapi_types.go │ ├── goldmane_deployment_types.go │ ├── goldmane_types.go │ ├── groupversion_info.go │ ├── guardian_deployment_types.go │ ├── imageset_types.go │ ├── installation_types.go │ ├── intrusiondetection_types.go │ ├── kibana_types.go │ ├── l7_logcollector_types.go │ ├── linseed_deployment_types.go │ ├── logcollector_types.go │ ├── logstorage_types.go │ ├── managementcluster_types.go │ ├── managementclusterconnection_types.go │ ├── manager_types.go │ ├── monitor_types.go │ ├── nonclusterhost_types.go │ ├── packetcaptureapi_types.go │ ├── policyrecommendation_types.go │ ├── snapshotter_deployment_types.go │ ├── tenant_types.go │ ├── tigerastatus_types.go │ ├── tlsroute.go │ ├── typha_deployment_types.go │ ├── whisker_deployment_types.go │ ├── whisker_types.go │ ├── windows_upgrade_types.go │ └── zz_generated.deepcopy.go ├── build ├── Dockerfile └── Dockerfile.release-notes ├── cmd └── main.go ├── config ├── calico_versions.yml ├── crd │ ├── bases │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── enterprise_versions.yml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ ├── bases │ │ └── tigera-operator.clusterserviceversion.yaml │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── samples │ ├── kustomization.yaml │ ├── operator_v1_apiserver.yaml │ ├── operator_v1_applicationlayer.yaml │ ├── operator_v1_authentication.yaml │ ├── operator_v1_compliance.yaml │ ├── operator_v1_egressgateway.yaml │ ├── operator_v1_gatewayapi.yaml │ ├── operator_v1_imageset.yaml │ ├── operator_v1_installation.yaml │ ├── operator_v1_intrusiondetection.yaml │ ├── operator_v1_logcollector.yaml │ ├── operator_v1_logstorage.yaml │ ├── operator_v1_managementcluster.yaml │ ├── operator_v1_managementclusterconnection.yaml │ ├── operator_v1_manager.yaml │ ├── operator_v1_monitor.yaml │ ├── operator_v1_policyrecommendation.yaml │ ├── operator_v1_tenant.yaml │ └── operator_v1_tigerastatus.yaml └── scorecard │ ├── bases │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ ├── basic.config.yaml │ └── olm.config.yaml ├── deploy ├── README.md ├── crds │ ├── elastic │ │ ├── agent-crd.yaml │ │ ├── apmserver-crd.yaml │ │ ├── beat-crd.yaml │ │ ├── elasticmapsservers.yaml │ │ ├── elasticsearch-crd.yaml │ │ ├── enterprisesearch-crd.yaml │ │ └── kibana-crd.yaml │ ├── openshift │ │ ├── networkconfig-cr.yaml │ │ └── networkconfig-crd.yaml │ └── prometheus │ │ ├── 01-crd-alertmanagerconfigs.yaml │ │ ├── 01-crd-alertmanagers.yaml │ │ ├── 01-crd-podmonitors.yaml │ │ ├── 01-crd-probes.yaml │ │ ├── 01-crd-prometheuses.yaml │ │ ├── 01-crd-prometheusrules.yaml │ │ ├── 01-crd-servicemonitors.yaml │ │ └── 01-crd-thanosrulers.yaml ├── kind-config.yaml └── scripts │ └── ipv6_kind_cluster_update.sh ├── docs ├── common_tasks.md ├── controller-dependency-graph.svg ├── dev_guidelines.md └── generate-controller-dependency-graph.py ├── git-hooks ├── files-to-skip ├── pre-commit └── pre-commit-in-container ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── gen-bundle │ ├── get-manifests.sh │ └── update-bundle.sh ├── gen-versions │ ├── calico.go.tpl │ ├── components.go │ ├── enterprise.go.tpl │ └── main.go ├── generate_release_notes.py └── release-from │ ├── README.md │ ├── action.go │ ├── flags.go │ ├── main.go │ └── utils.go ├── install-git-hooks ├── internal └── controller │ ├── apiserver_controller.go │ ├── applicationlayer_controller.go │ ├── authentication_controller.go │ ├── compliance_controller.go │ ├── controllers.go │ ├── csr_controller.go │ ├── egressgateway_controller.go │ ├── gatewayapi_controller.go │ ├── goldmane_controller.go │ ├── installation_controller.go │ ├── intrusiondetection_controller.go │ ├── ippool_controller.go │ ├── logcollector_controller.go │ ├── logstorage_controller.go │ ├── managementclusterconnection_controller.go │ ├── manager_controller.go │ ├── monitor_controller.go │ ├── nonclusterhost_controller.go │ ├── packetcapture_controller.go │ ├── policyrecommendation_controller.go │ ├── secrets_controllers.go │ ├── suite_test.go │ ├── suite_test.go.generated │ ├── tiers_controller.go │ ├── whisker_controller.go │ └── windows_controller.go ├── pkg ├── active │ ├── active.go │ ├── active_suite_test.go │ └── active_test.go ├── apis │ ├── addtoscheme_operator_v1.go │ ├── apis.go │ └── crd.projectcalico.org │ │ └── v1 │ │ ├── bgpconfig.go │ │ ├── clusterinfo.go │ │ ├── doc.go │ │ ├── externalnetwork.go │ │ ├── felixconfig.go │ │ ├── ippool.go │ │ ├── kubecontrollersconfiguration.go │ │ ├── register.go │ │ └── zz_generated.deepcopy.go ├── awssgsetup │ └── aws_security_group_setup.go ├── common │ ├── autoscale.go │ ├── common.go │ ├── common_suite_test.go │ ├── components.go │ ├── k8svalidation │ │ ├── helper │ │ │ └── helper.go │ │ ├── v1helper │ │ │ └── v1helper.go │ │ ├── v1validation.go │ │ └── validation.go │ ├── kubernetes_version.go │ ├── kubernetes_version_test.go │ ├── operator_namespace.go │ ├── operator_serviceaccount.go │ ├── operator_serviceaccount_test.go │ ├── validation │ │ ├── apiserver │ │ │ └── validation.go │ │ ├── calico-node │ │ │ └── validation.go │ │ ├── csi-node-driver │ │ │ └── validation.go │ │ ├── kube-controllers │ │ │ └── validation.go │ │ ├── overrides.go │ │ ├── overrides_test.go │ │ ├── typha │ │ │ └── validation.go │ │ └── validation_suite_test.go │ └── windows.go ├── components │ ├── calico.go │ ├── components_suite_test.go │ ├── enterprise.go │ ├── images.go │ ├── images_test.go │ ├── references.go │ └── resources.go ├── controller │ ├── apiserver │ │ ├── apiserver_controller.go │ │ ├── apiserver_controller_test.go │ │ └── apiserver_suite_test.go │ ├── applicationlayer │ │ ├── applicationlayer_controller.go │ │ ├── applicationlayer_controller_test.go │ │ └── applicationlayer_suit_test.go │ ├── authentication │ │ ├── authentication_controller.go │ │ ├── authentication_controller_test.go │ │ └── authentication_suite_test.go │ ├── certificatemanager │ │ ├── certificatemanager.go │ │ ├── certificatemanager_suite_test.go │ │ └── certificatemanager_test.go │ ├── clusterconnection │ │ ├── clusterconnection_controller.go │ │ ├── clusterconnection_controller_test.go │ │ ├── clusterconnection_suite_test.go │ │ └── shim_test.go │ ├── compliance │ │ ├── compliance_controller.go │ │ ├── compliance_controller_test.go │ │ └── compliance_suite_test.go │ ├── csr │ │ ├── csr_controller.go │ │ ├── csr_controller_suite_test.go │ │ └── csr_controller_test.go │ ├── egressgateway │ │ ├── egressgateway_controller.go │ │ ├── egressgateway_controller_test.go │ │ └── egressgateway_suite_test.go │ ├── gatewayapi │ │ ├── gatewayapi_controller.go │ │ ├── gatewayapi_controller_suite_test.go │ │ └── gatewayapi_controller_test.go │ ├── goldmane │ │ └── controller.go │ ├── installation │ │ ├── bpf.go │ │ ├── bpf_test.go │ │ ├── core_controller.go │ │ ├── core_controller_test.go │ │ ├── defaults_test.go │ │ ├── installation_controller_suite_test.go │ │ ├── typha_autoscaler.go │ │ ├── typha_autoscaler_test.go │ │ ├── validation.go │ │ ├── validation_test.go │ │ ├── version.go │ │ ├── version_test.go │ │ ├── windows │ │ │ └── windows_suite_test.go │ │ ├── windows_controller.go │ │ └── windows_controller_test.go │ ├── intrusiondetection │ │ ├── intrusiondetection_controller.go │ │ ├── intrusiondetection_controller_test.go │ │ └── intrusiondetection_suite_test.go │ ├── ippool │ │ ├── defaults.go │ │ ├── kubeadm.go │ │ ├── kubeadm_test.go │ │ ├── pool_controller.go │ │ ├── pool_controller_suite_test.go │ │ ├── pool_controller_test.go │ │ ├── pool_conversion_test.go │ │ └── validation.go │ ├── k8sapi │ │ └── k8s-endpoint.go │ ├── logcollector │ │ ├── logcollector_controller.go │ │ ├── logcollector_controller_test.go │ │ └── logcollector_suite_test.go │ ├── logstorage │ │ ├── common │ │ │ └── common.go │ │ ├── dashboards │ │ │ ├── dashboards_controller.go │ │ │ ├── dashboards_controller_test.go │ │ │ └── dashboards_suite_test.go │ │ ├── elastic │ │ │ ├── elastic_controller.go │ │ │ ├── elastic_controller_test.go │ │ │ ├── elastic_suite_test.go │ │ │ ├── external_elastic_controller.go │ │ │ ├── external_elastic_controller_test.go │ │ │ └── mock.go │ │ ├── esmetrics │ │ │ ├── esmetrics_controller.go │ │ │ ├── esmetrics_controller_test.go │ │ │ └── esmetrics_suite_test.go │ │ ├── initializer │ │ │ ├── conditions_controller.go │ │ │ ├── conditions_controller_test.go │ │ │ ├── initializer_suite_test.go │ │ │ ├── initializing_controller.go │ │ │ └── initializing_controller_test.go │ │ ├── kubecontrollers │ │ │ ├── es_kube_controllers.go │ │ │ ├── es_kube_controllers_test.go │ │ │ ├── esgateway.go │ │ │ └── kubecontrollers_suite_test.go │ │ ├── linseed │ │ │ ├── linseed_controller.go │ │ │ ├── linseed_controller_test.go │ │ │ └── linseed_suite_test.go │ │ ├── logstorage_controller_suite_test.go │ │ ├── managedcluster │ │ │ ├── managed_cluster_controller.go │ │ │ ├── managed_cluster_controller_test.go │ │ │ └── managed_cluster_suite_test.go │ │ ├── secrets │ │ │ ├── secret_controller.go │ │ │ ├── secret_controller_suite_test.go │ │ │ └── secret_controller_test.go │ │ └── users │ │ │ ├── users_controller.go │ │ │ ├── users_controller_suite_test.go │ │ │ └── users_controller_test.go │ ├── manager │ │ ├── manager_controller.go │ │ ├── manager_controller_suite_test.go │ │ └── manager_controller_test.go │ ├── migration │ │ ├── cni │ │ │ ├── calicotypes.go │ │ │ ├── cni.go │ │ │ └── cni_test.go │ │ ├── convert │ │ │ ├── addon_manager.go │ │ │ ├── addon_manager_test.go │ │ │ ├── aws_cni_policy_only_test.go │ │ │ ├── bpf.go │ │ │ ├── bpf_test.go │ │ │ ├── calico_default_config_test.go │ │ │ ├── components.go │ │ │ ├── convert.go │ │ │ ├── convert_suite_test.go │ │ │ ├── convert_test.go │ │ │ ├── core.go │ │ │ ├── core_test.go │ │ │ ├── errors.go │ │ │ ├── felix_vars.go │ │ │ ├── felix_vars_test.go │ │ │ ├── handler.go │ │ │ ├── ippools.go │ │ │ ├── ippools_test.go │ │ │ ├── k8s.go │ │ │ ├── mtu.go │ │ │ ├── mtu_test.go │ │ │ ├── network.go │ │ │ ├── network_test.go │ │ │ ├── testutils_test.go │ │ │ ├── typha.go │ │ │ ├── typha_test.go │ │ │ └── utils.go │ │ ├── converter.go │ │ └── namespace_migration.go │ ├── monitor │ │ ├── alertmanager-config.yaml │ │ ├── monitor_controller.go │ │ ├── monitor_controller_suite_test.go │ │ ├── monitor_controller_test.go │ │ └── prometheus.go │ ├── nonclusterhost │ │ ├── nonclusterhost_controller.go │ │ ├── nonclusterhost_controller_suite_test.go │ │ └── nonclusterhost_controller_test.go │ ├── options │ │ └── options.go │ ├── packetcapture │ │ ├── packetcapture_controller.go │ │ ├── packetcapture_controller_test.go │ │ └── packetcapture_suite_test.go │ ├── policyrecommendation │ │ ├── policyrecommendation_controller.go │ │ ├── policyrecommendation_controller_test.go │ │ └── policyrecommendation_suite_test.go │ ├── secrets │ │ ├── cluster_ca_controller.go │ │ ├── cluster_ca_controller_test.go │ │ ├── secrets_suite_test.go │ │ ├── tenant_controller.go │ │ └── tenant_controller_test.go │ ├── status │ │ ├── mock.go │ │ ├── status.go │ │ ├── status_suite_test.go │ │ └── status_test.go │ ├── tenancy │ │ ├── tenancy.go │ │ └── tenancy_test.go │ ├── tiers │ │ ├── tiers_controller.go │ │ ├── tiers_controller_suite_test.go │ │ └── tiers_controller_test.go │ ├── utils │ │ ├── auth.go │ │ ├── auth_test.go │ │ ├── certs.go │ │ ├── component.go │ │ ├── component_test.go │ │ ├── discovery.go │ │ ├── discovery_test.go │ │ ├── elasticsearch.go │ │ ├── elasticsearch_test.go │ │ ├── felix_configuration.go │ │ ├── imageset │ │ │ ├── imageset.go │ │ │ ├── imageset_suite_test.go │ │ │ └── imageset_test.go │ │ ├── merge.go │ │ ├── merge_test.go │ │ ├── namespace_helper.go │ │ ├── tenant_event_handler.go │ │ ├── test_files │ │ │ ├── 01_get_policy.json │ │ │ ├── 01_put_policy.json │ │ │ ├── 02_get_policy.json │ │ │ ├── 02_put_policy.json │ │ │ └── 02_put_policy_readonly.json │ │ ├── utils.go │ │ ├── utils_suite_test.go │ │ └── utils_test.go │ └── whisker │ │ └── controller.go ├── crds │ ├── calico │ │ ├── crd.projectcalico.org_bgpconfigurations.yaml │ │ ├── crd.projectcalico.org_bgpfilters.yaml │ │ ├── crd.projectcalico.org_bgppeers.yaml │ │ ├── crd.projectcalico.org_blockaffinities.yaml │ │ ├── crd.projectcalico.org_caliconodestatuses.yaml │ │ ├── crd.projectcalico.org_clusterinformations.yaml │ │ ├── crd.projectcalico.org_felixconfigurations.yaml │ │ ├── crd.projectcalico.org_globalnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_globalnetworksets.yaml │ │ ├── crd.projectcalico.org_hostendpoints.yaml │ │ ├── crd.projectcalico.org_ipamblocks.yaml │ │ ├── crd.projectcalico.org_ipamconfigs.yaml │ │ ├── crd.projectcalico.org_ipamhandles.yaml │ │ ├── crd.projectcalico.org_ippools.yaml │ │ ├── crd.projectcalico.org_ipreservations.yaml │ │ ├── crd.projectcalico.org_kubecontrollersconfigurations.yaml │ │ ├── crd.projectcalico.org_networkpolicies.yaml │ │ ├── crd.projectcalico.org_networksets.yaml │ │ ├── crd.projectcalico.org_stagedglobalnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_stagednetworkpolicies.yaml │ │ ├── crd.projectcalico.org_tiers.yaml │ │ ├── policy.networking.k8s.io_adminnetworkpolicies.yaml │ │ └── policy.networking.k8s.io_baselineadminnetworkpolicies.yaml │ ├── crds.go │ ├── crds_suite_test.go │ ├── crds_test.go │ ├── enterprise │ │ ├── 01-crd-eck-bundle.yaml │ │ ├── crd.projectcalico.org_alertexceptions.yaml │ │ ├── crd.projectcalico.org_bfdconfigurations.yaml │ │ ├── crd.projectcalico.org_bgpconfigurations.yaml │ │ ├── crd.projectcalico.org_bgpfilters.yaml │ │ ├── crd.projectcalico.org_bgppeers.yaml │ │ ├── crd.projectcalico.org_blockaffinities.yaml │ │ ├── crd.projectcalico.org_caliconodestatuses.yaml │ │ ├── crd.projectcalico.org_clusterinformations.yaml │ │ ├── crd.projectcalico.org_deeppacketinspections.yaml │ │ ├── crd.projectcalico.org_egressgatewaypolicies.yaml │ │ ├── crd.projectcalico.org_externalnetworks.yaml │ │ ├── crd.projectcalico.org_felixconfigurations.yaml │ │ ├── crd.projectcalico.org_globalalerts.yaml │ │ ├── crd.projectcalico.org_globalalerttemplates.yaml │ │ ├── crd.projectcalico.org_globalnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_globalnetworksets.yaml │ │ ├── crd.projectcalico.org_globalreports.yaml │ │ ├── crd.projectcalico.org_globalreporttypes.yaml │ │ ├── crd.projectcalico.org_globalthreatfeeds.yaml │ │ ├── crd.projectcalico.org_hostendpoints.yaml │ │ ├── crd.projectcalico.org_ipamblocks.yaml │ │ ├── crd.projectcalico.org_ipamconfigs.yaml │ │ ├── crd.projectcalico.org_ipamhandles.yaml │ │ ├── crd.projectcalico.org_ippools.yaml │ │ ├── crd.projectcalico.org_ipreservations.yaml │ │ ├── crd.projectcalico.org_kubecontrollersconfigurations.yaml │ │ ├── crd.projectcalico.org_licensekeys.yaml │ │ ├── crd.projectcalico.org_managedclusters.yaml │ │ ├── crd.projectcalico.org_networkpolicies.yaml │ │ ├── crd.projectcalico.org_networksets.yaml │ │ ├── crd.projectcalico.org_packetcaptures.yaml │ │ ├── crd.projectcalico.org_policyrecommendationscopes.yaml │ │ ├── crd.projectcalico.org_remoteclusterconfigurations.yaml │ │ ├── crd.projectcalico.org_securityeventwebhooks.yaml │ │ ├── crd.projectcalico.org_stagedglobalnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml │ │ ├── crd.projectcalico.org_stagednetworkpolicies.yaml │ │ ├── crd.projectcalico.org_tiers.yaml │ │ ├── crd.projectcalico.org_uisettings.yaml │ │ ├── crd.projectcalico.org_uisettingsgroups.yaml │ │ ├── policy.networking.k8s.io_adminnetworkpolicies.yaml │ │ ├── policy.networking.k8s.io_baselineadminnetworkpolicies.yaml │ │ └── usage.tigera.io_licenseusagereports.yaml │ └── operator │ │ ├── operator.tigera.io_apiservers.yaml │ │ ├── operator.tigera.io_applicationlayers.yaml │ │ ├── operator.tigera.io_authentications.yaml │ │ ├── operator.tigera.io_compliances.yaml │ │ ├── operator.tigera.io_egressgateways.yaml │ │ ├── operator.tigera.io_gatewayapis.yaml │ │ ├── operator.tigera.io_goldmanes.yaml │ │ ├── operator.tigera.io_imagesets.yaml │ │ ├── operator.tigera.io_installations.yaml │ │ ├── operator.tigera.io_intrusiondetections.yaml │ │ ├── operator.tigera.io_logcollectors.yaml │ │ ├── operator.tigera.io_logstorages.yaml │ │ ├── operator.tigera.io_managementclusterconnections.yaml │ │ ├── operator.tigera.io_managementclusters.yaml │ │ ├── operator.tigera.io_managers.yaml │ │ ├── operator.tigera.io_monitors.yaml │ │ ├── operator.tigera.io_nonclusterhosts.yaml │ │ ├── operator.tigera.io_packetcaptureapis.yaml │ │ ├── operator.tigera.io_policyrecommendations.yaml │ │ ├── operator.tigera.io_tenants.yaml │ │ ├── operator.tigera.io_tigerastatuses.yaml │ │ ├── operator.tigera.io_tlspassthroughroutes.yaml │ │ ├── operator.tigera.io_tlsterminatedroutes.yaml │ │ └── operator.tigera.io_whiskers.yaml ├── crypto │ ├── crypto.go │ └── crypto_test.go ├── ctrlruntime │ ├── client │ │ ├── fake │ │ │ └── client.go │ │ └── type.go │ └── controller.go ├── dns │ ├── dns.go │ ├── dns_suite_test.go │ ├── dns_test.go │ └── testdata │ │ └── resolv.conf ├── ptr │ └── conversion.go ├── render │ ├── apiserver.go │ ├── apiserver_test.go │ ├── applicationlayer │ │ ├── applicationlayer.go │ │ ├── applicationlayer_suit_test.go │ │ ├── applicationlayer_test.go │ │ ├── envoy-config.yaml.template │ │ └── ruleset │ │ │ ├── coreruleset │ │ │ └── tigera.conf │ │ │ ├── embed.go │ │ │ └── embed_test.go │ ├── aws-securitygroup-setup.go │ ├── aws-securitygroup-setup_test.go │ ├── certificatemanagement │ │ └── certificatemanagement.go │ ├── common │ │ ├── authentication │ │ │ ├── tigera │ │ │ │ └── key_validator_config │ │ │ │ │ ├── key_validator_config.go │ │ │ │ │ └── key_validator_config_options.go │ │ │ └── types.go │ │ ├── components │ │ │ ├── components.go │ │ │ ├── components_suite_test.go │ │ │ └── components_test.go │ │ ├── configmap │ │ │ └── configmaps.go │ │ ├── elasticsearch │ │ │ ├── clusterconfig.go │ │ │ ├── decorator.go │ │ │ ├── decorator_test.go │ │ │ ├── service.go │ │ │ └── tls.go │ │ ├── kibana │ │ │ └── service.go │ │ ├── meta │ │ │ └── meta.go │ │ ├── networkpolicy │ │ │ ├── k8snetworkpolicy.go │ │ │ └── networkpolicy.go │ │ ├── podaffinity │ │ │ └── pod_anti_affinity.go │ │ ├── resourcequota │ │ │ └── resourcequota.go │ │ ├── secret │ │ │ └── secrets.go │ │ ├── securitycontext │ │ │ └── security_context.go │ │ ├── securitycontextconstraints │ │ │ └── security_context_constraints.go │ │ ├── selector │ │ │ └── label.go │ │ └── test │ │ │ └── testing.go │ ├── compliance.go │ ├── compliance_test.go │ ├── component.go │ ├── crypto_utils.go │ ├── csi.go │ ├── csi_test.go │ ├── dex.go │ ├── dex_config.go │ ├── dex_config_test.go │ ├── dex_test.go │ ├── egressgateway │ │ ├── egressgateway.go │ │ ├── egressgateway_suite_test.go │ │ └── egressgateway_test.go │ ├── finalizers.go │ ├── fluentd.go │ ├── fluentd_test.go │ ├── gateway_api.go │ ├── gateway_api_resources.yaml │ ├── gateway_api_test.go │ ├── goldmane │ │ ├── component.go │ │ ├── component_test.go │ │ └── suite_test.go │ ├── guardian.go │ ├── guardian_test.go │ ├── intrusion_detection.go │ ├── intrusion_detection_test.go │ ├── intrusiondetection │ │ └── dpi │ │ │ ├── dpi.go │ │ │ ├── dpi_suite_test.go │ │ │ └── dpi_test.go │ ├── kubecontrollers │ │ ├── kube-controllers.go │ │ ├── kube-controllers_suite_test.go │ │ └── kube-controllers_test.go │ ├── logstorage.go │ ├── logstorage │ │ ├── dashboards │ │ │ ├── dashboards.go │ │ │ ├── dashboards_suite_test.go │ │ │ └── dashboards_test.go │ │ ├── eck │ │ │ ├── eck.go │ │ │ ├── eck_suite_test.go │ │ │ └── eck_test.go │ │ ├── esgateway │ │ │ ├── esgateway.go │ │ │ ├── esgateway_suite_test.go │ │ │ └── esgateway_test.go │ │ ├── esmetrics │ │ │ ├── elasticsearch_metrics.go │ │ │ ├── elasticsearch_metrics_suite_test.go │ │ │ └── elasticsearch_metrics_test.go │ │ ├── external.go │ │ ├── externalelasticsearch │ │ │ ├── externalelasticsearch.go │ │ │ ├── externalelasticsearch_suite_test.go │ │ │ └── externalelasticsearch_test.go │ │ ├── kibana │ │ │ ├── kibana.go │ │ │ ├── kibana_suite_test.go │ │ │ └── kibana_test.go │ │ └── linseed │ │ │ ├── linseed.go │ │ │ ├── linseed_suite_test.go │ │ │ └── linseed_test.go │ ├── logstorage_test.go │ ├── manager.go │ ├── manager │ │ ├── manager_route_config.go │ │ ├── manager_route_config_test.go │ │ └── manager_suite_test.go │ ├── manager_test.go │ ├── monitor │ │ ├── monitor.go │ │ ├── monitor_suite_test.go │ │ └── monitor_test.go │ ├── namespaces.go │ ├── namespaces_test.go │ ├── node.go │ ├── node_test.go │ ├── nonclusterhost │ │ ├── nonclusterhost.go │ │ ├── nonclusterhost_suite_test.go │ │ └── nonclusterhost_test.go │ ├── packet_capture_api.go │ ├── packet_capture_api_test.go │ ├── passthru.go │ ├── policyrecommendation.go │ ├── policyrecommendation_test.go │ ├── render.go │ ├── render_suite_test.go │ ├── render_test.go │ ├── testutils │ │ ├── expected_policies │ │ │ ├── alertmanager-mesh.json │ │ │ ├── alertmanager-mesh_ocp.json │ │ │ ├── alertmanager.json │ │ │ ├── alertmanager_ocp.json │ │ │ ├── apiserver.json │ │ │ ├── apiserver_ocp.json │ │ │ ├── compliance-server.json │ │ │ ├── compliance-server_ocp.json │ │ │ ├── compliance_managed.json │ │ │ ├── compliance_managed_ocp.json │ │ │ ├── compliance_unmanaged.json │ │ │ ├── compliance_unmanaged_ocp.json │ │ │ ├── dashboards.json │ │ │ ├── dashboards_ocp.json │ │ │ ├── dex.json │ │ │ ├── dex_ocp.json │ │ │ ├── dns.json │ │ │ ├── dns_ocp.json │ │ │ ├── dpi_managed.json │ │ │ ├── dpi_managed_ocp.json │ │ │ ├── dpi_unmanaged.json │ │ │ ├── dpi_unmanaged_ocp.json │ │ │ ├── elastic-operator.json │ │ │ ├── elastic-operator_ocp.json │ │ │ ├── elasticsearch-internal.json │ │ │ ├── elasticsearch.json │ │ │ ├── elasticsearch_ocp.json │ │ │ ├── es-gateway.json │ │ │ ├── es-gateway_ocp.json │ │ │ ├── es-kubecontrollers.json │ │ │ ├── es-kubecontrollers_ocp.json │ │ │ ├── es-metrics.json │ │ │ ├── es-metrics_ocp.json │ │ │ ├── fluentd_managed.json │ │ │ ├── fluentd_unmanaged.json │ │ │ ├── fluentd_unmanaged_ocp.json │ │ │ ├── guardian.json │ │ │ ├── guardian_ocp.json │ │ │ ├── intrusion-detection-controller_managed.json │ │ │ ├── intrusion-detection-controller_managed_ocp.json │ │ │ ├── intrusion-detection-controller_unmanaged.json │ │ │ ├── intrusion-detection-controller_unmanaged_ocp.json │ │ │ ├── intrusion-detection-elastic.json │ │ │ ├── intrusion-detection-elastic_ocp.json │ │ │ ├── kibana.json │ │ │ ├── kibana_ocp.json │ │ │ ├── kubecontrollers.json │ │ │ ├── kubecontrollers_managed.json │ │ │ ├── kubecontrollers_managed_ocp.json │ │ │ ├── kubecontrollers_ocp.json │ │ │ ├── linseed.json │ │ │ ├── linseed_dpi_enabled.json │ │ │ ├── linseed_ocp.json │ │ │ ├── linseed_ocp_dpi_enabled.json │ │ │ ├── manager.json │ │ │ ├── manager_ocp.json │ │ │ ├── node_local_dns_dual.json │ │ │ ├── node_local_dns_ipv4.json │ │ │ ├── node_local_dns_ipv6.json │ │ │ ├── packetcapture.json │ │ │ ├── packetcapture_managed.json │ │ │ ├── packetcapture_managed_ocp.json │ │ │ ├── packetcapture_ocp.json │ │ │ ├── policyrecommendation.json │ │ │ ├── policyrecommendation_ocp.json │ │ │ ├── prometheus-api.json │ │ │ ├── prometheus-api_ocp.json │ │ │ ├── prometheus-operator.json │ │ │ ├── prometheus-operator_ocp.json │ │ │ ├── prometheus.json │ │ │ └── prometheus_ocp.json │ │ ├── fixtures.go │ │ └── policy.go │ ├── tiers │ │ ├── tiers.go │ │ ├── tiers_suite_test.go │ │ └── tiers_test.go │ ├── typha.go │ ├── typha_test.go │ ├── utils.go │ ├── whisker │ │ ├── component.go │ │ ├── component_test.go │ │ └── suite_test.go │ ├── windows.go │ └── windows_test.go ├── tls │ ├── certificatemanagement │ │ ├── certificatebundle.go │ │ ├── csr.go │ │ ├── interface.go │ │ ├── keypair.go │ │ └── tls.go │ ├── certkeyusage │ │ └── certkeyusage.go │ └── tls.go └── url │ └── url.go ├── test ├── active_test.go ├── crd_management_test.go ├── dependencies.go ├── fv_suite_test.go ├── load_images_on_kind_cluster.sh ├── mainline_test.go ├── pool_test.go ├── struct_defaulter.go ├── struct_defaulter_test.go ├── utils.go └── whisker_test.go └── version └── version.go /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !LICENSE 3 | !build 4 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Require review for all changes by an operator-maintainer 2 | * @tigera/tigera-operator-maintainers 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Expected Behavior 4 | 5 | 6 | 7 | 8 | ## Current Behavior 9 | 10 | 11 | 12 | 13 | ## Possible Solution 14 | 15 | 16 | 17 | 18 | ## Steps to Reproduce (for bugs) 19 | 20 | 21 | 22 | 1. 23 | 2. 24 | 3. 25 | 4. 26 | 27 | ## Context 28 | 29 | 30 | 31 | 32 | ## Your Environment 33 | 34 | 35 | * Operating System and version: 36 | * Link to your project (optional): 37 | 38 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | 11 | 12 | ## For PR author 13 | 14 | - [ ] Tests for change. 15 | - [ ] If changing pkg/apis/, run `make gen-files` 16 | - [ ] If changing versions, run `make gen-versions` 17 | 18 | ## For PR reviewers 19 | 20 | A note for code reviewers - all pull requests must have the following: 21 | 22 | - [ ] Milestone set according to targeted release. 23 | - [ ] Appropriate labels: 24 | - `kind/bug` if this is a bugfix. 25 | - `kind/enhancement` if this is a a new feature. 26 | - `enterprise` if this PR applies to Calico Enterprise only. 27 | -------------------------------------------------------------------------------- /.semaphore/clean_up.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: Operator Clean Up 3 | 4 | execution_time_limit: 5 | hours: 4 6 | 7 | agent: 8 | machine: 9 | type: f1-standard-2 10 | os_image: ubuntu2004 11 | 12 | blocks: 13 | - name: Clear Commit Caches 14 | task: 15 | jobs: 16 | - name: Clear Commit Caches 17 | commands: 18 | - 'cache delete bin-amd64-${SEMAPHORE_GIT_SHA}' 19 | - 'cache delete go-pkg-cache-amd64-${SEMAPHORE_GIT_SHA}' 20 | - 'cache delete go-mod-cache-amd64-${SEMAPHORE_GIT_SHA}' 21 | - 'cache delete bin-arm64-${SEMAPHORE_GIT_SHA}' 22 | - 'cache delete go-pkg-cache-arm64-${SEMAPHORE_GIT_SHA}' 23 | - 'cache delete go-mod-cache-arm64-${SEMAPHORE_GIT_SHA}' 24 | - 'cache delete bin-ppc64le-${SEMAPHORE_GIT_SHA}' 25 | - 'cache delete go-pkg-cache-ppc64le-${SEMAPHORE_GIT_SHA}' 26 | - 'cache delete go-mod-cache-ppc64le-${SEMAPHORE_GIT_SHA}' 27 | - 'cache delete bin-s390x-${SEMAPHORE_GIT_SHA}' 28 | - 'cache delete go-pkg-cache-s390x-${SEMAPHORE_GIT_SHA}' 29 | - 'cache delete go-mod-cache-s390x-${SEMAPHORE_GIT_SHA}' 30 | -------------------------------------------------------------------------------- /.semaphore/clear_cache.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: Operator Clean Up 3 | 4 | execution_time_limit: 5 | hours: 4 6 | 7 | agent: 8 | machine: 9 | type: f1-standard-2 10 | os_image: ubuntu2004 11 | 12 | blocks: 13 | - name: Clear Entire Cache 14 | task: 15 | jobs: 16 | - name: Clear Entire Cache 17 | commands: 18 | - 'cache clear' 19 | 20 | -------------------------------------------------------------------------------- /api/doc.go: -------------------------------------------------------------------------------- 1 | package api 2 | -------------------------------------------------------------------------------- /api/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/tigera/operator/api 2 | 3 | go 1.23.5 4 | 5 | require ( 6 | github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1 7 | k8s.io/api v0.32.2 8 | k8s.io/apimachinery v0.32.2 9 | sigs.k8s.io/controller-runtime v0.20.2 10 | ) 11 | 12 | require ( 13 | github.com/fxamacker/cbor/v2 v2.7.0 // indirect 14 | github.com/go-logr/logr v1.4.2 // indirect 15 | github.com/gogo/protobuf v1.3.2 // indirect 16 | github.com/google/gofuzz v1.2.0 // indirect 17 | github.com/json-iterator/go v1.1.12 // indirect 18 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 19 | github.com/modern-go/reflect2 v1.0.2 // indirect 20 | github.com/x448/float16 v0.8.4 // indirect 21 | golang.org/x/net v0.38.0 // indirect 22 | golang.org/x/text v0.23.0 // indirect 23 | gopkg.in/inf.v0 v0.9.1 // indirect 24 | k8s.io/klog/v2 v2.130.1 // indirect 25 | k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect 26 | sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect 27 | sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect 28 | sigs.k8s.io/yaml v1.4.0 // indirect 29 | ) 30 | -------------------------------------------------------------------------------- /api/v1/doc.go: -------------------------------------------------------------------------------- 1 | // API Schema definitions for configuring the installation of Calico and Calico Enterprise 2 | // +k8s:deepcopy-gen=package,register 3 | // +groupName=operator.tigera.io 4 | package v1 5 | -------------------------------------------------------------------------------- /api/v1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1 contains API Schema definitions for the operator v1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=operator.tigera.io 20 | package v1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "operator.tigera.io", Version: "v1"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /build/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10 AS ubi 16 | 17 | FROM scratch AS source 18 | 19 | ARG TARGETARCH 20 | 21 | COPY --from=ubi /etc/pki /etc/pki/ 22 | COPY --from=ubi /usr/share/pki /usr/share/pki/ 23 | 24 | COPY LICENSE /licenses/LICENSE 25 | 26 | COPY build/_output/bin/operator-${TARGETARCH} /usr/bin/operator 27 | 28 | FROM calico/base 29 | 30 | ARG GIT_VERSION=unknown 31 | 32 | LABEL description="Tigera Operator manages the lifecycle of a Calico or Calico Enterprise installation on Kubernetes or OpenShift" 33 | LABEL maintainer="maintainers@tigera.io" 34 | LABEL name="Tigera Operator" 35 | LABEL release="1" 36 | LABEL summary="Tigera Operator manages the lifecycle of a Calico or Calico Enterprise installation on Kubernetes or OpenShift" 37 | LABEL vendor="Tigera" 38 | LABEL version=${GIT_VERSION} 39 | 40 | COPY --from=source / / 41 | 42 | USER 10001:10001 43 | 44 | ENTRYPOINT ["/usr/bin/operator"] 45 | -------------------------------------------------------------------------------- /build/Dockerfile.release-notes: -------------------------------------------------------------------------------- 1 | FROM python:3-alpine 2 | 3 | LABEL maintainer="engineering-release@tigera.io" 4 | 5 | WORKDIR /workdir 6 | 7 | RUN python3 -m pip install PyGithub==2.3.0 PyYAML==6.0.1 8 | 9 | CMD [ "./hack/generate_release_notes.py" ] 10 | -------------------------------------------------------------------------------- /config/calico_versions.yml: -------------------------------------------------------------------------------- 1 | # Components defined here are required to be kept in sync with hack/gen-versions/calico.go.tpl 2 | title: master 3 | components: 4 | libcalico-go: 5 | version: master 6 | typha: 7 | version: master 8 | calico/node: 9 | version: master 10 | calico/cni: 11 | version: master 12 | calico/node-windows: 13 | version: master 14 | calico/cni-windows: 15 | version: master 16 | calico/kube-controllers: 17 | version: master 18 | calico/goldmane: 19 | version: master 20 | flexvol: 21 | version: master 22 | calico/apiserver: 23 | version: master 24 | calico/csi: 25 | version: master 26 | csi-node-driver-registrar: 27 | version: master 28 | key-cert-provisioner: 29 | version: master 30 | calico/whisker: 31 | version: master 32 | calico/whisker-backend: 33 | version: master 34 | calico/envoy-gateway: 35 | version: master 36 | calico/envoy-proxy: 37 | version: master 38 | calico/envoy-ratelimit: 39 | version: master 40 | calico/guardian: 41 | version: master 42 | 43 | -------------------------------------------------------------------------------- /config/crd/bases: -------------------------------------------------------------------------------- 1 | ../../pkg/crds/operator -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/tigera-operator.clusterserviceversion.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - operator_v1_installation.yaml 4 | - operator_v1_foo.yaml 5 | - operator_v1_apiserver.yaml 6 | - operator_v1_applicationlayer.yaml 7 | - operator_v1_authentication.yaml 8 | - operator_v1_compliance.yaml 9 | - operator_v1_egressgateway.yaml 10 | - operator_v1_gatewayapi.yaml 11 | - operator_v1_imageset.yaml 12 | - operator_v1_installation.yaml 13 | - operator_v1_intrusiondetection.yaml 14 | - operator_v1_logcollector.yaml 15 | - operator_v1_logstorage.yaml 16 | - operator_v1_managementclusterconnection.yaml 17 | - operator_v1_managementcluster.yaml 18 | - operator_v1_manager.yaml 19 | - operator_v1_monitor.yaml 20 | - operator_v1_nonclusterhost.yaml 21 | - operator_v1_packetcaptureapi.yaml 22 | - operator_v1_policyrecommendation.yaml 23 | - operator_v1_tenant.yaml 24 | - operator_v1_tigerastatus.yaml 25 | - operator_v1_tlspassthroughroute.yaml 26 | - operator_v1_tlsterminatedroute.yaml 27 | # +kubebuilder:scaffold:manifestskustomizesamples 28 | -------------------------------------------------------------------------------- /config/samples/operator_v1_apiserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: APIServer 3 | metadata: 4 | name: tigera-secure 5 | spec: {} 6 | -------------------------------------------------------------------------------- /config/samples/operator_v1_applicationlayer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: ApplicationLayer 3 | metadata: 4 | name: tigera-secure 5 | spec: 6 | logCollection: 7 | collectLogs: Disabled 8 | webApplicationFirewall: Disabled 9 | -------------------------------------------------------------------------------- /config/samples/operator_v1_authentication.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Authentication 3 | metadata: 4 | name: tigera-secure 5 | spec: {} 6 | -------------------------------------------------------------------------------- /config/samples/operator_v1_compliance.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Compliance 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_egressgateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: EgressGateway 3 | metadata: 4 | name: egressgateway-sample 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_gatewayapi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: GatewayAPI 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_imageset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: ImageSet 3 | metadata: 4 | name: calico-v3.4.0 5 | spec: 6 | images: 7 | - image: "calico/node" 8 | digest: "sha256:0deadbeef1234567890" 9 | - image: "calico/cni" 10 | digest: "sha256:0deadbeef1234567890" 11 | - image: "calico/typha" 12 | digest: "sha256:0deadbeef1234567890" 13 | - image: "calico/kube-controllers" 14 | digest: "sha256:0deadbeef1234567890" 15 | - image: "tigera/operator" 16 | digest: "sha256:0deadbeef1234567890" 17 | -------------------------------------------------------------------------------- /config/samples/operator_v1_installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Installation 3 | metadata: 4 | name: default 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_intrusiondetection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: IntrusionDetection 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_logcollector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: LogCollector 3 | metadata: 4 | name: example-logcollector 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_logstorage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: LogStorage 3 | metadata: 4 | name: tigera-secure 5 | spec: 6 | nodes: 7 | count: 1 8 | 9 | -------------------------------------------------------------------------------- /config/samples/operator_v1_managementcluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: ManagementCluster 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_managementclusterconnection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: ManagementClusterConnection 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Manager 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Monitor 3 | metadata: 4 | name: tigera-secure 5 | spec: {} 6 | -------------------------------------------------------------------------------- /config/samples/operator_v1_policyrecommendation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: PolicyRecommendation 3 | metadata: 4 | name: tigera-secure 5 | -------------------------------------------------------------------------------- /config/samples/operator_v1_tenant.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: Tenant 3 | metadata: 4 | name: tenant-sample 5 | namespace: some-namespace 6 | spec: 7 | id: some-id 8 | -------------------------------------------------------------------------------- /config/samples/operator_v1_tigerastatus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.tigera.io/v1 2 | kind: TigeraStatus 3 | metadata: 4 | name: tigerastatus-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | # +kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.0.1 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.0.1 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.0.1 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.0.1 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.0.1 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.0.1 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /deploy/README.md: -------------------------------------------------------------------------------- 1 | # Deploy CRDs and scripts for tests 2 | 3 | This directory contains crds and scripts for tests. 4 | 5 | For release versions of CRDs and operator manifests (deployment, RBAC, etc.), see the Calico [Kubernetes](https://docs.projectcalico.org/getting-started/kubernetes/quickstart) or [OpenShift](https://docs.projectcalico.org/getting-started/openshift/installation) installation instructions. 6 | 7 | -------------------------------------------------------------------------------- /deploy/crds/openshift/networkconfig-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: Network 3 | metadata: 4 | name: cluster 5 | spec: 6 | clusterNetwork: 7 | - cidr: 10.128.0.0/14 8 | hostPrefix: 23 9 | networkType: None 10 | serviceNetwork: 11 | - 172.30.0.0/16 12 | -------------------------------------------------------------------------------- /deploy/kind-config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | networking: 4 | disableDefaultCNI: true 5 | podSubnet: "192.168.0.0/16,fd00:10:244::/64" 6 | ipFamily: dual 7 | nodes: 8 | - role: control-plane 9 | - role: worker 10 | - role: worker 11 | - role: worker 12 | kubeadmConfigPatches: 13 | - | 14 | apiVersion: kubeadm.k8s.io/v1beta2 15 | kind: ClusterConfiguration 16 | metadata: 17 | name: config 18 | featureGates: 19 | IPv6DualStack: true 20 | - | 21 | apiVersion: kubeproxy.config.k8s.io/v1alpha1 22 | kind: KubeProxyConfiguration 23 | metadata: 24 | name: config 25 | mode: ipvs 26 | conntrack: 27 | maxPerCore: 0 28 | -------------------------------------------------------------------------------- /deploy/scripts/ipv6_kind_cluster_update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # test directory. 4 | TEST_DIR=./tests/k8st 5 | 6 | # kubectl binary. 7 | : ${kubectl:=./bin/kubectl} 8 | 9 | # kind binary. 10 | : ${KIND:=./bin/kind} 11 | 12 | function checkModule(){ 13 | MODULE="$1" 14 | echo "Checking kernel module $MODULE ..." 15 | if lsmod | grep "$MODULE" &> /dev/null ; then 16 | return 0 17 | else 18 | return 1 19 | fi 20 | } 21 | 22 | echo "Set ipv6 address on each node" 23 | docker exec kind-control-plane ip -6 a a 2001:20::8/64 dev eth0 24 | docker exec kind-worker ip -6 a a 2001:20::1/64 dev eth0 25 | docker exec kind-worker2 ip -6 a a 2001:20::2/64 dev eth0 26 | docker exec kind-worker3 ip -6 a a 2001:20::3/64 dev eth0 27 | echo 28 | -------------------------------------------------------------------------------- /git-hooks/files-to-skip: -------------------------------------------------------------------------------- 1 | api/v1/zz_generated.deepcopy.go 2 | pkg/apis/crd.projectcalico.org/v1/zz_generated.deepcopy.go 3 | -------------------------------------------------------------------------------- /git-hooks/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -e 17 | 18 | make pre-commit 19 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /install-git-hooks: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | cd .git/hooks 6 | ln -sf ../../git-hooks/* ./ 7 | -------------------------------------------------------------------------------- /internal/controller/compliance_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ctrl "sigs.k8s.io/controller-runtime" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | 25 | "github.com/tigera/operator/pkg/controller/compliance" 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // ComplianceReconciler reconciles a Compliance object 30 | type ComplianceReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=compliances,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=compliances/status,verbs=get;update;patch 38 | 39 | func (r *ComplianceReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return compliance.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/csr_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "github.com/tigera/operator/pkg/controller/csr" 22 | "github.com/tigera/operator/pkg/controller/options" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | "sigs.k8s.io/controller-runtime/pkg/client" 26 | ) 27 | 28 | // CSRReconciler reconciles CSRs. 29 | type CSRReconciler struct { 30 | client.Client 31 | Log logr.Logger 32 | Scheme *runtime.Scheme 33 | } 34 | 35 | func (r *CSRReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 36 | return csr.Add(mgr, opts) 37 | } 38 | -------------------------------------------------------------------------------- /internal/controller/egressgateway_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "github.com/tigera/operator/pkg/controller/egressgateway" 22 | "github.com/tigera/operator/pkg/controller/options" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | "sigs.k8s.io/controller-runtime/pkg/client" 26 | ) 27 | 28 | // EgressGatewayReconciler reconciles a EgressGateway object 29 | type EgressGatewayReconciler struct { 30 | client.Client 31 | Log logr.Logger 32 | Scheme *runtime.Scheme 33 | } 34 | 35 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=egressgateways,verbs=get;list;watch;create;update;patch;delete 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=egressgateways/status,verbs=get;update;patch 37 | 38 | func (r *EgressGatewayReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 39 | return egressgateway.Add(mgr, opts) 40 | } 41 | -------------------------------------------------------------------------------- /internal/controller/gatewayapi_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/tigera/operator/pkg/controller/gatewayapi" 21 | "github.com/tigera/operator/pkg/controller/options" 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ctrl "sigs.k8s.io/controller-runtime" 24 | "sigs.k8s.io/controller-runtime/pkg/client" 25 | ) 26 | 27 | // GatewayAPIReconciler reconciles a GatewayAPI object 28 | type GatewayAPIReconciler struct { 29 | client.Client 30 | Scheme *runtime.Scheme 31 | } 32 | 33 | //+kubebuilder:rbac:groups=operator.tigera.io,resources=gatewayapis,verbs=get;list;watch;create;update;patch;delete 34 | 35 | // SetupWithManager sets up the controller with the Manager. 36 | func (r *GatewayAPIReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 37 | return gatewayapi.Add(mgr, opts) 38 | } 39 | -------------------------------------------------------------------------------- /internal/controller/goldmane_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ctrl "sigs.k8s.io/controller-runtime" 24 | "sigs.k8s.io/controller-runtime/pkg/client" 25 | 26 | "github.com/tigera/operator/pkg/controller/goldmane" 27 | "github.com/tigera/operator/pkg/controller/options" 28 | ) 29 | 30 | // GoldmaneReconciler reconciles a Goldmane object 31 | type GoldmaneReconciler struct { 32 | client.Client 33 | Log logr.Logger 34 | Scheme *runtime.Scheme 35 | } 36 | 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=goldmanes,verbs=get;list;watch;create;update;patch;delete 38 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=goldmanes/status,verbs=get;update;patch 39 | 40 | func (r *GoldmaneReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 41 | return goldmane.Add(mgr, opts) 42 | } 43 | -------------------------------------------------------------------------------- /internal/controller/ippool_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ctrl "sigs.k8s.io/controller-runtime" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | 25 | "github.com/tigera/operator/pkg/controller/ippool" 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // IPPoolReconciler reconciles IP pools 30 | type IPPoolReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=installations,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=installations/status,verbs=get;update;patch 38 | 39 | func (r *IPPoolReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return ippool.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/logcollector_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ctrl "sigs.k8s.io/controller-runtime" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | 25 | "github.com/tigera/operator/pkg/controller/logcollector" 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // LogCollectorReconciler reconciles a LogCollector object 30 | type LogCollectorReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=logcollectors,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=logcollectors/status,verbs=get;update;patch 38 | 39 | func (r *LogCollectorReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return logcollector.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/manager_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ctrl "sigs.k8s.io/controller-runtime" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | 25 | "github.com/tigera/operator/pkg/controller/manager" 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // ManagerReconciler reconciles a Manager object 30 | type ManagerReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=managers,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=managers/status,verbs=get;update;patch 38 | 39 | func (r *ManagerReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return manager.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/monitor_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ctrl "sigs.k8s.io/controller-runtime" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | 25 | "github.com/tigera/operator/pkg/controller/monitor" 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // MonitorReconciler reconciles a Monitor object 30 | type MonitorReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=monitors,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=monitors/status,verbs=get;update;patch 38 | 39 | func (r *MonitorReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return monitor.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/nonclusterhost_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package controller 16 | 17 | import ( 18 | "github.com/go-logr/logr" 19 | "k8s.io/apimachinery/pkg/runtime" 20 | ctrl "sigs.k8s.io/controller-runtime" 21 | "sigs.k8s.io/controller-runtime/pkg/client" 22 | 23 | "github.com/tigera/operator/pkg/controller/nonclusterhost" 24 | "github.com/tigera/operator/pkg/controller/options" 25 | ) 26 | 27 | // NonClusterHostReconciler reconciles a NonClusterHost object 28 | type NonClusterHostReconciler struct { 29 | client.Client 30 | Log logr.Logger 31 | Scheme *runtime.Scheme 32 | } 33 | 34 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=nonclusterhosts,verbs=get;list;watch;create;update;patch;delete 35 | func (r *NonClusterHostReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 36 | return nonclusterhost.Add(mgr, opts) 37 | } 38 | -------------------------------------------------------------------------------- /internal/controller/tiers_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "github.com/tigera/operator/pkg/controller/options" 22 | "github.com/tigera/operator/pkg/controller/tiers" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | "sigs.k8s.io/controller-runtime/pkg/client" 26 | ) 27 | 28 | type TiersReconciler struct { 29 | client.Client 30 | Log logr.Logger 31 | Scheme *runtime.Scheme 32 | } 33 | 34 | func (r *TiersReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 35 | return tiers.Add(mgr, opts) 36 | } 37 | -------------------------------------------------------------------------------- /internal/controller/whisker_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "github.com/tigera/operator/pkg/controller/whisker" 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ctrl "sigs.k8s.io/controller-runtime" 24 | "sigs.k8s.io/controller-runtime/pkg/client" 25 | 26 | "github.com/tigera/operator/pkg/controller/options" 27 | ) 28 | 29 | // WhiskerReconciler reconciles a ManagementClusterConnection object 30 | type WhiskerReconciler struct { 31 | client.Client 32 | Log logr.Logger 33 | Scheme *runtime.Scheme 34 | } 35 | 36 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=whiskers,verbs=get;list;watch;create;update;patch;delete 37 | // +kubebuilder:rbac:groups=operator.tigera.io,resources=whiskers/status,verbs=get;update;patch 38 | 39 | func (r *WhiskerReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 40 | return whisker.Add(mgr, opts) 41 | } 42 | -------------------------------------------------------------------------------- /internal/controller/windows_controller.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | /* 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | installation "github.com/tigera/operator/pkg/controller/installation" 22 | "github.com/tigera/operator/pkg/controller/options" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | "sigs.k8s.io/controller-runtime/pkg/client" 26 | ) 27 | 28 | type WindowsReconciler struct { 29 | client.Client 30 | Log logr.Logger 31 | Scheme *runtime.Scheme 32 | } 33 | 34 | func (r *WindowsReconciler) SetupWithManager(mgr ctrl.Manager, opts options.AddOptions) error { 35 | return installation.AddWindowsController(mgr, opts) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/active/active_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package active 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/active_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/active Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/apis/crd.projectcalico.org/v1/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // +k8s:deepcopy-gen=package,register 16 | // +groupName=crd.projectcalico.org 17 | 18 | package v1 19 | -------------------------------------------------------------------------------- /pkg/common/common_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package common 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/common_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/common Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/common/operator_serviceaccount_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package common 16 | 17 | import ( 18 | "os" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | ) 23 | 24 | var _ = Describe("Operator ServiceAccount name tests", func() { 25 | It("should read service account name from the environment variable", func() { 26 | Expect(os.Setenv("OPERATOR_SERVICEACCOUNT", "tigera-operator-env-var")).NotTo(HaveOccurred()) 27 | Expect(getServiceAccount()).To(Equal("tigera-operator-env-var")) 28 | Expect(os.Unsetenv("OPERATOR_SERVICEACCOUNT")).NotTo(HaveOccurred()) 29 | }) 30 | }) 31 | -------------------------------------------------------------------------------- /pkg/common/validation/csi-node-driver/validation.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package validation 16 | 17 | import ( 18 | corev1 "k8s.io/api/core/v1" 19 | 20 | "github.com/tigera/operator/pkg/common/k8svalidation" 21 | "k8s.io/apimachinery/pkg/util/validation/field" 22 | ) 23 | 24 | // ValidateCSINodeDriverDaemonSetContainer validates the given container is a valid csi-node-driver DaemonSet container. 25 | func ValidateCSINodeDriverDaemonSetContainer(container corev1.Container) error { 26 | errs := k8svalidation.ValidateResourceRequirements(&container.Resources, field.NewPath("spec", "template", "spec", "containers")) 27 | return errs.ToAggregate() 28 | } 29 | -------------------------------------------------------------------------------- /pkg/common/validation/kube-controllers/validation.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package validation 16 | 17 | import ( 18 | corev1 "k8s.io/api/core/v1" 19 | 20 | "github.com/tigera/operator/pkg/common/k8svalidation" 21 | "k8s.io/apimachinery/pkg/util/validation/field" 22 | ) 23 | 24 | // ValidateCalicoKubeControllersDeploymentContainer validates the given container is a valid calico-kube-controllers Deployment container. 25 | func ValidateCalicoKubeControllersDeploymentContainer(container corev1.Container) error { 26 | errs := k8svalidation.ValidateResourceRequirements(&container.Resources, field.NewPath("spec", "template", "spec", "containers")) 27 | return errs.ToAggregate() 28 | } 29 | -------------------------------------------------------------------------------- /pkg/common/validation/validation_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022 - 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package validation 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/common_validation_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/common/validation Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/components/components_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package components 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/components_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/components Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/components/images.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | package components 15 | 16 | // Default registries for Calico and Tigera. 17 | const ( 18 | CalicoRegistry = "quay.io/" 19 | TigeraRegistry = "gcr.io/unique-caldron-775/cnx/" 20 | // For production InitRegistry should match TigeraRegistry. 21 | // For the master branch and other testing scenarios we switch TigeraRegistry to 22 | // point to a testing repo but the init image will be pushed to quay, so having 23 | // these separate allows pulling the proper test images for the Tigera components 24 | // and Init image when testing. 25 | InitRegistry = "quay.io/" 26 | ) 27 | -------------------------------------------------------------------------------- /pkg/components/resources.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package components 16 | 17 | import ( 18 | corev1 "k8s.io/api/core/v1" 19 | "k8s.io/apimachinery/pkg/api/resource" 20 | ) 21 | 22 | func GetCSRContainerDefaultResources() corev1.ResourceRequirements { 23 | return corev1.ResourceRequirements{ 24 | Requests: corev1.ResourceList{ 25 | "cpu": resource.MustParse("10m"), 26 | "memory": resource.MustParse("50Mi"), 27 | }, 28 | Limits: corev1.ResourceList{ 29 | "cpu": resource.MustParse("10m"), 30 | "memory": resource.MustParse("50Mi"), 31 | }, 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/apiserver/apiserver_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package apiserver 16 | 17 | import ( 18 | "testing" 19 | 20 | uzap "go.uber.org/zap" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | 25 | "github.com/onsi/ginkgo/reporters" 26 | 27 | logf "sigs.k8s.io/controller-runtime/pkg/log" 28 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 29 | ) 30 | 31 | func TestStatus(t *testing.T) { 32 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 33 | RegisterFailHandler(Fail) 34 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/apiserver_suite.xml") 35 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/apiserver Suite", []Reporter{junitReporter}) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/controller/applicationlayer/applicationlayer_suit_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package applicationlayer 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | ) 24 | 25 | func TestStatus(t *testing.T) { 26 | RegisterFailHandler(Fail) 27 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/applicationlayer_controller_suite.xml") 28 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/applicationlayer Controller Suite", []Reporter{junitReporter}) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/controller/authentication/authentication_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package authentication 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | ) 24 | 25 | func TestStatus(t *testing.T) { 26 | RegisterFailHandler(Fail) 27 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/authentication_suite.xml") 28 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/authentication Suite", []Reporter{junitReporter}) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/controller/certificatemanager/certificatemanager_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package certificatemanager_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | uzap "go.uber.org/zap" 23 | logf "sigs.k8s.io/controller-runtime/pkg/log" 24 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 25 | 26 | "github.com/onsi/ginkgo/reporters" 27 | ) 28 | 29 | func TestRender(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/certificatemanagement_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/certificatemanagement Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/clusterconnection/clusterconnection_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package clusterconnection_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 23 | 24 | "github.com/onsi/ginkgo/reporters" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | ) 27 | 28 | func TestStatus(t *testing.T) { 29 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter))) 30 | RegisterFailHandler(Fail) 31 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/clusterconnection_controller_suite.xml") 32 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/Management Cluster Connection Suite", []Reporter{junitReporter}) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/compliance/compliance_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package compliance_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/compliance_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/Compliance Controller Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/csr/csr_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package csr 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/csr_controller_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/CSR Controller Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/egressgateway/egressgateway_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package egressgateway 16 | 17 | import ( 18 | "testing" 19 | 20 | uzap "go.uber.org/zap" 21 | logf "sigs.k8s.io/controller-runtime/pkg/log" 22 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 23 | 24 | . "github.com/onsi/ginkgo" 25 | "github.com/onsi/ginkgo/reporters" 26 | . "github.com/onsi/gomega" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/egressgateway_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/egressgateway Controller Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/gatewayapi/gatewayapi_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package gatewayapi 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | ) 24 | 25 | func TestStatus(t *testing.T) { 26 | RegisterFailHandler(Fail) 27 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/gatewayapi_controller_suite.xml") 28 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/gatewayapi Suite", []Reporter{junitReporter}) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/controller/installation/installation_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package installation 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestInstallation(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/installation_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/installation Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/installation/windows/windows_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package windows 15 | 16 | import ( 17 | "testing" 18 | 19 | . "github.com/onsi/ginkgo" 20 | . "github.com/onsi/gomega" 21 | 22 | "github.com/onsi/ginkgo/reporters" 23 | uzap "go.uber.org/zap" 24 | logf "sigs.k8s.io/controller-runtime/pkg/log" 25 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 26 | ) 27 | 28 | func TestWindows(t *testing.T) { 29 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 30 | RegisterFailHandler(Fail) 31 | junitReporter := reporters.NewJUnitReporter("../../../../report/windows_suite.xml") 32 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/installation/windows Suite", []Reporter{junitReporter}) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/intrusiondetection/intrusiondetection_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package intrusiondetection 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/intrusiondetection_controller_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/intrusiondetection Controller Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/ippool/pool_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package ippool 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestPoolController(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/pool_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/ippool Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logcollector/logcollector_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package logcollector 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logcollector_controller_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logcollector Controller Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/dashboards/dashboards_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package dashboards 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_dashboards_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/dashboards Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/elastic/elastic_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package elastic 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_elastic_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/elastic Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/esmetrics/esmetrics_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package esmetrics 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_esmetrics_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/esmetrics Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/initializer/initializer_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package initializer 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_init_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/initializer Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/kubecontrollers/kubecontrollers_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package kubecontrollers 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_kubecontrollers_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/kubecontrollers Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/linseed/linseed_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package linseed 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_linseed_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/linseed Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/logstorage_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package logstorage 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/managedcluster/managed_cluster_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package managedcluster 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_managedcluster_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/managedcluster Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/secrets/secret_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package secrets 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_secrets_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/secrets Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/logstorage/users/users_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package users 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/logstorage_users_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/logstorage/users Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/manager/manager_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package manager 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/manager_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/manager Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/migration/convert/convert_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package convert_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | uzap "go.uber.org/zap" 24 | logf "sigs.k8s.io/controller-runtime/pkg/log" 25 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 26 | ) 27 | 28 | func TestConverter(t *testing.T) { 29 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 30 | RegisterFailHandler(Fail) 31 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/converter_suite.xml") 32 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/migration/convert/convert Suite", []Reporter{junitReporter}) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/migration/convert/utils.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package convert 16 | 17 | import ( 18 | corev1 "k8s.io/api/core/v1" 19 | ) 20 | 21 | func getContainer(spec corev1.PodSpec, name string) *corev1.Container { 22 | for _, container := range spec.Containers { 23 | if container.Name == name { 24 | return &container 25 | } 26 | } 27 | for _, container := range spec.InitContainers { 28 | if container.Name == name { 29 | return &container 30 | } 31 | } 32 | return nil 33 | } 34 | 35 | func getVolume(spec corev1.PodSpec, name string) *corev1.Volume { 36 | for _, volume := range spec.Volumes { 37 | if volume.Name == name { 38 | return &volume 39 | } 40 | } 41 | return nil 42 | } 43 | -------------------------------------------------------------------------------- /pkg/controller/migration/converter.go: -------------------------------------------------------------------------------- 1 | package migration 2 | 3 | import ( 4 | operatorv1 "github.com/tigera/operator/api/v1" 5 | ) 6 | 7 | // Converter converts an unmanaged Calico install into an Installation resource which represents 8 | // said install. It will return an error if the unmanaged install cannot be represented by 9 | // an Installation resource. 10 | type Converter interface { 11 | Convert() (*operatorv1.Installation, error) 12 | } 13 | -------------------------------------------------------------------------------- /pkg/controller/monitor/alertmanager-config.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | resolve_timeout: 5m 3 | route: 4 | group_by: ['job'] 5 | group_wait: 30s 6 | group_interval: 1m 7 | repeat_interval: 5m 8 | receiver: 'webhook' 9 | receivers: 10 | - name: 'webhook' 11 | webhook_configs: 12 | - url: 'http://calico-alertmanager-webhook:30501/' 13 | -------------------------------------------------------------------------------- /pkg/controller/monitor/monitor_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package monitor 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/monitor_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/monitor Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/nonclusterhost/nonclusterhost_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package nonclusterhost 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/nonclusterhost_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/nonclusterhost Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/packetcapture/packetcapture_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package packetcapture 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/packetcapture_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/packetcapture Controller Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/policyrecommendation/policyrecommendation_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package policyrecommendation 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/policyrecommendation_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/policyrecommendation Controller Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/secrets/secrets_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package secrets 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | uzap "go.uber.org/zap" 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | ) 28 | 29 | func TestStatus(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/secrets_controller_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/secrets Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /pkg/controller/status/status_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/status_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/status Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/tenancy/tenancy.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package tenancy 16 | 17 | import ( 18 | "github.com/tigera/operator/pkg/common" 19 | ) 20 | 21 | func GetWatchNamespaces(multiTenant bool, defaultNS string) (installNS, truthNS string, watchNamespaces []string) { 22 | if multiTenant { 23 | // For multi-tenant, the manager could be installed in any number of namespaces. 24 | // So, we need to watch the resources we care about across all namespaces. 25 | watchNamespaces = []string{""} 26 | } else { 27 | installNS = defaultNS 28 | truthNS = common.OperatorNamespace() 29 | watchNamespaces = []string{installNS, truthNS} 30 | } 31 | return installNS, truthNS, watchNamespaces 32 | } 33 | -------------------------------------------------------------------------------- /pkg/controller/tiers/tiers_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022 - 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package tiers 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/tiers_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/tiers Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/utils/certs.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package utils 16 | 17 | import ( 18 | "context" 19 | 20 | corev1 "k8s.io/api/core/v1" 21 | kerrors "k8s.io/apimachinery/pkg/api/errors" 22 | "k8s.io/apimachinery/pkg/types" 23 | "sigs.k8s.io/controller-runtime/pkg/client" 24 | ) 25 | 26 | func GetSecret(ctx context.Context, client client.Client, name string, ns string) (*corev1.Secret, error) { 27 | secret := &corev1.Secret{} 28 | if err := client.Get(ctx, types.NamespacedName{Name: name, Namespace: ns}, secret); err != nil { 29 | if !kerrors.IsNotFound(err) { 30 | return nil, err 31 | } 32 | return nil, nil 33 | } 34 | return secret, nil 35 | } 36 | -------------------------------------------------------------------------------- /pkg/controller/utils/imageset/imageset_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package imageset 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/imageset_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/utils/imageset Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/utils/test_files/01_get_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tigera_secure_ee_test_index_policy": { 3 | "policy": { 4 | "phases": { 5 | "delete": { 6 | "actions": { 7 | "delete": {} 8 | }, 9 | "min_age": "10d" 10 | }, 11 | "hot": { 12 | "actions": { 13 | "rollover": { 14 | "max_age" : "2d", 15 | "max_size" : "16911433728b" 16 | }, 17 | "set_priority": { 18 | "priority": 100 19 | } 20 | } 21 | }, 22 | "warm": { 23 | "actions": { 24 | "readonly": {}, 25 | "set_priority": { 26 | "priority": 50 27 | } 28 | } 29 | } 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/utils/test_files/01_put_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "policy" : { 3 | "phases" : { 4 | "delete" : { 5 | "actions" : { 6 | "delete" : { } 7 | }, 8 | "min_age" : "10d" 9 | }, 10 | "hot" : { 11 | "actions" : { 12 | "rollover" : { 13 | "max_age" : "2d", 14 | "max_size" : "16911433728b" 15 | }, 16 | "set_priority" : { 17 | "priority" : 100 18 | } 19 | } 20 | }, 21 | "warm" : { 22 | "actions" : { 23 | "readonly" : { }, 24 | "set_priority" : { 25 | "priority" : 50 26 | } 27 | } 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /pkg/controller/utils/test_files/02_get_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tigera_secure_ee_test_index_policy": { 3 | "policy": { 4 | "phases": { 5 | "delete": { 6 | "actions": { 7 | "delete": {} 8 | }, 9 | "min_age": "5d" 10 | }, 11 | "hot": { 12 | "actions": { 13 | "rollover": { 14 | "max_age" : "1d", 15 | "max_size" : "16911433728b" 16 | }, 17 | "set_priority": { 18 | "priority": 100 19 | } 20 | } 21 | }, 22 | "warm": { 23 | "actions": { 24 | "set_priority": { 25 | "priority": 50 26 | } 27 | } 28 | } 29 | } 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /pkg/controller/utils/test_files/02_put_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "policy" : { 3 | "phases" : { 4 | "delete" : { 5 | "actions" : { 6 | "delete" : { } 7 | }, 8 | "min_age" : "5d" 9 | }, 10 | "hot" : { 11 | "actions" : { 12 | "rollover" : { 13 | "max_age" : "1d", 14 | "max_size" : "16911433728b" 15 | }, 16 | "set_priority" : { 17 | "priority" : 100 18 | } 19 | } 20 | }, 21 | "warm" : { 22 | "actions" : { 23 | "set_priority" : { 24 | "priority" : 50 25 | } 26 | } 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /pkg/controller/utils/test_files/02_put_policy_readonly.json: -------------------------------------------------------------------------------- 1 | { 2 | "policy" : { 3 | "phases" : { 4 | "delete" : { 5 | "actions" : { 6 | "delete" : { } 7 | }, 8 | "min_age" : "5d" 9 | }, 10 | "hot" : { 11 | "actions" : { 12 | "rollover" : { 13 | "max_age" : "1d", 14 | "max_size" : "16911433728b" 15 | }, 16 | "set_priority" : { 17 | "priority" : 100 18 | } 19 | } 20 | }, 21 | "warm" : { 22 | "actions" : { 23 | "readonly": {}, 24 | "set_priority" : { 25 | "priority" : 50 26 | } 27 | } 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /pkg/controller/utils/utils_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package utils_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/utils_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/controller/utils Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_blockaffinities.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: blockaffinities.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: BlockAffinity 11 | listKind: BlockAffinityList 12 | plural: blockaffinities 13 | singular: blockaffinity 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | cidr: 30 | type: string 31 | deleted: 32 | type: string 33 | node: 34 | type: string 35 | state: 36 | type: string 37 | type: 38 | type: string 39 | required: 40 | - cidr 41 | - deleted 42 | - node 43 | - state 44 | type: object 45 | type: object 46 | served: true 47 | storage: true 48 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_clusterinformations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: clusterinformations.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: ClusterInformation 11 | listKind: ClusterInformationList 12 | plural: clusterinformations 13 | singular: clusterinformation 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | calicoVersion: 30 | type: string 31 | clusterGUID: 32 | type: string 33 | clusterType: 34 | type: string 35 | datastoreReady: 36 | type: boolean 37 | variant: 38 | type: string 39 | type: object 40 | type: object 41 | served: true 42 | storage: true 43 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_globalnetworksets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: globalnetworksets.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: GlobalNetworkSet 11 | listKind: GlobalNetworkSetList 12 | plural: globalnetworksets 13 | singular: globalnetworkset 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | nets: 30 | items: 31 | type: string 32 | type: array 33 | type: object 34 | type: object 35 | served: true 36 | storage: true 37 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_ipamconfigs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipamconfigs.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPAMConfig 11 | listKind: IPAMConfigList 12 | plural: ipamconfigs 13 | singular: ipamconfig 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | autoAllocateBlocks: 30 | type: boolean 31 | maxBlocksPerHost: 32 | maximum: 2147483647 33 | minimum: 0 34 | type: integer 35 | strictAffinity: 36 | type: boolean 37 | required: 38 | - autoAllocateBlocks 39 | - strictAffinity 40 | type: object 41 | type: object 42 | served: true 43 | storage: true 44 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_ipamhandles.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipamhandles.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPAMHandle 11 | listKind: IPAMHandleList 12 | plural: ipamhandles 13 | singular: ipamhandle 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | block: 30 | additionalProperties: 31 | type: integer 32 | type: object 33 | deleted: 34 | type: boolean 35 | handleID: 36 | type: string 37 | required: 38 | - block 39 | - handleID 40 | type: object 41 | type: object 42 | served: true 43 | storage: true 44 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_ipreservations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipreservations.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPReservation 11 | listKind: IPReservationList 12 | plural: ipreservations 13 | singular: ipreservation 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | reservedCIDRs: 30 | items: 31 | type: string 32 | type: array 33 | type: object 34 | type: object 35 | served: true 36 | storage: true 37 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_networksets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: networksets.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: NetworkSet 11 | listKind: NetworkSetList 12 | plural: networksets 13 | singular: networkset 14 | preserveUnknownFields: false 15 | scope: Namespaced 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | nets: 30 | items: 31 | type: string 32 | type: array 33 | type: object 34 | type: object 35 | served: true 36 | storage: true 37 | -------------------------------------------------------------------------------- /pkg/crds/calico/crd.projectcalico.org_tiers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: tiers.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: Tier 11 | listKind: TierList 12 | plural: tiers 13 | singular: tier 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | defaultAction: 30 | enum: 31 | - Pass 32 | - Deny 33 | type: string 34 | order: 35 | type: number 36 | type: object 37 | type: object 38 | served: true 39 | storage: true 40 | -------------------------------------------------------------------------------- /pkg/crds/crds_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package crds 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/crds_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/crds Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_alertexceptions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: alertexceptions.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: AlertException 11 | listKind: AlertExceptionList 12 | plural: alertexceptions 13 | singular: alertexception 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | description: 30 | type: string 31 | endTime: 32 | format: date-time 33 | type: string 34 | selector: 35 | type: string 36 | startTime: 37 | format: date-time 38 | type: string 39 | required: 40 | - description 41 | - selector 42 | - startTime 43 | type: object 44 | status: 45 | type: object 46 | type: object 47 | served: true 48 | storage: true 49 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_blockaffinities.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: blockaffinities.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: BlockAffinity 11 | listKind: BlockAffinityList 12 | plural: blockaffinities 13 | singular: blockaffinity 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | cidr: 30 | type: string 31 | deleted: 32 | type: string 33 | node: 34 | type: string 35 | state: 36 | type: string 37 | type: 38 | type: string 39 | required: 40 | - cidr 41 | - deleted 42 | - node 43 | - state 44 | type: object 45 | type: object 46 | served: true 47 | storage: true 48 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_clusterinformations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: clusterinformations.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: ClusterInformation 11 | listKind: ClusterInformationList 12 | plural: clusterinformations 13 | singular: clusterinformation 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | calicoVersion: 30 | type: string 31 | clusterGUID: 32 | type: string 33 | clusterType: 34 | type: string 35 | cnxVersion: 36 | type: string 37 | datastoreReady: 38 | type: boolean 39 | variant: 40 | type: string 41 | type: object 42 | type: object 43 | served: true 44 | storage: true 45 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_externalnetworks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: externalnetworks.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: ExternalNetwork 11 | listKind: ExternalNetworkList 12 | plural: externalnetworks 13 | singular: externalnetwork 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | routeTableIndex: 30 | format: int32 31 | type: integer 32 | required: 33 | - routeTableIndex 34 | type: object 35 | type: object 36 | served: true 37 | storage: true 38 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_globalnetworksets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: globalnetworksets.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: GlobalNetworkSet 11 | listKind: GlobalNetworkSetList 12 | plural: globalnetworksets 13 | singular: globalnetworkset 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | allowedEgressDomains: 30 | items: 31 | type: string 32 | type: array 33 | nets: 34 | items: 35 | type: string 36 | type: array 37 | type: object 38 | type: object 39 | served: true 40 | storage: true 41 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_ipamconfigs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipamconfigs.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPAMConfig 11 | listKind: IPAMConfigList 12 | plural: ipamconfigs 13 | singular: ipamconfig 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | autoAllocateBlocks: 30 | type: boolean 31 | maxBlocksPerHost: 32 | maximum: 2147483647 33 | minimum: 0 34 | type: integer 35 | strictAffinity: 36 | type: boolean 37 | required: 38 | - autoAllocateBlocks 39 | - strictAffinity 40 | type: object 41 | type: object 42 | served: true 43 | storage: true 44 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_ipamhandles.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipamhandles.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPAMHandle 11 | listKind: IPAMHandleList 12 | plural: ipamhandles 13 | singular: ipamhandle 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | block: 30 | additionalProperties: 31 | type: integer 32 | type: object 33 | deleted: 34 | type: boolean 35 | handleID: 36 | type: string 37 | required: 38 | - block 39 | - handleID 40 | type: object 41 | type: object 42 | served: true 43 | storage: true 44 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_ipreservations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: ipreservations.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: IPReservation 11 | listKind: IPReservationList 12 | plural: ipreservations 13 | singular: ipreservation 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | reservedCIDRs: 30 | items: 31 | type: string 32 | type: array 33 | type: object 34 | type: object 35 | served: true 36 | storage: true 37 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_networksets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: networksets.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: NetworkSet 11 | listKind: NetworkSetList 12 | plural: networksets 13 | singular: networkset 14 | preserveUnknownFields: false 15 | scope: Namespaced 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | allowedEgressDomains: 30 | items: 31 | type: string 32 | type: array 33 | nets: 34 | items: 35 | type: string 36 | type: array 37 | type: object 38 | type: object 39 | served: true 40 | storage: true 41 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_tiers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: tiers.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: Tier 11 | listKind: TierList 12 | plural: tiers 13 | singular: tier 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | defaultAction: 30 | enum: 31 | - Pass 32 | - Deny 33 | type: string 34 | order: 35 | type: number 36 | type: object 37 | type: object 38 | served: true 39 | storage: true 40 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/crd.projectcalico.org_uisettingsgroups.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: uisettingsgroups.crd.projectcalico.org 7 | spec: 8 | group: crd.projectcalico.org 9 | names: 10 | kind: UISettingsGroup 11 | listKind: UISettingsGroupList 12 | plural: uisettingsgroups 13 | singular: uisettingsgroup 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | description: 30 | type: string 31 | filterType: 32 | enum: 33 | - None 34 | - User 35 | type: string 36 | required: 37 | - description 38 | type: object 39 | type: object 40 | served: true 41 | storage: true 42 | -------------------------------------------------------------------------------- /pkg/crds/enterprise/usage.tigera.io_licenseusagereports.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.17.3 6 | name: licenseusagereports.usage.tigera.io 7 | spec: 8 | group: usage.tigera.io 9 | names: 10 | kind: LicenseUsageReport 11 | listKind: LicenseUsageReportList 12 | plural: licenseusagereports 13 | singular: licenseusagereport 14 | preserveUnknownFields: false 15 | scope: Cluster 16 | versions: 17 | - name: v1 18 | schema: 19 | openAPIV3Schema: 20 | properties: 21 | apiVersion: 22 | type: string 23 | kind: 24 | type: string 25 | metadata: 26 | type: object 27 | spec: 28 | properties: 29 | hmac: 30 | type: string 31 | reportData: 32 | type: string 33 | required: 34 | - hmac 35 | - reportData 36 | type: object 37 | type: object 38 | served: true 39 | storage: true 40 | -------------------------------------------------------------------------------- /pkg/crypto/crypto.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package crypto 16 | 17 | import ( 18 | "crypto/rand" 19 | "fmt" 20 | "math/big" 21 | "strings" 22 | ) 23 | 24 | var chars = []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") 25 | var charLen = big.NewInt(int64(len(chars))) 26 | 27 | func GeneratePassword(length int) string { 28 | var b strings.Builder 29 | for b.Len() < length { 30 | idx, err := rand.Int(rand.Reader, charLen) 31 | if err != nil { 32 | panic(fmt.Errorf("failed to read crypto/rand data: %w", err)) 33 | } 34 | b.WriteRune(chars[idx.Int64()]) 35 | } 36 | return b.String() 37 | } 38 | -------------------------------------------------------------------------------- /pkg/ctrlruntime/client/fake/client.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package fake 16 | 17 | import ( 18 | "k8s.io/apimachinery/pkg/runtime" 19 | "sigs.k8s.io/controller-runtime/pkg/client/fake" 20 | 21 | operatorv1 "github.com/tigera/operator/api/v1" 22 | ctrlrclient "github.com/tigera/operator/pkg/ctrlruntime/client" 23 | ) 24 | 25 | func DefaultFakeClientBuilder(scheme *runtime.Scheme) *fake.ClientBuilder { 26 | return fake.NewClientBuilder(). 27 | WithScheme(scheme). 28 | WithStatusSubresource(ctrlrclient.TypesWithStatuses(scheme, operatorv1.GroupVersion)...) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/dns/dns_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package dns_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestStatus(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../report/ut/dns_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/common/DNS Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/dns/testdata/resolv.conf: -------------------------------------------------------------------------------- 1 | nameserver 10.96.0.10 2 | search tigera-mcm.svc.othername.local svc.othername.local othername.local c.tigera-dev.internal google.internal 3 | options ndots:5 -------------------------------------------------------------------------------- /pkg/ptr/conversion.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package ptr 16 | 17 | import ( 18 | "k8s.io/apimachinery/pkg/util/intstr" 19 | ) 20 | 21 | func BoolToPtr(b bool) *bool { 22 | return &b 23 | } 24 | 25 | func Int64ToPtr(i int64) *int64 { 26 | return &i 27 | } 28 | 29 | func Int32ToPtr(i int32) *int32 { 30 | return &i 31 | } 32 | 33 | func IntOrStrPtr(v string) *intstr.IntOrString { 34 | ios := intstr.Parse(v) 35 | return &ios 36 | } 37 | 38 | func ToPtr[V any](v V) *V { 39 | return &v 40 | } 41 | -------------------------------------------------------------------------------- /pkg/render/applicationlayer/applicationlayer_suit_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package applicationlayer 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | ) 24 | 25 | func TestRender(t *testing.T) { 26 | RegisterFailHandler(Fail) 27 | junitReporter := reporters.NewJUnitReporter("../../../../report/applicationlayer_suite.xml") 28 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/applicationlayer/applicationlayer Suite", []Reporter{junitReporter}) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/render/applicationlayer/ruleset/coreruleset/tigera.conf: -------------------------------------------------------------------------------- 1 | # CoreRuleset activation 2 | Include coraza.conf 3 | Include crs-setup.conf 4 | Include coreruleset/*.conf 5 | 6 | SecRuleEngine DetectionOnly 7 | 8 | # -- Tigera CRS customizations ---------------------------------------------- 9 | # 10 | # Add some common content-types expected in micro-service traffic 11 | SecAction \ 12 | "id:900220,\ 13 | phase:1,\ 14 | nolog,\ 15 | pass,\ 16 | t:none,\ 17 | setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/grpc| |application/grpc+proto| |application/grpc+json| |application/octet-stream|'" 18 | 19 | # Removes the rule "Host header is a numeric IP address" 20 | SecRuleRemoveById 920350 21 | -------------------------------------------------------------------------------- /pkg/render/applicationlayer/ruleset/embed_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package ruleset 16 | 17 | import ( 18 | "fmt" 19 | "testing" 20 | 21 | "github.com/stretchr/testify/require" 22 | ) 23 | 24 | func TestGetOWASPCoreRuleSet(t *testing.T) { 25 | cm, err := GetOWASPCoreRuleSet() 26 | require.NoError(t, err) 27 | for _, fileName := range []string{ 28 | "REQUEST-901-INITIALIZATION.conf", 29 | } { 30 | _, ok := cm.Data[fileName] 31 | require.True(t, ok, fmt.Sprintf("file %s not found", fileName)) 32 | } 33 | } 34 | 35 | func TestGetWAFRulesetConfig(t *testing.T) { 36 | cm, err := GetWAFRulesetConfig() 37 | require.NoError(t, err) 38 | for _, fileName := range []string{ 39 | "tigera.conf", 40 | "coraza.conf", 41 | "crs-setup.conf", 42 | } { 43 | _, ok := cm.Data[fileName] 44 | require.True(t, ok, fmt.Sprintf("file %s not found", fileName)) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /pkg/render/common/components/components_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022 - 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package components_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestComponents(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/components_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/common/components Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/common/configmap/configmaps.go: -------------------------------------------------------------------------------- 1 | package configmap 2 | 3 | import ( 4 | v1 "k8s.io/api/core/v1" 5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 | "sigs.k8s.io/controller-runtime/pkg/client" 7 | ) 8 | 9 | // CopyToNamespace returns a new list of config maps generated from the ones given but with the namespace changed to the 10 | // given one. 11 | func CopyToNamespace(ns string, oConfigMaps ...*v1.ConfigMap) []*v1.ConfigMap { 12 | var configMaps []*v1.ConfigMap 13 | for _, s := range oConfigMaps { 14 | x := s.DeepCopy() 15 | x.ObjectMeta = metav1.ObjectMeta{Name: s.Name, Namespace: ns} 16 | 17 | configMaps = append(configMaps, x) 18 | } 19 | return configMaps 20 | } 21 | 22 | // ToRuntimeObjects converts the given list of configMaps to a list of client.Objects 23 | func ToRuntimeObjects(configMaps ...*v1.ConfigMap) []client.Object { 24 | var objs []client.Object 25 | for _, configMap := range configMaps { 26 | if configMap == nil { 27 | continue 28 | } 29 | objs = append(objs, configMap) 30 | } 31 | return objs 32 | } 33 | 34 | // GetEnvVarSource returns an EnvVarSource using the given configmap name and key. 35 | func GetEnvVarSource(cmName string, key string, optional bool) *v1.EnvVarSource { 36 | var opt *bool 37 | if optional { 38 | r := optional 39 | opt = &r 40 | } 41 | return &v1.EnvVarSource{ 42 | ConfigMapKeyRef: &v1.ConfigMapKeySelector{ 43 | LocalObjectReference: v1.LocalObjectReference{ 44 | Name: cmName, 45 | }, 46 | Key: key, 47 | Optional: opt, 48 | }, 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /pkg/render/common/elasticsearch/tls.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022 - 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package elasticsearch 16 | 17 | const ( 18 | PublicCertSecret = "tigera-secure-es-gateway-http-certs-public" 19 | UnusedCertSecret = "tigera-secure-es-http-certs-unused" 20 | ) 21 | -------------------------------------------------------------------------------- /pkg/render/common/kibana/service.go: -------------------------------------------------------------------------------- 1 | package kibana 2 | 3 | import ( 4 | "fmt" 5 | 6 | rmeta "github.com/tigera/operator/pkg/render/common/meta" 7 | ) 8 | 9 | const ( 10 | httpsEndpoint = "https://tigera-secure-es-gateway-http.tigera-elasticsearch.svc:5601" 11 | httpsFQDNEndpoint = "https://tigera-secure-es-gateway-http.tigera-elasticsearch.svc.%s:5601" 12 | ) 13 | 14 | // HTTPSEndpoint returns the full endpoint for the Kibana service. For 15 | // Windows, the FQDN endpoint is returned. 16 | func HTTPSEndpoint(osType rmeta.OSType, clusterDomain string) string { 17 | if osType == rmeta.OSTypeWindows { 18 | return fmt.Sprintf(httpsFQDNEndpoint, clusterDomain) 19 | } 20 | return httpsEndpoint 21 | } 22 | -------------------------------------------------------------------------------- /pkg/render/common/selector/label.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package selector 16 | 17 | import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 18 | 19 | const ( 20 | OpenShiftDNSDaemonsetLabel = "dns.operator.openshift.io/daemonset-dns" 21 | K8sNameLabel = "app.kubernetes.io/name" 22 | CalicoNameLabel = "projectcalico.org/name" 23 | ) 24 | 25 | func PodLabelSelector(name string) *metav1.LabelSelector { 26 | return &metav1.LabelSelector{ 27 | MatchLabels: map[string]string{ 28 | K8sNameLabel: name, 29 | }, 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /pkg/render/egressgateway/egressgateway_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package egressgateway 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | "github.com/onsi/ginkgo/reporters" 22 | . "github.com/onsi/gomega" 23 | uzap "go.uber.org/zap" 24 | logf "sigs.k8s.io/controller-runtime/pkg/log" 25 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 26 | ) 27 | 28 | func TestRender(t *testing.T) { 29 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 30 | RegisterFailHandler(Fail) 31 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/egressgateway_suite.xml") 32 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/egressgateway/egressgateway Suite", []Reporter{junitReporter}) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/render/goldmane/suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package goldmane_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/goldmane_render_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/goldmane Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/intrusiondetection/dpi/dpi_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package dpi_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/dpi_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/intusiondetection/dpi Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/kubecontrollers/kube-controllers_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package kubecontrollers 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/kube-controllers_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/kubecontrollers Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/dashboards/dashboards_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package dashboards 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/dashboards_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/dashboards Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/eck/eck_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package eck 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/eck_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/eck Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/esgateway/esgateway_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package esgateway 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/esgateway_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/esgateway Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/esmetrics/elasticsearch_metrics_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package esmetrics 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/esmetrics_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/esmetrics Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/external.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package logstorage 16 | 17 | const ( 18 | // Secret and volume name used for client certificate and key. Used by Linseed and es-gateway 19 | // when mTLS to external Elasticsearch is enabled. The secret contains the client certificate 20 | // and key to present to elastic. 21 | ExternalCertsSecret = "tigera-secure-external-es-certs" 22 | ExternalCertsVolumeName = "tigera-secure-external-es-certs" 23 | 24 | // ExternalESPublicCertName and ExternalKBPublicCertName are the names of the public certificates 25 | // used as part of CA bundles to trust external Elasticsearch and Kibana instances. 26 | ExternalESPublicCertName = "tigera-secure-es-http-certs-public" 27 | ExternalKBPublicCertName = "tigera-secure-kb-http-certs-public" 28 | ) 29 | -------------------------------------------------------------------------------- /pkg/render/logstorage/externalelasticsearch/externalelasticsearch_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package externalelasticsearch 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/externalelasticsearch_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/logstorage/externalelasticsearch Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/kibana/kibana_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package kibana 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/kibana_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/kibana Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/logstorage/linseed/linseed_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2022 - 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package linseed 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../../report/ut/linseed_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/logstorage/linseed Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/manager/manager_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package manager_test 16 | 17 | import ( 18 | "testing" 19 | 20 | uzap "go.uber.org/zap" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | 28 | "github.com/onsi/ginkgo/reporters" 29 | ) 30 | 31 | func TestRender(t *testing.T) { 32 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 33 | RegisterFailHandler(Fail) 34 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/manager_suite.xml") 35 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/manager Suite", []Reporter{junitReporter}) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/render/monitor/monitor_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2021, 2023 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package monitor 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/monitor_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/monitor Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/nonclusterhost/nonclusterhost_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package nonclusterhost_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/nonclusterhost_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/nonclusterhost Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/render/render_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package render 16 | 17 | import ( 18 | "testing" 19 | 20 | uzap "go.uber.org/zap" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | 25 | logf "sigs.k8s.io/controller-runtime/pkg/log" 26 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 27 | 28 | "github.com/onsi/ginkgo/reporters" 29 | ) 30 | 31 | func TestRender(t *testing.T) { 32 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 33 | RegisterFailHandler(Fail) 34 | junitReporter := reporters.NewJUnitReporter("../../report/ut/render_suite.xml") 35 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render Suite", []Reporter{junitReporter}) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/alertmanager.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.calico-node-alertmanager", 6 | "namespace": "tigera-prometheus" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "(app == 'alertmanager' && alertmanager == 'calico-node-alertmanager') || (app.kubernetes.io/name == 'alertmanager' && alertmanager == 'calico-node-alertmanager')", 12 | "types": [ 13 | "Ingress", 14 | "Egress" 15 | ], 16 | "ingress": [ 17 | { 18 | "action": "Allow", 19 | "protocol": "TCP", 20 | "destination": { 21 | "ports": [ 22 | 9093 23 | ] 24 | } 25 | } 26 | ], 27 | "egress": [ 28 | { 29 | "action": "Allow", 30 | "protocol": "UDP", 31 | "destination": { 32 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 33 | "selector": "k8s-app == 'kube-dns'", 34 | "ports": [ 35 | 53 36 | ] 37 | } 38 | }, 39 | { 40 | "action": "Allow", 41 | "protocol": "TCP" 42 | } 43 | ] 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/compliance_managed.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.compliance-access", 6 | "namespace": "tigera-compliance" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'compliance-benchmarker' || k8s-app == 'compliance-controller' || k8s-app == 'compliance-snapshotter' || k8s-app == 'compliance-reporter'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "name": "kubernetes", 22 | "namespace": "default" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 31 | "selector": "k8s-app == 'kube-dns'", 32 | "ports": [ 33 | 53 34 | ] 35 | } 36 | }, 37 | { 38 | "action": "Allow", 39 | "protocol": "TCP", 40 | "destination": { 41 | "selector": "k8s-app == 'guardian'", 42 | "namespaceSelector": "projectcalico.org/name == 'calico-system'", 43 | "ports": [ 44 | 8080 45 | ] 46 | } 47 | } 48 | ] 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/compliance_unmanaged.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.compliance-access", 6 | "namespace": "tigera-compliance" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'compliance-benchmarker' || k8s-app == 'compliance-controller' || k8s-app == 'compliance-snapshotter' || k8s-app == 'compliance-reporter'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "name": "kubernetes", 22 | "namespace": "default" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 31 | "selector": "k8s-app == 'kube-dns'", 32 | "ports": [ 33 | 53 34 | ] 35 | } 36 | }, 37 | { 38 | "action": "Allow", 39 | "protocol": "TCP", 40 | "source": { 41 | }, 42 | "destination": { 43 | "selector": "k8s-app == 'tigera-linseed'", 44 | "namespaceSelector": "projectcalico.org/name == 'tigera-elasticsearch'", 45 | "ports": [ 46 | 8444 47 | ] 48 | } 49 | } 50 | ] 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dashboards.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.dashboards-installer", 6 | "namespace": "tigera-elasticsearch" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "job-name == 'dashboards-installer'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "UDP", 19 | "destination": { 20 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 21 | "selector": "k8s-app == 'kube-dns'", 22 | "ports": [ 23 | 53 24 | ] 25 | } 26 | }, 27 | { 28 | "action": "Allow", 29 | "protocol": "TCP", 30 | "destination": { 31 | "namespaceSelector": "projectcalico.org/name == 'tigera-kibana'", 32 | "selector": "k8s-app == 'tigera-secure'", 33 | "ports": [ 34 | 5601 35 | ] 36 | } 37 | } 38 | ] 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dashboards_ocp.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.dashboards-installer", 6 | "namespace": "tigera-elasticsearch" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "job-name == 'dashboards-installer'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "UDP", 19 | "destination": { 20 | "namespaceSelector": "projectcalico.org/name == 'openshift-dns'", 21 | "selector": "dns.operator.openshift.io/daemonset-dns == 'default'", 22 | "ports": [ 23 | 5353 24 | ] 25 | } 26 | }, 27 | { 28 | "action": "Allow", 29 | "protocol": "TCP", 30 | "destination": { 31 | "namespaceSelector": "projectcalico.org/name == 'openshift-dns'", 32 | "selector": "dns.operator.openshift.io/daemonset-dns == 'default'", 33 | "ports": [ 34 | 5353 35 | ] 36 | } 37 | }, 38 | { 39 | "action": "Allow", 40 | "protocol": "TCP", 41 | "destination": { 42 | "namespaceSelector": "projectcalico.org/name == 'tigera-kibana'", 43 | "selector": "k8s-app == 'tigera-secure'", 44 | "ports": [ 45 | 5601 46 | ] 47 | } 48 | } 49 | ] 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.cluster-dns", 6 | "namespace": "kube-system" 7 | }, 8 | "spec": { 9 | "tier": "allow-tigera", 10 | "order": 1, 11 | "ingress": [ 12 | { 13 | "action": "Allow", 14 | "source": { 15 | "selector": "projectcalico.org/namespace in {'calico-system','tigera-compliance','tigera-dex','tigera-elasticsearch','tigera-fluentd','tigera-intrusion-detection','tigera-kibana','tigera-manager','tigera-eck-operator','tigera-packetcapture','tigera-policy-recommendation','tigera-prometheus','tigera-system','tigera-skraper'}", 16 | "namespaceSelector": "all()" 17 | }, 18 | "destination": {} 19 | }, 20 | { 21 | "action": "Pass", 22 | "source": {}, 23 | "destination": {} 24 | } 25 | ], 26 | "egress": [ 27 | { 28 | "action": "Allow", 29 | "source": {}, 30 | "destination": {} 31 | } 32 | ], 33 | "selector": "k8s-app == 'kube-dns'", 34 | "types": [ 35 | "Ingress", 36 | "Egress" 37 | ] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dns_ocp.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.cluster-dns", 6 | "namespace": "openshift-dns" 7 | }, 8 | "spec": { 9 | "tier":"allow-tigera", 10 | "order":1, 11 | "ingress":[ 12 | { 13 | "action":"Allow", 14 | "source":{ 15 | "selector":"projectcalico.org/namespace in {'calico-system','tigera-compliance','tigera-dex','tigera-elasticsearch','tigera-fluentd','tigera-intrusion-detection','tigera-kibana','tigera-manager','tigera-eck-operator','tigera-packetcapture','tigera-policy-recommendation','tigera-prometheus','tigera-system','tigera-skraper'}", 16 | "namespaceSelector":"all()" 17 | }, 18 | "destination":{} 19 | }, 20 | { 21 | "action":"Pass", 22 | "source":{}, 23 | "destination":{} 24 | } 25 | ], 26 | "egress":[ 27 | { 28 | "action":"Allow", 29 | "source":{}, 30 | "destination":{} 31 | } 32 | ], 33 | "selector":"dns.operator.openshift.io/daemonset-dns == 'default'", 34 | "types":[ 35 | "Ingress", 36 | "Egress" 37 | ] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dpi_managed.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.tigera-dpi", 6 | "namespace": "tigera-dpi" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'tigera-dpi'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "namespace": "default", 22 | "name": "kubernetes" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "services": { 31 | "namespace": "kube-system", 32 | "name": "kube-dns" 33 | } 34 | } 35 | }, 36 | { 37 | "action": "Allow", 38 | "protocol": "TCP", 39 | "destination": { 40 | "services": { 41 | "namespace": "calico-system", 42 | "name": "guardian" 43 | } 44 | } 45 | } 46 | ] 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dpi_managed_ocp.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.tigera-dpi", 6 | "namespace": "tigera-dpi" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'tigera-dpi'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "namespace": "default", 22 | "name": "kubernetes" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "services": { 31 | "namespace": "default", 32 | "name": "openshift-dns" 33 | } 34 | } 35 | }, 36 | { 37 | "action": "Allow", 38 | "protocol": "TCP", 39 | "destination": { 40 | "services": { 41 | "namespace": "default", 42 | "name": "openshift-dns" 43 | } 44 | } 45 | }, 46 | { 47 | "action": "Allow", 48 | "protocol": "TCP", 49 | "destination": { 50 | "services": { 51 | "namespace": "calico-system", 52 | "name": "guardian" 53 | } 54 | } 55 | } 56 | ] 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dpi_unmanaged.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.tigera-dpi", 6 | "namespace": "tigera-dpi" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'tigera-dpi'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "namespace": "default", 22 | "name": "kubernetes" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "services": { 31 | "namespace": "kube-system", 32 | "name": "kube-dns" 33 | } 34 | } 35 | }, 36 | { 37 | "action": "Allow", 38 | "protocol": "TCP", 39 | "destination": { 40 | "services": { 41 | "namespace": "tigera-elasticsearch", 42 | "name": "tigera-linseed" 43 | } 44 | } 45 | } 46 | ] 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/dpi_unmanaged_ocp.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.tigera-dpi", 6 | "namespace": "tigera-dpi" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'tigera-dpi'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "TCP", 19 | "destination": { 20 | "services": { 21 | "namespace": "default", 22 | "name": "kubernetes" 23 | } 24 | } 25 | }, 26 | { 27 | "action": "Allow", 28 | "protocol": "UDP", 29 | "destination": { 30 | "services": { 31 | "namespace": "default", 32 | "name": "openshift-dns" 33 | } 34 | } 35 | }, 36 | { 37 | "action": "Allow", 38 | "protocol": "TCP", 39 | "destination": { 40 | "services": { 41 | "namespace": "default", 42 | "name": "openshift-dns" 43 | } 44 | } 45 | }, 46 | { 47 | "action": "Allow", 48 | "protocol": "TCP", 49 | "destination": { 50 | "services": { 51 | "namespace": "tigera-elasticsearch", 52 | "name": "tigera-linseed" 53 | } 54 | } 55 | } 56 | ] 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/elasticsearch-internal.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.elasticsearch-internal", 6 | "namespace": "tigera-elasticsearch" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "elasticsearch.k8s.elastic.co/cluster-name == 'tigera-secure'", 12 | "types": [ 13 | "Ingress", 14 | "Egress" 15 | ], 16 | "ingress": [ 17 | { 18 | "action": "Allow", 19 | "protocol": "TCP", 20 | "source": { 21 | "selector": "elasticsearch.k8s.elastic.co/cluster-name == 'tigera-secure'" 22 | }, 23 | "destination": { 24 | "ports": [ 25 | 9300 26 | ] 27 | } 28 | } 29 | ], 30 | "egress": [ 31 | { 32 | "action": "Allow", 33 | "protocol": "TCP", 34 | "destination": { 35 | "namespaceSelector": "projectcalico.org/name == 'tigera-elasticsearch'", 36 | "selector": "elasticsearch.k8s.elastic.co/cluster-name == 'tigera-secure'", 37 | "ports": [ 38 | 9300 39 | ] 40 | } 41 | } 42 | ] 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/fluentd_managed.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.allow-fluentd-node", 6 | "namespace": "tigera-fluentd" 7 | }, 8 | "spec": { 9 | "tier": "allow-tigera", 10 | "order": 1, 11 | "selector": "k8s-app == 'fluentd-node' || k8s-app == 'fluentd-node-windows'", 12 | "types": [ 13 | "Ingress", 14 | "Egress" 15 | ], 16 | "ingress": [ 17 | { 18 | "action": "Allow", 19 | "protocol": "TCP", 20 | "source": { 21 | "selector": "k8s-app == 'tigera-prometheus'", 22 | "namespaceSelector": "name == 'tigera-prometheus'" 23 | }, 24 | "destination": { 25 | "ports": [ 26 | "9081" 27 | ] 28 | } 29 | } 30 | ], 31 | "egress": [ 32 | { 33 | "action": "Deny", 34 | "protocol": "TCP", 35 | "source": { 36 | }, 37 | "destination": { 38 | "selector": "k8s-app == 'guardian'", 39 | "namespaceSelector": "projectcalico.org/name == 'calico-system'", 40 | "notPorts": [ 41 | 8080 42 | ] 43 | } 44 | }, 45 | { 46 | "action": "Allow" 47 | } 48 | ] 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/intrusion-detection-elastic.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.intrusion-detection-elastic", 6 | "namespace": "tigera-intrusion-detection" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "job-name == 'intrusion-detection-es-job-installer'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "UDP", 19 | "destination": { 20 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 21 | "selector": "k8s-app == 'kube-dns'", 22 | "ports": [ 23 | 53 24 | ] 25 | } 26 | }, 27 | { 28 | "action": "Allow", 29 | "protocol": "TCP", 30 | "destination": { 31 | "selector": "k8s-app == 'tigera-secure-es-gateway'", 32 | "namespaceSelector": "projectcalico.org/name == 'tigera-elasticsearch'", 33 | "ports": [ 34 | 5554 35 | ] 36 | } 37 | } 38 | ] 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/intrusion-detection-elastic_ocp.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.intrusion-detection-elastic", 6 | "namespace": "tigera-intrusion-detection" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "job-name == 'intrusion-detection-es-job-installer'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "UDP", 19 | "destination": { 20 | "namespaceSelector": "projectcalico.org/name == 'openshift-dns'", 21 | "selector": "dns.operator.openshift.io/daemonset-dns == 'default'", 22 | "ports": [ 23 | 5353 24 | ] 25 | } 26 | }, 27 | { 28 | "action": "Allow", 29 | "protocol": "TCP", 30 | "destination": { 31 | "namespaceSelector": "projectcalico.org/name == 'openshift-dns'", 32 | "selector": "dns.operator.openshift.io/daemonset-dns == 'default'", 33 | "ports": [ 34 | 5353 35 | ] 36 | } 37 | }, 38 | { 39 | "action": "Allow", 40 | "protocol": "TCP", 41 | "destination": { 42 | "selector": "k8s-app == 'tigera-secure-es-gateway'", 43 | "namespaceSelector": "projectcalico.org/name == 'tigera-elasticsearch'", 44 | "ports": [ 45 | 5554 46 | ] 47 | } 48 | } 49 | ] 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/node_local_dns_dual.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "GlobalNetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.node-local-dns" 6 | }, 7 | "spec": { 8 | "tier":"allow-tigera", 9 | "order":10, 10 | "selector": "projectcalico.org/namespace in {'calico-system','tigera-compliance','tigera-dex','tigera-elasticsearch','tigera-fluentd','tigera-intrusion-detection','tigera-kibana','tigera-manager','tigera-eck-operator','tigera-packetcapture','tigera-policy-recommendation','tigera-prometheus','tigera-system','tigera-skraper'}", 11 | "egress":[ 12 | { 13 | "action":"Allow", 14 | "protocol":"UDP", 15 | "source":{}, 16 | "destination":{ 17 | "nets": ["10.96.0.10/32"], 18 | "ports": ["53"] 19 | } 20 | }, 21 | { 22 | "action":"Allow", 23 | "protocol":"UDP", 24 | "source":{}, 25 | "destination":{ 26 | "nets": ["2002:a60:a::"], 27 | "ports": ["53"] 28 | } 29 | } 30 | ], 31 | "types":[ 32 | "Egress" 33 | ] 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/node_local_dns_ipv4.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "GlobalNetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.node-local-dns" 6 | }, 7 | "spec": { 8 | "tier":"allow-tigera", 9 | "order":10, 10 | "selector": "projectcalico.org/namespace in {'calico-system','tigera-compliance','tigera-dex','tigera-elasticsearch','tigera-fluentd','tigera-intrusion-detection','tigera-kibana','tigera-manager','tigera-eck-operator','tigera-packetcapture','tigera-policy-recommendation','tigera-prometheus','tigera-system','tigera-skraper'}", 11 | "egress":[ 12 | { 13 | "action":"Allow", 14 | "protocol":"UDP", 15 | "source":{}, 16 | "destination":{ 17 | "nets": ["10.96.0.10/32"], 18 | "ports": ["53"] 19 | } 20 | } 21 | ], 22 | "types":[ 23 | "Egress" 24 | ] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/node_local_dns_ipv6.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "GlobalNetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.node-local-dns" 6 | }, 7 | "spec": { 8 | "tier":"allow-tigera", 9 | "order":10, 10 | "selector": "projectcalico.org/namespace in {'calico-system','tigera-compliance','tigera-dex','tigera-elasticsearch','tigera-fluentd','tigera-intrusion-detection','tigera-kibana','tigera-manager','tigera-eck-operator','tigera-packetcapture','tigera-policy-recommendation','tigera-prometheus','tigera-system','tigera-skraper'}", 11 | "egress":[ 12 | { 13 | "action":"Allow", 14 | "protocol":"UDP", 15 | "source":{}, 16 | "destination":{ 17 | "nets": ["2002:a60:a::"], 18 | "ports": ["53"] 19 | } 20 | } 21 | ], 22 | "types":[ 23 | "Egress" 24 | ] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/prometheus-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.tigera-prometheus-api", 6 | "namespace": "tigera-prometheus" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "k8s-app == 'tigera-prometheus-api'", 12 | "types": [ 13 | "Ingress", 14 | "Egress" 15 | ], 16 | "ingress": [ 17 | { 18 | "action": "Allow", 19 | "protocol": "TCP", 20 | "destination": { 21 | "ports": [ 22 | 9095 23 | ] 24 | } 25 | } 26 | ], 27 | "egress": [ 28 | { 29 | "action": "Allow", 30 | "protocol": "UDP", 31 | "destination": { 32 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 33 | "selector": "k8s-app == 'kube-dns'", 34 | "ports": [ 35 | 53 36 | ] 37 | } 38 | }, 39 | { 40 | "action": "Allow", 41 | "protocol": "TCP", 42 | "destination": { 43 | "namespaceSelector": "projectcalico.org/name == 'tigera-prometheus'", 44 | "selector": "k8s-app == 'tigera-prometheus'", 45 | "ports": [ 46 | 9095 47 | ] 48 | } 49 | } 50 | ] 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /pkg/render/testutils/expected_policies/prometheus-operator.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "projectcalico.org/v3", 3 | "kind": "NetworkPolicy", 4 | "metadata": { 5 | "name": "allow-tigera.prometheus-operator", 6 | "namespace": "tigera-prometheus" 7 | }, 8 | "spec": { 9 | "order": 1, 10 | "tier": "allow-tigera", 11 | "selector": "operator == 'prometheus'", 12 | "types": [ 13 | "Egress" 14 | ], 15 | "egress": [ 16 | { 17 | "action": "Allow", 18 | "protocol": "UDP", 19 | "destination": { 20 | "namespaceSelector": "projectcalico.org/name == 'kube-system'", 21 | "selector": "k8s-app == 'kube-dns'", 22 | "ports": [ 23 | 53 24 | ] 25 | } 26 | }, 27 | { 28 | "action": "Allow", 29 | "protocol": "TCP", 30 | "destination": { 31 | "namespaceSelector": "projectcalico.org/name == 'default'", 32 | "selector": "(provider == 'kubernetes' && component == 'apiserver' && endpoints.projectcalico.org/serviceName == 'kubernetes')", 33 | "ports": [ 34 | 443, 35 | 6443, 36 | 12388 37 | ] 38 | } 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /pkg/render/testutils/fixtures.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testutils 16 | 17 | import ( 18 | "github.com/tigera/operator/pkg/common" 19 | corev1 "k8s.io/api/core/v1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | var KubeControllersUserSecret = corev1.Secret{ 24 | TypeMeta: metav1.TypeMeta{ 25 | Kind: "Secret", 26 | APIVersion: "v1", 27 | }, 28 | ObjectMeta: metav1.ObjectMeta{ 29 | Name: "tigera-ee-kube-controllers-elasticsearch-access", 30 | Namespace: common.OperatorNamespace(), 31 | }, 32 | Data: map[string][]byte{ 33 | "username": []byte("password"), 34 | "password": []byte("password"), 35 | }, 36 | } 37 | -------------------------------------------------------------------------------- /pkg/render/tiers/tiers_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | package tiers_test 15 | 16 | import ( 17 | "testing" 18 | 19 | . "github.com/onsi/ginkgo" 20 | . "github.com/onsi/gomega" 21 | 22 | "github.com/onsi/ginkgo/reporters" 23 | ) 24 | 25 | func TestRender(t *testing.T) { 26 | RegisterFailHandler(Fail) 27 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/monitor_suite.xml") 28 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/tiers Suite", []Reporter{junitReporter}) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/render/whisker/suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2025 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package whisker_test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | 23 | "github.com/onsi/ginkgo/reporters" 24 | ) 25 | 26 | func TestRender(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | junitReporter := reporters.NewJUnitReporter("../../../report/ut/whisker_render_suite.xml") 29 | RunSpecsWithDefaultAndCustomReporters(t, "pkg/render/whisker Suite", []Reporter{junitReporter}) 30 | } 31 | -------------------------------------------------------------------------------- /pkg/tls/certkeyusage/certkeyusage.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package certkeyusage 16 | 17 | import "crypto/x509" 18 | 19 | var secretKeyUsage = map[string][]x509.ExtKeyUsage{} 20 | 21 | func SetCertKeyUsage(secretName string, usage []x509.ExtKeyUsage) { 22 | secretKeyUsage[secretName] = usage 23 | } 24 | 25 | // GetKeyUsage looks up the expected usage for keys by name. Currently these are certs that in a 26 | // legacy install may have been created with only Server ext key usage but now with linseed they 27 | // they need to also have client for mTLS. 28 | // This is a varaible so that we can override this for testing purposes. 29 | func GetCertKeyUsage(secret string) []x509.ExtKeyUsage { 30 | if usage, ok := secretKeyUsage[secret]; ok { 31 | return usage 32 | } 33 | return []x509.ExtKeyUsage{} 34 | } 35 | -------------------------------------------------------------------------------- /test/dependencies.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Add dependencies used by the build but not by the code to this file. 16 | package test 17 | 18 | import "sigs.k8s.io/kind/pkg/cmd/kind" 19 | 20 | var _ = kind.NewCommand 21 | -------------------------------------------------------------------------------- /test/fv_suite_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, 2023-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package test 16 | 17 | import ( 18 | "testing" 19 | 20 | . "github.com/onsi/ginkgo" 21 | . "github.com/onsi/gomega" 22 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 23 | 24 | "github.com/onsi/ginkgo/reporters" 25 | uzap "go.uber.org/zap" 26 | logf "sigs.k8s.io/controller-runtime/pkg/log" 27 | ) 28 | 29 | func TestFeatureVerification(t *testing.T) { 30 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(uzap.NewAtomicLevelAt(uzap.DebugLevel)))) 31 | RegisterFailHandler(Fail) 32 | junitReporter := reporters.NewJUnitReporter("../report/fv/fv_suite.xml") 33 | RunSpecsWithDefaultAndCustomReporters(t, "FV test Suite", []Reporter{junitReporter}) 34 | } 35 | -------------------------------------------------------------------------------- /test/load_images_on_kind_cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function load_image() { 4 | local node=${1} 5 | for IMAGETAR in ${@:2} 6 | do 7 | docker cp ./${IMAGETAR} ${node}:/${IMAGETAR} 8 | docker exec -t ${node} ctr -n=k8s.io images import /${IMAGETAR} 9 | docker exec -t ${node} rm /${IMAGETAR} 10 | done 11 | } 12 | 13 | KIND_NODES="kind-control-plane kind-worker kind-worker2 kind-worker3" 14 | 15 | for NODE in ${KIND_NODES} 16 | do 17 | load_image ${NODE} ${@:2} 18 | done 19 | -------------------------------------------------------------------------------- /version/version.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package version 16 | 17 | // VERSION is filled out during the build process (using git describe output) 18 | var VERSION = "unknown" 19 | --------------------------------------------------------------------------------