Previously a loop variable was being used for the node name in the diagnostic
returned from the node labels and taints check. If the offending node wasn't the
last one in the list, the wrong node name would be returned.
Add a test to reproduce the issue, and copy the loop variable to fix it.
Until now, clusterlint was designed to be run locally using a kubeconfig file to access the Kubernetes API. But some users may want to run it in-cluster so it can be run as a CronJob for example.
When running clusterlint on Go 1.17, it panics right on startup. The
issue is our usage of github.com/mattn/go-isatty (consumed by
github.com/fatih/color) which had a bug until [1]. Updating to the
latest v0.0.14 release fixes the issue.
Also bump the minimum (library) dependency to 1.16 in go.mod since that
is the oldest, officially supported Go version. Bumping to 1.17 actually
enables us to fix the issue by simply updating to the latest
github.com/fatih/color, as opposed to adding an indirect import of
github.com/mattn/go-isatty which this change does right now (which I
suppose works due to Go 1.17 module management improvements); however,
that'd come at the price of breaking compatibility with 1.16 users which
is non-ideal.
Regardless, update github.com/fatih/color as well while we're here.
Also bump the version of the Go image used for testing.
[1] https://github.com/mattn/go-isatty/pull/66
We have a number of checks that operate on admission control webhook
configuration. Older clusters support only v1beta1 of admission control, while
newer clusters support v1. Currently clusterlint fails to run on these older
clusters because we can't fetch v1 admission control objects from them.
This change covers the following modifications:
- When listing objects, ignore "not found" errors, which mean the cluster
doesn't support the resource we're trying to list.
- Duplicate our existing admission control webhook checks for v1beta1, so that
older clusters get the same checks as newer clusters.
- Enhance the errors we return when listing objects fails so that we can tell
which resource we failed to list.
- Remove extraneous empty import: client auth plugins are already loaded in
objects.go, so no need for the import in object_filter.go.
- Ensure all object lists are non-nil after fetching objects. (Since we now
ignore not found errors, it's possible for some object lists to be nil.)
- Skip v1beta1 admission control tests when v1 objects exist.
Co-authored-by: Timo Reimann <treimann@digitalocean.com>
Adam Wolfe Gordon
Sharmita Das
Sharmita Das
Collin Shoop
Collin Shoop
Varsha Varadarajan
Varsha Varadarajan
sundowndev
Timo Reimann
Ingo Gottwald
fish-dango
Cees-Jan Kiewiet
Stephen Paulger