fix: revert golang net upgrade (#782)

revert golang net

.github/workflows/build-publish-mcr.yml

@@ -41,20 +41,17 @@ jobs:
           # from AZURE_REGISTRY secret is not exported from here.
 
   publish-images:
-    runs-on: ubuntu-latest
+    runs-on:
+      labels: [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"]
     needs: prepare-variables
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ needs.prepare-variables.outputs.release_tag }}
-      - name: 'OIDC Login to Azure Public Cloud'
-        uses: azure/login@v1
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       - name: 'Login the ACR'
-        run: az acr login -n ${{ secrets.AZURE_REGISTRY }}
+        run: |
+          az login --identity 
+          az acr login -n ${{ secrets.AZURE_REGISTRY }}
       - name: Build and publish hub-agent
         run: |
           make docker-build-hub-agent
@@ -72,4 +69,4 @@ jobs:
           make docker-build-refresh-token
         env:
           REFRESH_TOKEN_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}
-          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}

.github/workflows/ci.yml

@@ -116,3 +116,10 @@ jobs:
         env:
           KUBECONFIG: '/home/runner/.kube/config'
           HUB_SERVER_URL: 'https://172.19.0.2:6443'
+          # Temporarily enable the AKS property provider for the E2E tests, in order
+          # to verify the property-based scheduling experience.
+          #
+          # TO-DO (chenyu1): to ensure a vendor-neutral experience, switch to a dummy
+          # property provider once the AKS one is split out.
+          PROPERTY_PROVIDER: 'azure'
+

.github/workflows/pr-title-lint.yml

@@ -12,7 +12,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: thehanimo/[email protected].1
+      - uses: thehanimo/[email protected].2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           pass_on_octokit_error: true

.github/workflows/publish-image.yml

@@ -48,7 +48,7 @@ jobs:
           echo "MEMBER_AGENT_IMAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
           echo "REFRESH_TOKEN_IMAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
       - name: Login to ${{ env.REGISTRY }}
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}

.github/workflows/trivy.yml

@@ -46,7 +46,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to ${{ env.REGISTRY }}
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}

Makefile

@@ -46,7 +46,7 @@ GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT
 # ENVTEST_K8S_VERSION refers to the version of k8s binary assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.28.0
 # ENVTEST_VER is the version of the ENVTEST binary
-ENVTEST_VER = latest
+ENVTEST_VER = v0.0.0-20240317073005-bd9ea79e8d18
 ENVTEST_BIN := setup-envtest
 ENVTEST :=  $(abspath $(TOOLS_BIN_DIR)/$(ENVTEST_BIN)-$(ENVTEST_VER))
 
@@ -162,7 +162,10 @@ install-hub-agent-helm:
     --set namespace=fleet-system \
     --set enableWebhook=true \
     --set webhookServiceName=fleetwebhook \
-    --set webhookClientConnectionType=service
+    --set webhookClientConnectionType=service \
+    --set enableV1Alpha1APIs=true \
+    --set enableV1Beta1APIs=false \
+    --set logFileMaxSize=1000000
 
 .PHONY: e2e-v1alpha1-hub-kubeconfig-secret
 e2e-v1alpha1-hub-kubeconfig-secret:
@@ -224,7 +227,7 @@ reviewable: fmt vet lint staticcheck
 ## --------------------------------------
 
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:crdVersions=v1"
+CRD_OPTIONS ?= "crd"
 
 # Generate manifests e.g. CRD, RBAC etc.
 .PHONY: manifests

README.md

@@ -62,7 +62,7 @@ metadata:
   name: kind-cluster-1
 spec:
   identity:
-    name: hub-agent-sa
+    name: fleet-member-agent-cluster-1
     kind: ServiceAccount
     namespace: fleet-system
     apiGroup: ""

apis/cluster/v1/commons.go

@@ -0,0 +1,126 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+package v1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type ClusterState string
+
+const (
+	ClusterStateJoin  ClusterState = "Join"
+	ClusterStateLeave ClusterState = "Leave"
+)
+
+// ResourceUsage contains the observed resource usage of a member cluster.
+type ResourceUsage struct {
+	// Capacity represents the total resource capacity of all the nodes on a member cluster.
+	//
+	// A node's total capacity is the amount of resource installed on the node.
+	// +optional
+	Capacity corev1.ResourceList `json:"capacity,omitempty"`
+
+	// Allocatable represents the total allocatable resources of all the nodes on a member cluster.
+	//
+	// A node's allocatable capacity is the amount of resource that can actually be used
+	// for user workloads, i.e.,
+	// allocatable capacity = total capacity - capacities reserved for the OS, kubelet, etc.
+	//
+	// For more information, see
+	// https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/.
+	// +optional
+	Allocatable corev1.ResourceList `json:"allocatable,omitempty"`
+
+	// Available represents the total available resources of all the nodes on a member cluster.
+	//
+	// A node's available capacity is the amount of resource that has not been used yet, i.e.,
+	// available capacity = allocatable capacity - capacity that has been requested by workloads.
+	//
+	// This field is beta-level; it is for the property-based scheduling feature and is only
+	// populated when a property provider is enabled in the deployment.
+	// +optional
+	Available corev1.ResourceList `json:"available,omitempty"`
+
+	// When the resource usage is observed.
+	// +optional
+	ObservationTime metav1.Time `json:"observationTime,omitempty"`
+}
+
+// AgentType defines a type of agent/binary running in a member cluster.
+type AgentType string
+
+const (
+	// MemberAgent (core) handles member cluster joining/leaving as well as k8s object placement from hub to member clusters.
+	MemberAgent AgentType = "MemberAgent"
+	// MultiClusterServiceAgent (networking) is responsible for exposing multi-cluster services via L4 load
+	// balancer.
+	MultiClusterServiceAgent AgentType = "MultiClusterServiceAgent"
+	// ServiceExportImportAgent (networking) is responsible for export or import services across multi-clusters.
+	ServiceExportImportAgent AgentType = "ServiceExportImportAgent"
+)
+
+// AgentStatus defines the observed status of the member agent of the given type.
+type AgentStatus struct {
+	// Type of the member agent.
+	// +required
+	Type AgentType `json:"type"`
+
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+
+	// Conditions is an array of current observed conditions for the member agent.
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// Last time we received a heartbeat from the member agent.
+	// +optional
+	LastReceivedHeartbeat metav1.Time `json:"lastReceivedHeartbeat,omitempty"`
+}
+
+// AgentConditionType identifies a specific condition on the Agent.
+type AgentConditionType string
+
+const (
+	// AgentJoined indicates the join condition of the given member agent.
+	// Its condition status can be one of the following:
+	// - "True" means the member agent has joined.
+	// - "False" means the member agent has left.
+	// - "Unknown" means the member agent is joining or leaving or in an unknown status.
+	AgentJoined AgentConditionType = "Joined"
+	// AgentHealthy indicates the health condition of the given member agent.
+	// Its condition status can be one of the following:
+	// - "True" means the member agent is healthy.
+	// - "False" means the member agent is unhealthy.
+	// - "Unknown" means the member agent has an unknown health status.
+	AgentHealthy AgentConditionType = "Healthy"
+)
+
+const (
+	MemberClusterKind                = "MemberCluster"
+	MemberClusterResource            = "memberclusters"
+	InternalMemberClusterKind        = "InternalMemberCluster"
+	ClusterResourcePlacementResource = "clusterresourceplacements"
+)
+
+// A ConditionedWithType may have conditions set or retrieved based on agent type. Conditions typically
+// indicate the status of both a resource and its reconciliation process.
+// +kubebuilder:object:generate=false
+type ConditionedWithType interface {
+	SetConditionsWithType(AgentType, ...metav1.Condition)
+	GetConditionWithType(AgentType, string) *metav1.Condition
+}
+
+// A ConditionedAgentObj is for kubernetes resources where multiple agents can set and update conditions within AgentStatus.
+// +kubebuilder:object:generate=false
+type ConditionedAgentObj interface {
+	client.Object
+	ConditionedWithType
+}

apis/cluster/v1/doc.go

@@ -0,0 +1,11 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+// Package v1 contains API Schema definitions for the fleet cluster v1 API group.
+
+// +kubebuilder:object:generate=true
+// +k8s:deepcopy-gen=package,register
+// +groupName=cluster.kubernetes-fleet.io
+package v1

apis/cluster/v1/groupversion_info.go

@@ -0,0 +1,24 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+// +kubebuilder:object:generate=true
+// +groupName=cluster.kubernetes-fleet.io
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects.
+	GroupVersion = schema.GroupVersion{Group: "cluster.kubernetes-fleet.io", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

apis/cluster/v1/internalmembercluster_types.go

@@ -0,0 +1,120 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Namespaced,categories={fleet,fleet-cluster},shortName=imc
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=`.metadata.creationTimestamp`,name="Age",type=date
+
+// InternalMemberCluster is used by hub agent to notify the member agents about the member cluster state changes, and is used by the member agents to report their status.
+type InternalMemberCluster struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// The desired state of InternalMemberCluster.
+	// +required
+	Spec InternalMemberClusterSpec `json:"spec"`
+
+	// The observed status of InternalMemberCluster.
+	// +optional
+	Status InternalMemberClusterStatus `json:"status,omitempty"`
+}
+
+// InternalMemberClusterSpec defines the desired state of InternalMemberCluster. Set by the hub agent.
+type InternalMemberClusterSpec struct {
+	// +kubebuilder:validation:Required,Enum=Join;Leave
+
+	// The desired state of the member cluster. Possible values: Join, Leave.
+	// +required
+	State ClusterState `json:"state"`
+
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=600
+
+	// How often (in seconds) for the member cluster to send a heartbeat to the hub cluster. Default: 60 seconds. Min: 1 second. Max: 10 minutes.
+	// +optional
+	HeartbeatPeriodSeconds int32 `json:"heartbeatPeriodSeconds,omitempty"`
+}
+
+// InternalMemberClusterStatus defines the observed state of InternalMemberCluster.
+type InternalMemberClusterStatus struct {
+	// Conditions is an array of current observed conditions for the member cluster.
+	// +optional
+	Conditions []metav1.Condition `json:"conditions"`
+
+	// Properties is an array of properties observed for the member cluster.
+	//
+	// This field is beta-level; it is for the property-based scheduling feature and is only
+	// populated when a property provider is enabled in the deployment.
+	// +optional
+	Properties map[PropertyName]PropertyValue `json:"properties,omitempty"`
+
+	// The current observed resource usage of the member cluster. It is populated by the member agent.
+	// +optional
+	ResourceUsage ResourceUsage `json:"resourceUsage,omitempty"`
+
+	// AgentStatus is an array of current observed status, each corresponding to one member agent running in the member cluster.
+	// +optional
+	AgentStatus []AgentStatus `json:"agentStatus,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// InternalMemberClusterList contains a list of InternalMemberCluster.
+type InternalMemberClusterList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []InternalMemberCluster `json:"items"`
+}
+
+// SetConditionsWithType is used to add condition to AgentStatus for a given agentType.
+func (m *InternalMemberCluster) SetConditionsWithType(agentType AgentType, conditions ...metav1.Condition) {
+	desiredAgentStatus := m.GetAgentStatus(agentType)
+	for _, c := range conditions {
+		meta.SetStatusCondition(&desiredAgentStatus.Conditions, c)
+	}
+}
+
+// GetConditionWithType is used to retrieve the desired condition from AgentStatus for given agentType
+func (m *InternalMemberCluster) GetConditionWithType(agentType AgentType, conditionType string) *metav1.Condition {
+	var desiredAgentStatus AgentStatus
+	for _, agentStatus := range m.Status.AgentStatus {
+		if agentType == agentStatus.Type {
+			desiredAgentStatus = agentStatus
+		}
+	}
+	if desiredAgentStatus.Type == agentType {
+		return meta.FindStatusCondition(desiredAgentStatus.Conditions, conditionType)
+	}
+	return nil
+}
+
+// GetAgentStatus is used to retrieve agent status from internal member cluster,
+// if it doesn't exist it creates the expected agent status and returns it.
+func (m *InternalMemberCluster) GetAgentStatus(agentType AgentType) *AgentStatus {
+	for i := range m.Status.AgentStatus {
+		if m.Status.AgentStatus[i].Type == agentType {
+			return &m.Status.AgentStatus[i]
+		}
+	}
+	agentStatus := AgentStatus{
+		Type:       agentType,
+		Conditions: []metav1.Condition{},
+	}
+	m.Status.AgentStatus = append(m.Status.AgentStatus, agentStatus)
+	return &m.Status.AgentStatus[len(m.Status.AgentStatus)-1]
+}
+
+func init() {
+	SchemeBuilder.Register(&InternalMemberCluster{}, &InternalMemberClusterList{})
+}