Automated rebase to K8s 1.36.2

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.25 as builder
+FROM golang:1.26 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Dockerfile.daemon

@@ -1,4 +1,4 @@
-FROM golang:1.25 AS builder
+FROM golang:1.26 AS builder
 WORKDIR /go/src/github.com/openshift/ingress-node-firewall
 COPY . .
 

Makefile

@@ -57,7 +57,7 @@ endif
 IMG ?= quay.io/openshift/origin-ingress-node-firewall:latest
 DAEMON_IMG ?= quay.io/openshift/origin-ingress-node-firewall-daemon:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.32.x
+ENVTEST_K8S_VERSION = 1.36
 
 # Default namespace
 NAMESPACE ?= ingress-node-firewall-system
@@ -285,7 +285,7 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) GOFLAGS="" go install sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.20
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) GOFLAGS="" go install sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.24
 
 .PHONY: bundle
 bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metadata, then validate generated files.
@@ -386,7 +386,7 @@ lint: ## Run golangci-lint against code.
 ifeq ($(CONTAINER_RUNNABLE), 0)
 	@GOPATH=${GOPATH} ./hack/lint.sh $(CONTAINER_RUNTIME)
 else
-	echo "linter can only be run within a container since it needs a specific golangci-lint version"
+	GOFLAGS="" GOLANGCI_LINT_CACHE=/tmp/golangci-lint-cache go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) 2>/dev/null && GOLANGCI_LINT_CACHE=/tmp/golangci-lint-cache golangci-lint run --verbose --timeout=15m0s
 endif
 
 .PHONY: vendors
@@ -419,7 +419,7 @@ catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
 
 CILIUM_EBPF_VERSION := v0.18.0
-GOLANGCI_LINT_VERSION = v1.54.2
+GOLANGCI_LINT_VERSION = v2.12.2
 CLANG ?= clang
 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS)
 GOOS ?= linux
@@ -428,7 +428,7 @@ LOCAL_GENERATOR_IMAGE ?= ebpf-generator:latest
 ##@ eBPF development
 .PHONY: prereqs
 prereqs: ## Check if prerequisites are met, and installing missing dependencies
-	test -f $(shell go env GOPATH)/bin/golangci-lint || GOFLAGS="" go install github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}
+	test -f $(shell go env GOPATH)/bin/golangci-lint || GOFLAGS="" go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}
 	test -f $(shell go env GOPATH)/bin/bpf2go || go install github.com/cilium/ebpf/cmd/bpf2go@${CILIUM_EBPF_VERSION}
 	test -f $(shell go env GOPATH)/bin/kind || go install sigs.k8s.io/kind@latest
 

api/v1alpha1/groupversion_info.go

@@ -29,7 +29,7 @@ var (
 	GroupVersion = schema.GroupVersion{Group: "ingressnodefirewall.openshift.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
-	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} //nolint:govet,staticcheck // kubebuilder generated
 
 	// AddToScheme adds the types in this group-version to the given scheme.
 	AddToScheme = SchemeBuilder.AddToScheme

controllers/ingressnodefirewall_controller.go

@@ -106,11 +106,6 @@ func (r *IngressNodeFirewallReconciler) Reconcile(ctx context.Context, req ctrl.
 			}
 			if yes, debugMode, err := r.isUsingBpfmanManager(ctx); yes && err == nil {
 				r.Log.Info("BPFMAN: Deleting ebpf program", "req.Name", req.Name)
-				interfaces := make([]string, 0,
-					len(ingressNodeFirewallCurrentNodeState.Spec.InterfaceIngressRules))
-				for intf := range ingressNodeFirewallCurrentNodeState.Spec.InterfaceIngressRules {
-					interfaces = append(interfaces, intf)
-				}
 				if err := bpf_mgr.BpfmanDetachNodeFirewall(ctx, r.Client, nil, debugMode); err != nil {
 					r.Log.Error(err, "Failed to delete ebpf program", "req.Name", req.Name)
 					return ctrl.Result{}, err
@@ -369,7 +364,7 @@ func (r *IngressNodeFirewallReconciler) buildNodeStates(
 				r.Log.Info("BPFMAN: Creating application object and attach ingress firewall prog")
 				err = bpf_mgr.BpfmanAttachNodeFirewall(ctx, r.Client, firewallObj, debugMode)
 				if err != nil {
-					errMsg := fmt.Sprintf("BPFMAN: Failed to attach ingress firewall prog")
+					errMsg := "BPFMAN: Failed to attach ingress firewall prog"
 					r.Log.Error(err, errMsg)
 					if !strings.Contains(err.Error(), programAlreadyExistsErr) {
 						state.Status = infv1alpha1.IngressNodeFirewallNodeStateStatus{

controllers/ingressnodefirewall_controller_rules_test.go

@@ -51,7 +51,7 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 			nodeStateList := &infv1alpha1.IngressNodeFirewallNodeStateList{}
 			err := k8sClient.List(ctx, nodeStateList)
 			if err != nil {
-				fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
+				_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
 				return false
 			}
 			return len(nodeStateList.Items) == 0
@@ -756,7 +756,7 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 				By("Creating new IngressNodeFirewall objects")
 				for k, spec := range tc.inSpecs {
 					objectName := fmt.Sprintf("firewall-%d", k)
-					fmt.Fprintf(GinkgoWriter, "By creating new IngressNodeFirewall object %s", objectName)
+					_, _ = fmt.Fprintf(GinkgoWriter, "By creating new IngressNodeFirewall object %s", objectName)
 					ingressNodeFirewall := infv1alpha1.IngressNodeFirewall{
 						TypeMeta:   metav1.TypeMeta{},
 						ObjectMeta: metav1.ObjectMeta{Name: objectName},
@@ -780,12 +780,12 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 						By("Making sure that the resource displays a successful synchronization status")
 						// Refresh the resource.
 						if err := k8sClient.Get(ctx, key, infns); err != nil {
-							fmt.Fprintf(GinkgoWriter, "Getting resource failed: %q\n", err)
+							_, _ = fmt.Fprintf(GinkgoWriter, "Getting resource failed: %q\n", err)
 							return false
 						}
 						// Compare synchronization status.
 						if infns.Status.SyncStatus != infv1alpha1.SyncOK {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"SyncStatus does not match SyncOK, instead got: %q\n", infns.Status.SyncStatus)
 							return false
 						}
@@ -796,7 +796,7 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 						ingressesEqual := equality.Semantic.DeepEqual(
 							infns.Spec.InterfaceIngressRules, tc.outSpec.InterfaceIngressRules)
 						if !ingressesEqual {
-							fmt.Fprintf(GinkgoWriter, "Ingresses do not match. Got: '%v', Expected '%v'\n",
+							_, _ = fmt.Fprintf(GinkgoWriter, "Ingresses do not match. Got: '%v', Expected '%v'\n",
 								infns.Spec.InterfaceIngressRules, tc.outSpec.InterfaceIngressRules)
 						}
 						return ingressesEqual
@@ -806,12 +806,12 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 						By("Making sure that the resource displays an error synchronization status")
 						// Refresh the resource.
 						if err := k8sClient.Get(ctx, key, infns); err != nil {
-							fmt.Fprintf(GinkgoWriter, "Getting resource failed: %q\n", err)
+							_, _ = fmt.Fprintf(GinkgoWriter, "Getting resource failed: %q\n", err)
 							return false
 						}
 						// Compare the synchronzition status.
 						if infns.Status.SyncStatus != infv1alpha1.SyncError {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"SyncStatus does not match SyncError, got: %q\n", infns.Status.SyncStatus)
 							return false
 						}
@@ -820,7 +820,7 @@ var _ = Describe("IngressNodeFirewall controller rules", func() {
 						// Compare the error message.
 						syncErrorContains := strings.Contains(infns.Status.SyncErrorMessage, tc.statusError)
 						if !syncErrorContains {
-							fmt.Fprintf(GinkgoWriter, "Sync error does not contain expected string '%s'. Got: '%s'\n",
+							_, _ = fmt.Fprintf(GinkgoWriter, "Sync error does not contain expected string '%s'. Got: '%s'\n",
 								tc.statusError, infns.Status.SyncErrorMessage)
 						}
 						return syncErrorContains

controllers/ingressnodefirewall_controller_test.go

@@ -103,7 +103,7 @@ var _ = Describe("IngressNodeFirewall controller", func() {
 			nodeStateList := &infv1alpha1.IngressNodeFirewallNodeStateList{}
 			err := k8sClient.List(ctx, nodeStateList)
 			if err != nil {
-				fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
+				_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
 				return false
 			}
 			return len(nodeStateList.Items) == 0
@@ -119,12 +119,12 @@ var _ = Describe("IngressNodeFirewall controller", func() {
 			Eventually(func() bool {
 				err := k8sClient.List(ctx, nodeStateList, []client.ListOption{}...)
 				if err != nil {
-					fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
+					_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
 					return false
 				}
 				// Check number of items.
 				if len(nodeStateList.Items) != len(expectedNodeNames) {
-					fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates\n")
+					_, _ = fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates\n")
 					return false
 				}
 				// Check item names.
@@ -137,21 +137,21 @@ var _ = Describe("IngressNodeFirewall controller", func() {
 						}
 					}
 					if !nameMatches {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"Did not find the expected IngressNodeFirewallNodeState with name %s\n", name)
 						return false
 					}
 				}
 				// Check item content.
 				for _, nodeState := range nodeStateList.Items {
 					if _, ok := nodeState.Spec.InterfaceIngressRules["eth0"]; !ok {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"IngressNodeFirewallNodeState.Spec.InterfaceIngressRules[%s] does not exist "+
 								"for object with name %s\n", "eth0", nodeState.Name)
 						return false
 					}
 					if !equality.Semantic.DeepEqual(nodeState.Spec.InterfaceIngressRules["eth0"], rules) {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"IngressNodeFirewallNodeState.Spec.Ingress does not match IngressNodeFirewall.Spec.Ingress "+
 								"for object with name %s\n", nodeState.Name)
 						return false
@@ -403,7 +403,7 @@ var _ = Describe("IngressNodeFirewall controller with multiple objects", func()
 			nodeStateList := &infv1alpha1.IngressNodeFirewallNodeStateList{}
 			err := k8sClient.List(ctx, nodeStateList)
 			if err != nil {
-				fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
+				_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates on cleanup, err: %q", err)
 				return false
 			}
 			return len(nodeStateList.Items) == 0
@@ -419,12 +419,12 @@ var _ = Describe("IngressNodeFirewall controller with multiple objects", func()
 			Eventually(func() bool {
 				err := k8sClient.List(ctx, nodeStateList, []client.ListOption{}...)
 				if err != nil {
-					fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
+					_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
 					return false
 				}
 				// Check number of items.
 				if len(nodeStateList.Items) != len(expectedNodeNames) {
-					fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates\n")
+					_, _ = fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates\n")
 					return false
 				}
 				// Check item names.
@@ -437,21 +437,21 @@ var _ = Describe("IngressNodeFirewall controller with multiple objects", func()
 						}
 					}
 					if !nameMatches {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"Did not find the expected IngressNodeFirewallNodeState with name %s\n", name)
 						return false
 					}
 				}
 				// Check item content.
 				for _, nodeState := range nodeStateList.Items {
 					if _, ok := nodeState.Spec.InterfaceIngressRules["eth0"]; !ok {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"IngressNodeFirewallNodeState.Spec.InterfaceIngressRules[%s] does not exist "+
 								"for object with name %s\n", "eth0", nodeState.Name)
 						return false
 					}
 					if !equality.Semantic.DeepEqual(nodeState.Spec.InterfaceIngressRules["eth0"], rules) {
-						fmt.Fprintf(GinkgoWriter,
+						_, _ = fmt.Fprintf(GinkgoWriter,
 							"IngressNodeFirewallNodeState.Spec.Ingress does not match IngressNodeFirewall.Spec.Ingress "+
 								"for object with name %s\n", nodeState.Name)
 						return false
@@ -487,19 +487,19 @@ var _ = Describe("IngressNodeFirewall controller with multiple objects", func()
 				Eventually(func() bool {
 					err := k8sClient.List(ctx, nodeStateList, []client.ListOption{}...)
 					if err != nil {
-						fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
+						_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
 						return false
 					}
 					// Check item content.
 					for _, nodeState := range nodeStateList.Items {
 						if _, ok := nodeState.Spec.InterfaceIngressRules["eth0"]; !ok {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"IngressNodeFirewallNodeState.Spec.InterfaceIngressRules[%s] does not exist "+
 									"for object with name %s\n", "eth0", nodeState.Name)
 							return false
 						}
 						if !equality.Semantic.DeepEqual(nodeState.Spec.InterfaceIngressRules["eth0"], rules2) {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"IngressNodeFirewallNodeState.Spec.Ingress does not match IngressNodeFirewall.Spec.Ingress "+
 									"for object with name %s %v\n", nodeState.Name, nodeState.Spec.InterfaceIngressRules["eth0"])
 							return false
@@ -532,19 +532,19 @@ var _ = Describe("IngressNodeFirewall controller with multiple objects", func()
 				Eventually(func() bool {
 					err := k8sClient.List(ctx, nodeStateList, []client.ListOption{}...)
 					if err != nil {
-						fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
+						_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
 						return false
 					}
 					// Check item content.
 					for _, nodeState := range nodeStateList.Items {
 						if _, ok := nodeState.Spec.InterfaceIngressRules["eth0"]; !ok {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"IngressNodeFirewallNodeState.Spec.InterfaceIngressRules[%s] does not exist "+
 									"for object with name %s\n", "eth0", nodeState.Name)
 							return false
 						}
 						if !equality.Semantic.DeepEqual(nodeState.Spec.InterfaceIngressRules["eth0"], rules1) {
-							fmt.Fprintf(GinkgoWriter,
+							_, _ = fmt.Fprintf(GinkgoWriter,
 								"IngressNodeFirewallNodeState.Spec.Ingress does not match IngressNodeFirewall.Spec.Ingress "+
 									"for object with name %s %v\n", nodeState.Name, nodeState.Spec.InterfaceIngressRules["eth0"])
 							return false
@@ -567,12 +567,12 @@ func hasIngressNodeFirewallNodeStates(ctx context.Context, k8sClient client.Clie
 		// List all IngressNodeFirewallNodeStates.
 		err := k8sClient.List(ctx, nodeStateList, []client.ListOption{}...)
 		if err != nil {
-			fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
+			_, _ = fmt.Fprintf(GinkgoWriter, "Could not list IngressNodeFirewallNodeStates during this iteration\n")
 			return false
 		}
 		// Check number of items.
 		if len(nodeStateList.Items) != len(expectedObjectNames) {
-			fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates. "+
+			_, _ = fmt.Fprintf(GinkgoWriter, "Could not find the desired number of IngressNodeFirewallNodeStates. "+
 				"Found %d objects but expected to find %d objects. Object list: %+v\n",
 				len(nodeStateList.Items), len(expectedObjectNames), nodeStateList.Items)
 			return false
@@ -587,7 +587,7 @@ func hasIngressNodeFirewallNodeStates(ctx context.Context, k8sClient client.Clie
 				}
 			}
 			if !match {
-				fmt.Fprintf(GinkgoWriter, "Could not find expected IngressNodeFirewallNodeState %s.  Object list: %v\n",
+				_, _ = fmt.Fprintf(GinkgoWriter, "Could not find expected IngressNodeFirewallNodeState %s.  Object list: %v\n",
 					expectedName, nodeStateList.Items)
 				return false
 			}

controllers/ingressnodefirewallconfig_controller.go

@@ -102,7 +102,7 @@ func (r *IngressNodeFirewallConfigReconciler) Reconcile(ctx context.Context, req
 		condition = status.ConditionDegraded
 		err = errors.Wrapf(err, "FailedToSyncIngressNodeFirewallConfigResources")
 	} else {
-		err = status.IsIngressNodeFirewallConfigAvailable(ctx, r.Client, req.NamespacedName.Namespace)
+		err = status.IsIngressNodeFirewallConfigAvailable(ctx, r.Client, req.Namespace)
 		if err != nil {
 			if _, ok := err.(status.IngressNodeFirewallConfigResourcesNotReadyError); ok {
 				ctrResult = ctrl.Result{RequeueAfter: 5 * time.Second}

controllers/ingressnodefirewallnodestate_controller.go

@@ -123,5 +123,5 @@ func (r *IngressNodeFirewallNodeStateReconciler) reconcileResource(
 }
 
 func isNodeStateDeletionInProgress(nodeState *infv1alpha1.IngressNodeFirewallNodeState) bool {
-	return !nodeState.ObjectMeta.DeletionTimestamp.IsZero()
+	return !nodeState.DeletionTimestamp.IsZero()
 }