kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: split out kube types (#13417)

Further split kube package into kube/{client,api,types}. This is so that
consumers who only need constants/static types don't have to import
the client and api bits.

Updates#cleanup

Signed-off-by: Irbe Krumina <irbe@tailscale.com>

kube/api/api.go

@@ -1,7 +1,11 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-package kube
+// Package api contains Kubernetes API types for internal consumption.
+// These types are split into a separate package for consumption of
+// non-Kubernetes shared libraries and binaries. Be mindful of not increasing
+// dependency size for those consumers when adding anything new here.
+package api
 
 import "time"
 

kube/client/client.go

@@ -1,10 +1,13 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-// Package kube provides a client to interact with Kubernetes.
+// Package client provides a client to interact with Kubernetes.
 // This package is Tailscale-internal and not meant for external consumption.
 // Further, the API should not be considered stable.
-package kube
+// Client is split into a separate package for consumption of
+// non-Kubernetes shared libraries and binaries. Be mindful of not increasing
+// dependency size for those consumers when adding anything new here.
+package client
 
 import (
 	"bytes"
@@ -23,6 +26,7 @@ import (
 	"sync"
 	"time"
 
+	kubeapi "tailscale.com/kube/api"
 	"tailscale.com/util/multierr"
 )
 
@@ -50,10 +54,10 @@ func readFile(n string) ([]byte, error) {
 // Client handles connections to Kubernetes.
 // It expects to be run inside a cluster.
 type Client interface {
-	GetSecret(context.Context, string) (*Secret, error)
-	UpdateSecret(context.Context, *Secret) error
-	CreateSecret(context.Context, *Secret) error
-	StrategicMergePatchSecret(context.Context, string, *Secret, string) error
+	GetSecret(context.Context, string) (*kubeapi.Secret, error)
+	UpdateSecret(context.Context, *kubeapi.Secret) error
+	CreateSecret(context.Context, *kubeapi.Secret) error
+	StrategicMergePatchSecret(context.Context, string, *kubeapi.Secret, string) error
 	JSONPatchSecret(context.Context, string, []JSONPatch) error
 	CheckSecretPermissions(context.Context, string) (bool, bool, error)
 	SetDialer(dialer func(context.Context, string, string) (net.Conn, error))
@@ -144,7 +148,7 @@ func getError(resp *http.Response) error {
 		// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#http-status-codes
 		return nil
 	}
-	st := &Status{}
+	st := &kubeapi.Status{}
 	if err := json.NewDecoder(resp.Body).Decode(st); err != nil {
 		return err
 	}
@@ -178,7 +182,7 @@ func (c *client) doRequest(ctx context.Context, method, url string, in, out any,
 	}
 	defer resp.Body.Close()
 	if err := getError(resp); err != nil {
-		if st, ok := err.(*Status); ok && st.Code == 401 {
+		if st, ok := err.(*kubeapi.Status); ok && st.Code == 401 {
 			c.expireToken()
 		}
 		return err
@@ -220,8 +224,8 @@ func (c *client) newRequest(ctx context.Context, method, url string, in any) (*h
 }
 
 // GetSecret fetches the secret from the Kubernetes API.
-func (c *client) GetSecret(ctx context.Context, name string) (*Secret, error) {
-	s := &Secret{Data: make(map[string][]byte)}
+func (c *client) GetSecret(ctx context.Context, name string) (*kubeapi.Secret, error) {
+	s := &kubeapi.Secret{Data: make(map[string][]byte)}
 	if err := c.doRequest(ctx, "GET", c.secretURL(name), nil, s); err != nil {
 		return nil, err
 	}
@@ -229,13 +233,13 @@ func (c *client) GetSecret(ctx context.Context, name string) (*Secret, error) {
 }
 
 // CreateSecret creates a secret in the Kubernetes API.
-func (c *client) CreateSecret(ctx context.Context, s *Secret) error {
+func (c *client) CreateSecret(ctx context.Context, s *kubeapi.Secret) error {
 	s.Namespace = c.ns
 	return c.doRequest(ctx, "POST", c.secretURL(""), s, nil)
 }
 
 // UpdateSecret updates a secret in the Kubernetes API.
-func (c *client) UpdateSecret(ctx context.Context, s *Secret) error {
+func (c *client) UpdateSecret(ctx context.Context, s *kubeapi.Secret) error {
 	return c.doRequest(ctx, "PUT", c.secretURL(s.Name), s, nil)
 }
 
@@ -263,7 +267,7 @@ func (c *client) JSONPatchSecret(ctx context.Context, name string, patch []JSONP
 // StrategicMergePatchSecret updates a secret in the Kubernetes API using a
 // strategic merge patch.
 // If a fieldManager is provided, it will be used to track the patch.
-func (c *client) StrategicMergePatchSecret(ctx context.Context, name string, s *Secret, fieldManager string) error {
+func (c *client) StrategicMergePatchSecret(ctx context.Context, name string, s *kubeapi.Secret, fieldManager string) error {
 	surl := c.secretURL(name)
 	if fieldManager != "" {
 		uv := url.Values{
@@ -340,7 +344,7 @@ func (c *client) checkPermission(ctx context.Context, verb, secretName string) (
 }
 
 func IsNotFoundErr(err error) bool {
-	if st, ok := err.(*Status); ok && st.Code == 404 {
+	if st, ok := err.(*kubeapi.Status); ok && st.Code == 404 {
 		return true
 	}
 	return false

kube/client/fake_client.go

@@ -1,34 +1,36 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-package kube
+package client
 
 import (
 	"context"
 	"net"
+
+	kubeapi "tailscale.com/kube/api"
 )
 
 var _ Client = &FakeClient{}
 
 type FakeClient struct {
-	GetSecretImpl              func(context.Context, string) (*Secret, error)
+	GetSecretImpl              func(context.Context, string) (*kubeapi.Secret, error)
 	CheckSecretPermissionsImpl func(ctx context.Context, name string) (bool, bool, error)
 }
 
 func (fc *FakeClient) CheckSecretPermissions(ctx context.Context, name string) (bool, bool, error) {
 	return fc.CheckSecretPermissionsImpl(ctx, name)
 }
-func (fc *FakeClient) GetSecret(ctx context.Context, name string) (*Secret, error) {
+func (fc *FakeClient) GetSecret(ctx context.Context, name string) (*kubeapi.Secret, error) {
 	return fc.GetSecretImpl(ctx, name)
 }
 func (fc *FakeClient) SetURL(_ string) {}
 func (fc *FakeClient) SetDialer(dialer func(ctx context.Context, network, addr string) (net.Conn, error)) {
 }
-func (fc *FakeClient) StrategicMergePatchSecret(context.Context, string, *Secret, string) error {
+func (fc *FakeClient) StrategicMergePatchSecret(context.Context, string, *kubeapi.Secret, string) error {
 	return nil
 }
 func (fc *FakeClient) JSONPatchSecret(context.Context, string, []JSONPatch) error {
 	return nil
 }
-func (fc *FakeClient) UpdateSecret(context.Context, *Secret) error { return nil }
-func (fc *FakeClient) CreateSecret(context.Context, *Secret) error { return nil }
+func (fc *FakeClient) UpdateSecret(context.Context, *kubeapi.Secret) error { return nil }
+func (fc *FakeClient) CreateSecret(context.Context, *kubeapi.Secret) error { return nil }

kube/types/grants.go

@@ -1,7 +1,12 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-package kube
+// Package types contains types and constants related to the Tailscale
+// Kubernetes Operator.
+// These are split into a separate package for consumption of
+// non-Kubernetes shared libraries and binaries. Be mindful of not increasing
+// dependency size for those consumers when adding anything new here.
+package types
 
 import "net/netip"
 

kube/types/metrics.go

@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-package kube
+package types
 
 const (
 	// Hostinfo App values for the Tailscale Kubernetes Operator components.