From ca74a14fa42112d89cff082e39b5472582928481 Mon Sep 17 00:00:00 2001 From: Kai Wohlfahrt Date: Wed, 3 Apr 2024 02:40:54 +0200 Subject: [PATCH 01/29] Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran --- charts/aws-vpc-cni/templates/daemonset.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 3b47d880a5..d119a37d66 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -183,6 +183,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate {{- with .Values.extraVolumes }} {{- toYaml .| nindent 6 }} {{- end }} From d40f4a14e70ddd02d6c0c2d8c6069e7fd1bd0b33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 20:22:04 -0700 Subject: [PATCH 02/29] Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 3d0ec36506..6f80824e84 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.14.0 + github.com/onsi/ginkgo/v2 v2.17.1 github.com/onsi/gomega v1.30.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 @@ -152,7 +152,7 @@ require ( golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/tools v0.17.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index 282f269429..03acf83366 100644 --- a/go.sum +++ b/go.sum @@ -337,8 +337,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -544,8 +544,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From e111beaa816616bd2d8540f2e490dc5e497174ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 07:09:44 -0700 Subject: [PATCH 03/29] Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6f80824e84..5418236c0a 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 golang.org/x/net v0.20.0 diff --git a/go.sum b/go.sum index 03acf83366..f357f6223a 100644 --- a/go.sum +++ b/go.sum @@ -406,8 +406,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -416,8 +417,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs= github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= From bccdbf7734758edb87499047c7cfa6bdfe7e7ab1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 09:18:22 -0700 Subject: [PATCH 04/29] Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 5418236c0a..dcdf9e877f 100644 --- a/go.mod +++ b/go.mod @@ -18,15 +18,15 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.48.0 + github.com/prometheus/common v0.52.2 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.20.0 - golang.org/x/sys v0.16.0 + golang.org/x/net v0.22.0 + golang.org/x/sys v0.18.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 @@ -147,7 +147,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect diff --git a/go.sum b/go.sum index f357f6223a..e73f1db12b 100644 --- a/go.sum +++ b/go.sum @@ -371,8 +371,8 @@ github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZ github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= +github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -479,8 +479,8 @@ golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -519,8 +519,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= From 2694202a8f7d0199446828cf1cdea1a3f1e7218d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:06:28 -0700 Subject: [PATCH 05/29] Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 4 ++-- go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index dcdf9e877f..8eb54d4cc6 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.14.2 + helm.sh/helm/v3 v3.14.3 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.2 k8s.io/cli-runtime v0.29.0 @@ -53,7 +53,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.11 // indirect + github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect diff --git a/go.sum b/go.sum index e73f1db12b..9e1ca52354 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -62,8 +62,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= -github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= +github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= +github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -603,8 +603,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= -helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= +helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= +helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= From e5f69985591ef29eca8e76d024f9e69c5b53bcb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:37:54 -0700 Subject: [PATCH 06/29] Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 42aa8d9b3b..8ee4de14cb 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.17.0 + golang.org/x/sys v0.18.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 9b6855bf9c..fe4c332145 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 389f5ebd62fda05776e837ad9a2dad5a8aec02cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 15:18:48 -0700 Subject: [PATCH 07/29] Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 12 ++++++------ go.sum | 25 ++++++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 8eb54d4cc6..2a91cbbf61 100644 --- a/go.mod +++ b/go.mod @@ -8,13 +8,13 @@ require ( github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 github.com/aws/aws-sdk-go v1.50.29 github.com/containernetworking/cni v1.1.2 - github.com/containernetworking/plugins v1.4.0 + github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.30.0 + github.com/onsi/gomega v1.31.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 @@ -48,7 +48,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/Microsoft/hcsshim v0.12.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -102,7 +102,7 @@ require ( github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect @@ -145,8 +145,8 @@ require ( go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect + golang.org/x/crypto v0.18.0 // indirect + golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/term v0.15.0 // indirect diff --git a/go.sum b/go.sum index 9e1ca52354..5f7a46f40e 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/hcsshim v0.12.0 h1:rbICA+XZFwrBef2Odk++0LjFvClNCJGRK+fsrP254Ts= +github.com/Microsoft/hcsshim v0.12.0/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -61,17 +61,20 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= +github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= +github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= +github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7wwSv9iTbXzzic= -github.com/containernetworking/plugins v1.4.0/go.mod h1:UYhcOyjefnrQvKvmmyEKsUA+M9Nfn7tqULPpH0Pkcj0= +github.com/containernetworking/plugins v1.4.1 h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA= +github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -255,8 +258,8 @@ github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -342,8 +345,8 @@ github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3Hig github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -464,8 +467,8 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 h1:pVgRXcIictcr+lBQIFeiwuwtDIs4eL21OuM9nyAADmo= -golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= From 883c3b2da1d108720437d5ea06db558f8ea9f119 Mon Sep 17 00:00:00 2001 From: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Date: Mon, 8 Apr 2024 12:32:49 -0700 Subject: [PATCH 08/29] remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE --- .go-version | 2 +- go.mod | 10 +++++----- go.sum | 10 ++++------ misc/certs/Dockerfile | 10 ---------- 4 files changed, 10 insertions(+), 22 deletions(-) delete mode 100644 misc/certs/Dockerfile diff --git a/.go-version b/.go-version index 428abfd24f..6245beecd3 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.8 +1.22.1 diff --git a/go.mod b/go.mod index 2a91cbbf61..e80910a18b 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.22.0 + golang.org/x/net v0.23.0 golang.org/x/sys v0.18.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 @@ -145,11 +145,11 @@ require ( go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.17.0 // indirect @@ -178,5 +178,5 @@ replace gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 => gopkg.in/yaml.v3 // Cannot be removed until all dependencies use crypto library v0.17.0 or higher replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 -// Cannot be removed until all dependencies use net library v0.17.0 or higher -replace golang.org/x/net => golang.org/x/net v0.17.0 +// Cannot be removed until all dependencies use net library v0.23.0 or higher +replace golang.org/x/net => golang.org/x/net v0.23.0 diff --git a/go.sum b/go.sum index 5f7a46f40e..a15fc2cb15 100644 --- a/go.sum +++ b/go.sum @@ -479,8 +479,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= @@ -520,18 +520,16 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= diff --git a/misc/certs/Dockerfile b/misc/certs/Dockerfile deleted file mode 100644 index 8071035c0d..0000000000 --- a/misc/certs/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM debian:latest - -RUN apt-get update && \ - apt-get install -y ca-certificates && \ - rm -rf /var/lib/apt/lists/* - -# If anyone has a better idea for how to trim undesired certs or a better ca list to use, I'm all ears -RUN cp /etc/ca-certificates.conf /tmp/caconf && cat /tmp/caconf | \ - grep -v "mozilla/CNNIC_ROOT\.crt" > /etc/ca-certificates.conf && \ - update-ca-certificates --fresh From fbad9656d3d1c5cf84d74bbacd9f2e16f0f4d6a3 Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:01:18 -0700 Subject: [PATCH 09/29] Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen --- .github/workflows/weekly-cron-tests.yaml | 5 +++-- scripts/lib/integration.sh | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index 57c3b93b9e..c12e9139d4 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -53,8 +53,9 @@ jobs: ROLE_ARN: ${{ secrets.EKS_CLUSTER_ROLE_ARN }} RUN_CNI_INTEGRATION_TESTS: false RUN_KOPS_TEST: true - K8S_VERSION: 1.29.0-alpha.3 - KOPS_VERSION: v1.29.0-alpha.3 + K8S_VERSION: 1.30.0-beta.0 + KOPS_VERSION: v1.28.4 + KOPS_RUN_TOO_NEW_VERSION: 1 run: | ./scripts/run-integration-tests.sh if: always() diff --git a/scripts/lib/integration.sh b/scripts/lib/integration.sh index f89cd4343d..7045a6aef9 100644 --- a/scripts/lib/integration.sh +++ b/scripts/lib/integration.sh @@ -13,10 +13,10 @@ function run_kops_conformance() { wget -qO- https://dl.k8s.io/v$K8S_VERSION/kubernetes-test-linux-amd64.tar.gz | tar -zxvf - --strip-components=3 -C /tmp kubernetes/test/bin/e2e.test - /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout 120m --kubeconfig=$KUBECONFIG --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ + /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout 120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" - /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --kubeconfig=$KUBECONFIG --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ + /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" echo "Kops conformance tests ran successfully!" From 244f6364dee7d69f77afd9a0fae0f3bd7bc6bbcc Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 9 Apr 2024 11:07:38 -0700 Subject: [PATCH 10/29] Update .go-version to 1.22.2 to fix CVE reports. (#2870) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 6245beecd3..8864ad2970 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.1 +1.22.2 \ No newline at end of file From deaca4b850c34ee12f706a089431ced0dbe51c44 Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Tue, 16 Apr 2024 14:38:08 -0700 Subject: [PATCH 11/29] CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen --- CHANGELOG.md | 12 ++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 4 ++-- charts/aws-vpc-cni/values.yaml | 6 +++--- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni.yaml | 16 ++++++++-------- config/master/cni-metrics-helper-cn.yaml | 6 +++--- .../master/cni-metrics-helper-us-gov-east-1.yaml | 6 +++--- .../master/cni-metrics-helper-us-gov-west-1.yaml | 6 +++--- config/master/cni-metrics-helper.yaml | 6 +++--- scripts/generate-cni-yaml.sh | 2 +- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 71 insertions(+), 59 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3ebc94bba..985dc304f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## v1.18.0 + +* Cleanup - [run make generate-limits](https://github.com/aws/amazon-vpc-cni-k8s/pull/2835) (@jaydeokar) +* Dependency - [Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible](https://github.com/aws/amazon-vpc-cni-k8s/pull/2855) (@dependabot) +* Dependency - [upgrade golang to 1.21.8](https://github.com/aws/amazon-vpc-cni-k8s/pull/2847) (@jchen6585) +* Dependency - [Bump google.golang.org/protobuf from 1.32.0 to 1.33.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2848) (@dependabot) +* Feature - [Enhance subnet selection](https://github.com/aws/amazon-vpc-cni-k8s/pull/2714) (@jchen6585) +* Improvement - [Add vpc-id to leaked eni filters](https://github.com/aws/amazon-vpc-cni-k8s/pull/2856) (@jchen6585) +* Testing - [Add missing params to authorize ingress](https://github.com/aws/amazon-vpc-cni-k8s/pull/2849) (@jchen6585) +* Testing - [Integration test suite for Custom Networking + Security Groups for Pods](https://github.com/aws/amazon-vpc-cni-k8s/pull/2818) (@jdn5126) +* Testing - [Fix coredns failing during custom networking tests](https://github.com/aws/amazon-vpc-cni-k8s/pull/2844) (@jchen6585) + ## v1.17.1 * Feature - [Send pod name/ns to nodeagent for strict mode](https://github.com/aws/amazon-vpc-cni-k8s/pull/2790) (@jayanthvn) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 474437984e..0fd2105b0a 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.17.1 -appVersion: "v1.17.1" +version: 1.18.0 +appVersion: "v1.18.0" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 914033da22..6e352119ad 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.17.1` | +| `image.tag` | Image tag | `v1.18.0` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.17.1` | +| `init.image.tag` | Image tag | `v1.18.0` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 7dcfd0716d..aa765659c5 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.17.1 + tag: v1.18.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -50,7 +50,7 @@ nodeAgent: resources: {} image: - tag: v1.17.1 + tag: v1.18.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -84,7 +84,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.17.1" + VPC_CNI_VERSION: "v1.18.0" NETWORK_POLICY_ENFORCING_MODE: "standard" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index e0a3cf0d3e..6b1a089f14 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.17.1 -appVersion: v1.17.1 +version: 1.18.0 +appVersion: v1.18.0 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 4bbf0f8b88..4e21d7fb2c 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d |------------------------------|---------------------------------------------------------------|--------------------| | fullnameOverride | Override the fullname of the chart | cni-metrics-helper | | image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.17.1 | +| image.tag | Image tag | v1.18.0 | | image.account | ECR repository account number | 602401143452 | | image.domain | ECR repository domain | amazonaws.com | | env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 919681586f..c1f6649c84 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.17.1 + tag: v1.18.0 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 7908dba145..76a4dde8a4 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.17.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.17.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index d259779f75..cc67268342 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index c4728c6b76..b89a91978e 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index f7abbe2f06..cbf6822581 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 19e4fcd060..7245e3956c 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.17.1" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 494f2d1080..60e280bcb6 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 85c40357a2..52be43f5c0 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 68a3a2f60c..67889376bf 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 5671b0b576..694d3cadf0 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,7 +8,7 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.17.1" +VPC_CNI_VERSION="v1.18.0" NODE_AGENT_VERSION="v1.1.0" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 599ec96279..d1fa40280c 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.17.1" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.0" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From cd7eb5902f5c7a0ebc008bb478843dd14440b8bd Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Wed, 17 Apr 2024 15:07:48 -0700 Subject: [PATCH 12/29] Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --- config/master/aws-k8s-cni-cn.yaml | 4 ++-- config/master/aws-k8s-cni-us-gov-east-1.yaml | 4 ++-- config/master/aws-k8s-cni-us-gov-west-1.yaml | 4 ++-- config/master/aws-k8s-cni.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 76a4dde8a4..c7d8474453 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index cc67268342..d658560d7c 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index b89a91978e..897de2e54f 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index cbf6822581..cbd168db30 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET From 19d59c1b004bfdaafcb65218658d5cf8ba4f45d8 Mon Sep 17 00:00:00 2001 From: guessi Date: Fri, 19 Apr 2024 09:59:59 +0800 Subject: [PATCH 13/29] Improve "cni-metrics-helper" setup experience (#2874) Co-authored-by: Senthil Kumaran --- charts/cni-metrics-helper/README.md | 64 ++++++++++++------- .../templates/clusterrole.yaml | 2 + .../templates/deployment.yaml | 24 ++++++- charts/cni-metrics-helper/values.yaml | 31 +++++++++ 4 files changed, 97 insertions(+), 24 deletions(-) diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 4e21d7fb2c..3326117b9f 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -12,10 +12,22 @@ This chart provides a Kubernetes deployment for the Amazon VPC CNI Metrics Helpe First add the EKS repository to Helm: ```shell -helm repo add eks https://aws.github.io/eks-charts +$ helm repo add eks https://aws.github.io/eks-charts ``` -To install the chart with the release name `cni-metrics-helper` and default configuration: +Ensure helm repository up to date + +```shell +$ helm repo update eks +``` + +To identify the version you are going to apply + +```shell +$ helm search repo eks/cni-metrics-helper --versions +``` + +To install the latest chart with the release name `cni-metrics-helper` and default configuration: ```shell $ helm install cni-metrics-helper --namespace kube-system eks/cni-metrics-helper @@ -43,26 +55,34 @@ $ helm uninstall cni-metrics-helper --namespace kube-system The following table lists the configurable parameters for this chart and their default values. -| Parameter | Description | Default | -|------------------------------|---------------------------------------------------------------|--------------------| -| fullnameOverride | Override the fullname of the chart | cni-metrics-helper | -| image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.18.0 | -| image.account | ECR repository account number | 602401143452 | -| image.domain | ECR repository domain | amazonaws.com | -| env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | -| env.USE_PROMETHEUS | Whether to export CNI metrics to Prometheus | false | -| env.AWS_CLUSTER_ID | ID of the cluster to use when exporting metrics to CloudWatch | default | -| env.AWS_VPC_K8S_CNI_LOGLEVEL | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | INFO | -| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds. | | -| | Metrics are published to CloudWatch at 2x the interval | 30 | -| serviceAccount.name | The name of the ServiceAccount to use | nil | -| serviceAccount.create | Specifies whether a ServiceAccount should be created | true | -| serviceAccount.annotations | Specifies the annotations for ServiceAccount | {} | -| podAnnotations | Specifies the annotations for pods | {} | -| revisionHistoryLimit | The number of revisions to keep | 10 | -| podSecurityContext | SecurityContext to set on the pod | {} | -| containerSecurityContext | SecurityContext to set on the container | {} | + +| Parameter | Description | Default | +| -------------------------------|---------------------------------------------------------------|-------------------------------------| +| `affinity` | Map of node/pod affinities | `{}` | +| `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | +| `image.tag` | Image tag | `v1.17.1` | +| `image.domain` | ECR repository domain | `amazonaws.com` | +| `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | +| `image.account` | ECR repository account number | `602401143452` | +| `env.USE_CLOUDWATCH` | Whether to export CNI metrics to CloudWatch | `true` | +| `env.USE_PROMETHEUS` | Whether to export CNI metrics to Prometheus | `false` | +| `env.AWS_CLUSTER_ID` | ID of the cluster to use when exporting metrics to CloudWatch | `default` | +| `env.AWS_VPC_K8S_CNI_LOGLEVEL` | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | `INFO` | +| `env.METRIC_UPDATE_INTERVAL` | Interval at which to update CloudWatch metrics, in seconds. | | +| | Metrics are published to CloudWatch at 2x the interval | `30` | +| `serviceAccount.name` | The name of the ServiceAccount to use | `nil` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Specifies the annotations for ServiceAccount | `{}` | +| `podAnnotations` | Specifies the annotations for pods | `{}` | +| `revisionHistoryLimit` | The number of revisions to keep | `10` | +| `podSecurityContext` | SecurityContext to set on the pod | `{}` | +| `containerSecurityContext` | SecurityContext to set on the container | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | +| `updateStrategy` | Optional update strategy | `{}` | +| `imagePullSecrets` | Docker registry pull secret | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/charts/cni-metrics-helper/templates/clusterrole.yaml b/charts/cni-metrics-helper/templates/clusterrole.yaml index 6f45efd8aa..901952d751 100644 --- a/charts/cni-metrics-helper/templates/clusterrole.yaml +++ b/charts/cni-metrics-helper/templates/clusterrole.yaml @@ -2,6 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "cni-metrics-helper.fullname" . }} + labels: +{{ include "cni-metrics-helper.labels" . | indent 4 }} rules: - apiGroups: [""] resources: diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index adadf2bf7d..5cb2fb1397 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -5,7 +5,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: k8s-app: cni-metrics-helper +{{ include "cni-metrics-helper.labels" . | indent 4 }} spec: +{{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} +{{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: @@ -36,6 +40,22 @@ spec: name: cni-metrics-helper image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/cni-metrics-helper:{{- .Values.image.tag }}{{- end}}" serviceAccountName: {{ template "cni-metrics-helper.serviceAccountName" . }} -{{- if .Values.podSecurityContext }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} -{{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index c1f6649c84..9179d8392c 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -36,3 +36,34 @@ podSecurityContext: {} containerSecurityContext: {} podAnnotations: {} + +imagePullSecrets: [] + +updateStrategy: {} +# type: RollingUpdate +# rollingUpdate: +# maxUnavailable: "10%" + +nodeSelector: {} + +tolerations: [] +# - operator: Exists + +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: "kubernetes.io/os" +# operator: In +# values: +# - linux +# - key: "kubernetes.io/arch" +# operator: In +# values: +# - amd64 +# - arm64 +# - key: "eks.amazonaws.com/compute-type" +# operator: NotIn +# values: +# - fargate From 1a76401185f1aa4e3a0060a8542a14972f306250 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 19 Apr 2024 16:25:34 -0700 Subject: [PATCH 14/29] Add correct labels to CNI metrics chart. (#2889) --- charts/cni-metrics-helper/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index 5cb2fb1397..192ce9e56e 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: {{- end }} {{- end }} labels: + app.kubernetes.io/name: {{ include "cni-metrics-helper.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} k8s-app: cni-metrics-helper spec: containers: From 126a0ba50ed8ee22b01603d895a079c1c9d3769c Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 19 Apr 2024 16:52:32 -0700 Subject: [PATCH 15/29] Added information on the build troubleshooting. (#2890) --- README.md | 2 +- docs/troubleshooting.md | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dccc7cf0fe..ecee7a37ef 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ See [here](./docs/iam-policy.md) for required IAM policies. * `unit-test`, `format`,`lint` and `vet` provide ways to run the respective tests/tools and should be run before submitting a PR. * `make docker` will create a docker container using `docker buildx` that contains the finished binaries, with a tag of `amazon/amazon-k8s-cni:latest` * `make docker-unit-tests` uses a docker container to run all unit tests. -* builds for all build and test actions run in docker containers based on `golang:1.21.5-6-gcc-al2` unless a different `GOLANG_IMAGE` tag is passed in. +* Builds for all build and test actions run in docker containers based on `.go-version` unless a different `GOLANG_IMAGE` tag is passed in. ## Components diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index b631b8608f..559dbb325f 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -253,3 +253,11 @@ The [CNI image](../scripts/dockerfiles/Dockerfile.release) built for the `aws-no See the [cni-metrics-helper README](../cmd/cni-metrics-helper/README.md). + +## Build Troubleshooting + +If you encouter build issues while building vpc cni, ensure you are logged into a docker registry. +For e.g. + +aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws +~ From 73c45d8d2e3b572832a9b4082c718f77d9d2ee71 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Sat, 20 Apr 2024 06:19:59 -0700 Subject: [PATCH 16/29] Remove unused code in vpc cni init and vpc cni binary. (#2891) --- cmd/aws-vpc-cni-init/main.go | 11 ----------- cmd/aws-vpc-cni/main.go | 29 ----------------------------- 2 files changed, 40 deletions(-) diff --git a/cmd/aws-vpc-cni-init/main.go b/cmd/aws-vpc-cni-init/main.go index c3c77a9189..cf29fd4eab 100644 --- a/cmd/aws-vpc-cni-init/main.go +++ b/cmd/aws-vpc-cni-init/main.go @@ -29,7 +29,6 @@ import ( const ( defaultHostCNIBinPath = "/host/opt/cni/bin" - vpcCniInitDonePath = "/vpc-cni-init/done" metadataLocalIP = "local-ipv4" metadataMAC = "mac" defaultDisableIPv4TcpEarlyDemux = false @@ -181,17 +180,7 @@ func _main() int { return 1 } - // TODO: In order to speed up pod launch time, VPC CNI init container is not a Kubernetes init container. - // The VPC CNI container blocks on the existence of vpcCniInitDonePath - //err = cp.TouchFile(vpcCniInitDonePath) - //if err != nil { - // log.WithError(err).Errorf("Failed to set VPC CNI init done") - // return 1 - //} - log.Infof("CNI init container done") - // TODO: Since VPC CNI init container is a real container, it never exits - // time.Sleep(time.Duration(1<<63 - 1)) return 0 } diff --git a/cmd/aws-vpc-cni/main.go b/cmd/aws-vpc-cni/main.go index 063d766fdd..d1e5feb042 100644 --- a/cmd/aws-vpc-cni/main.go +++ b/cmd/aws-vpc-cni/main.go @@ -42,9 +42,7 @@ import ( "os/exec" "strconv" "strings" - "time" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" "github.com/containernetworking/cni/pkg/types" @@ -188,27 +186,6 @@ func waitForIPAM() bool { } } -// Wait for vpcCniInitDonePath to exist (maximum wait time is 60 seconds) -func waitForInit() error { - start := time.Now() - maxEnd := start.Add(time.Minute) - for { - // Check for existence of vpcCniInitDonePath - if _, err := os.Stat(vpcCniInitDonePath); err == nil { - // Delete the done file in case of a reboot of the node or restart of the container (force init container to run again) - if err := os.Remove(vpcCniInitDonePath); err == nil { - return nil - } - // If file deletion fails, log and allow retry - log.Errorf("Failed to delete file: %s", vpcCniInitDonePath) - } - if time.Now().After(maxEnd) { - return errors.Errorf("time exceeded") - } - time.Sleep(1 * time.Second) - } -} - func getPrimaryIP(ipv4 bool) (string, error) { var hostIP string var err error @@ -471,12 +448,6 @@ func _main() int { return 1 } - // Wait for init container to complete - //if err := waitForInit(); err != nil { - // log.WithError(err).Errorf("Init container failed to complete") - // return 1 - //} - log.Infof("Copying config file... ") err = generateJSON(defaultAWSconflistFile, tmpAWSconflistFile, getPrimaryIP) if err != nil { From 92977ef5169506c017a90c011d48f228b8696cc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 08:34:05 -0700 Subject: [PATCH 17/29] Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent (#2898) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 8ee4de14cb..db9ac45b64 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.18.0 + golang.org/x/sys v0.19.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index fe4c332145..512fba84b6 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 06828cee09446fd9e501984727ed807254385cb8 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 7 May 2024 16:53:32 -0700 Subject: [PATCH 18/29] Filter Managed ENI. (#2895) If the SG reconcile loop runs before the ENI/IP reconcile loop it will modify the security groups as the ENI/IP reconcile hasn't had a chance to check the tags on the ENI yet. Without relying on cache, when the SG reconcile is run, it will not update the ENI with the node.k8s.amazonaws.com/no_manage: true tag --- go.mod | 3 +++ pkg/awsutils/awsutils.go | 16 ++++++++-------- pkg/awsutils/mocks/awsutils_mocks.go | 10 ++++++---- pkg/ipamd/ipamd.go | 4 ++-- pkg/ipamd/ipamd_test.go | 4 ++-- 5 files changed, 21 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index e80910a18b..53b4d6402d 100644 --- a/go.mod +++ b/go.mod @@ -180,3 +180,6 @@ replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Cannot be removed until all dependencies use net library v0.23.0 or higher replace golang.org/x/net => golang.org/x/net v0.23.0 + +// Version of go-cose v1.2.0 and v1.2.1 have been deprecated in favor v1.1.0 +replace github.com/veraison/go-cose => github.com/veraison/go-cose v1.1.0 diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index db14e34b75..f9ba346915 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -27,6 +27,8 @@ import ( "sync" "time" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" @@ -168,7 +170,7 @@ type APIs interface { IsPrimaryENI(eniID string) bool //RefreshSGIDs - RefreshSGIDs(mac string) error + RefreshSGIDs(mac string, store *datastore.DataStore) error //GetInstanceHypervisorFamily returns the hypervisor family for the instance GetInstanceHypervisorFamily() string @@ -474,7 +476,7 @@ func (cache *EC2InstanceMetadataCache) initWithEC2Metadata(ctx context.Context) } // RefreshSGIDs retrieves security groups -func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { +func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string, store *datastore.DataStore) error { ctx := context.TODO() sgIDs, err := cache.imds.GetSecurityGroupIDs(ctx, mac) @@ -501,14 +503,12 @@ func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { cache.securityGroups.Set(sgIDs) if !cache.useCustomNetworking && (addedSGsCount != 0 || deletedSGsCount != 0) { - allENIs, err := cache.GetAttachedENIs() - if err != nil { - return errors.Wrap(err, "DescribeAllENIs: failed to get local ENI metadata") - } + eniInfos := store.GetENIInfos() var eniIDs []string - for _, eni := range allENIs { - eniIDs = append(eniIDs, eni.ENIID) + + for eniID := range eniInfos.ENIs { + eniIDs = append(eniIDs, eniID) } newENIs := StringSet{} diff --git a/pkg/awsutils/mocks/awsutils_mocks.go b/pkg/awsutils/mocks/awsutils_mocks.go index 54c7ec72c5..4e71a57549 100644 --- a/pkg/awsutils/mocks/awsutils_mocks.go +++ b/pkg/awsutils/mocks/awsutils_mocks.go @@ -22,6 +22,8 @@ import ( net "net" reflect "reflect" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" vpc "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" ec2 "github.com/aws/aws-sdk-go/service/ec2" @@ -466,17 +468,17 @@ func (mr *MockAPIsMockRecorder) IsUnmanagedENI(arg0 interface{}) *gomock.Call { } // RefreshSGIDs mocks base method. -func (m *MockAPIs) RefreshSGIDs(arg0 string) error { +func (m *MockAPIs) RefreshSGIDs(mac string, store *datastore.DataStore) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "RefreshSGIDs", arg0) + ret := m.ctrl.Call(m, "RefreshSGIDs", mac, store) ret0, _ := ret[0].(error) return ret0 } // RefreshSGIDs indicates an expected call of RefreshSGIDs. -func (mr *MockAPIsMockRecorder) RefreshSGIDs(arg0 interface{}) *gomock.Call { +func (mr *MockAPIsMockRecorder) RefreshSGIDs(mac, store interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), mac, store) } // SetMultiCardENIs mocks base method. diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 648a00b104..33f75900f5 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -507,14 +507,14 @@ func (c *IPAMContext) nodeInit() error { // 1. after managed/unmanaged ENIs have been determined // 2. before any new ENIs are attached if c.enableIPv4 && !c.disableENIProvisioning { - if err := c.awsClient.RefreshSGIDs(primaryENIMac); err != nil { + if err := c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore); err != nil { return err } // Refresh security groups and VPC CIDR blocks in the background // Ignoring errors since we will retry in 30s go wait.Forever(func() { - c.awsClient.RefreshSGIDs(primaryENIMac) + c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore) }, 30*time.Second) } diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index cc5a27337a..ac5802c257 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -153,7 +153,7 @@ func TestNodeInit(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ @@ -243,7 +243,7 @@ func TestNodeInitwithPDenabledIPv4Mode(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ From 9ed4e3e33e460f779db3e409a0ab8016d48158cb Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Mon, 13 May 2024 18:28:55 -0700 Subject: [PATCH 19/29] Merge release-1.18 to master after v1.18.1 release (#2914) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen * Fix metrics readme --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> --- CHANGELOG.md | 12 ++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 6 +++--- charts/aws-vpc-cni/values.yaml | 8 ++++---- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni.yaml | 18 +++++++++--------- config/master/cni-metrics-helper-cn.yaml | 6 +++--- .../cni-metrics-helper-us-gov-east-1.yaml | 6 +++--- .../cni-metrics-helper-us-gov-west-1.yaml | 6 +++--- config/master/cni-metrics-helper.yaml | 6 +++--- scripts/generate-cni-yaml.sh | 4 ++-- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 78 insertions(+), 66 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 985dc304f1..138cd97ac5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## v1.18.1 + +* Bug - [Mount /run/xtables.lock as FileOrCreate in Helm chart](https://github.com/aws/amazon-vpc-cni-k8s/pull/2841) (@kwohlfahrt) +* Enhancement - [Update .go-version to 1.22.2 to fix CVE reports.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2870) (@orsenthil) +* Cleanup - [remove unused Dockerfile](https://github.com/aws/amazon-vpc-cni-k8s/pull/2869) (@sushrk) +* Dependency - [Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2860) (@dependabot) +* Dependency - [Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2859) (@dependabot) +* Dependency - [Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2862) (@dependabot) +* Dependency - [Bump github.com/prometheus/common from 0.48.0 to 0.52.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2866) (@dependabot) +* Dependency - [Bump github.com/stretchr/testify from 1.8.4 to 1.9.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2863) (@dependabot) +* Dependency - [Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2864) (@dependabot) + ## v1.18.0 * Cleanup - [run make generate-limits](https://github.com/aws/amazon-vpc-cni-k8s/pull/2835) (@jaydeokar) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 0fd2105b0a..326db0431b 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.0 -appVersion: "v1.18.0" +version: 1.18.1 +appVersion: "v1.18.1" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 6e352119ad..155b127f30 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.0` | +| `image.tag` | Image tag | `v1.18.1` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.0` | +| `init.image.tag` | Image tag | `v1.18.1` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.0` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.1` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index aa765659c5..1bf88b53fc 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.0 + tag: v1.18.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.1.0 + tag: v1.1.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -50,7 +50,7 @@ nodeAgent: resources: {} image: - tag: v1.18.0 + tag: v1.18.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -84,7 +84,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.0" + VPC_CNI_VERSION: "v1.18.1" NETWORK_POLICY_ENFORCING_MODE: "standard" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 6b1a089f14..5bc50145c8 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.0 -appVersion: v1.18.0 +version: 1.18.1 +appVersion: v1.18.1 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 3326117b9f..fa6b08cf37 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.17.1` | +| `image.tag` | Image tag | `v1.18.1` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 9179d8392c..26758efac1 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.0 + tag: v1.18.1 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index c7d8474453..75f1bdd95e 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index d658560d7c..19f4344e31 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 897de2e54f..4d23b6d3b6 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index cbd168db30..a251eb4951 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 7245e3956c..de49632ecd 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 60e280bcb6..07f1de7329 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 52be43f5c0..48e17af476 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 67889376bf..4263fe5e4f 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 694d3cadf0..1c515ce856 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.0" -NODE_AGENT_VERSION="v1.1.0" +VPC_CNI_VERSION="v1.18.1" +NODE_AGENT_VERSION="v1.1.1" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index d1fa40280c..20fb3d2dc1 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.0" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.1" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From 239ad1d969b95d26127eed549c4b01eb0191fa76 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 17 May 2024 16:35:44 -0700 Subject: [PATCH 20/29] Update .go-version to fix GO-2024-2824 (#2911) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 8864ad2970..89144dbc38 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.2 \ No newline at end of file +1.22.3 From 05e776675bb969b75309ebd06a38ffb01a0b9212 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 17 May 2024 17:04:08 -0700 Subject: [PATCH 21/29] Soak Test for CNI. (#2915) * Soak Test for CNI. Soak Test runs a fundamental test, like connectivity across pods launched in both primary and secondary eni interfaces. It launches pods, tests connectivity, tears them down, and repeats this process for 1 hour. The run time configurable with how long we want to run the soak test. This test helps in discoverying race condition issues, compatiblity issues with underlying AMI. * Fix for make check. --- scripts/run-soak-test.sh | 40 ++++++ test/integration/cni/soak_test.go | 199 ++++++++++++++++++++++++++++++ 2 files changed, 239 insertions(+) create mode 100755 scripts/run-soak-test.sh create mode 100644 test/integration/cni/soak_test.go diff --git a/scripts/run-soak-test.sh b/scripts/run-soak-test.sh new file mode 100755 index 0000000000..f09f561dff --- /dev/null +++ b/scripts/run-soak-test.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# The script runs amazon-vpc-cni static canary tests +# The tests in this suite are designed to exercise AZ failure scenarios. + +set -e + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" +# TEST_IMAGE_REGISTRY is the registry in test-infra-* accounts where e2e test images are stored +TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} + +# If $ENDPOINT is set, as in it is for beta clusters then $ENDPOINT_OPTION, +# defined in lib/cluster.sh will add --eks-endpoint=$ENDPOINT to the ginkgo +# test command + +source "$SCRIPT_DIR"/lib/cluster.sh +source "$SCRIPT_DIR"/lib/canary.sh + +function run_ginkgo_test() { + local focus=$1 + echo "Running ginkgo tests with focus: $focus" + + (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 3h --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- \ + --cluster-kubeconfig="$KUBE_CONFIG_PATH" \ + --cluster-name="$CLUSTER_NAME" \ + --aws-region="$REGION" \ + --aws-vpc-id="$VPC_ID" \ + --ng-name-label-key="kubernetes.io/os" \ + --ng-name-label-val="linux" \ + --test-image-registry=$TEST_IMAGE_REGISTRY \ + --publish-cw-metrics=true \ + $ENDPOINT_OPTION) +} + +load_cluster_details + +run_ginkgo_test "SOAK_TEST" + +echo "all tests ran successfully in $(($SECONDS / 60)) minutes and $(($SECONDS % 60)) seconds" diff --git a/test/integration/cni/soak_test.go b/test/integration/cni/soak_test.go new file mode 100644 index 0000000000..8819a8b5ce --- /dev/null +++ b/test/integration/cni/soak_test.go @@ -0,0 +1,199 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package cni + +import ( + "fmt" + "strconv" + "time" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" + "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" + "github.com/aws/aws-sdk-go/service/ec2" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + coreV1 "k8s.io/api/core/v1" +) + +// Ensures Pods are launched on both Primary and Secondary Network Interfaces on two nodes. +// and the test verifies network connectivity across pods launched on these interfaces. + +// The total test will take 1 hour of constantly exercising pod launch on primary and secondary interfaces. +// running connectivity tests, and deleting the pods, and repeating the process. + +var _ = Describe("SOAK Test pod networking", Ordered, func() { + + var ( + err error + serverListenCmd []string + serverListenCmdArgs []string + testConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testFailedConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testerExpectedStdOut string + testerExpectedStdErr string + serverPort int + protocol string + primaryNodeDeployment *v1.Deployment + secondaryNodeDeployment *v1.Deployment + interfaceToPodListOnPrimaryNode common.InterfaceTypeToPodList + interfaceToPodListOnSecondaryNode common.InterfaceTypeToPodList + timesToRunTheTest = 12 + waitDuringInMinutes = time.Duration(5) * time.Minute + ) + + BeforeAll(func() { + fmt.Println("Starting SOAK test") + + protocol = ec2.ProtocolTcp + serverPort = 2273 + + By("Authorize Security Group Ingress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Authorize Security Group Egress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + }) + + AfterAll(func() { + fmt.Println("Cleaning SOAK test") + + By("Revoke Security Group Ingress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Revoke Security Group Egress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + + By("SOAK test completed") + }) + + Context("[SOAK_TEST] Establish TCP connection from tester to server on both Primary and Secondary ENI", func() { + BeforeEach(func() { + serverListenCmd = []string{"nc"} + // The nc flag "-l" for listen mode, "-k" to keep server up and not close connection after each connection + serverListenCmdArgs = []string{"-k", "-l", strconv.Itoa(serverPort)} + + // netcat verbose output is being redirected to stderr instead of stdout + // The nc flag "-v" for verbose output and "-wn" for timing out in n seconds + testConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port)} + } + + // Create a negative test case with the wrong port number. This is to reinforce the + // positive test case work by verifying negative cases do throw error + testFailedConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port + 1)} + } + + serverContainer := manifest. + NewNetCatAlpineContainer(f.Options.TestImageRegistry). + Command(serverListenCmd). + Args(serverListenCmdArgs). + Build() + + By("Creating Pods on Primary and Secondary ENI on Primary and Secondary Node") + primaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(primaryNode.Name). + PodLabel("node", "primary"). + Name("primary-node-server"). + Build() + + primaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(primaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnPrimaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(primaryNode, "node", "primary", f) + + // At least two Pods should be placed on the Primary and Secondary Interface + // on the Primary and Secondary Node in order to test all possible scenarios + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + + secondaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(secondaryNode.Name). + PodLabel("node", "secondary"). + Name("secondary-node-server"). + Build() + + secondaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(secondaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnSecondaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(secondaryNode, "node", "secondary", f) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + }) + + AfterEach(func() { + By("TearDown Pods") + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(primaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(secondaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + }) + + for i := 0; i < timesToRunTheTest; i++ { + It("assert connectivity across nodes and across interface types", func() { + + testerExpectedStdErr = "succeeded!" + testerExpectedStdOut = "" + + CheckConnectivityForMultiplePodPlacement( + interfaceToPodListOnPrimaryNode, interfaceToPodListOnSecondaryNode, + serverPort, testerExpectedStdOut, testerExpectedStdErr, testConnectionCommandFunc) + + By("verifying connection fails for unreachable port") + + VerifyConnectivityFailsForNegativeCase(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[0], + interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[1], serverPort, + testFailedConnectionCommandFunc) + + time.Sleep(waitDuringInMinutes) + }) + } + }) +}) From 3daa258714406f9d321d9c1c379bb533268d6615 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 17:48:04 -0700 Subject: [PATCH 22/29] Bump github.com/aws/amazon-vpc-resource-controller-k8s (#2910) Bumps [github.com/aws/amazon-vpc-resource-controller-k8s](https://github.com/aws/amazon-vpc-resource-controller-k8s) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/aws/amazon-vpc-resource-controller-k8s/releases) - [Commits](https://github.com/aws/amazon-vpc-resource-controller-k8s/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: github.com/aws/amazon-vpc-resource-controller-k8s dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 34 ++++++++++++++--------------- go.sum | 67 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 51 insertions(+), 50 deletions(-) diff --git a/go.mod b/go.mod index 53b4d6402d..2a203b9655 100644 --- a/go.mod +++ b/go.mod @@ -5,37 +5,37 @@ go 1.21 require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b - github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 - github.com/aws/aws-sdk-go v1.50.29 + github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 + github.com/aws/aws-sdk-go v1.51.32 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.31.1 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.52.2 + github.com/prometheus/common v0.53.0 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.23.0 - golang.org/x/sys v0.18.0 + golang.org/x/net v0.24.0 + golang.org/x/sys v0.19.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.0 - k8s.io/apimachinery v0.29.2 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.29.0 + k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 ) @@ -78,15 +78,15 @@ require ( github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -148,11 +148,11 @@ require ( golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index a15fc2cb15..eaab04160b 100644 --- a/go.sum +++ b/go.sum @@ -35,10 +35,10 @@ github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b h1:xCQo9O4BIwuLhrQAqamsvhfgjBiSOo83uDMMSivRsnw= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 h1:43uJXFNTjk5Gzi2Qpqk30ycaaE7DOVvBDKi35wzsrsQ= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1/go.mod h1:tXPJP0SFdkVa7ALghDjThtavyYnP0MKO8V0ZHlDNCU8= -github.com/aws/aws-sdk-go v1.50.29 h1:Ol2FYzesF2tsQrgVSnDWRFI60+FsSqKKdt7MLlZKubc= -github.com/aws/aws-sdk-go v1.50.29/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= +github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= +github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -153,8 +153,8 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -184,8 +184,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -206,8 +206,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -340,13 +340,13 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -374,8 +374,8 @@ github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZ github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= -github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -415,7 +415,6 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -477,8 +476,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -493,8 +492,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -521,19 +520,21 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -546,8 +547,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -608,18 +609,18 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= From 4c1b1625970729a40722412c04aa99f8f20ea0de Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Mon, 20 May 2024 14:25:48 -0700 Subject: [PATCH 23/29] Update ENI Limits. (#2920) --- misc/eni-max-pods.txt | 36 ++-- pkg/vpc/vpc_ip_resource_limit.go | 284 +++++++++++++++++++++++++++---- 2 files changed, 280 insertions(+), 40 deletions(-) diff --git a/misc/eni-max-pods.txt b/misc/eni-max-pods.txt index 3cc4aa10db..2ce0e5884d 100644 --- a/misc/eni-max-pods.txt +++ b/misc/eni-max-pods.txt @@ -161,11 +161,11 @@ c6in.12xlarge 234 c6in.16xlarge 737 c6in.24xlarge 737 c6in.2xlarge 58 -c6in.32xlarge 345 +c6in.32xlarge 394 c6in.4xlarge 234 c6in.8xlarge 234 c6in.large 29 -c6in.metal 345 +c6in.metal 394 c6in.xlarge 58 c7a.12xlarge 234 c7a.16xlarge 737 @@ -204,7 +204,13 @@ c7gn.4xlarge 234 c7gn.8xlarge 234 c7gn.large 29 c7gn.medium 8 +c7gn.metal 737 c7gn.xlarge 58 +c7i-flex.2xlarge 58 +c7i-flex.4xlarge 234 +c7i-flex.8xlarge 234 +c7i-flex.large 29 +c7i-flex.xlarge 58 c7i.12xlarge 234 c7i.16xlarge 737 c7i.24xlarge 737 @@ -266,6 +272,16 @@ g5g.4xlarge 234 g5g.8xlarge 234 g5g.metal 737 g5g.xlarge 58 +g6.12xlarge 234 +g6.16xlarge 737 +g6.24xlarge 737 +g6.2xlarge 58 +g6.48xlarge 737 +g6.4xlarge 234 +g6.8xlarge 234 +g6.xlarge 58 +gr6.4xlarge 234 +gr6.8xlarge 234 h1.16xlarge 394 h1.2xlarge 58 h1.4xlarge 234 @@ -464,21 +480,21 @@ m6idn.12xlarge 234 m6idn.16xlarge 737 m6idn.24xlarge 737 m6idn.2xlarge 58 -m6idn.32xlarge 345 +m6idn.32xlarge 394 m6idn.4xlarge 234 m6idn.8xlarge 234 m6idn.large 29 -m6idn.metal 345 +m6idn.metal 394 m6idn.xlarge 58 m6in.12xlarge 234 m6in.16xlarge 737 m6in.24xlarge 737 m6in.2xlarge 58 -m6in.32xlarge 345 +m6in.32xlarge 394 m6in.4xlarge 234 m6in.8xlarge 234 m6in.large 29 -m6in.metal 345 +m6in.metal 394 m6in.xlarge 58 m7a.12xlarge 234 m7a.16xlarge 737 @@ -665,21 +681,21 @@ r6idn.12xlarge 234 r6idn.16xlarge 737 r6idn.24xlarge 737 r6idn.2xlarge 58 -r6idn.32xlarge 345 +r6idn.32xlarge 394 r6idn.4xlarge 234 r6idn.8xlarge 234 r6idn.large 29 -r6idn.metal 345 +r6idn.metal 394 r6idn.xlarge 58 r6in.12xlarge 234 r6in.16xlarge 737 r6in.24xlarge 737 r6in.2xlarge 58 -r6in.32xlarge 345 +r6in.32xlarge 394 r6in.4xlarge 234 r6in.8xlarge 234 r6in.large 29 -r6in.metal 345 +r6in.metal 394 r6in.xlarge 58 r7a.12xlarge 234 r7a.16xlarge 737 diff --git a/pkg/vpc/vpc_ip_resource_limit.go b/pkg/vpc/vpc_ip_resource_limit.go index 77a4943de5..efb6a8b77d 100644 --- a/pkg/vpc/vpc_ip_resource_limit.go +++ b/pkg/vpc/vpc_ip_resource_limit.go @@ -1744,17 +1744,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -1805,17 +1805,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -2350,6 +2350,20 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7gn.metal": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, "c7gn.xlarge": { ENILimit: 4, IPv4Limit: 15, @@ -2364,6 +2378,76 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7i-flex.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.large": { + ENILimit: 3, + IPv4Limit: 10, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 3, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "c7i.12xlarge": { ENILimit: 8, IPv4Limit: 30, @@ -3228,6 +3312,146 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "g6.12xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.16xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.48xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "h1.16xlarge": { ENILimit: 8, IPv4Limit: 50, @@ -6021,17 +6245,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6082,17 +6306,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6171,17 +6395,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6232,17 +6456,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9020,17 +9244,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9081,17 +9305,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9170,17 +9394,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9231,17 +9455,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, From 7eb07e9224600f473cfb43367766c99fec0dedde Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 21 May 2024 16:50:49 -0700 Subject: [PATCH 24/29] Skip Soak Test while running other tests. (#2922) --- scripts/run-cni-release-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 20fb3d2dc1..309410be11 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -33,7 +33,7 @@ function run_integration_test() { echo "Running cni integration tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=soak_test.go -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then From 5d0e6e212d533467ed9c7479a94635decaeff4aa Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 23 May 2024 10:45:03 -0700 Subject: [PATCH 25/29] Update golang to go1.22.3 (#2924) --- .github/workflows/integration-tests.yaml | 2 +- .github/workflows/nightly-cron-tests.yaml | 2 +- .github/workflows/pr-automated-tests.yaml | 4 +- .github/workflows/pr-manual-tests.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/weekly-cron-tests.yaml | 2 +- go.mod | 2 +- pkg/ipamd/ipamd_test.go | 77 +++++++++++++---------- test/agent/go.mod | 2 +- 9 files changed, 53 insertions(+), 42 deletions(-) diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index a284243c55..ba50c6d0b0 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/nightly-cron-tests.yaml b/.github/workflows/nightly-cron-tests.yaml index 095d8e94ac..0ac5f6b668 100644 --- a/.github/workflows/nightly-cron-tests.yaml +++ b/.github/workflows/nightly-cron-tests.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/pr-automated-tests.yaml b/.github/workflows/pr-automated-tests.yaml index a3fe113a3b..c34827f3c9 100644 --- a/.github/workflows/pr-automated-tests.yaml +++ b/.github/workflows/pr-automated-tests.yaml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | go install golang.org/x/lint/golint@latest @@ -50,7 +50,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Build CNI images run: make multi-arch-cni-build - name: Build CNI Init images diff --git a/.github/workflows/pr-manual-tests.yaml b/.github/workflows/pr-manual-tests.yaml index c50994a46e..0f84bbd6f6 100644 --- a/.github/workflows/pr-manual-tests.yaml +++ b/.github/workflows/pr-manual-tests.yaml @@ -29,7 +29,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d449df4213..93350c60e3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Generate CNI YAML run: make generate-cni-yaml - name: Create eks-charts PR diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index c12e9139d4..505526b46e 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/go.mod b/go.mod index 2a203b9655..16717c2606 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s -go 1.21 +go 1.22.3 require ( github.com/apparentlymart/go-cidr v1.1.0 diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index ac5802c257..7dc6133a34 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -1397,8 +1397,6 @@ func datastoreWith3PodsFromPrefix() *datastore.DataStore { } func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { - ctrl := gomock.NewController(t) - eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} primaryENIonly := []awsutils.ENIMetadata{eni1} @@ -1417,26 +1415,29 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(5).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, nil}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil}, + {"No tags at all", nil, allENIs, allENIs, nil, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil, 0, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: true} @@ -1447,6 +1448,10 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { sort.Strings(args) assert.Equal(t, tt.unmanagedenis, args) }).AnyTimes() + + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + c.setUnmanagedENIs(tt.tagMap) mockAWSUtils.EXPECT().IsUnmanagedENI(gomock.Any()).DoAndReturn( @@ -1479,7 +1484,6 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { } func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) { - ctrl := gomock.NewController(t) eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} @@ -1499,30 +1503,37 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(6).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, + {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: false} + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + mockAWSUtils. EXPECT(). SetUnmanagedENIs(gomock.Any()). diff --git a/test/agent/go.mod b/test/agent/go.mod index db9ac45b64..81506d3f38 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent -go 1.21 +go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 From 5fb502054c50bde5f4d5c8b45b514020a1d77c9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 14:27:01 -0700 Subject: [PATCH 26/29] Bump k8s.io/api from 0.29.3 to 0.30.1 (#2918) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.1. - [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 17 ++++++++--------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 16717c2606..4b46727ffb 100644 --- a/go.mod +++ b/go.mod @@ -32,8 +32,8 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/cli-runtime v0.29.0 k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 @@ -161,8 +161,8 @@ require ( k8s.io/apiextensions-apiserver v0.29.0 // indirect k8s.io/apiserver v0.29.0 // indirect k8s.io/component-base v0.29.0 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.29.0 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect oras.land/oras-go v1.2.4 // indirect diff --git a/go.sum b/go.sum index eaab04160b..838d93b1a7 100644 --- a/go.sum +++ b/go.sum @@ -136,7 +136,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -609,12 +608,12 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= @@ -623,10 +622,10 @@ k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= From d0590be166461bffec2143421a80251b36c33455 Mon Sep 17 00:00:00 2001 From: Liptan Biswas Date: Sat, 25 May 2024 08:35:22 +0530 Subject: [PATCH 27/29] Switch to counter for awscni_no_available_ip_addresses (#2919) Co-authored-by: Liptan Biswas Co-authored-by: Senthil Kumaran --- utils/prometheusmetrics/prometheusmetrics.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/prometheusmetrics/prometheusmetrics.go b/utils/prometheusmetrics/prometheusmetrics.go index edcdacda86..fadda0a094 100644 --- a/utils/prometheusmetrics/prometheusmetrics.go +++ b/utils/prometheusmetrics/prometheusmetrics.go @@ -159,8 +159,8 @@ var ( }, []string{"cidr"}, ) - NoAvailableIPAddrs = prometheus.NewGauge( - prometheus.GaugeOpts{ + NoAvailableIPAddrs = prometheus.NewCounter( + prometheus.CounterOpts{ Name: "awscni_no_available_ip_addresses", Help: "The number of pod IP assignments that fail due to no available IP addresses", }, From a477f124bee53f8153f8cbec6084274354428429 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 28 May 2024 09:39:16 -0700 Subject: [PATCH 28/29] Expose network policy log file location to be configured using helm (#2925) * Expose network policy log file location to be configured using helm chart values. * Updated log file location name. --- charts/aws-vpc-cni/templates/daemonset.yaml | 1 + charts/aws-vpc-cni/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index d119a37d66..07eb1797f7 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -134,6 +134,7 @@ spec: - --enable-network-policy={{ .Values.enableNetworkPolicy }} - --enable-cloudwatch-logs={{ .Values.nodeAgent.enableCloudWatchLogs }} - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }} + - --log-file={{ .Values.nodeAgent.networkPolicyAgentLogFileLocation }} - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }} - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }} - --conntrack-cache-cleanup-period={{ .Values.nodeAgent.conntrackCacheCleanupPeriod }} diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 1bf88b53fc..a984109d31 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -43,6 +43,7 @@ nodeAgent: privileged: true enableCloudWatchLogs: "false" enablePolicyEventLogs: "false" + networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log" enableIpv6: "false" metricsBindAddr: "8162" healthProbeBindAddr: "8163" From 1b9fe03f7452e330def2b60d785cdfb9645591b0 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 28 May 2024 12:38:29 -0700 Subject: [PATCH 29/29] Merge release branch release_1.18 (#2929) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com>