Skip to content

Commit

Permalink
Merge pull request #16440 from aauren/kube-router_v2.X
Browse files Browse the repository at this point in the history 
Update kube-router to v2.1.0
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Apr 1, 2024
2 parents f3b2159 + 821ab18 commit 393aac4
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 4 deletions.
10 changes: 10 additions & 0 deletions pkg/model/iam/iam_builder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,6 +468,10 @@ func (r *NodeRoleNode) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
addCalicoSrcDstCheckPermissions(p)
}

if b.Cluster.Spec.Networking.KubeRouter != nil {
addKubeRouterSrcDstCheckPermissions(p)
}

return p, nil
}

Expand Down Expand Up @@ -769,6 +773,12 @@ func addCalicoSrcDstCheckPermissions(p *Policy) {
)
}

func addKubeRouterSrcDstCheckPermissions(p *Policy) {
p.unconditionalAction.Insert(
"ec2:ModifyInstanceAttribute",
)
}

func (b *PolicyBuilder) addNodeupPermissions(p *Policy, enableHookSupport bool) {
addCertIAMPolicies(p)
addKMSGenerateRandomPolicies(p)
Expand Down
4 changes: 1 addition & 3 deletions tests/e2e/pkg/tester/skip_regex.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,7 @@ func (t *Tester) setSkipRegexFlag() error {
skipRegex += "|should.create.a.Pod.with.SCTP.HostPort"
}
} else if networking.KubeRouter != nil {
skipRegex += "|load-balancer|hairpin|service\\.kubernetes\\.io|CLOSE_WAIT"
skipRegex += "|EndpointSlice.should.support.a.Service.with.multiple"
skipRegex += "|internalTrafficPolicy|externallTrafficPolicy|only.terminating.endpoints"
skipRegex += "|should set TCP CLOSE_WAIT timeout|should check kube-proxy urls"
} else if networking.Kubenet != nil {
skipRegex += "|Services.*affinity"
}
Expand Down
44 changes: 43 additions & 1 deletion upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,25 @@ spec:
serviceAccountName: kube-router
containers:
- name: kube-router
image: docker.io/cloudnativelabs/kube-router:v1.6.0
image: docker.io/cloudnativelabs/kube-router:v2.1.0
args:
- --run-router=true
- --run-firewall=true
- --run-service-proxy=true
- --bgp-graceful-restart=true
- --kubeconfig=/var/lib/kube-router/kubeconfig
- --metrics-port=12013
- --runtime-endpoint=unix:///run/containerd/containerd.sock
- --hairpin-mode=true
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KUBE_ROUTER_CNI_CONF_FILE
value: /etc/cni/net.d/10-kuberouter.conflist
livenessProbe:
Expand All @@ -101,6 +107,12 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: rt-tables
mountPath: /etc/iproute2/rt_tables
readOnly: false
- name: containerd-sock
mountPath: /run/containerd/containerd.sock
readOnly: true
initContainers:
- name: install-cni
image: docker.io/cloudnativelabs/kube-router:v1.6.0
Expand All @@ -122,6 +134,7 @@ spec:
- mountPath: /etc/kube-router
name: kube-router-cfg
hostNetwork: true
hostPID: true
tolerations:
- operator: Exists
volumes:
Expand All @@ -141,6 +154,13 @@ spec:
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: rt-tables
hostPath:
path: /etc/iproute2/rt_tables
type: FileOrCreate
- name: containerd-sock
hostPath:
path: /run/containerd/containerd.sock
---
apiVersion: v1
kind: ServiceAccount
Expand Down Expand Up @@ -181,6 +201,28 @@ rules:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- update
- apiGroups:
- "discovery.k8s.io"
resources:
- endpointslices
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down

0 comments on commit 393aac4

Please sign in to comment.