From ca74a14fa42112d89cff082e39b5472582928481 Mon Sep 17 00:00:00 2001 From: Kai Wohlfahrt Date: Wed, 3 Apr 2024 02:40:54 +0200 Subject: [PATCH 01/83] Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran --- charts/aws-vpc-cni/templates/daemonset.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 3b47d880a5..d119a37d66 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -183,6 +183,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate {{- with .Values.extraVolumes }} {{- toYaml .| nindent 6 }} {{- end }} From d40f4a14e70ddd02d6c0c2d8c6069e7fd1bd0b33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 20:22:04 -0700 Subject: [PATCH 02/83] Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 3d0ec36506..6f80824e84 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.14.0 + github.com/onsi/ginkgo/v2 v2.17.1 github.com/onsi/gomega v1.30.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 @@ -152,7 +152,7 @@ require ( golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/tools v0.17.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index 282f269429..03acf83366 100644 --- a/go.sum +++ b/go.sum @@ -337,8 +337,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -544,8 +544,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From e111beaa816616bd2d8540f2e490dc5e497174ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 07:09:44 -0700 Subject: [PATCH 03/83] Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6f80824e84..5418236c0a 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 golang.org/x/net v0.20.0 diff --git a/go.sum b/go.sum index 03acf83366..f357f6223a 100644 --- a/go.sum +++ b/go.sum @@ -406,8 +406,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -416,8 +417,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs= github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= From bccdbf7734758edb87499047c7cfa6bdfe7e7ab1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 09:18:22 -0700 Subject: [PATCH 04/83] Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 5418236c0a..dcdf9e877f 100644 --- a/go.mod +++ b/go.mod @@ -18,15 +18,15 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.48.0 + github.com/prometheus/common v0.52.2 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.20.0 - golang.org/x/sys v0.16.0 + golang.org/x/net v0.22.0 + golang.org/x/sys v0.18.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 @@ -147,7 +147,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect diff --git a/go.sum b/go.sum index f357f6223a..e73f1db12b 100644 --- a/go.sum +++ b/go.sum @@ -371,8 +371,8 @@ github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZ github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= +github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -479,8 +479,8 @@ golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -519,8 +519,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= From 2694202a8f7d0199446828cf1cdea1a3f1e7218d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:06:28 -0700 Subject: [PATCH 05/83] Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 4 ++-- go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index dcdf9e877f..8eb54d4cc6 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.14.2 + helm.sh/helm/v3 v3.14.3 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.2 k8s.io/cli-runtime v0.29.0 @@ -53,7 +53,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.11 // indirect + github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect diff --git a/go.sum b/go.sum index e73f1db12b..9e1ca52354 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -62,8 +62,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= -github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= +github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= +github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -603,8 +603,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= -helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= +helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= +helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= From e5f69985591ef29eca8e76d024f9e69c5b53bcb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:37:54 -0700 Subject: [PATCH 06/83] Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 42aa8d9b3b..8ee4de14cb 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.17.0 + golang.org/x/sys v0.18.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 9b6855bf9c..fe4c332145 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 389f5ebd62fda05776e837ad9a2dad5a8aec02cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 15:18:48 -0700 Subject: [PATCH 07/83] Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 12 ++++++------ go.sum | 25 ++++++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 8eb54d4cc6..2a91cbbf61 100644 --- a/go.mod +++ b/go.mod @@ -8,13 +8,13 @@ require ( github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 github.com/aws/aws-sdk-go v1.50.29 github.com/containernetworking/cni v1.1.2 - github.com/containernetworking/plugins v1.4.0 + github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.30.0 + github.com/onsi/gomega v1.31.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 @@ -48,7 +48,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/Microsoft/hcsshim v0.12.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -102,7 +102,7 @@ require ( github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect @@ -145,8 +145,8 @@ require ( go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect + golang.org/x/crypto v0.18.0 // indirect + golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/term v0.15.0 // indirect diff --git a/go.sum b/go.sum index 9e1ca52354..5f7a46f40e 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/hcsshim v0.12.0 h1:rbICA+XZFwrBef2Odk++0LjFvClNCJGRK+fsrP254Ts= +github.com/Microsoft/hcsshim v0.12.0/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -61,17 +61,20 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= +github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= +github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= +github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7wwSv9iTbXzzic= -github.com/containernetworking/plugins v1.4.0/go.mod h1:UYhcOyjefnrQvKvmmyEKsUA+M9Nfn7tqULPpH0Pkcj0= +github.com/containernetworking/plugins v1.4.1 h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA= +github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -255,8 +258,8 @@ github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -342,8 +345,8 @@ github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3Hig github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -464,8 +467,8 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 h1:pVgRXcIictcr+lBQIFeiwuwtDIs4eL21OuM9nyAADmo= -golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= From 883c3b2da1d108720437d5ea06db558f8ea9f119 Mon Sep 17 00:00:00 2001 From: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Date: Mon, 8 Apr 2024 12:32:49 -0700 Subject: [PATCH 08/83] remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE --- .go-version | 2 +- go.mod | 10 +++++----- go.sum | 10 ++++------ misc/certs/Dockerfile | 10 ---------- 4 files changed, 10 insertions(+), 22 deletions(-) delete mode 100644 misc/certs/Dockerfile diff --git a/.go-version b/.go-version index 428abfd24f..6245beecd3 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.8 +1.22.1 diff --git a/go.mod b/go.mod index 2a91cbbf61..e80910a18b 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.22.0 + golang.org/x/net v0.23.0 golang.org/x/sys v0.18.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 @@ -145,11 +145,11 @@ require ( go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.17.0 // indirect @@ -178,5 +178,5 @@ replace gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 => gopkg.in/yaml.v3 // Cannot be removed until all dependencies use crypto library v0.17.0 or higher replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 -// Cannot be removed until all dependencies use net library v0.17.0 or higher -replace golang.org/x/net => golang.org/x/net v0.17.0 +// Cannot be removed until all dependencies use net library v0.23.0 or higher +replace golang.org/x/net => golang.org/x/net v0.23.0 diff --git a/go.sum b/go.sum index 5f7a46f40e..a15fc2cb15 100644 --- a/go.sum +++ b/go.sum @@ -479,8 +479,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= @@ -520,18 +520,16 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= diff --git a/misc/certs/Dockerfile b/misc/certs/Dockerfile deleted file mode 100644 index 8071035c0d..0000000000 --- a/misc/certs/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM debian:latest - -RUN apt-get update && \ - apt-get install -y ca-certificates && \ - rm -rf /var/lib/apt/lists/* - -# If anyone has a better idea for how to trim undesired certs or a better ca list to use, I'm all ears -RUN cp /etc/ca-certificates.conf /tmp/caconf && cat /tmp/caconf | \ - grep -v "mozilla/CNNIC_ROOT\.crt" > /etc/ca-certificates.conf && \ - update-ca-certificates --fresh From fbad9656d3d1c5cf84d74bbacd9f2e16f0f4d6a3 Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:01:18 -0700 Subject: [PATCH 09/83] Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen --- .github/workflows/weekly-cron-tests.yaml | 5 +++-- scripts/lib/integration.sh | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index 57c3b93b9e..c12e9139d4 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -53,8 +53,9 @@ jobs: ROLE_ARN: ${{ secrets.EKS_CLUSTER_ROLE_ARN }} RUN_CNI_INTEGRATION_TESTS: false RUN_KOPS_TEST: true - K8S_VERSION: 1.29.0-alpha.3 - KOPS_VERSION: v1.29.0-alpha.3 + K8S_VERSION: 1.30.0-beta.0 + KOPS_VERSION: v1.28.4 + KOPS_RUN_TOO_NEW_VERSION: 1 run: | ./scripts/run-integration-tests.sh if: always() diff --git a/scripts/lib/integration.sh b/scripts/lib/integration.sh index f89cd4343d..7045a6aef9 100644 --- a/scripts/lib/integration.sh +++ b/scripts/lib/integration.sh @@ -13,10 +13,10 @@ function run_kops_conformance() { wget -qO- https://dl.k8s.io/v$K8S_VERSION/kubernetes-test-linux-amd64.tar.gz | tar -zxvf - --strip-components=3 -C /tmp kubernetes/test/bin/e2e.test - /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout 120m --kubeconfig=$KUBECONFIG --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ + /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout 120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" - /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --kubeconfig=$KUBECONFIG --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ + /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" echo "Kops conformance tests ran successfully!" From 244f6364dee7d69f77afd9a0fae0f3bd7bc6bbcc Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 9 Apr 2024 11:07:38 -0700 Subject: [PATCH 10/83] Update .go-version to 1.22.2 to fix CVE reports. (#2870) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 6245beecd3..8864ad2970 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.1 +1.22.2 \ No newline at end of file From deaca4b850c34ee12f706a089431ced0dbe51c44 Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Tue, 16 Apr 2024 14:38:08 -0700 Subject: [PATCH 11/83] CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen --- CHANGELOG.md | 12 ++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 4 ++-- charts/aws-vpc-cni/values.yaml | 6 +++--- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni.yaml | 16 ++++++++-------- config/master/cni-metrics-helper-cn.yaml | 6 +++--- .../master/cni-metrics-helper-us-gov-east-1.yaml | 6 +++--- .../master/cni-metrics-helper-us-gov-west-1.yaml | 6 +++--- config/master/cni-metrics-helper.yaml | 6 +++--- scripts/generate-cni-yaml.sh | 2 +- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 71 insertions(+), 59 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3ebc94bba..985dc304f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## v1.18.0 + +* Cleanup - [run make generate-limits](https://github.com/aws/amazon-vpc-cni-k8s/pull/2835) (@jaydeokar) +* Dependency - [Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible](https://github.com/aws/amazon-vpc-cni-k8s/pull/2855) (@dependabot) +* Dependency - [upgrade golang to 1.21.8](https://github.com/aws/amazon-vpc-cni-k8s/pull/2847) (@jchen6585) +* Dependency - [Bump google.golang.org/protobuf from 1.32.0 to 1.33.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2848) (@dependabot) +* Feature - [Enhance subnet selection](https://github.com/aws/amazon-vpc-cni-k8s/pull/2714) (@jchen6585) +* Improvement - [Add vpc-id to leaked eni filters](https://github.com/aws/amazon-vpc-cni-k8s/pull/2856) (@jchen6585) +* Testing - [Add missing params to authorize ingress](https://github.com/aws/amazon-vpc-cni-k8s/pull/2849) (@jchen6585) +* Testing - [Integration test suite for Custom Networking + Security Groups for Pods](https://github.com/aws/amazon-vpc-cni-k8s/pull/2818) (@jdn5126) +* Testing - [Fix coredns failing during custom networking tests](https://github.com/aws/amazon-vpc-cni-k8s/pull/2844) (@jchen6585) + ## v1.17.1 * Feature - [Send pod name/ns to nodeagent for strict mode](https://github.com/aws/amazon-vpc-cni-k8s/pull/2790) (@jayanthvn) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 474437984e..0fd2105b0a 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.17.1 -appVersion: "v1.17.1" +version: 1.18.0 +appVersion: "v1.18.0" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 914033da22..6e352119ad 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.17.1` | +| `image.tag` | Image tag | `v1.18.0` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.17.1` | +| `init.image.tag` | Image tag | `v1.18.0` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 7dcfd0716d..aa765659c5 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.17.1 + tag: v1.18.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -50,7 +50,7 @@ nodeAgent: resources: {} image: - tag: v1.17.1 + tag: v1.18.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -84,7 +84,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.17.1" + VPC_CNI_VERSION: "v1.18.0" NETWORK_POLICY_ENFORCING_MODE: "standard" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index e0a3cf0d3e..6b1a089f14 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.17.1 -appVersion: v1.17.1 +version: 1.18.0 +appVersion: v1.18.0 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 4bbf0f8b88..4e21d7fb2c 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d |------------------------------|---------------------------------------------------------------|--------------------| | fullnameOverride | Override the fullname of the chart | cni-metrics-helper | | image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.17.1 | +| image.tag | Image tag | v1.18.0 | | image.account | ECR repository account number | 602401143452 | | image.domain | ECR repository domain | amazonaws.com | | env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 919681586f..c1f6649c84 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.17.1 + tag: v1.18.0 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 7908dba145..76a4dde8a4 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.17.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.17.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index d259779f75..cc67268342 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index c4728c6b76..b89a91978e 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index f7abbe2f06..cbf6822581 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.17.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.0 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.17.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.0 ports: - containerPort: 61678 name: metrics @@ -467,7 +467,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.17.1" + value: "v1.18.0" - name: ENABLE_SUBNET_DISCOVERY value: "true" - name: WARM_ENI_TARGET diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 19e4fcd060..7245e3956c 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.17.1" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 494f2d1080..60e280bcb6 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 85c40357a2..52be43f5c0 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 68a3a2f60c..67889376bf 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.17.1" + app.kubernetes.io/version: "v1.18.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 5671b0b576..694d3cadf0 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,7 +8,7 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.17.1" +VPC_CNI_VERSION="v1.18.0" NODE_AGENT_VERSION="v1.1.0" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 599ec96279..d1fa40280c 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.17.1" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.0" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.17.1}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From cd7eb5902f5c7a0ebc008bb478843dd14440b8bd Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Wed, 17 Apr 2024 15:07:48 -0700 Subject: [PATCH 12/83] Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --- config/master/aws-k8s-cni-cn.yaml | 4 ++-- config/master/aws-k8s-cni-us-gov-east-1.yaml | 4 ++-- config/master/aws-k8s-cni-us-gov-west-1.yaml | 4 ++-- config/master/aws-k8s-cni.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 76a4dde8a4..c7d8474453 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index cc67268342..d658560d7c 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index b89a91978e..897de2e54f 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index cbf6822581..cbd168db30 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -464,12 +464,12 @@ spec: value: "false" - name: ENABLE_PREFIX_DELEGATION value: "false" + - name: ENABLE_SUBNET_DISCOVERY + value: "true" - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION value: "v1.18.0" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET From 19d59c1b004bfdaafcb65218658d5cf8ba4f45d8 Mon Sep 17 00:00:00 2001 From: guessi Date: Fri, 19 Apr 2024 09:59:59 +0800 Subject: [PATCH 13/83] Improve "cni-metrics-helper" setup experience (#2874) Co-authored-by: Senthil Kumaran --- charts/cni-metrics-helper/README.md | 64 ++++++++++++------- .../templates/clusterrole.yaml | 2 + .../templates/deployment.yaml | 24 ++++++- charts/cni-metrics-helper/values.yaml | 31 +++++++++ 4 files changed, 97 insertions(+), 24 deletions(-) diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 4e21d7fb2c..3326117b9f 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -12,10 +12,22 @@ This chart provides a Kubernetes deployment for the Amazon VPC CNI Metrics Helpe First add the EKS repository to Helm: ```shell -helm repo add eks https://aws.github.io/eks-charts +$ helm repo add eks https://aws.github.io/eks-charts ``` -To install the chart with the release name `cni-metrics-helper` and default configuration: +Ensure helm repository up to date + +```shell +$ helm repo update eks +``` + +To identify the version you are going to apply + +```shell +$ helm search repo eks/cni-metrics-helper --versions +``` + +To install the latest chart with the release name `cni-metrics-helper` and default configuration: ```shell $ helm install cni-metrics-helper --namespace kube-system eks/cni-metrics-helper @@ -43,26 +55,34 @@ $ helm uninstall cni-metrics-helper --namespace kube-system The following table lists the configurable parameters for this chart and their default values. -| Parameter | Description | Default | -|------------------------------|---------------------------------------------------------------|--------------------| -| fullnameOverride | Override the fullname of the chart | cni-metrics-helper | -| image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.18.0 | -| image.account | ECR repository account number | 602401143452 | -| image.domain | ECR repository domain | amazonaws.com | -| env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | -| env.USE_PROMETHEUS | Whether to export CNI metrics to Prometheus | false | -| env.AWS_CLUSTER_ID | ID of the cluster to use when exporting metrics to CloudWatch | default | -| env.AWS_VPC_K8S_CNI_LOGLEVEL | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | INFO | -| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds. | | -| | Metrics are published to CloudWatch at 2x the interval | 30 | -| serviceAccount.name | The name of the ServiceAccount to use | nil | -| serviceAccount.create | Specifies whether a ServiceAccount should be created | true | -| serviceAccount.annotations | Specifies the annotations for ServiceAccount | {} | -| podAnnotations | Specifies the annotations for pods | {} | -| revisionHistoryLimit | The number of revisions to keep | 10 | -| podSecurityContext | SecurityContext to set on the pod | {} | -| containerSecurityContext | SecurityContext to set on the container | {} | + +| Parameter | Description | Default | +| -------------------------------|---------------------------------------------------------------|-------------------------------------| +| `affinity` | Map of node/pod affinities | `{}` | +| `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | +| `image.tag` | Image tag | `v1.17.1` | +| `image.domain` | ECR repository domain | `amazonaws.com` | +| `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | +| `image.account` | ECR repository account number | `602401143452` | +| `env.USE_CLOUDWATCH` | Whether to export CNI metrics to CloudWatch | `true` | +| `env.USE_PROMETHEUS` | Whether to export CNI metrics to Prometheus | `false` | +| `env.AWS_CLUSTER_ID` | ID of the cluster to use when exporting metrics to CloudWatch | `default` | +| `env.AWS_VPC_K8S_CNI_LOGLEVEL` | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | `INFO` | +| `env.METRIC_UPDATE_INTERVAL` | Interval at which to update CloudWatch metrics, in seconds. | | +| | Metrics are published to CloudWatch at 2x the interval | `30` | +| `serviceAccount.name` | The name of the ServiceAccount to use | `nil` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Specifies the annotations for ServiceAccount | `{}` | +| `podAnnotations` | Specifies the annotations for pods | `{}` | +| `revisionHistoryLimit` | The number of revisions to keep | `10` | +| `podSecurityContext` | SecurityContext to set on the pod | `{}` | +| `containerSecurityContext` | SecurityContext to set on the container | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | +| `updateStrategy` | Optional update strategy | `{}` | +| `imagePullSecrets` | Docker registry pull secret | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/charts/cni-metrics-helper/templates/clusterrole.yaml b/charts/cni-metrics-helper/templates/clusterrole.yaml index 6f45efd8aa..901952d751 100644 --- a/charts/cni-metrics-helper/templates/clusterrole.yaml +++ b/charts/cni-metrics-helper/templates/clusterrole.yaml @@ -2,6 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "cni-metrics-helper.fullname" . }} + labels: +{{ include "cni-metrics-helper.labels" . | indent 4 }} rules: - apiGroups: [""] resources: diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index adadf2bf7d..5cb2fb1397 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -5,7 +5,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: k8s-app: cni-metrics-helper +{{ include "cni-metrics-helper.labels" . | indent 4 }} spec: +{{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} +{{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: @@ -36,6 +40,22 @@ spec: name: cni-metrics-helper image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/cni-metrics-helper:{{- .Values.image.tag }}{{- end}}" serviceAccountName: {{ template "cni-metrics-helper.serviceAccountName" . }} -{{- if .Values.podSecurityContext }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} -{{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index c1f6649c84..9179d8392c 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -36,3 +36,34 @@ podSecurityContext: {} containerSecurityContext: {} podAnnotations: {} + +imagePullSecrets: [] + +updateStrategy: {} +# type: RollingUpdate +# rollingUpdate: +# maxUnavailable: "10%" + +nodeSelector: {} + +tolerations: [] +# - operator: Exists + +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: "kubernetes.io/os" +# operator: In +# values: +# - linux +# - key: "kubernetes.io/arch" +# operator: In +# values: +# - amd64 +# - arm64 +# - key: "eks.amazonaws.com/compute-type" +# operator: NotIn +# values: +# - fargate From 1a76401185f1aa4e3a0060a8542a14972f306250 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 19 Apr 2024 16:25:34 -0700 Subject: [PATCH 14/83] Add correct labels to CNI metrics chart. (#2889) --- charts/cni-metrics-helper/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index 5cb2fb1397..192ce9e56e 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: {{- end }} {{- end }} labels: + app.kubernetes.io/name: {{ include "cni-metrics-helper.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} k8s-app: cni-metrics-helper spec: containers: From 126a0ba50ed8ee22b01603d895a079c1c9d3769c Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 19 Apr 2024 16:52:32 -0700 Subject: [PATCH 15/83] Added information on the build troubleshooting. (#2890) --- README.md | 2 +- docs/troubleshooting.md | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dccc7cf0fe..ecee7a37ef 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ See [here](./docs/iam-policy.md) for required IAM policies. * `unit-test`, `format`,`lint` and `vet` provide ways to run the respective tests/tools and should be run before submitting a PR. * `make docker` will create a docker container using `docker buildx` that contains the finished binaries, with a tag of `amazon/amazon-k8s-cni:latest` * `make docker-unit-tests` uses a docker container to run all unit tests. -* builds for all build and test actions run in docker containers based on `golang:1.21.5-6-gcc-al2` unless a different `GOLANG_IMAGE` tag is passed in. +* Builds for all build and test actions run in docker containers based on `.go-version` unless a different `GOLANG_IMAGE` tag is passed in. ## Components diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index b631b8608f..559dbb325f 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -253,3 +253,11 @@ The [CNI image](../scripts/dockerfiles/Dockerfile.release) built for the `aws-no See the [cni-metrics-helper README](../cmd/cni-metrics-helper/README.md). + +## Build Troubleshooting + +If you encouter build issues while building vpc cni, ensure you are logged into a docker registry. +For e.g. + +aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws +~ From 73c45d8d2e3b572832a9b4082c718f77d9d2ee71 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Sat, 20 Apr 2024 06:19:59 -0700 Subject: [PATCH 16/83] Remove unused code in vpc cni init and vpc cni binary. (#2891) --- cmd/aws-vpc-cni-init/main.go | 11 ----------- cmd/aws-vpc-cni/main.go | 29 ----------------------------- 2 files changed, 40 deletions(-) diff --git a/cmd/aws-vpc-cni-init/main.go b/cmd/aws-vpc-cni-init/main.go index c3c77a9189..cf29fd4eab 100644 --- a/cmd/aws-vpc-cni-init/main.go +++ b/cmd/aws-vpc-cni-init/main.go @@ -29,7 +29,6 @@ import ( const ( defaultHostCNIBinPath = "/host/opt/cni/bin" - vpcCniInitDonePath = "/vpc-cni-init/done" metadataLocalIP = "local-ipv4" metadataMAC = "mac" defaultDisableIPv4TcpEarlyDemux = false @@ -181,17 +180,7 @@ func _main() int { return 1 } - // TODO: In order to speed up pod launch time, VPC CNI init container is not a Kubernetes init container. - // The VPC CNI container blocks on the existence of vpcCniInitDonePath - //err = cp.TouchFile(vpcCniInitDonePath) - //if err != nil { - // log.WithError(err).Errorf("Failed to set VPC CNI init done") - // return 1 - //} - log.Infof("CNI init container done") - // TODO: Since VPC CNI init container is a real container, it never exits - // time.Sleep(time.Duration(1<<63 - 1)) return 0 } diff --git a/cmd/aws-vpc-cni/main.go b/cmd/aws-vpc-cni/main.go index 063d766fdd..d1e5feb042 100644 --- a/cmd/aws-vpc-cni/main.go +++ b/cmd/aws-vpc-cni/main.go @@ -42,9 +42,7 @@ import ( "os/exec" "strconv" "strings" - "time" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" "github.com/containernetworking/cni/pkg/types" @@ -188,27 +186,6 @@ func waitForIPAM() bool { } } -// Wait for vpcCniInitDonePath to exist (maximum wait time is 60 seconds) -func waitForInit() error { - start := time.Now() - maxEnd := start.Add(time.Minute) - for { - // Check for existence of vpcCniInitDonePath - if _, err := os.Stat(vpcCniInitDonePath); err == nil { - // Delete the done file in case of a reboot of the node or restart of the container (force init container to run again) - if err := os.Remove(vpcCniInitDonePath); err == nil { - return nil - } - // If file deletion fails, log and allow retry - log.Errorf("Failed to delete file: %s", vpcCniInitDonePath) - } - if time.Now().After(maxEnd) { - return errors.Errorf("time exceeded") - } - time.Sleep(1 * time.Second) - } -} - func getPrimaryIP(ipv4 bool) (string, error) { var hostIP string var err error @@ -471,12 +448,6 @@ func _main() int { return 1 } - // Wait for init container to complete - //if err := waitForInit(); err != nil { - // log.WithError(err).Errorf("Init container failed to complete") - // return 1 - //} - log.Infof("Copying config file... ") err = generateJSON(defaultAWSconflistFile, tmpAWSconflistFile, getPrimaryIP) if err != nil { From 92977ef5169506c017a90c011d48f228b8696cc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 08:34:05 -0700 Subject: [PATCH 17/83] Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent (#2898) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 8ee4de14cb..db9ac45b64 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.18.0 + golang.org/x/sys v0.19.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index fe4c332145..512fba84b6 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 06828cee09446fd9e501984727ed807254385cb8 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 7 May 2024 16:53:32 -0700 Subject: [PATCH 18/83] Filter Managed ENI. (#2895) If the SG reconcile loop runs before the ENI/IP reconcile loop it will modify the security groups as the ENI/IP reconcile hasn't had a chance to check the tags on the ENI yet. Without relying on cache, when the SG reconcile is run, it will not update the ENI with the node.k8s.amazonaws.com/no_manage: true tag --- go.mod | 3 +++ pkg/awsutils/awsutils.go | 16 ++++++++-------- pkg/awsutils/mocks/awsutils_mocks.go | 10 ++++++---- pkg/ipamd/ipamd.go | 4 ++-- pkg/ipamd/ipamd_test.go | 4 ++-- 5 files changed, 21 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index e80910a18b..53b4d6402d 100644 --- a/go.mod +++ b/go.mod @@ -180,3 +180,6 @@ replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Cannot be removed until all dependencies use net library v0.23.0 or higher replace golang.org/x/net => golang.org/x/net v0.23.0 + +// Version of go-cose v1.2.0 and v1.2.1 have been deprecated in favor v1.1.0 +replace github.com/veraison/go-cose => github.com/veraison/go-cose v1.1.0 diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index db14e34b75..f9ba346915 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -27,6 +27,8 @@ import ( "sync" "time" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" @@ -168,7 +170,7 @@ type APIs interface { IsPrimaryENI(eniID string) bool //RefreshSGIDs - RefreshSGIDs(mac string) error + RefreshSGIDs(mac string, store *datastore.DataStore) error //GetInstanceHypervisorFamily returns the hypervisor family for the instance GetInstanceHypervisorFamily() string @@ -474,7 +476,7 @@ func (cache *EC2InstanceMetadataCache) initWithEC2Metadata(ctx context.Context) } // RefreshSGIDs retrieves security groups -func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { +func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string, store *datastore.DataStore) error { ctx := context.TODO() sgIDs, err := cache.imds.GetSecurityGroupIDs(ctx, mac) @@ -501,14 +503,12 @@ func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { cache.securityGroups.Set(sgIDs) if !cache.useCustomNetworking && (addedSGsCount != 0 || deletedSGsCount != 0) { - allENIs, err := cache.GetAttachedENIs() - if err != nil { - return errors.Wrap(err, "DescribeAllENIs: failed to get local ENI metadata") - } + eniInfos := store.GetENIInfos() var eniIDs []string - for _, eni := range allENIs { - eniIDs = append(eniIDs, eni.ENIID) + + for eniID := range eniInfos.ENIs { + eniIDs = append(eniIDs, eniID) } newENIs := StringSet{} diff --git a/pkg/awsutils/mocks/awsutils_mocks.go b/pkg/awsutils/mocks/awsutils_mocks.go index 54c7ec72c5..4e71a57549 100644 --- a/pkg/awsutils/mocks/awsutils_mocks.go +++ b/pkg/awsutils/mocks/awsutils_mocks.go @@ -22,6 +22,8 @@ import ( net "net" reflect "reflect" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" vpc "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" ec2 "github.com/aws/aws-sdk-go/service/ec2" @@ -466,17 +468,17 @@ func (mr *MockAPIsMockRecorder) IsUnmanagedENI(arg0 interface{}) *gomock.Call { } // RefreshSGIDs mocks base method. -func (m *MockAPIs) RefreshSGIDs(arg0 string) error { +func (m *MockAPIs) RefreshSGIDs(mac string, store *datastore.DataStore) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "RefreshSGIDs", arg0) + ret := m.ctrl.Call(m, "RefreshSGIDs", mac, store) ret0, _ := ret[0].(error) return ret0 } // RefreshSGIDs indicates an expected call of RefreshSGIDs. -func (mr *MockAPIsMockRecorder) RefreshSGIDs(arg0 interface{}) *gomock.Call { +func (mr *MockAPIsMockRecorder) RefreshSGIDs(mac, store interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), mac, store) } // SetMultiCardENIs mocks base method. diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 648a00b104..33f75900f5 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -507,14 +507,14 @@ func (c *IPAMContext) nodeInit() error { // 1. after managed/unmanaged ENIs have been determined // 2. before any new ENIs are attached if c.enableIPv4 && !c.disableENIProvisioning { - if err := c.awsClient.RefreshSGIDs(primaryENIMac); err != nil { + if err := c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore); err != nil { return err } // Refresh security groups and VPC CIDR blocks in the background // Ignoring errors since we will retry in 30s go wait.Forever(func() { - c.awsClient.RefreshSGIDs(primaryENIMac) + c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore) }, 30*time.Second) } diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index cc5a27337a..ac5802c257 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -153,7 +153,7 @@ func TestNodeInit(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ @@ -243,7 +243,7 @@ func TestNodeInitwithPDenabledIPv4Mode(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ From 9ed4e3e33e460f779db3e409a0ab8016d48158cb Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Mon, 13 May 2024 18:28:55 -0700 Subject: [PATCH 19/83] Merge release-1.18 to master after v1.18.1 release (#2914) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen * Fix metrics readme --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> --- CHANGELOG.md | 12 ++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 6 +++--- charts/aws-vpc-cni/values.yaml | 8 ++++---- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni.yaml | 18 +++++++++--------- config/master/cni-metrics-helper-cn.yaml | 6 +++--- .../cni-metrics-helper-us-gov-east-1.yaml | 6 +++--- .../cni-metrics-helper-us-gov-west-1.yaml | 6 +++--- config/master/cni-metrics-helper.yaml | 6 +++--- scripts/generate-cni-yaml.sh | 4 ++-- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 78 insertions(+), 66 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 985dc304f1..138cd97ac5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## v1.18.1 + +* Bug - [Mount /run/xtables.lock as FileOrCreate in Helm chart](https://github.com/aws/amazon-vpc-cni-k8s/pull/2841) (@kwohlfahrt) +* Enhancement - [Update .go-version to 1.22.2 to fix CVE reports.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2870) (@orsenthil) +* Cleanup - [remove unused Dockerfile](https://github.com/aws/amazon-vpc-cni-k8s/pull/2869) (@sushrk) +* Dependency - [Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2860) (@dependabot) +* Dependency - [Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2859) (@dependabot) +* Dependency - [Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2862) (@dependabot) +* Dependency - [Bump github.com/prometheus/common from 0.48.0 to 0.52.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2866) (@dependabot) +* Dependency - [Bump github.com/stretchr/testify from 1.8.4 to 1.9.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2863) (@dependabot) +* Dependency - [Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2864) (@dependabot) + ## v1.18.0 * Cleanup - [run make generate-limits](https://github.com/aws/amazon-vpc-cni-k8s/pull/2835) (@jaydeokar) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 0fd2105b0a..326db0431b 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.0 -appVersion: "v1.18.0" +version: 1.18.1 +appVersion: "v1.18.1" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 6e352119ad..155b127f30 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.0` | +| `image.tag` | Image tag | `v1.18.1` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.0` | +| `init.image.tag` | Image tag | `v1.18.1` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.0` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.1` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index aa765659c5..1bf88b53fc 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.0 + tag: v1.18.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.1.0 + tag: v1.1.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -50,7 +50,7 @@ nodeAgent: resources: {} image: - tag: v1.18.0 + tag: v1.18.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -84,7 +84,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.0" + VPC_CNI_VERSION: "v1.18.1" NETWORK_POLICY_ENFORCING_MODE: "standard" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 6b1a089f14..5bc50145c8 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.0 -appVersion: v1.18.0 +version: 1.18.1 +appVersion: v1.18.1 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 3326117b9f..fa6b08cf37 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.17.1` | +| `image.tag` | Image tag | `v1.18.1` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 9179d8392c..26758efac1 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.0 + tag: v1.18.1 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index c7d8474453..75f1bdd95e 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index d658560d7c..19f4344e31 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 897de2e54f..4d23b6d3b6 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index cbd168db30..a251eb4951 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.0" + value: "v1.18.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 env: - name: MY_NODE_NAME valueFrom: diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 7245e3956c..de49632ecd 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 60e280bcb6..07f1de7329 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 52be43f5c0..48e17af476 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 67889376bf..4263fe5e4f 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.0" + app.kubernetes.io/version: "v1.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 694d3cadf0..1c515ce856 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.0" -NODE_AGENT_VERSION="v1.1.0" +VPC_CNI_VERSION="v1.18.1" +NODE_AGENT_VERSION="v1.1.1" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index d1fa40280c..20fb3d2dc1 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.0" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.1" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.0}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From 239ad1d969b95d26127eed549c4b01eb0191fa76 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 17 May 2024 16:35:44 -0700 Subject: [PATCH 20/83] Update .go-version to fix GO-2024-2824 (#2911) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 8864ad2970..89144dbc38 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.2 \ No newline at end of file +1.22.3 From 05e776675bb969b75309ebd06a38ffb01a0b9212 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 17 May 2024 17:04:08 -0700 Subject: [PATCH 21/83] Soak Test for CNI. (#2915) * Soak Test for CNI. Soak Test runs a fundamental test, like connectivity across pods launched in both primary and secondary eni interfaces. It launches pods, tests connectivity, tears them down, and repeats this process for 1 hour. The run time configurable with how long we want to run the soak test. This test helps in discoverying race condition issues, compatiblity issues with underlying AMI. * Fix for make check. --- scripts/run-soak-test.sh | 40 ++++++ test/integration/cni/soak_test.go | 199 ++++++++++++++++++++++++++++++ 2 files changed, 239 insertions(+) create mode 100755 scripts/run-soak-test.sh create mode 100644 test/integration/cni/soak_test.go diff --git a/scripts/run-soak-test.sh b/scripts/run-soak-test.sh new file mode 100755 index 0000000000..f09f561dff --- /dev/null +++ b/scripts/run-soak-test.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# The script runs amazon-vpc-cni static canary tests +# The tests in this suite are designed to exercise AZ failure scenarios. + +set -e + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" +# TEST_IMAGE_REGISTRY is the registry in test-infra-* accounts where e2e test images are stored +TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} + +# If $ENDPOINT is set, as in it is for beta clusters then $ENDPOINT_OPTION, +# defined in lib/cluster.sh will add --eks-endpoint=$ENDPOINT to the ginkgo +# test command + +source "$SCRIPT_DIR"/lib/cluster.sh +source "$SCRIPT_DIR"/lib/canary.sh + +function run_ginkgo_test() { + local focus=$1 + echo "Running ginkgo tests with focus: $focus" + + (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 3h --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- \ + --cluster-kubeconfig="$KUBE_CONFIG_PATH" \ + --cluster-name="$CLUSTER_NAME" \ + --aws-region="$REGION" \ + --aws-vpc-id="$VPC_ID" \ + --ng-name-label-key="kubernetes.io/os" \ + --ng-name-label-val="linux" \ + --test-image-registry=$TEST_IMAGE_REGISTRY \ + --publish-cw-metrics=true \ + $ENDPOINT_OPTION) +} + +load_cluster_details + +run_ginkgo_test "SOAK_TEST" + +echo "all tests ran successfully in $(($SECONDS / 60)) minutes and $(($SECONDS % 60)) seconds" diff --git a/test/integration/cni/soak_test.go b/test/integration/cni/soak_test.go new file mode 100644 index 0000000000..8819a8b5ce --- /dev/null +++ b/test/integration/cni/soak_test.go @@ -0,0 +1,199 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package cni + +import ( + "fmt" + "strconv" + "time" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" + "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" + "github.com/aws/aws-sdk-go/service/ec2" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + coreV1 "k8s.io/api/core/v1" +) + +// Ensures Pods are launched on both Primary and Secondary Network Interfaces on two nodes. +// and the test verifies network connectivity across pods launched on these interfaces. + +// The total test will take 1 hour of constantly exercising pod launch on primary and secondary interfaces. +// running connectivity tests, and deleting the pods, and repeating the process. + +var _ = Describe("SOAK Test pod networking", Ordered, func() { + + var ( + err error + serverListenCmd []string + serverListenCmdArgs []string + testConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testFailedConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testerExpectedStdOut string + testerExpectedStdErr string + serverPort int + protocol string + primaryNodeDeployment *v1.Deployment + secondaryNodeDeployment *v1.Deployment + interfaceToPodListOnPrimaryNode common.InterfaceTypeToPodList + interfaceToPodListOnSecondaryNode common.InterfaceTypeToPodList + timesToRunTheTest = 12 + waitDuringInMinutes = time.Duration(5) * time.Minute + ) + + BeforeAll(func() { + fmt.Println("Starting SOAK test") + + protocol = ec2.ProtocolTcp + serverPort = 2273 + + By("Authorize Security Group Ingress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Authorize Security Group Egress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + }) + + AfterAll(func() { + fmt.Println("Cleaning SOAK test") + + By("Revoke Security Group Ingress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Revoke Security Group Egress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + + By("SOAK test completed") + }) + + Context("[SOAK_TEST] Establish TCP connection from tester to server on both Primary and Secondary ENI", func() { + BeforeEach(func() { + serverListenCmd = []string{"nc"} + // The nc flag "-l" for listen mode, "-k" to keep server up and not close connection after each connection + serverListenCmdArgs = []string{"-k", "-l", strconv.Itoa(serverPort)} + + // netcat verbose output is being redirected to stderr instead of stdout + // The nc flag "-v" for verbose output and "-wn" for timing out in n seconds + testConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port)} + } + + // Create a negative test case with the wrong port number. This is to reinforce the + // positive test case work by verifying negative cases do throw error + testFailedConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port + 1)} + } + + serverContainer := manifest. + NewNetCatAlpineContainer(f.Options.TestImageRegistry). + Command(serverListenCmd). + Args(serverListenCmdArgs). + Build() + + By("Creating Pods on Primary and Secondary ENI on Primary and Secondary Node") + primaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(primaryNode.Name). + PodLabel("node", "primary"). + Name("primary-node-server"). + Build() + + primaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(primaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnPrimaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(primaryNode, "node", "primary", f) + + // At least two Pods should be placed on the Primary and Secondary Interface + // on the Primary and Secondary Node in order to test all possible scenarios + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + + secondaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(secondaryNode.Name). + PodLabel("node", "secondary"). + Name("secondary-node-server"). + Build() + + secondaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(secondaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnSecondaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(secondaryNode, "node", "secondary", f) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + }) + + AfterEach(func() { + By("TearDown Pods") + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(primaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(secondaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + }) + + for i := 0; i < timesToRunTheTest; i++ { + It("assert connectivity across nodes and across interface types", func() { + + testerExpectedStdErr = "succeeded!" + testerExpectedStdOut = "" + + CheckConnectivityForMultiplePodPlacement( + interfaceToPodListOnPrimaryNode, interfaceToPodListOnSecondaryNode, + serverPort, testerExpectedStdOut, testerExpectedStdErr, testConnectionCommandFunc) + + By("verifying connection fails for unreachable port") + + VerifyConnectivityFailsForNegativeCase(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[0], + interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[1], serverPort, + testFailedConnectionCommandFunc) + + time.Sleep(waitDuringInMinutes) + }) + } + }) +}) From 3daa258714406f9d321d9c1c379bb533268d6615 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 17:48:04 -0700 Subject: [PATCH 22/83] Bump github.com/aws/amazon-vpc-resource-controller-k8s (#2910) Bumps [github.com/aws/amazon-vpc-resource-controller-k8s](https://github.com/aws/amazon-vpc-resource-controller-k8s) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/aws/amazon-vpc-resource-controller-k8s/releases) - [Commits](https://github.com/aws/amazon-vpc-resource-controller-k8s/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: github.com/aws/amazon-vpc-resource-controller-k8s dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 34 ++++++++++++++--------------- go.sum | 67 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 51 insertions(+), 50 deletions(-) diff --git a/go.mod b/go.mod index 53b4d6402d..2a203b9655 100644 --- a/go.mod +++ b/go.mod @@ -5,37 +5,37 @@ go 1.21 require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b - github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 - github.com/aws/aws-sdk-go v1.50.29 + github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 + github.com/aws/aws-sdk-go v1.51.32 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.31.1 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.52.2 + github.com/prometheus/common v0.53.0 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.23.0 - golang.org/x/sys v0.18.0 + golang.org/x/net v0.24.0 + golang.org/x/sys v0.19.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.0 - k8s.io/apimachinery v0.29.2 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.29.0 + k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 ) @@ -78,15 +78,15 @@ require ( github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -148,11 +148,11 @@ require ( golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index a15fc2cb15..eaab04160b 100644 --- a/go.sum +++ b/go.sum @@ -35,10 +35,10 @@ github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b h1:xCQo9O4BIwuLhrQAqamsvhfgjBiSOo83uDMMSivRsnw= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 h1:43uJXFNTjk5Gzi2Qpqk30ycaaE7DOVvBDKi35wzsrsQ= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1/go.mod h1:tXPJP0SFdkVa7ALghDjThtavyYnP0MKO8V0ZHlDNCU8= -github.com/aws/aws-sdk-go v1.50.29 h1:Ol2FYzesF2tsQrgVSnDWRFI60+FsSqKKdt7MLlZKubc= -github.com/aws/aws-sdk-go v1.50.29/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= +github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= +github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -153,8 +153,8 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -184,8 +184,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -206,8 +206,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -340,13 +340,13 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -374,8 +374,8 @@ github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZ github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= -github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -415,7 +415,6 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -477,8 +476,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -493,8 +492,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -521,19 +520,21 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -546,8 +547,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -608,18 +609,18 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= From 4c1b1625970729a40722412c04aa99f8f20ea0de Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Mon, 20 May 2024 14:25:48 -0700 Subject: [PATCH 23/83] Update ENI Limits. (#2920) --- misc/eni-max-pods.txt | 36 ++-- pkg/vpc/vpc_ip_resource_limit.go | 284 +++++++++++++++++++++++++++---- 2 files changed, 280 insertions(+), 40 deletions(-) diff --git a/misc/eni-max-pods.txt b/misc/eni-max-pods.txt index 3cc4aa10db..2ce0e5884d 100644 --- a/misc/eni-max-pods.txt +++ b/misc/eni-max-pods.txt @@ -161,11 +161,11 @@ c6in.12xlarge 234 c6in.16xlarge 737 c6in.24xlarge 737 c6in.2xlarge 58 -c6in.32xlarge 345 +c6in.32xlarge 394 c6in.4xlarge 234 c6in.8xlarge 234 c6in.large 29 -c6in.metal 345 +c6in.metal 394 c6in.xlarge 58 c7a.12xlarge 234 c7a.16xlarge 737 @@ -204,7 +204,13 @@ c7gn.4xlarge 234 c7gn.8xlarge 234 c7gn.large 29 c7gn.medium 8 +c7gn.metal 737 c7gn.xlarge 58 +c7i-flex.2xlarge 58 +c7i-flex.4xlarge 234 +c7i-flex.8xlarge 234 +c7i-flex.large 29 +c7i-flex.xlarge 58 c7i.12xlarge 234 c7i.16xlarge 737 c7i.24xlarge 737 @@ -266,6 +272,16 @@ g5g.4xlarge 234 g5g.8xlarge 234 g5g.metal 737 g5g.xlarge 58 +g6.12xlarge 234 +g6.16xlarge 737 +g6.24xlarge 737 +g6.2xlarge 58 +g6.48xlarge 737 +g6.4xlarge 234 +g6.8xlarge 234 +g6.xlarge 58 +gr6.4xlarge 234 +gr6.8xlarge 234 h1.16xlarge 394 h1.2xlarge 58 h1.4xlarge 234 @@ -464,21 +480,21 @@ m6idn.12xlarge 234 m6idn.16xlarge 737 m6idn.24xlarge 737 m6idn.2xlarge 58 -m6idn.32xlarge 345 +m6idn.32xlarge 394 m6idn.4xlarge 234 m6idn.8xlarge 234 m6idn.large 29 -m6idn.metal 345 +m6idn.metal 394 m6idn.xlarge 58 m6in.12xlarge 234 m6in.16xlarge 737 m6in.24xlarge 737 m6in.2xlarge 58 -m6in.32xlarge 345 +m6in.32xlarge 394 m6in.4xlarge 234 m6in.8xlarge 234 m6in.large 29 -m6in.metal 345 +m6in.metal 394 m6in.xlarge 58 m7a.12xlarge 234 m7a.16xlarge 737 @@ -665,21 +681,21 @@ r6idn.12xlarge 234 r6idn.16xlarge 737 r6idn.24xlarge 737 r6idn.2xlarge 58 -r6idn.32xlarge 345 +r6idn.32xlarge 394 r6idn.4xlarge 234 r6idn.8xlarge 234 r6idn.large 29 -r6idn.metal 345 +r6idn.metal 394 r6idn.xlarge 58 r6in.12xlarge 234 r6in.16xlarge 737 r6in.24xlarge 737 r6in.2xlarge 58 -r6in.32xlarge 345 +r6in.32xlarge 394 r6in.4xlarge 234 r6in.8xlarge 234 r6in.large 29 -r6in.metal 345 +r6in.metal 394 r6in.xlarge 58 r7a.12xlarge 234 r7a.16xlarge 737 diff --git a/pkg/vpc/vpc_ip_resource_limit.go b/pkg/vpc/vpc_ip_resource_limit.go index 77a4943de5..efb6a8b77d 100644 --- a/pkg/vpc/vpc_ip_resource_limit.go +++ b/pkg/vpc/vpc_ip_resource_limit.go @@ -1744,17 +1744,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -1805,17 +1805,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -2350,6 +2350,20 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7gn.metal": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, "c7gn.xlarge": { ENILimit: 4, IPv4Limit: 15, @@ -2364,6 +2378,76 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7i-flex.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.large": { + ENILimit: 3, + IPv4Limit: 10, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 3, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "c7i.12xlarge": { ENILimit: 8, IPv4Limit: 30, @@ -3228,6 +3312,146 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "g6.12xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.16xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.48xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "h1.16xlarge": { ENILimit: 8, IPv4Limit: 50, @@ -6021,17 +6245,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6082,17 +6306,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6171,17 +6395,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6232,17 +6456,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9020,17 +9244,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9081,17 +9305,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9170,17 +9394,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9231,17 +9455,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, From 7eb07e9224600f473cfb43367766c99fec0dedde Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 21 May 2024 16:50:49 -0700 Subject: [PATCH 24/83] Skip Soak Test while running other tests. (#2922) --- scripts/run-cni-release-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 20fb3d2dc1..309410be11 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -33,7 +33,7 @@ function run_integration_test() { echo "Running cni integration tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=soak_test.go -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then From 5d0e6e212d533467ed9c7479a94635decaeff4aa Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 23 May 2024 10:45:03 -0700 Subject: [PATCH 25/83] Update golang to go1.22.3 (#2924) --- .github/workflows/integration-tests.yaml | 2 +- .github/workflows/nightly-cron-tests.yaml | 2 +- .github/workflows/pr-automated-tests.yaml | 4 +- .github/workflows/pr-manual-tests.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/weekly-cron-tests.yaml | 2 +- go.mod | 2 +- pkg/ipamd/ipamd_test.go | 77 +++++++++++++---------- test/agent/go.mod | 2 +- 9 files changed, 53 insertions(+), 42 deletions(-) diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index a284243c55..ba50c6d0b0 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/nightly-cron-tests.yaml b/.github/workflows/nightly-cron-tests.yaml index 095d8e94ac..0ac5f6b668 100644 --- a/.github/workflows/nightly-cron-tests.yaml +++ b/.github/workflows/nightly-cron-tests.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/pr-automated-tests.yaml b/.github/workflows/pr-automated-tests.yaml index a3fe113a3b..c34827f3c9 100644 --- a/.github/workflows/pr-automated-tests.yaml +++ b/.github/workflows/pr-automated-tests.yaml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | go install golang.org/x/lint/golint@latest @@ -50,7 +50,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Build CNI images run: make multi-arch-cni-build - name: Build CNI Init images diff --git a/.github/workflows/pr-manual-tests.yaml b/.github/workflows/pr-manual-tests.yaml index c50994a46e..0f84bbd6f6 100644 --- a/.github/workflows/pr-manual-tests.yaml +++ b/.github/workflows/pr-manual-tests.yaml @@ -29,7 +29,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d449df4213..93350c60e3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Generate CNI YAML run: make generate-cni-yaml - name: Create eks-charts PR diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index c12e9139d4..505526b46e 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/go.mod b/go.mod index 2a203b9655..16717c2606 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s -go 1.21 +go 1.22.3 require ( github.com/apparentlymart/go-cidr v1.1.0 diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index ac5802c257..7dc6133a34 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -1397,8 +1397,6 @@ func datastoreWith3PodsFromPrefix() *datastore.DataStore { } func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { - ctrl := gomock.NewController(t) - eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} primaryENIonly := []awsutils.ENIMetadata{eni1} @@ -1417,26 +1415,29 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(5).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, nil}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil}, + {"No tags at all", nil, allENIs, allENIs, nil, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil, 0, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: true} @@ -1447,6 +1448,10 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { sort.Strings(args) assert.Equal(t, tt.unmanagedenis, args) }).AnyTimes() + + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + c.setUnmanagedENIs(tt.tagMap) mockAWSUtils.EXPECT().IsUnmanagedENI(gomock.Any()).DoAndReturn( @@ -1479,7 +1484,6 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { } func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) { - ctrl := gomock.NewController(t) eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} @@ -1499,30 +1503,37 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(6).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, + {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: false} + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + mockAWSUtils. EXPECT(). SetUnmanagedENIs(gomock.Any()). diff --git a/test/agent/go.mod b/test/agent/go.mod index db9ac45b64..81506d3f38 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent -go 1.21 +go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 From 5fb502054c50bde5f4d5c8b45b514020a1d77c9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 14:27:01 -0700 Subject: [PATCH 26/83] Bump k8s.io/api from 0.29.3 to 0.30.1 (#2918) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.1. - [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 17 ++++++++--------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 16717c2606..4b46727ffb 100644 --- a/go.mod +++ b/go.mod @@ -32,8 +32,8 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/cli-runtime v0.29.0 k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 @@ -161,8 +161,8 @@ require ( k8s.io/apiextensions-apiserver v0.29.0 // indirect k8s.io/apiserver v0.29.0 // indirect k8s.io/component-base v0.29.0 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.29.0 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect oras.land/oras-go v1.2.4 // indirect diff --git a/go.sum b/go.sum index eaab04160b..838d93b1a7 100644 --- a/go.sum +++ b/go.sum @@ -136,7 +136,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -609,12 +608,12 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= @@ -623,10 +622,10 @@ k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= From d0590be166461bffec2143421a80251b36c33455 Mon Sep 17 00:00:00 2001 From: Liptan Biswas Date: Sat, 25 May 2024 08:35:22 +0530 Subject: [PATCH 27/83] Switch to counter for awscni_no_available_ip_addresses (#2919) Co-authored-by: Liptan Biswas Co-authored-by: Senthil Kumaran --- utils/prometheusmetrics/prometheusmetrics.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/prometheusmetrics/prometheusmetrics.go b/utils/prometheusmetrics/prometheusmetrics.go index edcdacda86..fadda0a094 100644 --- a/utils/prometheusmetrics/prometheusmetrics.go +++ b/utils/prometheusmetrics/prometheusmetrics.go @@ -159,8 +159,8 @@ var ( }, []string{"cidr"}, ) - NoAvailableIPAddrs = prometheus.NewGauge( - prometheus.GaugeOpts{ + NoAvailableIPAddrs = prometheus.NewCounter( + prometheus.CounterOpts{ Name: "awscni_no_available_ip_addresses", Help: "The number of pod IP assignments that fail due to no available IP addresses", }, From a477f124bee53f8153f8cbec6084274354428429 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 28 May 2024 09:39:16 -0700 Subject: [PATCH 28/83] Expose network policy log file location to be configured using helm (#2925) * Expose network policy log file location to be configured using helm chart values. * Updated log file location name. --- charts/aws-vpc-cni/templates/daemonset.yaml | 1 + charts/aws-vpc-cni/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index d119a37d66..07eb1797f7 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -134,6 +134,7 @@ spec: - --enable-network-policy={{ .Values.enableNetworkPolicy }} - --enable-cloudwatch-logs={{ .Values.nodeAgent.enableCloudWatchLogs }} - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }} + - --log-file={{ .Values.nodeAgent.networkPolicyAgentLogFileLocation }} - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }} - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }} - --conntrack-cache-cleanup-period={{ .Values.nodeAgent.conntrackCacheCleanupPeriod }} diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 1bf88b53fc..a984109d31 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -43,6 +43,7 @@ nodeAgent: privileged: true enableCloudWatchLogs: "false" enablePolicyEventLogs: "false" + networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log" enableIpv6: "false" metricsBindAddr: "8162" healthProbeBindAddr: "8163" From 1b9fe03f7452e330def2b60d785cdfb9645591b0 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 28 May 2024 12:38:29 -0700 Subject: [PATCH 29/83] Merge release branch release_1.18 (#2929) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> From c8a2944bc6d48a9f0d15dce5ed67c7648249efb6 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Wed, 29 May 2024 15:11:31 -0700 Subject: [PATCH 30/83] Helpful Make target to login to public ECR. (#2934) --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 2c37e59385..ecf19b90db 100644 --- a/Makefile +++ b/Makefile @@ -391,6 +391,9 @@ cleanup-ec2-sdk-override: ./scripts/ec2_model_override/cleanup.sh ; \ fi +ecr-public-login: + aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws + ##@ Cleanup # Clean temporary files and build artifacts from the project. From bf2695645d09891e50dfc410a20386e21db4ef97 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 30 May 2024 11:57:55 -0700 Subject: [PATCH 31/83] Skip Static Canary in run-integration-test in Github. (#2935) --- scripts/run-integration-tests.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/run-integration-tests.sh b/scripts/run-integration-tests.sh index 9734991d5f..608bc093e1 100755 --- a/scripts/run-integration-tests.sh +++ b/scripts/run-integration-tests.sh @@ -231,8 +231,9 @@ if [[ $RUN_CNI_INTEGRATION_TESTS == true ]]; then echo "" START=$SECONDS focus="CANARY" + skip="STATIC_CANARY" echo "Running ginkgo tests with focus: $focus" - (cd "$INTEGRATION_TEST_DIR/cni" && CGO_ENABLED=0 ginkgo --focus="$focus" -v --timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBECONFIG" --cluster-name="$CLUSTER_NAME" --aws-region="$AWS_DEFAULT_REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="kubernetes.io/os" --ng-name-label-val="linux") + (cd "$INTEGRATION_TEST_DIR/cni" && CGO_ENABLED=0 ginkgo --focus="$focus" --skip="$skip" -v --timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBECONFIG" --cluster-name="$CLUSTER_NAME" --aws-region="$AWS_DEFAULT_REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="kubernetes.io/os" --ng-name-label-val="linux") (cd "$INTEGRATION_TEST_DIR/ipamd" && CGO_ENABLED=0 ginkgo --focus="$focus" -v --timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBECONFIG" --cluster-name="$CLUSTER_NAME" --aws-region="$AWS_DEFAULT_REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="kubernetes.io/os" --ng-name-label-val="linux") TEST_PASS=$? CURRENT_IMAGE_INTEGRATION_DURATION=$((SECONDS - START)) From 3e289752df4822f4cf893acacb29d8046f1fb6d3 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 31 May 2024 17:48:44 -0700 Subject: [PATCH 32/83] Run Kops Test Separately to triage failures. (#2936) --- .github/workflows/kops-test.yaml | 51 ++++++++++++++++++++++++ .github/workflows/weekly-cron-tests.yaml | 12 ------ charts/aws-vpc-cni/README.md | 1 + 3 files changed, 52 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/kops-test.yaml diff --git a/.github/workflows/kops-test.yaml b/.github/workflows/kops-test.yaml new file mode 100644 index 0000000000..b0e5c99c72 --- /dev/null +++ b/.github/workflows/kops-test.yaml @@ -0,0 +1,51 @@ +name: Kops tests + +on: + workflow_dispatch: {} + schedule: + - cron: "0 15 * * *" # every day + +permissions: + id-token: write + contents: read + +jobs: + daily-kops: + if: github.repository == 'aws/amazon-vpc-cni-k8s' + runs-on: ubuntu-latest + steps: + - name: Checkout latest commit in the PR + uses: actions/checkout@v3 + - name: Set up Docker QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: "1.22" + - name: Set up tools + run: | + # Install ginkgo version from go.mod + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo + curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp + sudo mv /tmp/eksctl /usr/local/bin/ + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} + role-duration-seconds: 28800 # 8 hours + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + - name: Run kops tests + env: + DISABLE_PROMPT: true + ROLE_CREATE: false + ROLE_ARN: ${{ secrets.EKS_CLUSTER_ROLE_ARN }} + RUN_CNI_INTEGRATION_TESTS: false + RUN_KOPS_TEST: true + K8S_VERSION: 1.30.0-beta.0 + KOPS_VERSION: v1.29.0 + KOPS_RUN_TOO_NEW_VERSION: 1 + run: | + ./scripts/run-integration-tests.sh + if: always() \ No newline at end of file diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index 505526b46e..1e09f43ab8 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -46,18 +46,6 @@ jobs: RUN_PERFORMANCE_TESTS: true run: | ./scripts/run-integration-tests.sh - - name: Run kops tests - env: - DISABLE_PROMPT: true - ROLE_CREATE: false - ROLE_ARN: ${{ secrets.EKS_CLUSTER_ROLE_ARN }} - RUN_CNI_INTEGRATION_TESTS: false - RUN_KOPS_TEST: true - K8S_VERSION: 1.30.0-beta.0 - KOPS_VERSION: v1.28.4 - KOPS_RUN_TOO_NEW_VERSION: 1 - run: | - ./scripts/run-integration-tests.sh if: always() - name: Run bottlerocket tests env: diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 155b127f30..13e16cbb68 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -77,6 +77,7 @@ The following table lists the configurable parameters for this chart and their d | `nodeAgent.image.pullPolicy` | Container pull policy | `IfNotPresent` | | `nodeAgent.securityContext` | Node Agent container Security context | `capabilities: add: - "NET_ADMIN" privileged: true` | | `nodeAgent.enableCloudWatchLogs` | Enable CW logging for Node Agent | `false` | + `nodeAgent.networkPolicyAgentLogFileLocation` | Log File location of Network Policy Agent | `/var/log/aws-routed-eni/network-policy-agent.log` | | `nodeAgent.enablePolicyEventLogs` | Enable policy decision logs for Node Agent | `false` | | `nodeAgent.metricsBindAddr` | Node Agent port for metrics | `8162` | | `nodeAgent.healthProbeBindAddr` | Node Agent port for health probes | `8163` | From a9aaec7894036ffdec12f887dc454ab47bada7b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 11:35:56 -0700 Subject: [PATCH 33/83] Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#2938) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4b46727ffb..cba660a484 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 - go.uber.org/zap v1.26.0 + go.uber.org/zap v1.27.0 golang.org/x/net v0.24.0 golang.org/x/sys v0.19.0 google.golang.org/grpc v1.62.0 diff --git a/go.sum b/go.sum index 838d93b1a7..05ccee6cfa 100644 --- a/go.sum +++ b/go.sum @@ -460,8 +460,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= From f9aa080cd094d53535a5d5c0e489ecdf39cb415b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 13:51:37 -0700 Subject: [PATCH 34/83] Bump golang.org/x/sys from 0.19.0 to 0.20.0 in /test/agent (#2937) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/sys/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 81506d3f38..296da20ad1 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.19.0 + golang.org/x/sys v0.20.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 512fba84b6..e830a6b951 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 8f9253e2e4452fe0e9e6a26a05675c8b7ae7a8fe Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 4 Jun 2024 15:49:26 -0700 Subject: [PATCH 35/83] Merge Changes from release-1.18 to master (#2944) * Changelog and Updated CNI Charts for v1.18.2 Release (#2942) * Update charts, config for Release v1.18.2. * Updated CNI and Metrics Helper Yaml file. ``` make generate-cni-yaml /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s//scripts/generate-cni-yaml.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 15.3M 100 15.3M 0 0 28.4M 0 --:--:-- --:--:-- --:--:-- 28.3M Generated aws-vpc-cni and cni-metrics-helper manifest resources files in: - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/aws-k8s-cni - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/cni-metrics-helper ``` * Updated Changelog. * Fix the Charts Version for v1.18.2 (#2943) Helm Charts are fixed in eks-charts. https://github.com/aws/eks-charts/pull/1115 https://github.com/aws/eks-charts/pull/1115 --- CHANGELOG.md | 40 +++++++++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 +- charts/aws-vpc-cni/README.md | 6 +-- charts/aws-vpc-cni/values.yaml | 8 ++-- charts/cni-metrics-helper/Chart.yaml | 4 +- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 20 +++++----- config/master/aws-k8s-cni-us-gov-east-1.yaml | 20 +++++----- config/master/aws-k8s-cni-us-gov-west-1.yaml | 20 +++++----- config/master/aws-k8s-cni.yaml | 20 +++++----- config/master/cni-metrics-helper-cn.yaml | 15 +++++-- .../cni-metrics-helper-us-gov-east-1.yaml | 15 +++++-- .../cni-metrics-helper-us-gov-west-1.yaml | 15 +++++-- config/master/cni-metrics-helper.yaml | 15 +++++-- scripts/generate-cni-yaml.sh | 4 +- scripts/run-cni-release-tests.sh | 6 +-- 17 files changed, 150 insertions(+), 66 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 138cd97ac5..2393d8f85d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,45 @@ # Changelog +## v1.18.2 + +* Enhancement - [Improve "cni-metrics-helper" setup experience](https://github.com/aws/amazon-vpc-cni-k8s/pull/2874) (@guessi) +* Enhancement - [Filter Managed ENI.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2895) (@orsenthil) +* Enhancement - [Soak Test for CNI.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2915) (@orsenthil) +* Enhancement - [Switch to counter type metic for awscni_no_available_ip_addresses](https://github.com/aws/amazon-vpc-cni-k8s/pull/2919) (@liptanbiswas) +* Enhancement - [Expose network policy log file location to be configured using helm](https://github.com/aws/amazon-vpc-cni-k8s/pull/2925) (@orsenthil) + +* Bugfix - [Add correct labels to CNI metrics chart.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2889) (@orsenthil) +* Bugfix - [Skip Soak Test while running other tests.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2922) (@orsenthil) + +* Cleanup - [remove unused Dockerfile](https://github.com/aws/amazon-vpc-cni-k8s/pull/2869) (@sushrk) +* Cleanup - [CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release](https://github.com/aws/amazon-vpc-cni-k8s/pull/2876) (@jchen6585) +* Cleanup - [Fix merge conflicts from release-1.18 to master](https://github.com/aws/amazon-vpc-cni-k8s/pull/2881) (@jchen6585) +* Cleanup - [Added information on the build troubleshooting.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2890) (@orsenthil) +* Cleanup - [Remove unused code in vpc cni init and vpc cni binary](https://github.com/aws/amazon-vpc-cni-k8s/pull/2891) (@orsenthil) +* Cleanup - [Merge release-1.18 to master after v1.18.1 release](https://github.com/aws/amazon-vpc-cni-k8s/pull/2914) (@jchen6585) + +* Dependency - [Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2864) (@dependabot) +* Dependency - [Bump github.com/stretchr/testify from 1.8.4 to 1.9.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2863) (@dependabot) +* Dependency- [Bump github.com/prometheus/common from 0.48.0 to 0.52.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2866) (@dependabot)i +* Dependency - [Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2862) (@dependabot) +* Dependency - [Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2859) (@dependabot) +* Dependency - [Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2860) (@dependabot) +* Dependency - [Update Kops test for 1.30](https://github.com/aws/amazon-vpc-cni-k8s/pull/2868) (@jchen6585) +* Dependency - [Update .go-version to 1.22.2 to fix CVE reports](https://github.com/aws/amazon-vpc-cni-k8s/pull/2870) (@orsenthil) +* Dependency - [Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2898) (@dependabot) +* Dependency - [Update .go-version to fix GO-2024-2824](https://github.com/aws/amazon-vpc-cni-k8s/pull/2911) (@orsenthil) +* Dependency - [Bump github.com/aws/amazon-vpc-resource-controller-k8s from 1.4.1 to 1.5.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2910) (@dependabot) +* Dependency - [Update ENI Limits.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2920) (@orsenthil) +* Dependency - [Update golang to go1.22.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2924) (@orsenthil) +* Dependency - [Bump k8s.io/api from 0.29.3 to 0.30.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2918) (@dependabot) + + +**New Contributors** + +* @kwohlfahrt made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2841 +* @guessi made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2874 +* @liptanbiswas made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2919 + ## v1.18.1 * Bug - [Mount /run/xtables.lock as FileOrCreate in Helm chart](https://github.com/aws/amazon-vpc-cni-k8s/pull/2841) (@kwohlfahrt) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 326db0431b..9e647dcb83 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.1 -appVersion: "v1.18.1" +version: 1.18.2 +appVersion: "v1.18.2" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 13e16cbb68..1b6936a1dc 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.1` | +| `image.tag` | Image tag | `v1.18.2` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.1` | +| `init.image.tag` | Image tag | `v1.18.2` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.1` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.2` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index a984109d31..e25c94e791 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.1 + tag: v1.18.2 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.1.1 + tag: v1.1.2 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.18.1 + tag: v1.18.2 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.1" + VPC_CNI_VERSION: "v1.18.2" NETWORK_POLICY_ENFORCING_MODE: "standard" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 5bc50145c8..e3c4721fbb 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.1 -appVersion: v1.18.1 +version: 1.18.2 +appVersion: v1.18.2 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index fa6b08cf37..09637235cf 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.18.1` | +| `image.tag` | Image tag | `v1.18.2` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 26758efac1..edf99213c0 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.1 + tag: v1.18.2 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 75f1bdd95e..5e47fb81ab 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.2 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.2 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.1" + value: "v1.18.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.1 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.2 env: - name: MY_NODE_NAME valueFrom: @@ -516,6 +516,7 @@ spec: - --enable-network-policy=false - --enable-cloudwatch-logs=false - --enable-policy-event-logs=false + - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 @@ -557,6 +558,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 19f4344e31..42b7493257 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.2 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.1" + value: "v1.18.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2 env: - name: MY_NODE_NAME valueFrom: @@ -516,6 +516,7 @@ spec: - --enable-network-policy=false - --enable-cloudwatch-logs=false - --enable-policy-event-logs=false + - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 @@ -557,6 +558,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 4d23b6d3b6..895ccbe439 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.2 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.1" + value: "v1.18.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2 env: - name: MY_NODE_NAME valueFrom: @@ -516,6 +516,7 @@ spec: - --enable-network-policy=false - --enable-cloudwatch-logs=false - --enable-policy-event-logs=false + - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 @@ -557,6 +558,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index a251eb4951..a4c3788a03 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.2 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.2 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.1" + value: "v1.18.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +504,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2 env: - name: MY_NODE_NAME valueFrom: @@ -516,6 +516,7 @@ spec: - --enable-network-policy=false - --enable-cloudwatch-logs=false - --enable-policy-event-logs=false + - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 @@ -557,6 +558,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index de49632ecd..70f1cd8c48 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,13 +8,17 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cni-metrics-helper + labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: [""] resources: @@ -30,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -48,6 +52,9 @@ metadata: namespace: kube-system labels: k8s-app: cni-metrics-helper + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" spec: revisionHistoryLimit: 10 selector: @@ -56,6 +63,8 @@ spec: template: metadata: labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper k8s-app: cni-metrics-helper spec: containers: @@ -69,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.1" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 07f1de7329..071d9c5876 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,13 +8,17 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cni-metrics-helper + labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: [""] resources: @@ -30,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -48,6 +52,9 @@ metadata: namespace: kube-system labels: k8s-app: cni-metrics-helper + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" spec: revisionHistoryLimit: 10 selector: @@ -56,6 +63,8 @@ spec: template: metadata: labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper k8s-app: cni-metrics-helper spec: containers: @@ -69,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.1" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 48e17af476..8c4fd73e53 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,13 +8,17 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cni-metrics-helper + labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: [""] resources: @@ -30,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -48,6 +52,9 @@ metadata: namespace: kube-system labels: k8s-app: cni-metrics-helper + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" spec: revisionHistoryLimit: 10 selector: @@ -56,6 +63,8 @@ spec: template: metadata: labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper k8s-app: cni-metrics-helper spec: containers: @@ -69,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.1" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 4263fe5e4f..9e7a7d654d 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,13 +8,17 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cni-metrics-helper + labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" rules: - apiGroups: [""] resources: @@ -30,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -48,6 +52,9 @@ metadata: namespace: kube-system labels: k8s-app: cni-metrics-helper + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper + app.kubernetes.io/version: "v1.18.2" spec: revisionHistoryLimit: 10 selector: @@ -56,6 +63,8 @@ spec: template: metadata: labels: + app.kubernetes.io/name: cni-metrics-helper + app.kubernetes.io/instance: cni-metrics-helper k8s-app: cni-metrics-helper spec: containers: @@ -69,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 1c515ce856..baf144dc6e 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.1" -NODE_AGENT_VERSION="v1.1.1" +VPC_CNI_VERSION="v1.18.2" +NODE_AGENT_VERSION="v1.1.2" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 309410be11..0abf53b4ed 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.1" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.2" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From 83b8704339148a04c68ef1751c4971af30ad0eeb Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Wed, 12 Jun 2024 14:36:21 -0700 Subject: [PATCH 36/83] Update .go-version to 1.22.4 (#2950) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 89144dbc38..2a0ba77cc5 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.3 +1.22.4 From 9fdcb5f96c56154f5cfaaec2ea049e6c5bb14979 Mon Sep 17 00:00:00 2001 From: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Date: Wed, 12 Jun 2024 18:19:53 -0700 Subject: [PATCH 37/83] disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854) * disable leaked ENI cleanup routine when vpc-resource-controller is deployed * update helm version --------- Co-authored-by: Senthil Kumaran --- go.mod | 6 +- go.sum | 12 +- pkg/awsutils/awsutils.go | 45 +++-- pkg/awsutils/awsutils_test.go | 190 ++++++++++++++---- pkg/config/type.go | 32 +++ pkg/ipamd/ipamd.go | 44 +++- pkg/ipamd/ipamd_test.go | 108 ++++++++-- test/framework/resources/k8s/manager.go | 7 + .../resources/k8s/resources/cninode.go | 41 ++++ test/integration/ipamd/cninode_test.go | 36 ++++ test/integration/ipamd/eni_ip_leak_test.go | 3 - test/integration/ipamd/eni_tag_test.go | 18 ++ test/integration/ipamd/ipamd_suite_test.go | 2 +- 13 files changed, 453 insertions(+), 91 deletions(-) create mode 100644 pkg/config/type.go create mode 100644 test/framework/resources/k8s/resources/cninode.go create mode 100644 test/integration/ipamd/cninode_test.go diff --git a/go.mod b/go.mod index cba660a484..fdc96a6f54 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 - go.uber.org/zap v1.27.0 + go.uber.org/zap v1.26.0 golang.org/x/net v0.24.0 golang.org/x/sys v0.19.0 google.golang.org/grpc v1.62.0 @@ -32,8 +32,8 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.30.1 - k8s.io/apimachinery v0.30.1 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 k8s.io/cli-runtime v0.29.0 k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 diff --git a/go.sum b/go.sum index 05ccee6cfa..1632fc53e1 100644 --- a/go.sum +++ b/go.sum @@ -460,8 +460,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= -go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -608,12 +608,12 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index f9ba346915..c88bac4e4d 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -30,6 +30,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" + "github.com/aws/amazon-vpc-cni-k8s/pkg/config" "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" @@ -54,11 +55,11 @@ const ( // AllocENI need to choose a first free device number between 0 and maxENI // 100 is a hard limit because we use vlanID + 100 for pod networking table names - maxENIs = 100 - clusterNameEnvVar = "CLUSTER_NAME" - eniNodeTagKey = "node.k8s.amazonaws.com/instance_id" - eniCreatedAtTagKey = "node.k8s.amazonaws.com/createdAt" - eniClusterTagKey = "cluster.k8s.amazonaws.com/name" + maxENIs = 100 + + // ENI tags + eniCreatedAtTagKey = "node.k8s.amazonaws.com/createdAt" + additionalEniTagsEnvVar = "ADDITIONAL_ENI_TAGS" reservedTagKeyPrefix = "k8s.amazonaws.com" subnetDiscoveryTagKey = "kubernetes.io/role/cni" @@ -213,6 +214,8 @@ type EC2InstanceMetadataCache struct { enablePrefixDelegation bool clusterName string + clusterNameEnvVal string + nodeName string additionalENITags map[string]string imds TypedIMDS @@ -353,7 +356,7 @@ func (i instrumentedIMDS) GetMetadataWithContext(ctx context.Context, p string) } // New creates an EC2InstanceMetadataCache -func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Enabled, v6Enabled bool) (*EC2InstanceMetadataCache, error) { +func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Enabled, v6Enabled bool, clusterName, nodeName string) (*EC2InstanceMetadataCache, error) { // ctx is passed to initWithEC2Metadata func to cancel spawned go-routines when tests are run ctx := context.Background() @@ -361,7 +364,9 @@ func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Ena ec2Metadata := ec2metadata.New(sess) cache := &EC2InstanceMetadataCache{} cache.imds = TypedIMDS{instrumentedIMDS{ec2Metadata}} - cache.clusterName = os.Getenv(clusterNameEnvVar) + cache.clusterName = clusterName + cache.clusterNameEnvVal = os.Getenv(config.ClusterNameEnv) + cache.nodeName = nodeName cache.additionalENITags = loadAdditionalENITags() region, err := ec2Metadata.Region() @@ -982,14 +987,24 @@ func (cache *EC2InstanceMetadataCache) tryCreateNetworkInterface(input *ec2.Crea // buildENITags computes the desired AWS Tags for eni func (cache *EC2InstanceMetadataCache) buildENITags() map[string]string { tags := map[string]string{ - eniNodeTagKey: cache.instanceID, + // TODO: deprecate instance ID tag to replace with nodename to align with tag used in vpc-resource-controller + config.ENIInstanceIDTag: cache.instanceID, } - // If clusterName is provided, - // tag the ENI with "cluster.k8s.amazonaws.com/name=" + // clusterName is set from CNINode created by vpc-resource-controller, add the new tags only when it is set so controller can deleted leaked ENIs + // If it is not set then likely the controller is not running, so skip if cache.clusterName != "" { - tags[eniClusterTagKey] = cache.clusterName + tags[fmt.Sprintf(config.ClusterNameTagKeyFormat, cache.clusterName)] = config.ClusterNameTagValue + tags[config.ENINodeNameTagKey] = cache.nodeName + tags[config.ENIOwnerTagKey] = config.ENIOwnerTagValue + } + + if cache.clusterNameEnvVal != "" { + // TODO: deprecate this tag to replace with "kubernetes.io/cluster/:owned" to align with tag used in vpc-resource-controller + // for backward compatibily, add tag if CLUSTER_NAME ENV is set + tags[config.ClusterNameTagKey] = cache.clusterNameEnvVal } + for key, value := range cache.additionalENITags { tags[key] = value } @@ -1877,7 +1892,7 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, { Name: aws.String("tag-key"), Values: []*string{ - aws.String(eniNodeTagKey), + aws.String(config.ENIInstanceIDTag), }, }, { @@ -1893,11 +1908,11 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, }, }, } - if cache.clusterName != "" { + if cache.clusterNameEnvVal != "" { leakedENIFilters = append(leakedENIFilters, &ec2.Filter{ - Name: aws.String(fmt.Sprintf("tag:%s", eniClusterTagKey)), + Name: aws.String(fmt.Sprintf("tag:%s", config.ClusterNameTagKey)), Values: []*string{ - aws.String(cache.clusterName), + aws.String(cache.clusterNameEnvVal), }, }) } diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index cf93040526..fb84f3829f 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -31,6 +31,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/amazon-vpc-cni-k8s/pkg/config" mock_ec2wrapper "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper/mocks" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" v1 "k8s.io/api/core/v1" @@ -1142,7 +1143,7 @@ func TestEC2InstanceMetadataCache_cleanUpLeakedENIsInternal(t *testing.T) { interfaces := []*ec2.NetworkInterface{{ Description: &description, TagSet: []*ec2.Tag{ - {Key: aws.String(eniNodeTagKey), Value: aws.String("test-value")}, + {Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("test-value")}, }, }} @@ -1170,7 +1171,9 @@ func setupDescribeNetworkInterfacesPagesWithContextMock( func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { type fields struct { instanceID string + nodeName string clusterName string + clusterNameEnv string additionalENITags map[string]string } tests := []struct { @@ -1182,35 +1185,52 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { name: "without clusterName or additionalENITags", fields: fields{ instanceID: "i-xxxxx", + nodeName: "fake-node", }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", + config.ENIInstanceIDTag: "i-xxxxx", }, }, { name: "with clusterName", fields: fields{ instanceID: "i-xxxxx", + nodeName: "fake-node", clusterName: "awesome-cluster", }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", - "cluster.k8s.amazonaws.com/name": "awesome-cluster", + config.ENIInstanceIDTag: "i-xxxxx", + config.ENINodeNameTagKey: "fake-node", + config.ENIOwnerTagKey: config.ENIOwnerTagValue, + fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster"): config.ClusterNameTagValue, + }, + }, + { + name: "without clusterName but ENV is set", + fields: fields{ + instanceID: "i-xxxxx", + nodeName: "fake-node", + clusterNameEnv: "awesome-cluster", + }, + want: map[string]string{ + config.ENIInstanceIDTag: "i-xxxxx", + config.ClusterNameTagKey: "awesome-cluster", }, }, { name: "with additional ENI tags", fields: fields{ instanceID: "i-xxxxx", + nodeName: "fake-node", additionalENITags: map[string]string{ "tagKey-1": "tagVal-1", "tagKey-2": "tagVal-2", }, }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", - "tagKey-1": "tagVal-1", - "tagKey-2": "tagVal-2", + config.ENIInstanceIDTag: "i-xxxxx", + "tagKey-1": "tagVal-1", + "tagKey-2": "tagVal-2", }, }, } @@ -1219,6 +1239,8 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { cache := &EC2InstanceMetadataCache{ instanceID: tt.fields.instanceID, clusterName: tt.fields.clusterName, + clusterNameEnvVal: tt.fields.clusterNameEnv, + nodeName: tt.fields.nodeName, additionalENITags: tt.fields.additionalENITags, } got := cache.buildENITags() @@ -1255,7 +1277,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1288,7 +1310,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1310,7 +1332,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1332,7 +1354,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1353,7 +1375,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1375,7 +1397,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1402,7 +1424,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1424,7 +1446,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1451,7 +1473,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1484,7 +1506,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1510,7 +1532,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1518,7 +1540,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(config.ClusterNameTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1536,7 +1558,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1544,7 +1566,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(config.ClusterNameTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1561,7 +1583,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1587,7 +1609,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1595,7 +1617,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(config.ClusterNameTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1618,7 +1640,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []*string{aws.String(config.ENIInstanceIDTag)}, }, { Name: aws.String("status"), @@ -1644,7 +1666,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxxx"), }, { @@ -1652,7 +1674,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(now.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(config.ClusterNameTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1685,7 +1707,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { return nil }) } - cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, clusterName: tt.fields.clusterName, vpcID: vpcID} + cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, clusterNameEnvVal: tt.fields.clusterName, vpcID: vpcID} got, err := cache.getLeakedENIs() if tt.wantErr != nil { assert.EqualError(t, err, tt.wantErr.Error()) @@ -1705,6 +1727,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { type fields struct { instanceID string clusterName string + clusterNameEnvVal string + nodeName string additionalENITags map[string]string createTagsCalls []createTagsCall @@ -1724,19 +1748,29 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", + nodeName: "fake-node", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), - Value: aws.String("awesome-cluster"), + Key: aws.String(config.ENIOwnerTagKey), + Value: aws.String(config.ENIOwnerTagValue), }, { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), + Value: aws.String(config.ClusterNameTagValue), + }, + { + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxx"), }, + + { + Key: aws.String(config.ENINodeNameTagKey), + Value: aws.String("fake-node"), + }, }, }, }, @@ -1753,13 +1787,16 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", + nodeName: "fake-node", createTagsCalls: nil, }, args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxx", - "cluster.k8s.amazonaws.com/name": "awesome-cluster", + config.ENIInstanceIDTag: "i-xxxx", + config.ENINodeNameTagKey: "fake-node", + fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster"): config.ClusterNameTagValue, + config.ENIOwnerTagKey: config.ENIOwnerTagValue, }, }, wantErr: nil, @@ -1769,13 +1806,77 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", + nodeName: "fake-node", + createTagsCalls: []createTagsCall{ + { + input: &ec2.CreateTagsInput{ + Resources: []*string{aws.String("eni-xxxx")}, + Tags: []*ec2.Tag{ + { + Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), + Value: aws.String(config.ClusterNameTagValue), + }, + { + Key: aws.String(config.ENINodeNameTagKey), + Value: aws.String("fake-node"), + }, + }, + }, + }, + }, + }, + args: args{ + eniID: "eni-xxxx", + currentTags: map[string]string{ + config.ENIInstanceIDTag: "i-xxxx", + config.ENIOwnerTagKey: config.ENIOwnerTagValue, + "anotherKey": "anotherDay", + }, + }, + wantErr: nil, + }, + { + name: "eni currently have partial tags, missing cluster name", + fields: fields{ + instanceID: "i-xxxx", + nodeName: "fake-node", + createTagsCalls: nil, + // []createTagsCall{ + // { + // input: &ec2.CreateTagsInput{ + // Resources: []*string{aws.String("eni-xxxx")}, + // Tags: []*ec2.Tag{ + // // { + // // Key: aws.String(config.ENINodeNameTagKey), + // // Value: aws.String("fake-node"), + // // }, + // }, + // }, + // }, + // }, + }, + args: args{ + eniID: "eni-xxxx", + currentTags: map[string]string{ + config.ENIInstanceIDTag: "i-xxxx", + "anotherKey": "anotherDay", + }, + }, + wantErr: nil, + }, + { + name: "eni currently have partial tags, missing cluster name from CNINode but ENV set", + fields: fields{ + instanceID: "i-xxxx", + nodeName: "fake-node", + clusterNameEnvVal: "awesome-cluster", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(config.ClusterNameTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1786,8 +1887,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxx", - "anotherKey": "anotherDay", + config.ENIInstanceIDTag: "i-xxxx", + "anotherKey": "anotherDay", }, }, wantErr: nil, @@ -1797,19 +1898,28 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", + nodeName: "fake-node", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), - Value: aws.String("awesome-cluster"), + Key: aws.String(config.ENIOwnerTagKey), + Value: aws.String(config.ENIOwnerTagValue), + }, + { + Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), + Value: aws.String(config.ClusterNameTagValue), }, { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("i-xxxx"), }, + { + Key: aws.String(config.ENINodeNameTagKey), + Value: aws.String("fake-node"), + }, }, }, err: errors.New("permission denied"), @@ -1836,6 +1946,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { ec2SVC: mockEC2, instanceID: tt.fields.instanceID, clusterName: tt.fields.clusterName, + clusterNameEnvVal: tt.fields.clusterNameEnvVal, + nodeName: tt.fields.nodeName, additionalENITags: tt.fields.additionalENITags, } err := cache.TagENI(tt.args.eniID, tt.args.currentTags) diff --git a/pkg/config/type.go b/pkg/config/type.go new file mode 100644 index 0000000000..ec658b2caf --- /dev/null +++ b/pkg/config/type.go @@ -0,0 +1,32 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package config + +// Constant values used in aws-node +// TODO: consolidate all constants in the project +const ( + // Cluster name ENV + ClusterNameEnv = "CLUSTER_NAME" + // ENI tags + ClusterNameTagKeyFormat = "kubernetes.io/cluster/%s" + ClusterNameTagValue = "owned" + + ClusterNameTagKey = "cluster.k8s.amazonaws.com/name" + ENIInstanceIDTag = "node.k8s.amazonaws.com/instance_id" + ENINodeNameTagKey = "node.k8s.amazonaws.com/nodename" + + // ENI owner tag + ENIOwnerTagKey = "eks:eni:owner" + ENIOwnerTagValue = "amazon-vpc-cni" +) diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 33f75900f5..cb11da3811 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -39,6 +39,7 @@ import ( "k8s.io/client-go/util/retry" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" + "github.com/aws/amazon-vpc-cni-k8s/pkg/config" "github.com/aws/amazon-vpc-cni-k8s/pkg/eniconfig" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" @@ -166,8 +167,6 @@ const ( // envManageUntaggedENI is used to determine if untagged ENIs should be managed or unmanaged envManageUntaggedENI = "MANAGE_UNTAGGED_ENI" - eniNodeTagKey = "node.k8s.amazonaws.com/instance_id" - // envAnnotatePodIP is used to annotate[vpc.amazonaws.com/pod-ips] pod's with IPs // Ref : https://github.com/projectcalico/calico/issues/3530 // not present; in which case we fall back to the k8s podIP @@ -246,7 +245,7 @@ func (c *IPAMContext) setUnmanagedENIs(tagMap map[string]awsutils.TagMap) { if tags[eniNoManageTagKey] != "true" { continue } - } else if _, found := tags[eniNodeTagKey]; found && tags[eniNodeTagKey] == c.awsClient.GetInstanceID() { + } else if _, found := tags[config.ENIInstanceIDTag]; found && tags[config.ENIInstanceIDTag] == c.awsClient.GetInstanceID() { continue } else if c.enableManageUntaggedMode { continue @@ -342,7 +341,16 @@ func New(k8sClient client.Client) (*IPAMContext, error) { c.enableIPv4 = isIPv4Enabled() c.enableIPv6 = isIPv6Enabled() c.disableENIProvisioning = disableENIProvisioning() - client, err := awsutils.New(c.useSubnetDiscovery, c.useCustomNetworking, disableLeakedENICleanup(), c.enableIPv4, c.enableIPv6) + c.myNodeName = os.Getenv(envNodeName) + + var clusterName string + clusterName, err := getClusterName(c.k8sClient, c.myNodeName) + if err != nil { + // only log the error, fallback to running cleanup routine on the aws-node + log.Error("failed to get cluster name from CNINode") + } + + client, err := awsutils.New(c.useSubnetDiscovery, c.useCustomNetworking, disableLeakedENICleanup(clusterName), c.enableIPv4, c.enableIPv6, clusterName, c.myNodeName) if err != nil { return nil, errors.Wrap(err, "ipamd: can not initialize with AWS SDK interface") } @@ -377,7 +385,7 @@ func New(k8sClient client.Client) (*IPAMContext, error) { } c.awsClient.InitCachedPrefixDelegation(c.enablePrefixDelegation) - c.myNodeName = os.Getenv(envNodeName) + checkpointer := datastore.NewJSONFile(dsBackingStorePath()) c.dataStore = datastore.NewDataStore(log, checkpointer, c.enablePrefixDelegation) @@ -1743,7 +1751,13 @@ func disableENIProvisioning() bool { return utils.GetBoolAsStringEnvVar(envDisableENIProvisioning, false) } -func disableLeakedENICleanup() bool { +func disableLeakedENICleanup(clusterName string) bool { + + // cluster name is read from the CNINode CRD created by vpc-resource-controller and if found controller will run the cleanup routine to delete leaked ENIs + // so set disable leaked ENI cleanup to true on aws-node + if clusterName != "" { + return true + } // Cases where leaked ENI cleanup is disabled: // 1. IPv6 is enabled, so no ENIs are attached // 2. ENI provisioning is disabled, so ENIs are not managed by IPAMD @@ -2335,3 +2349,21 @@ func (c *IPAMContext) AddFeatureToCNINode(ctx context.Context, featureName rcv1a newCNINode.Spec.Features = append(newCNINode.Spec.Features, newFeature) return c.k8sClient.Patch(ctx, newCNINode, client.MergeFromWithOptions(cniNode, client.MergeFromWithOptimisticLock{})) } + +// getClusterName returns the cluster name by reading CNINode Tags field +func getClusterName(k8sClient client.Client, nodeName string) (string, error) { + cniNode := &rcv1alpha1.CNINode{} + err := retry.OnError(retry.DefaultBackoff, func(error) bool { return true }, + func() error { + return k8sClient.Get(context.TODO(), types.NamespacedName{Name: nodeName}, cniNode) + }) + if err != nil { + return "", errors.Wrap(err, "failed to get CNINode") + } + + if val, ok := cniNode.Spec.Tags[config.ClusterNameTagKey]; ok { + return val, nil + } + + return "", fmt.Errorf("cluster name tag not found in CNINode") +} diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index 7dc6133a34..277e06d6d3 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -30,7 +30,6 @@ import ( "github.com/samber/lo" "github.com/stretchr/testify/assert" "github.com/vishvananda/netlink" - corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -40,10 +39,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" testclient "sigs.k8s.io/controller-runtime/pkg/client/fake" - "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" eniconfigscheme "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" mock_awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/mocks" + "github.com/aws/amazon-vpc-cni-k8s/pkg/config" mock_eniconfig "github.com/aws/amazon-vpc-cni-k8s/pkg/eniconfig/mocks" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" mock_networkutils "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils/mocks" @@ -80,6 +79,7 @@ const ( v6prefix01 = "2001:db8::/64" instanceID = "i-0e1f3b9eb950e4980" externalEniConfigLabel = "vpc.amazonaws.com/externalEniConfig" + clusterName = "fake-cluster" ) type testMocks struct { @@ -520,7 +520,7 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) testAddr12 := ipaddr12 eni2 := secENIid - podENIConfig := &v1alpha1.ENIConfigSpec{ + podENIConfig := &eniconfigscheme.ENIConfigSpec{ SecurityGroups: []string{"sg1-id", "sg2-id"}, Subnet: "subnet1", } @@ -587,15 +587,15 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) Status: v1.NodeStatus{}, } if unschedulabeNode { - fakeNode.Spec.Taints = append(fakeNode.Spec.Taints, corev1.Taint{ + fakeNode.Spec.Taints = append(fakeNode.Spec.Taints, v1.Taint{ Key: "node.kubernetes.io/unschedulable", - Effect: corev1.TaintEffectNoSchedule, + Effect: v1.TaintEffectNoSchedule, }) } m.k8sClient.Create(ctx, &fakeNode) // Create a dummy ENIConfig - fakeENIConfig := v1alpha1.ENIConfig{ + fakeENIConfig := eniconfigscheme.ENIConfig{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{Name: "az1"}, Spec: eniconfigscheme.ENIConfigSpec{ @@ -665,7 +665,7 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { testPrefix2 := prefix02 eni2 := secENIid - podENIConfig := &v1alpha1.ENIConfigSpec{ + podENIConfig := &eniconfigscheme.ENIConfigSpec{ SecurityGroups: []string{"sg1-id", "sg2-id"}, Subnet: "subnet1", } @@ -736,7 +736,7 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { m.k8sClient.Create(ctx, &fakeNode) //Create a dummy ENIConfig - fakeENIConfig := v1alpha1.ENIConfig{ + fakeENIConfig := eniconfigscheme.ENIConfig{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{Name: "az1"}, Spec: eniconfigscheme.ENIConfigSpec{ @@ -1410,10 +1410,10 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { eni3.ENIID: {"hi": "tag", eniNoManageTagKey: "false"}} Test4TagMap := map[string]awsutils.TagMap{ eni2.ENIID: {"hi": "tag", eniNoManageTagKey: "true"}, - eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} + eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} Test5TagMap := map[string]awsutils.TagMap{ - eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, - eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} + eni2.ENIID: {"hi": "tag", config.ENIInstanceIDTag: "i-abcdabcdabcd"}, + eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} tests := []struct { name string @@ -1462,7 +1462,7 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { if tags[eniNoManageTagKey] == "true" { return true } - } else if _, ok := tags[eniNodeTagKey]; ok && tags[eniNodeTagKey] != instanceID { + } else if _, ok := tags[config.ENIInstanceIDTag]; ok && tags[config.ENIInstanceIDTag] != instanceID { return true } } @@ -1498,10 +1498,10 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) eni3.ENIID: {"hi": "tag", eniNoManageTagKey: "false"}} Test4TagMap := map[string]awsutils.TagMap{ eni2.ENIID: {"hi": "tag", eniNoManageTagKey: "true"}, - eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} + eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} Test5TagMap := map[string]awsutils.TagMap{ - eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, - eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} + eni2.ENIID: {"hi": "tag", config.ENIInstanceIDTag: "i-abcdabcdabcd"}, + eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} tests := []struct { name string @@ -1553,7 +1553,7 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) if tags[eniNoManageTagKey] == "true" { return true } - } else if _, ok := tags[eniNodeTagKey]; ok && tags[eniNodeTagKey] != instanceID { + } else if _, ok := tags[config.ENIInstanceIDTag]; ok && tags[config.ENIInstanceIDTag] != instanceID { return true } } @@ -1998,7 +1998,7 @@ func TestIPAMContext_enableSecurityGroupsForPods(t *testing.T) { mockContext.enablePodENI = true mockContext.tryEnableSecurityGroupsForPods(ctx) - var notUpdatedNode corev1.Node + var notUpdatedNode v1.Node NodeKey := types.NamespacedName{ Namespace: "", Name: myNodeName, @@ -2174,7 +2174,7 @@ func TestAnnotatePod(t *testing.T) { ctx := context.Background() // Define the Pod objects to test - pod := corev1.Pod{ + pod := v1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "test-pod", Namespace: "test-namespace", @@ -2362,3 +2362,75 @@ func TestAddFeatureToCNINode(t *testing.T) { }) } } + +func TestGetClusterName(t *testing.T) { + type args struct { + nodeName string + cniNode *rcscheme.CNINode + } + tests := []struct { + name string + expectedClusterName string + args args + wantErr bool + }{ + { + name: "CNINode contains cluster name tag", + expectedClusterName: clusterName, + args: args{ + nodeName: myNodeName, + cniNode: &rcscheme.CNINode{ + ObjectMeta: metav1.ObjectMeta{ + Name: myNodeName, + Namespace: "", + }, + Spec: rcscheme.CNINodeSpec{ + Tags: map[string]string{ + config.ClusterNameTagKey: clusterName, + }, + }, + }, + }, + wantErr: false, + }, + { + name: "CNINode does not contain cluster name", + expectedClusterName: "", + args: args{ + nodeName: myNodeName, + cniNode: &rcscheme.CNINode{ + ObjectMeta: metav1.ObjectMeta{ + Name: myNodeName, + Namespace: "", + }, + }, + }, + wantErr: true, + }, + { + name: "CNINode does not exist", + expectedClusterName: "", + args: args{ + nodeName: myNodeName, + cniNode: &rcscheme.CNINode{ + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-node", + Namespace: "", + }, + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := setup(t) + defer m.ctrl.Finish() + + m.k8sClient.Create(context.Background(), tt.args.cniNode) + clusterName, err := getClusterName(m.k8sClient, tt.args.nodeName) + assert.Equal(t, tt.expectedClusterName, clusterName) + assert.Equal(t, err != nil, tt.wantErr) + }) + } +} diff --git a/test/framework/resources/k8s/manager.go b/test/framework/resources/k8s/manager.go index 23de806201..13e7003c61 100644 --- a/test/framework/resources/k8s/manager.go +++ b/test/framework/resources/k8s/manager.go @@ -34,6 +34,7 @@ type ResourceManagers interface { ConfigMapManager() resources.ConfigMapManager NetworkPolicyManager() resources.NetworkPolicyManager EventManager() resources.EventManager + CNINodeManager() resources.CNINodeManager } type defaultManager struct { @@ -48,6 +49,7 @@ type defaultManager struct { configMapManager resources.ConfigMapManager networkPolicyManager resources.NetworkPolicyManager eventManager resources.EventManager + cniNodeManager resources.CNINodeManager } func NewResourceManager(k8sClient client.Client, k8sClientset *kubernetes.Clientset, scheme *runtime.Scheme, config *rest.Config) ResourceManagers { @@ -63,6 +65,7 @@ func NewResourceManager(k8sClient client.Client, k8sClientset *kubernetes.Client configMapManager: resources.NewConfigMapManager(k8sClient), networkPolicyManager: resources.NewNetworkPolicyManager(k8sClient), eventManager: resources.NewEventManager(k8sClient), + cniNodeManager: resources.NewCNINodeManager(k8sClient), } } @@ -109,3 +112,7 @@ func (m *defaultManager) NetworkPolicyManager() resources.NetworkPolicyManager { func (m defaultManager) EventManager() resources.EventManager { return m.eventManager } + +func (m *defaultManager) CNINodeManager() resources.CNINodeManager { + return m.cniNodeManager +} diff --git a/test/framework/resources/k8s/resources/cninode.go b/test/framework/resources/k8s/resources/cninode.go new file mode 100644 index 0000000000..c74141a34d --- /dev/null +++ b/test/framework/resources/k8s/resources/cninode.go @@ -0,0 +1,41 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package resources + +import ( + "context" + + rcv1alpha1 "github.com/aws/amazon-vpc-resource-controller-k8s/apis/vpcresources/v1alpha1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +type CNINodeManager interface { + GetCNINode(nodeName string) (*rcv1alpha1.CNINode, error) +} + +type defaultCNINodeManager struct { + k8sClient client.Client +} + +func (c defaultCNINodeManager) GetCNINode(nodeName string) (*rcv1alpha1.CNINode, error) { + cniNode := &rcv1alpha1.CNINode{} + err := c.k8sClient.Get(context.Background(), types.NamespacedName{Name: nodeName}, cniNode) + return cniNode, err + +} + +func NewCNINodeManager(k8sClient client.Client) CNINodeManager { + return &defaultCNINodeManager{k8sClient: k8sClient} +} diff --git a/test/integration/ipamd/cninode_test.go b/test/integration/ipamd/cninode_test.go new file mode 100644 index 0000000000..f65ba683a9 --- /dev/null +++ b/test/integration/ipamd/cninode_test.go @@ -0,0 +1,36 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package ipamd + +import ( + "github.com/aws/amazon-vpc-cni-k8s/pkg/config" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +var _ = Describe("CNINode Validation", func() { + Describe("Validate CNINode contains cluster name tag", func() { + Context("when nodes are ready", func() { + It("should have the cluster name tag populated", func() { + By("getting CNINode for the primary node and verify cluster name tag exists") + cniNode, err := f.K8sResourceManagers.CNINodeManager().GetCNINode(primaryNode.Name) + Expect(err).ToNot(HaveOccurred()) + val, ok := cniNode.Spec.Tags[config.ClusterNameTagKey] + Expect(ok).To(BeTrue()) + Expect(val).To(Equal(f.Options.ClusterName)) + }) + }) + }) +}) diff --git a/test/integration/ipamd/eni_ip_leak_test.go b/test/integration/ipamd/eni_ip_leak_test.go index 0e765c6425..8257bac7d5 100644 --- a/test/integration/ipamd/eni_ip_leak_test.go +++ b/test/integration/ipamd/eni_ip_leak_test.go @@ -3,8 +3,6 @@ package ipamd import ( "time" - v1 "k8s.io/api/core/v1" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -13,7 +11,6 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" ) -var primaryNode v1.Node var numOfNodes int var _ = Describe("[CANARY][SMOKE] ENI/IP Leak Test", func() { diff --git a/test/integration/ipamd/eni_tag_test.go b/test/integration/ipamd/eni_tag_test.go index 661f900c5e..07924bf088 100644 --- a/test/integration/ipamd/eni_tag_test.go +++ b/test/integration/ipamd/eni_tag_test.go @@ -132,6 +132,24 @@ var _ = Describe("test tags are created on Secondary ENI", func() { VerifyTagIsPresentOnENIs(newENIs, expectedTags) }) }) + Context("when additional secondary ENI are created without setting CLUSTER_NAME", func() { + BeforeEach(func() { + expectedTags = map[string]string{ + "kubernetes.io/cluster/" + f.Options.ClusterName: "owned", + "node.k8s.amazonaws.com/nodename": primaryNode.Name, + "eks:eni:owner": "amazon-vpc-cni", + } + + environmentVariables = map[string]string{ + "WARM_ENI_TARGET": "2", + } + }) + + It("new secondary ENI should have cluster name tags read from CNINode", func() { + Skip("skip till vpc-resource-controller release") + VerifyTagIsPresentOnENIs(newENIs, expectedTags) + }) + }) }) // VerifyTagIsPresentOnENIs verifies that the list of ENIs have expected tag key-val pair diff --git a/test/integration/ipamd/ipamd_suite_test.go b/test/integration/ipamd/ipamd_suite_test.go index 2caca00f83..44ed2bb242 100644 --- a/test/integration/ipamd/ipamd_suite_test.go +++ b/test/integration/ipamd/ipamd_suite_test.go @@ -34,6 +34,7 @@ const ( ) var coreDNSDeploymentCopy *v1.Deployment +var primaryNode *corev1.Node func TestIPAMD(t *testing.T) { RegisterFailHandler(Fail) @@ -56,7 +57,6 @@ var _ = BeforeSuite(func() { // Nominate the first untainted node as the one to run coredns deployment against By("adding nodeSelector in coredns deployment to be scheduled on single node") - var primaryNode *corev1.Node for _, n := range nodeList.Items { if len(n.Spec.Taints) == 0 { primaryNode = &n From 1829b87bc880a763f9cfc328c2526726da549949 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 14:59:56 -0700 Subject: [PATCH 38/83] Bump github.com/containernetworking/cni from 1.1.2 to 1.2.0 (#2901) Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.1.2...v1.2.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 2 +- go.sum | 32 ++------------------------------ 2 files changed, 3 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index fdc96a6f54..05143dd4f9 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 github.com/aws/aws-sdk-go v1.51.32 - github.com/containernetworking/cni v1.1.2 + github.com/containernetworking/cni v1.2.0 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 diff --git a/go.sum b/go.sum index 1632fc53e1..d0a7cabe9d 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5Z github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= -github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= +github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= +github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= github.com/containernetworking/plugins v1.4.1 h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA= github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= @@ -124,8 +124,6 @@ github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6 github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -151,7 +149,6 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= @@ -180,7 +177,6 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= @@ -204,7 +200,6 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -230,11 +225,9 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= @@ -333,17 +326,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -495,20 +479,13 @@ golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -541,7 +518,6 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -574,7 +550,6 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= @@ -585,15 +560,12 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= From 71263b9a0af8422779291a3198732c797628ad9d Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 14 Jun 2024 15:58:00 -0700 Subject: [PATCH 39/83] Update test options default value and help. (#2955) --- test/framework/options.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/framework/options.go b/test/framework/options.go index d99eda6c2d..82e2677928 100644 --- a/test/framework/options.go +++ b/test/framework/options.go @@ -56,8 +56,8 @@ func (options *Options) BindFlags() { flag.StringVar(&options.ClusterName, "cluster-name", "", `Kubernetes cluster name (required)`) flag.StringVar(&options.AWSRegion, "aws-region", "", `AWS Region for the kubernetes cluster`) flag.StringVar(&options.AWSVPCID, "aws-vpc-id", "", `AWS VPC ID for the kubernetes cluster`) - flag.StringVar(&options.NgNameLabelKey, "ng-name-label-key", "eks.amazonaws.com/nodegroup", "label key used to identify nodegroup name") - flag.StringVar(&options.NgNameLabelVal, "ng-name-label-val", "", "label value with the nodegroup name") + flag.StringVar(&options.NgNameLabelKey, "ng-name-label-key", "kubernetes.io/os", "label key used to identify node") + flag.StringVar(&options.NgNameLabelVal, "ng-name-label-val", "linux", "label value with the node") flag.StringVar(&options.EKSEndpoint, "eks-endpoint", "", "optional eks api server endpoint") flag.StringVar(&options.InitialAddon, "initial-addon-version", "", "Initial CNI addon version before upgrade applied") flag.StringVar(&options.TargetAddon, "target-addon-version", "", "Target CNI addon version after upgrade applied") From 86f2c728ded8e761b2bd1d9cd3af2ed819bd29c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 22:57:13 -0700 Subject: [PATCH 40/83] Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.18.4 (#2962) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.0 to 0.18.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.18.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 05143dd4f9..34a3d07afa 100644 --- a/go.mod +++ b/go.mod @@ -32,11 +32,11 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.29.3 - sigs.k8s.io/controller-runtime v0.17.0 + k8s.io/client-go v0.30.1 + sigs.k8s.io/controller-runtime v0.18.4 ) require ( @@ -66,7 +66,7 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.13.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect @@ -158,9 +158,9 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.29.0 // indirect - k8s.io/apiserver v0.29.0 // indirect - k8s.io/component-base v0.29.0 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apiserver v0.30.1 // indirect + k8s.io/component-base v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.29.0 // indirect diff --git a/go.sum b/go.sum index d0a7cabe9d..e7e076fda3 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= @@ -580,20 +580,20 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= -k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= -k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= -k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= @@ -604,8 +604,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSn k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= From 4dc206ef020be02b688e945d1d91341a554ce418 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:16:09 -0700 Subject: [PATCH 41/83] Bump k8s.io/cli-runtime from 0.29.0 to 0.30.2 (#2965) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.29.0 to 0.30.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.29.0...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 34a3d07afa..1fd7a33ebe 100644 --- a/go.mod +++ b/go.mod @@ -32,10 +32,10 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.30.1 - k8s.io/apimachinery v0.30.1 - k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.30.1 + k8s.io/api v0.30.2 + k8s.io/apimachinery v0.30.2 + k8s.io/cli-runtime v0.30.2 + k8s.io/client-go v0.30.2 sigs.k8s.io/controller-runtime v0.18.4 ) diff --git a/go.sum b/go.sum index e7e076fda3..9b75c48cf8 100644 --- a/go.sum +++ b/go.sum @@ -580,18 +580,18 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= -k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= -k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= -k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE= +k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= From f716a1dee751f917d0e1f602ee0d3a9c6d749e56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:07:26 -0700 Subject: [PATCH 42/83] Bump helm.sh/helm/v3 from 3.14.3 to 3.15.2 (#2964) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.3 to 3.15.2. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.3...v3.15.2) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 19 +++++++++---------- go.sum | 38 ++++++++++++++++++-------------------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 1fd7a33ebe..dc7e694d2a 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.14.3 + helm.sh/helm/v3 v3.15.2 k8s.io/api v0.30.2 k8s.io/apimachinery v0.30.2 k8s.io/cli-runtime v0.30.2 @@ -57,13 +57,13 @@ require ( github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v24.0.6+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.9+incompatible // indirect + github.com/distribution/reference v0.5.0 // indirect + github.com/docker/cli v25.0.1+incompatible // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v25.0.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect - github.com/docker/go-units v0.5.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect @@ -120,11 +120,10 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect - github.com/morikuni/aec v1.0.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect + github.com/opencontainers/image-spec v1.1.0-rc6 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect @@ -163,9 +162,9 @@ require ( k8s.io/component-base v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.29.0 // indirect + k8s.io/kubectl v0.30.0 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - oras.land/oras-go v1.2.4 // indirect + oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index 9b75c48cf8..8d6437cda3 100644 --- a/go.sum +++ b/go.sum @@ -88,22 +88,22 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= -github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY= -github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= -github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= +github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= +github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= -github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= -github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= @@ -319,8 +319,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -332,8 +330,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= +github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -576,8 +574,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= -helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= +helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= +helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= @@ -598,12 +596,12 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= -k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= -oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From 0e3d4b1d4f80b1ee0bd8a89782452b66a8665652 Mon Sep 17 00:00:00 2001 From: Tsubasa Nagasawa Date: Sat, 22 Jun 2024 01:32:42 +0900 Subject: [PATCH 43/83] [cni-metrics-helper] Expose container port when enabling prometheus metrics (#2957) To scrape Prometheus metrics using the Prometheus Operator's PodMonitor, container ports must be exposed via PodSpec. Signed-off-by: Tsubasa Nagasawa Co-authored-by: Senthil Kumaran --- charts/cni-metrics-helper/templates/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index 192ce9e56e..7f7fbb6f4c 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -41,6 +41,11 @@ spec: {{- end }} name: cni-metrics-helper image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/cni-metrics-helper:{{- .Values.image.tag }}{{- end}}" +{{- if eq (get .Values.env "USE_PROMETHEUS") "true" }} + ports: + - containerPort: 61681 + name: metrics +{{- end }} serviceAccountName: {{ template "cni-metrics-helper.serviceAccountName" . }} {{- with .Values.tolerations }} tolerations: From 7619bdbddfcdf8d02b415ef16ec0851cbde7e6b5 Mon Sep 17 00:00:00 2001 From: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Date: Fri, 21 Jun 2024 15:46:20 -0700 Subject: [PATCH 44/83] Subnet Discovery - Unfilled ENI fix (#2954) Co-authored-by: Joseph Chen --- pkg/ipamd/datastore/data_store.go | 9 ++-- pkg/ipamd/ipamd.go | 80 +++++++++++++++++-------------- pkg/ipamd/ipamd_test.go | 54 ++++++++++++++++----- 3 files changed, 91 insertions(+), 52 deletions(-) diff --git a/pkg/ipamd/datastore/data_store.go b/pkg/ipamd/datastore/data_store.go index ba49b98bc3..02d5cd21f0 100644 --- a/pkg/ipamd/datastore/data_store.go +++ b/pkg/ipamd/datastore/data_store.go @@ -973,8 +973,9 @@ func (e *ENI) hasPods() bool { return e.AssignedIPv4Addresses() != 0 } -// GetENINeedsIP finds an ENI in the datastore that needs more IP addresses allocated -func (ds *DataStore) GetENINeedsIP(maxIPperENI int, skipPrimary bool) *ENI { +// GetAllocatableENIs finds ENIs in the datastore that needs more IP addresses allocated +func (ds *DataStore) GetAllocatableENIs(maxIPperENI int, skipPrimary bool) []*ENI { + var enis []*ENI ds.lock.Lock() defer ds.lock.Unlock() for _, eni := range ds.eniPool { @@ -985,10 +986,10 @@ func (ds *DataStore) GetENINeedsIP(maxIPperENI int, skipPrimary bool) *ENI { if len(eni.AvailableIPv4Cidrs) < maxIPperENI { ds.log.Debugf("Found ENI %s that has less than the maximum number of IP/Prefixes addresses allocated: cur=%d, max=%d", eni.ID, len(eni.AvailableIPv4Cidrs), maxIPperENI) - return eni + enis = append(enis, eni) } } - return nil + return enis } // RemoveUnusedENIFromStore removes a deletable ENI from the data store. diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index cb11da3811..ca3c0c3306 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -915,6 +915,7 @@ func (c *IPAMContext) tryAssignCidrs() (increasedPool bool, err error) { // For an ENI, try to fill in missing IPs on an existing ENI. // PRECONDITION: isDatastorePoolTooLow returned true func (c *IPAMContext) tryAssignIPs() (increasedPool bool, err error) { + // If WARM_IP_TARGET is set, only proceed if we are short of target short, _, warmIPTargetsDefined := c.datastoreTargetState(nil) if warmIPTargetsDefined && short == 0 { @@ -928,45 +929,50 @@ func (c *IPAMContext) tryAssignIPs() (increasedPool bool, err error) { } // Find an ENI where we can add more IPs - eni := c.dataStore.GetENINeedsIP(c.maxIPsPerENI, c.useCustomNetworking) - if eni != nil && len(eni.AvailableIPv4Cidrs) < c.maxIPsPerENI { - currentNumberOfAllocatedIPs := len(eni.AvailableIPv4Cidrs) - // Try to allocate all available IPs for this ENI - resourcesToAllocate := min((c.maxIPsPerENI - currentNumberOfAllocatedIPs), toAllocate) - output, err := c.awsClient.AllocIPAddresses(eni.ID, resourcesToAllocate) - if err != nil && !containsPrivateIPAddressLimitExceededError(err) { - log.Warnf("failed to allocate all available IP addresses on ENI %s, err: %v", eni.ID, err) - // Try to just get one more IP - output, err = c.awsClient.AllocIPAddresses(eni.ID, 1) + enis := c.dataStore.GetAllocatableENIs(c.maxIPsPerENI, c.useCustomNetworking) + for _, eni := range enis { + if len(eni.AvailableIPv4Cidrs) < c.maxIPsPerENI { + currentNumberOfAllocatedIPs := len(eni.AvailableIPv4Cidrs) + // Try to allocate all available IPs for this ENI + resourcesToAllocate := min((c.maxIPsPerENI - currentNumberOfAllocatedIPs), toAllocate) + output, err := c.awsClient.AllocIPAddresses(eni.ID, resourcesToAllocate) if err != nil && !containsPrivateIPAddressLimitExceededError(err) { - ipamdErrInc("increaseIPPoolAllocIPAddressesFailed") - return false, errors.Wrap(err, fmt.Sprintf("failed to allocate one IP addresses on ENI %s, err ", eni.ID)) + log.Warnf("failed to allocate all available IP addresses on ENI %s, err: %v", eni.ID, err) + // Try to just get one more IP + output, err = c.awsClient.AllocIPAddresses(eni.ID, 1) + if err != nil && !containsPrivateIPAddressLimitExceededError(err) { + ipamdErrInc("increaseIPPoolAllocIPAddressesFailed") + if c.useSubnetDiscovery && containsInsufficientCIDRsOrSubnetIPs(err) { + continue + } + return false, errors.Wrap(err, fmt.Sprintf("failed to allocate one IP addresses on ENI %s, err ", eni.ID)) + } } - } - var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress - if containsPrivateIPAddressLimitExceededError(err) { - log.Debug("AssignPrivateIpAddresses returned PrivateIpAddressLimitExceeded. This can happen if the data store is out of sync." + - "Returning without an error here since we will verify the actual state by calling EC2 to see what addresses have already assigned to this ENI.") - // This call to EC2 is needed to verify which IPs got attached to this ENI. - ec2ip4s, err = c.awsClient.GetIPv4sFromEC2(eni.ID) - if err != nil { - ipamdErrInc("increaseIPPoolGetENIaddressesFailed") - return true, errors.Wrap(err, "failed to get ENI IP addresses during IP allocation") - } - } else { - if output == nil { - ipamdErrInc("increaseIPPoolGetENIaddressesFailed") - return true, errors.Wrap(err, "failed to get ENI IP addresses during IP allocation") - } + var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress + if containsPrivateIPAddressLimitExceededError(err) { + log.Debug("AssignPrivateIpAddresses returned PrivateIpAddressLimitExceeded. This can happen if the data store is out of sync." + + "Returning without an error here since we will verify the actual state by calling EC2 to see what addresses have already assigned to this ENI.") + // This call to EC2 is needed to verify which IPs got attached to this ENI. + ec2ip4s, err = c.awsClient.GetIPv4sFromEC2(eni.ID) + if err != nil { + ipamdErrInc("increaseIPPoolGetENIaddressesFailed") + return true, errors.Wrap(err, "failed to get ENI IP addresses during IP allocation") + } + } else { + if output == nil { + ipamdErrInc("increaseIPPoolGetENIaddressesFailed") + return true, errors.Wrap(err, "failed to get ENI IP addresses during IP allocation") + } - ec2Addrs := output.AssignedPrivateIpAddresses - for _, ec2Addr := range ec2Addrs { - ec2ip4s = append(ec2ip4s, &ec2.NetworkInterfacePrivateIpAddress{PrivateIpAddress: aws.String(aws.StringValue(ec2Addr.PrivateIpAddress))}) + ec2Addrs := output.AssignedPrivateIpAddresses + for _, ec2Addr := range ec2Addrs { + ec2ip4s = append(ec2ip4s, &ec2.NetworkInterfacePrivateIpAddress{PrivateIpAddress: aws.String(aws.StringValue(ec2Addr.PrivateIpAddress))}) + } } + c.addENIsecondaryIPsToDataStore(ec2ip4s, eni.ID) + return true, nil } - c.addENIsecondaryIPsToDataStore(ec2ip4s, eni.ID) - return true, nil } return false, nil } @@ -1015,8 +1021,8 @@ func (c *IPAMContext) tryAssignPrefixes() (increasedPool bool, err error) { toAllocate := c.getPrefixesNeeded() // Returns an ENI which has space for more prefixes to be attached, but this // ENI might not suffice the WARM_IP_TARGET/WARM_PREFIX_TARGET - eni := c.dataStore.GetENINeedsIP(c.maxPrefixesPerENI, c.useCustomNetworking) - if eni != nil { + enis := c.dataStore.GetAllocatableENIs(c.maxPrefixesPerENI, c.useCustomNetworking) + for _, eni := range enis { currentNumberOfAllocatedPrefixes := len(eni.AvailableIPv4Cidrs) resourcesToAllocate := min((c.maxPrefixesPerENI - currentNumberOfAllocatedPrefixes), toAllocate) output, err := c.awsClient.AllocIPAddresses(eni.ID, resourcesToAllocate) @@ -1026,9 +1032,13 @@ func (c *IPAMContext) tryAssignPrefixes() (increasedPool bool, err error) { output, err = c.awsClient.AllocIPAddresses(eni.ID, 1) if err != nil && !containsPrivateIPAddressLimitExceededError(err) { ipamdErrInc("increaseIPPoolAllocIPAddressesFailed") + if c.useSubnetDiscovery && containsInsufficientCIDRsOrSubnetIPs(err) { + continue + } return false, errors.Wrap(err, fmt.Sprintf("failed to allocate one IPv4 prefix on ENI %s, err: %v", eni.ID, err)) } } + var ec2Prefixes []*ec2.Ipv4PrefixSpecification if containsPrivateIPAddressLimitExceededError(err) { log.Debug("AssignPrivateIpAddresses returned PrivateIpAddressLimitExceeded. This can happen if the data store is out of sync." + diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index 277e06d6d3..d522334257 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -25,6 +25,7 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" "github.com/golang/mock/gomock" "github.com/samber/lo" @@ -468,13 +469,18 @@ func getDummyENIMetadataWithV6Prefix() awsutils.ENIMetadata { func TestIncreaseIPPoolDefault(t *testing.T) { _ = os.Unsetenv(envCustomNetworkCfg) - testIncreaseIPPool(t, false, false) + testIncreaseIPPool(t, false, false, false) +} + +func TestIncreaseIPPoolSubnetDiscoveryUnfilledENI(t *testing.T) { + _ = os.Unsetenv(envCustomNetworkCfg) + testIncreaseIPPool(t, false, false, true) } func TestIncreaseIPPoolCustomENI(t *testing.T) { _ = os.Setenv(envCustomNetworkCfg, "true") _ = os.Setenv("MY_NODE_NAME", myNodeName) - testIncreaseIPPool(t, true, false) + testIncreaseIPPool(t, true, false, false) } // Testing that the ENI will be allocated on non schedulable node when the AWS_MANAGE_ENIS_NON_SCHEDULABLE is set to `true` @@ -482,7 +488,7 @@ func TestIncreaseIPPoolCustomENIOnNonSchedulableNode(t *testing.T) { _ = os.Setenv(envCustomNetworkCfg, "true") _ = os.Setenv(envManageENIsNonSchedulable, "true") _ = os.Setenv("MY_NODE_NAME", myNodeName) - testIncreaseIPPool(t, true, true) + testIncreaseIPPool(t, true, true, false) } // Testing that the ENI will NOT be allocated on non schedulable node when the AWS_MANAGE_ENIS_NON_SCHEDULABLE is not set @@ -490,10 +496,10 @@ func TestIncreaseIPPoolCustomENIOnNonSchedulableNodeDefault(t *testing.T) { _ = os.Unsetenv(envManageENIsNonSchedulable) _ = os.Setenv(envCustomNetworkCfg, "true") _ = os.Setenv("MY_NODE_NAME", myNodeName) - testIncreaseIPPool(t, true, true) + testIncreaseIPPool(t, true, true, false) } -func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) { +func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool, subnetDiscovery bool) { m := setup(t) defer m.ctrl.Finish() ctx := context.Background() @@ -506,11 +512,15 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) warmENITarget: 1, networkClient: m.network, useCustomNetworking: UseCustomNetworkCfg(), + useSubnetDiscovery: UseSubnetDiscovery(), manageENIsNonScheduleable: ManageENIsOnNonSchedulableNode(), primaryIP: make(map[string]string), terminating: int32(0), } mockContext.dataStore = testDatastore() + if subnetDiscovery { + mockContext.dataStore.AddENI(primaryENIid, primaryDevice, true, false, false) + } primary := true notPrimary := false @@ -564,13 +574,14 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) if unschedulabeNode { val, exist := os.LookupEnv(envManageENIsNonSchedulable) if exist && val == "true" { - assertAllocationExternalCalls(true, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata) + assertAllocationExternalCalls(true, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata, false) } else { - assertAllocationExternalCalls(false, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata) + assertAllocationExternalCalls(false, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata, false) } - + } else if subnetDiscovery { + assertAllocationExternalCalls(true, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata, true) } else { - assertAllocationExternalCalls(true, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata) + assertAllocationExternalCalls(true, useENIConfig, m, sg, podENIConfig, eni2, eniMetadata, false) } if mockContext.useCustomNetworking { @@ -609,7 +620,7 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool) mockContext.increaseDatastorePool(ctx) } -func assertAllocationExternalCalls(shouldCall bool, useENIConfig bool, m *testMocks, sg []*string, podENIConfig *eniconfigscheme.ENIConfigSpec, eni2 string, eniMetadata []awsutils.ENIMetadata) { +func assertAllocationExternalCalls(shouldCall bool, useENIConfig bool, m *testMocks, sg []*string, podENIConfig *eniconfigscheme.ENIConfigSpec, eni2 string, eniMetadata []awsutils.ENIMetadata, subnetDiscovery bool) { callCount := 0 if shouldCall { callCount = 1 @@ -617,6 +628,10 @@ func assertAllocationExternalCalls(shouldCall bool, useENIConfig bool, m *testMo if useENIConfig { m.awsutils.EXPECT().AllocENI(true, sg, podENIConfig.Subnet, 14).Times(callCount).Return(eni2, nil) + } else if subnetDiscovery { + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 14).Times(callCount).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Times(callCount).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocENI(false, nil, "", 14).Times(callCount).Return(eni2, nil) } else { m.awsutils.EXPECT().AllocENI(false, nil, "", 14).Times(callCount).Return(eni2, nil) } @@ -627,15 +642,20 @@ func assertAllocationExternalCalls(shouldCall bool, useENIConfig bool, m *testMo func TestIncreasePrefixPoolDefault(t *testing.T) { _ = os.Unsetenv(envCustomNetworkCfg) - testIncreasePrefixPool(t, false) + testIncreasePrefixPool(t, false, false) +} + +func TestIncreasePrefixPoolSubnetDiscoveryUnfilledENI(t *testing.T) { + _ = os.Unsetenv(envCustomNetworkCfg) + testIncreasePrefixPool(t, false, true) } func TestIncreasePrefixPoolCustomENI(t *testing.T) { _ = os.Setenv(envCustomNetworkCfg, "true") - testIncreasePrefixPool(t, true) + testIncreasePrefixPool(t, true, false) } -func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { +func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { m := setup(t) defer m.ctrl.Finish() ctx := context.Background() @@ -650,6 +670,7 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { warmPrefixTarget: 1, networkClient: m.network, useCustomNetworking: UseCustomNetworkCfg(), + useSubnetDiscovery: UseSubnetDiscovery(), manageENIsNonScheduleable: ManageENIsOnNonSchedulableNode(), primaryIP: make(map[string]string), terminating: int32(0), @@ -657,6 +678,9 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { } mockContext.dataStore = testDatastorewithPrefix() + if subnetDiscovery { + mockContext.dataStore.AddENI(primaryENIid, primaryDevice, true, false, false) + } primary := true testAddr1 := ipaddr01 @@ -677,6 +701,10 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig bool) { if useENIConfig { m.awsutils.EXPECT().AllocENI(true, sg, podENIConfig.Subnet, 1).Return(eni2, nil) + } else if subnetDiscovery { + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocENI(false, nil, "", 1).Return(eni2, nil) } else { m.awsutils.EXPECT().AllocENI(false, nil, "", 1).Return(eni2, nil) } From fb171f33c9d3216043648a43be30d523fb317b7b Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 21 Jun 2024 19:18:35 -0700 Subject: [PATCH 45/83] Refactor static canary tests. (#2966) - Remove any config changes to aws-node pod in BeforeSuite. - Remove dependency on multiple EC2 apis. --- scripts/run-static-canary.sh | 2 +- .../az-traffic/pod_az_traffic_suite_test.go | 49 +++++++++++++++++++ .../pod_traffic_across_az_test.go | 48 +++++++++--------- 3 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 test/integration/az-traffic/pod_az_traffic_suite_test.go rename test/integration/{cni => az-traffic}/pod_traffic_across_az_test.go (92%) diff --git a/scripts/run-static-canary.sh b/scripts/run-static-canary.sh index b5e1520bd4..1240191cee 100755 --- a/scripts/run-static-canary.sh +++ b/scripts/run-static-canary.sh @@ -21,7 +21,7 @@ function run_ginkgo_test() { local focus=$1 echo "Running ginkgo tests with focus: $focus" - (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 10m --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- \ + (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 10m --fail-on-pending $GINKGO_TEST_BUILD/az-traffic.test -- \ --cluster-kubeconfig="$KUBE_CONFIG_PATH" \ --cluster-name="$CLUSTER_NAME" \ --aws-region="$REGION" \ diff --git a/test/integration/az-traffic/pod_az_traffic_suite_test.go b/test/integration/az-traffic/pod_az_traffic_suite_test.go new file mode 100644 index 0000000000..292bdf5aa2 --- /dev/null +++ b/test/integration/az-traffic/pod_az_traffic_suite_test.go @@ -0,0 +1,49 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package az_traffic + +import ( + "fmt" + "testing" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework" + "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestAZConnectivity(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "CNI AZ Traffic Test Suite") +} + +var _ = BeforeSuite(func() { + f = framework.New(framework.GlobalOptions) + + By("creating test namespace") + f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) + + By(fmt.Sprintf("getting the node with the node label key %s and value %s", + f.Options.NgNameLabelKey, f.Options.NgNameLabelVal)) + _, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal) + Expect(err).ToNot(HaveOccurred()) + +}) + +var _ = AfterSuite(func() { + By("deleting test namespace") + f.K8sResourceManagers.NamespaceManager(). + DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) +}) diff --git a/test/integration/cni/pod_traffic_across_az_test.go b/test/integration/az-traffic/pod_traffic_across_az_test.go similarity index 92% rename from test/integration/cni/pod_traffic_across_az_test.go rename to test/integration/az-traffic/pod_traffic_across_az_test.go index 841f99c027..3985f08c4d 100644 --- a/test/integration/cni/pod_traffic_across_az_test.go +++ b/test/integration/az-traffic/pod_traffic_across_az_test.go @@ -1,4 +1,4 @@ -package cni +package az_traffic import ( "fmt" @@ -7,10 +7,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/cloudwatch" + "github.com/aws/amazon-vpc-cni-k8s/test/framework" "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" - "github.com/aws/aws-sdk-go/service/ec2" coreV1 "k8s.io/api/core/v1" . "github.com/onsi/ginkgo/v2" @@ -24,6 +24,8 @@ var ( const MetricNamespace = "NetworkingAZConnectivity" +var f *framework.Framework + var _ = Describe("[STATIC_CANARY] AZ Node Presence", FlakeAttempts(retries), func() { Context("While testing AZ availability", func() { @@ -69,7 +71,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries), var ( err error serverPort int - protocol string // The command to run on server pods, to allow incoming // connections for different traffic type @@ -99,16 +100,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries), ) JustBeforeEach(func() { - By("authorizing security group ingress on instance security group") - err = f.CloudServices.EC2(). - AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) - Expect(err).ToNot(HaveOccurred()) - - By("authorizing security group egress on instance security group") - err = f.CloudServices.EC2(). - AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") - Expect(err).ToNot(HaveOccurred()) - netcatContainer := manifest. NewNetCatAlpineContainer(f.Options.TestImageRegistry). Command(serverListenCmd). @@ -138,16 +129,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries), }) JustAfterEach(func() { - By("revoking security group ingress on instance security group") - err = f.CloudServices.EC2(). - RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) - Expect(err).ToNot(HaveOccurred()) - - By("revoking security group egress on instance security group") - err = f.CloudServices.EC2(). - RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") - Expect(err).ToNot(HaveOccurred()) - By("deleting the Daemonset.") err = f.K8sResourceManagers.DaemonSetManager().DeleteAndWaitTillDaemonSetIsDeleted(testDaemonSet, utils.DefaultDeploymentReadyTimeout) Expect(err).ToNot(HaveOccurred()) @@ -157,7 +138,6 @@ var _ = Describe("[STATIC_CANARY] test pod networking", FlakeAttempts(retries), BeforeEach(func() { serverPort = 2273 - protocol = ec2.ProtocolTcp // Test tcp connection using netcat serverListenCmd = []string{"nc"} // The nc flag "-l" for listen mode, "-k" to keep server up and not close @@ -380,3 +360,23 @@ func RunCommandOnPod(receiverPod coreV1.Pod, command []string) (string, string, } } } + +// testConnectivity verifies connectivity between tester and server +func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdout string, + expectedStderr string, port int, getTestCommandFunc func(receiverPod coreV1.Pod, port int) []string) { + + testerCommand := getTestCommandFunc(receiverPod, port) + + fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+ + " %s on node %s with IP %s\n", senderPod.Name, senderPod.Spec.NodeName, senderPod.Status.PodIP, + receiverPod.Name, receiverPod.Spec.NodeName, receiverPod.Status.PodIP) + + stdOut, stdErr, err := f.K8sResourceManagers.PodManager(). + PodExec(senderPod.Namespace, senderPod.Name, testerCommand) + Expect(err).ToNot(HaveOccurred()) + + fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr) + + Expect(stdErr).To(ContainSubstring(expectedStderr)) + Expect(stdOut).To(ContainSubstring(expectedStdout)) +} From 189f00f64f3e0b0bd0f3b8eff070aed3f0ba32b6 Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Mon, 24 Jun 2024 12:50:47 -0700 Subject: [PATCH 46/83] Upgrade to latest versions of GitHub actions (#2952) * Upgrade to latest versions of GitHub actions * Enable GH action updater --- .github/workflows/deps.yml | 6 ++-- .github/workflows/integration-tests.yaml | 10 +++---- .github/workflows/issue-closed-message.yaml | 2 +- .github/workflows/issue-stale-pr.yaml | 2 +- .github/workflows/kops-test.yaml | 12 ++++---- .github/workflows/nightly-cron-tests.yaml | 10 +++---- .github/workflows/pr-automated-tests.yaml | 14 ++++----- .github/workflows/pr-manual-tests.yaml | 10 +++---- .github/workflows/release.yaml | 4 +-- .github/workflows/update.yml | 32 +++++++++++++++++++++ .github/workflows/weekly-cron-tests.yaml | 10 +++---- 11 files changed, 72 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/update.yml diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml index b8e37c8693..ee5a5f71c2 100644 --- a/.github/workflows/deps.yml +++ b/.github/workflows/deps.yml @@ -11,16 +11,16 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Repository" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 with: show-progress: false - name: "Dependency Review" - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # refs/tags/v4.3.3 govulncheck: runs-on: ubuntu-latest steps: - name: "Checkout Repository" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 with: show-progress: false - name: Setup Go Version diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index ba50c6d0b0..ef244eae7d 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -15,13 +15,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up Docker QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -31,7 +31,7 @@ jobs: curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin/ - name: Set up AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@5579c002bb4778aa43395ef1df492868a9a1c83f # refs/tags/v4.0.2 with: role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} role-duration-seconds: 14400 # 4 hours diff --git a/.github/workflows/issue-closed-message.yaml b/.github/workflows/issue-closed-message.yaml index 0d066bc709..ccd172e6f9 100644 --- a/.github/workflows/issue-closed-message.yaml +++ b/.github/workflows/issue-closed-message.yaml @@ -10,7 +10,7 @@ jobs: auto_comment: runs-on: ubuntu-latest steps: - - uses: aws-actions/closed-issue-message@v1 + - uses: aws-actions/closed-issue-message@3c30436c76e381c567524ba630f169f2fc0d175a # refs/tags/v1 with: # These inputs are both required repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/issue-stale-pr.yaml b/.github/workflows/issue-stale-pr.yaml index 1ac16aa01d..d36b731f60 100644 --- a/.github/workflows/issue-stale-pr.yaml +++ b/.github/workflows/issue-stale-pr.yaml @@ -12,7 +12,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@main + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # refs/tags/v9.0.0 id: stale with: ascending: true diff --git a/.github/workflows/kops-test.yaml b/.github/workflows/kops-test.yaml index b0e5c99c72..de109e19f7 100644 --- a/.github/workflows/kops-test.yaml +++ b/.github/workflows/kops-test.yaml @@ -15,13 +15,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up Docker QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -31,7 +31,7 @@ jobs: curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin/ - name: Set up AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@5579c002bb4778aa43395ef1df492868a9a1c83f # refs/tags/v4.0.2 with: role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} role-duration-seconds: 28800 # 8 hours @@ -48,4 +48,4 @@ jobs: KOPS_RUN_TOO_NEW_VERSION: 1 run: | ./scripts/run-integration-tests.sh - if: always() \ No newline at end of file + if: always() diff --git a/.github/workflows/nightly-cron-tests.yaml b/.github/workflows/nightly-cron-tests.yaml index 0ac5f6b668..bb17c63c7b 100644 --- a/.github/workflows/nightly-cron-tests.yaml +++ b/.github/workflows/nightly-cron-tests.yaml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up Docker QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -30,7 +30,7 @@ jobs: curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin/ - name: Set up AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@5579c002bb4778aa43395ef1df492868a9a1c83f # refs/tags/v4.0.2 with: role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} role-duration-seconds: 14400 # 4 hours diff --git a/.github/workflows/pr-automated-tests.yaml b/.github/workflows/pr-automated-tests.yaml index c34827f3c9..e4b45bd48f 100644 --- a/.github/workflows/pr-automated-tests.yaml +++ b/.github/workflows/pr-automated-tests.yaml @@ -12,9 +12,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -36,19 +36,19 @@ jobs: - name: Unit test run: make unit-test - name: Upload code coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@79066c46f8dcdf8d7355f820dbac958c5b4cb9d3 # refs/tags/v4.5.0 docker-build: name: Build Docker images runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Build CNI images diff --git a/.github/workflows/pr-manual-tests.yaml b/.github/workflows/pr-manual-tests.yaml index 0f84bbd6f6..00b71c7828 100644 --- a/.github/workflows/pr-manual-tests.yaml +++ b/.github/workflows/pr-manual-tests.yaml @@ -19,15 +19,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 with: ref: "refs/pull/${{ github.event.inputs.pull_request_number }}/merge" - name: Set up Docker QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -37,7 +37,7 @@ jobs: curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin/ - name: Set up AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@5579c002bb4778aa43395ef1df492868a9a1c83f # refs/tags/v4.0.2 with: role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} role-duration-seconds: 14400 # 4 hours diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 93350c60e3..c874a60ad9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,11 +16,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 with: ref: "refs/tags/${{ github.event.release.tag_name }}" - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Generate CNI YAML diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml new file mode 100644 index 0000000000..5c9e41bf2b --- /dev/null +++ b/.github/workflows/update.yml @@ -0,0 +1,32 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2024 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +name: Scheduled Update Versions +# yamllint disable-line rule:truthy +on: + schedule: + - cron: '0 0 * * 5' + workflow_dispatch: +jobs: + check-versions: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + with: + EXECUTE_COMMANDS: | + gh_actions=$(grep -r "uses: [a-z\-]*/[\_a-z\-]*@" .github/workflows/ | sed 's/@.*//' | awk -F ': ' '{ print $3 }' | sort | uniq) + for action in $gh_actions; do + commit_hash=$(git ls-remote --tags "https://github.com/$action" | grep 'refs/tags/v[0-9][0-9\.]*$' | awk '{ print $NF,$0 }' | sort -k1,1 -V | cut -f2- -d' ' | grep -oh '.*refs/tags/[v0-9\.]*$' | tail -1 | awk '{ printf "%s # %s\n",$1,$2 }') + grep -ElRZ "uses: $action@" .github/workflows/ | xargs -0 -l sed -i -e "s|uses: $action@.*|uses: $action@$commit_hash|g" + done + COMMIT_MESSAGE: 'Upgrade versions GitHub actions' + COMMIT_NAME: 'updater bot' + PR_BRANCH_NAME: "versions-update-${PR_ID}" + PR_TITLE: 'chore: update gh versions' diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index 1e09f43ab8..6aa7d51d73 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -15,13 +15,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest commit in the PR - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # refs/tags/v4.1.7 - name: Set up Docker QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # refs/tags/v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # refs/tags/v3.3.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # refs/tags/v5.0.1 with: go-version: "1.22" - name: Set up tools @@ -31,7 +31,7 @@ jobs: curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin/ - name: Set up AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@5579c002bb4778aa43395ef1df492868a9a1c83f # refs/tags/v4.0.2 with: role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }} role-duration-seconds: 28800 # 8 hours From 89d9112c167ff36c698d119b021b4a7d9a57f705 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Wed, 26 Jun 2024 14:44:21 -0700 Subject: [PATCH 47/83] Update the APISpec Schema definition for ENIConfig. (#2969) * Update the APISpec Schema definition for ENIConfig. * removed the required property for security groups. --- .../crds/customresourcedefinition.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/charts/aws-vpc-cni/crds/customresourcedefinition.yaml b/charts/aws-vpc-cni/crds/customresourcedefinition.yaml index e277aff87a..9592c29647 100644 --- a/charts/aws-vpc-cni/crds/customresourcedefinition.yaml +++ b/charts/aws-vpc-cni/crds/customresourcedefinition.yaml @@ -14,6 +14,40 @@ spec: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true + description: ENIConfig is the Schema for the eniconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ENIConfigSpec defines the desired state of ENIConfig + properties: + securityGroups: + items: + type: string + type: array + subnet: + type: string + required: + - subnet + type: object + status: + description: ENIConfigStatus defines the observed state of ENIConfig + type: object names: plural: eniconfigs singular: eniconfig From 77bdd31bcffb0df54665224a9196deea769a5b7a Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 28 Jun 2024 14:17:01 -0700 Subject: [PATCH 48/83] Use ECR Mirror for Curl Test Image. (#2956) --- test/framework/resources/agent/traffic_tester.go | 2 +- test/framework/resources/k8s/manifest/container.go | 4 ++-- test/framework/utils/const.go | 1 + test/integration/az-traffic/pod_traffic_across_az_test.go | 2 +- test/integration/cni-egress/pod_egress_test.go | 4 ++-- test/integration/ipamd/introspection_test.go | 2 +- test/integration/ipamd/metrics_test.go | 2 +- test/integration/pod-eni/security_group_per_pod_test.go | 2 +- 8 files changed, 10 insertions(+), 9 deletions(-) diff --git a/test/framework/resources/agent/traffic_tester.go b/test/framework/resources/agent/traffic_tester.go index b01d56acec..0cb44e9956 100644 --- a/test/framework/resources/agent/traffic_tester.go +++ b/test/framework/resources/agent/traffic_tester.go @@ -227,7 +227,7 @@ func (t *TrafficTest) startMetricServerPod() (*v1.Pod, error) { } func (t *TrafficTest) getTestStatusFromMetricServer(metricPodIP string) ([]input.TestStatus, error) { - getMetricContainer := manifest.NewCurlContainer(). + getMetricContainer := manifest.NewCurlContainer(t.Framework.Options.TestImageRegistry). Name("get-metric-container"). Command([]string{"curl"}). Args([]string{fmt.Sprintf("http://%s:8080/get/metric/connectivity", metricPodIP), "--silent"}). diff --git a/test/framework/resources/k8s/manifest/container.go b/test/framework/resources/k8s/manifest/container.go index 4afdb6d295..0a1c1164be 100644 --- a/test/framework/resources/k8s/manifest/container.go +++ b/test/framework/resources/k8s/manifest/container.go @@ -41,10 +41,10 @@ func NewBusyBoxContainerBuilder(testImageRegistry string) *Container { } } -func NewCurlContainer() *Container { +func NewCurlContainer(testImageRegistry string) *Container { return &Container{ name: "curl", - image: "curlimages/curl:latest", + image: utils.GetTestImage(testImageRegistry, utils.CurlImage), imagePullPolicy: v1.PullIfNotPresent, } } diff --git a/test/framework/utils/const.go b/test/framework/utils/const.go index 3a96cb4e1c..b7d0a769ae 100644 --- a/test/framework/utils/const.go +++ b/test/framework/utils/const.go @@ -28,6 +28,7 @@ const ( BusyBoxImage = "networking-e2e-test-images/busybox:latest" NginxImage = "networking-e2e-test-images/nginx:1.25.2" NetCatImage = "networking-e2e-test-images/netcat-openbsd:v1.0" + CurlImage = "networking-e2e-test-images/curlimages/curl:latest" PollIntervalShort = time.Second * 2 PollIntervalMedium = time.Second * 5 diff --git a/test/integration/az-traffic/pod_traffic_across_az_test.go b/test/integration/az-traffic/pod_traffic_across_az_test.go index 3985f08c4d..a0d918f8c2 100644 --- a/test/integration/az-traffic/pod_traffic_across_az_test.go +++ b/test/integration/az-traffic/pod_traffic_across_az_test.go @@ -210,7 +210,7 @@ var _ = Describe("[STATIC_CANARY] API Server Connectivity from AZs", FlakeAttemp JustBeforeEach(func() { serverContainer := manifest. - NewCurlContainer(). + NewCurlContainer(f.Options.TestImageRegistry). Command([]string{ "sleep", "3600", diff --git a/test/integration/cni-egress/pod_egress_test.go b/test/integration/cni-egress/pod_egress_test.go index 1b116aeda1..c1766677f7 100644 --- a/test/integration/cni-egress/pod_egress_test.go +++ b/test/integration/cni-egress/pod_egress_test.go @@ -53,8 +53,8 @@ var _ = Describe("[CANARY] test cluster egress connectivity", func() { // initialize vars err = nil - // initialize busybox container for testing later - testerContainer = manifest.NewCurlContainer(). + // initialize curl container for testing later + testerContainer = manifest.NewCurlContainer(f.Options.TestImageRegistry). Command([]string{"sleep", "3600"}).Build() testerContainer.SecurityContext = &coreV1.SecurityContext{ diff --git a/test/integration/ipamd/introspection_test.go b/test/integration/ipamd/introspection_test.go index 178ee6b899..289c72febc 100644 --- a/test/integration/ipamd/introspection_test.go +++ b/test/integration/ipamd/introspection_test.go @@ -36,7 +36,7 @@ var _ = Describe("test Environment Variables for IPAMD Introspection ", func() { JustBeforeEach(func() { // Initially the host networking job pod should succeed - curlContainer = manifest.NewCurlContainer(). + curlContainer = manifest.NewCurlContainer(f.Options.TestImageRegistry). Command([]string{"curl"}). Args([]string{"--fail", defaultIntrospectionAddr}). Build() diff --git a/test/integration/ipamd/metrics_test.go b/test/integration/ipamd/metrics_test.go index d967374956..3db2ef230d 100644 --- a/test/integration/ipamd/metrics_test.go +++ b/test/integration/ipamd/metrics_test.go @@ -35,7 +35,7 @@ var _ = Describe("test IPAMD metric environment variable", func() { Context("when metrics is disabled", func() { metricAddr := "127.0.0.1:61678/metrics" It("should not be accessible anymore", func() { - curlContainer = manifest.NewCurlContainer(). + curlContainer = manifest.NewCurlContainer(f.Options.TestImageRegistry). Command([]string{"curl"}). Args([]string{"--fail", metricAddr}). Build() diff --git a/test/integration/pod-eni/security_group_per_pod_test.go b/test/integration/pod-eni/security_group_per_pod_test.go index fddbab87a7..8c92e8a6b5 100644 --- a/test/integration/pod-eni/security_group_per_pod_test.go +++ b/test/integration/pod-eni/security_group_per_pod_test.go @@ -230,7 +230,7 @@ var _ = Describe("Security Group for Pods Test", func() { ContainerPort: 80, } - container := manifest.NewCurlContainer(). + container := manifest.NewCurlContainer(f.Options.TestImageRegistry). LivenessProbe(tcpProbe). Image("nginx"). Port(port). From fe4c7a1d8b8dd6c73b84338825a762c739df472e Mon Sep 17 00:00:00 2001 From: Benjamin Knofe Date: Mon, 1 Jul 2024 16:45:52 +0200 Subject: [PATCH 49/83] misc/10-aws.conflist: use __MTU__ variable for IPv4 egress-cni too (#2951) --- misc/10-aws.conflist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/10-aws.conflist b/misc/10-aws.conflist index 4a54989918..dde6b53631 100644 --- a/misc/10-aws.conflist +++ b/misc/10-aws.conflist @@ -15,7 +15,7 @@ { "name": "egress-cni", "type": "egress-cni", - "mtu": "9001", + "mtu": "__MTU__", "enabled": "__EGRESSPLUGINENABLED__", "randomizeSNAT": "__RANDOMIZESNAT__", "nodeIP": "__NODEIP__", From a79c68c5c2c6761b88bbc941e470f71dfa8d02eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 08:28:52 -0700 Subject: [PATCH 50/83] Bump github.com/aws/aws-sdk-go from 1.51.32 to 1.54.11 (#2976) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.51.32 to 1.54.11. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.51.32...v1.54.11) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dc7e694d2a..bf1d054160 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go v1.51.32 + github.com/aws/aws-sdk-go v1.54.11 github.com/containernetworking/cni v1.2.0 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 diff --git a/go.sum b/go.sum index 8d6437cda3..2efbcb4b65 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,8 @@ github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= -github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= -github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= +github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 5b8ce0b95a069eaf936233b3eebf3b7b6c27c559 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 09:34:23 -0700 Subject: [PATCH 51/83] Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#2975) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-logr/logr/compare/v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index bf1d054160..58e64bc3af 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/containernetworking/cni v1.2.0 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 - github.com/go-logr/logr v1.4.1 + github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 github.com/onsi/ginkgo/v2 v2.17.2 diff --git a/go.sum b/go.sum index 2efbcb4b65..751cb787c0 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,8 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= From 8b3f05a9850b100ba96249db622c2d15da1a50cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 10:51:33 -0700 Subject: [PATCH 52/83] Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#2972) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 58e64bc3af..24f18423dc 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/onsi/ginkgo/v2 v2.17.2 github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 - github.com/prometheus/client_golang v1.19.0 + github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.0 github.com/prometheus/common v0.53.0 github.com/samber/lo v1.39.0 diff --git a/go.sum b/go.sum index 751cb787c0..88d5bbb759 100644 --- a/go.sum +++ b/go.sum @@ -346,8 +346,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= -github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 394afef01910048d288642aa3a1e6749d8e096ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 11:34:39 -0700 Subject: [PATCH 53/83] Bump golang.org/x/sys from 0.20.0 to 0.21.0 in /test/agent (#2977) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.20.0 to 0.21.0. - [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 296da20ad1..83fcf638ed 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.20.0 + golang.org/x/sys v0.21.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index e830a6b951..381d10ddd8 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From b0ef946b196a3bcfc70cb6c9af63b38a6ad080b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 19:19:05 -0700 Subject: [PATCH 54/83] Bump github.com/containernetworking/plugins from 1.4.1 to 1.5.1 (#2974) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.1 to 1.5.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.1...v1.5.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 34 ++++++++++++++++------------------ 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 24f18423dc..44a82ec78e 100644 --- a/go.mod +++ b/go.mod @@ -8,12 +8,12 @@ require ( github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 github.com/aws/aws-sdk-go v1.54.11 github.com/containernetworking/cni v1.2.0 - github.com/containernetworking/plugins v1.4.1 + github.com/containernetworking/plugins v1.5.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.1 @@ -25,8 +25,8 @@ require ( github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.24.0 - golang.org/x/sys v0.19.0 + golang.org/x/net v0.25.0 + golang.org/x/sys v0.21.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 @@ -48,7 +48,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.12.0 // indirect + github.com/Microsoft/hcsshim v0.12.3 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -129,7 +129,7 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rubenv/sql-migrate v1.5.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/safchain/ethtool v0.3.0 // indirect + github.com/safchain/ethtool v0.4.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/cobra v1.8.0 // indirect @@ -149,9 +149,9 @@ require ( golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.20.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index 88d5bbb759..b4d526226d 100644 --- a/go.sum +++ b/go.sum @@ -19,10 +19,10 @@ github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.12.0 h1:rbICA+XZFwrBef2Odk++0LjFvClNCJGRK+fsrP254Ts= -github.com/Microsoft/hcsshim v0.12.0/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0= +github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -73,8 +73,8 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= -github.com/containernetworking/plugins v1.4.1 h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA= -github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60= +github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= +github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -324,8 +324,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -368,8 +368,8 @@ github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzF github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/safchain/ethtool v0.3.0 h1:gimQJpsI6sc1yIqP/y8GYgiXn/NjgvpM0RNoWLVVmP0= -github.com/safchain/ethtool v0.3.0/go.mod h1:SA9BwrgyAqNo7M+uaL6IYbxpm5wk3L7Mm6ocLW+CJUs= +github.com/safchain/ethtool v0.4.0 h1:vq1i2HCjshJNywOXFZ1BpwIjyeFR/kvNdHiRzqSElDI= +github.com/safchain/ethtool v0.4.0/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48= github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= @@ -457,8 +457,6 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -492,11 +490,10 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= @@ -505,8 +502,9 @@ golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -520,8 +518,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From fb6b579a376a11b29344f2e02b50b5f548c7b922 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 4 Jul 2024 05:59:44 -0700 Subject: [PATCH 55/83] Add unit test and readme update for POD_MTU/ AWS_VPC_ENI_MTU for Egress plugin behavior. (#2979) * Add unit test and readme update for AWS_VPC_ENI_MTU for Egress plugin behavior. * Added Coverage for IPV6 Egress Env Var. * Addressed review comment. --- README.md | 8 ++++-- cmd/aws-vpc-cni/main_test.go | 52 ++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ecee7a37ef..e3248456e3 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,7 @@ Review the [Network Policy FAQ](./docs/network-policy-faq.md) for more informati * This controller is automatically installed on the EKS Control Plane. * [Network Policy Node Agent](https://github.com/aws/aws-network-policy-agent) implements Network Policies on nodes by creating eBPF programs. * [AWS eBPF SDK for Go](https://github.com/aws/aws-ebpf-sdk-go) provides an interface to interact with eBPF programs on the node. This SDK allows for runtime introspection, tracing, and analysis of eBPF execution, aiding in identifying and resolving connectivity issues. -* [VPC Resource Controller](https://github.com/aws/amazon-vpc-resource-controller-k8s) manages Branch & Trunk Network Interfaces for Kubernetes Pods. +* [VPC Resource Controller](https://github.com/aws/amazon-vpc-resource-controller-k8s) manages Branch & Trunk Network Interfaces for Kubernetes Pods. ## ConfigMap @@ -343,7 +343,7 @@ elasticity, but uses roughly half as many IPs as using WARM_IP_TARGET alone (32 This also improves the reliability of the EKS cluster by reducing the number of calls necessary to allocate or deallocate private IPs, which may be throttled, especially at scaling-related times. -**NOTE!** +**NOTE!** 1. If `MINIMUM_IP_TARGET` is set, `WARM_ENI_TARGET` will be ignored. Please utilize `WARM_IP_TARGET` instead. 2. If `MINIMUM_IP_TARGET` is set and `WARM_IP_TARGET` is not set, `WARM_IP_TARGET` is assumed to be 0, which leads to the number of IPs attached to the node will be the value of `MINIMUM_IP_TARGET`. This configuration will prevent future ENIs/IPs from being allocated. It is strongly recommended that `WARM_IP_TARGET` should be set greater than 0 when `MINIMUM_IP_TARGET` is set. @@ -697,6 +697,8 @@ This environment variable must be set for both the `aws-vpc-cni-init` and `aws-n Note that enabling/disabling this feature only affects whether newly created pods have an IPv6 interface created. Therefore, it is recommended that you reboot existing nodes after enabling/disabling this feature. +The value set in `POD_MTU` / `AWS_VPC_ENI_MTU` is used to configure the MTU size of egress interface. + #### `ENABLE_V4_EGRESS` (v1.15.1+) Type: Boolean as a String @@ -707,6 +709,8 @@ Specifies whether PODs in an IPv6 cluster support IPv4 egress. If env is set to Note that enabling/disabling this feature only affects whether newly created pods have an IPv4 interface created. Therefore, it is recommended that you reboot existing nodes after enabling/disabling this feature. +The value set in `POD_MTU` / `AWS_VPC_ENI_MTU` is used to configure the MTU size of egress interface. + #### `IP_COOLDOWN_PERIOD` (v1.15.0+) Type: Integer as a String diff --git a/cmd/aws-vpc-cni/main_test.go b/cmd/aws-vpc-cni/main_test.go index 1b7387f3c9..8fe66064c5 100644 --- a/cmd/aws-vpc-cni/main_test.go +++ b/cmd/aws-vpc-cni/main_test.go @@ -1,6 +1,7 @@ package main import ( + "encoding/json" "os" "testing" @@ -48,6 +49,57 @@ func TestGenerateJSONPlusBandwidthAndTuning(t *testing.T) { assert.NoError(t, err) } +// Validate setting environment POD_MTU/AWS_VPC_ENI_MTU, takes effect for egress-cni plugin +func TestEgressCNIPluginIPv4EgressTakesMTUEnvVar(t *testing.T) { + _ = os.Setenv(envEnIPv4Egress, "true") + _ = os.Setenv(envPodMTU, "5000") + + // Use a temporary file for the parsed output. + tmpfile, err := os.CreateTemp("", "temp-aws-vpc-cni.conflist") + assert.NoError(t, err) + defer os.Remove(tmpfile.Name()) + + err = generateJSON(awsConflist, tmpfile.Name(), getPrimaryIPMock) + assert.NoError(t, err) + + // Read the json file and verify the MTU value for the egress-cni plugin + var jsonData map[string]interface{} + jsonFile, err := os.ReadFile(tmpfile.Name()) + assert.NoError(t, err) + + err = json.Unmarshal(jsonFile, &jsonData) + assert.NoError(t, err) + + plugins, _ := jsonData["plugins"].([]interface{}) + assert.Equal(t, "egress-cni", plugins[1].(map[string]interface{})["type"]) + assert.Equal(t, "5000", plugins[1].(map[string]interface{})["mtu"]) +} + +func TestEgressCNIPluginIPv6EgressTakesMTUEnvVar(t *testing.T) { + _ = os.Setenv(envEnIPv6Egress, "true") + _ = os.Setenv(envPodMTU, "8000") + + // Use a temporary file for the parsed output. + tmpfile, err := os.CreateTemp("", "temp-aws-vpc-cni.conflist") + assert.NoError(t, err) + defer os.Remove(tmpfile.Name()) + + err = generateJSON(awsConflist, tmpfile.Name(), getPrimaryIPMock) + assert.NoError(t, err) + + // Read the json file and verify the MTU value for the egress-cni plugin + var jsonData map[string]interface{} + jsonFile, err := os.ReadFile(tmpfile.Name()) + assert.NoError(t, err) + + err = json.Unmarshal(jsonFile, &jsonData) + assert.NoError(t, err) + + plugins, _ := jsonData["plugins"].([]interface{}) + assert.Equal(t, "egress-cni", plugins[1].(map[string]interface{})["type"]) + assert.Equal(t, "8000", plugins[1].(map[string]interface{})["mtu"]) +} + func TestMTUValidation(t *testing.T) { // By default, ENI MTU and pod MTU should be valid assert.True(t, validateMTU(envEniMTU)) From d056b83da69fae5156fa3cf6d78c64ac6c59328f Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Wed, 10 Jul 2024 11:01:31 -0700 Subject: [PATCH 56/83] Update .go-version (#2981) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index 2a0ba77cc5..da9594fd66 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.4 +1.22.5 From 19ec2d2e5edc929860fcabef41467e702a1df3bf Mon Sep 17 00:00:00 2001 From: Gawsoft <75686400+gawsoftpl@users.noreply.github.com> Date: Wed, 10 Jul 2024 22:58:59 +0200 Subject: [PATCH 57/83] Add extraEnv for add additional env from configmap or secrets to daemonset (#2946) Co-authored-by: Senthil Kumaran --- charts/aws-vpc-cni/templates/daemonset.yaml | 3 +++ charts/aws-vpc-cni/values.yaml | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 07eb1797f7..b011f681a0 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -82,6 +82,9 @@ spec: {{- range $key, $value := .Values.env }} - name: {{ $key }} value: {{ $value | quote }} +{{- end }} +{{- with .Values.extraEnv }} + {{- toYaml .| nindent 12 }} {{- end }} - name: MY_NODE_NAME valueFrom: diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index e25c94e791..017f05dfb8 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -88,6 +88,25 @@ env: VPC_CNI_VERSION: "v1.18.2" NETWORK_POLICY_ENFORCING_MODE: "standard" +# Add env from configMap or from secrets +# - name: ENV_VAR1 +# valueFrom: +# configMapKeyRef: +# name: example-config +# key: ENV_VAR1 +# - name: ENV_VAR2 +# valueFrom: +# configMapKeyRef: +# name: example-config +# key: ENV_VAR2 +# - name: SECRET_VAR1 +# valueFrom: +# secretKeyRef: +# name: example-secret +# key: SECRET_VAR1 +extraEnv: [] + + # this flag enables you to use the match label that was present in the original daemonset deployed by EKS # You can then annotate and label the original aws-node resources and 'adopt' them into a helm release originalMatchLabels: false From 110c30d6671ab8887795c92b5d7a15afc1c8f9a8 Mon Sep 17 00:00:00 2001 From: B Pramanick Date: Thu, 11 Jul 2024 04:13:30 +0530 Subject: [PATCH 58/83] bpr: fix templating bug on helm when cniconfig is enabled (#2983) Co-authored-by: bpramanick --- charts/aws-vpc-cni/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/aws-vpc-cni/templates/configmap.yaml b/charts/aws-vpc-cni/templates/configmap.yaml index f79dd58be4..a3ebea0f4b 100644 --- a/charts/aws-vpc-cni/templates/configmap.yaml +++ b/charts/aws-vpc-cni/templates/configmap.yaml @@ -7,7 +7,7 @@ metadata: {{ include "aws-vpc-cni.labels" . | indent 4 }} binaryData: 10-aws.conflist: {{ .Values.cniConfig.fileContents | b64enc }} -{{- end -}} +{{- end }} --- apiVersion: v1 kind: ConfigMap From 2e00de57f6a1ea0c384434d3427182afbd947278 Mon Sep 17 00:00:00 2001 From: hayden Date: Wed, 17 Jul 2024 22:16:09 +0900 Subject: [PATCH 59/83] Update vpc_ip_resource_limit.go link in README.md (#2986) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e3248456e3..06ac42556b 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ It is also recommended that you set `--max-pods` equal to _(the number of ENIs f (the number of IPs per ENI - 1)) + 2_; for details, see [vpc_ip_resource_limit.go][]. Setting `--max-pods` will prevent scheduling that exceeds the IP address resources available to the kubelet. -[vpc_ip_resource_limit.go]: ./pkg/awsutils/vpc_ip_resource_limit.go +[vpc_ip_resource_limit.go]: ./pkg/vpc/vpc_ip_resource_limit.go The default manifest expects `--cni-conf-dir=/etc/cni/net.d` and `--cni-bin-dir=/opt/cni/bin`. From e8faf2f87615a70f8319d6fdf4df8324ffa4cc20 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Wed, 17 Jul 2024 16:55:45 -0700 Subject: [PATCH 60/83] Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)" (#2987) * Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)" This reverts commit 9fdcb5f96c56154f5cfaaec2ea049e6c5bb14979. * Fix go.mod dependencies. --- pkg/awsutils/awsutils.go | 45 ++--- pkg/awsutils/awsutils_test.go | 190 ++++-------------- pkg/config/type.go | 32 --- pkg/ipamd/ipamd.go | 44 +--- pkg/ipamd/ipamd_test.go | 108 ++-------- test/framework/resources/k8s/manager.go | 7 - .../resources/k8s/resources/cninode.go | 41 ---- test/integration/ipamd/cninode_test.go | 36 ---- test/integration/ipamd/eni_ip_leak_test.go | 3 + test/integration/ipamd/eni_tag_test.go | 18 -- test/integration/ipamd/ipamd_suite_test.go | 2 +- 11 files changed, 82 insertions(+), 444 deletions(-) delete mode 100644 pkg/config/type.go delete mode 100644 test/framework/resources/k8s/resources/cninode.go delete mode 100644 test/integration/ipamd/cninode_test.go diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index c88bac4e4d..f9ba346915 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -30,7 +30,6 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" - "github.com/aws/amazon-vpc-cni-k8s/pkg/config" "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" @@ -55,11 +54,11 @@ const ( // AllocENI need to choose a first free device number between 0 and maxENI // 100 is a hard limit because we use vlanID + 100 for pod networking table names - maxENIs = 100 - - // ENI tags - eniCreatedAtTagKey = "node.k8s.amazonaws.com/createdAt" - + maxENIs = 100 + clusterNameEnvVar = "CLUSTER_NAME" + eniNodeTagKey = "node.k8s.amazonaws.com/instance_id" + eniCreatedAtTagKey = "node.k8s.amazonaws.com/createdAt" + eniClusterTagKey = "cluster.k8s.amazonaws.com/name" additionalEniTagsEnvVar = "ADDITIONAL_ENI_TAGS" reservedTagKeyPrefix = "k8s.amazonaws.com" subnetDiscoveryTagKey = "kubernetes.io/role/cni" @@ -214,8 +213,6 @@ type EC2InstanceMetadataCache struct { enablePrefixDelegation bool clusterName string - clusterNameEnvVal string - nodeName string additionalENITags map[string]string imds TypedIMDS @@ -356,7 +353,7 @@ func (i instrumentedIMDS) GetMetadataWithContext(ctx context.Context, p string) } // New creates an EC2InstanceMetadataCache -func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Enabled, v6Enabled bool, clusterName, nodeName string) (*EC2InstanceMetadataCache, error) { +func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Enabled, v6Enabled bool) (*EC2InstanceMetadataCache, error) { // ctx is passed to initWithEC2Metadata func to cancel spawned go-routines when tests are run ctx := context.Background() @@ -364,9 +361,7 @@ func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Ena ec2Metadata := ec2metadata.New(sess) cache := &EC2InstanceMetadataCache{} cache.imds = TypedIMDS{instrumentedIMDS{ec2Metadata}} - cache.clusterName = clusterName - cache.clusterNameEnvVal = os.Getenv(config.ClusterNameEnv) - cache.nodeName = nodeName + cache.clusterName = os.Getenv(clusterNameEnvVar) cache.additionalENITags = loadAdditionalENITags() region, err := ec2Metadata.Region() @@ -987,24 +982,14 @@ func (cache *EC2InstanceMetadataCache) tryCreateNetworkInterface(input *ec2.Crea // buildENITags computes the desired AWS Tags for eni func (cache *EC2InstanceMetadataCache) buildENITags() map[string]string { tags := map[string]string{ - // TODO: deprecate instance ID tag to replace with nodename to align with tag used in vpc-resource-controller - config.ENIInstanceIDTag: cache.instanceID, + eniNodeTagKey: cache.instanceID, } - // clusterName is set from CNINode created by vpc-resource-controller, add the new tags only when it is set so controller can deleted leaked ENIs - // If it is not set then likely the controller is not running, so skip + // If clusterName is provided, + // tag the ENI with "cluster.k8s.amazonaws.com/name=" if cache.clusterName != "" { - tags[fmt.Sprintf(config.ClusterNameTagKeyFormat, cache.clusterName)] = config.ClusterNameTagValue - tags[config.ENINodeNameTagKey] = cache.nodeName - tags[config.ENIOwnerTagKey] = config.ENIOwnerTagValue - } - - if cache.clusterNameEnvVal != "" { - // TODO: deprecate this tag to replace with "kubernetes.io/cluster/:owned" to align with tag used in vpc-resource-controller - // for backward compatibily, add tag if CLUSTER_NAME ENV is set - tags[config.ClusterNameTagKey] = cache.clusterNameEnvVal + tags[eniClusterTagKey] = cache.clusterName } - for key, value := range cache.additionalENITags { tags[key] = value } @@ -1892,7 +1877,7 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, { Name: aws.String("tag-key"), Values: []*string{ - aws.String(config.ENIInstanceIDTag), + aws.String(eniNodeTagKey), }, }, { @@ -1908,11 +1893,11 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, }, }, } - if cache.clusterNameEnvVal != "" { + if cache.clusterName != "" { leakedENIFilters = append(leakedENIFilters, &ec2.Filter{ - Name: aws.String(fmt.Sprintf("tag:%s", config.ClusterNameTagKey)), + Name: aws.String(fmt.Sprintf("tag:%s", eniClusterTagKey)), Values: []*string{ - aws.String(cache.clusterNameEnvVal), + aws.String(cache.clusterName), }, }) } diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index fb84f3829f..cf93040526 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -31,7 +31,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/amazon-vpc-cni-k8s/pkg/config" mock_ec2wrapper "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper/mocks" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" v1 "k8s.io/api/core/v1" @@ -1143,7 +1142,7 @@ func TestEC2InstanceMetadataCache_cleanUpLeakedENIsInternal(t *testing.T) { interfaces := []*ec2.NetworkInterface{{ Description: &description, TagSet: []*ec2.Tag{ - {Key: aws.String(config.ENIInstanceIDTag), Value: aws.String("test-value")}, + {Key: aws.String(eniNodeTagKey), Value: aws.String("test-value")}, }, }} @@ -1171,9 +1170,7 @@ func setupDescribeNetworkInterfacesPagesWithContextMock( func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { type fields struct { instanceID string - nodeName string clusterName string - clusterNameEnv string additionalENITags map[string]string } tests := []struct { @@ -1185,52 +1182,35 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { name: "without clusterName or additionalENITags", fields: fields{ instanceID: "i-xxxxx", - nodeName: "fake-node", }, want: map[string]string{ - config.ENIInstanceIDTag: "i-xxxxx", + "node.k8s.amazonaws.com/instance_id": "i-xxxxx", }, }, { name: "with clusterName", fields: fields{ instanceID: "i-xxxxx", - nodeName: "fake-node", clusterName: "awesome-cluster", }, want: map[string]string{ - config.ENIInstanceIDTag: "i-xxxxx", - config.ENINodeNameTagKey: "fake-node", - config.ENIOwnerTagKey: config.ENIOwnerTagValue, - fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster"): config.ClusterNameTagValue, - }, - }, - { - name: "without clusterName but ENV is set", - fields: fields{ - instanceID: "i-xxxxx", - nodeName: "fake-node", - clusterNameEnv: "awesome-cluster", - }, - want: map[string]string{ - config.ENIInstanceIDTag: "i-xxxxx", - config.ClusterNameTagKey: "awesome-cluster", + "node.k8s.amazonaws.com/instance_id": "i-xxxxx", + "cluster.k8s.amazonaws.com/name": "awesome-cluster", }, }, { name: "with additional ENI tags", fields: fields{ instanceID: "i-xxxxx", - nodeName: "fake-node", additionalENITags: map[string]string{ "tagKey-1": "tagVal-1", "tagKey-2": "tagVal-2", }, }, want: map[string]string{ - config.ENIInstanceIDTag: "i-xxxxx", - "tagKey-1": "tagVal-1", - "tagKey-2": "tagVal-2", + "node.k8s.amazonaws.com/instance_id": "i-xxxxx", + "tagKey-1": "tagVal-1", + "tagKey-2": "tagVal-2", }, }, } @@ -1239,8 +1219,6 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { cache := &EC2InstanceMetadataCache{ instanceID: tt.fields.instanceID, clusterName: tt.fields.clusterName, - clusterNameEnvVal: tt.fields.clusterNameEnv, - nodeName: tt.fields.nodeName, additionalENITags: tt.fields.additionalENITags, } got := cache.buildENITags() @@ -1277,7 +1255,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1310,7 +1288,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1332,7 +1310,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1354,7 +1332,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1375,7 +1353,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1397,7 +1375,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1424,7 +1402,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1446,7 +1424,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1473,7 +1451,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1506,7 +1484,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1532,7 +1510,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1540,7 +1518,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String(config.ClusterNameTagKey), + Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), }, }, @@ -1558,7 +1536,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1566,7 +1544,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String(config.ClusterNameTagKey), + Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), }, }, @@ -1583,7 +1561,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1609,7 +1587,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1617,7 +1595,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String(config.ClusterNameTagKey), + Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), }, }, @@ -1640,7 +1618,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []*ec2.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String(config.ENIInstanceIDTag)}, + Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, }, { Name: aws.String("status"), @@ -1666,7 +1644,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: aws.String("available"), TagSet: []*ec2.Tag{ { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), }, { @@ -1674,7 +1652,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Value: aws.String(now.Format(time.RFC3339)), }, { - Key: aws.String(config.ClusterNameTagKey), + Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), }, }, @@ -1707,7 +1685,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { return nil }) } - cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, clusterNameEnvVal: tt.fields.clusterName, vpcID: vpcID} + cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, clusterName: tt.fields.clusterName, vpcID: vpcID} got, err := cache.getLeakedENIs() if tt.wantErr != nil { assert.EqualError(t, err, tt.wantErr.Error()) @@ -1727,8 +1705,6 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { type fields struct { instanceID string clusterName string - clusterNameEnvVal string - nodeName string additionalENITags map[string]string createTagsCalls []createTagsCall @@ -1748,29 +1724,19 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", - nodeName: "fake-node", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String(config.ENIOwnerTagKey), - Value: aws.String(config.ENIOwnerTagValue), - }, - { - Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), - Value: aws.String(config.ClusterNameTagValue), + Key: aws.String("cluster.k8s.amazonaws.com/name"), + Value: aws.String("awesome-cluster"), }, { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxx"), }, - - { - Key: aws.String(config.ENINodeNameTagKey), - Value: aws.String("fake-node"), - }, }, }, }, @@ -1787,16 +1753,13 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", - nodeName: "fake-node", createTagsCalls: nil, }, args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - config.ENIInstanceIDTag: "i-xxxx", - config.ENINodeNameTagKey: "fake-node", - fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster"): config.ClusterNameTagValue, - config.ENIOwnerTagKey: config.ENIOwnerTagValue, + "node.k8s.amazonaws.com/instance_id": "i-xxxx", + "cluster.k8s.amazonaws.com/name": "awesome-cluster", }, }, wantErr: nil, @@ -1806,77 +1769,13 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", - nodeName: "fake-node", - createTagsCalls: []createTagsCall{ - { - input: &ec2.CreateTagsInput{ - Resources: []*string{aws.String("eni-xxxx")}, - Tags: []*ec2.Tag{ - { - Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), - Value: aws.String(config.ClusterNameTagValue), - }, - { - Key: aws.String(config.ENINodeNameTagKey), - Value: aws.String("fake-node"), - }, - }, - }, - }, - }, - }, - args: args{ - eniID: "eni-xxxx", - currentTags: map[string]string{ - config.ENIInstanceIDTag: "i-xxxx", - config.ENIOwnerTagKey: config.ENIOwnerTagValue, - "anotherKey": "anotherDay", - }, - }, - wantErr: nil, - }, - { - name: "eni currently have partial tags, missing cluster name", - fields: fields{ - instanceID: "i-xxxx", - nodeName: "fake-node", - createTagsCalls: nil, - // []createTagsCall{ - // { - // input: &ec2.CreateTagsInput{ - // Resources: []*string{aws.String("eni-xxxx")}, - // Tags: []*ec2.Tag{ - // // { - // // Key: aws.String(config.ENINodeNameTagKey), - // // Value: aws.String("fake-node"), - // // }, - // }, - // }, - // }, - // }, - }, - args: args{ - eniID: "eni-xxxx", - currentTags: map[string]string{ - config.ENIInstanceIDTag: "i-xxxx", - "anotherKey": "anotherDay", - }, - }, - wantErr: nil, - }, - { - name: "eni currently have partial tags, missing cluster name from CNINode but ENV set", - fields: fields{ - instanceID: "i-xxxx", - nodeName: "fake-node", - clusterNameEnvVal: "awesome-cluster", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String(config.ClusterNameTagKey), + Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), }, }, @@ -1887,8 +1786,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - config.ENIInstanceIDTag: "i-xxxx", - "anotherKey": "anotherDay", + "node.k8s.amazonaws.com/instance_id": "i-xxxx", + "anotherKey": "anotherDay", }, }, wantErr: nil, @@ -1898,28 +1797,19 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { fields: fields{ instanceID: "i-xxxx", clusterName: "awesome-cluster", - nodeName: "fake-node", createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ Resources: []*string{aws.String("eni-xxxx")}, Tags: []*ec2.Tag{ { - Key: aws.String(config.ENIOwnerTagKey), - Value: aws.String(config.ENIOwnerTagValue), - }, - { - Key: aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, "awesome-cluster")), - Value: aws.String(config.ClusterNameTagValue), + Key: aws.String("cluster.k8s.amazonaws.com/name"), + Value: aws.String("awesome-cluster"), }, { - Key: aws.String(config.ENIInstanceIDTag), + Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxx"), }, - { - Key: aws.String(config.ENINodeNameTagKey), - Value: aws.String("fake-node"), - }, }, }, err: errors.New("permission denied"), @@ -1946,8 +1836,6 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { ec2SVC: mockEC2, instanceID: tt.fields.instanceID, clusterName: tt.fields.clusterName, - clusterNameEnvVal: tt.fields.clusterNameEnvVal, - nodeName: tt.fields.nodeName, additionalENITags: tt.fields.additionalENITags, } err := cache.TagENI(tt.args.eniID, tt.args.currentTags) diff --git a/pkg/config/type.go b/pkg/config/type.go deleted file mode 100644 index ec658b2caf..0000000000 --- a/pkg/config/type.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"). You may -// not use this file except in compliance with the License. A copy of the -// License is located at -// -// http://aws.amazon.com/apache2.0/ -// -// or in the "license" file accompanying this file. This file is distributed -// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -// express or implied. See the License for the specific language governing -// permissions and limitations under the License. - -package config - -// Constant values used in aws-node -// TODO: consolidate all constants in the project -const ( - // Cluster name ENV - ClusterNameEnv = "CLUSTER_NAME" - // ENI tags - ClusterNameTagKeyFormat = "kubernetes.io/cluster/%s" - ClusterNameTagValue = "owned" - - ClusterNameTagKey = "cluster.k8s.amazonaws.com/name" - ENIInstanceIDTag = "node.k8s.amazonaws.com/instance_id" - ENINodeNameTagKey = "node.k8s.amazonaws.com/nodename" - - // ENI owner tag - ENIOwnerTagKey = "eks:eni:owner" - ENIOwnerTagValue = "amazon-vpc-cni" -) diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index ca3c0c3306..b57dec2a1b 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -39,7 +39,6 @@ import ( "k8s.io/client-go/util/retry" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" - "github.com/aws/amazon-vpc-cni-k8s/pkg/config" "github.com/aws/amazon-vpc-cni-k8s/pkg/eniconfig" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" @@ -167,6 +166,8 @@ const ( // envManageUntaggedENI is used to determine if untagged ENIs should be managed or unmanaged envManageUntaggedENI = "MANAGE_UNTAGGED_ENI" + eniNodeTagKey = "node.k8s.amazonaws.com/instance_id" + // envAnnotatePodIP is used to annotate[vpc.amazonaws.com/pod-ips] pod's with IPs // Ref : https://github.com/projectcalico/calico/issues/3530 // not present; in which case we fall back to the k8s podIP @@ -245,7 +246,7 @@ func (c *IPAMContext) setUnmanagedENIs(tagMap map[string]awsutils.TagMap) { if tags[eniNoManageTagKey] != "true" { continue } - } else if _, found := tags[config.ENIInstanceIDTag]; found && tags[config.ENIInstanceIDTag] == c.awsClient.GetInstanceID() { + } else if _, found := tags[eniNodeTagKey]; found && tags[eniNodeTagKey] == c.awsClient.GetInstanceID() { continue } else if c.enableManageUntaggedMode { continue @@ -341,16 +342,7 @@ func New(k8sClient client.Client) (*IPAMContext, error) { c.enableIPv4 = isIPv4Enabled() c.enableIPv6 = isIPv6Enabled() c.disableENIProvisioning = disableENIProvisioning() - c.myNodeName = os.Getenv(envNodeName) - - var clusterName string - clusterName, err := getClusterName(c.k8sClient, c.myNodeName) - if err != nil { - // only log the error, fallback to running cleanup routine on the aws-node - log.Error("failed to get cluster name from CNINode") - } - - client, err := awsutils.New(c.useSubnetDiscovery, c.useCustomNetworking, disableLeakedENICleanup(clusterName), c.enableIPv4, c.enableIPv6, clusterName, c.myNodeName) + client, err := awsutils.New(c.useSubnetDiscovery, c.useCustomNetworking, disableLeakedENICleanup(), c.enableIPv4, c.enableIPv6) if err != nil { return nil, errors.Wrap(err, "ipamd: can not initialize with AWS SDK interface") } @@ -385,7 +377,7 @@ func New(k8sClient client.Client) (*IPAMContext, error) { } c.awsClient.InitCachedPrefixDelegation(c.enablePrefixDelegation) - + c.myNodeName = os.Getenv(envNodeName) checkpointer := datastore.NewJSONFile(dsBackingStorePath()) c.dataStore = datastore.NewDataStore(log, checkpointer, c.enablePrefixDelegation) @@ -1761,13 +1753,7 @@ func disableENIProvisioning() bool { return utils.GetBoolAsStringEnvVar(envDisableENIProvisioning, false) } -func disableLeakedENICleanup(clusterName string) bool { - - // cluster name is read from the CNINode CRD created by vpc-resource-controller and if found controller will run the cleanup routine to delete leaked ENIs - // so set disable leaked ENI cleanup to true on aws-node - if clusterName != "" { - return true - } +func disableLeakedENICleanup() bool { // Cases where leaked ENI cleanup is disabled: // 1. IPv6 is enabled, so no ENIs are attached // 2. ENI provisioning is disabled, so ENIs are not managed by IPAMD @@ -2359,21 +2345,3 @@ func (c *IPAMContext) AddFeatureToCNINode(ctx context.Context, featureName rcv1a newCNINode.Spec.Features = append(newCNINode.Spec.Features, newFeature) return c.k8sClient.Patch(ctx, newCNINode, client.MergeFromWithOptions(cniNode, client.MergeFromWithOptimisticLock{})) } - -// getClusterName returns the cluster name by reading CNINode Tags field -func getClusterName(k8sClient client.Client, nodeName string) (string, error) { - cniNode := &rcv1alpha1.CNINode{} - err := retry.OnError(retry.DefaultBackoff, func(error) bool { return true }, - func() error { - return k8sClient.Get(context.TODO(), types.NamespacedName{Name: nodeName}, cniNode) - }) - if err != nil { - return "", errors.Wrap(err, "failed to get CNINode") - } - - if val, ok := cniNode.Spec.Tags[config.ClusterNameTagKey]; ok { - return val, nil - } - - return "", fmt.Errorf("cluster name tag not found in CNINode") -} diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index d522334257..6053cb0b18 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -31,6 +31,7 @@ import ( "github.com/samber/lo" "github.com/stretchr/testify/assert" "github.com/vishvananda/netlink" + corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -40,10 +41,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" testclient "sigs.k8s.io/controller-runtime/pkg/client/fake" + "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" eniconfigscheme "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" mock_awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/mocks" - "github.com/aws/amazon-vpc-cni-k8s/pkg/config" mock_eniconfig "github.com/aws/amazon-vpc-cni-k8s/pkg/eniconfig/mocks" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" mock_networkutils "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils/mocks" @@ -80,7 +81,6 @@ const ( v6prefix01 = "2001:db8::/64" instanceID = "i-0e1f3b9eb950e4980" externalEniConfigLabel = "vpc.amazonaws.com/externalEniConfig" - clusterName = "fake-cluster" ) type testMocks struct { @@ -530,7 +530,7 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool, testAddr12 := ipaddr12 eni2 := secENIid - podENIConfig := &eniconfigscheme.ENIConfigSpec{ + podENIConfig := &v1alpha1.ENIConfigSpec{ SecurityGroups: []string{"sg1-id", "sg2-id"}, Subnet: "subnet1", } @@ -598,15 +598,15 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool, Status: v1.NodeStatus{}, } if unschedulabeNode { - fakeNode.Spec.Taints = append(fakeNode.Spec.Taints, v1.Taint{ + fakeNode.Spec.Taints = append(fakeNode.Spec.Taints, corev1.Taint{ Key: "node.kubernetes.io/unschedulable", - Effect: v1.TaintEffectNoSchedule, + Effect: corev1.TaintEffectNoSchedule, }) } m.k8sClient.Create(ctx, &fakeNode) // Create a dummy ENIConfig - fakeENIConfig := eniconfigscheme.ENIConfig{ + fakeENIConfig := v1alpha1.ENIConfig{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{Name: "az1"}, Spec: eniconfigscheme.ENIConfigSpec{ @@ -689,7 +689,7 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { testPrefix2 := prefix02 eni2 := secENIid - podENIConfig := &eniconfigscheme.ENIConfigSpec{ + podENIConfig := &v1alpha1.ENIConfigSpec{ SecurityGroups: []string{"sg1-id", "sg2-id"}, Subnet: "subnet1", } @@ -764,7 +764,7 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { m.k8sClient.Create(ctx, &fakeNode) //Create a dummy ENIConfig - fakeENIConfig := eniconfigscheme.ENIConfig{ + fakeENIConfig := v1alpha1.ENIConfig{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{Name: "az1"}, Spec: eniconfigscheme.ENIConfigSpec{ @@ -1438,10 +1438,10 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { eni3.ENIID: {"hi": "tag", eniNoManageTagKey: "false"}} Test4TagMap := map[string]awsutils.TagMap{ eni2.ENIID: {"hi": "tag", eniNoManageTagKey: "true"}, - eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} + eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} Test5TagMap := map[string]awsutils.TagMap{ - eni2.ENIID: {"hi": "tag", config.ENIInstanceIDTag: "i-abcdabcdabcd"}, - eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} + eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, + eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} tests := []struct { name string @@ -1490,7 +1490,7 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { if tags[eniNoManageTagKey] == "true" { return true } - } else if _, ok := tags[config.ENIInstanceIDTag]; ok && tags[config.ENIInstanceIDTag] != instanceID { + } else if _, ok := tags[eniNodeTagKey]; ok && tags[eniNodeTagKey] != instanceID { return true } } @@ -1526,10 +1526,10 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) eni3.ENIID: {"hi": "tag", eniNoManageTagKey: "false"}} Test4TagMap := map[string]awsutils.TagMap{ eni2.ENIID: {"hi": "tag", eniNoManageTagKey: "true"}, - eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} + eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} Test5TagMap := map[string]awsutils.TagMap{ - eni2.ENIID: {"hi": "tag", config.ENIInstanceIDTag: "i-abcdabcdabcd"}, - eni3.ENIID: {"hi": "tag", config.ENIInstanceIDTag: instanceID}} + eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, + eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} tests := []struct { name string @@ -1581,7 +1581,7 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) if tags[eniNoManageTagKey] == "true" { return true } - } else if _, ok := tags[config.ENIInstanceIDTag]; ok && tags[config.ENIInstanceIDTag] != instanceID { + } else if _, ok := tags[eniNodeTagKey]; ok && tags[eniNodeTagKey] != instanceID { return true } } @@ -2026,7 +2026,7 @@ func TestIPAMContext_enableSecurityGroupsForPods(t *testing.T) { mockContext.enablePodENI = true mockContext.tryEnableSecurityGroupsForPods(ctx) - var notUpdatedNode v1.Node + var notUpdatedNode corev1.Node NodeKey := types.NamespacedName{ Namespace: "", Name: myNodeName, @@ -2202,7 +2202,7 @@ func TestAnnotatePod(t *testing.T) { ctx := context.Background() // Define the Pod objects to test - pod := v1.Pod{ + pod := corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "test-pod", Namespace: "test-namespace", @@ -2390,75 +2390,3 @@ func TestAddFeatureToCNINode(t *testing.T) { }) } } - -func TestGetClusterName(t *testing.T) { - type args struct { - nodeName string - cniNode *rcscheme.CNINode - } - tests := []struct { - name string - expectedClusterName string - args args - wantErr bool - }{ - { - name: "CNINode contains cluster name tag", - expectedClusterName: clusterName, - args: args{ - nodeName: myNodeName, - cniNode: &rcscheme.CNINode{ - ObjectMeta: metav1.ObjectMeta{ - Name: myNodeName, - Namespace: "", - }, - Spec: rcscheme.CNINodeSpec{ - Tags: map[string]string{ - config.ClusterNameTagKey: clusterName, - }, - }, - }, - }, - wantErr: false, - }, - { - name: "CNINode does not contain cluster name", - expectedClusterName: "", - args: args{ - nodeName: myNodeName, - cniNode: &rcscheme.CNINode{ - ObjectMeta: metav1.ObjectMeta{ - Name: myNodeName, - Namespace: "", - }, - }, - }, - wantErr: true, - }, - { - name: "CNINode does not exist", - expectedClusterName: "", - args: args{ - nodeName: myNodeName, - cniNode: &rcscheme.CNINode{ - ObjectMeta: metav1.ObjectMeta{ - Name: "dummy-node", - Namespace: "", - }, - }, - }, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - m := setup(t) - defer m.ctrl.Finish() - - m.k8sClient.Create(context.Background(), tt.args.cniNode) - clusterName, err := getClusterName(m.k8sClient, tt.args.nodeName) - assert.Equal(t, tt.expectedClusterName, clusterName) - assert.Equal(t, err != nil, tt.wantErr) - }) - } -} diff --git a/test/framework/resources/k8s/manager.go b/test/framework/resources/k8s/manager.go index 13e7003c61..23de806201 100644 --- a/test/framework/resources/k8s/manager.go +++ b/test/framework/resources/k8s/manager.go @@ -34,7 +34,6 @@ type ResourceManagers interface { ConfigMapManager() resources.ConfigMapManager NetworkPolicyManager() resources.NetworkPolicyManager EventManager() resources.EventManager - CNINodeManager() resources.CNINodeManager } type defaultManager struct { @@ -49,7 +48,6 @@ type defaultManager struct { configMapManager resources.ConfigMapManager networkPolicyManager resources.NetworkPolicyManager eventManager resources.EventManager - cniNodeManager resources.CNINodeManager } func NewResourceManager(k8sClient client.Client, k8sClientset *kubernetes.Clientset, scheme *runtime.Scheme, config *rest.Config) ResourceManagers { @@ -65,7 +63,6 @@ func NewResourceManager(k8sClient client.Client, k8sClientset *kubernetes.Client configMapManager: resources.NewConfigMapManager(k8sClient), networkPolicyManager: resources.NewNetworkPolicyManager(k8sClient), eventManager: resources.NewEventManager(k8sClient), - cniNodeManager: resources.NewCNINodeManager(k8sClient), } } @@ -112,7 +109,3 @@ func (m *defaultManager) NetworkPolicyManager() resources.NetworkPolicyManager { func (m defaultManager) EventManager() resources.EventManager { return m.eventManager } - -func (m *defaultManager) CNINodeManager() resources.CNINodeManager { - return m.cniNodeManager -} diff --git a/test/framework/resources/k8s/resources/cninode.go b/test/framework/resources/k8s/resources/cninode.go deleted file mode 100644 index c74141a34d..0000000000 --- a/test/framework/resources/k8s/resources/cninode.go +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"). You may -// not use this file except in compliance with the License. A copy of the -// License is located at -// -// http://aws.amazon.com/apache2.0/ -// -// or in the "license" file accompanying this file. This file is distributed -// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -// express or implied. See the License for the specific language governing -// permissions and limitations under the License. - -package resources - -import ( - "context" - - rcv1alpha1 "github.com/aws/amazon-vpc-resource-controller-k8s/apis/vpcresources/v1alpha1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -type CNINodeManager interface { - GetCNINode(nodeName string) (*rcv1alpha1.CNINode, error) -} - -type defaultCNINodeManager struct { - k8sClient client.Client -} - -func (c defaultCNINodeManager) GetCNINode(nodeName string) (*rcv1alpha1.CNINode, error) { - cniNode := &rcv1alpha1.CNINode{} - err := c.k8sClient.Get(context.Background(), types.NamespacedName{Name: nodeName}, cniNode) - return cniNode, err - -} - -func NewCNINodeManager(k8sClient client.Client) CNINodeManager { - return &defaultCNINodeManager{k8sClient: k8sClient} -} diff --git a/test/integration/ipamd/cninode_test.go b/test/integration/ipamd/cninode_test.go deleted file mode 100644 index f65ba683a9..0000000000 --- a/test/integration/ipamd/cninode_test.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"). You may -// not use this file except in compliance with the License. A copy of the -// License is located at -// -// http://aws.amazon.com/apache2.0/ -// -// or in the "license" file accompanying this file. This file is distributed -// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -// express or implied. See the License for the specific language governing -// permissions and limitations under the License. - -package ipamd - -import ( - "github.com/aws/amazon-vpc-cni-k8s/pkg/config" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" -) - -var _ = Describe("CNINode Validation", func() { - Describe("Validate CNINode contains cluster name tag", func() { - Context("when nodes are ready", func() { - It("should have the cluster name tag populated", func() { - By("getting CNINode for the primary node and verify cluster name tag exists") - cniNode, err := f.K8sResourceManagers.CNINodeManager().GetCNINode(primaryNode.Name) - Expect(err).ToNot(HaveOccurred()) - val, ok := cniNode.Spec.Tags[config.ClusterNameTagKey] - Expect(ok).To(BeTrue()) - Expect(val).To(Equal(f.Options.ClusterName)) - }) - }) - }) -}) diff --git a/test/integration/ipamd/eni_ip_leak_test.go b/test/integration/ipamd/eni_ip_leak_test.go index 8257bac7d5..0e765c6425 100644 --- a/test/integration/ipamd/eni_ip_leak_test.go +++ b/test/integration/ipamd/eni_ip_leak_test.go @@ -3,6 +3,8 @@ package ipamd import ( "time" + v1 "k8s.io/api/core/v1" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -11,6 +13,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" ) +var primaryNode v1.Node var numOfNodes int var _ = Describe("[CANARY][SMOKE] ENI/IP Leak Test", func() { diff --git a/test/integration/ipamd/eni_tag_test.go b/test/integration/ipamd/eni_tag_test.go index 07924bf088..661f900c5e 100644 --- a/test/integration/ipamd/eni_tag_test.go +++ b/test/integration/ipamd/eni_tag_test.go @@ -132,24 +132,6 @@ var _ = Describe("test tags are created on Secondary ENI", func() { VerifyTagIsPresentOnENIs(newENIs, expectedTags) }) }) - Context("when additional secondary ENI are created without setting CLUSTER_NAME", func() { - BeforeEach(func() { - expectedTags = map[string]string{ - "kubernetes.io/cluster/" + f.Options.ClusterName: "owned", - "node.k8s.amazonaws.com/nodename": primaryNode.Name, - "eks:eni:owner": "amazon-vpc-cni", - } - - environmentVariables = map[string]string{ - "WARM_ENI_TARGET": "2", - } - }) - - It("new secondary ENI should have cluster name tags read from CNINode", func() { - Skip("skip till vpc-resource-controller release") - VerifyTagIsPresentOnENIs(newENIs, expectedTags) - }) - }) }) // VerifyTagIsPresentOnENIs verifies that the list of ENIs have expected tag key-val pair diff --git a/test/integration/ipamd/ipamd_suite_test.go b/test/integration/ipamd/ipamd_suite_test.go index 44ed2bb242..2caca00f83 100644 --- a/test/integration/ipamd/ipamd_suite_test.go +++ b/test/integration/ipamd/ipamd_suite_test.go @@ -34,7 +34,6 @@ const ( ) var coreDNSDeploymentCopy *v1.Deployment -var primaryNode *corev1.Node func TestIPAMD(t *testing.T) { RegisterFailHandler(Fail) @@ -57,6 +56,7 @@ var _ = BeforeSuite(func() { // Nominate the first untainted node as the one to run coredns deployment against By("adding nodeSelector in coredns deployment to be scheduled on single node") + var primaryNode *corev1.Node for _, n := range nodeList.Items { if len(n.Spec.Taints) == 0 { primaryNode = &n From 2884e901090635ff6f0358b4e1884804ff719c7e Mon Sep 17 00:00:00 2001 From: Yash Thakkar Date: Mon, 22 Jul 2024 22:17:10 -0700 Subject: [PATCH 61/83] updating iam doc with subnet policy (#2992) * updating iam doc * adding describe subnet to scoped down policy --- docs/iam-policy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/iam-policy.md b/docs/iam-policy.md index 7f5c6661e1..4bfe3c2c25 100644 --- a/docs/iam-policy.md +++ b/docs/iam-policy.md @@ -22,6 +22,7 @@ In general, you can grant below IAM policies to Amazon VPC CNI plugin depending "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", + "ec2:DescribeSubnets", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:UnassignPrivateIpAddresses" @@ -102,6 +103,7 @@ Note: "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", "ec2:DescribeInstanceTypes" ], "Resource": "*" From 6fc1be63721c686668be47cd0cbb53de96432515 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 16:21:43 -0700 Subject: [PATCH 62/83] Bump github.com/docker/docker (#2996) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.5...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 44a82ec78e..af6e40dc96 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/distribution/reference v0.5.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v25.0.5+incompatible // indirect + github.com/docker/docker v26.1.4+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index b4d526226d..564bab8813 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= -github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= From 7b9c37b23adbcd219304e778180708c1ecd62a24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:01:43 -0700 Subject: [PATCH 63/83] Bump golang.org/x/sys from 0.21.0 to 0.22.0 in /test/agent (#3005) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 83fcf638ed..d783f50347 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.21.0 + golang.org/x/sys v0.22.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 381d10ddd8..04743f1442 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From dbea58acefc5f7c3cb89da89733f62d545c70db9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 16:36:19 -0700 Subject: [PATCH 64/83] Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 (#3002) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.1 to 1.34.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 14 +++++++------- go.sum | 23 ++++++++++++----------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index af6e40dc96..86928ce7d2 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 + github.com/onsi/gomega v1.34.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.0 @@ -25,10 +25,10 @@ require ( github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.25.0 - golang.org/x/sys v0.21.0 + golang.org/x/net v0.27.0 + golang.org/x/sys v0.22.0 google.golang.org/grpc v1.62.0 - google.golang.org/protobuf v1.33.0 + google.golang.org/protobuf v1.34.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.15.2 @@ -145,13 +145,13 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.21.0 // indirect - golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect diff --git a/go.sum b/go.sum index 564bab8813..f88a2a1677 100644 --- a/go.sum +++ b/go.sum @@ -326,8 +326,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= @@ -447,8 +447,8 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -492,8 +492,9 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= @@ -503,8 +504,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -518,8 +519,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -550,8 +551,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 73adb4c83bedd06ce76c45b7b9262377114746c5 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 2 Aug 2024 11:23:23 -0700 Subject: [PATCH 65/83] Document the Multi Card Support Limitation. (#3006) * Document the Multi Card Support Limitation. * Update the information on multi-card instance type. --- docs/prefix-and-ip-target.md | 4 ++-- scripts/gen_vpc_ip_limits.go | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/prefix-and-ip-target.md b/docs/prefix-and-ip-target.md index 3de104c6d8..33ab261236 100644 --- a/docs/prefix-and-ip-target.md +++ b/docs/prefix-and-ip-target.md @@ -10,10 +10,10 @@ When a new ENI is allocated, IPAMD will determine the number of prefixes needed This table demonstrates how prefixes and ENIs will be allocated and use as pods will be created and scheduled to an instance. When reading this table, please keep in mind the following: -* Every instance type has different limits of ENI pre instance type, and secondary IPv4 addresses per ENI. This information is available on our [EC2 Docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI). +* Every instance type has different limits of ENI pre instance type, and secondary IPv4 addresses per ENI. This information is available on our [EC2 Docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI). In the example below, `t3.small` was chosen to demonstrate how additional ENIs will be created, since `t3.small` have a maximum of 3 ENIs and 4 IPv4 addresses per ENI. This result in a maximum of 9 available prefixes (3 ENIs * (4 IPv4s minus the primary IPv4 address used by the ENI)) -* When using prefixes or IPv4 assignment, if the value of `MINIMUM_IP_TARGET` is bigger than N*16, it's equivalent to setting it to (N+1)*16. +* When using prefixes or IPv4 assignment, if the value of `MINIMUM_IP_TARGET` is bigger than N*16, it's equivalent to setting it to (N+1)*16. The reason for this is because prefixes are allocated as /28 CIDR block or 16 consecutive IP addresses, so asking for minimum of 20 IPv4 addresses is equally as asking 32 IPv4 addresses | Instance type | `WARM_PREFIX_TARGET` | `WARM_IP_TARGET` | `MINIMUM_IP_TARGET` | Pods | ENIs | Pod per ENIs | Attached Prefixes | Pod per Prefixes | Unused Prefixes | Prefixes per ENI | Unused IPs | diff --git a/scripts/gen_vpc_ip_limits.go b/scripts/gen_vpc_ip_limits.go index 1f8b6fccd9..85c656b4cc 100644 --- a/scripts/gen_vpc_ip_limits.go +++ b/scripts/gen_vpc_ip_limits.go @@ -354,6 +354,8 @@ var eksMaxPodsTemplate = template.Must(template.New("").Parse(`# Copyright Amazo # # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI # +# NOTE: For multi-card instance types (p5.48xlarge) the max limits is calculated only against the default network card at index (0). +# {{- range $instanceLimit := .ENIPods}} {{ printf "%s" $instanceLimit }} {{- end }} From 72365597239515515f4a2ee4c70320cd92ec50e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 13:10:18 -0700 Subject: [PATCH 66/83] Bump github.com/aws/aws-sdk-go from 1.54.11 to 1.55.5 (#3000) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.54.11 to 1.55.5. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.11...v1.55.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 86928ce7d2..64c74532f3 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go v1.54.11 + github.com/aws/aws-sdk-go v1.55.5 github.com/containernetworking/cni v1.2.0 github.com/containernetworking/plugins v1.5.1 github.com/coreos/go-iptables v0.7.0 diff --git a/go.sum b/go.sum index f88a2a1677..703b57122e 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,8 @@ github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= -github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= -github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From abc9cfbbf638908c36cff0b156e76dca1640c6cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 16:21:58 -0700 Subject: [PATCH 67/83] Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#3001) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.19.0 to 2.19.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 64c74532f3..9be431609e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.19.0 + github.com/onsi/ginkgo/v2 v2.19.1 github.com/onsi/gomega v1.34.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.1 diff --git a/go.sum b/go.sum index 703b57122e..d0e1113782 100644 --- a/go.sum +++ b/go.sum @@ -324,8 +324,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= +github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From 01a81d9d17ff2c21f03b29237585c0aa081bebe2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 17:26:57 -0700 Subject: [PATCH 68/83] Bump k8s.io/client-go from 0.30.2 to 0.30.3 (#3003) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.2 to 0.30.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 9be431609e..a2545bb2c1 100644 --- a/go.mod +++ b/go.mod @@ -32,10 +32,10 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.15.2 - k8s.io/api v0.30.2 - k8s.io/apimachinery v0.30.2 + k8s.io/api v0.30.3 + k8s.io/apimachinery v0.30.3 k8s.io/cli-runtime v0.30.2 - k8s.io/client-go v0.30.2 + k8s.io/client-go v0.30.3 sigs.k8s.io/controller-runtime v0.18.4 ) diff --git a/go.sum b/go.sum index d0e1113782..d3d04e988a 100644 --- a/go.sum +++ b/go.sum @@ -577,18 +577,18 @@ helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE= k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= From 18181594cb431b87eda914a34386d9992a6f1880 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 18:17:54 -0700 Subject: [PATCH 69/83] Bump github.com/containernetworking/cni from 1.2.0 to 1.2.3 (#3004) Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.2.0 to 1.2.3. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.2.0...v1.2.3) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a2545bb2c1..287cc7d7ca 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 github.com/aws/aws-sdk-go v1.55.5 - github.com/containernetworking/cni v1.2.0 + github.com/containernetworking/cni v1.2.3 github.com/containernetworking/plugins v1.5.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.2 diff --git a/go.sum b/go.sum index d3d04e988a..be28ca83ef 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5Z github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= -github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= +github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8FuJbEslXM= +github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= From a473163ee35d05aaca610da6584ceaca761214f5 Mon Sep 17 00:00:00 2001 From: zyue110026 <98426905+zyue110026@users.noreply.github.com> Date: Thu, 8 Aug 2024 12:30:03 -0500 Subject: [PATCH 70/83] fix: init.image.pullPolicy and nodeAgent.image.pullPolicy not being respect (#3010) Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> --- charts/aws-vpc-cni/templates/daemonset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index b011f681a0..e41879d518 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -41,6 +41,7 @@ spec: initContainers: - name: aws-vpc-cni-init image: {{ include "aws-vpc-cni.initImage" . }} + imagePullPolicy: {{ .Values.init.image.pullPolicy }} env: {{- range $key, $value := .Values.init.env }} - name: {{ $key }} @@ -126,6 +127,7 @@ spec: {{- if .Values.nodeAgent.enabled }} - name: aws-eks-nodeagent image: {{ include "aws-vpc-cni.nodeAgentImage" . }} + imagePullPolicy: {{ .Values.nodeAgent.image.pullPolicy }} env: - name: MY_NODE_NAME valueFrom: From 443f53001abd0e8c3c80968e5eaa3eceb29b2d15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 12:44:45 -0700 Subject: [PATCH 71/83] Bump github.com/docker/docker (#3011) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 287cc7d7ca..8b4b07af4a 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/distribution/reference v0.5.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.4+incompatible // indirect + github.com/docker/docker v26.1.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index be28ca83ef..2485976235 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g= +github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= From 27ce1362636567592f006b987f3820c6b0fef55e Mon Sep 17 00:00:00 2001 From: Zach Dorame-Barajas <43703863+zachdorame@users.noreply.github.com> Date: Fri, 9 Aug 2024 15:45:03 -0700 Subject: [PATCH 72/83] Update kops version and k8s version (#3012) --- .github/workflows/kops-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/kops-test.yaml b/.github/workflows/kops-test.yaml index de109e19f7..dd46246e58 100644 --- a/.github/workflows/kops-test.yaml +++ b/.github/workflows/kops-test.yaml @@ -43,8 +43,8 @@ jobs: ROLE_ARN: ${{ secrets.EKS_CLUSTER_ROLE_ARN }} RUN_CNI_INTEGRATION_TESTS: false RUN_KOPS_TEST: true - K8S_VERSION: 1.30.0-beta.0 - KOPS_VERSION: v1.29.0 + K8S_VERSION: 1.31.0-beta.0 + KOPS_VERSION: v1.29.2 KOPS_RUN_TOO_NEW_VERSION: 1 run: | ./scripts/run-integration-tests.sh From 5c471fe47af7df8a34520d82692f1e6e40920589 Mon Sep 17 00:00:00 2001 From: Yash Thakkar Date: Wed, 18 Sep 2024 11:06:23 -0700 Subject: [PATCH 73/83] Bug fix: Ensure exact IP match between IMDS and local datastore. (#3033) * adding function to compare list * adding ut for functions * go fmt --- pkg/ipamd/ipamd.go | 15 +-- pkg/utils/cniutils/cni_utils.go | 49 ++++++++++ pkg/utils/cniutils/cni_utils_test.go | 131 +++++++++++++++++++++++++++ 3 files changed, 188 insertions(+), 7 deletions(-) diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index b57dec2a1b..588bc3870a 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -43,6 +43,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils" + "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/cniutils" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" "github.com/aws/amazon-vpc-cni-k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/utils/prometheusmetrics" @@ -1455,8 +1456,8 @@ func (c *IPAMContext) eniIPPoolReconcile(ipPool []string, attachedENI awsutils.E attachedENIIPs := attachedENI.IPv4Addresses needEC2Reconcile := true // Here we can't trust attachedENI since the IMDS metadata can be stale. We need to check with EC2 API. - // +1 is for the primary IP of the ENI that is not added to the ipPool and not available for pods to use. - if 1+len(ipPool) != len(attachedENIIPs) { + // IPsSimilar will exclude primary IP of the ENI that is not added to the ipPool and not available for pods to use. + if !cniutils.IPsSimilar(ipPool, attachedENIIPs) { log.Warnf("Instance metadata does not match data store! ipPool: %v, metadata: %v", ipPool, attachedENIIPs) log.Debugf("We need to check the ENI status by calling the EC2 control plane.") // Call EC2 to verify IPs on this ENI @@ -1492,14 +1493,14 @@ func (c *IPAMContext) eniIPPoolReconcile(ipPool []string, attachedENI awsutils.E } } -func (c *IPAMContext) eniPrefixPoolReconcile(ipPool []string, attachedENI awsutils.ENIMetadata, eni string) { +func (c *IPAMContext) eniPrefixPoolReconcile(prefixPool []string, attachedENI awsutils.ENIMetadata, eni string) { attachedENIIPs := attachedENI.IPv4Prefixes needEC2Reconcile := true // Here we can't trust attachedENI since the IMDS metadata can be stale. We need to check with EC2 API. - log.Debugf("Found prefix pool count %d for eni %s\n", len(ipPool), eni) + log.Debugf("Found prefix pool count %d for eni %s\n", len(prefixPool), eni) - if len(ipPool) != len(attachedENIIPs) { - log.Warnf("Instance metadata does not match data store! ipPool: %v, metadata: %v", ipPool, attachedENIIPs) + if !cniutils.PrefixSimilar(prefixPool, attachedENIIPs) { + log.Warnf("Instance metadata does not match data store! ipPool: %v, metadata: %v", prefixPool, attachedENIIPs) log.Debugf("We need to check the ENI status by calling the EC2 control plane.") // Call EC2 to verify IPs on this ENI ec2Addresses, err := c.awsClient.GetIPv4PrefixesFromEC2(eni) @@ -1515,7 +1516,7 @@ func (c *IPAMContext) eniPrefixPoolReconcile(ipPool []string, attachedENI awsuti seenIPs := c.verifyAndAddPrefixesToDatastore(eni, attachedENIIPs, needEC2Reconcile) // Sweep phase, delete remaining Prefixes since they should not remain in the datastore - for _, existingIP := range ipPool { + for _, existingIP := range prefixPool { if seenIPs[existingIP] { continue } diff --git a/pkg/utils/cniutils/cni_utils.go b/pkg/utils/cniutils/cni_utils.go index 11337dbceb..bf5520d12a 100644 --- a/pkg/utils/cniutils/cni_utils.go +++ b/pkg/utils/cniutils/cni_utils.go @@ -13,6 +13,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/netlinkwrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/procsyswrapper" "github.com/aws/amazon-vpc-cni-k8s/utils/imds" + "github.com/aws/aws-sdk-go/service/ec2" ) const ( @@ -145,3 +146,51 @@ func IsIptableTargetNotExist(err error) bool { } return e.IsNotExist() } + +// PrefixSimilar checks if prefix pool and eni prefix are equivalent. +func PrefixSimilar(prefixPool []string, eniPrefixes []*ec2.Ipv4PrefixSpecification) bool { + if len(prefixPool) != len(eniPrefixes) { + return false + } + + prefixPoolSet := make(map[string]struct{}, len(prefixPool)) + for _, ip := range prefixPool { + prefixPoolSet[ip] = struct{}{} + } + + for _, prefix := range eniPrefixes { + if prefix == nil || prefix.Ipv4Prefix == nil { + return false + } + if _, exists := prefixPoolSet[*prefix.Ipv4Prefix]; !exists { + return false + } + } + return true +} + +// IPsSimilar checks if ipPool and eniIPs are equivalent. +func IPsSimilar(ipPool []string, eniIPs []*ec2.NetworkInterfacePrivateIpAddress) bool { + // Here we do +1 in ipPool because eniIPs will also have primary IP which is not used by pods. + if len(ipPool)+1 != len(eniIPs) { + return false + } + + ipPoolSet := make(map[string]struct{}, len(ipPool)) + for _, ip := range ipPool { + ipPoolSet[ip] = struct{}{} + } + + for _, ip := range eniIPs { + if ip == nil || ip.PrivateIpAddress == nil || ip.Primary == nil { + return false + } + if *ip.Primary { + continue + } + if _, exists := ipPoolSet[*ip.PrivateIpAddress]; !exists { + return false + } + } + return true +} diff --git a/pkg/utils/cniutils/cni_utils_test.go b/pkg/utils/cniutils/cni_utils_test.go index 4b0e81ac03..46e063ac42 100644 --- a/pkg/utils/cniutils/cni_utils_test.go +++ b/pkg/utils/cniutils/cni_utils_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" current "github.com/containernetworking/cni/pkg/types/100" "github.com/stretchr/testify/assert" ) @@ -208,3 +209,133 @@ func Test_FindIPConfigsByIfaceIndex(t *testing.T) { }) } } + +func TestPrefixSimilar(t *testing.T) { + tests := []struct { + name string + prefixPool []string + eniPrefixes []*ec2.Ipv4PrefixSpecification + want bool + }{ + { + name: "Empty slices", + prefixPool: []string{}, + eniPrefixes: []*ec2.Ipv4PrefixSpecification{}, + want: true, + }, + { + name: "Different lengths", + prefixPool: []string{"192.168.1.0/24"}, + eniPrefixes: []*ec2.Ipv4PrefixSpecification{}, + want: false, + }, + { + name: "Equivalent prefixes", + prefixPool: []string{"192.168.1.0/24", "10.0.0.0/16"}, + eniPrefixes: []*ec2.Ipv4PrefixSpecification{ + {Ipv4Prefix: stringPtr("192.168.1.0/24")}, + {Ipv4Prefix: stringPtr("10.0.0.0/16")}, + }, + want: true, + }, + { + name: "Different prefixes", + prefixPool: []string{"192.168.1.0/24", "10.0.0.0/16"}, + eniPrefixes: []*ec2.Ipv4PrefixSpecification{ + {Ipv4Prefix: stringPtr("192.168.1.0/24")}, + {Ipv4Prefix: stringPtr("172.16.0.0/16")}, + }, + want: false, + }, + { + name: "Nil prefix", + prefixPool: []string{"192.168.1.0/24"}, + eniPrefixes: []*ec2.Ipv4PrefixSpecification{ + nil, + }, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := PrefixSimilar(tt.prefixPool, tt.eniPrefixes); got != tt.want { + t.Errorf("in test %s PrefixSimilar() = %v, want %v", tt.name, got, tt.want) + } + }) + } +} + +func TestIPsSimilar(t *testing.T) { + tests := []struct { + name string + ipPool []string + eniIPs []*ec2.NetworkInterfacePrivateIpAddress + want bool + }{ + { + name: "Empty IP pool", + ipPool: []string{}, + eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, + }, + want: true, + }, + { + name: "Different lengths", + ipPool: []string{"192.168.1.1"}, + eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, + {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, + {PrivateIpAddress: stringPtr("192.168.1.2"), Primary: boolPtr(false)}, + }, + want: false, + }, + { + name: "Equivalent IPs", + ipPool: []string{"192.168.1.1", "10.0.0.2"}, + eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, + {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, + {PrivateIpAddress: stringPtr("10.0.0.2"), Primary: boolPtr(false)}, + }, + want: true, + }, + { + name: "Different IPs", + ipPool: []string{"192.168.1.1", "10.0.0.2"}, + eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, + {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, + {PrivateIpAddress: stringPtr("172.16.0.1"), Primary: boolPtr(false)}, + }, + want: false, + }, + { + name: "Nil IP", + ipPool: []string{"192.168.1.1"}, + eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, + nil, + }, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := IPsSimilar(tt.ipPool, tt.eniIPs); got != tt.want { + t.Errorf("in test %s IPsSimilar() = %v, want %v", tt.name, got, tt.want) + } + }) + } +} + +// Helper functions for creating pointers +func stringPtr(s string) *string { + return &s +} + +func boolPtr(b bool) *bool { + return &b +} From 4d1442abfa3039d9d863b59845fc4cea43e221e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:21:09 -0700 Subject: [PATCH 74/83] Bump golang.org/x/sys from 0.22.0 to 0.24.0 in /test/agent (#3027) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.24.0. - [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index d783f50347..e95afedc04 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.22.0 + golang.org/x/sys v0.24.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 04743f1442..8917f21afc 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From fe812f598ac89ce23f8556c1f9884dcbcb4887e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 11:27:58 -0700 Subject: [PATCH 75/83] Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 in /test/agent (#3026) Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/coreos/go-iptables/releases) - [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-iptables dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index e95afedc04..39f52972cb 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -3,7 +3,7 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent go 1.22.3 require ( - github.com/coreos/go-iptables v0.7.0 + github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.1.0 golang.org/x/sys v0.24.0 ) diff --git a/test/agent/go.sum b/test/agent/go.sum index 8917f21afc..34fbe096f9 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -1,5 +1,5 @@ -github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= -github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= +github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= +github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= From 8d6b6746cf10bfb62cabf22e6d401544b5d82d02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 14:06:42 -0700 Subject: [PATCH 76/83] Bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0 in /test/agent (#3025) Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.0 to 1.3.0. - [Release notes](https://github.com/vishvananda/netlink/releases) - [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/vishvananda/netlink dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/agent/go.mod | 4 ++-- test/agent/go.sum | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 39f52972cb..3256f8c13a 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -4,8 +4,8 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.8.0 - github.com/vishvananda/netlink v1.1.0 + github.com/vishvananda/netlink v1.3.0 golang.org/x/sys v0.24.0 ) -require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect +require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 34fbe096f9..f9caee08b4 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -1,9 +1,10 @@ github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= -github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= -github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= +github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= +github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= +github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From eaa5db884f00efbf27cd85a75b8dc03bccd6b1f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 14:55:50 -0700 Subject: [PATCH 77/83] Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (#3024) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8b4b07af4a..63f7cd91eb 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/gomega v1.34.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.1 - github.com/prometheus/client_model v0.6.0 + github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.53.0 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 2485976235..5771b85ea2 100644 --- a/go.sum +++ b/go.sum @@ -351,8 +351,8 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= -github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= From 49b07427b836634db4437f06547e8bb96490ec4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 15:22:04 -0700 Subject: [PATCH 78/83] Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 (#3020) Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/coreos/go-iptables/releases) - [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-iptables dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 63f7cd91eb..08a4b29405 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/aws/aws-sdk-go v1.55.5 github.com/containernetworking/cni v1.2.3 github.com/containernetworking/plugins v1.5.1 - github.com/coreos/go-iptables v0.7.0 + github.com/coreos/go-iptables v0.8.0 github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 diff --git a/go.sum b/go.sum index 5771b85ea2..cf16c0f988 100644 --- a/go.sum +++ b/go.sum @@ -75,8 +75,8 @@ github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8F github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= -github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= -github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= +github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= +github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= From abaf575e76b757934b3024790f498dd1881f37ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 16:07:12 -0700 Subject: [PATCH 79/83] Bump golang.org/x/sys from 0.22.0 to 0.25.0 (#3037) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.25.0. - [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 08a4b29405..12225f346c 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 golang.org/x/net v0.27.0 - golang.org/x/sys v0.22.0 + golang.org/x/sys v0.25.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.34.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1 diff --git a/go.sum b/go.sum index cf16c0f988..fc52d9dbd8 100644 --- a/go.sum +++ b/go.sum @@ -493,8 +493,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= From eb7a9bd6c4b785c8b145d926be1da798de23d0ad Mon Sep 17 00:00:00 2001 From: pavanipt Date: Wed, 25 Sep 2024 10:05:50 -0700 Subject: [PATCH 80/83] Fix fetching enimetadata (#3035) * Fix fetching enimetadata for efa-only enis * Fix format * Fix and add tests * fix format * Add comments --------- Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com> --- pkg/awsutils/awsutils.go | 145 +++++++++++++++++++--------------- pkg/awsutils/awsutils_test.go | 74 ++++++++++++----- pkg/awsutils/imds.go | 6 ++ 3 files changed, 139 insertions(+), 86 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index f9ba346915..22a115ea19 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -585,6 +585,12 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } + networkCard, err := cache.imds.GetNetworkCard(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetNetworkCard", err) + return ENIMetadata{}, err + } + deviceNum, err = cache.imds.GetDeviceNumber(ctx, eniMAC) if err != nil { awsAPIErrInc("GetDeviceNumber", err) @@ -602,82 +608,91 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat deviceNum = 0 } - log.Debugf("Found ENI: %s, MAC %s, device %d", eniID, eniMAC, deviceNum) - - // Get IPv4 and IPv6 addresses assigned to interface - cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) - return ENIMetadata{}, err - } - - imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetLocalIPv4s", err) - return ENIMetadata{}, err - } - - ec2ip4s := make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) - for i, ip4 := range imdsIPv4s { - ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ - Primary: aws.Bool(i == 0), - PrivateIpAddress: aws.String(ip4.String()), - } - } + log.Debugf("Found ENI: %s, MAC %s, device %d, network card %d", eniID, eniMAC, deviceNum, networkCard) + var subnetV4Cidr string + var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress var ec2ip6s []*ec2.NetworkInterfaceIpv6Address var subnetV6Cidr string - if cache.v6Enabled { - // For IPv6 ENIs, do not error on missing IPv6 information - v6cidr, err := cache.imds.GetSubnetIPv6CIDRBlocks(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetSubnetIPv6CIDRBlocks", err) - } else { - subnetV6Cidr = v6cidr.String() - } + var ec2ipv4Prefixes []*ec2.Ipv4PrefixSpecification + var ec2ipv6Prefixes []*ec2.Ipv6PrefixSpecification - imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC) + // CNI only manages ENI's on network card 0. We need to get complete metadata info only for ENI's on network card 0. + // For ENI's on other network cards, there might not be IP related info present at all like 'efa-only' interfaces + // So we are skipping fetching IP related info for all ENI's other than card 0 + if networkCard == 0 { + // Get IPv4 and IPv6 addresses assigned to interface + cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) if err != nil { - awsAPIErrInc("GetIPv6s", err) + awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) + return ENIMetadata{}, err } else { - ec2ip6s = make([]*ec2.NetworkInterfaceIpv6Address, len(imdsIPv6s)) - for i, ip6 := range imdsIPv6s { - ec2ip6s[i] = &ec2.NetworkInterfaceIpv6Address{ - Ipv6Address: aws.String(ip6.String()), - } - } + subnetV4Cidr = cidr.String() } - } - var ec2ipv4Prefixes []*ec2.Ipv4PrefixSpecification - var ec2ipv6Prefixes []*ec2.Ipv6PrefixSpecification - - // If IPv6 is enabled, get attached v6 prefixes. - if cache.v6Enabled { - imdsIPv6Prefixes, err := cache.imds.GetIPv6Prefixes(ctx, eniMAC) + imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) if err != nil { - awsAPIErrInc("GetIPv6Prefixes", err) + awsAPIErrInc("GetLocalIPv4s", err) return ENIMetadata{}, err } - for _, ipv6prefix := range imdsIPv6Prefixes { - ec2ipv6Prefixes = append(ec2ipv6Prefixes, &ec2.Ipv6PrefixSpecification{ - Ipv6Prefix: aws.String(ipv6prefix.String()), - }) + + ec2ip4s = make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) + for i, ip4 := range imdsIPv4s { + ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ + Primary: aws.Bool(i == 0), + PrivateIpAddress: aws.String(ip4.String()), + } } - } else if cache.v4Enabled && ((eniMAC == primaryMAC && !cache.useCustomNetworking) || (eniMAC != primaryMAC)) { - // Get prefix on primary ENI when custom networking is enabled is not needed. - // If primary ENI has prefixes attached and then we move to custom networking, we don't need to fetch - // the prefix since recommendation is to terminate the nodes and that would have deleted the prefix on the - // primary ENI. - imdsIPv4Prefixes, err := cache.imds.GetIPv4Prefixes(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetIPv4Prefixes", err) - return ENIMetadata{}, err + + if cache.v6Enabled { + // For IPv6 ENIs, do not error on missing IPv6 information + v6cidr, err := cache.imds.GetSubnetIPv6CIDRBlocks(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetSubnetIPv6CIDRBlocks", err) + } else { + subnetV6Cidr = v6cidr.String() + } + + imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv6s", err) + } else { + ec2ip6s = make([]*ec2.NetworkInterfaceIpv6Address, len(imdsIPv6s)) + for i, ip6 := range imdsIPv6s { + ec2ip6s[i] = &ec2.NetworkInterfaceIpv6Address{ + Ipv6Address: aws.String(ip6.String()), + } + } + } } - for _, ipv4prefix := range imdsIPv4Prefixes { - ec2ipv4Prefixes = append(ec2ipv4Prefixes, &ec2.Ipv4PrefixSpecification{ - Ipv4Prefix: aws.String(ipv4prefix.String()), - }) + + // If IPv6 is enabled, get attached v6 prefixes. + if cache.v6Enabled { + imdsIPv6Prefixes, err := cache.imds.GetIPv6Prefixes(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv6Prefixes", err) + return ENIMetadata{}, err + } + for _, ipv6prefix := range imdsIPv6Prefixes { + ec2ipv6Prefixes = append(ec2ipv6Prefixes, &ec2.Ipv6PrefixSpecification{ + Ipv6Prefix: aws.String(ipv6prefix.String()), + }) + } + } else if cache.v4Enabled && ((eniMAC == primaryMAC && !cache.useCustomNetworking) || (eniMAC != primaryMAC)) { + // Get prefix on primary ENI when custom networking is enabled is not needed. + // If primary ENI has prefixes attached and then we move to custom networking, we don't need to fetch + // the prefix since recommendation is to terminate the nodes and that would have deleted the prefix on the + // primary ENI. + imdsIPv4Prefixes, err := cache.imds.GetIPv4Prefixes(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv4Prefixes", err) + return ENIMetadata{}, err + } + for _, ipv4prefix := range imdsIPv4Prefixes { + ec2ipv4Prefixes = append(ec2ipv4Prefixes, &ec2.Ipv4PrefixSpecification{ + Ipv4Prefix: aws.String(ipv4prefix.String()), + }) + } } } @@ -685,7 +700,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat ENIID: eniID, MAC: eniMAC, DeviceNumber: deviceNum, - SubnetIPv4CIDR: cidr.String(), + SubnetIPv4CIDR: subnetV4Cidr, IPv4Addresses: ec2ip4s, IPv4Prefixes: ec2ipv4Prefixes, SubnetIPv6CIDR: subnetV6Cidr, @@ -1356,7 +1371,7 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, if interfaceType == "trunk" { trunkENI = eniID } - if interfaceType == "efa" { + if interfaceType == "efa" || interfaceType == "efa-only" { efaENIs[eniID] = true } // Check IPv4 addresses diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index cf93040526..72ebda0dd4 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -48,6 +48,7 @@ const ( metadataSubnetID = "/subnet-id" metadataVpcID = "/vpc-id" metadataVPCcidrs = "/vpc-ipv4-cidr-blocks" + metadataNetworkCard = "/network-card" metadataDeviceNum = "/device-number" metadataInterface = "/interface-id" metadataSubnetCIDR = "/subnet-ipv4-cidr-block" @@ -61,6 +62,7 @@ const ( instanceType = "c1.medium" primaryMAC = "12:ef:2a:98:e5:5a" eni2MAC = "12:ef:2a:98:e5:5b" + eni3MAC = "12:ef:2a:98:e5:5c" sg1 = "sg-2e080f50" sg2 = "sg-2e080f51" sgs = sg1 + " " + sg2 @@ -70,14 +72,19 @@ const ( primaryeniID = "eni-00000000" eniID = primaryeniID eniAttachID = "eni-attach-beb21856" + eni1NetworkCard = "0" eni1Device = "0" eni1PrivateIP = "10.0.0.1" eni1Prefix = "10.0.1.0/28" + eni2NetworkCard = "0" eni2Device = "1" eni2PrivateIP = "10.0.0.2" eni2Prefix = "10.0.2.0/28" eni2v6Prefix = "2001:db8::/64" eni2ID = "eni-12341234" + eni3NetworkCard = "1" + eni3Device = "1" + eni3ID = "eni-67896789" metadataVPCIPv4CIDRs = "192.168.0.0/16 100.66.0.0/1" myNodeName = "testNodeName" ) @@ -90,14 +97,15 @@ func testMetadata(overrides map[string]interface{}) FakeIMDS { metadataInstanceType: instanceType, metadataMAC: primaryMAC, metadataMACPath: primaryMAC, - metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, - metadataMACPath + primaryMAC + metadataInterface: primaryeniID, - metadataMACPath + primaryMAC + metadataSGs: sgs, - metadataMACPath + primaryMAC + metadataIPv4s: eni1PrivateIP, - metadataMACPath + primaryMAC + metadataSubnetID: subnetID, - metadataMACPath + primaryMAC + metadataVpcID: vpcID, - metadataMACPath + primaryMAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + primaryMAC + metadataVPCcidrs: metadataVPCIPv4CIDRs, + metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, + metadataMACPath + primaryMAC + metadataInterface: primaryeniID, + metadataMACPath + primaryMAC + metadataNetworkCard: eni1NetworkCard, + metadataMACPath + primaryMAC + metadataSGs: sgs, + metadataMACPath + primaryMAC + metadataIPv4s: eni1PrivateIP, + metadataMACPath + primaryMAC + metadataSubnetID: subnetID, + metadataMACPath + primaryMAC + metadataVpcID: vpcID, + metadataMACPath + primaryMAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + primaryMAC + metadataVPCcidrs: metadataVPCIPv4CIDRs, } for k, v := range overrides { @@ -204,10 +212,31 @@ func TestInitWithEC2metadataErr(t *testing.T) { func TestGetAttachedENIs(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, + metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, + }) + + cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} + ens, err := cache.GetAttachedENIs() + if assert.NoError(t, err) { + assert.Equal(t, len(ens), 2) + } +} + +func TestGetAttachedENIsWithEfa(t *testing.T) { + mockMetadata := testMetadata(map[string]interface{}{ + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, + metadataMACPath + eni3MAC + metadataNetworkCard: eni3NetworkCard, + metadataMACPath + eni3MAC + metadataDeviceNum: eni3Device, + metadataMACPath + eni3MAC + metadataInterface: eni3ID, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} @@ -220,6 +249,7 @@ func TestGetAttachedENIs(t *testing.T) { func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, @@ -1007,10 +1037,11 @@ func TestEC2InstanceMetadataCache_waitForENIAndIPsAttached(t *testing.T) { fmt.Println("eniips", eniIPs) mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, + metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, ec2SVC: mockEC2} gotEniMetadata, err := cache.waitForENIAndIPsAttached(tt.args.eni, tt.args.wantedSecondaryIPs, tt.args.maxBackoffDelay) @@ -1102,11 +1133,12 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) { } mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, - metadataMACPath + eni2MAC + metaDataPrefixPath: eniPrefixes, + metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, + metadataMACPath + eni2MAC + metaDataPrefixPath: eniPrefixes, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, ec2SVC: mockEC2, enablePrefixDelegation: true, v4Enabled: tt.args.v4Enabled, v6Enabled: tt.args.v6Enabled} diff --git a/pkg/awsutils/imds.go b/pkg/awsutils/imds.go index 69c9343501..e3174ba5e9 100644 --- a/pkg/awsutils/imds.go +++ b/pkg/awsutils/imds.go @@ -166,6 +166,12 @@ func (imds TypedIMDS) getInt(ctx context.Context, key string) (int, error) { return dataInt, err } +// GetNetworkCard returns the unique network card number associated with an interface. +func (imds TypedIMDS) GetNetworkCard(ctx context.Context, mac string) (int, error) { + key := fmt.Sprintf("network/interfaces/macs/%s/network-card", mac) + return imds.getInt(ctx, key) +} + // GetDeviceNumber returns the unique device number associated with an interface. The primary interface is 0. func (imds TypedIMDS) GetDeviceNumber(ctx context.Context, mac string) (int, error) { key := fmt.Sprintf("network/interfaces/macs/%s/device-number", mac) From 262e4a7892348936fb9406b88374f8281babcb0d Mon Sep 17 00:00:00 2001 From: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Date: Wed, 25 Sep 2024 11:05:33 -0700 Subject: [PATCH 81/83] =?UTF-8?q?Changelog,=20Chart=20Versions=20and=20Con?= =?UTF-8?q?fig=20Version=20update=20for=20CNI=20Release=20v=E2=80=A6=20(#3?= =?UTF-8?q?029)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Changelog, Chart Versions and Config Version update for CNI Release v1.18.3 (#2994) * CNI Release v1.18.3 * Added Changelog categories. * Update CHANGELOG.md Fix incomplete sentence. * test branch without addon --------- Co-authored-by: Senthil Kumaran --- CHANGELOG.md | 60 +++++++++++++++++-- charts/aws-vpc-cni/Chart.yaml | 4 +- charts/aws-vpc-cni/README.md | 4 +- charts/aws-vpc-cni/values.yaml | 6 +- charts/cni-metrics-helper/Chart.yaml | 4 +- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 4 +- config/master/aws-k8s-cni-cn.yaml | 16 ++--- config/master/aws-k8s-cni-us-gov-east-1.yaml | 16 ++--- config/master/aws-k8s-cni-us-gov-west-1.yaml | 16 ++--- config/master/aws-k8s-cni.yaml | 16 ++--- config/master/cni-metrics-helper-cn.yaml | 10 ++-- .../cni-metrics-helper-us-gov-east-1.yaml | 10 ++-- .../cni-metrics-helper-us-gov-west-1.yaml | 10 ++-- config/master/cni-metrics-helper.yaml | 10 ++-- scripts/generate-cni-yaml.sh | 2 +- scripts/run-canary-test.sh | 5 +- scripts/run-cni-release-tests.sh | 13 ++-- 18 files changed, 130 insertions(+), 78 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2393d8f85d..55f7c394dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,55 @@ # Changelog +## v1.18.3 + +## What's Changed + +* Feature - [cni-metrics-helper] Expose container port when enabling prometheus metrics by @toVersus in https://github.com/aws/amazon-vpc-cni-k8s/pull/2957 +* Feature - Add extraEnv for add additional env from configmap or secrets to aws-node daemonset by @gawsoftpl in https://github.com/aws/amazon-vpc-cni-k8s/pull/2946 +* Feature - Upgrade to latest versions of GitHub actions by @electrocucaracha in https://github.com/aws/amazon-vpc-cni-k8s/pull/2952 +* Feature - use __MTU__ variable for IPv4 egress-cni too by @benben in https://github.com/aws/amazon-vpc-cni-k8s/pull/2951 + +* Bugfix - Subnet Discovery - Unfilled ENI fix by @jchen6585 in https://github.com/aws/amazon-vpc-cni-k8s/pull/2954 +* Bugfix - Update the APISpec Schema definition for ENIConfig. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2969 +* Bugfix - Use ECR Mirror for Curl Test Image. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2956 +* Bugfix - Add unit test and readme update for POD_MTU/ AWS_VPC_ENI_MTU for Egress plugin behavior. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2979 +* Bugfix - bugfix: templating broken on helm when cniconfig is enabled by @FatPudgeB93 in https://github.com/aws/amazon-vpc-cni-k8s/pull/2983 +* Bugfix - Update vpc_ip_resource_limit.go link in README.md by @kimsehwan96 in https://github.com/aws/amazon-vpc-cni-k8s/pull/2986 +* Bugfix - updating iam doc with subnet policy by @yash97 in https://github.com/aws/amazon-vpc-cni-k8s/pull/2992 + +* Cleanup - Skip Static Canary in run-integration-test in Github. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2935 +* Cleanup - Helpful Make target to login to public ECR. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2934 +* Cleanup - Run Kops Test Separately to triage failures. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2936 +* Cleanup - Update test options default value and help. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2955 +* Cleanup - Refactor static canary tests. by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2966 + +* Dependency - Update golang to go1.22.3 by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2924 +* Dependency - Bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2938 +* Dependency - Bump golang.org/x/sys from 0.19.0 to 0.20.0 in /test/agent by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2937 +* Dependency - Update .go-version to 1.22.4 by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2950 +* Dependency - Bump github.com/containernetworking/cni from 1.1.2 to 1.2.0 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2901 +* Dependency - Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.18.4 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2962 +* Dependency - Bump k8s.io/cli-runtime from 0.29.0 to 0.30.2 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2965 +* Dependency - Bump helm.sh/helm/v3 from 3.14.3 to 3.15.2 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2964 +* Dependency - Bump github.com/aws/aws-sdk-go from 1.51.32 to 1.54.11 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2976 +* Dependency - Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2975 +* Dependency - Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2972 +* Dependency - Bump golang.org/x/sys from 0.20.0 to 0.21.0 in /test/agent by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2977 +* Dependency - Bump github.com/containernetworking/plugins from 1.4.1 to 1.5.1 by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/2974 +* Dependency - chore: Update .go-version by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/2981 + +## New Contributors +* @toVersus made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2957 +* @electrocucaracha made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2952 +* @benben made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2951 +* @gawsoftpl made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2946 +* @FatPudgeB93 made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2983 +* @kimsehwan96 made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2986 +* @yash97 made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2992 + +**Full Changelog**: https://github.com/aws/amazon-vpc-cni-k8s/compare/v1.18.2...v1.18.3 + + ## v1.18.2 * Enhancement - [Improve "cni-metrics-helper" setup experience](https://github.com/aws/amazon-vpc-cni-k8s/pull/2874) (@guessi) @@ -360,7 +410,7 @@ Was Skipped * Bug - [Fix condition for disable provisioning](https://github.com/aws/amazon-vpc-cni-k8s/pull/1823) (@jayanthvn ) ## v1.10.1 -* Bug - [Use IMDSv2 token when fetching node ip in entrypoint](https://github.com/aws/amazon-vpc-cni-k8s/pull/1727) (#1727, [@chlunde](https://github.com/chlunde)) +* Bug - [Use IMDSv2 token when fetching node ip in entrypoint](https://github.com/aws/amazon-vpc-cni-k8s/pull/1727) (#1727, [@chlunde](https://github.com/chlunde)) ## v1.10.0 * Feature - [IPv6 Support](https://github.com/aws/amazon-vpc-cni-k8s/pull/1587) (#1587, [@achevuru](https://github.com/achevuru)) @@ -375,7 +425,7 @@ Was Skipped * Bug - [Make error count granular](https://github.com/aws/amazon-vpc-cni-k8s/pull/1651) (#1651, [@jayanthvn](https://github.com/jayanthvn)) * Bug - [ServiceAccount should precede DaemonSet in yaml aws](https://github.com/aws/amazon-vpc-cni-k8s/pull/1637) (#1637, [@sramabad1](https://github.com/sramabad1)) * Testing - [Enable unit tests upon PR to release branch](https://github.com/aws/amazon-vpc-cni-k8s/pull/1684) (#1684, [@vikasmb](https://github.com/vikasmb)) -* Testing - [Upgrade EKS cluster version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1680) (#1680, [@vikasmb](https://github.com/vikasmb)) +* Testing - [Upgrade EKS cluster version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1680) (#1680, [@vikasmb](https://github.com/vikasmb)) ## v1.9.1 * Enhancement - [Support DISABLE_NETWORK_RESOURCE_PROVISIONING](https://github.com/aws/amazon-vpc-cni-k8s/pull/1586) (#1586, [@jayanthvn](https://github.com/jayanthvn)) @@ -507,7 +557,7 @@ Was Skipped ## v1.7.1 * Bug - [Calico deletes routes when using CNI v1.7.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/1166) (#1166, [@jayanthvn](https://github.com/jayanthvn)) -* Improvement - [enable manual override for VERSION in images](https://github.com/aws/amazon-vpc-cni-k8s/pull/1156) (#1156, [@nprab428](https://github.com/nprab428)) +* Improvement - [enable manual override for VERSION in images](https://github.com/aws/amazon-vpc-cni-k8s/pull/1156) (#1156, [@nprab428](https://github.com/nprab428)) ## v1.7.0 @@ -729,9 +779,9 @@ Was Skipped * Improvement - [Explicitly set the IP on secondary ENIs](https://github.com/aws/amazon-vpc-cni-k8s/pull/271) (#271, [@ewbankkit](https://github.com/ewbankkit)) - Fixes IP bug on older kernels. * Improvement - [Update instance ENI and IP mapping table](https://github.com/aws/amazon-vpc-cni-k8s/pull/275) (#275, [@hmizuma](https://github.com/hmizuma)) - - Adds a1 and c5n instances. (Already included in v1.3.2) + - Adds a1 and c5n instances. (Already included in v1.3.2) * Improvement - [Add ENI entries for p3dn.24xlarge instance](https://github.com/aws/amazon-vpc-cni-k8s/pull/274) (#274, [@hmizuma](https://github.com/hmizuma)) - - p3dn.24xlarge was already included in v1.3.2 + - p3dn.24xlarge was already included in v1.3.2 * Improvement - [Use InClusterConfig when CreateKubeClient() was called without args](https://github.com/aws/amazon-vpc-cni-k8s/pull/293) (#293, [@nak3](https://github.com/nak3)) * Improvement - [Expose configuration variables via ipamD to make it debug friendly](https://github.com/aws/amazon-vpc-cni-k8s/pull/287) (#287, [@nak3](https://github.com/nak3)) * Improvement - [Allow cross compile on different platform ](https://github.com/aws/amazon-vpc-cni-k8s/pull/292) (#292, [@nak3](https://github.com/nak3)) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 9e647dcb83..e843f15fb9 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.2 -appVersion: "v1.18.2" +version: 1.18.3 +appVersion: "v1.18.3" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 1b6936a1dc..aea9b8611d 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.2` | +| `image.tag` | Image tag | `v1.18.3` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.2` | +| `init.image.tag` | Image tag | `v1.18.3` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 017f05dfb8..d26c76ecd4 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.2 + tag: v1.18.3 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.18.2 + tag: v1.18.3 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.2" + VPC_CNI_VERSION: "v1.18.3" NETWORK_POLICY_ENFORCING_MODE: "standard" # Add env from configMap or from secrets diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index e3c4721fbb..77ede978c0 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.2 -appVersion: v1.18.2 +version: 1.18.3 +appVersion: v1.18.3 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 09637235cf..68cfa3aa39 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.18.2` | +| `image.tag` | Image tag | `v1.18.3` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index edf99213c0..8d462ef385 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.2 + tag: v1.18.3 account: "602401143452" domain: "amazonaws.com" # Set to use custom image @@ -25,7 +25,7 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: annotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME resources: {} diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 5e47fb81ab..509f86a546 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.2 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.3 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.2 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.3 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.2" + value: "v1.18.3" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 42b7493257..72912bdfb6 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.3 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.2 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.3 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.2" + value: "v1.18.3" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 895ccbe439..cb92624888 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.3 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.2 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.3 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.2" + value: "v1.18.3" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index a4c3788a03..2afd7945ee 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +278,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: updateStrategy: rollingUpdate: @@ -384,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.2 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.3 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.2 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.3 ports: - containerPort: 61678 name: metrics @@ -469,7 +469,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.2" + value: "v1.18.3" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 70f1cd8c48..1c27aed821 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.2" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.3" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 071d9c5876..0f88b2cefc 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.2" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.3" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 8c4fd73e53..7432ac67f4 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.2" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.3" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 9e7a7d654d..440d2f1c9a 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.2" + app.kubernetes.io/version: "v1.18.3" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.3" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index baf144dc6e..6fe87f1c64 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,7 +8,7 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.2" +VPC_CNI_VERSION="v1.18.3" NODE_AGENT_VERSION="v1.1.2" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION diff --git a/scripts/run-canary-test.sh b/scripts/run-canary-test.sh index 97680cdb49..c68abb2b44 100755 --- a/scripts/run-canary-test.sh +++ b/scripts/run-canary-test.sh @@ -4,6 +4,7 @@ # addon version and then runs smoke test on the latest addon version. set -e +set -x SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" @@ -29,7 +30,7 @@ load_addon_details # cover basic functionlity plus test that could detect issues with dependencies # early on. echo "Running Canary tests on the default addon version" -install_add_on "$DEFAULT_ADDON_VERSION" +# install_add_on "$DEFAULT_ADDON_VERSION" run_ginkgo_test "CANARY" # Run smoke test on the latest addon version. Smoke tests consist of a subset of tests @@ -39,7 +40,7 @@ if [[ $ADC_REGIONS == *"$REGION"* ]]; then echo "Skipping Smoke tests on the latest addon version" else echo "Running Smoke tests on the latest addon version" - install_add_on "$LATEST_ADDON_VERSION" + # install_add_on "$LATEST_ADDON_VERSION" run_ginkgo_test "SMOKE" fi diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 0abf53b4ed..c132514e19 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,11 +10,12 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.3" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" INTEGRATION_TEST_DIR="$SCRIPT_DIR/../test/integration" TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} @@ -28,25 +29,25 @@ function run_integration_test() { echo "Running ipamd integration tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/ipamd && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=ipamd_event_test.go -v -timeout 90m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/ipamd && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=ipamd_event_test.go -v -timeout 90m --no-color --fail-on-pending $GINKGO_TEST_BUILD/ipamd.test-- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "ipamd test took $((SECONDS - START)) seconds." echo "Running cni integration tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=soak_test.go -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=soak_test.go -v -timeout 60m --no-color --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.2" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.3" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.3}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) TAG=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 2) echo "Running cni-metrics-helper image($CNI_METRICS_HELPER) tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/metrics-helper && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS -v -timeout 15m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --cni-metrics-helper-image-repo=$REPO_NAME --cni-metrics-helper-image-tag=$TAG --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/metrics-helper && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS -v -timeout 15m --no-color --fail-on-pending $GINKGO_TEST_BUILD/metrics.test -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --cni-metrics-helper-image-repo=$REPO_NAME --cni-metrics-helper-image-tag=$TAG --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "cni-metrics-helper test took $((SECONDS - START)) seconds." if [[ "$TEST_RESULT" == fail ]]; then echo "Integration test failed." From aa9c596b7d05baa8201d00762f04eb846899c541 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:13:14 -0700 Subject: [PATCH 82/83] Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#3023) Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 12225f346c..b67a37b8b2 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( golang.org/x/net v0.27.0 golang.org/x/sys v0.25.0 google.golang.org/grpc v1.62.0 - google.golang.org/protobuf v1.34.1 + google.golang.org/protobuf v1.34.2 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.15.2 diff --git a/go.sum b/go.sum index fc52d9dbd8..4e7b81ce3b 100644 --- a/go.sum +++ b/go.sum @@ -551,8 +551,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 3fae323604638cf07163da4b0ce6e033fcdc9686 Mon Sep 17 00:00:00 2001 From: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Date: Thu, 26 Sep 2024 12:04:58 -0700 Subject: [PATCH 83/83] Revert "Fix fetching enimetadata (#3035)" (#3042) This reverts commit eb7a9bd6c4b785c8b145d926be1da798de23d0ad. --- pkg/awsutils/awsutils.go | 145 +++++++++++++++------------------- pkg/awsutils/awsutils_test.go | 74 +++++------------ pkg/awsutils/imds.go | 6 -- 3 files changed, 86 insertions(+), 139 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index 22a115ea19..f9ba346915 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -585,12 +585,6 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } - networkCard, err := cache.imds.GetNetworkCard(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetNetworkCard", err) - return ENIMetadata{}, err - } - deviceNum, err = cache.imds.GetDeviceNumber(ctx, eniMAC) if err != nil { awsAPIErrInc("GetDeviceNumber", err) @@ -608,91 +602,82 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat deviceNum = 0 } - log.Debugf("Found ENI: %s, MAC %s, device %d, network card %d", eniID, eniMAC, deviceNum, networkCard) + log.Debugf("Found ENI: %s, MAC %s, device %d", eniID, eniMAC, deviceNum) + + // Get IPv4 and IPv6 addresses assigned to interface + cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) + return ENIMetadata{}, err + } + + imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetLocalIPv4s", err) + return ENIMetadata{}, err + } + + ec2ip4s := make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) + for i, ip4 := range imdsIPv4s { + ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ + Primary: aws.Bool(i == 0), + PrivateIpAddress: aws.String(ip4.String()), + } + } - var subnetV4Cidr string - var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress var ec2ip6s []*ec2.NetworkInterfaceIpv6Address var subnetV6Cidr string - var ec2ipv4Prefixes []*ec2.Ipv4PrefixSpecification - var ec2ipv6Prefixes []*ec2.Ipv6PrefixSpecification - - // CNI only manages ENI's on network card 0. We need to get complete metadata info only for ENI's on network card 0. - // For ENI's on other network cards, there might not be IP related info present at all like 'efa-only' interfaces - // So we are skipping fetching IP related info for all ENI's other than card 0 - if networkCard == 0 { - // Get IPv4 and IPv6 addresses assigned to interface - cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) + if cache.v6Enabled { + // For IPv6 ENIs, do not error on missing IPv6 information + v6cidr, err := cache.imds.GetSubnetIPv6CIDRBlocks(ctx, eniMAC) if err != nil { - awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) - return ENIMetadata{}, err + awsAPIErrInc("GetSubnetIPv6CIDRBlocks", err) } else { - subnetV4Cidr = cidr.String() + subnetV6Cidr = v6cidr.String() } - imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) + imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC) if err != nil { - awsAPIErrInc("GetLocalIPv4s", err) - return ENIMetadata{}, err - } - - ec2ip4s = make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) - for i, ip4 := range imdsIPv4s { - ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ - Primary: aws.Bool(i == 0), - PrivateIpAddress: aws.String(ip4.String()), + awsAPIErrInc("GetIPv6s", err) + } else { + ec2ip6s = make([]*ec2.NetworkInterfaceIpv6Address, len(imdsIPv6s)) + for i, ip6 := range imdsIPv6s { + ec2ip6s[i] = &ec2.NetworkInterfaceIpv6Address{ + Ipv6Address: aws.String(ip6.String()), + } } } + } - if cache.v6Enabled { - // For IPv6 ENIs, do not error on missing IPv6 information - v6cidr, err := cache.imds.GetSubnetIPv6CIDRBlocks(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetSubnetIPv6CIDRBlocks", err) - } else { - subnetV6Cidr = v6cidr.String() - } + var ec2ipv4Prefixes []*ec2.Ipv4PrefixSpecification + var ec2ipv6Prefixes []*ec2.Ipv6PrefixSpecification - imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetIPv6s", err) - } else { - ec2ip6s = make([]*ec2.NetworkInterfaceIpv6Address, len(imdsIPv6s)) - for i, ip6 := range imdsIPv6s { - ec2ip6s[i] = &ec2.NetworkInterfaceIpv6Address{ - Ipv6Address: aws.String(ip6.String()), - } - } - } + // If IPv6 is enabled, get attached v6 prefixes. + if cache.v6Enabled { + imdsIPv6Prefixes, err := cache.imds.GetIPv6Prefixes(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv6Prefixes", err) + return ENIMetadata{}, err } - - // If IPv6 is enabled, get attached v6 prefixes. - if cache.v6Enabled { - imdsIPv6Prefixes, err := cache.imds.GetIPv6Prefixes(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetIPv6Prefixes", err) - return ENIMetadata{}, err - } - for _, ipv6prefix := range imdsIPv6Prefixes { - ec2ipv6Prefixes = append(ec2ipv6Prefixes, &ec2.Ipv6PrefixSpecification{ - Ipv6Prefix: aws.String(ipv6prefix.String()), - }) - } - } else if cache.v4Enabled && ((eniMAC == primaryMAC && !cache.useCustomNetworking) || (eniMAC != primaryMAC)) { - // Get prefix on primary ENI when custom networking is enabled is not needed. - // If primary ENI has prefixes attached and then we move to custom networking, we don't need to fetch - // the prefix since recommendation is to terminate the nodes and that would have deleted the prefix on the - // primary ENI. - imdsIPv4Prefixes, err := cache.imds.GetIPv4Prefixes(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetIPv4Prefixes", err) - return ENIMetadata{}, err - } - for _, ipv4prefix := range imdsIPv4Prefixes { - ec2ipv4Prefixes = append(ec2ipv4Prefixes, &ec2.Ipv4PrefixSpecification{ - Ipv4Prefix: aws.String(ipv4prefix.String()), - }) - } + for _, ipv6prefix := range imdsIPv6Prefixes { + ec2ipv6Prefixes = append(ec2ipv6Prefixes, &ec2.Ipv6PrefixSpecification{ + Ipv6Prefix: aws.String(ipv6prefix.String()), + }) + } + } else if cache.v4Enabled && ((eniMAC == primaryMAC && !cache.useCustomNetworking) || (eniMAC != primaryMAC)) { + // Get prefix on primary ENI when custom networking is enabled is not needed. + // If primary ENI has prefixes attached and then we move to custom networking, we don't need to fetch + // the prefix since recommendation is to terminate the nodes and that would have deleted the prefix on the + // primary ENI. + imdsIPv4Prefixes, err := cache.imds.GetIPv4Prefixes(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv4Prefixes", err) + return ENIMetadata{}, err + } + for _, ipv4prefix := range imdsIPv4Prefixes { + ec2ipv4Prefixes = append(ec2ipv4Prefixes, &ec2.Ipv4PrefixSpecification{ + Ipv4Prefix: aws.String(ipv4prefix.String()), + }) } } @@ -700,7 +685,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat ENIID: eniID, MAC: eniMAC, DeviceNumber: deviceNum, - SubnetIPv4CIDR: subnetV4Cidr, + SubnetIPv4CIDR: cidr.String(), IPv4Addresses: ec2ip4s, IPv4Prefixes: ec2ipv4Prefixes, SubnetIPv6CIDR: subnetV6Cidr, @@ -1371,7 +1356,7 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, if interfaceType == "trunk" { trunkENI = eniID } - if interfaceType == "efa" || interfaceType == "efa-only" { + if interfaceType == "efa" { efaENIs[eniID] = true } // Check IPv4 addresses diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index 72ebda0dd4..cf93040526 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -48,7 +48,6 @@ const ( metadataSubnetID = "/subnet-id" metadataVpcID = "/vpc-id" metadataVPCcidrs = "/vpc-ipv4-cidr-blocks" - metadataNetworkCard = "/network-card" metadataDeviceNum = "/device-number" metadataInterface = "/interface-id" metadataSubnetCIDR = "/subnet-ipv4-cidr-block" @@ -62,7 +61,6 @@ const ( instanceType = "c1.medium" primaryMAC = "12:ef:2a:98:e5:5a" eni2MAC = "12:ef:2a:98:e5:5b" - eni3MAC = "12:ef:2a:98:e5:5c" sg1 = "sg-2e080f50" sg2 = "sg-2e080f51" sgs = sg1 + " " + sg2 @@ -72,19 +70,14 @@ const ( primaryeniID = "eni-00000000" eniID = primaryeniID eniAttachID = "eni-attach-beb21856" - eni1NetworkCard = "0" eni1Device = "0" eni1PrivateIP = "10.0.0.1" eni1Prefix = "10.0.1.0/28" - eni2NetworkCard = "0" eni2Device = "1" eni2PrivateIP = "10.0.0.2" eni2Prefix = "10.0.2.0/28" eni2v6Prefix = "2001:db8::/64" eni2ID = "eni-12341234" - eni3NetworkCard = "1" - eni3Device = "1" - eni3ID = "eni-67896789" metadataVPCIPv4CIDRs = "192.168.0.0/16 100.66.0.0/1" myNodeName = "testNodeName" ) @@ -97,15 +90,14 @@ func testMetadata(overrides map[string]interface{}) FakeIMDS { metadataInstanceType: instanceType, metadataMAC: primaryMAC, metadataMACPath: primaryMAC, - metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, - metadataMACPath + primaryMAC + metadataInterface: primaryeniID, - metadataMACPath + primaryMAC + metadataNetworkCard: eni1NetworkCard, - metadataMACPath + primaryMAC + metadataSGs: sgs, - metadataMACPath + primaryMAC + metadataIPv4s: eni1PrivateIP, - metadataMACPath + primaryMAC + metadataSubnetID: subnetID, - metadataMACPath + primaryMAC + metadataVpcID: vpcID, - metadataMACPath + primaryMAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + primaryMAC + metadataVPCcidrs: metadataVPCIPv4CIDRs, + metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, + metadataMACPath + primaryMAC + metadataInterface: primaryeniID, + metadataMACPath + primaryMAC + metadataSGs: sgs, + metadataMACPath + primaryMAC + metadataIPv4s: eni1PrivateIP, + metadataMACPath + primaryMAC + metadataSubnetID: subnetID, + metadataMACPath + primaryMAC + metadataVpcID: vpcID, + metadataMACPath + primaryMAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + primaryMAC + metadataVPCcidrs: metadataVPCIPv4CIDRs, } for k, v := range overrides { @@ -212,31 +204,10 @@ func TestInitWithEC2metadataErr(t *testing.T) { func TestGetAttachedENIs(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, - }) - - cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} - ens, err := cache.GetAttachedENIs() - if assert.NoError(t, err) { - assert.Equal(t, len(ens), 2) - } -} - -func TestGetAttachedENIsWithEfa(t *testing.T) { - mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, - metadataMACPath + eni3MAC + metadataNetworkCard: eni3NetworkCard, - metadataMACPath + eni3MAC + metadataDeviceNum: eni3Device, - metadataMACPath + eni3MAC + metadataInterface: eni3ID, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eni2PrivateIP, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} @@ -249,7 +220,6 @@ func TestGetAttachedENIsWithEfa(t *testing.T) { func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, @@ -1037,11 +1007,10 @@ func TestEC2InstanceMetadataCache_waitForENIAndIPsAttached(t *testing.T) { fmt.Println("eniips", eniIPs) mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, ec2SVC: mockEC2} gotEniMetadata, err := cache.waitForENIAndIPsAttached(tt.args.eni, tt.args.wantedSecondaryIPs, tt.args.maxBackoffDelay) @@ -1133,12 +1102,11 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) { } mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC + metadataNetworkCard: eni2NetworkCard, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, - metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, - metadataMACPath + eni2MAC + metaDataPrefixPath: eniPrefixes, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + metadataMACPath + eni2MAC + metadataIPv4s: eniIPs, + metadataMACPath + eni2MAC + metaDataPrefixPath: eniPrefixes, }) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, ec2SVC: mockEC2, enablePrefixDelegation: true, v4Enabled: tt.args.v4Enabled, v6Enabled: tt.args.v6Enabled} diff --git a/pkg/awsutils/imds.go b/pkg/awsutils/imds.go index e3174ba5e9..69c9343501 100644 --- a/pkg/awsutils/imds.go +++ b/pkg/awsutils/imds.go @@ -166,12 +166,6 @@ func (imds TypedIMDS) getInt(ctx context.Context, key string) (int, error) { return dataInt, err } -// GetNetworkCard returns the unique network card number associated with an interface. -func (imds TypedIMDS) GetNetworkCard(ctx context.Context, mac string) (int, error) { - key := fmt.Sprintf("network/interfaces/macs/%s/network-card", mac) - return imds.getInt(ctx, key) -} - // GetDeviceNumber returns the unique device number associated with an interface. The primary interface is 0. func (imds TypedIMDS) GetDeviceNumber(ctx context.Context, mac string) (int, error) { key := fmt.Sprintf("network/interfaces/macs/%s/device-number", mac)