Automator: update common-files@master in istio/istio.io@master (#14194)

common/.commonfiles.sha

@@ -1 +1 @@
-ab0b57e4fa6c87904afcece7fa70486b52f5463e
+73f3b588dd8ba8d221d320ba161baa7e7fb91a9f

common/scripts/kind_provisioner.sh

@@ -364,8 +364,8 @@ function connect_kind_clusters() {
 
 function install_metallb() {
   KUBECONFIG="${1}"
-  kubectl apply --kubeconfig="$KUBECONFIG" -f "${COMMON_SCRIPTS}/metallb.yaml"
-  kubectl create --kubeconfig="$KUBECONFIG" secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+  kubectl --kubeconfig="$KUBECONFIG" apply -f "${COMMON_SCRIPTS}/metallb-native.yaml"
+  kubectl --kubeconfig="$KUBECONFIG" wait -n metallb-system pod -l app=metallb --for=condition=Ready
 
   if [ -z "${METALLB_IPS4+x}" ]; then
     # Take IPs from the end of the docker kind network subnet to use for MetalLB IPs
@@ -396,17 +396,25 @@ function install_metallb() {
   done
   RANGE="${RANGE%?}]"
 
-  echo 'apiVersion: v1
-kind: ConfigMap
+  echo '
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
 metadata:
+  name: default-pool
   namespace: metallb-system
-  name: config
-data:
-  config: |
-    address-pools:
-    - name: default
-      protocol: layer2
-      addresses: '"$RANGE" | kubectl apply --kubeconfig="$KUBECONFIG" -f -
+spec:
+  addresses: '"$RANGE"'
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default-l2
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - default-pool
+' | kubectl apply --kubeconfig="$KUBECONFIG" -f -
+
 }
 
 function cidr_to_ips() {

common/scripts/metallb.yaml

@@ -1,409 +0,0 @@
-# from https://github.com/metallb/metallb/blob/v0.12/manifests namespace.yaml and metallb.yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: metallb-system
-  labels:
-    app: metallb
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: metallb
-  name: controller
-  namespace: metallb-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: metallb
-  name: speaker
-  namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app: metallb
-  name: metallb-system:controller
-rules:
-  - apiGroups:
-      - ''
-    resources:
-      - services
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ''
-    resources:
-      - services/status
-    verbs:
-      - update
-  - apiGroups:
-      - ''
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-  - apiGroups:
-      - policy
-    resourceNames:
-      - controller
-    resources:
-      - podsecuritypolicies
-    verbs:
-      - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app: metallb
-  name: metallb-system:speaker
-rules:
-  - apiGroups:
-      - ''
-    resources:
-      - services
-      - endpoints
-      - nodes
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups: ["discovery.k8s.io"]
-    resources:
-      - endpointslices
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ''
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-  - apiGroups:
-      - policy
-    resourceNames:
-      - speaker
-    resources:
-      - podsecuritypolicies
-    verbs:
-      - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app: metallb
-  name: config-watcher
-  namespace: metallb-system
-rules:
-  - apiGroups:
-      - ''
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app: metallb
-  name: pod-lister
-  namespace: metallb-system
-rules:
-  - apiGroups:
-      - ''
-    resources:
-      - pods
-    verbs:
-      - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app: metallb
-  name: controller
-  namespace: metallb-system
-rules:
-  - apiGroups:
-      - ''
-    resources:
-      - secrets
-    verbs:
-      - create
-  - apiGroups:
-      - ''
-    resources:
-      - secrets
-    resourceNames:
-      - memberlist
-    verbs:
-      - list
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    resourceNames:
-      - controller
-    verbs:
-      - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app: metallb
-  name: metallb-system:controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: metallb-system:controller
-subjects:
-  - kind: ServiceAccount
-    name: controller
-    namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app: metallb
-  name: metallb-system:speaker
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: metallb-system:speaker
-subjects:
-  - kind: ServiceAccount
-    name: speaker
-    namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: metallb
-  name: config-watcher
-  namespace: metallb-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: config-watcher
-subjects:
-  - kind: ServiceAccount
-    name: controller
-  - kind: ServiceAccount
-    name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: metallb
-  name: pod-lister
-  namespace: metallb-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: pod-lister
-subjects:
-  - kind: ServiceAccount
-    name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: metallb
-  name: controller
-  namespace: metallb-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: controller
-subjects:
-  - kind: ServiceAccount
-    name: controller
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    app: metallb
-    component: speaker
-  name: speaker
-  namespace: metallb-system
-spec:
-  selector:
-    matchLabels:
-      app: metallb
-      component: speaker
-  template:
-    metadata:
-      annotations:
-        prometheus.io/port: '7472'
-        prometheus.io/scrape: 'true'
-      labels:
-        app: metallb
-        component: speaker
-    spec:
-      containers:
-        - args:
-            - --port=7472
-            - --config=config
-            - --log-level=info
-          env:
-            - name: METALLB_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: METALLB_HOST
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: METALLB_ML_BIND_ADDR
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            # needed when another software is also using memberlist / port 7946
-            # when changing this default you also need to update the container ports definition
-            # and the PodSecurityPolicy hostPorts definition
-            #- name: METALLB_ML_BIND_PORT
-            #  value: "7946"
-            - name: METALLB_ML_LABELS
-              value: "app=metallb,component=speaker"
-            - name: METALLB_ML_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: memberlist
-                  key: secretkey
-          image: gcr.io/istio-testing/metallb/speaker:v0.12.1
-          name: speaker
-          ports:
-            - containerPort: 7472
-              name: monitoring
-            - containerPort: 7946
-              name: memberlist-tcp
-            - containerPort: 7946
-              name: memberlist-udp
-              protocol: UDP
-          livenessProbe:
-            httpGet:
-              path: /metrics
-              port: monitoring
-            initialDelaySeconds: 5
-            periodSeconds: 10
-            timeoutSeconds: 1
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /metrics
-              port: monitoring
-            initialDelaySeconds: 5
-            periodSeconds: 10
-            timeoutSeconds: 1
-            successThreshold: 1
-            failureThreshold: 3
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              add:
-                - NET_RAW
-              drop:
-                - ALL
-            readOnlyRootFilesystem: true
-      hostNetwork: true
-      nodeSelector:
-        kubernetes.io/os: linux
-      serviceAccountName: speaker
-      terminationGracePeriodSeconds: 2
-      tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: metallb
-    component: controller
-  name: controller
-  namespace: metallb-system
-spec:
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: metallb
-      component: controller
-  template:
-    metadata:
-      annotations:
-        prometheus.io/port: '7472'
-        prometheus.io/scrape: 'true'
-      labels:
-        app: metallb
-        component: controller
-    spec:
-      containers:
-        - args:
-            - --port=7472
-            - --config=config
-            - --log-level=info
-          env:
-            - name: METALLB_ML_SECRET_NAME
-              value: memberlist
-            - name: METALLB_DEPLOYMENT
-              value: controller
-          image: gcr.io/istio-testing/metallb/controller:v0.12.1
-          name: controller
-          ports:
-            - containerPort: 7472
-              name: monitoring
-          livenessProbe:
-            httpGet:
-              path: /metrics
-              port: monitoring
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 1
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /metrics
-              port: monitoring
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 1
-            successThreshold: 1
-            failureThreshold: 3
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - all
-            readOnlyRootFilesystem: true
-      nodeSelector:
-        kubernetes.io/os: linux
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-        fsGroup: 65534
-      serviceAccountName: controller
-      terminationGracePeriodSeconds: 0