kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Run hack/update-expected.sh

This commit is contained in:
Ciprian Hacman 2022-05-23 18:37:17 +03:00
parent f5954e1388
commit 105fe1a8a6
36 changed files with 2186 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json
View File

@ -33,26 +33,21 @@
"Value": "master-us-test-1a.masters.minimal-ipv6.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "master-us-test-1a",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": "",
@ -111,8 +106,8 @@
]
}
},
"MaxSize": "2",
"MinSize": "2",
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1aminimalipv6examplecom"
@ -130,8 +125,8 @@
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node",
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "nodes",
"PropagateAtLaunch": true
},
{
@ -250,10 +245,6 @@
"DeleteOnTermination": true,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
@ -262,11 +253,11 @@
}
},
"ImageId": "ami-12345678",
"InstanceType": "m3.medium",
"InstanceType": "t3.medium",
"KeyName": "kubernetes.minimal-ipv6.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
"HttpTokens": "required"
},
"Monitoring": {
"Enabled": false
@ -296,22 +287,18 @@
"Key": "Name",
"Value": "master-us-test-1a.masters.minimal-ipv6.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
@ -341,22 +328,18 @@
"Key": "Name",
"Value": "master-us-test-1a.masters.minimal-ipv6.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
@ -404,11 +387,11 @@
}
},
"ImageId": "ami-12345678",
"InstanceType": "t2.medium",
"InstanceType": "t3.medium",
"KeyName": "kubernetes.minimal-ipv6.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
"HttpPutResponseHopLimit": 3,
"HttpTokens": "required"
},
"Monitoring": {
"Enabled": false
@ -439,8 +422,8 @@
"Value": "nodes.minimal-ipv6.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
@ -472,8 +455,8 @@
"Value": "nodes.minimal-ipv6.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
@ -1423,13 +1406,6 @@
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:AssignIpv6Addresses",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
@ -1443,20 +1419,20 @@
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:DescribeKey",
@ -1576,6 +1552,13 @@
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:ModifyNetworkInterfaceAttribute",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:GenerateRandom"

28
tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json.extracted.yaml
View File

@ -135,15 +135,15 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
encryptionConfig: null
etcdClusters:
events:
version: 3.4.13
version: 3.5.4
main:
version: 3.4.13
version: 3.5.4
kubeAPIServer:
allowPrivileged: true
anonymousAuth: false
@ -170,7 +170,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.21.0
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -201,20 +201,20 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.21.0
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
useServiceAccountCredentials: true
kubeProxy:
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.21.0
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -232,9 +232,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
masterKubelet:
@ -251,9 +251,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -265,7 +265,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: MK0ADjiimAJft3zga357N1BVO5pDNmYLFsWDE8ejK2Q=
NodeupConfigHash: MBtPdYem3jr0OrwuTXnCWCDdA1tVBlNyFRg7sn26fds=
__EOF_KUBE_ENV
@ -408,12 +408,12 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
kubeProxy:
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubelet:
anonymousAuth: false
@ -429,9 +429,9 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -442,7 +442,7 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: nodes
InstanceGroupRole: Node
NodeupConfigHash: jycf2UcZw5xd4lE+V/y/LowQ7qd9dg7399iHXUaYxF0=
NodeupConfigHash: bj/aCfw/GsuQbjywSyLjG0xl9bAo8+ZXkgr+63Q5l9s=
__EOF_KUBE_ENV

21
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -170,13 +170,6 @@
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:AssignIpv6Addresses",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
@ -190,20 +183,20 @@
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:DescribeKey",

7
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy
View File

@ -32,6 +32,13 @@
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:ModifyNetworkInterfaceAttribute",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:GenerateRandom"

20
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data
View File

@ -134,15 +134,15 @@ cloudConfig:
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
encryptionConfig: null
etcdClusters:
events:
version: 3.4.13
version: 3.5.4
main:
version: 3.4.13
version: 3.5.4
kubeAPIServer:
allowPrivileged: true
anonymousAuth: false
@ -169,7 +169,7 @@ kubeAPIServer:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.21.0
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -200,20 +200,20 @@ kubeControllerManager:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.21.0
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
useServiceAccountCredentials: true
kubeProxy:
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.21.0
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -231,9 +231,9 @@ kubelet:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
masterKubelet:
@ -250,9 +250,9 @@ masterKubelet:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -264,7 +264,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: MK0ADjiimAJft3zga357N1BVO5pDNmYLFsWDE8ejK2Q=
NodeupConfigHash: MBtPdYem3jr0OrwuTXnCWCDdA1tVBlNyFRg7sn26fds=
__EOF_KUBE_ENV

8
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data
View File

@ -134,12 +134,12 @@ cloudConfig:
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
kubeProxy:
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubelet:
anonymousAuth: false
@ -155,9 +155,9 @@ kubelet:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -168,7 +168,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com
InstanceGroupName: nodes
InstanceGroupRole: Node
NodeupConfigHash: jycf2UcZw5xd4lE+V/y/LowQ7qd9dg7399iHXUaYxF0=
NodeupConfigHash: bj/aCfw/GsuQbjywSyLjG0xl9bAo8+ZXkgr+63Q5l9s=
__EOF_KUBE_ENV

24
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content
View File

@ -24,7 +24,8 @@ spec:
clusterCIDR: ::/0
clusterName: minimal-ipv6.example.com
configureCloudRoutes: false
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.21.0-alpha.0
enableLeaderMigration: true
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0
leaderElection:
leaderElect: true
cloudProvider: aws
@ -34,7 +35,7 @@ spec:
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
dnsZone: Z1AFAKE1ZON3YO
docker:
skipInstall: true
@ -45,17 +46,18 @@ spec:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: main
version: 3.4.13
version: 3.5.4
- backups:
backupStore: memfs://clusters.example.com/minimal-ipv6.example.com/backups/etcd/events
etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: events
version: 3.4.13
version: 3.5.4
externalDns:
provider: dns-controller
iam:
allowContainerRegistry: true
legacy: false
keyStore: memfs://clusters.example.com/minimal-ipv6.example.com/pki
kubeAPIServer:
@ -84,7 +86,7 @@ spec:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.21.0
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -115,7 +117,7 @@ spec:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.21.0
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -138,13 +140,13 @@ spec:
- fd00:ec2::253
kubeProxy:
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.21.0
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -162,15 +164,15 @@ spec:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
kubernetesApiAccess:
- 0.0.0.0/0
- ::/0
kubernetesVersion: 1.21.0
kubernetesVersion: 1.24.0
masterInternalName: api.internal.minimal-ipv6.example.com
masterKubelet:
anonymousAuth: false
@ -186,9 +188,9 @@ spec:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s

2
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-events_content
View File

@ -1,4 +1,4 @@
{
"memberCount": 1,
"etcdVersion": "3.4.13"
"etcdVersion": "3.5.4"
}

2
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-main_content
View File

@ -1,4 +1,4 @@
{
"memberCount": 1,
"etcdVersion": "3.4.13"
"etcdVersion": "3.5.4"
}

3
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content
View File

@ -36,6 +36,7 @@ spec:
- --cluster-cidr=::/0
- --cluster-name=minimal-ipv6.example.com
- --configure-cloud-routes=false
- --enable-leader-migration=true
- --leader-elect=true
- --v=2
- --cloud-provider=aws
@ -44,7 +45,7 @@ spec:
env:
- name: KUBERNETES_SERVICE_HOST
value: 127.0.0.1
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.21.0-alpha.0
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0
imagePullPolicy: IfNotPresent
name: aws-cloud-controller-manager
resources:

17
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content
View File

@ -6,7 +6,7 @@ spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 5b7e53ee665b7e270177015b871983a7007453b46ea1f2a2f22065599f84acc8
manifestHash: e821fd386a318a8c09073db77ec873aa0d886b3d696ecdd0457098c6df415749
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
@ -32,6 +32,13 @@ spec:
selector:
k8s-addon: kubelet-api.rbac.addons.k8s.io
version: 9.99.0
- id: k8s-1.23
manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml
manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4
name: leader-migration.rbac.addons.k8s.io
selector:
k8s-addon: leader-migration.rbac.addons.k8s.io
version: 9.99.0
- manifest: limit-range.addons.k8s.io/v1.5.0.yaml
manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2
name: limit-range.addons.k8s.io
@ -52,16 +59,16 @@ spec:
selector:
k8s-addon: storage-aws.addons.k8s.io
version: 9.99.0
- id: k8s-1.16
manifest: networking.projectcalico.org/k8s-1.16.yaml
manifestHash: d58f4bf07be4093602410eeffd47a37125a74dfb2afd654a6d154c5017010e7a
- id: k8s-1.23
manifest: networking.projectcalico.org/k8s-1.23.yaml
manifestHash: 668665e8c8cddfd1e660e2f80831c3277d88d3cea36dc9051ed4e15a9c0749c3
name: networking.projectcalico.org
selector:
role.kubernetes.io/networking: "1"
version: 9.99.0
- id: k8s-1.18
manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml
manifestHash: b81b968335bd806a35ab6a455a7a682cb03b6723fcf0a0061b1206661d1163ba
manifestHash: f0de0a1dc002589f04dfd37c587f2ab60c37389ad8377cc4bd00ccfa178a00a6
name: aws-cloud-controller.addons.k8s.io
selector:
k8s-addon: aws-cloud-controller.addons.k8s.io

2
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content
View File

@ -1,7 +1,7 @@
apiVersion: v1
data:
config.yaml: |
{"cloud":"aws","configBase":"memfs://clusters.example.com/minimal-ipv6.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal-ipv6.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]},"enableCloudIPAM":true}
{"cloud":"aws","configBase":"memfs://clusters.example.com/minimal-ipv6.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal-ipv6.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true},"enableCloudIPAM":true}
kind: ConfigMap
metadata:
creationTimestamp: null

52
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content Normal file
View File

@ -0,0 +1,52 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: leader-migration.rbac.addons.k8s.io
name: system::leader-locking-migration
namespace: kube-system
rules:
- apiGroups:
- coordination.k8s.io
resourceNames:
- cloud-provider-extraction-migration
resources:
- leases
verbs:
- create
- list
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: leader-migration.rbac.addons.k8s.io
name: system::leader-locking-migration
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system::leader-locking-migration
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:kube-controller-manager
- kind: ServiceAccount
name: kube-controller-manager
namespace: kube-system
- kind: ServiceAccount
name: aws-cloud-controller-manager
namespace: kube-system
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system

264
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content → tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content
View File

@ -17,7 +17,7 @@ data:
"assign_ipv4": "false",
"assign_ipv6": "true",
"type": "host-local",
"ranges": [[{ "subnet": "usePodCidr" }]]
"ranges": [[{ "subnet": "usePodCidrIPv6" }]]
},
"policy": {
"type": "k8s"
@ -94,6 +94,12 @@ spec:
64512]'
format: int32
type: integer
bindMode:
description: BindMode indicates whether to listen for BGP connections
on all addresses (None) or only on the node's canonical IP address
Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
for BGP connections on all addresses.
type: string
communities:
description: Communities is a list of BGP community values and their
arbitrary names for tagging routes.
@ -124,6 +130,37 @@ spec:
description: 'LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: INFO]'
type: string
nodeMeshMaxRestartTime:
description: Time to allow for software restart for node-to-mesh peerings. When
specified, this is configured as the graceful restart timeout. When
not specified, the BIRD default of 120s is used. This field can
only be set on the default BGPConfiguration instance and requires
that NodeMesh is enabled
type: string
nodeMeshPassword:
description: Optional BGP password for full node-to-mesh peerings.
This field can only be set on the default BGPConfiguration instance
and requires that NodeMesh is enabled
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
nodeToNodeMeshEnabled:
description: 'NodeToNodeMeshEnabled sets whether full node to node
BGP mesh is enabled. [Default: true]'
@ -261,6 +298,12 @@ spec:
description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty.
type: string
numAllowedLocalASNumbers:
description: Maximum number of local AS numbers that are allowed in
the AS path for received routes. This removes BGP loop prevention
and should only be used if absolutely necesssary.
format: int32
type: integer
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
@ -808,6 +851,11 @@ spec:
description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
[Default: false]'
type: boolean
bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with
BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]'
type: string
bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local
@ -847,6 +895,51 @@ spec:
logs are emitted to the BPF trace pipe, accessible with the command
`tc exec bpf debug`. [Default: Off].'
type: string
bpfMapSizeConntrack:
description: 'BPFMapSizeConntrack sets the size for the conntrack
map. This map must be large enough to hold an entry for each active
connection. Warning: changing the size of the conntrack map can
cause disruption.'
type: integer
bpfMapSizeIPSets:
description: BPFMapSizeIPSets sets the size for ipsets map. The IP
sets map must be large enough to hold an entry for each endpoint
matched by every selector in the source/destination matches in network
policy. Selectors such as "all()" can result in large numbers of
entries (one entry per endpoint in that case).
type: integer
bpfMapSizeNATAffinity:
type: integer
bpfMapSizeNATBackend:
description: BPFMapSizeNATBackend sets the size for nat back end map.
This is the total number of endpoints. This is mostly more than
the size of the number of services.
type: integer
bpfMapSizeNATFrontend:
description: BPFMapSizeNATFrontend sets the size for nat front end
map. FrontendMap should be large enough to hold an entry for each
nodeport, external IP and each port in each service.
type: integer
bpfMapSizeRoute:
description: BPFMapSizeRoute sets the size for the routes map. The
routes map should be large enough to hold one entry per workload
and a handful of entries per host (enough to cover its own IPs and
tunnel IPs).
type: integer
bpfPSNATPorts:
anyOf:
- type: integer
- type: string
description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and
preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this
range overlaps with the operating systems. Both ends of the range
are inclusive. [Default: 20000:29999]'
pattern: ^.*
x-kubernetes-int-or-string: true
chainInsertMode:
description: 'ChainInsertMode controls whether Felix hooks the kernel''s
top-level iptables chains by inserting a rule at the top of the
@ -857,6 +950,15 @@ spec:
Calico policy will be bypassed. [Default: insert]'
type: string
dataplaneDriver:
description: DataplaneDriver filename of the external dataplane driver
to use. Only used if UseInternalDataplaneDriver is set to false.
type: string
dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]'
type: string
debugDisableLogDropping:
type: boolean
@ -885,9 +987,14 @@ spec:
routes, by default this will be RTPROT_BOOT when left blank.
type: integer
deviceRouteSourceAddress:
description: This is the source address to use on programmed device
routes. By default the source address is left blank, leaving the
kernel to choose the source address used.
description: This is the IPv4 source address to use on programmed
device routes. By default the source address is left blank, leaving
the kernel to choose the source address used.
type: string
deviceRouteSourceAddressIPv6:
description: This is the IPv6 source address to use on programmed
device routes. By default the source address is left blank, leaving
the kernel to choose the source address used.
type: string
disableConntrackInvalidCheck:
type: boolean
@ -961,6 +1068,14 @@ spec:
"true" or "false" will force the feature, empty or omitted values
are auto-detected.
type: string
floatingIPs:
default: Disabled
description: FloatingIPs configures whether or not Felix will program
floating IP addresses.
enum:
- Enabled
- Disabled
type: string
genericXDPEnabled:
description: 'GenericXDPEnabled enables Generic XDP so network cards
that don''t support XDP offload or driver modes can use XDP. This
@ -998,6 +1113,9 @@ spec:
disabled by setting the interval to 0.
type: string
ipipEnabled:
description: 'IPIPEnabled overrides whether Felix should configure
an IPIP interface on the host. Optional as Felix determines this
based on the existing IP pools. [Default: nil (unset)]'
type: boolean
ipipMTU:
description: 'IPIPMTU is the MTU to set on the tunnel device. See
@ -1064,6 +1182,8 @@ spec:
usage. [Default: 10s]'
type: string
ipv6Support:
description: IPv6Support controls whether Felix enables support for
IPv6 (if supported by the in-use dataplane).
type: boolean
kubeNodePortRanges:
description: 'KubeNodePortRanges holds list of port ranges used for
@ -1077,6 +1197,12 @@ spec:
pattern: ^.*
x-kubernetes-int-or-string: true
type: array
logDebugFilenameRegex:
description: LogDebugFilenameRegex controls which source code files
have their Debug log output included in the logs. Only logs from
files with names that match the given regular expression are included. The
filter only applies to Debug level logs.
type: string
logFilePath:
description: 'LogFilePath is the full path to the Felix log. Set to
none to disable file logging. [Default: /var/log/calico/felix.log]'
@ -1206,9 +1332,9 @@ spec:
routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
type: string
routeTableRange:
description: Calico programs additional Linux route tables for various
purposes. RouteTableRange specifies the indices of the route tables
that Calico should use.
description: Deprecated in favor of RouteTableRanges. Calico programs
additional Linux route tables for various purposes. RouteTableRange
specifies the indices of the route tables that Calico should use.
properties:
max:
type: integer
@ -1218,6 +1344,21 @@ spec:
- max
- min
type: object
routeTableRanges:
description: Calico programs additional Linux route tables for various
purposes. RouteTableRanges specifies a set of table index ranges
that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
items:
properties:
max:
type: integer
min:
type: integer
required:
- max
- min
type: object
type: array
serviceLoopPrevention:
description: 'When service IP advertisement is enabled, prevent routing
loops to service IPs that are not in use, by dropping or rejecting
@ -1245,12 +1386,22 @@ spec:
Felix makes reports. [Default: 86400s]'
type: string
useInternalDataplaneDriver:
description: UseInternalDataplaneDriver, if true, Felix will use its
internal dataplane programming logic. If false, it will launch
an external dataplane driver and communicate with it over protobuf.
type: boolean
vxlanEnabled:
description: 'VXLANEnabled overrides whether Felix should create the
VXLAN tunnel device for VXLAN networking. Optional as Felix determines
this based on the existing IP pools. [Default: nil (unset)]'
type: boolean
vxlanMTU:
description: 'VXLANMTU is the MTU to set on the tunnel device. See
Configuring MTU [Default: 1440]'
description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
device. See Configuring MTU [Default: 1410]'
type: integer
vxlanMTUV6:
description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
device. See Configuring MTU [Default: 1390]'
type: integer
vxlanPort:
type: integer
@ -1268,6 +1419,10 @@ spec:
description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]'
type: string
wireguardKeepAlive:
description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
option. Set 0 to disable. [Default: 0]'
type: string
wireguardListeningPort:
description: 'WireguardListeningPort controls the listening port used
by Wireguard. [Default: 51820]'
@ -1280,6 +1435,12 @@ spec:
description: 'WireguardRoutingRulePriority controls the priority value
to use for the Wireguard routing rule. [Default: 99]'
type: integer
workloadSourceSpoofing:
description: WorkloadSourceSpoofing controls whether pods can use
the allowedSourcePrefixes annotation to send traffic with a source
IP address that is not theirs. This is disabled by default. When
set to "Any", pods can request any prefix.
type: string
xdpEnabled:
description: 'XDPEnabled enables XDP acceleration for suitable untracked
incoming deny rules. [Default: true]'
@ -2376,13 +2537,25 @@ spec:
resource.
properties:
affinity:
description: Affinity of the block, if this block has one. If set,
it will be of the form "host:<hostname>". If not set, this block
is not affine to a host.
type: string
allocations:
description: Array of allocations in-use within this block. nil entries
mean the allocation is free. For non-nil entries at index i, the
index is the ordinal of the allocation within this block and the
value is the index of the associated attributes in the Attributes
array.
items:
nullable: true
type: integer
type: array
attributes:
description: Attributes is an array of arbitrary metadata associated
with allocations in the block. To find attributes for a given allocation,
use the value of the allocation's entry in the Allocations array
as the index of the element in this array.
items:
properties:
handle_id:
@ -2394,12 +2567,38 @@ spec:
type: object
type: array
cidr:
description: The block's CIDR.
type: string
deleted:
description: Deleted is an internal boolean used to workaround a limitation
in the Kubernetes API whereby deletion will not return a conflict
error if the block has been updated. It should not be set manually.
type: boolean
sequenceNumber:
default: 0
description: We store a sequence number that is updated each time
the block is written. Each allocation will also store the sequence
number of the block at the time of its creation. When releasing
an IP, passing the sequence number associated with the allocation
allows us to protect against a race condition and ensure the IP
hasn't been released and re-allocated since the release request.
format: int64
type: integer
sequenceNumberForAllocation:
additionalProperties:
format: int64
type: integer
description: Map of allocated ordinal within the block to sequence
number of the block at the time of allocation. Kubernetes does not
allow numerical keys for maps, so the key is cast to a string.
type: object
strictAffinity:
description: StrictAffinity on the IPAMBlock is deprecated and no
longer used by the code. Use IPAMConfig StrictAffinity instead.
type: boolean
unallocated:
description: Unallocated is an ordered list of allocations which are
free in the block.
items:
type: integer
type: array
@ -2591,13 +2790,13 @@ spec:
type: array
blockSize:
description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6.
this pool. Defaults to 26 for IPv4 and 122 for IPv6.
type: integer
cidr:
description: The pool CIDR.
type: string
disableBGPExport:
description: 'Disable exporting routes from this IP Pools CIDR over
description: 'Disable exporting routes from this IP Pool''s CIDR over
BGP. [Default: false]'
type: boolean
disabled:
@ -2664,6 +2863,8 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
@ -2824,6 +3025,11 @@ spec:
type: string
type: object
type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]'
@ -2934,6 +3140,11 @@ spec:
type: string
type: object
type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]'
@ -3895,7 +4106,6 @@ rules:
- apiGroups:
- crd.projectcalico.org
resources:
- ippools
- ipreservations
verbs:
- list
@ -3912,6 +4122,13 @@ rules:
- update
- delete
- watch
- apiGroups:
- crd.projectcalico.org
resources:
- ippools
verbs:
- list
- watch
- apiGroups:
- crd.projectcalico.org
resources:
@ -3928,8 +4145,10 @@ rules:
- clusterinformations
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- crd.projectcalico.org
resources:
@ -4248,7 +4467,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/node:v3.21.5
image: docker.io/calico/node:v3.23.0
lifecycle:
preStop:
exec:
@ -4320,7 +4539,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/cni:v3.21.5
image: docker.io/calico/cni:v3.23.0
name: upgrade-ipam
securityContext:
privileged: true
@ -4354,7 +4573,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/cni:v3.21.5
image: docker.io/calico/cni:v3.23.0
name: install-cni
securityContext:
privileged: true
@ -4363,13 +4582,6 @@ spec:
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- image: docker.io/calico/pod2daemon-flexvol:v3.21.5
name: flexvol-driver
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/driver
name: flexvol-driver-host
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
@ -4416,10 +4628,6 @@ spec:
path: /var/run/nodeagent
type: DirectoryOrCreate
name: policysync
- hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
type: DirectoryOrCreate
name: flexvol-driver-host
updateStrategy:
rollingUpdate:
maxUnavailable: 1
@ -4473,7 +4681,7 @@ spec:
value: node
- name: DATASTORE_TYPE
value: kubernetes
image: docker.io/calico/kube-controllers:v3.21.5
image: docker.io/calico/kube-controllers:v3.23.0
livenessProbe:
exec:
command:
@ -4517,7 +4725,7 @@ metadata:
---
apiVersion: policy/v1beta1
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
creationTimestamp: null

28
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content
View File

@ -25,7 +25,7 @@ APIServerConfig:
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.21.0
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -55,17 +55,19 @@ APIServerConfig:
-----END RSA PUBLIC KEY-----
Assets:
amd64:
- 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet
- 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
- 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz
- f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz
- 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet
- 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl
- 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
- f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz
- e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64
- f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64
- 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64
arm64:
- 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet
- a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl
- ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz
- 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz
- 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet
- 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl
- ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz
- 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz
- 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64
- 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64
- 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64
CAs:
@ -247,15 +249,14 @@ KubeletConfig:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
nodeLabels:
kops.k8s.io/instancegroup: master-us-test-1a
kops.k8s.io/kops-controller-pki: ""
kubernetes.io/role: master
node-role.kubernetes.io/control-plane: ""
node-role.kubernetes.io/master: ""
node.kubernetes.io/exclude-from-external-load-balancers: ""
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -264,10 +265,11 @@ channels:
- memfs://clusters.example.com/minimal-ipv6.example.com/addons/bootstrap-channel.yaml
containerdConfig:
logLevel: info
version: 1.4.12
version: 1.6.4
etcdManifests:
- memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main.yaml
- memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events.yaml
staticManifests:
- key: kube-apiserver-healthcheck
path: manifests/static/kube-apiserver-healthcheck.yaml
useInstanceIDForNodeName: true

25
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content
View File

@ -1,14 +1,16 @@
Assets:
amd64:
- 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet
- 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
- 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz
- f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz
- 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet
- 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl
- 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
- f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz
- e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64
arm64:
- 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet
- a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl
- ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz
- 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz
- 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet
- 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl
- ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz
- 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz
- 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64
CAs:
kubernetes-ca: |
-----BEGIN CERTIFICATE-----
@ -51,12 +53,12 @@ KubeletConfig:
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
nodeLabels:
kubernetes.io/role: node
kops.k8s.io/instancegroup: nodes
node-role.kubernetes.io/node: ""
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
UpdatePolicy: automatic
@ -64,4 +66,5 @@ channels:
- memfs://clusters.example.com/minimal-ipv6.example.com/addons/bootstrap-channel.yaml
containerdConfig:
logLevel: info
version: 1.4.12
version: 1.6.4
useInstanceIDForNodeName: true

75
tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf
View File

@ -111,26 +111,21 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-ipv6-example
propagate_at_launch = true
value = "master-us-test-1a.masters.minimal-ipv6.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup"
propagate_at_launch = true
value = "master-us-test-1a"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "master"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers"
propagate_at_launch = true
@ -161,9 +156,9 @@ resource "aws_autoscaling_group" "nodes-minimal-ipv6-example-com" {
id = aws_launch_template.nodes-minimal-ipv6-example-com.id
version = aws_launch_template.nodes-minimal-ipv6-example-com.latest_version
}
max_size = 2
max_size = 1
metrics_granularity = "1Minute"
min_size = 2
min_size = 1
name = "nodes.minimal-ipv6.example.com"
protect_from_scale_in = false
tag {
@ -177,9 +172,9 @@ resource "aws_autoscaling_group" "nodes-minimal-ipv6-example-com" {
value = "nodes.minimal-ipv6.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup"
propagate_at_launch = true
value = "node"
value = "nodes"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node"
@ -328,15 +323,11 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c
volume_type = "gp3"
}
}
block_device_mappings {
device_name = "/dev/sdc"
virtual_name = "ephemeral0"
}
iam_instance_profile {
name = aws_iam_instance_profile.masters-minimal-ipv6-example-com.id
}
image_id = "ami-12345678"
instance_type = "m3.medium"
instance_type = "t3.medium"
key_name = aws_key_pair.kubernetes-minimal-ipv6-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
lifecycle {
create_before_destroy = true
@ -345,7 +336,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c
http_endpoint = "enabled"
http_protocol_ipv6 = "enabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
http_tokens = "required"
}
monitoring {
enabled = false
@ -362,10 +353,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "master-us-test-1a.masters.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -377,10 +367,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "master-us-test-1a.masters.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -390,10 +379,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "master-us-test-1a.masters.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -418,7 +406,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" {
name = aws_iam_instance_profile.nodes-minimal-ipv6-example-com.id
}
image_id = "ami-12345678"
instance_type = "t2.medium"
instance_type = "t3.medium"
key_name = aws_key_pair.kubernetes-minimal-ipv6-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
lifecycle {
create_before_destroy = true
@ -426,8 +414,8 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" {
metadata_options {
http_endpoint = "enabled"
http_protocol_ipv6 = "enabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
http_put_response_hop_limit = 3
http_tokens = "required"
}
monitoring {
enabled = false
@ -444,7 +432,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" {
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "nodes.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -456,7 +444,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" {
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "nodes.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -466,7 +454,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" {
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "nodes.minimal-ipv6.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -724,6 +712,14 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon
server_side_encryption = "AES256"
}
resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content")
key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content")
@ -732,10 +728,10 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s
server_side_encryption = "AES256"
}
resource "aws_s3_object" "minimal-ipv6-example-com-addons-networking-projectcalico-org-k8s-1-16" {
resource "aws_s3_object" "minimal-ipv6-example-com-addons-networking-projectcalico-org-k8s-1-23" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content")
key = "clusters.example.com/minimal-ipv6.example.com/addons/networking.projectcalico.org/k8s-1.16.yaml"
content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content")
key = "clusters.example.com/minimal-ipv6.example.com/addons/networking.projectcalico.org/k8s-1.23.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
@ -987,9 +983,12 @@ resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
}
resource "aws_subnet" "us-test-1a-minimal-ipv6-example-com" {
availability_zone = "us-test-1a"
cidr_block = "172.20.32.0/19"
ipv6_cidr_block = "2001:db8:0:111::/64"
availability_zone = "us-test-1a"
cidr_block = "172.20.32.0/19"
enable_resource_name_dns_a_record_on_launch = true
enable_resource_name_dns_aaaa_record_on_launch = true
ipv6_cidr_block = "2001:db8:0:111::/64"
private_dns_hostname_type_on_launch = "resource-name"
tags = {
"KubernetesCluster" = "minimal-ipv6.example.com"
"Name" = "us-test-1a.minimal-ipv6.example.com"

198
tests/integration/update_cluster/privatecalico/cloudformation.json
View File

@ -33,11 +33,6 @@
"Value": "bastion.privatecalico.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": "",
@ -119,21 +114,11 @@
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": "",
@ -210,11 +195,6 @@
"Value": "nodes.privatecalico.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": "",
@ -339,7 +319,7 @@
}
},
"ImageId": "ami-12345678",
"InstanceType": "t2.micro",
"InstanceType": "t3.micro",
"KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
@ -373,10 +353,6 @@
"Key": "Name",
"Value": "bastion.privatecalico.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
@ -406,10 +382,6 @@
"Key": "Name",
"Value": "bastion.privatecalico.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
@ -449,10 +421,6 @@
"DeleteOnTermination": true,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
@ -461,11 +429,11 @@
}
},
"ImageId": "ami-12345678",
"InstanceType": "m3.medium",
"InstanceType": "t3.medium",
"KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
"HttpTokens": "required"
},
"Monitoring": {
"Enabled": false
@ -499,18 +467,10 @@
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
@ -544,18 +504,10 @@
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
@ -603,11 +555,11 @@
}
},
"ImageId": "ami-12345678",
"InstanceType": "t2.medium",
"InstanceType": "t3.medium",
"KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
"HttpPutResponseHopLimit": 3,
"HttpTokens": "required"
},
"Monitoring": {
"Enabled": false
@ -637,10 +589,6 @@
"Key": "Name",
"Value": "nodes.privatecalico.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
@ -670,10 +618,6 @@
"Key": "Name",
"Value": "nodes.privatecalico.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
@ -957,6 +901,30 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom0ingresstcp22to22bastionelbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIpv6": "::/0"
}
},
"AWSEC2SecurityGroupIngressfrom0ingresstcp443to443apielbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupapielbprivatecalicoexamplecom"
},
"FromPort": 443,
"ToPort": 443,
"IpProtocol": "tcp",
"CidrIpv6": "::/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivatecalicoexamplecomingresstcp22to22bastionprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -1137,6 +1105,18 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressicmpv6pmtuapielb0": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupapielbprivatecalicoexamplecom"
},
"FromPort": -1,
"ToPort": -1,
"IpProtocol": "icmpv6",
"CidrIpv6": "::/0"
}
},
"AWSEC2SecurityGroupapielbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
@ -1722,39 +1702,6 @@
"*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "privatecalico.example.com",
"ec2:CreateAction": [
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1791,19 +1738,45 @@
"arn:aws-test:ec2:*:*:snapshot/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "privatecalico.example.com",
"ec2:CreateAction": [
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
@ -1816,20 +1789,20 @@
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:DescribeKey",
@ -1948,6 +1921,13 @@
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:ModifyNetworkInterfaceAttribute",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:GenerateRandom"

62
tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml
View File

@ -127,20 +127,21 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
cloudConfig:
awsEBSCSIDriver:
enabled: false
enabled: true
version: v1.6.2
manageStorageClasses: true
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
encryptionConfig: null
etcdClusters:
events:
version: 3.4.13
version: 3.5.4
main:
version: 3.4.13
version: 3.5.4
kubeAPIServer:
allowPrivileged: true
anonymousAuth: false
@ -149,7 +150,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
apiServerCount: 1
authorizationMode: AlwaysAllow
bindAddress: 0.0.0.0
cloudProvider: aws
cloudProvider: external
enableAdmissionPlugins:
- NamespaceLifecycle
- LimitRanger
@ -164,7 +165,10 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
- https://127.0.0.1:4001
etcdServersOverrides:
- /events#https://127.0.0.1:4002
image: registry.k8s.io/kube-apiserver:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -186,11 +190,14 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
kubeControllerManager:
allocateNodeCIDRs: true
attachDetachReconcileSyncPeriod: 1m0s
cloudProvider: aws
cloudProvider: external
clusterCIDR: 100.96.0.0/11
clusterName: privatecalico.example.com
configureCloudRoutes: false
image: registry.k8s.io/kube-controller-manager:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -198,10 +205,13 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
kubeProxy:
clusterCIDR: 100.96.0.0/11
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
image: registry.k8s.io/kube-scheduler:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -209,32 +219,38 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
masterKubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -246,7 +262,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
ConfigBase: memfs://clusters.example.com/privatecalico.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: XVQkcpAPIklkF28kVTF5iSiWwXvVDL1f6TBnOshBGa0=
NodeupConfigHash: oBkdCcM8vEDGJVKzTp/3baqw/4P+sUBmfaIk6xbYfBo=
__EOF_KUBE_ENV
@ -380,33 +396,37 @@ Resources.AWSEC2LaunchTemplatenodesprivatecalicoexamplecom.Properties.LaunchTemp
cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
cloudConfig:
awsEBSCSIDriver:
enabled: false
enabled: true
version: v1.6.2
manageStorageClasses: true
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
kubeProxy:
clusterCIDR: 100.96.0.0/11
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -417,7 +437,7 @@ Resources.AWSEC2LaunchTemplatenodesprivatecalicoexamplecom.Properties.LaunchTemp
ConfigBase: memfs://clusters.example.com/privatecalico.example.com
InstanceGroupName: nodes
InstanceGroupRole: Node
NodeupConfigHash: 1e6MWmZgviRMbJ/23fi0wWhbA6N8CRg2muOIaP6AxkI=
NodeupConfigHash: k5kw47uYPdJVPoEkZWvltC6/czS8iMhpjnT2bDwaS6k=
__EOF_KUBE_ENV

87
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy
View File

@ -94,39 +94,6 @@
"*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "privatecalico.example.com",
"ec2:CreateAction": [
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -163,19 +130,45 @@
"arn:aws-test:ec2:*:*:snapshot/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "privatecalico.example.com",
"ec2:CreateAction": [
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
@ -188,20 +181,20 @@
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:DescribeKey",

7
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy
View File

@ -31,6 +31,13 @@
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:ModifyNetworkInterfaceAttribute",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:GenerateRandom"

46
tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data
View File

@ -125,20 +125,21 @@ ensure-install-dir
cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
cloudConfig:
awsEBSCSIDriver:
enabled: false
enabled: true
version: v1.6.2
manageStorageClasses: true
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
encryptionConfig: null
etcdClusters:
events:
version: 3.4.13
version: 3.5.4
main:
version: 3.4.13
version: 3.5.4
kubeAPIServer:
allowPrivileged: true
anonymousAuth: false
@ -147,7 +148,7 @@ kubeAPIServer:
apiServerCount: 1
authorizationMode: AlwaysAllow
bindAddress: 0.0.0.0
cloudProvider: aws
cloudProvider: external
enableAdmissionPlugins:
- NamespaceLifecycle
- LimitRanger
@ -162,7 +163,10 @@ kubeAPIServer:
- https://127.0.0.1:4001
etcdServersOverrides:
- /events#https://127.0.0.1:4002
image: registry.k8s.io/kube-apiserver:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -184,11 +188,14 @@ kubeAPIServer:
kubeControllerManager:
allocateNodeCIDRs: true
attachDetachReconcileSyncPeriod: 1m0s
cloudProvider: aws
cloudProvider: external
clusterCIDR: 100.96.0.0/11
clusterName: privatecalico.example.com
configureCloudRoutes: false
image: registry.k8s.io/kube-controller-manager:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -196,10 +203,13 @@ kubeControllerManager:
kubeProxy:
clusterCIDR: 100.96.0.0/11
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
image: registry.k8s.io/kube-scheduler:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -207,32 +217,38 @@ kubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
masterKubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -244,7 +260,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/privatecalico.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: XVQkcpAPIklkF28kVTF5iSiWwXvVDL1f6TBnOshBGa0=
NodeupConfigHash: oBkdCcM8vEDGJVKzTp/3baqw/4P+sUBmfaIk6xbYfBo=
__EOF_KUBE_ENV

16
tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data
View File

@ -125,33 +125,37 @@ ensure-install-dir
cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
cloudConfig:
awsEBSCSIDriver:
enabled: false
enabled: true
version: v1.6.2
manageStorageClasses: true
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
docker:
skipInstall: true
kubeProxy:
clusterCIDR: 100.96.0.0/11
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -162,7 +166,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/privatecalico.example.com
InstanceGroupName: nodes
InstanceGroupRole: Node
NodeupConfigHash: 1e6MWmZgviRMbJ/23fi0wWhbA6N8CRg2muOIaP6AxkI=
NodeupConfigHash: k5kw47uYPdJVPoEkZWvltC6/czS8iMhpjnT2bDwaS6k=
__EOF_KUBE_ENV

58
tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content
View File

@ -13,8 +13,18 @@ spec:
channel: stable
cloudConfig:
awsEBSCSIDriver:
enabled: false
enabled: true
version: v1.6.2
manageStorageClasses: true
cloudControllerManager:
allocateNodeCIDRs: true
clusterCIDR: 100.64.0.0/10
clusterName: privatecalico.example.com
configureCloudRoutes: false
enableLeaderMigration: true
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0
leaderElection:
leaderElect: true
cloudProvider: aws
clusterDNSDomain: cluster.local
configBase: memfs://clusters.example.com/privatecalico.example.com
@ -22,7 +32,7 @@ spec:
containerRuntime: containerd
containerd:
logLevel: info
version: 1.4.12
version: 1.6.4
dnsZone: Z1AFAKE1ZON3YO
docker:
skipInstall: true
@ -33,17 +43,18 @@ spec:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: main
version: 3.4.13
version: 3.5.4
- backups:
backupStore: memfs://clusters.example.com/privatecalico.example.com/backups/etcd/events
etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: events
version: 3.4.13
version: 3.5.4
externalDns:
provider: dns-controller
iam:
allowContainerRegistry: true
legacy: false
keyStore: memfs://clusters.example.com/privatecalico.example.com/pki
kubeAPIServer:
@ -54,7 +65,7 @@ spec:
apiServerCount: 1
authorizationMode: AlwaysAllow
bindAddress: 0.0.0.0
cloudProvider: aws
cloudProvider: external
enableAdmissionPlugins:
- NamespaceLifecycle
- LimitRanger
@ -69,7 +80,10 @@ spec:
- https://127.0.0.1:4001
etcdServersOverrides:
- /events#https://127.0.0.1:4002
image: registry.k8s.io/kube-apiserver:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -91,11 +105,14 @@ spec:
kubeControllerManager:
allocateNodeCIDRs: true
attachDetachReconcileSyncPeriod: 1m0s
cloudProvider: aws
cloudProvider: external
clusterCIDR: 100.96.0.0/11
clusterName: privatecalico.example.com
configureCloudRoutes: false
image: registry.k8s.io/kube-controller-manager:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-controller-manager:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -117,10 +134,13 @@ spec:
kubeProxy:
clusterCIDR: 100.96.0.0/11
cpuRequest: 100m
image: registry.k8s.io/kube-proxy:v1.21.0
image: registry.k8s.io/kube-proxy:v1.24.0
logLevel: 2
kubeScheduler:
image: registry.k8s.io/kube-scheduler:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-scheduler:v1.24.0
leaderElection:
leaderElect: true
logLevel: 2
@ -128,36 +148,43 @@ spec:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
kubernetesApiAccess:
- 0.0.0.0/0
kubernetesVersion: 1.21.0
- ::/0
kubernetesVersion: 1.24.0
masterInternalName: api.internal.privatecalico.example.com
masterKubelet:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -172,6 +199,7 @@ spec:
serviceClusterIPRange: 100.64.0.0/13
sshAccess:
- 0.0.0.0/0
- ::/0
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a

2
tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-events_content
View File

@ -1,4 +1,4 @@
{
"memberCount": 1,
"etcdVersion": "3.4.13"
"etcdVersion": "3.5.4"
}

2
tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-main_content
View File

@ -1,4 +1,4 @@
{
"memberCount": 1,
"etcdVersion": "3.4.13"
"etcdVersion": "3.5.4"
}

37
tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content
View File

@ -7,7 +7,7 @@ APIServerConfig:
apiServerCount: 1
authorizationMode: AlwaysAllow
bindAddress: 0.0.0.0
cloudProvider: aws
cloudProvider: external
enableAdmissionPlugins:
- NamespaceLifecycle
- LimitRanger
@ -22,7 +22,10 @@ APIServerConfig:
- https://127.0.0.1:4001
etcdServersOverrides:
- /events#https://127.0.0.1:4002
image: registry.k8s.io/kube-apiserver:v1.21.0
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
image: registry.k8s.io/kube-apiserver:v1.24.0
kubeletPreferredAddressTypes:
- InternalIP
- Hostname
@ -52,17 +55,19 @@ APIServerConfig:
-----END RSA PUBLIC KEY-----
Assets:
amd64:
- 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet
- 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
- 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz
- f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz
- 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet
- 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl
- 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
- f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz
- e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64
- f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64
- 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64
arm64:
- 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet
- a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl
- ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz
- 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz
- 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet
- 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl
- ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz
- 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz
- 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64
- 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64
- 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64
CAs:
@ -234,22 +239,23 @@ KubeletConfig:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
nodeLabels:
kops.k8s.io/kops-controller-pki: ""
kubernetes.io/role: master
node-role.kubernetes.io/control-plane: ""
node-role.kubernetes.io/master: ""
node.kubernetes.io/exclude-from-external-load-balancers: ""
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
registerSchedulable: false
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
@ -258,10 +264,11 @@ channels:
- memfs://clusters.example.com/privatecalico.example.com/addons/bootstrap-channel.yaml
containerdConfig:
logLevel: info
version: 1.4.12
version: 1.6.4
etcdManifests:
- memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/main.yaml
- memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/events.yaml
staticManifests:
- key: kube-apiserver-healthcheck
path: manifests/static/kube-apiserver-healthcheck.yaml
useInstanceIDForNodeName: true

29
tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content
View File

@ -1,14 +1,16 @@
Assets:
amd64:
- 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet
- 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
- 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz
- f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz
- 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet
- 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl
- 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
- f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz
- e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64
arm64:
- 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet
- a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl
- ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz
- 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz
- 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet
- 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl
- ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz
- 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz
- 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64
CAs:
kubernetes-ca: |
-----BEGIN CERTIFICATE-----
@ -41,19 +43,21 @@ KubeletConfig:
anonymousAuth: false
cgroupDriver: systemd
cgroupRoot: /
cloudProvider: aws
cloudProvider: external
clusterDNS: 100.64.0.10
clusterDomain: cluster.local
enableDebuggingHandlers: true
evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
featureGates:
CSIMigrationAWS: "true"
InTreePluginAWSUnregister: "true"
kubeconfigPath: /var/lib/kubelet/kubeconfig
logLevel: 2
networkPluginName: cni
nodeLabels:
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
podInfraContainerImage: registry.k8s.io/pause:3.6
podManifestPath: /etc/kubernetes/manifests
protectKernelDefaults: true
shutdownGracePeriod: 30s
shutdownGracePeriodCriticalPods: 10s
UpdatePolicy: automatic
@ -61,4 +65,5 @@ channels:
- memfs://clusters.example.com/privatecalico.example.com/addons/bootstrap-channel.yaml
containerdConfig:
logLevel: info
version: 1.4.12
version: 1.6.4
useInstanceIDForNodeName: true

238
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content Normal file
View File

@ -0,0 +1,238 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: aws-cloud-controller.addons.k8s.io
k8s-app: aws-cloud-controller-manager
name: aws-cloud-controller-manager
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: aws-cloud-controller-manager
template:
metadata:
creationTimestamp: null
labels:
k8s-app: aws-cloud-controller-manager
kops.k8s.io/managed-by: kops
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- args:
- --allocate-node-cidrs=true
- --cluster-cidr=100.64.0.0/10
- --cluster-name=privatecalico.example.com
- --configure-cloud-routes=false
- --enable-leader-migration=true
- --leader-elect=true
- --v=2
- --cloud-provider=aws
- --use-service-account-credentials=true
- --cloud-config=/etc/kubernetes/cloud.config
env:
- name: KUBERNETES_SERVICE_HOST
value: 127.0.0.1
image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0
imagePullPolicy: IfNotPresent
name: aws-cloud-controller-manager
resources:
requests:
cpu: 200m
volumeMounts:
- mountPath: /etc/kubernetes/cloud.config
name: cloudconfig
readOnly: true
hostNetwork: true
nodeSelector: null
priorityClassName: system-cluster-critical
serviceAccountName: aws-cloud-controller-manager
tolerations:
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
- effect: NoSchedule
key: node.kubernetes.io/not-ready
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
key: node-role.kubernetes.io/master
volumes:
- hostPath:
path: /etc/kubernetes/cloud.config
type: ""
name: cloudconfig
updateStrategy:
type: RollingUpdate
---
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: aws-cloud-controller.addons.k8s.io
name: aws-cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: aws-cloud-controller.addons.k8s.io
name: cloud-controller-manager:apiserver-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: aws-cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: aws-cloud-controller.addons.k8s.io
name: system:cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- node-controller
- service-controller
- route-controller
resources:
- serviceaccounts/token
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: aws-cloud-controller.addons.k8s.io
name: system:cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- apiGroup: ""
kind: ServiceAccount
name: aws-cloud-controller-manager
namespace: kube-system

777
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content Normal file
View File

@ -0,0 +1,777 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-controller-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-external-attacher-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- csi.storage.k8s.io
resources:
- csinodeinfos
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments/status
verbs:
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-external-provisioner-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
- delete
- update
- create
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-external-resizer-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-external-snapshotter-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- create
- get
- list
- watch
- update
- delete
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-attacher-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-external-attacher-role
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-provisioner-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-external-provisioner-role
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-resizer-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-external-resizer-role
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-snapshotter-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-external-snapshotter-role
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-node-getter-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-csi-node-role
subjects:
- kind: ServiceAccount
name: ebs-csi-node-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-node-role
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-node-sa
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ebs-csi-node
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
template:
metadata:
creationTimestamp: null
labels:
app: ebs-csi-node
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
kops.k8s.io/managed-by: kops
spec:
containers:
- args:
- node
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --v=2
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
name: ebs-plugin
ports:
- containerPort: 9808
name: healthz
protocol: TCP
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/kubelet
mountPropagation: Bidirectional
name: kubelet-dir
- mountPath: /csi
name: plugin-dir
- mountPath: /dev
name: device-dir
- args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v=5
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock
name: node-driver-registrar
volumeMounts:
- mountPath: /csi
name: plugin-dir
- mountPath: /registration
name: registration-dir
- args:
- --csi-address=/csi/csi.sock
image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0
name: liveness-probe
volumeMounts:
- mountPath: /csi
name: plugin-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
serviceAccountName: ebs-csi-node-sa
tolerations:
- operator: Exists
volumes:
- hostPath:
path: /var/lib/kubelet
type: Directory
name: kubelet-dir
- hostPath:
path: /var/lib/kubelet/plugins/ebs.csi.aws.com/
type: DirectoryOrCreate
name: plugin-dir
- hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
name: registration-dir
- hostPath:
path: /dev
type: Directory
name: device-dir
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-controller
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: ebs-csi-controller
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
template:
metadata:
creationTimestamp: null
labels:
app: ebs-csi-controller
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
kops.k8s.io/managed-by: kops
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- args:
- controller
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --k8s-tag-cluster-id=privatecalico.example.com
- --extra-tags=KubernetesCluster=privatecalico.example.com
- --v=5
env:
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: key_id
name: aws-secret
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: access_key
name: aws-secret
optional: true
image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
name: ebs-plugin
ports:
- containerPort: 9808
name: healthz
protocol: TCP
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
name: socket-dir
- args:
- --csi-address=$(ADDRESS)
- --v=5
- --feature-gates=Topology=true
- --leader-election=true
- --extra-create-metadata=true
- --default-fstype=ext4
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
image: registry.k8s.io/sig-storage/csi-provisioner:v2.2.0
name: csi-provisioner
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
name: socket-dir
- args:
- --csi-address=$(ADDRESS)
- --v=5
- --leader-election=true
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
image: registry.k8s.io/sig-storage/csi-attacher:v3.2.0
name: csi-attacher
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
name: socket-dir
- args:
- --csi-address=$(ADDRESS)
- --v=5
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0
imagePullPolicy: Always
name: csi-resizer
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
name: socket-dir
- args:
- --csi-address=/csi/csi.sock
image: registry.k8s.io/sig-storage/livenessprobe:v2.4.0
name: liveness-probe
volumeMounts:
- mountPath: /csi
name: socket-dir
nodeSelector: null
priorityClassName: system-cluster-critical
serviceAccountName: ebs-csi-controller-sa
tolerations:
- operator: Exists
topologySpreadConstraints:
- labelSelector:
matchLabels:
app: ebs-csi-controller
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
- labelSelector:
matchLabels:
app: ebs-csi-controller
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/name: aws-ebs-csi-driver
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
volumes:
- emptyDir: {}
name: socket-dir
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs.csi.aws.com
spec:
attachRequired: true
podInfoOnMount: false
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io
app.kubernetes.io/instance: aws-ebs-csi-driver
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: aws-ebs-csi-driver
app.kubernetes.io/version: v1.6.2
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
name: ebs-csi-controller
namespace: kube-system
spec:
maxUnavailable: 1
selector:
matchLabels:
app: ebs-csi-controller
app.kubernetes.io/instance: aws-ebs-csi-driver

31
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content
View File

@ -6,7 +6,7 @@ spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: e102ff9108d3c467a0af76145c537cca5c7e1214cb95b704063a97cc2f85092c
manifestHash: 07deb2be73150a97d3cf7f662e877771afceaf38cef66355aa3d474131183fc7
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
@ -32,6 +32,13 @@ spec:
selector:
k8s-addon: kubelet-api.rbac.addons.k8s.io
version: 9.99.0
- id: k8s-1.23
manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml
manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4
name: leader-migration.rbac.addons.k8s.io
selector:
k8s-addon: leader-migration.rbac.addons.k8s.io
version: 9.99.0
- manifest: limit-range.addons.k8s.io/v1.5.0.yaml
manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2
name: limit-range.addons.k8s.io
@ -47,15 +54,29 @@ spec:
version: 9.99.0
- id: v1.15.0
manifest: storage-aws.addons.k8s.io/v1.15.0.yaml
manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780
manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200
name: storage-aws.addons.k8s.io
selector:
k8s-addon: storage-aws.addons.k8s.io
version: 9.99.0
- id: k8s-1.16
manifest: networking.projectcalico.org/k8s-1.16.yaml
manifestHash: 7cce9988276da48e2c85f1c79a7871cd59d0ffff07048e9bc0b2a41914aaebfe
- id: k8s-1.23
manifest: networking.projectcalico.org/k8s-1.23.yaml
manifestHash: 95d65cf5c44a8fc7f7d4d6e4b2b386fa74979c81c9796be4bbea0089f1e1292e
name: networking.projectcalico.org
selector:
role.kubernetes.io/networking: "1"
version: 9.99.0
- id: k8s-1.18
manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml
manifestHash: f8fd8d170f77a75cd976d77cbd9c9773e05bea0daf79d2a61486bcecd2354070
name: aws-cloud-controller.addons.k8s.io
selector:
k8s-addon: aws-cloud-controller.addons.k8s.io
version: 9.99.0
- id: k8s-1.17
manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml
manifestHash: bd5514d9d74c87df012effac4d7c99aaea7109130857e797568d1aff9036a981
name: aws-ebs-csi-driver.addons.k8s.io
selector:
k8s-addon: aws-ebs-csi-driver.addons.k8s.io
version: 9.99.0

2
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content
View File

@ -1,7 +1,7 @@
apiVersion: v1
data:
config.yaml: |
{"cloud":"aws","configBase":"memfs://clusters.example.com/privatecalico.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.privatecalico.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
{"cloud":"aws","configBase":"memfs://clusters.example.com/privatecalico.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.privatecalico.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
kind: ConfigMap
metadata:
creationTimestamp: null

52
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content Normal file
View File

@ -0,0 +1,52 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: leader-migration.rbac.addons.k8s.io
name: system::leader-locking-migration
namespace: kube-system
rules:
- apiGroups:
- coordination.k8s.io
resourceNames:
- cloud-provider-extraction-migration
resources:
- leases
verbs:
- create
- list
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: leader-migration.rbac.addons.k8s.io
name: system::leader-locking-migration
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system::leader-locking-migration
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:kube-controller-manager
- kind: ServiceAccount
name: kube-controller-manager
namespace: kube-system
- kind: ServiceAccount
name: aws-cloud-controller-manager
namespace: kube-system
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system

262
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content → tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content
View File

@ -93,6 +93,12 @@ spec:
64512]'
format: int32
type: integer
bindMode:
description: BindMode indicates whether to listen for BGP connections
on all addresses (None) or only on the node's canonical IP address
Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
for BGP connections on all addresses.
type: string
communities:
description: Communities is a list of BGP community values and their
arbitrary names for tagging routes.
@ -123,6 +129,37 @@ spec:
description: 'LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: INFO]'
type: string
nodeMeshMaxRestartTime:
description: Time to allow for software restart for node-to-mesh peerings. When
specified, this is configured as the graceful restart timeout. When
not specified, the BIRD default of 120s is used. This field can
only be set on the default BGPConfiguration instance and requires
that NodeMesh is enabled
type: string
nodeMeshPassword:
description: Optional BGP password for full node-to-mesh peerings.
This field can only be set on the default BGPConfiguration instance
and requires that NodeMesh is enabled
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
nodeToNodeMeshEnabled:
description: 'NodeToNodeMeshEnabled sets whether full node to node
BGP mesh is enabled. [Default: true]'
@ -260,6 +297,12 @@ spec:
description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty.
type: string
numAllowedLocalASNumbers:
description: Maximum number of local AS numbers that are allowed in
the AS path for received routes. This removes BGP loop prevention
and should only be used if absolutely necesssary.
format: int32
type: integer
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
@ -807,6 +850,11 @@ spec:
description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
[Default: false]'
type: boolean
bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with
BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]'
type: string
bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local
@ -846,6 +894,51 @@ spec:
logs are emitted to the BPF trace pipe, accessible with the command
`tc exec bpf debug`. [Default: Off].'
type: string
bpfMapSizeConntrack:
description: 'BPFMapSizeConntrack sets the size for the conntrack
map. This map must be large enough to hold an entry for each active
connection. Warning: changing the size of the conntrack map can
cause disruption.'
type: integer
bpfMapSizeIPSets:
description: BPFMapSizeIPSets sets the size for ipsets map. The IP
sets map must be large enough to hold an entry for each endpoint
matched by every selector in the source/destination matches in network
policy. Selectors such as "all()" can result in large numbers of
entries (one entry per endpoint in that case).
type: integer
bpfMapSizeNATAffinity:
type: integer
bpfMapSizeNATBackend:
description: BPFMapSizeNATBackend sets the size for nat back end map.
This is the total number of endpoints. This is mostly more than
the size of the number of services.
type: integer
bpfMapSizeNATFrontend:
description: BPFMapSizeNATFrontend sets the size for nat front end
map. FrontendMap should be large enough to hold an entry for each
nodeport, external IP and each port in each service.
type: integer
bpfMapSizeRoute:
description: BPFMapSizeRoute sets the size for the routes map. The
routes map should be large enough to hold one entry per workload
and a handful of entries per host (enough to cover its own IPs and
tunnel IPs).
type: integer
bpfPSNATPorts:
anyOf:
- type: integer
- type: string
description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and
preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this
range overlaps with the operating systems. Both ends of the range
are inclusive. [Default: 20000:29999]'
pattern: ^.*
x-kubernetes-int-or-string: true
chainInsertMode:
description: 'ChainInsertMode controls whether Felix hooks the kernel''s
top-level iptables chains by inserting a rule at the top of the
@ -856,6 +949,15 @@ spec:
Calico policy will be bypassed. [Default: insert]'
type: string
dataplaneDriver:
description: DataplaneDriver filename of the external dataplane driver
to use. Only used if UseInternalDataplaneDriver is set to false.
type: string
dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]'
type: string
debugDisableLogDropping:
type: boolean
@ -884,9 +986,14 @@ spec:
routes, by default this will be RTPROT_BOOT when left blank.
type: integer
deviceRouteSourceAddress:
description: This is the source address to use on programmed device
routes. By default the source address is left blank, leaving the
kernel to choose the source address used.
description: This is the IPv4 source address to use on programmed
device routes. By default the source address is left blank, leaving
the kernel to choose the source address used.
type: string
deviceRouteSourceAddressIPv6:
description: This is the IPv6 source address to use on programmed
device routes. By default the source address is left blank, leaving
the kernel to choose the source address used.
type: string
disableConntrackInvalidCheck:
type: boolean
@ -960,6 +1067,14 @@ spec:
"true" or "false" will force the feature, empty or omitted values
are auto-detected.
type: string
floatingIPs:
default: Disabled
description: FloatingIPs configures whether or not Felix will program
floating IP addresses.
enum:
- Enabled
- Disabled
type: string
genericXDPEnabled:
description: 'GenericXDPEnabled enables Generic XDP so network cards
that don''t support XDP offload or driver modes can use XDP. This
@ -997,6 +1112,9 @@ spec:
disabled by setting the interval to 0.
type: string
ipipEnabled:
description: 'IPIPEnabled overrides whether Felix should configure
an IPIP interface on the host. Optional as Felix determines this
based on the existing IP pools. [Default: nil (unset)]'
type: boolean
ipipMTU:
description: 'IPIPMTU is the MTU to set on the tunnel device. See
@ -1063,6 +1181,8 @@ spec:
usage. [Default: 10s]'
type: string
ipv6Support:
description: IPv6Support controls whether Felix enables support for
IPv6 (if supported by the in-use dataplane).
type: boolean
kubeNodePortRanges:
description: 'KubeNodePortRanges holds list of port ranges used for
@ -1076,6 +1196,12 @@ spec:
pattern: ^.*
x-kubernetes-int-or-string: true
type: array
logDebugFilenameRegex:
description: LogDebugFilenameRegex controls which source code files
have their Debug log output included in the logs. Only logs from
files with names that match the given regular expression are included. The
filter only applies to Debug level logs.
type: string
logFilePath:
description: 'LogFilePath is the full path to the Felix log. Set to
none to disable file logging. [Default: /var/log/calico/felix.log]'
@ -1205,9 +1331,9 @@ spec:
routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
type: string
routeTableRange:
description: Calico programs additional Linux route tables for various
purposes. RouteTableRange specifies the indices of the route tables
that Calico should use.
description: Deprecated in favor of RouteTableRanges. Calico programs
additional Linux route tables for various purposes. RouteTableRange
specifies the indices of the route tables that Calico should use.
properties:
max:
type: integer
@ -1217,6 +1343,21 @@ spec:
- max
- min
type: object
routeTableRanges:
description: Calico programs additional Linux route tables for various
purposes. RouteTableRanges specifies a set of table index ranges
that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
items:
properties:
max:
type: integer
min:
type: integer
required:
- max
- min
type: object
type: array
serviceLoopPrevention:
description: 'When service IP advertisement is enabled, prevent routing
loops to service IPs that are not in use, by dropping or rejecting
@ -1244,12 +1385,22 @@ spec:
Felix makes reports. [Default: 86400s]'
type: string
useInternalDataplaneDriver:
description: UseInternalDataplaneDriver, if true, Felix will use its
internal dataplane programming logic. If false, it will launch
an external dataplane driver and communicate with it over protobuf.
type: boolean
vxlanEnabled:
description: 'VXLANEnabled overrides whether Felix should create the
VXLAN tunnel device for VXLAN networking. Optional as Felix determines
this based on the existing IP pools. [Default: nil (unset)]'
type: boolean
vxlanMTU:
description: 'VXLANMTU is the MTU to set on the tunnel device. See
Configuring MTU [Default: 1440]'
description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
device. See Configuring MTU [Default: 1410]'
type: integer
vxlanMTUV6:
description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
device. See Configuring MTU [Default: 1390]'
type: integer
vxlanPort:
type: integer
@ -1267,6 +1418,10 @@ spec:
description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]'
type: string
wireguardKeepAlive:
description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
option. Set 0 to disable. [Default: 0]'
type: string
wireguardListeningPort:
description: 'WireguardListeningPort controls the listening port used
by Wireguard. [Default: 51820]'
@ -1279,6 +1434,12 @@ spec:
description: 'WireguardRoutingRulePriority controls the priority value
to use for the Wireguard routing rule. [Default: 99]'
type: integer
workloadSourceSpoofing:
description: WorkloadSourceSpoofing controls whether pods can use
the allowedSourcePrefixes annotation to send traffic with a source
IP address that is not theirs. This is disabled by default. When
set to "Any", pods can request any prefix.
type: string
xdpEnabled:
description: 'XDPEnabled enables XDP acceleration for suitable untracked
incoming deny rules. [Default: true]'
@ -2375,13 +2536,25 @@ spec:
resource.
properties:
affinity:
description: Affinity of the block, if this block has one. If set,
it will be of the form "host:<hostname>". If not set, this block
is not affine to a host.
type: string
allocations:
description: Array of allocations in-use within this block. nil entries
mean the allocation is free. For non-nil entries at index i, the
index is the ordinal of the allocation within this block and the
value is the index of the associated attributes in the Attributes
array.
items:
nullable: true
type: integer
type: array
attributes:
description: Attributes is an array of arbitrary metadata associated
with allocations in the block. To find attributes for a given allocation,
use the value of the allocation's entry in the Allocations array
as the index of the element in this array.
items:
properties:
handle_id:
@ -2393,12 +2566,38 @@ spec:
type: object
type: array
cidr:
description: The block's CIDR.
type: string
deleted:
description: Deleted is an internal boolean used to workaround a limitation
in the Kubernetes API whereby deletion will not return a conflict
error if the block has been updated. It should not be set manually.
type: boolean
sequenceNumber:
default: 0
description: We store a sequence number that is updated each time
the block is written. Each allocation will also store the sequence
number of the block at the time of its creation. When releasing
an IP, passing the sequence number associated with the allocation
allows us to protect against a race condition and ensure the IP
hasn't been released and re-allocated since the release request.
format: int64
type: integer
sequenceNumberForAllocation:
additionalProperties:
format: int64
type: integer
description: Map of allocated ordinal within the block to sequence
number of the block at the time of allocation. Kubernetes does not
allow numerical keys for maps, so the key is cast to a string.
type: object
strictAffinity:
description: StrictAffinity on the IPAMBlock is deprecated and no
longer used by the code. Use IPAMConfig StrictAffinity instead.
type: boolean
unallocated:
description: Unallocated is an ordered list of allocations which are
free in the block.
items:
type: integer
type: array
@ -2590,13 +2789,13 @@ spec:
type: array
blockSize:
description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6.
this pool. Defaults to 26 for IPv4 and 122 for IPv6.
type: integer
cidr:
description: The pool CIDR.
type: string
disableBGPExport:
description: 'Disable exporting routes from this IP Pools CIDR over
description: 'Disable exporting routes from this IP Pool''s CIDR over
BGP. [Default: false]'
type: boolean
disabled:
@ -2663,6 +2862,8 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
@ -2823,6 +3024,11 @@ spec:
type: string
type: object
type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]'
@ -2933,6 +3139,11 @@ spec:
type: string
type: object
type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]'
@ -3894,7 +4105,6 @@ rules:
- apiGroups:
- crd.projectcalico.org
resources:
- ippools
- ipreservations
verbs:
- list
@ -3911,6 +4121,13 @@ rules:
- update
- delete
- watch
- apiGroups:
- crd.projectcalico.org
resources:
- ippools
verbs:
- list
- watch
- apiGroups:
- crd.projectcalico.org
resources:
@ -3927,8 +4144,10 @@ rules:
- clusterinformations
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- crd.projectcalico.org
resources:
@ -4243,7 +4462,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/node:v3.21.5
image: docker.io/calico/node:v3.23.0
lifecycle:
preStop:
exec:
@ -4317,7 +4536,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/cni:v3.21.5
image: docker.io/calico/cni:v3.23.0
name: upgrade-ipam
securityContext:
privileged: true
@ -4351,7 +4570,7 @@ spec:
- configMapRef:
name: kubernetes-services-endpoint
optional: true
image: docker.io/calico/cni:v3.21.5
image: docker.io/calico/cni:v3.23.0
name: install-cni
securityContext:
privileged: true
@ -4360,13 +4579,6 @@ spec:
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- image: docker.io/calico/pod2daemon-flexvol:v3.21.5
name: flexvol-driver
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/driver
name: flexvol-driver-host
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
@ -4413,10 +4625,6 @@ spec:
path: /var/run/nodeagent
type: DirectoryOrCreate
name: policysync
- hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
type: DirectoryOrCreate
name: flexvol-driver-host
updateStrategy:
rollingUpdate:
maxUnavailable: 1
@ -4470,7 +4678,7 @@ spec:
value: node
- name: DATASTORE_TYPE
value: kubernetes
image: docker.io/calico/kube-controllers:v3.21.5
image: docker.io/calico/kube-controllers:v3.23.0
livenessProbe:
exec:
command:
@ -4514,7 +4722,7 @@ metadata:
---
apiVersion: policy/v1beta1
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
creationTimestamp: null

22
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content
View File

@ -35,7 +35,7 @@ apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
storageclass.kubernetes.io/is-default-class: "false"
creationTimestamp: null
labels:
addon.kops.k8s.io/name: storage-aws.addons.k8s.io
@ -50,6 +50,26 @@ volumeBindingMode: WaitForFirstConsumer
---
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
creationTimestamp: null
labels:
addon.kops.k8s.io/name: storage-aws.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-addon: storage-aws.addons.k8s.io
name: kops-csi-1-21
parameters:
encrypted: "true"
type: gp3
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

117
tests/integration/update_cluster/privatecalico/kubernetes.tf
View File

@ -137,11 +137,6 @@ resource "aws_autoscaling_group" "bastion-privatecalico-example-com" {
propagate_at_launch = true
value = "bastion.privatecalico.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "node"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node"
propagate_at_launch = true
@ -192,21 +187,11 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-privatecalico-exampl
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "master"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers"
propagate_at_launch = true
@ -251,11 +236,6 @@ resource "aws_autoscaling_group" "nodes-privatecalico-example-com" {
propagate_at_launch = true
value = "nodes.privatecalico.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "node"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node"
propagate_at_launch = true
@ -486,7 +466,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" {
name = aws_iam_instance_profile.bastions-privatecalico-example-com.id
}
image_id = "ami-12345678"
instance_type = "t2.micro"
instance_type = "t3.micro"
key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
lifecycle {
create_before_destroy = true
@ -512,7 +492,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "bastion.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/bastion" = "1"
"kops.k8s.io/instancegroup" = "bastion"
@ -524,7 +503,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "bastion.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/bastion" = "1"
"kops.k8s.io/instancegroup" = "bastion"
@ -534,7 +512,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "bastion.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/bastion" = "1"
"kops.k8s.io/instancegroup" = "bastion"
@ -554,15 +531,11 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example-
volume_type = "gp3"
}
}
block_device_mappings {
device_name = "/dev/sdc"
virtual_name = "ephemeral0"
}
iam_instance_profile {
name = aws_iam_instance_profile.masters-privatecalico-example-com.id
}
image_id = "ami-12345678"
instance_type = "m3.medium"
instance_type = "t3.medium"
key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
lifecycle {
create_before_destroy = true
@ -571,7 +544,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example-
http_endpoint = "enabled"
http_protocol_ipv6 = "disabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
http_tokens = "required"
}
monitoring {
enabled = false
@ -589,9 +562,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example-
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "master-us-test-1a.masters.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -604,9 +575,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example-
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "master-us-test-1a.masters.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -617,9 +586,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example-
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "master-us-test-1a.masters.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = ""
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = ""
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
@ -644,7 +611,7 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" {
name = aws_iam_instance_profile.nodes-privatecalico-example-com.id
}
image_id = "ami-12345678"
instance_type = "t2.medium"
instance_type = "t3.medium"
key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
lifecycle {
create_before_destroy = true
@ -652,8 +619,8 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" {
metadata_options {
http_endpoint = "enabled"
http_protocol_ipv6 = "disabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
http_put_response_hop_limit = 3
http_tokens = "required"
}
monitoring {
enabled = false
@ -670,7 +637,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "nodes.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -682,7 +648,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "nodes.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -692,7 +657,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" {
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "nodes.privatecalico.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
@ -842,6 +806,22 @@ resource "aws_s3_object" "nodeupconfig-nodes" {
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content")
key = "clusters.example.com/privatecalico.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content")
key = "clusters.example.com/privatecalico.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-bootstrap" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content")
@ -890,6 +870,14 @@ resource "aws_s3_object" "privatecalico-example-com-addons-kubelet-api-rbac-addo
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content")
key = "clusters.example.com/privatecalico.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8s-io" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-limit-range.addons.k8s.io_content")
@ -898,10 +886,10 @@ resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8
server_side_encryption = "AES256"
}
resource "aws_s3_object" "privatecalico-example-com-addons-networking-projectcalico-org-k8s-1-16" {
resource "aws_s3_object" "privatecalico-example-com-addons-networking-projectcalico-org-k8s-1-23" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content")
key = "clusters.example.com/privatecalico.example.com/addons/networking.projectcalico.org/k8s-1.16.yaml"
content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content")
key = "clusters.example.com/privatecalico.example.com/addons/networking.projectcalico.org/k8s-1.23.yaml"
provider = aws.files
server_side_encryption = "AES256"
}
@ -987,6 +975,24 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" {
from_port = 22
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-privatecalico-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1194,9 +1200,20 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
to_port = -1
type = "ingress"
}
resource "aws_subnet" "us-test-1a-privatecalico-example-com" {
availability_zone = "us-test-1a"
cidr_block = "172.20.32.0/19"
availability_zone = "us-test-1a"
cidr_block = "172.20.32.0/19"
enable_resource_name_dns_a_record_on_launch = true
private_dns_hostname_type_on_launch = "resource-name"
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "us-test-1a.privatecalico.example.com"
@ -1208,8 +1225,10 @@ resource "aws_subnet" "us-test-1a-privatecalico-example-com" {
}
resource "aws_subnet" "utility-us-test-1a-privatecalico-example-com" {
availability_zone = "us-test-1a"
cidr_block = "172.20.4.0/22"
availability_zone = "us-test-1a"
cidr_block = "172.20.4.0/22"
enable_resource_name_dns_a_record_on_launch = true
private_dns_hostname_type_on_launch = "resource-name"
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "utility-us-test-1a.privatecalico.example.com"